Version in base suite: 3.5.5-1~deb13u1
Version in overlay suite: 3.5.5-1~deb13u2

Base version: openssl_3.5.5-1~deb13u2
Target version: openssl_3.5.6-1~deb13u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/o/openssl/openssl_3.5.5-1~deb13u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/o/openssl/openssl_3.5.6-1~deb13u1.dsc

 /srv/release.debian.org/tmp/5ncLo7hkfu/openssl-3.5.6/test/recipes/80-test_cms_data/dh-malformed.der   |binary
 /srv/release.debian.org/tmp/5ncLo7hkfu/openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-malformed.der |binary
 /srv/release.debian.org/tmp/5ncLo7hkfu/openssl-3.5.6/test/recipes/80-test_cms_data/rsa-malformed.der  |binary
 openssl-3.5.6/CHANGES.md                                                                              |  575 ++++---
 openssl-3.5.6/CONTRIBUTING.md                                                                         |   12 
 openssl-3.5.6/Configurations/10-main.conf                                                             |    3 
 openssl-3.5.6/Configurations/unix-Makefile.tmpl                                                       |    3 
 openssl-3.5.6/Configurations/windows-makefile.tmpl                                                    |    5 
 openssl-3.5.6/NEWS.md                                                                                 |  427 +++--
 openssl-3.5.6/VERSION.dat                                                                             |    4 
 openssl-3.5.6/apps/cmp.c                                                                              |   18 
 openssl-3.5.6/apps/include/cmp_mock_srv.h                                                             |    5 
 openssl-3.5.6/apps/lib/app_provider.c                                                                 |    3 
 openssl-3.5.6/apps/lib/apps.c                                                                         |   15 
 openssl-3.5.6/apps/lib/cmp_mock_srv.c                                                                 |   38 
 openssl-3.5.6/apps/lib/win32_init.c                                                                   |    3 
 openssl-3.5.6/apps/ocsp.c                                                                             |    2 
 openssl-3.5.6/apps/s_client.c                                                                         |    6 
 openssl-3.5.6/apps/ts.c                                                                               |    4 
 openssl-3.5.6/build.info                                                                              |   16 
 openssl-3.5.6/crypto/aes/asm/aes-riscv32-zkn.pl                                                       |    7 
 openssl-3.5.6/crypto/aes/asm/aes-riscv64-zkn.pl                                                       |    7 
 openssl-3.5.6/crypto/aes/asm/aes-riscv64-zvkned.pl                                                    |   13 
 openssl-3.5.6/crypto/aes/asm/aes-riscv64.pl                                                           |   10 
 openssl-3.5.6/crypto/asn1/evp_asn1.c                                                                  |    4 
 openssl-3.5.6/crypto/asn1/n_pkey.c                                                                    |    4 
 openssl-3.5.6/crypto/asn1/p5_scrypt.c                                                                 |   11 
 openssl-3.5.6/crypto/bf/bf_cfb64.c                                                                    |    4 
 openssl-3.5.6/crypto/bf/bf_ofb64.c                                                                    |    4 
 openssl-3.5.6/crypto/bio/bss_dgram.c                                                                  |    4 
 openssl-3.5.6/crypto/bio/bss_file.c                                                                   |   15 
 openssl-3.5.6/crypto/bn/asm/armv4-gf2m.pl                                                             |    4 
 openssl-3.5.6/crypto/bn/asm/rsaz-2k-avxifma.pl                                                        |  105 +
 openssl-3.5.6/crypto/bn/asm/rsaz-3k-avxifma.pl                                                        |   41 
 openssl-3.5.6/crypto/bn/asm/rsaz-4k-avxifma.pl                                                        |   41 
 openssl-3.5.6/crypto/bn/asm/sparcv9-mont.pl                                                           |    4 
 openssl-3.5.6/crypto/bn/bn_dh.c                                                                       |   66 
 openssl-3.5.6/crypto/bn/bn_exp.c                                                                      |   34 
 openssl-3.5.6/crypto/bn/bn_local.h                                                                    |    4 
 openssl-3.5.6/crypto/bn/bn_mont.c                                                                     |    9 
 openssl-3.5.6/crypto/bn/bn_ppc.c                                                                      |   10 
 openssl-3.5.6/crypto/bn/bn_prime.c                                                                    |    4 
 openssl-3.5.6/crypto/bn/bn_rsa_fips186_4.c                                                            |    4 
 openssl-3.5.6/crypto/bn/bn_sparc.c                                                                    |   16 
 openssl-3.5.6/crypto/bsearch.c                                                                        |    4 
 openssl-3.5.6/crypto/cast/c_cfb64.c                                                                   |    4 
 openssl-3.5.6/crypto/cast/c_ofb64.c                                                                   |    4 
 openssl-3.5.6/crypto/cmp/cmp_client.c                                                                 |   23 
 openssl-3.5.6/crypto/cmp/cmp_ctx.c                                                                    |    4 
 openssl-3.5.6/crypto/cmp/cmp_local.h                                                                  |    4 
 openssl-3.5.6/crypto/cmp/cmp_vfy.c                                                                    |   25 
 openssl-3.5.6/crypto/cms/cms_asn1.c                                                                   |   30 
 openssl-3.5.6/crypto/cms/cms_dh.c                                                                     |   15 
 openssl-3.5.6/crypto/cms/cms_ec.c                                                                     |   16 
 openssl-3.5.6/crypto/cms/cms_local.h                                                                  |    5 
 openssl-3.5.6/crypto/cms/cms_rsa.c                                                                    |   33 
 openssl-3.5.6/crypto/cms/cms_smime.c                                                                  |    6 
 openssl-3.5.6/crypto/conf/conf_lib.c                                                                  |    4 
 openssl-3.5.6/crypto/conf/conf_mod.c                                                                  |    4 
 openssl-3.5.6/crypto/des/cfb64ede.c                                                                   |    4 
 openssl-3.5.6/crypto/des/cfb64enc.c                                                                   |    4 
 openssl-3.5.6/crypto/des/ofb64ede.c                                                                   |    4 
 openssl-3.5.6/crypto/des/ofb64enc.c                                                                   |    4 
 openssl-3.5.6/crypto/dh/dh_asn1.c                                                                     |    7 
 openssl-3.5.6/crypto/dh/dh_rfc5114.c                                                                  |    6 
 openssl-3.5.6/crypto/dllmain.c                                                                        |    4 
 openssl-3.5.6/crypto/dsa/dsa_asn1.c                                                                   |    8 
 openssl-3.5.6/crypto/ec/ec_asn1.c                                                                     |   12 
 openssl-3.5.6/crypto/ec/ec_check.c                                                                    |    4 
 openssl-3.5.6/crypto/ec/ec_lib.c                                                                      |    4 
 openssl-3.5.6/crypto/err/err_all.c                                                                    |    6 
 openssl-3.5.6/crypto/err/openssl.txt                                                                  |    3 
 openssl-3.5.6/crypto/ess/ess_asn1.c                                                                   |    8 
 openssl-3.5.6/crypto/evp/digest.c                                                                     |    7 
 openssl-3.5.6/crypto/evp/e_aes.c                                                                      |   56 
 openssl-3.5.6/crypto/evp/e_aria.c                                                                     |   22 
 openssl-3.5.6/crypto/evp/e_camellia.c                                                                 |   22 
 openssl-3.5.6/crypto/evp/e_des.c                                                                      |   20 
 openssl-3.5.6/crypto/evp/e_des3.c                                                                     |   28 
 openssl-3.5.6/crypto/evp/e_idea.c                                                                     |    6 
 openssl-3.5.6/crypto/evp/e_sm4.c                                                                      |   14 
 openssl-3.5.6/crypto/evp/encode.c                                                                     |    4 
 openssl-3.5.6/crypto/evp/evp_enc.c                                                                    |   12 
 openssl-3.5.6/crypto/evp/kem.c                                                                        |    4 
 openssl-3.5.6/crypto/hashtable/hashtable.c                                                            |    6 
 openssl-3.5.6/crypto/http/http_client.c                                                               |   26 
 openssl-3.5.6/crypto/http/http_err.c                                                                  |    4 
 openssl-3.5.6/crypto/http/http_lib.c                                                                  |    8 
 openssl-3.5.6/crypto/idea/i_cfb64.c                                                                   |    3 
 openssl-3.5.6/crypto/idea/i_ofb64.c                                                                   |    3 
 openssl-3.5.6/crypto/init.c                                                                           |    7 
 openssl-3.5.6/crypto/initthread.c                                                                     |   14 
 openssl-3.5.6/crypto/modes/asm/aes-gcm-ppc.pl                                                         |    5 
 openssl-3.5.6/crypto/modes/asm/ghash-armv4.pl                                                         |    4 
 openssl-3.5.6/crypto/modes/build.info                                                                 |    2 
 openssl-3.5.6/crypto/o_str.c                                                                          |   15 
 openssl-3.5.6/crypto/param_build.c                                                                    |  108 +
 openssl-3.5.6/crypto/perlasm/x86_64-xlate.pl                                                          |    5 
 openssl-3.5.6/crypto/pkcs12/p12_mutl.c                                                                |    4 
 openssl-3.5.6/crypto/pkcs12/p12_utl.c                                                                 |    4 
 openssl-3.5.6/crypto/pkcs7/pk7_doit.c                                                                 |    8 
 openssl-3.5.6/crypto/pkcs7/pk7_lib.c                                                                  |    9 
 openssl-3.5.6/crypto/punycode.c                                                                       |    4 
 openssl-3.5.6/crypto/rand/rand_egd.c                                                                  |   25 
 openssl-3.5.6/crypto/rc2/rc2cfb64.c                                                                   |    4 
 openssl-3.5.6/crypto/rc2/rc2ofb64.c                                                                   |    4 
 openssl-3.5.6/crypto/rc5/rc5cfb64.c                                                                   |    4 
 openssl-3.5.6/crypto/rc5/rc5ofb64.c                                                                   |    4 
 openssl-3.5.6/crypto/riscvcap.c                                                                       |   37 
 openssl-3.5.6/crypto/rsa/rsa_backend.c                                                                |    4 
 openssl-3.5.6/crypto/sha/asm/keccak1600-s390x.pl                                                      |    3 
 openssl-3.5.6/crypto/slh_dsa/slh_dsa.c                                                                |   25 
 openssl-3.5.6/crypto/sm4/asm/vpsm4_ex-armv8.pl                                                        |   13 
 openssl-3.5.6/crypto/store/store_lib.c                                                                |    6 
 openssl-3.5.6/crypto/threads_none.c                                                                   |    4 
 openssl-3.5.6/crypto/threads_pthread.c                                                                |   57 
 openssl-3.5.6/crypto/threads_win.c                                                                    |    4 
 openssl-3.5.6/crypto/ts/ts_asn1.c                                                                     |   14 
 openssl-3.5.6/crypto/x509/pcy_tree.c                                                                  |   14 
 openssl-3.5.6/crypto/x509/t_acert.c                                                                   |    8 
 openssl-3.5.6/crypto/x509/v3_ac_tgt.c                                                                 |    8 
 openssl-3.5.6/crypto/x509/v3_cpols.c                                                                  |    4 
 openssl-3.5.6/crypto/x509/v3_prn.c                                                                    |    6 
 openssl-3.5.6/crypto/x509/v3_san.c                                                                    |    5 
 openssl-3.5.6/crypto/x509/v3_timespec.c                                                               |    4 
 openssl-3.5.6/crypto/x509/v3_utl.c                                                                    |    9 
 openssl-3.5.6/crypto/x509/x509_vfy.c                                                                  |    7 
 openssl-3.5.6/crypto/x509/x_pubkey.c                                                                  |    6 
 openssl-3.5.6/debian/changelog                                                                        |    7 
 openssl-3.5.6/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch                          |   44 
 openssl-3.5.6/debian/patches/Added-test-for-CVE-2026-28388.patch                                      |  124 -
 openssl-3.5.6/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch               |   40 
 openssl-3.5.6/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch          |    4 
 openssl-3.5.6/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch          |   23 
 openssl-3.5.6/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch                        |  100 -
 openssl-3.5.6/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch                                  |   82 -
 openssl-3.5.6/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch                      |  469 ------
 openssl-3.5.6/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch          |  157 --
 openssl-3.5.6/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch                  |   32 
 openssl-3.5.6/debian/patches/man-section.patch                                                        |    6 
 openssl-3.5.6/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch                   |  108 -
 openssl-3.5.6/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch               |   56 
 openssl-3.5.6/debian/patches/series                                                                   |   11 
 openssl-3.5.6/doc/build.info                                                                          |    6 
 openssl-3.5.6/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod                                             |    4 
 openssl-3.5.6/doc/internal/man3/ossl_cmp_msg_check_update.pod                                         |    5 
 openssl-3.5.6/doc/internal/man7/deprecation.pod                                                       |    4 
 openssl-3.5.6/doc/man1/CA.pl.pod                                                                      |    4 
 openssl-3.5.6/doc/man1/openssl-ciphers.pod.in                                                         |  773 +++++-----
 openssl-3.5.6/doc/man1/openssl-cmp.pod.in                                                             |   10 
 openssl-3.5.6/doc/man1/openssl-cms.pod.in                                                             |    2 
 openssl-3.5.6/doc/man1/openssl-format-options.pod                                                     |    4 
 openssl-3.5.6/doc/man1/openssl-pkeyutl.pod.in                                                         |    4 
 openssl-3.5.6/doc/man1/openssl-verification-options.pod                                               |    8 
 openssl-3.5.6/doc/man1/openssl-verify.pod.in                                                          |    7 
 openssl-3.5.6/doc/man3/ADMISSIONS.pod                                                                 |    4 
 openssl-3.5.6/doc/man3/BIO_get_data.pod                                                               |   11 
 openssl-3.5.6/doc/man3/BIO_push.pod                                                                   |    4 
 openssl-3.5.6/doc/man3/BIO_read.pod                                                                   |    6 
 openssl-3.5.6/doc/man3/EVP_EncryptInit.pod                                                            |   10 
 openssl-3.5.6/doc/man3/OPENSSL_malloc.pod                                                             |    6 
 openssl-3.5.6/doc/man3/OSSL_CMP_CTX_new.pod                                                           |   11 
 openssl-3.5.6/doc/man3/OSSL_HPKE_CTX_new.pod                                                          |    6 
 openssl-3.5.6/doc/man3/PKCS5_PBE_keyivgen.pod                                                         |   13 
 openssl-3.5.6/doc/man3/RSA_set_method.pod                                                             |   10 
 openssl-3.5.6/doc/man3/SSL_CONF_cmd.pod                                                               |   18 
 openssl-3.5.6/doc/man3/SSL_CTX_set1_curves.pod                                                        |  123 +
 openssl-3.5.6/doc/man3/SSL_CTX_set_psk_client_callback.pod                                            |   10 
 openssl-3.5.6/doc/man3/SSL_get_ciphers.pod                                                            |    4 
 openssl-3.5.6/doc/man3/X509V3_EXT_print.pod                                                           |   51 
 openssl-3.5.6/doc/man3/X509_NAME_print_ex.pod                                                         |    7 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-DSA.pod                                                          |    4 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-ECDSA.pod                                                        |    4 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-ED25519.pod                                                      |    4 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-HMAC.pod                                                         |    4 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-ML-DSA.pod                                                       |    6 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-RSA.pod                                                          |    4 
 openssl-3.5.6/doc/man7/EVP_SIGNATURE-SLH-DSA.pod                                                      |    4 
 openssl-3.5.6/doc/man7/openssl-env.pod                                                                |    9 
 openssl-3.5.6/doc/man7/ossl-guide-tls-introduction.pod                                                |    4 
 openssl-3.5.6/doc/man7/property.pod                                                                   |   34 
 openssl-3.5.6/doc/man7/provider-base.pod                                                              |    5 
 openssl-3.5.6/exporters/cmake/OpenSSLConfig.cmake.in                                                  |    1 
 openssl-3.5.6/exporters/cmake/OpenSSLConfigVersion.cmake.in                                           |    1 
 openssl-3.5.6/exporters/pkg-config/libcrypto.pc.in                                                    |    1 
 openssl-3.5.6/exporters/pkg-config/libssl.pc.in                                                       |    1 
 openssl-3.5.6/exporters/pkg-config/openssl.pc.in                                                      |    1 
 openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template.pm                                   |    4 
 openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm                        |    4 
 openssl-3.5.6/include/crypto/aes_platform.h                                                           |    4 
 openssl-3.5.6/include/crypto/evp.h                                                                    |   24 
 openssl-3.5.6/include/crypto/httperr.h                                                                |    2 
 openssl-3.5.6/include/crypto/sparc_arch.h                                                             |   14 
 openssl-3.5.6/include/crypto/sparse_array.h                                                           |    4 
 openssl-3.5.6/include/internal/time.h                                                                 |   72 
 openssl-3.5.6/include/openssl/cmp.h.in                                                                |    4 
 openssl-3.5.6/include/openssl/core_dispatch.h                                                         |   34 
 openssl-3.5.6/include/openssl/httperr.h                                                               |    3 
 openssl-3.5.6/include/openssl/macros.h                                                                |    3 
 openssl-3.5.6/include/openssl/rsa.h                                                                   |    6 
 openssl-3.5.6/include/openssl/types.h                                                                 |    4 
 openssl-3.5.6/providers/fips-sources.checksums                                                        |   96 -
 openssl-3.5.6/providers/fips.checksum                                                                 |    2 
 openssl-3.5.6/providers/fips/self_test.c                                                              |    4 
 openssl-3.5.6/providers/fips/self_test_kats.c                                                         |   11 
 openssl-3.5.6/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc                             |    8 
 openssl-3.5.6/providers/implementations/ciphers/cipher_aes_ocb.c                                      |    4 
 openssl-3.5.6/providers/implementations/ciphers/ciphercommon.c                                        |    6 
 openssl-3.5.6/providers/implementations/include/prov/ciphercommon_ccm.h                               |   16 
 openssl-3.5.6/providers/implementations/include/prov/ciphercommon_gcm.h                               |   14 
 openssl-3.5.6/providers/implementations/kdfs/pkcs12kdf.c                                              |   11 
 openssl-3.5.6/providers/implementations/kem/rsa_kem.c                                                 |   22 
 openssl-3.5.6/providers/implementations/keymgmt/ml_kem_kmgmt.c                                        |    4 
 openssl-3.5.6/providers/implementations/rands/drbg_hmac.c                                             |    4 
 openssl-3.5.6/providers/implementations/signature/dsa_sig.c                                           |   36 
 openssl-3.5.6/providers/implementations/signature/ecdsa_sig.c                                         |   47 
 openssl-3.5.6/providers/implementations/signature/sm2_sig.c                                           |   10 
 openssl-3.5.6/providers/implementations/storemgmt/file_store.c                                        |   11 
 openssl-3.5.6/providers/implementations/storemgmt/winstore_store.c                                    |    6 
 openssl-3.5.6/ssl/quic/quic_impl.c                                                                    |   47 
 openssl-3.5.6/ssl/quic/quic_lcidm.c                                                                   |   14 
 openssl-3.5.6/ssl/quic/quic_reactor.c                                                                 |    6 
 openssl-3.5.6/ssl/quic/quic_rx_depack.c                                                               |    3 
 openssl-3.5.6/ssl/quic/quic_srtm.c                                                                    |    7 
 openssl-3.5.6/ssl/quic/quic_stream_map.c                                                              |    3 
 openssl-3.5.6/ssl/quic/uint_set.c                                                                     |    4 
 openssl-3.5.6/ssl/record/methods/tls_common.c                                                         |   17 
 openssl-3.5.6/ssl/s3_lib.c                                                                            |    6 
 openssl-3.5.6/ssl/ssl_asn1.c                                                                          |    4 
 openssl-3.5.6/ssl/ssl_lib.c                                                                           |   22 
 openssl-3.5.6/ssl/ssl_sess.c                                                                          |    4 
 openssl-3.5.6/ssl/statem/statem_dtls.c                                                                |    8 
 openssl-3.5.6/ssl/t1_lib.c                                                                            |   96 -
 openssl-3.5.6/test/README-external.md                                                                 |    2 
 openssl-3.5.6/test/asn1_decode_test.c                                                                 |   14 
 openssl-3.5.6/test/asn1_encode_test.c                                                                 |   14 
 openssl-3.5.6/test/asn1_internal_test.c                                                               |   20 
 openssl-3.5.6/test/bntest.c                                                                           |   49 
 openssl-3.5.6/test/certs/cve-2026-28388-ca.pem                                                        |   19 
 openssl-3.5.6/test/certs/cve-2026-28388-crls.pem                                                      |   22 
 openssl-3.5.6/test/certs/cve-2026-28388-leaf.pem                                                      |   19 
 openssl-3.5.6/test/certs/ext-timeSpecification-periodic-no-second.pem                                 |   14 
 openssl-3.5.6/test/certs/mkcert.sh                                                                    |    4 
 openssl-3.5.6/test/cmp_client_test.c                                                                  |   75 
 openssl-3.5.6/test/evp_extra_test.c                                                                   |  110 +
 openssl-3.5.6/test/evp_test.c                                                                         |    4 
 openssl-3.5.6/test/fake_rsaprov.c                                                                     |    5 
 openssl-3.5.6/test/http_test.c                                                                        |   22 
 openssl-3.5.6/test/ossl_store_test.c                                                                  |    9 
 openssl-3.5.6/test/pkcs12_api_test.c                                                                  |   32 
 openssl-3.5.6/test/quicapitest.c                                                                      |   10 
 openssl-3.5.6/test/recipes/10-test_bn_data/bnmod.txt                                                  |   10 
 openssl-3.5.6/test/recipes/25-test_verify.t                                                           |   16 
 openssl-3.5.6/test/recipes/25-test_x509.t                                                             |   10 
 openssl-3.5.6/test/recipes/61-test_bio_readbuffer.t                                                   |    8 
 openssl-3.5.6/test/recipes/80-test_cmp_http_data/test_commands.csv                                    |    3 
 openssl-3.5.6/test/recipes/80-test_cms.t                                                              |   47 
 openssl-3.5.6/test/recipes/80-test_cms_data/dh-cert.pem                                               |   31 
 openssl-3.5.6/test/recipes/80-test_cms_data/dh-key.pem                                                |   15 
 openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-cert.pem                                             |   10 
 openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-key.pem                                              |    5 
 openssl-3.5.6/test/recipes/80-test_ocsp.t                                                             |   16 
 openssl-3.5.6/test/sslapitest.c                                                                       |   98 +
 openssl-3.5.6/test/tls-provider.c                                                                     |    5 
 openssl-3.5.6/test/tls13groupselection_test.c                                                         |   39 
 openssl-3.5.6/util/checkplatformsyms.pl                                                               |   40 
 openssl-3.5.6/util/missingcrypto.txt                                                                  |    2 
 openssl-3.5.6/util/mkerr.pl                                                                           |   77 
 openssl-3.5.6/util/mkinstallvars.pl                                                                   |    5 
 openssl-3.5.6/util/platform_symbols/windows-symbols.txt                                               |  339 +---
 openssl-3.5.6/util/wrap.pl.in                                                                         |    1 
 271 files changed, 3703 insertions(+), 3264 deletions(-)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpltev8lzf/openssl_3.5.5-1~deb13u2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpltev8lzf/openssl_3.5.6-1~deb13u1.dsc: no acceptable signature found
diff -Nru openssl-3.5.5/CHANGES.md openssl-3.5.6/CHANGES.md
--- openssl-3.5.5/CHANGES.md	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/CHANGES.md	2026-04-07 12:26:30.000000000 +0000
@@ -28,6 +28,150 @@
 OpenSSL 3.5
 -----------
 
