OpenSSL 3.2.5

Source commit: 71d03c3afd88ceb93a34c0026d59b6b8c61d412f

libs/openssl/CHANGES.md

@@ -25,6 +25,22 @@ OpenSSL Releases
 OpenSSL 3.2
 -----------
 
+### Changes between 3.2.4 and 3.2.5 [1 Jul 2025]
+
+ * Aligned the behaviour of TLS and DTLS in the event of a no_renegotiation
+   alert being received. Older versions of OpenSSL failed with DTLS if a
+   no_renegotiation alert was received. All versions of OpenSSL do this for TLS.
+   From 3.2 a bug was exposed that meant that DTLS ignored no_rengotiation. We
+   have now restored the original behaviour and brought DTLS back into line with
+   TLS.
+
+   *Matt Caswell*
+
+ * When displaying distinguished names in the openssl application escape control
+   characters by default.
+
+   *Tomáš Mráz*
+
 ### Changes between 3.2.3 and 3.2.4 [11 Feb 2025]
 
  * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected.
@@ -3857,7 +3873,7 @@ OpenSSL 1.1.1
  * Support for TLSv1.3 added. Note that users upgrading from an earlier
    version of OpenSSL should review their configuration settings to ensure
    that they are still appropriate for TLSv1.3. For further information see:
-   <https://wiki.openssl.org/index.php/TLS1.3>
+   <https://github.com/openssl/openssl/wiki/TLS1.3>
 
    *Matt Caswell*
 
@@ -5145,7 +5161,7 @@ OpenSSL 1.1.0
 
  * The GOST engine was out of date and therefore it has been removed. An up
    to date GOST engine is now being maintained in an external repository.
-   See: <https://wiki.openssl.org/index.php/Binaries>. Libssl still retains
+   See: <https://github.com/openssl/openssl/wiki/Binaries>. Libssl still retains
    support for GOST ciphersuites (these are only activated if a GOST engine
    is present).
 
@@ -5924,6 +5940,11 @@ OpenSSL 1.1.0
 
    *Rob Percival <[email protected]>*
 
+ * SSLv3 is by default disabled at build-time. Builds that are not
+   configured with "enable-ssl3" will not support SSLv3.
+
+   *Kurt Roeckx*
+
 OpenSSL 1.0.2
 -------------
 

libs/openssl/Configure

@@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -162,6 +162,7 @@ my @gcc_devteam_warn = qw(
     -Wextra
     -Wno-unused-parameter
     -Wno-missing-field-initializers
+    -Wno-unterminated-string-initialization
     -Wswitch
     -Wsign-compare
     -Wshadow

libs/openssl/NEWS.md

@@ -20,6 +20,14 @@ OpenSSL Releases
 OpenSSL 3.2
 -----------
 
+### Major changes between OpenSSL 3.2.4 and OpenSSL 3.2.5 [1 Jul 2025]
+
+OpenSSL 3.2.5 is a bug fix release.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Miscellaneous minor bug fixes.
+
 ### Major changes between OpenSSL 3.2.3 and OpenSSL 3.2.4 [11 Feb 2025]
 
 OpenSSL 3.2.4 is a security patch release. The most severe CVE fixed in this
@@ -450,7 +458,7 @@ OpenSSL 1.1.1
     * Rewrite of the packet construction code for "safer" packet handling
     * Rewrite of the extension handling code
     For further important information, see the [TLS1.3 page](
-    https://wiki.openssl.org/index.php/TLS1.3) in the OpenSSL Wiki.
+    https://github.com/openssl/openssl/wiki/TLS1.3) in the OpenSSL Wiki.
 
   * Complete rewrite of the OpenSSL random number generator to introduce the
     following capabilities

libs/openssl/NOTES-WINDOWS.md

@@ -87,6 +87,11 @@ Quick start
        on the Universal CRT or
     - `perl Configure`              to let Configure figure out the platform
 
+    a. If you don't plan to develop OpenSSL yourself and don't need to rebuild,
+       in other words, if you always do a new build, turning off the build
+       dependency feature can speed up build times by up to 50%:
+       `perl Configure no-makedepend`
+
  6. `nmake`
 
  7. `nmake test`

libs/openssl/README-FIPS.md

@@ -34,7 +34,9 @@ Installing the FIPS provider
 In order to be FIPS compliant you must only use FIPS validated source code.
 Refer to <https://www.openssl.org/source/> for information related to
 which versions are FIPS validated. The instructions given below build OpenSSL
-just using the FIPS validated source code.
+just using the FIPS validated source code.  Any FIPS validated version may be
+used with any other openssl library.  Please see <https://www.openssl.org/source/>
+To determine which FIPS validated library version may be appropriate for you.
 
 If you want to use a validated FIPS provider, but also want to use the latest
 OpenSSL release to build everything else, then refer to the next section.
@@ -71,11 +73,11 @@ the installation by doing the following two things:
 
 - Runs the FIPS module self tests
 - Generates the so-called FIPS module configuration file containing information
-  about the module such as the module checksum (and for OpenSSL 3.0 the
+  about the module such as the module checksum (and for OpenSSL 3.1.2 the
   self test status).
 
 The FIPS module must have the self tests run, and the FIPS module config file
-output generated on every machine that it is to be used on. For OpenSSL 3.0,
+output generated on every machine that it is to be used on. For OpenSSL 3.1.2
 you must not copy the FIPS module config file output data from one machine to another.
 
 On Unix, the `openssl fipsinstall` command will be invoked as follows by default:
@@ -95,11 +97,11 @@ Download and build a validated FIPS provider
 --------------------------------------------
 
 Refer to <https://www.openssl.org/source/> for information related to
-which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
+which versions are FIPS validated. For this example we use OpenSSL 3.1.2.
 
-    $ wget https://www.openssl.org/source/openssl-3.0.0.tar.gz
-    $ tar -xf openssl-3.0.0.tar.gz
-    $ cd openssl-3.0.0
+    $ wget https://www.openssl.org/source/openssl-3.1.2.tar.gz
+    $ tar -xf openssl-3.1.2.tar.gz
+    $ cd openssl-3.1.2
     $ ./Configure enable-fips
     $ make
     $ cd ..
@@ -107,44 +109,45 @@ which versions are FIPS validated. For this example we use OpenSSL 3.0.0.
 Download and build the latest release of OpenSSL
 ------------------------------------------------
 
-We use OpenSSL 3.1.0 here, (but you could also use the latest 3.0.X)
+We use OpenSSL 3.5.0 here, (but you could also use the latest 3.5.X)
 
-    $ wget https://www.openssl.org/source/openssl-3.1.0.tar.gz
-    $ tar -xf openssl-3.1.0.tar.gz
-    $ cd openssl-3.1.0
+    $ wget https://www.openssl.org/source/openssl-3.5.0.tar.gz
+    $ tar -xf openssl-3.5.0.tar.gz
+    $ cd openssl-3.5.0
     $ ./Configure enable-fips
     $ make
 
 Use the OpenSSL FIPS provider for testing
 -----------------------------------------
 
-We do this by replacing the artifact for the OpenSSL 3.1.0 FIPS provider.
-Note that the OpenSSL 3.1.0 FIPS provider has not been validated
+We do this by replacing the artifact for the OpenSSL 3.5.0 FIPS provider.
+Note that the OpenSSL 3.5.0 FIPS provider has not been validated
 so it must not be used for FIPS purposes.
 
-    $ cp ../openssl-3.0.0/providers/fips.so providers/.
-    $ cp ../openssl-3.0.0/providers/fipsmodule.cnf providers/.
-    // Note that for OpenSSL 3.0 that the `fipsmodule.cnf` file should not
+    $ cp ../openssl-3.1.2/providers/fips.so providers/.
+    $ cp ../openssl-3.1.2/providers/fipsmodule.cnf providers/.
+    // Note that for OpenSSL 3.1.2 that the `fipsmodule.cnf` file should not
     // be copied across multiple machines if it contains an entry for
     // `install-status`. (Otherwise the self tests would be skipped).
 
     // Validate the output of the following to make sure we are using the
-    // OpenSSL 3.0.0 FIPS provider
+    // OpenSSL 3.1.2 FIPS provider
     $ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
     -provider fips -providers
 
-    // Now run the current tests using the OpenSSL 3.0 FIPS provider.
+    // Now run the current tests using the OpenSSL 3.1.2 FIPS provider.
     $ make tests
 
 Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
 -------------------------------------------------------------------------------------
 
-    $ cd ../openssl-3.0.0
+    $ cd ../openssl-3.1.2
     $ sudo make install_fips
 
 Check that the correct FIPS provider is being used
 --------------------------------------------------
 
+    $ cd ../openssl-3.5.0
     $./util/wrap.pl -fips apps/openssl list -provider-path providers \
     -provider fips -providers
 
@@ -152,11 +155,11 @@ Check that the correct FIPS provider is being used
     Providers:
       base
         name: OpenSSL Base Provider
-        version: 3.1.0
+        version: 3.5.0
         status: active
       fips
         name: OpenSSL FIPS Provider
-        version: 3.0.0
+        version: 3.1.2
         status: active
 
 Using the FIPS Module in applications

libs/openssl/README.md

@@ -161,8 +161,7 @@ There are numerous source code demos for using various OpenSSL capabilities in t
 Wiki
 ----
 
-There is a Wiki at [wiki.openssl.org] which is currently not very active.
-It contains a lot of useful information, not all of which is up-to-date.
+There is a [GitHub Wiki] which is currently not very active.
 
 License
 =======
@@ -211,8 +210,8 @@ All rights reserved.
     <https://github.com/openssl/openssl>
     "OpenSSL GitHub Mirror"
 
-[wiki.openssl.org]:
-    <https://wiki.openssl.org>
+[GitHub Wiki]:
+    <https://github.com/openssl/openssl/wiki>
     "OpenSSL Wiki"
 
 [ossl-guide-migration(7ossl)]:
@@ -229,7 +228,7 @@ All rights reserved.
      <https://tools.ietf.org/html/rfc9000>
 
 [Binaries]:
-    <https://wiki.openssl.org/index.php/Binaries>
+    <https://github.com/openssl/openssl/wiki/Binaries>
     "List of third party OpenSSL binaries"
 
 [OpenSSL Guide]:

libs/openssl/VERSION.dat

@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=2
-PATCH=4
+PATCH=5
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="11 Feb 2025"
+RELEASE_DATE="1 Jul 2025"
 SHLIB_VERSION=3

libs/openssl/apps/CA.pl.in

@@ -1,5 +1,5 @@
 #!{- $config{HASHBANGPERL} -}
-# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -19,14 +19,17 @@ my @OPENSSL_CMDS = ("req", "ca", "pkcs12", "x509", "verify");
 
 my $openssl = $ENV{'OPENSSL'} // "openssl";
 $ENV{'OPENSSL'} = $openssl;
+my @openssl = split_val($openssl);
+
 my $OPENSSL_CONFIG = $ENV{"OPENSSL_CONFIG"} // "";
+my @OPENSSL_CONFIG = split_val($OPENSSL_CONFIG);
 
 # Command invocations.
-my $REQ = "$openssl req $OPENSSL_CONFIG";
-my $CA = "$openssl ca $OPENSSL_CONFIG";
-my $VERIFY = "$openssl verify";
-my $X509 = "$openssl x509";
-my $PKCS12 = "$openssl pkcs12";
+my @REQ = (@openssl, "req", @OPENSSL_CONFIG);
+my @CA = (@openssl, "ca", @OPENSSL_CONFIG);
+my @VERIFY = (@openssl, "verify");
+my @X509 = (@openssl, "x509");
+my @PKCS12 = (@openssl, "pkcs12");
 
 # Default values for various configuration settings.
 my $CATOP = "./demoCA";
@@ -34,10 +37,10 @@ my $CAKEY = "cakey.pem";
 my $CAREQ = "careq.pem";
 my $CACERT = "cacert.pem";
 my $CACRL = "crl.pem";
-my $DAYS = "-days 365";
-my $CADAYS = "-days 1095";	# 3 years
-my $EXTENSIONS = "-extensions v3_ca";
-my $POLICY = "-policy policy_anything";
+my @DAYS = qw(-days 365);
+my @CADAYS = qw(-days 1095);	# 3 years
+my @EXTENSIONS = qw(-extensions v3_ca);
+my @POLICY = qw(-policy policy_anything);
 my $NEWKEY = "newkey.pem";
 my $NEWREQ = "newreq.pem";
 my $NEWCERT = "newcert.pem";
@@ -45,31 +48,177 @@ my $NEWP12 = "newcert.p12";
 
 # Commandline parsing
 my %EXTRA;
-my $WHAT = shift @ARGV || "";
+my $WHAT = shift @ARGV // "";
 @ARGV = parse_extra(@ARGV);
 my $RET = 0;
 
+sub split_val {
+    return split_val_win32(@_) if ($^O eq 'MSWin32');
+    my ($val) = @_;
+    my (@ret, @frag);
+
+    # Skip leading whitespace
+    $val =~ m{\A[ \t]*}ogc;
+
+    # Unix shell-compatible split
+    #
+    # Handles backslash escapes outside quotes and
+    # in double-quoted strings.  Parameter and
+    # command-substitution is silently ignored.
+    # Bare newlines outside quotes and (trailing) backslashes are disallowed.
+
+    while (1) {
+        last if (pos($val) == length($val));
+
+        # The first char is never a SPACE or TAB.  Possible matches are:
+        # 1. Ordinary string fragment
+        # 2. Single-quoted string
+        # 3. Double-quoted string
+        # 4. Backslash escape
+        # 5. Bare backlash or newline (rejected)
+        #
+        if ($val =~ m{\G([^'" \t\n\\]+)}ogc) {
+            # Ordinary string
+            push @frag, $1;
+        } elsif ($val =~ m{\G'([^']*)'}ogc) {
+            # Single-quoted string
+            push @frag, $1;
+        } elsif ($val =~ m{\G"}ogc) {
+            # Double-quoted string
+            push @frag, "";
+            while (1) {
+                last if ($val =~ m{\G"}ogc);
+                if ($val =~ m{\G([^"\\]+)}ogcs) {
+                    # literals
+                    push @frag, $1;
+                } elsif ($val =~ m{\G.(["\`\$\\])}ogc) {
+                    # backslash-escaped special
+                    push @frag, $1;
+                } elsif ($val =~ m{\G.(.)}ogcs) {
+                    # backslashed non-special
+                    push @frag, "\\$1" unless $1 eq "\n";
+                } else {
+                    die sprintf("Malformed quoted string: %s\n", $val);
+                }
+            }
+        } elsif ($val =~ m{\G\\(.)}ogc) {
+            # Backslash is unconditional escape outside quoted strings
+            push @frag, $1 unless $1 eq "\n";
+        } else {
+            die sprintf("Bare backslash or newline in: '%s'\n", $val);
+        }
+        # Done if at SPACE, TAB or end, otherwise continue current fragment
+        #
+        next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+        push @ret, join("", splice(@frag)) if (@frag > 0);
+    }
+    # Handle final fragment
+    push @ret, join("", splice(@frag)) if (@frag > 0);
+    return @ret;
+}
+
+sub split_val_win32 {
+    my ($val) = @_;
+    my (@ret, @frag);
+
+    # Skip leading whitespace
+    $val =~ m{\A[ \t]*}ogc;
+
+    # Windows-compatible split
+    # See: "Parsing C++ command-line arguments" in:
+    # https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170
+    #
+    # Backslashes are special only when followed by a double-quote
+    # Pairs of double-quotes make a single double-quote.
+    # Closing double-quotes may be omitted.
+
+    while (1) {
+        last if (pos($val) == length($val));
+
+        # The first char is never a SPACE or TAB.
+        # 1. Ordinary string fragment
+        # 2. Double-quoted string
+        # 3. Backslashes preceding a double-quote
+        # 4. Literal backslashes
+        # 5. Bare newline (rejected)
+        #
+        if ($val =~ m{\G([^" \t\n\\]+)}ogc) {
+            # Ordinary string
+            push @frag, $1;
+        } elsif ($val =~ m{\G"}ogc) {
+            # Double-quoted string
+            push @frag, "";
+            while (1) {
+                if ($val =~ m{\G("+)}ogc) {
+                    # Two double-quotes make one literal double-quote
+                    my $l = length($1);
+                    push @frag, q{"} x int($l/2) if ($l > 1);
+                    next if ($l % 2 == 0);
+                    last;
+                }
+                if ($val =~ m{\G([^"\\]+)}ogc) {
+                    push @frag, $1;
+                } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+                    # Backslashes before a double-quote are escapes
+                    my $l = length($1);
+                    push @frag, q{\\} x int($l / 2);
+                    if ($l % 2 == 1) {
+                        ++pos($val);
+                        push @frag, q{"};
+                    }
+                } elsif ($val =~ m{\G((?:(?>[\\]+)[^"\\]+)+)}ogc) {
+                    # Backslashes not before a double-quote are not special
+                    push @frag, $1;
+                } else {
+                    # Tolerate missing closing double-quote
+                    last;
+                }
+            }
+        } elsif ($val =~ m{\G((?>[\\]+))(?=")}ogc) {
+            my $l = length($1);
+            push @frag, q{\\} x int($l / 2);
+            if ($l % 2 == 1) {
+                ++pos($val);
+                push @frag, q{"};
+            }
+        } elsif ($val =~ m{\G([\\]+)}ogc) {
+            # Backslashes not before a double-quote are not special
+            push @frag, $1;
+        } else {
+            die sprintf("Bare newline in: '%s'\n", $val);
+        }
+        # Done if at SPACE, TAB or end, otherwise continue current fragment
+        #
+        next unless ($val =~ m{\G(?:[ \t]+|\z)}ogcs);
+        push @ret, join("", splice(@frag)) if (@frag > 0);
+    }
+    # Handle final fragment
+    push @ret, join("", splice(@frag)) if (@frag);
+    return @ret;
+}
+
 # Split out "-extra-CMD value", and return new |@ARGV|. Fill in
 # |EXTRA{CMD}| with list of values.
 sub parse_extra
 {
+    my @args;
     foreach ( @OPENSSL_CMDS ) {
-        $EXTRA{$_} = '';
+        $EXTRA{$_} = [];
     }
-
-    my @result;
-    while ( scalar(@_) > 0 ) {
-        my $arg = shift;
-        if ( $arg !~ m/-extra-([a-z0-9]+)/ ) {
-            push @result, $arg;
+    while (@_) {
+        my $arg = shift(@_);
+        if ( $arg !~ m{^-extra-(\w+)$} ) {
+            push @args, split_val($arg);
             next;
         }
-        $arg =~ s/-extra-//;
-        die("Unknown \"-${arg}-extra\" option, exiting")
-            unless scalar grep { $arg eq $_ } @OPENSSL_CMDS;
-        $EXTRA{$arg} .= " " . shift;
+        $arg = $1;
+        die "Unknown \"-extra-${arg}\" option, exiting\n"
+            unless grep { $arg eq $_ } @OPENSSL_CMDS;
+        die "Missing \"-extra-${arg}\" option value, exiting\n"
+            unless (@_ > 0);
+        push @{$EXTRA{$arg}}, split_val(shift(@_));
     }
-    return @result;
+    return @args;
 }
 
 
@@ -112,9 +261,9 @@ sub copy_pemfile
 # Wrapper around system; useful for debugging.  Returns just the exit status
 sub run
 {
-    my $cmd = shift;
-    print "====\n$cmd\n" if $verbose;
-    my $status = system($cmd);
+    my ($cmd, @args) = @_;
+    print "====\n$cmd @args\n" if $verbose;
+    my $status = system {$cmd} $cmd, @args;
     print "==> $status\n====\n" if $verbose;
     return $status >> 8;
 }
@@ -133,17 +282,15 @@ EOF
 
 if ($WHAT eq '-newcert' ) {
     # create a certificate
-    $RET = run("$REQ -new -x509 -keyout $NEWKEY -out $NEWCERT $DAYS"
-            . " $EXTRA{req}");
+    $RET = run(@REQ, qw(-new -x509 -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
     print "Cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
 } elsif ($WHAT eq '-precert' ) {
     # create a pre-certificate
-    $RET = run("$REQ -x509 -precert -keyout $NEWKEY -out $NEWCERT $DAYS"
-            . " $EXTRA{req}");
+    $RET = run(@REQ, qw(-x509 -precert -keyout), $NEWKEY, "-out", $NEWCERT, @DAYS, @{$EXTRA{req}});
     print "Pre-cert is in $NEWCERT, private key is in $NEWKEY\n" if $RET == 0;
 } elsif ($WHAT =~ /^\-newreq(\-nodes)?$/ ) {
     # create a certificate request
-    $RET = run("$REQ -new $1 -keyout $NEWKEY -out $NEWREQ $DAYS $EXTRA{req}");
+    $RET = run(@REQ, "-new", (defined $1 ? ($1,) : ()), "-keyout", $NEWKEY, "-out", $NEWREQ, @{$EXTRA{req}});
     print "Request is in $NEWREQ, private key is in $NEWKEY\n" if $RET == 0;
 } elsif ($WHAT eq '-newca' ) {
     # create the directory hierarchy
@@ -176,48 +323,45 @@ if ($WHAT eq '-newcert' ) {
         copy_pemfile($FILE,"${CATOP}/$CACERT", "CERTIFICATE");
     } else {
         print "Making CA certificate ...\n";
-        $RET = run("$REQ -new -keyout ${CATOP}/private/$CAKEY"
-                . " -out ${CATOP}/$CAREQ $EXTRA{req}");
-        $RET = run("$CA -create_serial"
-                . " -out ${CATOP}/$CACERT $CADAYS -batch"
-                . " -keyfile ${CATOP}/private/$CAKEY -selfsign"
-                . " $EXTENSIONS"
-                . " -infiles ${CATOP}/$CAREQ $EXTRA{ca}") if $RET == 0;
+        $RET = run(@REQ, qw(-new -keyout), "${CATOP}/private/$CAKEY",
+                   "-out", "${CATOP}/$CAREQ", @{$EXTRA{req}});
+        $RET = run(@CA, qw(-create_serial -out), "${CATOP}/$CACERT", @CADAYS,
+                   qw(-batch -keyfile), "${CATOP}/private/$CAKEY", "-selfsign",
+                   @EXTENSIONS, "-infiles", "${CATOP}/$CAREQ", @{$EXTRA{ca}})
+            if $RET == 0;
         print "CA certificate is in ${CATOP}/$CACERT\n" if $RET == 0;
     }
 } elsif ($WHAT eq '-pkcs12' ) {
     my $cname = $ARGV[0];
     $cname = "My Certificate" unless defined $cname;
-    $RET = run("$PKCS12 -in $NEWCERT -inkey $NEWKEY"
-            . " -certfile ${CATOP}/$CACERT -out $NEWP12"
-            . " -export -name \"$cname\" $EXTRA{pkcs12}");
-    print "PKCS #12 file is in $NEWP12\n" if $RET == 0;
+    $RET = run(@PKCS12, "-in", $NEWCERT, "-inkey", $NEWKEY,
+               "-certfile", "${CATOP}/$CACERT", "-out", $NEWP12,
+               qw(-export -name), $cname, @{$EXTRA{pkcs12}});
+    print "PKCS#12 file is in $NEWP12\n" if $RET == 0;
 } elsif ($WHAT eq '-xsign' ) {
-    $RET = run("$CA $POLICY -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run(@CA, @POLICY, "-infiles", $NEWREQ, @{$EXTRA{ca}});
 } elsif ($WHAT eq '-sign' ) {
-    $RET = run("$CA $POLICY -out $NEWCERT"
-            . " -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+               "-infiles", $NEWREQ, @{$EXTRA{ca}});
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signCA' ) {
-    $RET = run("$CA $POLICY -out $NEWCERT"
-            . " $EXTENSIONS -infiles $NEWREQ $EXTRA{ca}");
+    $RET = run(@CA, @POLICY, "-out", $NEWCERT, @EXTENSIONS,
+               "-infiles", $NEWREQ, @{$EXTRA{ca}});
     print "Signed CA certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-signcert' ) {
-    $RET = run("$X509 -x509toreq -in $NEWREQ -signkey $NEWREQ"
-            . " -out tmp.pem $EXTRA{x509}");
-    $RET = run("$CA $POLICY -out $NEWCERT"
-            .  "-infiles tmp.pem $EXTRA{ca}") if $RET == 0;
+    $RET = run(@X509, qw(-x509toreq -in), $NEWREQ, "-signkey", $NEWREQ,
+               qw(-out tmp.pem), @{$EXTRA{x509}});
+    $RET = run(@CA, @POLICY, "-out", $NEWCERT,
+               qw(-infiles tmp.pem), @{$EXTRA{ca}}) if $RET == 0;
     print "Signed certificate is in $NEWCERT\n" if $RET == 0;
 } elsif ($WHAT eq '-verify' ) {
     my @files = @ARGV ? @ARGV : ( $NEWCERT );
     foreach my $file (@files) {
-        # -CAfile quoted for VMS, since the C RTL downcases all unquoted
-        # arguments to C programs
-        my $status = run("$VERIFY \"-CAfile\" ${CATOP}/$CACERT $file $EXTRA{verify}");
+        my $status = run(@VERIFY, "-CAfile", "${CATOP}/$CACERT", $file, @{$EXTRA{verify}});
         $RET = $status if $status != 0;
     }
 } elsif ($WHAT eq '-crl' ) {
-    $RET = run("$CA -gencrl -out ${CATOP}/crl/$CACRL $EXTRA{ca}");
+    $RET = run(@CA, qw(-gencrl -out), "${CATOP}/crl/$CACRL", @{$EXTRA{ca}});
     print "Generated CRL is in ${CATOP}/crl/$CACRL\n" if $RET == 0;
 } elsif ($WHAT eq '-revoke' ) {
     my $cname = $ARGV[0];
@@ -225,10 +369,10 @@ if ($WHAT eq '-newcert' ) {
         print "Certificate filename is required; reason optional.\n";
         exit 1;
     }
-    my $reason = $ARGV[1];
-    $reason = " -crl_reason $reason"
-        if defined $reason && crl_reason_ok($reason);
-    $RET = run("$CA -revoke \"$cname\"" . $reason . $EXTRA{ca});
+    my @reason;
+    @reason = ("-crl_reason", $ARGV[1])
+        if defined $ARGV[1] && crl_reason_ok($ARGV[1]);
+    $RET = run(@CA, "-revoke", $cname, @reason, @{$EXTRA{ca}});
 } else {
     print STDERR "Unknown arg \"$WHAT\"\n";
     print STDERR "Use -help for help.\n";

