OpenSSL 3.2.6

Source commit: e4b7c28d503a20a290ebcb76760b4b9d14a8e201

libs/openssl/CHANGES.md

@@ -25,6 +25,89 @@ OpenSSL Releases
 OpenSSL 3.2
 -----------
 
+### Changes between 3.2.5 and 3.2.6 [30 Sep 2025]
+
+ * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap
+
+   Issue summary: An application trying to decrypt CMS messages encrypted using
+   password based encryption can trigger an out-of-bounds read and write.
+
+   Impact summary: This out-of-bounds read may trigger a crash which leads to
+   Denial of Service for an application. The out-of-bounds write can cause
+   a memory corruption which can have various consequences including
+   a Denial of Service or Execution of attacker-supplied code.
+
+   The issue was reported by Stanislav Fort (Aisle Research).
+
+   ([CVE-2025-9230])
+
+   *Viktor Dukhovni*
+
+ * Fix Timing side-channel in SM2 algorithm on 64 bit ARM
+
+   Issue summary: A timing side-channel which could potentially allow remote
+   recovery of the private key exists in the SM2 algorithm implementation on
+   64 bit ARM platforms.
+
+   Impact summary: A timing side-channel in SM2 signature computations on
+   64 bit ARM platforms could allow recovering the private key by an attacker.
+
+   The issue was reported by Stanislav Fort (Aisle Research).
+
+   ([CVE-2025-9231])
+
+   *Stanislav Fort and Tomáš Mráz*
+
+ * Fix Out-of-bounds read in HTTP client no_proxy handling
+
+   Issue summary: An application using the OpenSSL HTTP client API functions
+   may trigger an out-of-bounds read if the "no_proxy" environment variable is
+   set and the host portion of the authority component of the HTTP URL is an
+   IPv6 address.
+
+   Impact summary: An out-of-bounds read can trigger a crash which leads to
+   Denial of Service for an application.
+
+   The issue was reported by Stanislav Fort (Aisle Research).
+
+   ([CVE-2025-9232])
+
+   *Stanislav Fort*
+
+ * Avoided a potential race condition introduced in 3.2.5, where
+   `OSSL_STORE_CTX` kept open during lookup while potentially being used
+   by multiple threads simultaneously, that could lead to potential crashes
+   when multiple concurrent TLS connections are served.
+
+   *Matt Caswell*
+
+ * Secure memory allocation calls are no longer used for HMAC keys.
+
+   *Dr Paul Dale*
+
+ * `openssl req` no longer generates certificates with an empty extension list
+   when SKID/AKID are set to `none` during generation.
+
+   *David Benjamin*
+
+ * The man page date is now derived from the release date provided
+   in `VERSION.dat` and not the current date for the released builds.
+
+   *Enji Cooper*
+
+ * Hardened the provider implementation of the RSA public key "encrypt"
+   operation to add a missing check that the caller-indicated output buffer
+   size is at least as large as the byte count of the RSA modulus.  The issue
+   was reported by Arash Ale Ebrahim from SYSPWN.
+
+   This operation is typically invoked via `EVP_PKEY_encrypt(3)`.  Callers that
+   in fact provide a sufficiently large buffer, but fail to correctly indicate
+   its size may now encounter unexpected errors.  In applications that attempt
+   RSA public encryption into a buffer that is too small, an out-of-bounds
+   write is now avoided and an error is reported instead.
+
+   *Viktor Dukhovni*
+
 ### Changes between 3.2.4 and 3.2.5 [1 Jul 2025]
 
  * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
@@ -20558,7 +20641,11 @@ ndif
 
 <!-- Links -->
 
+[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
+[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
+[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
+[CVE-2024-12797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-12797
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535

libs/openssl/Configurations/unix-Makefile.tmpl

@@ -3,6 +3,8 @@
 ##
 ## {- join("\n## ", @autowarntext) -}
 {-
+     use Time::Piece;
+
      use OpenSSL::Util;
 
      our $makedep_scheme = $config{makedep_scheme};
@@ -69,6 +71,15 @@ FIPSKEY={- $config{FIPSKEY} -}
 
 VERSION={- "$config{full_version}" -}
 VERSION_NUMBER={- "$config{version}" -}
+RELEASE_DATE={- my $t = localtime;
+		if ($config{"release_date"}) {
+			# Provide the user with a more meaningful error message
+			# than the default internal parsing error from
+			# `Time::Piece->strptime(..)`.
+			eval { $t = Time::Piece->strptime($config{"release_date"}, "%d %b %Y"); } ||
+				die "Parsing \$config{release_date} ('$config{release_date}') failed: $@";
+		}
+		$t->strftime("%Y-%m-%d") -}
 MAJOR={- $config{major} -}
 MINOR={- $config{minor} -}
 SHLIB_VERSION_NUMBER={- $config{shlib_version} -}
@@ -1584,7 +1595,8 @@ EOF
           return <<"EOF";
 $args{src}: $pod
 	pod2man --name=$name --section=$section\$(MANSUFFIX) --center=OpenSSL \\
-		--release=\$(VERSION) $pod >\$\@
+		--date=\$(RELEASE_DATE) --release=\$(VERSION) \\
+		$pod >\$\@
 EOF
       } elsif (platform->isdef($args{src})) {
           #

libs/openssl/NEWS.md

@@ -20,6 +20,22 @@ OpenSSL Releases
 OpenSSL 3.2
 -----------
 
+### Major changes between OpenSSL 3.2.5 and OpenSSL 3.2.6 [30 Sep 2025]
+
+OpenSSL 3.2.6 is a security patch release. The most severe CVE fixed in this
+release is Moderate.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fix Out-of-bounds read & write in RFC 3211 KEK Unwrap.
+    ([CVE-2025-9230])
+
+  * Fix Timing side-channel in SM2 algorithm on 64 bit ARM.
+    ([CVE-2025-9231])
+
+  * Fix Out-of-bounds read in HTTP client no_proxy handling.
+    ([CVE-2025-9232])
+
 ### Major changes between OpenSSL 3.2.4 and OpenSSL 3.2.5 [1 Jul 2025]
 
 OpenSSL 3.2.5 is a bug fix release.
@@ -1637,8 +1653,11 @@ OpenSSL 0.9.x
   * Support for various new platforms
 
 <!-- Links -->
-
+[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
+[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
+[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
 [CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
+[CVE-2024-12797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-12797
 [CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535

libs/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=2
-PATCH=5
+PATCH=6
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="1 Jul 2025"
+RELEASE_DATE="30 Sep 2025"
 SHLIB_VERSION=3

libs/openssl/apps/asn1parse.c

@@ -40,8 +40,8 @@ const OPTIONS asn1parse_options[] = {
     {"length", OPT_LENGTH, 'p', "length of section in file"},
     {"strparse", OPT_STRPARSE, 'p',
      "offset; a series of these can be used to 'dig'"},
-    {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
     {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
+    {"genstr", OPT_GENSTR, 's', "string to generate ASN1 structure from"},
     {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
     {"strictpem", OPT_STRICTPEM, 0,
      "equivalent to '-inform pem' (obsolete)"},

libs/openssl/apps/cms.c

@@ -1279,6 +1279,7 @@ int cms_main(int argc, char **argv)
             goto end;
         }
         if (ret <= 0) {
+            BIO_printf(bio_err, "Error writing CMS output\n");
             ret = 6;
             goto end;
         }

libs/openssl/apps/enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -252,6 +252,8 @@ int enc_main(int argc, char **argv)
                 goto opthelp;
             if (k)
                 n *= 1024;
+            if (n > INT_MAX)
+                goto opthelp;
             bsize = (int)n;
             break;
         case OPT_K:

libs/openssl/apps/include/apps.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -100,7 +100,6 @@ int wrap_password_callback(char *buf, int bufsiz, int verify, void *cb_data);
 /* progress callback for dsaparam, dhparam, req, genpkey, etc. */
 int progress_cb(EVP_PKEY_CTX *ctx);
 
-int chopup_args(ARGS *arg, char *buf);
 void dump_cert_text(BIO *out, X509 *x);
 void print_name(BIO *out, const char *title, const X509_NAME *nm);
 void print_bignum_var(BIO *, const BIGNUM *, const char *,

libs/openssl/apps/lib/apps.c

@@ -80,55 +80,6 @@ static int set_multi_opts(unsigned long *flags, const char *arg,
                           const NAME_EX_TBL *in_tbl);
 int app_init(long mesgwin);
 
-int chopup_args(ARGS *arg, char *buf)
-{
-    int quoted;
-    char c = '\0', *p = NULL;
-
-    arg->argc = 0;
-    if (arg->size == 0) {
-        arg->size = 20;
-        arg->argv = app_malloc(sizeof(*arg->argv) * arg->size, "argv space");
-    }
-
-    for (p = buf;;) {
-        /* Skip whitespace. */
-        while (*p && isspace(_UC(*p)))
-            p++;
-        if (*p == '\0')
-            break;
-
-        /* The start of something good :-) */
-        if (arg->argc >= arg->size) {
-            char **tmp;
-
-            arg->size += 20;
-            tmp = OPENSSL_realloc(arg->argv, sizeof(*arg->argv) * arg->size);
-            if (tmp == NULL)
-                return 0;
-            arg->argv = tmp;
-        }
-        quoted = *p == '\'' || *p == '"';
-        if (quoted)
-            c = *p++;
-        arg->argv[arg->argc++] = p;
-
-        /* now look for the end of this */
-        if (quoted) {
-            while (*p && *p != c)
-                p++;
-            *p++ = '\0';
-        } else {
-            while (*p && !isspace(_UC(*p)))
-                p++;
-            if (*p)
-                *p++ = '\0';
-        }
-    }
-    arg->argv[arg->argc] = NULL;
-    return 1;
-}
-
 #ifndef APP_INIT
 int app_init(long mesgwin)
 {

libs/openssl/apps/ocsp.c

@@ -672,7 +672,8 @@ redo_accept:
                 resp =
                     OCSP_response_create(OCSP_RESPONSE_STATUS_MALFORMEDREQUEST,
                                          NULL);
-                send_ocsp_response(cbio, resp);
+                if (resp != NULL)
+                    send_ocsp_response(cbio, resp);
             }
             goto done_resp;
         }
@@ -770,16 +771,18 @@ redo_accept:
         BIO_free(derbio);
     }
 
-    i = OCSP_response_status(resp);
-    if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
-        BIO_printf(out, "Responder Error: %s (%d)\n",
-                   OCSP_response_status_str(i), i);
-        if (!ignore_err)
+    if (resp != NULL) {
+        i = OCSP_response_status(resp);
+        if (i != OCSP_RESPONSE_STATUS_SUCCESSFUL) {
+            BIO_printf(out, "Responder Error: %s (%d)\n",
+                       OCSP_response_status_str(i), i);
+            if (!ignore_err)
                 goto end;
-    }
+        }
 
-    if (resp_text)
-        OCSP_RESPONSE_print(out, resp, 0);
+        if (resp_text)
+            OCSP_RESPONSE_print(out, resp, 0);
+    }
 
     /* If running as responder don't verify our own response */
     if (cbio != NULL) {

libs/openssl/apps/storeutl.c

@@ -334,14 +334,22 @@ int storeutl_main(int argc, char *argv[])
 static int indent_printf(int indent, BIO *bio, const char *format, ...)
 {
     va_list args;
-    int ret;
+    int ret, vret;
+
+    ret = BIO_printf(bio, "%*s", indent, "");
+    if (ret < 0)
+        return ret;
 
     va_start(args, format);
+    vret = BIO_vprintf(bio, format, args);
+    va_end(args);
 
-    ret = BIO_printf(bio, "%*s", indent, "") + BIO_vprintf(bio, format, args);
+    if (vret < 0)
+        return vret;
+    if (vret > INT_MAX - ret)
+        return INT_MAX;
 
-    va_end(args);
-    return ret;
+    return ret + vret;
 }
 
 static int process(const char *uri, const UI_METHOD *uimeth, PW_CB_DATA *uidata,

libs/openssl/crypto/aes/asm/aes-s390x.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -1431,6 +1431,9 @@ $code.=<<___ if (!$softonly);
 	st${g}	$s3,0($sp)			# backchain
 	la	%r1,$stdframe($sp)
 
+	xc	$stdframe+0(64,$sp),$stdframe+0($sp)	# clear reserved/unused
+							# in parameter block
+
 	lmg	$s2,$s3,0($key)			# copy key
 	stg	$s2,$stdframe+80($sp)
 	stg	$s3,$stdframe+88($sp)

libs/openssl/crypto/asn1/asn_mime.c

@@ -168,6 +168,19 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
             BIO_write(out, ",", 1);
         write_comma = 1;
         md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
+
+        /* RFC 8702 does not define a micalg for SHAKE, assuming "shake-<bitlen>" */
+        if (md_nid == NID_shake128) {
+            if (BIO_puts(out, "shake-128") < 0)
+                goto err;
+            continue;
+        }
+        if (md_nid == NID_shake256) {
+            if (BIO_puts(out, "shake-256") < 0)
+                goto err;
+            continue;
+        }
+
         md = EVP_get_digestbynid(md_nid);
         if (md && md->md_ctrl) {
             int rv;
@@ -204,15 +217,15 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
 
         case NID_id_GostR3411_94:
             BIO_puts(out, "gostr3411-94");
-            goto err;
+            break;
 
         case NID_id_GostR3411_2012_256:
             BIO_puts(out, "gostr3411-2012-256");
-            goto err;
+            break;
 
         case NID_id_GostR3411_2012_512:
             BIO_puts(out, "gostr3411-2012-512");
-            goto err;
+            break;
 
         default:
             if (have_unknown) {
@@ -272,7 +285,8 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
         BIO_printf(bio, "Content-Type: multipart/signed;");
         BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
         BIO_puts(bio, " micalg=\"");
-        asn1_write_micalg(bio, mdalgs);
+        if (!asn1_write_micalg(bio, mdalgs))
+            return 0;
         BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
                    bound, mime_eol, mime_eol);
         BIO_printf(bio, "This is an S/MIME signed message%s%s",

libs/openssl/crypto/bio/bss_dgram.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -464,11 +464,11 @@ static int dgram_write(BIO *b, const char *in, int inl)
     return ret;
 }
 
