openssl: Import OpenSSL 3.0.15.

This release incorporates the following bug fixes and mitigations: - Fixed possible denial of service in X.509 name checks ([CVE-2024-6119]) - Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535]) Release notes can be found at: https://openssl-library.org/news/openssl-3.0-notes/index.html
2024-11-26 20:12:44 +00:00 · 2024-09-03 20:56:17 -07:00 · 2024-09-03 20:56:17 -07:00 · 108164cf95
commit 108164cf95
parent e60dbfd00b
174 changed files with 2414 additions and 914 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -28,6 +28,30 @@ breaking changes, and mappings for the large list of deprecated functions.
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 ### Changes between 3.0.14 and 3.0.15 [3 Sep 2024]
 * Fixed possible denial of service in X.509 name checks.
   Applications performing certificate name checks (e.g., TLS clients checking
   server certificates) may attempt to read an invalid memory address when
   comparing the expected name with an `otherName` subject alternative name of
   an X.509 certificate. This may result in an exception that terminates the
   application program.
   ([CVE-2024-6119])
   *Viktor Dukhovni*
 * Fixed possible buffer overread in SSL_select_next_proto().
   Calling the OpenSSL API function SSL_select_next_proto with an empty
   supported client protocols buffer may cause a crash or memory contents
   to be sent to the peer.
   ([CVE-2024-5535])
   *Matt Caswell*
 ### Changes between 3.0.13 and 3.0.14 [4 Jun 2024]
 * Fixed potential use after free after SSL_free_buffers() is called.
@ -70,6 +94,14 @@ breaking changes, and mappings for the large list of deprecated functions.
   *Tomáš Mráz*
 * Improved EC/DSA nonce generation routines to avoid bias and timing
   side channel leaks.
   Thanks to Florian Sieck from Universität zu Lübeck and George Pantelakis
   and Hubert Kario from Red Hat for reporting the issues.
   *Tomáš Mráz and Paul Dale*
 * Fixed an issue where some non-default TLS server configurations can cause
   unbounded memory growth when processing TLSv1.3 sessions. An attacker may
   exploit certain server configurations to trigger unbounded memory growth that
@ -19890,6 +19922,8 @@ ndif
 <!-- Links -->
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -3,7 +3,7 @@ HOW TO CONTRIBUTE TO OpenSSL
 Please visit our [Getting Started] page for other ideas about how to contribute.
-  [Getting Started]: <https://www.openssl.org/community/getting-started.html>
+  [Getting Started]: <https://openssl-library.org/community/getting-started>
 Development is done on GitHub in the [openssl/openssl] repository.
@ -77,8 +77,8 @@ guidelines:
    Clean builds via GitHub Actions are required. They are started automatically
    whenever a PR is created or updated by committers.
-    [coding style]: https://www.openssl.org/policies/technical/coding-style.html
+    [coding style]: https://openssl-library.org/policies/technical/coding-style/
-    [documentation policy]: https://openssl.org/policies/technical/documentation-policy.html
+    [documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
 5. When at all possible, code contributions should include tests. These can
    either be added to an existing test, or completely new.  Please see
--- a/Configurations/10-main.conf
+++ b/Configurations/10-main.conf
@ -1264,6 +1264,25 @@ my %targets = (
        AR               => add("-X32"),
        RANLIB           => add("-X32"),
    },
    # To enable openxl compiler for aix
    # If 17.1 openxl runtime is available, -latomic can be used
    # instead of -DBROKEN_CLANG_ATOMICS
    "aix-clang" => {
        inherit_from     => [ "aix-common" ],
        CC               => "ibm-clang",
        CFLAGS           => picker(debug   => "-O0 -g",
                                   release => "-O"),
        cflags           => combine("-Wno-implicit-function-declaration -mcmodel=large -DBROKEN_CLANG_ATOMICS",
                            threads("-pthread")),
        ex_libs          => add(threads("-pthread")),
        bn_ops           => "BN_LLONG RC4_CHAR",
        asm_arch         => 'ppc32',
        perlasm_scheme   => "aix32",
        shared_cflag     => "-fpic",
        shared_ldflag    => add("-shared"),
        AR               => add("-X32"),
        RANLIB           => add("-X32"),
    },
    "aix64-cc" => {
        inherit_from     => [ "aix-common" ],
        CC               => "cc",
@ -1282,6 +1301,23 @@ my %targets = (
        AR               => add("-X64"),
        RANLIB           => add("-X64"),
    },
    "aix64-clang" => {
        inherit_from     => [ "aix-common" ],
        CC               => "ibm-clang",
        CFLAGS           => picker(debug   => "-O0 -g",
                                   release => "-O"),
        cflags           => combine("-maix64 -Wno-implicit-function-declaration -mcmodel=large",
                            threads("-pthread")),
        ex_libs          => add(threads("-pthread")),
        bn_ops           => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
        asm_arch         => 'ppc64',
        perlasm_scheme   => "aix64",
        shared_cflag     => "-fpic",
        shared_ldflag    => add("-shared"),
        shared_extension => "64.so.\$(SHLIB_VERSION_NUMBER)",
        AR               => add("-X64"),
        RANLIB           => add("-X64"),
    },
 # SIEMENS BS2000/OSD: an EBCDIC-based mainframe
    "BS2000-OSD" => {
--- a/Configurations/15-ios.conf
+++ b/Configurations/15-ios.conf
@ -10,7 +10,7 @@ my %targets = (
        template         => 1,
        inherit_from     => [ "darwin-common" ],
        sys_id           => "iOS",
-        disable          => [ "shared", "async" ],
+        disable          => [ "async" ],
    },
    "ios-xcrun" => {
        inherit_from     => [ "ios-common" ],
--- a/10
+++ b/10
@ -178,7 +178,6 @@ my @gcc_devteam_warn = qw(
 #       -Wextended-offsetof -- no, needed in CMS ASN1 code
 my @clang_devteam_warn = qw(
    -Wno-unknown-warning-option
    -Wswitch-default
    -Wno-parentheses-equality
    -Wno-language-extension-token
    -Wno-extended-offsetof
@ -1583,7 +1582,7 @@ if (!$disabled{makedepend}) {
    disable('unavailable', 'makedepend') unless $config{makedep_scheme};
 }
-if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') {
+if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS' && !$predefined_C{_AIX}) {
    # probe for -Wa,--noexecstack option...
    if ($predefined_C{__clang__}) {
        # clang has builtin assembler, which doesn't recognize --help,
@ -3407,6 +3406,13 @@ sub absolutedir {
        return rel2abs($dir);
    }
    # realpath() on Windows seems to check if the directory actually exists,
    # which isn't what is wanted here.  All we want to know is if a directory
    # spec is absolute, not if it exists.
    if ($^O eq "MSWin32") {
        return rel2abs($dir);
    }
    # We use realpath() on Unix, since no other will properly clean out
    # a directory spec.
    use Cwd qw/realpath/;
--- a/FAQ.md
+++ b/FAQ.md
@ -1,6 +0,0 @@
 Frequently Asked Questions (FAQ)
 ================================
 The [Frequently Asked Questions][FAQ] are now maintained on the OpenSSL homepage.
  [FAQ]: https://www.openssl.org/docs/faq.html
--- a/INSTALL.md
+++ b/INSTALL.md
@ -1164,7 +1164,7 @@ Configure OpenSSL
 ### Automatic Configuration
 In previous version, the `config` script determined the platform type and
-compiler and then called `Configure`. Starting with this release, they are
+compiler and then called `Configure`. Starting with version 3.0, they are
 the same.
 #### Unix / Linux / macOS
@ -1618,7 +1618,7 @@ More about our support resources can be found in the [SUPPORT] file.
 ### Configuration Errors
-If the `./Configure` or `./Configure` command fails with an error message,
+If the `./config` or `./Configure` command fails with an error message,
 read the error message carefully and try to figure out whether you made
 a mistake (e.g., by providing a wrong option), or whether the script is
 working incorrectly. If you think you encountered a bug, please
--- a/NEWS.md
+++ b/NEWS.md
@ -18,6 +18,19 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 ### Major changes between OpenSSL 3.0.14 and OpenSSL 3.0.15 [3 Sep 2024]
 OpenSSL 3.0.15 is a security patch release. The most severe CVE fixed in this
 release is Moderate.
 This release incorporates the following bug fixes and mitigations:
  * Fixed possible denial of service in X.509 name checks
    ([CVE-2024-6119])
  * Fixed possible buffer overread in SSL_select_next_proto()
    ([CVE-2024-5535])
 ### Major changes between OpenSSL 3.0.13 and OpenSSL 3.0.14 [4 Jun 2024]
  * Fixed potential use after free after SSL_free_buffers() is called
@ -1482,6 +1495,8 @@ OpenSSL 0.9.x
 <!-- Links -->
 [CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
 [CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
 [CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
 [CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
 [CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
--- a/VERSION.dat
+++ b/VERSION.dat
@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
-PATCH=14
+PATCH=15
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="4 Jun 2024"
+RELEASE_DATE="3 Sep 2024"
 SHLIB_VERSION=3
--- a/apps/cms.c
+++ b/apps/cms.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -132,7 +132,7 @@ const OPTIONS cms_options[] = {
    {"binary", OPT_BINARY, '-',
     "Treat input as binary: do not translate to canonical form"},
    {"crlfeol", OPT_CRLFEOL, '-',
-     "Use CRLF as EOL termination instead of CR only" },
+     "Use CRLF as EOL termination instead of LF only" },
    {"asciicrlf", OPT_ASCIICRLF, '-',
     "Perform CRLF canonicalisation when signing"},
--- a/apps/dgst.c
+++ b/apps/dgst.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -478,7 +478,7 @@ int dgst_main(int argc, char **argv)
 static void show_digests(const OBJ_NAME *name, void *arg)
 {
    struct doall_dgst_digests *dec = (struct doall_dgst_digests *)arg;
-    const EVP_MD *md = NULL;
+    EVP_MD *md = NULL;
    /* Filter out signed digests (a.k.a signature algorithms) */
    if (strstr(name->name, "rsa") != NULL || strstr(name->name, "RSA") != NULL)
@ -490,8 +490,7 @@ static void show_digests(const OBJ_NAME *name, void *arg)
    /* Filter out message digests that we cannot use */
    md = EVP_MD_fetch(app_get0_libctx(), name->name, app_get0_propq());
    if (md == NULL) {
-        md = EVP_get_digestbyname(name->name);
+        if (EVP_get_digestbyname(name->name) == NULL)
        if (md == NULL)
            return;
    }
@ -502,6 +501,8 @@ static void show_digests(const OBJ_NAME *name, void *arg)
    } else {
        BIO_printf(dec->bio, " ");
    }
    EVP_MD_free(md);
 }
 /*
--- a/apps/lib/opt.c
+++ b/apps/lib/opt.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -616,7 +616,7 @@ int opt_uintmax(const char *value, ossl_uintmax_t *result)
        opt_number_error(value);
        return 0;
    }
-    *result = (ossl_intmax_t)m;
+    *result = (ossl_uintmax_t)m;
    errno = oerrno;
    return 1;
 }
--- a/apps/lib/s_cb.c
+++ b/apps/lib/s_cb.c
@ -649,7 +649,7 @@ void msg_cb(int write_p, int version, int content_type, const void *buf,
    (void)BIO_flush(bio);
 }
-static STRINT_PAIR tlsext_types[] = {
+static const STRINT_PAIR tlsext_types[] = {
    {"server name", TLSEXT_TYPE_server_name},
    {"max fragment length", TLSEXT_TYPE_max_fragment_length},
    {"client certificate URL", TLSEXT_TYPE_client_certificate_url},
@ -688,6 +688,7 @@ static STRINT_PAIR tlsext_types[] = {
    {"psk kex modes", TLSEXT_TYPE_psk_kex_modes},
    {"certificate authorities", TLSEXT_TYPE_certificate_authorities},
    {"post handshake auth", TLSEXT_TYPE_post_handshake_auth},
    {"early_data", TLSEXT_TYPE_early_data},
    {NULL}
 };
--- a/apps/smime.c
+++ b/apps/smime.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -118,7 +118,7 @@ const OPTIONS smime_options[] = {
     "Do not load certificates from the default certificates store"},
    {"nochain", OPT_NOCHAIN, '-',
     "set PKCS7_NOCHAIN so certificates contained in the message are not used as untrusted CAs" },
-    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR only"},
+    {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of LF only"},
    OPT_R_OPTIONS,
    OPT_V_OPTIONS,
--- a/crypto/aes/asm/aesp8-ppc.pl
+++ b/crypto/aes/asm/aesp8-ppc.pl
@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2014-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2014-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@ -99,11 +99,12 @@ rcon:
 .long	0x1b000000, 0x1b000000, 0x1b000000, 0x1b000000	?rev
 .long	0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c, 0x0d0e0f0c	?rev
 .long	0,0,0,0						?asis
 .long	0x0f102132, 0x43546576, 0x8798a9ba, 0xcbdcedfe
 Lconsts:
 	mflr	r0
 	bcl	20,31,\$+4
 	mflr	$ptr	 #vvvvv "distance between . and rcon
-	addi	$ptr,$ptr,-0x48
+	addi	$ptr,$ptr,-0x58
 	mtlr	r0
 	blr
 	.long	0
@ -2405,7 +2406,7 @@ ___
 my $key_=$key2;
 my ($x00,$x10,$x20,$x30,$x40,$x50,$x60,$x70)=map("r$_",(0,3,26..31));
    $x00=0 if ($flavour =~ /osx/);
-my ($in0,  $in1,  $in2,  $in3,  $in4,  $in5 )=map("v$_",(0..5));
+my ($in0,  $in1,  $in2,  $in3,  $in4,  $in5)=map("v$_",(0..5));
 my ($out0, $out1, $out2, $out3, $out4, $out5)=map("v$_",(7,12..16));
 my ($twk0, $twk1, $twk2, $twk3, $twk4, $twk5)=map("v$_",(17..22));
 my $rndkey0="v23";	# v24-v25 rotating buffer for first found keys
@ -2460,6 +2461,18 @@ _aesp8_xts_encrypt6x:
 	li		$x70,0x70
 	mtspr		256,r0
 	# Reverse eighty7 to 0x010101..87
 	xxlor		2, 32+$eighty7, 32+$eighty7
 	vsldoi		$eighty7,$tmp,$eighty7,1	# 0x010101..87
 	xxlor		1, 32+$eighty7, 32+$eighty7
 	# Load XOR contents. 0xf102132435465768798a9bacbdcedfe
 	mr		$x70, r6
 	bl		Lconsts
 	lxvw4x		0, $x40, r6		# load XOR contents
 	mr		r6, $x70
 	li		$x70,0x70
 	subi		$rounds,$rounds,3	# -4 in total
 	lvx		$rndkey0,$x00,$key1	# load key schedule
@ -2502,69 +2515,77 @@ Load_xts_enc_key:
 	?vperm		v31,v31,$twk5,$keyperm
 	lvx		v25,$x10,$key_		# pre-load round[2]