libs/openssl/apps/cmp.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -887,7 +887,7 @@ static int set_name(const char *str,
                     OSSL_CMP_CTX *ctx, const char *desc)
 {
     if (str != NULL) {
-        X509_NAME *n = parse_name(str, MBSTRING_ASC, 1, desc);
+        X509_NAME *n = parse_name(str, MBSTRING_UTF8, 1, desc);
 
         if (n == NULL)
             return 0;

libs/openssl/apps/cms.c

@@ -1010,7 +1010,7 @@ int cms_main(int argc, char **argv)
                 goto end;
 
             pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-            if (kparam != NULL) {
+            if (pctx != NULL && kparam != NULL) {
                 if (!cms_set_pkey_param(pctx, kparam->param))
                     goto end;
             }

libs/openssl/apps/lib/apps.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -189,7 +189,11 @@ int set_nameopt(const char *arg)
 unsigned long get_nameopt(void)
 {
     return
-        nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT;
+        nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN
+                              | ASN1_STRFLGS_ESC_CTRL
+                              | ASN1_STRFLGS_UTF8_CONVERT
+                              | ASN1_STRFLGS_DUMP_UNKNOWN
+                              | ASN1_STRFLGS_DUMP_DER;
 }
 
 void dump_cert_text(BIO *out, X509 *x)
@@ -1718,6 +1722,9 @@ CA_DB *load_index(const char *dbfile, DB_ATTR *db_attr)
     }
 
     retdb->dbfname = OPENSSL_strdup(dbfile);
+    if (retdb->dbfname == NULL)
+        goto err;
+
 #ifndef OPENSSL_NO_POSIX_IO
     retdb->dbst = dbst;
 #endif

libs/openssl/apps/lib/http_server.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -200,7 +200,7 @@ BIO *http_server_init(const char *prog, const char *port, int verb)
     int port_num;
     char name[40];
 
-    snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */
+    BIO_snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */
     if (verb >= 0 && !log_set_verbosity(prog, verb))
         return NULL;
     bufbio = BIO_new(BIO_f_buffer());

libs/openssl/apps/lib/s_socket.c

@@ -178,8 +178,16 @@ int init_client(int *sock, const char *host, const char *port,
         }
 
         /* Save the address */
-        if (tfo || !doconn)
+        if (tfo || !doconn) {
+            if (ba_ret == NULL) {
+                BIO_printf(bio_err, "Internal error\n");
+                BIO_closesocket(*sock);
+                *sock = INVALID_SOCKET;
+                goto out;
+            }
+
             *ba_ret = BIO_ADDR_dup(BIO_ADDRINFO_address(ai));
+        }
 
         /* Success, don't try any more addresses */
         break;

libs/openssl/apps/ocsp.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1055,6 +1055,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
     }
 
     bs = OCSP_BASICRESP_new();
+    if (bs == NULL) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+        goto end;
+    }
     thisupd = X509_gmtime_adj(NULL, 0);
     if (ndays != -1)
         nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);

libs/openssl/apps/pkeyutl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -370,6 +370,7 @@ int pkeyutl_main(int argc, char **argv)
             if (EVP_PKEY_CTX_ctrl_str(ctx, opt, passwd) <= 0) {
                 BIO_printf(bio_err, "%s: Can't set parameter \"%s\":\n",
                            prog, opt);
+                OPENSSL_free(passwd);
                 goto end;
             }
             OPENSSL_free(passwd);

libs/openssl/apps/s_time.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -324,8 +324,10 @@ int s_time_main(int argc, char **argv)
      */
 
  next:
-    if (!(perform & 2))
+    if (!(perform & 2)) {
+        ret = 0;
         goto end;
+    }
     printf("\n\nNow timing with session id reuse.\n");
 
     /* Get an SSL object so we can reuse the session id */

libs/openssl/apps/storeutl.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -200,9 +200,7 @@ int storeutl_main(int argc, char *argv[])
             }
             break;
         case OPT_CRITERION_FINGERPRINT:
-            if (criterion != 0
-                || (criterion == OSSL_STORE_SEARCH_BY_KEY_FINGERPRINT
-                    && fingerprint != NULL)) {
+            if (criterion != 0) {
                 BIO_printf(bio_err, "%s: criterion already given.\n",
                            prog);
                 goto end;

libs/openssl/apps/ts.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1018,7 +1018,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
             BIO_printf(bio_err, "memory allocation failure\n");
             goto err;
         }
-        if (X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq) <= 0) {
+        if (X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq) <= 0) {
             BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
             goto err;
         }

libs/openssl/apps/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -431,7 +431,7 @@ int x509_main(int argc, char **argv)
             break;
         case OPT_ADDTRUST:
             if (trust == NULL && (trust = sk_ASN1_OBJECT_new_null()) == NULL)
-                goto end;
+                goto err;
             if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
                 BIO_printf(bio_err, "%s: Invalid trust object value %s\n",
                            prog, opt_arg());
@@ -442,7 +442,7 @@ int x509_main(int argc, char **argv)
             break;
         case OPT_ADDREJECT:
             if (reject == NULL && (reject = sk_ASN1_OBJECT_new_null()) == NULL)
-                goto end;
+                goto err;
             if ((objtmp = OBJ_txt2obj(opt_arg(), 0)) == NULL) {
                 BIO_printf(bio_err, "%s: Invalid reject object value %s\n",
                            prog, opt_arg());
@@ -600,7 +600,7 @@ int x509_main(int argc, char **argv)
         goto opthelp;
 
     if (!app_RAND_load())
-        goto end;
+        goto err;
 
     if (!opt_check_md(digest))
         goto opthelp;
@@ -619,7 +619,7 @@ int x509_main(int argc, char **argv)
 
     if (!X509_STORE_set_default_paths_ex(ctx, app_get0_libctx(),
                                          app_get0_propq()))
-        goto end;
+        goto err;
 
     if (newcert && infile != NULL) {
         BIO_printf(bio_err, "The -in option cannot be used with -new\n");
@@ -632,12 +632,12 @@ int x509_main(int argc, char **argv)
     if (privkeyfile != NULL) {
         privkey = load_key(privkeyfile, keyformat, 0, passin, e, "private key");
         if (privkey == NULL)
-            goto end;
+            goto err;
     }
     if (pubkeyfile != NULL) {
         if ((pubkey = load_pubkey(pubkeyfile, keyformat, 0, NULL, e,
                                   "explicitly set public key")) == NULL)
-            goto end;
+            goto err;
     }
 
     if (newcert) {
@@ -654,7 +654,7 @@ int x509_main(int argc, char **argv)
     }
     if (subj != NULL
             && (fsubj = parse_name(subj, chtype, multirdn, "subject")) == NULL)
-        goto end;
+        goto err;
 
     if (CAkeyfile == NULL)
         CAkeyfile = CAfile;
@@ -686,7 +686,7 @@ int x509_main(int argc, char **argv)
         X509V3_CTX ctx2;
 
         if ((extconf = app_load_config(extfile)) == NULL)
-            goto end;
+            goto err;
         if (extsect == NULL) {
             extsect = app_conf_try_string(extconf, "default", "extensions");
             if (extsect == NULL)
@@ -708,7 +708,7 @@ int x509_main(int argc, char **argv)
         req = load_csr_autofmt(infile, informat, vfyopts,
                                "certificate request input");
         if (req == NULL)
-            goto end;
+            goto err;
 
         if ((pkey = X509_REQ_get0_pubkey(req)) == NULL) {
             BIO_printf(bio_err, "Error unpacking public key from CSR\n");
@@ -739,11 +739,11 @@ int x509_main(int argc, char **argv)
             goto err;
         }
         if ((x = X509_new_ex(app_get0_libctx(), app_get0_propq())) == NULL)
-            goto end;
+            goto err;
         if (CAfile == NULL && sno == NULL) {
             sno = ASN1_INTEGER_new();
             if (sno == NULL || !rand_serial(NULL, sno))
-                goto end;
+                goto err;
         }
         if (req != NULL && ext_copy != EXT_COPY_UNSET) {
             if (clrext && ext_copy != EXT_COPY_NONE) {
@@ -760,27 +760,27 @@ int x509_main(int argc, char **argv)
                        "Warning: Reading certificate from stdin since no -in or -new option is given\n");
         x = load_cert_pass(infile, informat, 1, passin, "certificate");
         if (x == NULL)
-            goto end;
+            goto err;
     }
     if ((fsubj != NULL || req != NULL)
         && !X509_set_subject_name(x, fsubj != NULL ? fsubj :
                                   X509_REQ_get_subject_name(req)))
-        goto end;
+        goto err;
     if ((pubkey != NULL || privkey != NULL || req != NULL)
         && !X509_set_pubkey(x, pubkey != NULL ? pubkey :
                             privkey != NULL ? privkey :
                             X509_REQ_get0_pubkey(req)))
-        goto end;
+        goto err;
 
     if (CAfile != NULL) {
         xca = load_cert_pass(CAfile, CAformat, 1, passin, "CA certificate");
         if (xca == NULL)
-            goto end;
+            goto err;
     }
 
     out = bio_open_default(outfile, 'w', outformat);
     if (out == NULL)
-        goto end;
+        goto err;
 
     if (alias)
         X509_alias_set1(x, (unsigned char *)alias, -1);
@@ -816,9 +816,9 @@ int x509_main(int argc, char **argv)
         if (sno == NULL)
             sno = x509_load_serial(CAfile, CAserial, CA_createserial);
         if (sno == NULL)
-            goto end;
+            goto err;
         if (!x509toreq && !reqfile && !newcert && !self_signed(ctx, x))
-            goto end;
+            goto err;
     } else {
         if (privkey != NULL && !cert_matches_key(x, privkey))
             BIO_printf(bio_err,
@@ -826,20 +826,20 @@ int x509_main(int argc, char **argv)
     }
 
     if (sno != NULL && !X509_set_serialNumber(x, sno))
-        goto end;
+        goto err;
 
     if (reqfile || newcert || privkey != NULL || CAfile != NULL) {
         if (!preserve_dates && !set_cert_times(x, NULL, NULL, days))
-            goto end;
+            goto err;
         if (!X509_set_issuer_name(x, X509_get_subject_name(issuer_cert)))
-            goto end;
+            goto err;
     }
 
     X509V3_set_ctx(&ext_ctx, issuer_cert, x, NULL, NULL, X509V3_CTX_REPLACE);
     /* prepare fallback for AKID, but only if issuer cert equals subject cert */
     if (CAfile == NULL) {
         if (!X509V3_set_issuer_pkey(&ext_ctx, privkey))
-            goto end;
+            goto err;
     }
     if (extconf != NULL && !x509toreq) {
         X509V3_set_nconf(&ext_ctx, extconf);
@@ -868,7 +868,7 @@ int x509_main(int argc, char **argv)
             goto err;
         }
         if ((rq = x509_to_req(x, ext_copy, ext_names)) == NULL)
-            goto end;
+            goto err;
         if (extconf != NULL) {
             X509V3_set_nconf(&ext_ctx, extconf);
             if (!X509V3_EXT_REQ_add_nconf(extconf, &ext_ctx, extsect, rq)) {
@@ -878,7 +878,7 @@ int x509_main(int argc, char **argv)
             }
         }
         if (!do_X509_REQ_sign(rq, privkey, digest, sigopts))
-            goto end;
+            goto err;
         if (!noout) {
             if (outformat == FORMAT_ASN1) {
                 X509_REQ_print_ex(out, rq, get_nameopt(), X509_FLAG_COMPAT);
@@ -896,7 +896,7 @@ int x509_main(int argc, char **argv)
     } else if (CAfile != NULL) {
         if ((CAkey = load_key(CAkeyfile, CAkeyformat,
                               0, passin, e, "CA private key")) == NULL)
-            goto end;
+            goto err;
         if (!X509_check_private_key(xca, CAkey)) {
             BIO_printf(bio_err,
                        "CA certificate and CA private key do not match\n");
@@ -904,10 +904,10 @@ int x509_main(int argc, char **argv)
         }
 
         if (!do_X509_sign(x, 0, CAkey, digest, sigopts, &ext_ctx))
-            goto end;
+            goto err;
     } else if (privkey != NULL) {
         if (!do_X509_sign(x, 0, privkey, digest, sigopts, &ext_ctx))
-            goto end;
+            goto err;
     }
     if (badsig) {
         const ASN1_BIT_STRING *signature;
@@ -931,11 +931,11 @@ int x509_main(int argc, char **argv)
             BIGNUM *bnser = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
 
             if (bnser == NULL)
-                goto end;
+                goto err;
             if (!BN_add_word(bnser, 1)
                     || (ser = BN_to_ASN1_INTEGER(bnser, NULL)) == NULL) {
                 BN_free(bnser);
-                goto end;
+                goto err;
             }
             BN_free(bnser);
             i2a_ASN1_INTEGER(out, ser);

libs/openssl/crypto/aes/asm/vpaes-loongarch64.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -29,9 +29,9 @@
 ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19));
 ($fp)=map("\$r$_",(22));
 
-for (@ARGV) {   $output=$_ if (/\w[\w\-]*\.\w+$/);      }
-open STDOUT,">$output";
-while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+# $output is the last argument if it looks like a file (it has an extension)
+my $output;
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 $PREFIX="vpaes";

libs/openssl/crypto/armcap.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -35,7 +35,7 @@ void OPENSSL_cpuid_setup(void)
     OPENSSL_armcap_P |= ARMV7_NEON;
     OPENSSL_armv8_rsa_neonized = 1;
     if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE)) {
-        // These are all covered by one call in Windows
+        /* These are all covered by one call in Windows */
         OPENSSL_armcap_P |= ARMV8_AES;
         OPENSSL_armcap_P |= ARMV8_PMULL;
         OPENSSL_armcap_P |= ARMV8_SHA1;

libs/openssl/crypto/asn1/asn_mime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -96,7 +96,7 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
      * internally
      */
     else
-        ASN1_item_i2d_bio(it, out, val);
+        rv = ASN1_item_i2d_bio(it, out, val);
     return rv;
 }
 

libs/openssl/crypto/asn1/tasn_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -565,6 +565,9 @@ static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype
             return -1;
         break;
 
+    case V_ASN1_UNDEF:
+        return -2;
+
     case V_ASN1_NULL:
         cont = NULL;
         len = 0;

libs/openssl/crypto/bio/bio_addr.c

@@ -104,6 +104,7 @@ void BIO_ADDR_clear(BIO_ADDR *ap)
  */
 int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
 {
+    memset(ap, 0, sizeof(BIO_ADDR));
     if (sa->sa_family == AF_INET) {
         memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
         return 1;

libs/openssl/crypto/bio/bio_dump.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,6 +47,8 @@ int BIO_dump_indent_cb(int (*cb) (const void *data, size_t len, void *u),
     for (i = 0; i < rows; i++) {
         n = BIO_snprintf(buf, sizeof(buf), "%*s%04x - ", indent, "",
                          i * dump_width);
+        if (n < 0)
+            return -1;
         for (j = 0; j < dump_width; j++) {
             if (SPACE(buf, n, 3)) {
                 if (((i * dump_width) + j) >= len) {

libs/openssl/crypto/bio/bio_print.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -535,6 +535,10 @@ static LDOUBLE abs_val(LDOUBLE value)
     LDOUBLE result = value;
     if (value < 0)
         result = -value;
+    if (result > 0 && result / 2 == result) /* INF */
+        result = 0;
+    else if (result != result) /* NAN */
+        result = 0;
     return result;
 }
 
@@ -590,6 +594,9 @@ fmtfp(char **sbuffer,
         signvalue = '+';
     else if (flags & DP_F_SPACE)
         signvalue = ' ';
+    ufvalue = abs_val(fvalue);
+    if (ufvalue == 0 && fvalue != 0) /* INF or NAN? */
+        signvalue = '?';
 
     /*
      * G_FORMAT sometimes prints like E_FORMAT and sometimes like F_FORMAT
@@ -597,12 +604,12 @@ fmtfp(char **sbuffer,
      * that from here on.
      */
     if (style == G_FORMAT) {
-        if (fvalue == 0.0) {
+        if (ufvalue == 0.0) {
             realstyle = F_FORMAT;
-        } else if (fvalue < 0.0001) {
+        } else if (ufvalue < 0.0001) {
             realstyle = E_FORMAT;
-        } else if ((max == 0 && fvalue >= 10)
-                    || (max > 0 && fvalue >= pow_10(max))) {
+        } else if ((max == 0 && ufvalue >= 10)
+                   || (max > 0 && ufvalue >= pow_10(max))) {
             realstyle = E_FORMAT;
         } else {
             realstyle = F_FORMAT;
@@ -612,9 +619,9 @@ fmtfp(char **sbuffer,
     }
 
     if (style != F_FORMAT) {
-        tmpvalue = fvalue;
+        tmpvalue = ufvalue;
         /* Calculate the exponent */
-        if (fvalue != 0.0) {
+        if (ufvalue != 0.0) {
             while (tmpvalue < 1) {
                 tmpvalue *= 10;
                 exp--;
@@ -651,9 +658,9 @@ fmtfp(char **sbuffer,
             }
         }
         if (realstyle == E_FORMAT)
-            fvalue = tmpvalue;
+            ufvalue = tmpvalue;
     }
-    ufvalue = abs_val(fvalue);
+
     /*
      * By subtracting 65535 (2^16-1) we cancel the low order 15 bits
      * of ULONG_MAX to avoid using imprecise floating point values.

libs/openssl/crypto/bn/bn_ppc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
      */
 
 #if defined(_ARCH_PPC64) && !defined(__ILP32__)
+    /* Minerva side-channel fix danny */
+# if defined(USE_FIXED_N6)
     if (num == 6) {
         if (OPENSSL_ppccap_P & PPC_MADD300)
             return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
         else
             return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
     }
+# endif
 #endif
 
     return bn_mul_mont_int(rp, ap, bp, np, n0, num);

libs/openssl/crypto/chacha/asm/chacha-armv8-sve.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022-2023  The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2025  The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -247,9 +247,6 @@ sub load_regs() {
 	my $next_offset = $offset + 1;
 $code.=<<___;
 	ld1w	{$reg.s},p0/z,[$inp,#$offset,MUL VL]
-#ifdef  __AARCH64EB__
-	revb    $reg.s,p0/m,$reg.s
-#endif
 ___
 	if (@_) {
 		&load_regs($next_offset, @_);
@@ -271,9 +268,6 @@ sub store_regs() {
 	my $reg = shift;
 	my $next_offset = $offset + 1;
 $code.=<<___;
-#ifdef  __AARCH64EB__
-	revb	$reg.s,p0/m,$reg.s
-#endif
 	st1w	{$reg.s},p0,[$outp,#$offset,MUL VL]
 ___
 	if (@_) {
@@ -479,13 +473,29 @@ sub SVE_TRANSFORMS() {
 $code.=<<___;
 #ifdef	__AARCH64EB__
 	rev	@sxx[0],@sxx[0]
+	revb	@mx[0].s,p0/m,@mx[0].s
+	revb	@mx[1].s,p0/m,@mx[1].s
 	rev	@sxx[2],@sxx[2]
+	revb	@mx[2].s,p0/m,@mx[2].s
+	revb	@mx[3].s,p0/m,@mx[3].s
 	rev	@sxx[4],@sxx[4]
+	revb	@mx[4].s,p0/m,@mx[4].s
+	revb	@mx[5].s,p0/m,@mx[5].s
 	rev	@sxx[6],@sxx[6]
+	revb	@mx[6].s,p0/m,@mx[6].s
+	revb	@mx[7].s,p0/m,@mx[7].s
 	rev	@sxx[8],@sxx[8]
+	revb	@mx[8].s,p0/m,@mx[8].s
+	revb	@mx[9].s,p0/m,@mx[9].s
 	rev	@sxx[10],@sxx[10]
+	revb	@mx[10].s,p0/m,@mx[10].s
+	revb	@mx[11].s,p0/m,@mx[11].s
 	rev	@sxx[12],@sxx[12]
+	revb	@mx[12].s,p0/m,@mx[12].s
+	revb	@mx[13].s,p0/m,@mx[13].s
 	rev	@sxx[14],@sxx[14]
+	revb	@mx[14].s,p0/m,@mx[14].s
+	revb	@mx[15].s,p0/m,@mx[15].s
 #endif
 	.if mixin == 1
 		add	@K[6],@K[6],#1

libs/openssl/crypto/chacha/asm/chacha-loongarch64.pl

@@ -37,8 +37,9 @@ my ($xr0,$xr1,$xr2,$xr3,$xr4,$xr5,$xr6,$xr7,$xr8,$xr9,$xr10,
     $xr20,$xr21,$xr22,$xr23,$xr24,$xr25,$xr26,$xr27,$xr28,
     $xr29,$xr30,$xr31)=map("\$xr$_",(0..31));
 
+# $output is the last argument if it looks like a file (it has an extension)
 my $output;
-for (@ARGV) {	$output=$_ if (/\w[\w\-]*\.\w+$/);	}
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 # Input parameter block

libs/openssl/crypto/cmp/cmp_client.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -614,8 +614,10 @@ static int cert_response(OSSL_CMP_CTX *ctx, int sleep, int rid,
         ERR_add_error_data(1, "; cannot extract certificate from response");
         return 0;
     }
-    if (!ossl_cmp_ctx_set0_newCert(ctx, cert))
+    if (!ossl_cmp_ctx_set0_newCert(ctx, cert)) {
+        X509_free(cert);
         return 0;
+    }
 
     /*
      * if the CMP server returned certificates in the caPubs field, copy them

libs/openssl/crypto/cms/cms_pwri.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,7 +168,8 @@ CMS_RecipientInfo *CMS_add0_recipient_password(CMS_ContentInfo *cms,
 