-static long dgram_get_mtu_overhead(bio_dgram_data *data)
+static long dgram_get_mtu_overhead(BIO_ADDR *addr)
 {
     long ret;
 
-    switch (BIO_ADDR_family(&data->peer)) {
+    switch (BIO_ADDR_family(addr)) {
     case AF_INET:
         /*
          * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
@@ -480,7 +480,8 @@ static long dgram_get_mtu_overhead(bio_dgram_data *data)
         {
 #  ifdef IN6_IS_ADDR_V4MAPPED
             struct in6_addr tmp_addr;
-            if (BIO_ADDR_rawaddress(&data->peer, &tmp_addr, NULL)
+
+            if (BIO_ADDR_rawaddress(addr, &tmp_addr, NULL)
                 && IN6_IS_ADDR_V4MAPPED(&tmp_addr))
                 /*
                  * Assume this is UDP - 20 bytes for IP, 8 bytes for UDP
@@ -666,11 +667,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                             &sockopt_len)) < 0 || sockopt_val < 0) {
                 ret = 0;
             } else {
-                /*
-                 * we assume that the transport protocol is UDP and no IP
-                 * options are used.
-                 */
-                data->mtu = sockopt_val - 8 - 20;
+                data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr);
                 ret = data->mtu;
             }
             break;
@@ -682,11 +679,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
                 || sockopt_val < 0) {
                 ret = 0;
             } else {
-                /*
-                 * we assume that the transport protocol is UDP and no IPV6
-                 * options are used.
-                 */
-                data->mtu = sockopt_val - 8 - 40;
+                data->mtu = sockopt_val - dgram_get_mtu_overhead(&addr);
                 ret = data->mtu;
             }
             break;
@@ -700,7 +693,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
 # endif
         break;
     case BIO_CTRL_DGRAM_GET_FALLBACK_MTU:
-        ret = -dgram_get_mtu_overhead(data);
+        ret = -dgram_get_mtu_overhead(&data->peer);
         switch (BIO_ADDR_family(&data->peer)) {
         case AF_INET:
             ret += 576;
@@ -956,7 +949,7 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
         }
         break;
     case BIO_CTRL_DGRAM_GET_MTU_OVERHEAD:
-        ret = dgram_get_mtu_overhead(data);
+        ret = dgram_get_mtu_overhead(&data->peer);
         break;
 
     /*

libs/openssl/crypto/bio/bss_file.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -296,7 +296,7 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
         if (fp == NULL) {
             ERR_raise_data(ERR_LIB_SYS, get_last_sys_error(),
                            "calling fopen(%s, %s)",
-                           ptr, p);
+                           (const char *)ptr, p);
             ERR_raise(ERR_LIB_BIO, ERR_R_SYS_LIB);
             ret = 0;
             break;

libs/openssl/crypto/cms/cms_pwri.c

@@ -238,7 +238,7 @@ static int kek_unwrap_key(unsigned char *out, size_t *outlen,
         /* Check byte failure */
         goto err;
     }
-    if (inlen < (size_t)(tmp[0] - 4)) {
+    if (inlen < 4 + (size_t)tmp[0]) {
         /* Invalid length value */
         goto err;
     }

libs/openssl/crypto/dh/dh_key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -267,7 +267,7 @@ static int generate_key(DH *dh)
     int ok = 0;
     int generate_new_key = 0;
 #ifndef FIPS_MODULE
-    unsigned l;
+    int l;
 #endif
     BN_CTX *ctx = NULL;
     BIGNUM *pub_key = NULL, *priv_key = NULL;
@@ -327,11 +327,13 @@ static int generate_key(DH *dh)
                 goto err;
 #else
             if (dh->params.q == NULL) {
-                /* secret exponent length, must satisfy 2^(l-1) <= p */
-                if (dh->length != 0
-                    && dh->length >= BN_num_bits(dh->params.p))
+                /* secret exponent length, must satisfy 2^l < (p-1)/2 */
+                l = BN_num_bits(dh->params.p);
+                if (dh->length >= l)
                     goto err;
-                l = dh->length ? dh->length : BN_num_bits(dh->params.p) - 1;
+                l -= 2;
+                if (dh->length != 0 && dh->length < l)
+                    l = dh->length;
                 if (!BN_priv_rand_ex(priv_key, l, BN_RAND_TOP_ONE,
                                      BN_RAND_BOTTOM_ANY, 0, ctx))
                     goto err;

libs/openssl/crypto/dh/dh_pmeth.c

@@ -408,7 +408,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
     }
     dh = (DH *)EVP_PKEY_get0_DH(ctx->pkey);
     dhpub = EVP_PKEY_get0_DH(ctx->peerkey);
-    if (dhpub == NULL) {
+    if (dhpub == NULL || dh == NULL) {
         ERR_raise(ERR_LIB_DH, DH_R_KEYS_NOT_SET);
         return 0;
     }

libs/openssl/crypto/ec/ecp_sm2p256.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -56,10 +56,6 @@ ALIGN32 static const BN_ULONG def_p[P256_LIMBS] = {
     0xffffffffffffffff, 0xffffffff00000000,
     0xffffffffffffffff, 0xfffffffeffffffff
 };
-ALIGN32 static const BN_ULONG def_ord[P256_LIMBS] = {
-    0x53bbf40939d54123, 0x7203df6b21c6052b,
-    0xffffffffffffffff, 0xfffffffeffffffff
-};
 
 ALIGN32 static const BN_ULONG ONE[P256_LIMBS] = {1, 0, 0, 0};
 
@@ -177,13 +173,6 @@ static ossl_inline void ecp_sm2p256_mod_inverse(BN_ULONG* out,
     BN_MOD_INV(out, in, ecp_sm2p256_div_by_2, ecp_sm2p256_sub, def_p);
 }
 
-/* Modular inverse mod order |out| = |in|^(-1) % |ord|. */
-static ossl_inline void ecp_sm2p256_mod_ord_inverse(BN_ULONG* out,
-                                                    const BN_ULONG* in) {
-    BN_MOD_INV(out, in, ecp_sm2p256_div_by_2_mod_ord, ecp_sm2p256_sub_mod_ord,
-               def_ord);
-}
-
 /* Point double: R <- P + P */
 static void ecp_sm2p256_point_double(P256_POINT *R, const P256_POINT *P)
 {
@@ -454,52 +443,6 @@ static int ecp_sm2p256_is_affine_G(const EC_POINT *generator)
 }
 #endif
 
-/*
- * Convert Jacobian coordinate point into affine coordinate (x,y)
- */
-static int ecp_sm2p256_get_affine(const EC_GROUP *group,
-                                  const EC_POINT *point,
-                                  BIGNUM *x, BIGNUM *y, BN_CTX *ctx)
-{
-    ALIGN32 BN_ULONG z_inv2[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG z_inv3[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG x_aff[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG y_aff[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG point_x[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG point_y[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG point_z[P256_LIMBS] = {0};
-
-    if (EC_POINT_is_at_infinity(group, point)) {
-        ECerr(ERR_LIB_EC, EC_R_POINT_AT_INFINITY);
-        return 0;
-    }
-
-    if (ecp_sm2p256_bignum_field_elem(point_x, point->X) <= 0
-        || ecp_sm2p256_bignum_field_elem(point_y, point->Y) <= 0
-        || ecp_sm2p256_bignum_field_elem(point_z, point->Z) <= 0) {
-        ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
-        return 0;
-    }
-
-    ecp_sm2p256_mod_inverse(z_inv3, point_z);
-    ecp_sm2p256_sqr(z_inv2, z_inv3);
-
-    if (x != NULL) {
-        ecp_sm2p256_mul(x_aff, point_x, z_inv2);
-        if (!bn_set_words(x, x_aff, P256_LIMBS))
-            return 0;
-    }
-
-    if (y != NULL) {
-        ecp_sm2p256_mul(z_inv3, z_inv3, z_inv2);
-        ecp_sm2p256_mul(y_aff, point_y, z_inv3);
-        if (!bn_set_words(y, y_aff, P256_LIMBS))
-            return 0;
-    }
-
-    return 1;
-}
-
 /* r = sum(scalar[i]*point[i]) */
 static int ecp_sm2p256_windowed_mul(const EC_GROUP *group,
                                     P256_POINT *r,
@@ -689,44 +632,6 @@ static int ecp_sm2p256_field_sqr(const EC_GROUP *group, BIGNUM *r,
     return 1;
 }
 
-static int ecp_sm2p256_inv_mod_ord(const EC_GROUP *group, BIGNUM *r,
-                                             const BIGNUM *x, BN_CTX *ctx)
-{
-    int ret = 0;
-    ALIGN32 BN_ULONG t[P256_LIMBS] = {0};
-    ALIGN32 BN_ULONG out[P256_LIMBS] = {0};
-
-    if (bn_wexpand(r, P256_LIMBS) == NULL) {
-        ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
-        goto err;
-    }
-
-    if ((BN_num_bits(x) > 256) || BN_is_negative(x)) {
-        BIGNUM *tmp;
-
-        if ((tmp = BN_CTX_get(ctx)) == NULL
-            || !BN_nnmod(tmp, x, group->order, ctx)) {
-            ECerr(ERR_LIB_EC, ERR_R_BN_LIB);
-            goto err;
-        }
-        x = tmp;
-    }
-
-    if (!ecp_sm2p256_bignum_field_elem(t, x)) {
-        ECerr(ERR_LIB_EC, EC_R_COORDINATES_OUT_OF_RANGE);
-        goto err;
-    }
-
-    ecp_sm2p256_mod_ord_inverse(out, t);
-
-    if (!bn_set_words(r, out, P256_LIMBS))
-        goto err;
-
-    ret = 1;
-err:
-    return ret;
-}
-
 const EC_METHOD *EC_GFp_sm2p256_method(void)
 {
     static const EC_METHOD ret = {
@@ -747,7 +652,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
         ossl_ec_GFp_simple_point_copy,
         ossl_ec_GFp_simple_point_set_to_infinity,
         ossl_ec_GFp_simple_point_set_affine_coordinates,
-        ecp_sm2p256_get_affine,
+        ossl_ec_GFp_simple_point_get_affine_coordinates,
         0, 0, 0,
         ossl_ec_GFp_simple_add,
         ossl_ec_GFp_simple_dbl,
@@ -763,7 +668,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
         ecp_sm2p256_field_mul,
         ecp_sm2p256_field_sqr,
         0 /* field_div */,
-        0 /* field_inv */,
+        ossl_ec_GFp_simple_field_inv,
         0 /* field_encode */,
         0 /* field_decode */,
         0 /* field_set_to_one */,
@@ -779,7 +684,7 @@ const EC_METHOD *EC_GFp_sm2p256_method(void)
         ossl_ecdsa_simple_sign_setup,
         ossl_ecdsa_simple_sign_sig,
         ossl_ecdsa_simple_verify_sig,
-        ecp_sm2p256_inv_mod_ord,
+        0, /* use constant‑time fallback for inverse mod order */
         0, /* blind_coordinates */
         0, /* ladder_pre */
         0, /* ladder_step */

libs/openssl/crypto/evp/bio_ok.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -556,7 +556,7 @@ static int block_in(BIO *b)
 {
     BIO_OK_CTX *ctx;
     EVP_MD_CTX *md;
-    unsigned long tl = 0;
+    size_t tl = 0;
     unsigned char tmp[EVP_MAX_MD_SIZE];
     int md_size;
 
@@ -567,15 +567,18 @@ static int block_in(BIO *b)
         goto berr;
 
     assert(sizeof(tl) >= OK_BLOCK_BLOCK); /* always true */
-    tl = ctx->buf[0];
-    tl <<= 8;
-    tl |= ctx->buf[1];
-    tl <<= 8;
-    tl |= ctx->buf[2];
-    tl <<= 8;
-    tl |= ctx->buf[3];
-
-    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + md_size)
+    tl = ((size_t)ctx->buf[0] << 24)
+           | ((size_t)ctx->buf[1] << 16)
+           | ((size_t)ctx->buf[2] << 8)
+           | ((size_t)ctx->buf[3]);
+
+    if (tl > OK_BLOCK_SIZE)
+        goto berr;
+
+    if (tl > SIZE_MAX - OK_BLOCK_BLOCK - (size_t)md_size)
+        goto berr;
+
+    if (ctx->buf_len < tl + OK_BLOCK_BLOCK + (size_t)md_size)
         return 1;
 
     if (!EVP_DigestUpdate(md,
@@ -583,7 +586,7 @@ static int block_in(BIO *b)
         goto berr;
     if (!EVP_DigestFinal_ex(md, tmp, NULL))
         goto berr;
-    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, md_size) == 0) {
+    if (memcmp(&(ctx->buf[tl + OK_BLOCK_BLOCK]), tmp, (size_t)md_size) == 0) {
         /* there might be parts from next block lurking around ! */
         ctx->buf_off_save = tl + OK_BLOCK_BLOCK + md_size;
         ctx->buf_len_save = ctx->buf_len;

libs/openssl/crypto/evp/ctrl_params_translate.c

@@ -1353,7 +1353,7 @@ static int fix_rsa_padding_mode(enum state state,
         if (i == OSSL_NELEM(str_value_map)) {
             ERR_raise_data(ERR_LIB_RSA, RSA_R_UNKNOWN_PADDING_TYPE,
                            "[action:%d, state:%d] padding name %s",
-                           ctx->action_type, state, ctx->p1);
+                           ctx->action_type, state, (const char *)ctx->p2);
             ctx->p1 = ret = -2;
         } else if (state == POST_CTRL_TO_PARAMS) {
             /* EVP_PKEY_CTRL_GET_RSA_PADDING weirdness explained further up */