 	# Switch to use the following codes with 0x010101..87 to generate tweak.
 	#     eighty7 = 0x010101..87
 	# vsrab		tmp, tweak, seven	# next tweak value, right shift 7 bits
 	# vand		tmp, tmp, eighty7	# last byte with carry
 	# vaddubm	tweak, tweak, tweak	# left shift 1 bit (x2)
 	# xxlor		vsx, 0, 0
 	# vpermxor	tweak, tweak, tmp, vsx
 	 vperm		$in0,$inout,$inptail,$inpperm
 	 subi		$inp,$inp,31		# undo "caller"
 	vxor		$twk0,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out0,$in0,$twk0
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in1, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in1
 	 lvx_u		$in1,$x10,$inp
 	vxor		$twk1,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in1,$in1,$in1,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out1,$in1,$twk1
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in2, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in2
 	 lvx_u		$in2,$x20,$inp
 	 andi.		$taillen,$len,15
 	vxor		$twk2,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in2,$in2,$in2,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out2,$in2,$twk2
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in3, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in3
 	 lvx_u		$in3,$x30,$inp
 	 sub		$len,$len,$taillen
 	vxor		$twk3,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in3,$in3,$in3,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out3,$in3,$twk3
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in4, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in4
 	 lvx_u		$in4,$x40,$inp
 	 subi		$len,$len,0x60
 	vxor		$twk4,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in4,$in4,$in4,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out4,$in4,$twk4
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in5, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in5
 	 lvx_u		$in5,$x50,$inp
 	 addi		$inp,$inp,0x60
 	vxor		$twk5,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in5,$in5,$in5,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out5,$in5,$twk5
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in0, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in0
 	vxor		v31,v31,$rndkey0
 	mtctr		$rounds
@ -2590,6 +2611,8 @@ Loop_xts_enc6x:
 	lvx		v25,$x10,$key_		# round[4]
 	bdnz		Loop_xts_enc6x
 	xxlor		32+$eighty7, 1, 1		# 0x010101..87
 	subic		$len,$len,96		# $len-=96
 	 vxor		$in0,$twk0,v31		# xor with last round key
 	vcipher		$out0,$out0,v24
@ -2599,7 +2622,6 @@ Loop_xts_enc6x:
 	 vaddubm	$tweak,$tweak,$tweak
 	vcipher		$out2,$out2,v24
 	vcipher		$out3,$out3,v24
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out4,$out4,v24
 	vcipher		$out5,$out5,v24
@ -2607,7 +2629,8 @@ Loop_xts_enc6x:
 	 vand		$tmp,$tmp,$eighty7
 	vcipher		$out0,$out0,v25
 	vcipher		$out1,$out1,v25
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in1, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in1
 	vcipher		$out2,$out2,v25
 	vcipher		$out3,$out3,v25
 	 vxor		$in1,$twk1,v31
@ -2618,13 +2641,13 @@ Loop_xts_enc6x:
 	and		r0,r0,$len
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out0,$out0,v26
 	vcipher		$out1,$out1,v26
 	 vand		$tmp,$tmp,$eighty7
 	vcipher		$out2,$out2,v26
 	vcipher		$out3,$out3,v26
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in2, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in2
 	vcipher		$out4,$out4,v26
 	vcipher		$out5,$out5,v26
@ -2638,7 +2661,6 @@ Loop_xts_enc6x:
 	 vaddubm	$tweak,$tweak,$tweak
 	vcipher		$out0,$out0,v27
 	vcipher		$out1,$out1,v27
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out2,$out2,v27
 	vcipher		$out3,$out3,v27
 	 vand		$tmp,$tmp,$eighty7
@ -2646,7 +2668,8 @@ Loop_xts_enc6x:
 	vcipher		$out5,$out5,v27
 	addi		$key_,$sp,$FRAME+15	# rewind $key_
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in3, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in3
 	vcipher		$out0,$out0,v28
 	vcipher		$out1,$out1,v28
 	 vxor		$in3,$twk3,v31
@ -2655,7 +2678,6 @@ Loop_xts_enc6x:
 	vcipher		$out2,$out2,v28
 	vcipher		$out3,$out3,v28
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out4,$out4,v28
 	vcipher		$out5,$out5,v28
 	lvx		v24,$x00,$key_		# re-pre-load round[1]
@ -2663,7 +2685,8 @@ Loop_xts_enc6x:
 	vcipher		$out0,$out0,v29
 	vcipher		$out1,$out1,v29
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in4, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in4
 	vcipher		$out2,$out2,v29
 	vcipher		$out3,$out3,v29
 	 vxor		$in4,$twk4,v31
@ -2673,14 +2696,14 @@ Loop_xts_enc6x:
 	vcipher		$out5,$out5,v29
 	lvx		v25,$x10,$key_		# re-pre-load round[2]
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipher		$out0,$out0,v30
 	vcipher		$out1,$out1,v30
 	 vand		$tmp,$tmp,$eighty7
 	vcipher		$out2,$out2,v30
 	vcipher		$out3,$out3,v30
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in5, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in5
 	vcipher		$out4,$out4,v30
 	vcipher		$out5,$out5,v30
 	 vxor		$in5,$twk5,v31
@ -2690,7 +2713,6 @@ Loop_xts_enc6x:
 	vcipherlast	$out0,$out0,$in0
 	 lvx_u		$in0,$x00,$inp		# load next input block
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vcipherlast	$out1,$out1,$in1
 	 lvx_u		$in1,$x10,$inp
 	vcipherlast	$out2,$out2,$in2
@ -2703,7 +2725,10 @@ Loop_xts_enc6x:
 	vcipherlast	$out4,$out4,$in4
 	 le?vperm	$in2,$in2,$in2,$leperm
 	 lvx_u		$in4,$x40,$inp
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		10, 32+$in0, 32+$in0
 	 xxlor		32+$in0, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in0
 	 xxlor		32+$in0, 10, 10
 	vcipherlast	$tmp,$out5,$in5		# last block might be needed
 						# in stealing mode
 	 le?vperm	$in3,$in3,$in3,$leperm
@ -2736,6 +2761,8 @@ Loop_xts_enc6x:
 	mtctr		$rounds
 	beq		Loop_xts_enc6x		# did $len-=96 borrow?
