Avoid erroneous legacy code path when provided

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27075) (cherry picked from commit 27b88364e4)
apps/cms.c, apps/ocsp.c: Added NULL pointer checks
2025-03-20 11:33:56 +01:00 · 2025-03-20 11:31:52 +01:00 · 2025-03-20 11:19:29 +01:00 · 2025-03-19 10:56:05 +01:00 · 2025-03-18 18:53:00 +01:00 · 2025-03-17 08:23:21 -04:00
822 changed files with 13048 additions and 4395 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -6,7 +6,10 @@
 # For git archive
 fuzz/corpora/**                         export-ignore
 Configurations/*.norelease.conf         export-ignore
+# We generally avoid anything with a name starting with a period.
+# However, .ctags.d is precious, so we don't ignore that.
 .*                                      export-ignore
+.ctags.d                                !export-ignore
 util/mktar.sh                           export-ignore
 krb5                                    export-ignore
 pyca-cryptography                       export-ignore
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -26,7 +26,7 @@ env:

 jobs:
  check_update:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - name: install unifdef
      run: |
@ -45,7 +45,7 @@ jobs:
      run: git diff --exit-code

  check_docs:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: config
@ -65,7 +65,7 @@ jobs:
  # We are not as strict with libraries, but rather adapt to what's
  # expected to be available in a certain version of each platform.
  check-ansi:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: config
@ -74,7 +74,7 @@ jobs:
      run: make -s -j4

  basic_gcc:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -91,10 +91,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@basic-gcc"
+        path: artifacts.tar.gz

  basic_clang:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -108,15 +113,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@basic-clang"
+        path: artifacts.tar.gz

-  self-hosted:
-    if: github.repository == 'openssl/openssl'
-    strategy:
-      matrix:
-        os: [freebsd-13.2, ubuntu-arm64-22.04]
-    runs-on: ${{ matrix.os }}-self-hosted
-    continue-on-error: true
+  linux-arm64:
+    runs-on: ${{ github.repository == 'openssl/openssl' && 'linux-arm64' || 'ubuntu-24.04-arm' }}
    steps:
    - uses: actions/checkout@v4
    - name: config
@ -126,12 +131,60 @@ jobs:
    - name: make
      run: make -j4
    - name: get cpu info
-      run: ./util/opensslwrap.sh version -c
+      run: |
+        cat /proc/cpuinfo
+        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@linux-arm64"
+        path: artifacts.tar.gz
+
+  freebsd-x86_64:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: config
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        shutdown_vm: false
+        run: |
+          sudo pkg install -y gcc perl5
+          ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+    - name: config dump
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        shutdown_vm: false
+        run: ./configdata.pm --dump
+    - name: make
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        shutdown_vm: false
+        run: make -j4
+    - name: make test
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        run: |
+          ./util/opensslwrap.sh version -c
+          .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@BSD-x86_64"
+        path: artifacts.tar.gz

  minimal:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -145,10 +198,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@minimal"
+        path: artifacts.tar.gz

  no-deprecated:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -162,10 +220,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@no-deprecated"
+        path: artifacts.tar.gz

  no-shared-ubuntu:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -179,11 +242,19 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@no-shared-ubuntu"
+        path: artifacts.tar.gz

  no-shared-macos:
-    runs-on: macos-latest
-    if: github.server_url == 'https://github.com'
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-13, macos-14]
+    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -197,10 +268,15 @@ jobs:
        sysctl machdep.cpu
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@no-shared-${{ matrix.os }}"
+        path: artifacts.tar.gz

  non-caching:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -218,10 +294,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
+      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@non-caching"
+        path: artifacts.tar.gz

  address_ub_sanitizer:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -239,10 +320,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
+      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@address_ub_sanitizer"
+        path: artifacts.tar.gz

  fuzz_tests:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -260,10 +346,16 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
+      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@fuzz_tests"
+        path: artifacts.tar.gz
+        if-no-files-found: ignore

  memory_sanitizer:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -274,7 +366,7 @@ jobs:
        sudo sysctl -w vm.mmap_rnd_bits=28
    - name: config
      # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: get cpu info
@ -282,10 +374,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
+      run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@memory_sanitizer"
+        path: artifacts.tar.gz

  threads_sanitizer:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -295,7 +392,7 @@ jobs:
        sudo cat /proc/sys/vm/mmap_rnd_bits
        sudo sysctl -w vm.mmap_rnd_bits=28
    - name: config
-      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured no-shared no-fips --strict-warnings -g -fsanitize=thread && perl configdata.pm --dump
    - name: make
      run: make -s -j4
    - name: get cpu info
@ -303,10 +400,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@threads_sanitizer"
+        path: artifacts.tar.gz

  enable_non-default_options:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -322,10 +424,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@enable_non-default_options"
+        path: artifacts.tar.gz

  full_featured:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -335,7 +442,7 @@ jobs:
    - name: Enable sctp
      run: sudo modprobe sctp
    - name: Enable auth in sctp
-      run: sudo sysctl -w net.sctp.auth_enable=1 
+      run: sudo sysctl -w net.sctp.auth_enable=1
    - name: install extra config support
      run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
    - name: config
@ -347,10 +454,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@full_featured"
+        path: artifacts.tar.gz

  no-legacy:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -364,10 +476,15 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@no-legacy"
+        path: artifacts.tar.gz

  legacy:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -381,7 +498,12 @@ jobs:
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: .github/workflows/make-test
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@legacy"
+        path: artifacts.tar.gz

  # out-of-source-and-install checks multiple things at the same time:
  # - That building, testing and installing works from an out-of-source
@ -389,7 +511,7 @@ jobs:
  # - That building, testing and installing works with a read-only source
  #   tree
  out-of-readonly-source-and-install-ubuntu:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
      with:
@ -417,15 +539,23 @@ jobs:
        ./util/opensslwrap.sh version -c
      working-directory: ./build
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: ../source/.github/workflows/make-test
      working-directory: ./build
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@out-of-readonly-source-and-install-ubuntu"
+        path: build/artifacts.tar.gz
    - name: make install
      run: make install
      working-directory: ./build

  out-of-readonly-source-and-install-macos:
-    runs-on: macos-latest
-    if: github.server_url == 'https://github.com'
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [macos-13, macos-14]
+    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v4
      with:
@ -453,14 +583,19 @@ jobs:
        ./util/opensslwrap.sh version -c
      working-directory: ./build
    - name: make test
-      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+      run: ../source/.github/workflows/make-test
      working-directory: ./build
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}"
+        path: build/artifacts.tar.gz
    - name: make install
      run: make install
      working-directory: ./build

  external-tests:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
      with:
@ -470,7 +605,7 @@ jobs:
        sudo apt-get update
        sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
    - name: install cpanm and Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@v1
+      uses: perl-actions/install-with-cpanm@stable
      with:
        install: Test2::V0
    - name: setup hostname workaround
@ -493,7 +628,7 @@ jobs:
      run: make test TESTS="test_external_oqsprovider"

  external-test-pyca:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    strategy:
      matrix:
        RUST:
@ -509,7 +644,7 @@ jobs:
    - name: make
      run: make -s -j4
    - name: Setup Python
-      uses: actions/setup-python@v5.0.0
+      uses: actions/setup-python@v5.3.0
      with:
        python-version: ${{ matrix.PYTHON }}
    - uses: dtolnay/rust-toolchain@master
@ -523,7 +658,7 @@ jobs:
      run: make test TESTS="test_external_pyca" VERBOSE=1

  external-test-cf-quiche:
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
      with:
--- a/.github/workflows/compiler-zoo.yml
+++ b/.github/workflows/compiler-zoo.yml
@ -19,17 +19,11 @@ jobs:
      matrix:
        zoo: [
          {
-            cc: gcc-7,
-            distro: ubuntu-20.04
-          }, {
-            cc: gcc-8,
-            distro: ubuntu-20.04
-          }, {
            cc: gcc-9,
-            distro: ubuntu-20.04
+            distro: ubuntu-22.04
          }, {
            cc: gcc-10,
-            distro: ubuntu-20.04
+            distro: ubuntu-22.04
          }, {
            cc: gcc-11,
            distro: ubuntu-22.04
@ -40,27 +34,12 @@ jobs:
            cc: gcc-13,
            distro: ubuntu-22.04,
            gcc-ppa-name: ubuntu-toolchain-r/test
-          }, {
-            cc: clang-6.0,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-7,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-8,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-9,
-            distro: ubuntu-20.04
-          }, {
-            cc: clang-10,
-            distro: ubuntu-20.04
          }, {
            cc: clang-11,
-            distro: ubuntu-20.04
+            distro: ubuntu-22.04
          }, {
            cc: clang-12,
-            distro: ubuntu-20.04
+            distro: ubuntu-22.04
          }, {
            cc: clang-13,
            distro: ubuntu-22.04
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -50,7 +50,7 @@ jobs:
        sudo apt-get -yq install lcov
        sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
    - name: install Test2::V0 for gost_engine testing
-      uses: perl-actions/install-with-cpanm@v1
+      uses: perl-actions/install-with-cpanm@stable
      with:
        install: Test2::V0
    - name: setup hostname workaround
@ -76,7 +76,7 @@ jobs:
             --exclude "/usr/include/*"
              -o ./lcov.info
    - name: Coveralls upload
-      uses: coverallsapp/github-action@v2.2.3
+      uses: coverallsapp/github-action@v2.3.2
      with:
        github-token: ${{ secrets.github_token }}
        git-branch: ${{ matrix.branches.branch }}
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -96,10 +96,7 @@ jobs:
          }, {
            arch: powerpc64le-linux-gnu,
            libs: libc6-dev-ppc64el-cross,
-            # The default compiler for this platform on Ubuntu 20.04 seems
-            # buggy and causes test failures. Dropping the optimisation level
-            # resolves it.
-            target: -O2 linux-ppc64le
+            target: linux-ppc64le
          }, {
            arch: riscv64-linux-gnu,
            libs: libc6-dev-riscv64-cross,
@ -126,7 +123,7 @@ jobs:
          }, {
            arch: m68k-linux-gnu,
            libs: libc6-dev-m68k-cross,
-            target: -mcfv4e linux-latomic -Wno-stringop-overflow no-quic,
+            target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic,
            tests: none
          }, {
            arch: mips-linux-gnu,
@ -148,7 +145,7 @@ jobs:
            tests: none
          }
        ]
-    runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+    runs-on: ubuntu-latest
    steps:
    - name: install package repository
      if: matrix.platform.ppa != ''
@ -201,18 +198,24 @@ jobs:
    - name: make all tests
      if: github.event_name == 'push' && matrix.platform.tests == ''
      run: |
-        make test HARNESS_JOBS=${HARNESS_JOBS:-4} \
+        .github/workflows/make-test \
                  TESTS="-test_afalg" \
                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
    - name: make some tests
      if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
      run: |
-        make test HARNESS_JOBS=${HARNESS_JOBS:-4} \
+        .github/workflows/make-test \
                  TESTS="${{ matrix.platform.tests }} -test_afalg" \
                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
    - name: make evp tests
      if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
      run: |
-        make test HARNESS_JOBS=${HARNESS_JOBS:-4} \
+        .github/workflows/make-test \
                  TESTS="test_evp*" \
                  QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
+    - name: save artifacts
+      uses: actions/upload-artifact@v4
+      with:
+        name: "cross-compiles@${{ matrix.platform.arch }}"
+        path: artifacts.tar.gz
+        if-no-files-found: ignore
--- a/.github/workflows/deploy-docs-openssl-org.yml
+++ b/.github/workflows/deploy-docs-openssl-org.yml
@ -0,0 +1,23 @@
+name: "Trigger docs.openssl.org deployment"
+
+on:
+  push:
+    branches:
+      - "openssl-3.[0-9]+"
+      - "master"
+    paths:
+      - "doc/man*/**"
+
+jobs:
+  trigger:
+    runs-on: ubuntu-latest
+    steps:
+      - name: "Trigger deployment workflow"
+        run: |
+          gh workflow run -f branch=${{ github.ref_name }} deploy-site.yaml
+          sleep 3
+          RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
+          gh run watch ${RUN_ID} --exit-status
+        env:
+          GH_REPO: "openssl/openssl-docs"
+          GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}
--- a/.github/workflows/fips-checksums.yml
+++ b/.github/workflows/fips-checksums.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/.github/workflows/fips-label.yml
+++ b/.github/workflows/fips-label.yml
@ -80,6 +80,7 @@ jobs:
              }
            }
      - name: 'Cleanup artifact'
+        if: ${{ github.event.workflow_run.conclusion == 'success' }}
        run: rm artifact.zip pr_num

      - name: 'Download abidiff artifact'
@ -133,7 +134,7 @@ jobs:
                    issue_number: pr_num,
                    owner: context.repo.owner,
                    repo: context.repo.repo,
-                    name: 'severity: fips change'
+                    name: 'severity: ABI change'
                  });
                }
              }
--- a/.github/workflows/fuzz-checker.yml
+++ b/.github/workflows/fuzz-checker.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -21,28 +21,28 @@ jobs:
          {
            name: AFL,
            config: enable-fuzz-afl no-module,
-            install: afl++-clang,
+            install: afl++,
            cc: afl-clang-fast
          }, {
            name: libFuzzer,
-            config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
-            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
-            install: libfuzzer-12-dev,
-            cc: clang-12,
-            linker: clang++-12,
+            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
+            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
+            install: libfuzzer-18-dev,
+            cc: clang-18,
+            linker: clang++-18,
            tests: -test_memleak
          }, {
            name: libFuzzer+,
-            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
-            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
+            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
+            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
-            install: libfuzzer-12-dev,
-            cc: clang-12,
-            linker: clang++-12,
+            install: libfuzzer-18-dev,
+            cc: clang-18,
+            linker: clang++-18,
            tests: -test_memleak
          }
        ]
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
    steps:
    - name: install packages
      run: |
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -1,4 +1,4 @@
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/.github/workflows/make-release.yml
+++ b/.github/workflows/make-release.yml
@ -0,0 +1,41 @@
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+name: "Make release"
+
+on:
+  push:
+    tags:
+      - "openssl-*"
+
+jobs:
+  release:
+    runs-on: "releaser"
+    steps:
+    - name: "Checkout"
+      uses: "actions/checkout@v4"
+      with:
+        fetch-depth: 1
+        ref: ${{ github.ref_name }}
+        github-server-url: "https://github.openssl.org/"
+        repository: "openssl/openssl"
+        token: ${{ secrets.GHE_TOKEN }}
+        path: ${{ github.ref_name }}
+    - name: "Prepare assets"
+      run: |
+        cd ${{ github.ref_name }}
+        ./util/mktar.sh
+        mkdir assets && mv ${{ github.ref_name }}.tar.gz assets/ && cd assets
+        openssl sha1 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha1
+        openssl sha256 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha256
+        gpg -u ${{ vars.signing_key_uid }} -o ${{ github.ref_name }}.tar.gz.asc -sba ${{ github.ref_name }}.tar.gz
+    - name: "Create release"
+      env:
+        GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
+      run: |
+        VERSION=$(echo ${{ github.ref_name }} | cut -d "-" -f 2-)
+        gh release create ${{ github.ref_name }} -t "OpenSSL $VERSION" -d --notes " " -R ${{ github.repository }} ${{ github.ref_name }}/assets/*
--- a/.github/workflows/make-test
+++ b/.github/workflows/make-test
@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+set -eo pipefail
+
+cleanup() {
+    # Remove if nothing was generated.
+    [ -d artifacts ] && find artifacts -type d -empty -delete
+}
+trap cleanup EXIT
+
+# Make a central directory to store all output artifacts of our test run to
+# avoid having to configure multiple upload-artifacts steps in the workflow
+# file.
+OSSL_CI_ARTIFACTS_PATH="artifacts/"
+if [ -n "${GITHUB_RUN_NUMBER}" ]; then
+    OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/"
+fi
+mkdir -p "$OSSL_CI_ARTIFACTS_PATH"
+export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)"
+
+# Run the tests. This might fail, but we need to capture artifacts anyway.
+set +e
+make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@"
+RESULT=$?
+set -e
+
+# Move an interesting subset of the test-runs data we want into the artifacts
+# staging directory.
+for test_name in quic_multistream; do
+    if [ -d "test-runs/test_${test_name}" ]; then
+        mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/"
+    fi
+done
+
+# Log the artifact tree.
+echo "::group::List of artifact files generated"
+echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
+(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort)
+echo "::endgroup::"
+
+echo "Archive artifacts"
+tar -czvf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
+
+exit $RESULT
--- a/.github/workflows/os-zoo.yml
+++ b/.github/workflows/os-zoo.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -105,7 +105,7 @@ jobs:
      fail-fast: false
      matrix:
        branch: [openssl-3.0, openssl-3.1, master]
-        os: [macos-11, macos-12, macos-13]
+        os: [macos-13, macos-14, macos-15]
    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v4
@ -167,12 +167,8 @@ jobs:
      working-directory: _build
      run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4