libs/openssl/crypto/evp/p_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1103,15 +1103,14 @@ int EVP_PKEY_can_sign(const EVP_PKEY *pkey)
     } else {
         const OSSL_PROVIDER *prov = EVP_KEYMGMT_get0_provider(pkey->keymgmt);
         OSSL_LIB_CTX *libctx = ossl_provider_libctx(prov);
-        const char *supported_sig =
-            pkey->keymgmt->query_operation_name != NULL
-            ? pkey->keymgmt->query_operation_name(OSSL_OP_SIGNATURE)
-            : EVP_KEYMGMT_get0_name(pkey->keymgmt);
-        EVP_SIGNATURE *signature = NULL;
-
-        signature = EVP_SIGNATURE_fetch(libctx, supported_sig, NULL);
-        if (signature != NULL) {
-            EVP_SIGNATURE_free(signature);
+        EVP_SIGNATURE *sig;
+        const char *name;
+
+        name = evp_keymgmt_util_query_operation_name(pkey->keymgmt,
+                                                     OSSL_OP_SIGNATURE);
+        sig = EVP_SIGNATURE_fetch(libctx, name, NULL);
+        if (sig != NULL) {
+            EVP_SIGNATURE_free(sig);
             return 1;
         }
     }

libs/openssl/crypto/evp/p_seal.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -55,6 +55,7 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
 
     for (i = 0; i < npubk; i++) {
         size_t keylen = len;
+        size_t outlen = EVP_PKEY_get_size(pubk[i]);
 
         pctx = EVP_PKEY_CTX_new_from_pkey(libctx, pubk[i], NULL);
         if (pctx == NULL) {
@@ -63,9 +64,9 @@ int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
         }
 
         if (EVP_PKEY_encrypt_init(pctx) <= 0
-            || EVP_PKEY_encrypt(pctx, ek[i], &keylen, key, keylen) <= 0)
+            || EVP_PKEY_encrypt(pctx, ek[i], &outlen, key, keylen) <= 0)
             goto err;
-        ekl[i] = (int)keylen;
+        ekl[i] = (int)outlen;
         EVP_PKEY_CTX_free(pctx);
     }
     pctx = NULL;

libs/openssl/crypto/http/http_lib.c

@@ -267,6 +267,7 @@ static int use_proxy(const char *no_proxy, const char *server)
         /* strip leading '[' and trailing ']' from escaped IPv6 address */
         sl -= 2;
         strncpy(host, server + 1, sl);
+        host[sl] = '\0';
         server = host;
     }
 

libs/openssl/crypto/info.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -18,6 +18,9 @@
 #if defined(__arm__) || defined(__arm) || defined(__aarch64__)
 # include "arm_arch.h"
 # define CPU_INFO_STR_LEN 128
+#elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC)
+# include "crypto/ppc_arch.h"
+# define CPU_INFO_STR_LEN 128
 #elif defined(__s390__) || defined(__s390x__)
 # include "s390x_arch.h"
 # define CPU_INFO_STR_LEN 2048
@@ -62,6 +65,15 @@ DEFINE_RUN_ONCE_STATIC(init_info_strings)
         BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
                      sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
                      " env:%s", env);
+# elif defined(__powerpc__) || defined(__POWERPC__) || defined(_ARCH_PPC)
+    const char *env;
+
+    BIO_snprintf(ossl_cpu_info_str, sizeof(ossl_cpu_info_str),
+                 CPUINFO_PREFIX "OPENSSL_ppccap=0x%x", OPENSSL_ppccap_P);
+    if ((env = getenv("OPENSSL_ppccap")) != NULL)
+        BIO_snprintf(ossl_cpu_info_str + strlen(ossl_cpu_info_str),
+                     sizeof(ossl_cpu_info_str) - strlen(ossl_cpu_info_str),
+                     " env:%s", env);
 # elif defined(__s390__) || defined(__s390x__)
     const char *env;
 

libs/openssl/crypto/modes/siv128.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -202,9 +202,12 @@ int ossl_siv128_init(SIV128_CONTEXT *ctx, const unsigned char *key, int klen,
             || !EVP_MAC_final(mac_ctx, ctx->d.byte, &out_len,
                               sizeof(ctx->d.byte))) {
         EVP_CIPHER_CTX_free(ctx->cipher_ctx);
+        ctx->cipher_ctx = NULL;
         EVP_MAC_CTX_free(ctx->mac_ctx_init);
+        ctx->mac_ctx_init = NULL;
         EVP_MAC_CTX_free(mac_ctx);
         EVP_MAC_free(ctx->mac);
+        ctx->mac = NULL;
         return 0;
     }
     EVP_MAC_CTX_free(mac_ctx);

libs/openssl/crypto/pkcs7/pk7_doit.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -324,8 +324,11 @@ BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio)
                 if (xalg->parameter == NULL)
                     goto err;
             }
-            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0)
+            if (EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) <= 0) {
+                ASN1_TYPE_free(xalg->parameter);
+                xalg->parameter = NULL;
                 goto err;
+            }
         }
 
         /* Lets do the pub key stuff :-) */

libs/openssl/crypto/property/property_parse.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -642,7 +642,7 @@ static void put_str(const char *str, char **buf, size_t *remain, size_t *needed)
         }
 
     quotes = quote != '\0';
-    if (*remain == 0) {
+    if (*remain <= (size_t)quotes) {
         *needed += 2 * quotes;
         return;
     }

libs/openssl/crypto/rand/randfile.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -167,6 +167,10 @@ int RAND_load_file(const char *file, long bytes)
         /* If given a bytecount, and we did it, break. */
         if (bytes > 0 && (bytes -= i) <= 0)
             break;
+
+        /* We can hit a signed integer overflow on the next iteration */
+        if (ret > INT_MAX - RAND_LOAD_BUF_SIZE)
+            break;
     }
 
     OPENSSL_cleanse(buf, sizeof(buf));

libs/openssl/crypto/rsa/rsa_pmeth.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -221,7 +221,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
                 return -1;
             ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, rsa,
                                      RSA_X931_PADDING);
-            if (ret < 1)
+            if (ret <= 0)
                 return 0;
             ret--;
             if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_get_type(rctx->md))) {
@@ -248,7 +248,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
     } else {
         ret = RSA_public_decrypt(siglen, sig, rout, rsa, rctx->pad_mode);
     }
-    if (ret < 0)
+    if (ret <= 0)
         return ret;
     *routlen = ret;
     return 1;
@@ -300,7 +300,7 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
             return -1;
         rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
                                    rsa, rctx->pad_mode);
-        if (rslen == 0)
+        if (rslen <= 0)
             return 0;
     }
 

libs/openssl/crypto/sleep.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -9,12 +9,14 @@
 
 #include <openssl/crypto.h>
 #include "internal/e_os.h"
+#include "internal/time.h"
 
 /* system-specific variants defining OSSL_sleep() */
-#if defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)
-#include <unistd.h>
+#if (defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__)) \
+    && !defined(OPENSSL_USE_SLEEP_BUSYLOOP)
+# include <unistd.h>
 
-void OSSL_sleep(uint64_t millis)
+static void ossl_sleep_millis(uint64_t millis)
 {
 # ifdef OPENSSL_SYS_VXWORKS
     struct timespec ts;
@@ -38,7 +40,7 @@ void OSSL_sleep(uint64_t millis)
 #elif defined(_WIN32) && !defined(OPENSSL_SYS_UEFI)
 # include <windows.h>
 
-void OSSL_sleep(uint64_t millis)
+static void ossl_sleep_millis(uint64_t millis)
 {
     /*
      * Windows' Sleep() takes a DWORD argument, which is smaller than
@@ -53,7 +55,7 @@ void OSSL_sleep(uint64_t millis)
 
 #else
 /* Fallback to a busy wait */
-# include "internal/time.h"
+# define USE_SLEEP_SECS
 
 static void ossl_sleep_secs(uint64_t secs)
 {
@@ -77,10 +79,28 @@ static void ossl_sleep_millis(uint64_t millis)
     while (ossl_time_compare(ossl_time_now(), finish) < 0)
         /* busy wait */ ;
 }
+#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */
 
 void OSSL_sleep(uint64_t millis)
 {
-    ossl_sleep_secs(millis / 1000);
-    ossl_sleep_millis(millis % 1000);
+    OSSL_TIME now = ossl_time_now();
+    OSSL_TIME finish = ossl_time_add(now, ossl_ms2time(millis));
+    uint64_t left = millis;
+
+#if defined(USE_SLEEP_SECS)
+    do {
+        ossl_sleep_secs(left / 1000);
+        now = ossl_time_now();
+        left = ossl_time2ms(ossl_time_subtract(finish, now));
+    } while (ossl_time_compare(now, finish) < 0 && left > 1000);
+
+    if (ossl_time_compare(now, finish) >= 0)
+        return;
+#endif
+
+    do {
+        ossl_sleep_millis(left);
+        now = ossl_time_now();
+        left = ossl_time2ms(ossl_time_subtract(finish, now));
+    } while (ossl_time_compare(now, finish) < 0);
 }
-#endif /* defined(OPENSSL_SYS_UNIX) || defined(__DJGPP__) */

libs/openssl/crypto/sm2/sm2_sign.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2017 Ribose Inc. All Rights Reserved.
  * Ported from Ribose contributions from Botan.
  *
@@ -220,6 +220,10 @@ static ECDSA_SIG *sm2_sig_gen(const EC_KEY *key, const BIGNUM *e)
     BIGNUM *tmp = NULL;
     OSSL_LIB_CTX *libctx = ossl_ec_key_get_libctx(key);
 
+    if (dA == NULL) {
+        ERR_raise(ERR_LIB_SM2, SM2_R_INVALID_PRIVATE_KEY);
+        goto done;
+    }
     kG = EC_POINT_new(group);
     if (kG == NULL) {
         ERR_raise(ERR_LIB_SM2, ERR_R_EC_LIB);

libs/openssl/crypto/store/store_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -428,12 +428,6 @@ OSSL_STORE_INFO *OSSL_STORE_load(OSSL_STORE_CTX *ctx)
     if (ctx->loader != NULL)
         OSSL_TRACE(STORE, "Loading next object\n");
 
-    if (ctx->cached_info != NULL
-        && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
-        sk_OSSL_STORE_INFO_free(ctx->cached_info);
-        ctx->cached_info = NULL;
-    }
-
     if (ctx->cached_info != NULL) {
         v = sk_OSSL_STORE_INFO_shift(ctx->cached_info);
     } else {
@@ -556,14 +550,23 @@ int OSSL_STORE_error(OSSL_STORE_CTX *ctx)
 
 int OSSL_STORE_eof(OSSL_STORE_CTX *ctx)
 {
-    int ret = 1;
+    int ret = 0;
 
-    if (ctx->fetched_loader != NULL)
-        ret = ctx->loader->p_eof(ctx->loader_ctx);
+    if (ctx->cached_info != NULL
+        && sk_OSSL_STORE_INFO_num(ctx->cached_info) == 0) {
+        sk_OSSL_STORE_INFO_free(ctx->cached_info);
+        ctx->cached_info = NULL;
+    }
+
+    if (ctx->cached_info == NULL) {
+        ret = 1;
+        if (ctx->fetched_loader != NULL)
+            ret = ctx->loader->p_eof(ctx->loader_ctx);
 #ifndef OPENSSL_NO_DEPRECATED_3_0
-    if (ctx->fetched_loader == NULL)
-        ret = ctx->loader->eof(ctx->loader_ctx);
+        if (ctx->fetched_loader == NULL)
+            ret = ctx->loader->eof(ctx->loader_ctx);
 #endif
+    }
     return ret != 0;
 }
 

libs/openssl/crypto/threads_pthread.c

@@ -38,7 +38,13 @@
 
 # include <assert.h>
 
-# ifdef PTHREAD_RWLOCK_INITIALIZER
+/*
+ * The Non-Stop KLT thread model currently seems broken in its rwlock
+ * implementation
+ * Likewise is there a problem with the glibc implementation on riscv.
+ */
+# if defined(PTHREAD_RWLOCK_INITIALIZER) && !defined(_KLT_MODEL_) \
+                                         && !defined(__riscv)
 #  define USE_RWLOCK
 # endif
 

libs/openssl/crypto/x509/by_store.c

@@ -17,7 +17,6 @@ typedef struct cached_store_st {
     char *uri;
     OSSL_LIB_CTX *libctx;
     char *propq;
-    OSSL_STORE_CTX *ctx;
 } CACHED_STORE;
 
 DEFINE_STACK_OF(CACHED_STORE)
@@ -27,14 +26,12 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
                          const OSSL_STORE_SEARCH *criterion, int depth)
 {
     int ok = 0;
-    OSSL_STORE_CTX *ctx = store->ctx;
+    OSSL_STORE_CTX *ctx;
     X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
 
-    if (ctx == NULL
-        && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
-                                     NULL, NULL, NULL, NULL, NULL)) == NULL)
+    if ((ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
+                                  NULL, NULL, NULL, NULL, NULL)) == NULL)
         return 0;
-    store->ctx = ctx;
 
     /*
      * We try to set the criterion, but don't care if it was valid or not.
@@ -79,7 +76,6 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
                 substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
                 substore.libctx = store->libctx;
                 substore.propq = store->propq;
-                substore.ctx = NULL;
                 ok = cache_objects(lctx, &substore, criterion, depth - 1);
             }
         } else {
@@ -105,7 +101,6 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
             break;
     }
     OSSL_STORE_close(ctx);
-    store->ctx = NULL;
 
     return ok;
 }
@@ -114,7 +109,6 @@ static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
 static void free_store(CACHED_STORE *store)
 {
     if (store != NULL) {
-        OSSL_STORE_close(store->ctx);
         OPENSSL_free(store->uri);
         OPENSSL_free(store->propq);
         OPENSSL_free(store);
@@ -149,6 +143,7 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
         {
             STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
             CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
+            OSSL_STORE_CTX *sctx;
 
             if (store == NULL) {
                 return 0;
@@ -158,14 +153,20 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
             store->libctx = libctx;
             if (propq != NULL)
                 store->propq = OPENSSL_strdup(propq);
-            store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
-                                           NULL, NULL, NULL);
-            if (store->ctx == NULL
+            /*
+             * We open this to check for errors now - so we can report those
+             * errors early.
+             */
+            sctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
+                                      NULL, NULL, NULL);
+            if (sctx == NULL
                 || (propq != NULL && store->propq == NULL)
                 || store->uri == NULL) {
+                OSSL_STORE_close(sctx);
                 free_store(store);
                 return use_default;
             }
+            OSSL_STORE_close(sctx);
 
             if (stores == NULL) {
                 stores = sk_CACHED_STORE_new_null();
@@ -185,7 +186,6 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
         store.uri = (char *)argp;
         store.libctx = libctx;
         store.propq = (char *)propq;
-        store.ctx = NULL;
         return cache_objects(ctx, &store, NULL, 0);
     }
     default:
@@ -231,8 +231,14 @@ static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
 