 	xxlor		32+$eighty7, 2, 2		# 0x870101..01
 	addic.		$len,$len,0x60
 	beq		Lxts_enc6x_zero
 	cmpwi		$len,0x20
@ -3112,6 +3139,18 @@ _aesp8_xts_decrypt6x:
 	li		$x70,0x70
 	mtspr		256,r0
 	# Reverse eighty7 to 0x010101..87
 	xxlor		2, 32+$eighty7, 32+$eighty7
 	vsldoi		$eighty7,$tmp,$eighty7,1	# 0x010101..87
 	xxlor		1, 32+$eighty7, 32+$eighty7
 	# Load XOR contents. 0xf102132435465768798a9bacbdcedfe
 	mr		$x70, r6
 	bl		Lconsts
 	lxvw4x		0, $x40, r6		# load XOR contents
 	mr		r6, $x70
 	li		$x70,0x70
 	subi		$rounds,$rounds,3	# -4 in total
 	lvx		$rndkey0,$x00,$key1	# load key schedule
@ -3159,64 +3198,64 @@ Load_xts_dec_key:
 	vxor		$twk0,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out0,$in0,$twk0
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in1, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in1
 	 lvx_u		$in1,$x10,$inp
 	vxor		$twk1,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in1,$in1,$in1,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out1,$in1,$twk1
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in2, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in2
 	 lvx_u		$in2,$x20,$inp
 	 andi.		$taillen,$len,15
 	vxor		$twk2,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in2,$in2,$in2,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out2,$in2,$twk2
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in3, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in3
 	 lvx_u		$in3,$x30,$inp
 	 sub		$len,$len,$taillen
 	vxor		$twk3,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in3,$in3,$in3,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out3,$in3,$twk3
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in4, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in4
 	 lvx_u		$in4,$x40,$inp
 	 subi		$len,$len,0x60
 	vxor		$twk4,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in4,$in4,$in4,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out4,$in4,$twk4
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in5, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in5
 	 lvx_u		$in5,$x50,$inp
 	 addi		$inp,$inp,0x60
 	vxor		$twk5,$tweak,$rndkey0
 	vsrab		$tmp,$tweak,$seven	# next tweak value
 	vaddubm		$tweak,$tweak,$tweak
 	vsldoi		$tmp,$tmp,$tmp,15
 	 le?vperm	$in5,$in5,$in5,$leperm
 	vand		$tmp,$tmp,$eighty7
 	 vxor		$out5,$in5,$twk5
-	vxor		$tweak,$tweak,$tmp
+	xxlor		32+$in0, 0, 0
 	vpermxor	$tweak, $tweak, $tmp, $in0
 	vxor		v31,v31,$rndkey0
 	mtctr		$rounds
@ -3242,6 +3281,8 @@ Loop_xts_dec6x:
 	lvx		v25,$x10,$key_		# round[4]
 	bdnz		Loop_xts_dec6x
 	xxlor		32+$eighty7, 1, 1
 	subic		$len,$len,96		# $len-=96
 	 vxor		$in0,$twk0,v31		# xor with last round key
 	vncipher	$out0,$out0,v24
@ -3251,7 +3292,6 @@ Loop_xts_dec6x:
 	 vaddubm	$tweak,$tweak,$tweak
 	vncipher	$out2,$out2,v24
 	vncipher	$out3,$out3,v24
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vncipher	$out4,$out4,v24
 	vncipher	$out5,$out5,v24
@ -3259,7 +3299,8 @@ Loop_xts_dec6x:
 	 vand		$tmp,$tmp,$eighty7
 	vncipher	$out0,$out0,v25
 	vncipher	$out1,$out1,v25
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in1, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in1
 	vncipher	$out2,$out2,v25
 	vncipher	$out3,$out3,v25
 	 vxor		$in1,$twk1,v31
@ -3270,13 +3311,13 @@ Loop_xts_dec6x:
 	and		r0,r0,$len
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vncipher	$out0,$out0,v26
 	vncipher	$out1,$out1,v26
 	 vand		$tmp,$tmp,$eighty7
 	vncipher	$out2,$out2,v26
 	vncipher	$out3,$out3,v26
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in2, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in2
 	vncipher	$out4,$out4,v26
 	vncipher	$out5,$out5,v26
@ -3290,7 +3331,6 @@ Loop_xts_dec6x:
 	 vaddubm	$tweak,$tweak,$tweak
 	vncipher	$out0,$out0,v27
 	vncipher	$out1,$out1,v27
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vncipher	$out2,$out2,v27
 	vncipher	$out3,$out3,v27
 	 vand		$tmp,$tmp,$eighty7
@ -3298,7 +3338,8 @@ Loop_xts_dec6x:
 	vncipher	$out5,$out5,v27
 	addi		$key_,$sp,$FRAME+15	# rewind $key_
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in3, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in3
 	vncipher	$out0,$out0,v28
 	vncipher	$out1,$out1,v28
 	 vxor		$in3,$twk3,v31
@ -3307,7 +3348,6 @@ Loop_xts_dec6x:
 	vncipher	$out2,$out2,v28
 	vncipher	$out3,$out3,v28
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vncipher	$out4,$out4,v28
 	vncipher	$out5,$out5,v28
 	lvx		v24,$x00,$key_		# re-pre-load round[1]
@ -3315,7 +3355,8 @@ Loop_xts_dec6x:
 	vncipher	$out0,$out0,v29
 	vncipher	$out1,$out1,v29
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in4, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in4
 	vncipher	$out2,$out2,v29
 	vncipher	$out3,$out3,v29
 	 vxor		$in4,$twk4,v31
@ -3325,14 +3366,14 @@ Loop_xts_dec6x:
 	vncipher	$out5,$out5,v29
 	lvx		v25,$x10,$key_		# re-pre-load round[2]
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vncipher	$out0,$out0,v30
 	vncipher	$out1,$out1,v30
 	 vand		$tmp,$tmp,$eighty7
 	vncipher	$out2,$out2,v30
 	vncipher	$out3,$out3,v30
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		32+$in5, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in5
 	vncipher	$out4,$out4,v30
 	vncipher	$out5,$out5,v30
 	 vxor		$in5,$twk5,v31
@ -3342,7 +3383,6 @@ Loop_xts_dec6x:
 	vncipherlast	$out0,$out0,$in0
 	 lvx_u		$in0,$x00,$inp		# load next input block
 	 vaddubm	$tweak,$tweak,$tweak
 	 vsldoi		$tmp,$tmp,$tmp,15
 	vncipherlast	$out1,$out1,$in1
 	 lvx_u		$in1,$x10,$inp
 	vncipherlast	$out2,$out2,$in2
@ -3355,7 +3395,10 @@ Loop_xts_dec6x:
 	vncipherlast	$out4,$out4,$in4
 	 le?vperm	$in2,$in2,$in2,$leperm
 	 lvx_u		$in4,$x40,$inp
-	 vxor		$tweak,$tweak,$tmp
+	 xxlor		10, 32+$in0, 32+$in0
 	 xxlor		32+$in0, 0, 0
 	 vpermxor	$tweak, $tweak, $tmp, $in0
 	 xxlor		32+$in0, 10, 10
 	vncipherlast	$out5,$out5,$in5
 	 le?vperm	$in3,$in3,$in3,$leperm
 	 lvx_u		$in5,$x50,$inp
@ -3386,6 +3429,8 @@ Loop_xts_dec6x:
 	mtctr		$rounds
 	beq		Loop_xts_dec6x		# did $len-=96 borrow?
 	xxlor		32+$eighty7, 2, 2
 	addic.		$len,$len,0x60
 	beq		Lxts_dec6x_zero
 	cmpwi		$len,0x20
--- a/crypto/aes/build.info
+++ b/crypto/aes/build.info
@ -38,7 +38,11 @@ IF[{- !$disabled{asm} -}]
  $AESASM_parisc20_64=$AESASM_parisc11
  $AESDEF_parisc20_64=$AESDEF_parisc11
  IF[{- $target{sys_id} ne "MACOSX" -}]
  $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s
  ELSE
    $AESASM_ppc32=aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s
  ENDIF
  $AESDEF_ppc32=AES_ASM VPAES_ASM
  $AESASM_ppc64=$AESASM_ppc32
  $AESDEF_ppc64=$AESDEF_ppc32
--- a/crypto/asn1/a_d2i_fp.c
+++ b/crypto/asn1/a_d2i_fp.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -148,6 +148,9 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
                    goto err;
                }
                len += i;
                if ((size_t)i < want)
                    continue;
            }
        }
        /* else data already loaded */
--- a/crypto/asn1/a_mbstr.c
+++ b/crypto/asn1/a_mbstr.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -139,9 +139,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
    if (*out) {
        free_out = 0;
        dest = *out;
-        OPENSSL_free(dest->data);
+        ASN1_STRING_set0(dest, NULL, 0);
        dest->data = NULL;
        dest->length = 0;
        dest->type = str_type;
    } else {
        free_out = 1;
@ -155,6 +153,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
    /* If both the same type just copy across */
    if (inform == outform) {
        if (!ASN1_STRING_set(dest, in, len)) {
            if (free_out) {
                ASN1_STRING_free(dest);
                *out = NULL;
            }
            ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
            return -1;
        }
@ -185,8 +187,10 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
        break;
    }
    if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
-        if (free_out)
+        if (free_out) {
            ASN1_STRING_free(dest);
            *out = NULL;
        }
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        return -1;
    }
--- a/crypto/asn1/a_strex.c
+++ b/crypto/asn1/a_strex.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <string.h>
 #include "internal/cryptlib.h"
 #include "internal/sizes.h"
 #include "crypto/asn1.h"
 #include <openssl/crypto.h>
 #include <openssl/x509.h>
@ -345,8 +346,10 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
    if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
        const char *tagname;
        tagname = ASN1_tag2str(type);
-        outlen += strlen(tagname);
+        /* We can directly cast here as tagname will never be too large. */
        outlen += (int)strlen(tagname);
        if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
            return -1;
        outlen++;
@ -372,7 +375,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
    if (type == -1) {
        len = do_dump(lflags, io_ch, arg, str);
-        if (len < 0)
+        if (len < 0 || len > INT_MAX - outlen)
            return -1;
        outlen += len;
        return outlen;
@ -391,7 +394,7 @@ static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
    }
    len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
-    if (len < 0)
+    if (len < 0 || len > INT_MAX - 2 - outlen)
        return -1;
    outlen += len;
    if (quotes)
--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -203,10 +203,12 @@ int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg,
    inl = ASN1_item_i2d(data, &buf_in, it);
    if (inl <= 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR);
        ret = -1;
        goto err;
    }
    if (buf_in == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        ret = -1;
        goto err;
    }
    inll = inl;
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -85,8 +85,12 @@ void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed
    case ASN1_ITYPE_NDEF_SEQUENCE:
    case ASN1_ITYPE_SEQUENCE:
-        if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */
+        if (ossl_asn1_do_lock(pval, -1, it) != 0) {
            /* if error or ref-counter > 0 */
            OPENSSL_assert(embed == 0);
            *pval = NULL;
            return;
        }
        if (asn1_cb) {
            i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
            if (i == 2)
--- a/crypto/bio/bf_readbuff.c
+++ b/crypto/bio/bf_readbuff.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -222,10 +222,13 @@ static int readbuffer_gets(BIO *b, char *buf, int size)
    char *p;
    int i, j;
-    if (size == 0)
+    if (buf == NULL || size == 0)
        return 0;
    --size; /* the passed in size includes the terminator - so remove it here */
    ctx = (BIO_F_BUFFER_CTX *)b->ptr;
    if (ctx == NULL || b->next_bio == NULL)
        return 0;
    BIO_clear_retry_flags(b);
    /* If data is already buffered then use this first */
--- a/crypto/bio/bio_addr.c
+++ b/crypto/bio/bio_addr.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -778,14 +778,12 @@ int BIO_lookup_ex(const char *host, const char *service, int lookup_type,
        if (!RUN_ONCE(&bio_lookup_init, do_bio_lookup_init)) {
            ERR_raise(ERR_LIB_BIO, ERR_R_MALLOC_FAILURE);
-            ret = 0;
+            return 0;
            goto err;
        }
-        if (!CRYPTO_THREAD_write_lock(bio_lookup_lock)) {
+        if (!CRYPTO_THREAD_write_lock(bio_lookup_lock))
-            ret = 0;
+            return 0;
-            goto err;
+        
        }
        he_fallback_address = INADDR_ANY;
        if (host == NULL) {
            he = &he_fallback;
--- a/crypto/cmp/cmp_vfy.c
+++ b/crypto/cmp/cmp_vfy.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright Nokia 2007-2020
 * Copyright Siemens AG 2015-2020
 *
@ -619,7 +619,7 @@ int OSSL_CMP_validate_msg(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg)
    default:
        scrt = ctx->srvCert;
        if (scrt == NULL) {
-            if (ctx->trusted == NULL) {
+            if (ctx->trusted == NULL && ctx->secretValue != NULL) {
                ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
                ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
                return 0;
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -332,7 +332,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
        v = NULL;
        /* check for line continuation */
-        if (bufnum >= 1) {
+        if (!again && bufnum >= 1) {
            /*
             * If we have bytes and the last char '\\' and second last char
             * is not '\\'
--- a/crypto/conf/conf_lib.c
+++ b/crypto/conf/conf_lib.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -464,6 +464,9 @@ int OPENSSL_INIT_set_config_appname(OPENSSL_INIT_SETTINGS *settings,
 void OPENSSL_INIT_free(OPENSSL_INIT_SETTINGS *settings)
 {
    if (settings == NULL)
        return;
    free(settings->filename);
    free(settings->appname);
    free(settings);
--- a/crypto/conf/conf_sap.c
+++ b/crypto/conf/conf_sap.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -38,6 +38,8 @@ void OPENSSL_config(const char *appname)
        settings.appname = strdup(appname);
    settings.flags = DEFAULT_CONF_MFLAGS;
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, &settings);
    free(settings.appname);
 }
 #endif
--- a/crypto/context.c
+++ b/crypto/context.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -240,7 +240,7 @@ int OSSL_LIB_CTX_load_config(OSSL_LIB_CTX *ctx, const char *config_file)
 void OSSL_LIB_CTX_free(OSSL_LIB_CTX *ctx)
 {
-    if (ossl_lib_ctx_is_default(ctx))
+    if (ctx == NULL || ossl_lib_ctx_is_default(ctx))
        return;
 #ifndef FIPS_MODULE
--- a/crypto/ec/ecdsa_ossl.c
+++ b/crypto/ec/ecdsa_ossl.c
@ -130,7 +130,11 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in,
        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
        goto err;
    }
-    order = EC_GROUP_get0_order(group);
+
    if ((order = EC_GROUP_get0_order(group)) == NULL) {
        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
        goto err;
    }
    /* Preallocate space */
    order_bits = BN_num_bits(order);
@ -255,7 +259,11 @@ ECDSA_SIG *ossl_ecdsa_simple_sign_sig(const unsigned char *dgst, int dgst_len,
        goto err;
    }
-    order = EC_GROUP_get0_order(group);
+    if ((order = EC_GROUP_get0_order(group)) == NULL) {
        ERR_raise(ERR_LIB_EC, ERR_R_EC_LIB);
        goto err;
    }
    i = BN_num_bits(order);
    /*
     * Need to truncate digest if it is too long: first truncate whole bytes.