-  self-hosted:
-    strategy:
-      matrix:
-        os: [freebsd-13.2, ubuntu-arm64-22.04]
-    runs-on: ${{ matrix.os }}-self-hosted
-    continue-on-error: true
+  linux-arm64:
+    runs-on: linux-arm64
    steps:
    - uses: actions/checkout@v4
    - name: config
@ -185,3 +181,39 @@ jobs:
      run: ./util/opensslwrap.sh version -c
    - name: make test
      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
+  freebsd-x86_64:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: config
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        shutdown_vm: false
+        run: |
+          sudo pkg install -y gcc perl5
+          ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+    - name: config dump
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        shutdown_vm: false
+        run: ./configdata.pm --dump
+    - name: make
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        shutdown_vm: false
+        run: make -j4
+    - name: make test
+      uses: cross-platform-actions/action@v0.26.0
+      with:
+        operating_system: freebsd
+        version: "13.4"
+        run: |
+          ./util/opensslwrap.sh version -c
+          .github/workflows/make-test
--- a/.github/workflows/prov-compat-label.yml
+++ b/.github/workflows/prov-compat-label.yml
@ -0,0 +1,266 @@
+# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+# This verifies that FIPS and legacy providers built against some earlier
+# released versions continue to run against the current branch.
+
+name: Provider compatibility for PRs
+
+on: [pull_request]
+
+permissions:
+  contents: read
+
+env:
+  opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
+
+jobs:
+  fips-releases:
+    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
+    strategy:
+      matrix:
+        release: [
+          # Formally released versions should be added here.
+          #     `dir' it the directory inside the tarball.
+          #     `tgz' is the name of the tarball.
+          #     `url' is the download URL.
+          {
+            dir: openssl-3.0.0,
+            tgz: openssl-3.0.0.tar.gz,
+            url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
+          },
+          {
+            dir: openssl-3.0.8,
+            tgz: openssl-3.0.8.tar.gz,
+            url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
+          },
+          {
+            dir: openssl-3.0.9,
+            tgz: openssl-3.0.9.tar.gz,
+            url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
+          },
+          {
+            dir: openssl-3.1.2,
+            tgz: openssl-3.1.2.tar.gz,
+            url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
+          },
+        ]
+
+    runs-on: ubuntu-latest
+    steps:
+      - name: create download directory
+        run: mkdir downloads
+      - name: download release source
+        run: wget --no-verbose ${{ matrix.release.url }}
+        working-directory: downloads
+      - name: unpack release source
+        run: tar xzf downloads/${{ matrix.release.tgz }}
+
+      - name: localegen
+        run: sudo locale-gen tr_TR.UTF-8
+
+      - name: config release
+        run: |
+          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
+        working-directory: ${{ matrix.release.dir }}
+      - name: config dump release
+        run: ./configdata.pm --dump
+        working-directory: ${{ matrix.release.dir }}
+
+      - name: make release
+        run: make -s -j4
+        working-directory: ${{ matrix.release.dir }}
+
+      - name: create release artifacts
+        run: |
+          tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
+
+      - name: show module versions from release
+        run: |
+          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
+                                                 -provider base             \
+                                                 -provider default          \
+                                                 -provider fips             \
+                                                 -provider legacy           \
+                                                 -providers
+        working-directory: ${{ matrix.release.dir }}
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.release.tgz }}
+          path: ${{ matrix.release.tgz }}
+          retention-days: 7
+
+  development-branches:
+    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
+    strategy:
+      matrix:
+        branch: [
+          # Currently supported FIPS capable branches should be added here.
+          #     `name' is the branch name used to checkout out.
+          #     `dir' directory that will be used to build and test in.
+          #     `tgz' is the name of the tarball use to keep the artifacts of
+          #         the build.
+          {
+            name: '',
+            dir: PR,
+            tgz: PR.tar.gz,
+          }, {
+            name: openssl-3.0,
+            dir: branch-3.0,
+            tgz: branch-3.0.tar.gz,
+          }, {
+            name: openssl-3.1,
+            dir: branch-3.1,
+            tgz: branch-3.1.tar.gz,
+          }, {
+            name: openssl-3.2,
+            dir: branch-3.2,
+            tgz: branch-3.2.tar.gz,
+          }, {
+            name: openssl-3.3,
+            dir: branch-3.3,
+            tgz: branch-3.3.tar.gz,
+          }, {
+            name: master,
+            dir: branch-master,
+            tgz: branch-master.tar.gz,
+          },
+        ]
+
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          path: ${{ matrix.branch.dir }}
+          repository: openssl/openssl
+          ref: ${{ matrix.branch.name }}
+      - name: localegen
+        run: sudo locale-gen tr_TR.UTF-8
+
+      - name: config branch
+        run: |
+          ./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
+        working-directory: ${{ matrix.branch.dir }}
+      - name: config dump current
+        run: ./configdata.pm --dump
+        working-directory: ${{ matrix.branch.dir }}
+
+      - name: make branch
+        run: make -s -j4
+        working-directory: ${{ matrix.branch.dir }}
+
+      - name: create branch artifacts
+        run: |
+          tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
+
+      - name: show module versions from branch
+        run: |
+          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
+                                                 -provider base             \
+                                                 -provider default          \
+                                                 -provider fips             \
+                                                 -provider legacy           \
+                                                 -providers
+        working-directory: ${{ matrix.branch.dir }}
+
+      - name: get cpu info
+        run: |
+          cat /proc/cpuinfo
+          ./util/opensslwrap.sh version -c
+        working-directory: ${{ matrix.branch.dir }}
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{ matrix.branch.tgz }}
+          path: ${{ matrix.branch.tgz }}
+          retention-days: 7
+
+  cross-testing:
+    if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
+    needs: [fips-releases, development-branches]
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        # These can't be figured out earlier and included here as a variable
+        # substitution.
+        #
+        # Note that releases are not used as a test environment for
+        # later providers.  Problems in these situations ought to be
+        # caught by cross branch testing before the release.
+        tree_a: [ branch-master, branch-3.3, branch-3.2, branch-3.1, branch-3.0,
+                  openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
+        tree_b: [ PR ]
+        include:
+          - tree_a: PR
+            tree_b: branch-master
+          - tree_a: PR
+            tree_b: branch-3.3
+          - tree_a: PR
+            tree_b: branch-3.2
+          - tree_a: PR
+            tree_b: branch-3.1
+          - tree_a: PR
+            tree_b: branch-3.0
+    steps:
+      - name: early exit checks
+        id: early_exit
+        run: |
+          if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ];           \
+          then                                                              \
+            echo "Skipping because both are the same version";              \
+            exit 1;                                                         \
+          fi
+        continue-on-error: true
+
+      - uses: actions/download-artifact@v4.1.8
+        if: steps.early_exit.outcome == 'success'
+        with:
+          name: ${{ matrix.tree_a }}.tar.gz
+      - name: unpack first build
+        if: steps.early_exit.outcome == 'success'
+        run: tar xzf "${{ matrix.tree_a }}.tar.gz"
+
+      - uses: actions/download-artifact@v4.1.8
+        if: steps.early_exit.outcome == 'success'
+        with:
+          name: ${{ matrix.tree_b }}.tar.gz
+      - name: unpack second build
+        if: steps.early_exit.outcome == 'success'
+        run: tar xzf "${{ matrix.tree_b }}.tar.gz"
+
+      - name: set up cross validation of FIPS from A with tree from B
+        if: steps.early_exit.outcome == 'success'
+        run: |
+          cp providers/fips.so ../${{ matrix.tree_b }}/providers/
+          cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
+        working-directory: ${{ matrix.tree_a }}
+
+      - name: show module versions from cross validation
+        if: steps.early_exit.outcome == 'success'
+        run: |
+          ./util/wrap.pl -fips apps/openssl list -provider-path providers   \
+                                                 -provider base             \
+                                                 -provider default          \
+                                                 -provider fips             \
+                                                 -provider legacy           \
+                                                 -providers
+        working-directory: ${{ matrix.tree_b }}
+
+      - name: get cpu info
+        if: steps.early_exit.outcome == 'success'
+        run: |
+          cat /proc/cpuinfo
+          ./util/opensslwrap.sh version -c
+        working-directory: ${{ matrix.tree_b }}
+
+      - name: run cross validation tests of FIPS from A with tree from B
+        if: steps.early_exit.outcome == 'success'
+        run: |
+          make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+        working-directory: ${{ matrix.tree_b }}
--- a/.github/workflows/provider-compatibility.yml
+++ b/.github/workflows/provider-compatibility.yml
@ -1,4 +1,4 @@
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -201,7 +201,7 @@ jobs:
          fi
        continue-on-error: true

-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v4.1.8
        if: steps.early_exit.outcome == 'success'
        with:
          name: ${{ matrix.tree_a }}.tar.gz
@ -209,7 +209,7 @@ jobs:
        if: steps.early_exit.outcome == 'success'
        run: tar xzf "${{ matrix.tree_a }}.tar.gz"

-      - uses: actions/download-artifact@v4
+      - uses: actions/download-artifact@v4.1.8
        if: steps.early_exit.outcome == 'success'
        with:
          name: ${{ matrix.tree_b }}.tar.gz
--- a/.github/workflows/run-checker-ci.yml
+++ b/.github/workflows/run-checker-ci.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -313,7 +313,7 @@ jobs:
  enable_tfo:
    strategy:
      matrix:
-        os: [ ubuntu-latest, macos-latest ]
+        os: [ ubuntu-latest, macos-13, macos-14 ]
    runs-on: ${{matrix.os}}
    steps:
    - uses: actions/checkout@v4
--- a/.github/workflows/run-checker-merge.yml
+++ b/.github/workflows/run-checker-merge.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -18,7 +18,7 @@ jobs:
      fail-fast: false
      matrix:
        opt: [
-          enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT,
+          enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
          no-ct,
          no-dso,
          no-dynamic-engine,
@ -26,7 +26,7 @@ jobs:
          no-engine no-shared,
          no-err,
          no-filenames,
-          enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment,
+          enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
          no-module,
          no-ocsp,
          no-pinshared,
@ -57,3 +57,24 @@ jobs:
        if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
    - name: make test
      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
+  threads_sanitizer_atomic_fallback:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: checkout fuzz/corpora submodule
+      run: git submodule update --init --depth 1 fuzz/corpora
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - name: config
+      run: CC=clang ./config --banner=Configured no-shared no-fips --strict-warnings -g -fsanitize=thread -DBROKEN_CLANG_ATOMICS && perl configdata.pm --dump
+    - name: make
+      run: make -s -j4
+    - name: get cpu info
+      run: |
+        cat /proc/cpuinfo
+        ./util/opensslwrap.sh version -c
+    - name: make test
+      run: make test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
--- a/.github/workflows/style-checks.yml
+++ b/.github/workflows/style-checks.yml
@ -0,0 +1,55 @@
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+name: Coding style validation 
+
+on: [pull_request]
+
+env:
+  PR_NUMBER: ${{ github.event.number }}
+  GH_TOKEN: ${{ github.token }}
+
+permissions:
+  contents: read
+
+jobs:
+  check-style:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+        path: openssl
+    - name: check style for each commit 
+      working-directory: openssl
+      shell: bash
+      run: |
+        ERRORS_FOUND=0
+        git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF
+        REFSTART=$(git rev-parse $GITHUB_BASE_REF)
+        REFEND=$(git rev-parse HEAD)
+        echo "Checking from $REFSTART to $REFEND"
+        for i in $(git log --no-merges --format=%H $REFSTART..$REFEND)
+        do
+          echo "::group::Style report for commit $i"
+          set +e
+          ./util/check-format-commit.sh $i
+          if [ $? -ne 0 ]
+          then
+            ERRORS_FOUND=1
+          fi
+          set -e
+          echo "::endgroup::"
+        done
+        SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name')
+        if [ -z "$SKIP_TEST" ]
+        then
+          exit $ERRORS_FOUND
+        else
+          echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors"
+          exit 0
+        fi
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@ -1,4 +1,4 @@
-# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -17,15 +17,17 @@ jobs:
    # Run a job for each of the specified target architectures:
    strategy:
      matrix:
-        os:
-          - windows-2019
-          - windows-2022
        platform:
          - arch: win64
+            os: windows-2019
            config: enable-fips
+          - arch: win64
+            os: windows-2022
+            config: enable-fips no-thread-pool no-quic
          - arch: win32
+            os: windows-2022
            config: --strict-warnings no-fips
-    runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }}
+    runs-on: ${{ matrix.platform.os }}
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -75,9 +77,9 @@ jobs:
    strategy:
      matrix:
        os:
-          - windows-2019
+# Reducing CI footprint  - windows-2019
          - windows-2022
-    runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }}
+    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -113,8 +115,8 @@ jobs:
      matrix:
        os:
          - windows-2019
-          - windows-2022
-    runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }}
+# Reducing CI footprint  - windows-2022
+    runs-on: ${{ matrix.os }}
    steps:
    - uses: actions/checkout@v4
    - name: checkout fuzz/corpora submodule
@ -159,7 +161,7 @@ jobs:
 # are we really learning sth new from win32? So let's save some CO2 for now disabling this
 #          - arch: win32
 #            config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
-    runs-on: ${{ github.server_url == 'https://github.com' && matrix.os || format('{0}-self-hosted', matrix.os) }}
+    runs-on: ${{ matrix.os }}
    env:
      CYGWIN_NOWINPATH: 1
      SHELLOPTS: igncr
--- a/.github/workflows/windows_comp.yml
+++ b/.github/workflows/windows_comp.yml
@ -1,4 +1,4 @@
-# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
--- a/.gitignore
+++ b/.gitignore
@ -147,6 +147,9 @@ providers/common/include/prov/der_sm2.h
 /apps/progs.c
 /apps/progs.h

+# macOS
+.DS_Store
+
 # Windows (legacy)
 /tmp32
 /tmp32.dbg
--- a/CHANGES.md
+++ b/CHANGES.md
@ -26,7 +26,135 @@ OpenSSL Releases
 OpenSSL 3.3
 -----------

-### Changes between 3.2 and 3.3 [xx XXX xxxx]
+### Changes between 3.3.3 and 3.3.4 [xx XXX xxxx]
+
+ * When displaying distinguished names in the openssl application escape control
+   characters by default.
+
+   *Tomáš Mráz*
+
+### Changes between 3.3.2 and 3.3.3 [11 Feb 2025]
+
+ * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected.
+
+   Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a
+   server may fail to notice that the server was not authenticated, because
+   handshakes don't abort as expected when the SSL_VERIFY_PEER verification mode
+   is set.
+
+   ([CVE-2024-12797])
+
+   *Viktor Dukhovni*
+
+ * Fixed timing side-channel in ECDSA signature computation.
+
+   There is a timing signal of around 300 nanoseconds when the top word of
+   the inverted ECDSA nonce value is zero. This can happen with significant
+   probability only for some of the supported elliptic curves. In particular
+   the NIST P-521 curve is affected. To be able to measure this leak, the
+   attacker process must either be located in the same physical computer or
+   must have a very fast network connection with low latency.
+
+   ([CVE-2024-13176])
+
+   *Tomáš Mráz*
+
+ * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
+   curve parameters.
+
+   Use of the low-level GF(2^m) elliptic curve APIs with untrusted
+   explicit values for the field polynomial can lead to out-of-bounds memory
+   reads or writes.
+   Applications working with "exotic" explicit binary (GF(2^m)) curve
+   parameters, that make it possible to represent invalid field polynomials
+   with a zero constant term, via the above or similar APIs, may terminate
+   abruptly as a result of reading or writing outside of array bounds. Remote
+   code execution cannot easily be ruled out.
+
+   ([CVE-2024-9143])
+
+   *Viktor Dukhovni*
+
+### Changes between 3.3.1 and 3.3.2 [3 Sep 2024]
+
+ * Fixed possible denial of service in X.509 name checks.
+
+   Applications performing certificate name checks (e.g., TLS clients checking
+   server certificates) may attempt to read an invalid memory address when
+   comparing the expected name with an `otherName` subject alternative name of
+   an X.509 certificate. This may result in an exception that terminates the
+   application program.
+
+   ([CVE-2024-6119])
+
+   *Viktor Dukhovni*
+
+ * Fixed possible buffer overread in SSL_select_next_proto().
+
+   Calling the OpenSSL API function SSL_select_next_proto with an empty
+   supported client protocols buffer may cause a crash or memory contents
+   to be sent to the peer.
+
+   ([CVE-2024-5535])
+
+   *Matt Caswell*
+
+### Changes between 3.3.0 and 3.3.1 [4 Jun 2024]
+
+ * Fixed potential use after free after SSL_free_buffers() is called.
+
+   The SSL_free_buffers function is used to free the internal OpenSSL
+   buffer used when processing an incoming record from the network.
+   The call is only expected to succeed if the buffer is not currently
+   in use. However, two scenarios have been identified where the buffer
+   is freed even when still in use.
+
+   The first scenario occurs where a record header has been received
+   from the network and processed by OpenSSL, but the full record body
+   has not yet arrived. In this case calling SSL_free_buffers will succeed
+   even though a record has only been partially processed and the buffer
+   is still in use.
+
+   The second scenario occurs where a full record containing application
+   data has been received and processed by OpenSSL but the application has
+   only read part of this data. Again a call to SSL_free_buffers will
+   succeed even though the buffer is still in use.
+
+   ([CVE-2024-4741])
+
+   *Matt Caswell*
+
+ * Fixed an issue where checking excessively long DSA keys or parameters may
+   be very slow.
+
+   Applications that use the functions EVP_PKEY_param_check() or
+   EVP_PKEY_public_check() to check a DSA public key or DSA parameters may
+   experience long delays. Where the key or parameters that are being checked
+   have been obtained from an untrusted source this may lead to a Denial of
+   Service.
+
+   To resolve this issue DSA keys larger than OPENSSL_DSA_MAX_MODULUS_BITS
+   will now fail the check immediately with a DSA_R_MODULUS_TOO_LARGE error
+   reason.
+
+   ([CVE-2024-4603])
+
+   *Tomáš Mráz*
+
+ * Improved EC/DSA nonce generation routines to avoid bias and timing
+   side channel leaks.
+
+   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
+   and Hubert Kario from Red Hat for reporting the issues.
+
+   *Tomáš Mráz and Paul Dale*
+
+### Changes between 3.2 and 3.3.0 [9 Apr 2024]
+
+ * The `-verify` option to the `openssl crl` and `openssl req` will make
+   the program exit with 1 on failure.
+
+   *Vladimír Kotal*

 * The BIO_get_new_index() function can only be called 127 times before it
   reaches its upper bound of BIO_TYPE_MASK. It will now correctly return an
@ -150,6 +278,11 @@ OpenSSL 3.3

   *Hugo Landau*

+ * Limited support for polling of QUIC connection and stream objects in a
+   non-blocking manner. Refer to the SSL_poll(3) manpage for details.
+
+   *Hugo Landau*
+
 * Added APIs to allow querying the size and utilisation of a QUIC stream's
   write buffer. Refer to the SSL_get_value_uint(3) manpage for details.

