vendors/openssl/3.0.20vendor/openssl/3.0.20vendor/openssl-3.0

148 files changed, 2246 insertions, 1282 deletions

diff --git a/CHANGES.md b/CHANGES.md
index 52d11f56cc90..5d99e5fecdd7 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -28,6 +28,124 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 
+### Changes between 3.0.19 and 3.0.20 [7 Apr 2026]
+
+ * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
+
+   Severity: Moderate
+
+   Issue summary: Applications using RSASVE key encapsulation to establish
+   a secret encryption key can send contents of an uninitialized memory buffer
+   to a malicious peer.
+
+   Impact summary: The uninitialized buffer might contain sensitive data
+   from the previous execution of the application process which leads
+   to sensitive data leakage to an attacker.
+
+   Reported by: Simo Sorce (Red Hat).
+
+   ([CVE-2026-31790])
+
+   *Nikola Pajkovsky*
+
+ * Fixed potential use-after-free in DANE client code.
+
+   Severity: Low
+
+   Issue summary: An uncommon configuration of clients performing DANE
+   TLSA-based server authentication, when paired with uncommon server DANE TLSA
+   records, may result in a use-after-free and/or double-free on the client
+   side.
+
+   Impact summary: A use after free can have a range of potential consequences
+   such as the corruption of valid data, crashes, or execution of arbitrary
+   code.
+
+   Reported by: Igor Morgenstern (Aisle Research).
+
+   ([CVE-2026-28387])
+
+   *Viktor Dukhovni*
+
+ * Fixed NULL pointer dereference when processing a delta CRL.
+
+   Severity: Low
+
+   Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
+   is processed, a NULL pointer dereference might happen if the required CRL
+   Number extension is missing.
+
+   Impact summary: A NULL pointer dereference can trigger a crash which
+   leads to a Denial of Service for an application.
+
+   Reported by: Igor Morgenstern (Aisle Research).
+
+   ([CVE-2026-28388])
+
+   *Igor Morgenstern*
+
+ * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
+
+   Severity: Low
+
+   Issue summary: During processing of a crafted CMS EnvelopedData message
+   with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
+
+   Impact summary: Applications that process attacker-controlled CMS data may
+   crash before authentication or cryptographic operations occur resulting in
+   Denial of Service.
+
+   Reported by: Nathan Sportsman (Praetorian), Daniel Rhea,
+   Jaeho Nam (Seoul National University), Muhammad Daffa,
+   Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab),
+   Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers.
+
+   ([CVE-2026-28389])
+
+   *Neil Horman*
+
+ * Fixed possible NULL dereference when processing CMS
+   KeyTransportRecipientInfo.
+
+   Severity: Low
+
+   Issue summary: During processing of a crafted CMS EnvelopedData message
+   with KeyTransportRecipientInfo a NULL pointer dereference can happen.
+
+   Impact summary: Applications that process attacker-controlled CMS data may
+   crash before authentication or cryptographic operations occur resulting in
+   Denial of Service.
+
+   Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab),
+   Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab),
+   Joshua Rogers, and Chanho Kim.
+
+   ([CVE-2026-28390])
+
+   *Neil Horman*
+
+ * Fixed heap buffer overflow in hexadecimal conversion.
+
+   Severity: Low
+
+   Issue summary: Converting an excessively large OCTET STRING value to
+   a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
+
+   Impact summary: A heap buffer overflow may lead to a crash or possibly
+   an attacker controlled code execution or other undefined behavior.
+
+   Reported by: Quoc Tran (Xint.io - US Team).
+
+   ([CVE-2026-31789])
+
+   *Igor Ustinov*
+
+ * Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST`
+   containing a raw IPv6 address.
+   <!-- https://github.com/openssl/openssl/pull/30384 -->
+
+   *Peter Zhang*
+
 ### Changes between 3.0.18 and 3.0.19 [27 Jan 2026]
 
  * Fixed Stack buffer overflow in CMS `AuthEnvelopedData` parsing.
@@ -2062,7 +2180,7 @@ breaking changes, and mappings for the large list of deprecated functions.
 
    *Richard Levitte*
 
- * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ * Fixed an overflow bug in the x86_64 Montgomery squaring procedure
    used in exponentiation with 512-bit moduli. No EC algorithms are
    affected. Analysis suggests that attacks against 2-prime RSA1024,
    3-prime RSA1536, and DSA1024 as a result of this defect would be very
@@ -20206,208 +20324,214 @@ ndif
 
 <!-- Links -->
 
-[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
-[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
-[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
-[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
-[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
-[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
-[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
-[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
-[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
-[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
-[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
-[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
-[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
-[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
-[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
-[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
-[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
-[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
-[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
-[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
-[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
-[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
-[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
-[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
-[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
+[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655
+[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656
+[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657
+[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659
+[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078
+[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543
+[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544
+[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545
+[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851
+[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079
+[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112
+[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
+[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
+[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
+[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738
+[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
+[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
+[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995
+[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135
+[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891
+[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672
+[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678
+[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
+[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
+[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
+[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
+[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377
+[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378
+[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379
+[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386
+[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245
+[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
+[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355
+[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
+[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
+[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
+[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
+[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
+[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
+[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
+[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
+[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
+[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
+[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109
+[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
+[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
+[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
+[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
+[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
+[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
+[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
+[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
+[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
+[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
+[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
+[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
+[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
+[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
+[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
+[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
+[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
+[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
+[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
+[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
+[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
+[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
+[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
+[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
+[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
+[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
+[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
+[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
+[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
+[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
+[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
+[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
+[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
+[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
+[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
+[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
+[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
+[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
+[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
+[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
+[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
+[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
+[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
+[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
+[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
+[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
+[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
+[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
+[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
+[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
+[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
+[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
+[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
+[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
+[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
+[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
+[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
+[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
+[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
+[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
+[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
+[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
+[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
+[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
+[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
+[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
+[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
+[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
+[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
+[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
+[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
+[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
+[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
+[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
+[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
+[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
+[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
+[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
+[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
+[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
+[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
+[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
+[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
+[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
+[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
+[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
+[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
+[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
+[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
+[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
+[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
+[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
+[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
+[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
+[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
+[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
+[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
+[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
+[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
+[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
+[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
+[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
+[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
+[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
+[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
+[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
+[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
+[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
+[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
+[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
+[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
+[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
+[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
+[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
+[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
+[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
+[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
+[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
+[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
+[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
+[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
+[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
+[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
+[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
+[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
+[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
+[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
+[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
+[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
+[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
+[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
+[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
+[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
+[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
+[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
+[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
+[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
+[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
+[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
+[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
+[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
+[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
+[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
+[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
+[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
+[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
+[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
+[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
+[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
+[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
+[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
+[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
+[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
+[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
+[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
+[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
+[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
+[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
 [RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
-[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
-[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
-[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
-[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
-[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
-[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
-[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
-[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
-[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
-[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
-[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
-[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
-[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
-[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
-[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
-[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
-[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
-[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
-[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
-[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
-[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
-[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
-[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
-[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
-[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
-[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
-[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
-[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
-[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
-[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
-[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
-[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
-[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
-[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
-[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
-[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
-[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
-[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
-[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
-[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
-[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
-[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
-[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
-[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
-[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
-[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
-[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
-[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
-[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
-[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
-[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
-[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
-[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
-[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
-[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
-[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
-[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
-[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
-[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
-[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
-[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
-[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
-[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
-[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
-[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
-[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
-[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
-[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
-[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
-[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
-[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
-[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
-[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
-[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
-[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
-[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
-[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
-[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
-[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
-[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
-[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
-[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
-[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
-[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
-[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
-[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
-[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
-[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
-[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
-[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
-[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
-[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
-[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
-[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
-[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
-[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
-[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
-[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
-[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
-[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
-[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
-[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
-[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
-[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
-[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
-[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
-[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
-[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
-[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
-[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
-[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
-[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
-[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
-[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
-[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
-[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
-[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
-[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
-[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
-[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
-[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
-[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
-[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
-[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
-[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
-[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
-[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
-[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
-[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
-[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
-[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
-[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
-[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
-[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
-[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109
-[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
-[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
-[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
-[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
-[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
-[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
-[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
-[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
-[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
-[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
-[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355
-[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
-[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245
-[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386
-[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379
-[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378
-[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377
-[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
-[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
-[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
-[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
-[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678
-[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672
-[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891
-[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135
-[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995
-[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
-[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
-[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738
-[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
-[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
-[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
-[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112
-[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079
-[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851
-[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545
-[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544
-[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543
-[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078
-[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659
-[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
-[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
-[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
index e74adb50cc3c..30b31e683f87 100644
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@@ -5,7 +5,8 @@
 my $vc_win64a_info = {};
 sub vc_win64a_info {
     unless (%$vc_win64a_info) {
-        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+        # Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) {
             $vc_win64a_info = { AS        => "nasm",
                                 ASFLAGS   => "-g",
                                 asflags   => "-Ox -f win64 -DNEAR",
diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
index a68ae9f26fa1..b381ad0ad43c 100644
--- a/Configurations/unix-Makefile.tmpl
+++ b/Configurations/unix-Makefile.tmpl
@@ -66,6 +66,7 @@ OPTIONS={- $config{options} -}
 CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
 SRCDIR={- $config{sourcedir} -}
 BLDDIR={- $config{builddir} -}
+RESULT_D=$(BLDDIR)/test-runs
 FIPSKEY={- $config{FIPSKEY} -}
 
 VERSION={- "$config{full_version}" -}
@@ -600,7 +601,7 @@ clean: libclean
 	-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
 	$(RM) core
 	$(RM) tags TAGS doc-nits md-nits
-	$(RM) -r test/test-runs
+	$(RM) -r $(RESULT_D)
 	$(RM) providers/fips*.new
 	$(RM) openssl.pc libcrypto.pc libssl.pc
 	-find . -type l \! -name '.*' -exec $(RM) {} \;
diff --git a/Configurations/windows-makefile.tmpl b/Configurations/windows-makefile.tmpl
index c36efc7d8a64..b4a8b3ee257b 100644
--- a/Configurations/windows-makefile.tmpl
+++ b/Configurations/windows-makefile.tmpl
@@ -38,6 +38,7 @@
 PLATFORM={- $config{target} -}
 SRCDIR={- $config{sourcedir} -}
 BLDDIR={- $config{builddir} -}
+RESULT_D=$(BLDDIR)\test-runs
 FIPSKEY={- $config{FIPSKEY} -}
 
 VERSION={- "$config{full_version}" -}
@@ -217,7 +218,7 @@ OPENSSLDIR_dir={- canonpath($openssldir_dir) -}
 LIBDIR={- our $libdir = $config{libdir} || "lib";
           file_name_is_absolute($libdir) ? "" : $libdir -}
 MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath);
-                  our $modulesprefix = catdir($prefix,$libdir);
+                  our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir);
                   our ($modulesprefix_dev, $modulesprefix_dir,
                        $modulesprefix_file) =
                       splitpath($modulesprefix, 1);
@@ -477,7 +478,7 @@ clean: libclean
 	-del /Q /S /F engines\*.lib engines\*.exp
 	-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
 	-del /Q /S /F test\*.exp
-	-rd /Q /S test\test-runs
+	-@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)"
 
 distclean: clean
 	-del /Q /F include\openssl\configuration.h
diff --git a/NEWS.md b/NEWS.md
index e56bee132241..e7507e3dac4a 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -18,6 +18,32 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 
+### Major changes between OpenSSL 3.0.19 and OpenSSL 3.0.20 [7 Apr 2026]
+
+OpenSSL 3.0.20 is a security patch release. The most severe CVE fixed in this
+release is Medium.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
+    ([CVE-2026-31790])
+
+  * Fixed potential use-after-free in DANE client code.
+    ([CVE-2026-28387])
+
+  * Fixed NULL pointer dereference when processing a delta CRL.
+    ([CVE-2026-28388])
+
+  * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
+    ([CVE-2026-28389])
+
+  * Fixed possible NULL dereference when processing CMS
+    KeyTransportRecipientInfo.
+    ([CVE-2026-28390])
+
+  * Fixed heap buffer overflow in hexadecimal conversion.
+    ([CVE-2026-31789])
+
 ### Major changes between OpenSSL 3.0.18 and OpenSSL 3.0.19 [27 Jan 2026]
 
 OpenSSL 3.0.19 is a security patch release. The most severe CVE fixed in this
@@ -335,7 +361,7 @@ OpenSSL 1.1.1
 
 ### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
 
-  * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+  * Fixed an overflow bug in the x86_64 Montgomery squaring procedure
     used in exponentiation with 512-bit moduli ([CVE-2019-1551])
 
 ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
@@ -1565,188 +1591,194 @@ OpenSSL 0.9.x
   * Support for various new platforms
 
 <!-- Links -->
-[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
-[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
-[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
-[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
-[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
-[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
-[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
-[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
-[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
-[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
-[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
-[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
-[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
-[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
-[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
-[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
-[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
-[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
-[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
-[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
-[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
-[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
-[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
-[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
-[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
-[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
-[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
-[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
-[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
-[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
-[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
-[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
-[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
-[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
-[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
-[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
-[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
-[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
-[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
-[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
-[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
-[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
-[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
-[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
-[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
-[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
-[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
-[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
-[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
-[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
-[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
-[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
-[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
-[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
-[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
-[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
-[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
-[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
-[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
-[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
-[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
-[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
-[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
-[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
-[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
-[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
-[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
-[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
-[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
-[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
-[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
-[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
-[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
-[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
-[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
-[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
-[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
-[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
-[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
-[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
-[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
-[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
-[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
-[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
-[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
-[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
-[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
-[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
-[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
-[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
-[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
-[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
-[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
-[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
-[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
-[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
-[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
-[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
-[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
-[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
-[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
-[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
-[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
-[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
-[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
-[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
-[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
-[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
-[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
-[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
-[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
-[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
-[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
-[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
-[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
-[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
-[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
-[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
-[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
-[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
-[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
-[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
-[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
-[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
-[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
-[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
-[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
-[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
-[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
-[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
-[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
-[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
-[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
-[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
-[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
-[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
-[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
-[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
-[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
-[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
-[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
-[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
-[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
-[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
-[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
-[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
-[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
-[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
-[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
-[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
-[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
-[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
-[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
-[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
-[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
-[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
-[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
-[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
-[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
-[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
-[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
-[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
-[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
-[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
-[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
-[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
-[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
-[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
-[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
-[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
-[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
-[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
-[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
-[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
-[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
-[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
-[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
-[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
-[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
-[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
-[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
-[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
-[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
-[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
+[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
+[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
+[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
+[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737
+[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
+[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
+[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
+[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
+[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
+[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
+[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
+[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
+[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
+[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
+[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939
+[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
+[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
+[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
+[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298
+[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
+[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
+[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
+[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
+[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
+[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
+[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
+[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
+[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
+[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
+[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
+[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
+[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
+[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
+[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
+[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
+[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449
+[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
+[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
+[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
+[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
+[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198
+[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
+[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
+[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
+[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
+[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
+[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
+[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
+[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
+[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
+[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
+[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
+[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
+[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
+[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
+[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
+[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
+[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
+[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
+[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
+[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
+[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
+[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
+[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
+[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
+[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
+[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
+[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
+[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
+[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
+[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
+[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
+[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
+[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
+[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
+[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
+[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
+[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
+[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
+[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
+[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
+[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
+[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
+[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
+[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
+[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
+[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
+[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
+[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
+[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
+[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
+[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
+[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
+[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
+[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
+[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
+[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
+[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
+[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
+[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
+[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
+[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
+[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
+[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
+[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
+[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
+[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
+[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
+[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
+[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
+[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
+[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
+[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
+[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
+[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
+[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
+[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
+[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
+[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
+[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
+[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
+[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
+[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
+[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
+[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
+[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
+[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
+[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
+[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
+[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
+[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
+[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
+[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
+[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
+[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
+[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
+[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
+[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
+[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
+[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
+[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
+[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
+[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
+[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
+[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
+[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
+[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
+[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
+[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
+[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
+[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
+[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
+[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
+[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
+[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
+[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
+[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
+[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
+[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
+[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
+[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
+[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
+[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
+[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
+[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
+[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
+[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
+[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
+[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
+[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
+[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
+[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
+[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
+[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
+[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
+[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
+[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
+[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
+[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
+[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
+[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
+[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
+[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
diff --git a/VERSION.dat b/VERSION.dat
index 4e62bef35f3e..6a053f134de1 100644
--- a/VERSION.dat
+++ b/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
-PATCH=19
+PATCH=20
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="27 Jan 2026"
+RELEASE_DATE="7 Apr 2026"
 SHLIB_VERSION=3
diff --git a/apps/cmp.c b/apps/cmp.c
index 3e4d4a044877..cef3e2251a1d 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1282,7 +1282,10 @@ static int setup_verification_ctx(OSSL_CMP_CTX *ctx)
         out_vpm = X509_STORE_get0_param(out_trusted);
         X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
 
-        (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
+        if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
+            X509_STORE_free(out_trusted);
+            return 0;
+        }
     }
 
     if (opt_disable_confirm)
diff --git a/apps/lib/app_provider.c b/apps/lib/app_provider.c
index 4d99b947f94a..ff41dd507cac 100644
--- a/apps/lib/app_provider.c
+++ b/apps/lib/app_provider.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -46,6 +46,7 @@ int app_provider_load(OSSL_LIB_CTX *libctx, const char *provider_name)
         app_providers = sk_OSSL_PROVIDER_new_null();
     if (app_providers == NULL
         || !sk_OSSL_PROVIDER_push(app_providers, prov)) {
+        OSSL_PROVIDER_unload(prov);
         app_providers_cleanup();
         return 0;
     }
diff --git a/apps/lib/apps.c b/apps/lib/apps.c
index 36a8149e76f1..652557971147 100644
--- a/apps/lib/apps.c
+++ b/apps/lib/apps.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -195,8 +195,13 @@ int app_passwd(const char *arg1, const char *arg2, char **pass1, char **pass2)
     }
     if (arg2 != NULL) {
         *pass2 = app_get_pass(arg2, same ? 2 : 0);
-        if (*pass2 == NULL)
+        if (*pass2 == NULL) {
+            if (pass1 != NULL) {
+                clear_free(*pass1);
+                *pass1 = NULL;
+            }
             return 0;
+        }
     } else if (pass2 != NULL) {
         *pass2 = NULL;
     }
@@ -266,15 +271,15 @@ static char *app_get_pass(const char *arg, int keepbio)
             }
         } else {
             /* argument syntax error; do not reveal too much about arg */
-            tmp = strchr(arg, ':');
-            if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
+            const char *arg_ptr = strchr(arg, ':');
+            if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX)
                 BIO_printf(bio_err,
                     "Invalid password argument, missing ':' within the first %d chars\n",
                     PASS_SOURCE_SIZE_MAX + 1);
             else
                 BIO_printf(bio_err,
                     "Invalid password argument, starting with \"%.*s\"\n",
-                    (int)(tmp - arg + 1), arg);
+                    (int)(arg_ptr - arg + 1), arg);
             return NULL;
         }
     }
diff --git a/apps/lib/win32_init.c b/apps/lib/win32_init.c
index 824eb676310e..0ea2048283cb 100644
--- a/apps/lib/win32_init.c
+++ b/apps/lib/win32_init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,6 @@
 #include <windows.h>
 #include <stdlib.h>
 #include <string.h>
-#include <malloc.h>
 
 #if defined(CP_UTF8)
 
diff --git a/apps/ocsp.c b/apps/ocsp.c
index d7bf4bf36e33..22e843f22d96 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -876,7 +876,7 @@ done_resp:
 
         i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
         if (i <= 0 && issuers) {
-            i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
+            i = OCSP_basic_verify(bs, issuers, store, verify_flags);
             if (i > 0)
                 ERR_clear_error();
         }
diff --git a/apps/ts.c b/apps/ts.c
index 8054d7f70486..fcf9a9dfdfe9 100644
--- a/apps/ts.c
+++ b/apps/ts.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -344,7 +344,7 @@ int ts_main(int argc, char **argv)
         if ((in != NULL) && (queryfile != NULL))
             goto opthelp;
         if (in == NULL) {
-            if ((conf == NULL) || (token_in != 0))
+            if (conf == NULL || token_in != 0 || queryfile == NULL)
                 goto opthelp;
         }
         ret = !reply_command(conf, section, engine, queryfile,
diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c
index caa079fad0ec..2d50dc657bac 100644
--- a/crypto/asn1/evp_asn1.c
+++ b/crypto/asn1/evp_asn1.c
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(asn1_int_oct) = {
     ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(asn1_int_oct)
 
-    DECLARE_ASN1_ITEM(asn1_int_oct)
+DECLARE_ASN1_ITEM(asn1_int_oct)
 
 int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
     int len)
@@ -158,7 +158,7 @@ ASN1_SEQUENCE(asn1_oct_int) = {
     ASN1_EMBED(asn1_oct_int, num, INT32)
 } static_ASN1_SEQUENCE_END(asn1_oct_int)
 
-    DECLARE_ASN1_ITEM(asn1_oct_int)
+DECLARE_ASN1_ITEM(asn1_oct_int)
 
 int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
     unsigned char *data, int len)
diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c
index 7b70d6c7a0cf..47f3a9802f82 100644
--- a/crypto/asn1/n_pkey.c
+++ b/crypto/asn1/n_pkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -52,6 +52,6 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = {
     ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 
-    DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY)
diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c
index 613bf645b17d..5757ed046645 100644
--- a/crypto/asn1/p5_scrypt.c
+++ b/crypto/asn1/p5_scrypt.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,7 +44,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
     uint64_t p)
 {
     X509_ALGOR *scheme = NULL, *ret = NULL;
-    int alg_nid;
+    int alg_nid, ivlen;
     size_t keylen = 0;
     EVP_CIPHER_CTX *ctx = NULL;
     unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -79,10 +79,11 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher,
         goto merr;
 
     /* Create random IV */
-    if (EVP_CIPHER_get_iv_length(cipher)) {
+    ivlen = EVP_CIPHER_get_iv_length(cipher);
+    if (ivlen > 0) {
         if (aiv)
-            memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
-        else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
+            memcpy(iv, aiv, ivlen);
+        else if (RAND_bytes(iv, ivlen) <= 0)
             goto err;
     }
 
diff --git a/crypto/bf/bf_cfb64.c b/crypto/bf/bf_cfb64.c
index e380972dbdc9..f2d42eefba80 100644
--- a/crypto/bf/bf_cfb64.c
+++ b/crypto/bf/bf_cfb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@ void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register BF_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     BF_LONG ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/bf/bf_ofb64.c b/crypto/bf/bf_ofb64.c
index 5c9193add17e..2cd339dd27eb 100644
--- a/crypto/bf/bf_ofb64.c
+++ b/crypto/bf/bf_ofb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@ void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register BF_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/bio/bss_file.c b/crypto/bio/bss_file.c
index 54c04b989b6a..1c65d827ff0e 100644
--- a/crypto/bio/bss_file.c
+++ b/crypto/bio/bss_file.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -202,8 +202,19 @@ static long file_ctrl(BIO *b, int cmd, long num, void *ptr)
     case BIO_CTRL_INFO:
         if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
             ret = UP_ftell(b->ptr);
-        else
+        else {
+#if defined(OPENSSL_SYS_WINDOWS)
+            /*
+             * On Windows, for non-seekable files (stdin), ftell() is undefined.
+             */
+            if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
+                ret = -1;
+            else
+                ret = ftell(fp);
+#else
             ret = ftell(fp);
+#endif
+        }
         break;
     case BIO_C_SET_FILE_PTR:
         file_free(b);
diff --git a/crypto/bn/asm/armv4-gf2m.pl b/crypto/bn/asm/armv4-gf2m.pl
index d380c89f1f2b..77819595ab00 100644
--- a/crypto/bn/asm/armv4-gf2m.pl
+++ b/crypto/bn/asm/armv4-gf2m.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -37,7 +37,7 @@
 # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
 # Polynomial Multiplication on ARM Processors using the NEON Engine.
 #
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
 