--- a/crypto/engine/eng_table.c
+++ b/crypto/engine/eng_table.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -215,9 +215,11 @@ ENGINE *ossl_engine_table_select(ENGINE_TABLE **table, int nid,
                   f, l, nid);
        return NULL;
    }
-    ERR_set_mark();
+
    if (!CRYPTO_THREAD_write_lock(global_engine_lock))
-        goto end;
+        return NULL;
    ERR_set_mark();
    /*
     * Check again inside the lock otherwise we could race against cleanup
     * operations. But don't worry about a debug printout
--- a/crypto/evp/ctrl_params_translate.c
+++ b/crypto/evp/ctrl_params_translate.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -2777,7 +2777,7 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
        fixup_args_fn *fixup = default_fixup_args;
        int ret;
-        tmpl.action_type = action_type;
+        ctx.action_type = tmpl.action_type = action_type;
        tmpl.keytype1 = tmpl.keytype2 = keytype;
        tmpl.optype = optype;
        tmpl.param_key = params->key;
@ -2786,7 +2786,6 @@ static int evp_pkey_ctx_setget_params_to_ctrl(EVP_PKEY_CTX *pctx,
        if (translation != NULL) {
            if (translation->fixup_args != NULL)
                fixup = translation->fixup_args;
            ctx.action_type = translation->action_type;
            ctx.ctrl_cmd = translation->ctrl_num;
        }
        ctx.pctx = pctx;
--- a/crypto/evp/digest.c
+++ b/crypto/evp/digest.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -409,7 +409,7 @@ int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, size_t count)
    /* Code below to be removed when legacy support is dropped. */
 legacy:
-    return ctx->update(ctx, data, count);
+    return ctx->update != NULL ? ctx->update(ctx, data, count) : 0;
 }
 /* The caller can assume that this removes any secret data from the context */
--- a/crypto/evp/names.c
+++ b/crypto/evp/names.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -78,6 +78,7 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
    const EVP_CIPHER *cp;
    OSSL_NAMEMAP *namemap;
    int id;
    int do_retry = 1;
    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS, NULL))
        return NULL;
@ -94,9 +95,21 @@ const EVP_CIPHER *evp_get_cipherbyname_ex(OSSL_LIB_CTX *libctx,
     */
    namemap = ossl_namemap_stored(libctx);
 retry:
    id = ossl_namemap_name2num(namemap, name);
-    if (id == 0)
+    if (id == 0) {
-        return NULL;
+        EVP_CIPHER *fetched_cipher;
        /* Try to fetch it because the name might not be known yet. */
        if (!do_retry)
            return NULL;
        do_retry = 0;
        ERR_set_mark();
        fetched_cipher = EVP_CIPHER_fetch(libctx, name, NULL);
        EVP_CIPHER_free(fetched_cipher);
        ERR_pop_to_mark();
        goto retry;
    }
    if (!ossl_namemap_doall_names(namemap, id, cipher_from_name, &cp))
        return NULL;
@ -124,6 +137,7 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name)
    const EVP_MD *dp;
    OSSL_NAMEMAP *namemap;
    int id;
    int do_retry = 1;
    if (!OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL))
        return NULL;
@ -140,9 +154,21 @@ const EVP_MD *evp_get_digestbyname_ex(OSSL_LIB_CTX *libctx, const char *name)
     */
    namemap = ossl_namemap_stored(libctx);
 retry:
    id = ossl_namemap_name2num(namemap, name);
-    if (id == 0)
+    if (id == 0) {
-        return NULL;
+        EVP_MD *fetched_md;
        /* Try to fetch it because the name might not be known yet. */
        if (!do_retry)
            return NULL;
        do_retry = 0;
        ERR_set_mark();
        fetched_md = EVP_MD_fetch(libctx, name, NULL);
        EVP_MD_free(fetched_md);
        ERR_pop_to_mark();
        goto retry;
    }
    if (!ossl_namemap_doall_names(namemap, id, digest_from_name, &dp))
        return NULL;
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@ -1034,6 +1034,7 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
                                          int datalen)
 {
    OSSL_PARAM os_params[2];
    const OSSL_PARAM *gettables;
    unsigned char *info = NULL;
    size_t info_len = 0;
    size_t info_alloc = 0;
@ -1057,6 +1058,12 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
        return 1;
    }
    /* Check for older provider that doesn't support getting this parameter */
    gettables = EVP_PKEY_CTX_gettable_params(ctx);
    if (gettables == NULL || OSSL_PARAM_locate_const(gettables, param) == NULL)
        return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl,
                                              data, datalen);
    /* Get the original value length */
    os_params[0] = OSSL_PARAM_construct_octet_string(param, NULL, 0);
    os_params[1] = OSSL_PARAM_construct_end();
@ -1064,9 +1071,9 @@ static int evp_pkey_ctx_add1_octet_string(EVP_PKEY_CTX *ctx, int fallback,
    if (!EVP_PKEY_CTX_get_params(ctx, os_params))
        return 0;
-    /* Older provider that doesn't support getting this parameter */
+    /* This should not happen but check to be sure. */
    if (os_params[0].return_size == OSSL_PARAM_UNMODIFIED)
-        return evp_pkey_ctx_set1_octet_string(ctx, fallback, param, op, ctrl, data, datalen);
+        return 0;
    info_alloc = os_params[0].return_size + datalen;
    if (info_alloc == 0)
--- a/crypto/o_str.c
+++ b/crypto/o_str.c
@ -229,12 +229,14 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
    int has_sep = (sep != CH_ZERO);
    size_t len = has_sep ? buflen * 3 : 1 + buflen * 2;
    if (len == 0)
        ++len;
    if (strlength != NULL)
        *strlength = len;
    if (str == NULL)
        return 1;
-    if (str_n < (unsigned long)len) {
+    if (str_n < len) {
        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_SMALL_BUFFER);
        return 0;
    }
@ -246,7 +248,7 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
        if (has_sep)
            *q++ = sep;
    }
-    if (has_sep)
+    if (has_sep && buflen > 0)
        --q;
    *q = CH_ZERO;
--- a/crypto/pkcs12/p12_crt.c
+++ b/crypto/pkcs12/p12_crt.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -213,16 +213,19 @@ PKCS12_SAFEBAG *PKCS12_add_key_ex(STACK_OF(PKCS12_SAFEBAG) **pbags,
    if (key_usage && !PKCS8_add_keyusage(p8, key_usage))
        goto err;
    if (nid_key != -1) {
        /* This call does not take ownership of p8 */
        bag = PKCS12_SAFEBAG_create_pkcs8_encrypt_ex(nid_key, pass, -1, NULL, 0,
                                                     iter, p8, ctx, propq);
-        PKCS8_PRIV_KEY_INFO_free(p8);
+    } else {
    } else
        bag = PKCS12_SAFEBAG_create0_p8inf(p8);
        if (bag != NULL)
           p8 = NULL; /* bag takes ownership of p8 */
    }
    /* This does not need to be in the error path */
    if (p8 != NULL)
        PKCS8_PRIV_KEY_INFO_free(p8);
-    if (!bag)
+    if (bag == NULL || !pkcs12_add_bag(pbags, bag))
        goto err;
    if (!pkcs12_add_bag(pbags, bag))
        goto err;
    return bag;
--- a/crypto/pkcs7/pk7_doit.c
+++ b/crypto/pkcs7/pk7_doit.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -1239,36 +1239,29 @@ static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
                         void *value)
 {
    X509_ATTRIBUTE *attr = NULL;
    int i, n;
    if (*sk == NULL) {
        if ((*sk = sk_X509_ATTRIBUTE_new_null()) == NULL)
            return 0;
 new_attrib:
        if ((attr = X509_ATTRIBUTE_create(nid, atrtype, value)) == NULL)
            return 0;
        if (!sk_X509_ATTRIBUTE_push(*sk, attr)) {
            X509_ATTRIBUTE_free(attr);
            return 0;
        }
    } else {
        int i;
        for (i = 0; i < sk_X509_ATTRIBUTE_num(*sk); i++) {
            attr = sk_X509_ATTRIBUTE_value(*sk, i);
            if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid) {
                X509_ATTRIBUTE_free(attr);
                attr = X509_ATTRIBUTE_create(nid, atrtype, value);
                if (attr == NULL)
                    return 0;
                if (!sk_X509_ATTRIBUTE_set(*sk, i, attr)) {
                    X509_ATTRIBUTE_free(attr);
                    return 0;
                }
                goto end;
            }
        }
        goto new_attrib;
    }
    n = sk_X509_ATTRIBUTE_num(*sk);
    for (i = 0; i < n; i++) {
        attr = sk_X509_ATTRIBUTE_value(*sk, i);
        if (OBJ_obj2nid(X509_ATTRIBUTE_get0_object(attr)) == nid)
            goto end;
    }
    if (!sk_X509_ATTRIBUTE_push(*sk, NULL))
        return 0;
 end:
    attr = X509_ATTRIBUTE_create(nid, atrtype, value);
    if (attr == NULL) {
        if (i == n)
            sk_X509_ATTRIBUTE_pop(*sk);
        return 0;
    }
    X509_ATTRIBUTE_free(sk_X509_ATTRIBUTE_value(*sk, i));
    (void) sk_X509_ATTRIBUTE_set(*sk, i, attr);
    return 1;
 }
--- a/crypto/property/property.c
+++ b/crypto/property/property.c
@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
@ -95,6 +95,8 @@ typedef struct {
 DEFINE_SPARSE_ARRAY_OF(ALGORITHM);
 DEFINE_STACK_OF(ALGORITHM)
 typedef struct ossl_global_properties_st {
    OSSL_PROPERTY_LIST *list;
 #ifndef FIPS_MODULE
@ -469,33 +471,45 @@ static void alg_do_one(ALGORITHM *alg, IMPLEMENTATION *impl,
    fn(alg->nid, impl->method.method, fnarg);
 }
-struct alg_do_each_data_st {
+static void alg_copy(ossl_uintmax_t idx, ALGORITHM *alg, void *arg)
    void (*fn)(int id, void *method, void *fnarg);
    void *fnarg;
 };
 static void alg_do_each(ossl_uintmax_t idx, ALGORITHM *alg, void *arg)
 {
-    struct alg_do_each_data_st *data = arg;
+    STACK_OF(ALGORITHM) *newalg = arg;
    int i, end = sk_IMPLEMENTATION_num(alg->impls);
-    for (i = 0; i < end; i++) {
+    (void)sk_ALGORITHM_push(newalg, alg);
        IMPLEMENTATION *impl = sk_IMPLEMENTATION_value(alg->impls, i);
        alg_do_one(alg, impl, data->fn, data->fnarg);
    }
 }
 void ossl_method_store_do_all(OSSL_METHOD_STORE *store,
                              void (*fn)(int id, void *method, void *fnarg),
                              void *fnarg)
 {
-    struct alg_do_each_data_st data;
+    int i, j;
    int numalgs, numimps;
    STACK_OF(ALGORITHM) *tmpalgs;
    ALGORITHM *alg;
-    data.fn = fn;
+    if (store != NULL) {
-    data.fnarg = fnarg;
+
-    if (store != NULL)
+        if (!ossl_property_read_lock(store))
-        ossl_sa_ALGORITHM_doall_arg(store->algs, alg_do_each, &data);
+            return;
        tmpalgs = sk_ALGORITHM_new_reserve(NULL,
                                           ossl_sa_ALGORITHM_num(store->algs));
        if (tmpalgs == NULL) {
            ossl_property_unlock(store);
            return;
        }
        ossl_sa_ALGORITHM_doall_arg(store->algs, alg_copy, tmpalgs);
        ossl_property_unlock(store);
        numalgs = sk_ALGORITHM_num(tmpalgs);
        for (i = 0; i < numalgs; i++) {
            alg = sk_ALGORITHM_value(tmpalgs, i);
            numimps = sk_IMPLEMENTATION_num(alg->impls);
            for (j = 0; j < numimps; j++)
                alg_do_one(alg, sk_IMPLEMENTATION_value(alg->impls, j), fn, fnarg);
        }
        sk_ALGORITHM_free(tmpalgs);
    }
 }
 int ossl_method_store_fetch(OSSL_METHOD_STORE *store,
@ -651,10 +665,13 @@ static void impl_cache_flush_one_alg(ossl_uintmax_t idx, ALGORITHM *alg,
                                     void *v)
 {
    IMPL_CACHE_FLUSH *state = (IMPL_CACHE_FLUSH *)v;
    unsigned long orig_down_load = lh_QUERY_get_down_load(alg->cache);
    state->cache = alg->cache;
    lh_QUERY_set_down_load(alg->cache, 0);
    lh_QUERY_doall_IMPL_CACHE_FLUSH(state->cache, &impl_cache_flush_cache,
                                    state);
    lh_QUERY_set_down_load(alg->cache, orig_down_load);
 }
 static void ossl_method_cache_flush_some(OSSL_METHOD_STORE *store)
--- a/crypto/rand/randfile.c
+++ b/crypto/rand/randfile.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -16,6 +16,7 @@
 # include <sys/stat.h>
 #endif
 #include "e_os.h"
 #include "internal/cryptlib.h"
 #include <errno.h>
@ -208,8 +209,16 @@ int RAND_write_file(const char *file)
         * should be restrictive from the start
         */
        int fd = open(file, O_WRONLY | O_CREAT | O_BINARY, 0600);
-        if (fd != -1)
+
        if (fd != -1) {
            out = fdopen(fd, "wb");
            if (out == NULL) {
                close(fd);
                ERR_raise_data(ERR_LIB_RAND, RAND_R_CANNOT_OPEN_FILE,
                               "Filename=%s", file);
                return -1;
            }
        }
    }
 #endif
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -186,7 +186,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
    mdlen = EVP_MD_get_size(md);
-    if (tlen <= 0 || flen <= 0)
+    if (tlen <= 0 || flen <= 0 || mdlen <= 0)
        return -1;
    /*
     * |num| is the length of the modulus; |flen| is the length of the
--- a/crypto/x509/v3_utl.c
+++ b/crypto/x509/v3_utl.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
--- a/crypto/x509/x_name.c
+++ b/crypto/x509/x_name.c
@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
@ -476,8 +476,8 @@ static int i2d_name_canon(const STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
        v = sk_ASN1_VALUE_value(intname, i);
        ltmp = ASN1_item_ex_i2d(&v, in,
                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
-        if (ltmp < 0)
+        if (ltmp < 0 || len > INT_MAX - ltmp)
-            return ltmp;
+            return -1;
        len += ltmp;
    }
    return len;
--- a/doc/HOWTO/certificates.txt
+++ b/doc/HOWTO/certificates.txt
@ -89,7 +89,7 @@ was kind enough, your certificate is a raw DER thing in PEM format.
