OpenSSL 3.3.4

Source commit: f755cc0d2ae3cb215780d4f27e2e04c3e35b4c27

libs/openssl/CHANGES.md

@@ -26,6 +26,22 @@ OpenSSL Releases
 OpenSSL 3.3
 -----------
 
+### Changes between 3.3.3 and 3.3.4 [1 Jul 2025]
+
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+   alert being received. Older versions of OpenSSL failed with DTLS if a
+   no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+   From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+   have now restored the original behaviour and brought DTLS back into line with
+   TLS.
+
+   *Matt Caswell*
+
+ * When displaying distinguished names in the openssl application escape control
+   characters by default.
+
+   *Tomáš Mráz*
+
 ### Changes between 3.3.2 and 3.3.3 [11 Feb 2025]
 
  * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected.
@@ -4047,7 +4063,7 @@ OpenSSL 1.1.1
  * Support for TLSv1.3 added. Note that users upgrading from an earlier
    version of OpenSSL should review their configuration settings to ensure
    that they are still appropriate for TLSv1.3. For further information see:
-   <https://wiki.openssl.org/index.php/TLS1.3>
+   <https://github.com/openssl/openssl/wiki/TLS1.3>
 
    *Matt Caswell*
 
@@ -5335,7 +5351,7 @@ OpenSSL 1.1.0
 
  * The GOST engine was out of date and therefore it has been removed. An up
    to date GOST engine is now being maintained in an external repository.
-   See: <https://wiki.openssl.org/index.php/Binaries>. Libssl still retains
+   See: <https://github.com/openssl/openssl/wiki/Binaries>. Libssl still retains
    support for GOST ciphersuites (these are only activated if a GOST engine
    is present).
 
@@ -6114,6 +6130,11 @@ OpenSSL 1.1.0
 
    *Rob Percival <[email protected]>*
 
+ * SSLv3 is by default disabled at build-time. Builds that are not
+   configured with "enable-ssl3" will not support SSLv3.
+
+   *Kurt Roeckx*
+
 OpenSSL 1.0.2
 -------------
 

libs/openssl/Configure

@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -162,6 +162,7 @@ my @gcc_devteam_warn = qw(
     -Wextra
     -Wno-unused-parameter
     -Wno-missing-field-initializers
+    -Wno-unterminated-string-initialization
     -Wswitch
     -Wsign-compare
     -Wshadow

libs/openssl/NEWS.md

@@ -21,6 +21,14 @@ OpenSSL Releases
 OpenSSL 3.3
 -----------
 
+### Major changes between OpenSSL 3.3.3 and OpenSSL 3.3.4 [1 Jul 2025]
+
+OpenSSL 3.3.4 is a bug fix release.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Miscellaneous minor bug fixes.
+
 ### Major changes between OpenSSL 3.3.2 and OpenSSL 3.3.3 [11 Feb 2025]
 
 OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this
@@ -579,7 +587,7 @@ OpenSSL 1.1.1
     * Rewrite of the packet construction code for "safer" packet handling
     * Rewrite of the extension handling code
     For further important information, see the [TLS1.3 page](
-    https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki.
+    https://github.com/openssl/openssl/wiki/TLS1.3) in the OpenSSL Wiki.
 
   * Complete rewrite of the OpenSSL random number generator to introduce the
     following capabilities

libs/openssl/NOTES-WINDOWS.md

@@ -87,6 +87,11 @@ Quick start
        on the Universal CRT or
     - `perl Configure`              to let Configure figure out the platform
 
+    a. If you don't plan to develop OpenSSL yourself and don't need to rebuild,
+       in other words, if you always do a new build, turning off the build
+       dependency feature can speed up build times by up to 50%:
+       `perl Configure no-makedepend`
+
  6. `nmake`
 
  7. `nmake test`

libs/openssl/README-FIPS.md

@@ -34,7 +34,9 @@ Installing the FIPS provider
 In order to be FIPS compliant you must only use FIPS validated source code.
 Refer to <https://www.openssl.org/source/> for information related to
 which versions are FIPS validated. The instructions given below build OpenSSL
-just using the FIPS validated source code.
+just using the FIPS validated source code.  Any FIPS validated version may be
+used with any other openssl library.  Please see <https://www.openssl.org/source/>
+To determine which FIPS validated library version may be appropriate for you.
 
 If you want to use a validated FIPS provider, but also want to use the latest
 OpenSSL release to build everything else, then refer to the next section.
@@ -71,11 +73,11 @@ the installation by doing the following two things:
 
 - Runs the FIPS module self tests
 - Generates the so-called FIPS module configuration file containing information
-  about the module such as the module checksum (and for OpenSSL 3.0 the
+  about the module such as the module checksum (and for OpenSSL 3.1.2 the
   self test status).
 
 The FIPS module must have the self tests run, and the FIPS module config file
-output generated on every machine that it is to be used on. For OpenSSL 3.0,
+output generated on every machine that it is to be used on. For OpenSSL 3.1.2
 you must not copy the FIPS module config file output data from one machine to another.
 
 On Unix, the `openssl fipsinstall` command will be invoked as follows by default:
@@ -95,11 +97,11 @@ Download and build a validated FIPS provider
 --------------------------------------------
 
 Refer to <https://www.openssl.org/source/> for information related to
-which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
+which versions are FIPS validated. For this example we use OpenSSL 3.1.2.
 
-    $ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
-    $ tar -xf openssl-3.0.0.tar.gz
-    $ cd openssl-3.0.0
+    $ wget https://www.openssl.org/source/openssl-3.1.2.tar.gz
+    $ tar -xf openssl-3.1.2.tar.gz
+    $ cd openssl-3.1.2
     $ ./Configure enable-fips
     $ make
     $ cd ..
@@ -107,44 +109,45 @@ which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
 Download and build the latest release of OpenSSL
 ------------------------------------------------
 
-We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X)
+We use OpenSSL 3.5.0 here, (but you could also use the latest 3.5.X)
 
-    $ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
-    $ tar -xf openssl-3.1.0.tar.gz
-    $ cd openssl-3.1.0
+    $ wget https://www.openssl.org/source/openssl-3.5.0.tar.gz
+    $ tar -xf openssl-3.5.0.tar.gz
+    $ cd openssl-3.5.0
     $ ./Configure enable-fips
     $ make
 
 Use the OpenSSL FIPS provider for testing
 -----------------------------------------
 
-We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider.
-Note that the OpenSSL 3.1.0 FIPS provider has not been validated
+We do this by replacing the artifact for the OpenSSL 3.5.0 FIPS provider.
+Note that the OpenSSL 3.5.0 FIPS provider has not been validated
 so it must not be used for FIPS purposes.
 
-    $ cp ../openssl-3.0.0/providers/fips.so providers/.
-    $ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/.
-    // Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not
+    $ cp ../openssl-3.1.2/providers/fips.so providers/.
+    $ cp ../openssl-3.1.2/providers/fipsmodule.cnf providers/.
+    // Note that for OpenSSL 3.1.2 that the `fipsmodule.cnf` file should not
     // be copied across multiple machines if it contains an entry for
     // `install-status`. (Otherwise the self tests would be skipped).
 
     // Validate the output of the following to make sure we are using the
-    // OpenSSL 3.0.0 FIPS provider
+    // OpenSSL 3.1.2 FIPS provider
     $ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
     -provider fips -providers
 
-    // Now run the current tests using the OpenSSL 3.0 FIPS provider.
+    // Now run the current tests using the OpenSSL 3.1.2 FIPS provider.
     $ make tests
 
 Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
 -------------------------------------------------------------------------------------
 
-    $ cd ../openssl-3.0.0
+    $ cd ../openssl-3.1.2
     $ sudo make install_fips
 
 Check that the correct FIPS provider is being used
 --------------------------------------------------
 
+    $ cd ../openssl-3.5.0
     $./util/wrap.pl -fips apps/openssl list -provider-path providers \
     -provider fips -providers
 
@@ -152,11 +155,11 @@ Check that the correct FIPS provider is being used
     Providers:
       base
         name: OpenSSL Base Provider
-        version: 3.1.0
+        version: 3.5.0
         status: active
       fips
         name: OpenSSL FIPS Provider
-        version: 3.0.0
+        version: 3.1.2
         status: active
 
 Using the FIPS Module in applications

libs/openssl/README.md

@@ -161,8 +161,7 @@ There are numerous source code demos for using various OpenSSL capabilities in t
 Wiki
 ----
 
-There is a Wiki at [wiki.openssl.org] which is currently not very active.
-It contains a lot of useful information, not all of which is up-to-date.
+There is a [GitHub Wiki] which is currently not very active.
 
 License
 =======
@@ -211,8 +210,8 @@ All rights reserved.
     <https://github.com/openssl/openssl>
     "OpenSSL GitHub Mirror"
 
-[wiki.openssl.org]:
-    <https://wiki.openssl.org>
+[GitHub Wiki]:
+    <https://github.com/openssl/openssl/wiki>
     "OpenSSL Wiki"
 
 [ossl-guide-migration(7ossl)]:
@@ -229,7 +228,7 @@ All rights reserved.
      <https://tools.ietf.org/html/rfc9000>
 
 [Binaries]:
-    <https://wiki.openssl.org/index.php/Binaries>
+    <https://github.com/openssl/openssl/wiki/Binaries>
     "List of third party OpenSSL binaries"
 
 [OpenSSL Guide]:

libs/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=3
-PATCH=3
+PATCH=4
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="11 Feb 2025"
+RELEASE_DATE="1 Jul 2025"
 SHLIB_VERSION=3

libs/openssl/apps/CA.pl.in

@@ -1,5 +1,5 @@
 #!{- $config{HASHBANGPERL} -}
-# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -19,14 +19,17 @@ my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
 
 my $openssl = $ENV{'OPENSSL'} // "openssl";
 $ENV{'OPENSSL'} = $openssl;
+my @openssl = split_val($openssl);
+
 my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
+my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG);
 
 # Command invocations.
-my $REQ = "$openssl req $OPENSSL_CONFIG";
-my $CA = "$openssl ca $OPENSSL_CONFIG";
-my $VERIFY = "$openssl verify";
-my $X509 = "$openssl x509";
-my $PKCS12 = "$openssl pkcs12";
+my @REQ = (@openssl, "req", @OPENSSL_CONFIG);
+my @CA = (@openssl, "ca", @OPENSSL_CONFIG);
+my @VERIFY = (@openssl, "verify");
+my @X509 = (@openssl, "x509");
+my @PKCS12 = (@openssl, "pkcs12");
 
 # Default values for various configuration settings.
 my $CATOP = "./demoCA";
@@ -34,10 +37,10 @@ my $CAKEY = "cakey.pem";
 my $CAREQ = "careq.pem";
 my $CACERT = "cacert.pem";
 my $CACRL = "crl.pem";
-my $DAYS = "-days 365";
-my $CADAYS = "-days 1095";	# 3 years
-my $EXTENSIONS = "-extensions v3_ca";
-my $POLICY = "-policy policy_anything";
+my @DAYS = qw(-days 365);
+my @CADAYS = qw(-days 1095);	# 3 years
+my @EXTENSIONS = qw(-extensions v3_ca);
+my @POLICY = qw(-policy policy_anything);
 my $NEWKEY = "newkey.pem";
 my $NEWREQ = "newreq.pem";
 my $NEWCERT = "newcert.pem";
@@ -45,31 +48,177 @@ my $NEWP12 = "newcert.p12";
 
 # Commandline parsing
 my %EXTRA;
-my $WHAT = shift @ARGV || "";
+my $WHAT = shift @ARGV // "";
 @ARGV = parse_extra(@ARGV);
 my $RET = 0;
 
+sub split_val {
+    return split_val_win32(@_) if ($^O eq 'MSWin32');
+    my ($val) = @_;
+    my (@ret, @frag);
+
+    # Skip leading whitespace
+    $val =~ m{\A[ \t]*}ogc;
+
+    # Unix shell-compatible split
+    #
+    # Handles backslash escapes outside quotes and
+    # in double-quoted strings.  Parameter and
+    # command-substitution is silently ignored.
+    # Bare newlines outside quotes and (trailing) backslashes are disallowed.
+
+    while (1) {
+        last if (pos($val) == length($val));
+
+        # The first char is never a SPACE or TAB.  Possible matches are:
+        # 1. Ordinary string fragment
+        # 2. Single-quoted string
+        # 3. Double-quoted string
+        # 4. Backslash escape
+        # 5. Bare backlash or newline (rejected)
+        #
+        if ($val =~ m{\G([^'" \t\n\\]+)}ogc) {
+            # Ordinary string
+            push @frag, $1;
+        } elsif ($val =~ m{\G'([^']*)'}ogc) {
+            # Single-quoted string
+            push @frag, $1;
+        } elsif ($val =~ m{\G"}ogc) {
+            # Double-quoted string
+            push @frag, "";
+            while (1) {
+                last if ($val =~ m{\G"}ogc);
+                if ($val =~ m{\G([^"\\]+)}ogcs) {
+                    # literals
+                    push @frag, $1;
+                } elsif ($val =~ m{\G.(["\`\$\\])}ogc) {
+                    # backslash-escaped special
+                    push @frag, $1;
+                } elsif ($val =~ m{\G.(.)}ogcs) {
+                    # backslashed non-special
+                    push @frag, "\\$1" unless $1 eq "\n";
+                } else {
+                    die sprintf("Malformed quoted string: %s\n", $val);
+                }
+            }
+        } elsif ($val =~ m{\G\\(.)}ogc) {
+            # Backslash is unconditional escape outside quoted strings
+            push @frag, $1 unless $1 eq "\n";
+        } else {
+            die sprintf("Bare backslash or newline in: '%s'\n", $val);
+        }
+        # Done if at SPACE, TAB or end, otherwise continue current fragment
+        #
+        next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+        push @ret, join("", splice(@frag)) if (@frag > 0);
+    }
+    # Handle final fragment
+    push @ret, join("", splice(@frag)) if (@frag > 0);
+    return @ret;
+}
+
+sub split_val_win32 {
+    my ($val) = @_;
+    my (@ret, @frag);
+
+    # Skip leading whitespace
+    $val =~ m{\A[ \t]*}ogc;
+
+    # Windows-compatible split
+    # See: "Parsing C++ command-line arguments" in:
+    # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170
+    #
+    # Backslashes are special only when followed by a double-quote
+    # Pairs of double-quotes make a single double-quote.
+    # Closing double-quotes may be omitted.
+
+    while (1) {
+        last if (pos($val) == length($val));
+
+        # The first char is never a SPACE or TAB.
+        # 1. Ordinary string fragment
+        # 2. Double-quoted string
+        # 3. Backslashes preceding a double-quote
+        # 4. Literal backslashes
+        # 5. Bare newline (rejected)
+        #
+        if ($val =~ m{\G([^" \t\n\\]+)}ogc) {
+            # Ordinary string
+            push @frag, $1;
+        } elsif ($val =~ m{\G"}ogc) {
+            # Double-quoted string
+            push @frag, "";
+            while (1) {
+                if ($val =~ m{\G("+)}ogc) {
+                    # Two double-quotes make one literal double-quote
+                    my $l = length($1);
+                    push @frag, q{"} x int($l/2) if ($l > 1);
+                    next if ($l % 2 == 0);
+                    last;
+                }
+                if ($val =~ m{\G([^"\\]+)}ogc) {
+                    push @frag, $1;
+                } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+                    # Backslashes before a double-quote are escapes
+                    my $l = length($1);
+                    push @frag, q{\\} x int($l / 2);
+                    if ($l % 2 == 1) {
+                        ++pos($val);
+                        push @frag, q{"};
+                    }
+                } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) {
+                    # Backslashes not before a double-quote are not special
+                    push @frag, $1;
+                } else {
+                    # Tolerate missing closing double-quote
+                    last;
+                }
+            }
+        } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+            my $l = length($1);
+            push @frag, q{\\} x int($l / 2);
+            if ($l % 2 == 1) {
+                ++pos($val);
+                push @frag, q{"};
+            }
+        } elsif ($val =~ m{\G([\\]+)}ogc) {
+            # Backslashes not before a double-quote are not special
+            push @frag, $1;
+        } else {
+            die sprintf("Bare newline in: '%s'\n", $val);
+        }
+        # Done if at SPACE, TAB or end, otherwise continue current fragment
+        #
+        next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+        push @ret, join("", splice(@frag)) if (@frag > 0);
+    }
+    # Handle final fragment
+    push @ret, join("", splice(@frag)) if (@frag);
+    return @ret;
+}
+
 # Split out "-extra-CMD value", and return new |@ARGV|. Fill in
 # |EXTRA{CMD}| with list of values.
 sub parse_extra
 {
+    my @args;
     foreach ( @OPENSSL_CMDS ) {
-        $EXTRA{$_} = '';
+        $EXTRA{$_} = [];
     }
-
-    my @result;
-    while ( scalar(@_) > 0 ) {
-        my $arg = shift;
-        if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
-            push @result, $arg;
+    while (@_) {
+        my $arg = shift(@_);
+        if ( $arg !~ m{^-extra-(\w+)$} ) {
+            push @args, split_val($arg);
             next;
         }
-        $arg =~ s/-extra-//;
-        die("Unknown \"-${arg}-extra\" option, exiting")
-            unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
-        $EXTRA{$arg} .= " " . shift;
+        $arg = $1;
+        die "Unknown \"-extra-${arg}\" option, exiting\n"
+            unless grep { $arg eq $_ } @OPENSSL_CMDS;
+        die "Missing \"-extra-${arg}\" option value, exiting\n"
+            unless (@_ > 0);
+        push @{$EXTRA{$arg}}, split_val(shift(@_));
     }
-    return @result;
+    return @args;
 }
 
 
@@ -112,9 +261,9 @@ sub copy_pemfile
 # Wrapper around system; useful for debugging.  Returns just the exit status
 sub run
 {
-    my $cmd = shift;
-    print "====\n$cmd\n" if $verbose;
-    my $status = system($cmd);
+    my ($cmd, @args) = @_;
+    print "====\n$cmd @args\n" if $verbose;
+    my $status = system {$cmd} $cmd, @args;
     print "==> $status\n====\n" if $verbose;
     return $status >> 8;
 }
@@ -133,17 +282,15 @@ EOF
 
 if ($WHAT eq '-newcert' ) {
     # create a certificate
-    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
-            . " $EXTRA{req}");
+    $RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
     print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
 } elsif ($WHAT eq '-precert' ) {
     # create a pre-certificate
-    $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
-            . " $EXTRA{req}");
+    $RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
     print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
 } elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
     # create a certificate request
-    $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
+    $RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}});
     print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
 } elsif ($WHAT eq '-newca' ) {
     # create the directory hierarchy
@@ -176,48 +323,45 @@ if ($WHAT eq '-newcert' ) {
         copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
     } else {
         print "Making CA certificate ...\n";
-        $RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
-                . " -out ${CATOP}/$CAREQ $EXTRA{req}");
-        $RET = run("$CA -create_serial"
-                . " -out ${CATOP}/$CACERT $CADAYS -batch"
-                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
-                . " $EXTENSIONS"
-                . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
+        $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY",
+                   "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}});
+        $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS,
+                   qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign",
+                   @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}})
+            if $RET == 0;
         print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
     }
 } elsif ($WHAT eq '-pkcs12' ) {
     my $cname = $ARGV[0];
     $cname = "My Certificate" unless defined $cname;
-    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
-            . " -certfile ${CATOP}/$CACERT -out $NEWP12"
-            . " -export -name \"$cname\" $EXTRA{pkcs12}");
-    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+    $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY,
+               "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12,
+               qw(-export -name), $cname, @{$EXTRA{pkcs12}});
+    print "PKCS#12 file is in $NEWP12\n" if $RET == 0;
 } elsif ($WHAT eq '-xsign' ) {
-    $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}});
 } elsif ($WHAT eq '-sign' ) {
-    $RET = run("$CA $POLICY -out $NEWCERT"
-            . " -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+               "-infiles", $NEWREQ, @{$EXTRA{ca}});
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signCA' ) {
-    $RET = run("$CA $POLICY -out $NEWCERT"
-            . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS,
+               "-infiles", $NEWREQ, @{$EXTRA{ca}});
     print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signcert' ) {
-    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
-            . " -out tmp.pem $EXTRA{x509}");
-    $RET = run("$CA $POLICY -out $NEWCERT"
-            .  "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
+    $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ,
+               qw(-out tmp.pem), @{$EXTRA{x509}});
+    $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+               qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0;
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-verify' ) {
     my @files = @ARGV ? @ARGV : ( $NEWCERT );
     foreach my $file (@files) {
-        # -CAfile quoted for VMS, since the C RTL downcases all unquoted
-        # arguments to C programs
-        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
+        my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}});
         $RET = $status if $status != 0;
     }
 } elsif ($WHAT eq '-crl' ) {
-    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
+    $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}});
     print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
 } elsif ($WHAT eq '-revoke' ) {
     my $cname = $ARGV[0];
@@ -225,10 +369,10 @@ if ($WHAT eq '-newcert' ) {
         print "Certificate filename is required; reason optional.\n";
         exit 1;
     }
-    my $reason = $ARGV[1];
-    $reason = " -crl_reason $reason"
-        if defined $reason && crl_reason_ok($reason);
-    $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
+    my @reason;
+    @reason = ("-crl_reason", $ARGV[1])
+        if defined $ARGV[1] && crl_reason_ok($ARGV[1]);
+    $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}});
 } else {
     print STDERR "Unknown arg \"$WHAT\"\n";
     print STDERR "Use -help for help.\n";

libs/openssl/apps/cmp.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -907,7 +907,7 @@ static int set_name(const char *str,
                     OSSL_CMP_CTX *ctx, const char *desc)
 {
     if (str != NULL) {
-        X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc);
+        X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc);
 
         if (n == NULL)
             return 0;

libs/openssl/apps/cms.c

@@ -1010,7 +1010,7 @@ int cms_main(int argc, char **argv)
                 goto end;
 
             pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-            if (kparam != NULL) {
+            if (pctx != NULL && kparam != NULL) {
                 if (!cms_set_pkey_param(pctx, kparam->param))
                     goto end;
             }

libs/openssl/apps/lib/apps.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,7 +189,11 @@ int set_nameopt(const char *arg)
 unsigned long get_nameopt(void)
 {
     return
-        nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT;
+        nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN
+                              | ASN1_STRFLGS_ESC_CTRL
+                              | ASN1_STRFLGS_UTF8_CONVERT
+                              | ASN1_STRFLGS_DUMP_UNKNOWN
+                              | ASN1_STRFLGS_DUMP_DER;
 }
 
 void dump_cert_text(BIO *out, X509 *x)
@@ -1718,6 +1722,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
     }
 
     retdb->dbfname = OPENSSL_strdup(dbfile);
+    if (retdb->dbfname == NULL)
+        goto err;
+
 #ifndef OPENSSL_NO_POSIX_IO
     retdb->dbst = dbst;
 #endif

libs/openssl/apps/lib/s_socket.c

@@ -172,8 +172,16 @@ int init_client(int *sock, const char *host, const char *port,
         }
 
         /* Save the address */
-        if (tfo || !doconn)
+        if (tfo || !doconn) {
+            if (ba_ret == NULL) {
+                BIO_printf(bio_err, "Internal error\n");
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                goto out;
+            }
+
             *ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
+        }
 
         /* Success, don't try any more addresses */
         break;

libs/openssl/apps/ocsp.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1049,6 +1049,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
     }
 
     bs = OCSP_BASICRESP_new();
+    if (bs == NULL) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+        goto end;
+    }
     thisupd = X509_gmtime_adj(NULL, 0);
     if (ndays != -1)
         nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);

libs/openssl/apps/pkeyutl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -370,6 +370,7 @@ int pkeyutl_main(int argc, char **argv)
             if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
                 BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
                            prog, opt);
+                OPENSSL_free(passwd);
                 goto end;
             }
             OPENSSL_free(passwd);

libs/openssl/apps/s_time.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -323,8 +323,10 @@ int s_time_main(int argc, char **argv)
      */
 
  next:
-    if (!(perform & 2))
+    if (!(perform & 2)) {
+        ret = 0;
         goto end;
+    }
     printf("\n\nNow timing with session id reuse.\n");
 