+### Changes between 3.5.5 and 3.5.6 [7 Apr 2026]
+
+ * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
+
+   Severity: Moderate
+
+   Issue summary: Applications using RSASVE key encapsulation to establish
+   a secret encryption key can send contents of an uninitialized memory buffer
+   to a malicious peer.
+
+   Impact summary: The uninitialized buffer might contain sensitive data
+   from the previous execution of the application process which leads
+   to sensitive data leakage to an attacker.
+
+   Reported by: Simo Sorce (Red Hat).
+
+   ([CVE-2026-31790])
+
+   *Nikola Pajkovsky*
+
+ * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
+   is used in the server-side configuration of the key-agreement group list.
+
+   Severity: Low
+
+   Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected
+   preferred key exchange group when its key exchange group configuration
+   includes the default by using the 'DEFAULT' keyword.
+
+   Impact summary: A less preferred key exchange may be used even when a more
+   preferred group is supported by both client and server, if the group
+   was not included among the client's initial predicated keyshares.
+   This will sometimes be the case with the new hybrid post-quantum groups,
+   if the client chooses to defer their use until specifically requested by
+   the server.
+   <!-- https://github.com/openssl/openssl/pull/30111 -->
+
+   ([CVE-2026-2673])
+
+   *Viktor Dukhovni*
+
+ * Fixed potential use-after-free in DANE client code.
+
+   Severity: Low
+
+   Issue summary: An uncommon configuration of clients performing DANE
+   TLSA-based server authentication, when paired with uncommon server DANE TLSA
+   records, may result in a use-after-free and/or double-free on the client
+   side.
+
+   Impact summary: A use after free can have a range of potential consequences
+   such as the corruption of valid data, crashes, or execution of arbitrary
+   code.
+
+   Reported by: Igor Morgenstern (Aisle Research).
+
+   ([CVE-2026-28387])
+
+   *Viktor Dukhovni*
+
+ * Fixed NULL pointer dereference when processing a delta CRL.
+
+   Severity: Low
+
+   Issue summary: When a delta CRL that contains a Delta CRL Indicator extension
+   is processed, a NULL pointer dereference might happen if the required CRL
+   Number extension is missing.
+
+   Impact summary: A NULL pointer dereference can trigger a crash which
+   leads to a Denial of Service for an application.
+
+   Reported by: Igor Morgenstern (Aisle Research).
+
+   ([CVE-2026-28388])
+
+   *Igor Morgenstern*
+
+ * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
+
+   Severity: Low
+
+   Issue summary: During processing of a crafted CMS EnvelopedData message
+   with KeyAgreeRecipientInfo a NULL pointer dereference can happen.
+
+   Impact summary: Applications that process attacker-controlled CMS data may
+   crash before authentication or cryptographic operations occur resulting in
+   Denial of Service.
+
+   Reported by: Nathan Sportsman (Praetorian), Daniel Rhea,
+   Jaeho Nam (Seoul National University), Muhammad Daffa,
+   Zhanpeng Liu (Tencent Xuanwu Lab), Guannan Wang (Tencent Xuanwu Lab),
+   Guancheng Li (Tencent Xuanwu Lab), and Joshua Rogers.
+
+   ([CVE-2026-28389])
+
+   *Neil Horman*
+
+ * Fixed possible NULL dereference when processing CMS
+   KeyTransportRecipientInfo.
+
+   Severity: Low
+
+   Issue summary: During processing of a crafted CMS EnvelopedData message
+   with KeyTransportRecipientInfo a NULL pointer dereference can happen.
+
+   Impact summary: Applications that process attacker-controlled CMS data may
+   crash before authentication or cryptographic operations occur resulting in
+   Denial of Service.
+
+   Reported by: Muhammad Daffa, Zhanpeng Liu (Tencent Xuanwu Lab),
+   Guannan Wang (Tencent Xuanwu Lab), Guancheng Li (Tencent Xuanwu Lab),
+   Joshua Rogers, and Chanho Kim.
+
+   ([CVE-2026-28390])
+
+   *Neil Horman*
+
+ * Fixed heap buffer overflow in hexadecimal conversion.
+
+   Severity: Low
+
+   Issue summary: Converting an excessively large OCTET STRING value to
+   a hexadecimal string leads to a heap buffer overflow on 32 bit platforms.
+
+   Impact summary: A heap buffer overflow may lead to a crash or possibly
+   an attacker controlled code execution or other undefined behavior.
+
+   Reported by: Quoc Tran (Xint.io - US Team).
+
+   ([CVE-2026-31789])
+
+   *Igor Ustinov*
+
+ * Fixed usage of `openssl s_client -connect HOST -proxy PROXY` with `HOST`
+   containing a raw IPv6 address.
+   <!-- https://github.com/openssl/openssl/pull/30384 -->
+
+   *Peter Zhang*
+
+ * Fixed broken detection of plantext HTTP over TLS.
+   <!-- https://github.com/openssl/openssl/pull/30411 -->
+
+   *Matt Caswell*
+
 ### Changes between 3.5.4 and 3.5.5 [27 Jan 2026]
 
  * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
@@ -3461,7 +3605,7 @@
 
    *Richard Levitte*
 
- * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+ * Fixed an overflow bug in the x86_64 Montgomery squaring procedure
    used in exponentiation with 512-bit moduli. No EC algorithms are
    affected. Analysis suggests that attacks against 2-prime RSA1024,
    3-prime RSA1536, and DSA1024 as a result of this defect would be very
@@ -21607,216 +21751,223 @@
 
 <!-- Links -->
 
-[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
-[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
-[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
-[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
-[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
-[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
-[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
-[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
-[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
-[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
-[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
-[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
-[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
-[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
-[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
-[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
-[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
-[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
-[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
-[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
-[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
-[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
-[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
-[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
-[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
-[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
-[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
-[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
-[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
-[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
-[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
-[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
-[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
-[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
-[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
-[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
-[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
-[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
-[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
-[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
-[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
-[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
-[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
-[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
-[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
-[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
-[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
-[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
-[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
-[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
-[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
-[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
-[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
-[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
-[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
-[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
-[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
-[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
-[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
-[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
-[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
-[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
-[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
-[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
-[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
-[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
-[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
-[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
-[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
-[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
-[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
-[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
-[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
-[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
-[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
-[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
-[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
-[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
-[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
-[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
-[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
-[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
-[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
-[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
-[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
-[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
-[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
-[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
-[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
-[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
-[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
-[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
-[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
-[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
-[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
-[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
-[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
-[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
-[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
-[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
-[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
-[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
-[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
-[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
-[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
-[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
-[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
-[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
-[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
-[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
-[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
-[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
-[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
-[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
-[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
-[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
-[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
-[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
-[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
-[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
-[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
-[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
-[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
-[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
-[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
-[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
-[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
-[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
-[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
-[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
-[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
-[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
-[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
-[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
-[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
-[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
-[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
-[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
-[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
-[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
-[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
-[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
-[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
-[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
-[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
-[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
-[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
-[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
-[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
-[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
-[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
-[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
-[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
-[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
-[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
-[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
-[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
-[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
-[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
-[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
-[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
-[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
-[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
-[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
-[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
-[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
-[CVE-2011-4109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4109
-[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
-[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
-[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
-[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
-[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
-[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
-[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
-[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
-[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
-[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
-[CVE-2009-4355]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-4355
-[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
-[CVE-2009-3245]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3245
-[CVE-2009-1386]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1386
-[CVE-2009-1379]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1379
-[CVE-2009-1378]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1378
-[CVE-2009-1377]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-1377
-[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
-[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
-[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
-[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
-[CVE-2008-1678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1678
-[CVE-2008-1672]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-1672
-[CVE-2008-0891]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-0891
-[CVE-2007-5135]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-5135
-[CVE-2007-4995]: https://www.openssl.org/news/vulnerabilities.html#CVE-2007-4995
-[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
-[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
-[CVE-2006-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3738
-[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
-[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
-[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
-[CVE-2004-0112]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0112
-[CVE-2004-0079]: https://www.openssl.org/news/vulnerabilities.html#CVE-2004-0079
-[CVE-2003-0851]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0851
-[CVE-2003-0545]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0545
-[CVE-2003-0544]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0544
-[CVE-2003-0543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0543
-[CVE-2003-0078]: https://www.openssl.org/news/vulnerabilities.html#CVE-2003-0078
-[CVE-2002-0659]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0659
-[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
-[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
-[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
 [CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
+[CVE-2002-0655]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0655
+[CVE-2002-0656]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0656
+[CVE-2002-0657]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0657
+[CVE-2002-0659]: https://openssl-library.org/news/vulnerabilities/#CVE-2002-0659
+[CVE-2003-0078]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0078
+[CVE-2003-0543]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0543
+[CVE-2003-0544]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0544
+[CVE-2003-0545]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0545
+[CVE-2003-0851]: https://openssl-library.org/news/vulnerabilities/#CVE-2003-0851
+[CVE-2004-0079]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0079
+[CVE-2004-0112]: https://openssl-library.org/news/vulnerabilities/#CVE-2004-0112
+[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
+[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
+[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
+[CVE-2006-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3738
+[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
+[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
+[CVE-2007-4995]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-4995
+[CVE-2007-5135]: https://openssl-library.org/news/vulnerabilities/#CVE-2007-5135
+[CVE-2008-0891]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-0891
+[CVE-2008-1672]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1672
+[CVE-2008-1678]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-1678
+[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
+[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
+[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
+[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
+[CVE-2009-1377]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1377
+[CVE-2009-1378]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1378
+[CVE-2009-1379]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1379
+[CVE-2009-1386]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-1386
+[CVE-2009-3245]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3245
+[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
+[CVE-2009-4355]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-4355
+[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
+[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
+[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
+[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
+[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
+[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
+[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
+[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
+[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
+[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
+[CVE-2011-4109]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4109
+[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
+[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
+[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
+[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
+[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
+[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
+[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
+[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
+[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
+[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
+[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
+[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
+[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
+[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
+[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
+[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
+[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
+[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
+[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
+[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
+[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
+[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
+[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
+[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
+[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
+[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
+[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
+[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
+[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
+[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
+[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
+[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
+[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
+[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
+[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
+[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
+[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
+[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
+[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
+[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
+[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
+[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
+[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
+[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
+[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
+[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
+[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
+[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
+[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
+[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
+[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
+[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
+[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
+[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
+[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
+[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
+[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
+[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
+[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
+[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
+[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
+[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
+[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
+[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
+[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
+[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
+[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
+[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
+[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
+[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
+[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
+[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
+[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
+[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
+[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
+[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
+[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
+[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
+[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
+[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
+[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
+[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
+[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
+[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
+[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
+[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
+[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
+[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
+[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
+[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
+[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
+[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
+[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
+[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
+[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
+[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
+[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
+[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
+[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
+[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
+[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
+[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
+[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
+[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
+[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
+[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
+[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
+[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
+[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
+[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
+[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
+[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
+[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
+[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
+[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
+[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
+[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
+[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
+[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
+[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
+[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
+[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
+[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
+[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
+[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
+[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
+[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
+[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
+[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
+[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
+[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
+[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
+[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
+[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
+[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
+[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
+[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
+[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
+[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
+[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
+[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
+[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
+[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
+[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
+[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
+[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
+[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
+[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
+[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
+[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
+[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
+[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
+[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
+[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
+[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
+[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
+[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
+[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
+[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
+[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
+[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
+[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
+[RFC 2578 (STD 58), section 3.5]: https://datatracker.ietf.org/doc/html/rfc2578#section-3.5
diff -Nru openssl-3.5.5/CONTRIBUTING.md openssl-3.5.6/CONTRIBUTING.md
--- openssl-3.5.5/CONTRIBUTING.md	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/CONTRIBUTING.md	2026-04-07 12:26:30.000000000 +0000
@@ -27,6 +27,18 @@
 contributors should personally evaluate potential patches generated by
 automated tools.
 