 Your key most definitely is if you have followed the examples above.
 However, some (most?) certificate authorities will encode them with
 things like PKCS7 or PKCS12, or something else.  Depending on your
-applications, this may be perfectly OK, it all depends on what they
+applications, this may be perfectly OK.  It all depends on what they
 know how to decode.  If not, there are a number of OpenSSL tools to
 convert between some (most?) formats.
--- a/doc/fingerprints.txt
+++ b/doc/fingerprints.txt
@ -12,9 +12,6 @@ in the file named openssl-1.0.1h.tar.gz.asc.
 The following is the list of fingerprints for the keys that are
 currently in use to sign OpenSSL distributions:
 OpenSSL OMC:
 EFC0 A467 D613 CB83 C7ED 6D30 D894 E2CE 8B3D 79F5
 OpenSSL:
 BA54 73A2 B058 7B07 FB27 CF2D 2160 94DF D0CB 81EF
--- a/doc/man1/openssl-enc.pod.in
+++ b/doc/man1/openssl-enc.pod.in
@ -97,13 +97,19 @@ Base64 process the data. This means that if encryption is taking place
 the data is base64 encoded after encryption. If decryption is set then
 the input data is base64 decoded before being decrypted.
 When the B<-A> option not given,
 on encoding a newline is inserted after each 64 characters, and
 on decoding a newline is expected among the first 1024 bytes of input.
 =item B<-base64>
 Same as B<-a>
 =item B<-A>
-If the B<-a> option is set then base64 process the data on one line.
+If the B<-a> option is set then base64 encoding produces output without any
 newline character, and base64 decoding does not require any newlines.
 Therefore it can be helpful to use the B<-A> option when decoding unknown input.
 =item B<-k> I<password>
@ -434,6 +440,9 @@ Base64 decode a file then decrypt it using a password supplied in a file:
 =head1 BUGS
 The B<-A> option when used with large files doesn't work properly.
 On the other hand, when base64 decoding without the B<-A> option,
 if the first 1024 bytes of input do not include a newline character
 the first two lines of input are ignored.
 The B<openssl enc> command only supports a fixed number of algorithms with
 certain parameters. So if, for example, you want to use RC2 with a
@ -449,7 +458,7 @@ The B<-ciphers> and B<-engine> options were deprecated in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man1/openssl-passphrase-options.pod
+++ b/doc/man1/openssl-passphrase-options.pod
@ -46,26 +46,32 @@ the environment of other processes is visible on certain platforms
 =item B<file:>I<pathname>
-The first line of I<pathname> is the password. If the same I<pathname>
+Reads the password from the specified file I<pathname>, which can be a regular
-argument is supplied to B<-passin> and B<-passout> arguments then the first
+file, device, or named pipe. Only the first line, up to the newline character,
-line will be used for the input password and the next line for the output
+is read from the stream.
-password. I<pathname> need not refer to a regular file: it could for example
+
-refer to a device or named pipe.
+If the same I<pathname> argument is supplied to both B<-passin> and B<-passout>
 arguments, the first line will be used for the input password, and the next
 line will be used for the output password.
 =item B<fd:>I<number>
-Read the password from the file descriptor I<number>. This can be used to
+Reads the password from the file descriptor I<number>. This can be useful for
-send the data via a pipe for example.
+sending data via a pipe, for example. The same line handling as described for
 B<file:> applies to passwords read from file descriptors.
 B<fd:> is not supported on Windows.
 =item B<stdin>
-Read the password from standard input.
+Reads the password from standard input. The same line handling as described for
 B<file:> applies to passwords read from standard input.
 =back
 =head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man1/openssl-s_client.pod.in
+++ b/doc/man1/openssl-s_client.pod.in
@ -616,7 +616,11 @@ For example strings, see L<SSL_CTX_set1_sigalgs(3)>
 =item B<-curves> I<curvelist>
 Specifies the list of supported curves to be sent by the client. The curve is
-ultimately selected by the server. For a list of all curves, use:
+ultimately selected by the server.
 The list of all supported groups includes named EC parameters as well as X25519
 and X448 or FFDHE groups, and may also include groups implemented in 3rd-party
 providers. For a list of named EC parameters, use:
    $ openssl ecparam -list_curves
@ -910,7 +914,7 @@ The B<-engine> option was deprecated in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man1/openssl-s_server.pod.in
+++ b/doc/man1/openssl-s_server.pod.in
@ -641,7 +641,10 @@ Signature algorithms to support for client certificate authentication
 =item B<-named_curve> I<val>
 Specifies the elliptic curve to use. NOTE: this is single curve, not a list.
-For a list of all possible curves, use:
+
 The list of all supported groups includes named EC parameters as well as X25519
 and X448 or FFDHE groups, and may also include groups implemented in 3rd-party
 providers. For a list of named EC parameters, use:
    $ openssl ecparam -list_curves
@ -930,7 +933,7 @@ option were deprecated in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man1/openssl-verification-options.pod
+++ b/doc/man1/openssl-verification-options.pod
@ -430,7 +430,7 @@ This option may be used multiple times.
 =item B<-policy> I<arg>
 Enable policy processing and add I<arg> to the user-initial-policy-set (see
-RFC5280). The policy I<arg> can be an object name an OID in numeric form.
+RFC5280). The policy I<arg> can be an object name or an OID in numeric form.
 This argument can appear more than once.
 =item B<-explicit_policy>
@ -686,7 +686,7 @@ The checks enabled by B<-x509_strict> have been extended in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/ASN1_INTEGER_new.pod
+++ b/doc/man3/ASN1_INTEGER_new.pod
@ -18,6 +18,7 @@ ASN1_INTEGER_new, ASN1_INTEGER_free - ASN1_INTEGER allocation functions
 ASN1_INTEGER_new() returns an allocated B<ASN1_INTEGER> structure.
 ASN1_INTEGER_free() frees up a single B<ASN1_INTEGER> object.
 If the argument is NULL, nothing is done.
 B<ASN1_INTEGER> structure representing the ASN.1 INTEGER type
@ -34,7 +35,7 @@ L<ERR_get_error(3)>
 =head1 COPYRIGHT
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/ASYNC_WAIT_CTX_new.pod
+++ b/doc/man3/ASYNC_WAIT_CTX_new.pod
@ -178,6 +178,9 @@ operation, normally it is detected by a polling function or an interrupt, as the
 user code set a callback by calling ASYNC_WAIT_CTX_set_callback() previously,
 then the registered callback will be called.
 ASYNC_WAIT_CTX_free() frees up a single B<ASYNC_WAIT_CTX> object.
 If the argument is NULL, nothing is done.
 =head1 RETURN VALUES
 ASYNC_WAIT_CTX_new() returns a pointer to the newly allocated B<ASYNC_WAIT_CTX>
@ -216,7 +219,7 @@ were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BIO_ADDR.pod
+++ b/doc/man3/BIO_ADDR.pod
@ -38,6 +38,7 @@ with routines that will fill it with information, such as
 BIO_accept_ex().
 BIO_ADDR_free() frees a B<BIO_ADDR> created with BIO_ADDR_new().
 If the argument is NULL, nothing is done.
 BIO_ADDR_clear() clears any data held within the provided B<BIO_ADDR> and sets
 it back to an uninitialised state.
@ -115,7 +116,7 @@ L<BIO_connect(3)>, L<BIO_s_connect(3)>
 =head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BIO_ADDRINFO.pod
+++ b/doc/man3/BIO_ADDRINFO.pod
@ -78,7 +78,7 @@ BIO_ADDRINFO_next() returns the next B<BIO_ADDRINFO> in the chain
 from the given one.
 BIO_ADDRINFO_free() frees the chain of B<BIO_ADDRINFO> starting
-with the given one.
+with the given one. If the argument is NULL, nothing is done.
 =head1 RETURN VALUES
@ -103,7 +103,7 @@ The BIO_lookup_ex() function was added in OpenSSL 1.1.1.
 =head1 COPYRIGHT
-Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BIO_f_base64.pod
+++ b/doc/man3/BIO_f_base64.pod
@ -21,25 +21,23 @@ any data read through it.
 Base64 BIOs do not support BIO_gets() or BIO_puts().
-For writing, output is by default divided to lines of length 64
+For writing, by default output is divided to lines of length 64
-characters and there is always a newline at the end of output.
+characters and there is a newline at the end of output.
 This behavior can be changed with B<BIO_FLAGS_BASE64_NO_NL> flag.