     /* Get an SSL object so we can reuse the session id */

libs/openssl/apps/storeutl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -200,9 +200,7 @@ int storeutl_main(int argc, char *argv[])
             }
             break;
         case OPT_CRITERION_FINGERPRINT:
-            if (criterion != 0
-                || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
-                    && fingerprint != NULL)) {
+            if (criterion != 0) {
                 BIO_printf(bio_err, "%s: criterion already given.\n",
                            prog);
                 goto end;

libs/openssl/apps/ts.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1018,7 +1018,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
             BIO_printf(bio_err, "memory allocation failure\n");
             goto err;
         }
-        if (X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq) <= 0) {
+        if (X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq) <= 0) {
             BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
             goto err;
         }

libs/openssl/apps/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -436,7 +436,7 @@ int x509_main(int argc, char **argv)
             break;
         case OPT_ADDTRUST:
             if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
-                goto end;
+                goto err;
             if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
                 BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
                            prog, opt_arg());
@@ -447,7 +447,7 @@ int x509_main(int argc, char **argv)
             break;
         case OPT_ADDREJECT:
             if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
-                goto end;
+                goto err;
             if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
                 BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
                            prog, opt_arg());
@@ -605,7 +605,7 @@ int x509_main(int argc, char **argv)
         goto opthelp;
 
     if (!app_RAND_load())
-        goto end;
+        goto err;
 
     if (!opt_check_md(digest))
         goto opthelp;
@@ -624,7 +624,7 @@ int x509_main(int argc, char **argv)
 
     if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
                                          app_get0_propq()))
-        goto end;
+        goto err;
 
     if (newcert && infile != NULL) {
         BIO_printf(bio_err, "The -in option cannot be used with -new\n");
@@ -637,12 +637,12 @@ int x509_main(int argc, char **argv)
     if (privkeyfile != NULL) {
         privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
         if (privkey == NULL)
-            goto end;
+            goto err;
     }
     if (pubkeyfile != NULL) {
         if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
                                   "explicitly set public key")) == NULL)
-            goto end;
+            goto err;
     }
 
     if (newcert) {
@@ -659,10 +659,10 @@ int x509_main(int argc, char **argv)
     }
     if (issu != NULL
             && (fissu = parse_name(issu, chtype, multirdn, "issuer")) == NULL)
-        goto end;
+        goto err;
     if (subj != NULL
             && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
-        goto end;
+        goto err;
 
     if (CAkeyfile == NULL)
         CAkeyfile = CAfile;
@@ -694,7 +694,7 @@ int x509_main(int argc, char **argv)
         X509V3_CTX ctx2;
 
         if ((extconf = app_load_config(extfile)) == NULL)
-            goto end;
+            goto err;
         if (extsect == NULL) {
             extsect = app_conf_try_string(extconf, "default", "extensions");
             if (extsect == NULL)
@@ -716,7 +716,7 @@ int x509_main(int argc, char **argv)
         req = load_csr_autofmt(infile, informat, vfyopts,
                                "certificate request input");
         if (req == NULL)
-            goto end;
+            goto err;
 
         if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
             BIO_printf(bio_err, "Error unpacking public key from CSR\n");
@@ -747,11 +747,11 @@ int x509_main(int argc, char **argv)
             goto err;
         }
         if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
-            goto end;
+            goto err;
         if (CAfile == NULL && sno == NULL) {
             sno = ASN1_INTEGER_new();
             if (sno == NULL || !rand_serial(NULL, sno))
-                goto end;
+                goto err;
         }
         if (req != NULL && ext_copy != EXT_COPY_UNSET) {
             if (clrext && ext_copy != EXT_COPY_NONE) {
@@ -768,27 +768,27 @@ int x509_main(int argc, char **argv)
                        "Warning: Reading certificate from stdin since no -in or -new option is given\n");
         x = load_cert_pass(infile, informat, 1, passin, "certificate");
         if (x == NULL)
-            goto end;
+            goto err;
     }
     if ((fsubj != NULL || req != NULL)
         && !X509_set_subject_name(x, fsubj != NULL ? fsubj :
                                   X509_REQ_get_subject_name(req)))
-        goto end;
+        goto err;
     if ((pubkey != NULL || privkey != NULL || req != NULL)
         && !X509_set_pubkey(x, pubkey != NULL ? pubkey :
                             privkey != NULL ? privkey :
                             X509_REQ_get0_pubkey(req)))
-        goto end;
+        goto err;
 
     if (CAfile != NULL) {
         xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
         if (xca == NULL)
-            goto end;
+            goto err;
     }
 
     out = bio_open_default(outfile, 'w', outformat);
     if (out == NULL)
-        goto end;
+        goto err;
 
     if (alias)
         X509_alias_set1(x, (unsigned char *)alias, -1);
@@ -824,9 +824,9 @@ int x509_main(int argc, char **argv)
         if (sno == NULL)
             sno = x509_load_serial(CAfile, CAserial, CA_createserial);
         if (sno == NULL)
-            goto end;
+            goto err;
         if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x))
-            goto end;
+            goto err;
     } else {
         if (privkey != NULL && !cert_matches_key(x, privkey))
             BIO_printf(bio_err,
@@ -834,17 +834,17 @@ int x509_main(int argc, char **argv)
     }
 
     if (sno != NULL && !X509_set_serialNumber(x, sno))
-        goto end;
+        goto err;
 
     if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
         if (!preserve_dates && !set_cert_times(x, NULL, NULL, days))
-            goto end;
+            goto err;
         if (fissu != NULL) {
             if (!X509_set_issuer_name(x, fissu))
-                goto end;
+                goto err;
         } else {
             if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert)))
-                goto end;
+                goto err;
         }
     }
 
@@ -852,7 +852,7 @@ int x509_main(int argc, char **argv)
     /* prepare fallback for AKID, but only if issuer cert equals subject cert */
     if (CAfile == NULL) {
         if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
-            goto end;
+            goto err;
     }
     if (extconf != NULL && !x509toreq) {
         X509V3_set_nconf(&ext_ctx, extconf);
@@ -881,7 +881,7 @@ int x509_main(int argc, char **argv)
             goto err;
         }
         if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
-            goto end;
+            goto err;
         if (extconf != NULL) {
             X509V3_set_nconf(&ext_ctx, extconf);
             if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
@@ -891,7 +891,7 @@ int x509_main(int argc, char **argv)
             }
         }
         if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
-            goto end;
+            goto err;
         if (!noout) {
             if (outformat == FORMAT_ASN1) {
                 X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
@@ -909,7 +909,7 @@ int x509_main(int argc, char **argv)
     } else if (CAfile != NULL) {
         if ((CAkey = load_key(CAkeyfile, CAkeyformat,
                               0, passin, e, "CA private key")) == NULL)
-            goto end;
+            goto err;
         if (!X509_check_private_key(xca, CAkey)) {
             BIO_printf(bio_err,
                        "CA certificate and CA private key do not match\n");
@@ -917,10 +917,10 @@ int x509_main(int argc, char **argv)
         }
 
         if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx))
-            goto end;
+            goto err;
     } else if (privkey != NULL) {
         if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx))
-            goto end;
+            goto err;
     }
     if (badsig) {
         const ASN1_BIT_STRING *signature;
@@ -944,11 +944,11 @@ int x509_main(int argc, char **argv)
             BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
 
             if (bnser == NULL)
-                goto end;
+                goto err;
             if (!BN_add_word(bnser, 1)
                     || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
                 BN_free(bnser);
-                goto end;
+                goto err;
             }
             BN_free(bnser);
             i2a_ASN1_INTEGER(out, ser);

libs/openssl/crypto/aes/asm/vpaes-loongarch64.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -29,9 +29,9 @@
 ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19));
 ($fp)=map("\$r$_",(22));
 
-for (@ARGV) {   $output=$_ if (/\w[\w\-]*\.\w+$/);      }
-open STDOUT,">$output";
-while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+# $output is the last argument if it looks like a file (it has an extension)
+my $output;
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 $PREFIX="vpaes";

libs/openssl/crypto/armcap.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -35,7 +35,7 @@ void OPENSSL_cpuid_setup(void)
     OPENSSL_armcap_P |= ARMV7_NEON;
     OPENSSL_armv8_rsa_neonized = 1;
     if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE)) {
-        // These are all covered by one call in Windows
+        /* These are all covered by one call in Windows */
         OPENSSL_armcap_P |= ARMV8_AES;
         OPENSSL_armcap_P |= ARMV8_PMULL;
         OPENSSL_armcap_P |= ARMV8_SHA1;

libs/openssl/crypto/asn1/asn_mime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -96,7 +96,7 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
      * internally
      */
     else
-        ASN1_item_i2d_bio(it, out, val);
+        rv = ASN1_item_i2d_bio(it, out, val);
     return rv;
 }
 

libs/openssl/crypto/asn1/tasn_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -565,6 +565,9 @@ static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype
             return -1;
         break;
 
+    case V_ASN1_UNDEF:
+        return -2;
+
     case V_ASN1_NULL:
         cont = NULL;
         len = 0;

libs/openssl/crypto/bio/bio_addr.c

@@ -104,6 +104,7 @@ void BIO_ADDR_clear(BIO_ADDR *ap)
  */
 int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
 {
+    memset(ap, 0, sizeof(BIO_ADDR));
     if (sa->sa_family == AF_INET) {
         memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
         return 1;

libs/openssl/crypto/bio/bio_dump.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,6 +47,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
     for (i = 0; i < rows; i++) {
         n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
                          i * dump_width);
+        if (n < 0)
+            return -1;
         for (j = 0; j < dump_width; j++) {
             if (SPACE(buf, n, 3)) {
                 if (((i * dump_width) + j) >= len) {

libs/openssl/crypto/bio/bio_print.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -535,6 +535,10 @@ static LDOUBLE abs_val(LDOUBLE value)
     LDOUBLE result = value;
     if (value < 0)
         result = -value;
+    if (result > 0 && result / 2 == result) /* INF */
+        result = 0;
+    else if (result != result) /* NAN */
+        result = 0;
     return result;
 }
 
@@ -590,6 +594,9 @@ fmtfp(char **sbuffer,
         signvalue = '+';
     else if (flags & DP_F_SPACE)
         signvalue = ' ';
+    ufvalue = abs_val(fvalue);
+    if (ufvalue == 0 && fvalue != 0) /* INF or NAN? */
+        signvalue = '?';
 
     /*
      * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
@@ -597,12 +604,12 @@ fmtfp(char **sbuffer,
      * that from here on.
      */
     if (style == G_FORMAT) {
-        if (fvalue == 0.0) {
+        if (ufvalue == 0.0) {
             realstyle = F_FORMAT;
-        } else if (fvalue < 0.0001) {
+        } else if (ufvalue < 0.0001) {
             realstyle = E_FORMAT;
-        } else if ((max == 0 && fvalue >= 10)
-                    || (max > 0 && fvalue >= pow_10(max))) {
+        } else if ((max == 0 && ufvalue >= 10)
+                   || (max > 0 && ufvalue >= pow_10(max))) {
             realstyle = E_FORMAT;
         } else {
             realstyle = F_FORMAT;
@@ -612,9 +619,9 @@ fmtfp(char **sbuffer,
     }
 
     if (style != F_FORMAT) {
-        tmpvalue = fvalue;
+        tmpvalue = ufvalue;
         /* Calculate the exponent */
-        if (fvalue != 0.0) {
+        if (ufvalue != 0.0) {
             while (tmpvalue < 1) {
                 tmpvalue *= 10;
                 exp--;
@@ -651,9 +658,9 @@ fmtfp(char **sbuffer,
             }
         }
         if (realstyle == E_FORMAT)
-            fvalue = tmpvalue;
+            ufvalue = tmpvalue;
     }
-    ufvalue = abs_val(fvalue);
+
     /*
      * By subtracting 65535 (2^16-1) we cancel the low order 15 bits
      * of ULONG_MAX to avoid using imprecise floating point values.

libs/openssl/crypto/bn/bn_ppc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
      */
 
 #if defined(_ARCH_PPC64) && !defined(__ILP32__)
+    /* Minerva side-channel fix danny */
+# if defined(USE_FIXED_N6)
     if (num == 6) {
         if (OPENSSL_ppccap_P & PPC_MADD300)
             return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
         else
             return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
     }
+# endif
 #endif
 
     return bn_mul_mont_int(rp, ap, bp, np, n0, num);

libs/openssl/crypto/chacha/asm/chacha-armv8-sve.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022-2023  The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2025  The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -247,9 +247,6 @@ sub load_regs() {
 	my $next_offset = $offset + 1;
 $code.=<<___;
 	ld1w	{$reg.s},p0/z,[$inp,#$offset,MUL VL]
-#ifdef  __AARCH64EB__
-	revb    $reg.s,p0/m,$reg.s
-#endif
 ___
 	if (@_) {
 		&load_regs($next_offset, @_);
@@ -271,9 +268,6 @@ sub store_regs() {
 	my $reg = shift;
 	my $next_offset = $offset + 1;
 $code.=<<___;
-#ifdef  __AARCH64EB__
-	revb	$reg.s,p0/m,$reg.s
-#endif
 	st1w	{$reg.s},p0,[$outp,#$offset,MUL VL]
 ___
 	if (@_) {
@@ -479,13 +473,29 @@ sub SVE_TRANSFORMS() {
 $code.=<<___;
 #ifdef	__AARCH64EB__
 	rev	@sxx[0],@sxx[0]
+	revb	@mx[0].s,p0/m,@mx[0].s
+	revb	@mx[1].s,p0/m,@mx[1].s
 	rev	@sxx[2],@sxx[2]
+	revb	@mx[2].s,p0/m,@mx[2].s
+	revb	@mx[3].s,p0/m,@mx[3].s
 	rev	@sxx[4],@sxx[4]
+	revb	@mx[4].s,p0/m,@mx[4].s
+	revb	@mx[5].s,p0/m,@mx[5].s
 	rev	@sxx[6],@sxx[6]
+	revb	@mx[6].s,p0/m,@mx[6].s
+	revb	@mx[7].s,p0/m,@mx[7].s
 	rev	@sxx[8],@sxx[8]
+	revb	@mx[8].s,p0/m,@mx[8].s
+	revb	@mx[9].s,p0/m,@mx[9].s
 	rev	@sxx[10],@sxx[10]
+	revb	@mx[10].s,p0/m,@mx[10].s
+	revb	@mx[11].s,p0/m,@mx[11].s
 	rev	@sxx[12],@sxx[12]
+	revb	@mx[12].s,p0/m,@mx[12].s
+	revb	@mx[13].s,p0/m,@mx[13].s
 	rev	@sxx[14],@sxx[14]
+	revb	@mx[14].s,p0/m,@mx[14].s
+	revb	@mx[15].s,p0/m,@mx[15].s
 #endif
 	.if mixin == 1
 		add	@K[6],@K[6],#1

libs/openssl/crypto/chacha/asm/chacha-loongarch64.pl

@@ -37,8 +37,9 @@ my ($xr0,$xr1,$xr2,$xr3,$xr4,$xr5,$xr6,$xr7,$xr8,$xr9,$xr10,
     $xr20,$xr21,$xr22,$xr23,$xr24,$xr25,$xr26,$xr27,$xr28,
     $xr29,$xr30,$xr31)=map("\$xr$_",(0..31));
 
+# $output is the last argument if it looks like a file (it has an extension)
 my $output;
-for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 # Input parameter block

libs/openssl/crypto/cmp/cmp_client.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -736,8 +736,10 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         ERR_add_error_data(1, "; cannot extract certificate from response");
         return 0;
     }
-    if (!ossl_cmp_ctx_set0_newCert(ctx, cert))
+    if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) {
+        X509_free(cert);
         return 0;
+    }
 
     /*
      * if the CMP server returned certificates in the caPubs field, copy them

libs/openssl/crypto/cms/cms_pwri.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,7 +168,8 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 
     /* Setup PBE algorithm */
 
-    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set_ex(iter, NULL, 0, -1, -1,
+                                                       cms_ctx->libctx);
 
     if (pwri->keyDerivationAlgorithm == NULL)
         goto err;
@@ -368,9 +369,10 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
 
     /* Finish password based key derivation to setup key in "ctx" */
 
-    if (EVP_PBE_CipherInit(algtmp->algorithm,
-                           (char *)pwri->pass, pwri->passlen,
-                           algtmp->parameter, kekctx, en_de) < 0) {
+    if (EVP_PBE_CipherInit_ex(algtmp->algorithm,
+                              (char *)pwri->pass, pwri->passlen,
+                              algtmp->parameter, kekctx, en_de,
+                              cms_ctx->libctx, cms_ctx->propq) < 0) {
         ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
         goto err;
     }

libs/openssl/crypto/dh/dh_pmeth.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -422,7 +422,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             ret = DH_compute_key_padded(key, dhpubbn, dh);
         else
             ret = DH_compute_key(key, dhpubbn, dh);
-        if (ret < 0)
+        if (ret <= 0)
             return ret;
         *keylen = ret;
         return 1;

libs/openssl/crypto/ec/asm/ecp_nistp384-ppc64.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -7,13 +7,15 @@
 # https://www.openssl.org/source/license.html
 #
 # ====================================================================
-# Written by Rohan McLure <[email protected]> for the OpenSSL
-# project.
+# Written by Danny Tsen <[email protected]> # for the OpenSSL project.
+#
+# Copyright 2025- IBM Corp.
 # ====================================================================
 #
-# p384 lower-level primitives for PPC64 using vector instructions.
+# p384 lower-level primitives for PPC64.
 #
 
+
 use strict;
 use warnings;
 
@@ -21,7 +23,7 @@ my $flavour = shift;
 my $output = "";
 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
 if (!$output) {
-    $output = "-";
+        $output = "-";
 }
 
 my ($xlate, $dir);
@@ -35,272 +37,1496 @@ open OUT,"| \"$^X\" $xlate $flavour $output";
 
 my $code = "";
 
-my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
-
-my $vzero = "v32";
-
-sub startproc($)
-{
-    my ($name) = @_;
-
-    $code.=<<___;
-    .globl ${name}
-    .align 5
-${name}:
-
-___
-}
+$code.=<<___;
+.machine "any"
+.text
 
-sub endproc($)
-{
-    my ($name) = @_;
+.globl  p384_felem_mul
+.type   p384_felem_mul,\@function
+.align	4
+p384_felem_mul:
+
+	stdu	1, -176(1)
+	mflr	0
+	std	14, 56(1)
+	std	15, 64(1)
+	std	16, 72(1)
+	std	17, 80(1)
+	std	18, 88(1)
+	std	19, 96(1)
+	std	20, 104(1)
+	std	21, 112(1)
+	std	22, 120(1)
+
+	bl	_p384_felem_mul_core
+
+	mtlr	0
+	ld	14, 56(1)
+	ld	15, 64(1)
+	ld	16, 72(1)
+	ld	17, 80(1)
+	ld	18, 88(1)
+	ld	19, 96(1)
+	ld	20, 104(1)
+	ld	21, 112(1)
+	ld	22, 120(1)
+	addi	1, 1, 176
+	blr
+.size   p384_felem_mul,.-p384_felem_mul
+
+.globl  p384_felem_square
+.type   p384_felem_square,\@function
+.align	4
+p384_felem_square:
+
+	stdu	1, -176(1)
+	mflr	0
+	std	14, 56(1)
+	std	15, 64(1)
+	std	16, 72(1)
+	std	17, 80(1)
+
+	bl	_p384_felem_square_core
+
+	mtlr	0
+	ld	14, 56(1)
+	ld	15, 64(1)
+	ld	16, 72(1)
+	ld	17, 80(1)
+	addi	1, 1, 176
+	blr
+.size   p384_felem_square,.-p384_felem_square
 
-    $code.=<<___;
-    blr
-        .size ${name},.-${name}
+#
+# Felem mul core function -
+# r3, r4 and r5 need to pre-loaded.
+#
+.type   _p384_felem_mul_core,\@function
+.align	4
+_p384_felem_mul_core:
+
+	ld	6,0(4)
+	ld	14,0(5)
+	ld	7,8(4)
+	ld	15,8(5)
+	ld	8,16(4)
+	ld	16,16(5)
+	ld	9,24(4)
+	ld	17,24(5)
+	ld	10,32(4)
+	ld	18,32(5)
+	ld	11,40(4)
+	ld	19,40(5)
+	ld	12,48(4)
+	ld	20,48(5)
+
+	# out0
+	mulld	21, 14, 6
+	mulhdu	22, 14, 6
+	std	21, 0(3)
+	std	22, 8(3)
+
+	vxor	0, 0, 0
+
+	# out1
+	mtvsrdd	32+13, 14, 6
+	mtvsrdd	32+14, 7, 15
+	vmsumudm 1, 13, 14, 0
+
+	# out2
+	mtvsrdd	32+15, 15, 6
+	mtvsrdd	32+16, 7, 16
+	mtvsrdd	32+17, 0, 8
+	mtvsrdd	32+18, 0, 14
+	vmsumudm 19, 15, 16, 0
+	vmsumudm 2, 17, 18, 19
+
+	# out3
+	mtvsrdd	32+13, 16, 6
+	mtvsrdd	32+14, 7, 17
+	mtvsrdd	32+15, 14, 8
+	mtvsrdd	32+16, 9, 15
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 3, 15, 16, 19
+
+	# out4
+	mtvsrdd	32+13, 17, 6
+	mtvsrdd	32+14, 7, 18
+	mtvsrdd	32+15, 15, 8
+	mtvsrdd	32+16, 9, 16
+	mtvsrdd	32+17, 0, 10
+	mtvsrdd	32+18, 0, 14
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 4, 15, 16, 19
+	vmsumudm 4, 17, 18, 4
+
+	# out5
+	mtvsrdd	32+13, 18, 6
+	mtvsrdd	32+14, 7, 19
+	mtvsrdd	32+15, 16, 8
+	mtvsrdd	32+16, 9, 17
+	mtvsrdd	32+17, 14, 10
+	mtvsrdd	32+18, 11, 15
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 5, 15, 16, 19
+	vmsumudm 5, 17, 18, 5
+
+	stxv	32+1, 16(3)
+	stxv	32+2, 32(3)
+	stxv	32+3, 48(3)
+	stxv	32+4, 64(3)
+	stxv	32+5, 80(3)
+
+	# out6
+	mtvsrdd	32+13, 19, 6
+	mtvsrdd	32+14, 7, 20
+	mtvsrdd	32+15, 17, 8
+	mtvsrdd	32+16, 9, 18
+	mtvsrdd	32+17, 15, 10
+	mtvsrdd	32+18, 11, 16
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 6, 15, 16, 19
+	mtvsrdd	32+13, 0, 12
+	mtvsrdd	32+14, 0, 14
+	vmsumudm 19, 17, 18, 6
+	vmsumudm 6, 13, 14, 19
+
+	# out7
+	mtvsrdd	32+13, 19, 7
+	mtvsrdd	32+14, 8, 20
+	mtvsrdd	32+15, 17, 9
+	mtvsrdd	32+16, 10, 18
+	mtvsrdd	32+17, 15, 11
+	mtvsrdd	32+18, 12, 16
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 7, 15, 16, 19
+	vmsumudm 7, 17, 18, 7
+
+	# out8
+	mtvsrdd	32+13, 19, 8
+	mtvsrdd	32+14, 9, 20
+	mtvsrdd	32+15, 17, 10
+	mtvsrdd	32+16, 11, 18
+	mtvsrdd	32+17, 0, 12
+	mtvsrdd	32+18, 0, 16
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 8, 15, 16, 19
+	vmsumudm 8, 17, 18, 8
+
+	# out9
+	mtvsrdd	32+13, 19, 9
+	mtvsrdd	32+14, 10, 20
+	mtvsrdd	32+15, 17, 11
+	mtvsrdd	32+16, 12, 18
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 9, 15, 16, 19
+
+	# out10
+	mtvsrdd	32+13, 19, 10
+	mtvsrdd	32+14, 11, 20
+	mtvsrdd	32+15, 0, 12
+	mtvsrdd	32+16, 0, 18
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 10, 15, 16, 19
+
+	# out11
+	mtvsrdd	32+17, 19, 11
+	mtvsrdd	32+18, 12, 20
+	vmsumudm 11, 17, 18, 0
+
+	stxv	32+6, 96(3)
+	stxv	32+7, 112(3)
+	stxv	32+8, 128(3)
+	stxv	32+9, 144(3)
+	stxv	32+10, 160(3)
+	stxv	32+11, 176(3)
+
+	# out12
+	mulld	21, 20, 12
+	mulhdu	22, 20, 12	# out12
+
+	std	21, 192(3)
+	std	22, 200(3)
+
+	blr
+.size   _p384_felem_mul_core,.-_p384_felem_mul_core
 