     OSSL_STORE_SEARCH_free(criterion);
 
-    if (ok)
+    if (ok) {
+        X509_STORE *store = X509_LOOKUP_get_store(ctx);
+
+        if (!ossl_x509_store_read_lock(store))
+            return 0;
         tmp = X509_OBJECT_retrieve_by_subject(store_objects, type, name);
+        X509_STORE_unlock(store);
+    }
 
     ok = 0;
     if (tmp != NULL) {

libs/openssl/crypto/x509/t_req.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,7 +40,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
     long l;
     int i;
     EVP_PKEY *pkey;
-    STACK_OF(X509_EXTENSION) *exts;
+    STACK_OF(X509_EXTENSION) *exts = NULL;
     char mlch = ' ';
     int nmindent = 0, printok = 0;
 
@@ -191,6 +191,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
                     goto err;
             }
             sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+            exts = NULL;
         }
     }
 
@@ -204,6 +205,7 @@ int X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
 
     return 1;
  err:
+    sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
     ERR_raise(ERR_LIB_X509, ERR_R_BUF_LIB);
     return 0;
 }

libs/openssl/crypto/x509/t_x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -247,7 +247,8 @@ int X509_ocspid_print(BIO *bp, X509 *x)
         goto err;
     if ((der = dertmp = OPENSSL_malloc(derlen)) == NULL)
         goto err;
-    i2d_X509_NAME(subj, &dertmp);
+    if (i2d_X509_NAME(subj, &dertmp) < 0)
+        goto err;
 
     md = EVP_MD_fetch(x->libctx, SN_sha1, x->propq);
     if (md == NULL)

libs/openssl/crypto/x509/x509_ext.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,9 +42,21 @@ X509_EXTENSION *X509_CRL_get_ext(const X509_CRL *x, int loc)
     return X509v3_get_ext(x->crl.extensions, loc);
 }
 
+static X509_EXTENSION *delete_ext(STACK_OF(X509_EXTENSION) **sk, int loc)
+{
+    X509_EXTENSION *ret = X509v3_delete_ext(*sk, loc);
+
+    /* Empty extension lists are omitted. */
+    if (*sk != NULL && sk_X509_EXTENSION_num(*sk) == 0) {
+        sk_X509_EXTENSION_pop_free(*sk, X509_EXTENSION_free);
+        *sk = NULL;
+    }
+    return ret;
+}
+
 X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc)
 {
-    return X509v3_delete_ext(x->crl.extensions, loc);
+    return delete_ext(&x->crl.extensions, loc);
 }
 
 void *X509_CRL_get_ext_d2i(const X509_CRL *x, int nid, int *crit, int *idx)
@@ -91,7 +103,7 @@ X509_EXTENSION *X509_get_ext(const X509 *x, int loc)
 
 X509_EXTENSION *X509_delete_ext(X509 *x, int loc)
 {
-    return X509v3_delete_ext(x->cert_info.extensions, loc);
+    return delete_ext(&x->cert_info.extensions, loc);
 }
 
 int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc)
@@ -139,7 +151,7 @@ X509_EXTENSION *X509_REVOKED_get_ext(const X509_REVOKED *x, int loc)
 
 X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc)
 {
-    return X509v3_delete_ext(x->extensions, loc);
+    return delete_ext(&x->extensions, loc);
 }
 
 int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc)

libs/openssl/crypto/x509/x509_local.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -157,3 +157,4 @@ DEFINE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
 
 int ossl_x509_likely_issued(X509 *issuer, X509 *subject);
 int ossl_x509_signing_allowed(const X509 *issuer, const X509 *subject);
+int ossl_x509_store_read_lock(X509_STORE *xs);

libs/openssl/crypto/x509/x509_lu.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,7 +44,7 @@ int X509_STORE_lock(X509_STORE *xs)
     return CRYPTO_THREAD_write_lock(xs->lock);
 }
 
-static int x509_store_read_lock(X509_STORE *xs)
+int ossl_x509_store_read_lock(X509_STORE *xs)
 {
     return CRYPTO_THREAD_read_lock(xs->lock);
 }
@@ -333,7 +333,7 @@ static int ossl_x509_store_ctx_get_by_subject(const X509_STORE_CTX *ctx,
     stmp.type = X509_LU_NONE;
     stmp.data.ptr = NULL;
 
-    if (!x509_store_read_lock(store))
+    if (!ossl_x509_store_read_lock(store))
         return 0;
     /* Should already be sorted...but just in case */
     if (!sk_X509_OBJECT_is_sorted(store->objs)) {
@@ -408,7 +408,6 @@ static int x509_store_add(X509_STORE *store, void *x, int crl)
     }
 
     if (!X509_STORE_lock(store)) {
-        obj->type = X509_LU_NONE;
         X509_OBJECT_free(obj);
         return 0;
     }

libs/openssl/crypto/x509/x509_vpm.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -629,6 +629,11 @@ const X509_VERIFY_PARAM *X509_VERIFY_PARAM_get0(int id)
 {
     int num = OSSL_NELEM(default_table);
 
+    if (id < 0) {
+        ERR_raise(ERR_LIB_X509, ERR_R_PASSED_INVALID_ARGUMENT);
+        return NULL;
+    }
+
     if (id < num)
         return default_table + id;
     return sk_X509_VERIFY_PARAM_value(param_table, id - num);

libs/openssl/demos/bio/saccept.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -49,7 +49,8 @@ int main(int argc, char *argv[])
 {
     char *port = NULL;
     BIO *in = NULL;
-    BIO *ssl_bio, *tmp;
+    BIO *ssl_bio = NULL;
+    BIO *tmp;
     SSL_CTX *ctx;
     char buf[512];
     int ret = EXIT_FAILURE, i;
@@ -79,6 +80,7 @@ int main(int argc, char *argv[])
      * Basically it means the SSL BIO will be automatically setup
      */
     BIO_set_accept_bios(in, ssl_bio);
+    ssl_bio = NULL;
 
     /* Arrange to leave server loop on interrupt */
     sigsetup();
@@ -117,5 +119,6 @@ int main(int argc, char *argv[])
     if (ret != EXIT_SUCCESS)
         ERR_print_errors_fp(stderr);
     BIO_free(in);
+    BIO_free_all(ssl_bio);
     return ret;
 }

libs/openssl/demos/bio/server-arg.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,7 +23,8 @@
 int main(int argc, char *argv[])
 {
     char *port = "*:4433";
-    BIO *ssl_bio, *tmp;
+    BIO *ssl_bio = NULL;
+    BIO *tmp;
     SSL_CTX *ctx;
     SSL_CONF_CTX *cctx;
     char buf[512];
@@ -105,6 +106,7 @@ int main(int argc, char *argv[])
      * Basically it means the SSL BIO will be automatically setup
      */
     BIO_set_accept_bios(in, ssl_bio);
+    ssl_bio = NULL;
 
  again:
     /*
@@ -140,5 +142,6 @@ int main(int argc, char *argv[])
     if (ret != EXIT_SUCCESS)
         ERR_print_errors_fp(stderr);
     BIO_free(in);
+    BIO_free_all(ssl_bio);
     return ret;
 }

libs/openssl/demos/bio/server-cmod.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,7 +24,8 @@ int main(int argc, char *argv[])
     unsigned char buf[512];
     char *port = "*:4433";
     BIO *in = NULL;
-    BIO *ssl_bio, *tmp;
+    BIO *ssl_bio = NULL;
+    BIO *tmp;
     SSL_CTX *ctx;
     int ret = EXIT_FAILURE, i;
 
@@ -52,6 +53,7 @@ int main(int argc, char *argv[])
      * Basically it means the SSL BIO will be automatically setup
      */
     BIO_set_accept_bios(in, ssl_bio);
+    ssl_bio = NULL;
 
  again:
     /*
@@ -90,5 +92,6 @@ int main(int argc, char *argv[])
     if (ret != EXIT_SUCCESS)
         ERR_print_errors_fp(stderr);
     BIO_free(in);
+    BIO_free_all(ssl_bio);
     return ret;
 }

libs/openssl/demos/bio/server-conf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2013-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,8 @@ int main(int argc, char *argv[])
 {
     char *port = "*:4433";
     BIO *in = NULL;
-    BIO *ssl_bio, *tmp;
+    BIO *ssl_bio = NULL;
+    BIO *tmp;
     SSL_CTX *ctx;
     SSL_CONF_CTX *cctx = NULL;
     CONF *conf = NULL;
@@ -97,6 +98,7 @@ int main(int argc, char *argv[])
      * Basically it means the SSL BIO will be automatically setup
      */
     BIO_set_accept_bios(in, ssl_bio);
+    ssl_bio = NULL;
 
  again:
     /*
@@ -135,5 +137,6 @@ int main(int argc, char *argv[])
     if (ret != EXIT_SUCCESS)
         ERR_print_errors_fp(stderr);
     BIO_free(in);
+    BIO_free_all(ssl_bio);
     return ret;
 }

libs/openssl/demos/cms/cms_ddec.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,7 +57,7 @@ int main(int argc, char **argv)
     /* Open file containing detached content */
     dcont = BIO_new_file("smencr.out", "rb");
 
-    if (!in)
+    if (dcont == NULL)
         goto err;
 
     out = BIO_new_file("encrout.txt", "w");

libs/openssl/demos/cms/cms_denc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,7 +57,7 @@ int main(int argc, char **argv)
 
     dout = BIO_new_file("smencr.out", "wb");
 
-    if (!in)
+    if (in == NULL || dout == NULL)
         goto err;
 
     /* encrypt content */

libs/openssl/demos/pkey/EVP_PKEY_RSA_keygen.c

@@ -1,5 +1,5 @@
 /*-
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -254,7 +254,7 @@ int main(int argc, char **argv)
 
     if (argc > 1) {
         bits_i = atoi(argv[1]);
-        if (bits < 512) {
+        if (bits_i < 512) {
             fprintf(stderr, "Invalid RSA key size\n");
             return EXIT_FAILURE;
         }

libs/openssl/doc/man1/openssl-enc.pod.in

@@ -191,9 +191,12 @@ Print out the key and IV used.
 Print out the key and IV used then immediately exit: don't do any encryption
 or decryption.
 
-=item B<-bufsize> I<number>
+=item B<-bufsize> I<number>[B<k>]
 
 Set the buffer size for I/O.
+The maximum size that can be specified is B<2^31-1> (2147483647) bytes.
+The B<k> suffix can be specified to indicate that I<number> is provided
+in kibibytes (multiples of 1024 bytes).
 
 =item B<-nopad>
 
@@ -262,7 +265,7 @@ Some of the ciphers do not have large keys and others have security
 implications if not used correctly. A beginner is advised to just use
 a strong block cipher, such as AES, in CBC mode.
 
-All the block ciphers normally use PKCS#5 padding, also known as standard
+All the block ciphers normally use PKCS#7 padding, also known as standard
 block padding. This allows a rudimentary integrity or password check to
 be performed. However, since the chance of random data passing the test
 is better than 1 in 256 it isn't a very good test.
@@ -489,7 +492,7 @@ The B<-saltlen> option was added in OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/BN_generate_prime.pod

@@ -130,7 +130,7 @@ or all the tests passed.
 If B<p> passes all these tests, it is considered a probable prime.
 
 The test performed on B<p> are trial division by a number of small primes
-and rounds of the of the Miller-Rabin probabilistic primality test.
+and rounds of the Miller-Rabin probabilistic primality test.
 
 The functions do at least 64 rounds of the Miller-Rabin test giving a maximum
 false positive rate of 2^-128.
@@ -148,7 +148,7 @@ and BN_is_prime_fasttest() are deprecated.
 
 BN_is_prime_fasttest() and BN_is_prime() behave just like
 BN_is_prime_fasttest_ex() and BN_is_prime_ex() respectively, but with the old
-style call back.
+style callback.
 
 B<ctx> is a preallocated B<BN_CTX> (to save the overhead of allocating and
 freeing the structure in a loop), or B<NULL>.
@@ -246,7 +246,7 @@ BN_check_prime() was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/DEFINE_STACK_OF.pod

@@ -170,15 +170,14 @@ B<sk_I<TYPE>_set>() sets element I<idx> of I<sk> to I<ptr> replacing the current
 element. The new element value is returned or NULL if an error occurred:
 this will only happen if I<sk> is NULL or I<idx> is out of range.
 
-B<sk_I<TYPE>_find>() searches I<sk> for the element I<ptr>.  In the case
-where no comparison function has been specified, the function performs
-a linear search for a pointer equal to I<ptr>. The index of the first
-matching element is returned or B<-1> if there is no match. In the case
-where a comparison function has been specified, I<sk> is sorted and
-B<sk_I<TYPE>_find>() returns the index of a matching element or B<-1> if there
-is no match. Note that, in this case the comparison function will usually
-compare the values pointed to rather than the pointers themselves and
-the order of elements in I<sk> can change.
+B<sk_I<TYPE>_find>() searches I<sk> for the element I<ptr>. In the
+case where no comparison function has been specified, the function
+performs a linear search for a pointer equal to I<ptr>. In the case
+where a comparison function has been specified, the function performs
+a search for a element that the comparison function indicates is a
+match. If the stack is sorted, a binary search is used, otherwise, a
+linear search is used. B<sk_I<TYPE>_find>() returns the index of a
+matching element or B<-1> if there is no match.
 