     /* Setup PBE algorithm */
 
-    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set(iter, NULL, 0, -1, -1);
+    pwri->keyDerivationAlgorithm = PKCS5_pbkdf2_set_ex(iter, NULL, 0, -1, -1,
+                                                       cms_ctx->libctx);
 
     if (pwri->keyDerivationAlgorithm == NULL)
         goto err;
@@ -360,9 +361,10 @@ int ossl_cms_RecipientInfo_pwri_crypt(const CMS_ContentInfo *cms,
 
     /* Finish password based key derivation to setup key in "ctx" */
 
-    if (EVP_PBE_CipherInit(algtmp->algorithm,
-                           (char *)pwri->pass, pwri->passlen,
-                           algtmp->parameter, kekctx, en_de) < 0) {
+    if (EVP_PBE_CipherInit_ex(algtmp->algorithm,
+                              (char *)pwri->pass, pwri->passlen,
+                              algtmp->parameter, kekctx, en_de,
+                              cms_ctx->libctx, cms_ctx->propq) < 0) {
         ERR_raise(ERR_LIB_CMS, ERR_R_EVP_LIB);
         goto err;
     }

libs/openssl/crypto/dh/dh_pmeth.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -422,7 +422,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             ret = DH_compute_key_padded(key, dhpubbn, dh);
         else
             ret = DH_compute_key(key, dhpubbn, dh);
-        if (ret < 0)
+        if (ret <= 0)
             return ret;
         *keylen = ret;
         return 1;

libs/openssl/crypto/ec/asm/ecp_nistp384-ppc64.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -7,13 +7,15 @@
 # https://www.openssl.org/source/license.html
 #
 # ====================================================================
-# Written by Rohan McLure <[email protected]> for the OpenSSL
-# project.
+# Written by Danny Tsen <[email protected]> # for the OpenSSL project.
+#
+# Copyright 2025- IBM Corp.
 # ====================================================================
 #
-# p384 lower-level primitives for PPC64 using vector instructions.
+# p384 lower-level primitives for PPC64.
 #
 
+
 use strict;
 use warnings;
 
@@ -21,7 +23,7 @@ my $flavour = shift;
 my $output = "";
 while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
 if (!$output) {
-    $output = "-";
+        $output = "-";
 }
 
 my ($xlate, $dir);
@@ -35,272 +37,1496 @@ open OUT,"| \"$^X\" $xlate $flavour $output";
 
 my $code = "";
 
-my ($sp, $outp, $savelr, $savesp) = ("r1", "r3", "r10", "r12");
-
-my $vzero = "v32";
-
-sub startproc($)
-{
-    my ($name) = @_;
-
-    $code.=<<___;
-    .globl ${name}
-    .align 5
-${name}:
-
-___
-}
+$code.=<<___;
+.machine "any"
+.text
 
-sub endproc($)
-{
-    my ($name) = @_;
+.globl  p384_felem_mul
+.type   p384_felem_mul,\@function
+.align	4
+p384_felem_mul:
+
+	stdu	1, -176(1)
+	mflr	0
+	std	14, 56(1)
+	std	15, 64(1)
+	std	16, 72(1)
+	std	17, 80(1)
+	std	18, 88(1)
+	std	19, 96(1)
+	std	20, 104(1)
+	std	21, 112(1)
+	std	22, 120(1)
+
+	bl	_p384_felem_mul_core
+
+	mtlr	0
+	ld	14, 56(1)
+	ld	15, 64(1)
+	ld	16, 72(1)
+	ld	17, 80(1)
+	ld	18, 88(1)
+	ld	19, 96(1)
+	ld	20, 104(1)
+	ld	21, 112(1)
+	ld	22, 120(1)
+	addi	1, 1, 176
+	blr
+.size   p384_felem_mul,.-p384_felem_mul
+
+.globl  p384_felem_square
+.type   p384_felem_square,\@function
+.align	4
+p384_felem_square:
+
+	stdu	1, -176(1)
+	mflr	0
+	std	14, 56(1)
+	std	15, 64(1)
+	std	16, 72(1)
+	std	17, 80(1)
+
+	bl	_p384_felem_square_core
+
+	mtlr	0
+	ld	14, 56(1)
+	ld	15, 64(1)
+	ld	16, 72(1)
+	ld	17, 80(1)
+	addi	1, 1, 176
+	blr
+.size   p384_felem_square,.-p384_felem_square
 
-    $code.=<<___;
-    blr
-        .size ${name},.-${name}
+#
+# Felem mul core function -
+# r3, r4 and r5 need to pre-loaded.
+#
+.type   _p384_felem_mul_core,\@function
+.align	4
+_p384_felem_mul_core:
+
+	ld	6,0(4)
+	ld	14,0(5)
+	ld	7,8(4)
+	ld	15,8(5)
+	ld	8,16(4)
+	ld	16,16(5)
+	ld	9,24(4)
+	ld	17,24(5)
+	ld	10,32(4)
+	ld	18,32(5)
+	ld	11,40(4)
+	ld	19,40(5)
+	ld	12,48(4)
+	ld	20,48(5)
+
+	# out0
+	mulld	21, 14, 6
+	mulhdu	22, 14, 6
+	std	21, 0(3)
+	std	22, 8(3)
+
+	vxor	0, 0, 0
+
+	# out1
+	mtvsrdd	32+13, 14, 6
+	mtvsrdd	32+14, 7, 15
+	vmsumudm 1, 13, 14, 0
+
+	# out2
+	mtvsrdd	32+15, 15, 6
+	mtvsrdd	32+16, 7, 16
+	mtvsrdd	32+17, 0, 8
+	mtvsrdd	32+18, 0, 14
+	vmsumudm 19, 15, 16, 0
+	vmsumudm 2, 17, 18, 19
+
+	# out3
+	mtvsrdd	32+13, 16, 6
+	mtvsrdd	32+14, 7, 17
+	mtvsrdd	32+15, 14, 8
+	mtvsrdd	32+16, 9, 15
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 3, 15, 16, 19
+
+	# out4
+	mtvsrdd	32+13, 17, 6
+	mtvsrdd	32+14, 7, 18
+	mtvsrdd	32+15, 15, 8
+	mtvsrdd	32+16, 9, 16
+	mtvsrdd	32+17, 0, 10
+	mtvsrdd	32+18, 0, 14
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 4, 15, 16, 19
+	vmsumudm 4, 17, 18, 4
+
+	# out5
+	mtvsrdd	32+13, 18, 6
+	mtvsrdd	32+14, 7, 19
+	mtvsrdd	32+15, 16, 8
+	mtvsrdd	32+16, 9, 17
+	mtvsrdd	32+17, 14, 10
+	mtvsrdd	32+18, 11, 15
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 5, 15, 16, 19
+	vmsumudm 5, 17, 18, 5
+
+	stxv	32+1, 16(3)
+	stxv	32+2, 32(3)
+	stxv	32+3, 48(3)
+	stxv	32+4, 64(3)
+	stxv	32+5, 80(3)
+
+	# out6
+	mtvsrdd	32+13, 19, 6
+	mtvsrdd	32+14, 7, 20
+	mtvsrdd	32+15, 17, 8
+	mtvsrdd	32+16, 9, 18
+	mtvsrdd	32+17, 15, 10
+	mtvsrdd	32+18, 11, 16
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 6, 15, 16, 19
+	mtvsrdd	32+13, 0, 12
+	mtvsrdd	32+14, 0, 14
+	vmsumudm 19, 17, 18, 6
+	vmsumudm 6, 13, 14, 19
+
+	# out7
+	mtvsrdd	32+13, 19, 7
+	mtvsrdd	32+14, 8, 20
+	mtvsrdd	32+15, 17, 9
+	mtvsrdd	32+16, 10, 18
+	mtvsrdd	32+17, 15, 11
+	mtvsrdd	32+18, 12, 16
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 7, 15, 16, 19
+	vmsumudm 7, 17, 18, 7
+
+	# out8
+	mtvsrdd	32+13, 19, 8
+	mtvsrdd	32+14, 9, 20
+	mtvsrdd	32+15, 17, 10
+	mtvsrdd	32+16, 11, 18
+	mtvsrdd	32+17, 0, 12
+	mtvsrdd	32+18, 0, 16
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 8, 15, 16, 19
+	vmsumudm 8, 17, 18, 8
+
+	# out9
+	mtvsrdd	32+13, 19, 9
+	mtvsrdd	32+14, 10, 20
+	mtvsrdd	32+15, 17, 11
+	mtvsrdd	32+16, 12, 18
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 9, 15, 16, 19
+
+	# out10
+	mtvsrdd	32+13, 19, 10
+	mtvsrdd	32+14, 11, 20
+	mtvsrdd	32+15, 0, 12
+	mtvsrdd	32+16, 0, 18
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 10, 15, 16, 19
+
+	# out11
+	mtvsrdd	32+17, 19, 11
+	mtvsrdd	32+18, 12, 20
+	vmsumudm 11, 17, 18, 0
+
+	stxv	32+6, 96(3)
+	stxv	32+7, 112(3)
+	stxv	32+8, 128(3)
+	stxv	32+9, 144(3)
+	stxv	32+10, 160(3)
+	stxv	32+11, 176(3)
+
+	# out12
+	mulld	21, 20, 12
+	mulhdu	22, 20, 12	# out12
+
+	std	21, 192(3)
+	std	22, 200(3)
+
+	blr
+.size   _p384_felem_mul_core,.-_p384_felem_mul_core
 
-___
-}
+#
+# Felem square core function -
+# r3 and r4 need to pre-loaded.
+#
+.type   _p384_felem_square_core,\@function
+.align	4
+_p384_felem_square_core:
+
+	ld	6, 0(4)
+	ld	7, 8(4)
+	ld	8, 16(4)
+	ld	9, 24(4)
+	ld	10, 32(4)
+	ld	11, 40(4)
+	ld	12, 48(4)
+
+	vxor	0, 0, 0
+
+	# out0
+	mulld	14, 6, 6
+	mulhdu	15, 6, 6
+	std	14, 0(3)
+	std	15, 8(3)
+
+	# out1
+	add	14, 6, 6
+	mtvsrdd	32+13, 0, 14
+	mtvsrdd	32+14, 0, 7
+	vmsumudm 1, 13, 14, 0
+
+	# out2
+	mtvsrdd	32+15, 7, 14
+	mtvsrdd	32+16, 7, 8
+	vmsumudm 2, 15, 16, 0
+
+	# out3
+	add	15, 7, 7
+	mtvsrdd	32+13, 8, 14
+	mtvsrdd	32+14, 15, 9
+	vmsumudm 3, 13, 14, 0
+
+	# out4
+	mtvsrdd	32+13, 9, 14
+	mtvsrdd	32+14, 15, 10
+	mtvsrdd	32+15, 0, 8
+	vmsumudm 4, 13, 14, 0
+	vmsumudm 4, 15, 15, 4
+
+	# out5
+	mtvsrdd	32+13, 10, 14
+	mtvsrdd	32+14, 15, 11
+	add	16, 8, 8
+	mtvsrdd	32+15, 0, 16
+	mtvsrdd	32+16, 0, 9
+	vmsumudm 5, 13, 14, 0
+	vmsumudm 5, 15, 16, 5
+
+	stxv	32+1, 16(3)
+	stxv	32+2, 32(3)
+	stxv	32+3, 48(3)
+	stxv	32+4, 64(3)
+
+	# out6
+	mtvsrdd	32+13, 11, 14
+	mtvsrdd	32+14, 15, 12
+	mtvsrdd	32+15, 9, 16
+	mtvsrdd	32+16, 9, 10
+	stxv	32+5, 80(3)
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 6, 15, 16, 19
+
+	# out7
+	add	17, 9, 9
+	mtvsrdd	32+13, 11, 15
+	mtvsrdd	32+14, 16, 12
+	mtvsrdd	32+15, 0, 17
+	mtvsrdd	32+16, 0, 10
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 7, 15, 16, 19
+
+	# out8
+	mtvsrdd	32+13, 11, 16
+	mtvsrdd	32+14, 17, 12
+	mtvsrdd	32+15, 0, 10
+	vmsumudm 19, 13, 14, 0
+	vmsumudm 8, 15, 15, 19
+
+	# out9
+	add	14, 10, 10
+	mtvsrdd	32+13, 11, 17
+	mtvsrdd	32+14, 14, 12
+	vmsumudm 9, 13, 14, 0
+
+	# out10
+	mtvsrdd	32+13, 11, 14
+	mtvsrdd	32+14, 11, 12
+	vmsumudm 10, 13, 14, 0
+
+	stxv	32+6, 96(3)
+	stxv	32+7, 112(3)
+
+	# out11
+	#add	14, 11, 11
+	#mtvsrdd	32+13, 0, 14
+	#mtvsrdd	32+14, 0, 12
+	#vmsumudm 11, 13, 14, 0
+
+	mulld	6, 12, 11
+	mulhdu	7, 12, 11
+	addc	8, 6, 6
+	adde	9, 7, 7
+
+	stxv	32+8, 128(3)
+	stxv	32+9, 144(3)
+	stxv	32+10, 160(3)
+	#stxv	32+11, 176(3)
+
+	# out12
+	mulld	14, 12, 12
+	mulhdu	15, 12, 12
+
+	std	8, 176(3)
+	std	9, 184(3)
+	std	14, 192(3)
+	std	15, 200(3)
+
+	blr
+.size   _p384_felem_square_core,.-_p384_felem_square_core
 
-sub load_vrs($$)
-{
-    my ($pointer, $reg_list) = @_;
+#
+# widefelem (128 bits) * 8
+#
+.macro F128_X_8 _off1 _off2
+	ld	9,\\_off1(3)
+	ld	8,\\_off2(3)
+	srdi	10,9,61
+	rldimi	10,8,3,0
+	sldi	9,9,3
+	std	9,\\_off1(3)
+	std	10,\\_off2(3)
+.endm
 
-    for (my $i = 0; $i <= 6; $i++) {
-        my $offset = $i * 8;
-        $code.=<<___;
-    lxsd        $reg_list->[$i],$offset($pointer)
-___
-    }
+.globl p384_felem128_mul_by_8
+.type	p384_felem128_mul_by_8, \@function
+.align 4
+p384_felem128_mul_by_8:
 
-    $code.=<<___;
+	F128_X_8 0, 8
 
-___
-}
+	F128_X_8 16, 24
 
-sub store_vrs($$)
-{
-    my ($pointer, $reg_list) = @_;
+	F128_X_8 32, 40
 
-    for (my $i = 0; $i <= 12; $i++) {
-        my $offset = $i * 16;
-        $code.=<<___;
-    stxv        $reg_list->[$i],$offset($pointer)
-___
-    }
+	F128_X_8 48, 56
 
-    $code.=<<___;
+	F128_X_8 64, 72
 
-___
-}
+	F128_X_8 80, 88
 
-$code.=<<___;
-.machine    "any"
-.text
+	F128_X_8 96, 104
 
-___
+	F128_X_8 112, 120
 
-{
-    # mul/square common
-    my ($t1, $t2, $t3, $t4) = ("v33", "v34", "v42", "v43");
-    my ($zero, $one) = ("r8", "r9");
-    my $out = "v51";
+	F128_X_8 128, 136
 
-    {
-        #
-        # p384_felem_mul
-        #
+	F128_X_8 144, 152
 
-        my ($in1p, $in2p) = ("r4", "r5");
-        my @in1 = map("v$_",(44..50));
-        my @in2 = map("v$_",(35..41));
+	F128_X_8 160, 168
 
-        startproc("p384_felem_mul");
+	F128_X_8 176, 184
 
-        $code.=<<___;
-    vspltisw    $vzero,0
+	F128_X_8 192, 200
 
-___
+	blr
+.size	p384_felem128_mul_by_8,.-p384_felem128_mul_by_8
 
-        load_vrs($in1p, \@in1);
-        load_vrs($in2p, \@in2);
-
-        $code.=<<___;
-    vmsumudm    $out,$in1[0],$in2[0],$vzero
-    stxv        $out,0($outp)
-
-    xxpermdi    $t1,$in1[0],$in1[1],0b00
-    xxpermdi    $t2,$in2[1],$in2[0],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,16($outp)
-
-    xxpermdi    $t2,$in2[2],$in2[1],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in1[2],$in2[0],$out
-    stxv        $out,32($outp)
-
-    xxpermdi    $t2,$in2[1],$in2[0],0b00
-    xxpermdi    $t3,$in1[2],$in1[3],0b00
-    xxpermdi    $t4,$in2[3],$in2[2],0b00
-    vmsumudm    $out,$t1,$t4,$vzero
-    vmsumudm    $out,$t3,$t2,$out
-    stxv        $out,48($outp)
-
-    xxpermdi    $t2,$in2[4],$in2[3],0b00
-    xxpermdi    $t4,$in2[2],$in2[1],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    vmsumudm    $out,$in1[4],$in2[0],$out
-    stxv        $out,64($outp)
-
-    xxpermdi    $t2,$in2[5],$in2[4],0b00
-    xxpermdi    $t4,$in2[3],$in2[2],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    xxpermdi    $t4,$in2[1],$in2[0],0b00
-    xxpermdi    $t1,$in1[4],$in1[5],0b00
-    vmsumudm    $out,$t1,$t4,$out
-    stxv        $out,80($outp)
-
-    xxpermdi    $t1,$in1[0],$in1[1],0b00
-    xxpermdi    $t2,$in2[6],$in2[5],0b00
-    xxpermdi    $t4,$in2[4],$in2[3],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    xxpermdi    $t2,$in2[2],$in2[1],0b00
-    xxpermdi    $t1,$in1[4],$in1[5],0b00
-    vmsumudm    $out,$t1,$t2,$out
-    vmsumudm    $out,$in1[6],$in2[0],$out
-    stxv        $out,96($outp)
-
-    xxpermdi    $t1,$in1[1],$in1[2],0b00
-    xxpermdi    $t2,$in2[6],$in2[5],0b00
-    xxpermdi    $t3,$in1[3],$in1[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    xxpermdi    $t3,$in2[2],$in2[1],0b00
-    xxpermdi    $t1,$in1[5],$in1[6],0b00
-    vmsumudm    $out,$t1,$t3,$out
-    stxv        $out,112($outp)
-
-    xxpermdi    $t1,$in1[2],$in1[3],0b00
-    xxpermdi    $t3,$in1[4],$in1[5],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$t3,$t4,$out
-    vmsumudm    $out,$in1[6],$in2[2],$out
-    stxv        $out,128($outp)
-
-    xxpermdi    $t1,$in1[3],$in1[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    xxpermdi    $t1,$in1[5],$in1[6],0b00
-    vmsumudm    $out,$t1,$t4,$out
-    stxv        $out,144($outp)
-
-    vmsumudm    $out,$t3,$t2,$vzero
-    vmsumudm    $out,$in1[6],$in2[4],$out
-    stxv        $out,160($outp)
-
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,176($outp)
-
-    vmsumudm    $out,$in1[6],$in2[6],$vzero
-    stxv        $out,192($outp)
-___
+#
+# widefelem (128 bits) * 2
+#
+.macro F128_X_2 _off1 _off2
+	ld	9,\\_off1(3)
+	ld	8,\\_off2(3)
+	srdi	10,9,63
+	rldimi	10,8,1,0
+	sldi	9,9,1
+	std	9,\\_off1(3)
+	std	10,\\_off2(3)
+.endm
+
+.globl p384_felem128_mul_by_2
+.type	p384_felem128_mul_by_2, \@function
+.align 4
+p384_felem128_mul_by_2:
+
+	F128_X_2 0, 8
+
+	F128_X_2 16, 24
+
+	F128_X_2 32, 40
+
+	F128_X_2 48, 56
+
+	F128_X_2 64, 72
+
+	F128_X_2 80, 88
+
+	F128_X_2 96, 104
+
+	F128_X_2 112, 120
+
+	F128_X_2 128, 136
+
+	F128_X_2 144, 152
+
+	F128_X_2 160, 168
+
+	F128_X_2 176, 184
+
+	F128_X_2 192, 200
+
+	blr
+.size	p384_felem128_mul_by_2,.-p384_felem128_mul_by_2
+
+.globl p384_felem_diff128
+.type	p384_felem_diff128, \@function
+.align 4
+p384_felem_diff128:
+
+	addis   5, 2, .LConst_two127\@toc\@ha
+	addi    5, 5, .LConst_two127\@toc\@l
+
+	ld	10, 0(3)
+	ld	8, 8(3)
+	li	9, 0
+	addc	10, 10, 9
+	li	7, -1
+	rldicr	7, 7, 0, 0	# two127
+	adde	8, 8, 7
+	ld	11, 0(4)
+	ld	12, 8(4)
+	subfc	11, 11, 10
+	subfe	12, 12, 8
+	std	11, 0(3)	# out0
+	std	12, 8(3)
+
+	# two127m71 = (r10, r9)
+	ld	8, 16(3)
+	ld	7, 24(3)
+	ld	10, 24(5)	# two127m71
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 16(4)
+	ld	12, 24(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 16(3)	# out1
+	std	12, 24(3)
+
+	ld	8, 32(3)
+	ld	7, 40(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 32(4)
+	ld	12, 40(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 32(3)	# out2
+	std	12, 40(3)
+
+	ld	8, 48(3)
+	ld	7, 56(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 48(4)
+	ld	12, 56(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 48(3)	# out3
+	std	12, 56(3)
+
+	ld	8, 64(3)
+	ld	7, 72(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 64(4)
+	ld	12, 72(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 64(3)	# out4
+	std	12, 72(3)
+
+	ld	8, 80(3)
+	ld	7, 88(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 80(4)
+	ld	12, 88(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 80(3)	# out5
+	std	12, 88(3)
+
+	ld	8, 96(3)
+	ld	7, 104(3)
+	ld	6, 40(5)	# two127p111m79m71
+	addc	8, 8, 9
+	adde	7, 7, 6
+	ld	11, 96(4)
+	ld	12, 104(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 96(3)	# out6
+	std	12, 104(3)
+
+	ld	8, 112(3)
+	ld	7, 120(3)
+	ld	6, 56(5)	# two127m119m71
+	addc	8, 8, 9
+	adde	7, 7, 6
+	ld	11, 112(4)
+	ld	12, 120(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 112(3)	# out7
+	std	12, 120(3)
+
+	ld	8, 128(3)
+	ld	7, 136(3)
+	ld	6, 72(5)	# two127m95m71
+	addc	8, 8, 9
+	adde	7, 7, 6
+	ld	11, 128(4)
+	ld	12, 136(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 128(3)	# out8
+	std	12, 136(3)
+
+	ld	8, 144(3)
+	ld	7, 152(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 144(4)
+	ld	12, 152(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 144(3)	# out9
+	std	12, 152(3)
+
+	ld	8, 160(3)
+	ld	7, 168(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 160(4)
+	ld	12, 168(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 160(3)	# out10
+	std	12, 168(3)
+
+	ld	8, 176(3)
+	ld	7, 184(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 176(4)
+	ld	12, 184(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 176(3)	# out11
+	std	12, 184(3)
+
+	ld	8, 192(3)
+	ld	7, 200(3)
+	addc	8, 8, 9
+	adde	7, 7, 10
+	ld	11, 192(4)
+	ld	12, 200(4)
+	subfc	11, 11, 8
+	subfe	12, 12, 7
+	std	11, 192(3)	# out12
+	std	12, 200(3)
+
+	blr
+.size	p384_felem_diff128,.-p384_felem_diff128
+
+.data
+.align 4
+.LConst_two127:
+#two127
+.long 0x00000000, 0x00000000, 0x00000000, 0x80000000
+#two127m71
+.long 0x00000000, 0x00000000, 0xffffff80, 0x7fffffff
+#two127p111m79m71
+.long 0x00000000, 0x00000000, 0xffff7f80, 0x80007fff
+#two127m119m71
+.long 0x00000000, 0x00000000, 0xffffff80, 0x7f7fffff
+#two127m95m71
+.long 0x00000000, 0x00000000, 0x7fffff80, 0x7fffffff
 