-___
-}
+#
+# Felem square core function -
+# r3 and r4 need to pre-loaded.
+#
+.type   _p384_felem_square_core,\@function
+.align	4
+_p384_felem_square_core:
+
+	ld	6, 0(4)
+	ld	7, 8(4)
+	ld	8, 16(4)
+	ld	9, 24(4)
+	ld	10, 32(4)
+	ld	11, 40(4)
+	ld	12, 48(4)
+
+	vxor	0, 0, 0
+
+	# out0
+	mulld	14, 6, 6
+	mulhdu	15, 6, 6
+	std	14, 0(3)
+	std	15, 8(3)
+
+	# out1
+	add	14, 6, 6
+	mtvsrdd	32+13, 0, 14
+	mtvsrdd	32+14, 0, 7
+	vmsumudm 1, 13, 14, 0
+
+	# out2
+	mtvsrdd	32+15, 7, 14
+	mtvsrdd	32+16, 7, 8
+	vmsumudm 2, 15, 16, 0
+
+	# out3
+	add	15, 7, 7
+	mtvsrdd	32+13, 8, 14
+	mtvsrdd	32+14, 15, 9
+	vmsumudm 3, 13, 14, 0
+
+	# out4
+	mtvsrdd	32+13, 9, 14
+	mtvsrdd	32+14, 15, 10
+	mtvsrdd	32+15, 0, 8
+	vmsumudm 4, 13, 14, 0
+	vmsumudm 4, 15, 15, 4
+
+	# out5
+	mtvsrdd	32+13, 10, 14
+	mtvsrdd	32+14, 15, 11
+	add	16, 8, 8
+	mtvsrdd	32+15, 0, 16
+	mtvsrdd	32+16, 0, 9
+	vmsumudm 5, 13, 14, 0
+	vmsumudm 5, 15, 16, 5
+
+	stxv	32+1, 16(3)
+	stxv	32+2, 32(3)
+	stxv	32+3, 48(3)
+	stxv	32+4, 64(3)
+
+	# out6
+	mtvsrdd	32+13, 11, 14
+	mtvsrdd	32+14, 15, 12
+	mtvsrdd	32+15, 9, 16
+	mtvsrdd	32+16, 9, 10
+	stxv	32+5, 80(3)
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 6, 15, 16, 19
+
+	# out7
+	add	17, 9, 9
+	mtvsrdd	32+13, 11, 15
+	mtvsrdd	32+14, 16, 12
+	mtvsrdd	32+15, 0, 17
+	mtvsrdd	32+16, 0, 10
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 7, 15, 16, 19
+
+	# out8
+	mtvsrdd	32+13, 11, 16
+	mtvsrdd	32+14, 17, 12
+	mtvsrdd	32+15, 0, 10
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 8, 15, 15, 19
+
+	# out9
+	add	14, 10, 10
+	mtvsrdd	32+13, 11, 17
+	mtvsrdd	32+14, 14, 12
+	vmsumudm 9, 13, 14, 0
+
+	# out10
+	mtvsrdd	32+13, 11, 14
+	mtvsrdd	32+14, 11, 12
+	vmsumudm 10, 13, 14, 0
+
+	stxv	32+6, 96(3)
+	stxv	32+7, 112(3)
+
+	# out11
+	#add	14, 11, 11
+	#mtvsrdd	32+13, 0, 14
+	#mtvsrdd	32+14, 0, 12
+	#vmsumudm 11, 13, 14, 0
+
+	mulld	6, 12, 11
+	mulhdu	7, 12, 11
+	addc	8, 6, 6
+	adde	9, 7, 7
+
+	stxv	32+8, 128(3)
+	stxv	32+9, 144(3)
+	stxv	32+10, 160(3)
+	#stxv	32+11, 176(3)
+
+	# out12
+	mulld	14, 12, 12
+	mulhdu	15, 12, 12
+
+	std	8, 176(3)
+	std	9, 184(3)
+	std	14, 192(3)
+	std	15, 200(3)
+
+	blr
+.size   _p384_felem_square_core,.-_p384_felem_square_core
 
-sub load_vrs($$)
-{
-    my ($pointer, $reg_list) = @_;
+#
+# widefelem (128 bits) * 8
+#
+.macro F128_X_8 _off1 _off2
+	ld	9,\\_off1(3)
+	ld	8,\\_off2(3)
+	srdi	10,9,61
+	rldimi	10,8,3,0
+	sldi	9,9,3
+	std	9,\\_off1(3)
+	std	10,\\_off2(3)
+.endm
 
-    for (my $i = 0; $i <= 6; $i++) {
-        my $offset = $i * 8;
-        $code.=<<___;
-    lxsd        $reg_list->[$i],$offset($pointer)
-___
-    }
+.globl p384_felem128_mul_by_8
+.type	p384_felem128_mul_by_8, \@function
+.align 4
+p384_felem128_mul_by_8:
 
-    $code.=<<___;
+	F128_X_8 0, 8
 
-___
-}
+	F128_X_8 16, 24
 
-sub store_vrs($$)
-{
-    my ($pointer, $reg_list) = @_;
+	F128_X_8 32, 40
 
-    for (my $i = 0; $i <= 12; $i++) {
-        my $offset = $i * 16;
-        $code.=<<___;
-    stxv        $reg_list->[$i],$offset($pointer)
-___
-    }
+	F128_X_8 48, 56
 
-    $code.=<<___;
+	F128_X_8 64, 72
 
-___
-}
+	F128_X_8 80, 88
 
-$code.=<<___;
-.machine    "any"
-.text
+	F128_X_8 96, 104
 
-___
+	F128_X_8 112, 120
 
-{
-    # mul/square common
-    my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
-    my ($zero, $one) = ("r8", "r9");
-    my $out = "v51";
+	F128_X_8 128, 136
 
-    {
-        #
-        # p384_felem_mul
-        #
+	F128_X_8 144, 152
 
-        my ($in1p, $in2p) = ("r4", "r5");
-        my @in1 = map("v$_",(44..50));
-        my @in2 = map("v$_",(35..41));
+	F128_X_8 160, 168
 
-        startproc("p384_felem_mul");
+	F128_X_8 176, 184
 
-        $code.=<<___;
-    vspltisw    $vzero,0
+	F128_X_8 192, 200
 
-___
+	blr
+.size	p384_felem128_mul_by_8,.-p384_felem128_mul_by_8
 
-        load_vrs($in1p, \@in1);
-        load_vrs($in2p, \@in2);
-
-        $code.=<<___;
-    vmsumudm    $out,$in1[0],$in2[0],$vzero
-    stxv        $out,0($outp)
-
-    xxpermdi    $t1,$in1[0],$in1[1],0b00
-    xxpermdi    $t2,$in2[1],$in2[0],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,16($outp)
-
-    xxpermdi    $t2,$in2[2],$in2[1],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in1[2],$in2[0],$out
-    stxv        $out,32($outp)
-
-    xxpermdi    $t2,$in2[1],$in2[0],0b00
-    xxpermdi    $t3,$in1[2],$in1[3],0b00
-    xxpermdi    $t4,$in2[3],$in2[2],0b00
-    vmsumudm    $out,$t1,$t4,$vzero
-    vmsumudm    $out,$t3,$t2,$out
-    stxv        $out,48($outp)
-
-    xxpermdi    $t2,$in2[4],$in2[3],0b00
-    xxpermdi    $t4,$in2[2],$in2[1],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    vmsumudm    $out,$in1[4],$in2[0],$out
-    stxv        $out,64($outp)
-
-    xxpermdi    $t2,$in2[5],$in2[4],0b00
-    xxpermdi    $t4,$in2[3],$in2[2],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    xxpermdi    $t4,$in2[1],$in2[0],0b00
-    xxpermdi    $t1,$in1[4],$in1[5],0b00
-    vmsumudm    $out,$t1,$t4,$out
-    stxv        $out,80($outp)
-
-    xxpermdi    $t1,$in1[0],$in1[1],0b00
-    xxpermdi    $t2,$in2[6],$in2[5],0b00
-    xxpermdi    $t4,$in2[4],$in2[3],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    xxpermdi    $t2,$in2[2],$in2[1],0b00
-    xxpermdi    $t1,$in1[4],$in1[5],0b00
-    vmsumudm    $out,$t1,$t2,$out
-    vmsumudm    $out,$in1[6],$in2[0],$out
-    stxv        $out,96($outp)
-
-    xxpermdi    $t1,$in1[1],$in1[2],0b00
-    xxpermdi    $t2,$in2[6],$in2[5],0b00
-    xxpermdi    $t3,$in1[3],$in1[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    xxpermdi    $t3,$in2[2],$in2[1],0b00
-    xxpermdi    $t1,$in1[5],$in1[6],0b00
-    vmsumudm    $out,$t1,$t3,$out
-    stxv        $out,112($outp)
-
-    xxpermdi    $t1,$in1[2],$in1[3],0b00
-    xxpermdi    $t3,$in1[4],$in1[5],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    vmsumudm    $out,$in1[6],$in2[2],$out
-    stxv        $out,128($outp)
-
-    xxpermdi    $t1,$in1[3],$in1[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    xxpermdi    $t1,$in1[5],$in1[6],0b00
-    vmsumudm    $out,$t1,$t4,$out
-    stxv        $out,144($outp)
-
-    vmsumudm    $out,$t3,$t2,$vzero
-    vmsumudm    $out,$in1[6],$in2[4],$out
-    stxv        $out,160($outp)
-
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,176($outp)
-
-    vmsumudm    $out,$in1[6],$in2[6],$vzero
-    stxv        $out,192($outp)
-___
+#
+# widefelem (128 bits) * 2
+#
+.macro F128_X_2 _off1 _off2
+	ld	9,\\_off1(3)
+	ld	8,\\_off2(3)
+	srdi	10,9,63
+	rldimi	10,8,1,0
+	sldi	9,9,1
+	std	9,\\_off1(3)
+	std	10,\\_off2(3)
+.endm
+
+.globl p384_felem128_mul_by_2
+.type	p384_felem128_mul_by_2, \@function
+.align 4
+p384_felem128_mul_by_2:
+
+	F128_X_2 0, 8
+
+	F128_X_2 16, 24
+
+	F128_X_2 32, 40
+
+	F128_X_2 48, 56
+
+	F128_X_2 64, 72
+
+	F128_X_2 80, 88
+
+	F128_X_2 96, 104
+
+	F128_X_2 112, 120
+
+	F128_X_2 128, 136
+
+	F128_X_2 144, 152
+
+	F128_X_2 160, 168
+
+	F128_X_2 176, 184
+
+	F128_X_2 192, 200
+
+	blr
+.size	p384_felem128_mul_by_2,.-p384_felem128_mul_by_2
+
+.globl p384_felem_diff128
+.type	p384_felem_diff128, \@function
+.align 4
+p384_felem_diff128:
+
+	addis   5, 2, .LConst_two127\@toc\@ha
+	addi    5, 5, .LConst_two127\@toc\@l
+
+	ld	10, 0(3)
+	ld	8, 8(3)
+	li	9, 0
+	addc	10, 10, 9
+	li	7, -1
+	rldicr	7, 7, 0, 0	# two127
+	adde	8, 8, 7
+	ld	11, 0(4)
+	ld	12, 8(4)
+	subfc	11, 11, 10
+	subfe	12, 12, 8
+	std	11, 0(3)	# out0
+	std	12, 8(3)
+
+	# two127m71 = (r10, r9)
+	ld	8, 16(3)
+	ld	7, 24(3)
+	ld	10, 24(5)	# two127m71
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 16(4)
+	ld	12, 24(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 16(3)	# out1
+	std	12, 24(3)
+
+	ld	8, 32(3)
+	ld	7, 40(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 32(4)
+	ld	12, 40(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 32(3)	# out2
+	std	12, 40(3)
+
+	ld	8, 48(3)
+	ld	7, 56(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 48(4)
+	ld	12, 56(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 48(3)	# out3
+	std	12, 56(3)
+
+	ld	8, 64(3)
+	ld	7, 72(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 64(4)
+	ld	12, 72(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 64(3)	# out4
+	std	12, 72(3)
+
+	ld	8, 80(3)
+	ld	7, 88(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 80(4)
+	ld	12, 88(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 80(3)	# out5
+	std	12, 88(3)
+
+	ld	8, 96(3)
+	ld	7, 104(3)
+	ld	6, 40(5)	# two127p111m79m71
+	addc	8, 8, 9
+	adde	7, 7, 6
+	ld	11, 96(4)
+	ld	12, 104(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 96(3)	# out6
+	std	12, 104(3)
+
+	ld	8, 112(3)
+	ld	7, 120(3)
+	ld	6, 56(5)	# two127m119m71
+	addc	8, 8, 9
+	adde	7, 7, 6
+	ld	11, 112(4)
+	ld	12, 120(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 112(3)	# out7
+	std	12, 120(3)
+
+	ld	8, 128(3)
+	ld	7, 136(3)
+	ld	6, 72(5)	# two127m95m71
+	addc	8, 8, 9
+	adde	7, 7, 6
+	ld	11, 128(4)
+	ld	12, 136(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 128(3)	# out8
+	std	12, 136(3)
+
+	ld	8, 144(3)
+	ld	7, 152(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 144(4)
+	ld	12, 152(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 144(3)	# out9
+	std	12, 152(3)
+
+	ld	8, 160(3)
+	ld	7, 168(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 160(4)
+	ld	12, 168(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 160(3)	# out10
+	std	12, 168(3)
+
+	ld	8, 176(3)
+	ld	7, 184(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 176(4)
+	ld	12, 184(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 176(3)	# out11
+	std	12, 184(3)
+
+	ld	8, 192(3)
+	ld	7, 200(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 192(4)
+	ld	12, 200(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 192(3)	# out12
+	std	12, 200(3)
+
+	blr
+.size	p384_felem_diff128,.-p384_felem_diff128
+
+.data
+.align 4
+.LConst_two127:
+#two127
+.long 0x00000000, 0x00000000, 0x00000000, 0x80000000
+#two127m71
+.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff
+#two127p111m79m71
+.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff
+#two127m119m71
+.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff
+#two127m95m71
+.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff
 
-        endproc("p384_felem_mul");
-    }
+.text
 
-    {
-        #
-        # p384_felem_square
-        #
+.globl p384_felem_diff_128_64
+.type	p384_felem_diff_128_64, \@function
+.align 4
+p384_felem_diff_128_64:
+	addis   5, 2, .LConst_128_two64\@toc\@ha
+	addi    5, 5, .LConst_128_two64\@toc\@l
+
+	ld	9, 0(3)
+	ld	10, 8(3)
+	ld	8, 48(5)	# two64p48m16
+	li	7, 0
+	addc	9, 9, 8
+	li	6, 1
+	adde	10, 10, 6
+	ld	11, 0(4)
+	subfc	8, 11, 9
+	subfe	12, 7, 10
+	std	8, 0(3)		# out0
+	std	12, 8(3)
+
+	ld	9, 16(3)
+	ld	10, 24(3)
+	ld	8, 0(5)		# two64m56m8
+	addc	9, 9, 8
+	addze	10, 10
+	ld	11, 8(4)
+	subfc	11, 11, 9
+	subfe	12, 7, 10
+	std	11, 16(3)	# out1
+	std	12, 24(3)
+
+	ld	9, 32(3)
+	ld	10, 40(3)
+	ld	8, 16(5)	# two64m32m8
+	addc	9, 9, 8
+	addze	10, 10
+	ld	11, 16(4)
+	subfc	11, 11, 9
+	subfe	12, 7, 10
+	std	11, 32(3)	# out2
+	std	12, 40(3)
+
+	ld	10, 48(3)
+	ld	8, 56(3)
+	#ld	9, 32(5)	# two64m8
+	li	9, -256		# two64m8
+	addc	10, 10, 9
+	addze	8, 8
+	ld	11, 24(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 8
+	std	11, 48(3)	# out3
+	std	12, 56(3)
+
+	ld	10, 64(3)
+	ld	8, 72(3)
+	addc	10, 10, 9
+	addze	8, 8
+	ld	11, 32(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 8
+	std	11, 64(3)	# out4
+	std	12, 72(3)
+
+	ld	10, 80(3)
+	ld	8, 88(3)
+	addc	10, 10, 9
+	addze	8, 8
+	ld	11, 40(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 8
+	std	11, 80(3)	# out5
+	std	12, 88(3)
+
+	ld	10, 96(3)
+	ld	8, 104(3)
+	addc	10, 10, 9
+	addze	9, 8
+	ld	11, 48(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 9
+	std	11, 96(3)	# out6
+	std	12, 104(3)
+
+	blr
+.size	p384_felem_diff_128_64,.-p384_felem_diff_128_64
+
+.data
+.align 4
+.LConst_128_two64:
+#two64m56m8
+.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000
+#two64m32m8
+.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000
+#two64m8
+.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000
+#two64p48m16
+.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000
+
+.LConst_two60:
+#two60m52m4
+.long 0xfffffff0, 0x0fefffff, 0x0, 0x0
+#two60p44m12
+.long 0xfffff000, 0x10000fff, 0x0, 0x0
+#two60m28m4
+.long 0xeffffff0, 0x0fffffff, 0x0, 0x0
+#two60m4
+.long 0xfffffff0, 0x0fffffff, 0x0, 0x0
 
-        my ($inp) = ("r4");
-        my @in = map("v$_",(44..50));
-        my @inx2 = map("v$_",(35..41));
+.text
+#
+# static void felem_diff64(felem out, const felem in)
+#
+.globl p384_felem_diff64
+.type	p384_felem_diff64, \@function
+.align 4
+p384_felem_diff64:
+	addis   5, 2, .LConst_two60\@toc\@ha
+	addi    5, 5, .LConst_two60\@toc\@l
+
+	ld	9, 0(3)
+	ld	8, 16(5)	# two60p44m12
+	li	7, 0
+	add	9, 9, 8
+	ld	11, 0(4)
+	subf	8, 11, 9
+	std	8, 0(3)		# out0
+
+	ld	9, 8(3)
+	ld	8, 0(5)		# two60m52m4
+	add	9, 9, 8
+	ld	11, 8(4)
+	subf	11, 11, 9
+	std	11, 8(3)	# out1
+
+	ld	9, 16(3)
+	ld	8, 32(5)	# two60m28m4
+	add	9, 9, 8
+	ld	11, 16(4)
+	subf	11, 11, 9
+	std	11, 16(3)	# out2
+
+	ld	10, 24(3)
+	ld	9, 48(5)	# two60m4
+	add	10, 10, 9
+	ld	12, 24(4)
+	subf	12, 12, 10
+	std	12, 24(3)	# out3
+
+	ld	10, 32(3)
+	add	10, 10, 9
+	ld	11, 32(4)
+	subf	11, 11, 10
+	std	11, 32(3)	# out4
+
+	ld	10, 40(3)
+	add	10, 10, 9
+	ld	12, 40(4)
+	subf	12, 12, 10
+	std	12, 40(3)	# out5
+
+	ld	10, 48(3)
+	add	10, 10, 9
+	ld	11, 48(4)
+	subf	11, 11, 10
+	std	11, 48(3)	# out6
+
+	blr
+.size	p384_felem_diff64,.-p384_felem_diff64
 
-        startproc("p384_felem_square");
+.text
+#
+# Shift 128 bits right <nbits>
+#
+.macro SHR o_h o_l in_h in_l nbits
+	srdi	\\o_l, \\in_l, \\nbits		# shift lower right <nbits>
+	rldimi	\\o_l, \\in_h, 64-\\nbits, 0	# insert <64-nbits> from hi
+	srdi	\\o_h, \\in_h, \\nbits		# shift higher right <nbits>
+.endm
 
-        $code.=<<___;
-    vspltisw    $vzero,0
+#
+# static void felem_reduce(felem out, const widefelem in)
+#
+.global p384_felem_reduce
+.type   p384_felem_reduce,\@function
+.align 4
+p384_felem_reduce:
+
+	stdu    1, -208(1)
+	mflr	0
+	std     14, 56(1)
+	std     15, 64(1)
+	std     16, 72(1)
+	std     17, 80(1)
+	std     18, 88(1)
+	std     19, 96(1)
+	std     20, 104(1)
+	std     21, 112(1)
+	std     22, 120(1)
+	std     23, 128(1)
+	std     24, 136(1)
+	std     25, 144(1)
+	std     26, 152(1)
+	std     27, 160(1)
+	std     28, 168(1)
+	std     29, 176(1)
+	std     30, 184(1)
+	std     31, 192(1)
+
+	bl	_p384_felem_reduce_core
+
+	mtlr	0
+	ld     14, 56(1)
+	ld     15, 64(1)
+	ld     16, 72(1)
+	ld     17, 80(1)
+	ld     18, 88(1)
+	ld     19, 96(1)
+	ld     20, 104(1)
+	ld     21, 112(1)
+	ld     22, 120(1)
+	ld     23, 128(1)
+	ld     24, 136(1)
+	ld     25, 144(1)
+	ld     26, 152(1)
+	ld     27, 160(1)
+	ld     28, 168(1)
+	ld     29, 176(1)
+	ld     30, 184(1)
+	ld     31, 192(1)
+	addi	1, 1, 208
+	blr
+.size   p384_felem_reduce,.-p384_felem_reduce
 