 B<sk_I<TYPE>_find_ex>() operates like B<sk_I<TYPE>_find>() except when a
 comparison function has been specified and no matching element is found.
@@ -299,7 +298,7 @@ B<sk_I<TYPE>_sort>() should be called before these find operations.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_EncryptInit.pod

@@ -758,7 +758,7 @@ See also EVP_CIPHER_CTX_get_key_length() and EVP_CIPHER_CTX_set_key_length().
 =item "tag" (B<OSSL_CIPHER_PARAM_AEAD_TAG>) <octet string>
 
 Gets or sets the AEAD tag for the associated cipher context I<ctx>.
-See L<EVP_EncryptInit(3)/AEAD Interface>.
+See L<EVP_EncryptInit(3)/AEAD INTERFACE>.
 
 =item "keybits" (B<OSSL_CIPHER_PARAM_RC2_KEYBITS>) <unsigned integer>
 
@@ -1802,7 +1802,7 @@ EVP_CIPHER_CTX_dup() was added in OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_PKEY_new.pod

@@ -168,7 +168,19 @@ general private key without reference to any particular algorithm.
 The structure returned by EVP_PKEY_new() is empty. To add a private or public
 key to this empty structure use the appropriate functions described in
 L<EVP_PKEY_set1_RSA(3)>, L<EVP_PKEY_set1_DSA(3)>, L<EVP_PKEY_set1_DH(3)> or
-L<EVP_PKEY_set1_EC_KEY(3)>.
+L<EVP_PKEY_set1_EC_KEY(3)> for legacy key types implemented in internal
+OpenSSL providers.
+
+For fully provider-managed key types (see L<provider-keymgmt(7)>),
+possibly implemented in external providers, use functions such as
+L<EVP_PKEY_set1_encoded_public_key(3)> or L<EVP_PKEY_fromdata(3)>
+to populate key data.
+
+Generally caution is advised for using an B<EVP_PKEY> structure across
+different library contexts: In order for an B<EVP_PKEY> to be shared by
+multiple library contexts the providers associated with the library contexts
+must have key managers that support the key type and implement the
+OSSL_FUNC_keymgmt_import() and OSSL_FUNC_keymgmt_export() functions.
 
 =head1 RETURN VALUES
 
@@ -210,7 +222,7 @@ previously implied to be disallowed.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_aes_128_gcm.pod

@@ -127,7 +127,7 @@ EVP_aes_256_ocb()
 
 AES for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM), Galois Counter Mode
 (GCM) and OCB Mode respectively. These ciphers require additional control
-operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD Interface>
+operations to function correctly, see the L<EVP_EncryptInit(3)/AEAD INTERFACE>
 section for details.
 
 =item EVP_aes_128_wrap(),
@@ -184,7 +184,7 @@ L<EVP_CIPHER_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_aria_128_gcm.pod

@@ -88,7 +88,7 @@ EVP_aria_256_gcm(),
 
 ARIA for 128, 192 and 256 bit keys in CBC-MAC Mode (CCM) and Galois Counter
 Mode (GCM). These ciphers require additional control operations to function
-correctly, see the L<EVP_EncryptInit(3)/AEAD Interface> section for details.
+correctly, see the L<EVP_EncryptInit(3)/AEAD INTERFACE> section for details.
 
 =back
 
@@ -113,7 +113,7 @@ L<EVP_CIPHER_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_chacha20.pod

@@ -36,7 +36,7 @@ With an initial counter of 42 (2a in hex) would be expressed as:
 Authenticated encryption with ChaCha20-Poly1305. Like EVP_chacha20(), the key
 is 256 bits and the IV is 96 bits. This supports additional authenticated data
 (AAD) and produces a 128-bit authentication tag. See the
-L<EVP_EncryptInit(3)/AEAD Interface> section for more information.
+L<EVP_EncryptInit(3)/AEAD INTERFACE> section for more information.
 
 =back
 
@@ -64,7 +64,7 @@ L<EVP_CIPHER_meth_new(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OPENSSL_secure_malloc.pod

@@ -45,7 +45,12 @@ the program's dynamic memory area, where keys and other sensitive
 information might be stored, OpenSSL supports the concept of a "secure heap."
 The level and type of security guarantees depend on the operating system.
 It is a good idea to review the code and see if it addresses your
-threat model and concerns.
+threat model and concerns. It should be noted that the secure heap
+uses a single read/write lock, and therefore any operations
+that involve allocation or freeing of secure heap memory are serialised,
+blocking other threads. With that in mind, highly concurrent applications
+should enable the secure heap with caution and be aware of the performance
+implications for multi-threaded code.
 
 If a secure heap is used, then private key B<BIGNUM> values are stored there.
 This protects long-term storage of private keys, but will not necessarily
@@ -135,7 +140,7 @@ a B<size_t> in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OpenSSL_version.pod

@@ -238,9 +238,16 @@ L<crypto(7)>
 The macros and functions described here were added in OpenSSL 3.0,
 except for OPENSSL_VERSION_NUMBER and OpenSSL_version_num().
 
+=head1 BUGS
+
+There was a discrepancy between this manual and commentary + code
+in F<< <openssl/opensslv.h> >>, where the latter suggested that the
+four least significant bits of B<OPENSSL_VERSION_NUMBER> could be
+C<0x0f> in released OpenSSL versions.
+
 =head1 COPYRIGHT
 
-Copyright 2018-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/PEM_read_CMS.pod

@@ -84,9 +84,9 @@ see L<openssl_user_macros(7)>:
 
 =head1 DESCRIPTION
 
-All of the functions described on this page are deprecated.
-Applications should use OSSL_ENCODER_to_bio() and OSSL_DECODER_from_bio()
-instead.
+To replace the deprecated functions listed above, applications should use the
+B<EVP_PKEY> type and OSSL_DECODER_from_bio() and OSSL_ENCODER_to_bio() to
+read and write PEM data containing key parameters or private and public keys.
 
 In the description below, B<I<TYPE>> is used
 as a placeholder for any of the OpenSSL datatypes, such as B<X509>.
@@ -142,7 +142,7 @@ were deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 1998-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/RAND_load_file.pod

@@ -19,7 +19,11 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file
 RAND_load_file() reads a number of bytes from file B<filename> and
 adds them to the PRNG. If B<max_bytes> is nonnegative,
 up to B<max_bytes> are read;
-if B<max_bytes> is -1, the complete file is read.
+if B<max_bytes> is -1, the complete file is read (unless the file
+is not a regular file, in that case a fixed number of bytes,
+256 in the current implementation, is attempted to be read).
+RAND_load_file() can read less than the complete file or the requested number
+of bytes if it doesn't fit in the return value type.
 Do not load the same file multiple times unless its contents have
 been updated by RAND_write_file() between reads.
 Also, note that B<filename> should be adequately protected so that an
@@ -77,7 +81,7 @@ L<RAND(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CIPHER_get_name.pod

@@ -37,7 +37,7 @@ SSL_CIPHER_get_protocol_id
  int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
  const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
  uint32_t SSL_CIPHER_get_id(const SSL_CIPHER *c);
- uint32_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
+ uint16_t SSL_CIPHER_get_protocol_id(const SSL_CIPHER *c);
 
 =head1 DESCRIPTION
 
@@ -203,7 +203,7 @@ The OPENSSL_cipher_name() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set_tmp_dh_callback.pod

@@ -58,9 +58,11 @@ the actual key is newly generated during the negotiation.
 Typically applications should use well known DH parameters that have built-in
 support in OpenSSL. The macros SSL_CTX_set_dh_auto() and SSL_set_dh_auto()
 configure OpenSSL to use the default built-in DH parameters for the B<SSL_CTX>
-and B<SSL> objects respectively. Passing a value of 1 in the I<onoff> parameter
-switches the feature on, and passing a value of 0 switches it off. The default
-setting is off.
+and B<SSL> objects respectively. Passing a value of 2 or 1 in the I<onoff>
+parameter switches it on. If the I<onoff> parameter is set to 2, it will force
+the DH key size to 1024 if the B<SSL_CTX> or B<SSL> security level
+L<SSL_CTX_set_security_level(3)> is 0 or 1. Passing a value of 0 switches
+it off. The default setting is off.
 
 If "auto" DH parameters are switched on then the parameters will be selected to
 be consistent with the size of the key associated with the server's certificate.
@@ -112,7 +114,7 @@ L<openssl-ciphers(1)>, L<openssl-dhparam(1)>
 
 =head1 COPYRIGHT
 
-Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_SESSION_get0_hostname.pod

@@ -23,9 +23,10 @@ SSL_SESSION_set1_alpn_selected
 
 =head1 DESCRIPTION
 
-SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
-client when the session was created if it was accepted by the server. Otherwise
-NULL is returned.
+SSL_SESSION_get0_hostname() retrieves the Server Name Indication (SNI) value
+that was sent by the client when the session was created if the server
+acknowledged the client's SNI extension by including an empty SNI extension
+in response. Otherwise NULL is returned.
 
 The value returned is a pointer to memory maintained within B<s> and
 should not be free'd.
@@ -44,8 +45,7 @@ B<alpn>.
 
 =head1 RETURN VALUES
 
-SSL_SESSION_get0_hostname() returns either a string or NULL based on if there
-is the SNI value sent by client.
+SSL_SESSION_get0_hostname() returns the SNI string if available, or NULL if not.
 
 SSL_SESSION_set1_hostname() returns 1 on success or 0 on error.
 

libs/openssl/doc/man3/d2i_X509.pod

@@ -500,8 +500,9 @@ freed in the event of error and I<*a> is set to NULL.
 B<i2d_I<TYPE>>() returns the number of bytes successfully encoded or a negative
 value if an error occurs.
 
-B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>() return 1 for success and 0 if an
-error occurs.
+B<i2d_I<TYPE>_bio>() and B<i2d_I<TYPE>_fp>(),
+as well as i2d_ASN1_bio_stream(),
+return 1 for success and 0 if an error occurs.
 
 =head1 EXAMPLES
 
@@ -617,7 +618,7 @@ efficiency reasons.
 
 =head1 COPYRIGHT
 
-Copyright 1998-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/EVP_PKEY-DSA.pod

@@ -104,7 +104,7 @@ The following sections of FIPS186-4:
 =head1 SEE ALSO
 
 L<EVP_PKEY-FFC(7)>,
-L<EVP_SIGNATURE-DSA(7)>
+L<EVP_SIGNATURE-DSA(7)>,
 L<EVP_PKEY(3)>,
 L<provider-keymgmt(7)>,
 L<EVP_KEYMGMT(3)>,
@@ -113,7 +113,7 @@ L<OSSL_PROVIDER-FIPS(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/EVP_PKEY-FFC.pod

@@ -213,7 +213,7 @@ The following sections of FIPS186-4:
 L<EVP_PKEY-DSA(7)>,
 L<EVP_PKEY-DH(7)>,
 L<EVP_SIGNATURE-DSA(7)>,
-L<EVP_KEYEXCH-DH(7)>
+L<EVP_KEYEXCH-DH(7)>,
 L<EVP_KEYMGMT(3)>,
 L<EVP_PKEY(3)>,
 L<provider-keymgmt(7)>,
@@ -222,7 +222,7 @@ L<OSSL_PROVIDER-FIPS(7)>,
 
 =head1 COPYRIGHT
 
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/include/internal/quic_ackm.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -24,7 +24,7 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg),
                          void *now_arg,
                          OSSL_STATM *statm,
                          const OSSL_CC_METHOD *cc_method,
-                         OSSL_CC_DATA *cc_data);
+                         OSSL_CC_DATA *cc_data, int is_server);
 void ossl_ackm_free(OSSL_ACKM *ackm);
 
 void ossl_ackm_set_loss_detection_deadline_callback(OSSL_ACKM *ackm,

libs/openssl/include/openssl/crypto.h.in

@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -321,9 +321,9 @@ void CRYPTO_get_mem_functions(CRYPTO_malloc_fn *malloc_fn,
 
 OSSL_CRYPTO_ALLOC void *CRYPTO_malloc(size_t num, const char *file, int line);
 OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line);
-OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
-OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line);
-OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
+void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line);
+char *CRYPTO_strdup(const char *str, const char *file, int line);
+char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line);
 void CRYPTO_free(void *ptr, const char *file, int line);
 void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line);
 void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line);

libs/openssl/include/openssl/opensslv.h.in

@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,17 +89,12 @@ extern "C" {
 
 # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}"
 
-/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */
-# ifdef OPENSSL_VERSION_PRE_RELEASE
-#  define _OPENSSL_VERSION_PRE_RELEASE 0x0L
-# else
-#  define _OPENSSL_VERSION_PRE_RELEASE 0xfL
-# endif
+/* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PP0L */
 # define OPENSSL_VERSION_NUMBER          \
     ( (OPENSSL_VERSION_MAJOR<<28)        \
       |(OPENSSL_VERSION_MINOR<<20)       \
       |(OPENSSL_VERSION_PATCH<<4)        \
-      |_OPENSSL_VERSION_PRE_RELEASE )
+      |0x0L )
 
 # ifdef  __cplusplus
 }

libs/openssl/include/openssl/pem.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -57,6 +57,7 @@ extern "C" {
 # define PEM_STRING_ECPRIVATEKEY "EC PRIVATE KEY"
 # define PEM_STRING_PARAMETERS   "PARAMETERS"
 # define PEM_STRING_CMS          "CMS"
+# define PEM_STRING_SM2PRIVATEKEY "SM2 PRIVATE KEY"
 # define PEM_STRING_SM2PARAMETERS "SM2 PARAMETERS"
 