@ -163,11 +296,72 @@ OpenSSL 3.3

   *Alexandr Nedvedicky*

+ * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
+
+   *Tom Cosgrove*
+
+ * Added X509_STORE_get1_objects to avoid issues with the existing
+   X509_STORE_get0_objects API in multi-threaded applications. Refer to the
+   documentation for details.
+
+   *David Benjamin*
+
+ * Added assembly implementation for md5 on loongarch64
+
+   *Min Zhou*
+
+ * Optimized AES-CTR for ARM Neoverse V1 and V2
+
+   *Fisher Yu*
+
+ * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
+   similar to M1/M2.
+
+   *Tom Cosgrove*
+
+ * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
+   times with different output sizes.
+
+   *Shane Lontis, Holger Dengler*
+
+ * Various optimizations for cryptographic routines using RISC-V vector crypto
+   extensions
+
+   *Christoph Müllner, Charalampos Mitrodimas, Ard Biesheuvel, Phoebe Chen,
+    Jerry Shih*
+
+ * Accept longer context for TLS 1.2 exporters
+
+   While RFC 5705 implies that the maximum length of a context for exporters is
+   65535 bytes as the length is embedded in uint16, the previous implementation
+   enforced a much smaller limit, which is less than 1024 bytes. This
+   restriction has been removed.
+
+   *Daiki Ueno*
+
 OpenSSL 3.2
 -----------

 ### Changes between 3.2.1 and 3.2.2 [xx XXX xxxx]

+ * Fixed an issue where some non-default TLS server configurations can cause
+   unbounded memory growth when processing TLSv1.3 sessions. An attacker may
+   exploit certain server configurations to trigger unbounded memory growth that
+   would lead to a Denial of Service
+
+   This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option
+   is being used (but not if early_data is also configured and the default
+   anti-replay protection is in use). In this case, under certain conditions,
+   the session cache can get into an incorrect state and it will fail to flush
+   properly as it fills. The session cache will continue to grow in an unbounded
+   manner. A malicious client could deliberately create the scenario for this
+   failure to force a Denial of Service. It may also happen by accident in
+   normal operation.
+
+   ([CVE-2024-2511])
+
+   *Matt Caswell*
+
 * Fixed bug where SSL_export_keying_material() could not be used with QUIC
   connections. (#23560)

@ -20540,6 +20734,13 @@ ndif

 <!-- Links -->

+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
+[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
+[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
+[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
+[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -3,13 +3,13 @@ HOW TO CONTRIBUTE TO OpenSSL

 Please visit our [Getting Started] page for other ideas about how to contribute.

-  [Getting Started]: <https://www.openssl.org/community/getting-started.html>
+  [Getting Started]: <https://openssl-library.org/community/getting-started>

 Development is done on GitHub in the [openssl/openssl] repository.

  [openssl/openssl]: <https://github.com/openssl/openssl>

-To request new a feature, ask a question, or report a bug,
+To request a new feature, ask a question, or report a bug,
 please open an [issue on GitHub](https://github.com/openssl/openssl/issues).

 To submit a patch or implement a new feature, please open a
@ -67,7 +67,8 @@ guidelines:
    often. We do not accept merge commits, you will have to remove them
    (usually by rebasing) before it will be acceptable.

- 4. Code provided should follow our [coding style] and compile without warnings.
+ 4. Code provided should follow our [coding style] and [documentation policy]
+    and compile without warnings.
    There is a [Perl tool](util/check-format.pl) that helps
    finding code formatting mistakes and other coding style nits.
    Where `gcc` or `clang` is available, you should use the
@ -76,7 +77,8 @@ guidelines:
    Clean builds via GitHub Actions are required. They are started automatically
    whenever a PR is created or updated by committers.

-    [coding style]: https://www.openssl.org/policies/technical/coding-style.html
+    [coding style]: https://openssl-library.org/policies/technical/coding-style/
+    [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/

 5. When at all possible, code contributions should include tests. These can
    either be added to an existing test, or completely new.  Please see
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@ -777,7 +777,14 @@ my %targets = (
        asm_arch         => 'aarch64',
        perlasm_scheme   => "linux64",
    },
-
+    "linux-arm64ilp32-clang" => {  # clang config abi by --target
+        inherit_from     => [ "linux-generic32" ],
+        CC               => "clang",
+        CXX              => "clang++",
+        bn_ops           => "SIXTY_FOUR_BIT RC4_CHAR",
+        asm_arch         => 'aarch64',
+        perlasm_scheme   => "linux64",
+    },
    "linux-mips32" => {
        # Configure script adds minimally required -march for assembly
        # support, if no -march was specified at command line.
@ -1407,6 +1414,25 @@ my %targets = (
        AR               => add("-X32"),
        RANLIB           => add("-X32"),
    },
+    # To enable openxl compiler for aix
+    # If 17.1 openxl runtime is available, -latomic can be used
+    # instead of -DBROKEN_CLANG_ATOMICS
+    "aix-clang" => {
+        inherit_from     => [ "aix-common" ],
+        CC               => "ibm-clang",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS",
+                            threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "BN_LLONG RC4_CHAR",
+        asm_arch         => 'ppc32',
+        perlasm_scheme   => "aix32",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add("-shared"),
+        AR               => add("-X32"),
+        RANLIB           => add("-X32"),
+    },
    # shared_target of "aix-solib" builds shared libraries packaged
    # without archives.  This improves the behavior of inter-library
    # references (libssl depending on libcrypto) when building with
@ -1438,6 +1464,23 @@ my %targets = (
        AR               => add("-X64"),
        RANLIB           => add("-X64"),
    },
+    "aix64-clang" => {
+        inherit_from     => [ "aix-common" ],
+        CC               => "ibm-clang",
+        CFLAGS           => picker(debug   => "-O0 -g",
+                                   release => "-O"),
+        cflags           => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large",
+                            threads("-pthread")),
+        ex_libs          => add(threads("-pthread")),
+        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
+        asm_arch         => 'ppc64',
+        perlasm_scheme   => "aix64",
+        shared_cflag     => "-fpic",
+        shared_ldflag    => add("-shared"),
+        shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
+        AR               => add("-X64"),
+        RANLIB           => add("-X64"),
+    },
    "aix64-cc-solib" => {
        inherit_from     => [ "aix64-cc" ],
        shared_target    => "aix-solib",
@ -2055,6 +2098,7 @@ my %targets = (
        cflag_incfirst   => '/FIRST_INCLUDE=',
        lib_defines      =>
            add("OPENSSL_USE_NODELETE",
+                "_XOPEN_SOURCE", "_XOPEN_SOURCE_EXTENDED=1",
                sub {
                    return vms_info()->{def_zlib}
                        ? "LIBZ=\"\"\"".vms_info()->{def_zlib}."\"\"\"" : ();
--- a/Configurations/15-ios.conf
+++ b/Configurations/15-ios.conf
@ -11,7 +11,7 @@ my %targets = (
        template         => 1,
        inherit_from     => [ "darwin-common" ],
        sys_id           => "iOS",
-        disable          => [ "shared", "async" ],
+        disable          => [ "async" ],
    },
    "ios-xcrun" => {
        inherit_from     => [ "ios-common" ],
--- a/Configurations/50-win-clang-cl.conf
+++ b/Configurations/50-win-clang-cl.conf
@ -11,7 +11,7 @@ my %targets = (
        multilib        => "-arm64",
        asm_arch        => "aarch64",
        AS        => "clang-cl.exe",
-        ASFLAGS   => "/nologo /Zi",
+        ASFLAGS   => "/nologo /Zi --target=arm64-pc-windows-msvc",
        asflags   => "/c",
        asoutflag => "/Fo",
        perlasm_scheme => "win64",
@ -25,8 +25,9 @@ my %targets = (
        bn_ops          => "SIXTY_FOUR_BIT RC4_CHAR",
        multilib        => "-arm64",
        asm_arch        => "aarch64",
+        CFLAGS        => add("--target=arm64-pc-windows-msvc"),
        AS        => "clang-cl.exe",
-        ASFLAGS   => "/nologo /Zi",
+        ASFLAGS   => "/nologo /Zi --target=arm64-pc-windows-msvc",
        asflags   => "/c",
        asoutflag => "/Fo",
        perlasm_scheme => "win64",
--- a/Configurations/descrip.mms.tmpl
+++ b/Configurations/descrip.mms.tmpl
@ -239,7 +239,7 @@
      # from these directories.
      push @{$unified_info{includes_extra}->{$obj}}, qw(./quic);
  }
-  foreach (grep /\[\.ssl\.(?:quic|record|statem)\].*?\.o$/, keys %{$unified_info{sources}}) {
+  foreach (grep /\[\.ssl\.(?:quic|record|statem|rio)\].*?\.o$/, keys %{$unified_info{sources}}) {
      my $obj = platform->obj($_);
      # Most of the files in [.ssl.record] and [.ssl.statem] include
      # "../ssl_local.h", which includes things like "record/record.h".
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@ -1740,7 +1740,7 @@ EOF
      } elsif ($makedep_scheme eq 'gcc' && !grep /\.rc$/, @srcs) {
          $recipe .= <<"EOF";
 $obj: $deps
-	$cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -MT \$\@ -c -o \$\@ $srcs
+	$cmd $incs $defs $cmdflags -MMD -MF $dep.tmp -c -o \$\@ $srcs
 	\@touch $dep.tmp
 	\@if cmp $dep.tmp $dep > /dev/null 2> /dev/null; then \\
 		rm -f $dep.tmp; \\
--- a/14
+++ b/14
@ -1,6 +1,6 @@
 #! /usr/bin/env perl
 # -*- mode: perl; -*-
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -167,7 +167,6 @@ my @gcc_devteam_warn = qw(
    -Wshadow
    -Wformat
    -Wno-type-limits
-    -Wno-tautological-constant-out-of-range-compare
    -Wundef
    -Werror
    -Wmissing-prototypes
@ -184,11 +183,11 @@ my @gcc_devteam_warn = qw(
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
 my @clang_devteam_warn = qw(
    -Wno-unknown-warning-option
-    -Wswitch-default
    -Wno-parentheses-equality
    -Wno-language-extension-token
    -Wno-extended-offsetof
    -Wno-missing-braces
+    -Wno-tautological-constant-out-of-range-compare
    -Wconditional-uninitialized
    -Wincompatible-pointer-types-discards-qualifiers
    -Wmissing-variable-declarations
@ -1658,7 +1657,7 @@ if (!$disabled{makedepend}) {
    disable('unavailable', 'makedepend') unless $config{makedep_scheme};
 }

-if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') {
+if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) {
    # probe for -Wa,--noexecstack option...
    if ($predefined_C{__clang__}) {
        # clang has builtin assembler, which doesn't recognize --help,
@ -3507,6 +3506,13 @@ sub absolutedir {
        return rel2abs($dir);
    }

+    # realpath() on Windows seems to check if the directory actually exists,
+    # which isn't what is wanted here.  All we want to know is if a directory
+    # spec is absolute, not if it exists.
+    if ($^O eq "MSWin32") {
+        return rel2abs($dir);
+    }
+
    # We use realpath() on Unix, since no other will properly clean out
    # a directory spec.
    use Cwd qw/realpath/;
--- a/INSTALL.md
+++ b/INSTALL.md
@ -530,7 +530,7 @@ Setting the FIPS HMAC key

 As part of its self-test validation, the FIPS module must verify itself
 by performing a SHA-256 HMAC computation on itself. The default key is
-the SHA256 value of "the holy handgrenade of antioch" and is sufficient
+the SHA256 value of "holy hand grenade of antioch" and is sufficient
 for meeting the FIPS requirements.

 To change the key to a different value, use this flag. The value should
@ -1291,7 +1291,7 @@ Configure OpenSSL
 ### Automatic Configuration

 In previous version, the `config` script determined the platform type and
-compiler and then called `Configure`. Starting with this release, they are
+compiler and then called `Configure`. Starting with version 3.0, they are
 the same.

 #### Unix / Linux / macOS
@ -1746,7 +1746,7 @@ More about our support resources can be found in the [SUPPORT] file.

 ### Configuration Errors

-If the `./Configure` or `./Configure` command fails with an error message,
+If the `./config` or `./Configure` command fails with an error message,
 read the error message carefully and try to figure out whether you made
 a mistake (e.g., by providing a wrong option), or whether the script is
 working incorrectly. If you think you encountered a bug, please
--- a/NEWS.md
+++ b/NEWS.md
@ -21,15 +21,184 @@ OpenSSL Releases
 OpenSSL 3.3
 -----------

-### Major changes between OpenSSL 3.2 and OpenSSL 3.3 [under development]
+### Major changes between OpenSSL 3.3.3 and OpenSSL 3.3.4 [under development]
+
+  * none
+
+### Major changes between OpenSSL 3.3.2 and OpenSSL 3.3.3 [11 Feb 2025]
+
+OpenSSL 3.3.3 is a security patch release. The most severe CVE fixed in this
+release is High.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed RFC7250 handshakes with unauthenticated servers don't abort as expected.
+    ([CVE-2024-12797])
+
+  * Fixed timing side-channel in ECDSA signature computation.
+    ([CVE-2024-13176])
+
+  * Fixed possible OOB memory access with invalid low-level GF(2^m) elliptic
+    curve parameters.
+    ([CVE-2024-9143])
+
+### Major changes between OpenSSL 3.3.1 and OpenSSL 3.3.2 [3 Sep 2024]
+
+OpenSSL 3.3.2 is a security patch release. The most severe CVE fixed in this
+release is Moderate.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed possible denial of service in X.509 name checks
+    ([CVE-2024-6119])
+
+  * Fixed possible buffer overread in SSL_select_next_proto()
+    ([CVE-2024-5535])
+
+### Major changes between OpenSSL 3.3.0 and OpenSSL 3.3.1 [4 Jun 2024]
+
+OpenSSL 3.3.1 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed potential use after free after SSL_free_buffers() is called
+    ([CVE-2024-4741])
+
+  * Fixed an issue where checking excessively long DSA keys or parameters may
+    be very slow
+    ([CVE-2024-4603])
+
+### Major changes between OpenSSL 3.2 and OpenSSL 3.3.0 [9 Apr 2024]
+
+OpenSSL 3.3.0 is a feature release adding significant new functionality to
+OpenSSL.
+
+This release adds the following new features:
+
+  * Support for qlog for tracing QUIC connections has been added
+
+  * Added APIs to allow configuring the negotiated idle timeout for QUIC
+    connections, and to allow determining the number of additional streams
+    that can currently be created for a QUIC connection.
+
+  * Added APIs to allow disabling implicit QUIC event processing for QUIC SSL
+    objects
+
+  * Added APIs to allow querying the size and utilisation of a QUIC stream's
+    write buffer
+
+  * New API `SSL_write_ex2`, which can be used to send an end-of-stream (FIN)
+    condition in an optimised way when using QUIC.
+
+  * Limited support for polling of QUIC connection and stream objects in a
+    non-blocking manner.
+
+  * Added a new EVP_DigestSqueeze() API. This allows SHAKE to squeeze multiple
+    times with different output sizes.

  * Added exporter for CMake on Unix and Windows, alongside the pkg-config
    exporter.

+  * The BLAKE2s hash algorithm matches BLAKE2b's support for configurable
+    output length.
+
+  * The EVP_PKEY_fromdata function has been augmented to allow for the
+    derivation of CRT (Chinese Remainder Theorem) parameters when requested
+
+  * Added API functions SSL_SESSION_get_time_ex(), SSL_SESSION_set_time_ex()
+    using time_t which is Y2038 safe on 32 bit systems when 64 bit time
+    is enabled
+
+  * Unknown entries in TLS SignatureAlgorithms, ClientSignatureAlgorithms
+    config options and the respective calls to SSL[_CTX]_set1_sigalgs() and
+    SSL[_CTX]_set1_client_sigalgs() that start with `?` character are
+    ignored and the configuration will still be used.
+
+  * Added `-set_issuer` and `-set_subject` options to `openssl x509` to
+    override the Issuer and Subject when creating a certificate. The `-subj`
+    option now is an alias for `-set_subject`.
+
+  * Added several new features of CMPv3 defined in RFC 9480 and RFC 9483
+
+  * New option `SSL_OP_PREFER_NO_DHE_KEX`, which allows configuring a TLS1.3
+    server to prefer session resumption using PSK-only key exchange over PSK
+    with DHE, if both are available.
+
+  * New atexit configuration switch, which controls whether the OPENSSL_cleanup
+    is registered when libcrypto is unloaded.
+
+  * Added X509_STORE_get1_objects to avoid issues with the existing
+    X509_STORE_get0_objects API in multi-threaded applications.
+
+This release incorporates the following potentially significant or incompatible
+changes:
+
+  * Applied AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
+
+  * Optimized AES-CTR for ARM Neoverse V1 and V2
+
+  * Enable AES and SHA3 optimisations on Applie Silicon M3-based MacOS systems
+    similar to M1/M2.
+
+  * Various optimizations for cryptographic routines using RISC-V vector crypto
+    extensions
+
+  * Added assembly implementation for md5 on loongarch64
+
+  * Accept longer context for TLS 1.2 exporters
+
+  * The activate and soft_load configuration settings for providers in
+    openssl.cnf have been updated to require a value of [1|yes|true|on]
+    (in lower or UPPER case) to enable the setting. Conversely a value
+    of [0|no|false|off] will disable the setting.
+
+  * In `openssl speed`, changed the default hash function used with `hmac` from
+    `md5` to `sha256`.
+
+  * The `-verify` option to the `openssl crl` and `openssl req` will make the
+    program exit with 1 on failure.
+
+  * The d2i_ASN1_GENERALIZEDTIME(), d2i_ASN1_UTCTIME(), ASN1_TIME_check(), and
+    related functions have been augmented to check for a minimum length of
+    the input string, in accordance with ITU-T X.690 section 11.7 and 11.8.
+
+  * OPENSSL_sk_push() and sk_<TYPE>_push() functions now return 0 instead of -1
+    if called with a NULL stack argument.
+
+  * New limit on HTTP response headers is introduced to HTTP client. The
+    default limit is set to 256 header lines.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * The BIO_get_new_index() function can only be called 127 times before it
+    reaches its upper bound of BIO_TYPE_MASK and will now return -1 once its
+    exhausted.
+
+A more detailed list of changes in this release can be found in the
+[CHANGES.md] file.
+
+Users interested in using the new QUIC functionality are encouraged to read the
+[README file for QUIC][README-QUIC.md], which provides links to relevant
+documentation and example code.
+
+As always, bug reports and issues relating to OpenSSL can be [filed on our issue
+tracker][issue tracker].
+
 OpenSSL 3.2
 -----------

-### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [under development]
+### Major changes between OpenSSL 3.2.1 and OpenSSL 3.2.2 [under development]
+
+OpenSSL 3.2.2 is a security patch release. The most severe CVE fixed in this
+release is Low.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed unbounded memory growth with session handling in TLSv1.3
+    ([CVE-2024-2511])
+
+### Major changes between OpenSSL 3.2.0 and OpenSSL 3.2.1 [30 Jan 2024]

 OpenSSL 3.2.1 is a security patch release. The most severe CVE fixed in this
 release is Low.
@ -38,8 +207,10 @@ This release incorporates the following bug fixes and mitigations:

  * Fixed PKCS12 Decoding crashes
    ([CVE-2024-0727])
+
  * Fixed excessive time spent checking invalid RSA public keys
    ([CVE-2023-6237])
+
  * Fixed POLY1305 MAC implementation corrupting vector registers on PowerPC
    CPUs which support PowerISA 2.07
    ([CVE-2023-6129])
@ -1592,6 +1763,13 @@ OpenSSL 0.9.x

 <!-- Links -->

+[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
+[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
+[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
+[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
+[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
+[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
+[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
 [CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
 [CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
 [CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
--- a/NOTES-NONSTOP.md
+++ b/NOTES-NONSTOP.md
@ -19,9 +19,7 @@ About c99 compiler

 The c99 compiler is required for building OpenSSL from source. While c11
 may work, it has not been broadly tested. c99 is the only compiler
-prerequisite needed to build OpenSSL 3.0 on this platform. You should also
-have the FLOSS package installed on your system. The ITUGLIB FLOSS package
-is the only FLOSS variant that has been broadly tested.
+prerequisite needed to build OpenSSL 3.0 on this platform.