-___
+#
+# Felem reduction core function -
+# r3 and r4 need to pre-loaded.
+#
+.type   _p384_felem_reduce_core,\@function
+.align 4
+_p384_felem_reduce_core:
+	addis   12, 2, .LConst\@toc\@ha
+	addi    12, 12, .LConst\@toc\@l
+
+	# load constat p
+	ld	11, 8(12)	# hi - two124m68
+
+	# acc[6] = in[6] + two124m68;
+	ld	26, 96(4)	# in[6].l
+	ld	27, 96+8(4)	# in[6].h
+	add	27, 27, 11
+
+	# acc[5] = in[5] + two124m68;
+	ld	24, 80(4)	# in[5].l
+	ld	25, 80+8(4)	# in[5].h
+	add	25, 25, 11
+
+	# acc[4] = in[4] + two124m68;
+	ld	22, 64(4)	# in[4].l
+	ld	23, 64+8(4)	# in[4].h
+	add	23, 23, 11
+
+	# acc[3] = in[3] + two124m68;
+	ld	20, 48(4)	# in[3].l
+	ld	21, 48+8(4)	# in[3].h
+	add	21, 21, 11
+
+	ld	11, 48+8(12)	# hi - two124m92m68
+
+	# acc[2] = in[2] + two124m92m68;
+	ld	18, 32(4)	# in[2].l
+	ld	19, 32+8(4)	# in[2].h
+	add	19, 19, 11
+
+	ld	11, 16+8(12)	# high - two124m116m68
+
+	# acc[1] = in[1] + two124m116m68;
+	ld	16, 16(4)	# in[1].l
+	ld	17, 16+8(4)	# in[1].h
+	add	17, 17, 11
+
+	ld	11, 32+8(12)	# high - two124p108m76
+
+	# acc[0] = in[0] + two124p108m76;
+	ld	14, 0(4)	# in[0].l
+	ld	15, 0+8(4)	# in[0].h
+	add	15, 15, 11
+
+	# compute mask
+	li	7, -1
+
+	# Eliminate in[12]
+
+	# acc[8] += in[12] >> 32;
+	ld	5, 192(4)	# in[12].l
+	ld	6, 192+8(4)	# in[12].h
+	SHR 9, 10, 6, 5, 32
+	ld	30, 128(4)	# in[8].l
+	ld	31, 136(4)	# in[8].h
+	addc	30, 30, 10
+	adde	31, 31, 9
+
+	# acc[7] += (in[12] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	ld	28, 112(4)	# in[7].l
+	ld	29, 120(4)	# in[7].h
+	addc	28, 28, 11
+	addze	29, 29
+
+	# acc[7] += in[12] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	28, 28, 10
+	adde	29, 29, 9
+
+	# acc[6] += (in[12] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	26, 26, 11
+	addze	27, 27
+
+	# acc[6] -= in[12] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	26, 10, 26
+	subfe	27, 9, 27
+
+	# acc[5] -= (in[12] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	24, 11, 24
+	subfe	25, 9, 25
+
+	# acc[6] += in[12] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] += (in[12] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	24, 24, 11
+	addze	25, 25
+
+	# Eliminate in[11]
+
+	# acc[7] += in[11] >> 32;
+	ld	5, 176(4)	# in[11].l
+	ld	6, 176+8(4)	# in[11].h
+	SHR 9, 10, 6, 5, 32
+	addc	28, 28, 10
+	adde	29, 29, 9
+
+	# acc[6] += (in[11] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	26, 26, 11
+	addze	27, 27
+
+	# acc[6] += in[11] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] += (in[11] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	24, 24, 11
+	addze	25, 25
+
+	# acc[5] -= in[11] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	24, 10, 24
+	subfe	25, 9, 25
+
+	# acc[4] -= (in[11] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	22, 11, 22
+	subfe	23, 9, 23
+
+	# acc[5] += in[11] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] += (in[11] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	22, 22, 11
+	addze	23, 23
+
+	# Eliminate in[10]
+
+	# acc[6] += in[10] >> 32;
+	ld	5, 160(4)	# in[10].l
+	ld	6, 160+8(4)	# in[10].h
+	SHR 9, 10, 6, 5, 32
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] += (in[10] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	24, 24, 11
+	addze	25, 25
+
+	# acc[5] += in[10] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] += (in[10] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	22, 22, 11
+	addze	23, 23
+
+	# acc[4] -= in[10] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	22, 10, 22
+	subfe	23, 9, 23
+
+	# acc[3] -= (in[10] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	20, 11, 20
+	subfe	21, 9, 21
+
+	# acc[4] += in[10] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] += (in[10] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	20, 20, 11
+	addze	21, 21
+
+	# Eliminate in[9]
+
+	# acc[5] += in[9] >> 32;
+	ld	5, 144(4)	# in[9].l
+	ld	6, 144+8(4)	# in[9].h
+	SHR 9, 10, 6, 5, 32
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] += (in[9] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	22, 22, 11
+	addze	23, 23
+
+	# acc[4] += in[9] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] += (in[9] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	20, 20, 11
+	addze	21, 21
+
+	# acc[3] -= in[9] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	20, 10, 20
+	subfe	21, 9, 21
+
+	# acc[2] -= (in[9] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	18, 11, 18
+	subfe	19, 9, 19
+
+	# acc[3] += in[9] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (in[9] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	18, 18, 11
+	addze	19, 19
+
+	# Eliminate acc[8]
+
+	# acc[4] += acc[8] >> 32;
+	mr	5, 30		# acc[8].l
+	mr	6, 31		# acc[8].h
+	SHR 9, 10, 6, 5, 32
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] += (acc[8] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	20, 20, 11
+	addze	21, 21
+
+	# acc[3] += acc[8] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (acc[8] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	18, 18, 11
+	addze	19, 19
+
+	# acc[2] -= acc[8] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	18, 10, 18
+	subfe	19, 9, 19
+
+	# acc[1] -= (acc[8] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	16, 11, 16
+	subfe	17, 9, 17
+
+	#acc[2] += acc[8] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] += (acc[8] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	16, 16, 11
+	addze	17, 17
+
+	# Eliminate acc[7]
+
+	# acc[3] += acc[7] >> 32;
+	mr	5, 28		# acc[7].l
+	mr	6, 29		# acc[7].h
+	SHR 9, 10, 6, 5, 32
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (acc[7] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	18, 18, 11
+	addze	19, 19
+
+	# acc[2] += acc[7] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] += (acc[7] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	16, 16, 11
+	addze	17, 17
+
+	# acc[1] -= acc[7] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	16, 10, 16
+	subfe	17, 9, 17
+
+	# acc[0] -= (acc[7] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	14, 11, 14
+	subfe	15, 9, 15
+
+	# acc[1] += acc[7] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	16, 16, 10
+	adde	17, 17, 9
+
+	# acc[0] += (acc[7] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	14, 14, 11
+	addze	15, 15
+
+	#
+	# Carry 4 -> 5 -> 6
+	#
+	# acc[5] += acc[4] >> 56;
+	# acc[4] &= 0x00ffffffffffffff;
+	SHR 9, 10, 23, 22, 56
+	addc	24, 24, 10
+	adde	25, 25, 9
+	srdi	11, 7, 8	# 0x00ffffffffffffff
+	and	22, 22, 11
+	li	23, 0
+
+	# acc[6] += acc[5] >> 56;
+	# acc[5] &= 0x00ffffffffffffff;
+	SHR 9, 10, 25, 24, 56
+	addc	26, 26, 10
+	adde	27, 27, 9
+	and	24, 24, 11
+	li	25, 0
+
+	# [3]: Eliminate high bits of acc[6] */
+	# temp = acc[6] >> 48;
+	# acc[6] &= 0x0000ffffffffffff;
+	SHR 31, 30, 27, 26, 48	# temp = acc[6] >> 48
+	srdi	11, 7, 16	# 0x0000ffffffffffff
+	and	26, 26, 11
+	li	27, 0
+
+	# temp < 2^80
+	# acc[3] += temp >> 40;
+	SHR 9, 10, 31, 30, 40
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (temp & 0xffffffffff) << 16;
+	srdi	11, 7, 24	# 0xffffffffff
+	and	10, 30, 11
+	sldi	10, 10, 16
+	addc	18, 18, 10
+	addze	19, 19
+
+	# acc[2] += temp >> 16;
+	SHR 9, 10, 31, 30, 16
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] += (temp & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	10, 30, 11
+	sldi	10, 10, 40
+	addc	16, 16, 10
+	addze	17, 17
+
+	# acc[1] -= temp >> 24;
+	SHR 9, 10, 31, 30, 24
+	subfc	16, 10, 16
+	subfe	17, 9, 17
+
+	# acc[0] -= (temp & 0xffffff) << 32;
+	srdi	11, 7, 40	# 0xffffff
+	and	10, 30, 11
+	sldi	10, 10, 32
+	li	9, 0
+	subfc	14, 10, 14
+	subfe	15, 9, 15
+
+	# acc[0] += temp;
+	addc	14, 14, 30
+	adde	15, 15, 31
+
+	# Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6
+	#
+	# acc[1] += acc[0] >> 56;   /* acc[1] < acc_old[1] + 2^72 */
+	SHR 9, 10, 15, 14, 56
+	addc	16, 16, 10
+	adde	17, 17, 9
+
+	# acc[0] &= 0x00ffffffffffffff;
+	srdi	11, 7, 8	# 0x00ffffffffffffff
+	and	14, 14, 11
+	li	15, 0
+
+	# acc[2] += acc[1] >> 56;   /* acc[2] < acc_old[2] + 2^72 + 2^16 */
+	SHR 9, 10, 17, 16, 56
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] &= 0x00ffffffffffffff;
+	and	16, 16, 11
+	li	17, 0
+
+	# acc[3] += acc[2] >> 56;   /* acc[3] < acc_old[3] + 2^72 + 2^16 */
+	SHR 9, 10, 19, 18, 56
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] &= 0x00ffffffffffffff;
+	and	18, 18, 11
+	li	19, 0
+
+	# acc[4] += acc[3] >> 56;
+	SHR 9, 10, 21, 20, 56
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] &= 0x00ffffffffffffff;
+	and	20, 20, 11
+	li	21, 0
+
+	# acc[5] += acc[4] >> 56;
+	SHR 9, 10, 23, 22, 56
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] &= 0x00ffffffffffffff;
+	and	22, 22, 11
+
+	# acc[6] += acc[5] >> 56;
+	SHR 9, 10, 25, 24, 56
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] &= 0x00ffffffffffffff;
+	and	24, 24, 11
+
+	std	14, 0(3)
+	std	16, 8(3)
+	std	18, 16(3)
+	std	20, 24(3)
+	std	22, 32(3)
+	std	24, 40(3)
+	std	26, 48(3)
+	blr
+.size   _p384_felem_reduce_core,.-_p384_felem_reduce_core
+
+.data
+.align 4
+.LConst:
+# two124m68:
+.long 0x0, 0x0, 0xfffffff0, 0xfffffff
+# two124m116m68:
+.long 0x0, 0x0, 0xfffffff0, 0xfefffff
+#two124p108m76:
+.long 0x0, 0x0, 0xfffff000, 0x10000fff
+#two124m92m68:
+.long 0x0, 0x0, 0xeffffff0, 0xfffffff
 
-        load_vrs($inp, \@in);
+.text
 
-        $code.=<<___;
-    li        $zero,0
-    li        $one,1
-    mtvsrdd        $t1,$one,$zero
-___
+#
+# void p384_felem_square_reduce(felem out, const felem in)
+#
+.global p384_felem_square_reduce
+.type   p384_felem_square_reduce,\@function
+.align 4
+p384_felem_square_reduce:
+	stdu    1, -512(1)
+	mflr	0
+	std     14, 56(1)
+	std     15, 64(1)
+	std     16, 72(1)
+	std     17, 80(1)
+	std     18, 88(1)
+	std     19, 96(1)
+	std     20, 104(1)
+	std     21, 112(1)
+	std     22, 120(1)
+	std     23, 128(1)
+	std     24, 136(1)
+	std     25, 144(1)
+	std     26, 152(1)
+	std     27, 160(1)
+	std     28, 168(1)
+	std     29, 176(1)
+	std     30, 184(1)
+	std     31, 192(1)
+
+	std	3, 496(1)
+	addi	3, 1, 208
+	bl _p384_felem_square_core
+
+	mr	4, 3
+	ld	3, 496(1)
+	bl _p384_felem_reduce_core
+
+	ld     14, 56(1)
+	ld     15, 64(1)
+	ld     16, 72(1)
+	ld     17, 80(1)
+	ld     18, 88(1)
+	ld     19, 96(1)
+	ld     20, 104(1)
+	ld     21, 112(1)
+	ld     22, 120(1)
+	ld     23, 128(1)
+	ld     24, 136(1)
+	ld     25, 144(1)
+	ld     26, 152(1)
+	ld     27, 160(1)
+	ld     28, 168(1)
+	ld     29, 176(1)
+	ld     30, 184(1)
+	ld     31, 192(1)
+	addi	1, 1, 512
+	mtlr	0
+	blr
+.size   p384_felem_square_reduce,.-p384_felem_square_reduce
 
-        for (my $i = 0; $i <= 6; $i++) {
-            $code.=<<___;
-    vsld        $inx2[$i],$in[$i],$t1
-___
-        }
-
-        $code.=<<___;
-    vmsumudm    $out,$in[0],$in[0],$vzero
-    stxv        $out,0($outp)
-
-    vmsumudm    $out,$in[0],$inx2[1],$vzero
-    stxv        $out,16($outp)
-
-    vmsumudm    $out,$in[0],$inx2[2],$vzero
-    vmsumudm    $out,$in[1],$in[1],$out
-    stxv        $out,32($outp)
-
-    xxpermdi    $t1,$in[0],$in[1],0b00
-    xxpermdi    $t2,$inx2[3],$inx2[2],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,48($outp)
-
-    xxpermdi    $t4,$inx2[4],$inx2[3],0b00
-    vmsumudm    $out,$t1,$t4,$vzero
-    vmsumudm    $out,$in[2],$in[2],$out
-    stxv        $out,64($outp)
-
-    xxpermdi    $t2,$inx2[5],$inx2[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in[2],$inx2[3],$out
-    stxv        $out,80($outp)
-
-    xxpermdi    $t2,$inx2[6],$inx2[5],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in[2],$inx2[4],$out
-    vmsumudm    $out,$in[3],$in[3],$out
-    stxv        $out,96($outp)
-
-    xxpermdi    $t3,$in[1],$in[2],0b00
-    vmsumudm    $out,$t3,$t2,$vzero
-    vmsumudm    $out,$in[3],$inx2[4],$out
-    stxv        $out,112($outp)
-
-    xxpermdi    $t1,$in[2],$in[3],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in[4],$in[4],$out
-    stxv        $out,128($outp)
-
-    xxpermdi    $t1,$in[3],$in[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,144($outp)
-
-    vmsumudm    $out,$in[4],$inx2[6],$vzero
-    vmsumudm    $out,$in[5],$in[5],$out
-    stxv        $out,160($outp)
-
-    vmsumudm    $out,$in[5],$inx2[6],$vzero
-    stxv        $out,176($outp)
-
-    vmsumudm    $out,$in[6],$in[6],$vzero
-    stxv        $out,192($outp)
+#
+# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2)
+#
+.global p384_felem_mul_reduce
+.type   p384_felem_mul_reduce,\@function
+.align 5
+p384_felem_mul_reduce:
+	stdu    1, -512(1)
+	mflr	0
+	std     14, 56(1)
+	std     15, 64(1)
+	std     16, 72(1)
+	std     17, 80(1)
+	std     18, 88(1)
+	std     19, 96(1)
+	std     20, 104(1)
+	std     21, 112(1)
+	std     22, 120(1)
+	std     23, 128(1)
+	std     24, 136(1)
+	std     25, 144(1)
+	std     26, 152(1)
+	std     27, 160(1)
+	std     28, 168(1)
+	std     29, 176(1)
+	std     30, 184(1)
+	std     31, 192(1)
+
+	std	3, 496(1)
+	addi	3, 1, 208
+	bl _p384_felem_mul_core
+
+	mr	4, 3
+	ld	3, 496(1)
+	bl _p384_felem_reduce_core
+
+	ld     14, 56(1)
+	ld     15, 64(1)
+	ld     16, 72(1)
+	ld     17, 80(1)
+	ld     18, 88(1)
+	ld     19, 96(1)
+	ld     20, 104(1)
+	ld     21, 112(1)
+	ld     22, 120(1)
+	ld     23, 128(1)
+	ld     24, 136(1)
+	ld     25, 144(1)
+	ld     26, 152(1)
+	ld     27, 160(1)
+	ld     28, 168(1)
+	ld     29, 176(1)
+	ld     30, 184(1)
+	ld     31, 192(1)
+	addi	1, 1, 512
+	mtlr	0
+	blr
+.size   p384_felem_mul_reduce,.-p384_felem_mul_reduce
 ___
 
-        endproc("p384_felem_square");
-    }
-}
-
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT or die "error closing STDOUT: $!";

libs/openssl/crypto/ec/ec_key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -256,10 +256,7 @@ static int ecdsa_keygen_knownanswer_test(EC_KEY *eckey, BN_CTX *ctx,
     int len, ret = 0;
     OSSL_SELF_TEST *st = NULL;
     unsigned char bytes[512] = {0};
-    EC_POINT *pub_key2 = EC_POINT_new(eckey->group);
-
-    if (pub_key2 == NULL)
-        return 0;
+    EC_POINT *pub_key2 = NULL;
 
     st = OSSL_SELF_TEST_new(cb, cbarg);
     if (st == NULL)
@@ -268,6 +265,9 @@ static int ecdsa_keygen_knownanswer_test(EC_KEY *eckey, BN_CTX *ctx,
     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT_KAT,
                                OSSL_SELF_TEST_DESC_PCT_ECDSA);
 
+    if ((pub_key2 = EC_POINT_new(eckey->group)) == NULL)
+        goto err;
+
     /* pub_key = priv_key * G (where G is a point on the curve) */
     if (!EC_POINT_mul(eckey->group, pub_key2, eckey->priv_key, NULL, NULL, ctx))
         goto err;

libs/openssl/crypto/ec/ecp_nistp384.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in)
     out[6] = two60m4 - in[6];
 }
 
+#if defined(ECP_NISTP384_ASM)
+void p384_felem_diff64(felem out, const felem in);
+void p384_felem_diff128(widefelem out, const widefelem in);
+void p384_felem_diff_128_64(widefelem out, const felem in);
+
+# define felem_diff64           p384_felem_diff64
+# define felem_diff128          p384_felem_diff128
+# define felem_diff_128_64      p384_felem_diff_128_64
+
+#else
 /*-
  * felem_diff64 subtracts |in| from |out|
  * On entry:
@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in)
     for (i = 0; i < 2*NLIMBS-1; i++)
         out[i] -= in[i];
 }
+#endif /* ECP_NISTP384_ASM */
 
 static void felem_square_ref(widefelem out, const felem in)
 {
@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2)
  * [3]: Y = 2^48 (acc[6] >> 48)
  * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d)
  */
-static void felem_reduce(felem out, const widefelem in)
+static void felem_reduce_ref(felem out, const widefelem in)
 {
     /*
      * In order to prevent underflow, we add a multiple of p before subtracting.
@@ -673,6 +684,22 @@ static void felem_reduce(felem out, const widefelem in)
         out[i] = acc[i];
 }
 
+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
+{
+    widefelem tmp;
+
+    felem_square_ref(tmp, in);
+    felem_reduce_ref(out, tmp);
+}
+
+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
+{
+    widefelem tmp;
+
+    felem_mul_ref(tmp, in1, in2);
+    felem_reduce_ref(out, tmp);
+}
+
 #if defined(ECP_NISTP384_ASM)
 static void felem_square_wrapper(widefelem out, const felem in);
 static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
@@ -682,8 +709,19 @@ static void (*felem_square_p)(widefelem out, const felem in) =
 static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
     felem_mul_wrapper;
 
+static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+
+static void (*felem_square_reduce_p)(felem out, const felem in) =
+    felem_square_reduce_ref;
+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
+    felem_mul_reduce_ref;
+
 void p384_felem_square(widefelem out, const felem in);
 void p384_felem_mul(widefelem out, const felem in1, const felem in2);
+void p384_felem_reduce(felem out, const widefelem in);
+
+void p384_felem_square_reduce(felem out, const felem in);
+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
 
 # if defined(_ARCH_PPC64)
 #  include "crypto/ppc_arch.h"
@@ -695,6 +733,9 @@ static void felem_select(void)
     if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
         felem_square_p = p384_felem_square;
         felem_mul_p = p384_felem_mul;
+        felem_reduce_p = p384_felem_reduce;
+        felem_square_reduce_p = p384_felem_square_reduce;
+        felem_mul_reduce_p = p384_felem_mul_reduce;
 
         return;
     }
@@ -703,6 +744,9 @@ static void felem_select(void)
     /* Default */
     felem_square_p = felem_square_ref;
     felem_mul_p = felem_mul_ref;
+    felem_reduce_p = felem_reduce_ref;
+    felem_square_reduce_p = felem_square_reduce_ref;
+    felem_mul_reduce_p = felem_mul_reduce_ref;
 }
 
 static void felem_square_wrapper(widefelem out, const felem in)
@@ -719,26 +763,18 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
 
 # define felem_square felem_square_p
 # define felem_mul felem_mul_p
+# define felem_reduce felem_reduce_p
+
+# define felem_square_reduce felem_square_reduce_p
+# define felem_mul_reduce felem_mul_reduce_p
 #else
 # define felem_square felem_square_ref
 # define felem_mul felem_mul_ref
-#endif
-
-static ossl_inline void felem_square_reduce(felem out, const felem in)
-{
-    widefelem tmp;
+# define felem_reduce felem_reduce_ref
 
-    felem_square(tmp, in);
-    felem_reduce(out, tmp);
-}
-
-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
-{
-    widefelem tmp;
-
-    felem_mul(tmp, in1, in2);
-    felem_reduce(out, tmp);
-}
+# define felem_square_reduce felem_square_reduce_ref
+# define felem_mul_reduce felem_mul_reduce_ref
+#endif
 
 /*-
  * felem_inv calculates |out| = |in|^{-1}

libs/openssl/crypto/encode_decode/encoder_pkey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -210,6 +210,7 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
 static void encoder_destruct_pkey(void *arg)
 {
     struct construct_data_st *data = arg;
+    int match = (data->obj == data->constructed_obj);
 
     if (data->encoder_inst != NULL) {
         OSSL_ENCODER *encoder =
@@ -218,6 +219,8 @@ static void encoder_destruct_pkey(void *arg)
         encoder->free_object(data->constructed_obj);
     }
     data->constructed_obj = NULL;
+    if (match)
+        data->obj = NULL;
 }
 
 /*

libs/openssl/crypto/evp/bio_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -161,6 +161,7 @@ static int enc_read(BIO *b, char *out, int outl)
             /* Should be continue next time we are called? */
             if (!BIO_should_retry(next)) {
                 ctx->cont = i;
+                ctx->finished = 1;
                 i = EVP_CipherFinal_ex(ctx->cipher,
                                        ctx->buf, &(ctx->buf_len));
                 ctx->ok = i;

libs/openssl/crypto/evp/ctrl_params_translate.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2895,11 +2895,15 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
 
 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
 {
+    if (ctx->keymgmt != NULL)
+        return 0;
     return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
 }
 
 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
 {
+    if (ctx->keymgmt != NULL)
+        return 0;
     return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
 }
 

libs/openssl/crypto/evp/evp_pbe.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,7 +40,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
      NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
 
-    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen,
+     PKCS5_v2_PBKDF2_keyivgen_ex},
 
     {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
      NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},

libs/openssl/crypto/evp/evp_rand.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -646,10 +646,8 @@ static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
 {
     unsigned int str = evp_rand_strength_locked(ctx);
 
-    if (ctx->meth->nonce == NULL)
-        return 0;
-    if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
-        return 1;
+    if (ctx->meth->nonce != NULL)
+        return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0;
     return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
 }
 
@@ -657,6 +655,11 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
 {
     int res;
 
+    if (ctx == NULL || out == NULL || outlen == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (!evp_rand_lock(ctx))
         return 0;
     res = evp_rand_nonce_locked(ctx, out, outlen);

libs/openssl/crypto/evp/exchange.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -431,7 +431,13 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
      */
     if (provkey == NULL)
         goto legacy;
-    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    if (ret <= 0)
+        return ret;
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+    EVP_PKEY_up_ref(peer);
+    return 1;
 
  legacy:
 #ifdef FIPS_MODULE

libs/openssl/crypto/evp/legacy_sha.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -216,7 +216,7 @@ const EVP_MD *EVP_shake##bitlen(void)                                          \
         NID_shake##bitlen,                                                     \
         0,                                                                     \
         bitlen / 8,                                                            \
-        EVP_MD_FLAG_XOF,                                                       \
+        EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT,                         \
         EVP_ORIG_GLOBAL,                                                       \
         LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final,  \
                         shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8),      \

libs/openssl/crypto/evp/pmeth_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -475,6 +475,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
     }
     rctx->legacy_keytype = pctx->legacy_keytype;
 