 # $output is the last argument if it looks like a file (it has an extension)
 # $flavour is the first argument if it doesn't look like a file
diff --git a/crypto/bn/asm/sparcv9-mont.pl b/crypto/bn/asm/sparcv9-mont.pl
index fe51fcaf81c7..d438af562648 100644
--- a/crypto/bn/asm/sparcv9-mont.pl
+++ b/crypto/bn/asm/sparcv9-mont.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -394,11 +394,11 @@ $code.=<<___;
 
 	mulx	$car1,$mul1,$car1
 	mulx	$npj,$mul1,$acc1
+	add	$tmp1,$car0,$car0
 	add	$tmp0,$car1,$car1
 	and	$car0,$mask,$acc0
 	ld	[$np+8],$npj			! np[2]
 	srlx	$car1,32,$car1
-	add	$tmp1,$car1,$car1
 	srlx	$car0,32,$car0
 	add	$acc0,$car1,$car1
 	and	$car0,1,$sbit
diff --git a/crypto/bn/bn_dh.c b/crypto/bn/bn_dh.c
index 542c33d6a8d7..d069481e981b 100644
--- a/crypto/bn/bn_dh.c
+++ b/crypto/bn/bn_dh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,7 +14,7 @@
 #include "crypto/bn_dh.h"
 
 #if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
 #else
 #define BN_DEF(lo, hi) lo, hi
 #endif
@@ -1387,37 +1387,37 @@ const BIGNUM ossl_bignum_const_2 = {
 };
 
 make_dh_bn(dh1024_160_p)
-    make_dh_bn(dh1024_160_q)
-        make_dh_bn(dh1024_160_g)
-            make_dh_bn(dh2048_224_p)
-                make_dh_bn(dh2048_224_q)
-                    make_dh_bn(dh2048_224_g)
-                        make_dh_bn(dh2048_256_p)
-                            make_dh_bn(dh2048_256_q)
-                                make_dh_bn(dh2048_256_g)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_q)
+make_dh_bn(dh2048_256_g)
 
-                                    make_dh_bn(ffdhe2048_p)
-                                        make_dh_bn(ffdhe2048_q)
-                                            make_dh_bn(ffdhe3072_p)
-                                                make_dh_bn(ffdhe3072_q)
-                                                    make_dh_bn(ffdhe4096_p)
-                                                        make_dh_bn(ffdhe4096_q)
-                                                            make_dh_bn(ffdhe6144_p)
-                                                                make_dh_bn(ffdhe6144_q)
-                                                                    make_dh_bn(ffdhe8192_p)
-                                                                        make_dh_bn(ffdhe8192_q)
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe2048_q)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe3072_q)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe4096_q)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe6144_q)
+make_dh_bn(ffdhe8192_p)
+make_dh_bn(ffdhe8192_q)
 
 #ifndef FIPS_MODULE
-                                                                            make_dh_bn(modp_1536_p)
-                                                                                make_dh_bn(modp_1536_q)
+make_dh_bn(modp_1536_p)
+make_dh_bn(modp_1536_q)
 #endif
-                                                                                    make_dh_bn(modp_2048_p)
-                                                                                        make_dh_bn(modp_2048_q)
-                                                                                            make_dh_bn(modp_3072_p)
-                                                                                                make_dh_bn(modp_3072_q)
-                                                                                                    make_dh_bn(modp_4096_p)
-                                                                                                        make_dh_bn(modp_4096_q)
-                                                                                                            make_dh_bn(modp_6144_p)
-                                                                                                                make_dh_bn(modp_6144_q)
-                                                                                                                    make_dh_bn(modp_8192_p)
-                                                                                                                        make_dh_bn(modp_8192_q)
+make_dh_bn(modp_2048_p)
+make_dh_bn(modp_2048_q)
+make_dh_bn(modp_3072_p)
+make_dh_bn(modp_3072_q)
+make_dh_bn(modp_4096_p)
+make_dh_bn(modp_4096_q)
+make_dh_bn(modp_6144_p)
+make_dh_bn(modp_6144_q)
+make_dh_bn(modp_8192_p)
+make_dh_bn(modp_8192_q)
diff --git a/crypto/bn/bn_exp.c b/crypto/bn/bn_exp.c
index 968573ae5824..1d2c971b85f5 100644
--- a/crypto/bn/bn_exp.c
+++ b/crypto/bn/bn_exp.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -771,16 +771,16 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
         static const bn_pwr5_mont_f pwr5_funcs[4] = {
@@ -792,15 +792,15 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
-        int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp,
+        int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
             const BN_ULONG *np, const BN_ULONG *n0);
-        int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+        int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
-        int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+        int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
-        int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+        int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
         static const bn_mul_mont_f mul_funcs[4] = {
@@ -809,20 +809,20 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
         };
         bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
 
-        void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0, int num);
-        void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0, int num);
-        void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
             const void *table, const BN_ULONG *np,
             const BN_ULONG *n0, int num, int power);
         void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
             void *table, size_t power);
-        void bn_gather5_t4(BN_ULONG * out, size_t num,
+        void bn_gather5_t4(BN_ULONG *out, size_t num,
             void *table, size_t power);
-        void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num);
+        void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
 
         BN_ULONG *np = mont->N.d, *n0 = mont->n0;
         int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
@@ -922,13 +922,13 @@ int bn_mod_exp_mont_fixed_top(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
          * Given those inputs, |bn_mul_mont| may not give reduced
          * output, but it will still produce "almost" reduced output.
          */
-        void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
             const void *table, const BN_ULONG *np,
             const BN_ULONG *n0, int num, int power);
         void bn_scatter5(const BN_ULONG *inp, size_t num,
             void *table, size_t power);
-        void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power);
-        void bn_power5(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+        void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
             const void *table, const BN_ULONG *np,
             const BN_ULONG *n0, int num, int power);
         int bn_get_bits5(const BN_ULONG *ap, int off);
diff --git a/crypto/bn/bn_local.h b/crypto/bn/bn_local.h
index 14731bb074ce..144b9bc66d88 100644
--- a/crypto/bn/bn_local.h
+++ b/crypto/bn/bn_local.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -384,7 +384,7 @@ struct bn_gencb_st {
 #elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #if defined(__DECC)
 #include <c_asm.h>
-#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b))
+#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b))
 #elif defined(__GNUC__) && __GNUC__ >= 2
 #define BN_UMULT_HIGH(a, b) ({     \
         register BN_ULONG ret;          \
diff --git a/crypto/bn/bn_mont.c b/crypto/bn/bn_mont.c
index 198ebf3353b4..303f946301d6 100644
--- a/crypto/bn/bn_mont.c
+++ b/crypto/bn/bn_mont.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,10 +8,9 @@
  */
 
 /*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ * Details about Montgomery multiplication algorithms can be found in
+ * https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf
+ * and https://cetinkayakoc.net/docs/r01.pdf
  */
 
 #include "internal/cryptlib.h"
diff --git a/crypto/bn/bn_ppc.c b/crypto/bn/bn_ppc.c
index 0b419bf1234a..31ba308eb247 100644
--- a/crypto/bn/bn_ppc.c
+++ b/crypto/bn/bn_ppc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,9 +15,9 @@
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
-    int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
 
     if (num < 4)
diff --git a/crypto/bn/bn_prime.c b/crypto/bn/bn_prime.c
index 28d3b2a5ffcd..91ddd83d6ed9 100644
--- a/crypto/bn/bn_prime.c
+++ b/crypto/bn/bn_prime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -30,7 +30,7 @@ static int bn_is_prime_int(const BIGNUM *w, int checks, BN_CTX *ctx,
 #define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
 
 #if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
 #else
 #define BN_DEF(lo, hi) lo, hi
 #endif
diff --git a/crypto/bn/bn_rsa_fips186_4.c b/crypto/bn/bn_rsa_fips186_4.c
index 8f717f04c804..9980f8d08d70 100644
--- a/crypto/bn/bn_rsa_fips186_4.c
+++ b/crypto/bn/bn_rsa_fips186_4.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -29,7 +29,7 @@
 #include "internal/nelem.h"
 
 #if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
 #else
 #define BN_DEF(lo, hi) lo, hi
 #endif
diff --git a/crypto/bn/bn_sparc.c b/crypto/bn/bn_sparc.c
index a236e42dfae9..7c902191d773 100644
--- a/crypto/bn/bn_sparc.c
+++ b/crypto/bn/bn_sparc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,11 +16,11 @@
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
-    int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
 
     if (!(num & 1) && num >= 6) {
@@ -29,16 +29,16 @@ int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
                 const BN_ULONG *bp,
                 const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
             static const bn_mul_mont_f funcs[4] = {
diff --git a/crypto/bsearch.c b/crypto/bsearch.c
index 192ccbeb916f..c2ab0b812595 100644
--- a/crypto/bsearch.c
+++ b/crypto/bsearch.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,7 +23,7 @@ const void *ossl_bsearch(const void *key, const void *base, int num,
     l = 0;
     h = num;
     while (l < h) {
-        i = (l + h) / 2;
+        i = l + (h - l) / 2;
         p = &(base_[i * size]);
         c = (*cmp)(key, p);
         if (c < 0)
diff --git a/crypto/cast/c_cfb64.c b/crypto/cast/c_cfb64.c
index 4170f77a78eb..3de52f56af46 100644
--- a/crypto/cast/c_cfb64.c
+++ b/crypto/cast/c_cfb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@ void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int enc)
 {
     register CAST_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     CAST_LONG ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/cast/c_ofb64.c b/crypto/cast/c_ofb64.c
index 431446ab5fb7..dbd6e02729d2 100644
--- a/crypto/cast/c_ofb64.c
+++ b/crypto/cast/c_ofb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@ void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register CAST_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/cms/cms_asn1.c b/crypto/cms/cms_asn1.c
index a920f22d0d94..3d420974b2bd 100644
--- a/crypto/cms/cms_asn1.c
+++ b/crypto/cms/cms_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,7 +23,7 @@ ASN1_SEQUENCE(CMS_OtherCertificateFormat) = {
     ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
 
-    ASN1_CHOICE(CMS_CertificateChoices)
+ASN1_CHOICE(CMS_CertificateChoices)
     = { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices)
 
 ASN1_CHOICE(CMS_SignerIdentifier) = {
@@ -31,11 +31,11 @@ ASN1_CHOICE(CMS_SignerIdentifier) = {
     ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
 } static_ASN1_CHOICE_END(CMS_SignerIdentifier)
 
-    ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
     = { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 
-    /* Minor tweak to operation: free up signer key, cert */
-    static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     if (operation == ASN1_OP_FREE_POST) {
         CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -62,7 +62,7 @@ ASN1_SEQUENCE(CMS_OtherRevocationInfoFormat) = {
     ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
 
-    ASN1_CHOICE(CMS_RevocationInfoChoice)
+ASN1_CHOICE(CMS_RevocationInfoChoice)
     = { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
 
 ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
@@ -79,7 +79,7 @@ ASN1_SEQUENCE(CMS_OriginatorInfo) = {
     ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
-    static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
 
@@ -117,7 +117,7 @@ ASN1_CHOICE(CMS_KeyAgreeRecipientIdentifier) = {
     ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
 } static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
 
-    static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
     if (operation == ASN1_OP_FREE_POST) {
@@ -142,7 +142,7 @@ ASN1_CHOICE(CMS_OriginatorIdentifierOrKey) = {
     ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
 } static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
 
-    static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
     if (operation == ASN1_OP_NEW_POST) {
@@ -172,7 +172,7 @@ ASN1_SEQUENCE(CMS_KEKIdentifier) = {
     ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
 } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
 
-    ASN1_SEQUENCE(CMS_KEKRecipientInfo)
+ASN1_SEQUENCE(CMS_KEKRecipientInfo)
     = { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
 
 ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
@@ -187,8 +187,8 @@ ASN1_SEQUENCE(CMS_OtherRecipientInfo) = {
     ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 
-    /* Free up RecipientInfo additional data */
-    static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     if (operation == ASN1_OP_FREE_PRE) {
         CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -260,7 +260,7 @@ ASN1_NDEF_SEQUENCE(CMS_AuthenticatedData) = {
     ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
 } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
 
-    ASN1_NDEF_SEQUENCE(CMS_CompressedData)
+ASN1_NDEF_SEQUENCE(CMS_CompressedData)
     = {
           ASN1_EMBED(CMS_CompressedData, version, INT32),
           ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
@@ -346,7 +346,7 @@ ASN1_CHOICE(CMS_ReceiptsFrom) = {
     ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
 } static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
 
-    ASN1_SEQUENCE(CMS_ReceiptRequest)
+ASN1_SEQUENCE(CMS_ReceiptRequest)
     = { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
 
 ASN1_SEQUENCE(CMS_Receipt) = {
@@ -373,7 +373,7 @@ ASN1_SEQUENCE(CMS_SharedInfo) = {
     ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
 } static_ASN1_SEQUENCE_END(CMS_SharedInfo)
 
-    int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
 {
     union {
         CMS_SharedInfo *pecsi;
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
index a77b3304aa47..605c18ab28f2 100644
--- a/crypto/cms/cms_dh.c
+++ b/crypto/cms/cms_dh.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -88,16 +88,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     int keylen, plen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
+    const ASN1_OBJECT *aoid;
+    const void *parameter = NULL;
+    int ptype = 0;
     char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         goto err;
 
+    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
     /*
      * For DH we only have one OID permissible. If ever any more get defined
      * we will need something cleverer.
      */
-    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+    if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
         ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
         goto err;
     }
@@ -106,11 +111,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
         || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
         goto err;
 
-    if (alg->parameter->type != V_ASN1_SEQUENCE)
+    if (ptype != V_ASN1_SEQUENCE)
         goto err;
 
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
+    p = ASN1_STRING_get0_data(parameter);
+    plen = ASN1_STRING_length(parameter);
     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
     if (kekalg == NULL)
         goto err;
diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
index 5b0984f09a60..f0b51f497c30 100644
--- a/crypto/cms/cms_ec.c
+++ b/crypto/cms/cms_ec.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -165,21 +165,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
     int plen, keylen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
+    const ASN1_OBJECT *aoid = NULL;
+    int ptype = 0;
+    const void *parameter = NULL;
+
     char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         return 0;
 
-    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
+    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
         ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
         return 0;
     }
 
-    if (alg->parameter->type != V_ASN1_SEQUENCE)
+    if (ptype != V_ASN1_SEQUENCE)
         return 0;
 
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
+    p = ASN1_STRING_get0_data(parameter);
+    plen = ASN1_STRING_length(parameter);
     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
     if (kekalg == NULL)
         goto err;
diff --git a/crypto/cms/cms_local.h b/crypto/cms/cms_local.h
index dbf71c50ec84..a92a67fa8b24 100644
--- a/crypto/cms/cms_local.h
+++ b/crypto/cms/cms_local.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,8 +37,7 @@ typedef struct CMS_OriginatorPublicKey_st CMS_OriginatorPublicKey;
 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
-typedef struct CMS_KeyAgreeRecipientIdentifier_st
-    CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
index d31e8c5e5573..581e2c29f551 100644
--- a/crypto/cms/cms_rsa.c
+++ b/crypto/cms/cms_rsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
     X509_ALGOR *cmsalg;
     int nid;
     int rv = -1;
-    unsigned char *label = NULL;
+    const unsigned char *label = NULL;
     int labellen = 0;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_OAEP_PARAMS *oaep;
+    const ASN1_OBJECT *aoid;
+    const void *parameter = NULL;
+    int ptype = 0;
 
     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
     if (pkctx == NULL)
@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
         goto err;
 
     if (oaep->pSourceFunc != NULL) {
-        X509_ALGOR *plab = oaep->pSourceFunc;
+        X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
 
-        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+        if (OBJ_obj2nid(aoid) != NID_pSpecified) {
             ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
             goto err;
         }
-        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+        if (ptype != V_ASN1_OCTET_STRING) {
             ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
             goto err;
         }
 
-        label = plab->parameter->value.octet_string->data;
-        /* Stop label being freed when OAEP parameters are freed */
-        plab->parameter->value.octet_string->data = NULL;
-        labellen = plab->parameter->value.octet_string->length;
+        label = ASN1_STRING_get0_data(parameter);
+        labellen = ASN1_STRING_length(parameter);
     }
 
     if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
         goto err;
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
-    if (label != NULL
-        && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
-        OPENSSL_free(label);
-        goto err;
+    if (label != NULL) {
+        unsigned char *dup_label = OPENSSL_memdup(label, labellen);
+
+        if (dup_label == NULL)
+            goto err;
+
+        if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
+            OPENSSL_free(dup_label);
+            goto err;
+        }
     }
     /* Carry on */
     rv = 1;
diff --git a/crypto/cms/cms_smime.c b/crypto/cms/cms_smime.c
index 8f095ecf31a8..b03cfb64c954 100644
--- a/crypto/cms/cms_smime.c
+++ b/crypto/cms/cms_smime.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -467,8 +467,10 @@ err:
     } else {
         if (dcont && (tmpin == dcont))
             do_free_upto(cmsbio, dcont);
-        else
+        else if (cmsbio != NULL)
             BIO_free_all(cmsbio);
+        else
+            BIO_free(tmpin);
     }
 
     if (out != tmpout)
diff --git a/crypto/conf/conf_lib.c b/crypto/conf/conf_lib.c
index 35a64ca627d5..caeb1dce24fd 100644
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -313,7 +313,7 @@ char *NCONF_get_string(const CONF *conf, const char *group, const char *name)
         return NULL;
     }
     ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
-        "group=%s name=%s", group, name);
+        "group=%s name=%s", group != NULL ? group : "", name);
     return NULL;
 }
 
diff --git a/crypto/conf/conf_mod.c b/crypto/conf/conf_mod.c
index 7b6b04edba21..59a9846cc2c5 100644
--- a/crypto/conf/conf_mod.c
+++ b/crypto/conf/conf_mod.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -373,7 +373,7 @@ static CONF_MODULE *module_find(const char *name)
 {
     CONF_MODULE *tmod;
     int i, nchar;
-    char *p;
+    const char *p;
     p = strrchr(name, '.');
 
     if (p)
diff --git a/crypto/des/cfb64ede.c b/crypto/des/cfb64ede.c
index 26613a05fe8a..b73c805f1810 100644
--- a/crypto/des/cfb64ede.c
+++ b/crypto/des/cfb64ede.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -28,7 +28,7 @@ void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 {
     register DES_LONG v0, v1;
     register long l = length;
-    register int n = *num;
+    register int n = *num & 0x07;
     DES_LONG ti[2];
     unsigned char *iv, c, cc;
 
diff --git a/crypto/des/cfb64enc.c b/crypto/des/cfb64enc.c
index 3ddd6819e2ed..c27400a97987 100644
--- a/crypto/des/cfb64enc.c
+++ b/crypto/des/cfb64enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@ void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out,
 {
     register DES_LONG v0, v1;
     register long l = length;
-    register int n = *num;
+    register int n = *num & 0x07;
     DES_LONG ti[2];
     unsigned char *iv, c, cc;
 
diff --git a/crypto/des/ofb64ede.c b/crypto/des/ofb64ede.c
index b0f9f0441cfb..c3bb7d7e1b36 100644
--- a/crypto/des/ofb64ede.c
+++ b/crypto/des/ofb64ede.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@ void DES_ede3_ofb64_encrypt(register const unsigned char *in,
     DES_key_schedule *k3, DES_cblock *ivec, int *num)
 {
     register DES_LONG v0, v1;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     DES_cblock d;
     register char *dp;
diff --git a/crypto/des/ofb64enc.c b/crypto/des/ofb64enc.c
index df4e2077e96c..84b99d9d8ff7 100644
--- a/crypto/des/ofb64enc.c
+++ b/crypto/des/ofb64enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,7 @@ void DES_ofb64_encrypt(register const unsigned char *in,
     DES_key_schedule *schedule, DES_cblock *ivec, int *num)
 {
     register DES_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     DES_cblock d;
     register unsigned char *dp;
diff --git a/crypto/dh/dh_asn1.c b/crypto/dh/dh_asn1.c
index af78e2e84bf8..10bcdd2253f3 100644
--- a/crypto/dh/dh_asn1.c
+++ b/crypto/dh/dh_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -76,7 +76,7 @@ ASN1_SEQUENCE(DHvparams) = {
     ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
 } static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
 
-    ASN1_SEQUENCE(DHxparams)
+ASN1_SEQUENCE(DHxparams)
     = {
           ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
           ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
@@ -85,8 +85,7 @@ ASN1_SEQUENCE(DHvparams) = {
           ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
       } static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
 
-          int_dhx942_dh
-    * d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length);
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length);
 int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx)
diff --git a/crypto/dh/dh_rfc5114.c b/crypto/dh/dh_rfc5114.c
index 366776ce4ee3..67a9198a7071 100644
--- a/crypto/dh/dh_rfc5114.c
+++ b/crypto/dh/dh_rfc5114.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -43,5 +43,5 @@
     }
 
 make_dh(1024_160)
-    make_dh(2048_224)
-        make_dh(2048_256)
+make_dh(2048_224)
+make_dh(2048_256)
diff --git a/crypto/dsa/dsa_asn1.c b/crypto/dsa/dsa_asn1.c
index 3366610a9fdc..9ebc7cc2596d 100644
--- a/crypto/dsa/dsa_asn1.c
+++ b/crypto/dsa/dsa_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,7 +47,7 @@ ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = {
     ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
 } static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
 
-    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
 
 ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
     ASN1_SIMPLE(DSA, params.p, BIGNUM),
@@ -55,7 +55,7 @@ ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
     ASN1_SIMPLE(DSA, params.g, BIGNUM),
 } static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
 
-    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
 
 ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
     ASN1_SIMPLE(DSA, pub_key, BIGNUM),
@@ -64,7 +64,7 @@ ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
     ASN1_SIMPLE(DSA, params.g, BIGNUM)
 } static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
 
-    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
 
 DSA *DSAparams_dup(const DSA *dsa)
 {
diff --git a/crypto/ec/ec_asn1.c b/crypto/ec/ec_asn1.c
index 350392a7393a..936b24ecea51 100644
--- a/crypto/ec/ec_asn1.c
+++ b/crypto/ec/ec_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -104,7 +104,7 @@ ASN1_SEQUENCE(X9_62_PENTANOMIAL) = {
     ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
 } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
 
-    DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
 
 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
@@ -121,7 +121,7 @@ ASN1_SEQUENCE(X9_62_CHARACTERISTIC_TWO) = {
     ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
 } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
 
-    DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
 
 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
@@ -136,10 +136,10 @@ ASN1_SEQUENCE(X9_62_FIELDID) = {
     ASN1_ADB_OBJECT(X9_62_FIELDID)
 } static_ASN1_SEQUENCE_END(X9_62_FIELDID)
 
-    ASN1_SEQUENCE(X9_62_CURVE)
+ASN1_SEQUENCE(X9_62_CURVE)
     = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE)
 