 Threading Models
 ----------------
@ -37,6 +35,9 @@ for each on the TNS/X (L-Series) platform:

 The SPT threading model is no longer supported as of OpenSSL 3.2.

+The PUT model is incompatible with the QUIC capability. This capability should
+be disabled when building with PUT.
+
 ### TNS/E Considerations

 The TNS/E platform is build using the same set of builds specifying `nse`
@ -123,12 +124,9 @@ correctly, you also need the `COMP_ROOT` set, as in:

 `COMP_ROOT` needs to be in Windows form.

-`Configure` must specify the `no-makedepend` option otherwise errors will
-result when running the build because the c99 cross-compiler does not support
-the `gcc -MT` option. An example of a `Configure` command to be run from the
-OpenSSL directory is:
+An example of a `Configure` command to be run from the OpenSSL directory is:

-    ./Configure nonstop-nsx_64 no-makedepend --with-rand-seed=rdcpu
+    ./Configure nonstop-nsx_64 --with-rand-seed=rdcpu

 Do not forget to include any OpenSSL cross-compiling prefix and certificate
 options when creating your libraries.
--- a/README.md
+++ b/README.md
@ -64,7 +64,7 @@ For Production Use
 ------------------

 Source code tarballs of the official releases can be downloaded from
-[www.openssl.org/source](https://www.openssl.org/source).
+[openssl-library.org/source/](https://openssl-library.org/source/).
 The OpenSSL project does not distribute the toolkit in binary form.

 However, for a large variety of operating systems precompiled versions
@ -84,22 +84,18 @@ the source tarballs, having a local copy of the git repository with
 the entire project history gives you much more insight into the
 code base.

-The official OpenSSL Git Repository is located at [git.openssl.org].
-There is a GitHub mirror of the repository at [github.com/openssl/openssl],
+The main OpenSSL Git repository is private.
+There is a public GitHub mirror of it at [github.com/openssl/openssl],
 which is updated automatically from the former on every commit.

-A local copy of the Git Repository can be obtained by cloning it from
-the original OpenSSL repository using
-
-    git clone git://git.openssl.org/openssl.git
-
-or from the GitHub mirror using
+A local copy of the Git repository can be obtained by cloning it from
+the GitHub mirror using

    git clone https://github.com/openssl/openssl.git

 If you intend to contribute to OpenSSL, either to fix bugs or contribute
-new features, you need to fork the OpenSSL repository openssl/openssl on
-GitHub and clone your public fork instead.
+new features, you need to fork the GitHub mirror and clone your public fork
+instead.

    git clone https://github.com/yourname/openssl.git

@ -159,7 +155,7 @@ available online.
 Demos
 -----

-The are numerous source code demos for using various OpenSSL capabilities in the
+There are numerous source code demos for using various OpenSSL capabilities in the
 [demos subfolder](./demos).

 Wiki
@ -199,7 +195,7 @@ attempting to develop or distribute cryptographic code.
 Copyright
 =========

-Copyright (c) 1998-2023 The OpenSSL Project Authors
+Copyright (c) 1998-2025 The OpenSSL Project Authors

 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

@ -211,14 +207,6 @@ All rights reserved.
    <https://www.openssl.org>
    "OpenSSL Homepage"

-[git.openssl.org]:
-    <https://git.openssl.org>
-    "OpenSSL Git Repository"
-
-[git.openssl.org]:
-    <https://git.openssl.org>
-    "OpenSSL Git Repository"
-
 [github.com/openssl/openssl]:
    <https://github.com/openssl/openssl>
    "OpenSSL GitHub Mirror"
--- a/VERSION.dat
+++ b/VERSION.dat
@ -1,6 +1,6 @@
 MAJOR=3
 MINOR=3
-PATCH=0
+PATCH=4
 PRE_RELEASE_TAG=dev
 BUILD_METADATA=
 RELEASE_DATE=""
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -127,7 +127,8 @@ int asn1parse_main(int argc, char **argv)
            dump = strtol(opt_arg(), NULL, 0);
            break;
        case OPT_STRPARSE:
-            sk_OPENSSL_STRING_push(osk, opt_arg());
+            if (sk_OPENSSL_STRING_push(osk, opt_arg()) <= 0)
+                goto end;
            break;
        case OPT_GENSTR:
            genstr = opt_arg();
--- a/apps/cmp.c
+++ b/apps/cmp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright Nokia 2007-2019
 * Copyright Siemens AG 2015-2019
 *
@ -3435,13 +3435,28 @@ int cmp_main(int argc, char **argv)
                            opt_extracertsout, "extra") < 0)
            goto err;
        if (newcert != NULL && (opt_cmd == CMP_IR || opt_cmd == CMP_CR
-                                || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR))
-            if (!save_cert_or_delete(newcert, opt_certout, "newly enrolled")
-                || save_free_certs(OSSL_CMP_CTX_get1_newChain(cmp_ctx),
-                                   opt_chainout, "chain") < 0
-                || save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx),
-                                   opt_cacertsout, "CA") < 0)
+                                || opt_cmd == CMP_KUR || opt_cmd == CMP_P10CR)) {
+            STACK_OF(X509) *newchain = OSSL_CMP_CTX_get1_newChain(cmp_ctx);
+
+            if (newcert != NULL && newchain != NULL /* NULL is on error only */
+                && opt_certout != NULL && opt_chainout != NULL
+                && strcmp(opt_certout, opt_chainout) == 0) {
+                if (!X509_add_cert(newchain, newcert, X509_ADD_FLAG_PREPEND
+                                   | X509_ADD_FLAG_UP_REF)) {
+                    sk_X509_pop_free(newchain, X509_free);
+                    goto err;
+                }
+                if (!save_free_certs(newchain, opt_chainout, "newly enrolled cert and chain"))
+                    goto err;
+            } else {
+                if (save_free_certs(newchain, opt_chainout, "chain") < 0
+                    || !save_cert_or_delete(newcert, opt_certout, "newly enrolled"))
+                    goto err;
+            }
+            if (save_free_certs(OSSL_CMP_CTX_get1_caPubs(cmp_ctx),
+                                opt_cacertsout, "CA") < 0)
                goto err;
+        }
        if (!OSSL_CMP_CTX_reinit(cmp_ctx))
            goto err;
    }
--- a/apps/cms.c
+++ b/apps/cms.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -133,7 +133,7 @@ const OPTIONS cms_options[] = {
    {"binary", OPT_BINARY, '-',
     "Treat input as binary: do not translate to canonical form"},
    {"crlfeol", OPT_CRLFEOL, '-',
-     "Use CRLF as EOL termination instead of CR only" },
+     "Use CRLF as EOL termination instead of LF only" },
    {"asciicrlf", OPT_ASCIICRLF, '-',
     "Perform CRLF canonicalisation when signing"},

@ -502,13 +502,15 @@ int cms_main(int argc, char **argv)
            if (rr_from == NULL
                && (rr_from = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
-            sk_OPENSSL_STRING_push(rr_from, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_from, opt_arg()) <= 0)
+                goto end;
            break;
        case OPT_RR_TO:
            if (rr_to == NULL
                && (rr_to = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
-            sk_OPENSSL_STRING_push(rr_to, opt_arg());
+            if (sk_OPENSSL_STRING_push(rr_to, opt_arg()) <= 0)
+                goto end;
            break;
        case OPT_PRINT:
            noout = print = 1;
@ -585,13 +587,15 @@ int cms_main(int argc, char **argv)
                if (sksigners == NULL
                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                if (keyfile == NULL)
                    keyfile = signerfile;
                if (skkeys == NULL
                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                keyfile = NULL;
            }
            signerfile = opt_arg();
@ -609,12 +613,14 @@ int cms_main(int argc, char **argv)
                if (sksigners == NULL
                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                signerfile = NULL;
                if (skkeys == NULL
                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
            }
            keyfile = opt_arg();
            break;
@ -668,7 +674,8 @@ int cms_main(int argc, char **argv)
                    key_param->next = nparam;
                key_param = nparam;
            }
-            sk_OPENSSL_STRING_push(key_param->param, opt_arg());
+            if (sk_OPENSSL_STRING_push(key_param->param, opt_arg()) <= 0)
+                goto end;
            break;
        case OPT_V_CASES:
            if (!opt_verify(o, vpm))
@ -755,12 +762,14 @@ int cms_main(int argc, char **argv)
            if (sksigners == NULL
                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
            if (skkeys == NULL && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
            if (keyfile == NULL)
                keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
        }
        if (sksigners == NULL) {
            BIO_printf(bio_err, "No signer certificate specified\n");
@ -1001,7 +1010,7 @@ int cms_main(int argc, char **argv)
                goto end;

            pctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-            if (kparam != NULL) {
+            if (pctx != NULL && kparam != NULL) {
                if (!cms_set_pkey_param(pctx, kparam->param))
                    goto end;
            }
@ -1042,8 +1051,15 @@ int cms_main(int argc, char **argv)
            pwri_tmp = NULL;
        }
        if (!(flags & CMS_STREAM)) {
-            if (!CMS_final(cms, in, NULL, flags))
+            if (!CMS_final(cms, in, NULL, flags)) {
+                if (originator != NULL
+                    && ERR_GET_REASON(ERR_peek_error())
+                    == CMS_R_ERROR_UNSUPPORTED_STATIC_KEY_AGREEMENT) {
+                    BIO_printf(bio_err, "Cannot use originator for encryption\n");
+                    goto end;
+                }
                goto end;
+            }
        }
    } else if (operation == SMIME_ENCRYPTED_ENCRYPT) {
        cms = CMS_EncryptedData_encrypt_ex(in, cipher, secret_key,
@ -1294,6 +1310,7 @@ int cms_main(int argc, char **argv)
    X509_free(cert);
    X509_free(recip);
    X509_free(signer);
+    X509_free(originator);
    EVP_PKEY_free(key);
    EVP_CIPHER_free(cipher);
    EVP_CIPHER_free(wrap_cipher);
--- a/apps/crl.c
+++ b/apps/crl.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -248,9 +248,10 @@ int crl_main(int argc, char **argv)
        EVP_PKEY_free(pkey);
        if (i < 0)
            goto end;
-        if (i == 0)
+        if (i == 0) {
            BIO_printf(bio_err, "verify failure\n");
-        else
+	    goto end;
+        } else
            BIO_printf(bio_err, "verify OK\n");
    }

--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -479,7 +479,7 @@ int dgst_main(int argc, char **argv)
 static void show_digests(const OBJ_NAME *name, void *arg)
 {
    struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
-    const EVP_MD *md = NULL;
+    EVP_MD *md = NULL;

    /* Filter out signed digests (a.k.a signature algorithms) */
    if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
@ -491,8 +491,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
    /* Filter out message digests that we cannot use */
    md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
    if (md == NULL) {
-        md = EVP_get_digestbyname(name->name);
-        if (md == NULL)
+        if (EVP_get_digestbyname(name->name) == NULL)
            return;
    }

@ -503,6 +502,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
    } else {
        BIO_printf(dec->bio, " ");
    }
+
+    EVP_MD_free(md);
 }

 /*
--- a/apps/enc.c
+++ b/apps/enc.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/apps/engine.c
+++ b/apps/engine.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -352,10 +352,12 @@ int engine_main(int argc, char **argv)
            test_avail++;
            break;
        case OPT_PRE:
-            sk_OPENSSL_STRING_push(pre_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(pre_cmds, opt_arg()) <= 0)
+                goto end;
            break;
        case OPT_POST:
-            sk_OPENSSL_STRING_push(post_cmds, opt_arg());
+            if (sk_OPENSSL_STRING_push(post_cmds, opt_arg()) <= 0)
+                goto end;
            break;
        }
    }
--- a/apps/genpkey.c
+++ b/apps/genpkey.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -189,7 +189,11 @@ int set_nameopt(const char *arg)
 unsigned long get_nameopt(void)
 {
    return
-        nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | ASN1_STRFLGS_UTF8_CONVERT;
+        nmflag_set ? nmflag : XN_FLAG_SEP_CPLUS_SPC | XN_FLAG_FN_SN
+                              | ASN1_STRFLGS_ESC_CTRL
+                              | ASN1_STRFLGS_UTF8_CONVERT
+                              | ASN1_STRFLGS_DUMP_UNKNOWN
+                              | ASN1_STRFLGS_DUMP_DER;
 }

 void dump_cert_text(BIO *out, X509 *x)
@ -2952,11 +2956,6 @@ int raw_read_stdin(void *buf, int siz)
    return recv(fileno_stdin(), buf, siz, 0);
 }
 #else
-# if defined(__TANDEM)
-#  if defined(OPENSSL_TANDEM_FLOSS)
-#   include <floss.h(floss_read)>
-#  endif
-# endif
 int raw_read_stdin(void *buf, int siz)
 {
    return read(fileno_stdin(), buf, siz);
@ -2975,21 +2974,11 @@ int raw_write_stdout(const void *buf, int siz)
 }
 #elif defined(OPENSSL_SYS_TANDEM) && defined(OPENSSL_THREADS) \
    && defined(_SPT_MODEL_)
-# if defined(__TANDEM)
-#  if defined(OPENSSL_TANDEM_FLOSS)
-#   include <floss.h(floss_write)>
-#  endif
-# endif
 int raw_write_stdout(const void *buf, int siz)
 {
    return write(fileno(stdout), (void *)buf, siz);
 }
 #else
-# if defined(__TANDEM)
-#  if defined(OPENSSL_TANDEM_FLOSS)
-#   include <floss.h(floss_write)>
-#  endif
-# endif
 int raw_write_stdout(const void *buf, int siz)
 {
    return write(fileno_stdout(), buf, siz);
--- a/apps/lib/cmp_mock_srv.c
+++ b/apps/lib/cmp_mock_srv.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright Siemens AG 2018-2020
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
@ -401,9 +401,22 @@ static OSSL_CMP_ITAV *process_genm_itav(mock_srv_ctx *ctx, int req_nid,
        rsp = OSSL_CMP_ITAV_new_caCerts(ctx->caPubsOut);
        break;
    case NID_id_it_rootCaCert:
-        rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
-                                                ctx->newWithOld,
-                                                ctx->oldWithNew);
+        {
+            X509 *rootcacert = NULL;
+
+            if (!OSSL_CMP_ITAV_get0_rootCaCert(req, &rootcacert))
+                return NULL;
+
+            if (rootcacert != NULL
+                && X509_NAME_cmp(X509_get_subject_name(rootcacert),
+                                 X509_get_subject_name(ctx->newWithNew)) != 0)
+                /* The subjects do not match */
+                rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(NULL, NULL, NULL);
+            else
+                rsp = OSSL_CMP_ITAV_new_rootCaKeyUpdate(ctx->newWithNew,
+                                                        ctx->newWithOld,
+                                                        ctx->oldWithNew);
+        }
        break;
    default:
        rsp = OSSL_CMP_ITAV_dup(req);
--- a/apps/lib/http_server.c
+++ b/apps/lib/http_server.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -26,12 +26,6 @@
 #include "s_apps.h"
 #include "log.h"

-#if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-#  include <floss.h(floss_fork)>
-# endif
-#endif
-
 #define HTTP_PREFIX "HTTP/"
 #define HTTP_VERSION_PATT "1." /* allow 1.x */
 #define HTTP_PREFIX_VERSION HTTP_PREFIX""HTTP_VERSION_PATT
@ -200,7 +194,7 @@ BIO *http_server_init(const char *prog, const char *port, int verb)
    int port_num;
    char name[40];