+    if (pctx->keymgmt != NULL) {
+        if (!EVP_KEYMGMT_up_ref(pctx->keymgmt))
+            goto err;
+        rctx->keymgmt = pctx->keymgmt;
+    }
+
     if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
         if (pctx->op.kex.exchange != NULL) {
             rctx->op.kex.exchange = pctx->op.kex.exchange;
@@ -578,6 +584,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
             EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt;
             void *provkey;
 
+            if (pctx->pkey == NULL)
+                return rctx;
+
             provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx,
                                                   &tmp_keymgmt, pctx->propquery);
             if (provkey == NULL)
@@ -695,8 +704,9 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
                 ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,
                                                   params);
         break;
-#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_LEGACY:
         return evp_pkey_ctx_set_params_to_ctrl(ctx, params);
 #endif
@@ -733,8 +743,9 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
                 ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
                                                   params);
         break;
-#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_LEGACY:
         return evp_pkey_ctx_get_params_to_ctrl(ctx, params);
 #endif

libs/openssl/crypto/http/http_lib.c

@@ -59,7 +59,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     const char *user, *user_end;
     const char *host, *host_end;
     const char *port, *port_end;
-    unsigned int portnum;
+    unsigned int portnum = 0;
     const char *path, *path_end;
     const char *query, *query_end;
     const char *frag, *frag_end;
@@ -107,13 +107,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
         p = ++host_end;
     } else {
         /* look for start of optional port, path, query, or fragment */
-        host_end = strchr(host, ':');
-        if (host_end == NULL)
-            host_end = strchr(host, '/');
-        if (host_end == NULL)
-            host_end = strchr(host, '?');
-        if (host_end == NULL)
-            host_end = strchr(host, '#');
+        host_end = strpbrk(host, ":/?#");
         if (host_end == NULL) /* the remaining string is just the hostname */
             host_end = host + strlen(host);
         p = host_end;

libs/openssl/crypto/loongarch64cpuid.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,10 +16,9 @@
 ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19));
 ($fp)=map("\$r$_",(22));
 
-
-for (@ARGV) {   $output=$_ if (/\w[\w\-]*\.\w+$/);      }
-open STDOUT,">$output";
-while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+# $output is the last argument if it looks like a file (it has an extension)
+my $output;
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 {

libs/openssl/crypto/md5/asm/md5-loongarch64.pl

@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # Author: Min Zhou <[email protected]>
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the OpenSSL license (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -18,8 +18,9 @@ my ($zero,$ra,$tp,$sp,$fp)=map("\$r$_",(0..3,22));
 my ($a0,$a1,$a2,$a3,$a4,$a5,$a6,$a7)=map("\$r$_",(4..11));
 my ($t0,$t1,$t2,$t3,$t4,$t5,$t6,$t7,$t8,$x)=map("\$r$_",(12..21));
 
+# $output is the last argument if it looks like a file (it has an extension)
 my $output;
-for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 # round1_step() does:

libs/openssl/crypto/params_dup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -190,18 +190,18 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
     while (1) {
         /* If list1 is finished just tack list2 onto the end */
         if (*p1cur == NULL) {
-            do {
+            while (*p2cur != NULL) {
                 *dst++ = **p2cur;
                 p2cur++;
-            } while (*p2cur != NULL);
+            }
             break;
         }
         /* If list2 is finished just tack list1 onto the end */
         if (*p2cur == NULL) {
-            do {
+            while (*p1cur != NULL) {
                 *dst++ = **p1cur;
                 p1cur++;
-            } while (*p1cur != NULL);
+            }
             break;
         }
         /* consume the list element with the smaller key */

libs/openssl/crypto/perlasm/sparcv9_modes.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -46,8 +46,8 @@ $::code.=<<___;
 .align	32
 ${alg}${bits}_t4_cbc_encrypt:
 	save		%sp, -$::frame, %sp
-	cmp		$len, 0
-	be,pn		$::size_t_cc, .L${bits}_cbc_enc_abort
+	cmp		$len, 15
+	bleu,pn	$::size_t_cc, .L${bits}_cbc_enc_abort
 	srln		$len, 0, $len		! needed on v8+, "nop" on v9
 	sub		$inp, $out, $blk_init	! $inp!=$out
 ___
@@ -264,8 +264,8 @@ $::code.=<<___;
 .align	32
 ${alg}${bits}_t4_cbc_decrypt:
 	save		%sp, -$::frame, %sp
-	cmp		$len, 0
-	be,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
+	cmp		$len, 15
+	bleu,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
 	srln		$len, 0, $len		! needed on v8+, "nop" on v9
 	sub		$inp, $out, $blk_init	! $inp!=$out
 ___

libs/openssl/crypto/pkcs7/pk7_smime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -326,10 +326,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     if (flags & PKCS7_TEXT) {
         if (!SMIME_text(tmpout, out)) {
             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR);
-            BIO_free(tmpout);
             goto err;
         }
-        BIO_free(tmpout);
     }
 
     /* Now Verify All Signatures */
@@ -347,6 +345,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     ret = 1;
 
  err:
+    if (flags & PKCS7_TEXT)
+        BIO_free(tmpout);
     X509_STORE_CTX_free(cert_ctx);
     OPENSSL_free(buf);
     if (indata != NULL)

libs/openssl/crypto/property/property.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -321,7 +321,7 @@ int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov,
 
     /* Insert into the hash table if required */
     if (!ossl_property_write_lock(store)) {
-        OPENSSL_free(impl);
+        impl_free(impl);
         return 0;
     }
     ossl_method_cache_flush(store, nid);

libs/openssl/crypto/provider_conf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -379,7 +379,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
             ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
         if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) {
             ok = ossl_provider_info_add_to_store(libctx, &entry);
-            added = 1;
+            added = ok;
         }
         if (added == 0)
             ossl_provider_info_clear(&entry);

libs/openssl/crypto/rsa/rsa_gen.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -147,6 +147,7 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes,
                 goto err;
             if (!sk_BIGNUM_insert(pplist, tmp, sk_BIGNUM_num(pplist)))
                 goto err;
+            tmp = NULL;
             break;
         default:
             factor = sk_BIGNUM_value(factors, i);
@@ -158,6 +159,7 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes,
                 goto err;
             if (!sk_BIGNUM_insert(pplist, tmp, sk_BIGNUM_num(pplist)))
                 goto err;
+            tmp = NULL;
             break;
         }
     }
@@ -182,6 +184,7 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes,
             goto err;
         if (!sk_BIGNUM_insert(pdlist, dval, sk_BIGNUM_num(pdlist)))
             goto err;
+        dval = NULL;
     }
 
     /* Calculate dmp1, dmq1 and additional exponents */
@@ -209,12 +212,11 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes,
         newexp = BN_new();
         if (newexp == NULL)
             goto err;
-        if (!BN_mod(newexp, rsa->d, newpd, ctx)) {
-            BN_free(newexp);
+        if (!BN_mod(newexp, rsa->d, newpd, ctx))
             goto err;
-        }
         if (!sk_BIGNUM_insert(exps, newexp, sk_BIGNUM_num(exps)))
             goto err;
+        newexp = NULL;
     }
 
     /* Calculate iqmp and additional coefficients */
@@ -235,16 +237,19 @@ int ossl_rsa_multiprime_derive(RSA *rsa, int bits, int primes,
         if (newcoeff == NULL)
             goto err;
         if (BN_mod_inverse(newcoeff, newpp, sk_BIGNUM_value(factors, i),
-                           ctx) == NULL) {
-            BN_free(newcoeff);
+                           ctx) == NULL)
             goto err;
-        }
         if (!sk_BIGNUM_insert(coeffs, newcoeff, sk_BIGNUM_num(coeffs)))
             goto err;
+        newcoeff = NULL;
     }
 
     ret = 1;
  err:
+    BN_free(newcoeff);
+    BN_free(newexp);
+    BN_free(dval);
+    BN_free(tmp);
     sk_BIGNUM_pop_free(pplist, BN_free);
     sk_BIGNUM_pop_free(pdlist, BN_free);
     BN_CTX_end(ctx);

libs/openssl/crypto/sm3/asm/sm3-armv8.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -141,13 +141,13 @@ ossl_hwsm3_block_data_order:
 
 .Loop:
 	// load input
-	ld1     {$s0.16b-$s3.16b}, [$pdata], #64
+	ld1     {$s0.4s-$s3.4s}, [$pdata], #64
 	sub     $num, $num, #1
 
 	mov     $bkstate1.16b, $state1.16b
 	mov     $bkstate2.16b, $state2.16b
 
-#ifndef __ARMEB__
+#ifndef __AARCH64EB__
 	rev32   $s0.16b, $s0.16b
 	rev32   $s1.16b, $s1.16b
 	rev32   $s2.16b, $s2.16b

libs/openssl/crypto/sm4/asm/sm4-armv8.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ sub rev32() {
 my $dst = shift;
 my $src = shift;
 $code.=<<___;
-#ifndef __ARMEB__
+#ifndef __AARCH64EB__
 	rev32	$dst.16b,$src.16b
 #endif
 ___
@@ -393,7 +393,7 @@ ___
 	&enc_blk($ivec);
 	&rev32($ivec,$ivec);
 $code.=<<___;
-	st1	{$ivec.16b},[$out],#16
+	st1	{$ivec.4s},[$out],#16
 	b.ne	1b
 	b	3f
 .Ldec:
@@ -474,11 +474,11 @@ ___
 $code.=<<___;
 	eor	@dat[0].16b,@dat[0].16b,$ivec.16b
 	mov	$ivec.16b,@in[0].16b
-	st1	{@dat[0].16b},[$out],#16
+	st1	{@dat[0].4s},[$out],#16
 	b.ne	1b
 3:
 	// save back IV
-	st1	{$ivec.16b},[$ivp]
+	st1	{$ivec.4s},[$ivp]
 	ldp	d8,d9,[sp],#16
 	ret
 .size	${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt

libs/openssl/crypto/threads_none.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -153,18 +153,28 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
 
 #define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
 
-static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+struct thread_local_storage_entry {
+    void *data;
+    uint8_t used;
+};
+
+static struct thread_local_storage_entry thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
 
 int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
 {
-    static unsigned int thread_local_key = 0;
+    int entry_idx = 0;
 
-    if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
-        return 0;
+    for (entry_idx = 0; entry_idx < OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX; entry_idx++) {
+        if (!thread_local_storage[entry_idx].used)
+            break;
+    }
 
-    *key = thread_local_key++;
+    if (entry_idx == OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
 
-    thread_local_storage[*key] = NULL;
+    *key = entry_idx;
+    thread_local_storage[*key].used = 1;
+    thread_local_storage[*key].data = NULL;
 
     return 1;
 }
@@ -174,7 +184,7 @@ void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
     if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
         return NULL;
 
-    return thread_local_storage[*key];
+    return thread_local_storage[*key].data;
 }
 
 int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
@@ -182,13 +192,18 @@ int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
     if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
         return 0;
 
-    thread_local_storage[*key] = val;
+    thread_local_storage[*key].data = val;
 
     return 1;
 }
 
 int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
 {
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    thread_local_storage[*key].used = 0;
+    thread_local_storage[*key].data = NULL;
     *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
     return 1;
 }

libs/openssl/crypto/threads_pthread.c

@@ -68,50 +68,14 @@
  * fallback function names.
  */
 typedef void *pvoid;
-typedef struct rcu_cb_item *prcu_cb_item;
 
 # if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS) \
     && !defined(USE_ATOMIC_FALLBACKS)
-#  if defined(__APPLE__) && defined(__clang__) && defined(__aarch64__) && defined(__LP64__)
-/*
- * For pointers, Apple M1 virtualized cpu seems to have some problem using the
- * ldapr instruction (see https://github.com/openssl/openssl/pull/23974)
- * When using the native apple clang compiler, this instruction is emitted for
- * atomic loads, which is bad.  So, if
- * 1) We are building on a target that defines __APPLE__ AND
- * 2) We are building on a target using clang (__clang__) AND
- * 3) We are building for an M1 processor (__aarch64__) AND
- * 4) We are building with 64 bit pointers
- * Then we should not use __atomic_load_n and instead implement our own
- * function to issue the ldar instruction instead, which produces the proper
- * sequencing guarantees
- */
-static inline void *apple_atomic_load_n_pvoid(void **p,
-                                              ossl_unused int memorder)
-{
-    void *ret;
-
-    __asm volatile("ldar %0, [%1]" : "=r" (ret): "r" (p):);
-
-    return ret;
-}
-
-/* For uint64_t, we should be fine, though */
-#   define apple_atomic_load_n_uint64_t(p, o) __atomic_load_n(p, o)
-
-#   define ATOMIC_LOAD_N(t, p, o) apple_atomic_load_n_##t(p, o)
-#  else
-#   define ATOMIC_LOAD_N(t, p, o) __atomic_load_n(p, o)
-#  endif
+#  define ATOMIC_LOAD_N(t, p, o) __atomic_load_n(p, o)
 #  define ATOMIC_STORE_N(t, p, v, o) __atomic_store_n(p, v, o)
 #  define ATOMIC_STORE(t, p, v, o) __atomic_store(p, v, o)
-#  define ATOMIC_EXCHANGE_N(t, p, v, o) __atomic_exchange_n(p, v, o)
-#  define ATOMIC_COMPARE_EXCHANGE_N(t, p, e, d, s, f) __atomic_compare_exchange_n(p, e, d, 0, s, f)
 #  define ATOMIC_ADD_FETCH(p, v, o) __atomic_add_fetch(p, v, o)
-#  define ATOMIC_FETCH_ADD(p, v, o) __atomic_fetch_add(p, v, o)
 #  define ATOMIC_SUB_FETCH(p, v, o) __atomic_sub_fetch(p, v, o)
-#  define ATOMIC_AND_FETCH(p, m, o) __atomic_and_fetch(p, m, o)
-#  define ATOMIC_OR_FETCH(p, m, o) __atomic_or_fetch(p, m, o)
 # else
 static pthread_mutex_t atomic_sim_lock = PTHREAD_MUTEX_INITIALIZER;
 
@@ -125,6 +89,7 @@ static pthread_mutex_t atomic_sim_lock = PTHREAD_MUTEX_INITIALIZER;
         pthread_mutex_unlock(&atomic_sim_lock);                 \
         return ret;                                             \
     }
+IMPL_fallback_atomic_load_n(uint32_t)
 IMPL_fallback_atomic_load_n(uint64_t)
 IMPL_fallback_atomic_load_n(pvoid)
 
@@ -141,7 +106,7 @@ IMPL_fallback_atomic_load_n(pvoid)
         pthread_mutex_unlock(&atomic_sim_lock);                 \
         return ret;                                             \
     }
-IMPL_fallback_atomic_store_n(uint64_t)
+IMPL_fallback_atomic_store_n(uint32_t)
 
 #  define ATOMIC_STORE_N(t, p, v, o) fallback_atomic_store_n_##t(p, v)
 
@@ -152,44 +117,10 @@ IMPL_fallback_atomic_store_n(uint64_t)
         *p = *v;                                                \
         pthread_mutex_unlock(&atomic_sim_lock);                 \
     }
-IMPL_fallback_atomic_store(uint64_t)
 IMPL_fallback_atomic_store(pvoid)
 
 #  define ATOMIC_STORE(t, p, v, o) fallback_atomic_store_##t(p, v)
 
-#  define IMPL_fallback_atomic_exchange_n(t)                            \
-    static ossl_inline t fallback_atomic_exchange_n_##t(t *p, t v)           \
-    {                                                                   \
-        t ret;                                                          \
-                                                                        \
-        pthread_mutex_lock(&atomic_sim_lock);                           \
-        ret = *p;                                                       \
-        *p = v;                                                         \
-        pthread_mutex_unlock(&atomic_sim_lock);                         \
-        return ret;                                                     \
-    }
-IMPL_fallback_atomic_exchange_n(uint64_t)
-IMPL_fallback_atomic_exchange_n(prcu_cb_item)
-
-#  define ATOMIC_EXCHANGE_N(t, p, v, o) fallback_atomic_exchange_n_##t(p, v)
-
-#  define IMPL_fallback_atomic_compare_exchange_n(t)                                  \
-    static ossl_inline int fallback_atomic_compare_exchange_n_##t(t *p, t *e, t d, s, f) \
-    {                                                                                 \
-        int ret = 1;                                                                 \
-        pthread_mutex_lock(&atomic_sim_lock);                                         \
-        if (*p == *e)                                                                 \
-            *p = d;                                                                    \
-        else                                                                          \
-            ret = 0;                                                                   \
-        pthread_mutex_unlock(&atomic_sim_lock);                                       \
-        return ret;                                                                   \
-    }
-
-IMPL_fallback_atomic_exchange_n(uint64_t)
-
-#  define ATOMIC_COMPARE_EXCHANGE_N(t, p, e, d, s, f) fallback_atomic_compare_exchange_n_##t(p, e, d, s, f)
-
 /*
  * The fallbacks that follow don't need any per type implementation, as
  * they are designed for uint64_t only.  If there comes a time when multiple
@@ -210,19 +141,6 @@ static ossl_inline uint64_t fallback_atomic_add_fetch(uint64_t *p, uint64_t v)
 
 #  define ATOMIC_ADD_FETCH(p, v, o) fallback_atomic_add_fetch(p, v)
 
-static ossl_inline uint64_t fallback_atomic_fetch_add(uint64_t *p, uint64_t v)
-{
-    uint64_t ret;
-
-    pthread_mutex_lock(&atomic_sim_lock);
-    ret = *p;
-    *p += v;
-    pthread_mutex_unlock(&atomic_sim_lock);
-    return ret;
-}
-
-#  define ATOMIC_FETCH_ADD(p, v, o) fallback_atomic_fetch_add(p, v)
-
 static ossl_inline uint64_t fallback_atomic_sub_fetch(uint64_t *p, uint64_t v)
 {
     uint64_t ret;
@@ -235,51 +153,8 @@ static ossl_inline uint64_t fallback_atomic_sub_fetch(uint64_t *p, uint64_t v)
 }
 
 #  define ATOMIC_SUB_FETCH(p, v, o) fallback_atomic_sub_fetch(p, v)
-
-static ossl_inline uint64_t fallback_atomic_and_fetch(uint64_t *p, uint64_t m)
-{
-    uint64_t ret;
-
-    pthread_mutex_lock(&atomic_sim_lock);
-    *p &= m;
-    ret = *p;
-    pthread_mutex_unlock(&atomic_sim_lock);
-    return ret;
-}
-
-#  define ATOMIC_AND_FETCH(p, v, o) fallback_atomic_and_fetch(p, v)
-
-static ossl_inline uint64_t fallback_atomic_or_fetch(uint64_t *p, uint64_t m)
-{
-    uint64_t ret;
-
-    pthread_mutex_lock(&atomic_sim_lock);
-    *p |= m;
-    ret = *p;
-    pthread_mutex_unlock(&atomic_sim_lock);
-    return ret;
-}
-
-#  define ATOMIC_OR_FETCH(p, v, o) fallback_atomic_or_fetch(p, v)
 # endif
 
-/*
- * users is broken up into 2 parts
- * bits 0-15 current readers
- * bit 32-63 - ID
- */
-# define READER_SHIFT 0
-# define ID_SHIFT 32
-# define READER_SIZE 16
-# define ID_SIZE 32
-
-# define READER_MASK     (((uint64_t)1 << READER_SIZE) - 1)
-# define ID_MASK         (((uint64_t)1 << ID_SIZE) - 1)
-# define READER_COUNT(x) (((uint64_t)(x) >> READER_SHIFT) & READER_MASK)
-# define ID_VAL(x)       (((uint64_t)(x) >> ID_SHIFT) & ID_MASK)
-# define VAL_READER      ((uint64_t)1 << READER_SHIFT)
-# define VAL_ID(x)       ((uint64_t)x << ID_SHIFT)
-
 /*
  * This is the core of an rcu lock. It tracks the readers and writers for the
  * current quiescence point for a given lock. Users is the 64 bit value that
@@ -320,23 +195,23 @@ struct rcu_lock_st {
     /* The context we are being created against */
     OSSL_LIB_CTX *ctx;
 
-    /* rcu generation counter for in-order retirement */
-    uint32_t id_ctr;
-
     /* Array of quiescent points for synchronization */
     struct rcu_qp *qp_group;
 
+    /* rcu generation counter for in-order retirement */
+    uint32_t id_ctr;
+
     /* Number of elements in qp_group array */
-    size_t group_count;
+    uint32_t group_count;
 
     /* Index of the current qp in the qp_group array */
-    uint64_t reader_idx;
+    uint32_t reader_idx;
 
     /* value of the next id_ctr value to be retired */
     uint32_t next_to_retire;
 
     /* index of the next free rcu_qp in the qp_group */
-    uint64_t current_alloc_idx;
+    uint32_t current_alloc_idx;
 
     /* number of qp's in qp_group array currently being retired */
     uint32_t writers_alloced;
@@ -360,10 +235,12 @@ struct rcu_lock_st {
 /* Read side acquisition of the current qp */
 static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock)
 {
-    uint64_t qp_idx;
+    uint32_t qp_idx;
 
     /* get the current qp index */
     for (;;) {
+        qp_idx = ATOMIC_LOAD_N(uint32_t, &lock->reader_idx, __ATOMIC_RELAXED);
+
         /*
          * Notes on use of __ATOMIC_ACQUIRE
          * We need to ensure the following:
@@ -374,32 +251,17 @@ static struct rcu_qp *get_hold_current_qp(struct rcu_lock_st *lock)
          * of the lock is flushed from a local cpu cache so that we see any
          * updates prior to the load.  This is a non-issue on cache coherent
          * systems like x86, but is relevant on other arches
-         * Note: This applies to the reload below as well
-         */
-        qp_idx = ATOMIC_LOAD_N(uint64_t, &lock->reader_idx, __ATOMIC_ACQUIRE);
-
-        /*
-         * Notes of use of __ATOMIC_RELEASE
-         * This counter is only read by the write side of the lock, and so we
-         * specify __ATOMIC_RELEASE here to ensure that the write side of the
-         * lock see this during the spin loop read of users, as it waits for the
-         * reader count to approach zero
          */
-        ATOMIC_ADD_FETCH(&lock->qp_group[qp_idx].users, VAL_READER,
-                         __ATOMIC_RELEASE);
+        ATOMIC_ADD_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1,
+                         __ATOMIC_ACQUIRE);
 
         /* if the idx hasn't changed, we're good, else try again */
-        if (qp_idx == ATOMIC_LOAD_N(uint64_t, &lock->reader_idx, __ATOMIC_ACQUIRE))
+        if (qp_idx == ATOMIC_LOAD_N(uint32_t, &lock->reader_idx,
+                                    __ATOMIC_RELAXED))
             break;
 