-        ASN1_SEQUENCE(ECPARAMETERS)
+ASN1_SEQUENCE(ECPARAMETERS)
     = { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
@@ -162,7 +162,7 @@ ASN1_SEQUENCE(EC_PRIVATEKEY) = {
     ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
 } static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
 
-    DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
+DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
 IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
 
diff --git a/crypto/ec/ec_check.c b/crypto/ec/ec_check.c
index 426b1550f7a7..fc9be4189692 100644
--- a/crypto/ec/ec_check.c
+++ b/crypto/ec/ec_check.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,7 +50,7 @@ int EC_GROUP_check(const EC_GROUP *group, BN_CTX *ctx)
      * ECC domain parameter validation.
      * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
      */
-    return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
+    return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0;
 #else
     int ret = 0;
     const BIGNUM *order;
diff --git a/crypto/ec/ec_lib.c b/crypto/ec/ec_lib.c
index dba8e92d843b..b59f180c3da8 100644
--- a/crypto/ec/ec_lib.c
+++ b/crypto/ec/ec_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -174,6 +174,8 @@ int EC_GROUP_copy(EC_GROUP *dest, const EC_GROUP *src)
     dest->libctx = src->libctx;
     dest->curve_name = src->curve_name;
 
+    EC_pre_comp_free(dest);
+
     /* Copy precomputed */
     dest->pre_comp_type = src->pre_comp_type;
     switch (src->pre_comp_type) {
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 4884e1fee74f..4f7154668d79 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,6 +40,7 @@
 #include "crypto/cmperr.h"
 #include "crypto/cterr.h"
 #include "crypto/asyncerr.h"
+#include "crypto/sm2err.h"
 #include "crypto/storeerr.h"
 #include "crypto/esserr.h"
 #include "internal/propertyerr.h"
@@ -102,6 +103,9 @@ int ossl_err_load_crypto_strings(void)
 #endif
         || ossl_err_load_ESS_strings() == 0
         || ossl_err_load_ASYNC_strings() == 0
+#ifndef OPENSSL_NO_SM2
+        || ossl_err_load_SM2_strings() == 0
+#endif
         || ossl_err_load_OSSL_STORE_strings() == 0
         || ossl_err_load_PROP_strings() == 0
         || ossl_err_load_PROV_strings() == 0
diff --git a/crypto/ess/ess_asn1.c b/crypto/ess/ess_asn1.c
index 297f2cead02a..d02076fabc5a 100644
--- a/crypto/ess/ess_asn1.c
+++ b/crypto/ess/ess_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,7 +21,7 @@ ASN1_SEQUENCE(ESS_ISSUER_SERIAL) = {
     ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
 } static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
 
-    IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
 
 ASN1_SEQUENCE(ESS_CERT_ID) = {
@@ -29,7 +29,7 @@ ASN1_SEQUENCE(ESS_CERT_ID) = {
     ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
 } static_ASN1_SEQUENCE_END(ESS_CERT_ID)
 
-    IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
 
 ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
@@ -46,7 +46,7 @@ ASN1_SEQUENCE(ESS_CERT_ID_V2) = {
     ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
 } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
 
-    IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
 
 ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
diff --git a/crypto/evp/digest.c b/crypto/evp/digest.c
index 876dcefa69c9..c81cb5a42400 100644
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -792,8 +792,9 @@ const OSSL_PARAM *EVP_MD_CTX_gettable_params(EVP_MD_CTX *ctx)
     if (pctx != NULL
         && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
             || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-        && pctx->op.sig.algctx != NULL
-        && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+        && pctx->op.sig.signature != NULL
+        && pctx->op.sig.signature->gettable_ctx_md_params != NULL
+        && pctx->op.sig.algctx != NULL)
         return pctx->op.sig.signature->gettable_ctx_md_params(
             pctx->op.sig.algctx);
 
diff --git a/crypto/evp/e_aes.c b/crypto/evp/e_aes.c
index ccd0e4284b27..f7b6ffbb43c1 100644
--- a/crypto/evp/e_aes.c
+++ b/crypto/evp/e_aes.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2307,14 +2307,14 @@ static int s390x_aes_ocb_ctrl(EVP_CIPHER_CTX *, int type, int arg, void *ptr);
 
 #endif
 
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                                          \
-    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)               \
-        BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)            \
-            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)     \
-                BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
-                    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                           \
-                        BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                       \
-                            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                              \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)    \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
@@ -2553,10 +2553,10 @@ static int aes_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 
 BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
-    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
-        BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
 
-            static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c);
     if (gctx == NULL)
@@ -3090,12 +3090,12 @@ static int aes_gcm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
     EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
-        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-        BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
-            EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 
-            static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
 
@@ -3274,9 +3274,9 @@ static int aes_xts_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
 
-        static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c);
     switch (type) {
@@ -3546,12 +3546,12 @@ static int aes_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
     EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
-        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-        BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
-            EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 
-            typedef struct {
+typedef struct {
     union {
         OSSL_UNION_ALIGN;
         AES_KEY ks;
@@ -4034,8 +4034,8 @@ static int aes_ocb_cleanup(EVP_CIPHER_CTX *c)
 
 BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
     EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
-        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-        BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
-            EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 #endif /* OPENSSL_NO_OCB */
diff --git a/crypto/evp/e_aria.c b/crypto/evp/e_aria.c
index 724e57fd2065..4bfb10926659 100644
--- a/crypto/evp/e_aria.c
+++ b/crypto/evp/e_aria.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -194,13 +194,13 @@ static int aria_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 
 BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
-    BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
-        BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
 
-    /* Authenticated cipher modes (GCM/CCM) */
+/* Authenticated cipher modes (GCM/CCM) */
 
-    /* increment counter (64-bit int) by 1 */
-    static void ctr64_inc(unsigned char *counter)
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
 {
     int n = 8;
     unsigned char c;
@@ -782,11 +782,11 @@ static int aria_ccm_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
     }
 
 BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, gcm, gcm, GCM, 0)
-    BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
-        BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, gcm, gcm, GCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, gcm, gcm, GCM, 0)
 
-            BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
-                BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
-                    BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 128, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 192, 1, 12, ccm, ccm, CCM, 0)
+BLOCK_CIPHER_aead(NID_aria, 256, 1, 12, ccm, ccm, CCM, 0)
 
 #endif
diff --git a/crypto/evp/e_camellia.c b/crypto/evp/e_camellia.c
index c994bb395d8f..babc4f18f3be 100644
--- a/crypto/evp/e_camellia.c
+++ b/crypto/evp/e_camellia.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -183,14 +183,14 @@ static int cmll_t4_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 
 #endif
 
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                                          \
-    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)               \
-        BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)            \
-            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)     \
-                BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
-                    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                           \
-                        BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                       \
-                            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                              \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)    \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
 
 /* The subkey for Camellia is generated. */
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -347,5 +347,5 @@ static int camellia_ctr_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
 }
 
 BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
-    BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
-        BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
diff --git a/crypto/evp/e_des.c b/crypto/evp/e_des.c
index 71c24353ed3e..8c31b51154e1 100644
--- a/crypto/evp/e_des.c
+++ b/crypto/evp/e_des.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -196,16 +196,16 @@ BLOCK_CIPHER_defs(des, EVP_DES_KEY, NID_des, 8, 8, 8, 64,
     EVP_CIPH_RAND_KEY, des_init_key, NULL,
     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
 
-    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
-        EVP_CIPH_RAND_KEY, des_init_key, NULL,
-        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+    EVP_CIPH_RAND_KEY, des_init_key, NULL,
+    EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
 
-        BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
-            EVP_CIPH_RAND_KEY, des_init_key, NULL,
-            EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+    EVP_CIPH_RAND_KEY, des_init_key, NULL,
+    EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
 
-            static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                const unsigned char *iv, int enc)
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
 {
     DES_cblock *deskey = (DES_cblock *)key;
     EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
diff --git a/crypto/evp/e_des3.c b/crypto/evp/e_des3.c
index b30489d5e0e6..2df6eaf2c2ca 100644
--- a/crypto/evp/e_des3.c
+++ b/crypto/evp/e_des3.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -209,20 +209,20 @@ BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64,
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
-    BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-        EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-        des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+    EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
-        BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
-            EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-            des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+    EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
-            BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
-                EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-                des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+    EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
-                static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                    const unsigned char *iv, int enc)
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
 {
     DES_cblock *deskey = (DES_cblock *)key;
     DES_EDE_KEY *dat = data(ctx);
diff --git a/crypto/evp/e_idea.c b/crypto/evp/e_idea.c
index 0371094fe3bb..6f4f05842f87 100644
--- a/crypto/evp/e_idea.c
+++ b/crypto/evp/e_idea.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -54,8 +54,8 @@ BLOCK_CIPHER_func_cbc(idea, IDEA, EVP_IDEA_KEY, ks)
                 0, idea_init_key, NULL,
                 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
-                static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                    const unsigned char *iv, int enc)
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
 {
     if (!enc) {
         if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 2bb53561e48c..bd370e37252e 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -651,6 +651,11 @@ int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     size_t soutl, inl_ = (size_t)inl;
     int blocksize;
 
+    if (inl < 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+        return 0;
+    }
+
     if (outl != NULL) {
         *outl = 0;
     } else {
@@ -800,6 +805,11 @@ int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl,
     size_t soutl, inl_ = (size_t)inl;
     int blocksize;
 
+    if (inl < 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+        return 0;
+    }
+
     if (outl != NULL) {
         *outl = 0;
     } else {
diff --git a/crypto/http/http_client.c b/crypto/http/http_client.c
index 6ff8a92c0e92..615df58a80a2 100644
--- a/crypto/http/http_client.c
+++ b/crypto/http/http_client.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -1329,7 +1329,11 @@ int OSSL_HTTP_proxy_connect(BIO *bio, const char *server, const char *port,
     }
     BIO_push(fbio, bio);
 
-    BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
+    /* Add square brackets around a naked IPv6 address */
+    if (server[0] != '[' && strchr(server, ':') != NULL)
+        BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
+    else
+        BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
 
     /*
      * Workaround for broken proxies which would otherwise close
diff --git a/crypto/http/http_lib.c b/crypto/http/http_lib.c
index 171cbb1b47a5..8a5f1e3f32b1 100644
--- a/crypto/http/http_lib.c
+++ b/crypto/http/http_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -55,6 +55,7 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
     char **ppath, char **pquery, char **pfrag)
 {
     const char *p, *tmp;
+    const char *authority_end;
     const char *scheme, *scheme_end;
     const char *user, *user_end;
     const char *host, *host_end;
@@ -92,7 +93,10 @@ int OSSL_parse_url(const char *url, char **pscheme, char **puser, char **phost,
 
     /* parse optional "userinfo@" */
     user = user_end = host = p;
-    host = strchr(p, '@');
+    authority_end = strpbrk(p, "/?#");
+    if (authority_end == NULL)
+        authority_end = p + strlen(p);
+    host = memchr(p, '@', authority_end - p);
     if (host != NULL)
         user_end = host++;
     else
diff --git a/crypto/idea/i_cfb64.c b/crypto/idea/i_cfb64.c
index c8ed3853285a..9e95ed7323fe 100644
--- a/crypto/idea/i_cfb64.c
+++ b/crypto/idea/i_cfb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,6 +37,7 @@ void IDEA_cfb64_encrypt(const unsigned char *in, unsigned char *out,
         *num = -1;
         return;
     }
+    n = n & 0x07;
 
     iv = (unsigned char *)ivec;
     if (encrypt) {
diff --git a/crypto/idea/i_ofb64.c b/crypto/idea/i_ofb64.c
index afa6a960d4ed..64f8469abc60 100644
--- a/crypto/idea/i_ofb64.c
+++ b/crypto/idea/i_ofb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,6 +39,7 @@ void IDEA_ofb64_encrypt(const unsigned char *in, unsigned char *out,
         *num = -1;
         return;
     }
+    n = n & 0x07;
 
     iv = (unsigned char *)ivec;
     n2l(iv, v0);
diff --git a/crypto/init.c b/crypto/init.c
index f6d31a962826..4a8e300cc987 100644
--- a/crypto/init.c
+++ b/crypto/init.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -244,27 +244,24 @@ DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_add_all_digests,
 }
 
 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
-static int config_inited = 0;
 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
 {
     int ret = ossl_config_int(NULL);
 
-    config_inited = 1;
     return ret;
 }
 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
 {
     int ret = ossl_config_int(conf_settings);
 
-    config_inited = 1;
     return ret;
 }
 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
 {
     OSSL_TRACE(INIT, "ossl_no_config_int()\n");
     ossl_no_config_int();
-    config_inited = 1;
+
     return 1;
 }
 
diff --git a/crypto/modes/asm/ghash-armv4.pl b/crypto/modes/asm/ghash-armv4.pl
index 044f86f143f9..4ab6d8cb2b42 100644
--- a/crypto/modes/asm/ghash-armv4.pl
+++ b/crypto/modes/asm/ghash-armv4.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -55,7 +55,7 @@
 # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
 # Polynomial Multiplication on ARM Processors using the NEON Engine.
 #
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
 
 # ====================================================================
 # Note about "528B" variant. In ARM case it makes lesser sense to
diff --git a/crypto/o_str.c b/crypto/o_str.c
index d7090acef45b..c55b4236bbbe 100644
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -236,6 +236,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
     int has_sep = (sep != CH_ZERO);
     size_t len = has_sep ? buflen * 3 : 1 + buflen * 2;
 
+    if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
+        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+        return 0;
+    }
+
     if (len == 0)
         ++len;
     if (strlength != NULL)
@@ -277,10 +282,18 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
     char *tmp;
     size_t tmp_n;
 
+    if (buflen < 0)
+        return NULL;
     if (buflen == 0)
         return OPENSSL_zalloc(1);
 
-    tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
+    if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
+        || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
+        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+        return NULL;
+    }
+
+    tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
     if ((tmp = OPENSSL_malloc(tmp_n)) == NULL) {
         ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
         return NULL;
diff --git a/crypto/param_build.c b/crypto/param_build.c
index d0a1113c72f1..a3acc93a6d6f 100644
--- a/crypto/param_build.c
+++ b/crypto/param_build.c
@@ -121,12 +121,22 @@ void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld)
 
 int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
     unsigned int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
 int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
     long int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
     unsigned long int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
 int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
     int32_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
     uint32_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
 int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
     int64_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
     uint64_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
 int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
     size_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
 int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
     time_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_INTEGER);
 }
@@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
 int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
     double num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
 }
 
@@ -203,6 +258,11 @@ int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
     int n, secure = 0;
     OSSL_PARAM_BLD_DEF *pd;
 
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bn != NULL) {
         if (BN_is_negative(bn)) {
             ERR_raise_data(ERR_LIB_CRYPTO, ERR_R_UNSUPPORTED,
@@ -239,6 +299,11 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key,
     OSSL_PARAM_BLD_DEF *pd;
     int secure;
 
+    if (bld == NULL || key == NULL || buf == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bsize == 0)
         bsize = strlen(buf);
     if (bsize > INT_MAX) {
@@ -258,6 +323,11 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key,
 {
     OSSL_PARAM_BLD_DEF *pd;
 
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bsize == 0)
         bsize = strlen(buf);
     if (bsize > INT_MAX) {
@@ -277,6 +347,11 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key,
     OSSL_PARAM_BLD_DEF *pd;
     int secure;
 
+    if (bld == NULL || key == NULL || buf == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bsize > INT_MAX) {
         ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
         return 0;
@@ -294,6 +369,11 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key,
 {
     OSSL_PARAM_BLD_DEF *pd;
 
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bsize > INT_MAX) {
         ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_STRING_TOO_LONG);
         return 0;
@@ -359,10 +439,18 @@ OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld)
 {
     OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
     OSSL_PARAM *params, *last;
-    const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
-    const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
-    const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
-    const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
+    int num;
+    size_t p_blks, total, ss;
+
+    if (bld == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
+    p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
+    total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
+    ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
 
     if (ss > 0) {
         s = OPENSSL_secure_malloc(ss);
diff --git a/crypto/perlasm/x86_64-xlate.pl b/crypto/perlasm/x86_64-xlate.pl
index b2bf96cef01e..dfa644b66874 100755
--- a/crypto/perlasm/x86_64-xlate.pl
+++ b/crypto/perlasm/x86_64-xlate.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -585,8 +585,7 @@ my %globals;
 	);
 
     # Following constants are defined in x86_64 ABI supplement, for
-    # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
-    # see section 3.7 "Stack Unwind Algorithm".
+    # example available at https://gitlab.com/x86-psABIs/x86-64-ABI.
     my %DW_reg_idx = (
 	"%rax"=>0,  "%rdx"=>1,  "%rcx"=>2,  "%rbx"=>3,
 	"%rsi"=>4,  "%rdi"=>5,  "%rbp"=>6,  "%rsp"=>7,
diff --git a/crypto/pkcs12/p12_utl.c b/crypto/pkcs12/p12_utl.c
index 0943f2efd17c..177de3615b74 100644
--- a/crypto/pkcs12/p12_utl.c
+++ b/crypto/pkcs12/p12_utl.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -179,7 +179,7 @@ static int bmp_to_utf8(char *str, const unsigned char *utf16, int len)
         utf32chr += 0x10000;
     }
 
-    return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+    return UTF8_putc((unsigned char *)str, 4, utf32chr);
 }
 
 char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
diff --git a/crypto/pkcs7/pk7_doit.c b/crypto/pkcs7/pk7_doit.c
index a38e8a38c6df..ad8902f7dd13 100644
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@@ -792,6 +792,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         break;
     case NID_pkcs7_signed:
         si_sk = p7->d.sign->signer_info;
+        if (p7->d.sign->contents == NULL) {
+            ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+            goto err;
+        }
         os = PKCS7_get_octet_string(p7->d.sign->contents);
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
@@ -802,6 +806,10 @@ int PKCS7_dataFinal(PKCS7 *p7, BIO *bio)
         break;
 
     case NID_pkcs7_digest:
+        if (p7->d.digest->contents == NULL) {
+            ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+            goto err;
+        }
         os = PKCS7_get_octet_string(p7->d.digest->contents);
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
diff --git a/crypto/pkcs7/pk7_lib.c b/crypto/pkcs7/pk7_lib.c
index d65fc592a4a8..d0fb6589b178 100644
--- a/crypto/pkcs7/pk7_lib.c
+++ b/crypto/pkcs7/pk7_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -48,7 +48,8 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg)
         break;
     case PKCS7_OP_GET_DETACHED_SIGNATURE:
         if (nid == NID_pkcs7_signed) {
-            if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
+            if (p7->d.sign == NULL || p7->d.sign->contents == NULL
+                || p7->d.sign->contents->d.ptr == NULL)
                 ret = 1;
             else
                 ret = 0;
@@ -737,6 +738,10 @@ int PKCS7_stream(unsigned char ***boundary, PKCS7 *p7)
         break;
 
     case NID_pkcs7_signed:
+        if (p7->d.sign == NULL || p7->d.sign->contents == NULL) {
+            ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+            break;
+        }
         os = p7->d.sign->contents->d.data;
         break;
 
diff --git a/crypto/punycode.c b/crypto/punycode.c
index fcd488431f82..1e7635bf110c 100644
--- a/crypto/punycode.c
+++ b/crypto/punycode.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -276,7 +276,7 @@ int ossl_a2ulabel(const char *in, char *out, size_t *outlen)
     while (0)
 
     while (1) {
-        char *tmpptr = strchr(inptr, '.');
+        const char *tmpptr = strchr(inptr, '.');
         size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
 
         if (strncmp(inptr, "xn--", 4) != 0) {
diff --git a/crypto/rand/rand_egd.c b/crypto/rand/rand_egd.c
index ba8aa34dc204..aeb9bd0d2384 100644
--- a/crypto/rand/rand_egd.c
+++ b/crypto/rand/rand_egd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -108,10 +108,13 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 {
     FILE *fp = NULL;
     struct sockaddr_un addr;
-    int mybuffer, ret = -1, i, numbytes, fd;
+    int mybuffer, ret = -1, i, numbytes, fd = -1;
     unsigned char tempbuf[255];
+#if defined(OPENSSL_SYS_TANDEM)
+    int hpns_connect_attempt = 0;
+#endif
 
-    if (bytes > (int)sizeof(tempbuf))
+    if (bytes <= 0 || bytes > (int)sizeof(tempbuf))
         return -1;
 
     /* Make socket. */
@@ -126,9 +129,8 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 #else
     fd = socket(AF_UNIX, SOCK_STREAM, 0);
 #endif
-    if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+    if (fd == -1)
         return -1;
-    setbuf(fp, NULL);
 
     /* Try to connect */
     for (;;) {
@@ -171,6 +173,14 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
         }
     }
 
+    /* Create stream only after a successful connect to avoid stale FILE* on fd swap. */
+    fp = fdopen(fd, "r+");
+    if (fp == NULL) {
+        close(fd);
+        return -1;
+    }
+    setbuf(fp, NULL);
+
     /* Make request, see how many bytes we can get back. */
     tempbuf[0] = 1;
     tempbuf[1] = bytes;
@@ -180,6 +190,9 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
         goto err;
     numbytes = tempbuf[0];
 
+    if (numbytes <= 0 || numbytes > bytes || numbytes > (int)sizeof(tempbuf))
+        goto err;
+
     /* Which buffer are we using? */
     mybuffer = buf == NULL;
     if (mybuffer)
@@ -196,6 +209,8 @@ int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes)
 err:
     if (fp != NULL)
         fclose(fp);
+    else if (fd != -1)
+        close(fd);
     return ret;
 }
 
diff --git a/crypto/rc2/rc2cfb64.c b/crypto/rc2/rc2cfb64.c
index ccc69fa6bf8d..0ee6061486d2 100644
--- a/crypto/rc2/rc2cfb64.c
+++ b/crypto/rc2/rc2cfb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@ void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/rc2/rc2ofb64.c b/crypto/rc2/rc2ofb64.c
index b659b72a1005..fdc025bbd8f1 100644
--- a/crypto/rc2/rc2ofb64.c
+++ b/crypto/rc2/rc2ofb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@ void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/rc5/rc5cfb64.c b/crypto/rc5/rc5cfb64.c
index f2f4b9bdfb3b..a7c447f681d3 100644
--- a/crypto/rc5/rc5cfb64.c
+++ b/crypto/rc5/rc5cfb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@ void RC5_32_cfb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff --git a/crypto/rc5/rc5ofb64.c b/crypto/rc5/rc5ofb64.c
index 30487521f22f..5217303a28d2 100644
--- a/crypto/rc5/rc5ofb64.c
+++ b/crypto/rc5/rc5ofb64.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@ void RC5_32_ofb64_encrypt(const unsigned char *in, unsigned char *out,
     unsigned char *ivec, int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff --git a/crypto/sha/asm/keccak1600-s390x.pl b/crypto/sha/asm/keccak1600-s390x.pl
index 86233c7e38f2..983327445b88 100755
--- a/crypto/sha/asm/keccak1600-s390x.pl
+++ b/crypto/sha/asm/keccak1600-s390x.pl
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,7 @@ my @rhotates = ([  0,  1, 62, 28, 27 ],
 
 $code.=<<___;
 .text
+.machine	"z10"
 