 # define PEM_TYPE_ENCRYPTED      10

libs/openssl/providers/fips-sources.checksums

@@ -13,7 +13,7 @@ f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b  crypto/aes/asm
 538ce0e80698d773c9419a9ca8892d61bc5b3cd1b071c5fc5f315d7f5573e96d  crypto/aes/asm/aes-riscv32-zkn.pl
 b5cdd6858b1eff7d17b29b78ac8c4a7642c0a74710f8b50821a6265328845aaf  crypto/aes/asm/aes-riscv64-zkn.pl
 f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52  crypto/aes/asm/aes-riscv64.pl
-ecbfe826f4c514810c3ee20e265f4f621149694c298554b2682e5de4f029f14f  crypto/aes/asm/aes-s390x.pl
+290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33  crypto/aes/asm/aes-s390x.pl
 ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1  crypto/aes/asm/aes-sparcv9.pl
 2b3b9ac56bf54334d053857a24bdb08592151e8a7a60b89b8195846b7f8ee7b5  crypto/aes/asm/aes-x86_64.pl
 c56c324667b67d726e040d70379efba5b270e2937f403c1b5979018b836903c7  crypto/aes/asm/aesfx-sparcv9.pl
@@ -277,7 +277,7 @@ c27b8c1659274be74e2d6e9fd76980df499d1331c0c2d51f41b3ad547ba88d59  crypto/ppccap.
 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7  crypto/property/defn_cache.c
 4d4cb530114b4f9dac78a3f7b14196ac9fce17ef1071338ad8e03eccac0815da  crypto/property/property.c
 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26  crypto/property/property_local.h
-0a84d66734df7515a6de2b8da744a398f11b977f8479076090e67357fa0eb51d  crypto/property/property_parse.c
+1f8e79b68b6721e7e58f748c57714f81d3540e4f78e06ffd236b48a07586652b  crypto/property/property_parse.c
 a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3  crypto/property/property_query.c
 20e69b9d594dfc443075eddbb0e6bcc0ed36ca51993cd50cc5a4f86eb31127f8  crypto/property/property_string.c
 5844196864db30e773fe555a679435614f5d6a6d22442c54fa10dea4c87628bd  crypto/provider_core.c
@@ -369,7 +369,7 @@ a00e16963e1e2a0126c6a8e62da8a14f98de9736027654c925925dadd0ca3cc1  crypto/thread/
 27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c  crypto/thread/internal.c
 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a  crypto/threads_lib.c
 9aeb0b9539712e5b800e04050e040f269b8503599d63bf8a7894028a8e3783bb  crypto/threads_none.c
-0f8b4135a417cfd8e33d05209bb416d840f6bc2415a106b6c465b112ba731c92  crypto/threads_pthread.c
+fcc0270597460a0e1a585bfecc167a0e4b90d0d517e1affe325c48e61a5b479f  crypto/threads_pthread.c
 75a3f01643b40320bcde80bf4c0c99a3c3782591fc3e4de88b04ddfcfcfd09e0  crypto/threads_win.c
 8b45f948303045d8f753858b1b892e3da13bebe1bdac500db91fbb54a0ac07da  crypto/time.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
@@ -453,7 +453,7 @@ bb45de4eafdd89c14096e9af9b0aee12b09adcee43b9313a3a373294dec99142  include/openss
 28c6f0ede39c821dcf4abeeb4e41972038ebb3e3c9d0a43ffdf28edb559470e1  include/openssl/core.h
 103829e44499eafa29da9ff6b5dfc91cf8d121997397ccfdfc5834c0478f4627  include/openssl/core_dispatch.h
 8b4027cf19ce2a7cbad506cde61552123818b6eae62d5fbdae34e9f68660e6f8  include/openssl/core_names.h.in
-371413ef13841f1245a225c8ec1cec463629c42bfc33254f979d2a8672112f9a  include/openssl/crypto.h.in
+734be7705d4ff76e8abafaebd1e24911156f3e63b938d973654506df48b83a43  include/openssl/crypto.h.in
 2f9570c2514b4d1b2a86fbdf30ced879e5c52e62f1d3691cb3da37ce4f6a98dd  include/openssl/cryptoerr.h
 bbc82260cbcadd406091f39b9e3b5ea63146d9a4822623ead16fa12c43ab9fc6  include/openssl/cryptoerr_legacy.h
 83af275af84cf88c4e420030a9ea07c38d1887009c8f471874ed1458a4b1cda7  include/openssl/decoder.h
@@ -483,7 +483,7 @@ faab8accc9520269dd874126ae164a43526d5784e6280521c7ab3772c02b0a0c  include/openss
 157797b450215f973eb10be96a04e58048ab9c131ad29427e80d0e37e230ed98  include/openssl/objects.h
 d25537af264684dff033dd8ae62b0348f868fcfec4aa51fa8f07bcfa4bd807ad  include/openssl/objectserr.h
 fe6acd42c3e90db31aaafc2236a7d30ebfa53c4c07ea4d8265064c7fcb951970  include/openssl/opensslconf.h
-1bf52d136e94f727a96651c1f48ad040482f35dae152519ccd585efd410b92f0  include/openssl/opensslv.h.in
+6c1a8837bbba633db2a8951ff29ccfe09e7d2a24a37ee2af90f2d897c190da9a  include/openssl/opensslv.h.in
 767d9d7d5051c937a3ce8a268c702902fda93eeaa210a94dfde1f45c23277d20  include/openssl/param_build.h
 30085f4d1b4934bb25ffe7aa9a30859966318a1b4d4dcea937c426e90e6e1984  include/openssl/params.h
 ed785c451189aa5f7299f9f32a841e7f25b67c4ee937c8de8491a39240f5bd9d  include/openssl/prov_ssl.h
@@ -542,7 +542,7 @@ abd5997bc33b681a4ab275978b92aebca0806a4a3f0c2f41dacf11b3b6f4e101  providers/fips
 f822a03138e8b83ccaa910b89d72f31691da6778bf6638181f993ec7ae1167e3  providers/fips/self_test.h
 5f99d767ecb87f536d031afb28cd26198dd479eca285591d7af9a78ce642d14b  providers/fips/self_test_data.inc
 47b5e2649e7b37178c2c6236c8503bf87fabfe2b7cc5ecee69a5ed4780decb92  providers/fips/self_test_kats.c
-9088379971217bcdc3d599a5b253f5c6d1d2f420f0486e3e279c70156ba995ba  providers/implementations/asymciphers/rsa_enc.c
+f5ed29081e7fd2cb3d114eb3e2eda56c941ea6d61ea694ef912840219aa5ef09  providers/implementations/asymciphers/rsa_enc.c
 c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879  providers/implementations/ciphers/cipher_aes.c
 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6  providers/implementations/ciphers/cipher_aes.h
 20494fb9eb9f0578a3a574e0c6406108cfb28d7895a1891d57b3238420ec4f7b  providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.c
@@ -622,7 +622,7 @@ d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb  providers/impl
 9034a66a4bae1a15e127a5eca94bcec2ecaa971b205e945fcf7fba6b6bb8e47d  providers/implementations/keymgmt/rsa_kmgmt.c
 f2fc18af21f11b0e0ff9895f8b438caab4808256eaa680728b5e50736cc2c4b1  providers/implementations/macs/cmac_prov.c
 f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da  providers/implementations/macs/gmac_prov.c
-47065d5f3460bedc344376754debec56d0e83b8cab94018db77f899c403115bd  providers/implementations/macs/hmac_prov.c
+46ddd3ad5bd7cc1afbf773acefc19a757f1e14f2f1ba43c097b1889060bf7329  providers/implementations/macs/hmac_prov.c
 16f3dc42faceb235d7c4a495b9be7e8476094482de6ff421ab514390898154fd  providers/implementations/macs/kmac_prov.c
 3034074f99b02db045f2ccecc8782322e876dad07a3c169bdb24168b6b1f8cbd  providers/implementations/rands/crngt.c
 fcf5c044bbb92de1119759ead558ada3dfdf75db4874bd3bd0db1b46cb931190  providers/implementations/rands/drbg.c
@@ -635,6 +635,6 @@ a9aa31d091df5b8f6710dd36761dfe7d32b6da1881f8581bed85ad4e171b0969  providers/impl
 66486eb25c13b2e1f71d754043a2ee3fcdd722a55724d74498a632a6dc9f7c2b  providers/implementations/signature/ecdsa_sig.c
 26dbd28678268ea63819c58276f435bafce3562cf6dcffacd363afe451c0235c  providers/implementations/signature/eddsa_sig.c
 e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4  providers/implementations/signature/mac_legacy_sig.c
-90c6ecba4a453b9af73844a25da30637f84f904bb27adc20d5cb3afb89262fa2  providers/implementations/signature/rsa_sig.c
+e436f10d11c450ed190f6920e11dd14806d868b73c6f2b3f93d7f4a1d9972b16  providers/implementations/signature/rsa_sig.c
 0b73a04f8a03106e2a0fea10978f9888158046c29c3993ca6557f5a6403d5580  ssl/record/methods/ssl3_cbc.c
 a8914c1661c53bcb0f435ec280c35c5a135e6c71296554c7322186847e194683  ssl/record/methods/tls_pad.c

libs/openssl/providers/fips.checksum

@@ -1 +1 @@
-8bce8273258a44e4a5042b7c2bbfdf92486276d268712412f18aacd3d4d090a0  providers/fips-sources.checksums
+04b49227257f222ee21be9c659da78aa5f5cfd62bd8148bc73e3c492f6e2a647  providers/fips-sources.checksums

libs/openssl/providers/implementations/asymciphers/rsa_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -139,22 +139,27 @@ static int rsa_encrypt(void *vprsactx, unsigned char *out, size_t *outlen,
                        size_t outsize, const unsigned char *in, size_t inlen)
 {
     PROV_RSA_CTX *prsactx = (PROV_RSA_CTX *)vprsactx;
+    size_t len = RSA_size(prsactx->rsa);
     int ret;
 
     if (!ossl_prov_is_running())
         return 0;
 
-    if (out == NULL) {
-        size_t len = RSA_size(prsactx->rsa);
+    if (len == 0) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
+        return 0;
+    }
 
-        if (len == 0) {
-            ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
-            return 0;
-        }
+    if (out == NULL) {
         *outlen = len;
         return 1;
     }
 
+    if (outsize < len) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
+        return 0;
+    }
+
     if (prsactx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
         int rsasize = RSA_size(prsactx->rsa);
         unsigned char *tbuf;

libs/openssl/providers/implementations/encode_decode/decode_pem2der.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -119,6 +119,7 @@ static int pem2der_decode(void *vctx, OSSL_CORE_BIO *cin, int selection,
         { PEM_STRING_DSAPARAMS, OSSL_OBJECT_PKEY, "DSA", "type-specific" },
         { PEM_STRING_ECPRIVATEKEY, OSSL_OBJECT_PKEY, "EC", "type-specific" },
         { PEM_STRING_ECPARAMETERS, OSSL_OBJECT_PKEY, "EC", "type-specific" },
+        { PEM_STRING_SM2PRIVATEKEY, OSSL_OBJECT_PKEY, "SM2", "type-specific" },
         { PEM_STRING_SM2PARAMETERS, OSSL_OBJECT_PKEY, "SM2", "type-specific" },
         { PEM_STRING_RSA, OSSL_OBJECT_PKEY, "RSA", "type-specific" },
         { PEM_STRING_RSA_PUBLIC, OSSL_OBJECT_PKEY, "RSA", "type-specific" },

libs/openssl/providers/implementations/kdfs/krb5kdf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -350,7 +350,7 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
 {
     int klen, ret;
 
-    ret = EVP_EncryptInit_ex(ctx, cipher, engine, key, NULL);
+    ret = EVP_EncryptInit_ex(ctx, cipher, engine, NULL, NULL);
     if (!ret)
         goto out;
     /* set the key len for the odd variable key len cipher */
@@ -362,6 +362,9 @@ static int cipher_init(EVP_CIPHER_CTX *ctx,
             goto out;
         }
     }
+    ret = EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL);
+    if (!ret)
+        goto out;
     /* we never want padding, either the length requested is a multiple of
      * the cipher block size or we are passed a cipher that can cope with
      * partial blocks via techniques like cipher text stealing */

libs/openssl/providers/implementations/macs/hmac_prov.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -85,7 +85,7 @@ static void hmac_free(void *vmacctx)
     if (macctx != NULL) {
         HMAC_CTX_free(macctx->ctx);
         ossl_prov_digest_reset(&macctx->digest);
-        OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
+        OPENSSL_clear_free(macctx->key, macctx->keylen);
         OPENSSL_free(macctx);
     }
 }
@@ -114,13 +114,13 @@ static void *hmac_dup(void *vsrc)
         return NULL;
     }
     if (src->key != NULL) {
-        /* There is no "secure" OPENSSL_memdup */
-        dst->key = OPENSSL_secure_malloc(src->keylen > 0 ? src->keylen : 1);
+        dst->key = OPENSSL_malloc(src->keylen > 0 ? src->keylen : 1);
         if (dst->key == NULL) {
             hmac_free(dst);
             return 0;
         }
-        memcpy(dst->key, src->key, src->keylen);
+        if (src->keylen > 0)
+            memcpy(dst->key, src->key, src->keylen);
     }
     return dst;
 }
@@ -145,12 +145,14 @@ static int hmac_setkey(struct hmac_data_st *macctx,
     const EVP_MD *digest;
 
     if (macctx->key != NULL)
-        OPENSSL_secure_clear_free(macctx->key, macctx->keylen);
+        OPENSSL_clear_free(macctx->key, macctx->keylen);
     /* Keep a copy of the key in case we need it for TLS HMAC */
-    macctx->key = OPENSSL_secure_malloc(keylen > 0 ? keylen : 1);
+    macctx->key = OPENSSL_malloc(keylen > 0 ? keylen : 1);
     if (macctx->key == NULL)
         return 0;
-    memcpy(macctx->key, key, keylen);
+
+    if (keylen > 0)
+        memcpy(macctx->key, key, keylen);
     macctx->keylen = keylen;
 
     digest = ossl_prov_digest_md(&macctx->digest);

libs/openssl/providers/implementations/signature/rsa_sig.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -718,7 +718,7 @@ static int rsa_verify_recover(void *vprsactx,
                 return 0;
             ret = RSA_public_decrypt(siglen, sig, prsactx->tbuf, prsactx->rsa,
                                      RSA_X931_PADDING);
-            if (ret < 1) {
+            if (ret <= 0) {
                 ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
                 return 0;
             }
@@ -768,7 +768,7 @@ static int rsa_verify_recover(void *vprsactx,
     } else {
         ret = RSA_public_decrypt(siglen, sig, rout, prsactx->rsa,
                                  prsactx->pad_mode);
-        if (ret < 0) {
+        if (ret <= 0) {
             ERR_raise(ERR_LIB_PROV, ERR_R_RSA_LIB);
             return 0;
         }

libs/openssl/ssl/d1_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -861,7 +861,7 @@ int dtls1_shutdown(SSL *s)
     BIO *wbio;
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
-    if (s == NULL)
+    if (sc == NULL)
         return -1;
 
     wbio = SSL_get_wbio(s);

libs/openssl/ssl/quic/quic_ackm.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -536,6 +536,9 @@ struct ossl_ackm_st {
     /* Set to 1 when the handshake is confirmed. */
     char            handshake_confirmed;
 