-        /*
-         * Notes on use of __ATOMIC_RELEASE
-         * As with the add above, we want to ensure that this decrement is
-         * seen by the write side of the lock as soon as it happens to prevent
-         * undue spinning waiting for write side completion
-         */
-        ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, VAL_READER,
-                         __ATOMIC_RELEASE);
+        ATOMIC_SUB_FETCH(&lock->qp_group[qp_idx].users, (uint64_t)1,
+                         __ATOMIC_RELAXED);
     }
 
     return &lock->qp_group[qp_idx];
@@ -466,14 +328,14 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock)
     for (i = 0; i < MAX_QPS; i++) {
         if (data->thread_qps[i].lock == lock) {
             /*
-             * As with read side acquisition, we use __ATOMIC_RELEASE here
-             * to ensure that the decrement is published immediately
-             * to any write side waiters
+             * we have to use __ATOMIC_RELEASE here
+             * to ensure that all preceding read instructions complete
+             * before the decrement is visible to ossl_synchronize_rcu
              */
             data->thread_qps[i].depth--;
             if (data->thread_qps[i].depth == 0) {
-                ret = ATOMIC_SUB_FETCH(&data->thread_qps[i].qp->users, VAL_READER,
-                                       __ATOMIC_RELEASE);
+                ret = ATOMIC_SUB_FETCH(&data->thread_qps[i].qp->users,
+                                       (uint64_t)1, __ATOMIC_RELEASE);
                 OPENSSL_assert(ret != UINT64_MAX);
                 data->thread_qps[i].qp = NULL;
                 data->thread_qps[i].lock = NULL;
@@ -492,12 +354,9 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock)
  * Write side allocation routine to get the current qp
  * and replace it with a new one
  */
-static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock)
+static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id)
 {
-    uint64_t new_id;
-    uint64_t update;
-    uint64_t ret;
-    uint64_t current_idx;
+    uint32_t current_idx;
 
     pthread_mutex_lock(&lock->alloc_lock);
 
@@ -519,33 +378,18 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock)
     lock->current_alloc_idx =
         (lock->current_alloc_idx + 1) % lock->group_count;
 
-    /* get and insert a new id */
-    new_id = lock->id_ctr;
+    *curr_id = lock->id_ctr;
     lock->id_ctr++;
 
-    new_id = VAL_ID(new_id);
-    /*
-     * Even though we are under a write side lock here
-     * We need to use atomic instructions to ensure that the results
-     * of this update are published to the read side prior to updating the
-     * reader idx below
-     */
-try_again:
-    ret = ATOMIC_LOAD_N(uint64_t, &lock->qp_group[current_idx].users, __ATOMIC_ACQUIRE);
-    update = ret & ID_MASK;
-    update |= new_id;
-    if (!ATOMIC_COMPARE_EXCHANGE_N(uint64_t, &lock->qp_group[current_idx].users, &ret, update,
-                                   __ATOMIC_ACQ_REL, __ATOMIC_RELAXED))
-        goto try_again;
+    ATOMIC_STORE_N(uint32_t, &lock->reader_idx, lock->current_alloc_idx,
+                   __ATOMIC_RELAXED);
 
     /*
-     * Update the reader index to be the prior qp.
-     * Note the use of __ATOMIC_RELEASE here is based on the corresponding use
-     * of __ATOMIC_ACQUIRE in get_hold_current_qp, as we want any publication
-     * of this value to be seen on the read side immediately after it happens
+     * this should make sure that the new value of reader_idx is visible in
+     * get_hold_current_qp, directly after incrementing the users count
      */
-    ATOMIC_STORE_N(uint64_t, &lock->reader_idx, lock->current_alloc_idx,
-                   __ATOMIC_RELEASE);
+    ATOMIC_ADD_FETCH(&lock->qp_group[current_idx].users, (uint64_t)0,
+                     __ATOMIC_RELEASE);
 
     /* wake up any waiters */
     pthread_cond_signal(&lock->alloc_signal);
@@ -562,7 +406,7 @@ static void retire_qp(CRYPTO_RCU_LOCK *lock, struct rcu_qp *qp)
 }
 
 static struct rcu_qp *allocate_new_qp_group(CRYPTO_RCU_LOCK *lock,
-                                            int count)
+                                            uint32_t count)
 {
     struct rcu_qp *new =
         OPENSSL_zalloc(sizeof(*new) * count);
@@ -585,31 +429,34 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
 {
     struct rcu_qp *qp;
     uint64_t count;
+    uint32_t curr_id;
     struct rcu_cb_item *cb_items, *tmpcb;
 
-    /*
-     * __ATOMIC_ACQ_REL is used here to ensure that we get any prior published
-     * writes before we read, and publish our write immediately
-     */
-    cb_items = ATOMIC_EXCHANGE_N(prcu_cb_item, &lock->cb_items, NULL,
-                                 __ATOMIC_ACQ_REL);
+    pthread_mutex_lock(&lock->write_lock);
+    cb_items = lock->cb_items;
+    lock->cb_items = NULL;
+    pthread_mutex_unlock(&lock->write_lock);
+
+    qp = update_qp(lock, &curr_id);
 
-    qp = update_qp(lock);
+    /* retire in order */
+    pthread_mutex_lock(&lock->prior_lock);
+    while (lock->next_to_retire != curr_id)
+        pthread_cond_wait(&lock->prior_signal, &lock->prior_lock);
 
     /*
      * wait for the reader count to reach zero
      * Note the use of __ATOMIC_ACQUIRE here to ensure that any
-     * prior __ATOMIC_RELEASE write operation in get_hold_current_qp
+     * prior __ATOMIC_RELEASE write operation in ossl_rcu_read_unlock
      * is visible prior to our read
+     * however this is likely just necessary to silence a tsan warning
+     * because the read side should not do any write operation
+     * outside the atomic itself
      */
     do {
         count = ATOMIC_LOAD_N(uint64_t, &qp->users, __ATOMIC_ACQUIRE);
-    } while (READER_COUNT(count) != 0);
+    } while (count != (uint64_t)0);
 
-    /* retire in order */
-    pthread_mutex_lock(&lock->prior_lock);
-    while (lock->next_to_retire != ID_VAL(count))
-        pthread_cond_wait(&lock->prior_signal, &lock->prior_lock);
     lock->next_to_retire++;
     pthread_cond_broadcast(&lock->prior_signal);
     pthread_mutex_unlock(&lock->prior_lock);
@@ -625,6 +472,10 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
     }
 }
 
+/*
+ * Note: This call assumes its made under the protection of
+ * ossl_rcu_write_lock
+ */
 int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data)
 {
     struct rcu_cb_item *new =
@@ -635,13 +486,9 @@ int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data)
 
     new->data = data;
     new->fn = cb;
-    /*
-     * Use __ATOMIC_ACQ_REL here to indicate that any prior writes to this
-     * list are visible to us prior to reading, and publish the new value
-     * immediately
-     */
-    new->next = ATOMIC_EXCHANGE_N(prcu_cb_item, &lock->cb_items, new,
-                                  __ATOMIC_ACQ_REL);
+
+    new->next = lock->cb_items;
+    lock->cb_items = new;
 
     return 1;
 }
@@ -661,10 +508,10 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
     struct rcu_lock_st *new;
 
     /*
-     * We need a minimum of 3 qp's
+     * We need a minimum of 2 qp's
      */
-    if (num_writers < 3)
-        num_writers = 3;
+    if (num_writers < 2)
+        num_writers = 2;
 
     ctx = ossl_lib_ctx_get_concrete(ctx);
     if (ctx == NULL)
@@ -680,8 +527,6 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
     pthread_mutex_init(&new->alloc_lock, NULL);
     pthread_cond_init(&new->prior_signal, NULL);
     pthread_cond_init(&new->alloc_signal, NULL);
-    /* By default our first writer is already alloced */
-    new->writers_alloced = 1;
 
     new->qp_group = allocate_new_qp_group(new, num_writers);
     if (new->qp_group == NULL) {
@@ -913,7 +758,7 @@ int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
 
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock)
 {
-# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS)
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
     if (__atomic_is_lock_free(sizeof(*val), val)) {
         __atomic_load(val, ret, __ATOMIC_ACQUIRE);
         return 1;
@@ -936,7 +781,7 @@ int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock)
 
 int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock)
 {
-# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS)
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
     if (__atomic_is_lock_free(sizeof(*val), val)) {
         __atomic_load(val, ret, __ATOMIC_ACQUIRE);
         return 1;
@@ -944,7 +789,7 @@ int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock)
 # elif defined(__sun) && (defined(__SunOS_5_10) || defined(__SunOS_5_11))
     /* This will work for all future Solaris versions. */
     if (ret != NULL) {
-        *ret = (int *)atomic_or_uint_nv((unsigned int *)val, 0);
+        *ret = (int)atomic_or_uint_nv((unsigned int *)val, 0);
         return 1;
     }
 # endif

libs/openssl/crypto/threads_win.c

@@ -43,18 +43,6 @@ typedef struct {
 } CRYPTO_win_rwlock;
 # endif
 
-# define READER_SHIFT 0
-# define ID_SHIFT 32 
-# define READER_SIZE 32 
-# define ID_SIZE 32 
-
-# define READER_MASK     (((LONG64)1 << READER_SIZE)-1)
-# define ID_MASK         (((LONG64)1 << ID_SIZE)-1)
-# define READER_COUNT(x) (((LONG64)(x) >> READER_SHIFT) & READER_MASK)
-# define ID_VAL(x)       (((LONG64)(x) >> ID_SHIFT) & ID_MASK)
-# define VAL_READER      ((LONG64)1 << READER_SHIFT)
-# define VAL_ID(x)       ((LONG64)x << ID_SHIFT)
-
 /*
  * This defines a quescent point (qp)
  * This is the barrier beyond which a writer
@@ -91,9 +79,15 @@ struct rcu_thr_data {
 struct rcu_lock_st {
     struct rcu_cb_item *cb_items;
     OSSL_LIB_CTX *ctx;
-    uint32_t id_ctr;
+
+    /* Array of quiescent points for synchronization */
     struct rcu_qp *qp_group;
-    size_t group_count;
+
+    /* rcu generation counter for in-order retirement */
+    uint32_t id_ctr;
+
+    /* Number of elements in qp_group array */
+    uint32_t group_count;
     uint32_t next_to_retire;
     volatile long int reader_idx;
     uint32_t current_alloc_idx;
@@ -106,7 +100,7 @@ struct rcu_lock_st {
 };
 
 static struct rcu_qp *allocate_new_qp_group(struct rcu_lock_st *lock,
-                                            int count)
+                                            uint32_t count)
 {
     struct rcu_qp *new =
         OPENSSL_zalloc(sizeof(*new) * count);
@@ -120,10 +114,10 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
     struct rcu_lock_st *new;
 
     /*
-     * We need a minimum of 3 qps
+     * We need a minimum of 2 qps
      */
-    if (num_writers < 3)
-        num_writers = 3;
+    if (num_writers < 2)
+        num_writers = 2;
 
     ctx = ossl_lib_ctx_get_concrete(ctx);
     if (ctx == NULL)
@@ -141,8 +135,6 @@ CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
     new->alloc_lock = ossl_crypto_mutex_new();
     new->prior_lock = ossl_crypto_mutex_new();
     new->qp_group = allocate_new_qp_group(new, num_writers);
-    /* By default the first qp is already alloced */
-    new->writers_alloced = 1;
     if (new->qp_group == NULL
         || new->alloc_signal == NULL
         || new->prior_signal == NULL
@@ -181,10 +173,10 @@ static ossl_inline struct rcu_qp *get_hold_current_qp(CRYPTO_RCU_LOCK *lock)
     /* get the current qp index */
     for (;;) {
         qp_idx = InterlockedOr(&lock->reader_idx, 0);
-        InterlockedAdd64(&lock->qp_group[qp_idx].users, VAL_READER);
+        InterlockedAdd64(&lock->qp_group[qp_idx].users, (LONG64)1);
         if (qp_idx == InterlockedOr(&lock->reader_idx, 0))
             break;
-        InterlockedAdd64(&lock->qp_group[qp_idx].users, -VAL_READER);
+        InterlockedAdd64(&lock->qp_group[qp_idx].users, (LONG64)-1);
     }
 
     return &lock->qp_group[qp_idx];
@@ -260,7 +252,7 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock)
         if (data->thread_qps[i].lock == lock) {
             data->thread_qps[i].depth--;
             if (data->thread_qps[i].depth == 0) {
-                ret = InterlockedAdd64(&data->thread_qps[i].qp->users, -VAL_READER);
+                ret = InterlockedAdd64(&data->thread_qps[i].qp->users, (LONG64)-1);
                 OPENSSL_assert(ret >= 0);
                 data->thread_qps[i].qp = NULL;
                 data->thread_qps[i].lock = NULL;
@@ -270,9 +262,8 @@ void ossl_rcu_read_unlock(CRYPTO_RCU_LOCK *lock)
     }
 }
 
-static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock)
+static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock, uint32_t *curr_id)
 {
-    uint64_t new_id;
     uint32_t current_idx;
     uint32_t tmp;
 
@@ -294,13 +285,9 @@ static struct rcu_qp *update_qp(CRYPTO_RCU_LOCK *lock)
         (lock->current_alloc_idx + 1) % lock->group_count;
 
     /* get and insert a new id */
-    new_id = lock->id_ctr;
+    *curr_id = lock->id_ctr;
     lock->id_ctr++;
 
-    new_id = VAL_ID(new_id);
-    InterlockedAnd64(&lock->qp_group[current_idx].users, ID_MASK);
-    InterlockedAdd64(&lock->qp_group[current_idx].users, new_id);
-
     /* update the reader index to be the prior qp */
     tmp = lock->current_alloc_idx;
     InterlockedExchange(&lock->reader_idx, tmp);
@@ -325,23 +312,27 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
 {
     struct rcu_qp *qp;
     uint64_t count;
+    uint32_t curr_id;
     struct rcu_cb_item *cb_items, *tmpcb;
 
     /* before we do anything else, lets grab the cb list */
-    cb_items = InterlockedExchangePointer((void * volatile *)&lock->cb_items, NULL);
-
-    qp = update_qp(lock);
+    ossl_crypto_mutex_lock(lock->write_lock);
+    cb_items = lock->cb_items;
+    lock->cb_items = NULL;
+    ossl_crypto_mutex_unlock(lock->write_lock);
 
-    /* wait for the reader count to reach zero */
-    do {
-        count = InterlockedOr64(&qp->users, 0);
-    } while (READER_COUNT(count) != 0);
+    qp = update_qp(lock, &curr_id);
 
     /* retire in order */
     ossl_crypto_mutex_lock(lock->prior_lock);
-    while (lock->next_to_retire != ID_VAL(count))
+    while (lock->next_to_retire != curr_id)
         ossl_crypto_condvar_wait(lock->prior_signal, lock->prior_lock);
 
+    /* wait for the reader count to reach zero */
+    do {
+        count = InterlockedOr64(&qp->users, 0);
+    } while (count != (uint64_t)0);
+
     lock->next_to_retire++;
     ossl_crypto_condvar_broadcast(lock->prior_signal);
     ossl_crypto_mutex_unlock(lock->prior_lock);
@@ -361,20 +352,22 @@ void ossl_synchronize_rcu(CRYPTO_RCU_LOCK *lock)
 
 }
 
+/*
+ * Note, must be called under the protection of ossl_rcu_write_lock
+ */
 int ossl_rcu_call(CRYPTO_RCU_LOCK *lock, rcu_cb_fn cb, void *data)
 {
     struct rcu_cb_item *new;
-    struct rcu_cb_item *prev;
 
     new = OPENSSL_zalloc(sizeof(struct rcu_cb_item));
     if (new == NULL)
         return 0;
-    prev = new;
     new->data = data;
     new->fn = cb;
 
-    InterlockedExchangePointer((void * volatile *)&lock->cb_items, prev);
-    new->next = prev;
+    new->next = lock->cb_items;
+    lock->cb_items = new;
+
     return 1;
 }
 

libs/openssl/crypto/ts/ts_rsp_sign.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -639,8 +639,12 @@ static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
     }
 
     OPENSSL_free(pp);
-    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@@ -662,8 +666,12 @@ static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
     }
 
     OPENSSL_free(pp);
-    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 static int ts_RESP_sign(TS_RESP_CTX *ctx)

libs/openssl/crypto/ui/ui_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -205,6 +205,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
                         char *result_buf, int minsize, int maxsize)
 {
     char *prompt_copy = NULL;
+    int ret;
 
     if (prompt != NULL) {
         prompt_copy = OPENSSL_strdup(prompt);
@@ -212,9 +213,13 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
             return 0;
     }
 
-    return general_allocate_string(ui, prompt_copy, 1,
-                                   UIT_PROMPT, flags, result_buf, minsize,
-                                   maxsize, NULL);
+    ret = general_allocate_string(ui, prompt_copy, 1,
+                                  UIT_PROMPT, flags, result_buf, minsize,
+                                  maxsize, NULL);
+    if (ret <= 0)
+        OPENSSL_free(prompt_copy);
+
+    return ret;
 }
 
 int UI_add_verify_string(UI *ui, const char *prompt, int flags,
@@ -231,6 +236,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
                          const char *test_buf)
 {
     char *prompt_copy = NULL;
+    int ret;
 
     if (prompt != NULL) {
         prompt_copy = OPENSSL_strdup(prompt);
@@ -238,9 +244,12 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
             return -1;
     }
 
-    return general_allocate_string(ui, prompt_copy, 1,
-                                   UIT_VERIFY, flags, result_buf, minsize,
-                                   maxsize, test_buf);
+    ret = general_allocate_string(ui, prompt_copy, 1,
+                                  UIT_VERIFY, flags, result_buf, minsize,
+                                  maxsize, test_buf);
+    if (ret <= 0)
+        OPENSSL_free(prompt_copy);
+    return ret;
 }
 
 int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
@@ -260,6 +269,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
     char *action_desc_copy = NULL;
     char *ok_chars_copy = NULL;
     char *cancel_chars_copy = NULL;
+    int ret;
 
     if (prompt != NULL) {
         prompt_copy = OPENSSL_strdup(prompt);
@@ -285,9 +295,14 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
             goto err;
     }
 
-    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
-                                    ok_chars_copy, cancel_chars_copy, 1,
-                                    UIT_BOOLEAN, flags, result_buf);
+    ret = general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                   ok_chars_copy, cancel_chars_copy, 1,
+                                   UIT_BOOLEAN, flags, result_buf);
+    if (ret <= 0)
+        goto err;
+
+    return ret;
+
  err:
     OPENSSL_free(prompt_copy);
     OPENSSL_free(action_desc_copy);
@@ -305,6 +320,7 @@ int UI_add_info_string(UI *ui, const char *text)
 int UI_dup_info_string(UI *ui, const char *text)
 {
     char *text_copy = NULL;
+    int ret;
 
     if (text != NULL) {
         text_copy = OPENSSL_strdup(text);
@@ -312,8 +328,11 @@ int UI_dup_info_string(UI *ui, const char *text)
             return -1;
     }
 
-    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
-                                   0, 0, NULL);
+    ret = general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                  0, 0, NULL);
+    if (ret <= 0)
+        OPENSSL_free(text_copy);
+    return ret;
 }
 
 int UI_add_error_string(UI *ui, const char *text)
@@ -325,14 +344,19 @@ int UI_add_error_string(UI *ui, const char *text)
 int UI_dup_error_string(UI *ui, const char *text)
 {
     char *text_copy = NULL;
+    int ret;
 
     if (text != NULL) {
         text_copy = OPENSSL_strdup(text);
         if (text_copy == NULL)
             return -1;
     }
-    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
-                                   0, 0, NULL);
+
+    ret = general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                  0, 0, NULL);
+    if (ret <= 0)
+        OPENSSL_free(text_copy);
+    return ret;
 }
 
 char *UI_construct_prompt(UI *ui, const char *phrase_desc,

libs/openssl/crypto/x509/by_store.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,23 +7,34 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/safestack.h>
 #include <openssl/store.h>
 #include "internal/cryptlib.h"
 #include "crypto/x509.h"
 #include "x509_local.h"
 
+typedef struct cached_store_st {
+    char *uri;
+    OSSL_LIB_CTX *libctx;
+    char *propq;
+    OSSL_STORE_CTX *ctx;
+} CACHED_STORE;
+
+DEFINE_STACK_OF(CACHED_STORE)
+
 /* Generic object loader, given expected type and criterion */
-static int cache_objects(X509_LOOKUP *lctx, const char *uri,
-                         const OSSL_STORE_SEARCH *criterion,
-                         int depth, OSSL_LIB_CTX *libctx, const char *propq)
+static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
+                         const OSSL_STORE_SEARCH *criterion, int depth)
 {
     int ok = 0;
-    OSSL_STORE_CTX *ctx = NULL;
+    OSSL_STORE_CTX *ctx = store->ctx;
     X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
 
-    if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
-                                  NULL, NULL)) == NULL)
+    if (ctx == NULL
+        && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
+                                     NULL, NULL, NULL, NULL, NULL)) == NULL)
         return 0;
+    store->ctx = ctx;
 
     /*
      * We try to set the criterion, but don't care if it was valid or not.
@@ -62,9 +73,15 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
              * This is an entry in the "directory" represented by the current
              * uri.  if |depth| allows, dive into it.
              */
-            if (depth > 0)
-                ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info),
-                                   criterion, depth - 1, libctx, propq);
+            if (depth > 0) {
+                CACHED_STORE substore;
+
+                substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
+                substore.libctx = store->libctx;
+                substore.propq = store->propq;
+                substore.ctx = NULL;
+                ok = cache_objects(lctx, &substore, criterion, depth - 1);
+            }
         } else {
             /*
              * We know that X509_STORE_add_{cert|crl} increments the object's
@@ -88,27 +105,38 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
             break;
     }
     OSSL_STORE_close(ctx);
+    store->ctx = NULL;
 
     return ok;
 }
 
 
-/* Because OPENSSL_free is a macro and for C type match */
-static void free_uri(OPENSSL_STRING data)
+static void free_store(CACHED_STORE *store)
 {
-    OPENSSL_free(data);
+    if (store != NULL) {
+        OSSL_STORE_close(store->ctx);
+        OPENSSL_free(store->uri);
+        OPENSSL_free(store->propq);
+        OPENSSL_free(store);
+    }
 }
 
 static void by_store_free(X509_LOOKUP *ctx)
 {
-    STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
-    sk_OPENSSL_STRING_pop_free(uris, free_uri);
+    STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+    sk_CACHED_STORE_pop_free(stores, free_store);
 }
 
 static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
                             long argl, char **retp, OSSL_LIB_CTX *libctx,
                             const char *propq)
 {
+    /*
+     * In some cases below, failing to use the defaults shouldn't result in
+     * an error.  |use_default| is used as the return code in those cases.
+     */
+    int use_default = argp == NULL;
+
     switch (cmd) {
     case X509_L_ADD_STORE:
         /* If no URI is given, use the default cert dir as default URI */
@@ -119,21 +147,50 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
             argp = X509_get_default_cert_dir();
 
         {
-            STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
-            char *data = OPENSSL_strdup(argp);
+            STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+            CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
 
-            if (data == NULL) {
+            if (store == NULL) {
                 return 0;
             }
-            if (uris == NULL) {
-                uris = sk_OPENSSL_STRING_new_null();
-                X509_LOOKUP_set_method_data(ctx, uris);
+
+            store->uri = OPENSSL_strdup(argp);
+            store->libctx = libctx;
+            if (propq != NULL)
+                store->propq = OPENSSL_strdup(propq);
+            store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
+                                           NULL, NULL, NULL);
+            if (store->ctx == NULL
+                || (propq != NULL && store->propq == NULL)
+                || store->uri == NULL) {
+                free_store(store);
+                return use_default;
+            }
+
+            if (stores == NULL) {
+                stores = sk_CACHED_STORE_new_null();
+                if (stores != NULL)
+                    X509_LOOKUP_set_method_data(ctx, stores);
             }
-            return sk_OPENSSL_STRING_push(uris, data) > 0;
+            if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) {
+                free_store(store);
+                return 0;
+            }
+            return 1;
         }
-    case X509_L_LOAD_STORE:
+    case X509_L_LOAD_STORE: {
         /* This is a shortcut for quick loading of specific containers */
-        return cache_objects(ctx, argp, NULL, 0, libctx, propq);
+        CACHED_STORE store;
+
+        store.uri = (char *)argp;
+        store.libctx = libctx;
+        store.propq = (char *)propq;
+        store.ctx = NULL;
+        return cache_objects(ctx, &store, NULL, 0);
+    }
+    default:
+        /* Unsupported command */
+        return 0;
     }
 
     return 0;
@@ -146,16 +203,15 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
 }
 
 static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
-                    OSSL_LIB_CTX *libctx, const char *propq)
+                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
 {
-    STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
+    STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
     int i;
     int ok = 0;
 