-    snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */
+    BIO_snprintf(name, sizeof(name), "*:%s", port); /* port may be "0" */
    if (verb >= 0 && !log_set_verbosity(prog, verb))
        return NULL;
    bufbio = BIO_new(BIO_f_buffer());
@ -208,8 +202,9 @@ BIO *http_server_init(const char *prog, const char *port, int verb)
        goto err;
    acbio = BIO_new(BIO_s_accept());
    if (acbio == NULL
-        || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) < 0
-        || BIO_set_accept_name(acbio, name) < 0) {
+        || BIO_set_accept_ip_family(acbio, BIO_FAMILY_IPANY) <= 0 /* IPv4/6 */
+        || BIO_set_bind_mode(acbio, BIO_BIND_REUSEADDR) <= 0
+        || BIO_set_accept_name(acbio, name) <= 0) {
        log_HTTP(prog, LOG_ERR, "error setting up accept BIO");
        goto err;
    }
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -646,7 +646,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result)
        opt_number_error(value);
        return 0;
    }
-    *result = (ossl_intmax_t)m;
+    *result = (ossl_uintmax_t)m;
    errno = oerrno;
    return 1;
 }
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -243,10 +243,10 @@ static const char *get_sigtype(int nid)
        return "ECDSA";

    case NID_ED25519:
-        return "Ed25519";
+        return "ed25519";

    case NID_ED448:
-        return "Ed448";
+        return "ed448";

    case NID_id_GostR3410_2001:
        return "gost2001";
@ -292,6 +292,26 @@ static int do_print_sigalgs(BIO *out, SSL *s, int shared)
            SSL_get_sigalgs(s, i, &sign_nid, &hash_nid, NULL, &rsign, &rhash);
        if (i)
            BIO_puts(out, ":");
+        switch (rsign | rhash << 8) {
+        case 0x0809:
+            BIO_puts(out, "rsa_pss_pss_sha256");
+            continue;
+        case 0x080a:
+            BIO_puts(out, "rsa_pss_pss_sha384");
+            continue;
+        case 0x080b:
+            BIO_puts(out, "rsa_pss_pss_sha512");
+            continue;
+        case 0x081a:
+            BIO_puts(out, "ecdsa_brainpoolP256r1_sha256");
+            continue;
+        case 0x081b:
+            BIO_puts(out, "ecdsa_brainpoolP384r1_sha384");
+            continue;
+        case 0x081c:
+            BIO_puts(out, "ecdsa_brainpoolP512r1_sha512");
+            continue;
+        }
        sstr = get_sigtype(sign_nid);
        if (sstr)
            BIO_printf(out, "%s", sstr);
@ -704,7 +724,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
    (void)BIO_flush(bio);
 }

-static STRINT_PAIR tlsext_types[] = {
+static const STRINT_PAIR tlsext_types[] = {
    {"server name", TLSEXT_TYPE_server_name},
    {"max fragment length", TLSEXT_TYPE_max_fragment_length},
    {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
@ -746,6 +766,7 @@ static STRINT_PAIR tlsext_types[] = {
    {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
    {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
    {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
+    {"early_data", TLSEXT_TYPE_early_data},
    {NULL}
 };

--- a/apps/lib/s_socket.c
+++ b/apps/lib/s_socket.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -41,12 +41,6 @@ typedef unsigned int u_int;
 # include "s_apps.h"
 # include "internal/sockets.h"

-# if defined(__TANDEM)
-#  if defined(OPENSSL_TANDEM_FLOSS)
-#   include <floss.h(floss_read)>
-#  endif
-# endif
-
 # include <openssl/bio.h>
 # include <openssl/err.h>

@ -90,9 +84,6 @@ int init_client(int *sock, const char *host, const char *port,
    int ret;
    int options = 0;

-    if (tfo && ba_ret != NULL)
-        *ba_ret = NULL;
-
    if (BIO_sock_init() != 1)
        return 0;

@ -419,6 +410,12 @@ int do_server(int *accept_sock, const char *host, const char *port,
                BIO_closesocket(asock);
                break;
            }
+
+            if (naccept != -1)
+                naccept--;
+            if (naccept == 0)
+                BIO_closesocket(asock);
+
            BIO_set_tcp_ndelay(sock, 1);
            i = (*cb)(sock, type, protocol, context);

@ -449,11 +446,12 @@ int do_server(int *accept_sock, const char *host, const char *port,

            BIO_closesocket(sock);
        } else {
+            if (naccept != -1)
+                naccept--;
+
            i = (*cb)(asock, type, protocol, context);
        }

-        if (naccept != -1)
-            naccept--;
        if (i < 0 || naccept == 0) {
            BIO_closesocket(asock);
            ret = i;
--- a/apps/lib/vms_term_sock.c
+++ b/apps/lib/vms_term_sock.c
@ -353,7 +353,7 @@ static int CreateSocketPair (int SocketFamily,
    /*
    ** Get the binary (64-bit) time of the specified timeout value
    */
-    sprintf (AscTimeBuff, "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
+    BIO_snprintf(AscTimeBuff, sizeof(AscTimeBuff), "0 0:0:%02d.00", SOCKET_PAIR_TIMEOUT_VALUE);
    AscTimeDesc.dsc$w_length = strlen (AscTimeBuff);
    AscTimeDesc.dsc$a_pointer = AscTimeBuff;
    status = sys$bintim (&AscTimeDesc, BinTimeBuff);
@ -567,10 +567,10 @@ static void LogMessage (char *msg, ...)
    /*
    ** Format the message buffer
    */
-    sprintf (MsgBuff, "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
-             LocTime->tm_mday, Month[LocTime->tm_mon],
-             (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
-             LocTime->tm_sec, pid, msg);
+    BIO_snprintf(MsgBuff, sizeof(MsgBuff), "%02d-%s-%04d %02d:%02d:%02d [%08X] %s\n",
+                 LocTime->tm_mday, Month[LocTime->tm_mon],
+                 (LocTime->tm_year + 1900), LocTime->tm_hour, LocTime->tm_min,
+                 LocTime->tm_sec, pid, msg);

    /*
    ** Get any variable arguments and add them to the print of the message
--- a/apps/list.c
+++ b/apps/list.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -1230,6 +1230,7 @@ static void list_provider_info(void)
    }

    if (OSSL_PROVIDER_do_all(NULL, &collect_providers, providers) != 1) {
+        sk_OSSL_PROVIDER_free(providers);
        BIO_printf(bio_err, "ERROR: Memory allocation\n");
        return;
    }
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -33,12 +33,6 @@
 #include <openssl/bn.h>
 #include <openssl/x509v3.h>

-#if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-#  include <floss.h(floss_fork)>
-# endif
-#endif
-
 #if defined(OPENSSL_SYS_VXWORKS)
 /* not supported */
 int setpgid(pid_t pid, pid_t pgid)
@ -1055,6 +1049,10 @@ static void make_ocsp_response(BIO *err, OCSP_RESPONSE **resp, OCSP_REQUEST *req
    }

    bs = OCSP_BASICRESP_new();
+    if (bs == NULL) {
+        *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_INTERNALERROR, bs);
+        goto end;
+    }
    thisupd = X509_gmtime_adj(NULL, 0);
    if (ndays != -1)
        nextupd = X509_time_adj_ex(NULL, ndays, nmin * 60, NULL);
--- a/apps/passwd.c
+++ b/apps/passwd.c
@ -589,7 +589,8 @@ static char *shacrypt(const char *passwd, const char *magic, const char *salt)
    OPENSSL_strlcat(out_buf, ascii_dollar, sizeof(out_buf));
    if (rounds_custom) {
        char tmp_buf[80]; /* "rounds=999999999" */
-        sprintf(tmp_buf, "rounds=%u", rounds);
+
+        BIO_snprintf(tmp_buf, sizeof(tmp_buf), "rounds=%u", rounds);
 #ifdef CHARSET_EBCDIC
        /* In case we're really on a ASCII based platform and just pretend */
        if (tmp_buf[0] != 0x72)  /* ASCII 'r' */
--- a/apps/pkcs12.c
+++ b/apps/pkcs12.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -320,7 +320,8 @@ int pkcs12_main(int argc, char **argv)
            if (canames == NULL
                && (canames = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
-            sk_OPENSSL_STRING_push(canames, opt_arg());
+            if (sk_OPENSSL_STRING_push(canames, opt_arg()) <= 0)
+                goto end;
            break;
        case OPT_IN:
            infile = opt_arg();
@ -732,9 +733,6 @@ int pkcs12_main(int argc, char **argv)
    in = bio_open_default(infile, 'r', FORMAT_PKCS12);
    if (in == NULL)
        goto end;
-    out = bio_open_owner(outfile, FORMAT_PEM, private);
-    if (out == NULL)
-        goto end;

    p12 = PKCS12_init_ex(NID_pkcs7_data, app_get0_libctx(), app_get0_propq());
    if (p12 == NULL) {
@ -834,6 +832,11 @@ int pkcs12_main(int argc, char **argv)

 dump:
    assert(private);
+
+    out = bio_open_owner(outfile, FORMAT_PEM, private);
+    if (out == NULL)
+        goto end;
+
    if (!dump_certs_keys_p12(out, p12, cpass, -1, options, passout, enc)) {
        BIO_printf(bio_err, "Error outputting keys and certificates\n");
        ERR_print_errors(bio_err);
@ -901,7 +904,11 @@ int dump_certs_keys_p12(BIO *out, const PKCS12 *p12, const char *pass,
        } else if (bagnid == NID_pkcs7_encrypted) {
            if (options & INFO) {
                BIO_printf(bio_err, "PKCS7 Encrypted data: ");
-                alg_print(p7->d.encrypted->enc_data->algorithm);
+                if (p7->d.encrypted == NULL) {
+                    BIO_printf(bio_err, "<no data>\n");
+                } else {
+                    alg_print(p7->d.encrypted->enc_data->algorithm);
+                }
            }
            bags = PKCS12_unpack_p7encdata(p7, pass, passlen);
        } else {
--- a/apps/pkeyutl.c
+++ b/apps/pkeyutl.c
@ -81,10 +81,11 @@ const OPTIONS pkeyutl_options[] = {

    OPT_SECTION("Output"),
    {"out", OPT_OUT, '>', "Output file - default stdout"},
-    {"asn1parse", OPT_ASN1PARSE, '-', "asn1parse the output data"},
+    {"asn1parse", OPT_ASN1PARSE, '-',
+     "parse the output as ASN.1 data to check its DER encoding and print errors"},
    {"hexdump", OPT_HEXDUMP, '-', "Hex dump output"},
    {"verifyrecover", OPT_VERIFYRECOVER, '-',
-     "Verify with public key, recover original data"},
+     "Verify RSA signature, recovering original signature input data"},

    OPT_SECTION("Signing/Derivation"),
    {"digest", OPT_DIGEST, 's',
--- a/apps/rehash.c
+++ b/apps/rehash.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2013-2014 Timo Teräs <timo.teras@gmail.com>
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
@ -559,6 +559,11 @@ int rehash_main(int argc, char **argv)
    } else if ((env = getenv(X509_get_default_cert_dir_env())) != NULL) {
        char lsc[2] = { LIST_SEPARATOR_CHAR, '\0' };
        m = OPENSSL_strdup(env);
+        if (m == NULL) {
+            BIO_puts(bio_err, "out of memory\n");
+            errs = 1;
+            goto end;
+        }
        for (e = strtok(m, lsc); e != NULL; e = strtok(NULL, lsc))
            errs += do_dir(e, h);
        OPENSSL_free(m);
--- a/apps/req.c
+++ b/apps/req.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -573,7 +573,7 @@ int req_main(int argc, char **argv)
        X509V3_CTX ctx;

        X509V3_set_ctx_test(&ctx);
-        X509V3_set_nconf(&ctx, addext_conf);
+        X509V3_set_nconf(&ctx, req_conf);
        if (!X509V3_EXT_add_nconf(addext_conf, &ctx, "default", NULL)) {
            BIO_printf(bio_err, "Error checking extensions defined using -addext\n");
            goto end;
@ -918,9 +918,10 @@ int req_main(int argc, char **argv)

        if (i < 0)
            goto end;
-        if (i == 0)
+        if (i == 0) {
            BIO_printf(bio_err, "Certificate request self-signature verify failure\n");
-        else /* i > 0 */
+	    goto end;
+        } else /* i > 0 */
            BIO_printf(bio_out, "Certificate request self-signature verify OK\n");
    }

--- a/apps/s_client.c
+++ b/apps/s_client.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright 2005 Nokia. All rights reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
@ -2167,6 +2167,9 @@ int s_client_main(int argc, char **argv)
    if (tfo)
        BIO_printf(bio_c_out, "Connecting via TFO\n");
 re_start:
+    /* peer_addr might be set from previous connections */
+    BIO_ADDR_free(peer_addr);
+    peer_addr = NULL;
    if (init_client(&sock, host, port, bindhost, bindport, socket_family,
                    socket_type, protocol, tfo, !isquic, &peer_addr) == 0) {
        BIO_printf(bio_err, "connect:errno=%d\n", get_last_socket_error());
--- a/apps/s_server.c
+++ b/apps/s_server.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 * Copyright 2005 Nokia. All rights reserved.
 *
--- a/apps/s_time.c
+++ b/apps/s_time.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/apps/smime.c
+++ b/apps/smime.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -118,7 +118,7 @@ const OPTIONS smime_options[] = {
     "Do not load certificates from the default certificates store"},
    {"nochain", OPT_NOCHAIN, '-',
     "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
-    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"},

    OPT_R_OPTIONS,
    OPT_V_OPTIONS,
@ -312,13 +312,15 @@ int smime_main(int argc, char **argv)
                if (sksigners == NULL
                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                if (keyfile == NULL)
                    keyfile = signerfile;
                if (skkeys == NULL
                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
                keyfile = NULL;
            }
            signerfile = opt_arg();
@ -343,12 +345,14 @@ int smime_main(int argc, char **argv)
                if (sksigners == NULL
                    && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(sksigners, signerfile);
+                if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                    goto end;
                signerfile = NULL;
                if (skkeys == NULL
                    && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                    goto end;
-                sk_OPENSSL_STRING_push(skkeys, keyfile);
+                if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                    goto end;
            }
            keyfile = opt_arg();
            break;
@ -421,12 +425,14 @@ int smime_main(int argc, char **argv)
            if (sksigners == NULL
                && (sksigners = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
-            sk_OPENSSL_STRING_push(sksigners, signerfile);
+            if (sk_OPENSSL_STRING_push(sksigners, signerfile) <= 0)
+                goto end;
            if (!skkeys && (skkeys = sk_OPENSSL_STRING_new_null()) == NULL)
                goto end;
            if (!keyfile)
                keyfile = signerfile;
-            sk_OPENSSL_STRING_push(skkeys, keyfile);
+            if (sk_OPENSSL_STRING_push(skkeys, keyfile) <= 0)
+                goto end;
        }
        if (sksigners == NULL) {
            BIO_printf(bio_err, "No signer certificate specified\n");
--- a/apps/speed.c
+++ b/apps/speed.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
@ -47,12 +47,6 @@
 # include <unistd.h>
 #endif

-#if defined(__TANDEM)
-# if defined(OPENSSL_TANDEM_FLOSS)
-#  include <floss.h(floss_fork)>
-# endif
-#endif
-
 #if defined(_WIN32)
 # include <windows.h>
 /*
@ -514,6 +508,14 @@ static double sigs_results[MAX_SIG_NUM][3];  /* keygen, sign, verify */
 #define COND(unused_cond) (run && count < INT_MAX)
 #define COUNT(d) (count)

+#define TAG_LEN 16
+
+static unsigned int mode_op; /* AE Mode of operation */
+static unsigned int aead = 0; /* AEAD flag */
+static unsigned char aead_iv[12]; /* For AEAD modes */
+static unsigned char aad[EVP_AEAD_TLS1_AAD_LEN] = { 0xcc };
+static int aead_ivlen = sizeof(aead_iv);
+
 typedef struct loopargs_st {
    ASYNC_JOB *inprogress_job;
    ASYNC_WAIT_CTX *wait_ctx;
@ -522,6 +524,7 @@ typedef struct loopargs_st {
    unsigned char *buf_malloc;
    unsigned char *buf2_malloc;
    unsigned char *key;
+    unsigned char tag[TAG_LEN];
    size_t buflen;
    size_t sigsize;
    size_t encsize;
@ -875,44 +878,71 @@ static int EVP_Update_loop(void *args)
 }

 /*
+ * To make AEAD benchmarking more relevant perform TLS-like operations,
+ * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
+ * payload length is not actually limited by 16KB...
 * CCM does not support streaming. For the purpose of performance measurement,
 * each message is encrypted using the same (key,iv)-pair. Do not use this
 * code in your application.
 */
-static int EVP_Update_loop_ccm(void *args)
+static int EVP_Update_loop_aead_enc(void *args)
 {
    loopargs_t *tempargs = *(loopargs_t **) args;
    unsigned char *buf = tempargs->buf;
+    unsigned char *key = tempargs->key;
    EVP_CIPHER_CTX *ctx = tempargs->ctx;
-    int outl, count, realcount = 0, final;
-    unsigned char tag[12];
+    int outl, count, realcount = 0;

-    if (decrypt) {
-        for (count = 0; COND(c[D_EVP][testnum]); count++) {
-            if (EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, sizeof(tag),
-                                      tag) > 0
-                /* reset iv */
-                && EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0
-                /* counter is reset on every update */
-                && EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0)
-                realcount++;
+    for (count = 0; COND(c[D_EVP][testnum]); count++) {
+        /* Set length of iv (Doesn't apply to SIV mode) */
+        if (mode_op != EVP_CIPH_SIV_MODE) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
+                                     aead_ivlen, NULL)) {
+                BIO_printf(bio_err, "\nFailed to set iv length\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
        }
-    } else {
-        for (count = 0; COND(c[D_EVP][testnum]); count++) {
-            /* restore iv length field */
-            if (EVP_EncryptUpdate(ctx, NULL, &outl, NULL, lengths[testnum]) > 0
-                /* counter is reset on every update */
-                && EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0)
-                realcount++;
+        /* Set tag_len (Not for GCM/SIV at encryption stage) */
+        if (mode_op != EVP_CIPH_GCM_MODE
+            && mode_op != EVP_CIPH_SIV_MODE
+            && mode_op != EVP_CIPH_GCM_SIV_MODE) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                     TAG_LEN, NULL)) {
+                BIO_printf(bio_err, "\nFailed to set tag length\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
        }
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
+            BIO_printf(bio_err, "\nFailed to set key and iv\n");
+            ERR_print_errors(bio_err);
+            exit(1);
+        }
+        /* Set total length of input. Only required for CCM */
+        if (mode_op == EVP_CIPH_CCM_MODE) {
+            if (!EVP_EncryptUpdate(ctx, NULL, &outl,
+                                   NULL, lengths[testnum])) {
+                BIO_printf(bio_err, "\nCouldn't set input text length\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
+        }
+        if (aead) {
+            if (!EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
+                BIO_printf(bio_err, "\nCouldn't insert AAD when encrypting\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
+        }
+        if (!EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum])) {
+            BIO_printf(bio_err, "\nFailed to encrypt the data\n");
+            ERR_print_errors(bio_err);
+            exit(1);
+        }
+        if (EVP_EncryptFinal_ex(ctx, buf, &outl))
+            realcount++;
    }
-    if (decrypt)
-        final = EVP_DecryptFinal_ex(ctx, buf, &outl);
-    else
-        final = EVP_EncryptFinal_ex(ctx, buf, &outl);
-
-    if (final == 0)
-        BIO_printf(bio_err, "Error finalizing ccm loop\n");
    return realcount;
 }