+Provide a clear description of the issue or feature being addressed,
+including any relevant implementation details and, for performance
+improvements, benchmark results.
+
+Pull requests and commits should be self-contained, enabling readers to
+understand what changed and why without needing to reference related
+issues or having prior knowledge.  Commit messages should include all
+relevant details to help future contributors follow the git history,
+with clear explanations of what is changing and why.  Long descriptions
+are encouraged if they aid understanding.  Commit message titles (their
+first line) should be kept to 50-70 characters if possible.
+
 To make it easier to review and accept your pull request, please follow these
 guidelines:
 
diff -Nru openssl-3.5.5/Configurations/10-main.conf openssl-3.5.6/Configurations/10-main.conf
--- openssl-3.5.5/Configurations/10-main.conf	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/Configurations/10-main.conf	2026-04-07 12:26:30.000000000 +0000
@@ -5,7 +5,8 @@
 my $vc_win64a_info = {};
 sub vc_win64a_info {
     unless (%$vc_win64a_info) {
-        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+\.[0-9]+)/ && $1 >= 2.0) {
+        # Minimum NASM version is 2.09 otherwise SHA3 might be miscompiled
+        if (`nasm -v 2>NUL` =~ /NASM version ([0-9]+)\.([0-9]+)/ && ($1 > 2 || ($1 == 2 && $2 >= 9))) {
             $vc_win64a_info = { AS        => "nasm",
                                 ASFLAGS   => "-g",
                                 asflags   => "-Ox -f win64 -DNEAR",
diff -Nru openssl-3.5.5/Configurations/unix-Makefile.tmpl openssl-3.5.6/Configurations/unix-Makefile.tmpl
--- openssl-3.5.5/Configurations/unix-Makefile.tmpl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/Configurations/unix-Makefile.tmpl	2026-04-07 12:26:30.000000000 +0000
@@ -72,6 +72,7 @@
 CONFIGURE_ARGS=({- join(", ",quotify_l(@{$config{perlargv}})) -})
 SRCDIR={- $config{sourcedir} -}
 BLDDIR={- $config{builddir} -}
+RESULT_D=$(BLDDIR)/test-runs
 FIPSKEY={- $config{FIPSKEY} -}
 
 VERSION={- "$config{full_version}" -}
@@ -642,7 +643,7 @@
 	-find . -name '*{- platform->objext() -}' \! -name '.*' \! -type d -exec $(RM) {} \;
 	$(RM) core
 	$(RM) tags TAGS doc-nits md-nits
-	$(RM) -r test/test-runs
+	$(RM) -r $(RESULT_D)
 	$(RM) providers/fips*.new
 	-find . -type l \! -name '.*' -exec $(RM) {} \;
 
diff -Nru openssl-3.5.5/Configurations/windows-makefile.tmpl openssl-3.5.6/Configurations/windows-makefile.tmpl
--- openssl-3.5.5/Configurations/windows-makefile.tmpl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/Configurations/windows-makefile.tmpl	2026-04-07 12:26:30.000000000 +0000
@@ -38,6 +38,7 @@
 PLATFORM={- $config{target} -}
 SRCDIR={- $config{sourcedir} -}
 BLDDIR={- $config{builddir} -}
+RESULT_D=$(BLDDIR)\test-runs
 FIPSKEY={- $config{FIPSKEY} -}
 
 VERSION={- "$config{full_version}" -}
@@ -222,7 +223,7 @@
 LIBDIR={- our $libdir = $config{libdir} || "lib";
           file_name_is_absolute($libdir) ? "" : $libdir -}
 MODULESDIR_dev={- use File::Spec::Functions qw(:DEFAULT splitpath catpath);
-                  our $modulesprefix = catdir($prefix,$libdir);
+                  our $modulesprefix = file_name_is_absolute($libdir) ? $libdir : catdir($prefix,$libdir);
                   our ($modulesprefix_dev, $modulesprefix_dir,
                        $modulesprefix_file) =
                       splitpath($modulesprefix, 1);
@@ -484,7 +485,7 @@
 	-del /Q /S /F engines\*.lib engines\*.exp
 	-del /Q /S /F apps\*.lib apps\*.rc apps\*.res apps\*.exp
 	-del /Q /S /F test\*.exp
-	-rd /Q /S test\test-runs
+	-@if exist "$(RESULT_D)" rd /Q /S "$(RESULT_D)"
 
 distclean: clean
 	-del /Q /F include\openssl\configuration.h
diff -Nru openssl-3.5.5/NEWS.md openssl-3.5.6/NEWS.md
--- openssl-3.5.5/NEWS.md	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/NEWS.md	2026-04-07 12:26:30.000000000 +0000
@@ -23,6 +23,36 @@
 OpenSSL 3.5
 -----------
 
+### Major changes between OpenSSL 3.5.5 and OpenSSL 3.5.6 [7 Apr 2026]
+
+OpenSSL 3.5.6 is a security patch release. The most severe CVE fixed in this
+release is Medium.
+
+This release incorporates the following bug fixes and mitigations:
+
+  * Fixed incorrect failure handling in RSA KEM RSASVE encapsulation.
+    ([CVE-2026-31790])
+
+  * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
+    is used in the server-side configuration of the key-agreement group list.
+    ([CVE-2026-2673])
+
+  * Fixed potential use-after-free in DANE client code.
+    ([CVE-2026-28387])
+
+  * Fixed NULL pointer dereference when processing a delta CRL.
+    ([CVE-2026-28388])
+
+  * Fixed possible NULL dereference when processing CMS KeyAgreeRecipientInfo.
+    ([CVE-2026-28389])
+
+  * Fixed possible NULL dereference when processing CMS
+    KeyTransportRecipientInfo.
+    ([CVE-2026-28390])
+
+  * Fixed heap buffer overflow in hexadecimal conversion.
+    ([CVE-2026-31789])
+
 ### Major changes between OpenSSL 3.5.4 and OpenSSL 3.5.5 [27 Jan 2026]
 
 OpenSSL 3.5.5 is a security patch release. The most severe CVE fixed in this
@@ -758,7 +788,7 @@
 
 ### Major changes between OpenSSL 1.1.1d and OpenSSL 1.1.1e [17 Mar 2020]
 
-  * Fixed an overflow bug in the x64_64 Montgomery squaring procedure
+  * Fixed an overflow bug in the x86_64 Montgomery squaring procedure
     used in exponentiation with 512-bit moduli ([CVE-2019-1551])
 
 ### Major changes between OpenSSL 1.1.1c and OpenSSL 1.1.1d [10 Sep 2019]
@@ -1988,201 +2018,208 @@
   * Support for various new platforms
 