-    for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) {
-        ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion,
-                           1 /* depth */, libctx, propq);
+    for (i = 0; i < sk_CACHED_STORE_num(stores); i++) {
+        ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion,
+                           1 /* depth */);
 
         if (ok)
             break;
@@ -163,13 +219,12 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                               const X509_NAME *name, X509_OBJECT *ret,
-                               OSSL_LIB_CTX *libctx, const char *propq)
+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            const X509_NAME *name, X509_OBJECT *ret)
 {
     OSSL_STORE_SEARCH *criterion =
         OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
-    int ok = by_store(ctx, type, criterion, ret, libctx, propq);
+    int ok = by_store(ctx, type, criterion, ret);
     STACK_OF(X509_OBJECT) *store_objects =
         X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
     X509_OBJECT *tmp = NULL;
@@ -217,12 +272,6 @@ static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                            const X509_NAME *name, X509_OBJECT *ret)
-{
-    return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
-}
-
 /*
  * We lack the implementations for get_by_issuer_serial, get_by_fingerprint
  * and get_by_alias.  There's simply not enough support in the X509_LOOKUP
@@ -240,7 +289,7 @@ static X509_LOOKUP_METHOD x509_store_lookup = {
     NULL,                        /* get_by_issuer_serial */
     NULL,                        /* get_by_fingerprint */
     NULL,                        /* get_by_alias */
-    by_store_subject_ex,
+    NULL,                        /* get_by_subject_ex */
     by_store_ctrl_ex
 };
 

libs/openssl/crypto/x509/v3_cpols.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -195,6 +195,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                 goto err;
             }
             if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) {
+                POLICYQUALINFO_free(qual);
                 ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
                 goto err;
             }
@@ -232,6 +233,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
             if (pol->qualifiers == NULL)
                 pol->qualifiers = sk_POLICYQUALINFO_new_null();
             if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) {
+                POLICYQUALINFO_free(qual);
                 ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
                 goto err;
             }

libs/openssl/crypto/x509/v3_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -100,7 +100,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
     *tmpext = *ext;
     tmpext->ext_nid = nid_to;
     tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-    return X509V3_EXT_add(tmpext);
+    if (!X509V3_EXT_add(tmpext)) {
+        OPENSSL_free(tmpext);
+        return 0;
+    }
+    return 1;
 }
 
 void X509V3_EXT_cleanup(void)

libs/openssl/demos/bio/sconnect.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -68,8 +68,10 @@ int main(int argc, char *argv[])
 
     /* The BIO has parsed the host:port and even IPv6 literals in [] */
     hostname = BIO_get_conn_hostname(out);
-    if (!hostname || SSL_set1_host(ssl, hostname) <= 0)
+    if (!hostname || SSL_set1_host(ssl, hostname) <= 0) {
+        BIO_free(ssl_bio);
         goto err;
+    }
 
     BIO_set_nbio(out, 1);
     out = BIO_push(ssl_bio, out);

libs/openssl/demos/guide/tls-client-block.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *  Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  *  Licensed under the Apache License 2.0 (the "License").  You may not use
  *  this file except in compliance with the License.  You can obtain a copy
@@ -174,7 +174,7 @@ int main(int argc, char *argv[])
      */
     bio = create_socket_bio(hostname, port, ipv6 ? AF_INET6 : AF_INET);
     if (bio == NULL) {
-        printf("Failed to crete the BIO\n");
+        printf("Failed to create the BIO\n");
         goto end;
     }
     SSL_set_bio(ssl, bio, bio);

libs/openssl/demos/sslecho/A-SSL-Docs.txt

@@ -4,9 +4,9 @@ OpenSSL API Documentation: https://www.openssl.org/docs
 
 Github: https://github.com/openssl/openssl
 
-OpenSSL Wiki: https://wiki.openssl.org/index.php/Main_Page
+OpenSSL Wiki: https://github.com/openssl/openssl/wiki
 
-Original Simple Server: https://wiki.openssl.org/index.php/Simple_TLS_Server
+Original Simple Server: https://github.com/openssl/openssl/wiki/Simple_TLS_Server
 
 ---------------------------------------------------------------
 

libs/openssl/demos/sslecho/main.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *  Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  *  Licensed under the Apache License 2.0 (the "License").  You may not use
  *  this file except in compliance with the License.  You can obtain a copy
@@ -19,7 +19,7 @@
 
 static const int server_port = 4433;
 
-typedef unsigned char   bool;
+typedef unsigned char   flag;
 #define true            1
 #define false           0
 
@@ -27,9 +27,9 @@ typedef unsigned char   bool;
  * This flag won't be useful until both accept/read (TCP & SSL) methods
  * can be called with a timeout. TBD.
  */
-static volatile bool    server_running = true;
+static volatile flag server_running = true;
 
-int create_socket(bool isServer)
+int create_socket(flag isServer)
 {
     int s;
     int optval = 1;
@@ -67,7 +67,7 @@ int create_socket(bool isServer)
     return s;
 }
 
-SSL_CTX* create_context(bool isServer)
+SSL_CTX *create_context(flag isServer)
 {
     const SSL_METHOD *method;
     SSL_CTX *ctx;
@@ -130,7 +130,7 @@ void usage(void)
 
 int main(int argc, char **argv)
 {
-    bool isServer;
+    flag isServer;
     int result;
 
     SSL_CTX *ssl_ctx = NULL;
@@ -251,6 +251,11 @@ int main(int argc, char **argv)
                 SSL_shutdown(ssl);
                 SSL_free(ssl);
                 close(client_skt);
+                /*
+                 * Set client_skt to -1 to avoid double close when
+                 * server_running become false before next accept
+                 */
+                client_skt = -1;
             }
         }
         printf("Server exiting...\n");

libs/openssl/doc/README.md

@@ -6,10 +6,6 @@ README.md  This file
 [fingerprints.txt](fingerprints.txt)
         PGP fingerprints of authorised release signers
 
-standards.txt
-standards.txt
-        Moved to the web, <https://www.openssl.org/docs/standards.html>
-
 [HOWTO/](HOWTO/)
         A few how-to documents; not necessarily up-to-date
 
@@ -27,4 +23,4 @@ standards.txt
         Algorithm specific EVP_PKEY documentation.
 
 Formatted versions of the manpages (apps,ssl,crypto) can be found at
-        <https://www.openssl.org/docs/manpages.html>
+        <https://docs.openssl.org/master/>

libs/openssl/crypto/bn/README.pod → libs/openssl/doc/internal/man3/bn_mul_words.pod

@@ -8,7 +8,7 @@ bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
 bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
 bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
 bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
-bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+mul, mul_add, sqr - BIGNUM
 library internal functions
 
 =head1 SYNOPSIS
@@ -45,21 +45,18 @@ library internal functions
  void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
  void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
 
- void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
-
  BIGNUM *bn_expand(BIGNUM *a, int bits);
  BIGNUM *bn_wexpand(BIGNUM *a, int n);
  BIGNUM *bn_expand2(BIGNUM *a, int n);
  void bn_fix_top(BIGNUM *a);
 
+The following are macros:
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
  void bn_check_top(BIGNUM *a);
- void bn_print(BIGNUM *a);
- void bn_dump(BN_ULONG *d, int n);
- void bn_set_max(BIGNUM *a);
- void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
- void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
 
 =head1 DESCRIPTION
 
@@ -208,30 +205,23 @@ call bn_expand2(), which allocates a new B<d> array and copies the
 data.  They return B<NULL> on error, B<b> otherwise.
 
 The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
-significant non-zero word plus one when B<a> has shrunk.
+significant nonzero word plus one when B<a> has shrunk.
 
 =head2 Debugging
 
 bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
 E<lt>= (a)-E<gt>dmax)>.  A violation will cause the program to abort.
 
-bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
-(in reverse order, i.e. most significant word first) to stderr.
-
-bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
-This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
-B<BIGNUM> that contains the B<n> low or high words of B<a>.
-
-If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
-and bn_set_max() are defined as empty macros.
+If B<BN_DEBUG> is not defined, bn_check_top() is
+defined as an empty macro.
 
-=head1 SEE ALSO
+=head1 RETURN VALUES
 
-L<bn(3)>
+Described above.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man1/openssl-namedisplay-options.pod

@@ -18,8 +18,10 @@ displayed.
 This is specified by using the B<-nameopt> option, which takes a
 comma-separated list of options from the following set.
 An option may be preceded by a minus sign, C<->, to turn it off.
-The default value is C<utf8,sep_comma_plus_space>.
-The first four are the most commonly used.
+The first four option arguments are the most commonly used.
+
+The default value is
+C<esc_ctrl,utf8,dump_unknown,dump_der,sep_comma_plus_space,sname>.
 
 =head1 OPTIONS
 
@@ -169,7 +171,7 @@ name.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man1/openssl-s_client.pod.in

@@ -527,12 +527,12 @@ by some servers.
 =item B<-ign_eof>
 
 Inhibit shutting down the connection when end of file is reached in the
-input.
+input. This implicitly turns on B<-nocommands> as well.
 
 =item B<-quiet>
 
 Inhibit printing of session and certificate information.  This implicitly
-turns on B<-ign_eof> as well.
+turns on B<-ign_eof> and B<-nocommands> as well.
 
 =item B<-no_ign_eof>
 
@@ -1105,7 +1105,7 @@ options were added in OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/CMS_sign.pod

@@ -96,7 +96,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_CMS().
 
 If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
 
 If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
 output.
@@ -135,7 +135,7 @@ certificates in their I<certs> argument and no longer throw an error for them.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/DTLS_set_timer_cb.pod

@@ -20,6 +20,17 @@ This function sets an optional callback function for controlling the
 timeout interval on the DTLS protocol. The callback function will be
 called by DTLS for every new DTLS packet that is sent.
 
+The callback should return the timeout interval in micro seconds.
+
+The I<timer_us> parameter of the callback is the last set timeout
+interval returned. On the first invocation of the callback,
+this value will be 0.
+
+At the beginning of the connection, if no timeout callback has been
+set via DTLS_set_timer_cb(), the default timeout value is 1 second.
+For all subsequent timeouts, the default behavior is to double the
+duration up to a maximum of 1 minute.
+
 =head1 RETURN VALUES
 
 Returns void.
@@ -30,7 +41,7 @@ The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_PKEY_CTX_new.pod

@@ -49,8 +49,11 @@ used when no B<EVP_PKEY> structure is associated with the operations,
 for example during parameter generation or key generation for some
 algorithms.
 
-EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
-keygen operation.
+EVP_PKEY_CTX_dup() duplicates the context I<ctx>.
+It is not supported for a keygen operation.
+It is however possible to duplicate a context freshly created via any of the
+above C<new> functions, provided L<EVP_PKEY_keygen_init(3)> has not yet been
+called on the source context, and then use the copy for key generation.
 
 EVP_PKEY_CTX_free() frees up the context I<ctx>.
 If I<ctx> is NULL, nothing is done.
@@ -122,7 +125,7 @@ added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_RAND.pod

@@ -152,11 +152,8 @@ operating system.  If I<prediction_resistance> is specified, fresh entropy
 from a live source will be sought.  This call operates as per NIST SP 800-90A
 and SP 800-90C.
 
-EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
-bytes from the RAND I<ctx>. The function returns the length of the generated
-nonce. If I<out> is NULL, the length is still returned but no generation
-takes place. This allows a caller to dynamically allocate a buffer of the
-appropriate size.
+EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
+bytes from the RAND I<ctx>.
 
 EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
 its parents.  After this I<ctx> will operate in a thread safe manner, albeit
@@ -379,7 +376,7 @@ EVP_RAND_CTX_free() does not return a value.
 
 EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
 
-EVP_RAND_nonce() returns the length of the nonce.
+EVP_RAND_nonce() returns 1 on success, 0 on error.
 
 EVP_RAND_get_strength() returns the strength of the random number generator
 in bits.
@@ -411,7 +408,7 @@ The remaining functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_PARAM.pod

@@ -356,7 +356,7 @@ could fill in the parameters like this:
 
 =head1 SEE ALSO
 
-L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>
+L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>, L<OSSL_PARAM_construct_utf8_string(3)>
 
 =head1 HISTORY
 
@@ -364,7 +364,7 @@ B<OSSL_PARAM> was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_PARAM_int.pod

@@ -392,6 +392,29 @@ could fill in the parameters like this:
     if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL)
         OSSL_PARAM_set_utf8_ptr(p, "cookie value");
 
+=head2 Example 3
+
+This example shows a special case where
+I<-Wincompatible-pointer-types-discards-qualifiers> may be set during
+compilation. The value for I<buf> cannot be a I<const char *> type string. An
+alternative in this case would be to use B<OSSL_PARAM> macro abbreviated calls
+rather than the specific callers which allows you to define the sha1 argument
+as a standard character array (I<char[]>).
+
+For example, this code:
+
+    OSSL_PARAM params[2];
+    params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0);
+    params[1] = OSSL_PARAM_construct_end();
+
+Can be made compatible with the following version:
+
+    char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */
+    OSSL_PARAM params[2];
+
+    params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0);
+    params[1] = OSSL_PARAM_construct_end();
+
 =head1 SEE ALSO
 
 L<openssl-core.h(7)>, L<OSSL_PARAM(3)>
@@ -402,7 +425,7 @@ These APIs were introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/PKCS7_sign.pod

@@ -80,7 +80,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_PKCS7().
 
 If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
 
 The I<certs>, I<signcert> and I<pkey> parameters can all be
 NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
@@ -122,7 +122,7 @@ The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CONF_cmd.pod

@@ -74,7 +74,7 @@ B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
 
 =item B<-no_renegotiation>
 
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting
 B<SSL_OP_NO_RENEGOTIATION>.
 
 =item B<-no_resumption_on_reneg>
@@ -802,7 +802,7 @@ B<PreferNoDHEKEX> was added in OpenSSL 3.3.
 
 =head1 COPYRIGHT
 
-Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set1_curves.pod

@@ -121,7 +121,9 @@ TLS versions, when a session has been resumed, it always reflects the group
 used for key exchange during the initial handshake (otherwise it is from the
 current, non-resumption, connection).  This can be called by either client or
 server. If the NID for the shared group is unknown then the value is set to the
-bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group.
+bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. See also
+L<SSL_get0_group_name(3)> which returns the name of the negotiated group
+directly and is generally preferred over SSL_get_negotiated_group().
 
 All these functions are implemented as macros.
 
@@ -159,7 +161,8 @@ key exchange, or NID_undef if there was no negotiated group.
 =head1 SEE ALSO
 
 L<ssl(7)>,
-L<SSL_CTX_add_extra_chain_cert(3)>
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_get0_group_name(3)>
 
 =head1 HISTORY
 
@@ -176,7 +179,7 @@ supported groups as comparable in security.
 
 =head1 COPYRIGHT
 
-Copyright 2013-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod

@@ -31,9 +31,10 @@ L<SSL_CTX_set_options(3)> that also make it possible to disable
 specific protocol versions.
 Use these functions instead of disabling specific protocol versions.
 
-Setting the minimum or maximum version to 0, will enable protocol
+Setting the minimum or maximum version to 0 (default), will enable protocol
 versions down to the lowest version, or up to the highest version
-supported by the library, respectively.
+supported by the library, respectively. The supported versions might be
+controlled by system configuration.
 
 Getters return 0 in case B<ctx> or B<ssl> have been configured to
 automatically use the lowest or highest version supported by the library.
@@ -67,7 +68,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set_options.pod

@@ -285,7 +285,7 @@ Do not query the MTU. Only affects DTLS connections.
 
 =item SSL_OP_NO_RENEGOTIATION
 
-Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest
 messages, and ignore renegotiation requests via ClientHello.
 
 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
@@ -541,7 +541,7 @@ whether these macros are defined or not.
 
 =head1 COPYRIGHT
 
-Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_SESSION_get0_hostname.pod

@@ -24,10 +24,8 @@ SSL_SESSION_set1_alpn_selected
 =head1 DESCRIPTION
 
 SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
-client when the session was created if it was accepted by the server and TLSv1.2
-or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the
-SNI hostname is negotiated with each handshake including resumption handshakes
-and is therefore never associated with the session.
+client when the session was created if it was accepted by the server. Otherwise
+NULL is returned.
 
 The value returned is a pointer to memory maintained within B<s> and
 should not be free'd.
@@ -67,7 +65,7 @@ SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_get0_group_name.pod

@@ -22,18 +22,19 @@ the key agreement of the current TLS session establishment.
 If non-NULL, SSL_get0_group_name() returns the name of the group that was used for
 the key agreement of the current TLS session establishment.
 If SSL_get0_group_name() returns NULL, an error occurred; possibly no TLS session
-has been established.
+has been established. See also L<SSL_get_negotiated_group(3)>.
 
 Note that the return value is valid only during the lifetime of the
 SSL object I<ssl>.
 
 =head1 SEE ALSO
 
-L<ssl(7)>
+L<ssl(7)>,
+L<SSL_get_negotiated_group(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_key_update.pod

@@ -53,7 +53,9 @@ such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check
 will be performed to confirm that it is a suitable time to start a
 renegotiation. If so, then it will be initiated immediately. OpenSSL will not
 attempt to resume any session associated with the connection in the new
-handshake.
+handshake. Note that some servers will respond to reneogitation attempts with
+a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in
+this case.
 
 When called from the client side, SSL_renegotiate_abbreviated() works in the
 same was as SSL_renegotiate() except that OpenSSL will attempt to resume the
@@ -118,7 +120,7 @@ OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod

@@ -248,8 +248,8 @@ ored together.
 B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
 certificate. An error occurs if a suitable CRL cannot be found.
 
-B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
-chain.
+B<X509_V_FLAG_CRL_CHECK_ALL> expands CRL checking to the entire certificate
+chain if B<X509_V_FLAG_CRL_CHECK> has also been enabled, and is otherwise ignored.
 
 B<X509_V_FLAG_IGNORE_CRITICAL> disables critical extension checking. By default
 any unhandled critical extensions in certificates or (if checked) CRLs result
@@ -407,7 +407,7 @@ The documentation was changed to align with the implementation.
 
 =head1 COPYRIGHT
 
-Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod

@@ -489,6 +489,19 @@ want to operate in a FIPS approved manner.  The algorithms are:
 
 =back
 
+You can load the FIPS provider into multiple library contexts as any other
+provider. However the following restriction applies. The FIPS provider cannot
+be used by multiple copies of OpenSSL libcrypto in a single process.
+
+As the provider saves core callbacks to the libcrypto obtained in the
+OSSL_provider_init() call to global data it will fail if subsequent
+invocations of its OSSL_provider_init() function yield different addresses
+of these callbacks than in the initial call. This happens when different
+copies of libcrypto are present in the memory of the process and both try
+to load the same FIPS provider. A workaround is to have a different copy
+of the FIPS provider loaded for each of the libcrypto instances in the
+process.
+
 =head1 SEE ALSO
 
 L<openssl-fipsinstall(1)>,
@@ -507,7 +520,7 @@ This functionality was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/ossl-guide-introduction.pod

@@ -32,7 +32,7 @@ attempting to build OpenSSL from the source code.
 
 Some third parties also supply OpenSSL binaries (e.g. for Windows and some other
 platforms). The OpenSSL project maintains a list of these third parties at
-L<https://wiki.openssl.org/index.php/Binaries>.
+L<https://github.com/openssl/openssl/wiki/Binaries>.
 
 If you build and install OpenSSL from the source code then you should download
 the appropriate files for the version that you want to use from the link given
@@ -93,7 +93,7 @@ The pages in the guide are as follows:
 
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/ossl-guide-migration.pod

@@ -617,13 +617,13 @@ The code needs to be amended to look like this:
 Support for TLSv1.3 has been added.
 
 This has a number of implications for SSL/TLS applications. See the
-L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
+L<TLS1.3 page|https://github.com/openssl/openssl/wiki/TLS1.3> for further details.
 
 =back
 
 More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
 can be found on the
-L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
+L<OpenSSL 1.1.0 Changes page|https://github.com/openssl/openssl/wiki/OpenSSL_1.1.0_Changes>.
 
 =head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
 
@@ -2505,7 +2505,7 @@ The migration guide was created for OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/ossl-guide-tls-introduction.pod

@@ -74,7 +74,7 @@ TLSv1.2 is chosen.
 =head1 CERTIFICATES
 
 In order for a client to establish a connection to a server it must authenticate
-the identify of that server, i.e. it needs to confirm that the server is really
+the identity of that server, i.e. it needs to confirm that the server is really
 the server that it claims to be and not some imposter. In order to do this the
 server will send to the client a digital certificate (also commonly referred to
 as an X.509 certificate). The certificate contains various information about the
@@ -307,7 +307,7 @@ L<ossl-guide-quic-introduction(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-cipher.pod

@@ -103,8 +103,8 @@ A cipher algorithm implementation may not implement all of these functions.
 In order to be a consistent set of functions there must at least be a complete
 set of "encrypt" functions, or a complete set of "decrypt" functions, or a
 single "cipher" function.
-In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
-present.
+In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
+and OSSL_FUNC_cipher_freectx functions must be present.
 All other functions are optional.
 
 =head2 Context Management Functions
@@ -241,7 +241,7 @@ The provider CIPHER interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-decoder.pod

@@ -110,7 +110,9 @@ it decodes. For example, an implementation that decodes an RSA key
 should be named "RSA". Likewise, an implementation that decodes DER data
 from PEM input should be named "DER".
 
-Properties can be used to further specify details about an implementation:
+Properties, as defined in the L<OSSL_ALGORITHM(3)> array element of each
+decoder implementation, can be used to further specify details about an
+implementation:
 
 =over 4
 
@@ -302,7 +304,7 @@ The DECODER interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-encoder.pod

@@ -127,7 +127,9 @@ The name of an implementation should match the type of object it handles.
 For example, an implementation that encodes an RSA key should be named "RSA".
 Likewise, an implementation that further encodes DER should be named "DER".
 
-Properties can be used to further specify details about an implementation:
+Properties, as defined in the L<OSSL_ALGORITHM(3)> array element of each
+decoder implementation, can be used to further specify details about an
+implementation:
 
 =over 4
 
@@ -321,7 +323,7 @@ The ENCODER interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-keymgmt.pod

@@ -29,7 +29,7 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
  void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx);
 
  /* Key loading by object reference, also a constructor */
- void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz);
+ void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz);
 
  /* Key object information */
  int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);
@@ -468,7 +468,7 @@ were added with OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-signature.pod

@@ -284,7 +284,7 @@ should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
 the signature should be written to I<*siglen>.
 
 OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
-previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
+previously started through OSSL_FUNC_signature_digest_sign_init(). A previously
 initialised signature context is passed in the I<ctx> parameter. The data to be
 signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
 the signature should be written to the location pointed to by the I<sig>
@@ -294,7 +294,7 @@ length of the signature should be written to I<*siglen>.
 
 =head2 Digest Verify Functions
 
-OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
+OSSL_FUNC_signature_digest_verify_init() initialises a context for verifying given a
 provider side verification context in the I<ctx> parameter, and a pointer to a
 provider key object in the I<provkey> parameter.
 The I<params>, if not NULL, should be set on the context in a manner similar to
@@ -318,7 +318,7 @@ verification context is passed in the I<ctx> parameter. The signature to be
 verified is in I<sig> which is I<siglen> bytes long.
 
 OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
-previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
+previously started through OSSL_FUNC_signature_digest_verify_init(). A previously
 initialised verification context is passed in the I<ctx> parameter. The data to be
 verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
 verified is in I<sig> which is I<siglen> bytes long.
@@ -360,8 +360,13 @@ The length of the "digest-size" parameter should not exceed that of a B<size_t>.
 
 =item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
 
-Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
-signature algorithm and digest algorithm for the signature operation.
+Gets the DER-encoded AlgorithmIdentifier for the signature operation.
+This typically corresponds to the combination of a digest algorithm
+with a purely asymmetric signature algorithm, such as SHA256WithECDSA.
+
+The L<ASN1_item_sign_ctx(3)> relies on this operation and is used by
+many other functions signing ASN.1 structures such as X.509 certificates,
+certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages.
 
 =item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
 
@@ -375,6 +380,8 @@ Section 4 "Security Considerations".  The default value for
 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
 Generation".
 
+The FIPS provider does not support deterministic digital signature generation.
+
 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
 
 Sets a flag to modify the sign operation to return an error if the initial
@@ -433,7 +440,8 @@ All other functions should return 1 for success or 0 on error.
 
 =head1 SEE ALSO
 
-L<provider(7)>
+L<provider(7)>,
+L<ASN1_item_sign_ctx(3)>
 
 =head1 HISTORY
 
@@ -441,7 +449,7 @@ The provider SIGNATURE interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/fuzz/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,9 +78,13 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     resp = d2i_OCSP_RESPONSE(NULL, &p, len);
 
     store = X509_STORE_new();
+    if (store == NULL)
+        goto err;
     X509_STORE_add_cert(store, x509_2);
 
     param = X509_VERIFY_PARAM_new();
+    if (param == NULL)
+        goto err;
     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);
     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);

libs/openssl/include/internal/common.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -22,8 +22,8 @@
 #  define ossl_likely(x)     __builtin_expect(!!(x), 1)
 #  define ossl_unlikely(x)   __builtin_expect(!!(x), 0)
 # else
-#  define ossl_likely(x)     x
-#  define ossl_unlikely(x)   x
+#  define ossl_likely(x)     (x)
+#  define ossl_unlikely(x)   (x)
 # endif
 
 # if defined(__GNUC__) || defined(__clang__)

libs/openssl/include/internal/constant_time.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -296,6 +296,18 @@ static ossl_inline size_t value_barrier_s(size_t a)
     return r;
 }
 
+/* Convenience method for unsigned char. */
+static ossl_inline unsigned char value_barrier_8(unsigned char a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+    unsigned char r;
+    __asm__("" : "=r"(r) : "0"(a));
+#else
+    volatile unsigned char r = a;
+#endif
+    return r;
+}
+
 static ossl_inline unsigned int constant_time_select(unsigned int mask,
                                                      unsigned int a,
                                                      unsigned int b)
@@ -356,7 +368,7 @@ static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
 {
     uint32_t xor = *a ^ *b;
 
-    xor &= mask;
+    xor &= value_barrier_32(mask);
     *a ^= xor;
     *b ^= xor;
 }
@@ -376,7 +388,7 @@ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
 {
     uint64_t xor = *a ^ *b;
 
-    xor &= mask;
+    xor &= value_barrier_64(mask);
     *a ^= xor;
     *b ^= xor;
 }
@@ -403,7 +415,7 @@ static ossl_inline void constant_time_cond_swap_buff(unsigned char mask,
 
     for (i = 0; i < len; i++) {
         tmp = a[i] ^ b[i];
-        tmp &= mask;
+        tmp &= value_barrier_8(mask);
         a[i] ^= tmp;
         b[i] ^= tmp;
     }

libs/openssl/include/internal/e_os.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -126,17 +126,6 @@
 #    define EACCES   13
 #   endif
 #   include <string.h>
-#   ifdef _WIN64
-#    define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static __inline unsigned int _strlen31(const char *str)
-{
-    unsigned int len = 0;
-    while (*str && len < 0x80000000U)
-        str++, len++;
-    return len & 0x7FFFFFFF;
-}
-#   endif
 #   include <malloc.h>
 #   if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
 #    if _MSC_VER>=1300 && _MSC_VER<1600

libs/openssl/include/internal/json_enc.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -202,9 +202,6 @@ void ossl_json_u64(OSSL_JSON_ENC *json, uint64_t value);
 /* Encode a JSON integer from an int64_t. */
 void ossl_json_i64(OSSL_JSON_ENC *json, int64_t value);
 
-/* Encode a JSON number from a 64-bit floating point value. */
-void ossl_json_f64(OSSL_JSON_ENC *json, double value);
-
 /*
  * Encode a JSON UTF-8 string from a zero-terminated string. The string passed
  * can be freed immediately following the call to this function.

libs/openssl/providers/fips-sources.checksums

@@ -32,13 +32,13 @@ e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8  crypto/aes/asm
 270a0cd4c80a0cde53538009037916a330348addfdd87870d41ab40f9ddbc451  crypto/aes/asm/bsaes-armv8.pl
 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6  crypto/aes/asm/bsaes-x86_64.pl
 762cadf988080f45d1a2f1232058688ac3f5afe76767649d15513a7a5eedcf38  crypto/aes/asm/vpaes-armv8.pl
-14146589f53dc898fa86aeffd0e0ba36737b04da26ab0b14c1da09a28836c8f8  crypto/aes/asm/vpaes-loongarch64.pl
+7ec25456a8ad4127c3bec83550d8ec411a12b506dfcbd4f1dadac2c66e468c22  crypto/aes/asm/vpaes-loongarch64.pl
 c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4  crypto/aes/asm/vpaes-ppc.pl
 3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3  crypto/aes/asm/vpaes-x86.pl
 060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4  crypto/aes/asm/vpaes-x86_64.pl
 2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a  crypto/alphacpuid.pl
 269e52f8867c13ca75d2f88ec1f89b692cb8c6c3ee89abe2fd3c1821925191d8  crypto/arm64cpuid.pl
-4890754d4236be78327f99ab1244ce4593cd1e98750e4a35f8e9374809a1b65e  crypto/armcap.c
+4d4bd31b4c7510f06725d08a2faf5f824ee97da84d3cceda5baf275fce69cf1d  crypto/armcap.c
 d9f923daabe7537d1063b182f9f220655abd182ef4c55a0194a7ee8d6030b5bd  crypto/armv4cpuid.pl
 16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa  crypto/asn1_dsa.c
 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a  crypto/bn/asm/alpha-mont.pl
@@ -148,7 +148,7 @@ f261f9d4f83ecc51ab58de89083e9af4ba4a4c922ccd06b0d628f4b60fc104ec  crypto/dsa/dsa
 d270b56fd894090319c9491ef745c34bc43add82daecf742916c64a4e956c765  crypto/dsa/dsa_ossl.c
 3a38575de4b1409653f330f241848e6c7b554dec44c2415a5ae1baf90fb47ac0  crypto/dsa/dsa_sign.c
 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
-62fbc4465a5b37dc794bee277dd216d77917e715c2bb5d37a7e1735e80ad0f8d  crypto/ec/asm/ecp_nistp384-ppc64.pl
+5335741d0f6c1afac107c9ec66e6b5436bd2164535f114c23cdc2a199560c28a  crypto/ec/asm/ecp_nistp384-ppc64.pl
 d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a  crypto/ec/asm/ecp_nistp521-ppc64.pl
 78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1  crypto/ec/asm/ecp_nistz256-armv4.pl
 598da295053253578d5461892098b74ec9dcd02c1eb99d537e14e0c5e958c7b9  crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -181,7 +181,7 @@ a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149  crypto/ec/ec_a
 7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be  crypto/ec/ec_check.c
 c85f4885f2892dcf074451b137efe0828e486ff5ceadae1fac9b2543fa2114a1  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-148bac4974fb07a1a4a2e35769e900630f62c9af9b73ed205de8cd134a39c6b5  crypto/ec/ec_key.c
+c9f807c7882010188b8f9292eb6388974308366dffd72b576d5e28057248976b  crypto/ec/ec_key.c
 93f35d2e21d49bb6780d200fda8486edd4a7123956337ba535720bb547a47c4a  crypto/ec/ec_kmeth.c
 30ff1171e526facf09f3317ecf1597df633c22aa5c98690e3cd643e77693e269  crypto/ec/ec_lib.c
 eb2f08624819f5d5d865b954a1123a833bc18e9024980f5701125f230e6406b1  crypto/ec/ec_local.h
@@ -208,9 +208,9 @@ f686cea8c8a3259d95c1e6142813d9da47b6d624c62f26c7e4a16d5607cddb35  crypto/ec/ecds
 7267c75b7d96f7adb85b4b18734dd5d19e59c80b1f96b2e3e4ce112af7763c5b  crypto/evp/evp_fetch.c
 2712a8b23eecd5e65afe53cacc7db7e31e17307f450ad6e6ebe005884109767b  crypto/evp/evp_lib.c
 69801f82d74205bb61ffae86dd07c1308581c3b4d7801a29ea662f8d3b4923fe  crypto/evp/evp_local.h
-eaaf795148c5dd99c4194d076c029c843f3aee0c37afeb0dac43a86fd931ac68  crypto/evp/evp_rand.c
+603c97974acd94e66f9718d3d68ab5cd6e0093499feabb1f1417778d768b5d6e  crypto/evp/evp_rand.c
 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c  crypto/evp/evp_utils.c
-a9e940b29f3064e771eeafe9d4d0e6d1f7258cd61a57258faabdbe8121764986  crypto/evp/exchange.c
+239b21f64b5190e62d57b3a3b46c9f301e55dc7eae76406e59ab61ceb32c64f9  crypto/evp/exchange.c
 294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64  crypto/evp/kdf_lib.c
 9328c7ea06e0719aaff2d59c959d1b7907b9e6a337f784680e2e289e8c3e4328  crypto/evp/kdf_meth.c
 c67d90f42c4d2294ecd103bdb02296a13248ead4aebadc3aead0cb964e171d81  crypto/evp/kem.c
@@ -222,7 +222,7 @@ e67ff632bc7c6881375f7d86ba777e5cc866beeb719b245447f8cee4da7a1594  crypto/evp/key
 10bc9cad7a73fc0c3088863133fd0979587007661f2151cad22160e21b29c68b  crypto/evp/p_lib.c
 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622  crypto/evp/pmeth_check.c
 759573aea2a4cc7b6f763b440e6868bfcfcb7ca94d812fa61ab24a194be2cb36  crypto/evp/pmeth_gn.c
-7d9dfc974d15a2b7e2c1c6c54a594f0a14ccdfe5e2e1afe84a3a52130ac8097b  crypto/evp/pmeth_lib.c
+64ba71bcf2cae39aa662310bd51ea64a24ca49a62a68e52aa786283fed481327  crypto/evp/pmeth_lib.c
 b16d40bcc50a0f1d23747d48c486ed4d34f11a72ee8110034f22252fc797af3e  crypto/evp/signature.c
 64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d  crypto/ex_data.c
 d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c  crypto/ffc/ffc_backend.c
@@ -238,7 +238,7 @@ c9c635805b26d85e8c0c7720592fb04b674cde4339fcd94712a4403e8677cb41  crypto/ffc/ffc
 c685813be6ad35b0861ba888670ef54aa2b399d003472698e39426de6e52db59  crypto/initthread.c
 8727fbbb867fca990238ba37c17ae67e4b78a02769913425925ee841af5c0b07  crypto/lhash/lhash.c
 22261096a117533e78012f5f18586b6a81edb3e09ae8b206b5eb9a0a5c054adc  crypto/lhash/lhash_local.h
-6bd06fa046a739d7b6e95ad915a9ff6b8b4952e3215dd0fb454f0463709cc053  crypto/loongarch64cpuid.pl
+899ba6a9049a61d5b175637907f747f58863cd8950409cefac8fbc8f574f970c  crypto/loongarch64cpuid.pl
 460a7af09cde89a820b091522ada1310cfcec99c60aee505f94c48c35e9a29e8  crypto/loongarchcap.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf  crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
@@ -275,13 +275,13 @@ b0decda3aae1d3e07cf3cbe9153cdde9deafe65fae346cd208951b4d7dec512e  crypto/packet.
 05563d44cb345e7859093296f95a3ea5139fcc316e98fcb86c6748ee49363a84  crypto/param_build.c
 cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6  crypto/param_build_set.c
 f6c684b42fd1fade17c46599068a43701fe447c60d789908b3af3519c4fcf084  crypto/params.c
-bb7b79b5a070050f5e7dfc66b5635f0891bc278e3e24eec3583b769b33bef657  crypto/params_dup.c
+c0e0ba07ca5d4acfe450e4ae53a10ed254097ed2f537f01a4a43a9f5b5cab501  crypto/params_dup.c
 da23f7014a60e3e37640b9128d57d8350b17fa8cde77b6f14d0d4ca0dee2b437  crypto/params_from_text.c
 e3cc1fcbf42ed19a38fb0f84cb41795c94438768f36fda6f371d1f17d7b45740  crypto/params_idx.c
 c27b8c1659274be74e2d6e9fd76980df499d1331c0c2d51f41b3ad547ba88d59  crypto/ppccap.c
 46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8  crypto/ppccpuid.pl
 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7  crypto/property/defn_cache.c
-d48ce9b38720b4d0b118b83322c3344afd11a5ce6b31adf59c6584b5e02e3f6a  crypto/property/property.c
+4d4cb530114b4f9dac78a3f7b14196ac9fce17ef1071338ad8e03eccac0815da  crypto/property/property.c
 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26  crypto/property/property_local.h
 0a84d66734df7515a6de2b8da744a398f11b977f8479076090e67357fa0eb51d  crypto/property/property_parse.c
 a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3  crypto/property/property_query.c
@@ -377,9 +377,9 @@ e298c753be277ad9a2ac0132d9897cb4c85607dbb2d11cfefd0c98e0f6a723d9  crypto/thread/
 a00e16963e1e2a0126c6a8e62da8a14f98de9736027654c925925dadd0ca3cc1  crypto/thread/arch/thread_win.c
 27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c  crypto/thread/internal.c
 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a  crypto/threads_lib.c
-245ebf04d6814f020b2cf0922e1083704d736d4788998e2d17b0e26a8098a7bf  crypto/threads_none.c
-a24f71b40cc64a0f714c09169bad3eeda078ff7fd996b2a23ea37c412800361e  crypto/threads_pthread.c
-769bf599076f8c0a8432e2bbe269a1b33b998212405596eb464514181187fc4e  crypto/threads_win.c
+650c7831d98d221e407d196f2471ebe57e0416c8af21e0521ee5e3f90f108fbe  crypto/threads_none.c
+6e09bbea6c9cc5150dd728f0a6beaa2a889e4a4b802ab289a5c567ee36bd4717  crypto/threads_pthread.c
+afcb5a4171147ee9662cd039491a23c968f3a44c52142108ee302ae346fafdca  crypto/threads_win.c
 8b45f948303045d8f753858b1b892e3da13bebe1bdac500db91fbb54a0ac07da  crypto/time.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
 bbec287bb9bf35379885f8f8998b7fd9e8fc22efee9e1b299109af0f33a7ee16  crypto/x86cpuid.pl
@@ -410,8 +410,8 @@ cb59783c25ffecb35aaff5548f5d97a26ad463ae491eb3932adb512626f85681  include/crypto
 7676b02824b2d68df6bddeb251e9b8a8fa2e35a95dad9a7ebeca53f9ab8d2dad  include/crypto/sparse_array.h
 7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e  include/crypto/types.h
 27d13538d9303b1c2f0b2ce9b6d376097ce7661354fbefbde24b7ef07206ea45  include/internal/bio.h
-53ec45b4f165adf271b528fc08da0832e2f82d9e13a338cc3ad78e925147c7cc  include/internal/common.h
-8e984890c7c62cdd6356963f034831831f7167c65096cb4d23bc765d84d2c598  include/internal/constant_time.h
+0e7ab86e282f7c0dc1e3bdc29fae22d8c520d9185a884f71bf3624a19b74e227  include/internal/common.h
+c64d5338564a30577c86347d99763f1a3321ec12a65c7d61298ea78a3f136a83  include/internal/constant_time.h
 c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8  include/internal/core.h
 36e5c3ea8e285d0df80a136d26c05df0de521c017ba0e50873e3bcfdb612bd99  include/internal/cryptlib.h
 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63  include/internal/deprecated.h
@@ -419,7 +419,7 @@ dc5afb955d810feb5af9f8d25cd8a92118abef320fee95c07b04f301c4e0d96c  include/intern
 8059e715f981fbe02b5731610ed24bb6ae617a55e90b03f4260cbb6ccd71e8de  include/internal/deterministic_nonce.h
 fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b  include/internal/dso.h
 f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7  include/internal/dsoerr.h
-45036710f2499cdf6b786a9dce29dfe6d2ae06ea8e3d5cb2a782f64ed85d267e  include/internal/e_os.h
+99872c153ad1283a003e4a7f1acee61dddcb9c82876f32584abccb5d79cc7e9c  include/internal/e_os.h
 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef  include/internal/endian.h
 4838a68ff626825c261df6a1fd21e156e25d8365af45552f29054d7038a7db3d  include/internal/ffc.h
 55c4102496ed5ab16de11afe38c328a1396c3b6e2c7e44add4a38855103c19da  include/internal/namemap.h
@@ -595,7 +595,7 @@ bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/impl
 c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666  providers/implementations/ciphers/ciphercommon_local.h
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
 5f41dd1bf77bd08d287a875f9d6e5a423bf286524694ae7ee133cdd03ee763c0  providers/implementations/digests/sha2_prov.c
-9aea6dc6275fe3d7fd62bfcb0f0482ca1d1c5ab8347c4ea1e65ed0ffc3531707  providers/implementations/digests/sha3_prov.c
+185e904d4b3b88e6ef45c587bb0286425691a6e75f097a3cad651703d715cbaa  providers/implementations/digests/sha3_prov.c
 4b774bf9267ebe05bf90076bc18e19a21e03ee2716bdb8fc4e6458774e9a820c  providers/implementations/exchange/dh_exch.c
 b2d80c38dd62b46f2dd71e81a5684f54f43200d3ddbb86178081760ecc93525c  providers/implementations/exchange/ecdh_exch.c
 4994df237719649b086a032bd64c1cf38ceb4e67dd8ec98da20edf5bc3eadb0b  providers/implementations/exchange/ecx_exch.c
@@ -612,7 +612,7 @@ a6879c2e107597c49efa07fae48f0554ffbea9814c31d186bf0ce9f83e1ec9d2  providers/impl
 4014246d44fa3f34aad5372c75d3f7eea528f1cf1798e30d5627e7620a356631  providers/implementations/include/prov/macsignature.h
 27e57358e8ad201e382b50d5760f010badd9d6253deb34e6fb93a2af35450d9a  providers/implementations/include/prov/names.h
 b9f8781167f274ccd8b643b3bb6c4e1108fb27b2aae588518261af9415228dae  providers/implementations/include/prov/seeding.h
-c2dc086f1bef78ef68b950ac1181f8c1c5053d4093d04a775f5afb78f62fcf3a  providers/implementations/kdfs/hkdf.c
+456a461fd72d558f40c07f40c7c61b1d2924885f88118db02a77d1a6ca309678  providers/implementations/kdfs/hkdf.c
 ba0523cf3f664568f591c888a737a8ea008652e767d2239e998fdcfc7e3b99d4  providers/implementations/kdfs/kbkdf.c
 03b3dffd32a2b8f94e7d39b97f3d7b36f00cd0177ee5e7329a39aeca20ed4baf  providers/implementations/kdfs/pbkdf2.c
 c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c  providers/implementations/kdfs/pbkdf2.h
@@ -626,9 +626,9 @@ cad07d02f629f0b1440a3137191e84a254181e283bee1f4ea011697984cb3f64  providers/impl
 b7f3cc675889eb79bb39a2cfff56c156e189519540bde8fd043cff37eab0a883  providers/implementations/keymgmt/dsa_kmgmt.c
 3964a23ac071b0d6e54ea12c382e98abe1becfd9890194d94804715002b2b5b8  providers/implementations/keymgmt/ec_kmgmt.c
 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251  providers/implementations/keymgmt/ec_kmgmt_imexport.inc
-c4fc653dc2a17fce2bcf03342c9eb80109584fd47272dc25adb683dc69cd751b  providers/implementations/keymgmt/ecx_kmgmt.c
+dbe49421a3f1b509952c2bc9f697f985c1f3153ff52e559172f25e3939977c43  providers/implementations/keymgmt/ecx_kmgmt.c
 daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-17d6bc9f386f147765d9653639056dcb40e258239a5a9fdc4876a4f0a1d47c21  providers/implementations/keymgmt/mac_legacy_kmgmt.c
+d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 9034a66a4bae1a15e127a5eca94bcec2ecaa971b205e945fcf7fba6b6bb8e47d  providers/implementations/keymgmt/rsa_kmgmt.c
 f2fc18af21f11b0e0ff9895f8b438caab4808256eaa680728b5e50736cc2c4b1  providers/implementations/macs/cmac_prov.c
 f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da  providers/implementations/macs/gmac_prov.c
@@ -636,11 +636,11 @@ dece97b669da85cc9d867bfb7ffc227b7f48f36e198bd44e4b32c0cfc517d7fd  providers/impl
 16f3dc42faceb235d7c4a495b9be7e8476094482de6ff421ab514390898154fd  providers/implementations/macs/kmac_prov.c
 3034074f99b02db045f2ccecc8782322e876dad07a3c169bdb24168b6b1f8cbd  providers/implementations/rands/crngt.c
 fcf5c044bbb92de1119759ead558ada3dfdf75db4874bd3bd0db1b46cb931190  providers/implementations/rands/drbg.c
-4db4ec624c473960114966ca891a690481b029ed1a0b943458d7bfe7dff3fee5  providers/implementations/rands/drbg_ctr.c
+1a462931420e527f8a39abad871c410afdff1bbb159e6404ee93d47cac0bd2a9  providers/implementations/rands/drbg_ctr.c
 e5c6f3ce421dc0e80e3c68c908e9338d2f74dfa6a3d2ebe0662ce61a165b0fca  providers/implementations/rands/drbg_hash.c
 2f762a617c9abd6d9355f54b35c4fe07164f200fbf31956c03bd0849f3e90f9d  providers/implementations/rands/drbg_hmac.c
 3e8a26ae26aab0b8ff02a20af59e5c187403df9a12c5bb69d7492b0843dfe47c  providers/implementations/rands/drbg_local.h
-e5fb82137f8afea68a67c1ea2d652831207961c53f14ab33ac0d879c9d0e8448  providers/implementations/rands/test_rng.c
+a9b5f9a3512cd21ebfa098c0402c023cf8b44236188138811949f9ba7642a961  providers/implementations/rands/test_rng.c
 a9aa31d091df5b8f6710dd36761dfe7d32b6da1881f8581bed85ad4e171b0969  providers/implementations/signature/dsa_sig.c
 66486eb25c13b2e1f71d754043a2ee3fcdd722a55724d74498a632a6dc9f7c2b  providers/implementations/signature/ecdsa_sig.c
 26dbd28678268ea63819c58276f435bafce3562cf6dcffacd363afe451c0235c  providers/implementations/signature/eddsa_sig.c

libs/openssl/providers/fips.checksum

@@ -1 +1 @@
-10bb4e8298d03d3c3bbf6e6f66b86eedbee8f617b5f863c68a53d859ec466ddd  providers/fips-sources.checksums
+5e73e8e275999c9eeda9c0868336b9033660bc88ff15873a0f3fb2a4fd8156da  providers/fips-sources.checksums