-For reading, first line should be at most 1024
+For reading, first line should be at most 1024 bytes long including newline
-characters long. If it is longer then it is ignored completely.
+unless the flag B<BIO_FLAGS_BASE64_NO_NL> is set.
-Other input lines can be of any length. There must be a newline
+Further input lines can be of any length (i.e., newlines may appear anywhere
-at the end of input.
+in the input) and a newline at the end of input is not needed.
 This behavior can be changed with BIO_FLAGS_BASE64_NO_NL flag.
 BIO_flush() on a base64 BIO that is being written through is
 used to signal that no more data is to be encoded: this is used
 to flush the final block through the BIO.
-The flag BIO_FLAGS_BASE64_NO_NL can be set with BIO_set_flags().
+The flag B<BIO_FLAGS_BASE64_NO_NL> can be set with BIO_set_flags().
 For writing, it causes all data to be written on one line without
 newline at the end.
-For reading, it expects the data to be all on one line (with or
+For reading, it removes all expectations on newlines in the input data.
 without a trailing newline).
 =head1 NOTES
@ -85,6 +83,10 @@ data to standard output:
 =head1 BUGS
 On decoding, if the flag B<BIO_FLAGS_BASE64_NO_NL> is not set and
 the first 1024 bytes of input do not include a newline character
 the first two lines of input are ignored.
 The ambiguity of EOF in base64 encoded data can cause additional
 data following the base64 encoded block to be misinterpreted.
@ -93,7 +95,7 @@ to reliably determine EOF (for example a MIME boundary).
 =head1 COPYRIGHT
-Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BIO_meth_new.pod
+++ b/doc/man3/BIO_meth_new.pod
@ -76,7 +76,7 @@ additionally have the "descriptor" bit set (B<BIO_TYPE_DESCRIPTOR>). See the
 L<BIO_find_type(3)> page for more information.
 BIO_meth_free() destroys a B<BIO_METHOD> structure and frees up any memory
-associated with it.
+associated with it. If the argument is NULL, nothing is done.
 BIO_meth_get_write_ex() and BIO_meth_set_write_ex() get and set the function
 used for writing arbitrary length data to the BIO respectively. This function
@ -157,7 +157,7 @@ The functions described here were added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BN_add.pod
+++ b/doc/man3/BN_add.pod
@ -14,9 +14,9 @@ arithmetic operations on BIGNUMs
 int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b);
- int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
- int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx);
+ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx);
 int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d,
            BN_CTX *ctx);
@ -25,25 +25,25 @@ arithmetic operations on BIGNUMs
 int BN_nnmod(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- int BN_mod_add(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
                BN_CTX *ctx);
- int BN_mod_sub(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
                BN_CTX *ctx);
- int BN_mod_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, const BIGNUM *m,
+ int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m,
                BN_CTX *ctx);
- int BN_mod_sqr(BIGNUM *r, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
+ int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx);
- BIGNUM *BN_mod_sqrt(BIGNUM *in, BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
+ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
- int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx);
+ int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
- int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
+ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
                const BIGNUM *m, BN_CTX *ctx);
- int BN_gcd(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx);
+ int BN_gcd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx);
 =head1 DESCRIPTION
@ -135,7 +135,7 @@ L<BN_add_word(3)>, L<BN_set_bit(3)>
 =head1 COPYRIGHT
-Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BN_generate_prime.pod
+++ b/doc/man3/BN_generate_prime.pod
@ -167,7 +167,8 @@ programs should prefer the "new" style, whilst the "old" style is provided
 for backwards compatibility purposes.
 A B<BN_GENCB> structure should be created through a call to BN_GENCB_new(),
-and freed through a call to BN_GENCB_free().
+and freed through a call to BN_GENCB_free(). If the argument is NULL,
 nothing is done.
 For "new" style callbacks a BN_GENCB structure should be initialised with a
 call to BN_GENCB_set(), where B<gencb> is a B<BN_GENCB *>, B<callback> is of
@ -245,7 +246,7 @@ BN_check_prime() was added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BN_set_bit.pod
+++ b/doc/man3/BN_set_bit.pod
@ -33,8 +33,11 @@ error occurs if B<a> is shorter than B<n> bits.
 BN_is_bit_set() tests if bit B<n> in B<a> is set.
 BN_mask_bits() truncates B<a> to an B<n> bit number
-(C<a&=~((~0)E<lt>E<lt>n)>).  An error occurs if B<a> already is
+(C<a&=~((~0)E<lt>E<lt>n)>). An error occurs if B<n> is negative. An error is
-shorter than B<n> bits.
+also returned if the internal representation of B<a> is already shorter than
 B<n> bits. The internal representation depends on the platform's word size, and
 this error can be safely ignored. Use L<BN_num_bits(3)> to determine the exact
 number of bits if needed.
 BN_lshift() shifts B<a> left by B<n> bits and places the result in
 B<r> (C<r=a*2^n>). Note that B<n> must be nonnegative. BN_lshift1() shifts
@ -59,7 +62,7 @@ L<BN_num_bytes(3)>, L<BN_add(3)>
 =head1 COPYRIGHT
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/BUF_MEM_new.pod
+++ b/doc/man3/BUF_MEM_new.pod
@ -34,6 +34,7 @@ should be allocated on the secure heap; see L<CRYPTO_secure_malloc(3)>.
 BUF_MEM_free() frees up an already existing buffer. The data is zeroed
 before freeing up in case the buffer contains sensitive data.
 If the argument is NULL, nothing is done.
 BUF_MEM_grow() changes the size of an already existing buffer to
 B<len>. Any data already in the buffer is preserved if it increases in
@ -65,7 +66,7 @@ The BUF_MEM_new_ex() function was added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/CRYPTO_THREAD_run_once.pod
+++ b/doc/man3/CRYPTO_THREAD_run_once.pod
@ -69,6 +69,7 @@ CRYPTO_THREAD_unlock() unlocks the previously locked I<lock>.
 =item *
 CRYPTO_THREAD_lock_free() frees the provided I<lock>.
 If the argument is NULL, nothing is done.
 =item *
@ -163,10 +164,13 @@ This example safely initializes and uses a lock.
 {
     int ret = 0;
-     if (mylock()) {
+     if (!mylock()) {
-         /* Your code here, do not return without releasing the lock! */
+        /* Do not unlock unless the lock was successfully acquired. */
-         ret = ... ;
+        return 0;
     }
     /* Your code here, do not return without releasing the lock! */
     ret = ... ;
     myunlock();
     return ret;
 }
@ -183,7 +187,7 @@ L<crypto(7)>, L<openssl-threads(7)>.
 =head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/CTLOG_STORE_new.pod
+++ b/doc/man3/CTLOG_STORE_new.pod
@ -52,7 +52,7 @@ The expected format of the file is:
 Once a CTLOG_STORE is no longer required, it should be passed to
 CTLOG_STORE_free(). This will delete all of the CTLOGs stored within, along
-with the CTLOG_STORE itself.
+with the CTLOG_STORE itself. If the argument is NULL, nothing is done.
 =head1 NOTES
@ -78,7 +78,7 @@ added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/CTLOG_new.pod
+++ b/doc/man3/CTLOG_new.pod
@ -50,7 +50,7 @@ property query string are used.
 Regardless of whether CTLOG_new() or CTLOG_new_from_base64() is used, it is the
 caller's responsibility to pass the CTLOG to CTLOG_free() once it is no longer
 needed. This will delete it and, if created by CTLOG_new(), the EVP_PKEY that
-was passed to it.
+was passed to it. If the argument to CTLOG_free() is NULL, nothing is done.
 CTLOG_get0_name() returns the name of the log, as provided when the CTLOG was
 created. Ownership of the string remains with the CTLOG.
@ -80,7 +80,7 @@ were added in OpenSSL 3.0. All other functions were added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/CT_POLICY_EVAL_CTX_new.pod
+++ b/doc/man3/CT_POLICY_EVAL_CTX_new.pod
@ -105,7 +105,8 @@ The time should be in milliseconds since the Unix Epoch.
 Each setter has a matching getter for accessing the current value.
 When no longer required, the B<CT_POLICY_EVAL_CTX> should be passed to
-CT_POLICY_EVAL_CTX_free() to delete it.
+CT_POLICY_EVAL_CTX_free() to delete it. If the argument to
 CT_POLICY_EVAL_CTX_free() is NULL, nothing is done.
 =head1 NOTES
@ -130,7 +131,7 @@ functions were added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/DH_meth_new.pod
+++ b/doc/man3/DH_meth_new.pod
@ -81,7 +81,7 @@ parameter. This might be useful for creating a new B<DH_METHOD> based on an
 existing one, but with some differences.
 DH_meth_free() destroys a B<DH_METHOD> structure and frees up any memory
-associated with it.
+associated with it. If the argument is NULL, nothing is done.
 DH_meth_get0_name() will return a pointer to the name of this DH_METHOD. This
 is a pointer to the internal name string and so should not be freed by the
@ -166,7 +166,7 @@ The functions described here were added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/DSA_SIG_new.pod
+++ b/doc/man3/DSA_SIG_new.pod
@ -20,6 +20,7 @@ DSA_SIG_new() allocates an empty B<DSA_SIG> structure.
 DSA_SIG_free() frees the B<DSA_SIG> structure and its components. The
 values are erased before the memory is returned to the system.
 If the argument is NULL, nothing is done.
 DSA_SIG_get0() returns internal pointers to the B<r> and B<s> values contained
 in B<sig>.
@ -48,7 +49,7 @@ L<ERR_get_error(3)>
 =head1 COPYRIGHT
-Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/DSA_meth_new.pod
+++ b/doc/man3/DSA_meth_new.pod
@ -110,7 +110,7 @@ parameter. This might be useful for creating a new B<DSA_METHOD> based on an
 existing one, but with some differences.
 DSA_meth_free() destroys a B<DSA_METHOD> structure and frees up any memory
-associated with it.
+associated with it. If the argument is NULL, nothing is done.
 DSA_meth_get0_name() will return a pointer to the name of this DSA_METHOD. This
 is a pointer to the internal name string and so should not be freed by the
@ -214,7 +214,7 @@ The functions described here were added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/ECDSA_SIG_new.pod
+++ b/doc/man3/ECDSA_SIG_new.pod
@ -31,6 +31,7 @@ ECDSA_SIG_new() allocates an empty B<ECDSA_SIG> structure.
 Note: before OpenSSL 1.1.0, the I<r> and I<s> components were initialised.
 ECDSA_SIG_free() frees the B<ECDSA_SIG> structure I<sig>.
 If the argument is NULL, nothing is done.
 ECDSA_SIG_get0() returns internal pointers the I<r> and I<s> values contained
 in I<sig> and stores them in I<*pr> and I<*ps>, respectively.
@ -136,7 +137,7 @@ L<ECDSA_sign(3)>
 =head1 COPYRIGHT
-Copyright 2004-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2004-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/ENGINE_add.pod
+++ b/doc/man3/ENGINE_add.pod
@ -227,7 +227,8 @@ references such as; ENGINE_by_id(), ENGINE_get_first(), ENGINE_get_last(),
 ENGINE_get_next(), ENGINE_get_prev(). All structural references should be
 released by a corresponding to call to the ENGINE_free() function - the
 ENGINE object itself will only actually be cleaned up and deallocated when
-the last structural reference is released.
+the last structural reference is released. If the argument to ENGINE_free()
 is NULL, nothing is done.
 It should also be noted that many ENGINE API function calls that accept a
 structural reference will internally obtain another reference - typically
@ -665,7 +666,7 @@ and should not be used.
 =head1 COPYRIGHT
-Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_ASYM_CIPHER_free.pod
+++ b/doc/man3/EVP_ASYM_CIPHER_free.pod
@ -45,7 +45,7 @@ The returned value must eventually be freed with EVP_ASYM_CIPHER_free().
 EVP_ASYM_CIPHER_free() decrements the reference count for the B<EVP_ASYM_CIPHER>
 structure. Typically this structure will have been obtained from an earlier call
 to EVP_ASYM_CIPHER_fetch(). If the reference count drops to 0 then the
-structure is freed.