 <!-- Links -->
-[CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
-[CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
-[CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-[CVE-2025-69420]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69420
-[CVE-2025-69419]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69419
-[CVE-2025-69418]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69418
-[CVE-2025-68160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-68160
-[CVE-2025-66199]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-66199
-[CVE-2025-15469]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15469
-[CVE-2025-15468]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15468
-[CVE-2025-15467]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-15467
-[CVE-2025-11187]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-11187
-[CVE-2025-9232]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9232
-[CVE-2025-9231]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9231
-[CVE-2025-9230]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-9230
-[CVE-2025-4575]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-4575
-[CVE-2024-13176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-13176
-[CVE-2024-9143]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-9143
-[CVE-2024-6119]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-6119
-[CVE-2024-5535]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-5535
-[CVE-2024-4741]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4741
-[CVE-2024-4603]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-4603
-[CVE-2024-2511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-2511
-[CVE-2024-0727]: https://www.openssl.org/news/vulnerabilities.html#CVE-2024-0727
-[CVE-2023-6237]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6237
-[CVE-2023-6129]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-6129
-[CVE-2023-5678]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5678
-[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
-[CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
-[CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
-[CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
-[CVE-2023-2975]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2975
-[CVE-2023-2650]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-2650
-[CVE-2023-1255]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-1255
-[CVE-2023-0466]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0466
-[CVE-2023-0465]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0465
-[CVE-2023-0464]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0464
-[CVE-2023-0401]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0401
-[CVE-2023-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0286
-[CVE-2023-0217]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0217
-[CVE-2023-0216]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0216
-[CVE-2023-0215]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-0215
-[CVE-2022-4450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4450
-[CVE-2022-4304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4304
-[CVE-2022-4203]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-4203
-[CVE-2022-3996]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-3996
-[CVE-2022-2274]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2274
-[CVE-2022-2097]: https://www.openssl.org/news/vulnerabilities.html#CVE-2022-2097
-[CVE-2020-1971]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1971
-[CVE-2020-1967]: https://www.openssl.org/news/vulnerabilities.html#CVE-2020-1967
-[CVE-2019-1563]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1563
-[CVE-2019-1559]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1559
-[CVE-2019-1552]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1552
-[CVE-2019-1551]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1551
-[CVE-2019-1549]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1549
-[CVE-2019-1547]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1547
-[CVE-2019-1543]: https://www.openssl.org/news/vulnerabilities.html#CVE-2019-1543
-[CVE-2018-5407]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-5407
-[CVE-2018-0739]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0739
-[CVE-2018-0737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0737
-[CVE-2018-0735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0735
-[CVE-2018-0734]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0734
-[CVE-2018-0733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0733
-[CVE-2018-0732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2018-0732
-[CVE-2017-3738]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3738
-[CVE-2017-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3737
-[CVE-2017-3736]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3736
-[CVE-2017-3735]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3735
-[CVE-2017-3733]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3733
-[CVE-2017-3732]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3732
-[CVE-2017-3731]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3731
-[CVE-2017-3730]: https://www.openssl.org/news/vulnerabilities.html#CVE-2017-3730
-[CVE-2016-7055]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7055
-[CVE-2016-7054]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7054
-[CVE-2016-7053]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7053
-[CVE-2016-7052]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-7052
-[CVE-2016-6309]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6309
-[CVE-2016-6308]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6308
-[CVE-2016-6307]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6307
-[CVE-2016-6306]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6306
-[CVE-2016-6305]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6305
-[CVE-2016-6304]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6304
-[CVE-2016-6303]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6303
-[CVE-2016-6302]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-6302
-[CVE-2016-2183]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2183
-[CVE-2016-2182]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2182
-[CVE-2016-2181]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2181
-[CVE-2016-2180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2180
-[CVE-2016-2179]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2179
-[CVE-2016-2178]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2178
-[CVE-2016-2177]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2177
-[CVE-2016-2176]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2176
-[CVE-2016-2109]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2109
-[CVE-2016-2107]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2107
-[CVE-2016-2106]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2106
-[CVE-2016-2105]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-2105
-[CVE-2016-0800]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0800
-[CVE-2016-0799]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0799
-[CVE-2016-0798]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0798
-[CVE-2016-0797]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0797
-[CVE-2016-0705]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0705
-[CVE-2016-0702]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0702
-[CVE-2016-0701]: https://www.openssl.org/news/vulnerabilities.html#CVE-2016-0701
-[CVE-2015-3197]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3197
-[CVE-2015-3196]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3196
-[CVE-2015-3195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3195
-[CVE-2015-3194]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3194
-[CVE-2015-3193]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-3193
-[CVE-2015-1793]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1793
-[CVE-2015-1792]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1792
-[CVE-2015-1791]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1791
-[CVE-2015-1790]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1790
-[CVE-2015-1789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1789
-[CVE-2015-1788]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1788
-[CVE-2015-1787]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-1787
-[CVE-2015-0293]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0293
-[CVE-2015-0291]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0291
-[CVE-2015-0290]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0290
-[CVE-2015-0289]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0289
-[CVE-2015-0288]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0288
-[CVE-2015-0287]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0287
-[CVE-2015-0286]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0286
-[CVE-2015-0285]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0285
-[CVE-2015-0209]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0209
-[CVE-2015-0208]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0208
-[CVE-2015-0207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0207
-[CVE-2015-0206]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0206
-[CVE-2015-0205]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0205
-[CVE-2015-0204]: https://www.openssl.org/news/vulnerabilities.html#CVE-2015-0204
-[CVE-2014-8275]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-8275
-[CVE-2014-5139]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-5139
-[CVE-2014-3572]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3572
-[CVE-2014-3571]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3571
-[CVE-2014-3570]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3570
-[CVE-2014-3569]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3569
-[CVE-2014-3568]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3568
-[CVE-2014-3567]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3567
-[CVE-2014-3566]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3566
-[CVE-2014-3513]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3513
-[CVE-2014-3512]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3512
-[CVE-2014-3511]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3511
-[CVE-2014-3510]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3510
-[CVE-2014-3509]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3509
-[CVE-2014-3508]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3508
-[CVE-2014-3507]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3507
-[CVE-2014-3506]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3506
-[CVE-2014-3505]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3505
-[CVE-2014-3470]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-3470
-[CVE-2014-0224]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0224
-[CVE-2014-0221]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0221
-[CVE-2014-0198]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0198
-[CVE-2014-0195]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0195
-[CVE-2014-0160]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0160
-[CVE-2014-0076]: https://www.openssl.org/news/vulnerabilities.html#CVE-2014-0076
-[CVE-2013-6450]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6450
-[CVE-2013-6449]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-6449
-[CVE-2013-4353]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-4353
-[CVE-2013-0169]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0169
-[CVE-2013-0166]: https://www.openssl.org/news/vulnerabilities.html#CVE-2013-0166
-[CVE-2012-2686]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2686
-[CVE-2012-2333]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2333
-[CVE-2012-2110]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-2110
-[CVE-2012-0884]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0884
-[CVE-2012-0050]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0050
-[CVE-2012-0027]: https://www.openssl.org/news/vulnerabilities.html#CVE-2012-0027
-[CVE-2011-4619]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4619
-[CVE-2011-4577]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4577
-[CVE-2011-4576]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4576
-[CVE-2011-4108]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-4108
-[CVE-2011-3210]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3210
-[CVE-2011-3207]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-3207
-[CVE-2011-0014]: https://www.openssl.org/news/vulnerabilities.html#CVE-2011-0014
-[CVE-2010-5298]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-5298
-[CVE-2010-4252]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4252
-[CVE-2010-4180]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-4180
-[CVE-2010-3864]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-3864
-[CVE-2010-2939]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-2939
-[CVE-2010-1633]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-1633
-[CVE-2010-0740]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0740
-[CVE-2010-0433]: https://www.openssl.org/news/vulnerabilities.html#CVE-2010-0433
-[CVE-2009-3555]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-3555
-[CVE-2009-0789]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0789
-[CVE-2009-0591]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0591
-[CVE-2009-0590]: https://www.openssl.org/news/vulnerabilities.html#CVE-2009-0590
-[CVE-2008-5077]: https://www.openssl.org/news/vulnerabilities.html#CVE-2008-5077
-[CVE-2006-4343]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4343
-[CVE-2006-4339]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-4339
-[CVE-2006-3737]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-3737
-[CVE-2006-2940]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2940
-[CVE-2006-2937]: https://www.openssl.org/news/vulnerabilities.html#CVE-2006-2937
-[CVE-2005-2969]: https://www.openssl.org/news/vulnerabilities.html#CVE-2005-2969
-[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
 [CHANGES.md]: ./CHANGES.md
-[README-QUIC.md]: ./README-QUIC.md
-[issue tracker]: https://github.com/openssl/openssl/issues
 [CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
+[CVE-2005-2969]: https://openssl-library.org/news/vulnerabilities/#CVE-2005-2969
+[CVE-2006-2937]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2937
+[CVE-2006-2940]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-2940
+[CVE-2006-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-3737
+[CVE-2006-4339]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4339
+[CVE-2006-4343]: https://openssl-library.org/news/vulnerabilities/#CVE-2006-4343
+[CVE-2008-5077]: https://openssl-library.org/news/vulnerabilities/#CVE-2008-5077
+[CVE-2009-0590]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0590
+[CVE-2009-0591]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0591
+[CVE-2009-0789]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-0789
+[CVE-2009-3555]: https://openssl-library.org/news/vulnerabilities/#CVE-2009-3555
+[CVE-2010-0433]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0433
+[CVE-2010-0740]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-0740
+[CVE-2010-1633]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-1633
+[CVE-2010-2939]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-2939
+[CVE-2010-3864]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-3864
+[CVE-2010-4180]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4180
+[CVE-2010-4252]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-4252
+[CVE-2010-5298]: https://openssl-library.org/news/vulnerabilities/#CVE-2010-5298
+[CVE-2011-0014]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-0014
+[CVE-2011-3207]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3207
+[CVE-2011-3210]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-3210
+[CVE-2011-4108]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4108
+[CVE-2011-4576]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4576
+[CVE-2011-4577]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4577
+[CVE-2011-4619]: https://openssl-library.org/news/vulnerabilities/#CVE-2011-4619
+[CVE-2012-0027]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0027
+[CVE-2012-0050]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0050
+[CVE-2012-0884]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-0884
+[CVE-2012-2110]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2110
+[CVE-2012-2333]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2333
+[CVE-2012-2686]: https://openssl-library.org/news/vulnerabilities/#CVE-2012-2686
+[CVE-2013-0166]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0166
+[CVE-2013-0169]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-0169
+[CVE-2013-4353]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-4353
+[CVE-2013-6449]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6449
+[CVE-2013-6450]: https://openssl-library.org/news/vulnerabilities/#CVE-2013-6450
+[CVE-2014-0076]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0076
+[CVE-2014-0160]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0160
+[CVE-2014-0195]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0195
+[CVE-2014-0198]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0198
+[CVE-2014-0221]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0221
+[CVE-2014-0224]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-0224
+[CVE-2014-3470]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3470
+[CVE-2014-3505]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3505
+[CVE-2014-3506]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3506
+[CVE-2014-3507]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3507
+[CVE-2014-3508]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3508
+[CVE-2014-3509]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3509
+[CVE-2014-3510]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3510
+[CVE-2014-3511]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3511
+[CVE-2014-3512]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3512
+[CVE-2014-3513]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3513
+[CVE-2014-3566]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3566
+[CVE-2014-3567]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3567
+[CVE-2014-3568]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3568
+[CVE-2014-3569]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3569
+[CVE-2014-3570]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3570
+[CVE-2014-3571]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3571
+[CVE-2014-3572]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-3572
+[CVE-2014-5139]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-5139
+[CVE-2014-8275]: https://openssl-library.org/news/vulnerabilities/#CVE-2014-8275
+[CVE-2015-0204]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0204
+[CVE-2015-0205]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0205
+[CVE-2015-0206]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0206
+[CVE-2015-0207]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0207
+[CVE-2015-0208]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0208
+[CVE-2015-0209]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0209
+[CVE-2015-0285]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0285
+[CVE-2015-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0286
+[CVE-2015-0287]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0287
+[CVE-2015-0288]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0288
+[CVE-2015-0289]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0289
+[CVE-2015-0290]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0290
+[CVE-2015-0291]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0291
+[CVE-2015-0293]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-0293
+[CVE-2015-1787]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1787
+[CVE-2015-1788]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1788
+[CVE-2015-1789]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1789
+[CVE-2015-1790]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1790
+[CVE-2015-1791]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1791
+[CVE-2015-1792]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1792
+[CVE-2015-1793]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-1793
+[CVE-2015-3193]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3193
+[CVE-2015-3194]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3194
+[CVE-2015-3195]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3195
+[CVE-2015-3196]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3196
+[CVE-2015-3197]: https://openssl-library.org/news/vulnerabilities/#CVE-2015-3197
+[CVE-2016-0701]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0701
+[CVE-2016-0702]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0702
+[CVE-2016-0705]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0705
+[CVE-2016-0797]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0797
+[CVE-2016-0798]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0798
+[CVE-2016-0799]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0799
+[CVE-2016-0800]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-0800
+[CVE-2016-2105]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2105
+[CVE-2016-2106]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2106
+[CVE-2016-2107]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2107
+[CVE-2016-2109]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2109
+[CVE-2016-2176]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2176
+[CVE-2016-2177]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2177
+[CVE-2016-2178]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2178
+[CVE-2016-2179]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2179
+[CVE-2016-2180]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2180
+[CVE-2016-2181]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2181
+[CVE-2016-2182]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2182
+[CVE-2016-2183]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-2183
+[CVE-2016-6302]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6302
+[CVE-2016-6303]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6303
+[CVE-2016-6304]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6304
+[CVE-2016-6305]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6305
+[CVE-2016-6306]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6306
+[CVE-2016-6307]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6307
+[CVE-2016-6308]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6308
+[CVE-2016-6309]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-6309
+[CVE-2016-7052]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7052
+[CVE-2016-7053]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7053
+[CVE-2016-7054]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7054
+[CVE-2016-7055]: https://openssl-library.org/news/vulnerabilities/#CVE-2016-7055
+[CVE-2017-3730]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3730
+[CVE-2017-3731]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3731
+[CVE-2017-3732]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3732
+[CVE-2017-3733]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3733
+[CVE-2017-3735]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3735
+[CVE-2017-3736]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3736
+[CVE-2017-3737]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3737
+[CVE-2017-3738]: https://openssl-library.org/news/vulnerabilities/#CVE-2017-3738
+[CVE-2018-0732]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0732
+[CVE-2018-0733]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0733
+[CVE-2018-0734]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0734
+[CVE-2018-0735]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0735
+[CVE-2018-0737]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0737
+[CVE-2018-0739]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-0739
+[CVE-2018-5407]: https://openssl-library.org/news/vulnerabilities/#CVE-2018-5407
+[CVE-2019-1543]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1543
+[CVE-2019-1547]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1547
+[CVE-2019-1549]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1549
+[CVE-2019-1551]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1551
+[CVE-2019-1552]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1552
+[CVE-2019-1559]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1559
+[CVE-2019-1563]: https://openssl-library.org/news/vulnerabilities/#CVE-2019-1563
+[CVE-2020-1967]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1967
+[CVE-2020-1971]: https://openssl-library.org/news/vulnerabilities/#CVE-2020-1971
+[CVE-2022-2097]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2097
+[CVE-2022-2274]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-2274
+[CVE-2022-3996]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-3996
+[CVE-2022-4203]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4203
+[CVE-2022-4304]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4304
+[CVE-2022-4450]: https://openssl-library.org/news/vulnerabilities/#CVE-2022-4450
+[CVE-2023-0215]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0215
+[CVE-2023-0216]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0216
+[CVE-2023-0217]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0217
+[CVE-2023-0286]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0286
+[CVE-2023-0401]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0401
+[CVE-2023-0464]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0464
+[CVE-2023-0465]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0465
+[CVE-2023-0466]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-0466
+[CVE-2023-1255]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-1255
+[CVE-2023-2650]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2650
+[CVE-2023-2975]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-2975
+[CVE-2023-3446]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3446
+[CVE-2023-3817]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-3817
+[CVE-2023-4807]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-4807
+[CVE-2023-5363]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5363
+[CVE-2023-5678]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-5678
+[CVE-2023-6129]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6129
+[CVE-2023-6237]: https://openssl-library.org/news/vulnerabilities/#CVE-2023-6237
+[CVE-2024-0727]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-0727
+[CVE-2024-2511]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-2511
+[CVE-2024-4603]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4603
+[CVE-2024-4741]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-4741
+[CVE-2024-5535]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-5535
+[CVE-2024-6119]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-6119
+[CVE-2024-9143]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-9143
+[CVE-2024-13176]: https://openssl-library.org/news/vulnerabilities/#CVE-2024-13176
+[CVE-2025-4575]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-4575
+[CVE-2025-9230]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9230
+[CVE-2025-9231]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9231
+[CVE-2025-9232]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-9232
+[CVE-2025-11187]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-11187
+[CVE-2025-15467]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15467
+[CVE-2025-15468]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15468
+[CVE-2025-15469]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-15469
+[CVE-2025-66199]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-66199
+[CVE-2025-68160]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-68160
+[CVE-2025-69418]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69418
+[CVE-2025-69419]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69419
+[CVE-2025-69420]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69420
+[CVE-2025-69421]: https://openssl-library.org/news/vulnerabilities/#CVE-2025-69421
+[CVE-2026-2673]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-2673
+[CVE-2026-22795]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22795
+[CVE-2026-22796]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-22796
+[CVE-2026-28387]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28387
+[CVE-2026-28388]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28388
+[CVE-2026-28389]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28389
+[CVE-2026-28390]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-28390
+[CVE-2026-31789]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31789
+[CVE-2026-31790]: https://openssl-library.org/news/vulnerabilities/#CVE-2026-31790
 [ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
+[OpenSSL Guide]: https://www.openssl.org/docs/manmaster/man7/ossl-guide-introduction.html
+[README-QUIC.md]: ./README-QUIC.md
+[issue tracker]: https://github.com/openssl/openssl/issues
 [jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library
diff -Nru openssl-3.5.5/VERSION.dat openssl-3.5.6/VERSION.dat
--- openssl-3.5.5/VERSION.dat	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/VERSION.dat	2026-04-07 12:26:30.000000000 +0000
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=5
-PATCH=5
+PATCH=6
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="27 Jan 2026"
+RELEASE_DATE="7 Apr 2026"
 SHLIB_VERSION=3
diff -Nru openssl-3.5.5/apps/cmp.c openssl-3.5.6/apps/cmp.c
--- openssl-3.5.5/apps/cmp.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/cmp.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -1421,7 +1421,10 @@
         out_vpm = X509_STORE_get0_param(out_trusted);
         X509_VERIFY_PARAM_clear_flags(out_vpm, X509_V_FLAG_USE_CHECK_TIME);
 
-        (void)OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted);
+        if (!OSSL_CMP_CTX_set_certConf_cb_arg(ctx, out_trusted)) {
+            X509_STORE_free(out_trusted);
+            return 0;
+        }
     }
 
     if (opt_disable_confirm)
@@ -3390,6 +3393,12 @@
             int paramtype;
             const void *param;
 
+            /* NULL check to prevent dereferencing a NULL pointer when print_keyspec is called */
+            if (alg == NULL) {
+                BIO_puts(mem, "Key algorithm: <absent>\n");
+                break;
+            }
+
             X509_ALGOR_get0(&oid, &paramtype, &param, alg);
             BIO_printf(mem, "Key algorithm: ");
             i2a_ASN1_OBJECT(mem, oid);
@@ -3789,8 +3798,7 @@
     if (opt_ignore_keyusage)
         (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_IGNORE_KEYUSAGE, 1);
     if (opt_no_cache_extracerts)
-        (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS,
-            1);
+        (void)OSSL_CMP_CTX_set_option(cmp_ctx, OSSL_CMP_OPT_NO_CACHE_EXTRACERTS, 1);
 
     if (opt_reqout_only == NULL && (opt_use_mock_srv
 #if !defined(OPENSSL_NO_SOCK) && !defined(OPENSSL_NO_HTTP)
@@ -3806,7 +3814,7 @@
 
         srv_cmp_ctx = OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx);
         if (!OSSL_CMP_CTX_set_log_cb(srv_cmp_ctx, print_to_bio_err)) {
-            CMP_err1("cannot set up error reporting and logging for %s", prog);
+            CMP_err1("cannot set up server-side error reporting and logging for %s", prog);
             goto err;
         }
         OSSL_CMP_CTX_set_log_verbosity(srv_cmp_ctx, opt_verbosity);
diff -Nru openssl-3.5.5/apps/include/cmp_mock_srv.h openssl-3.5.6/apps/include/cmp_mock_srv.h
--- openssl-3.5.5/apps/include/cmp_mock_srv.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/include/cmp_mock_srv.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -19,6 +19,8 @@
 OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx,
     const char *propq);
 void ossl_cmp_mock_srv_free(OSSL_CMP_SRV_CTX *srv_ctx);
+OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
+    const OSSL_CMP_MSG *req);
 
 int ossl_cmp_mock_srv_set1_refCert(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
 int ossl_cmp_mock_srv_set1_certOut(OSSL_CMP_SRV_CTX *srv_ctx, X509 *cert);
@@ -34,6 +36,7 @@
 int ossl_cmp_mock_srv_set_statusInfo(OSSL_CMP_SRV_CTX *srv_ctx, int status,
     int fail_info, const char *text);
 int ossl_cmp_mock_srv_set_sendError(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
+int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype);
 int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count);
 int ossl_cmp_mock_srv_set_checkAfterTime(OSSL_CMP_SRV_CTX *srv_ctx, int sec);
 
diff -Nru openssl-3.5.5/apps/lib/app_provider.c openssl-3.5.6/apps/lib/app_provider.c
--- openssl-3.5.5/apps/lib/app_provider.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/lib/app_provider.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,6 +47,7 @@
         app_providers = sk_OSSL_PROVIDER_new_null();
     if (app_providers == NULL
         || !sk_OSSL_PROVIDER_push(app_providers, prov)) {
+        OSSL_PROVIDER_unload(prov);
         app_providers_cleanup();
         return 0;
     }
diff -Nru openssl-3.5.5/apps/lib/apps.c openssl-3.5.6/apps/lib/apps.c
--- openssl-3.5.5/apps/lib/apps.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/lib/apps.c	2026-04-07 12:26:30.000000000 +0000
@@ -191,8 +191,13 @@
     }
     if (arg2 != NULL) {
         *pass2 = app_get_pass(arg2, same ? 2 : 0);
-        if (*pass2 == NULL)
+        if (*pass2 == NULL) {
+            if (pass1 != NULL) {
+                clear_free(*pass1);
+                *pass1 = NULL;
+            }
             return 0;
+        }
     } else if (pass2 != NULL) {
         *pass2 = NULL;
     }
@@ -263,15 +268,15 @@
             }
         } else {
             /* argument syntax error; do not reveal too much about arg */
-            tmp = strchr(arg, ':');
-            if (tmp == NULL || tmp - arg > PASS_SOURCE_SIZE_MAX)
+            const char *arg_ptr = strchr(arg, ':');
+            if (arg_ptr == NULL || arg_ptr - arg > PASS_SOURCE_SIZE_MAX)
                 BIO_printf(bio_err,
                     "Invalid password argument, missing ':' within the first %d chars\n",
                     PASS_SOURCE_SIZE_MAX + 1);
             else
                 BIO_printf(bio_err,
                     "Invalid password argument, starting with \"%.*s\"\n",
-                    (int)(tmp - arg + 1), arg);
+                    (int)(arg_ptr - arg + 1), arg);
             return NULL;
         }
     }
@@ -2494,7 +2499,7 @@
 
 error:
     X509_CRL_free(crl);
-    sk_X509_CRL_free(crls);
+    sk_X509_CRL_pop_free(crls, X509_CRL_free);
     return NULL;
 }
 
diff -Nru openssl-3.5.5/apps/lib/cmp_mock_srv.c openssl-3.5.6/apps/lib/cmp_mock_srv.c
--- openssl-3.5.5/apps/lib/cmp_mock_srv.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/lib/cmp_mock_srv.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -10,6 +10,7 @@
 