-        endproc("p384_felem_mul");
-    }
+.text
 
-    {
-        #
-        # p384_felem_square
-        #
+.globl p384_felem_diff_128_64
+.type	p384_felem_diff_128_64, \@function
+.align 4
+p384_felem_diff_128_64:
+	addis   5, 2, .LConst_128_two64\@toc\@ha
+	addi    5, 5, .LConst_128_two64\@toc\@l
+
+	ld	9, 0(3)
+	ld	10, 8(3)
+	ld	8, 48(5)	# two64p48m16
+	li	7, 0
+	addc	9, 9, 8
+	li	6, 1
+	adde	10, 10, 6
+	ld	11, 0(4)
+	subfc	8, 11, 9
+	subfe	12, 7, 10
+	std	8, 0(3)		# out0
+	std	12, 8(3)
+
+	ld	9, 16(3)
+	ld	10, 24(3)
+	ld	8, 0(5)		# two64m56m8
+	addc	9, 9, 8
+	addze	10, 10
+	ld	11, 8(4)
+	subfc	11, 11, 9
+	subfe	12, 7, 10
+	std	11, 16(3)	# out1
+	std	12, 24(3)
+
+	ld	9, 32(3)
+	ld	10, 40(3)
+	ld	8, 16(5)	# two64m32m8
+	addc	9, 9, 8
+	addze	10, 10
+	ld	11, 16(4)
+	subfc	11, 11, 9
+	subfe	12, 7, 10
+	std	11, 32(3)	# out2
+	std	12, 40(3)
+
+	ld	10, 48(3)
+	ld	8, 56(3)
+	#ld	9, 32(5)	# two64m8
+	li	9, -256		# two64m8
+	addc	10, 10, 9
+	addze	8, 8
+	ld	11, 24(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 8
+	std	11, 48(3)	# out3
+	std	12, 56(3)
+
+	ld	10, 64(3)
+	ld	8, 72(3)
+	addc	10, 10, 9
+	addze	8, 8
+	ld	11, 32(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 8
+	std	11, 64(3)	# out4
+	std	12, 72(3)
+
+	ld	10, 80(3)
+	ld	8, 88(3)
+	addc	10, 10, 9
+	addze	8, 8
+	ld	11, 40(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 8
+	std	11, 80(3)	# out5
+	std	12, 88(3)
+
+	ld	10, 96(3)
+	ld	8, 104(3)
+	addc	10, 10, 9
+	addze	9, 8
+	ld	11, 48(4)
+	subfc	11, 11, 10
+	subfe	12, 7, 9
+	std	11, 96(3)	# out6
+	std	12, 104(3)
+
+	blr
+.size	p384_felem_diff_128_64,.-p384_felem_diff_128_64
+
+.data
+.align 4
+.LConst_128_two64:
+#two64m56m8
+.long 0xffffff00, 0xfeffffff, 0x00000000, 0x00000000
+#two64m32m8
+.long 0xffffff00, 0xfffffffe, 0x00000000, 0x00000000
+#two64m8
+.long 0xffffff00, 0xffffffff, 0x00000000, 0x00000000
+#two64p48m16
+.long 0xffff0000, 0x0000ffff, 0x00000001, 0x00000000
+
+.LConst_two60:
+#two60m52m4
+.long 0xfffffff0, 0x0fefffff, 0x0, 0x0
+#two60p44m12
+.long 0xfffff000, 0x10000fff, 0x0, 0x0
+#two60m28m4
+.long 0xeffffff0, 0x0fffffff, 0x0, 0x0
+#two60m4
+.long 0xfffffff0, 0x0fffffff, 0x0, 0x0
 
-        my ($inp) = ("r4");
-        my @in = map("v$_",(44..50));
-        my @inx2 = map("v$_",(35..41));
+.text
+#
+# static void felem_diff64(felem out, const felem in)
+#
+.globl p384_felem_diff64
+.type	p384_felem_diff64, \@function
+.align 4
+p384_felem_diff64:
+	addis   5, 2, .LConst_two60\@toc\@ha
+	addi    5, 5, .LConst_two60\@toc\@l
+
+	ld	9, 0(3)
+	ld	8, 16(5)	# two60p44m12
+	li	7, 0
+	add	9, 9, 8
+	ld	11, 0(4)
+	subf	8, 11, 9
+	std	8, 0(3)		# out0
+
+	ld	9, 8(3)
+	ld	8, 0(5)		# two60m52m4
+	add	9, 9, 8
+	ld	11, 8(4)
+	subf	11, 11, 9
+	std	11, 8(3)	# out1
+
+	ld	9, 16(3)
+	ld	8, 32(5)	# two60m28m4
+	add	9, 9, 8
+	ld	11, 16(4)
+	subf	11, 11, 9
+	std	11, 16(3)	# out2
+
+	ld	10, 24(3)
+	ld	9, 48(5)	# two60m4
+	add	10, 10, 9
+	ld	12, 24(4)
+	subf	12, 12, 10
+	std	12, 24(3)	# out3
+
+	ld	10, 32(3)
+	add	10, 10, 9
+	ld	11, 32(4)
+	subf	11, 11, 10
+	std	11, 32(3)	# out4
+
+	ld	10, 40(3)
+	add	10, 10, 9
+	ld	12, 40(4)
+	subf	12, 12, 10
+	std	12, 40(3)	# out5
+
+	ld	10, 48(3)
+	add	10, 10, 9
+	ld	11, 48(4)
+	subf	11, 11, 10
+	std	11, 48(3)	# out6
+
+	blr
+.size	p384_felem_diff64,.-p384_felem_diff64
 
-        startproc("p384_felem_square");
+.text
+#
+# Shift 128 bits right <nbits>
+#
+.macro SHR o_h o_l in_h in_l nbits
+	srdi	\\o_l, \\in_l, \\nbits		# shift lower right <nbits>
+	rldimi	\\o_l, \\in_h, 64-\\nbits, 0	# insert <64-nbits> from hi
+	srdi	\\o_h, \\in_h, \\nbits		# shift higher right <nbits>
+.endm
 
-        $code.=<<___;
-    vspltisw    $vzero,0
+#
+# static void felem_reduce(felem out, const widefelem in)
+#
+.global p384_felem_reduce
+.type   p384_felem_reduce,\@function
+.align 4
+p384_felem_reduce:
+
+	stdu    1, -208(1)
+	mflr	0
+	std     14, 56(1)
+	std     15, 64(1)
+	std     16, 72(1)
+	std     17, 80(1)
+	std     18, 88(1)
+	std     19, 96(1)
+	std     20, 104(1)
+	std     21, 112(1)
+	std     22, 120(1)
+	std     23, 128(1)
+	std     24, 136(1)
+	std     25, 144(1)
+	std     26, 152(1)
+	std     27, 160(1)
+	std     28, 168(1)
+	std     29, 176(1)
+	std     30, 184(1)
+	std     31, 192(1)
+
+	bl	_p384_felem_reduce_core
+
+	mtlr	0
+	ld     14, 56(1)
+	ld     15, 64(1)
+	ld     16, 72(1)
+	ld     17, 80(1)
+	ld     18, 88(1)
+	ld     19, 96(1)
+	ld     20, 104(1)
+	ld     21, 112(1)
+	ld     22, 120(1)
+	ld     23, 128(1)
+	ld     24, 136(1)
+	ld     25, 144(1)
+	ld     26, 152(1)
+	ld     27, 160(1)
+	ld     28, 168(1)
+	ld     29, 176(1)
+	ld     30, 184(1)
+	ld     31, 192(1)
+	addi	1, 1, 208
+	blr
+.size   p384_felem_reduce,.-p384_felem_reduce
 
-___
+#
+# Felem reduction core function -
+# r3 and r4 need to pre-loaded.
+#
+.type   _p384_felem_reduce_core,\@function
+.align 4
+_p384_felem_reduce_core:
+	addis   12, 2, .LConst\@toc\@ha
+	addi    12, 12, .LConst\@toc\@l
+
+	# load constat p
+	ld	11, 8(12)	# hi - two124m68
+
+	# acc[6] = in[6] + two124m68;
+	ld	26, 96(4)	# in[6].l
+	ld	27, 96+8(4)	# in[6].h
+	add	27, 27, 11
+
+	# acc[5] = in[5] + two124m68;
+	ld	24, 80(4)	# in[5].l
+	ld	25, 80+8(4)	# in[5].h
+	add	25, 25, 11
+
+	# acc[4] = in[4] + two124m68;
+	ld	22, 64(4)	# in[4].l
+	ld	23, 64+8(4)	# in[4].h
+	add	23, 23, 11
+
+	# acc[3] = in[3] + two124m68;
+	ld	20, 48(4)	# in[3].l
+	ld	21, 48+8(4)	# in[3].h
+	add	21, 21, 11
+
+	ld	11, 48+8(12)	# hi - two124m92m68
+
+	# acc[2] = in[2] + two124m92m68;
+	ld	18, 32(4)	# in[2].l
+	ld	19, 32+8(4)	# in[2].h
+	add	19, 19, 11
+
+	ld	11, 16+8(12)	# high - two124m116m68
+
+	# acc[1] = in[1] + two124m116m68;
+	ld	16, 16(4)	# in[1].l
+	ld	17, 16+8(4)	# in[1].h
+	add	17, 17, 11
+
+	ld	11, 32+8(12)	# high - two124p108m76
+
+	# acc[0] = in[0] + two124p108m76;
+	ld	14, 0(4)	# in[0].l
+	ld	15, 0+8(4)	# in[0].h
+	add	15, 15, 11
+
+	# compute mask
+	li	7, -1
+
+	# Eliminate in[12]
+
+	# acc[8] += in[12] >> 32;
+	ld	5, 192(4)	# in[12].l
+	ld	6, 192+8(4)	# in[12].h
+	SHR 9, 10, 6, 5, 32
+	ld	30, 128(4)	# in[8].l
+	ld	31, 136(4)	# in[8].h
+	addc	30, 30, 10
+	adde	31, 31, 9
+
+	# acc[7] += (in[12] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	ld	28, 112(4)	# in[7].l
+	ld	29, 120(4)	# in[7].h
+	addc	28, 28, 11
+	addze	29, 29
+
+	# acc[7] += in[12] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	28, 28, 10
+	adde	29, 29, 9
+
+	# acc[6] += (in[12] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	26, 26, 11
+	addze	27, 27
+
+	# acc[6] -= in[12] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	26, 10, 26
+	subfe	27, 9, 27
+
+	# acc[5] -= (in[12] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	24, 11, 24
+	subfe	25, 9, 25
+
+	# acc[6] += in[12] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] += (in[12] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	24, 24, 11
+	addze	25, 25
+
+	# Eliminate in[11]
+
+	# acc[7] += in[11] >> 32;
+	ld	5, 176(4)	# in[11].l
+	ld	6, 176+8(4)	# in[11].h
+	SHR 9, 10, 6, 5, 32
+	addc	28, 28, 10
+	adde	29, 29, 9
+
+	# acc[6] += (in[11] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	26, 26, 11
+	addze	27, 27
+
+	# acc[6] += in[11] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] += (in[11] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	24, 24, 11
+	addze	25, 25
+
+	# acc[5] -= in[11] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	24, 10, 24
+	subfe	25, 9, 25
+
+	# acc[4] -= (in[11] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	22, 11, 22
+	subfe	23, 9, 23
+
+	# acc[5] += in[11] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] += (in[11] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	22, 22, 11
+	addze	23, 23
+
+	# Eliminate in[10]
+
+	# acc[6] += in[10] >> 32;
+	ld	5, 160(4)	# in[10].l
+	ld	6, 160+8(4)	# in[10].h
+	SHR 9, 10, 6, 5, 32
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] += (in[10] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	24, 24, 11
+	addze	25, 25
+
+	# acc[5] += in[10] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] += (in[10] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	22, 22, 11
+	addze	23, 23
+
+	# acc[4] -= in[10] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	22, 10, 22
+	subfe	23, 9, 23
+
+	# acc[3] -= (in[10] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	20, 11, 20
+	subfe	21, 9, 21
+
+	# acc[4] += in[10] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] += (in[10] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	20, 20, 11
+	addze	21, 21
+
+	# Eliminate in[9]
+
+	# acc[5] += in[9] >> 32;
+	ld	5, 144(4)	# in[9].l
+	ld	6, 144+8(4)	# in[9].h
+	SHR 9, 10, 6, 5, 32
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] += (in[9] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	22, 22, 11
+	addze	23, 23
+
+	# acc[4] += in[9] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] += (in[9] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	20, 20, 11
+	addze	21, 21
+
+	# acc[3] -= in[9] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	20, 10, 20
+	subfe	21, 9, 21
+
+	# acc[2] -= (in[9] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	18, 11, 18
+	subfe	19, 9, 19
+
+	# acc[3] += in[9] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (in[9] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	18, 18, 11
+	addze	19, 19
+
+	# Eliminate acc[8]
+
+	# acc[4] += acc[8] >> 32;
+	mr	5, 30		# acc[8].l
+	mr	6, 31		# acc[8].h
+	SHR 9, 10, 6, 5, 32
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] += (acc[8] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	20, 20, 11
+	addze	21, 21
+
+	# acc[3] += acc[8] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (acc[8] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	18, 18, 11
+	addze	19, 19
+
+	# acc[2] -= acc[8] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	18, 10, 18
+	subfe	19, 9, 19
+
+	# acc[1] -= (acc[8] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	16, 11, 16
+	subfe	17, 9, 17
+
+	#acc[2] += acc[8] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] += (acc[8] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	16, 16, 11
+	addze	17, 17
+
+	# Eliminate acc[7]
+
+	# acc[3] += acc[7] >> 32;
+	mr	5, 28		# acc[7].l
+	mr	6, 29		# acc[7].h
+	SHR 9, 10, 6, 5, 32
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (acc[7] & 0xffffffff) << 24;
+	srdi	11, 7, 32	# 0xffffffff
+	and	11, 11, 5
+	sldi	11, 11, 24	# << 24
+	addc	18, 18, 11
+	addze	19, 19
+
+	# acc[2] += acc[7] >> 8;
+	SHR 9, 10, 6, 5, 8
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] += (acc[7] & 0xff) << 48;
+	andi.	11, 5, 0xff
+	sldi	11, 11, 48
+	addc	16, 16, 11
+	addze	17, 17
+
+	# acc[1] -= acc[7] >> 16;
+	SHR 9, 10, 6, 5, 16
+	subfc	16, 10, 16
+	subfe	17, 9, 17
+
+	# acc[0] -= (acc[7] & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	11, 11, 5
+	sldi	11, 11, 40	# << 40
+	li	9, 0
+	subfc	14, 11, 14
+	subfe	15, 9, 15
+
+	# acc[1] += acc[7] >> 48;
+	SHR 9, 10, 6, 5, 48
+	addc	16, 16, 10
+	adde	17, 17, 9
+
+	# acc[0] += (acc[7] & 0xffffffffffff) << 8;
+	srdi	11, 7, 16	# 0xffffffffffff
+	and	11, 11, 5
+	sldi	11, 11, 8	# << 8
+	addc	14, 14, 11
+	addze	15, 15
+
+	#
+	# Carry 4 -> 5 -> 6
+	#
+	# acc[5] += acc[4] >> 56;
+	# acc[4] &= 0x00ffffffffffffff;
+	SHR 9, 10, 23, 22, 56
+	addc	24, 24, 10
+	adde	25, 25, 9
+	srdi	11, 7, 8	# 0x00ffffffffffffff
+	and	22, 22, 11
+	li	23, 0
+
+	# acc[6] += acc[5] >> 56;
+	# acc[5] &= 0x00ffffffffffffff;
+	SHR 9, 10, 25, 24, 56
+	addc	26, 26, 10
+	adde	27, 27, 9
+	and	24, 24, 11
+	li	25, 0
+
+	# [3]: Eliminate high bits of acc[6] */
+	# temp = acc[6] >> 48;
+	# acc[6] &= 0x0000ffffffffffff;
+	SHR 31, 30, 27, 26, 48	# temp = acc[6] >> 48
+	srdi	11, 7, 16	# 0x0000ffffffffffff
+	and	26, 26, 11
+	li	27, 0
+
+	# temp < 2^80
+	# acc[3] += temp >> 40;
+	SHR 9, 10, 31, 30, 40
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] += (temp & 0xffffffffff) << 16;
+	srdi	11, 7, 24	# 0xffffffffff
+	and	10, 30, 11
+	sldi	10, 10, 16
+	addc	18, 18, 10
+	addze	19, 19
+
+	# acc[2] += temp >> 16;
+	SHR 9, 10, 31, 30, 16
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] += (temp & 0xffff) << 40;
+	srdi	11, 7, 48	# 0xffff
+	and	10, 30, 11
+	sldi	10, 10, 40
+	addc	16, 16, 10
+	addze	17, 17
+
+	# acc[1] -= temp >> 24;
+	SHR 9, 10, 31, 30, 24
+	subfc	16, 10, 16
+	subfe	17, 9, 17
+
+	# acc[0] -= (temp & 0xffffff) << 32;
+	srdi	11, 7, 40	# 0xffffff
+	and	10, 30, 11
+	sldi	10, 10, 32
+	li	9, 0
+	subfc	14, 10, 14
+	subfe	15, 9, 15
+
+	# acc[0] += temp;
+	addc	14, 14, 30
+	adde	15, 15, 31
+
+	# Carry 0 -> 1 -> 2 -> 3 -> 4 -> 5 -> 6
+	#
+	# acc[1] += acc[0] >> 56;   /* acc[1] < acc_old[1] + 2^72 */
+	SHR 9, 10, 15, 14, 56
+	addc	16, 16, 10
+	adde	17, 17, 9
+
+	# acc[0] &= 0x00ffffffffffffff;
+	srdi	11, 7, 8	# 0x00ffffffffffffff
+	and	14, 14, 11
+	li	15, 0
+
+	# acc[2] += acc[1] >> 56;   /* acc[2] < acc_old[2] + 2^72 + 2^16 */
+	SHR 9, 10, 17, 16, 56
+	addc	18, 18, 10
+	adde	19, 19, 9
+
+	# acc[1] &= 0x00ffffffffffffff;
+	and	16, 16, 11
+	li	17, 0
+
+	# acc[3] += acc[2] >> 56;   /* acc[3] < acc_old[3] + 2^72 + 2^16 */
+	SHR 9, 10, 19, 18, 56
+	addc	20, 20, 10
+	adde	21, 21, 9
+
+	# acc[2] &= 0x00ffffffffffffff;
+	and	18, 18, 11
+	li	19, 0
+
+	# acc[4] += acc[3] >> 56;
+	SHR 9, 10, 21, 20, 56
+	addc	22, 22, 10
+	adde	23, 23, 9
+
+	# acc[3] &= 0x00ffffffffffffff;
+	and	20, 20, 11
+	li	21, 0
+
+	# acc[5] += acc[4] >> 56;
+	SHR 9, 10, 23, 22, 56
+	addc	24, 24, 10
+	adde	25, 25, 9
+
+	# acc[4] &= 0x00ffffffffffffff;
+	and	22, 22, 11
+
+	# acc[6] += acc[5] >> 56;
+	SHR 9, 10, 25, 24, 56
+	addc	26, 26, 10
+	adde	27, 27, 9
+
+	# acc[5] &= 0x00ffffffffffffff;
+	and	24, 24, 11
+
+	std	14, 0(3)
+	std	16, 8(3)
+	std	18, 16(3)
+	std	20, 24(3)
+	std	22, 32(3)
+	std	24, 40(3)
+	std	26, 48(3)
+	blr
+.size   _p384_felem_reduce_core,.-_p384_felem_reduce_core
+
+.data
+.align 4
+.LConst:
+# two124m68:
+.long 0x0, 0x0, 0xfffffff0, 0xfffffff
+# two124m116m68:
+.long 0x0, 0x0, 0xfffffff0, 0xfefffff
+#two124p108m76:
+.long 0x0, 0x0, 0xfffff000, 0x10000fff
+#two124m92m68:
+.long 0x0, 0x0, 0xeffffff0, 0xfffffff
 
-        load_vrs($inp, \@in);
+.text
 
-        $code.=<<___;
-    li        $zero,0
-    li        $one,1
-    mtvsrdd        $t1,$one,$zero
-___
+#
+# void p384_felem_square_reduce(felem out, const felem in)
+#
+.global p384_felem_square_reduce
+.type   p384_felem_square_reduce,\@function
+.align 4
+p384_felem_square_reduce:
+	stdu    1, -512(1)
+	mflr	0
+	std     14, 56(1)
+	std     15, 64(1)
+	std     16, 72(1)
+	std     17, 80(1)
+	std     18, 88(1)
+	std     19, 96(1)
+	std     20, 104(1)
+	std     21, 112(1)
+	std     22, 120(1)
+	std     23, 128(1)
+	std     24, 136(1)
+	std     25, 144(1)
+	std     26, 152(1)
+	std     27, 160(1)
+	std     28, 168(1)
+	std     29, 176(1)
+	std     30, 184(1)
+	std     31, 192(1)
+
+	std	3, 496(1)
+	addi	3, 1, 208
+	bl _p384_felem_square_core
+
+	mr	4, 3
+	ld	3, 496(1)
+	bl _p384_felem_reduce_core
+
+	ld     14, 56(1)
+	ld     15, 64(1)
+	ld     16, 72(1)
+	ld     17, 80(1)
+	ld     18, 88(1)
+	ld     19, 96(1)
+	ld     20, 104(1)
+	ld     21, 112(1)
+	ld     22, 120(1)
+	ld     23, 128(1)
+	ld     24, 136(1)
+	ld     25, 144(1)
+	ld     26, 152(1)
+	ld     27, 160(1)
+	ld     28, 168(1)
+	ld     29, 176(1)
+	ld     30, 184(1)
+	ld     31, 192(1)
+	addi	1, 1, 512
+	mtlr	0
+	blr
+.size   p384_felem_square_reduce,.-p384_felem_square_reduce
 
-        for (my $i = 0; $i <= 6; $i++) {
-            $code.=<<___;
-    vsld        $inx2[$i],$in[$i],$t1
-___
-        }
-
-        $code.=<<___;
-    vmsumudm    $out,$in[0],$in[0],$vzero
-    stxv        $out,0($outp)
-
-    vmsumudm    $out,$in[0],$inx2[1],$vzero
-    stxv        $out,16($outp)
-
-    vmsumudm    $out,$in[0],$inx2[2],$vzero
-    vmsumudm    $out,$in[1],$in[1],$out
-    stxv        $out,32($outp)
-
-    xxpermdi    $t1,$in[0],$in[1],0b00
-    xxpermdi    $t2,$inx2[3],$inx2[2],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,48($outp)
-
-    xxpermdi    $t4,$inx2[4],$inx2[3],0b00
-    vmsumudm    $out,$t1,$t4,$vzero
-    vmsumudm    $out,$in[2],$in[2],$out
-    stxv        $out,64($outp)
-
-    xxpermdi    $t2,$inx2[5],$inx2[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in[2],$inx2[3],$out
-    stxv        $out,80($outp)
-
-    xxpermdi    $t2,$inx2[6],$inx2[5],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in[2],$inx2[4],$out
-    vmsumudm    $out,$in[3],$in[3],$out
-    stxv        $out,96($outp)
-
-    xxpermdi    $t3,$in[1],$in[2],0b00
-    vmsumudm    $out,$t3,$t2,$vzero
-    vmsumudm    $out,$in[3],$inx2[4],$out
-    stxv        $out,112($outp)
-
-    xxpermdi    $t1,$in[2],$in[3],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    vmsumudm    $out,$in[4],$in[4],$out
-    stxv        $out,128($outp)
-
-    xxpermdi    $t1,$in[3],$in[4],0b00
-    vmsumudm    $out,$t1,$t2,$vzero
-    stxv        $out,144($outp)
-
-    vmsumudm    $out,$in[4],$inx2[6],$vzero
-    vmsumudm    $out,$in[5],$in[5],$out
-    stxv        $out,160($outp)
-
-    vmsumudm    $out,$in[5],$inx2[6],$vzero
-    stxv        $out,176($outp)
-
-    vmsumudm    $out,$in[6],$in[6],$vzero
-    stxv        $out,192($outp)
+#
+# void p384_felem_mul_reduce(felem out, const felem in1, const felem in2)
+#
+.global p384_felem_mul_reduce
+.type   p384_felem_mul_reduce,\@function
+.align 5
+p384_felem_mul_reduce:
+	stdu    1, -512(1)
+	mflr	0
+	std     14, 56(1)
+	std     15, 64(1)
+	std     16, 72(1)
+	std     17, 80(1)
+	std     18, 88(1)
+	std     19, 96(1)
+	std     20, 104(1)
+	std     21, 112(1)
+	std     22, 120(1)
+	std     23, 128(1)
+	std     24, 136(1)
+	std     25, 144(1)
+	std     26, 152(1)
+	std     27, 160(1)
+	std     28, 168(1)
+	std     29, 176(1)
+	std     30, 184(1)
+	std     31, 192(1)
+
+	std	3, 496(1)
+	addi	3, 1, 208
+	bl _p384_felem_mul_core
+
+	mr	4, 3
+	ld	3, 496(1)
+	bl _p384_felem_reduce_core
+
+	ld     14, 56(1)
+	ld     15, 64(1)
+	ld     16, 72(1)
+	ld     17, 80(1)
+	ld     18, 88(1)
+	ld     19, 96(1)
+	ld     20, 104(1)
+	ld     21, 112(1)
+	ld     22, 120(1)
+	ld     23, 128(1)
+	ld     24, 136(1)
+	ld     25, 144(1)
+	ld     26, 152(1)
+	ld     27, 160(1)
+	ld     28, 168(1)
+	ld     29, 176(1)
+	ld     30, 184(1)
+	ld     31, 192(1)
+	addi	1, 1, 512
+	mtlr	0
+	blr
+.size   p384_felem_mul_reduce,.-p384_felem_mul_reduce
 ___
 