+    /* Set to 1 when attached to server channel */
+    char            is_server;
+
     /* Set to 1 when the peer has completed address validation. */
     char            peer_completed_addr_validation;
 
@@ -855,7 +858,13 @@ static OSSL_TIME ackm_get_pto_time_and_space(OSSL_ACKM *ackm, int *space)
     }
 
     for (i = QUIC_PN_SPACE_INITIAL; i < QUIC_PN_SPACE_NUM; ++i) {
-        if (ackm->ack_eliciting_bytes_in_flight[i] == 0)
+        /*
+         * RFC 9002 section 6.2.2.1 keep probe timeout armed until
+         * handshake is confirmed (client sees HANDSHAKE_DONE message
+         * from server).
+         */
+        if (ackm->ack_eliciting_bytes_in_flight[i] == 0 &&
+            (ackm->handshake_confirmed == 1 || ackm->is_server == 1))
             continue;
 
         if (i == QUIC_PN_SPACE_APP) {
@@ -875,10 +884,18 @@ static OSSL_TIME ackm_get_pto_time_and_space(OSSL_ACKM *ackm, int *space)
             }
         }
 
-        t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration);
-        if (ossl_time_compare(t, pto_timeout) < 0) {
-            pto_timeout = t;
-            pto_space   = i;
+        /*
+         * Only re-arm timer if stack has sent at least one ACK eliciting frame.
+         * If stack has sent no ACK eliciting frame at given encryption level then
+         * particular timer is zero and we must not attempt to set it. Timer keeps
+         * time since epoch (Jan 1 1970) and we must not set timer to past.
+         */
+        if (!ossl_time_is_zero(ackm->time_of_last_ack_eliciting_pkt[i])) {
+            t = ossl_time_add(ackm->time_of_last_ack_eliciting_pkt[i], duration);
+            if (ossl_time_compare(t, pto_timeout) < 0) {
+                pto_timeout = t;
+                pto_space   = i;
+            }
         }
     }
 
@@ -1021,7 +1038,8 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg),
                          void *now_arg,
                          OSSL_STATM *statm,
                          const OSSL_CC_METHOD *cc_method,
-                         OSSL_CC_DATA *cc_data)
+                         OSSL_CC_DATA *cc_data,
+                         int is_server)
 {
     OSSL_ACKM *ackm;
     int i;
@@ -1045,6 +1063,7 @@ OSSL_ACKM *ossl_ackm_new(OSSL_TIME (*now)(void *arg),
     ackm->statm     = statm;
     ackm->cc_method = cc_method;
     ackm->cc_data   = cc_data;
+    ackm->is_server = (char)is_server;
 
     ackm->rx_max_ack_delay = ossl_ms2time(QUIC_DEFAULT_MAX_ACK_DELAY);
     ackm->tx_max_ack_delay = DEFAULT_TX_MAX_ACK_DELAY;

libs/openssl/ssl/quic/quic_channel.c

@@ -347,7 +347,8 @@ static int ch_init(QUIC_CHANNEL *ch)
         goto err;
 
     if ((ch->ackm = ossl_ackm_new(get_time, ch, &ch->statm,
-                                  ch->cc_method, ch->cc_data)) == NULL)
+                                  ch->cc_method, ch->cc_data,
+                                  ch->is_server)) == NULL)
         goto err;
 
     if (!ossl_quic_stream_map_init(&ch->qsm, get_stream_limit, ch,

libs/openssl/ssl/quic/quic_impl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2880,6 +2880,7 @@ int ossl_quic_conn_stream_conclude(SSL *s)
     QCTX ctx;
     QUIC_STREAM *qs;
     int err;
+    int ret;
 
     if (!expect_quic_with_stream_lock(s, /*remote_init=*/0, /*io=*/0, &ctx))
         return 0;
@@ -2887,13 +2888,15 @@ int ossl_quic_conn_stream_conclude(SSL *s)
     qs = ctx.xso->stream;
 
     if (!quic_mutation_allowed(ctx.qc, /*req_active=*/1)) {
+        ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
         quic_unlock(ctx.qc);
-        return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, SSL_R_PROTOCOL_IS_SHUTDOWN, NULL);
+        return ret;
     }
 
     if (!quic_validate_for_write(ctx.xso, &err)) {
+        ret = QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
         quic_unlock(ctx.qc);
-        return QUIC_RAISE_NON_NORMAL_ERROR(&ctx, err, NULL);
+        return ret;
     }
 
     if (ossl_quic_sstream_get_final_size(qs->sstream, NULL)) {

libs/openssl/ssl/quic/quic_record_tx.c

@@ -261,12 +261,12 @@ static TXE *qtx_resize_txe(OSSL_QTX *qtx, TXE_LIST *txl, TXE *txe, size_t n)
      * data.
      */
     txe2 = OPENSSL_realloc(txe, sizeof(TXE) + n);
-    if (txe2 == NULL || txe == txe2) {
+    if (txe2 == NULL) {
         if (p == NULL)
             ossl_list_txe_insert_head(txl, txe);
         else
             ossl_list_txe_insert_after(txl, p, txe);
-        return txe2;
+        return NULL;
     }
 
     if (p == NULL)

libs/openssl/ssl/quic/quic_rx_depack.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1412,16 +1412,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)
     OSSL_ACKM_RX_PKT ackm_data;
     uint32_t enc_level;
 
-    /*
-     * ok has three states:
-     * -1 error with ackm_data uninitialized
-     *  0 error with ackm_data initialized
-     *  1 success (ackm_data initialized)
-     */
-    int ok = -1;                  /* Assume the worst */
-
     if (ch == NULL)
-        goto end;
+        return 0;
 
     ch->did_crypto_frame = 0;
 
@@ -1439,9 +1431,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)
          * Retry and Version Negotiation packets should not be passed to this
          * function.
          */
-        goto end;
+        return 0;
 
-    ok = 0; /* Still assume the worst */
     ackm_data.pkt_space = ossl_quic_enc_level_to_pn_space(enc_level);
 
     /* Now that special cases are out of the way, parse frames */
@@ -1450,18 +1441,9 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket)
                                   enc_level,
                                   qpacket->time,
                                   &ackm_data))
-        goto end;
+        return 0;
 
-    ok = 1;
- end:
-    /*
-     * ASSUMPTION: If this function is called at all, |qpacket| is
-     * a legitimate packet, even if its contents aren't.
-     * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as
-     * |ackm_data| has at least been initialized.
-     */
-    if (ok >= 0)
-        ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);
+    ossl_ackm_on_rx_packet(ch->ackm, &ackm_data);
 
-    return ok > 0;
+    return 1;
 }

libs/openssl/ssl/record/methods/tls_common.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1090,9 +1090,12 @@ int tls13_common_post_process_record(OSSL_RECORD_LAYER *rl, TLS_RL_RECORD *rec)
         return 0;
     }
 
-    if (rl->msg_callback != NULL)
-        rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &rec->type,
-                        1, rl->cbarg);
+    if (rl->msg_callback != NULL) {
+        unsigned char ctype = (unsigned char)rec->type;
+
+        rl->msg_callback(0, rl->version, SSL3_RT_INNER_CONTENT_TYPE, &ctype,
+                         1, rl->cbarg);
+    }
 
     /*
      * TLSv1.3 alert and handshake records are required to be non-zero in

libs/openssl/test/evp_extra_test.c

@@ -3144,6 +3144,48 @@ static int test_RSA_OAEP_set_null_label(void)
     return ret;
 }
 
+static int test_RSA_encrypt(void)
+{
+    int ret = 0;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *pctx = NULL;
+    unsigned char *cbuf = NULL, *pbuf = NULL;
+    size_t clen = 0, plen = 0;
+
+    if (!TEST_ptr(pkey = load_example_rsa_key())
+        || !TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx,
+                                                       pkey, testpropq))
+        || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0)
+        || !TEST_ptr(cbuf = OPENSSL_malloc(clen))
+        || !TEST_int_gt(EVP_PKEY_encrypt(pctx, cbuf, &clen, kMsg, sizeof(kMsg)), 0))
+        goto done;
+
+    /* Require failure when the output buffer is too small */
+    plen = clen - 1;
+    if (!TEST_int_le(EVP_PKEY_encrypt(pctx, cbuf, &plen, kMsg, sizeof(kMsg)), 0))
+        goto done;
+    /* flush error stack */
+    TEST_openssl_errors();
+
+    /* Check decryption of encrypted result */
+    if (!TEST_int_gt(EVP_PKEY_decrypt_init(pctx), 0)
+        || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
+        || !TEST_ptr(pbuf = OPENSSL_malloc(plen))
+        || !TEST_int_gt(EVP_PKEY_decrypt(pctx, pbuf, &plen, cbuf, clen), 0)
+        || !TEST_mem_eq(pbuf, plen, kMsg, sizeof(kMsg))
+        || !TEST_int_gt(EVP_PKEY_encrypt_init(pctx), 0))
+        goto done;
+
+    ret = 1;
+done:
+    EVP_PKEY_CTX_free(pctx);
+    EVP_PKEY_free(pkey);
+    OPENSSL_free(cbuf);
+    OPENSSL_free(pbuf);
+    return ret;
+}
+
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
 static int test_decrypt_null_chunks(void)
 {
@@ -5680,6 +5722,7 @@ int setup_tests(void)
     ADD_TEST(test_RSA_get_set_params);
     ADD_TEST(test_RSA_OAEP_set_get_params);
     ADD_TEST(test_RSA_OAEP_set_null_label);
+    ADD_TEST(test_RSA_encrypt);
 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
     ADD_TEST(test_decrypt_null_chunks);
 #endif

libs/openssl/test/fake_rsaprov.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -32,6 +32,8 @@ static int exptypes_selection;
 static int query_id;
 static int key_deleted;
 
+unsigned fake_rsa_query_operation_name = 0;
+
 struct fake_rsa_keydata {
     int selection;
     int status;
@@ -77,7 +79,7 @@ static const char *fake_rsa_keymgmt_query(int id)
     /* record global for checking */
     query_id = id;
 
-    return "RSA";
+    return fake_rsa_query_operation_name ? NULL: "RSA";
 }
 
 static int fake_rsa_keymgmt_import(void *keydata, int selection,

libs/openssl/test/fake_rsaprov.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,5 +14,14 @@
 /* Fake RSA provider implementation */
 OSSL_PROVIDER *fake_rsa_start(OSSL_LIB_CTX *libctx);
 void fake_rsa_finish(OSSL_PROVIDER *p);
+
 OSSL_PARAM *fake_rsa_key_params(int priv);
 void fake_rsa_restore_store_state(void);
+
+/*
+ * When fake_rsa_query_operation_name is set to a non-zero value,
+ * query_operation_name() will return NULL.
+ *
+ * By default, it is 0, in which case query_operation_name() will return "RSA".
+ */
+extern unsigned fake_rsa_query_operation_name;

libs/openssl/test/property_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -687,6 +687,22 @@ static int test_property_list_to_string(int i)
     return ret;
 }
 
+static int test_property_list_to_string_bounds(void)
+{
+    OSSL_PROPERTY_LIST *pl = NULL;
+    char buf[16];
+    int ret = 0;
+
+    if (!TEST_ptr(pl = ossl_parse_query(NULL, "provider='$1'", 1)))
+        goto err;
+    if (!TEST_size_t_eq(ossl_property_list_to_string(NULL, pl, buf, 10), 14))
+        goto err;
+    ret = 1;
+ err:
+    ossl_property_free(pl);
+    return ret;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_property_string);
@@ -701,5 +717,6 @@ int setup_tests(void)
     ADD_TEST(test_query_cache_stochastic);
     ADD_TEST(test_fips_mode);
     ADD_ALL_TESTS(test_property_list_to_string, OSSL_NELEM(to_string_tests));
+    ADD_TEST(test_property_list_to_string_bounds);
     return 1;
 }

libs/openssl/test/provider_pkey_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -239,6 +239,77 @@ end:
     return ret;
 }
 