@ -920,34 +950,87 @@ static int EVP_Update_loop_ccm(void *args)
 * To make AEAD benchmarking more relevant perform TLS-like operations,
 * 13-byte AAD followed by payload. But don't use TLS-formatted AAD, as
 * payload length is not actually limited by 16KB...
+ * CCM does not support streaming. For the purpose of performance measurement,
+ * each message is decrypted using the same (key,iv)-pair. Do not use this
+ * code in your application.
+ * For decryption, we will use buf2 to preserve the input text in buf.
 */
-static int EVP_Update_loop_aead(void *args)
+static int EVP_Update_loop_aead_dec(void *args)
 {
    loopargs_t *tempargs = *(loopargs_t **) args;
    unsigned char *buf = tempargs->buf;
+    unsigned char *outbuf = tempargs->buf2;
+    unsigned char *key = tempargs->key;
+    unsigned char tag[TAG_LEN];
    EVP_CIPHER_CTX *ctx = tempargs->ctx;
    int outl, count, realcount = 0;
-    unsigned char aad[13] = { 0xcc };
-    unsigned char faketag[16] = { 0xcc };

-    if (decrypt) {
-        for (count = 0; COND(c[D_EVP][testnum]); count++) {
-            if (EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0
-                && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
-                                    sizeof(faketag), faketag) > 0
-                && EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0
-                && EVP_DecryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0
-                && EVP_DecryptFinal_ex(ctx, buf + outl, &outl) >0)
-                realcount++;
+    for (count = 0; COND(c[D_EVP][testnum]); count++) {
+        /* Set the length of iv (Doesn't apply to SIV mode) */
+        if (mode_op != EVP_CIPH_SIV_MODE) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN,
+                                     aead_ivlen, NULL)) {
+                BIO_printf(bio_err, "\nFailed to set iv length\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
        }
-    } else {
-        for (count = 0; COND(c[D_EVP][testnum]); count++) {
-            if (EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, iv) > 0
-                && EVP_EncryptUpdate(ctx, NULL, &outl, aad, sizeof(aad)) > 0
-                && EVP_EncryptUpdate(ctx, buf, &outl, buf, lengths[testnum]) > 0
-                && EVP_EncryptFinal_ex(ctx, buf + outl, &outl) > 0)
-                realcount++;
+
+        /* Set the tag length (Doesn't apply to SIV mode) */
+        if (mode_op != EVP_CIPH_SIV_MODE
+            && mode_op != EVP_CIPH_GCM_MODE
+            && mode_op != EVP_CIPH_GCM_SIV_MODE) {
+            if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                     TAG_LEN, NULL)) {
+                BIO_printf(bio_err, "\nFailed to set tag length\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
        }
+        if (!EVP_CipherInit_ex(ctx, NULL, NULL, key, aead_iv, -1)) {
+            BIO_printf(bio_err, "\nFailed to set key and iv\n");
+            ERR_print_errors(bio_err);
+            exit(1);
+        }
+        /* Set iv before decryption (Doesn't apply to SIV mode) */
+        if (mode_op != EVP_CIPH_SIV_MODE) {
+            if (!EVP_DecryptInit_ex(ctx, NULL, NULL, NULL, aead_iv)) {
+                BIO_printf(bio_err, "\nFailed to set iv\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
+        }
+        memcpy(tag, tempargs->tag, TAG_LEN);
+
+        if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
+                                 TAG_LEN, tag)) {
+            BIO_printf(bio_err, "\nFailed to set tag\n");
+            ERR_print_errors(bio_err);
+            exit(1);
+        }
+        /* Set the total length of cipher text. Only required for CCM */
+        if (mode_op == EVP_CIPH_CCM_MODE) {
+            if (!EVP_DecryptUpdate(ctx, NULL, &outl,
+                                   NULL, lengths[testnum])) {
+                BIO_printf(bio_err, "\nCouldn't set cipher text length\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
+        }
+        if (aead) {
+            if (!EVP_DecryptUpdate(ctx, NULL, &outl, aad, sizeof(aad))) {
+                BIO_printf(bio_err, "\nCouldn't insert AAD when decrypting\n");
+                ERR_print_errors(bio_err);
+                exit(1);
+            }
+        }
+        if (!EVP_DecryptUpdate(ctx, outbuf, &outl, buf, lengths[testnum])) {
+            BIO_printf(bio_err, "\nFailed to decrypt the data\n");
+            ERR_print_errors(bio_err);
+            exit(1);
+        }
+        if (EVP_DecryptFinal_ex(ctx, outbuf, &outl))
+            realcount++;
    }
    return realcount;
 }
@ -1410,6 +1493,24 @@ static int SIG_verify_loop(void *args)
    return count;
 }

+static int check_block_size(EVP_CIPHER_CTX *ctx, int length)
+{
+    const EVP_CIPHER *ciph = EVP_CIPHER_CTX_get0_cipher(ctx);
+    int blocksize = EVP_CIPHER_CTX_get_block_size(ctx);
+
+    if (ciph == NULL || blocksize <= 0) {
+        BIO_printf(bio_err, "\nInvalid cipher!\n");
+        return 0;
+    }
+    if (length % blocksize != 0) {
+        BIO_printf(bio_err,
+                   "\nRequested encryption length not a multiple of block size for %s!\n",
+                   EVP_CIPHER_get0_name(ciph));
+        return 0;
+    }
+    return 1;
+}
+
 static int run_benchmark(int async_jobs,
                         int (*loop_function) (void *), loopargs_t *loopargs)
 {
@ -1750,14 +1851,14 @@ int speed_main(int argc, char **argv)
    OPTION_CHOICE o;
    int async_init = 0, multiblock = 0, pr_header = 0;
    uint8_t doit[ALGOR_NUM] = { 0 };
-    int ret = 1, misalign = 0, lengths_single = 0, aead = 0;
+    int ret = 1, misalign = 0, lengths_single = 0;
    STACK_OF(EVP_KEM) *kem_stack = NULL;
    STACK_OF(EVP_SIGNATURE) *sig_stack = NULL;
    long count = 0;
    unsigned int size_num = SIZE_NUM;
    unsigned int i, k, loopargs_len = 0, async_jobs = 0;
    unsigned int idx;
-    int keylen;
+    int keylen = 0;
    int buflen;
    size_t declen;
    BIGNUM *bn = NULL;
@ -2575,13 +2676,13 @@ int speed_main(int argc, char **argv)
    if (doit[D_HMAC]) {
        static const char hmac_key[] = "This is a key...";
        int len = strlen(hmac_key);
+        size_t hmac_name_len = sizeof("hmac()") + strlen(evp_mac_mdname);
        OSSL_PARAM params[3];

        if (evp_mac_mdname == NULL)
            goto end;
-        evp_hmac_name = app_malloc(sizeof("hmac()") + strlen(evp_mac_mdname),
-                                   "HMAC name");
-        sprintf(evp_hmac_name, "hmac(%s)", evp_mac_mdname);
+        evp_hmac_name = app_malloc(hmac_name_len, "HMAC name");
+        BIO_snprintf(evp_hmac_name, hmac_name_len, "hmac(%s)", evp_mac_mdname);
        names[D_HMAC] = evp_hmac_name;

        params[0] =
@ -2616,6 +2717,8 @@ int speed_main(int argc, char **argv)
        }
        algindex = D_CBC_DES;
        for (testnum = 0; st && testnum < size_num; testnum++) {
+            if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
+                break;
            print_message(names[D_CBC_DES], lengths[testnum], seconds.sym);
            Time_F(START);
            count = run_benchmark(async_jobs, EVP_Cipher_loop, loopargs);
@ -2636,6 +2739,8 @@ int speed_main(int argc, char **argv)
        }
        algindex = D_EDE3_DES;
        for (testnum = 0; st && testnum < size_num; testnum++) {
+            if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
+                break;
            print_message(names[D_EDE3_DES], lengths[testnum], seconds.sym);
            Time_F(START);
            count =
@ -2660,6 +2765,8 @@ int speed_main(int argc, char **argv)
            }

            for (testnum = 0; st && testnum < size_num; testnum++) {
+                if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
+                    break;
                print_message(names[algindex], lengths[testnum], seconds.sym);
                Time_F(START);
                count =
@ -2685,6 +2792,8 @@ int speed_main(int argc, char **argv)
            }

            for (testnum = 0; st && testnum < size_num; testnum++) {
+                if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
+                    break;
                print_message(names[algindex], lengths[testnum], seconds.sym);
                Time_F(START);
                count =
@ -2709,6 +2818,8 @@ int speed_main(int argc, char **argv)
            }

            for (testnum = 0; st && testnum < size_num; testnum++) {
+                if (!check_block_size(loopargs[0].ctx, lengths[testnum]))
+                    break;
                print_message(names[algindex], lengths[testnum], seconds.sym);
                Time_F(START);
                count =
@ -2762,12 +2873,20 @@ int speed_main(int argc, char **argv)
        }
    }

+    /*-
+     * There are three scenarios for D_EVP:
+     * 1- Using authenticated encryption (AE) e.g. CCM, GCM, OCB etc.
+     * 2- Using AE + associated data (AD) i.e. AEAD using CCM, GCM, OCB etc.
+     * 3- Not using AE or AD e.g. ECB, CBC, CFB etc.
+     */
    if (doit[D_EVP]) {
        if (evp_cipher != NULL) {
-            int (*loopfunc) (void *) = EVP_Update_loop;
+            int (*loopfunc) (void *);
+            int outlen = 0;
+            unsigned int ae_mode = 0;

-            if (multiblock && (EVP_CIPHER_get_flags(evp_cipher) &
-                               EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
+            if (multiblock && (EVP_CIPHER_get_flags(evp_cipher)
+                               & EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK)) {
                multiblock_speed(evp_cipher, lengths_single, &seconds);
                ret = 0;
                goto end;
@ -2775,16 +2894,27 @@ int speed_main(int argc, char **argv)

            names[D_EVP] = EVP_CIPHER_get0_name(evp_cipher);

-            if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_CCM_MODE) {
-                loopfunc = EVP_Update_loop_ccm;
-            } else if (aead && (EVP_CIPHER_get_flags(evp_cipher) &
-                                EVP_CIPH_FLAG_AEAD_CIPHER)) {
-                loopfunc = EVP_Update_loop_aead;
+            mode_op = EVP_CIPHER_get_mode(evp_cipher);
+
+            if (aead) {
                if (lengths == lengths_list) {
                    lengths = aead_lengths_list;
                    size_num = OSSL_NELEM(aead_lengths_list);
                }
            }
+            if (mode_op == EVP_CIPH_GCM_MODE
+                || mode_op == EVP_CIPH_CCM_MODE
+                || mode_op == EVP_CIPH_OCB_MODE
+                || mode_op == EVP_CIPH_SIV_MODE
+                || mode_op == EVP_CIPH_GCM_SIV_MODE) {
+                ae_mode = 1;
+                if (decrypt)
+                    loopfunc = EVP_Update_loop_aead_dec;
+                else
+                    loopfunc = EVP_Update_loop_aead_enc;
+            } else {
+                loopfunc = EVP_Update_loop;
+            }

            for (testnum = 0; testnum < size_num; testnum++) {
                print_message(names[D_EVP], lengths[testnum], seconds.sym);
@ -2795,38 +2925,147 @@ int speed_main(int argc, char **argv)
                        BIO_printf(bio_err, "\nEVP_CIPHER_CTX_new failure\n");
                        exit(1);
                    }
-                    if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher, NULL,
-                                           NULL, iv, decrypt ? 0 : 1)) {
-                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
+
+                    /*
+                     * For AE modes, we must first encrypt the data to get
+                     * a valid tag that enables us to decrypt. If we don't
+                     * encrypt first, we won't have a valid tag that enables
+                     * authenticity and hence decryption will fail.
+                     */
+                    if (!EVP_CipherInit_ex(loopargs[k].ctx,
+                                           evp_cipher, NULL, NULL, NULL,
+                                           ae_mode ? 1 : !decrypt)) {
+                        BIO_printf(bio_err, "\nCouldn't init the context\n");
                        ERR_print_errors(bio_err);
                        exit(1);
                    }

+                    /* Padding isn't needed */
                    EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);

                    keylen = EVP_CIPHER_CTX_get_key_length(loopargs[k].ctx);
                    loopargs[k].key = app_malloc(keylen, "evp_cipher key");
                    EVP_CIPHER_CTX_rand_key(loopargs[k].ctx, loopargs[k].key);
-                    if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
-                                           loopargs[k].key, NULL, -1)) {
-                        BIO_printf(bio_err, "\nEVP_CipherInit_ex failure\n");
-                        ERR_print_errors(bio_err);
-                        exit(1);
-                    }
-                    OPENSSL_clear_free(loopargs[k].key, keylen);

-                    /* GCM-SIV/SIV mode only allows for a single Update operation */
-                    if (EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_SIV_MODE
-                            || EVP_CIPHER_get_mode(evp_cipher) == EVP_CIPH_GCM_SIV_MODE)
-                        (void)EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
-                                                  EVP_CTRL_SET_SPEED, 1, NULL);
+                    if (!ae_mode) {
+                        if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
+                                               loopargs[k].key, iv, -1)) {
+                            BIO_printf(bio_err, "\nFailed to set the key\n");
+                            ERR_print_errors(bio_err);
+                            exit(1);
+                        }
+                    } else if (mode_op == EVP_CIPH_SIV_MODE
+                               || mode_op == EVP_CIPH_GCM_SIV_MODE) {
+                        EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
+                                            EVP_CTRL_SET_SPEED, 1, NULL);
+                    }
+                    if (ae_mode && decrypt) {
+                        /* Set length of iv (Doesn't apply to SIV mode) */
+                        if (mode_op != EVP_CIPH_SIV_MODE) {
+                            if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
+                                                     EVP_CTRL_AEAD_SET_IVLEN,
+                                                     aead_ivlen, NULL)) {
+                                BIO_printf(bio_err, "\nFailed to set iv length\n");
+                                ERR_print_errors(bio_err);
+                                exit(1);
+                            }
+                        }
+                        /* Set tag_len (Not for GCM/SIV at encryption stage) */
+                        if (mode_op != EVP_CIPH_GCM_MODE
+                            && mode_op != EVP_CIPH_SIV_MODE
+                            && mode_op != EVP_CIPH_GCM_SIV_MODE) {
+                            if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
+                                                     EVP_CTRL_AEAD_SET_TAG,
+                                                     TAG_LEN, NULL)) {
+                                BIO_printf(bio_err,
+                                           "\nFailed to set tag length\n");
+                                ERR_print_errors(bio_err);
+                                exit(1);
+                            }
+                        }
+                        if (!EVP_CipherInit_ex(loopargs[k].ctx, NULL, NULL,
+                                               loopargs[k].key, aead_iv, -1)) {
+                            BIO_printf(bio_err, "\nFailed to set the key\n");
+                            ERR_print_errors(bio_err);
+                            exit(1);
+                        }
+                        /* Set total length of input. Only required for CCM */
+                        if (mode_op == EVP_CIPH_CCM_MODE) {
+                            if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
+                                                   &outlen, NULL,
+                                                   lengths[testnum])) {
+                                BIO_printf(bio_err,
+                                           "\nCouldn't set input text length\n");
+                                ERR_print_errors(bio_err);
+                                exit(1);
+                            }
+                        }
+                        if (aead) {
+                            if (!EVP_EncryptUpdate(loopargs[k].ctx, NULL,
+                                                   &outlen, aad, sizeof(aad))) {
+                                BIO_printf(bio_err,
+                                           "\nCouldn't insert AAD when encrypting\n");
+                                ERR_print_errors(bio_err);
+                                exit(1);
+                            }
+                        }
+                        if (!EVP_EncryptUpdate(loopargs[k].ctx, loopargs[k].buf,
+                                               &outlen, loopargs[k].buf,
+                                               lengths[testnum])) {
+                            BIO_printf(bio_err,
+                                       "\nFailed to to encrypt the data\n");
+                            ERR_print_errors(bio_err);
+                            exit(1);
+                        }
+
+                        if (!EVP_EncryptFinal_ex(loopargs[k].ctx,
+                                                 loopargs[k].buf, &outlen)) {
+                            BIO_printf(bio_err,
+                                       "\nFailed finalize the encryption\n");
+                            ERR_print_errors(bio_err);
+                            exit(1);
+                        }
+
+                        if (!EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
+                                                 EVP_CTRL_AEAD_GET_TAG,
+                                                 TAG_LEN, &loopargs[k].tag)) {
+                            BIO_printf(bio_err, "\nFailed to get the tag\n");
+                            ERR_print_errors(bio_err);
+                            exit(1);
+                        }
+
+                        EVP_CIPHER_CTX_free(loopargs[k].ctx);
+                        loopargs[k].ctx = EVP_CIPHER_CTX_new();
+                        if (loopargs[k].ctx == NULL) {
+                            BIO_printf(bio_err,
+                                       "\nEVP_CIPHER_CTX_new failure\n");
+                            exit(1);
+                        }
+                        if (!EVP_CipherInit_ex(loopargs[k].ctx, evp_cipher,
+                                               NULL, NULL, NULL, 0)) {
+                            BIO_printf(bio_err,
+                                       "\nFailed initializing the context\n");
+                            ERR_print_errors(bio_err);
+                            exit(1);
+                        }
+
+                        EVP_CIPHER_CTX_set_padding(loopargs[k].ctx, 0);
+
+                        /* GCM-SIV/SIV only allows for one Update operation */
+                        if (mode_op == EVP_CIPH_SIV_MODE
+                            || mode_op == EVP_CIPH_GCM_SIV_MODE)
+                            EVP_CIPHER_CTX_ctrl(loopargs[k].ctx,
+                                                EVP_CTRL_SET_SPEED, 1, NULL);
+                    }
                }