-        endproc("p384_felem_square");
-    }
-}
-
 $code =~ s/\`([^\`]*)\`/eval $1/gem;
 print $code;
 close STDOUT or die "error closing STDOUT: $!";

libs/openssl/crypto/ec/ec_key.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -256,10 +256,7 @@ static int ecdsa_keygen_knownanswer_test(EC_KEY *eckey, BN_CTX *ctx,
     int len, ret = 0;
     OSSL_SELF_TEST *st = NULL;
     unsigned char bytes[512] = {0};
-    EC_POINT *pub_key2 = EC_POINT_new(eckey->group);
-
-    if (pub_key2 == NULL)
-        return 0;
+    EC_POINT *pub_key2 = NULL;
 
     st = OSSL_SELF_TEST_new(cb, cbarg);
     if (st == NULL)
@@ -268,6 +265,9 @@ static int ecdsa_keygen_knownanswer_test(EC_KEY *eckey, BN_CTX *ctx,
     OSSL_SELF_TEST_onbegin(st, OSSL_SELF_TEST_TYPE_PCT_KAT,
                                OSSL_SELF_TEST_DESC_PCT_ECDSA);
 
+    if ((pub_key2 = EC_POINT_new(eckey->group)) == NULL)
+        goto err;
+
     /* pub_key = priv_key * G (where G is a point on the curve) */
     if (!EC_POINT_mul(eckey->group, pub_key2, eckey->priv_key, NULL, NULL, ctx))
         goto err;

libs/openssl/crypto/ec/ecp_nistp384.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -252,6 +252,16 @@ static void felem_neg(felem out, const felem in)
     out[6] = two60m4 - in[6];
 }
 
+#if defined(ECP_NISTP384_ASM)
+void p384_felem_diff64(felem out, const felem in);
+void p384_felem_diff128(widefelem out, const widefelem in);
+void p384_felem_diff_128_64(widefelem out, const felem in);
+
+# define felem_diff64           p384_felem_diff64
+# define felem_diff128          p384_felem_diff128
+# define felem_diff_128_64      p384_felem_diff_128_64
+
+#else
 /*-
  * felem_diff64 subtracts |in| from |out|
  * On entry:
@@ -369,6 +379,7 @@ static void felem_diff128(widefelem out, const widefelem in)
     for (i = 0; i < 2*NLIMBS-1; i++)
         out[i] -= in[i];
 }
+#endif /* ECP_NISTP384_ASM */
 
 static void felem_square_ref(widefelem out, const felem in)
 {
@@ -503,7 +514,7 @@ static void felem_mul_ref(widefelem out, const felem in1, const felem in2)
  * [3]: Y = 2^48 (acc[6] >> 48)
  * (Where a | b | c | d = (2^56)^3 a + (2^56)^2 b + (2^56) c + d)
  */
-static void felem_reduce(felem out, const widefelem in)
+static void felem_reduce_ref(felem out, const widefelem in)
 {
     /*
      * In order to prevent underflow, we add a multiple of p before subtracting.
@@ -673,6 +684,22 @@ static void felem_reduce(felem out, const widefelem in)
         out[i] = acc[i];
 }
 
+static ossl_inline void felem_square_reduce_ref(felem out, const felem in)
+{
+    widefelem tmp;
+
+    felem_square_ref(tmp, in);
+    felem_reduce_ref(out, tmp);
+}
+
+static ossl_inline void felem_mul_reduce_ref(felem out, const felem in1, const felem in2)
+{
+    widefelem tmp;
+
+    felem_mul_ref(tmp, in1, in2);
+    felem_reduce_ref(out, tmp);
+}
+
 #if defined(ECP_NISTP384_ASM)
 static void felem_square_wrapper(widefelem out, const felem in);
 static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2);
@@ -682,8 +709,19 @@ static void (*felem_square_p)(widefelem out, const felem in) =
 static void (*felem_mul_p)(widefelem out, const felem in1, const felem in2) =
     felem_mul_wrapper;
 
+static void (*felem_reduce_p)(felem out, const widefelem in) = felem_reduce_ref;
+
+static void (*felem_square_reduce_p)(felem out, const felem in) =
+    felem_square_reduce_ref;
+static void (*felem_mul_reduce_p)(felem out, const felem in1, const felem in2) =
+    felem_mul_reduce_ref;
+
 void p384_felem_square(widefelem out, const felem in);
 void p384_felem_mul(widefelem out, const felem in1, const felem in2);
+void p384_felem_reduce(felem out, const widefelem in);
+
+void p384_felem_square_reduce(felem out, const felem in);
+void p384_felem_mul_reduce(felem out, const felem in1, const felem in2);
 
 # if defined(_ARCH_PPC64)
 #  include "crypto/ppc_arch.h"
@@ -695,6 +733,9 @@ static void felem_select(void)
     if ((OPENSSL_ppccap_P & PPC_MADD300) && (OPENSSL_ppccap_P & PPC_ALTIVEC)) {
         felem_square_p = p384_felem_square;
         felem_mul_p = p384_felem_mul;
+        felem_reduce_p = p384_felem_reduce;
+        felem_square_reduce_p = p384_felem_square_reduce;
+        felem_mul_reduce_p = p384_felem_mul_reduce;
 
         return;
     }
@@ -703,6 +744,9 @@ static void felem_select(void)
     /* Default */
     felem_square_p = felem_square_ref;
     felem_mul_p = felem_mul_ref;
+    felem_reduce_p = felem_reduce_ref;
+    felem_square_reduce_p = felem_square_reduce_ref;
+    felem_mul_reduce_p = felem_mul_reduce_ref;
 }
 
 static void felem_square_wrapper(widefelem out, const felem in)
@@ -719,26 +763,18 @@ static void felem_mul_wrapper(widefelem out, const felem in1, const felem in2)
 
 # define felem_square felem_square_p
 # define felem_mul felem_mul_p
+# define felem_reduce felem_reduce_p
+
+# define felem_square_reduce felem_square_reduce_p
+# define felem_mul_reduce felem_mul_reduce_p
 #else
 # define felem_square felem_square_ref
 # define felem_mul felem_mul_ref
-#endif
-
-static ossl_inline void felem_square_reduce(felem out, const felem in)
-{
-    widefelem tmp;
+# define felem_reduce felem_reduce_ref
 
-    felem_square(tmp, in);
-    felem_reduce(out, tmp);
-}
-
-static ossl_inline void felem_mul_reduce(felem out, const felem in1, const felem in2)
-{
-    widefelem tmp;
-
-    felem_mul(tmp, in1, in2);
-    felem_reduce(out, tmp);
-}
+# define felem_square_reduce felem_square_reduce_ref
+# define felem_mul_reduce felem_mul_reduce_ref
+#endif
 
 /*-
  * felem_inv calculates |out| = |in|^{-1}

libs/openssl/crypto/encode_decode/encoder_pkey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -210,6 +210,7 @@ encoder_construct_pkey(OSSL_ENCODER_INSTANCE *encoder_inst, void *arg)
 static void encoder_destruct_pkey(void *arg)
 {
     struct construct_data_st *data = arg;
+    int match = (data->obj == data->constructed_obj);
 
     if (data->encoder_inst != NULL) {
         OSSL_ENCODER *encoder =
@@ -218,6 +219,8 @@ static void encoder_destruct_pkey(void *arg)
         encoder->free_object(data->constructed_obj);
     }
     data->constructed_obj = NULL;
+    if (match)
+        data->obj = NULL;
 }
 
 /*

libs/openssl/crypto/evp/bio_enc.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -157,6 +157,7 @@ static int enc_read(BIO *b, char *out, int outl)
             /* Should be continue next time we are called? */
             if (!BIO_should_retry(next)) {
                 ctx->cont = i;
+                ctx->finished = 1;
                 i = EVP_CipherFinal_ex(ctx->cipher,
                                        ctx->buf, &(ctx->buf_len));
                 ctx->ok = i;

libs/openssl/crypto/evp/ctrl_params_translate.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2895,11 +2895,15 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
 
 int evp_pkey_ctx_set_params_to_ctrl(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
 {
+    if (ctx->keymgmt != NULL)
+        return 0;
     return evp_pkey_ctx_setget_params_to_ctrl(ctx, SET, (OSSL_PARAM *)params);
 }
 
 int evp_pkey_ctx_get_params_to_ctrl(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
 {
+    if (ctx->keymgmt != NULL)
+        return 0;
     return evp_pkey_ctx_setget_params_to_ctrl(ctx, GET, params);
 }
 

libs/openssl/crypto/evp/evp_pbe.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,7 +40,8 @@ static const EVP_PBE_CTL builtin_pbe[] = {
     {EVP_PBE_TYPE_OUTER, NID_pbeWithSHA1AndRC2_CBC,
      NID_rc2_64_cbc, NID_sha1, PKCS5_PBE_keyivgen, PKCS5_PBE_keyivgen_ex},
 
-    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen},
+    {EVP_PBE_TYPE_OUTER, NID_id_pbkdf2, -1, -1, PKCS5_v2_PBKDF2_keyivgen,
+     PKCS5_v2_PBKDF2_keyivgen_ex},
 
     {EVP_PBE_TYPE_OUTER, NID_pbe_WithSHA1And128BitRC4,
      NID_rc4, NID_sha1, PKCS12_PBE_keyivgen, &PKCS12_PBE_keyivgen_ex},

libs/openssl/crypto/evp/evp_rand.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -646,10 +646,8 @@ static int evp_rand_nonce_locked(EVP_RAND_CTX *ctx, unsigned char *out,
 {
     unsigned int str = evp_rand_strength_locked(ctx);
 
-    if (ctx->meth->nonce == NULL)
-        return 0;
-    if (ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen))
-        return 1;
+    if (ctx->meth->nonce != NULL)
+        return ctx->meth->nonce(ctx->algctx, out, str, outlen, outlen) > 0;
     return evp_rand_generate_locked(ctx, out, outlen, str, 0, NULL, 0);
 }
 
@@ -657,6 +655,11 @@ int EVP_RAND_nonce(EVP_RAND_CTX *ctx, unsigned char *out, size_t outlen)
 {
     int res;
 
+    if (ctx == NULL || out == NULL || outlen == 0) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (!evp_rand_lock(ctx))
         return 0;
     res = evp_rand_nonce_locked(ctx, out, outlen);

libs/openssl/crypto/evp/exchange.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -431,7 +431,13 @@ int EVP_PKEY_derive_set_peer_ex(EVP_PKEY_CTX *ctx, EVP_PKEY *peer,
      */
     if (provkey == NULL)
         goto legacy;
-    return ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    ret = ctx->op.kex.exchange->set_peer(ctx->op.kex.algctx, provkey);
+    if (ret <= 0)
+        return ret;
+    EVP_PKEY_free(ctx->peerkey);
+    ctx->peerkey = peer;
+    EVP_PKEY_up_ref(peer);
+    return 1;
 
  legacy:
 #ifdef FIPS_MODULE

libs/openssl/crypto/evp/legacy_sha.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -215,7 +215,7 @@ const EVP_MD *EVP_shake##bitlen(void)                                          \
         NID_shake##bitlen,                                                     \
         0,                                                                     \
         bitlen / 8,                                                            \
-        EVP_MD_FLAG_XOF,                                                       \
+        EVP_MD_FLAG_XOF | EVP_MD_FLAG_DIGALGID_ABSENT,                         \
         EVP_ORIG_GLOBAL,                                                       \
         LEGACY_EVP_MD_METH_TABLE(shake_init, sha3_int_update, sha3_int_final,  \
                         shake_ctrl, (KECCAK1600_WIDTH - bitlen * 2) / 8),      \

libs/openssl/crypto/evp/pmeth_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -493,6 +493,12 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
     }
     rctx->legacy_keytype = pctx->legacy_keytype;
 
+    if (pctx->keymgmt != NULL) {
+        if (!EVP_KEYMGMT_up_ref(pctx->keymgmt))
+            goto err;
+        rctx->keymgmt = pctx->keymgmt;
+    }
+
     if (EVP_PKEY_CTX_IS_DERIVE_OP(pctx)) {
         if (pctx->op.kex.exchange != NULL) {
             rctx->op.kex.exchange = pctx->op.kex.exchange;
@@ -596,6 +602,9 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(const EVP_PKEY_CTX *pctx)
             EVP_KEYMGMT *tmp_keymgmt = pctx->keymgmt;
             void *provkey;
 
+            if (pctx->pkey == NULL)
+                return rctx;
+
             provkey = evp_pkey_export_to_provider(pctx->pkey, pctx->libctx,
                                                   &tmp_keymgmt, pctx->propquery);
             if (provkey == NULL)
@@ -713,8 +722,9 @@ int EVP_PKEY_CTX_set_params(EVP_PKEY_CTX *ctx, const OSSL_PARAM *params)
                 ctx->op.encap.kem->set_ctx_params(ctx->op.encap.algctx,
                                                   params);
         break;
-#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_LEGACY:
         return evp_pkey_ctx_set_params_to_ctrl(ctx, params);
 #endif
@@ -751,8 +761,9 @@ int EVP_PKEY_CTX_get_params(EVP_PKEY_CTX *ctx, OSSL_PARAM *params)
                 ctx->op.encap.kem->get_ctx_params(ctx->op.encap.algctx,
                                                   params);
         break;
-#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_UNKNOWN:
+        break;
+#ifndef FIPS_MODULE
     case EVP_PKEY_STATE_LEGACY:
         return evp_pkey_ctx_get_params_to_ctrl(ctx, params);
 #endif

libs/openssl/crypto/loongarch64cpuid.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,10 +16,9 @@
 ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19));
 ($fp)=map("\$r$_",(22));
 
-
-for (@ARGV) {   $output=$_ if (/\w[\w\-]*\.\w+$/);      }
-open STDOUT,">$output";
-while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+# $output is the last argument if it looks like a file (it has an extension)
+my $output;
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";
 
 {

libs/openssl/crypto/params_dup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -190,18 +190,18 @@ OSSL_PARAM *OSSL_PARAM_merge(const OSSL_PARAM *p1, const OSSL_PARAM *p2)
     while (1) {
         /* If list1 is finished just tack list2 onto the end */
         if (*p1cur == NULL) {
-            do {
+            while (*p2cur != NULL) {
                 *dst++ = **p2cur;
                 p2cur++;
-            } while (*p2cur != NULL);
+            }
             break;
         }
         /* If list2 is finished just tack list1 onto the end */
         if (*p2cur == NULL) {
-            do {
+            while (*p1cur != NULL) {
                 *dst++ = **p1cur;
                 p1cur++;
-            } while (*p1cur != NULL);
+            }
             break;
         }
         /* consume the list element with the smaller key */

libs/openssl/crypto/perlasm/sparcv9_modes.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2012-2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -46,8 +46,8 @@ $::code.=<<___;
 .align	32
 ${alg}${bits}_t4_cbc_encrypt:
 	save		%sp, -$::frame, %sp
-	cmp		$len, 0
-	be,pn		$::size_t_cc, .L${bits}_cbc_enc_abort
+	cmp		$len, 15
+	bleu,pn	$::size_t_cc, .L${bits}_cbc_enc_abort
 	srln		$len, 0, $len		! needed on v8+, "nop" on v9
 	sub		$inp, $out, $blk_init	! $inp!=$out
 ___
@@ -264,8 +264,8 @@ $::code.=<<___;
 .align	32
 ${alg}${bits}_t4_cbc_decrypt:
 	save		%sp, -$::frame, %sp
-	cmp		$len, 0
-	be,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
+	cmp		$len, 15
+	bleu,pn		$::size_t_cc, .L${bits}_cbc_dec_abort
 	srln		$len, 0, $len		! needed on v8+, "nop" on v9
 	sub		$inp, $out, $blk_init	! $inp!=$out
 ___

libs/openssl/crypto/pkcs7/pk7_smime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -327,10 +327,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     if (flags & PKCS7_TEXT) {
         if (!SMIME_text(tmpout, out)) {
             ERR_raise(ERR_LIB_PKCS7, PKCS7_R_SMIME_TEXT_ERROR);
-            BIO_free(tmpout);
             goto err;
         }
-        BIO_free(tmpout);
     }
 
     /* Now Verify All Signatures */
@@ -348,6 +346,8 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store,
     ret = 1;
 
  err:
+    if (flags & PKCS7_TEXT)
+        BIO_free(tmpout);
     X509_STORE_CTX_free(cert_ctx);
     OPENSSL_free(buf);
     if (indata != NULL)

libs/openssl/crypto/property/property.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -321,7 +321,7 @@ int ossl_method_store_add(OSSL_METHOD_STORE *store, const OSSL_PROVIDER *prov,
 
     /* Insert into the hash table if required */
     if (!ossl_property_write_lock(store)) {
-        OPENSSL_free(impl);
+        impl_free(impl);
         return 0;
     }
     ossl_method_cache_flush(store, nid);

libs/openssl/crypto/provider_conf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -338,7 +338,7 @@ static int provider_conf_load(OSSL_LIB_CTX *libctx, const char *name,
             ok = provider_conf_params(NULL, &entry, NULL, value, cnf);
         if (ok >= 1 && (entry.path != NULL || entry.parameters != NULL)) {
             ok = ossl_provider_info_add_to_store(libctx, &entry);
-            added = 1;
+            added = ok;
         }
         if (added == 0)
             ossl_provider_info_clear(&entry);

libs/openssl/crypto/sm3/asm/sm3-armv8.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -141,13 +141,13 @@ ossl_hwsm3_block_data_order:
 
 .Loop:
 	// load input
-	ld1     {$s0.16b-$s3.16b}, [$pdata], #64
+	ld1     {$s0.4s-$s3.4s}, [$pdata], #64
 	sub     $num, $num, #1
 
 	mov     $bkstate1.16b, $state1.16b
 	mov     $bkstate2.16b, $state2.16b
 
-#ifndef __ARMEB__
+#ifndef __AARCH64EB__
 	rev32   $s0.16b, $s0.16b
 	rev32   $s1.16b, $s1.16b
 	rev32   $s2.16b, $s2.16b

libs/openssl/crypto/sm4/asm/sm4-armv8.pl

@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ sub rev32() {
 my $dst = shift;
 my $src = shift;
 $code.=<<___;
-#ifndef __ARMEB__
+#ifndef __AARCH64EB__
 	rev32	$dst.16b,$src.16b
 #endif
 ___
@@ -393,7 +393,7 @@ ___
 	&enc_blk($ivec);
 	&rev32($ivec,$ivec);
 $code.=<<___;
-	st1	{$ivec.16b},[$out],#16
+	st1	{$ivec.4s},[$out],#16
 	b.ne	1b
 	b	3f
 .Ldec:
@@ -474,11 +474,11 @@ ___
 $code.=<<___;
 	eor	@dat[0].16b,@dat[0].16b,$ivec.16b
 	mov	$ivec.16b,@in[0].16b
-	st1	{@dat[0].16b},[$out],#16
+	st1	{@dat[0].4s},[$out],#16
 	b.ne	1b
 3:
 	// save back IV
-	st1	{$ivec.16b},[$ivp]
+	st1	{$ivec.4s},[$ivp]
 	ldp	d8,d9,[sp],#16
 	ret
 .size	${prefix}_cbc_encrypt,.-${prefix}_cbc_encrypt

libs/openssl/crypto/threads_none.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -74,18 +74,28 @@ int CRYPTO_THREAD_run_once(CRYPTO_ONCE *once, void (*init)(void))
 
 #define OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX 256
 
-static void *thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
+struct thread_local_storage_entry {
+    void *data;
+    uint8_t used;
+};
+
+static struct thread_local_storage_entry thread_local_storage[OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX];
 
 int CRYPTO_THREAD_init_local(CRYPTO_THREAD_LOCAL *key, void (*cleanup)(void *))
 {
-    static unsigned int thread_local_key = 0;
+    int entry_idx = 0;
 
-    if (thread_local_key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
-        return 0;
+    for (entry_idx = 0; entry_idx < OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX; entry_idx++) {
+        if (!thread_local_storage[entry_idx].used)
+            break;
+    }
 
-    *key = thread_local_key++;
+    if (entry_idx == OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
 
-    thread_local_storage[*key] = NULL;
+    *key = entry_idx;
+    thread_local_storage[*key].used = 1;
+    thread_local_storage[*key].data = NULL;
 
     return 1;
 }
@@ -95,7 +105,7 @@ void *CRYPTO_THREAD_get_local(CRYPTO_THREAD_LOCAL *key)
     if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
         return NULL;
 
-    return thread_local_storage[*key];
+    return thread_local_storage[*key].data;
 }
 
 int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
@@ -103,13 +113,18 @@ int CRYPTO_THREAD_set_local(CRYPTO_THREAD_LOCAL *key, void *val)
     if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
         return 0;
 
-    thread_local_storage[*key] = val;
+    thread_local_storage[*key].data = val;
 
     return 1;
 }
 
 int CRYPTO_THREAD_cleanup_local(CRYPTO_THREAD_LOCAL *key)
 {
+    if (*key >= OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX)
+        return 0;
+
+    thread_local_storage[*key].used = 0;
+    thread_local_storage[*key].data = NULL;
     *key = OPENSSL_CRYPTO_THREAD_LOCAL_KEY_MAX + 1;
     return 1;
 }

libs/openssl/crypto/threads_pthread.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -248,7 +248,7 @@ int CRYPTO_atomic_or(uint64_t *val, uint64_t op, uint64_t *ret,
 
 int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock)
 {
-# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS)
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
     if (__atomic_is_lock_free(sizeof(*val), val)) {
         __atomic_load(val, ret, __ATOMIC_ACQUIRE);
         return 1;
@@ -271,7 +271,7 @@ int CRYPTO_atomic_load(uint64_t *val, uint64_t *ret, CRYPTO_RWLOCK *lock)
 
 int CRYPTO_atomic_load_int(int *val, int *ret, CRYPTO_RWLOCK *lock)
 {
-# if defined(__GNUC__) && defined(__ATOMIC_ACQUIRE) && !defined(BROKEN_CLANG_ATOMICS)
+# if defined(__GNUC__) && defined(__ATOMIC_ACQ_REL) && !defined(BROKEN_CLANG_ATOMICS)
     if (__atomic_is_lock_free(sizeof(*val), val)) {
         __atomic_load(val, ret, __ATOMIC_ACQUIRE);
         return 1;

libs/openssl/crypto/ts/ts_rsp_sign.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -639,8 +639,12 @@ static int ossl_ess_add1_signing_cert(PKCS7_SIGNER_INFO *si,
     }
 