+static int test_pkey_can_sign(void)
+{
+    OSSL_PROVIDER *fake_rsa = NULL;
+    EVP_PKEY *pkey_fake = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    OSSL_PARAM *params = NULL;
+    int ret = 0;
+
+    if (!TEST_ptr(fake_rsa = fake_rsa_start(libctx)))
+        return 0;
+
+    /*
+     * Ensure other tests did not forget to reset fake_rsa_query_operation_name
+     * to its default value: 0
+     */
+    if (!TEST_int_eq(fake_rsa_query_operation_name, 0))
+        goto end;
+
+    if (!TEST_ptr(params = fake_rsa_key_params(0))
+        || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
+                                                      "provider=fake-rsa"))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
+                                        params))
+        || !TEST_true(EVP_PKEY_can_sign(pkey_fake))
+        || !TEST_ptr(pkey_fake))
+        goto end;
+
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+    EVP_PKEY_free(pkey_fake);
+    pkey_fake = NULL;
+    OSSL_PARAM_free(params);
+    params = NULL;
+
+    /*
+     * Documented behavior for OSSL_FUNC_keymgmt_query_operation_name()
+     * allows it to return NULL, in which case the fallback should be to use
+     * EVP_KEYMGMT_get0_name(). That is exactly the thing we are testing here.
+     */
+    fake_rsa_query_operation_name = 1;
+
+    if (!TEST_ptr(params = fake_rsa_key_params(0))
+        || !TEST_ptr(ctx = EVP_PKEY_CTX_new_from_name(libctx, "RSA",
+                                                      "provider=fake-rsa"))
+        || !TEST_true(EVP_PKEY_fromdata_init(ctx))
+        || !TEST_true(EVP_PKEY_fromdata(ctx, &pkey_fake, EVP_PKEY_PUBLIC_KEY,
+                                        params))
+        || !TEST_true(EVP_PKEY_can_sign(pkey_fake))
+        || !TEST_ptr(pkey_fake))
+        goto end;
+
+    EVP_PKEY_CTX_free(ctx);
+    ctx = NULL;
+    EVP_PKEY_free(pkey_fake);
+    pkey_fake = NULL;
+    OSSL_PARAM_free(params);
+    params = NULL;
+
+    ret = 1;
+end:
+
+    EVP_PKEY_CTX_free(ctx);
+    EVP_PKEY_free(pkey_fake);
+    OSSL_PARAM_free(params);
+    fake_rsa_query_operation_name = 0;
+
+    fake_rsa_finish(fake_rsa);
+    return ret;
+}
+
 static int test_pkey_store(int idx)
 {
     OSSL_PROVIDER *deflt = NULL;
@@ -433,6 +504,7 @@ int setup_tests(void)
     ADD_TEST(test_pkey_sig);
     ADD_TEST(test_alternative_keygen_init);
     ADD_TEST(test_pkey_eq);
+    ADD_TEST(test_pkey_can_sign);
     ADD_ALL_TESTS(test_pkey_store, 2);
     ADD_TEST(test_pkey_delete);
     ADD_TEST(test_pkey_store_open_ex);

libs/openssl/test/quic_ackm_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -104,7 +104,8 @@ static int helper_init(struct helper *h, size_t num_pkts)
 
     /* Initialise ACK manager. */
     h->ackm = ossl_ackm_new(fake_now, NULL, &h->statm,
-                            &ossl_cc_dummy_method, h->ccdata);
+                            &ossl_cc_dummy_method, h->ccdata,
+                            /* is_server */0);
     if (!TEST_ptr(h->ackm))
         goto err;
 

libs/openssl/test/quic_fifd_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -329,7 +329,8 @@ static int test_fifd(int idx)
         || !TEST_ptr(info.ackm = ossl_ackm_new(fake_now, NULL,
                                                &info.statm,
                                                &ossl_cc_dummy_method,
-                                               info.ccdata))
+                                               info.ccdata,
+                                               /* is_server */0))
         || !TEST_true(ossl_ackm_on_handshake_confirmed(info.ackm))
         || !TEST_ptr(info.cfq = ossl_quic_cfq_new())
         || !TEST_ptr(info.txpim = ossl_quic_txpim_new())

libs/openssl/test/quic_txp_test.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -171,7 +171,8 @@ static int helper_init(struct helper *h)
     if (!TEST_ptr(h->args.ackm = ossl_ackm_new(fake_now, NULL,
                                                &h->statm,
                                                h->cc_method,
-                                               h->cc_data)))
+                                               h->cc_data,
+                                               /* is_server */0)))
         goto err;
 
     if (!TEST_true(ossl_quic_stream_map_init(&h->qsm, NULL, NULL,

libs/openssl/test/recipes/15-test_ec.t

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -18,7 +18,7 @@ setup("test_ec");
 
 plan skip_all => 'EC is not supported in this build' if disabled('ec');
 
-plan tests => 15;
+plan tests => 16;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
@@ -33,6 +33,16 @@ subtest 'EC conversions -- private key' => sub {
     tconversion( -type => 'ec', -prefix => 'ec-priv',
                  -in => srctop_file("test","testec-p256.pem") );
 };
+
+SKIP: {
+    skip "SM2 is not supported by this OpenSSL build", 1
+        if disabled("sm2");
+    subtest 'EC conversions -- private key' => sub {
+        tconversion( -type => 'ec', -prefix => 'sm2-priv',
+                     -in => srctop_file("test","testec-sm2.pem") );
+    };
+}
+
 subtest 'EC conversions -- private key PKCS#8' => sub {
     tconversion( -type => 'ec', -prefix => 'ec-pkcs8',
                  -in => srctop_file("test","testec-p256.pem"),

libs/openssl/test/recipes/25-test_verify.t

@@ -599,9 +599,10 @@ ok(vfy_root("-CAfile", $rootcert), "CAfile");
 ok(vfy_root("-CAstore", $rootcert), "CAstore");
 ok(vfy_root("-CAstore", $rootcert, "-CAfile", $rootcert), "CAfile and existing CAstore");
 ok(!vfy_root("-CAstore", "non-existing", "-CAfile", $rootcert), "CAfile and non-existing CAstore");
+
 SKIP: {
-    skip "file names with colons aren't supported on Windows and VMS", 2
-        if $^O =~ /^(MsWin32|VMS)$/;
+    skip "file names with colons aren't supported on Windows and VMS", 1
+        if $^O =~ /^(MSWin32|VMS)$/;
     my $foo_file = "foo:cert.pem";
     copy($rootcert, $foo_file);
     ok(vfy_root("-CAstore", $foo_file), "CAstore foo:file");

libs/openssl/test/recipes/30-test_evp_data/evpkdf_krb5.txt

@@ -1,5 +1,5 @@
 #
-# Copyright 2001-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -129,3 +129,11 @@ Ctrl.cipher = cipher:DES-EDE3-CBC
 Ctrl.hexkey = hexkey:dce06b1f64c857a11c3db57c51899b2cc1791008ce973b92
 Ctrl.hexconstant = hexconstant:0000000155
 Output = 935079d14490a75c3093c4a6e8c3b049c71e6ee705
+
+#Erroneous key size for the cipher as XTS has double key size
+KDF = KRB5KDF
+Ctrl.cipher = cipher:AES-256-XTS
+Ctrl.hexkey = hexkey:FE697B52BC0D3CE14432BA036A92E65BBB52280990A2FA27883998D72AF30161
+Ctrl.hexconstant = hexconstant:0000000255
+Output = 97151B4C76945063E2EB0529DC067D97D7BBA90776D8126D91F34F3101AEA8BA
+Result = KDF_DERIVE_ERROR

libs/openssl/test/recipes/80-test_cms.t

@@ -83,6 +83,15 @@ my @smime_pkcs7_tests = (
       \&final_compare
     ],
 
+    [ "signed text content DER format, RSA key",
+      [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER", "-nodetach",
+        "-certfile", $smroot, "-signer", $smrsa1, "-text",
+        "-out", "{output}.cms" ],
+      [ "{cmd2}",  @prov, "-verify", "-in", "{output}.cms", "-inform", "DER",
+        "-text", "-CAfile", $smroot, "-out", "{output}.txt" ],
+      \&final_compare
+    ],
+
     [ "signed detached content DER format, RSA key",
       [ "{cmd1}", @prov, "-sign", "-in", $smcont, "-outform", "DER",
         "-signer", $smrsa1, "-out", "{output}.cms" ],
@@ -216,6 +225,14 @@ my @smime_pkcs7_tests = (
       \&final_compare
     ],
 
+    [ "enveloped text content streaming S/MIME format, DES, 1 recipient",
+      [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
+        "-stream", "-text", "-out", "{output}.cms", $smrsa1 ],
+      [ "{cmd2}", @defaultprov, "-decrypt", "-recip", $smrsa1,
+        "-in", "{output}.cms", "-text", "-out", "{output}.txt" ],
+      \&final_compare
+    ],
+
     [ "enveloped content test streaming S/MIME format, DES, 3 recipients, 3rd used",
       [ "{cmd1}", @defaultprov, "-encrypt", "-in", $smcont,
         "-stream", "-out", "{output}.cms",

libs/openssl/test/recipes/90-test_store_cases.t

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -18,9 +18,10 @@ use OpenSSL::Test::Utils;
 my $test_name = "test_store_cases";
 setup($test_name);
 
-plan tests => 2;
+plan tests => 3;
 
 my $stderr;
+my @stdout;
 
 # The case of the garbage PKCS#12 DER file where a passphrase was
 # prompted for.  That should not have happened.
@@ -34,3 +35,24 @@ open DATA, $stderr;
 close DATA;
 ok(scalar @match > 0 ? 0 : 1,
    "checking that storeutl didn't ask for a passphrase");
+
+ SKIP: {
+     skip "The objects in test-BER.p12 contain EC keys, which is disabled in this build", 1
+         if disabled("ec");
+     skip "test-BER.p12 has contents encrypted with DES-EDE3-CBC, which is disabled in this build", 1
+         if disabled("des");
+
+     # The case with a BER-encoded PKCS#12 file, using infinite + EOC
+     # constructs.  There was a bug with those in OpenSSL 3.0 and newer,
+     # where OSSL_STORE_load() (and by consequence, 'openssl storeutl')
+     # only extracted the first available object from that file and
+     # ignored the rest.
+     # Our test file has a total of four objects, and this should be
+     # reflected in the total that 'openssl storeutl' outputs
+     @stdout = run(app(['openssl', 'storeutl', '-passin', 'pass:12345',
+                        data_file('test-BER.p12')]),
+                   capture => 1);
+     @stdout = map { my $x = $_; $x =~ s/\R$//; $x } @stdout; # Better chomp
+     ok((grep { $_ eq 'Total found: 4' } @stdout),
+        "Checking that 'openssl storeutl' with test-BER.p12 returns 4 objects");
+}

libs/openssl/test/recipes/90-test_threads_data/store/8489a545.0

@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFjCCAf6gAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290
+IENBMCAXDTIwMTIxMjIwMTEzN1oYDzIxMjAxMjEzMjAxMTM3WjASMRAwDgYDVQQD
+DAdSb290IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4eYA9Qa8
+oEY4eQ8/HnEZE20C3yubdmv8rLAh7daRCEI7pWM17FJboKJKxdYAlAOXWj25ZyjS
+feMhXKTtxjyNjoTRnVTDPdl0opZ2Z3H5xhpQd7P9eO5b4OOMiSPCmiLsPtQ3ngfN
+wCtVERc6NEIcaQ06GLDtFZRexv2eh8Yc55QaksBfBcFzQ+UD3gmRySTO2I6Lfi7g
+MUjRhipqVSZ66As2Tpex4KTJ2lxpSwOACFaDox+yKrjBTP7FsU3UwAGq7b7OJb3u
+aa32B81uK6GJVPVo65gJ7clgZsszYkoDsGjWDqtfwTVVfv1G7rrr3Laio+2Ff3ff
+tWgiQ35mJCOvxQIDAQABo3UwczAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIB
+BjAdBgNVHQ4EFgQUjvUlrx6ba4Q9fICayVOcTXL3o1IwHwYDVR0jBBgwFoAUjvUl
+rx6ba4Q9fICayVOcTXL3o1IwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcN
+AQELBQADggEBABWUjaqtkdRDhVAJZTxkJVgohjRrBwp86Y0JZWdCDua/sErmEaGu
+nQVxWWFWIgu6sb8tyQo3/7dBIQl3Rpij9bsgKhToO1OzoG3Oi3d0+zRDHfY6xNrj
+TUE00FeLHGNWsgZSIvu99DrGApT/+uPdWfJgMu5szillqW+4hcCUPLjG9ekVNt1s
+KhdEklo6PrP6eMbm6s22EIVUxqGE6xxAmrvyhlY1zJH9BJ23Ps+xabjG6OeMRZzT
+0F/fU7XIFieSO7rqUcjgo1eYc3ghsDxNUJ6TPBgv5z4SPnstoOBj59rjpJ7Qkpyd
+L17VfEadezat37Cpeha7vGDduCsyMfN4kiw=
+-----END CERTIFICATE-----

libs/openssl/test/recipes/95-test_external_oqsprovider_data/oqsprovider-ca.sh

@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Test openssl CA functionality using oqsprovider for alg $1
+
+if [ $# -ne 1 ]; then
+    echo "Usage: $0 <algorithmname>. Exiting."
+    exit 1
+fi
+
+if [ -z "$OPENSSL_APP" ]; then
+    echo "OPENSSL_APP env var not set. Exiting."
+    exit 1
+fi
+
+if [ -z "$OPENSSL_MODULES" ]; then
+    echo "Warning: OPENSSL_MODULES env var not set."
+fi
+
+if [ -z "$OPENSSL_CONF" ]; then
+    echo "Warning: OPENSSL_CONF env var not set."
+fi
+
+# Set OSX DYLD_LIBRARY_PATH if not already externally set
+if [ -z "$DYLD_LIBRARY_PATH" ]; then
+    export DYLD_LIBRARY_PATH=$LD_LIBRARY_PATH
+fi
+
+echo "oqsprovider-ca.sh commencing..."
+
+#rm -rf tmp
+mkdir -p tmp && cd tmp
+rm -rf demoCA && mkdir -p demoCA/newcerts
+touch demoCA/index.txt
+echo '01' > demoCA/serial
+$OPENSSL_APP req -x509 -new -newkey $1 -keyout $1_rootCA.key -out $1_rootCA.crt -subj "/CN=test CA" -nodes
+
+if [ $? -ne 0 ]; then
+   echo "Failed to generate root CA. Exiting."
+   exit 1
+fi
+
+$OPENSSL_APP req -new -newkey $1 -keyout $1.key -out $1.csr -nodes -subj "/CN=test Server"
+
+if [ $? -ne 0 ]; then
+   echo "Failed to generate test server CSR. Exiting."
+   exit 1
+fi
+
+$OPENSSL_APP ca -batch -days 100 -keyfile $1_rootCA.key -cert $1_rootCA.crt -policy policy_anything -notext -out $1.crt -infiles $1.csr
+
+if [ $? -ne 0 ]; then
+   echo "Failed to generate server CRT. Exiting."
+   exit 1
+fi
+
+# Don't forget to use provider(s) when not activated via config file
+$OPENSSL_APP verify -CAfile $1_rootCA.crt $1.crt
+