                Time_F(START);
                count = run_benchmark(async_jobs, loopfunc, loopargs);
                d = Time_F(STOP);
-                for (k = 0; k < loopargs_len; k++)
+                for (k = 0; k < loopargs_len; k++) {
+                    OPENSSL_clear_free(loopargs[k].key, keylen);
                    EVP_CIPHER_CTX_free(loopargs[k].ctx);
+                }
                print_result(D_EVP, testnum, count, d);
            }
        } else if (evp_md_name != NULL) {
@ -2845,6 +3084,7 @@ int speed_main(int argc, char **argv)
    }

    if (doit[D_EVP_CMAC]) {
+        size_t len = sizeof("cmac()") + strlen(evp_mac_ciphername);
        OSSL_PARAM params[3];
        EVP_CIPHER *cipher = NULL;

@ -2857,9 +3097,8 @@ int speed_main(int argc, char **argv)
            BIO_printf(bio_err, "\nRequested CMAC cipher with unsupported key length.\n");
            goto end;
        }
-        evp_cmac_name = app_malloc(sizeof("cmac()")
-                                   + strlen(evp_mac_ciphername), "CMAC name");
-        sprintf(evp_cmac_name, "cmac(%s)", evp_mac_ciphername);
+        evp_cmac_name = app_malloc(len, "CMAC name");
+        BIO_snprintf(evp_cmac_name, len, "cmac(%s)", evp_mac_ciphername);
        names[D_EVP_CMAC] = evp_cmac_name;

        params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ALG_PARAM_CIPHER,
@ -3033,7 +3272,7 @@ int speed_main(int argc, char **argv)
            ERR_print_errors(bio_err);
            op_count = 1;
        } else {
-            pkey_print_message("private", "rsa encrypt",
+            pkey_print_message("public", "rsa encrypt",
                               rsa_keys[testnum].bits, seconds.rsa);
            /* RSA_blinding_on(rsa_key[testnum],NULL); */
            Time_F(START);
@ -3101,7 +3340,6 @@ int speed_main(int argc, char **argv)
            loopargs[i].sigsize = loopargs[i].buflen;
            if (loopargs[i].dsa_sign_ctx[testnum] == NULL
                || EVP_PKEY_sign_init(loopargs[i].dsa_sign_ctx[testnum]) <= 0
-
                || EVP_PKEY_sign(loopargs[i].dsa_sign_ctx[testnum],
                                 loopargs[i].buf2,
                                 &loopargs[i].sigsize,
@ -3178,7 +3416,6 @@ int speed_main(int argc, char **argv)
            loopargs[i].sigsize = loopargs[i].buflen;
            if (loopargs[i].ecdsa_sign_ctx[testnum] == NULL
                || EVP_PKEY_sign_init(loopargs[i].ecdsa_sign_ctx[testnum]) <= 0
-
                || EVP_PKEY_sign(loopargs[i].ecdsa_sign_ctx[testnum],
                                 loopargs[i].buf2,
                                 &loopargs[i].sigsize,
@ -4794,7 +5031,6 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
        print_message(alg_name, mblengths[j], seconds->sym);
        Time_F(START);
        for (count = 0; run && count < INT_MAX; count++) {
-            unsigned char aad[EVP_AEAD_TLS1_AAD_LEN];
            EVP_CTRL_TLS1_1_MULTIBLOCK_PARAM mb_param;
            size_t len = mblengths[j];
            int packlen;
--- a/apps/ts.c
+++ b/apps/ts.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -538,15 +538,18 @@ static int create_digest(BIO *input, const char *digest, const EVP_MD *md,

        *md_value = OPENSSL_hexstr2buf(digest, &digest_len);
        if (*md_value == NULL || md_value_len != digest_len) {
-            OPENSSL_free(*md_value);
-            *md_value = NULL;
            BIO_printf(bio_err, "bad digest, %d bytes "
                       "must be specified\n", md_value_len);
-            return 0;
+            goto err;
        }
    }
    rv = md_value_len;
 err:
+    if (rv <= 0) {
+        OPENSSL_free(*md_value);
+        *md_value = NULL;
+        rv = 0;
+    }
    EVP_MD_CTX_free(md_ctx);
    return rv;
 }
@ -1015,7 +1018,7 @@ static X509_STORE *create_cert_store(const char *CApath, const char *CAfile,
            BIO_printf(bio_err, "memory allocation failure\n");
            goto err;
        }
-        if (X509_LOOKUP_load_store_ex(lookup, CAstore, libctx, propq) <= 0) {
+        if (X509_LOOKUP_add_store_ex(lookup, CAstore, libctx, propq) <= 0) {
            BIO_printf(bio_err, "Error loading store URI %s\n", CAstore);
            goto err;
        }
--- a/apps/x509.c
+++ b/apps/x509.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/build.info
+++ b/build.info
@ -102,6 +102,11 @@ IF[{- $config{target} =~ /^(?:Cygwin|mingw|VC-|BC-)/ -}]
 ENDIF

 # This file sets the build directory up for CMake inclusion
+# Note: This generation of OpenSSLConfig[Version].cmake is used
+# for building openssl locally, and so the build variables are 
+# taken from builddata.pm rather than installdata.pm.  For exportable
+# versions of these generated files, you'll find them in the exporters
+# directory
 GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in
 DEPEND[OpenSSLConfig.cmake]=builddata.pm
 GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in
@ -119,7 +124,8 @@ DEPEND[openssl.pc]=builddata.pm
 DEPEND[openssl.pc]=libcrypto.pc libssl.pc

 GENERATE[builddata.pm]=util/mkinstallvars.pl \
-    PREFIX=. BINDIR=apps LIBDIR= INCLUDEDIR=include APPLINKDIR=ms \
+    PREFIX=. BINDIR=apps APPLINKDIR=ms \
+    LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \
    ENGINESDIR=engines MODULESDIR=providers \
    "VERSION=$(VERSION)" "LDLIBS=$(LIB_EX_LIBS)"

--- a/configdata.pm.in
+++ b/configdata.pm.in
@ -145,7 +145,7 @@ _____
                       # defined in one template stick around for the
                       # next, making them combinable
                       PACKAGE => 'OpenSSL::safe')
-            or die $Text::Template::ERROR;
+            or die $OpenSSL::Template::ERROR;
        close BUILDFILE;
        rename("$buildfile.new", $buildfile)
            or die "Trying to rename $buildfile.new to $buildfile: $!";
@ -167,7 +167,7 @@ _____
                       # defined in one template stick around for the
                       # next, making them combinable
                       PACKAGE => 'OpenSSL::safe')
-            or die $Text::Template::ERROR;
+            or die $OpenSSL::Template::ERROR;
        close CONFIGURATION_H;

        # When using stat() on Windows, we can get it to perform better by
--- a/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/aes/asm/aesv8-armx.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -2493,7 +2493,7 @@ ${prefix}_ctr32_encrypt_blocks_unroll12_eor3:
 	ldp		d8,d9,[sp, #16]
 	ldp		d10,d11,[sp, #32]
 	ldp		d12,d13,[sp, #48]
-	ldp		d15,d16,[sp, #64]
+	ldp		d14,d15,[sp, #64]
 	ldr		x29,[sp],#80
 	ret
 .size	${prefix}_ctr32_encrypt_blocks_unroll12_eor3,.-${prefix}_ctr32_encrypt_blocks_unroll12_eor3
--- a/crypto/aes/asm/bsaes-armv8.pl
+++ b/crypto/aes/asm/bsaes-armv8.pl
@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -32,7 +32,7 @@ sub data
 }

 __END__
-// Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+// Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 //
 // Licensed under the OpenSSL license (the "License").  You may not use
 // this file except in compliance with the License.  You can obtain a copy
@ -1018,6 +1018,7 @@ _bsaes_key_convert:
 //   Initialisation vector overwritten with last quadword of ciphertext
 //   No output registers, usual AAPCS64 register preservation
 ossl_bsaes_cbc_encrypt:
+        AARCH64_VALID_CALL_TARGET
        cmp     x2, #128
        bhs     .Lcbc_do_bsaes
        b       AES_cbc_encrypt
@ -1270,7 +1271,7 @@ ossl_bsaes_cbc_encrypt:
 //   Output text filled in
 //   No output registers, usual AAPCS64 register preservation
 ossl_bsaes_ctr32_encrypt_blocks:
-
+        AARCH64_VALID_CALL_TARGET
        cmp     x2, #8                      // use plain AES for
        blo     .Lctr_enc_short             // small sizes

@ -1476,6 +1477,7 @@ ossl_bsaes_ctr32_encrypt_blocks:
 //   Output ciphertext filled in
 //   No output registers, usual AAPCS64 register preservation
 ossl_bsaes_xts_encrypt:
+        AARCH64_VALID_CALL_TARGET
        // Stack layout:
        // sp ->
        //        nrounds*128-96 bytes: key schedule
@ -1921,6 +1923,7 @@ ossl_bsaes_xts_encrypt:
 //   Output plaintext filled in
 //   No output registers, usual AAPCS64 register preservation
 ossl_bsaes_xts_decrypt:
+        AARCH64_VALID_CALL_TARGET
        // Stack layout:
        // sp ->
        //        nrounds*128-96 bytes: key schedule
--- a/crypto/aes/asm/vpaes-loongarch64.pl
+++ b/crypto/aes/asm/vpaes-loongarch64.pl
@ -29,9 +29,9 @@
 ($vr0,$vr1,$vr2,$vr3,$vr4,$vr5,$vr6,$vr7,$vr8,$vr9,$vr10,$vr11,$vr12,$vr13,$vr14,$vr15,$vr16,$vr17,$vr18,$vr19)=map("\$vr$_",(0..19));
 ($fp)=map("\$r$_",(22));

-for (@ARGV) {   $output=$_ if (/\w[\w\-]*\.\w+$/);      }
-open STDOUT,">$output";
-while (($output=shift) && ($output!~/\w[\w\-]*\.\w+$/)) {}
+# $output is the last argument if it looks like a file (it has an extension)
+my $output;
+$output = $#ARGV >= 0 && $ARGV[$#ARGV] =~ m|\.\w+$| ? pop : undef;
 open STDOUT,">$output";

 $PREFIX="vpaes";
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@ -38,7 +38,7 @@ IF[{- !$disabled{asm} -}]
  $AESASM_parisc20_64=$AESASM_parisc11
  $AESDEF_parisc20_64=$AESDEF_parisc11

-  IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}]
+  IF[{- $target{sys_id} ne "MACOSX" -}]
    $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s
  ELSE
    $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s
--- a/crypto/arm_arch.h
+++ b/crypto/arm_arch.h
@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/armcap.c
+++ b/crypto/armcap.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/armv4cpuid.pl
+++ b/crypto/armv4cpuid.pl
@ -293,6 +293,7 @@ atomic_add_spinlock:
 #endif

 .extern	OPENSSL_armcap_P
+.hidden	OPENSSL_armcap_P
 ___

 print $code;
--- a/crypto/asn1/a_bitstr.c
+++ b/crypto/asn1/a_bitstr.c
@ -36,25 +36,30 @@ int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
                if (a->data[len - 1])
                    break;
            }
-            j = a->data[len - 1];
-            if (j & 0x01)
+
+            if (len == 0) {
                bits = 0;
-            else if (j & 0x02)
-                bits = 1;
-            else if (j & 0x04)
-                bits = 2;
-            else if (j & 0x08)
-                bits = 3;
-            else if (j & 0x10)
-                bits = 4;
-            else if (j & 0x20)
-                bits = 5;
-            else if (j & 0x40)
-                bits = 6;
-            else if (j & 0x80)
-                bits = 7;
-            else
-                bits = 0;       /* should not happen */
+            } else {
+                j = a->data[len - 1];
+                if (j & 0x01)
+                    bits = 0;
+                else if (j & 0x02)
+                    bits = 1;
+                else if (j & 0x04)
+                    bits = 2;
+                else if (j & 0x08)
+                    bits = 3;
+                else if (j & 0x10)
+                    bits = 4;
+                else if (j & 0x20)
+                    bits = 5;
+                else if (j & 0x40)
+                    bits = 6;
+                else if (j & 0x80)
+                    bits = 7;
+                else
+                    bits = 0;       /* should not happen */
+            }
        }
    } else
        bits = 0;
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -148,6 +148,9 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                    goto err;
                }
                len += i;
+                if ((size_t)i < want)
+                    continue;
+
            }
        }
        /* else data already loaded */
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "internal/cryptlib.h"
+#include "internal/sizes.h"
 #include "crypto/asn1.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
@ -343,8 +344,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,

    if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
        const char *tagname;
+
        tagname = ASN1_tag2str(type);
-        outlen += strlen(tagname);
+        /* We can directly cast here as tagname will never be too large. */
+        outlen += (int)strlen(tagname);
        if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
            return -1;
        outlen++;
@ -370,7 +373,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,

    if (type == -1) {
        len = do_dump(lflags, io_ch, arg, str);
-        if (len < 0)
+        if (len < 0 || len > INT_MAX - outlen)
            return -1;
        outlen += len;
        return outlen;
@ -389,7 +392,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
    }

    len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-    if (len < 0)
+    if (len < 0 || len > INT_MAX - 2 - outlen)
        return -1;
    outlen += len;
    if (quotes)
--- a/crypto/asn1/a_strnid.c
+++ b/crypto/asn1/a_strnid.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -39,10 +39,10 @@ unsigned long ASN1_STRING_get_default_mask(void)
 * This function sets the default to various "flavours" of configuration.
 * based on an ASCII string. Currently this is:
 * MASK:XXXX : a numerical mask value.
- * nobmp : Don't use BMPStrings (just Printable, T61).
- * pkix : PKIX recommendation in RFC2459.
- * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
- * default:   the default value, Printable, T61, BMP.
+ * default   : use Printable, IA5, T61, BMP, and UTF8 string types
+ * nombstr   : any string type except variable-sized BMPStrings or UTF8Strings
+ * pkix      : PKIX recommendation in RFC2459
+ * utf8only  : this is the default, use UTF8Strings
 */

 int ASN1_STRING_set_default_mask_asc(const char *p)
--- a/crypto/asn1/a_time.c
+++ b/crypto/asn1/a_time.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -490,9 +490,9 @@ int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
 int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
 {
    char *v;
-    int gmt = 0, l;
+    int l;
    struct tm stm;
-    const char upper_z = 0x5A, period = 0x2E;
+    const char period = 0x2E;

    /* ossl_asn1_time_to_tm will check the time type */
    if (!ossl_asn1_time_to_tm(&stm, tm))
@ -500,8 +500,6 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)

    l = tm->length;
    v = (char *)tm->data;
-    if (v[l - 1] == upper_z)
-        gmt = 1;

    if (tm->type == V_ASN1_GENERALIZEDTIME) {
        char *f = NULL;
@ -512,39 +510,36 @@ int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags)
         * 'fraction point' in a GeneralizedTime string.
         */
        if (tm->length > 15 && v[14] == period) {
-            f = &v[14];
-            f_len = 1;
-            while (14 + f_len < l && ossl_ascii_isdigit(f[f_len]))
+            /* exclude the . itself */
+            f = &v[15];
+            f_len = 0;
+            while (15 + f_len < l && ossl_ascii_isdigit(f[f_len]))
                ++f_len;
        }

-        if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
-            return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s",
+        if (f_len > 0) {
+            if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
+                return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d.%.*sZ",
+                                  stm.tm_year + 1900, stm.tm_mon + 1,
+                                  stm.tm_mday, stm.tm_hour,
+                                  stm.tm_min, stm.tm_sec, f_len, f) > 0;
+            } else {
+                return BIO_printf(bp, "%s %2d %02d:%02d:%02d.%.*s %d GMT",
+                                  _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
+                                  stm.tm_min, stm.tm_sec, f_len, f,
+                                  stm.tm_year + 1900) > 0;
+            }
+        }
+    }
+    if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
+        return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02dZ",
                          stm.tm_year + 1900, stm.tm_mon + 1,
                          stm.tm_mday, stm.tm_hour,
-                          stm.tm_min, stm.tm_sec, f_len, f,
-                          (gmt ? "Z" : "")) > 0;
-        }
-        else {
-            return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
-                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
-                          stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900,
-                          (gmt ? " GMT" : "")) > 0;
-        }
+                          stm.tm_min, stm.tm_sec) > 0;
    } else {
-        if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) {
-            return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s",
-                          stm.tm_year + 1900, stm.tm_mon + 1,
-                          stm.tm_mday, stm.tm_hour,
-                          stm.tm_min, stm.tm_sec,
-                          (gmt ? "Z" : "")) > 0;
-        }
-        else {
-            return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
+        return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d GMT",
                          _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour,
-                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900,
-                          (gmt ? " GMT" : "")) > 0;
-        }
+                          stm.tm_min, stm.tm_sec, stm.tm_year + 1900) > 0;
    }
 }

--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -202,10 +202,12 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
    inl = ASN1_item_i2d(data, &buf_in, it);
    if (inl <= 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
+        ret = -1;
        goto err;
    }
    if (buf_in == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
+        ret = -1;
        goto err;
    }
    inll = inl;
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@ -1,6 +1,6 @@
 /*
 * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/asn1/asn1_gen.c
+++ b/crypto/asn1/asn1_gen.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -499,7 +499,8 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
 static int asn1_str2tag(const char *tagstr, int len)
 {
    unsigned int i;
-    static const struct tag_name_st *tntmp, tnst[] = {
+    const struct tag_name_st *tntmp;
+    static const struct tag_name_st tnst[] = {
        ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
        ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
        ASN1_GEN_STR("NULL", V_ASN1_NULL),
--- a/crypto/asn1/asn_mime.c
+++ b/crypto/asn1/asn_mime.c
@ -300,6 +300,8 @@ int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,

    if (ctype_nid == NID_pkcs7_enveloped) {
        msg_type = "enveloped-data";
+    } else if (ctype_nid == NID_id_smime_ct_authEnvelopedData) {
+        msg_type = "authEnveloped-data";
    } else if (ctype_nid == NID_pkcs7_signed) {
        if (econt_nid == NID_id_smime_ct_receipt)
            msg_type = "signed-receipt";
--- a/crypto/asn1/asn_mstbl.c
+++ b/crypto/asn1/asn_mstbl.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -85,8 +85,12 @@ void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed

    case ASN1_ITYPE_NDEF_SEQUENCE:
    case ASN1_ITYPE_SEQUENCE:
-        if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
+        if (ossl_asn1_do_lock(pval, -1, it) != 0) {
+            /* if error or ref-counter > 0 */
+            OPENSSL_assert(embed == 0);
+            *pval = NULL;
            return;
+        }
        if (asn1_cb) {
            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
            if (i == 2)
--- a/crypto/bio/bf_readbuff.c
+++ b/crypto/bio/bf_readbuff.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -222,10 +222,13 @@ static int readbuffer_gets(BIO *b, char *buf, int size)
    char *p;
    int i, j;