 #include "apps.h"
 #include "cmp_mock_srv.h"
+#include "../../crypto/cmp/cmp_local.h" /* for access to msg->protection */
 
 #include <openssl/cmp.h>
 #include <openssl/err.h>
@@ -28,6 +29,7 @@
     X509 *oldWithNew; /* to return in oldWithNew of rootKeyUpdate */
     OSSL_CMP_PKISI *statusOut; /* status for ip/cp/kup/rp msg unless polling */
     int sendError; /* send error response on given request type */
+    int useBadProtection; /* use bad protection on given response type */
     OSSL_CMP_MSG *req; /* original request message during polling */
     int pollCount; /* number of polls before actual cert response */
     int curr_pollCount; /* number of polls so far for current request */
@@ -59,6 +61,7 @@
         goto err;
 
     ctx->sendError = -1;
+    ctx->useBadProtection = -1;
 
     /* all other elements are initialized to 0 or NULL, respectively */
     return ctx;
@@ -187,6 +190,19 @@
     return 1;
 }
 
+int ossl_cmp_mock_srv_set_useBadProtection(OSSL_CMP_SRV_CTX *srv_ctx, int bodytype)
+{
+    mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
+
+    if (ctx == NULL) {
+        ERR_raise(ERR_LIB_CMP, CMP_R_NULL_ARGUMENT);
+        return 0;
+    }
+    /* might check bodytype, but this would require exporting all body types */
+    ctx->useBadProtection = bodytype;
+    return 1;
+}
+
 int ossl_cmp_mock_srv_set_pollCount(OSSL_CMP_SRV_CTX *srv_ctx, int count)
 {
     mock_srv_ctx *ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
@@ -591,6 +607,7 @@
         if (rsp != NULL && sk_OSSL_CMP_ITAV_push(*out, rsp))
             return 1;
         sk_OSSL_CMP_ITAV_free(*out);
+        OSSL_CMP_ITAV_free(rsp);
         return 0;
     }
 
@@ -712,6 +729,25 @@
     return 1;
 }
 
+OSSL_CMP_MSG *ossl_cmp_mock_server_perform(OSSL_CMP_CTX *ctx,
+    const OSSL_CMP_MSG *req)
+{
+    OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_CTX_get_transfer_cb_arg(ctx);
+    OSSL_CMP_MSG *rsp = OSSL_CMP_CTX_server_perform(ctx, req);
+
+    if (srv_ctx != NULL && rsp != NULL) {
+        mock_srv_ctx *mock_ctx = OSSL_CMP_SRV_CTX_get0_custom_ctx(srv_ctx);
+
+        if (mock_ctx != NULL && OSSL_CMP_MSG_get_bodytype(rsp) == mock_ctx->useBadProtection) {
+            ASN1_BIT_STRING *prot = rsp->protection;
+
+            if (prot != NULL && prot->length != 0 && prot->data != NULL)
+                prot->data[0] ^= 0x80; /* flip most significant bit of the first byte */
+        }
+    }
+    return rsp;
+}
+
 OSSL_CMP_SRV_CTX *ossl_cmp_mock_srv_new(OSSL_LIB_CTX *libctx, const char *propq)
 {
     OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(libctx, propq);
diff -Nru openssl-3.5.5/apps/lib/win32_init.c openssl-3.5.6/apps/lib/win32_init.c
--- openssl-3.5.5/apps/lib/win32_init.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/lib/win32_init.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -10,7 +10,6 @@
 #include <windows.h>
 #include <stdlib.h>
 #include <string.h>
-#include <malloc.h>
 
 #if defined(CP_UTF8)
 
diff -Nru openssl-3.5.5/apps/ocsp.c openssl-3.5.6/apps/ocsp.c
--- openssl-3.5.5/apps/ocsp.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/ocsp.c	2026-04-07 12:26:30.000000000 +0000
@@ -876,7 +876,7 @@
 
         i = OCSP_basic_verify(bs, verify_other, store, verify_flags);
         if (i <= 0 && issuers) {
-            i = OCSP_basic_verify(bs, issuers, store, OCSP_TRUSTOTHER);
+            i = OCSP_basic_verify(bs, issuers, store, verify_flags);
             if (i > 0)
                 ERR_clear_error();
         }
diff -Nru openssl-3.5.5/apps/s_client.c openssl-3.5.6/apps/s_client.c
--- openssl-3.5.5/apps/s_client.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/s_client.c	2026-04-07 12:26:30.000000000 +0000
@@ -3892,7 +3892,11 @@
 
 static int user_data_add(struct user_data_st *user_data, size_t i)
 {
-    if (user_data->buflen != 0 || i > user_data->bufmax)
+    /*
+     * We must allow one byte for a NUL terminator so i must be less than
+     * bufmax
+     */
+    if (user_data->buflen != 0 || i >= user_data->bufmax)
         return 0;
 
     user_data->buflen = i;
diff -Nru openssl-3.5.5/apps/ts.c openssl-3.5.6/apps/ts.c
--- openssl-3.5.5/apps/ts.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/apps/ts.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -348,7 +348,7 @@
         if ((in != NULL) && (queryfile != NULL))
             goto opthelp;
         if (in == NULL) {
-            if ((conf == NULL) || (token_in != 0))
+            if (conf == NULL || token_in != 0 || queryfile == NULL)
                 goto opthelp;
         }
         ret = !reply_command(conf, section, engine, queryfile,
diff -Nru openssl-3.5.5/build.info openssl-3.5.6/build.info
--- openssl-3.5.5/build.info	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/build.info	2026-04-07 12:26:30.000000000 +0000
@@ -108,12 +108,10 @@
   SHARED_SOURCE[libssl]=libssl.rc
 ENDIF
 
-# This file sets the build directory up for CMake inclusion
-# Note: This generation of OpenSSLConfig[Version].cmake is used
-# for building openssl locally, and so the build variables are 
-# taken from builddata.pm rather than installdata.pm.  For exportable
-# versions of these generated files, you'll find them in the exporters
-# directory
+# These files set the build directory up for CMake inclusion.
+# To achieve this, their variables are taken from builddata.pm.
+# These files are not installed; you will find the installable
+# versions in the 'exporters' directory.
 GENERATE[OpenSSLConfig.cmake]=exporters/cmake/OpenSSLConfig.cmake.in
 DEPEND[OpenSSLConfig.cmake]=builddata.pm
 GENERATE[OpenSSLConfigVersion.cmake]=exporters/cmake/OpenSSLConfigVersion.cmake.in
@@ -121,7 +119,10 @@
 DEPEND[OpenSSLConfigVersion.cmake]=OpenSSLConfig.cmake
 DEPEND[""]=OpenSSLConfigVersion.cmake
 
-# This file sets the build directory up for pkg-config
+# These files set the build directory up for pkg-config use.
+# To achieve this, their variables are taken from builddata.pm.
+# These files are not installed; you will find the installable
+# versions in the 'exporters' directory.
 GENERATE[libcrypto.pc]=exporters/pkg-config/libcrypto.pc.in
 DEPEND[libcrypto.pc]=builddata.pm
 GENERATE[libssl.pc]=exporters/pkg-config/libssl.pc.in
@@ -131,6 +132,7 @@
 DEPEND[openssl.pc]=libcrypto.pc libssl.pc
 
 GENERATE[builddata.pm]=util/mkinstallvars.pl \
+    COMMENT="This file should be used when building against this OpenSSL build, and should never be installed" \
     PREFIX=. BINDIR=apps APPLINKDIR=ms \
     LIBDIR= INCLUDEDIR=include "INCLUDEDIR=$(SRCDIR)/include" \
     ENGINESDIR=engines MODULESDIR=providers \
diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv32-zkn.pl openssl-3.5.6/crypto/aes/asm/aes-riscv32-zkn.pl
--- openssl-3.5.5/crypto/aes/asm/aes-riscv32-zkn.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/aes/asm/aes-riscv32-zkn.pl	2026-04-07 12:26:30.000000000 +0000
@@ -2,7 +2,7 @@
 # This file is dual-licensed, meaning that you can use it under your
 # choice of either of the following two licenses:
 #
-# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License"). You can obtain
 # a copy in the file LICENSE in the source distribution or at
@@ -704,11 +704,6 @@
     my ($ke128, $ke192, $ke256) = @_;
     my $ret = '';
 $ret .= <<___;
-    bnez    $UKEY,1f        # if (!userKey || !key) return -1;
-    bnez    $KEYP,1f
-    li      a0,-1
-    ret
-1:
     # Determine number of rounds from key size in bits
     li      $T0,128
     bne     $BITS,$T0,1f
diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv64-zkn.pl openssl-3.5.6/crypto/aes/asm/aes-riscv64-zkn.pl
--- openssl-3.5.5/crypto/aes/asm/aes-riscv64-zkn.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/aes/asm/aes-riscv64-zkn.pl	2026-04-07 12:26:30.000000000 +0000
@@ -2,7 +2,7 @@
 # This file is dual-licensed, meaning that you can use it under your
 # choice of either of the following two licenses:
 #
-# Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License"). You can obtain
 # a copy in the file LICENSE in the source distribution or at
@@ -392,11 +392,6 @@
     my ($ke128, $ke192, $ke256) = @_;
     my $ret = '';
 $ret .= <<___;
-    bnez    $UKEY,1f        # if (!userKey || !key) return -1;
-    bnez    $KEYP,1f
-    li      a0,-1
-    ret
-1:
     # Determine number of rounds from key size in bits
     li      $T0,128
     bne     $BITS,$T0,1f
diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv64-zvkned.pl openssl-3.5.6/crypto/aes/asm/aes-riscv64-zvkned.pl
--- openssl-3.5.5/crypto/aes/asm/aes-riscv64-zvkned.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/aes/asm/aes-riscv64-zvkned.pl	2026-04-07 12:26:30.000000000 +0000
@@ -2,7 +2,7 @@
 # This file is dual-licensed, meaning that you can use it under your
 # choice of either of the following two licenses:
 #
-# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License"). You can obtain
 # a copy in the file LICENSE in the source distribution or at
@@ -828,9 +828,6 @@
 .globl rv64i_zvkned_set_encrypt_key
 .type rv64i_zvkned_set_encrypt_key,\@function
 rv64i_zvkned_set_encrypt_key:
-    beqz $UKEY, L_fail_m1
-    beqz $KEYP, L_fail_m1
-
     # Get proper routine for key size
     li $T0, 256
     beq $BITS, $T0, L_set_key_256
@@ -847,9 +844,6 @@
 .globl rv64i_zvkned_set_decrypt_key
 .type rv64i_zvkned_set_decrypt_key,\@function
 rv64i_zvkned_set_decrypt_key:
-    beqz $UKEY, L_fail_m1
-    beqz $KEYP, L_fail_m1
-
     # Get proper routine for key size
     li $T0, 256
     beq $BITS, $T0, L_set_key_256
@@ -1356,11 +1350,6 @@
 }
 
 $code .= <<___;
-L_fail_m1:
-    li a0, -1
-    ret
-.size L_fail_m1,.-L_fail_m1
-
 L_fail_m2:
     li a0, -2
     ret
diff -Nru openssl-3.5.5/crypto/aes/asm/aes-riscv64.pl openssl-3.5.6/crypto/aes/asm/aes-riscv64.pl
--- openssl-3.5.5/crypto/aes/asm/aes-riscv64.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/aes/asm/aes-riscv64.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -773,11 +773,13 @@
 ___
 $code .= save_regs();
 $code .= <<___;
-    bnez    $UKEY,1f    # if (!userKey || !key) return -1;
-    bnez    $KEYP,1f
+    beqz    $UKEY,1f    # if (!userKey || !key) return -1;
+    beqz    $KEYP,1f
+    j       2f
+1:
     li      a0,-1
     ret
-1:
+2:
     la      $RCON,AES_rcon
     la      $TBL,AES_Te0
     li      $T8,128
diff -Nru openssl-3.5.5/crypto/asn1/evp_asn1.c openssl-3.5.6/crypto/asn1/evp_asn1.c
--- openssl-3.5.5/crypto/asn1/evp_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/asn1/evp_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -95,7 +95,7 @@
     ASN1_SIMPLE(asn1_int_oct, oct, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(asn1_int_oct)
 
-    DECLARE_ASN1_ITEM(asn1_int_oct)
+DECLARE_ASN1_ITEM(asn1_int_oct)
 
 int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data,
     int len)
@@ -158,7 +158,7 @@
     ASN1_EMBED(asn1_oct_int, num, INT32)
 } static_ASN1_SEQUENCE_END(asn1_oct_int)
 
-    DECLARE_ASN1_ITEM(asn1_oct_int)
+DECLARE_ASN1_ITEM(asn1_oct_int)
 
 int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num,
     unsigned char *data, int len)
diff -Nru openssl-3.5.5/crypto/asn1/n_pkey.c openssl-3.5.6/crypto/asn1/n_pkey.c
--- openssl-3.5.5/crypto/asn1/n_pkey.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/asn1/n_pkey.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -52,6 +52,6 @@
     ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY)
 
-    DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
+DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY)
 IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY)
diff -Nru openssl-3.5.5/crypto/asn1/p5_scrypt.c openssl-3.5.6/crypto/asn1/p5_scrypt.c
--- openssl-3.5.5/crypto/asn1/p5_scrypt.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/asn1/p5_scrypt.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,7 +44,7 @@
     uint64_t p)
 {
     X509_ALGOR *scheme = NULL, *ret = NULL;
-    int alg_nid;
+    int alg_nid, ivlen;
     size_t keylen = 0;
     EVP_CIPHER_CTX *ctx = NULL;
     unsigned char iv[EVP_MAX_IV_LENGTH];
@@ -83,10 +83,11 @@
     }
 
     /* Create random IV */
-    if (EVP_CIPHER_get_iv_length(cipher)) {
+    ivlen = EVP_CIPHER_get_iv_length(cipher);
+    if (ivlen > 0) {
         if (aiv)
-            memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher));
-        else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0)
+            memcpy(iv, aiv, ivlen);
+        else if (RAND_bytes(iv, ivlen) <= 0)
             goto err;
     }
 
diff -Nru openssl-3.5.5/crypto/bf/bf_cfb64.c openssl-3.5.6/crypto/bf/bf_cfb64.c
--- openssl-3.5.5/crypto/bf/bf_cfb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bf/bf_cfb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
     unsigned char *ivec, int *num, int encrypt)
 {
     register BF_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     BF_LONG ti[2];
     unsigned char *iv, c, cc;
diff -Nru openssl-3.5.5/crypto/bf/bf_ofb64.c openssl-3.5.6/crypto/bf/bf_ofb64.c
--- openssl-3.5.5/crypto/bf/bf_ofb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bf/bf_ofb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@
     unsigned char *ivec, int *num)
 {
     register BF_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff -Nru openssl-3.5.5/crypto/bio/bss_dgram.c openssl-3.5.6/crypto/bio/bss_dgram.c
--- openssl-3.5.5/crypto/bio/bss_dgram.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bio/bss_dgram.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -961,7 +961,7 @@
                 ERR_raise_data(ERR_LIB_SYS, get_last_socket_error(),
                     "calling setsockopt()");
 
-#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER)
+#elif defined(OPENSSL_SYS_LINUX) && defined(IPV6_MTU_DISCOVER) && defined(IPV6_PMTUDISC_PROBE)
             sockopt_val = num ? IPV6_PMTUDISC_PROBE : IPV6_PMTUDISC_DONT;
             if ((ret = setsockopt(b->num, IPPROTO_IPV6, IPV6_MTU_DISCOVER,
                      &sockopt_val, sizeof(sockopt_val)))
diff -Nru openssl-3.5.5/crypto/bio/bss_file.c openssl-3.5.6/crypto/bio/bss_file.c
--- openssl-3.5.5/crypto/bio/bss_file.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bio/bss_file.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -202,8 +202,19 @@
     case BIO_CTRL_INFO:
         if (b->flags & BIO_FLAGS_UPLINK_INTERNAL)
             ret = UP_ftell(b->ptr);
-        else
+        else {
+#if defined(OPENSSL_SYS_WINDOWS)
+            /*
+             * On Windows, for non-seekable files (stdin), ftell() is undefined.
+             */
+            if (GetFileType((HANDLE)_get_osfhandle(_fileno(fp))) != FILE_TYPE_DISK)
+                ret = -1;
+            else
+                ret = ftell(fp);
+#else
             ret = ftell(fp);
+#endif
+        }
         break;
     case BIO_C_SET_FILE_PTR:
         file_free(b);
diff -Nru openssl-3.5.5/crypto/bn/asm/armv4-gf2m.pl openssl-3.5.6/crypto/bn/asm/armv4-gf2m.pl
--- openssl-3.5.5/crypto/bn/asm/armv4-gf2m.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/asm/armv4-gf2m.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -37,7 +37,7 @@
 # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
 # Polynomial Multiplication on ARM Processors using the NEON Engine.
 #
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
 