     OPENSSL_free(pp);
-    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificate,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
@@ -662,8 +666,12 @@ static int ossl_ess_add1_signing_cert_v2(PKCS7_SIGNER_INFO *si,
     }
 
     OPENSSL_free(pp);
-    return PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
-                                      V_ASN1_SEQUENCE, seq);
+    if (!PKCS7_add_signed_attribute(si, NID_id_smime_aa_signingCertificateV2,
+                                    V_ASN1_SEQUENCE, seq)) {
+        ASN1_STRING_free(seq);
+        return 0;
+    }
+    return 1;
 }
 
 static int ts_RESP_sign(TS_RESP_CTX *ctx)

libs/openssl/crypto/ui/ui_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -205,6 +205,7 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
                         char *result_buf, int minsize, int maxsize)
 {
     char *prompt_copy = NULL;
+    int ret;
 
     if (prompt != NULL) {
         prompt_copy = OPENSSL_strdup(prompt);
@@ -212,9 +213,13 @@ int UI_dup_input_string(UI *ui, const char *prompt, int flags,
             return 0;
     }
 
-    return general_allocate_string(ui, prompt_copy, 1,
-                                   UIT_PROMPT, flags, result_buf, minsize,
-                                   maxsize, NULL);
+    ret = general_allocate_string(ui, prompt_copy, 1,
+                                  UIT_PROMPT, flags, result_buf, minsize,
+                                  maxsize, NULL);
+    if (ret <= 0)
+        OPENSSL_free(prompt_copy);
+
+    return ret;
 }
 
 int UI_add_verify_string(UI *ui, const char *prompt, int flags,
@@ -231,6 +236,7 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
                          const char *test_buf)
 {
     char *prompt_copy = NULL;
+    int ret;
 
     if (prompt != NULL) {
         prompt_copy = OPENSSL_strdup(prompt);
@@ -238,9 +244,12 @@ int UI_dup_verify_string(UI *ui, const char *prompt, int flags,
             return -1;
     }
 
-    return general_allocate_string(ui, prompt_copy, 1,
-                                   UIT_VERIFY, flags, result_buf, minsize,
-                                   maxsize, test_buf);
+    ret = general_allocate_string(ui, prompt_copy, 1,
+                                  UIT_VERIFY, flags, result_buf, minsize,
+                                  maxsize, test_buf);
+    if (ret <= 0)
+        OPENSSL_free(prompt_copy);
+    return ret;
 }
 
 int UI_add_input_boolean(UI *ui, const char *prompt, const char *action_desc,
@@ -260,6 +269,7 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
     char *action_desc_copy = NULL;
     char *ok_chars_copy = NULL;
     char *cancel_chars_copy = NULL;
+    int ret;
 
     if (prompt != NULL) {
         prompt_copy = OPENSSL_strdup(prompt);
@@ -285,9 +295,14 @@ int UI_dup_input_boolean(UI *ui, const char *prompt, const char *action_desc,
             goto err;
     }
 
-    return general_allocate_boolean(ui, prompt_copy, action_desc_copy,
-                                    ok_chars_copy, cancel_chars_copy, 1,
-                                    UIT_BOOLEAN, flags, result_buf);
+    ret = general_allocate_boolean(ui, prompt_copy, action_desc_copy,
+                                   ok_chars_copy, cancel_chars_copy, 1,
+                                   UIT_BOOLEAN, flags, result_buf);
+    if (ret <= 0)
+        goto err;
+
+    return ret;
+
  err:
     OPENSSL_free(prompt_copy);
     OPENSSL_free(action_desc_copy);
@@ -305,6 +320,7 @@ int UI_add_info_string(UI *ui, const char *text)
 int UI_dup_info_string(UI *ui, const char *text)
 {
     char *text_copy = NULL;
+    int ret;
 
     if (text != NULL) {
         text_copy = OPENSSL_strdup(text);
@@ -312,8 +328,11 @@ int UI_dup_info_string(UI *ui, const char *text)
             return -1;
     }
 
-    return general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
-                                   0, 0, NULL);
+    ret = general_allocate_string(ui, text_copy, 1, UIT_INFO, 0, NULL,
+                                  0, 0, NULL);
+    if (ret <= 0)
+        OPENSSL_free(text_copy);
+    return ret;
 }
 
 int UI_add_error_string(UI *ui, const char *text)
@@ -325,14 +344,19 @@ int UI_add_error_string(UI *ui, const char *text)
 int UI_dup_error_string(UI *ui, const char *text)
 {
     char *text_copy = NULL;
+    int ret;
 
     if (text != NULL) {
         text_copy = OPENSSL_strdup(text);
         if (text_copy == NULL)
             return -1;
     }
-    return general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
-                                   0, 0, NULL);
+
+    ret = general_allocate_string(ui, text_copy, 1, UIT_ERROR, 0, NULL,
+                                  0, 0, NULL);
+    if (ret <= 0)
+        OPENSSL_free(text_copy);
+    return ret;
 }
 
 char *UI_construct_prompt(UI *ui, const char *phrase_desc,

libs/openssl/crypto/x509/by_store.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -7,23 +7,34 @@
  * https://www.openssl.org/source/license.html
  */
 
+#include <openssl/safestack.h>
 #include <openssl/store.h>
 #include "internal/cryptlib.h"
 #include "crypto/x509.h"
 #include "x509_local.h"
 
+typedef struct cached_store_st {
+    char *uri;
+    OSSL_LIB_CTX *libctx;
+    char *propq;
+    OSSL_STORE_CTX *ctx;
+} CACHED_STORE;
+
+DEFINE_STACK_OF(CACHED_STORE)
+
 /* Generic object loader, given expected type and criterion */
-static int cache_objects(X509_LOOKUP *lctx, const char *uri,
-                         const OSSL_STORE_SEARCH *criterion,
-                         int depth, OSSL_LIB_CTX *libctx, const char *propq)
+static int cache_objects(X509_LOOKUP *lctx, CACHED_STORE *store,
+                         const OSSL_STORE_SEARCH *criterion, int depth)
 {
     int ok = 0;
-    OSSL_STORE_CTX *ctx = NULL;
+    OSSL_STORE_CTX *ctx = store->ctx;
     X509_STORE *xstore = X509_LOOKUP_get_store(lctx);
 
-    if ((ctx = OSSL_STORE_open_ex(uri, libctx, propq, NULL, NULL, NULL,
-                                  NULL, NULL)) == NULL)
+    if (ctx == NULL
+        && (ctx = OSSL_STORE_open_ex(store->uri, store->libctx, store->propq,
+                                     NULL, NULL, NULL, NULL, NULL)) == NULL)
         return 0;
+    store->ctx = ctx;
 
     /*
      * We try to set the criterion, but don't care if it was valid or not.
@@ -62,9 +73,15 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
              * This is an entry in the "directory" represented by the current
              * uri.  if |depth| allows, dive into it.
              */
-            if (depth > 0)
-                ok = cache_objects(lctx, OSSL_STORE_INFO_get0_NAME(info),
-                                   criterion, depth - 1, libctx, propq);
+            if (depth > 0) {
+                CACHED_STORE substore;
+
+                substore.uri = (char *)OSSL_STORE_INFO_get0_NAME(info);
+                substore.libctx = store->libctx;
+                substore.propq = store->propq;
+                substore.ctx = NULL;
+                ok = cache_objects(lctx, &substore, criterion, depth - 1);
+            }
         } else {
             /*
              * We know that X509_STORE_add_{cert|crl} increments the object's
@@ -88,27 +105,38 @@ static int cache_objects(X509_LOOKUP *lctx, const char *uri,
             break;
     }
     OSSL_STORE_close(ctx);
+    store->ctx = NULL;
 
     return ok;
 }
 
 
-/* Because OPENSSL_free is a macro and for C type match */
-static void free_uri(OPENSSL_STRING data)
+static void free_store(CACHED_STORE *store)
 {
-    OPENSSL_free(data);
+    if (store != NULL) {
+        OSSL_STORE_close(store->ctx);
+        OPENSSL_free(store->uri);
+        OPENSSL_free(store->propq);
+        OPENSSL_free(store);
+    }
 }
 
 static void by_store_free(X509_LOOKUP *ctx)
 {
-    STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
-    sk_OPENSSL_STRING_pop_free(uris, free_uri);
+    STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+    sk_CACHED_STORE_pop_free(stores, free_store);
 }
 
 static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
                             long argl, char **retp, OSSL_LIB_CTX *libctx,
                             const char *propq)
 {
+    /*
+     * In some cases below, failing to use the defaults shouldn't result in
+     * an error.  |use_default| is used as the return code in those cases.
+     */
+    int use_default = argp == NULL;
+
     switch (cmd) {
     case X509_L_ADD_STORE:
         /* If no URI is given, use the default cert dir as default URI */
@@ -119,21 +147,50 @@ static int by_store_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argp,
             argp = X509_get_default_cert_dir();
 
         {
-            STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
-            char *data = OPENSSL_strdup(argp);
+            STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
+            CACHED_STORE *store = OPENSSL_zalloc(sizeof(*store));
 
-            if (data == NULL) {
+            if (store == NULL) {
                 return 0;
             }
-            if (uris == NULL) {
-                uris = sk_OPENSSL_STRING_new_null();
-                X509_LOOKUP_set_method_data(ctx, uris);
+
+            store->uri = OPENSSL_strdup(argp);
+            store->libctx = libctx;
+            if (propq != NULL)
+                store->propq = OPENSSL_strdup(propq);
+            store->ctx = OSSL_STORE_open_ex(argp, libctx, propq, NULL, NULL,
+                                           NULL, NULL, NULL);
+            if (store->ctx == NULL
+                || (propq != NULL && store->propq == NULL)
+                || store->uri == NULL) {
+                free_store(store);
+                return use_default;
+            }
+
+            if (stores == NULL) {
+                stores = sk_CACHED_STORE_new_null();
+                if (stores != NULL)
+                    X509_LOOKUP_set_method_data(ctx, stores);
             }
-            return sk_OPENSSL_STRING_push(uris, data) > 0;
+            if (stores == NULL || sk_CACHED_STORE_push(stores, store) <= 0) {
+                free_store(store);
+                return 0;
+            }
+            return 1;
         }
-    case X509_L_LOAD_STORE:
+    case X509_L_LOAD_STORE: {
         /* This is a shortcut for quick loading of specific containers */
-        return cache_objects(ctx, argp, NULL, 0, libctx, propq);
+        CACHED_STORE store;
+
+        store.uri = (char *)argp;
+        store.libctx = libctx;
+        store.propq = (char *)propq;
+        store.ctx = NULL;
+        return cache_objects(ctx, &store, NULL, 0);
+    }
+    default:
+        /* Unsupported command */
+        return 0;
     }
 
     return 0;
@@ -146,16 +203,15 @@ static int by_store_ctrl(X509_LOOKUP *ctx, int cmd,
 }
 
 static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret,
-                    OSSL_LIB_CTX *libctx, const char *propq)
+                    const OSSL_STORE_SEARCH *criterion, X509_OBJECT *ret)
 {
-    STACK_OF(OPENSSL_STRING) *uris = X509_LOOKUP_get_method_data(ctx);
+    STACK_OF(CACHED_STORE) *stores = X509_LOOKUP_get_method_data(ctx);
     int i;
     int ok = 0;
 
-    for (i = 0; i < sk_OPENSSL_STRING_num(uris); i++) {
-        ok = cache_objects(ctx, sk_OPENSSL_STRING_value(uris, i), criterion,
-                           1 /* depth */, libctx, propq);
+    for (i = 0; i < sk_CACHED_STORE_num(stores); i++) {
+        ok = cache_objects(ctx, sk_CACHED_STORE_value(stores, i), criterion,
+                           1 /* depth */);
 
         if (ok)
             break;
@@ -163,13 +219,12 @@ static int by_store(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                               const X509_NAME *name, X509_OBJECT *ret,
-                               OSSL_LIB_CTX *libctx, const char *propq)
+static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
+                            const X509_NAME *name, X509_OBJECT *ret)
 {
     OSSL_STORE_SEARCH *criterion =
         OSSL_STORE_SEARCH_by_name((X509_NAME *)name); /* won't modify it */
-    int ok = by_store(ctx, type, criterion, ret, libctx, propq);
+    int ok = by_store(ctx, type, criterion, ret);
     STACK_OF(X509_OBJECT) *store_objects =
         X509_STORE_get0_objects(X509_LOOKUP_get_store(ctx));
     X509_OBJECT *tmp = NULL;
@@ -217,12 +272,6 @@ static int by_store_subject_ex(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
     return ok;
 }
 
-static int by_store_subject(X509_LOOKUP *ctx, X509_LOOKUP_TYPE type,
-                            const X509_NAME *name, X509_OBJECT *ret)
-{
-    return by_store_subject_ex(ctx, type, name, ret, NULL, NULL);
-}
-
 /*
  * We lack the implementations for get_by_issuer_serial, get_by_fingerprint
  * and get_by_alias.  There's simply not enough support in the X509_LOOKUP
@@ -240,7 +289,7 @@ static X509_LOOKUP_METHOD x509_store_lookup = {
     NULL,                        /* get_by_issuer_serial */
     NULL,                        /* get_by_fingerprint */
     NULL,                        /* get_by_alias */
-    by_store_subject_ex,
+    NULL,                        /* get_by_subject_ex */
     by_store_ctrl_ex
 };
 

libs/openssl/crypto/x509/v3_cpols.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -195,6 +195,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
                 goto err;
             }
             if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) {
+                POLICYQUALINFO_free(qual);
                 ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
                 goto err;
             }
@@ -232,6 +233,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
             if (pol->qualifiers == NULL)
                 pol->qualifiers = sk_POLICYQUALINFO_new_null();
             if (!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) {
+                POLICYQUALINFO_free(qual);
                 ERR_raise(ERR_LIB_X509V3, ERR_R_CRYPTO_LIB);
                 goto err;
             }

libs/openssl/crypto/x509/v3_lib.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -100,7 +100,11 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from)
     *tmpext = *ext;
     tmpext->ext_nid = nid_to;
     tmpext->ext_flags |= X509V3_EXT_DYNAMIC;
-    return X509V3_EXT_add(tmpext);
+    if (!X509V3_EXT_add(tmpext)) {
+        OPENSSL_free(tmpext);
+        return 0;
+    }
+    return 1;
 }
 
 void X509V3_EXT_cleanup(void)

libs/openssl/demos/bio/sconnect.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1998-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -69,8 +69,10 @@ int main(int argc, char *argv[])
 
     /* The BIO has parsed the host:port and even IPv6 literals in [] */
     hostname = BIO_get_conn_hostname(out);
-    if (!hostname || SSL_set1_host(ssl, hostname) <= 0)
+    if (!hostname || SSL_set1_host(ssl, hostname) <= 0) {
+        BIO_free(ssl_bio);
         goto err;
+    }
 
     BIO_set_nbio(out, 1);
     out = BIO_push(ssl_bio, out);

libs/openssl/demos/guide/tls-client-block.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *  Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  *  Licensed under the Apache License 2.0 (the "License").  You may not use
  *  this file except in compliance with the License.  You can obtain a copy
@@ -174,7 +174,7 @@ int main(int argc, char *argv[])
      */
     bio = create_socket_bio(hostname, port, ipv6 ? AF_INET6 : AF_INET);
     if (bio == NULL) {
-        printf("Failed to crete the BIO\n");
+        printf("Failed to create the BIO\n");
         goto end;
     }
     SSL_set_bio(ssl, bio, bio);

libs/openssl/demos/sslecho/A-SSL-Docs.txt

@@ -4,9 +4,9 @@ OpenSSL API Documentation: https://www.openssl.org/docs
 
 Github: https://github.com/openssl/openssl
 
-OpenSSL Wiki: https://wiki.openssl.org/index.php/Main_Page
+OpenSSL Wiki: https://github.com/openssl/openssl/wiki
 
-Original Simple Server: https://wiki.openssl.org/index.php/Simple_TLS_Server
+Original Simple Server: https://github.com/openssl/openssl/wiki/Simple_TLS_Server
 
 ---------------------------------------------------------------
 

libs/openssl/demos/sslecho/main.c

@@ -1,5 +1,5 @@
 /*
- *  Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ *  Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  *  Licensed under the Apache License 2.0 (the "License").  You may not use
  *  this file except in compliance with the License.  You can obtain a copy
@@ -19,7 +19,7 @@
 
 static const int server_port = 4433;
 
-typedef unsigned char   bool;
+typedef unsigned char   flag;
 #define true            1
 #define false           0
 
@@ -27,9 +27,9 @@ typedef unsigned char   bool;
  * This flag won't be useful until both accept/read (TCP & SSL) methods
  * can be called with a timeout. TBD.
  */
-static volatile bool    server_running = true;
+static volatile flag server_running = true;
 
-int create_socket(bool isServer)
+int create_socket(flag isServer)
 {
     int s;
     int optval = 1;
@@ -67,7 +67,7 @@ int create_socket(bool isServer)
     return s;
 }
 
-SSL_CTX* create_context(bool isServer)
+SSL_CTX *create_context(flag isServer)
 {
     const SSL_METHOD *method;
     SSL_CTX *ctx;
@@ -130,7 +130,7 @@ void usage(void)
 
 int main(int argc, char **argv)
 {
-    bool isServer;
+    flag isServer;
     int result;
 
     SSL_CTX *ssl_ctx = NULL;
@@ -251,6 +251,11 @@ int main(int argc, char **argv)
                 SSL_shutdown(ssl);
                 SSL_free(ssl);
                 close(client_skt);
+                /*
+                 * Set client_skt to -1 to avoid double close when
+                 * server_running become false before next accept
+                 */
+                client_skt = -1;
             }
         }
         printf("Server exiting...\n");

libs/openssl/doc/README.md

@@ -6,10 +6,6 @@ README.md  This file
 [fingerprints.txt](fingerprints.txt)
         PGP fingerprints of authorised release signers
 
-standards.txt
-standards.txt
-        Moved to the web, <https://www.openssl.org/docs/standards.html>
-
 [HOWTO/](HOWTO/)
         A few how-to documents; not necessarily up-to-date
 
@@ -27,4 +23,4 @@ standards.txt
         Algorithm specific EVP_PKEY documentation.
 
 Formatted versions of the manpages (apps,ssl,crypto) can be found at
-        <https://www.openssl.org/docs/manpages.html>
+        <https://docs.openssl.org/master/>

libs/openssl/crypto/bn/README.pod → libs/openssl/doc/internal/man3/bn_mul_words.pod

@@ -8,7 +8,7 @@ bn_sqr_comba4, bn_sqr_comba8, bn_cmp_words, bn_mul_normal,
 bn_mul_low_normal, bn_mul_recursive, bn_mul_part_recursive,
 bn_mul_low_recursive, bn_sqr_normal, bn_sqr_recursive,
 bn_expand, bn_wexpand, bn_expand2, bn_fix_top, bn_check_top,
-bn_print, bn_dump, bn_set_max, bn_set_high, bn_set_low - BIGNUM
+mul, mul_add, sqr - BIGNUM
 library internal functions
 
 =head1 SYNOPSIS
@@ -45,21 +45,18 @@ library internal functions
  void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp);
  void bn_sqr_recursive(BN_ULONG *r, BN_ULONG *a, int n2, BN_ULONG *tmp);
 
- void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
- void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
-
  BIGNUM *bn_expand(BIGNUM *a, int bits);
  BIGNUM *bn_wexpand(BIGNUM *a, int n);
  BIGNUM *bn_expand2(BIGNUM *a, int n);
  void bn_fix_top(BIGNUM *a);
 
+The following are macros:
+
+ void mul(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void mul_add(BN_ULONG r, BN_ULONG a, BN_ULONG w, BN_ULONG c);
+ void sqr(BN_ULONG r0, BN_ULONG r1, BN_ULONG a);
+
  void bn_check_top(BIGNUM *a);
- void bn_print(BIGNUM *a);
- void bn_dump(BN_ULONG *d, int n);
- void bn_set_max(BIGNUM *a);
- void bn_set_high(BIGNUM *r, BIGNUM *a, int n);
- void bn_set_low(BIGNUM *r, BIGNUM *a, int n);
 
 =head1 DESCRIPTION
 
@@ -208,30 +205,23 @@ call bn_expand2(), which allocates a new B<d> array and copies the
 data.  They return B<NULL> on error, B<b> otherwise.
 
 The bn_fix_top() macro reduces B<a-E<gt>top> to point to the most
-significant non-zero word plus one when B<a> has shrunk.
+significant nonzero word plus one when B<a> has shrunk.
 
 =head2 Debugging
 
 bn_check_top() verifies that C<((a)-E<gt>top E<gt>= 0 && (a)-E<gt>top
 E<lt>= (a)-E<gt>dmax)>.  A violation will cause the program to abort.
 
-bn_print() prints B<a> to stderr. bn_dump() prints B<n> words at B<d>
-(in reverse order, i.e. most significant word first) to stderr.
-
-bn_set_max() makes B<a> a static number with a B<dmax> of its current size.
-This is used by bn_set_low() and bn_set_high() to make B<r> a read-only
-B<BIGNUM> that contains the B<n> low or high words of B<a>.
-
-If B<BN_DEBUG> is not defined, bn_check_top(), bn_print(), bn_dump()
-and bn_set_max() are defined as empty macros.
+If B<BN_DEBUG> is not defined, bn_check_top() is
+defined as an empty macro.
 
-=head1 SEE ALSO
+=head1 RETURN VALUES
 
-L<bn(3)>
+Described above.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man1/openssl-namedisplay-options.pod

@@ -18,8 +18,10 @@ displayed.
 This is specified by using the B<-nameopt> option, which takes a
 comma-separated list of options from the following set.
 An option may be preceded by a minus sign, C<->, to turn it off.
-The default value is C<utf8,sep_comma_plus_space>.
-The first four are the most commonly used.
+The first four option arguments are the most commonly used.
+
+The default value is
+C<esc_ctrl,utf8,dump_unknown,dump_der,sep_comma_plus_space,sname>.
 
 =head1 OPTIONS
 
@@ -169,7 +171,7 @@ name.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man1/openssl-s_client.pod.in

@@ -526,12 +526,12 @@ by some servers.
 =item B<-ign_eof>
 
 Inhibit shutting down the connection when end of file is reached in the
-input.
+input. This implicitly turns on B<-nocommands> as well.
 
 =item B<-quiet>
 
 Inhibit printing of session and certificate information.  This implicitly
-turns on B<-ign_eof> as well.
+turns on B<-ign_eof> and B<-nocommands> as well.
 
 =item B<-no_ign_eof>
 
@@ -1104,7 +1104,7 @@ options were added in OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/CMS_sign.pod

@@ -96,7 +96,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_CMS().
 
 If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
 
 If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
 output.
@@ -135,7 +135,7 @@ certificates in their I<certs> argument and no longer throw an error for them.
 
 =head1 COPYRIGHT
 
-Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/DTLS_set_timer_cb.pod

@@ -20,6 +20,17 @@ This function sets an optional callback function for controlling the
 timeout interval on the DTLS protocol. The callback function will be
 called by DTLS for every new DTLS packet that is sent.
 
+The callback should return the timeout interval in micro seconds.
+
+The I<timer_us> parameter of the callback is the last set timeout
+interval returned. On the first invocation of the callback,
+this value will be 0.
+
+At the beginning of the connection, if no timeout callback has been
+set via DTLS_set_timer_cb(), the default timeout value is 1 second.
+For all subsequent timeouts, the default behavior is to double the
+duration up to a maximum of 1 minute.
+
 =head1 RETURN VALUES
 
 Returns void.
@@ -30,7 +41,7 @@ The DTLS_set_timer_cb() function was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_PKEY_CTX_new.pod

@@ -49,8 +49,11 @@ used when no B<EVP_PKEY> structure is associated with the operations,
 for example during parameter generation or key generation for some
 algorithms.
 
-EVP_PKEY_CTX_dup() duplicates the context I<ctx>. It is not supported for a
-keygen operation.
+EVP_PKEY_CTX_dup() duplicates the context I<ctx>.
+It is not supported for a keygen operation.
+It is however possible to duplicate a context freshly created via any of the
+above C<new> functions, provided L<EVP_PKEY_keygen_init(3)> has not yet been
+called on the source context, and then use the copy for key generation.
 