-    if (size == 0)
+    if (buf == NULL || size == 0)
        return 0;
    --size; /* the passed in size includes the terminator - so remove it here */
    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
+
+    if (ctx == NULL || b->next_bio == NULL)
+        return 0;
    BIO_clear_retry_flags(b);

    /* If data is already buffered then use this first */
--- a/crypto/bio/bio_addr.c
+++ b/crypto/bio/bio_addr.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -104,6 +104,7 @@ void BIO_ADDR_clear(BIO_ADDR *ap)
 */
 int BIO_ADDR_make(BIO_ADDR *ap, const struct sockaddr *sa)
 {
+    memset(ap, 0, sizeof(BIO_ADDR));
    if (sa->sa_family == AF_INET) {
        memcpy(&(ap->s_in), sa, sizeof(struct sockaddr_in));
        return 1;
@ -571,8 +572,13 @@ int BIO_parse_hostserv(const char *hostserv, char **host, char **service,
            *service = NULL;
        } else {
            *service = OPENSSL_strndup(p, pl);
-            if (*service == NULL)
+            if (*service == NULL) {
+                if (h != NULL && host != NULL) {
+                    OPENSSL_free(*host);
+                    *host = NULL;
+                }
                return 0;
+            }
        }
    }

@ -799,14 +805,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
        if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
            /* Should this be raised inside do_bio_lookup_init()? */
            ERR_raise(ERR_LIB_BIO, ERR_R_CRYPTO_LIB);
-            ret = 0;
-            goto err;
+            return 0;
        }

-        if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) {
-            ret = 0;
-            goto err;
-        }
+        if (!CRYPTO_THREAD_write_lock(bio_lookup_lock))
+            return 0;
+        
        he_fallback_address = INADDR_ANY;
        if (host == NULL) {
            he = &he_fallback;
--- a/crypto/bio/bio_lib.c
+++ b/crypto/bio/bio_lib.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -126,7 +126,7 @@ int BIO_free(BIO *a)
    if (CRYPTO_DOWN_REF(&a->references, &ret) <= 0)
        return 0;

-    REF_PRINT_COUNT("BIO", a);
+    REF_PRINT_COUNT("BIO", ret, a);
    if (ret > 0)
        return 1;
    REF_ASSERT_ISNT(ret < 0);
@ -191,7 +191,7 @@ int BIO_up_ref(BIO *a)
    if (CRYPTO_UP_REF(&a->references, &i) <= 0)
        return 0;

-    REF_PRINT_COUNT("BIO", a);
+    REF_PRINT_COUNT("BIO", i, a);
    REF_ASSERT_ISNT(i < 2);
    return i > 1;
 }
@ -965,8 +965,12 @@ static int bio_wait(BIO *bio, time_t max_time, unsigned int nap_milliseconds)
        return 1;

 #ifndef OPENSSL_NO_SOCK
-    if (BIO_get_fd(bio, &fd) > 0 && fd < FD_SETSIZE)
-        return BIO_socket_wait(fd, BIO_should_read(bio), max_time);
+    if (BIO_get_fd(bio, &fd) > 0) {
+        int ret = BIO_socket_wait(fd, BIO_should_read(bio), max_time);
+
+        if (ret != -1)
+            return ret;
+    }
 #endif
    /* fall back to polling since no sockets are available */

--- a/crypto/bio/bio_meth.c
+++ b/crypto/bio/bio_meth.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/bio/bio_sock.c
+++ b/crypto/bio/bio_sock.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -26,9 +26,6 @@ static int wsa_init_done = 0;
 # if defined __TANDEM
 #  include <unistd.h>
 #  include <sys/time.h> /* select */
-#  if defined(OPENSSL_TANDEM_FLOSS)
-#   include <floss.h(floss_select)>
-#  endif
 # elif defined _WIN32
 #  include <winsock.h> /* for type fd_set */
 # else
@ -260,7 +257,7 @@ int BIO_get_accept_socket(char *host, int bind_mode)
        return INVALID_SOCKET;

    if (BIO_sock_init() != 1)
-        return INVALID_SOCKET;
+        goto err;

    if (BIO_lookup(h, p, BIO_LOOKUP_SERVER, AF_UNSPEC, SOCK_STREAM, &res) != 0)
        goto err;
@ -435,7 +432,11 @@ int BIO_socket_wait(int fd, int for_read, time_t max_time)
    struct timeval tv;
    time_t now;

+#ifdef _WIN32
+    if ((SOCKET)fd == INVALID_SOCKET)
+#else
    if (fd < 0 || fd >= FD_SETSIZE)
+#endif
        return -1;
    if (max_time == 0)
        return 1;
--- a/crypto/bio/bss_conn.c
+++ b/crypto/bio/bss_conn.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -110,7 +110,7 @@ err:

 static int conn_state(BIO *b, BIO_CONNECT *c)
 {
-    int ret = -1, i;
+    int ret = -1, i, opts;
    BIO_info_cb *cb = NULL;

    if (c->info_callback != NULL)
@ -188,8 +188,12 @@ static int conn_state(BIO *b, BIO_CONNECT *c)
        case BIO_CONN_S_CONNECT:
            BIO_clear_retry_flags(b);
            ERR_set_mark();
-            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter),
-                              BIO_SOCK_KEEPALIVE | c->connect_mode);
+
+            opts = c->connect_mode;
+            if (BIO_ADDRINFO_socktype(c->addr_iter) == SOCK_STREAM)
+                opts |= BIO_SOCK_KEEPALIVE;
+
+            ret = BIO_connect(b->num, BIO_ADDRINFO_address(c->addr_iter), opts);
            b->retry_reason = 0;
            if (ret == 0) {
                if (BIO_sock_should_retry(ret)) {
--- a/crypto/bio/bss_dgram.c
+++ b/crypto/bio/bss_dgram.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -66,6 +66,10 @@
   #undef NO_RECVMSG
   #define NO_RECVMSG
 # endif
+# if (defined(__ANDROID_API__) && __ANDROID_API__ < 21) || defined(_AIX)
+#  undef NO_RECVMMSG
+#  define NO_RECVMMSG
+# endif
 # if !defined(M_METHOD)
 #  if defined(OPENSSL_SYS_WINDOWS) && defined(BIO_HAVE_WSAMSG) && !defined(NO_WSARECVMSG)
 #   define M_METHOD  M_METHOD_WSARECVMSG
@ -556,6 +560,8 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
    socklen_t addr_len;
    BIO_ADDR addr;
 # endif
+    struct sockaddr_storage ss;
+    socklen_t ss_len = sizeof(ss);

    data = (bio_dgram_data *)b->ptr;

@ -573,6 +579,10 @@ static long dgram_ctrl(BIO *b, int cmd, long num, void *ptr)
        b->shutdown = (int)num;
        b->init = 1;
        dgram_update_local_addr(b);
+        if (getpeername(b->num, (struct sockaddr *)&ss, &ss_len) == 0) {
+            BIO_ADDR_make(&data->peer, BIO_ADDR_sockaddr((BIO_ADDR *)&ss));
+            data->connected = 1;
+        }
 # if defined(SUPPORT_LOCAL_ADDR)
        if (data->local_addr_enabled) {
            if (enable_local_addr(b, 1) < 1)
@ -1063,19 +1073,27 @@ static void translate_msg_win(BIO *b, WSAMSG *mh, WSABUF *iov,
 static void translate_msg(BIO *b, struct msghdr *mh, struct iovec *iov,
                          unsigned char *control, BIO_MSG *msg)
 {
+    bio_dgram_data *data;
+
    iov->iov_base = msg->data;
    iov->iov_len  = msg->data_len;

-    /* macOS requires msg_namelen be 0 if msg_name is NULL */
-    mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
-    if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
-        mh->msg_namelen = sizeof(struct sockaddr_in);
+    data = (bio_dgram_data *)b->ptr;
+    if (data->connected == 0) {
+        /* macOS requires msg_namelen be 0 if msg_name is NULL */
+        mh->msg_name = msg->peer != NULL ? &msg->peer->sa : NULL;
+        if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET)
+            mh->msg_namelen = sizeof(struct sockaddr_in);
 #  if OPENSSL_USE_IPV6
-    else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
-        mh->msg_namelen = sizeof(struct sockaddr_in6);
+        else if (msg->peer != NULL && dgram_get_sock_family(b) == AF_INET6)
+            mh->msg_namelen = sizeof(struct sockaddr_in6);
 #  endif
-    else
+        else
+            mh->msg_namelen = 0;
+    } else {
+        mh->msg_name = NULL;
        mh->msg_namelen = 0;
+    }

    mh->msg_iov         = iov;
    mh->msg_iovlen      = 1;
@ -1174,7 +1192,7 @@ static int pack_local(BIO *b, MSGHDR_TYPE *mh, const BIO_ADDR *local) {
        cmsg->cmsg_type  = IP_PKTINFO;

        info = (struct in_pktinfo *)BIO_CMSG_DATA(cmsg);
-#   if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__)
+#   if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_CYGWIN) && !defined(__FreeBSD__) && !defined(__QNX__)
        info->ipi_spec_dst      = local->s_in.sin_addr;
 #   endif
        info->ipi_addr.s_addr   = 0;
--- a/crypto/bio/bss_log.c
+++ b/crypto/bio/bss_log.c
@ -281,7 +281,7 @@ static void xsyslog(BIO *bp, int priority, const char *string)
        break;
    }

-    sprintf(pidbuf, "[%lu] ", GetCurrentProcessId());
+    BIO_snprintf(pidbuf, sizeof(pidbuf), "[%lu] ", GetCurrentProcessId());
    lpszStrings[0] = pidbuf;
    lpszStrings[1] = string;

--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@ -326,6 +326,7 @@ $code.=<<___;

 #if __ARM_MAX_ARCH__>=7
 .extern	OPENSSL_armcap_P
+.hidden	OPENSSL_armcap_P
 #endif
 ___

--- a/crypto/bn/asm/armv4-mont.pl
+++ b/crypto/bn/asm/armv4-mont.pl
@ -750,6 +750,7 @@ $code.=<<___;
 .align	2
 #if __ARM_MAX_ARCH__>=7
 .extern	OPENSSL_armcap_P
+.hidden	OPENSSL_armcap_P
 #endif
 ___

--- a/crypto/bn/asm/armv8-mont.pl
+++ b/crypto/bn/asm/armv8-mont.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -85,10 +85,12 @@ bn_mul_mont:
 	cmp	$num,#32
 	b.le	.Lscalar_impl
 #ifndef	__KERNEL__
+#ifndef	__AARCH64EB__
 	adrp	x17,OPENSSL_armv8_rsa_neonized
 	ldr	w17,[x17,#:lo12:OPENSSL_armv8_rsa_neonized]
 	cbnz	w17, bn_mul8x_mont_neon
 #endif
+#endif

 .Lscalar_impl:
 	tst	$num,#7
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -606,7 +606,7 @@ static int MOD_EXP_CTIME_COPY_FROM_PREBUF(BIGNUM *b, int top,
 * out by Colin Percival,
 * http://www.daemonology.net/hyperthreading-considered-harmful/)
 */
-int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
                              const BIGNUM *m, BN_CTX *ctx,
                              BN_MONT_CTX *in_mont)
 {
@ -623,10 +623,6 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    unsigned int t4 = 0;
 #endif

-    bn_check_top(a);
-    bn_check_top(p);
-    bn_check_top(m);
-
    if (!BN_is_odd(m)) {
        ERR_raise(ERR_LIB_BN, BN_R_CALLED_WITH_EVEN_MODULUS);
        return 0;
@ -1146,7 +1142,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
            goto err;
    } else
 #endif
-    if (!BN_from_montgomery(rr, &tmp, mont, ctx))
+    if (!bn_from_mont_fixed_top(rr, &tmp, mont, ctx))
        goto err;
    ret = 1;
 err:
@ -1160,6 +1156,19 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
    return ret;
 }

+int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
+                              const BIGNUM *m, BN_CTX *ctx,
+                              BN_MONT_CTX *in_mont)
+{
+    bn_check_top(a);
+    bn_check_top(p);
+    bn_check_top(m);
+    if (!bn_mod_exp_mont_fixed_top(rr, a, p, m, ctx, in_mont))
+        return 0;
+    bn_correct_top(rr);
+    return 1;
+}
+
 int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont)
 {
--- a/crypto/bn/bn_gf2m.c
+++ b/crypto/bn/bn_gf2m.c
@ -15,6 +15,7 @@
 #include "bn_local.h"

 #ifndef OPENSSL_NO_EC2M
+# include <openssl/ec.h>

 /*
 * Maximum number of iterations before BN_GF2m_mod_solve_quad_arr should
@ -1130,16 +1131,26 @@ int BN_GF2m_mod_solve_quad(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
 /*
 * Convert the bit-string representation of a polynomial ( \sum_{i=0}^n a_i *
 * x^i) into an array of integers corresponding to the bits with non-zero
- * coefficient.  Array is terminated with -1. Up to max elements of the array
- * will be filled.  Return value is total number of array elements that would
- * be filled if array was large enough.
+ * coefficient.  The array is intended to be suitable for use with
+ * `BN_GF2m_mod_arr()`, and so the constant term of the polynomial must not be
+ * zero.  This translates to a requirement that the input BIGNUM `a` is odd.
+ *
+ * Given sufficient room, the array is terminated with -1.  Up to max elements
+ * of the array will be filled.
+ *
+ * The return value is total number of array elements that would be filled if
+ * array was large enough, including the terminating `-1`.  It is `0` when `a`
+ * is not odd or the constant term is zero contrary to requirement.
+ *
+ * The return value is also `0` when the leading exponent exceeds
+ * `OPENSSL_ECC_MAX_FIELD_BITS`, this guards against CPU exhaustion attacks,
 */
 int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
 {
    int i, j, k = 0;
    BN_ULONG mask;

-    if (BN_is_zero(a))
+    if (!BN_is_odd(a))
        return 0;

    for (i = a->top - 1; i >= 0; i--) {
@ -1157,12 +1168,13 @@ int BN_GF2m_poly2arr(const BIGNUM *a, int p[], int max)
        }
    }

-    if (k < max) {
-        p[k] = -1;
-        k++;
-    }
+    if (k > 0 && p[0] > OPENSSL_ECC_MAX_FIELD_BITS)
+        return 0;

-    return k;
+    if (k < max)
+        p[k] = -1;
+
+    return k + 1;
 }

 /*
--- a/crypto/bn/bn_lib.c
+++ b/crypto/bn/bn_lib.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -708,14 +708,29 @@ int BN_ucmp(const BIGNUM *a, const BIGNUM *b)
    int i;
    BN_ULONG t1, t2, *ap, *bp;

+    ap = a->d;
+    bp = b->d;
+
+    if (BN_get_flags(a, BN_FLG_CONSTTIME)
+            && a->top == b->top) {
+        int res = 0;
+
+        for (i = 0; i < b->top; i++) {
+            res = constant_time_select_int(constant_time_lt_bn(ap[i], bp[i]),
+                                           -1, res);
+            res = constant_time_select_int(constant_time_lt_bn(bp[i], ap[i]),
+                                           1, res);
+        }
+        return res;
+    }
+
    bn_check_top(a);
    bn_check_top(b);

    i = a->top - b->top;
    if (i != 0)
        return i;
-    ap = a->d;
-    bp = b->d;
+
    for (i = a->top - 1; i >= 0; i--) {
        t1 = ap[i];
        t2 = bp[i];
@ -827,11 +842,10 @@ int BN_is_bit_set(const BIGNUM *a, int n)
    return (int)(((a->d[i]) >> j) & ((BN_ULONG)1));
 }

-int BN_mask_bits(BIGNUM *a, int n)
+int ossl_bn_mask_bits_fixed_top(BIGNUM *a, int n)
 {
    int b, w;

-    bn_check_top(a);
    if (n < 0)
        return 0;

@ -845,10 +859,21 @@ int BN_mask_bits(BIGNUM *a, int n)
        a->top = w + 1;
        a->d[w] &= ~(BN_MASK2 << b);
    }
-    bn_correct_top(a);
+    a->flags |= BN_FLG_FIXED_TOP;
    return 1;
 }

+int BN_mask_bits(BIGNUM *a, int n)
+{
+    int ret;
+
+    bn_check_top(a);
+    ret = ossl_bn_mask_bits_fixed_top(a, n);
+    if (ret)
+        bn_correct_top(a);
+    return ret;
+}
+
 void BN_set_negative(BIGNUM *a, int b)
 {
    if (b && !BN_is_zero(a))
@ -1022,6 +1047,22 @@ int BN_is_word(const BIGNUM *a, const BN_ULONG w)
    return BN_abs_is_word(a, w) && (!w || !a->neg);
 }

+int ossl_bn_is_word_fixed_top(const BIGNUM *a, const BN_ULONG w)
+{
+    int res, i;
+    const BN_ULONG *ap = a->d;
+
+    if (a->neg || a->top == 0)
+        return 0;
+
+    res = constant_time_select_int(constant_time_eq_bn(ap[0], w), 1, 0);
+
+    for (i = 1; i < a->top; i++)
+        res = constant_time_select_int(constant_time_is_zero_bn(ap[i]),
+                                       res, 0);
+    return res;
+}
+
 int BN_is_odd(const BIGNUM *a)
 {
    return (a->top > 0) && (a->d[0] & 1);
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@ -41,12 +41,15 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     */

 #if defined(_ARCH_PPC64) && !defined(__ILP32__)
+    /* Minerva side-channel fix danny */
+# if defined(USE_FIXED_N6)
    if (num == 6) {
        if (OPENSSL_ppccap_P & PPC_MADD300)
            return bn_mul_mont_300_fixed_n6(rp, ap, bp, np, n0, num);
        else
            return bn_mul_mont_fixed_n6(rp, ap, bp, np, n0, num);
    }
+# endif
 #endif

    return bn_mul_mont_int(rp, ap, bp, np, n0, num);
--- a/Show more
+++ b/Show more