 # $output is the last argument if it looks like a file (it has an extension)
 # $flavour is the first argument if it doesn't look like a file
diff -Nru openssl-3.5.5/crypto/bn/asm/rsaz-2k-avxifma.pl openssl-3.5.6/crypto/bn/asm/rsaz-2k-avxifma.pl
--- openssl-3.5.5/crypto/bn/asm/rsaz-2k-avxifma.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/asm/rsaz-2k-avxifma.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,4 @@
-# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2024, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -362,6 +362,23 @@
 .cfi_push   %r14
     push    %r15
 .cfi_push   %r15
+___
+$code.=<<___ if ($win64);
+    push      %rsi                          # save non-volatile registers
+    push      %rdi
+    lea       -168(%rsp), %rsp              # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+    vmovapd   %xmm6, `16*0`(%rsp)
+    vmovapd   %xmm7, `16*1`(%rsp)
+    vmovapd   %xmm8, `16*2`(%rsp)
+    vmovapd   %xmm9, `16*3`(%rsp)
+    vmovapd   %xmm10, `16*4`(%rsp)
+    vmovapd   %xmm11, `16*5`(%rsp)
+    vmovapd   %xmm12, `16*6`(%rsp)
+    vmovapd   %xmm13, `16*7`(%rsp)
+    vmovapd   %xmm14, `16*8`(%rsp)
+    vmovapd   %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
 .Lossl_rsaz_amm52x20_x1_avxifma256_body:
 
     # Zeroing accumulators
@@ -401,6 +418,23 @@
     vmovdqu   $R2_0,  `4*32`($res)
 
     vzeroupper
+___
+$code.=<<___ if ($win64);
+    vmovapd `16*0`(%rsp), %xmm6
+    vmovapd `16*1`(%rsp), %xmm7
+    vmovapd `16*2`(%rsp), %xmm8
+    vmovapd `16*3`(%rsp), %xmm9
+    vmovapd `16*4`(%rsp), %xmm10
+    vmovapd `16*5`(%rsp), %xmm11
+    vmovapd `16*6`(%rsp), %xmm12
+    vmovapd `16*7`(%rsp), %xmm13
+    vmovapd `16*8`(%rsp), %xmm14
+    vmovapd `16*9`(%rsp), %xmm15
+    lea     168(%rsp), %rsp
+    pop     %rdi
+    pop     %rsi
+___
+$code.=<<___;
     mov  0(%rsp),%r15
 .cfi_restore    %r15
     mov  8(%rsp),%r14
@@ -553,6 +587,23 @@
 .cfi_push   %r14
     push    %r15
 .cfi_push   %r15
+___
+$code.=<<___ if ($win64);
+    push    %rsi                            # save non-volatile registers
+    push    %rdi
+    lea     -168(%rsp), %rsp                # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+    vmovapd %xmm6, `16*0`(%rsp)
+    vmovapd %xmm7, `16*1`(%rsp)
+    vmovapd %xmm8, `16*2`(%rsp)
+    vmovapd %xmm9, `16*3`(%rsp)
+    vmovapd %xmm10, `16*4`(%rsp)
+    vmovapd %xmm11, `16*5`(%rsp)
+    vmovapd %xmm12, `16*6`(%rsp)
+    vmovapd %xmm13, `16*7`(%rsp)
+    vmovapd %xmm14, `16*8`(%rsp)
+    vmovapd %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
 .Lossl_rsaz_amm52x20_x2_avxifma256_body:
 
     # Zeroing accumulators
@@ -604,6 +655,23 @@
     vmovdqu   $R2_1,  `9*32`($res)
 
     vzeroupper
+___
+$code.=<<___ if ($win64);
+    vmovapd `16*0`(%rsp), %xmm6
+    vmovapd `16*1`(%rsp), %xmm7
+    vmovapd `16*2`(%rsp), %xmm8
+    vmovapd `16*3`(%rsp), %xmm9
+    vmovapd `16*4`(%rsp), %xmm10
+    vmovapd `16*5`(%rsp), %xmm11
+    vmovapd `16*6`(%rsp), %xmm12
+    vmovapd `16*7`(%rsp), %xmm13
+    vmovapd `16*8`(%rsp), %xmm14
+    vmovapd `16*9`(%rsp), %xmm15
+    lea     168(%rsp), %rsp
+    pop     %rdi
+    pop     %rsi
+___
+$code.=<<___;
     mov  0(%rsp),%r15
 .cfi_restore    %r15
     mov  8(%rsp),%r14
@@ -663,6 +731,23 @@
 ossl_extract_multiplier_2x20_win5_avx:
 .cfi_startproc
     endbranch
+___
+$code.=<<___ if ($win64);
+    push      %rsi                          # save non-volatile registers
+    push      %rdi
+    lea       -168(%rsp), %rsp              # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+    vmovapd   %xmm6, `16*0`(%rsp)
+    vmovapd   %xmm7, `16*1`(%rsp)
+    vmovapd   %xmm8, `16*2`(%rsp)
+    vmovapd   %xmm9, `16*3`(%rsp)
+    vmovapd   %xmm10, `16*4`(%rsp)
+    vmovapd   %xmm11, `16*5`(%rsp)
+    vmovapd   %xmm12, `16*6`(%rsp)
+    vmovapd   %xmm13, `16*7`(%rsp)
+    vmovapd   %xmm14, `16*8`(%rsp)
+    vmovapd   %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
     vmovapd   .Lones(%rip), $ones         # broadcast ones
     vmovq $red_tbl_idx1, $tmp_xmm
     vpbroadcastq    $tmp_xmm, $idx1
@@ -709,6 +794,24 @@
     $code.="vmovdqu   $t[$_], `${_}*32`($out) \n";
 }
 $code.=<<___;
+    vzeroupper
+___
+$code.=<<___ if ($win64);
+    vmovapd `16*0`(%rsp), %xmm6
+    vmovapd `16*1`(%rsp), %xmm7
+    vmovapd `16*2`(%rsp), %xmm8
+    vmovapd `16*3`(%rsp), %xmm9
+    vmovapd `16*4`(%rsp), %xmm10
+    vmovapd `16*5`(%rsp), %xmm11
+    vmovapd `16*6`(%rsp), %xmm12
+    vmovapd `16*7`(%rsp), %xmm13
+    vmovapd `16*8`(%rsp), %xmm14
+    vmovapd `16*9`(%rsp), %xmm15
+    lea     168(%rsp), %rsp
+    pop     %rdi
+    pop     %rsi
+___
+$code.=<<___;
     ret
 .cfi_endproc
 .size   ossl_extract_multiplier_2x20_win5_avx, .-ossl_extract_multiplier_2x20_win5_avx
diff -Nru openssl-3.5.5/crypto/bn/asm/rsaz-3k-avxifma.pl openssl-3.5.6/crypto/bn/asm/rsaz-3k-avxifma.pl
--- openssl-3.5.5/crypto/bn/asm/rsaz-3k-avxifma.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/asm/rsaz-3k-avxifma.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,4 @@
-# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2024, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -87,8 +87,6 @@
 my $mask52     = "%rax";
 my $acc0_0     = "%r9";
 my $acc0_0_low = "%r9d";
-my $acc0_1     = "%r15";
-my $acc0_1_low = "%r15d";
 my $b_ptr      = "%r11";
 
 my $iter = "%ebx";
@@ -741,7 +739,7 @@
     vmovdqu   $R3_0,  `6*32`($res)
     vmovdqu   $R3_0h, `7*32`($res)
 
-    xorl    $acc0_1_low, $acc0_1_low
+    xorl    $acc0_0_low, $acc0_0_low
 
     lea    16($b_ptr), $b_ptr
     movq    \$0xfffffffffffff, $mask52       # 52-bit mask
@@ -857,6 +855,23 @@
 ossl_extract_multiplier_2x30_win5_avx:
 .cfi_startproc
     endbranch
+___
+$code.=<<___ if ($win64);
+    push      %rsi                          # save non-volatile registers
+    push      %rdi
+    lea       -168(%rsp), %rsp              # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+    vmovapd   %xmm6, `16*0`(%rsp)
+    vmovapd   %xmm7, `16*1`(%rsp)
+    vmovapd   %xmm8, `16*2`(%rsp)
+    vmovapd   %xmm9, `16*3`(%rsp)
+    vmovapd   %xmm10, `16*4`(%rsp)
+    vmovapd   %xmm11, `16*5`(%rsp)
+    vmovapd   %xmm12, `16*6`(%rsp)
+    vmovapd   %xmm13, `16*7`(%rsp)
+    vmovapd   %xmm14, `16*8`(%rsp)
+    vmovapd   %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
     vmovapd   .Lones(%rip), $ones         # broadcast ones
     vmovq    $red_tbl_idx1, $tmp_xmm
     vpbroadcastq    $tmp_xmm, $idx1
@@ -930,6 +945,24 @@
     $code.="vmovdqu   $t[$_], `${_}*32`($out) \n";
 }
 
+$code.=<<___;
+    vzeroupper
+___
+$code.=<<___ if ($win64);
+    vmovapd `16*0`(%rsp), %xmm6
+    vmovapd `16*1`(%rsp), %xmm7
+    vmovapd `16*2`(%rsp), %xmm8
+    vmovapd `16*3`(%rsp), %xmm9
+    vmovapd `16*4`(%rsp), %xmm10
+    vmovapd `16*5`(%rsp), %xmm11
+    vmovapd `16*6`(%rsp), %xmm12
+    vmovapd `16*7`(%rsp), %xmm13
+    vmovapd `16*8`(%rsp), %xmm14
+    vmovapd `16*9`(%rsp), %xmm15
+    lea     168(%rsp), %rsp
+    pop     %rdi
+    pop     %rsi
+___
 
 $code.=<<___;
 
diff -Nru openssl-3.5.5/crypto/bn/asm/rsaz-4k-avxifma.pl openssl-3.5.6/crypto/bn/asm/rsaz-4k-avxifma.pl
--- openssl-3.5.5/crypto/bn/asm/rsaz-4k-avxifma.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/asm/rsaz-4k-avxifma.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,4 @@
-# Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2024, Intel Corporation. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -84,8 +84,6 @@
 my $mask52     = "%rax";
 my $acc0_0     = "%r9";
 my $acc0_0_low = "%r9d";
-my $acc0_1     = "%r15";
-my $acc0_1_low = "%r15d";
 my $b_ptr      = "%r11";
 
 my $iter = "%ebx";
@@ -834,7 +832,7 @@
     vmovdqu   $R4_0,  `8*32`($res)
     vmovdqu   $R4_0h, `9*32`($res)
 
-    xorl    $acc0_1_low, $acc0_1_low
+    xorl    $acc0_0_low, $acc0_0_low
 
     movq    \$0xfffffffffffff, $mask52
 
@@ -975,6 +973,23 @@
 ossl_extract_multiplier_2x40_win5_avx:
 .cfi_startproc
     endbranch
+___
+$code.=<<___ if ($win64);
+    push      %rsi                          # save non-volatile registers
+    push      %rdi
+    lea       -168(%rsp), %rsp              # 16*10 + (8 bytes to get correct 16-byte SIMD alignment)
+    vmovapd   %xmm6, `16*0`(%rsp)
+    vmovapd   %xmm7, `16*1`(%rsp)
+    vmovapd   %xmm8, `16*2`(%rsp)
+    vmovapd   %xmm9, `16*3`(%rsp)
+    vmovapd   %xmm10, `16*4`(%rsp)
+    vmovapd   %xmm11, `16*5`(%rsp)
+    vmovapd   %xmm12, `16*6`(%rsp)
+    vmovapd   %xmm13, `16*7`(%rsp)
+    vmovapd   %xmm14, `16*8`(%rsp)
+    vmovapd   %xmm15, `16*9`(%rsp)
+___
+$code.=<<___;
     vmovapd   .Lones(%rip), $ones         # broadcast ones
     vmovq $red_tbl_idx1, $tmp_xmm
     vpbroadcastq    $tmp_xmm, $idx1
@@ -1002,6 +1017,24 @@
     $code.="vmovdqu   $t[$_], `(10+$_)*32`($out) \n";
 }
 $code.=<<___;
+    vzeroupper
+___
+$code.=<<___ if ($win64);
+    vmovapd `16*0`(%rsp), %xmm6
+    vmovapd `16*1`(%rsp), %xmm7
+    vmovapd `16*2`(%rsp), %xmm8
+    vmovapd `16*3`(%rsp), %xmm9
+    vmovapd `16*4`(%rsp), %xmm10
+    vmovapd `16*5`(%rsp), %xmm11
+    vmovapd `16*6`(%rsp), %xmm12
+    vmovapd `16*7`(%rsp), %xmm13
+    vmovapd `16*8`(%rsp), %xmm14
+    vmovapd `16*9`(%rsp), %xmm15
+    lea     168(%rsp), %rsp
+    pop     %rdi
+    pop     %rsi
+___
+$code.=<<___;
 
     ret
 .cfi_endproc
diff -Nru openssl-3.5.5/crypto/bn/asm/sparcv9-mont.pl openssl-3.5.6/crypto/bn/asm/sparcv9-mont.pl
--- openssl-3.5.5/crypto/bn/asm/sparcv9-mont.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/asm/sparcv9-mont.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -394,11 +394,11 @@
 
 	mulx	$car1,$mul1,$car1
 	mulx	$npj,$mul1,$acc1
+	add	$tmp1,$car0,$car0
 	add	$tmp0,$car1,$car1
 	and	$car0,$mask,$acc0
 	ld	[$np+8],$npj			! np[2]
 	srlx	$car1,32,$car1
-	add	$tmp1,$car1,$car1
 	srlx	$car0,32,$car0
 	add	$acc0,$car1,$car1
 	and	$car0,1,$sbit
diff -Nru openssl-3.5.5/crypto/bn/bn_dh.c openssl-3.5.6/crypto/bn/bn_dh.c
--- openssl-3.5.5/crypto/bn/bn_dh.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_dh.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2014-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2014-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -14,7 +14,7 @@
 #include "crypto/bn_dh.h"
 
 #if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
 #else
 #define BN_DEF(lo, hi) lo, hi
 #endif
@@ -1387,37 +1387,37 @@
 };
 
 make_dh_bn(dh1024_160_p)
-    make_dh_bn(dh1024_160_q)
-        make_dh_bn(dh1024_160_g)
-            make_dh_bn(dh2048_224_p)
-                make_dh_bn(dh2048_224_q)
-                    make_dh_bn(dh2048_224_g)
-                        make_dh_bn(dh2048_256_p)
-                            make_dh_bn(dh2048_256_q)
-                                make_dh_bn(dh2048_256_g)
-
-                                    make_dh_bn(ffdhe2048_p)
-                                        make_dh_bn(ffdhe2048_q)
-                                            make_dh_bn(ffdhe3072_p)
-                                                make_dh_bn(ffdhe3072_q)
-                                                    make_dh_bn(ffdhe4096_p)
-                                                        make_dh_bn(ffdhe4096_q)
-                                                            make_dh_bn(ffdhe6144_p)
-                                                                make_dh_bn(ffdhe6144_q)
-                                                                    make_dh_bn(ffdhe8192_p)
-                                                                        make_dh_bn(ffdhe8192_q)
+make_dh_bn(dh1024_160_q)
+make_dh_bn(dh1024_160_g)
+make_dh_bn(dh2048_224_p)
+make_dh_bn(dh2048_224_q)
+make_dh_bn(dh2048_224_g)
+make_dh_bn(dh2048_256_p)
+make_dh_bn(dh2048_256_q)
+make_dh_bn(dh2048_256_g)
+
+make_dh_bn(ffdhe2048_p)
+make_dh_bn(ffdhe2048_q)
+make_dh_bn(ffdhe3072_p)
+make_dh_bn(ffdhe3072_q)
+make_dh_bn(ffdhe4096_p)
+make_dh_bn(ffdhe4096_q)
+make_dh_bn(ffdhe6144_p)
+make_dh_bn(ffdhe6144_q)
+make_dh_bn(ffdhe8192_p)
+make_dh_bn(ffdhe8192_q)
 