 EVP_PKEY_CTX_free() frees up the context I<ctx>.
 If I<ctx> is NULL, nothing is done.
@@ -122,7 +125,7 @@ added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/EVP_RAND.pod

@@ -152,11 +152,8 @@ operating system.  If I<prediction_resistance> is specified, fresh entropy
 from a live source will be sought.  This call operates as per NIST SP 800-90A
 and SP 800-90C.
 
-EVP_RAND_nonce() creates a nonce in I<out> of maximum length I<outlen>
-bytes from the RAND I<ctx>. The function returns the length of the generated
-nonce. If I<out> is NULL, the length is still returned but no generation
-takes place. This allows a caller to dynamically allocate a buffer of the
-appropriate size.
+EVP_RAND_nonce() creates a nonce in I<out> of length I<outlen>
+bytes from the RAND I<ctx>.
 
 EVP_RAND_enable_locking() enables locking for the RAND I<ctx> and all of
 its parents.  After this I<ctx> will operate in a thread safe manner, albeit
@@ -379,7 +376,7 @@ EVP_RAND_CTX_free() does not return a value.
 
 EVP_RAND_CTX_up_ref() returns 1 on success, 0 on error.
 
-EVP_RAND_nonce() returns the length of the nonce.
+EVP_RAND_nonce() returns 1 on success, 0 on error.
 
 EVP_RAND_get_strength() returns the strength of the random number generator
 in bits.
@@ -411,7 +408,7 @@ The remaining functions were added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_PARAM.pod

@@ -356,7 +356,7 @@ could fill in the parameters like this:
 
 =head1 SEE ALSO
 
-L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>
+L<openssl-core.h(7)>, L<OSSL_PARAM_get_int(3)>, L<OSSL_PARAM_dup(3)>, L<OSSL_PARAM_construct_utf8_string(3)>
 
 =head1 HISTORY
 
@@ -364,7 +364,7 @@ B<OSSL_PARAM> was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/OSSL_PARAM_int.pod

@@ -392,6 +392,29 @@ could fill in the parameters like this:
     if ((p = OSSL_PARAM_locate(params, "cookie")) != NULL)
         OSSL_PARAM_set_utf8_ptr(p, "cookie value");
 
+=head2 Example 3
+
+This example shows a special case where
+I<-Wincompatible-pointer-types-discards-qualifiers> may be set during
+compilation. The value for I<buf> cannot be a I<const char *> type string. An
+alternative in this case would be to use B<OSSL_PARAM> macro abbreviated calls
+rather than the specific callers which allows you to define the sha1 argument
+as a standard character array (I<char[]>).
+
+For example, this code:
+
+    OSSL_PARAM params[2];
+    params[0] = OSSL_PARAM_construct_utf8_string("digest", "SHA1", 0);
+    params[1] = OSSL_PARAM_construct_end();
+
+Can be made compatible with the following version:
+
+    char sha1[] = "SHA1"; /* sha1 is defined as char[] in this case */
+    OSSL_PARAM params[2];
+
+    params[0] = OSSL_PARAM_construct_utf8_string("digest", sha1, 0);
+    params[1] = OSSL_PARAM_construct_end();
+
 =head1 SEE ALSO
 
 L<openssl-core.h(7)>, L<OSSL_PARAM(3)>
@@ -402,7 +425,7 @@ These APIs were introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/PKCS7_sign.pod

@@ -80,7 +80,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_PKCS7().
 
 If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
 
 The I<certs>, I<signcert> and I<pkey> parameters can all be
 NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added
@@ -122,7 +122,7 @@ The B<PKCS7_STREAM> flag was added in OpenSSL 1.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CONF_cmd.pod

@@ -74,7 +74,7 @@ B<SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION>.
 
 =item B<-no_renegotiation>
 
-Disables all attempts at renegotiation in TLSv1.2 and earlier, same as setting
+Disables all attempts at renegotiation in (D)TLSv1.2 and earlier, same as setting
 B<SSL_OP_NO_RENEGOTIATION>.
 
 =item B<-no_resumption_on_reneg>
@@ -789,7 +789,7 @@ added in OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set1_curves.pod

@@ -96,7 +96,9 @@ TLS versions, when a session has been resumed, it always reflects the group
 used for key exchange during the initial handshake (otherwise it is from the
 current, non-resumption, connection).  This can be called by either client or
 server. If the NID for the shared group is unknown then the value is set to the
-bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group.
+bitwise OR of TLSEXT_nid_unknown (0x1000000) and the id of the group. See also
+L<SSL_get0_group_name(3)> which returns the name of the negotiated group
+directly and is generally preferred over SSL_get_negotiated_group().
 
 All these functions are implemented as macros.
 
@@ -134,7 +136,8 @@ key exchange, or NID_undef if there was no negotiated group.
 =head1 SEE ALSO
 
 L<ssl(7)>,
-L<SSL_CTX_add_extra_chain_cert(3)>
+L<SSL_CTX_add_extra_chain_cert(3)>,
+L<SSL_get0_group_name(3)>
 
 =head1 HISTORY
 
@@ -144,7 +147,7 @@ was added in OpenSSL 3.0.0.
 
 =head1 COPYRIGHT
 
-Copyright 2013-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set_min_proto_version.pod

@@ -31,9 +31,10 @@ L<SSL_CTX_set_options(3)> that also make it possible to disable
 specific protocol versions.
 Use these functions instead of disabling specific protocol versions.
 
-Setting the minimum or maximum version to 0, will enable protocol
+Setting the minimum or maximum version to 0 (default), will enable protocol
 versions down to the lowest version, or up to the highest version
-supported by the library, respectively.
+supported by the library, respectively. The supported versions might be
+controlled by system configuration.
 
 Getters return 0 in case B<ctx> or B<ssl> have been configured to
 automatically use the lowest or highest version supported by the library.
@@ -67,7 +68,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_CTX_set_options.pod

@@ -279,7 +279,7 @@ Do not query the MTU. Only affects DTLS connections.
 
 =item SSL_OP_NO_RENEGOTIATION
 
-Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest
+Disable all renegotiation in (D)TLSv1.2 and earlier. Do not send HelloRequest
 messages, and ignore renegotiation requests via ClientHello.
 
 =item SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
@@ -535,7 +535,7 @@ whether these macros are defined or not.
 
 =head1 COPYRIGHT
 
-Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_SESSION_get0_hostname.pod

@@ -24,10 +24,8 @@ SSL_SESSION_set1_alpn_selected
 =head1 DESCRIPTION
 
 SSL_SESSION_get0_hostname() retrieves the SNI value that was sent by the
-client when the session was created if it was accepted by the server and TLSv1.2
-or below was negotiated. Otherwise NULL is returned. Note that in TLSv1.3 the
-SNI hostname is negotiated with each handshake including resumption handshakes
-and is therefore never associated with the session.
+client when the session was created if it was accepted by the server. Otherwise
+NULL is returned.
 
 The value returned is a pointer to memory maintained within B<s> and
 should not be free'd.
@@ -67,7 +65,7 @@ SSL_SESSION_set1_alpn_selected() functions were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_get0_group_name.pod

@@ -22,18 +22,19 @@ the key agreement of the current TLS session establishment.
 If non-NULL, SSL_get0_group_name() returns the name of the group that was used for
 the key agreement of the current TLS session establishment.
 If SSL_get0_group_name() returns NULL, an error occurred; possibly no TLS session
-has been established.
+has been established. See also L<SSL_get_negotiated_group(3)>.
 
 Note that the return value is valid only during the lifetime of the
 SSL object I<ssl>.
 
 =head1 SEE ALSO
 
-L<ssl(7)>
+L<ssl(7)>,
+L<SSL_get_negotiated_group(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/SSL_key_update.pod

@@ -53,7 +53,9 @@ such as SSL_read_ex() or SSL_write_ex() takes place on the connection a check
 will be performed to confirm that it is a suitable time to start a
 renegotiation. If so, then it will be initiated immediately. OpenSSL will not
 attempt to resume any session associated with the connection in the new
-handshake.
+handshake. Note that some servers will respond to reneogitation attempts with
+a "no_renegotiation" alert. An OpenSSL will immediately fail the connection in
+this case.
 
 When called from the client side, SSL_renegotiate_abbreviated() works in the
 same was as SSL_renegotiate() except that OpenSSL will attempt to resume the
@@ -118,7 +120,7 @@ OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2017-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man3/X509_VERIFY_PARAM_set_flags.pod

@@ -248,8 +248,8 @@ ored together.
 B<X509_V_FLAG_CRL_CHECK> enables CRL checking for the certificate chain leaf
 certificate. An error occurs if a suitable CRL cannot be found.
 
-B<X509_V_FLAG_CRL_CHECK_ALL> enables CRL checking for the entire certificate
-chain.
+B<X509_V_FLAG_CRL_CHECK_ALL> expands CRL checking to the entire certificate
+chain if B<X509_V_FLAG_CRL_CHECK> has also been enabled, and is otherwise ignored.
 
 B<X509_V_FLAG_IGNORE_CRITICAL> disables critical extension checking. By default
 any unhandled critical extensions in certificates or (if checked) CRLs result
@@ -407,7 +407,7 @@ The documentation was changed to align with the implementation.
 
 =head1 COPYRIGHT
 
-Copyright 2009-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/OSSL_PROVIDER-FIPS.pod

@@ -487,6 +487,19 @@ want to operate in a FIPS approved manner.  The algorithms are:
 
 =back
 
+You can load the FIPS provider into multiple library contexts as any other
+provider. However the following restriction applies. The FIPS provider cannot
+be used by multiple copies of OpenSSL libcrypto in a single process.
+
+As the provider saves core callbacks to the libcrypto obtained in the
+OSSL_provider_init() call to global data it will fail if subsequent
+invocations of its OSSL_provider_init() function yield different addresses
+of these callbacks than in the initial call. This happens when different
+copies of libcrypto are present in the memory of the process and both try
+to load the same FIPS provider. A workaround is to have a different copy
+of the FIPS provider loaded for each of the libcrypto instances in the
+process.
+
 =head1 SEE ALSO
 
 L<openssl-fipsinstall(1)>,
@@ -505,7 +518,7 @@ This functionality was added in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/ossl-guide-introduction.pod

@@ -32,7 +32,7 @@ attempting to build OpenSSL from the source code.
 
 Some third parties also supply OpenSSL binaries (e.g. for Windows and some other
 platforms). The OpenSSL project maintains a list of these third parties at
-L<https://wiki.openssl.org/index.php/Binaries>.
+L<https://github.com/openssl/openssl/wiki/Binaries>.
 
 If you build and install OpenSSL from the source code then you should download
 the appropriate files for the version that you want to use from the link given
@@ -93,7 +93,7 @@ The pages in the guide are as follows:
 
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/ossl-guide-migration.pod

@@ -617,13 +617,13 @@ The code needs to be amended to look like this:
 Support for TLSv1.3 has been added.
 
 This has a number of implications for SSL/TLS applications. See the
-L<TLS1.3 page|https://wiki.openssl.org/index.php/TLS1.3> for further details.
+L<TLS1.3 page|https://github.com/openssl/openssl/wiki/TLS1.3> for further details.
 
 =back
 
 More details about the breaking changes between OpenSSL versions 1.0.2 and 1.1.0
 can be found on the
-L<OpenSSL 1.1.0 Changes page|https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes>.
+L<OpenSSL 1.1.0 Changes page|https://github.com/openssl/openssl/wiki/OpenSSL_1.1.0_Changes>.
 
 =head3 Upgrading from the OpenSSL 2.0 FIPS Object Module
 
@@ -2505,7 +2505,7 @@ The migration guide was created for OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/ossl-guide-tls-introduction.pod

@@ -74,7 +74,7 @@ TLSv1.2 is chosen.
 =head1 CERTIFICATES
 
 In order for a client to establish a connection to a server it must authenticate
-the identify of that server, i.e. it needs to confirm that the server is really
+the identity of that server, i.e. it needs to confirm that the server is really
 the server that it claims to be and not some imposter. In order to do this the
 server will send to the client a digital certificate (also commonly referred to
 as an X.509 certificate). The certificate contains various information about the
@@ -307,7 +307,7 @@ L<ossl-guide-quic-introduction(7)>
 
 =head1 COPYRIGHT
 
-Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-cipher.pod

@@ -103,8 +103,8 @@ A cipher algorithm implementation may not implement all of these functions.
 In order to be a consistent set of functions there must at least be a complete
 set of "encrypt" functions, or a complete set of "decrypt" functions, or a
 single "cipher" function.
-In all cases both the OSSL_FUNC_cipher_newctx and OSSL_FUNC_cipher_freectx functions must be
-present.
+In all cases the OSSL_FUNC_cipher_get_params and both OSSL_FUNC_cipher_newctx
+and OSSL_FUNC_cipher_freectx functions must be present.
 All other functions are optional.
 
 =head2 Context Management Functions
@@ -241,7 +241,7 @@ The provider CIPHER interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-decoder.pod

@@ -110,7 +110,9 @@ it decodes. For example, an implementation that decodes an RSA key
 should be named "RSA". Likewise, an implementation that decodes DER data
 from PEM input should be named "DER".
 
-Properties can be used to further specify details about an implementation:
+Properties, as defined in the L<OSSL_ALGORITHM(3)> array element of each
+decoder implementation, can be used to further specify details about an
+implementation:
 
 =over 4
 
@@ -302,7 +304,7 @@ The DECODER interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-encoder.pod

@@ -127,7 +127,9 @@ The name of an implementation should match the type of object it handles.
 For example, an implementation that encodes an RSA key should be named "RSA".
 Likewise, an implementation that further encodes DER should be named "DER".
 
-Properties can be used to further specify details about an implementation:
+Properties, as defined in the L<OSSL_ALGORITHM(3)> array element of each
+decoder implementation, can be used to further specify details about an
+implementation:
 
 =over 4
 
@@ -321,7 +323,7 @@ The ENCODER interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-keymgmt.pod

@@ -29,7 +29,7 @@ provider-keymgmt - The KEYMGMT library E<lt>-E<gt> provider functions
  void OSSL_FUNC_keymgmt_gen_cleanup(void *genctx);
 
  /* Key loading by object reference, also a constructor */
- void *OSSL_FUNC_keymgmt_load(const void *reference, size_t *reference_sz);
+ void *OSSL_FUNC_keymgmt_load(const void *reference, size_t reference_sz);
 
  /* Key object information */
  int OSSL_FUNC_keymgmt_get_params(void *keydata, OSSL_PARAM params[]);
@@ -468,7 +468,7 @@ were added with OpenSSL 3.2.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/doc/man7/provider-signature.pod

@@ -284,7 +284,7 @@ should be written to I<*siglen>. If I<sig> is NULL then the maximum length of
 the signature should be written to I<*siglen>.
 
 OSSL_FUNC_signature_digest_sign() implements a "one shot" digest sign operation
-previously started through OSSL_FUNC_signature_digeset_sign_init(). A previously
+previously started through OSSL_FUNC_signature_digest_sign_init(). A previously
 initialised signature context is passed in the I<ctx> parameter. The data to be
 signed is in I<tbs> which should be I<tbslen> bytes long. Unless I<sig> is NULL,
 the signature should be written to the location pointed to by the I<sig>
@@ -294,7 +294,7 @@ length of the signature should be written to I<*siglen>.
 
 =head2 Digest Verify Functions
 
-OSSL_FUNC_signature_digeset_verify_init() initialises a context for verifying given a
+OSSL_FUNC_signature_digest_verify_init() initialises a context for verifying given a
 provider side verification context in the I<ctx> parameter, and a pointer to a
 provider key object in the I<provkey> parameter.
 The I<params>, if not NULL, should be set on the context in a manner similar to
@@ -318,7 +318,7 @@ verification context is passed in the I<ctx> parameter. The signature to be
 verified is in I<sig> which is I<siglen> bytes long.
 
 OSSL_FUNC_signature_digest_verify() implements a "one shot" digest verify operation
-previously started through OSSL_FUNC_signature_digeset_verify_init(). A previously
+previously started through OSSL_FUNC_signature_digest_verify_init(). A previously
 initialised verification context is passed in the I<ctx> parameter. The data to be
 verified is in I<tbs> which should be I<tbslen> bytes long. The signature to be
 verified is in I<sig> which is I<siglen> bytes long.
@@ -360,8 +360,13 @@ The length of the "digest-size" parameter should not exceed that of a B<size_t>.
 
 =item "algorithm-id" (B<OSSL_SIGNATURE_PARAM_ALGORITHM_ID>) <octet string>
 
-Gets the DER encoded AlgorithmIdentifier that corresponds to the combination of
-signature algorithm and digest algorithm for the signature operation.
+Gets the DER-encoded AlgorithmIdentifier for the signature operation.
+This typically corresponds to the combination of a digest algorithm
+with a purely asymmetric signature algorithm, such as SHA256WithECDSA.
+
+The L<ASN1_item_sign_ctx(3)> relies on this operation and is used by
+many other functions signing ASN.1 structures such as X.509 certificates,
+certificate requests, and CRLs, as well as OCSP, CMP, and CMS messages.
 
 =item "nonce-type" (B<OSSL_SIGNATURE_PARAM_NONCE_TYPE>) <unsigned integer>
 
@@ -375,6 +380,8 @@ Section 4 "Security Considerations".  The default value for
 nonce B<k> as defined in FIPS 186-4 Section 6.3 "Secret Number
 Generation".
 
+The FIPS provider does not support deterministic digital signature generation.
+
 =item "kat" (B<OSSL_SIGNATURE_PARAM_KAT>) <unsigned integer>
 
 Sets a flag to modify the sign operation to return an error if the initial
@@ -433,7 +440,8 @@ All other functions should return 1 for success or 0 on error.
 
 =head1 SEE ALSO
 
-L<provider(7)>
+L<provider(7)>,
+L<ASN1_item_sign_ctx(3)>
 
 =head1 HISTORY
 
@@ -441,7 +449,7 @@ The provider SIGNATURE interface was introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy

libs/openssl/fuzz/x509.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -78,9 +78,13 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     resp = d2i_OCSP_RESPONSE(NULL, &p, len);
 
     store = X509_STORE_new();
+    if (store == NULL)
+        goto err;
     X509_STORE_add_cert(store, x509_2);
 
     param = X509_VERIFY_PARAM_new();
+    if (param == NULL)
+        goto err;
     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);
     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);

libs/openssl/include/internal/constant_time.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -296,6 +296,18 @@ static ossl_inline size_t value_barrier_s(size_t a)
     return r;
 }
 
+/* Convenience method for unsigned char. */
+static ossl_inline unsigned char value_barrier_8(unsigned char a)
+{
+#if !defined(OPENSSL_NO_ASM) && defined(__GNUC__)
+    unsigned char r;
+    __asm__("" : "=r"(r) : "0"(a));
+#else
+    volatile unsigned char r = a;
+#endif
+    return r;
+}
+
 static ossl_inline unsigned int constant_time_select(unsigned int mask,
                                                      unsigned int a,
                                                      unsigned int b)
@@ -356,7 +368,7 @@ static ossl_inline void constant_time_cond_swap_32(uint32_t mask, uint32_t *a,
 {
     uint32_t xor = *a ^ *b;
 
-    xor &= mask;
+    xor &= value_barrier_32(mask);
     *a ^= xor;
     *b ^= xor;
 }
@@ -376,7 +388,7 @@ static ossl_inline void constant_time_cond_swap_64(uint64_t mask, uint64_t *a,
 {
     uint64_t xor = *a ^ *b;
 
-    xor &= mask;
+    xor &= value_barrier_64(mask);
     *a ^= xor;
     *b ^= xor;
 }
@@ -403,7 +415,7 @@ static ossl_inline void constant_time_cond_swap_buff(unsigned char mask,
 
     for (i = 0; i < len; i++) {
         tmp = a[i] ^ b[i];
-        tmp &= mask;
+        tmp &= value_barrier_8(mask);
         a[i] ^= tmp;
         b[i] ^= tmp;
     }

libs/openssl/include/internal/e_os.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -126,17 +126,6 @@
 #    define EACCES   13
 #   endif
 #   include <string.h>
-#   ifdef _WIN64
-#    define strlen(s) _strlen31(s)
-/* cut strings to 2GB */
-static __inline unsigned int _strlen31(const char *str)
-{
-    unsigned int len = 0;
-    while (*str && len < 0x80000000U)
-        str++, len++;
-    return len & 0x7FFFFFFF;
-}
-#   endif
 #   include <malloc.h>
 #   if defined(_MSC_VER) && !defined(_WIN32_WCE) && !defined(_DLL) && defined(stdin)
 #    if _MSC_VER>=1300 && _MSC_VER<1600