 .type	__KeccakF1600,\@function
 .align	32
diff --git a/crypto/ts/ts_asn1.c b/crypto/ts/ts_asn1.c
index 93a741d04d74..494e4e69d710 100644
--- a/crypto/ts/ts_asn1.c
+++ b/crypto/ts/ts_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,7 @@ ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
     ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
 {
@@ -51,7 +51,7 @@ ASN1_SEQUENCE(TS_REQ) = {
     ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
 } static_ASN1_SEQUENCE_END(TS_REQ)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
+IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
 TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
 {
@@ -80,7 +80,7 @@ ASN1_SEQUENCE(TS_ACCURACY) = {
     ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
 } static_ASN1_SEQUENCE_END(TS_ACCURACY)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
 
 ASN1_SEQUENCE(TS_TST_INFO) = {
@@ -96,7 +96,7 @@ ASN1_SEQUENCE(TS_TST_INFO) = {
     ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
 } static_ASN1_SEQUENCE_END(TS_TST_INFO)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
 TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
 {
@@ -127,7 +127,7 @@ ASN1_SEQUENCE(TS_STATUS_INFO) = {
     ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
 } static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
 
 static int ts_resp_set_tst_info(TS_RESP *a)
@@ -175,7 +175,7 @@ ASN1_SEQUENCE_cb(TS_RESP, ts_resp_cb) = {
     ASN1_OPT(TS_RESP, token, PKCS7),
 } static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
+IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
 
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
 
diff --git a/crypto/x509/pcy_tree.c b/crypto/x509/pcy_tree.c
index 2fcf8cec3dac..e1dc87088a73 100644
--- a/crypto/x509/pcy_tree.c
+++ b/crypto/x509/pcy_tree.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -679,8 +679,10 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
     } else {
         *pexplicit_policy = 1;
         /* Tree empty and requireExplicit True: Error */
-        if (init_ret & X509_PCY_TREE_EMPTY)
+        if (init_ret & X509_PCY_TREE_EMPTY) {
+            X509_policy_tree_free(tree);
             return X509_PCY_TREE_FAILURE;
+        }
     }
 
     ret = tree_evaluate(tree);
@@ -705,13 +707,15 @@ int X509_policy_check(X509_POLICY_TREE **ptree, int *pexplicit_policy,
     if (!ret)
         goto error;
 
-    *ptree = tree;
-
     if (init_ret & X509_PCY_TREE_EXPLICIT) {
         nodes = X509_policy_tree_get0_user_policies(tree);
-        if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+        if (sk_X509_POLICY_NODE_num(nodes) <= 0) {
+            X509_policy_tree_free(tree);
             return X509_PCY_TREE_FAILURE;
+        }
     }
+
+    *ptree = tree;
     return X509_PCY_TREE_VALID;
 
 error:
diff --git a/crypto/x509/v3_cpols.c b/crypto/x509/v3_cpols.c
index f2437a9b728d..89dd0f862591 100644
--- a/crypto/x509/v3_cpols.c
+++ b/crypto/x509/v3_cpols.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -245,7 +245,7 @@ err:
 
 static int displaytext_get_tag_len(const char *tagstr)
 {
-    char *colon = strchr(tagstr, ':');
+    const char *colon = strchr(tagstr, ':');
 
     return (colon == NULL) ? -1 : colon - tagstr;
 }
diff --git a/crypto/x509/v3_prn.c b/crypto/x509/v3_prn.c
index 088cffed69f0..1992344d85be 100644
--- a/crypto/x509/v3_prn.c
+++ b/crypto/x509/v3_prn.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -191,9 +191,9 @@ static int unknown_ext_print(BIO *out, const unsigned char *ext, int extlen,
         return 1;
 
     case X509V3_EXT_PARSE_UNKNOWN:
-        return ASN1_parse_dump(out, ext, extlen, indent, -1);
+        return ASN1_parse_dump(out, ext, extlen, indent, -1) > 0;
     case X509V3_EXT_DUMP_UNKNOWN:
-        return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+        return BIO_dump_indent(out, (const char *)ext, extlen, indent) > 0;
 
     default:
         return 1;
diff --git a/crypto/x509/v3_san.c b/crypto/x509/v3_san.c
index 60dcd4f16a9c..eda121968dd4 100644
--- a/crypto/x509/v3_san.c
+++ b/crypto/x509/v3_san.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -633,7 +633,8 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
 
 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
-    char *objtmp = NULL, *p;
+    char *objtmp = NULL;
+    const char *p;
     int objlen;
 
     if ((p = strchr(value, ';')) == NULL)
diff --git a/crypto/x509/v3_utl.c b/crypto/x509/v3_utl.c
index 41311fc823de..4e9d16db0dc8 100644
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@@ -1120,15 +1120,16 @@ ASN1_OCTET_STRING *a2i_IPADDRESS_NC(const char *ipasc)
     ASN1_OCTET_STRING *ret = NULL;
     unsigned char ipout[32];
     char *iptmp = NULL, *p;
+    const char *slash;
     int iplen1, iplen2;
 
-    p = strchr(ipasc, '/');
-    if (p == NULL)
+    slash = strchr(ipasc, '/');
+    if (slash == NULL)
         return NULL;
     iptmp = OPENSSL_strdup(ipasc);
     if (iptmp == NULL)
         return NULL;
-    p = iptmp + (p - ipasc);
+    p = iptmp + (slash - ipasc);
     *p++ = 0;
 
     iplen1 = ossl_a2i_ipadd(ipout, iptmp);
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 1f1fe26b98c7..55c156abf685 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -993,6 +993,7 @@ static int check_cert(X509_STORE_CTX *ctx)
                 goto done;
         }
 
+        ctx->current_crl = NULL;
         X509_CRL_free(crl);
         X509_CRL_free(dcrl);
         crl = NULL;
@@ -1176,6 +1177,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
         return 0;
     /* Delta CRL number must exceed full CRL number */
+    if (delta->crl_number == NULL)
+        return 0;
     return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
 }
 
@@ -2813,7 +2816,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
             if (matched || dane->mdpth < 0) {
                 dane->mdpth = depth;
                 dane->mtlsa = t;
-                OPENSSL_free(dane->mcert);
+                X509_free(dane->mcert);
                 dane->mcert = cert;
                 X509_up_ref(cert);
             }
diff --git a/crypto/x509/x_pubkey.c b/crypto/x509/x_pubkey.c
index 04942a7e7beb..61cfa0210661 100644
--- a/crypto/x509/x_pubkey.c
+++ b/crypto/x509/x_pubkey.c
@@ -65,8 +65,8 @@ ASN1_SEQUENCE(X509_PUBKEY_INTERNAL) = {
     ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
 
-                                          X509_PUBKEY
-    * ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
+X509_PUBKEY
+*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
 {
     X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
 
diff --git a/doc/man1/CA.pl.pod b/doc/man1/CA.pl.pod
index e05775cdca66..14f486cb231a 100644
--- a/doc/man1/CA.pl.pod
+++ b/doc/man1/CA.pl.pod
@@ -104,7 +104,7 @@ If there is an additional argument on the command line it will be used as the
 list box), otherwise the name "My Certificate" is used.
 Delegates work to L<openssl-pkcs12(1)>.
 
-=item B<-sign>, B<-signcert>, B<-xsign>
+=item B<-sign>, B<-xsign>
 
 Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the
 request to be in the file F<newreq.pem>. The new certificate is written to the
@@ -189,7 +189,7 @@ L<config(5)>
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-ciphers.pod.in b/doc/man1/openssl-ciphers.pod.in
index 658730ec5382..423094cc42ae 100644
--- a/doc/man1/openssl-ciphers.pod.in
+++ b/doc/man1/openssl-ciphers.pod.in
@@ -117,16 +117,16 @@ Commas or spaces are also acceptable separators but colons are normally used.
 
 The actual cipher string can take several different forms.
 
-It can consist of a single cipher suite such as B<RC4-SHA>.
+It can consist of a single cipher suite such as B<AES256-SHA>.
 
 It can represent a list of cipher suites containing a certain algorithm, or
-cipher suites of a certain type. For example B<SHA1> represents all ciphers
-suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
-algorithms.
+cipher suites of a certain type. For example B<SHA256> represents all cipher
+suites using the digest algorithm SHA256 and B<TLSv1.2> represents all
+cipher suites introduced in TLS v.1.2.
 
 Lists of cipher suites can be combined in a single cipher string using the
 B<+> character. This is used as a logical B<and> operation. For example
-B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+B<SHA256+AES> represents all cipher suites using the SHA256 B<and> the AES
 algorithms.
 
 Each cipher string can be optionally preceded by the characters B<!>,
@@ -157,7 +157,7 @@ See L<SSL_CTX_set_security_level(3)> for a description of what each level means.
 The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
 the default cipher list as defined below.  Unlike cipher strings,
 this prefix may not be combined with other strings using B<+> character.
-For example, B<DEFAULT+DES> is not valid.
+For example, B<DEFAULT+AES> is not valid.
 
 The content of the default list is determined at compile time and normally
 corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
@@ -170,11 +170,12 @@ The following is a list of all permitted cipher strings and their meanings.
 
 =item B<COMPLEMENTOFDEFAULT>
 
-The ciphers included in B<ALL>, but not enabled by default. Currently
-this includes all RC4 and anonymous ciphers. Note that this rule does
-not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
-necessary). Note that RC4 based cipher suites are not built into OpenSSL by
-default (see the enable-weak-ssl-ciphers option to Configure).
+The cipher suites included in B<ALL>, but not enabled by default. The default
+cipher suite list provides strong security and reasonable interoperability.
+A cipher suite can be not included in the default list for different reasons:
+because it is weak, or not "mature" enough, or not widely used, etc.
+Note that this rule does not cover B<eNULL>, which is not included by B<ALL>
+(use B<COMPLEMENTOFALL> if necessary).
 
 =item B<ALL>
 
@@ -202,6 +203,10 @@ encryption.
 encryption algorithms but excluding export cipher suites.  All these
 cipher suites have been removed as of OpenSSL 1.1.0.
 
+=item B<FIPS>
+
+Cipher suites permitted in FIPS mode.
+
 =item B<eNULL>, B<NULL>
 
 The "NULL" ciphers that is those offering no encryption. Because these offer no
@@ -224,14 +229,8 @@ When in doubt, include B<!aNULL> in your cipherlist.
 
 =item B<kRSA>, B<aRSA>, B<RSA>
 
-Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
-B<kRSA>.
-
-=item B<kDHr>, B<kDHd>, B<kDH>
-
-Cipher suites using static DH key agreement and DH certificates signed by CAs
-with RSA and DSS keys or either respectively.
-All these cipher suites have been removed in OpenSSL 1.1.0.
+Cipher suites using RSA key exchange, RSA authentication, or both of them
+respectively.
 
 =item B<kDHE>, B<kEDH>, B<DH>
 
@@ -264,12 +263,6 @@ Anonymous Elliptic Curve Diffie-Hellman cipher suites.
 
 Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
 
-=item B<aDH>
-
-Cipher suites effectively using DH authentication, i.e. the certificates carry
-DH keys.
-All these cipher suites have been removed in OpenSSL 1.1.0.
-
 =item B<aECDSA>, B<ECDSA>
 
 Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
@@ -277,8 +270,7 @@ keys.
 
 =item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3>
 
-Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or
-SSL v3.0 respectively.
+Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively.
 Note: there are no cipher suites specific to TLS v1.1.
 Since this is only the minimum version, if, for example, TLSv1.0 is negotiated
 then both TLSv1.0 and SSLv3.0 cipher suites are available.
@@ -302,10 +294,13 @@ cipher suites are only supported in TLS v1.2. B<AESCCM> references CCM
 cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
 while B<AESCCM8> only references 8 octet ICV.
 
-=item B<ARIA128>, B<ARIA256>, B<ARIA>
+=item B<ARIA128>, B<ARIA256>
+
+Cipher suites using 128 bit ARIA or 256 bit ARIA respectively.
 
-Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit
-ARIA.
+=item B<ARIA>, B<ARIAGCM>
+
+Cipher suites using either 128 or 256 bit ARIA.
 
 =item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
 
@@ -355,24 +350,46 @@ Cipher suites using SHA256 or SHA384.
 
 =item B<aGOST>
 
-Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
+Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication
 (needs an engine supporting GOST algorithms).
 
 =item B<aGOST01>
 
-Cipher suites using GOST R 34.10-2001 authentication.
+Cipher suites that can be uses with GOST R 34.10-2001 keys for authentication.
+
+=item B<aGOST12>
+
+Cipher suites that can be used with GOST R 34.10-2012 keys for authentication.
 
 =item B<kGOST>
 
-Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+Cipher suites using VKO 34.10 key exchange and key wrap specified in the
+RFC 4357 or RFC 7836.
+
+=item B<kGOST18>
+
+Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and
+KExp15 key export specified in the RFC 9189.
 
 =item B<GOST94>
 
 Cipher suites, using HMAC based on GOST R 34.11-94.
 
+=item B<GOST12>
+
+Cipher suites, using HMAC based on GOST R 34.11-2012 256 bits.
+
 =item B<GOST89MAC>
 
-Cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes A.
+
+=item B<GOST89MAC12>
+
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes Z.
+
+=item B<GOST89>
+
+Cipher suites using any GOST cipher (GOST 28147-89, Magma or Kuznyechik).
 
 =item B<PSK>
 
@@ -387,6 +404,14 @@ Cipher suites using PSK key exchange, ECDHE_PSK, DHE_PSK or RSA_PSK.
 Cipher suites using PSK authentication (currently all PSK modes apart from
 RSA_PSK).
 
+=item B<kSRP>, B<SRP>
+
+Cipher suites using SRP key exchange.
+
+=item B<aSRP>
+
+Cipher suites using SRP authentication.
+
 =item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
 
 Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
@@ -418,310 +443,398 @@ relevant specification and their OpenSSL equivalents. It should be noted,
 that several cipher suite names do not include the authentication used,
 e.g. DES-CBC3-SHA. In these cases, RSA authentication is used.
 
-=head2 SSL v3.0 cipher suites
-
- SSL_RSA_WITH_NULL_MD5                   NULL-MD5
- SSL_RSA_WITH_NULL_SHA                   NULL-SHA
- SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
- SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
-
- SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-
- SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
-
-=head2 TLS v1.0 cipher suites
-
- TLS_RSA_WITH_NULL_MD5                   NULL-MD5
- TLS_RSA_WITH_NULL_SHA                   NULL-SHA
- TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
- TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
-
- TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-
-=head2 AES cipher suites from RFC3268, extending TLS v1.0
-
- TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
- TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
- TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
- TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
-
-=head2 Camellia cipher suites from RFC4132, extending TLS v1.0
-
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
-
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
-
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
+=head2 AES cipher suites for  TLS v1.2
 
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256            ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_128_CBC_SHA               ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256            ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256            ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA               ADH-AES256-SHA
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384            ADH-AES256-GCM-SHA384
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256            DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA               DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256            DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256            DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA               DHE-DSS-AES256-SHA
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384            DHE-DSS-AES256-GCM-SHA384
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256            DHE-PSK-AES128-CBC-SHA256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA               DHE-PSK-AES128-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8                 DHE-PSK-AES128-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CCM                   DHE-PSK-AES128-CCM
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256            DHE-PSK-AES128-GCM-SHA256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384            DHE-PSK-AES256-CBC-SHA384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA               DHE-PSK-AES256-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_256_CCM_8                 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_256_CCM                   DHE-PSK-AES256-CCM
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384            DHE-PSK-AES256-GCM-SHA384
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256            DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA               DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_128_CCM_8                 DHE-RSA-AES128-CCM8
+ TLS_DHE_RSA_WITH_AES_128_CCM                   DHE-RSA-AES128-CCM
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256            DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256            DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA               DHE-RSA-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_256_CCM_8                 DHE-RSA-AES256-CCM8
+ TLS_DHE_RSA_WITH_AES_256_CCM                   DHE-RSA-AES256-CCM
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384            DHE-RSA-AES256-GCM-SHA384
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA             AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_128_CCM_8               AECDH-AES128-CCM8
+ TLS_ECDH_anon_WITH_AES_128_CCM                 AECDH-AES128-CCM
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA             AECDH-AES256-SHA
+ TLS_ECDH_anon_WITH_AES_256_CCM_8               AECDH-AES256-CCM8
+ TLS_ECDH_anon_WITH_AES_256_CCM                 AECDH-AES256-CCM
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256         ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA            ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256         ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384         ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA            ECDH-ECDSA-AES256-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384         ECDH-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA           ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8             ECDHE-ECDSA-AES128-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM               ECDHE-ECDSA-AES128-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256        ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384        ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA           ECDHE-ECDSA-AES256-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8             ECDHE-ECDSA-AES256-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM               ECDHE-ECDSA-AES256-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384        ECDHE-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256          ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA             ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256        ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256          ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256          ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384          ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA             ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384          ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256          ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA             ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CCM_8               ECDHE-RSA-AES128-CCM8
+ TLS_ECDHE_RSA_WITH_AES_128_CCM                 ECDHE-RSA-AES128-CCM
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256          ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384          ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA             ECDHE-RSA-AES256-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CCM_8               ECDHE-RSA-AES256-CCM8
+ TLS_ECDHE_RSA_WITH_AES_256_CCM                 ECDHE-RSA-AES256-CCM
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384          ECDHE-RSA-AES256-GCM-SHA384
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256           ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA              ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256           ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384           ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA              ECDH-RSA-AES256-SHA
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384           ECDH-RSA-AES256-GCM-SHA384
+ TLS_PSK_WITH_AES_128_CBC_SHA256                PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA                   PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_128_CCM_8                     PSK-AES128-CCM8
+ TLS_PSK_WITH_AES_128_CCM                       PSK-AES128-CCM
+ TLS_PSK_WITH_AES_128_GCM_SHA256                PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384                PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_256_CBC_SHA                   PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_256_CCM_8                     PSK-AES256-CCM8
+ TLS_PSK_WITH_AES_256_CCM                       PSK-AES256-CCM
+ TLS_PSK_WITH_AES_256_GCM_SHA384                PSK-AES256-GCM-SHA384
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256            RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA               RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256            RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384            RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA               RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384            RSA-PSK-AES256-GCM-SHA384
+ TLS_RSA_WITH_AES_128_CBC_SHA256                AES128-SHA256
+ TLS_RSA_WITH_AES_128_CBC_SHA                   AES128-SHA
+ TLS_RSA_WITH_AES_128_CCM_8                     AES128-CCM8
+ TLS_RSA_WITH_AES_128_CCM                       AES128-CCM
+ TLS_RSA_WITH_AES_128_GCM_SHA256                AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256                AES256-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA                   AES256-SHA
+ TLS_RSA_WITH_AES_256_CCM_8                     AES256-CCM8
+ TLS_RSA_WITH_AES_256_CCM                       AES256-CCM
+ TLS_RSA_WITH_AES_256_GCM_SHA384                AES256-GCM-SHA384
 
-=head2 SEED cipher suites from RFC4162, extending TLS v1.0
+=head2 Camellia cipher suites for TLS v1.2
 
- TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256       ADH-CAMELLIA128-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA          ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256       ADH-CAMELLIA128-GCM-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256       ADH-CAMELLIA256-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA          ADH-CAMELLIA256-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384       ADH-CAMELLIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256       DHE-DSS-CAMELLIA128-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA          DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256       DHE-DSS-CAMELLIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256       DHE-DSS-CAMELLIA256-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA          DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384       DHE-DSS-CAMELLIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256       DHE-RSA-CAMELLIA128-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA          DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256       DHE-RSA-CAMELLIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256       DHE-RSA-CAMELLIA256-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA          DHE-RSA-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384       DHE-RSA-CAMELLIA256-GCM-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256      ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384      ECDH-RSA-CAMELLIA256-SHA384
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256           CAMELLIA128-SHA256
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA              CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256           CAMELLIA128-GCM-SHA256
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256           CAMELLIA256-SHA256
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA              CAMELLIA256-SHA
+ TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384           CAMELLIA256-GCM-SHA384
 
- TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
- TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
+=head2 SEED cipher suites for TLS v1.2
 
- TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
- TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
+ TLS_DH_anon_WITH_SEED_CBC_SHA                  ADH-SEED-SHA
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA                  DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA                  DHE-RSA-SEED-SHA
+ TLS_RSA_WITH_SEED_CBC_SHA                      SEED-SHA
 
- TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
-
-=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+=head2 GOST cipher suites for TLS v1.2
 
 Note: these ciphers require an engine which including GOST cryptographic
 algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
 distribution.
 
- TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
- TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
- TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
- TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
-
-=head2 GOST cipher suites, extending TLS v1.2
-
-Note: these ciphers require an engine which including GOST cryptographic
-algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
-distribution.
-
- TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912
- TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12
-
-Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID
-old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912
-
-
-=head2 Additional Export 1024 and other cipher suites
-
-Note: these ciphers can also be used in SSL v3.
-
- TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
-
-=head2 Elliptic curve cipher suites
-
- TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
-
- TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
-
- TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
- TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
-
-=head2 TLS v1.2 cipher suites
-
- TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
-
- TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
-
- TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
- TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
- TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
- TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
-
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
-
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
-
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
- TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
- TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
- TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
-
- RSA_WITH_AES_128_CCM                      AES128-CCM
- RSA_WITH_AES_256_CCM                      AES256-CCM
- DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
- DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
- RSA_WITH_AES_128_CCM_8                    AES128-CCM8
- RSA_WITH_AES_256_CCM_8                    AES256-CCM8
- DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
- DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
- ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
- ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
- ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
- ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT         GOST2001-GOST89-GOST89
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411         GOST2001-NULL-GOST94
+                                             IANA-GOST2012-GOST8912-GOST8912
+                                             LEGACY-GOST2012-GOST8912-GOST8912
+                                             GOST2012-NULL-GOST12
+                                             GOST2012-KUZNYECHIK-KUZNYECHIKOMAC
+                                             GOST2012-MAGMA-MAGMAOMAC
 
 =head2 ARIA cipher suites from RFC6209, extending TLS v1.2
 
 Note: the CBC modes mentioned in this RFC are not supported.
 
- TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
- TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
- TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
- TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
- TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
- TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
- TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
- TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
- TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
- TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
- TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
- TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
-
-=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2
-
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
- TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
- TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
-
-=head2 Pre-shared keying (PSK) cipher suites
-
- PSK_WITH_NULL_SHA                         PSK-NULL-SHA
- DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
- RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
+ TLS_DH_anon_WITH_ARIA_128_CBC_SHA256           ADH-ARIA128-CBC-SHA256
+ TLS_DH_anon_WITH_ARIA_128_GCM_SHA256           ADH-ARIA128-GCM-SHA256
+ TLS_DH_anon_WITH_ARIA_256_CBC_SHA384           ADH-ARIA256-CBC-SHA384
+ TLS_DH_anon_WITH_ARIA_256_GCM_SHA384           ADH-ARIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256           DHE-DSS-ARIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384           DHE-DSS-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256           DHE-PSK-ARIA128-CBC-SHA256
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256           DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384           DHE-PSK-ARIA256-CBC-SHA384
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384           DHE-PSK-ARIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256           DHE-RSA-ARIA128-CBC-SHA256
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256           DHE-RSA-ARIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384           DHE-RSA-ARIA256-CBC-SHA384
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384           DHE-RSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256       ECDHE-ECDSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256       ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384       ECDHE-ECDSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384       ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256         ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256         ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384         ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384         ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256         ECDHE-RSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256         ECDHE-RSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384         ECDHE-RSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384         ECDHE-RSA-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256               PSK-ARIA128-CBC-SHA256
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256               PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384               PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256           RSA-PSK-ARIA128-CBC-SHA256
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256           RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384           RSA-PSK-ARIA256-CBC-SHA384
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384           RSA-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_WITH_ARIA_128_CBC_SHA256               ARIA128-CBC-SHA256
+ TLS_RSA_WITH_ARIA_128_GCM_SHA256               ARIA128-GCM-SHA256
+ TLS_RSA_WITH_ARIA_256_CBC_SHA384               ARIA256-CBC-SHA384
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384               ARIA256-GCM-SHA384
 
- PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
- PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
- PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
- PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
-
- DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
- DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
- DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
- DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
-
- RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
- RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
- RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
- RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
-
- PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
- PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
- DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
- DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
- RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
- RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
-
- PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
- PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
- PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
- PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
- DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
- DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
- DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
- DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
- RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
- RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
- RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
- RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
- PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
- PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
-
- ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
- ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
- ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
- ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
- ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
- ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
- ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
- ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
- ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
+=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
 
- PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
- PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256      DHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256      DHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256    ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-RSA-CHACHA20-POLY1305
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256          PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256      RSA-PSK-CHACHA20-POLY1305
 
- DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
- DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
+=head2 Elliptic curve cipher suites for TLS v.1.2
 
- RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
- RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA            AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA             AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_128_CCM_8               AECDH-AES128-CCM8
+ TLS_ECDH_anon_WITH_AES_128_CCM                 AECDH-AES128-CCM
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA             AECDH-AES256-SHA
+ TLS_ECDH_anon_WITH_AES_256_CCM_8               AECDH-AES256-CCM8
+ TLS_ECDH_anon_WITH_AES_256_CCM                 AECDH-AES256-CCM
+ TLS_ECDH_anon_WITH_RC4_128_SHA                 AECDH-RC4-SHA
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA           ECDH-ECDSA-DES-CBC3-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256         ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA            ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256         ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384         ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA            ECDH-ECDSA-AES256-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384         ECDH-ECDSA-AES256-GCM-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA                ECDH-ECDSA-RC4-SHA
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA             ECDH-RSA-DES-CBC3-SHA
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256           ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA              ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256           ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384           ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA              ECDH-RSA-AES256-SHA
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384           ECDH-RSA-AES256-GCM-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256      ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384      ECDH-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_RC4_128_SHA                  ECDH-RSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA          ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA           ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8             ECDHE-ECDSA-AES128-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM               ECDHE-ECDSA-AES128-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256        ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384        ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA           ECDHE-ECDSA-AES256-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8             ECDHE-ECDSA-AES256-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM               ECDHE-ECDSA-AES256-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384        ECDHE-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256       ECDHE-ECDSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256       ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384       ECDHE-ECDSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384       ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA               ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3               ECDHE-ECDSA-SM4-CCM-SM3
+ TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3               ECDHE-ECDSA-SM4-GCM-SM3
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA            ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256          ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA             ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CCM_8               ECDHE-RSA-AES128-CCM8
+ TLS_ECDHE_RSA_WITH_AES_128_CCM                 ECDHE-RSA-AES128-CCM
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256          ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384          ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA             ECDHE-RSA-AES256-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CCM_8               ECDHE-RSA-AES256-CCM8
+ TLS_ECDHE_RSA_WITH_AES_256_CCM                 ECDHE-RSA-AES256-CCM
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384          ECDHE-RSA-AES256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256         ECDHE-RSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256         ECDHE-RSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384         ECDHE-RSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384         ECDHE-RSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA                 ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_SM4_CCM_SM3                 ECDHE-RSA-SM4-CCM-SM3
+ TLS_ECDHE_RSA_WITH_SM4_GCM_SM3                 ECDHE-RSA-SM4-GCM-SM3
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA            ECDHE-PSK-DES-CBC3-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256          ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA             ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256        ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256          ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256          ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384          ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA             ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384          ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256         ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256         ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384         ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384         ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256    ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA                 ECDHE-PSK-RC4-SHA
+ TLS_ECDHE_PSK_WITH_SM4_CCM_SM3                 ECDHE-PSK-SM4-CCM-SM3
+ TLS_ECDHE_PSK_WITH_SM4_GCM_SM3                 ECDHE-PSK-SM4-GCM-SM3
 
- ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
- ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
+=head2 Pre-shared keying (PSK) cipher suites
 
- PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
- PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
- DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
- DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
- PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
- PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
- DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
- DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256            DHE-PSK-AES128-CBC-SHA256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA               DHE-PSK-AES128-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8                 DHE-PSK-AES128-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CCM                   DHE-PSK-AES128-CCM
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256            DHE-PSK-AES128-GCM-SHA256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384            DHE-PSK-AES256-CBC-SHA384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA               DHE-PSK-AES256-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_256_CCM_8                 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_256_CCM                   DHE-PSK-AES256-CCM
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384            DHE-PSK-AES256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256           DHE-PSK-ARIA128-CBC-SHA256
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256           DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384           DHE-PSK-ARIA256-CBC-SHA384
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384           DHE-PSK-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256      DHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_SM4_CCM_SM3                   DHE-PSK-SM4-CCM-SM3
+ TLS_DHE_PSK_WITH_SM4_GCM_SM3                   DHE-PSK-SM4-GCM-SM3
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA            ECDHE-PSK-DES-CBC3-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256          ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA             ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256        ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256          ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256          ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384          ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA             ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384          ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256         ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256         ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384         ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384         ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256    ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA                 ECDHE-PSK-RC4-SHA
+ TLS_ECDHE_PSK_WITH_SM4_CCM_SM3                 ECDHE-PSK-SM4-CCM-SM3
+ TLS_ECDHE_PSK_WITH_SM4_GCM_SM3                 ECDHE-PSK-SM4-GCM-SM3
+ TLS_PSK_WITH_AES_128_CBC_SHA256                PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA                   PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_128_CCM_8                     PSK-AES128-CCM8
+ TLS_PSK_WITH_AES_128_CCM                       PSK-AES128-CCM
+ TLS_PSK_WITH_AES_128_GCM_SHA256                PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384                PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_256_CBC_SHA                   PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_256_CCM_8                     PSK-AES256-CCM8
+ TLS_PSK_WITH_AES_256_CCM                       PSK-AES256-CCM
+ TLS_PSK_WITH_AES_256_GCM_SHA384                PSK-AES256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256               PSK-ARIA128-CBC-SHA256
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256               PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384               PSK-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256          PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256            RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA               RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256            RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384            RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA               RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384            RSA-PSK-AES256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256           RSA-PSK-ARIA128-CBC-SHA256
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256           RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384           RSA-PSK-ARIA256-CBC-SHA384
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384           RSA-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256      RSA-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_SM4_CCM_SM3                   RSA-PSK-SM4-CCM-SM3
+ TLS_RSA_PSK_WITH_SM4_GCM_SM3                   RSA-PSK-SM4-GCM-SM3
 
-=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
+=head2 Other TLS v1.2 cipher suites
 
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
- TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
- TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
- TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
+ TLS_RSA_WITH_NULL_MD5                          NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                          NULL-SHA
+ TLS_RSA_WITH_NULL_SHA256                       NULL-SHA256
+ TLS_RSA_WITH_RC4_128_MD5                       RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                       RC4-SHA
+ TLS_RSA_WITH_IDEA_CBC_SHA                      IDEA-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA                  DES-CBC3-SHA
+ TLS_RSA_WITH_SM4_CCM_SM3                       SM4-CCM-SM3
+ TLS_RSA_WITH_SM4_GCM_SM3                       SM4-GCM-SM3
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA              DHE-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA              DHE-RSA-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_SM4_CCM_SM3                   DHE-RSA-SM4-CCM-SM3
+ TLS_DHE_RSA_WITH_SM4_GCM_SM3                   DHE-RSA-SM4-GCM-SM3
+ TLS_DH_anon_WITH_RC4_128_MD5                   ADH-RC4-MD5
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA              ADH-DES-CBC3-SHA
 
 =head2 TLS v1.3 cipher suites
 
@@ -731,12 +844,12 @@ Note: the CBC modes mentioned in this RFC are not supported.
  TLS_AES_128_CCM_SHA256                     TLS_AES_128_CCM_SHA256
  TLS_AES_128_CCM_8_SHA256                   TLS_AES_128_CCM_8_SHA256
 
-=head2 Older names used by OpenSSL
+=head2 "EDH-" aliases to "DHE-" names for backward compatibility
 
 The following names are accepted by older releases:
 
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+ EDH-RSA-DES-CBC3-SHA - alias of DHE-RSA-DES-CBC3-SHA
+ EDH-DSS-DES-CBC3-SHA - alias of DHE-DSS-DES-CBC3-SHA
 
 =head1 NOTES
 
@@ -759,13 +872,9 @@ authentication (aNULL):
 
  openssl ciphers -v 'ALL:!aNULL'
 
-Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-
-Include all RC4 ciphers but leave out those without authentication:
+Include only AES ciphers and then place RSA ciphers last:
 
- openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+ openssl ciphers -v 'AES:+RSA'
 
 Include all ciphers with RSA authentication but leave out ciphers without
 encryption.
@@ -794,7 +903,7 @@ The B<-convert> option was added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 599c93ee6d30..9f98aa5a521a 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -861,7 +861,7 @@ Use SHA256 KDF with an ECDH certificate:
 
 Print CMS signed binary data in human-readable form:
 
-openssl cms -in signed.cms -binary -inform DER -cmsout -print
+ openssl cms -in signed.cms -binary -inform DER -cmsout -print
 
 =head1 BUGS
 
diff --git a/doc/man1/openssl-format-options.pod b/doc/man1/openssl-format-options.pod
index a9bd1d6971e0..115aa9936f8f 100644
--- a/doc/man1/openssl-format-options.pod
+++ b/doc/man1/openssl-format-options.pod
@@ -75,7 +75,7 @@ A password or PIN may be supplied to the engine using the B<-passin> option.
 
 A DER-encoded file containing a PKCS#12 object.
 It might be necessary to provide a decryption password to retrieve
-the private key.
+the private key or certificate.
 
 =item B<PEM>
 
@@ -135,7 +135,7 @@ Note that the parsing is simple and might fail to parse some legal data.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man1/openssl-verification-options.pod b/doc/man1/openssl-verification-options.pod
index 68aa4402efcc..1b968359ce0c 100644
--- a/doc/man1/openssl-verification-options.pod
+++ b/doc/man1/openssl-verification-options.pod
@@ -142,6 +142,12 @@ equals the public key algorithm of the candidate issuer certificate.
 The lookup first searches for issuer certificates in the trust store.
 If it does not find a match there it consults
 the list of untrusted ("intermediate" CA) certificates, if provided.
+If one issuer certificate was found in the trust store, the list of
+untrusted certificates will not be consulted anymore to find further
+issuer certificates. Therefore, either only the root certificate or an
+uninterrupted chain to the root certificate must be provided in the trust
+store for a successful verification, if B<X509_V_FLAG_PARTIAL_CHAIN>
+is not enabled.
 
 =head2 Certification Path Validation
 
diff --git a/doc/man1/openssl-verify.pod.in b/doc/man1/openssl-verify.pod.in
index 7e51af6eac15..309d232c8c13 100644
--- a/doc/man1/openssl-verify.pod.in
+++ b/doc/man1/openssl-verify.pod.in
@@ -104,6 +104,11 @@ input.
 
 =back
 
+Note that the first parameter that does not begin with a B<-> ends the list
+of options and starts the list of certificates. If you place any options
+after a certificate filename, they will be interpreted not as options
+but as certificates.
+
 =head1 DIAGNOSTICS
 
 When a verify operation fails the output messages can be somewhat cryptic. The
@@ -140,7 +145,7 @@ The B<-engine option> was deprecated in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/ADMISSIONS.pod b/doc/man3/ADMISSIONS.pod
index f86aac922aa0..b6335cb73550 100644
--- a/doc/man3/ADMISSIONS.pod
+++ b/doc/man3/ADMISSIONS.pod
@@ -98,7 +98,7 @@ PROFESSION_INFO_set0_registrationNumber
 The B<PROFESSION_INFOS>, B<ADMISSION_SYNTAX>, B<ADMISSIONS>, and
 B<PROFESSION_INFO> types are opaque structures representing the
 analogous types defined in the Common PKI Specification published
-by L<https://www.t7ev.org>.
+by L<T7 & TELETRUST|https://www.bundesnetzagentur.de/EVD/DE/SharedDocuments/Downloads/Anbieter_Infothek/Common_PKI_v2.0_02.pdf?__blob=publicationFile&v=1>.
 Knowledge of those structures and their semantics is assumed.
 
 The conventional routines to convert between DER and the local format
@@ -169,7 +169,7 @@ L<d2i_X509(3)>,
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/BIO_get_data.pod b/doc/man3/BIO_get_data.pod
index aeb6b1c7e9ba..b2debd2bc504 100644
--- a/doc/man3/BIO_get_data.pod
+++ b/doc/man3/BIO_get_data.pod
@@ -18,7 +18,7 @@ BIO_get_shutdown - functions for managing BIO state information
 
 =head1 DESCRIPTION
 
-These functions are mainly useful when implementing a custom BIO.
+These functions can be used when implementing a custom BIO.
 
 The BIO_set_data() function associates the custom data pointed to by B<ptr> with
 the BIO. This data can subsequently be retrieved via a call to BIO_get_data().
@@ -36,6 +36,13 @@ The BIO_set_shutdown() and BIO_get_shutdown() functions set and get the state of
 this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource
 is also closed when the BIO is freed.
 
+=head1 WARNINGS
+
+Do not use BIO_set_data(), BIO_get_data(), BIO_set_init(), BIO_get_init(), outside
+the implementation of a custom BIO.
+Calling BIO_set_data() on an existing BIO implementation with data that it does
+not expect will lead to unexpected results.
+
 =head1 RETURN VALUES
 
 BIO_get_data() returns a pointer to the implementation specific custom data
@@ -55,7 +62,7 @@ The functions described here were added in OpenSSL 1.1.0.
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/EVP_EncryptInit.pod b/doc/man3/EVP_EncryptInit.pod
index a7e0b453b6db..75aef98363e3 100644
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@@ -1249,6 +1249,9 @@ for failure.
 EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names.
 A return value of 0 means that the callback was not called for any names.
 
+EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and
+EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure.
+
 =head1 CIPHER LISTING
 
 All algorithms have a fixed key length unless otherwise stated.
@@ -1272,8 +1275,13 @@ depending on the mode specified.
 
 To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
 EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
-parameter I<out> set to B<NULL>. In this case, on success, the parameter
-I<outl> is set to the number of bytes authenticated.
+parameter I<out> set to NULL. In this case, on success, the parameter
+I<outl> is set to the number of AAD bytes processed in that call
+(that is, the value of I<inl>), and does not include any plaintext
+or ciphertext bytes processed by other calls.
+
+If no AAD is used, this call can be omitted. See the mode-specific notes
+below for any exceptions.
 
 When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
 indicates whether the operation was successful. If it does not indicate success,
diff --git a/doc/man3/OPENSSL_malloc.pod b/doc/man3/OPENSSL_malloc.pod
index 70f3cff1e049..db062f5ab226 100644
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@@ -99,8 +99,8 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning.
 OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
 when the buffer at B<addr> holds sensitive information.
 The old buffer is filled with zero's by calling OPENSSL_cleanse()
-before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is
-NULL, nothing is done.
+before ultimately calling OPENSSL_free(). If the argument to
+OPENSSL_clear_free() is NULL, nothing is done.
 
 OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
 It is useful in cases when it is needed to ensure that memory (that contains
@@ -203,7 +203,7 @@ clang's memory and leak sanitizer.
 
 =head1 COPYRIGHT
 
-Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/PKCS5_PBE_keyivgen.pod b/doc/man3/PKCS5_PBE_keyivgen.pod
index 72de3153b97d..f769cf788fe3 100644
--- a/doc/man3/PKCS5_PBE_keyivgen.pod
+++ b/doc/man3/PKCS5_PBE_keyivgen.pod
@@ -110,6 +110,13 @@ I<iter> less than 1 is treated as a single iteration.
 
 I<digest> is the message digest function used in the derivation.
 
+I<aiv> is the initialization vector (IV) to use for the encryption algorithm.
+If I<aiv> is NULL, then a random IV will be generated.
+
+I<prf_nid> is the numeric identifier (NID) for the pseudo-random function to
+use with PBKDF2. If I<prf_nid> is not specified (for example, I<prf_nid> is set to 0),
+a default PRF is used, which is currently set to SHA-256 (NID_hmacWithSHA256).
+
 Functions ending in _ex() take optional parameters I<libctx> and I<propq> which
 are used to select appropriate algorithm implementations.
 
@@ -118,7 +125,9 @@ are used to select appropriate algorithm implementations.
 PKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(),
 PKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an B<X509_ALGOR>
 object which represents an AlgorithmIdentifier containing the algorithm OID and
-associated parameters for the PBE algorithm.
+associated parameters for the PBE algorithm. These functions encode the
+key derivation parameters (such as salt and iteration count) and the
+encryption parameters (such as the IV) into the ASN.1 structure.
 
 PKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an B<X509_ALGOR>
 object which represents an AlgorithmIdentifier containing the algorithm OID and
@@ -167,7 +176,7 @@ PKCS5_PBE_keyivgen_ex() has been moved to the legacy provider as an EVP_KDF.
 
 =head1 COPYRIGHT
 
-Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/RSA_set_method.pod b/doc/man3/RSA_set_method.pod
index 6e45d6b60b9d..490932dc854b 100644
--- a/doc/man3/RSA_set_method.pod
+++ b/doc/man3/RSA_set_method.pod
@@ -148,13 +148,7 @@ and RSA_get_method() return pointers to the respective RSA_METHODs.
 
 RSA_set_default_method() returns no value.
 
-RSA_set_method() returns a pointer to the old RSA_METHOD implementation
-that was replaced. However, this return value should probably be ignored
-because if it was supplied by an ENGINE, the pointer could be invalidated
-at any time if the ENGINE is unloaded (in fact it could be unloaded as a
-result of the RSA_set_method() function releasing its handle to the
-ENGINE). For this reason, the return type may be replaced with a B<void>
-declaration in a future release.
+RSA_set_method() returns 1 for success. It always succeeds.
 
 RSA_new_method() returns NULL and sets an error code that can be obtained
 by L<ERR_get_error(3)> if the allocation fails. Otherwise
@@ -185,7 +179,7 @@ was replaced to always return NULL in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/SSL_CTX_set_psk_client_callback.pod b/doc/man3/SSL_CTX_set_psk_client_callback.pod
index 7ccea7273f83..146e3d03a51a 100644
--- a/doc/man3/SSL_CTX_set_psk_client_callback.pod
+++ b/doc/man3/SSL_CTX_set_psk_client_callback.pod
@@ -93,6 +93,14 @@ be used as the basis for a PSK.
 Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it
 should not be freed by the application.
 
+Note that as described above, the callback may be called a second time during a
+handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each
+call, if the callback wishes to return the same SSL_SESSION pointer on a
+subsequent invocation, it must first call L<SSL_SESSION_up_ref(3)> to increment
+the reference count. Failure to do so will result in a use-after-free error.
+Alternatively, the callback may return a different SSL_SESSION object on each
+call (e.g., by calling L<SSL_SESSION_dup(3)>).
+
 It is also possible for the callback to succeed but not supply a PSK. In this
 case no PSK will be sent to the server but the handshake will continue. To do
 this the callback should return successfully and ensure that B<*sess> is
@@ -169,7 +177,7 @@ were added in OpenSSL 1.1.1.
 
 =head1 COPYRIGHT
 
-Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man3/X509_NAME_print_ex.pod b/doc/man3/X509_NAME_print_ex.pod
index e43bb191f523..f86849d26e2e 100644
--- a/doc/man3/X509_NAME_print_ex.pod
+++ b/doc/man3/X509_NAME_print_ex.pod
@@ -32,9 +32,8 @@ I<size> is ignored.
 Otherwise, at most I<size> bytes will be written, including the ending '\0',
 and I<buf> is returned.
 
-X509_NAME_print() prints out I<name> to I<bp> indenting each line by I<obase>
-characters. Multiple lines are used if the output (including indent) exceeds
-80 characters.
+X509_NAME_print() prints out I<name> to I<bp> on a single line.
+The I<obase> parameter is ignored and retained only for API compatibility.
 
 =head1 NOTES
 
@@ -122,7 +121,7 @@ L<ASN1_STRING_print_ex(3)>
 
 =head1 COPYRIGHT
 
-Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/property.pod b/doc/man7/property.pod
index eb0f6b176ccb..7adf282ebfbe 100644
--- a/doc/man7/property.pod
+++ b/doc/man7/property.pod
@@ -142,6 +142,38 @@ Note that the local property query could not use "fips=no" because that would
 disallow any implementations with "fips=yes" rather than not caring about the
 setting.
 
+=head1 PREDEFINED NAMES
+
+=for comment This list should correspond to the array 'predefined_names' in crypto/property/property_parse.c
+
+Currently known predefined names are:
+
+=over 4
+
+=item C<provider>
+
+The conventional property value is the provider's name.  This may be different from the name returned by L<OSSL_PROVIDER_get0_name(3)>.
+
+It is a convention among OpenSSL provider implementations to define a property with this name.  It is not mandatory to do this.
+
+=item C<version>
+
+The conventional property value is the provider's version.
+
+OpenSSL provider implementations do not define a property with this name.
+
+=item C<fips>
+
+The conventional property value is boolean (C<"yes"> or C<"no">), indication whether the implementation conforms to FIPS standards or not.
+
+It is a convention among OpenSSL provider implementations to define a property with this name where applicable.  It is not mandatory to do this, but is strongly recommended.
+
+=item C<output>, C<input>, C<structure>
+
+Properties with these names are used by encoders (see L<provider-encoder(7)>) and decoders (see L<provider-decoder(7)>).
+
+=back
+
 =head1 SYNTAX
 
 The lexical syntax in EBNF is given by:
@@ -167,7 +199,7 @@ Properties were added in OpenSSL 3.0
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/doc/man7/provider-base.pod b/doc/man7/provider-base.pod
index 2fd803bb96b6..d9ccc9c73bbc 100644
--- a/doc/man7/provider-base.pod
+++ b/doc/man7/provider-base.pod
@@ -131,7 +131,8 @@ For example, the "function" core_gettable_params() has these:
  static ossl_inline OSSL_NAME_core_gettable_params_fn
      OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf);
 
-L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
+L<OSSL_DISPATCH(3)> array entries contain a I<function_id> field that
+identifies the function. The I<function_id> numbers are provided as
 macros in L<openssl-core_dispatch.h(7)>, as follows:
 
 For I<in> (the L<OSSL_DISPATCH(3)> array passed from F<libcrypto> to the
@@ -809,7 +810,7 @@ introduced in OpenSSL 3.0.
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff --git a/external/perl/Text-Template-1.56/lib/Text/Template.pm b/external/perl/Text-Template-1.56/lib/Text/Template.pm
index be38c73ce457..dec5b61419d1 100644
--- a/external/perl/Text-Template-1.56/lib/Text/Template.pm
+++ b/external/perl/Text-Template-1.56/lib/Text/Template.pm
@@ -2337,8 +2337,8 @@ There are not quite enough tests in the test suite.
 