 #ifndef FIPS_MODULE
-                                                                            make_dh_bn(modp_1536_p)
-                                                                                make_dh_bn(modp_1536_q)
+make_dh_bn(modp_1536_p)
+make_dh_bn(modp_1536_q)
 #endif
-                                                                                    make_dh_bn(modp_2048_p)
-                                                                                        make_dh_bn(modp_2048_q)
-                                                                                            make_dh_bn(modp_3072_p)
-                                                                                                make_dh_bn(modp_3072_q)
-                                                                                                    make_dh_bn(modp_4096_p)
-                                                                                                        make_dh_bn(modp_4096_q)
-                                                                                                            make_dh_bn(modp_6144_p)
-                                                                                                                make_dh_bn(modp_6144_q)
-                                                                                                                    make_dh_bn(modp_8192_p)
-                                                                                                                        make_dh_bn(modp_8192_q)
+make_dh_bn(modp_2048_p)
+make_dh_bn(modp_2048_q)
+make_dh_bn(modp_3072_p)
+make_dh_bn(modp_3072_q)
+make_dh_bn(modp_4096_p)
+make_dh_bn(modp_4096_q)
+make_dh_bn(modp_6144_p)
+make_dh_bn(modp_6144_q)
+make_dh_bn(modp_8192_p)
+make_dh_bn(modp_8192_q)
diff -Nru openssl-3.5.5/crypto/bn/bn_exp.c openssl-3.5.6/crypto/bn/bn_exp.c
--- openssl-3.5.5/crypto/bn/bn_exp.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_exp.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -771,16 +771,16 @@
         typedef int (*bn_pwr5_mont_f)(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_8(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_8(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_16(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_16(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_24(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_24(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
-        int bn_pwr5_mont_t4_32(BN_ULONG * tp, const BN_ULONG *np,
+        int bn_pwr5_mont_t4_32(BN_ULONG *tp, const BN_ULONG *np,
             const BN_ULONG *n0, const void *table,
             int power, int bits);
         static const bn_pwr5_mont_f pwr5_funcs[4] = {
@@ -792,15 +792,15 @@
         typedef int (*bn_mul_mont_f)(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
-        int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap, const void *bp,
+        int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap, const void *bp,
             const BN_ULONG *np, const BN_ULONG *n0);
-        int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+        int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
-        int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+        int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
-        int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+        int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0);
         static const bn_mul_mont_f mul_funcs[4] = {
@@ -809,20 +809,20 @@
         };
         bn_mul_mont_f mul_worker = mul_funcs[top / 16 - 1];
 
-        void bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0, int num);
-        void bn_mul_mont_t4(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_t4(BN_ULONG *rp, const BN_ULONG *ap,
             const void *bp, const BN_ULONG *np,
             const BN_ULONG *n0, int num);
-        void bn_mul_mont_gather5_t4(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_gather5_t4(BN_ULONG *rp, const BN_ULONG *ap,
             const void *table, const BN_ULONG *np,
             const BN_ULONG *n0, int num, int power);
         void bn_flip_n_scatter5_t4(const BN_ULONG *inp, size_t num,
             void *table, size_t power);
-        void bn_gather5_t4(BN_ULONG * out, size_t num,
+        void bn_gather5_t4(BN_ULONG *out, size_t num,
             void *table, size_t power);
-        void bn_flip_t4(BN_ULONG * dst, BN_ULONG * src, size_t num);
+        void bn_flip_t4(BN_ULONG *dst, BN_ULONG *src, size_t num);
 
         BN_ULONG *np = mont->N.d, *n0 = mont->n0;
         int stride = 5 * (6 - (top / 16 - 1)); /* multiple of 5, but less
@@ -922,13 +922,13 @@
          * Given those inputs, |bn_mul_mont| may not give reduced
          * output, but it will still produce "almost" reduced output.
          */
-        void bn_mul_mont_gather5(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_mul_mont_gather5(BN_ULONG *rp, const BN_ULONG *ap,
             const void *table, const BN_ULONG *np,
             const BN_ULONG *n0, int num, int power);
         void bn_scatter5(const BN_ULONG *inp, size_t num,
             void *table, size_t power);
-        void bn_gather5(BN_ULONG * out, size_t num, void *table, size_t power);
-        void bn_power5(BN_ULONG * rp, const BN_ULONG *ap,
+        void bn_gather5(BN_ULONG *out, size_t num, void *table, size_t power);
+        void bn_power5(BN_ULONG *rp, const BN_ULONG *ap,
             const void *table, const BN_ULONG *np,
             const BN_ULONG *n0, int num, int power);
         int bn_get_bits5(const BN_ULONG *ap, int off);
diff -Nru openssl-3.5.5/crypto/bn/bn_local.h openssl-3.5.6/crypto/bn/bn_local.h
--- openssl-3.5.5/crypto/bn/bn_local.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_local.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -387,7 +387,7 @@
 #elif defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT))
 #if defined(__DECC)
 #include <c_asm.h>
-#define BN_UMULT_HIGH(a, b) (BN_ULONG) asm("umulh %a0,%a1,%v0", (a), (b))
+#define BN_UMULT_HIGH(a, b) (BN_ULONG)asm("umulh %a0,%a1,%v0", (a), (b))
 #elif defined(__GNUC__) && __GNUC__ >= 2
 #define BN_UMULT_HIGH(a, b) ({     \
         register BN_ULONG ret;          \
diff -Nru openssl-3.5.5/crypto/bn/bn_mont.c openssl-3.5.6/crypto/bn/bn_mont.c
--- openssl-3.5.5/crypto/bn/bn_mont.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_mont.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8,10 +8,9 @@
  */
 
 /*
- * Details about Montgomery multiplication algorithms can be found at
- * http://security.ece.orst.edu/publications.html, e.g.
- * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and
- * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf
+ * Details about Montgomery multiplication algorithms can be found in
+ * https://www.microsoft.com/en-us/research/wp-content/uploads/1996/01/j37acmon.pdf
+ * and https://cetinkayakoc.net/docs/r01.pdf
  */
 
 #include "internal/cryptlib.h"
diff -Nru openssl-3.5.5/crypto/bn/bn_ppc.c openssl-3.5.6/crypto/bn/bn_ppc.c
--- openssl-3.5.5/crypto/bn/bn_ppc.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_ppc.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2009-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2009-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,14 +15,14 @@
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
-    int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul4x_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul4x_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
+    int bn_mul_mont_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
         const BN_ULONG *bp, const BN_ULONG *np,
         const BN_ULONG *n0, int num);
-    int bn_mul_mont_300_fixed_n6(BN_ULONG * rp, const BN_ULONG *ap,
+    int bn_mul_mont_300_fixed_n6(BN_ULONG *rp, const BN_ULONG *ap,
         const BN_ULONG *bp, const BN_ULONG *np,
         const BN_ULONG *n0, int num);
 
diff -Nru openssl-3.5.5/crypto/bn/bn_prime.c openssl-3.5.6/crypto/bn/bn_prime.c
--- openssl-3.5.5/crypto/bn/bn_prime.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_prime.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -30,7 +30,7 @@
 #define square(x) ((BN_ULONG)(x) * (BN_ULONG)(x))
 
 #if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
 #else
 #define BN_DEF(lo, hi) lo, hi
 #endif
diff -Nru openssl-3.5.5/crypto/bn/bn_rsa_fips186_4.c openssl-3.5.6/crypto/bn/bn_rsa_fips186_4.c
--- openssl-3.5.5/crypto/bn/bn_rsa_fips186_4.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_rsa_fips186_4.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2018-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2018-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2018-2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -29,7 +29,7 @@
 #include "internal/nelem.h"
 
 #if BN_BITS2 == 64
-#define BN_DEF(lo, hi) (BN_ULONG) hi << 32 | lo
+#define BN_DEF(lo, hi) (BN_ULONG)hi << 32 | lo
 #else
 #define BN_DEF(lo, hi) lo, hi
 #endif
diff -Nru openssl-3.5.5/crypto/bn/bn_sparc.c openssl-3.5.6/crypto/bn/bn_sparc.c
--- openssl-3.5.5/crypto/bn/bn_sparc.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bn/bn_sparc.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -16,11 +16,11 @@
 int bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
     const BN_ULONG *np, const BN_ULONG *n0, int num)
 {
-    int bn_mul_mont_vis3(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_vis3(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_fpu(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_fpu(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
-    int bn_mul_mont_int(BN_ULONG * rp, const BN_ULONG *ap, const BN_ULONG *bp,
+    int bn_mul_mont_int(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
         const BN_ULONG *np, const BN_ULONG *n0, int num);
 
     if (!(num & 1) && num >= 6) {
@@ -29,16 +29,16 @@
                 const BN_ULONG *bp,
                 const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_8(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_8(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_16(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_16(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_24(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_24(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
-            int bn_mul_mont_t4_32(BN_ULONG * rp, const BN_ULONG *ap,
+            int bn_mul_mont_t4_32(BN_ULONG *rp, const BN_ULONG *ap,
                 const BN_ULONG *bp, const BN_ULONG *np,
                 const BN_ULONG *n0);
             static const bn_mul_mont_f funcs[4] = {
diff -Nru openssl-3.5.5/crypto/bsearch.c openssl-3.5.6/crypto/bsearch.c
--- openssl-3.5.5/crypto/bsearch.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/bsearch.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,7 +23,7 @@
     l = 0;
     h = num;
     while (l < h) {
-        i = (l + h) / 2;
+        i = l + (h - l) / 2;
         p = &(base_[i * size]);
         c = (*cmp)(key, p);
         if (c < 0)
diff -Nru openssl-3.5.5/crypto/cast/c_cfb64.c openssl-3.5.6/crypto/cast/c_cfb64.c
--- openssl-3.5.5/crypto/cast/c_cfb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cast/c_cfb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
     unsigned char *ivec, int *num, int enc)
 {
     register CAST_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     CAST_LONG ti[2];
     unsigned char *iv, c, cc;
diff -Nru openssl-3.5.5/crypto/cast/c_ofb64.c openssl-3.5.6/crypto/cast/c_ofb64.c
--- openssl-3.5.5/crypto/cast/c_ofb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cast/c_ofb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@
     unsigned char *ivec, int *num)
 {
     register CAST_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff -Nru openssl-3.5.5/crypto/cmp/cmp_client.c openssl-3.5.6/crypto/cmp/cmp_client.c
--- openssl-3.5.5/crypto/cmp/cmp_client.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cmp/cmp_client.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -149,6 +149,7 @@
     int time_left;
     OSSL_CMP_transfer_cb_t transfer_cb = ctx->transfer_cb;
 
+    ctx->status = OSSL_CMP_PKISTATUS_trans;
 #ifndef OPENSSL_NO_HTTP
     if (transfer_cb == NULL)
         transfer_cb = OSSL_CMP_MSG_http_perform;
@@ -175,7 +176,7 @@
     /* should print error queue since transfer_cb may call ERR_clear_error() */
     OSSL_CMP_CTX_print_errors(ctx);
 
-    if (ctx->server != NULL)
+    if (ctx->server != NULL || ctx->transfer_cb != NULL)
         ossl_cmp_log1(INFO, ctx, "sending %s", req_type_str);
 
     *rep = (*transfer_cb)(ctx, req);
@@ -189,6 +190,7 @@
         return 0;
     }
 
+    ctx->status = OSSL_CMP_PKISTATUS_checking_response;
     bt = OSSL_CMP_MSG_get_bodytype(*rep);
     /*
      * The body type in the 'bt' variable is not yet verified.
@@ -284,11 +286,15 @@
         "received 'waiting' PKIStatus, starting to poll for response");
     *rep = NULL;
     for (;;) {
+        int bak = ctx->status;
+
+        ctx->status = OSSL_CMP_PKISTATUS_request;
         if ((preq = ossl_cmp_pollReq_new(ctx, rid)) == NULL)
             goto err;
 
         if (!send_receive_check(ctx, preq, &prep, OSSL_CMP_PKIBODY_POLLREP))
             goto err;
+        ctx->status = bak;
 
         /* handle potential pollRep */
         if (OSSL_CMP_MSG_get_bodytype(prep) == OSSL_CMP_PKIBODY_POLLREP) {
@@ -344,6 +350,7 @@
                 int64_t time_left = (int64_t)(ctx->end_time - exp - time(NULL));
 
                 if (time_left <= 0) {
+                    ctx->status = OSSL_CMP_PKISTATUS_trans;
                     ERR_raise(ERR_LIB_CMP, CMP_R_TOTAL_TIMEOUT);
                     goto err;
                 }
@@ -455,7 +462,9 @@
     OSSL_CMP_MSG *certConf;
     OSSL_CMP_MSG *PKIconf = NULL;
     int res = 0;
+    int bak = ctx->status;
 
+    ctx->status = OSSL_CMP_PKISTATUS_request;
     /* OSSL_CMP_certConf_new() also checks if all necessary options are set */
     certConf = ossl_cmp_certConf_new(ctx, certReqId, fail_info, txt);
     if (certConf == NULL)
@@ -464,6 +473,9 @@
     res = send_receive_also_delayed(ctx, certConf, &PKIconf,
         OSSL_CMP_PKIBODY_PKICONF);
 
+    if (res)
+        ctx->status = bak;
+
 err:
     OSSL_CMP_MSG_free(certConf);
     OSSL_CMP_MSG_free(PKIconf);
@@ -479,6 +491,7 @@
     OSSL_CMP_MSG *PKIconf = NULL;
     int res = 0;
 
+    ctx->status = OSSL_CMP_PKISTATUS_request;
     /* not overwriting ctx->status on error exchange */
     if ((si = OSSL_CMP_STATUSINFO_new(status, fail_info, txt)) == NULL)
         goto err;
@@ -488,6 +501,7 @@
 
     res = send_receive_also_delayed(ctx, error,
         &PKIconf, OSSL_CMP_PKIBODY_PKICONF);
+    ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
 
 err:
     OSSL_CMP_MSG_free(error);
@@ -790,7 +804,7 @@
         ERR_raise_data(ERR_LIB_CMP, CMP_R_CERTIFICATE_NOT_ACCEPTED,
             "rejecting newly enrolled cert with subject: %s; %s",
             subj, txt);
-        ctx->status = OSSL_CMP_PKISTATUS_rejection;
+        ctx->status = OSSL_CMP_PKISTATUS_rejected_by_client;
         ret = 0;
     }
     OPENSSL_free(subj);
@@ -812,7 +826,6 @@
     if ((req = ossl_cmp_certreq_new(ctx, req_type, crm)) == NULL)
         return 0;
 
-    ctx->status = OSSL_CMP_PKISTATUS_trans;
     res = send_receive_check(ctx, req, p_rep, rep_type);
     OSSL_CMP_MSG_free(req);
     return res;
@@ -918,7 +931,6 @@
     if ((rr = ossl_cmp_rr_new(ctx)) == NULL)
         goto end;
 
-    ctx->status = OSSL_CMP_PKISTATUS_trans;
     if (!send_receive_also_delayed(ctx, rr, &rp, OSSL_CMP_PKIBODY_RP))
         goto end;
 
@@ -1038,7 +1050,6 @@
     if ((genm = ossl_cmp_genm_new(ctx)) == NULL)
         goto err;
 
-    ctx->status = OSSL_CMP_PKISTATUS_trans;
     if (!send_receive_also_delayed(ctx, genm, &genp, OSSL_CMP_PKIBODY_GENP))
         goto err;
     ctx->status = OSSL_CMP_PKISTATUS_accepted;
diff -Nru openssl-3.5.5/crypto/cmp/cmp_ctx.c openssl-3.5.6/crypto/cmp/cmp_ctx.c
--- openssl-3.5.5/crypto/cmp/cmp_ctx.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cmp/cmp_ctx.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -742,7 +742,7 @@
      */
     DEFINE_OSSL_set0(ossl_cmp_ctx, newCert, X509)
 
-    /* Get successfully validated server cert, if any, of current transaction */
+    /* Get successfully validated sender cert, if any, of current transaction */
     DEFINE_OSSL_CMP_CTX_get0(validatedSrvCert, X509)
 