+structure is freed. If the argument is NULL, nothing is done.
 EVP_ASYM_CIPHER_up_ref() increments the reference count for an
 B<EVP_ASYM_CIPHER> structure.
@ -102,7 +102,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_CIPHER_meth_new.pod
+++ b/doc/man3/EVP_CIPHER_meth_new.pod
@ -80,6 +80,7 @@ EVP_CIPHER_meth_new() creates a new B<EVP_CIPHER> structure.
 EVP_CIPHER_meth_dup() creates a copy of B<cipher>.
 EVP_CIPHER_meth_free() destroys a B<EVP_CIPHER> structure.
 If the argument is NULL, nothing is done.
 EVP_CIPHER_meth_set_iv_length() sets the length of the IV.
 This is only needed when the implemented cipher mode requires it.
@ -249,7 +250,7 @@ counted in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@ -157,6 +157,7 @@ Increments the reference count for an B<EVP_MD> structure.
 Decrements the reference count for the fetched B<EVP_MD> structure.
 If the reference count drops to 0 then the structure is freed.
 If the argument is NULL, nothing is done.
 =item EVP_MD_CTX_new()
@ -170,6 +171,7 @@ existing context.
 =item EVP_MD_CTX_free()
 Cleans up digest context I<ctx> and frees up the space allocated to it.
 If the argument is NULL, nothing is done.
 =item EVP_MD_CTX_ctrl()
@ -529,9 +531,13 @@ can be used the manipulate and test these B<EVP_MD_CTX> flags:
 This flag instructs the digest to optimize for one update only, if possible.
-=for comment EVP_MD_CTX_FLAG_CLEANED is internal, don't mention it
+=item EVP_MD_CTX_FLAG_CLEANED
-=for comment EVP_MD_CTX_FLAG_REUSE is internal, don't mention it
+This flag is for internal use only and I<must not> be used in user code.
 =item EVP_MD_CTX_FLAG_REUSE
 This flag is for internal use only and I<must not> be used in user code.
 =for comment We currently avoid documenting flags that are only bit holder:
 EVP_MD_CTX_FLAG_NON_FIPS_ALLOW, EVP_MD_CTX_FLAGS_PAD_*
--- a/doc/man3/EVP_EncodeInit.pod
+++ b/doc/man3/EVP_EncodeInit.pod
@ -41,7 +41,7 @@ EVP_ENCODE_CTX_new() allocates, initializes and returns a context to be used for
 the encode/decode functions.
 EVP_ENCODE_CTX_free() cleans up an encode/decode context B<ctx> and frees up the
-space allocated to it.
+space allocated to it. If the argument is NULL, nothing is done.
 Encoding of binary data is performed in blocks of 48 input bytes (or less for
 the final block). For each 48 byte input block encoded 64 bytes of base 64 data
@ -151,7 +151,7 @@ L<evp(7)>
 =head1 COPYRIGHT
-Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_EncryptInit.pod
+++ b/doc/man3/EVP_EncryptInit.pod
@ -268,6 +268,7 @@ Increments the reference count for an B<EVP_CIPHER> structure.
 Decrements the reference count for the fetched B<EVP_CIPHER> structure.
 If the reference count drops to 0 then the structure is freed.
 If the argument is NULL, nothing is done.
 =item EVP_CIPHER_CTX_new()
@ -276,9 +277,9 @@ Allocates and returns a cipher context.
 =item EVP_CIPHER_CTX_free()
 Clears all information from a cipher context and frees any allocated memory
-associated with it, including I<ctx> itself. This function should be called after
+associated with it, including I<ctx> itself. This function should be called
-all operations using a cipher are complete so sensitive information does not
+after all operations using a cipher are complete so sensitive information does
-remain in memory.
+not remain in memory. If the argument is NULL, nothing is done.
 =item EVP_CIPHER_CTX_ctrl()
@ -360,9 +361,13 @@ exists.
 Encrypts I<inl> bytes from the buffer I<in> and writes the encrypted version to
 I<out>. The pointers I<out> and I<in> may point to the same location, in which
-case the encryption will be done in-place. If I<out> and I<in> point to different
+case the encryption will be done in-place. However, in-place encryption is
-locations, the two buffers must be disjoint, otherwise the operation might fail
+guaranteed to work only if the encryption context (I<ctx>) has processed data in
-or the outcome might be undefined.
+multiples of the block size. If the context contains an incomplete data block
 from previous operations, in-place encryption will fail.
 If I<out> and I<in> point to different locations, the two buffers must be
 disjoint, otherwise the operation might fail or the outcome might be undefined.
 This function can be called multiple times to encrypt successive blocks
 of data. The amount of data written depends on the block alignment of the
@ -1733,7 +1738,7 @@ The EVP_CIPHER_CTX_flags() macro was deprecated in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_KEM_free.pod
+++ b/doc/man3/EVP_KEM_free.pod
@ -41,6 +41,7 @@ The returned value must eventually be freed with EVP_KEM_free().
 EVP_KEM_free() decrements the reference count for the B<EVP_KEM> structure.
 Typically this structure will have been obtained from an earlier call to
 EVP_KEM_fetch(). If the reference count drops to 0 then the structure is freed.
 If the argument is NULL, nothing is done.
 EVP_KEM_up_ref() increments the reference count for an B<EVP_KEM> structure.
@ -95,7 +96,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_KEYEXCH_free.pod
+++ b/doc/man3/EVP_KEYEXCH_free.pod
@ -41,7 +41,7 @@ The returned value must eventually be freed with EVP_KEYEXCH_free().
 EVP_KEYEXCH_free() decrements the reference count for the B<EVP_KEYEXCH>
 structure. Typically this structure will have been obtained from an earlier call
 to EVP_KEYEXCH_fetch(). If the reference count drops to 0 then the
-structure is freed.
+structure is freed. If the argument is NULL, nothing is done.
 EVP_KEYEXCH_up_ref() increments the reference count for an B<EVP_KEYEXCH>
 structure.
@ -101,7 +101,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_KEYMGMT.pod
+++ b/doc/man3/EVP_KEYMGMT.pod
@ -62,6 +62,7 @@ B<EVP_KEYMGMT> I<keymgmt>.
 EVP_KEYMGMT_free() decrements the reference count for the given
 B<EVP_KEYMGMT> I<keymgmt>, and when the count reaches zero, frees it.
 If the argument is NULL, nothing is done.
 EVP_KEYMGMT_get0_provider() returns the provider that has this particular
 implementation.
@ -140,7 +141,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_MD_meth_new.pod
+++ b/doc/man3/EVP_MD_meth_new.pod
@ -74,6 +74,7 @@ EVP_MD_meth_dup() creates a copy of B<md>.
 EVP_MD_meth_free() decrements the reference count for the B<EVP_MD> structure.
 If the reference count drops to 0 then the structure is freed.
 If the argument is NULL, nothing is done.
 EVP_MD_meth_set_input_blocksize() sets the internal input block size
 for the method B<md> to B<blocksize> bytes.
@ -194,7 +195,7 @@ counted in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_PKEY_ASN1_METHOD.pod
+++ b/doc/man3/EVP_PKEY_ASN1_METHOD.pod
@ -393,7 +393,7 @@ This function is not thread safe, it's recommended to only use this
 when initializing the application.
 EVP_PKEY_asn1_free() frees an existing B<EVP_PKEY_ASN1_METHOD> pointed
-by B<ameth>.
+by B<ameth>. If the argument is NULL, nothing is done.
 EVP_PKEY_asn1_add0() adds B<ameth> to the user defined stack of
 methods unless another B<EVP_PKEY_ASN1_METHOD> with the same NID is
@ -439,7 +439,7 @@ parameter is now constified.
 =head1 COPYRIGHT
-Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_PKEY_meth_new.pod
+++ b/doc/man3/EVP_PKEY_meth_new.pod
@ -407,7 +407,7 @@ of an B<EVP_PKEY_METHOD> is always called by the EVP framework while doing a
 digest signing operation by calling L<EVP_DigestSignFinal(3)>.
 EVP_PKEY_meth_free() frees an existing B<EVP_PKEY_METHOD> pointed by
-B<pmeth>.
+B<pmeth>. If the argument is NULL, nothing is done.
 EVP_PKEY_meth_copy() copies an B<EVP_PKEY_METHOD> object from B<src>
 to B<dst>.
@ -456,7 +456,7 @@ has changed in OpenSSL 3.0 so its I<src> parameter is now constified.
 =head1 COPYRIGHT
-Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_RAND.pod
+++ b/doc/man3/EVP_RAND.pod
@ -284,7 +284,7 @@ associated RAND ctx.
 Reads or set the number of elapsed seconds before reseeding the
 associated RAND ctx.
-=item "max_request" (B<OSSL_DRBG_PARAM_RESEED_REQUESTS>) <unsigned integer>
+=item "max_request" (B<OSSL_RAND_PARAM_MAX_REQUEST>) <unsigned integer>
 Specifies the maximum number of bytes that can be generated in a single
 call to OSSL_FUNC_rand_generate.
@ -406,7 +406,7 @@ This functionality was added to OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/EVP_SIGNATURE.pod
+++ b/doc/man3/EVP_SIGNATURE.pod
@ -49,7 +49,7 @@ The returned value must eventually be freed with EVP_SIGNATURE_free().
 EVP_SIGNATURE_free() decrements the reference count for the B<EVP_SIGNATURE>
 structure. Typically this structure will have been obtained from an earlier call
 to EVP_SIGNATURE_fetch(). If the reference count drops to 0 then the
-structure is freed.
+structure is freed. If the argument is NULL, nothing is done.
 EVP_SIGNATURE_up_ref() increments the reference count for an B<EVP_SIGNATURE>
 structure.
@ -106,7 +106,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/HMAC.pod
+++ b/doc/man3/HMAC.pod
@ -87,7 +87,7 @@ created with HMAC_CTX_new().
 HMAC_CTX_free() erases the key and other data from the B<HMAC_CTX>,
 releases any associated resources and finally frees the B<HMAC_CTX>
-itself.
+itself. If the argument is NULL, nothing is done.
 The following functions may be used if the message is not completely
 stored in memory:
@ -163,7 +163,7 @@ OpenSSL before version 1.0.0.
 =head1 COPYRIGHT
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/MD5.pod
+++ b/doc/man3/MD5.pod
@ -7,12 +7,12 @@ MD4_Final, MD5_Init, MD5_Update, MD5_Final - MD2, MD4, and MD5 hash functions
 =head1 SYNOPSIS
 #include <openssl/md2.h>
 The following functions have been deprecated since OpenSSL 3.0, and can be
 hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
 see L<openssl_user_macros(7)>:
 #include <openssl/md2.h>
 unsigned char *MD2(const unsigned char *d, unsigned long n, unsigned char *md);
 int MD2_Init(MD2_CTX *c);
@ -20,25 +20,24 @@ see L<openssl_user_macros(7)>:
 int MD2_Final(unsigned char *md, MD2_CTX *c);
 #include <openssl/md4.h>
 The following functions have been deprecated since OpenSSL 3.0, and can be
 hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
 see L<openssl_user_macros(7)>:
 #include <openssl/md4.h>
 unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md);
 int MD4_Init(MD4_CTX *c);
 int MD4_Update(MD4_CTX *c, const void *data, unsigned long len);
 int MD4_Final(unsigned char *md, MD4_CTX *c);
 #include <openssl/md5.h>
 The following functions have been deprecated since OpenSSL 3.0, and can be
 hidden entirely by defining B<OPENSSL_API_COMPAT> with a suitable version value,
 see L<openssl_user_macros(7)>:
 #include <openssl/md5.h>
 unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md);
 int MD5_Init(MD5_CTX *c);
@ -105,7 +104,7 @@ All of these functions were deprecated in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/NCONF_new_ex.pod
+++ b/doc/man3/NCONF_new_ex.pod
@ -35,7 +35,7 @@ I<meth> is set to NULL then the default value of NCONF_default() is used.