 =head1 SOURCE
 
-The development version is on github at L<https://https://github.com/mschout/perl-text-template>
-and may be cloned from L<git://https://github.com/mschout/perl-text-template.git>
+The development version is on github at L<https://github.com/mschout/perl-text-template>
+and may be cloned from L<https://github.com/mschout/perl-text-template.git>
 
 =head1 BUGS
 
diff --git a/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm b/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
index 4fea67b38313..b4f7d53ebaad 100644
--- a/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
+++ b/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
@@ -122,8 +122,8 @@ L<Text::Template>
 
 =head1 SOURCE
 
-The development version is on github at L<https://https://github.com/mschout/perl-text-template>
-and may be cloned from L<git://https://github.com/mschout/perl-text-template.git>
+The development version is on github at L<https://github.com/mschout/perl-text-template>
+and may be cloned from L<https://github.com/mschout/perl-text-template.git>
 
 =head1 BUGS
 
diff --git a/include/crypto/evp.h b/include/crypto/evp.h
index f4163446d5d6..296073596bc8 100644
--- a/include/crypto/evp.h
+++ b/include/crypto/evp.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -473,17 +473,17 @@ struct evp_cipher_st {
     BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
         0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
 
-#define BLOCK_CIPHER_defs(cname, kstruct,                                             \
-    nid, block_size, key_len, iv_len, cbits, flags,                                   \
-    init_key, cleanup, set_asn1, get_asn1, ctrl)                                      \
-    BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags,     \
-        init_key, cleanup, set_asn1, get_asn1, ctrl)                                  \
-        BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits,             \
-            flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                       \
-            BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits,         \
-                flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                   \
-                BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
-                    init_key, cleanup, set_asn1, get_asn1, ctrl)
+#define BLOCK_CIPHER_defs(cname, kstruct,                                         \
+    nid, block_size, key_len, iv_len, cbits, flags,                               \
+    init_key, cleanup, set_asn1, get_asn1, ctrl)                                  \
+    BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+        init_key, cleanup, set_asn1, get_asn1, ctrl)                              \
+    BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits,             \
+        flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                       \
+    BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits,             \
+        flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                       \
+    BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags,         \
+        init_key, cleanup, set_asn1, get_asn1, ctrl)
 
 /*-
 #define BLOCK_CIPHER_defs(cname, kstruct, \
diff --git a/include/crypto/sparc_arch.h b/include/crypto/sparc_arch.h
index 8e72c3504f7a..6d47505ae96f 100644
--- a/include/crypto/sparc_arch.h
+++ b/include/crypto/sparc_arch.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -79,10 +79,14 @@
 
 #if defined(__arch64__)
 
+/* clang-format off */
 #define SPARC_LOAD_ADDRESS(SYM, reg) \
-    setx SYM, % o7, reg;
+    setx SYM, %o7, reg;
+/* clang-format on */
 #define LDPTR ldx
-#define SIZE_T_CC % xcc
+/* clang-format off */
+#define SIZE_T_CC %xcc
+/* clang-format on */
 #define STACK_FRAME 192
 #define STACK_BIAS 2047
 #define STACK_7thARG (STACK_BIAS + 176)
@@ -92,7 +96,9 @@
 #define SPARC_LOAD_ADDRESS(SYM, reg) \
     set SYM, reg;
 #define LDPTR ld
-#define SIZE_T_CC % icc
+/* clang-format off */
+#define SIZE_T_CC %icc
+/* clang-format on */
 #define STACK_FRAME 112
 #define STACK_BIAS 0
 #define STACK_7thARG 92
diff --git a/include/crypto/sparse_array.h b/include/crypto/sparse_array.h
index d2629000eeaf..6529b4615132 100644
--- a/include/crypto/sparse_array.h
+++ b/include/crypto/sparse_array.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -62,7 +62,7 @@ extern "C" {
     }                                                                                                              \
     static ossl_unused ossl_inline int                                                                             \
     ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) * sa,                                                               \
-        ossl_uintmax_t n, ctype * val)                                                                             \
+        ossl_uintmax_t n, ctype *val)                                                                              \
     {                                                                                                              \
         return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val);                                                      \
     }                                                                                                              \
diff --git a/include/openssl/core_dispatch.h b/include/openssl/core_dispatch.h
index 14b4da18c9fd..82980e5afd61 100644
--- a/include/openssl/core_dispatch.h
+++ b/include/openssl/core_dispatch.h
@@ -154,19 +154,19 @@ OSSL_CORE_MAKE_FUNC(void,
 
 OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, const char *mode))
 OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len))
-OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO * bio, void *data, size_t data_len, size_t *bytes_read))
-OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO * bio, const void *data, size_t data_len, size_t *written))
-OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO * bio, char *buf, int size))
-OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO * bio, const char *str))
-OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO * bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO * bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO * bio, const char *format, va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read))
+OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written))
+OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size))
+OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str))
+OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args))
 OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
     (char *buf, size_t n, const char *fmt, va_list args))
-OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO * bio, int cmd, long num, void *ptr))
+OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, int cmd, long num, void *ptr))
 
 #define OSSL_FUNC_SELF_TEST_CB 100
-OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX * ctx, OSSL_CALLBACK **cb, void **cbarg))
+OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg))
 
 /* Functions to get seed material from the operating system */
 #define OSSL_FUNC_GET_ENTROPY 101
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index 36a780d58195..20b4575b13e3 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -323,13 +323,13 @@ struct rsa_pss_params_st {
 DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS)
 
-typedef struct rsa_oaep_params_st {
+struct rsa_oaep_params_st {
     X509_ALGOR *hashFunc;
     X509_ALGOR *maskGenFunc;
     X509_ALGOR *pSourceFunc;
     /* Decoded hash algorithm from maskGenFunc */
     X509_ALGOR *maskHash;
-} RSA_OAEP_PARAMS;
+};
 
 DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
 
diff --git a/include/openssl/types.h b/include/openssl/types.h
index b507ee7b26fb..a3806b0265a8 100644
--- a/include/openssl/types.h
+++ b/include/openssl/types.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -143,7 +143,9 @@ typedef struct dsa_method DSA_METHOD;
 typedef struct rsa_st RSA;
 typedef struct rsa_meth_st RSA_METHOD;
 #endif
+
 typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
+typedef struct rsa_oaep_params_st RSA_OAEP_PARAMS;
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef struct ec_key_st EC_KEY;
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 4022ecf30139..e76b08ba86e4 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -59,7 +59,7 @@ aa02597f3dc09cfbc190aedb75711859ba0f3efff87067ebfba1ec78ebee40d7  crypto/bn/asm/
 ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101  crypto/bn/asm/sparcv8.S
 fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef  crypto/bn/asm/sparcv8plus.S
 127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f  crypto/bn/asm/sparcv9-gf2m.pl
-1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac  crypto/bn/asm/sparcv9-mont.pl
+0ad54f0cdf6a52ee0b0aab03800cb2b6beb39b138378b93e151cfd6b1aa2f2d6  crypto/bn/asm/sparcv9-mont.pl
 b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2  crypto/bn/asm/sparcv9a-mont.pl
 d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb  crypto/bn/asm/via-mont.pl
 d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea  crypto/bn/asm/vis3-mont.pl
@@ -75,26 +75,26 @@ da7f7780d27eed164797e5334cd45b35d9c113e86afaca051463aef9a8fd787c  crypto/bn/asm/
 d3b5f02a17ba1c71261f6dad0d4785846567c8a03368d41fc1a6ee7c45aaff78  crypto/bn/bn_const.c
 58b587e20404efa408b31a88ba9c357059ced709bea78c07deb91df7b687db81  crypto/bn/bn_conv.c
 184370000a8bb695f798b7b42887b8e418e4317cc65b3b32915a836fd1a4086d  crypto/bn/bn_ctx.c
-d84752b5835e9072cb93de0241f1f701933c61283a27679c1ba34e2bbd1bbf76  crypto/bn/bn_dh.c
+b1b1c5fb8a45fde5755dfd5da62b68100b94f8c492c950719c108c384ea7f3c4  crypto/bn/bn_dh.c
 4824f271f0ddc487b5991fbd92f7f7695aeeac234e076078f37da027999cdd88  crypto/bn/bn_div.c
-89e257d02feee148d7cbae6708dd3d99b7b92aad08dc9dd4245a23314cce568f  crypto/bn/bn_exp.c
+3a720f1fd8fbfb77f5f0114bed061111602d1e36f6cc53711db5a42d1507bbc5  crypto/bn/bn_exp.c
 ce5219203bf869561297978d6d416357a441864cd801865503dfd455c481960c  crypto/bn/bn_exp2.c
 4b047151f32f29fa2374ade46fd2193273ede805432cb54a1b8e67f5b862e88e  crypto/bn/bn_gcd.c
 6c652722a67f76ffc2edac6a7f7ac6646fb2a05e86ce06d576e371499af4ff62  crypto/bn/bn_gf2m.c
 081e8a6abc23599307dab3b1a92113a65e0bf8717cbc40c970c7469350bc4581  crypto/bn/bn_intern.c
 ff147e5e032cc7c772b73a91fc6e24d8d9516e642d29354445d1f82d64b1d924  crypto/bn/bn_kron.c
 db803f7cc1ace380f9aeac10f316ec23c10d1e3f20f01fc6bd34d2c37a2b8d71  crypto/bn/bn_lib.c
-830e1932da4e8b409250a9dca0275b853a8d12bd6575649148aee5331180bbcd  crypto/bn/bn_local.h
+cd7bade0f2e223fe34f6e2f8cc87098ac8f0af96ec62ada5e67f6a2344d48ef0  crypto/bn/bn_local.h
 a2788054137fd9c4495a8bfba97e8e5f901e96f84ea5b2719c326a9f9ec0eda9  crypto/bn/bn_mod.c
 1e221a2dae6cf79b176f4edbf57cec219696c383f51fd6e9f512a0a9fb833386  crypto/bn/bn_mont.c
 c2a5230efbda6844b7b2eb10447b054496ae5029130d332536de6c3b12dc58a3  crypto/bn/bn_mpi.c
 488dde761d25fb2eabd8acbea5b3b83520db7733480fab6499f60b8bf680b1ed  crypto/bn/bn_mul.c
 843a6dc2fd3ed53c363cb066989fae80d617706d2b974f43c26d893430af3320  crypto/bn/bn_nist.c
-ed74f6e2e02ef180b5a932160356f822a499cc6ba3ff560b57fcbd7ab87d70d8  crypto/bn/bn_prime.c
+3bb750195f38b998175ab45b5f0f7f720c5394aada2e55206fd3c8789a39f7fa  crypto/bn/bn_prime.c
 c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3  crypto/bn/bn_prime.h
 21aa616cfd417b10565e1aa5c10ecab9c68e9b82d507474d0e94d320c699236a  crypto/bn/bn_rand.c
 4df8f204c8a06de2b4395be613ca0b9943613c523586e2005876d5c7bb891c75  crypto/bn/bn_recp.c
-a9df3034a595372d5d7a19d56057f11d3dffb742d982ba3576bcc46e531273e2  crypto/bn/bn_rsa_fips186_4.c
+5eba9c104488b1dc301aa3a626c14ba420c3161cd353cc9689b4ff2e41e81757  crypto/bn/bn_rsa_fips186_4.c
 6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3  crypto/bn/bn_shift.c
 97559e9e071a06b8cffa37b7df27af638de84c51d5da190a879752f39e2b6368  crypto/bn/bn_sqr.c
 c748baddfec6734bb50facbadf151a1f22f8a885c677acfb08b4f814e96f0d52  crypto/bn/bn_sqrt.c
@@ -102,7 +102,7 @@ f42996cdd94f18fe0858552be7123e75cb3ced0ebd7dcb90a0c73740090dcac9  crypto/bn/bn_w
 d3b274c197fbbe7631392e303a878d935fd470905d8967e033fd915e34de521b  crypto/bn/rsaz_exp.c
 544b0e5c28b388d998a5c58e7213c67b5113cd295a39d8bb745431a3e283e829  crypto/bn/rsaz_exp.h
 6bd99f2ece6d4dfb79b757af58a1a01b8f7b1aa274a26dc86e7cf63a7648514a  crypto/bn/rsaz_exp_x2.c
-21ddcc6948e81597c9b9e9823311cd1c315708819e85f29d5ff80dc72e14e562  crypto/bsearch.c
+f6c72754667c90e3466243f9d21ce6a799db8e58c8b78b2707129dcc540adc3c  crypto/bsearch.c
 c39334b70e1394e43f378ae8d31b6e6dc125e4d9181e6536d38e649c4eaadb75  crypto/buffer/buffer.c
 5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d  crypto/c64xpluscpuid.pl
 0e1a41a2d81b5765bca3df448f60bf1fad91e485fe89dd65a7300ffc419e316d  crypto/cmac/cmac.c
@@ -167,12 +167,12 @@ f4490c0b575b79e63a897b1e85a87ede2645a2c521e67db461b3192884450d9d  crypto/ec/ec2_
 bf80690d9f51b953e0de3f598d4dc470a692e3df7d3d4932ffd6cbd2efedfff0  crypto/ec/ec2_smpl.c
 2a71bd8dbe4f427c117d990581709a4ddce07fa8e530794b5a9574fef7c48a0c  crypto/ec/ec_asn1.c
 2457e1f14be55cc63bf37c0cadcdc35c261d2501df39b592894f10a88f8673de  crypto/ec/ec_backend.c
-86e2becf9b3870979e2abefa1bd318e1a31820d275e2b50e03b17fc287abb20a  crypto/ec/ec_check.c
+f4f7e06bdabf604fc05148c686201a5c74ec168a2126e36b7b55ef7127bf1371  crypto/ec/ec_check.c
 72dd6b1286953a1086dcf109027d7905d63fddf8f76164f4ca81472534ddef9a  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
 e4fc98a2d9df71b00aac3df13f80f3ffb787fd2e6c38ab476949e3993f5889fe  crypto/ec/ec_key.c
 583a0e617548d703c3e12674be44a44fa7aa14bb6c94b0eb4d058063ea60421d  crypto/ec/ec_kmeth.c
-8807a4b92314ae28a828dbcecb0fb962f644f42d01627845df7a90af1d8795cc  crypto/ec/ec_lib.c
+c998a93977afc236ece22d953a50d300d0824fe15dac030f577d01af9ad7c334  crypto/ec/ec_lib.c
 edc863250b0d31a798e91954199f53eb41235baba89f1aedba413a34f5dddcc2  crypto/ec/ec_local.h
 c31f7d92d3ae050c60e09a547690f532318cc09e23a4bf6653b11f74b4a33efb  crypto/ec/ec_mult.c
 17d68db872f23e5e2a8e6abd457a740f352f1e1cbd6571b59a0b1d193aec48f7  crypto/ec/ec_oct.c
@@ -191,9 +191,9 @@ cf7e76a6560fc171c867afa1f7c6d9c85f69c95933880c985845edd2522c4adc  crypto/ec/ecp_
 22c44f561ab42d1bd7fd3a3c538ebaba375a704f98056b035e7949d73963c580  crypto/ec/ecx_key.c
 93d74fd094289450d89ab9b538761e6cb5f31eb704543ef38681a9e24b296ca9  crypto/evp/asymcipher.c
 1f64d4752074f954af4f290788e4332e3874ba3282bd03d3e1d1f5ce4b0888bc  crypto/evp/dh_support.c
-f7faaf48470a9b9fc0a3c68dba804485693048614d53e1d9058433481da30137  crypto/evp/digest.c
+d90e5f6637abcbaa5afd5e59af2aaec5572351f087907ba0fb2e2db7ce93869b  crypto/evp/digest.c
 4ffc3fc5ee5f0dcadf1516f1cc29338f0f4d85c59881c06d5a777cf4e47a6d5f  crypto/evp/ec_support.c
-06142ff1603ff070c1950a6ac4323a6a106f1b60e7d5908160352e8bdd1fd906  crypto/evp/evp_enc.c
+39378dddcc7cdd139694caadff7775b97e1e6cff1b6b26c2adf31251380a292a  crypto/evp/evp_enc.c
 3fd5f81de0b9547349825e1b6305c1acd9290d6ed80d240d570f42f3a081a376  crypto/evp/evp_fetch.c
 d2960666aef9c626b40f0be825df235c84d283f2e073179bcaecbd9e01aa3ab0  crypto/evp/evp_lib.c
 bd82993eb938cfd55a2af22aa7c2fa2a2c9ca8ac3c01aaa06de3b9599817e51d  crypto/evp/evp_local.h
@@ -249,9 +249,9 @@ ca4be187fc1805d498f2adb823509f0519e214644029c18d331b5b01a0891a9d  crypto/modes/c
 b431ff38c3a85943f71be0d76b063dbe2930967629b8721465b8152ab7867296  crypto/modes/ofb128.c
 02e7659d8776f5885ebbc25b930ddec046262f92c9e8fa7e093f2a6a8d973a3b  crypto/modes/wrap128.c
 0a10e0cae6f4ac164afe97a64df09c8412145c8a25f387ff3a53ff7495572cbc  crypto/modes/xts128.c
-4457496e117a90d2b513794cc6e102c594c12a115a86d5dfd2cbb5c7e3c17f70  crypto/o_str.c
+a6067746bf89ca164f648055a84c37f6d93dee29df83d629e6395f4d623ceb02  crypto/o_str.c
 a1d61a3aeb8d9397ea9ae74becd48eb1a60602820c2d614c4c7b7e677279aa55  crypto/packet.c
-c698d5166d091d6bb6e9df3c211fe1cc916fd43a26ec844f28f547cd708f9c55  crypto/param_build.c
+154108b648c91e74ed5c021c1386a53c59833f77314eb6e855dbddf4c7b71f20  crypto/param_build.c
 2a0f272dd553b698e8c6fa57962694ebd6064cb03fe26a60df529205568d315d  crypto/param_build_set.c
 d404f0a7e7e892079a417ddd627f4d92113af08c0ce8a8e0281f82f992eb972d  crypto/params.c
 30ed7566e985b36558acde822f854a225f016bc86105c7d4a86e8261a74bd2c0  crypto/params_dup.c
@@ -298,7 +298,7 @@ be1e7dd9998e3f31cfa6e1b17bc198aeec584a8b76820e38f71d51b05f8a9f2a  crypto/sha/asm
 33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034  crypto/sha/asm/keccak1600-c64x.pl
 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a  crypto/sha/asm/keccak1600-mmx.pl
 ce4a58129e5ee3ac4c9dfec5ecc010440570ebf7bf869e3e9977f2121a64b27a  crypto/sha/asm/keccak1600-ppc64.pl
-a859fc8cb073b2d0012a93f3155a75fb6eb677441462b0de4f8cf8df1445e970  crypto/sha/asm/keccak1600-s390x.pl
+b0f0298a5a592591c9b9502bed57b5758f4582379452e0f8ba1834a54e788bbb  crypto/sha/asm/keccak1600-s390x.pl
 618dcd4891b4064d3b8aa6dcd74bea7ef55f4962a64957b05a05448f6e3e0f17  crypto/sha/asm/keccak1600-x86_64.pl
 831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d  crypto/sha/asm/keccak1600p8-ppc.pl
 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007  crypto/sha/asm/sha1-586.pl
@@ -370,7 +370,7 @@ eca06c0a1edc17961b602b4b307226ab3dbba6032198fe3f36ae1a071e3b4eaa  include/crypto
 ac6971268f0bbac629c7ca4778b7f30040d0c371a0130fd9316444a98916f81f  include/crypto/rsa.h
 3f28391ed526d791a578e76a40961592e15ae2bf62b81d5924525e1f21684659  include/crypto/security_bits.h
 283c1c5ca4b79eecfb5c4c51011e6039a8454db58be30c7142f033260b35e5aa  include/crypto/sha.h
-8d50d439dd064b66fe349787228435d7a5ba4bc46917a1287c8d876f7faf37db  include/crypto/sparse_array.h
+df915f569207111cdb011e85ee0f40bcd169ac0a413cc858ccee0b5001cefbb5  include/crypto/sparse_array.h
 c292c06068cf47705f6a5f1f2d07f801f011d38f1213f6a634887bd6b38e32f5  include/crypto/types.h
 ad00ca5e33a97c8b4394b385fb95e1b98c372f45febc6870e4f52d752cb44640  include/internal/bio.h
 123900a69e2481bc9338f96ceb4db10d1f0a6e67d2fdc2a56406f0dabdfcd8d9  include/internal/constant_time.h
@@ -413,7 +413,7 @@ d6a1b0a47ea92e18e90eed611aec85db89eab928bb8e21a170c12011647c1d59  include/openss
 9d12603a5d7649457a0850c699d3254f5469dbcfe09bf9a432a1ece06172ff75  include/openssl/configuration.h.in
 f76830b31c947d86c2e6a302ab8df6b83076f8d29120bce9a58195551eb48e1a  include/openssl/conftypes.h
 3e2d23252a53e5c5137198514f688205dd59530c447d7facfaf08a39d7446dc6  include/openssl/core.h
-b93522d42b17097643f622739e21a9ff5db843d1ee2bd663dfca8896785e2840  include/openssl/core_dispatch.h
+bb16fa4f77db5cdf5a1ff162e1fd8d0e4d8f4e98c99981de3c6c6c023532cb8f  include/openssl/core_dispatch.h
 e0c6c338a77b8285666766db13e1617a1df0a0c269e432d5ce3b6b60daec388f  include/openssl/core_names.h
 f47c3c7fd18d0df54b0601ab22928190f2c29c2e732cfdaa0b03e400f82c375f  include/openssl/crypto.h.in
 ff98ae7f59abd88cc4a19196ff5fd9353719f7d1a163264f6ed89be4e4a82a02  include/openssl/cryptoerr.h
@@ -451,7 +451,7 @@ fb2fab5b76c0763c083f75e4ee84c871b3ff5d92f1bb6d38d415b24cd25012d4  include/openss
 47c6d4e0921ed1e8dcc27076a645c7427fa1d7fb6d8b7306f6ee2a9e10448154  include/openssl/provider.h
 abe0dbc7158d2464af25fb476e21e2edbfb7f2d7cc575782724b6ad325541950  include/openssl/rand.h
 19492ed0d3dc0c1809d3e8dfeba95426b79b4ed23defc6185a4ba39163a83002  include/openssl/randerr.h
-5c356d60834d584764c492a4021ff5e8f5dddd359207ef3423f731105eb45312  include/openssl/rsa.h
+423ede997674895cc4f0b15356a13d46187cd0f775f3ddc5bd0ed72c0ce00261  include/openssl/rsa.h
 6f79765285a8244f6c1858b86db8e390e4bc6c7905a7e4576973316612f7b015  include/openssl/rsaerr.h
 546e4277a9897ed5c01b9ab30168e82f4acf9a6a20da430ebf7dd698d5f888fc  include/openssl/safestack.h.in
 f8d9f4282013fdeb93a04877d8b4600e0e009c191830a80731bfe4eacbcdb18f  include/openssl/self_test.h
@@ -459,7 +459,7 @@ f8d9f4282013fdeb93a04877d8b4600e0e009c191830a80731bfe4eacbcdb18f  include/openss
 07f25b18b5acfb8733db85a258c6f3aac0c8f436f0a3095c8d885a741f6287f4  include/openssl/stack.h
 d381d0b4113f0fa18b3e421eae303fc84daf84eacb1236cb6e9976409a2d33a9  include/openssl/symhacks.h
 38f32380d8670dccec94301bc16938fc615a1e764789a3035847b7a442fbf6dd  include/openssl/trace.h
-a4fdd967a18ab917ec9965f5377ecbeb3ddee59c32f5777cd1a7460dd22b2e2e  include/openssl/types.h
+1db525803021f55b85ff2c3fcc5076fa9e1a37767a8589227c7293007af9f35a  include/openssl/types.h
 c0a9551efccf43f3dd748d4fd8ec897ddaabbc629c00ec1ad76ce983e1195a13  providers/common/bio_prov.c
 ecf36d9b12080498db07b9c264df32554c5829b7c813acaead773da5aa7c810f  providers/common/capabilities.c
 f94b7435d4ec888ec30df1c611afa8b9eedbb59e905a2c7cb17cfc8c4b9b85b8  providers/common/der/der_digests_gen.c.in
@@ -518,7 +518,7 @@ a8eaca99a71521ff8ac4ffcf08315e59220f7e0b7f505ecddad04fadd021ec14  providers/impl
 8ed4a100e4756c31c56147b4b0fab76a4c6e5292aa2f079045f37b5502fd41b9  providers/implementations/ciphers/cipher_aes_gcm_hw_aesni.inc
 77024a608e7be3100d97709b9a65c2158c4a4102e70c4e3ba6de27a4bf0741a8  providers/implementations/ciphers/cipher_aes_hw.c
 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68  providers/implementations/ciphers/cipher_aes_hw_aesni.inc
-306ea467577e40ac3aba8c771bbd774eef2d1f6ffe82ae5778b1253088d8c0b7  providers/implementations/ciphers/cipher_aes_ocb.c
+1655955223756645e1b1516eae6c0fae59f35bd843709faa4a930ac7eba8f627  providers/implementations/ciphers/cipher_aes_ocb.c
 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f  providers/implementations/ciphers/cipher_aes_ocb.h
 d33fef74353e50bf541457456c54261314d4318d39456d8e5f26f3eda4525139  providers/implementations/ciphers/cipher_aes_ocb_hw.c
 6a8782c728575d69c86b735c9f47acda5c0daa04e17f1e0faef2c963f23fab20  providers/implementations/ciphers/cipher_aes_wrp.c
@@ -532,7 +532,7 @@ dc4626becaabc3990549483d9ef5f05c7dd9a9c2cf9be96ade3ba6a6e203f7f5  providers/impl
 98061b6499a05e63b19452b6217ec98f681243730470795a9d3bc0645aac7959  providers/implementations/ciphers/cipher_tdes.h
 f6b81faf6abf3baa926be7c054cda1ff2be109b0a2143b34b2f2d266b6cb2c52  providers/implementations/ciphers/cipher_tdes_common.c
 cca34f1c7baf3a98964f7ce19a59e06d1eaf2ada121a0d4a438f4078a072b325  providers/implementations/ciphers/cipher_tdes_hw.c
-4e9650f30044f65198bb54b0d87a3c7f036d451c7e99e44312e6d1b98eb8f144  providers/implementations/ciphers/ciphercommon.c
+ce1de026ca8d6d2c332f1667051f3f5862362d2ffe37734f701a6d60d15263f7  providers/implementations/ciphers/ciphercommon.c
 f31bd0b27bb72d574bbc52595e34ab4aca0b0cdcfc0c51c7f8851bd84541f498  providers/implementations/ciphers/ciphercommon_block.c
 8af515e63a0c16ff35dcedcc43c7b4735a10943f1e937eeeb73eb1af3dc92782  providers/implementations/ciphers/ciphercommon_ccm.c
 6632a555d5bcd5af67d0355ce46c2906bb3a0dcdf1651595b29189c40a5ca675  providers/implementations/ciphers/ciphercommon_ccm_hw.c
@@ -549,8 +549,8 @@ d266749072cf76ba2aa229e4a28b5f550e21cfa33c8b5a1ccf38210902515021  providers/impl
 4692ea3852bf5763db576359bd793fc1ec3bcd0ca42fc906991d7ec4cced7b2a  providers/implementations/exchange/kdf_exch.c
 df4eaf14b35dee7bbe2204870f14c685563b63f810fb3e619b02262b15076a4b  providers/implementations/include/prov/ciphercommon.h
 b374a4c1ee592b81027081fe7e28dba401658abb2045731af590352f03065e5b  providers/implementations/include/prov/ciphercommon_aead.h
-9e6de8446b60d20d518beaa882734954b61e135b4697c82f597d0f6a44f490f5  providers/implementations/include/prov/ciphercommon_ccm.h
-e593328872efe5e0a85ebb5481f024d190eb4ac17e6f3119f0c307f53e9d3dcf  providers/implementations/include/prov/ciphercommon_gcm.h
+dd07797d61988fd4124cfb920616df672938da80649fac5977bfd061c981edc5  providers/implementations/include/prov/ciphercommon_ccm.h
+b3dda97a263ee474ea3be5d753790a94420dc79b461b98102bee6eab217fb07e  providers/implementations/include/prov/ciphercommon_gcm.h
 199f261261b1cc6fe4fb7d49e09e0de9d9cc3e96d990fe800a42683b03bfe060  providers/implementations/include/prov/digestcommon.h
 b4697ebc8a2c3ec57b88498740c89efb4b448040b3aa91f4b5c12f1abc0d3b9a  providers/implementations/include/prov/implementations.h
 5f09fc71874b00419d71646714f21ebbdcceda277463b6f77d3d3ea6946914e8  providers/implementations/include/prov/kdfexchange.h
@@ -566,7 +566,7 @@ abe2b0f3711eaa34846e155cffc9242e4051c45de896f747afd5ac9d87f637dc  providers/impl
 f54ff5f873d0663b65352cac8c04d34a2d10d4bddf89e83abb4c815389714608  providers/implementations/kdfs/sskdf.c
 33f82c53f3fed4a1187430190f1e886e711f98bc4a713fe96cc7ba03cb02467e  providers/implementations/kdfs/tls1_prf.c
 b91aa5114af88787f44f3deba461ffb8e156c9e13983bb06bf968ccebab71d5a  providers/implementations/kdfs/x942kdf.c
-58acb0ff36bf7e463ba714b347b714eccab9fda77c4ca6bacc3a55e6d2ce5ad9  providers/implementations/kem/rsa_kem.c
+97b26708be2bd1daaf323d4689fc800617b5cceb45ab97ae85c70102f689262d  providers/implementations/kem/rsa_kem.c
 54a23a53169c64c0127dfb3146755bc0b73a056f427a93c30f8d980acace3a46  providers/implementations/keymgmt/dh_kmgmt.c
 c5f4ae7de440fc309f9b51ce54471c007c87b2c08bc72e79c3db646251a2a963  providers/implementations/keymgmt/dsa_kmgmt.c
 551cb6f06400242d12e09438a15eea42d4744a35e9747470ba64b3275b96e1b5  providers/implementations/keymgmt/ec_kmgmt.c
@@ -586,8 +586,8 @@ e49f5ca446860d7b104f2e95fb28eb40e9640ab94a6c65343546c4318ba2d789  providers/impl
 9034528858d20e55a1dffd4ffeccbeaa4876d0d935a74176a1b3fb897b39a927  providers/implementations/rands/drbg_hmac.c
 f3c6bd6d33a8c887eace04d1ff202cb25c53b76cd48b9c69f28cc4aa5b0d8a21  providers/implementations/rands/drbg_local.h
 455478b3d51846c59312247c42b6ad2282b321ce7f618e949572ca5517647e89  providers/implementations/rands/test_rng.c
-b3033431225926f1bea7d7d8f1e128c96d9384ded7e35e05bde3947ab3856b67  providers/implementations/signature/dsa_sig.c
-232d73e1edbf7c2bb787d9e979b781e32d037aae292012223c25cf5f0433053f  providers/implementations/signature/ecdsa_sig.c
+2cd07d8828d2123f79b348b5397e81145e8e7930da48e6271c2933e17abce888  providers/implementations/signature/dsa_sig.c
+bf5dc51fc2184d651fc8949142a5df1b2852dfee7f7f6326078aa8193c7bf040  providers/implementations/signature/ecdsa_sig.c
 1df0e51b3c53faff441c20c581b054936400b7f61cdad9534d0e3e8ab2c81ad8  providers/implementations/signature/eddsa_sig.c
 3bb0f342b4cc1b4594ed0986adc47791c0a7b5c1ae7b1888c1fb5edb268a78d9  providers/implementations/signature/mac_legacy_sig.c
 5d3ee35b4ce6231d10b4e647eb201c7cf4d0cc321ba6dfe65e3e26c8e4008c02  providers/implementations/signature/rsa_sig.c
diff --git a/providers/fips.checksum b/providers/fips.checksum
index 4a53bc1da762..adbe7034ae55 100644
--- a/providers/fips.checksum
+++ b/providers/fips.checksum
@@ -1 +1 @@
-3d393d478cfd0767af67d4269a51296b9032a8f0e5dd6751c2f2c0f9b2dca3dc  providers/fips-sources.checksums
+d72e6325927c7df21b30f3116f583165ed1911e3499808d3f634c996b16181b8  providers/fips-sources.checksums
diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c
index 1f21c722af61..8a8eddf36eec 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
 #define OCB_MIN_IV_LEN 1
 #define OCB_MAX_IV_LEN 15
 
-PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX * ctx, const unsigned char *in, unsigned char *out, size_t nextblock));
+PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, const unsigned char *in, unsigned char *out, size_t nextblock));
 /* forward declarations */
 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
diff --git a/providers/implementations/ciphers/ciphercommon.c b/providers/implementations/ciphers/ciphercommon.c
index 4757bed67f01..18d21ee0976c 100644
--- a/providers/implementations/ciphers/ciphercommon.c
+++ b/providers/implementations/ciphers/ciphercommon.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -666,6 +666,10 @@ int ossl_cipher_generic_set_ctx_params(void *vctx, const OSSL_PARAM params[])
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
+        if (ctx->blocksize > 0 && num >= (unsigned int)ctx->blocksize) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
         ctx->num = num;
     }
     return 1;
diff --git a/providers/implementations/include/prov/ciphercommon_ccm.h b/providers/implementations/include/prov/ciphercommon_ccm.h
index 2c7832f51004..31c4244bd51d 100644
--- a/providers/implementations/include/prov/ciphercommon_ccm.h
+++ b/providers/implementations/include/prov/ciphercommon_ccm.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,13 +44,13 @@ typedef struct prov_ccm_st {
     const PROV_CCM_HW *hw; /* hardware specific methods  */
 } PROV_CCM_CTX;
 
-PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX * ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len));
-PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX * ctx, const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX * dat, const unsigned char *iv, size_t ivlen, size_t mlen));
-PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX * ctx, const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX * ctx, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len));
+PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, const unsigned char *iv, size_t ivlen, size_t mlen));
+PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, unsigned char *tag, size_t taglen));
 
 /*
  * CCM Mode internal method table used to handle hardware specific differences,
diff --git a/providers/implementations/include/prov/ciphercommon_gcm.h b/providers/implementations/include/prov/ciphercommon_gcm.h
index 6e78ff8583c2..8ed6c5531272 100644
--- a/providers/implementations/include/prov/ciphercommon_gcm.h
+++ b/providers/implementations/include/prov/ciphercommon_gcm.h
@@ -1,6 +1,6 @@
 
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -78,12 +78,12 @@ typedef struct prov_gcm_ctx_st {
     const void *ks;
 } PROV_GCM_CTX;
 
-PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX * ctx, const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX * dat, const unsigned char *iv, size_t ivlen));
-PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX * ctx, const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX * ctx, const unsigned char *in, size_t len, unsigned char *out));
-PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX * ctx, unsigned char *tag));
-PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX * ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, size_t ivlen));
+PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out));
+PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
+PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen));
 struct prov_gcm_hw_st {
     OSSL_GCM_setkey_fn setkey;
     OSSL_GCM_setiv_fn setiv;
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 8383b49150c4..39eac8923565 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -282,17 +282,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
         return 0;
 
     /* Step(3): out = RSAEP((n,e), z) */
-    ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
-    if (ret) {
-        ret = 1;
-        if (outlen != NULL)
-            *outlen = nlen;
-        if (secretlen != NULL)
-            *secretlen = nlen;
-    } else {
+    ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
+        RSA_NO_PADDING);
+    if (ret <= 0 || ret != (int)nlen) {
         OPENSSL_cleanse(secret, nlen);
+        return 0;
     }
-    return ret;
+
+    if (outlen != NULL)
+        *outlen = nlen;
+    if (secretlen != NULL)
+        *secretlen = nlen;
+
+    return 1;
 }
 
 /**
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
index 8e3a03715805..8e83a6096ec5 100644
--- a/providers/implementations/signature/dsa_sig.c
+++ b/providers/implementations/signature/dsa_sig.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -412,6 +412,7 @@ static void *dsa_dupctx(void *vpdsactx)
     dstctx->md = NULL;
     dstctx->mdctx = NULL;
     dstctx->propq = NULL;
+    dstctx->aid = NULL;
 
     if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa))
         goto err;
@@ -432,6 +433,18 @@ static void *dsa_dupctx(void *vpdsactx)
         if (dstctx->propq == NULL)
             goto err;
     }
+    /*
+     * The DER-encoding of the algorithm OID is written at the end of aid_buf.
+     * Check that srcctx->aid points into the source aid_buf and then use the
+     * same offset into dstctx->aid_buf.
+     */
+    if (srcctx->aid != NULL
+        && srcctx->aid_len > 0
+        && srcctx->aid >= srcctx->aid_buf
+        && srcctx->aid + srcctx->aid_len <= srcctx->aid_buf + sizeof(srcctx->aid_buf))
+        dstctx->aid = dstctx->aid_buf + (srcctx->aid - srcctx->aid_buf);
+    else
+        dstctx->aid_len = 0;
 
     return dstctx;
 err:
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
index 2624ebe80155..5d9fb16c7276 100644
--- a/providers/implementations/signature/ecdsa_sig.c
+++ b/providers/implementations/signature/ecdsa_sig.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -392,14 +392,13 @@ static void *ecdsa_dupctx(void *vctx)
     PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx;
     PROV_ECDSA_CTX *dstctx;
 
-    if (!ossl_prov_is_running())
-        return NULL;
-
-    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
-    if (dstctx == NULL)
+    /* Test KATS should not need to be supported */
+    if (!ossl_prov_is_running()
+        || srcctx->kinv != NULL
+        || srcctx->r != NULL
+        || (dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL)
         return NULL;
 
-    *dstctx = *srcctx;
     dstctx->ec = NULL;
     dstctx->md = NULL;
     dstctx->mdctx = NULL;
@@ -407,27 +406,19 @@ static void *ecdsa_dupctx(void *vctx)
 
     if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec))
         goto err;
-    /* Test KATS should not need to be supported */
-    if (srcctx->kinv != NULL || srcctx->r != NULL)
-        goto err;
     dstctx->ec = srcctx->ec;
 
     if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
         goto err;
     dstctx->md = srcctx->md;
 
-    if (srcctx->mdctx != NULL) {
-        dstctx->mdctx = EVP_MD_CTX_new();
-        if (dstctx->mdctx == NULL
-            || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
-            goto err;
-    }
-
-    if (srcctx->propq != NULL) {
-        dstctx->propq = OPENSSL_strdup(srcctx->propq);
-        if (dstctx->propq == NULL)
-            goto err;
-    }
+    if (srcctx->mdctx != NULL
+        && ((dstctx->mdctx = EVP_MD_CTX_new()) == NULL
+            || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)))
+        goto err;
+    if (srcctx->propq != NULL
+        && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL)
+        goto err;
 
     return dstctx;
 err:
diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index 90f4fa066943..b39460f8345f 100644
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -209,6 +209,12 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
     WPACKET pkt;
     int ret = 0;
 
+    /*
+     * Each EVP_Digest{Sign,Verify}Init_ex(3) starts with fresh content, that
+     * needs to recompute the "Z" digest.
+     */
+    ctx->flag_compute_z_digest = 1;
+
     if (!sm2sig_signature_init(vpsm2ctx, ec, params)
         || !sm2sig_set_mdname(ctx, mdname))
         return ret;
@@ -240,8 +246,6 @@ static int sm2sig_digest_signverify_init(void *vpsm2ctx, const char *mdname,
     if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
         goto error;
 
-    ctx->flag_compute_z_digest = 1;
-
     ret = 1;
 
 error:
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index 90aab2c5d32c..989aa70ddf5d 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -105,6 +105,8 @@ struct file_ctx_st {
 
     /* Expected object type.  May be unspecified */
     int expected_type;
+    /* Fatal error occurred. We should indicate EOF. */
+    int fatal_error;
 };
 
 static void free_file_ctx(struct file_ctx_st *ctx)
@@ -519,8 +521,10 @@ static int file_load_file(struct file_ctx_st *ctx,
 
     /* Setup the decoders (one time shot per session */
 
-    if (!file_setup_decoders(ctx))
+    if (!file_setup_decoders(ctx)) {
+        ctx->fatal_error = 1;
         return 0;
+    }
 
     /* Setup for this object */
 
@@ -720,6 +724,9 @@ static int file_eof(void *loaderctx)
 {
     struct file_ctx_st *ctx = loaderctx;
 
+    if (ctx->fatal_error)
+        return 1;
+
     switch (ctx->type) {
     case IS_DIR:
         return ctx->_.dir.end_reached;
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c
index ff2037ceb455..ff6bd7007ec2 100644
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -4156,7 +4156,7 @@ long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
     switch (cmd) {
 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_DH_CB:
-        s->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
+        s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
         ret = 1;
         break;
 #endif
@@ -4404,7 +4404,7 @@ long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
     switch (cmd) {
 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_DH_CB: {
-        ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
+        ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
     } break;
 #endif
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
diff --git a/ssl/ssl_asn1.c b/ssl/ssl_asn1.c
index 081f7f28475b..65f6327ff193 100644
--- a/ssl/ssl_asn1.c
+++ b/ssl/ssl_asn1.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -78,7 +78,7 @@ ASN1_SEQUENCE(SSL_SESSION_ASN1) = {
     ASN1_EXP_OPT_EMBED(SSL_SESSION_ASN1, kex_group, UINT32, 19)
 } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
 
 /* Utility functions for i2d_SSL_SESSION */
 
diff --git a/ssl/statem/statem_dtls.c b/ssl/statem/statem_dtls.c
index b4d27ada8c80..ec6dee45b5d5 100644
--- a/ssl/statem/statem_dtls.c
+++ b/ssl/statem/statem_dtls.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1155,7 +1155,11 @@ int dtls1_buffer_message(SSL *s, int is_ccs)
         return 0;
     }
 
-    pqueue_insert(s->d1->sent_messages, item);
+    if (pqueue_insert(s->d1->sent_messages, item) == NULL) {
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+        return 0;
+    }
     return 1;
 }
 
diff --git a/test/README-external.md b/test/README-external.md
index 3e10526b852f..4949bebda435 100644
--- a/test/README-external.md
+++ b/test/README-external.md
@@ -39,7 +39,7 @@ tests against the local OpenSSL build.
 
 You will need a git checkout of krb5 at the top level:
 
-    $ git clone https://github.com/krb5/krb5
+    $ git submodule update --init
 
 krb5's master has to pass this same CI, but a known-good version is
 krb5-1.15.1-final if you want to be sure.
diff --git a/test/asn1_decode_test.c b/test/asn1_decode_test.c
index 9434c926f50e..74bd30c95ecd 100644
--- a/test/asn1_decode_test.c
+++ b/test/asn1_decode_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,7 +40,7 @@ ASN1_SEQUENCE(ASN1_LONG_DATA) = {
     ASN1_EMBED(ASN1_LONG_DATA, test_long, LONG),
 } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
 
 static int test_long(void)
@@ -66,7 +66,7 @@ ASN1_SEQUENCE(ASN1_INT32_DATA) = {
     ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
 } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
 
 static int test_int32(void)
@@ -91,7 +91,7 @@ ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
     ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
 } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
 
 static int test_uint32(void)
@@ -116,7 +116,7 @@ ASN1_SEQUENCE(ASN1_INT64_DATA) = {
     ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
 } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
 
 static int test_int64(void)
@@ -141,7 +141,7 @@ ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
     ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
 } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
 
 static int test_uint64(void)
@@ -168,7 +168,7 @@ ASN1_SEQUENCE(INVALIDTEMPLATE) = {
     ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
 } static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
 
 /* Empty sequence for invalid template test */
diff --git a/test/asn1_encode_test.c b/test/asn1_encode_test.c
index a41001787aaf..26db37555d43 100644
--- a/test/asn1_encode_test.c
+++ b/test/asn1_encode_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -198,7 +198,7 @@ ASN1_SEQUENCE(ASN1_LONG_DATA) = {
     ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0)
 } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
 
 static ASN1_LONG_DATA long_expected_32bit[] = {
@@ -292,7 +292,7 @@ ASN1_SEQUENCE(ASN1_INT32_DATA) = {
     ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
 } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
 
 static ASN1_INT32_DATA int32_expected[] = {
@@ -340,7 +340,7 @@ ASN1_SEQUENCE(ASN1_UINT32_DATA) = {
     ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
 } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
 
 static ASN1_UINT32_DATA uint32_expected[] = {
@@ -388,7 +388,7 @@ ASN1_SEQUENCE(ASN1_INT64_DATA) = {
     ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
 } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
 
 static ASN1_INT64_DATA int64_expected[] = {
@@ -437,7 +437,7 @@ ASN1_SEQUENCE(ASN1_UINT64_DATA) = {
     ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
 } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
 
 static ASN1_UINT64_DATA uint64_expected[] = {
@@ -873,7 +873,7 @@ ASN1_SEQUENCE(INVALIDTEMPLATE) = {
     ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
 } static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
 
 static int test_invalid_template(void)
diff --git a/test/asn1_internal_test.c b/test/asn1_internal_test.c
index 919c7aaf335e..90f7f09cb21a 100644
--- a/test/asn1_internal_test.c
+++ b/test/asn1_internal_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,6 +20,7 @@
 
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
+#include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 #include "testutil.h"
 #include "internal/nelem.h"
@@ -206,6 +207,22 @@ static int test_mbstring_ncopy(void)
     return 1;
 }
 
+static int test_ossl_uni2utf8(void)
+{
+    const unsigned char in[] = { 0x21, 0x92 }; /* unicode right arrow */
+    int inlen = 2;
+    char *out = NULL;
+    int ok = 0;
+
+    /* reproducer for CVE-2025-69419 */
+    out = OPENSSL_uni2utf8(in, inlen);
+    if (TEST_str_eq(out, "\xe2\x86\x92"))
+        ok = 1;
+
+    OPENSSL_free(out);
+    return ok;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_tbl_standard);
@@ -213,5 +230,6 @@ int setup_tests(void)
     ADD_TEST(test_empty_nonoptional_content);
     ADD_TEST(test_unicode_range);
     ADD_TEST(test_mbstring_ncopy);
+    ADD_TEST(test_ossl_uni2utf8);
     return 1;
 }
diff --git a/test/bntest.c b/test/bntest.c
index 8ac8c3075c13..5437dd711d00 100644
--- a/test/bntest.c
+++ b/test/bntest.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1645,6 +1645,52 @@ err:
     return st;
 }
 