libs/openssl/providers/fips-sources.checksums

@@ -29,13 +29,13 @@ e397a5781893e97dd90a5a52049633be12a43f379ec5751bca2a6350c39444c8  crypto/aes/asm
 270a0cd4c80a0cde53538009037916a330348addfdd87870d41ab40f9ddbc451  crypto/aes/asm/bsaes-armv8.pl
 0726a2c4c15c27a12b2f7d5e16863df4a1b1daa7b7d9b728f621b2b224d290e6  crypto/aes/asm/bsaes-x86_64.pl
 762cadf988080f45d1a2f1232058688ac3f5afe76767649d15513a7a5eedcf38  crypto/aes/asm/vpaes-armv8.pl
-14146589f53dc898fa86aeffd0e0ba36737b04da26ab0b14c1da09a28836c8f8  crypto/aes/asm/vpaes-loongarch64.pl
+7ec25456a8ad4127c3bec83550d8ec411a12b506dfcbd4f1dadac2c66e468c22  crypto/aes/asm/vpaes-loongarch64.pl
 c3541865cd02d81101cdbab4877ed82772e6980d2c677b9008b38fa1b26d36d4  crypto/aes/asm/vpaes-ppc.pl
 3ec24185750a995377516bc2fb2eae8b1c52094c6fff093bff591837fc12d6c3  crypto/aes/asm/vpaes-x86.pl
 060bb6620f50af9afecdf97df051b45b9a50be9daf343dfec1cbb29693ce00a4  crypto/aes/asm/vpaes-x86_64.pl
 2bc67270155e2d6c7da87d9070e005ee79cea18311004907edfd6a078003532a  crypto/alphacpuid.pl
 269e52f8867c13ca75d2f88ec1f89b692cb8c6c3ee89abe2fd3c1821925191d8  crypto/arm64cpuid.pl
-5d8595338d4ae8bbaba81dab36c00b325abccf5c4a51b7d1b6c622ac893792de  crypto/armcap.c
+dcc35533d84d4142b3f423387a426e2fa95c715951837ce6232a7a66bb4707f4  crypto/armcap.c
 d9f923daabe7537d1063b182f9f220655abd182ef4c55a0194a7ee8d6030b5bd  crypto/armv4cpuid.pl
 16739d54200fb81ca7835b5814f965022a2ab41589c7787e2697e3ea72d4fafa  crypto/asn1_dsa.c
 819c9fd2b0cae9aab81c3cbd1815c2e22949d75f132f649b5883812d0bbaa39a  crypto/bn/asm/alpha-mont.pl
@@ -145,7 +145,7 @@ f261f9d4f83ecc51ab58de89083e9af4ba4a4c922ccd06b0d628f4b60fc104ec  crypto/dsa/dsa
 d270b56fd894090319c9491ef745c34bc43add82daecf742916c64a4e956c765  crypto/dsa/dsa_ossl.c
 3a38575de4b1409653f330f241848e6c7b554dec44c2415a5ae1baf90fb47ac0  crypto/dsa/dsa_sign.c
 53fa10cc87ac63e35df661882852dc46ae68e6fee83b842f1aeefe00b8900ee1  crypto/dsa/dsa_vrf.c
-62fbc4465a5b37dc794bee277dd216d77917e715c2bb5d37a7e1735e80ad0f8d  crypto/ec/asm/ecp_nistp384-ppc64.pl
+5335741d0f6c1afac107c9ec66e6b5436bd2164535f114c23cdc2a199560c28a  crypto/ec/asm/ecp_nistp384-ppc64.pl
 d9722ad8c6b6e209865a921f3cda831d09bf54a55cacd1edd9802edb6559190a  crypto/ec/asm/ecp_nistp521-ppc64.pl
 78ad06b88fcc8689a3a846b82f9ee01546e5734acd1bccf2494e523b71dc74d1  crypto/ec/asm/ecp_nistz256-armv4.pl
 598da295053253578d5461892098b74ec9dcd02c1eb99d537e14e0c5e958c7b9  crypto/ec/asm/ecp_nistz256-armv8.pl
@@ -178,7 +178,7 @@ a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149  crypto/ec/ec_a
 7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be  crypto/ec/ec_check.c
 c85f4885f2892dcf074451b137efe0828e486ff5ceadae1fac9b2543fa2114a1  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
-148bac4974fb07a1a4a2e35769e900630f62c9af9b73ed205de8cd134a39c6b5  crypto/ec/ec_key.c
+c9f807c7882010188b8f9292eb6388974308366dffd72b576d5e28057248976b  crypto/ec/ec_key.c
 93f35d2e21d49bb6780d200fda8486edd4a7123956337ba535720bb547a47c4a  crypto/ec/ec_kmeth.c
 30ff1171e526facf09f3317ecf1597df633c22aa5c98690e3cd643e77693e269  crypto/ec/ec_lib.c
 eb2f08624819f5d5d865b954a1123a833bc18e9024980f5701125f230e6406b1  crypto/ec/ec_local.h
@@ -205,9 +205,9 @@ a4f2c1a65164a70dc6b731f6bd880bb3748695b49ed2b3a2cd67b9de5c9b28bc  crypto/evp/dig
 7267c75b7d96f7adb85b4b18734dd5d19e59c80b1f96b2e3e4ce112af7763c5b  crypto/evp/evp_fetch.c
 f70344599d39e667978e939c553abd3a3dd6660541378d44e1c438f31f5d71a6  crypto/evp/evp_lib.c
 33c1282761af93b4a17565dd30f8f031729ef09fc3d643b2a812f8c4ef0df570  crypto/evp/evp_local.h
-eaaf795148c5dd99c4194d076c029c843f3aee0c37afeb0dac43a86fd931ac68  crypto/evp/evp_rand.c
+603c97974acd94e66f9718d3d68ab5cd6e0093499feabb1f1417778d768b5d6e  crypto/evp/evp_rand.c
 2a128617ec0178e9eeacbe41d75a5530755f41ea524cd124607543cf73456a0c  crypto/evp/evp_utils.c
-a9e940b29f3064e771eeafe9d4d0e6d1f7258cd61a57258faabdbe8121764986  crypto/evp/exchange.c
+239b21f64b5190e62d57b3a3b46c9f301e55dc7eae76406e59ab61ceb32c64f9  crypto/evp/exchange.c
 294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64  crypto/evp/kdf_lib.c
 9328c7ea06e0719aaff2d59c959d1b7907b9e6a337f784680e2e289e8c3e4328  crypto/evp/kdf_meth.c
 c67d90f42c4d2294ecd103bdb02296a13248ead4aebadc3aead0cb964e171d81  crypto/evp/kem.c
@@ -219,7 +219,7 @@ c67d90f42c4d2294ecd103bdb02296a13248ead4aebadc3aead0cb964e171d81  crypto/evp/kem
 10bc9cad7a73fc0c3088863133fd0979587007661f2151cad22160e21b29c68b  crypto/evp/p_lib.c
 3b4228b92eebd04616ecc3ee58684095313dd5ffd1b43cf698a7d6c202cb4622  crypto/evp/pmeth_check.c
 759573aea2a4cc7b6f763b440e6868bfcfcb7ca94d812fa61ab24a194be2cb36  crypto/evp/pmeth_gn.c
-7d9dfc974d15a2b7e2c1c6c54a594f0a14ccdfe5e2e1afe84a3a52130ac8097b  crypto/evp/pmeth_lib.c
+64ba71bcf2cae39aa662310bd51ea64a24ca49a62a68e52aa786283fed481327  crypto/evp/pmeth_lib.c
 b16d40bcc50a0f1d23747d48c486ed4d34f11a72ee8110034f22252fc797af3e  crypto/evp/signature.c
 64f7e366e681930ba10267272b87dba223b9744a01c27ba0504a4941802a580d  crypto/ex_data.c
 d986ec74995b05ff65a68df320ab45894ba35d7be4906f8d78ca5fca294a4e6c  crypto/ffc/ffc_backend.c
@@ -235,7 +235,7 @@ c9c635805b26d85e8c0c7720592fb04b674cde4339fcd94712a4403e8677cb41  crypto/ffc/ffc
 c685813be6ad35b0861ba888670ef54aa2b399d003472698e39426de6e52db59  crypto/initthread.c
 ee895c071ffb217e0f223d5546ae84cadde6701af67e718e9af7f06af531fa42  crypto/lhash/lhash.c
 5d49ce00fc06df1b64cbc139ef45c71e0faf08a33f966bc608c82d574521a49e  crypto/lhash/lhash_local.h
-a4f8f200ca749db91da97735c107836dfb2b623424b15c020ec6e48d874f4564  crypto/loongarch64cpuid.pl
+268c8a6863fa1b9749de0916d741ad21f292ac7a35b0bed67dc282f7dad9672e  crypto/loongarch64cpuid.pl
 460a7af09cde89a820b091522ada1310cfcec99c60aee505f94c48c35e9a29e8  crypto/loongarchcap.c
 f866aafae928db1b439ac950dc90744a2397dfe222672fe68b3798396190c8b0  crypto/mem_clr.c
 36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf  crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
@@ -269,13 +269,13 @@ b0decda3aae1d3e07cf3cbe9153cdde9deafe65fae346cd208951b4d7dec512e  crypto/packet.
 ce04b4ca774ed81f1a8b99c9c6bef0fc4531ebd6270491285ada3b0e6dea384b  crypto/param_build.c
 cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6  crypto/param_build_set.c
 f6c684b42fd1fade17c46599068a43701fe447c60d789908b3af3519c4fcf084  crypto/params.c
-bb7b79b5a070050f5e7dfc66b5635f0891bc278e3e24eec3583b769b33bef657  crypto/params_dup.c
+c0e0ba07ca5d4acfe450e4ae53a10ed254097ed2f537f01a4a43a9f5b5cab501  crypto/params_dup.c
 da23f7014a60e3e37640b9128d57d8350b17fa8cde77b6f14d0d4ca0dee2b437  crypto/params_from_text.c
 8b4ead79e8716dfb78da6ee43cea4b52257710d9b076175625a9ee5adcf0234e  crypto/params_idx.c
 c27b8c1659274be74e2d6e9fd76980df499d1331c0c2d51f41b3ad547ba88d59  crypto/ppccap.c
 46fa4994a6234a98a2845d9337475913f6bc229f1928abc82224de7edf2784b8  crypto/ppccpuid.pl
 467c416422ecf61e3b713c5eb259fdbcb4aa73ae8dee61804d0b85cfd3fff4f7  crypto/property/defn_cache.c
-d48ce9b38720b4d0b118b83322c3344afd11a5ce6b31adf59c6584b5e02e3f6a  crypto/property/property.c
+4d4cb530114b4f9dac78a3f7b14196ac9fce17ef1071338ad8e03eccac0815da  crypto/property/property.c
 66da4f28d408133fb544b14aeb9ad4913e7c5c67e2826e53f0dc5bf4d8fada26  crypto/property/property_local.h
 0a84d66734df7515a6de2b8da744a398f11b977f8479076090e67357fa0eb51d  crypto/property/property_parse.c
 a7cefda6a117550e2c76e0f307565ce1e11640b11ba10c80e469a837fd1212a3  crypto/property/property_query.c
@@ -368,8 +368,8 @@ e298c753be277ad9a2ac0132d9897cb4c85607dbb2d11cfefd0c98e0f6a723d9  crypto/thread/
 a00e16963e1e2a0126c6a8e62da8a14f98de9736027654c925925dadd0ca3cc1  crypto/thread/arch/thread_win.c
 27ec0090f4243c96e4fbe1babfd4320c2a16615ffa368275433217d50a1ef76c  crypto/thread/internal.c
 67ba8d87fbbb7c9a9e438018e7ecfd1cedd4d00224be05755580d044f5f1317a  crypto/threads_lib.c
-5128f6ff98a37b6f9266c6b776020a62e536d8e9e05212c600f42150f32d3d23  crypto/threads_none.c
-e29e0fc64feaa71c68da6e5f2fa8a00853f9b2d6a8b516eb474bde51e23065f6  crypto/threads_pthread.c
+9aeb0b9539712e5b800e04050e040f269b8503599d63bf8a7894028a8e3783bb  crypto/threads_none.c
+0f8b4135a417cfd8e33d05209bb416d840f6bc2415a106b6c465b112ba731c92  crypto/threads_pthread.c
 75a3f01643b40320bcde80bf4c0c99a3c3782591fc3e4de88b04ddfcfcfd09e0  crypto/threads_win.c
 8b45f948303045d8f753858b1b892e3da13bebe1bdac500db91fbb54a0ac07da  crypto/time.c
 fd6c27cf7c6b5449b17f2b725f4203c4c10207f1973db09fd41571efe5de08fd  crypto/x86_64cpuid.pl
@@ -402,7 +402,7 @@ bbe5e52d84e65449a13e42cd2d6adce59b8ed6e73d6950917aa77dc1f3f5dff6  include/crypto
 7ad02c7de77304c3b298deeb038ab2550cf8b2bce03021994477c6c43dbcf86e  include/crypto/types.h
 27d13538d9303b1c2f0b2ce9b6d376097ce7661354fbefbde24b7ef07206ea45  include/internal/bio.h
 92c4187dc051dbab777271e6976eb10bc90197abfd9b0d6f20bc17503f54564d  include/internal/common.h
-8e984890c7c62cdd6356963f034831831f7167c65096cb4d23bc765d84d2c598  include/internal/constant_time.h
+c64d5338564a30577c86347d99763f1a3321ec12a65c7d61298ea78a3f136a83  include/internal/constant_time.h
 c5bb97f654984130c8b44c09a52395bce0b22985d5dbc9c4d9377d86283f11f8  include/internal/core.h
 424b502d52e7b12877be283628001bc699d221ab4da7007d5123f7e2f3eac9de  include/internal/cryptlib.h
 9571cfd3d5666749084b354a6d65adee443deeb5713a58c098c7b03bc69dbc63  include/internal/deprecated.h
@@ -410,7 +410,7 @@ dc5afb955d810feb5af9f8d25cd8a92118abef320fee95c07b04f301c4e0d96c  include/intern
 8059e715f981fbe02b5731610ed24bb6ae617a55e90b03f4260cbb6ccd71e8de  include/internal/deterministic_nonce.h
 fd1722d6b79520ee4ac477280d5131eb1b744c3b422fd15f5e737ef966a97c3b  include/internal/dso.h
 f144daebef828a5bd4416466257a50f06b894e0ce0adf1601aa381f34f25a9e7  include/internal/dsoerr.h
-45036710f2499cdf6b786a9dce29dfe6d2ae06ea8e3d5cb2a782f64ed85d267e  include/internal/e_os.h
+99872c153ad1283a003e4a7f1acee61dddcb9c82876f32584abccb5d79cc7e9c  include/internal/e_os.h
 70d3e0d5a1bd8db58dcc57bea4d1c3ed816c735fe0e6b2f4b07073712d2dc5ef  include/internal/endian.h
 4838a68ff626825c261df6a1fd21e156e25d8365af45552f29054d7038a7db3d  include/internal/ffc.h
 55c4102496ed5ab16de11afe38c328a1396c3b6e2c7e44add4a38855103c19da  include/internal/namemap.h
@@ -585,7 +585,7 @@ bb67eaa7a98494ca938726f9218213870fc97dd87b56bda950626cc794baf20b  providers/impl
 c4b1cb143de15acc396ce2e03fdd165defd25ebc831de9cdfacf408ea883c666  providers/implementations/ciphers/ciphercommon_local.h
 39b47b6ef9d71852964c26e07ef0e9b23f04c7493b1b16ba7c3dba7074b6b70d  providers/implementations/digests/digestcommon.c
 5f41dd1bf77bd08d287a875f9d6e5a423bf286524694ae7ee133cdd03ee763c0  providers/implementations/digests/sha2_prov.c
-66a8eef0ecb12df2d38111735a7cb3257b85039c34fda6fc0e41db96e2d328cb  providers/implementations/digests/sha3_prov.c
+0bf79549143f1c929427de59ec3577aefd21e23eda2e36946be3dddec2a8535c  providers/implementations/digests/sha3_prov.c
 4b774bf9267ebe05bf90076bc18e19a21e03ee2716bdb8fc4e6458774e9a820c  providers/implementations/exchange/dh_exch.c
 b2d80c38dd62b46f2dd71e81a5684f54f43200d3ddbb86178081760ecc93525c  providers/implementations/exchange/ecdh_exch.c
 4994df237719649b086a032bd64c1cf38ceb4e67dd8ec98da20edf5bc3eadb0b  providers/implementations/exchange/ecx_exch.c
@@ -602,7 +602,7 @@ a6879c2e107597c49efa07fae48f0554ffbea9814c31d186bf0ce9f83e1ec9d2  providers/impl
 4014246d44fa3f34aad5372c75d3f7eea528f1cf1798e30d5627e7620a356631  providers/implementations/include/prov/macsignature.h
 27e57358e8ad201e382b50d5760f010badd9d6253deb34e6fb93a2af35450d9a  providers/implementations/include/prov/names.h
 b9f8781167f274ccd8b643b3bb6c4e1108fb27b2aae588518261af9415228dae  providers/implementations/include/prov/seeding.h
-c2dc086f1bef78ef68b950ac1181f8c1c5053d4093d04a775f5afb78f62fcf3a  providers/implementations/kdfs/hkdf.c
+456a461fd72d558f40c07f40c7c61b1d2924885f88118db02a77d1a6ca309678  providers/implementations/kdfs/hkdf.c
 ba0523cf3f664568f591c888a737a8ea008652e767d2239e998fdcfc7e3b99d4  providers/implementations/kdfs/kbkdf.c
 03b3dffd32a2b8f94e7d39b97f3d7b36f00cd0177ee5e7329a39aeca20ed4baf  providers/implementations/kdfs/pbkdf2.c
 c0778565abff112c0c5257329a7750ec4605e62f26cc36851fa1fbee6e03c70c  providers/implementations/kdfs/pbkdf2.h
@@ -616,9 +616,9 @@ e695d71a366cc716221c1f033bacbc8e926c7daaa79c6dea09df3bb4f1a9a99d  providers/impl
 d364c74d2d524a16cec8453db383e4d1d9dea19079d23717e8c499c3627ec1fb  providers/implementations/keymgmt/dsa_kmgmt.c
 3964a23ac071b0d6e54ea12c382e98abe1becfd9890194d94804715002b2b5b8  providers/implementations/keymgmt/ec_kmgmt.c
 258ae17bb2dd87ed1511a8eb3fe99eed9b77f5c2f757215ff6b3d0e8791fc251  providers/implementations/keymgmt/ec_kmgmt_imexport.inc
-267df296ad6751d4ef4ade0ed904a12586267563212fafdcea0319897d6ef383  providers/implementations/keymgmt/ecx_kmgmt.c
+6eec739061aafb2d4f46d37d986173e545120a5ababbfbe30062f788c871a5ab  providers/implementations/keymgmt/ecx_kmgmt.c
 daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
-17d6bc9f386f147765d9653639056dcb40e258239a5a9fdc4876a4f0a1d47c21  providers/implementations/keymgmt/mac_legacy_kmgmt.c
+d97d7c8d3410b3e560ef2becaea2a47948e22205be5162f964c5e51a7eef08cb  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 9034a66a4bae1a15e127a5eca94bcec2ecaa971b205e945fcf7fba6b6bb8e47d  providers/implementations/keymgmt/rsa_kmgmt.c
 f2fc18af21f11b0e0ff9895f8b438caab4808256eaa680728b5e50736cc2c4b1  providers/implementations/macs/cmac_prov.c
 f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da  providers/implementations/macs/gmac_prov.c
@@ -626,11 +626,11 @@ f29f282463f5bc432129850619edc427fe1d6cc8aa107b5703b11858b48790da  providers/impl
 16f3dc42faceb235d7c4a495b9be7e8476094482de6ff421ab514390898154fd  providers/implementations/macs/kmac_prov.c
 3034074f99b02db045f2ccecc8782322e876dad07a3c169bdb24168b6b1f8cbd  providers/implementations/rands/crngt.c
 fcf5c044bbb92de1119759ead558ada3dfdf75db4874bd3bd0db1b46cb931190  providers/implementations/rands/drbg.c
-4db4ec624c473960114966ca891a690481b029ed1a0b943458d7bfe7dff3fee5  providers/implementations/rands/drbg_ctr.c
+1a462931420e527f8a39abad871c410afdff1bbb159e6404ee93d47cac0bd2a9  providers/implementations/rands/drbg_ctr.c
 e5c6f3ce421dc0e80e3c68c908e9338d2f74dfa6a3d2ebe0662ce61a165b0fca  providers/implementations/rands/drbg_hash.c
 2f762a617c9abd6d9355f54b35c4fe07164f200fbf31956c03bd0849f3e90f9d  providers/implementations/rands/drbg_hmac.c
 3e8a26ae26aab0b8ff02a20af59e5c187403df9a12c5bb69d7492b0843dfe47c  providers/implementations/rands/drbg_local.h
-e5fb82137f8afea68a67c1ea2d652831207961c53f14ab33ac0d879c9d0e8448  providers/implementations/rands/test_rng.c
+a9b5f9a3512cd21ebfa098c0402c023cf8b44236188138811949f9ba7642a961  providers/implementations/rands/test_rng.c
 a9aa31d091df5b8f6710dd36761dfe7d32b6da1881f8581bed85ad4e171b0969  providers/implementations/signature/dsa_sig.c
 66486eb25c13b2e1f71d754043a2ee3fcdd722a55724d74498a632a6dc9f7c2b  providers/implementations/signature/ecdsa_sig.c
 26dbd28678268ea63819c58276f435bafce3562cf6dcffacd363afe451c0235c  providers/implementations/signature/eddsa_sig.c

libs/openssl/providers/fips.checksum

@@ -1 +1 @@
-62792bb53845272b5ec23a57d33c262f09f2a446ca0f6a461647aec0205c2d09  providers/fips-sources.checksums
+8bce8273258a44e4a5042b7c2bbfdf92486276d268712412f18aacd3d4d090a0  providers/fips-sources.checksums

libs/openssl/providers/implementations/ciphers/cipher_aes_gcm_hw_armv8.inc

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,10 +15,8 @@
 size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t len,
                              const void *key, unsigned char ivec[16], u64 *Xi)
 {
-    size_t align_bytes = 0;
-    align_bytes = len - len % 16;
-
     AES_KEY *aes_key = (AES_KEY *)key;
+    size_t align_bytes = len - len % 16;
 
     switch(aes_key->rounds) {
         case 10:
@@ -49,10 +47,8 @@ size_t armv8_aes_gcm_encrypt(const unsigned char *in, unsigned char *out, size_t
 size_t armv8_aes_gcm_decrypt(const unsigned char *in, unsigned char *out, size_t len,
                              const void *key, unsigned char ivec[16], u64 *Xi)
 {
-    size_t align_bytes = 0;
-    align_bytes = len - len % 16;
-
     AES_KEY *aes_key = (AES_KEY *)key;
+    size_t align_bytes = len - len % 16;
 
     switch(aes_key->rounds) {
         case 10:

libs/openssl/providers/implementations/ciphers/cipher_chacha20_poly1305.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -32,7 +32,7 @@ static OSSL_FUNC_cipher_set_ctx_params_fn chacha20_poly1305_set_ctx_params;
 static OSSL_FUNC_cipher_cipher_fn chacha20_poly1305_cipher;
 static OSSL_FUNC_cipher_final_fn chacha20_poly1305_final;
 static OSSL_FUNC_cipher_gettable_ctx_params_fn chacha20_poly1305_gettable_ctx_params;
-#define chacha20_poly1305_settable_ctx_params ossl_cipher_aead_settable_ctx_params
+static OSSL_FUNC_cipher_settable_ctx_params_fn chacha20_poly1305_settable_ctx_params;
 #define chacha20_poly1305_gettable_params ossl_cipher_generic_gettable_params
 #define chacha20_poly1305_update chacha20_poly1305_cipher
 
@@ -158,6 +158,21 @@ static const OSSL_PARAM *chacha20_poly1305_gettable_ctx_params
     return chacha20_poly1305_known_gettable_ctx_params;
 }
 
+static const OSSL_PARAM chacha20_poly1305_known_settable_ctx_params[] = {
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_KEYLEN, NULL),
+    OSSL_PARAM_size_t(OSSL_CIPHER_PARAM_IVLEN, NULL),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_AAD, NULL, 0),
+    OSSL_PARAM_octet_string(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, NULL, 0),
+    OSSL_PARAM_END
+};
+static const OSSL_PARAM *chacha20_poly1305_settable_ctx_params(
+        ossl_unused void *cctx, ossl_unused void *provctx
+    )
+{
+    return chacha20_poly1305_known_settable_ctx_params;
+}
+
 static int chacha20_poly1305_set_ctx_params(void *vctx,
                                             const OSSL_PARAM params[])
 {
@@ -238,7 +253,6 @@ static int chacha20_poly1305_set_ctx_params(void *vctx,
             return 0;
         }
     }
-    /* ignore OSSL_CIPHER_PARAM_AEAD_MAC_KEY */
     return 1;
 }
 

libs/openssl/providers/implementations/digests/sha3_prov.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -19,7 +19,7 @@
 #include "prov/implementations.h"
 
 #define SHA3_FLAGS PROV_DIGEST_FLAG_ALGID_ABSENT
-#define SHAKE_FLAGS PROV_DIGEST_FLAG_XOF
+#define SHAKE_FLAGS (PROV_DIGEST_FLAG_XOF | PROV_DIGEST_FLAG_ALGID_ABSENT)
 #define KMAC_FLAGS PROV_DIGEST_FLAG_XOF
 
 /*

libs/openssl/providers/implementations/kdfs/hkdf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -263,13 +263,11 @@ static int hkdf_common_set_ctx_params(KDF_HKDF *ctx, const OSSL_PARAM params[])
     }
 
     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) {
-        if (p->data_size != 0 && p->data != NULL) {
-            OPENSSL_free(ctx->salt);
-            ctx->salt = NULL;
-            if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0,
-                                             &ctx->salt_len))
-                return 0;
-        }
+        OPENSSL_free(ctx->salt);
+        ctx->salt = NULL;
+        if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->salt, 0,
+                                         &ctx->salt_len))
+            return 0;
     }
 
     return 1;

libs/openssl/providers/implementations/keymgmt/ecx_kmgmt.c

@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -347,7 +347,6 @@ static const OSSL_PARAM ecx_gettable_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
-    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
     OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, NULL, 0),
     ECX_KEY_TYPES(),
     OSSL_PARAM_END
@@ -357,6 +356,7 @@ static const OSSL_PARAM ed_gettable_params[] = {
     OSSL_PARAM_int(OSSL_PKEY_PARAM_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_SECURITY_BITS, NULL),
     OSSL_PARAM_int(OSSL_PKEY_PARAM_MAX_SIZE, NULL),
+    OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_MANDATORY_DIGEST, NULL, 0),
     ECX_KEY_TYPES(),
     OSSL_PARAM_END
 };
@@ -486,6 +486,8 @@ static void *ecx_gen_init(void *provctx, int selection,
         gctx->libctx = libctx;
         gctx->type = type;
         gctx->selection = selection;
+    } else {
+        return NULL;
     }
     if (!ecx_gen_set_params(gctx, params)) {
         ecx_gen_cleanup(gctx);
@@ -719,6 +721,9 @@ static void ecx_gen_cleanup(void *genctx)
 {
     struct ecx_gen_ctx *gctx = genctx;
 
+    if (gctx == NULL)
+        return;
+
     OPENSSL_clear_free(gctx->dhkem_ikm, gctx->dhkem_ikmlen);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);