 NCONF_new() is similar to NCONF_new_ex() but sets the I<libctx> to NULL.
 NCONF_free() frees the data associated with I<conf> and then frees the I<conf>
-object.
+object. If the argument is NULL, nothing is done.
 NCONF_load() parses the file named I<filename> and adds the values found to
 I<conf>. If an error occurs I<file> and I<eline> list the file and line that
@ -74,7 +74,7 @@ in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OCSP_REQUEST_new.pod
+++ b/doc/man3/OCSP_REQUEST_new.pod
@ -29,6 +29,7 @@ OCSP_request_onereq_get0 - OCSP request functions
 OCSP_REQUEST_new() allocates and returns an empty B<OCSP_REQUEST> structure.
 OCSP_REQUEST_free() frees up the request structure B<req>.
 If the argument is NULL, nothing is done.
 OCSP_request_add0_id() adds certificate ID B<cid> to B<req>. It returns
 the B<OCSP_ONEREQ> structure added so an application can add additional
@ -108,7 +109,7 @@ L<OCSP_sendreq_new(3)>
 =head1 COPYRIGHT
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OCSP_cert_to_id.pod
+++ b/doc/man3/OCSP_cert_to_id.pod
@ -38,6 +38,7 @@ issuer name B<issuerName>, issuer key hash B<issuerKey> and serial number
 B<serialNumber>.
 OCSP_CERTID_free() frees up B<id>.
 If the argument is NULL, nothing is done.
 OCSP_id_cmp() compares B<OCSP_CERTID> B<a> and B<b>.
@ -79,7 +80,7 @@ L<OCSP_sendreq_new(3)>
 =head1 COPYRIGHT
-Copyright 2015-2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OCSP_response_status.pod
+++ b/doc/man3/OCSP_response_status.pod
@ -46,6 +46,7 @@ OCSP_response_create() creates and returns an I<OCSP_RESPONSE> structure for
 I<status> and optionally including basic response I<bs>.
 OCSP_RESPONSE_free() frees up OCSP response I<resp>.
 If the argument is NULL, nothing is done.
 OCSP_RESPID_set_by_name() sets the name of the OCSP_RESPID to be the same as the
 subject name in the supplied X509 certificate I<cert> for the OCSP responder.
@ -123,7 +124,7 @@ The OCSP_basic_sign_ctx() function was added in OpenSSL 1.1.1.
 =head1 COPYRIGHT
-Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OPENSSL_LH_COMPFUNC.pod
+++ b/doc/man3/OPENSSL_LH_COMPFUNC.pod
@ -123,7 +123,7 @@ Then a hash table of B<I<TYPE>> objects can be created using this:
 B<lh_I<TYPE>_free>() frees the B<LHASH_OF>(B<I<TYPE>>) structure
 I<table>. Allocated hash table entries will not be freed; consider
 using B<lh_I<TYPE>_doall>() to deallocate any remaining entries in the
-hash table (see below).
+hash table (see below). If the argument is NULL, nothing is done.
 B<lh_I<TYPE>_flush>() empties the B<LHASH_OF>(B<I<TYPE>>) structure I<table>. New
 entries can be added to the flushed table.  Allocated hash table entries
@ -299,7 +299,7 @@ type checking.
 =head1 COPYRIGHT
-Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OPENSSL_init_crypto.pod
+++ b/doc/man3/OPENSSL_init_crypto.pod
@ -249,6 +249,7 @@ If the B<CONF_MFLAGS_IGNORE_RETURN_CODES> flag is not included, any errors in
 the configuration file will cause an error return from B<OPENSSL_init_crypto>
 or indirectly L<OPENSSL_init_ssl(3)>.
 The object can be released with OPENSSL_INIT_free() when done.
 If the argument to OPENSSL_INIT_free() is NULL, nothing is done.
 =head1 NOTES
@ -289,7 +290,7 @@ and OPENSSL_INIT_free() functions were added in OpenSSL 1.1.0.
 =head1 COPYRIGHT
-Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OPENSSL_malloc.pod
+++ b/doc/man3/OPENSSL_malloc.pod
@ -99,7 +99,8 @@ OPENSSL_zalloc() calls memset() to zero the memory before returning.
 OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
 when the buffer at B<addr> holds sensitive information.
 The old buffer is filled with zero's by calling OPENSSL_cleanse()
-before ultimately calling OPENSSL_free().
+before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is
 NULL, nothing is done.
 OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
 Use OPENSSL_cleanse() with care if the memory is a mapping of a file.
@ -198,7 +199,7 @@ clang's memory and leak sanitizer.
 =head1 COPYRIGHT
-Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OPENSSL_secure_malloc.pod
+++ b/doc/man3/OPENSSL_secure_malloc.pod
@ -82,13 +82,15 @@ If CRYPTO_secure_malloc_init() is not called, this is equivalent to
 calling OPENSSL_free().
 It exists for consistency with OPENSSL_secure_malloc() , and
 is a macro that expands to CRYPTO_secure_free() and adds the C<__FILE__>
-and C<__LINE__> parameters..
+and C<__LINE__> parameters..  If the argument to OPENSSL_secure_free()
 is NULL, nothing is done.
 OPENSSL_secure_clear_free() is similar to OPENSSL_secure_free() except
 that it has an additional C<num> parameter which is used to clear
 the memory if it was not allocated from the secure heap.
 If CRYPTO_secure_malloc_init() is not called, this is equivalent to
-calling OPENSSL_clear_free().
+calling OPENSSL_clear_free(). If the argument to OPENSSL_secure_clear_free()
 is NULL, nothing is done.
 OPENSSL_secure_actual_size() tells the actual size allocated to the
 pointer; implementations may allocate more space than initially
@ -133,7 +135,7 @@ a B<size_t> in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_CMP_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_CTX_new.pod
@ -176,6 +176,7 @@ the message timeout is set to 120 seconds,
 and the proof-of-possession method is set to OSSL_CRMF_POPO_SIGNATURE.
 OSSL_CMP_CTX_free() deallocates an OSSL_CMP_CTX structure.
 If the argument is NULL, nothing is done.
 OSSL_CMP_CTX_reinit() prepares the given I<ctx> for a further transaction by
 clearing the internal CMP transaction (aka session) status, PKIStatusInfo,
@ -312,6 +313,11 @@ RFC 4210.
        Allow retrieving a trust anchor from extraCerts and using that
        to validate the certificate chain of an IP message.
        This is a quirk option added to support 3GPP TS 33.310.
        Note that using this option is dangerous as the certificate obtained
        this way has not been authenticated (at least not at CMP level).
        Taking it over as a trust anchor implements trust-on-first-use (TOFU).
 =back
@ -796,7 +802,7 @@ OSSL_CMP_CTX_reset_geninfo_ITAVs() was added in OpenSSL 3.0.8.
 =head1 COPYRIGHT
-Copyright 2007-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_CMP_SRV_CTX_new.pod
+++ b/doc/man3/OSSL_CMP_SRV_CTX_new.pod
@ -104,6 +104,7 @@ associated with the library context I<libctx> and property query string
 I<propq>, both of which may be NULL to select the defaults.
 OSSL_CMP_SRV_CTX_free() deletes the given I<srv_ctx>.
 If the argument is NULL, nothing is done.
 OSSL_CMP_SRV_CTX_init() sets in the given I<srv_ctx> a custom server context
 pointer as well as callback functions performing the specific processing of CMP
@ -158,7 +159,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_CMP_validate_msg.pod
+++ b/doc/man3/OSSL_CMP_validate_msg.pod
@ -40,11 +40,14 @@ using any trust store set via L<OSSL_CMP_CTX_set0_trustedStore(3)>.
 If the option OSSL_CMP_OPT_PERMIT_TA_IN_EXTRACERTS_FOR_IR was set by calling
 L<OSSL_CMP_CTX_set_option(3)>, for an Initialization Response (IP) message
-any self-issued certificate from the I<msg> extraCerts field may also be used
+any self-issued certificate from the I<msg> extraCerts field may be used
-as trust anchor for the path verification of an acceptable cert if it can be
+as a trust anchor for the path verification of an 'acceptable' cert if it can be
 used also to validate the issued certificate returned in the IP message. This is
 according to TS 33.310 [Network Domain Security (NDS); Authentication Framework
 (AF)] document specified by the The 3rd Generation Partnership Project (3GPP).
 Note that using this option is dangerous as the certificate obtained this way
 has not been authenticated (at least not at CMP level).
 Taking it over as a trust anchor implements trust-on-first-use (TOFU).
 Any cert that has been found as described above is cached and tried first when
 validating the signatures of subsequent messages in the same transaction.
@ -74,7 +77,7 @@ The OpenSSL CMP support was added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_DECODER.pod
+++ b/doc/man3/OSSL_DECODER.pod
@ -61,6 +61,7 @@ I<decoder>.
 OSSL_DECODER_free() decrements the reference count for the given
 I<decoder>, and when the count reaches zero, frees it.
 If the argument is NULL, nothing is done.
 OSSL_DECODER_get0_provider() returns the provider of the given
 I<decoder>.
@ -180,7 +181,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_DECODER_CTX.pod
+++ b/doc/man3/OSSL_DECODER_CTX.pod
@ -126,6 +126,7 @@ decoders that have been added to the I<ctx> so far.  Parameters that an
 implementation doesn't recognise should be ignored by it.
 OSSL_DECODER_CTX_free() frees the given context I<ctx>.
 If the argument is NULL, nothing is done.
 OSSL_DECODER_CTX_add_decoder() populates the B<OSSL_DECODER_CTX> I<ctx> with
 a decoder, to be used to attempt to decode some encoded input.
@ -249,7 +250,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
+++ b/doc/man3/OSSL_DECODER_CTX_new_for_pkey.pod
@ -82,7 +82,7 @@ choice of preferred pass phrase callback form.  These are called indirectly,
 through an internal L<OSSL_PASSPHRASE_CALLBACK(3)> function.
 The internal L<OSSL_PASSPHRASE_CALLBACK(3)> function caches the pass phrase, to
-be re-used in all decodings that are performed in the same decoding run (for
+be reused in all decodings that are performed in the same decoding run (for
 example, within one L<OSSL_DECODER_from_bio(3)> call).
 =head2 Input Types
@ -135,7 +135,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_ENCODER.pod
+++ b/doc/man3/OSSL_ENCODER.pod
@ -61,6 +61,7 @@ I<encoder>.
 OSSL_ENCODER_free() decrements the reference count for the given
 I<encoder>, and when the count reaches zero, frees it.
 If the argument is NULL, nothing is done.
 OSSL_ENCODER_get0_provider() returns the provider of the given
 I<encoder>.
@ -134,7 +135,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_ENCODER_CTX.pod
+++ b/doc/man3/OSSL_ENCODER_CTX.pod
@ -102,6 +102,7 @@ with an L<OSSL_PARAM(3)> array I<params>.  Parameters that the
 implementation doesn't recognise should be ignored.
 OSSL_ENCODER_CTX_free() frees the given context I<ctx>.
 If the argument is NULL, nothing is done.
 OSSL_ENCODER_CTX_add_encoder() populates the B<OSSL_ENCODER_CTX>
 I<ctx> with a encoder, to be used to encode an input object.
@ -211,7 +212,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/doc/man3/OSSL_HTTP_REQ_CTX.pod
+++ b/doc/man3/OSSL_HTTP_REQ_CTX.pod
@ -71,6 +71,7 @@ which collects the HTTP request header lines.
 OSSL_HTTP_REQ_CTX_free() frees up the HTTP request context I<rctx>.
 The I<rbio> is not free'd, I<wbio> will be free'd if I<free_wbio> is set.
 If the argument is NULL, nothing is done.
 OSSL_HTTP_REQ_CTX_set_request_line() adds the 1st HTTP request line to I<rctx>.
 The HTTP method is determined by I<method_POST>,
@ -260,7 +261,7 @@ The functions described here were added in OpenSSL 3.0.
 =head1 COPYRIGHT
-Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
--- a/Show More
+++ b/Show More