+static int file_modsqr(STANZA *s)
+{
+    BIGNUM *a = NULL, *m = NULL, *mod_sqr = NULL, *ret = NULL;
+    int st = 0;
+
+    if (!TEST_ptr(a = getBN(s, "A"))
+        || !TEST_ptr(m = getBN(s, "M"))
+        || !TEST_ptr(mod_sqr = getBN(s, "ModSqr"))
+        || !TEST_ptr(ret = BN_new()))
+        goto err;
+
+    if (!TEST_true(BN_mod_sqr(ret, a, m, ctx))
+        || !equalBN("A^2 (mod M)", mod_sqr, ret))
+        goto err;
+
+    if (BN_is_odd(m)) {
+        /* Reduce |a| and test the Montgomery version. */
+        BN_MONT_CTX *mont = BN_MONT_CTX_new();
+        BIGNUM *a_tmp = BN_new();
+
+        if (mont == NULL || a_tmp == NULL
+            || !TEST_true(BN_MONT_CTX_set(mont, m, ctx))
+            || !TEST_true(BN_nnmod(a_tmp, a, m, ctx))
+            || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx))
+            || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, a_tmp,
+                mont, ctx))
+            || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx))
+            || !equalBN("A^2 (mod M) (mont)", mod_sqr, ret))
+            st = 0;
+        else
+            st = 1;
+        BN_MONT_CTX_free(mont);
+        BN_free(a_tmp);
+        if (st == 0)
+            goto err;
+    }
+
+    st = 1;
+err:
+    BN_free(a);
+    BN_free(m);
+    BN_free(mod_sqr);
+    BN_free(ret);
+    return st;
+}
+
 static int file_modexp(STANZA *s)
 {
     BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL;
@@ -3036,6 +3082,7 @@ static int file_test_run(STANZA *s)
         { "Product", file_product },
         { "Quotient", file_quotient },
         { "ModMul", file_modmul },
+        { "ModSqr", file_modsqr },
         { "ModExp", file_modexp },
         { "Exp", file_exp },
         { "ModSqrt", file_modsqrt },
diff --git a/test/certs/cve-2026-28388-ca.pem b/test/certs/cve-2026-28388-ca.pem
new file mode 100644
index 000000000000..9e36d11c4b4b
--- /dev/null
+++ b/test/certs/cve-2026-28388-ca.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw
+ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp
+hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO
+FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF
+pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f
+1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW
+nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt
+UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi
+4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q
+xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC
+ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu
+d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh
+ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud
+cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA==
+-----END CERTIFICATE-----
diff --git a/test/certs/cve-2026-28388-crls.pem b/test/certs/cve-2026-28388-crls.pem
new file mode 100644
index 000000000000..46cbd7876dcd
--- /dev/null
+++ b/test/certs/cve-2026-28388-crls.pem
@@ -0,0 +1,22 @@
+-----BEGIN X509 CRL-----
+MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
+MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV
+tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl
+3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF
+Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l
+pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M
+klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO
+6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf
+OohWoSH8tqwrNFZkblAH
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
+MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV
+tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
+AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK
+SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep
+WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki
+1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI
+kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs
+njcibOSKC9YWgNmZUy0QV5D8
+-----END X509 CRL-----
diff --git a/test/certs/cve-2026-28388-leaf.pem b/test/certs/cve-2026-28388-leaf.pem
new file mode 100644
index 000000000000..02b22997cdd8
--- /dev/null
+++ b/test/certs/cve-2026-28388-leaf.pem
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ
+VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+
+nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn
+Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd
+Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP
+QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX
+CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO
+Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J
+ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt
+BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G
+CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80
+13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ
+bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+
+emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw
+zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+
+nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP
+-----END CERTIFICATE-----
diff --git a/test/certs/mkcert.sh b/test/certs/mkcert.sh
index 648d91cd9ebe..9d3b17c91cd4 100755
--- a/test/certs/mkcert.sh
+++ b/test/certs/mkcert.sh
@@ -1,6 +1,6 @@
 #! /bin/bash
 #
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2016 Viktor Dukhovni <openssl-users@dukhovni.org>.
 # All rights reserved.
 #
@@ -255,7 +255,7 @@ genee() {
     local cakey=$1; shift
     local ca=$1; shift
 
-    exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+    exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
 	    "subjectKeyIdentifier = hash" \
 	    "authorityKeyIdentifier = keyid, issuer" \
 	    "basicConstraints = CA:false" \
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index cfe4a406eccd..1b0f0711cb57 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -638,6 +638,32 @@ static EVP_PKEY *load_example_ec_key(void)
 #endif
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
+
+static EVP_PKEY *make_bad_rsa_pubkey(void)
+{
+    RSA *rsa = NULL;
+    BIGNUM *n = NULL, *e = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    /* Deliberately invalid public key: n = 17, e = 17 */
+    if (!TEST_ptr(pkey = EVP_PKEY_new())
+        || !TEST_ptr(rsa = RSA_new())
+        || !TEST_ptr(n = BN_new())
+        || !TEST_ptr(e = BN_new())
+        || !TEST_true(BN_set_word(n, 17))
+        || !TEST_true(BN_set_word(e, 17))
+        || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
+        || !EVP_PKEY_assign_RSA(pkey, rsa))
+        goto err;
+
+    return pkey;
+err:
+    BN_free(n);
+    BN_free(e);
+    RSA_free(rsa);
+    return NULL;
+}
+
 #ifndef OPENSSL_NO_DH
 static EVP_PKEY *load_example_dh_key(void)
 {
@@ -4854,6 +4880,46 @@ err:
     return testresult;
 }
 
+static int test_rsasve_kem_with_invalid_pub_key(void)
+{
+    RSA *rsa = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    unsigned char *ct = NULL;
+    unsigned char *secret = NULL;
+    size_t ctlen = 0, secretlen = 0;
+    int testresult = 0;
+
+    if (nullprov != NULL) {
+        testresult = TEST_skip("Test does not support a non-default library context");
+        goto err;
+    }
+
+    if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
+        goto err;
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
+        || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
+        || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
+        || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
+        || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
+        || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
+        goto err;
+
+    if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
+        goto err;
+
+    testresult = 1;
+
+err:
+    OPENSSL_free(secret);
+    OPENSSL_free(ct);
+    EVP_PKEY_CTX_free(ctx);
+    RSA_free(rsa);
+    EVP_PKEY_free(pkey);
+    return testresult;
+}
+
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 /* Test we can create a signature keys with an associated ENGINE */
 static int test_signatures_with_engine(int tst)
@@ -5367,6 +5433,45 @@ static int test_invalid_ctx_for_digest(void)
     return ret;
 }
 
+static int test_evp_cipher_negative_length(void)
+{
+    EVP_CIPHER_CTX *ctx = NULL;
+    EVP_CIPHER *cipher = NULL;
+    unsigned char key[16] = { 0 };
+    unsigned char iv[16] = { 0 };
+    unsigned char buffer[32] = { 0 };
+    int outl = 0;
+    int ret = 0;
+
+    if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
+        goto end;
+
+    if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq)))
+        goto end;
+
+    /* Initialize encryption context */
+    if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
+        goto end;
+
+    /* Test EVP_EncryptUpdate with negative length - should fail */
+    if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
+        goto end;
+
+    /* Reinitialize for decryption */
+    if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
+        goto end;
+
+    /* Test EVP_DecryptUpdate with negative length - should fail */
+    if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
+        goto end;
+
+    ret = 1;
+end:
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_CTX_free(ctx);
+    return ret;
+}
+
 int setup_tests(void)
 {
     OPTION_CHOICE o;
@@ -5505,6 +5610,7 @@ int setup_tests(void)
     ADD_TEST(test_evp_md_cipher_meth);
     ADD_TEST(test_custom_md_meth);
     ADD_TEST(test_custom_ciph_meth);
+    ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
 
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
     /* Tests only support the default libctx */
@@ -5533,6 +5639,8 @@ int setup_tests(void)
 
     ADD_TEST(test_invalid_ctx_for_digest);
 
+    ADD_TEST(test_evp_cipher_negative_length);
+
     return 1;
 }
 
diff --git a/test/http_test.c b/test/http_test.c
index ac3369f88543..f2f60a82bf98 100644
--- a/test/http_test.c
+++ b/test/http_test.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -248,6 +248,18 @@ static int test_http_url_path_query_ok(const char *url, const char *exp_path_qu)
     return res;
 }
 
+static int test_http_url_host_ok(const char *url, const char *exp_host)
+{
+    char *host;
+    int res;
+
+    res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL,
+              NULL, NULL, NULL))
+        && TEST_str_eq(host, exp_host);
+    OPENSSL_free(host);
+    return res;
+}
+
 static int test_http_url_dns(void)
 {
     return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
@@ -265,6 +277,13 @@ static int test_http_url_userinfo_query_fragment(void)
     return test_http_url_ok("user:pass@host/p?q#fr", 0, "host", "80", "/p");
 }
 
+static int test_http_url_at_sign_outside_authority(void)
+{
+    return test_http_url_host_ok("http://host/p@attacker.test", "host")
+        && test_http_url_host_ok("http://host/p?q=@attacker.test", "host")
+        && test_http_url_host_ok("http://host/p?q#fr@attacker.test", "host");
+}
+
 static int test_http_url_ipv4(void)
 {
     return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q");
@@ -379,6 +398,7 @@ int setup_tests(void)
     ADD_TEST(test_http_url_dns);
     ADD_TEST(test_http_url_path_query);
     ADD_TEST(test_http_url_userinfo_query_fragment);
+    ADD_TEST(test_http_url_at_sign_outside_authority);
     ADD_TEST(test_http_url_ipv4);
     ADD_TEST(test_http_url_ipv6);
     ADD_TEST(test_http_url_invalid_prefix);
diff --git a/test/recipes/10-test_bn_data/bnmod.txt b/test/recipes/10-test_bn_data/bnmod.txt
index 85a17e0a05dc..a0a30df45e74 100644
--- a/test/recipes/10-test_bn_data/bnmod.txt
+++ b/test/recipes/10-test_bn_data/bnmod.txt
@@ -1,4 +1,4 @@
-# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2010,6 +2010,14 @@ A = ca6c51ba2f410d09bf71d60fe
 B = 8bdfa8fe5ef3b2ad02bc63c4d
 M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb
 
+# These test vectors satisfy A ^ 2 = ModSqr (mod M) and 0 <= ModSqr < M.
+
+Title = ModSqr tests
+
+# Regression test for https://github.com/openssl/openssl/issues/15587
+ModSqr = 166794ed50cb31b6e6a319f7474416c266d5c3f3115ea2a7ed9638367d1f955f66a7179ee3ce5ee5e04e63c46781f1192beac3abb26ff238f5ed2f5505ae06003ff
+A = 1407833bd4c893195cc32f56a507f15140be687a1994febe0bdbe793125f010a3c1c814737b10ab690498b7990ce4e625ad2f32cbf42626cb9649da38a5c9c76a99
+M = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
 
 # These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M.
 
diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
index 19c528f0b89a..0b2abdceca87 100644
--- a/test/recipes/25-test_verify.t
+++ b/test/recipes/25-test_verify.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -30,7 +30,7 @@ sub verify {
     run(app([@args]));
 }
 
-plan tests => 175;
+plan tests => 176;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -529,6 +529,18 @@ ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
            "-explicit_policy"),
    "Bad certificate policy");
 
+# CVE-2026-28388
+my $cve_28388_stderr = "cve-2026-28388.err";
+run(app(["openssl", "verify",
+         "-attime", "1739527200",
+         "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"),
+         "-crl_check", "-use_deltas",
+         "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"),
+         srctop_file(@certspath, "cve-2026-28388-leaf.pem")],
+         stderr => $cve_28388_stderr));
+ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }),
+   "CVE-2026-28388");
+
 # CAstore option
 my $rootcertname = "root-cert";
 my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
diff --git a/test/recipes/61-test_bio_readbuffer.t b/test/recipes/61-test_bio_readbuffer.t
index e10ab746ae38..cd3db6a6ec54 100644
--- a/test/recipes/61-test_bio_readbuffer.t
+++ b/test/recipes/61-test_bio_readbuffer.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,7 +16,7 @@ setup('test_bio_readbuffer');
 my $pemfile = srctop_file("test", "certs", "leaf.pem");
 my $derfile = 'readbuffer_leaf.der';
 
-plan tests => 3;
+plan tests => 4;
 
 ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile,
              '-outform', 'DER', '-out', $derfile])),
@@ -27,3 +27,7 @@ ok(run(test(["bio_readbuffer_test", $derfile])),
 
 ok(run(test(["bio_readbuffer_test", $pemfile])),
    "Running bio_readbuffer_test $pemfile");
+
+ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM',
+             '-noout' ], stdin => $derfile)),
+   "Test stdin read buffer in openssl app");
diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
index 8c58152759e7..b6ee61464409 100644
--- a/test/recipes/80-test_cms.t
+++ b/test/recipes/80-test_cms.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -51,7 +51,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
 
 $no_rc2 = 1 if disabled("legacy");
 
-plan tests => 20;
+plan tests => 23;
 
 ok(run(test(["pkcs7_test"])), "test pkcs7");
 
@@ -1106,6 +1106,49 @@ with({ exit_checker => sub { return shift == 3; } },
 	   "Check for failure when cipher does not have an assigned OID (issue#22225)");
      });
 
+# Test cases for CVE-2026-28389
+my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der");
+my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem");
+my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+    sub {
+        SKIP: {
+          skip "DH is not supported in this build", 1 if $no_dh;
+
+          ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+                      "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])),
+             "Must not crash on malformed cms inputs with dh key");
+        }
+    });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der");
+my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem");
+my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+    sub {
+        SKIP: {
+          skip "EC is not supported in this build", 1 if $no_ec;
+
+          ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+                       "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])),
+             "Must not crash on malformed cms inputs with ecdh key");
+        }
+    });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der");
+my $smrsacert = catfile($smdir, "smrsa3.pem");
+my $smrsakey = catfile($smdir, "smrsa3-key.pem");
+
+# Test case for CVE-2026-28390
+with({ exit_checker => sub { my $ret = shift; return $ret == 4 || $ret == 0; } },
+    sub {
+        ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform",
+                   "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])),
+           "Must not crash on malformed cms inputs with RSA key");
+    });
+
 # Test encrypt to three recipients, and decrypt using key-only;
 # i.e. do not follow the recommended practice of providing the
 # recipient cert in the decrypt op.
diff --git a/test/recipes/80-test_cms_data/dh-cert.pem b/test/recipes/80-test_cms_data/dh-cert.pem
new file mode 100644
index 000000000000..f5fb90b9009b
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-cert.pem
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2
+MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC
+AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD
+zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf
+XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP
+SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI
+7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8
+LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH//////
+////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx
+hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw
+c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw
+a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050
+wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww
+lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX
+l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl
+IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ
+ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO
+M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu
+lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j
+BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo
+cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW
+AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp
+JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm
+eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO
+VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3
+NGpnrpeWX4rk4kQmx/I=
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_cms_data/dh-key.pem b/test/recipes/80-test_cms_data/dh-key.pem
new file mode 100644
index 000000000000..16010785214e
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-key.pem
@@ -0,0 +1,15 @@
+-----BEGIN PRIVATE KEY-----
+MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW
+ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e
+1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY
+oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt
+52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47
+G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC
+AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n
+Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv
+P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl
+2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm
+lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT
+YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r
+xDHoWg==
+-----END PRIVATE KEY-----
diff --git a/test/recipes/80-test_cms_data/dh-malformed.der b/test/recipes/80-test_cms_data/dh-malformed.der
new file mode 100644
index 000000000000..20a5ed84bde9
--- /dev/null
+++ b/test/recipes/80-test_cms_data/dh-malformed.der
diff --git a/test/recipes/80-test_cms_data/ecdh-cert.pem b/test/recipes/80-test_cms_data/ecdh-cert.pem
new file mode 100644
index 000000000000..3a0ab6624ca2
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-cert.pem
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw
+DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow
+DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s
+OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC
+EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+
+NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ==
+-----END CERTIFICATE-----
diff --git a/test/recipes/80-test_cms_data/ecdh-key.pem b/test/recipes/80-test_cms_data/ecdh-key.pem
new file mode 100644
index 000000000000..ef9488b3c516
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-key.pem
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1
+unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC
+3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ
+-----END PRIVATE KEY-----
diff --git a/test/recipes/80-test_cms_data/ecdh-malformed.der b/test/recipes/80-test_cms_data/ecdh-malformed.der
new file mode 100644
index 000000000000..14ddc1dea290
--- /dev/null
+++ b/test/recipes/80-test_cms_data/ecdh-malformed.der
diff --git a/test/recipes/80-test_cms_data/rsa-malformed.der b/test/recipes/80-test_cms_data/rsa-malformed.der
new file mode 100644
index 000000000000..4182a465ce79
--- /dev/null
+++ b/test/recipes/80-test_cms_data/rsa-malformed.der
diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t
index c2299962523a..b46812078e60 100644
--- a/test/recipes/80-test_ocsp.t
+++ b/test/recipes/80-test_ocsp.t
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -36,22 +36,24 @@ sub test_ocsp {
     }
     my $expected_exit = shift;
     my $nochecks = shift;
+    my $opt_untrusted = shift // "-verify_other";
     my $outputfile = basename($inputfile, '.ors') . '.dat';
 
     run(app(["openssl", "base64", "-d",
              "-in", catfile($ocspdir,$inputfile),
              "-out", $outputfile]));
+    my @certopt = ($opt_untrusted, catfile($ocspdir, $untrusted));
     with({ exit_checker => sub { return shift == $expected_exit; } },
          sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile,
                            "-partial_chain", @check_time,
                            "-CAfile", catfile($ocspdir, $CAfile),
-                           "-verify_other", catfile($ocspdir, $untrusted),
+                           @certopt,
                            "-no-CApath", "-no-CAstore",
                            $nochecks ? "-no_cert_checks" : ()])),
                   $title); });
 }
 
-plan tests => 11;
+plan tests => 12;
 
 subtest "=== VALID OCSP RESPONSES ===" => sub {
     plan tests => 7;
@@ -225,4 +227,12 @@ subtest "=== OCSP API TESTS===" => sub {
 
     ok(run(test(["ocspapitest", data_file("cert.pem"), data_file("key.pem")])),
                  "running ocspapitest");
-}
+};
+
+subtest "=== UNTRUSTED ISSUER HINTS ===" => sub {
+    plan tests => 1;
+
+    test_ocsp("NON-DELEGATED; invalid issuer via -issuer",
+              "ND1.ors", "ND1_Cross_Root.pem",
+              "ISIC_ND1_Issuer_ICA.pem", 1, 0, "-issuer");
+};
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 1cb772c00f10..84dbfd378453 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -338,21 +338,21 @@ foreach my $lib ( keys %errorfile ) {
  */
 
 #ifndef $guard
-# define $guard
-# pragma once
+#define $guard
+#pragma once
 
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
 
-# ifdef  __cplusplus
+#ifdef __cplusplus
 extern \"C\" {
-# endif
+#endif
 
 EOF
         $indent = ' ';
         if ($disablable) {
             print OUT <<"EOF";
-# ifndef OPENSSL_NO_${lib}
+#ifndef OPENSSL_NO_${lib}
 
 EOF
             $indent = "  ";
@@ -379,7 +379,7 @@ EOF
                     $rassigned{$lib} .= "$findcode:";
                     print STDERR "New Reason code $i\n" if $debug;
                 }
-                printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+                printf OUT "#define $i $rcodes{$i}\n";
             }
             print OUT "\n";
         }
@@ -388,14 +388,14 @@ EOF
         # brace for 'extern "C" {'.
         while (length($indent) > 1) {
             $indent = substr $indent, 0, -1;
-            print OUT "#${indent}endif\n";
+            print OUT "#endif\n";
         }
 
         print OUT <<"EOF";
 
-# ifdef  __cplusplus
+#ifdef __cplusplus
 }
-# endif
+#endif
 #endif
 EOF
         close OUT;
@@ -407,8 +407,8 @@ EOF
         my $extra_include =
             $internal
             ? ($lib ne 'SSL'
-               ? "# include <openssl/cryptoerr_legacy.h>\n"
-               : "# include <openssl/sslerr_legacy.h>\n")
+               ? "#include <openssl/cryptoerr_legacy.h>\n"
+               : "#include <openssl/sslerr_legacy.h>\n")
             : '';
         my $hfile = $hpubinc{$lib};
         my $guard = $hfile;
@@ -429,45 +429,43 @@ EOF
  */
 
 #ifndef $guard
-# define $guard
-# pragma once
+#define $guard
+#pragma once
 
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
 $extra_include
-
 EOF
         $indent = ' ';
         if ( $internal ) {
             if ($disablable) {
                 print OUT <<"EOF";
-# ifndef OPENSSL_NO_${lib}
-
+#ifndef OPENSSL_NO_${lib}
 EOF
                 $indent .= ' ';
             }
         } else {
             print OUT <<"EOF";
-# define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
-
+#define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
+#define ERR_R_${lib}_LIB ERR_${lib}_lib()
 EOF
             if ( ! $static ) {
                 print OUT <<"EOF";
 
-# ifdef  __cplusplus
+#ifdef __cplusplus
 extern \"C\" {
-# endif
+#endif
 int ERR_load_${lib}_strings(void);
 void ERR_unload_${lib}_strings(void);
 void ERR_${lib}_error(int function, int reason, const char *file, int line);
-# ifdef  __cplusplus
+#ifdef __cplusplus
 }
-# endif
+#endif
 EOF
             }
         }
 
-        print OUT "\n/*\n * $lib reason codes.\n */\n";
+        print OUT "/*\n * $lib reason codes.\n */\n";
         foreach my $i ( @reasons ) {
             my $z = 48 - length($i);
             $z = 0 if $z < 0;
@@ -482,13 +480,13 @@ EOF
                 $rassigned{$lib} .= "$findcode:";
                 print STDERR "New Reason code $i\n" if $debug;
             }
-            printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+            printf OUT "#define $i $rcodes{$i}\n";
         }
         print OUT "\n";
 
         while (length($indent) > 0) {
             $indent = substr $indent, 0, -1;
-            print OUT "#${indent}endif\n";
+            print OUT "#endif\n";
         }
         close OUT;
     }
@@ -548,7 +546,7 @@ EOF
             }
         }
         print OUT <<"EOF";
-#${indent}ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_ERR
 
 static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = {
 EOF
@@ -565,28 +563,27 @@ EOF
                 $rn =~ tr/_[A-Z]/ [a-z]/;
                 $strings{$i} = $rn;
             }
-            my $short = "    {ERR_PACK($pack_lib, 0, $i), \"$rn\"},";
-            if ( length($short) <= 80 ) {
-                print OUT "$short\n";
-            } else {
-                print OUT "    {ERR_PACK($pack_lib, 0, $i),\n    \"$rn\"},\n";
-            }
+            my $lines;
+            $lines = "    { ERR_PACK($pack_lib, 0, $i), \"$rn\" },";
+            $lines = "    { ERR_PACK($pack_lib, 0, $i),\n        \"$rn\" },"
+                if length($lines) > 82;
+            print OUT "$lines\n";
         }
         print OUT <<"EOF";
-    {0, NULL}
+    { 0, NULL }
 };
 
-#${indent}endif
+#endif
 EOF
         if ( $internal ) {
             print OUT <<"EOF";
 
 int ossl_err_load_${lib}_strings(void)
 {
-#${indent}ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(${lib}_str_reasons[0].error) == NULL)
         ERR_load_strings_const(${lib}_str_reasons);
-#${indent}endif
+#endif
     return 1;
 }
 EOF
@@ -628,13 +625,20 @@ ${st}void ERR_${lib}_error(int function, int reason, const char *file, int line)
     ERR_raise(lib_code, reason);
     ERR_set_debug(file, line, NULL);
 }
+
+${st}int ERR_${lib}_lib(void)
+{
+    if (lib_code == 0)
+        lib_code = ERR_get_next_error_library();
+    return lib_code;
+}
 EOF
 
         }
 
         while (length($indent) > 1) {
             $indent = substr $indent, 0, -1;
-            print OUT "#${indent}endif\n";
+            print OUT "#endif\n";
         }
         if ($internal && $disablable) {
             print OUT <<"EOF";