     /*
diff -Nru openssl-3.5.5/crypto/cmp/cmp_local.h openssl-3.5.6/crypto/cmp/cmp_local.h
--- openssl-3.5.5/crypto/cmp/cmp_local.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cmp/cmp_local.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -66,7 +66,7 @@
     int unprotectedErrors;
     int noCacheExtraCerts;
     X509 *srvCert; /* certificate used to identify the server */
-    X509 *validatedSrvCert; /* caches any already validated server cert */
+    X509 *validatedSrvCert; /* caches any already validated sender cert */
     X509_NAME *expected_sender; /* expected sender in header of response */
     X509_STORE *trusted; /* trust store maybe w CRLs and cert verify callback */
     STACK_OF(X509) *untrusted; /* untrusted (intermediate CA) certs */
diff -Nru openssl-3.5.5/crypto/cmp/cmp_vfy.c openssl-3.5.6/crypto/cmp/cmp_vfy.c
--- openssl-3.5.5/crypto/cmp/cmp_vfy.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cmp/cmp_vfy.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2020
  * Copyright Siemens AG 2015-2020
  *
@@ -363,13 +363,12 @@
     return valid;
 }
 
+/* checks protection of msg but not cert revocation nor cert chain */
 static int check_msg_given_cert(const OSSL_CMP_CTX *ctx, X509 *cert,
     const OSSL_CMP_MSG *msg)
 {
     return cert_acceptable(ctx, "previously validated", "sender cert",
-               cert, NULL, NULL, msg)
-        && (check_cert_path(ctx, ctx->trusted, cert)
-            || check_cert_path_3gpp(ctx, msg, cert));
+        cert, NULL, NULL, msg);
 }
 
 /*-
@@ -479,22 +478,26 @@
     (void)ERR_set_mark();
     ctx->log_cb = NULL; /* temporarily disable logging */
 
-    /*
-     * try first cached scrt, used successfully earlier in same transaction,
-     * for validating this and any further msgs where extraCerts may be left out
-     */
     if (scrt != NULL) {
+        /*-
+         * try first using cached message sender cert (in 'scrt' variable),
+         * which was used successfully earlier in the same transaction
+         * (assuming that the certificate itself was not revoked meanwhile and
+         *  is a good guess for use in validating also the current message)
+         */
         if (check_msg_given_cert(ctx, scrt, msg)) {
             ctx->log_cb = backup_log_cb;
             (void)ERR_pop_to_mark();
             return 1;
         }
         /* cached sender cert has shown to be no more successfully usable */
-        (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL);
         /* re-do the above check (just) for adding diagnostic information */
         ossl_cmp_info(ctx,
             "trying to verify msg signature with previously validated cert");
+        ctx->log_cb = backup_log_cb;
         (void)check_msg_given_cert(ctx, scrt, msg);
+        ctx->log_cb = NULL;
+        (void)ossl_cmp_ctx_set1_validatedSrvCert(ctx, NULL); /* this invalidates scrt */
     }
 
     res = check_msg_all_certs(ctx, msg, 0 /* using ctx->trusted */)
@@ -628,7 +631,7 @@
         scrt = ctx->srvCert;
         if (scrt == NULL) {
             if (ctx->trusted == NULL && ctx->secretValue != NULL) {
-                ossl_cmp_info(ctx, "no trust store nor pinned server cert available for verifying signature-based CMP message protection");
+                ossl_cmp_info(ctx, "no trust store nor pinned sender cert available for verifying signature-based CMP message protection");
                 ERR_raise(ERR_LIB_CMP, CMP_R_MISSING_TRUST_ANCHOR);
                 return 0;
             }
@@ -642,7 +645,7 @@
             /* use ctx->srvCert for signature check even if not acceptable */
             if (verify_signature(ctx, msg, scrt)) {
                 ossl_cmp_debug(ctx,
-                    "successfully validated signature-based CMP message protection using pinned server cert");
+                    "successfully validated signature-based CMP message protection using pinned sender cert");
                 return ossl_cmp_ctx_set1_validatedSrvCert(ctx, scrt);
             }
             ossl_cmp_warn(ctx, "CMP message signature verification failed");
diff -Nru openssl-3.5.5/crypto/cms/cms_asn1.c openssl-3.5.6/crypto/cms/cms_asn1.c
--- openssl-3.5.5/crypto/cms/cms_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cms/cms_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,7 +23,7 @@
     ASN1_OPT(CMS_OtherCertificateFormat, otherCert, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherCertificateFormat)
 
-    ASN1_CHOICE(CMS_CertificateChoices)
+ASN1_CHOICE(CMS_CertificateChoices)
     = { ASN1_SIMPLE(CMS_CertificateChoices, d.certificate, X509), ASN1_IMP(CMS_CertificateChoices, d.extendedCertificate, ASN1_SEQUENCE, 0), ASN1_IMP(CMS_CertificateChoices, d.v1AttrCert, ASN1_SEQUENCE, 1), ASN1_IMP(CMS_CertificateChoices, d.v2AttrCert, ASN1_SEQUENCE, 2), ASN1_IMP(CMS_CertificateChoices, d.other, CMS_OtherCertificateFormat, 3) } ASN1_CHOICE_END(CMS_CertificateChoices)
 
 ASN1_CHOICE(CMS_SignerIdentifier) = {
@@ -31,11 +31,11 @@
     ASN1_IMP(CMS_SignerIdentifier, d.subjectKeyIdentifier, ASN1_OCTET_STRING, 0)
 } static_ASN1_CHOICE_END(CMS_SignerIdentifier)
 
-    ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
+ASN1_NDEF_SEQUENCE(CMS_EncapsulatedContentInfo)
     = { ASN1_SIMPLE(CMS_EncapsulatedContentInfo, eContentType, ASN1_OBJECT), ASN1_NDEF_EXP_OPT(CMS_EncapsulatedContentInfo, eContent, ASN1_OCTET_STRING_NDEF, 0) } static_ASN1_NDEF_SEQUENCE_END(CMS_EncapsulatedContentInfo)
 
-    /* Minor tweak to operation: free up signer key, cert */
-    static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Minor tweak to operation: free up signer key, cert */
+static int cms_si_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     if (operation == ASN1_OP_FREE_POST) {
         CMS_SignerInfo *si = (CMS_SignerInfo *)*pval;
@@ -62,7 +62,7 @@
     ASN1_OPT(CMS_OtherRevocationInfoFormat, otherRevInfo, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherRevocationInfoFormat)
 
-    ASN1_CHOICE(CMS_RevocationInfoChoice)
+ASN1_CHOICE(CMS_RevocationInfoChoice)
     = { ASN1_SIMPLE(CMS_RevocationInfoChoice, d.crl, X509_CRL), ASN1_IMP(CMS_RevocationInfoChoice, d.other, CMS_OtherRevocationInfoFormat, 1) } ASN1_CHOICE_END(CMS_RevocationInfoChoice)
 
 ASN1_NDEF_SEQUENCE(CMS_SignedData) = {
@@ -80,7 +80,7 @@
     ASN1_IMP_SET_OF_OPT(CMS_OriginatorInfo, crls, CMS_RevocationInfoChoice, 1)
 } static_ASN1_SEQUENCE_END(CMS_OriginatorInfo)
 
-    static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_ec_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     CMS_EncryptedContentInfo *ec = (CMS_EncryptedContentInfo *)*pval;
 
@@ -118,7 +118,7 @@
     ASN1_IMP(CMS_KeyAgreeRecipientIdentifier, d.rKeyId, CMS_RecipientKeyIdentifier, 0)
 } static_ASN1_CHOICE_END(CMS_KeyAgreeRecipientIdentifier)
 
-    static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_rek_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     CMS_RecipientEncryptedKey *rek = (CMS_RecipientEncryptedKey *)*pval;
     if (operation == ASN1_OP_FREE_POST) {
@@ -143,7 +143,7 @@
     ASN1_IMP(CMS_OriginatorIdentifierOrKey, d.originatorKey, CMS_OriginatorPublicKey, 1)
 } static_ASN1_CHOICE_END(CMS_OriginatorIdentifierOrKey)
 
-    static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+static int cms_kari_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     CMS_KeyAgreeRecipientInfo *kari = (CMS_KeyAgreeRecipientInfo *)*pval;
     if (operation == ASN1_OP_NEW_POST) {
@@ -173,7 +173,7 @@
     ASN1_OPT(CMS_KEKIdentifier, other, CMS_OtherKeyAttribute)
 } static_ASN1_SEQUENCE_END(CMS_KEKIdentifier)
 
-    ASN1_SEQUENCE(CMS_KEKRecipientInfo)
+ASN1_SEQUENCE(CMS_KEKRecipientInfo)
     = { ASN1_EMBED(CMS_KEKRecipientInfo, version, INT32), ASN1_SIMPLE(CMS_KEKRecipientInfo, kekid, CMS_KEKIdentifier), ASN1_SIMPLE(CMS_KEKRecipientInfo, keyEncryptionAlgorithm, X509_ALGOR), ASN1_SIMPLE(CMS_KEKRecipientInfo, encryptedKey, ASN1_OCTET_STRING) } ASN1_SEQUENCE_END(CMS_KEKRecipientInfo)
 
 ASN1_SEQUENCE(CMS_PasswordRecipientInfo) = {
@@ -188,8 +188,8 @@
     ASN1_OPT(CMS_OtherRecipientInfo, oriValue, ASN1_ANY)
 } static_ASN1_SEQUENCE_END(CMS_OtherRecipientInfo)
 
-    /* Free up RecipientInfo additional data */
-    static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
+/* Free up RecipientInfo additional data */
+static int cms_ri_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
 {
     if (operation == ASN1_OP_FREE_PRE) {
         CMS_RecipientInfo *ri = (CMS_RecipientInfo *)*pval;
@@ -262,7 +262,7 @@
     ASN1_IMP_SET_OF_OPT(CMS_AuthenticatedData, unauthAttrs, X509_ALGOR, 3)
 } static_ASN1_NDEF_SEQUENCE_END(CMS_AuthenticatedData)
 
-    ASN1_NDEF_SEQUENCE(CMS_CompressedData)
+ASN1_NDEF_SEQUENCE(CMS_CompressedData)
     = {
           ASN1_EMBED(CMS_CompressedData, version, INT32),
           ASN1_SIMPLE(CMS_CompressedData, compressionAlgorithm, X509_ALGOR),
@@ -348,7 +348,7 @@
     ASN1_IMP_SEQUENCE_OF(CMS_ReceiptsFrom, d.receiptList, GENERAL_NAMES, 1)
 } static_ASN1_CHOICE_END(CMS_ReceiptsFrom)
 
-    ASN1_SEQUENCE(CMS_ReceiptRequest)
+ASN1_SEQUENCE(CMS_ReceiptRequest)
     = { ASN1_SIMPLE(CMS_ReceiptRequest, signedContentIdentifier, ASN1_OCTET_STRING), ASN1_SIMPLE(CMS_ReceiptRequest, receiptsFrom, CMS_ReceiptsFrom), ASN1_SEQUENCE_OF(CMS_ReceiptRequest, receiptsTo, GENERAL_NAMES) } ASN1_SEQUENCE_END(CMS_ReceiptRequest)
 
 ASN1_SEQUENCE(CMS_Receipt) = {
@@ -375,7 +375,7 @@
     ASN1_EXP_OPT(CMS_SharedInfo, suppPubInfo, ASN1_OCTET_STRING, 2),
 } static_ASN1_SEQUENCE_END(CMS_SharedInfo)
 
-    int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
+int CMS_SharedInfo_encode(unsigned char **pder, X509_ALGOR *kekalg, ASN1_OCTET_STRING *ukm, int keylen)
 {
     union {
         CMS_SharedInfo *pecsi;
diff -Nru openssl-3.5.5/crypto/cms/cms_dh.c openssl-3.5.6/crypto/cms/cms_dh.c
--- openssl-3.5.5/crypto/cms/cms_dh.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cms/cms_dh.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -89,16 +89,21 @@
     int keylen, plen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
+    const ASN1_OBJECT *aoid;
+    const void *parameter = NULL;
+    int ptype = 0;
     char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         goto err;
 
+    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
     /*
      * For DH we only have one OID permissible. If ever any more get defined
      * we will need something cleverer.
      */
-    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
+    if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
         ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
         goto err;
     }
@@ -107,11 +112,11 @@
         || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
         goto err;
 
-    if (alg->parameter->type != V_ASN1_SEQUENCE)
+    if (ptype != V_ASN1_SEQUENCE)
         goto err;
 
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
+    p = ASN1_STRING_get0_data(parameter);
+    plen = ASN1_STRING_length(parameter);
     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
     if (kekalg == NULL)
         goto err;
diff -Nru openssl-3.5.5/crypto/cms/cms_ec.c openssl-3.5.6/crypto/cms/cms_ec.c
--- openssl-3.5.5/crypto/cms/cms_ec.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cms/cms_ec.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -166,21 +166,27 @@
     int plen, keylen;
     EVP_CIPHER *kekcipher = NULL;
     EVP_CIPHER_CTX *kekctx;
+    const ASN1_OBJECT *aoid = NULL;
+    int ptype = 0;
+    const void *parameter = NULL;
+
     char name[OSSL_MAX_NAME_SIZE];
 
     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
         return 0;
 
-    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
+    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
+
+    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
         ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
         return 0;
     }
 
-    if (alg->parameter->type != V_ASN1_SEQUENCE)
+    if (ptype != V_ASN1_SEQUENCE)
         return 0;
 
-    p = alg->parameter->value.sequence->data;
-    plen = alg->parameter->value.sequence->length;
+    p = ASN1_STRING_get0_data(parameter);
+    plen = ASN1_STRING_length(parameter);
     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
     if (kekalg == NULL)
         goto err;
diff -Nru openssl-3.5.5/crypto/cms/cms_local.h openssl-3.5.6/crypto/cms/cms_local.h
--- openssl-3.5.5/crypto/cms/cms_local.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cms/cms_local.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -35,8 +35,7 @@
 typedef struct CMS_OriginatorIdentifierOrKey_st CMS_OriginatorIdentifierOrKey;
 typedef struct CMS_KeyAgreeRecipientInfo_st CMS_KeyAgreeRecipientInfo;
 typedef struct CMS_RecipientKeyIdentifier_st CMS_RecipientKeyIdentifier;
-typedef struct CMS_KeyAgreeRecipientIdentifier_st
-    CMS_KeyAgreeRecipientIdentifier;
+typedef struct CMS_KeyAgreeRecipientIdentifier_st CMS_KeyAgreeRecipientIdentifier;
 typedef struct CMS_KEKIdentifier_st CMS_KEKIdentifier;
 typedef struct CMS_KEKRecipientInfo_st CMS_KEKRecipientInfo;
 typedef struct CMS_PasswordRecipientInfo_st CMS_PasswordRecipientInfo;
diff -Nru openssl-3.5.5/crypto/cms/cms_rsa.c openssl-3.5.6/crypto/cms/cms_rsa.c
--- openssl-3.5.5/crypto/cms/cms_rsa.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cms/cms_rsa.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -42,10 +42,13 @@
     X509_ALGOR *cmsalg;
     int nid;
     int rv = -1;
-    unsigned char *label = NULL;
+    const unsigned char *label = NULL;
     int labellen = 0;
     const EVP_MD *mgf1md = NULL, *md = NULL;
     RSA_OAEP_PARAMS *oaep;
+    const ASN1_OBJECT *aoid;
+    const void *parameter = NULL;
+    int ptype = 0;
 
     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
     if (pkctx == NULL)
@@ -75,21 +78,19 @@
         goto err;
 
     if (oaep->pSourceFunc != NULL) {
-        X509_ALGOR *plab = oaep->pSourceFunc;
+        X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
 
-        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
+        if (OBJ_obj2nid(aoid) != NID_pSpecified) {
             ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
             goto err;
         }
-        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
+        if (ptype != V_ASN1_OCTET_STRING) {
             ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
             goto err;
         }
 
-        label = plab->parameter->value.octet_string->data;
-        /* Stop label being freed when OAEP parameters are freed */
-        plab->parameter->value.octet_string->data = NULL;
-        labellen = plab->parameter->value.octet_string->length;
+        label = ASN1_STRING_get0_data(parameter);
+        labellen = ASN1_STRING_length(parameter);
     }
 
     if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
@@ -98,10 +99,16 @@
         goto err;
     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
         goto err;
-    if (label != NULL
-        && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
-        OPENSSL_free(label);
-        goto err;
+    if (label != NULL) {
+        unsigned char *dup_label = OPENSSL_memdup(label, labellen);
+
+        if (dup_label == NULL)
+            goto err;
+
+        if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
+            OPENSSL_free(dup_label);
+            goto err;
+        }
     }
     /* Carry on */
     rv = 1;
diff -Nru openssl-3.5.5/crypto/cms/cms_smime.c openssl-3.5.6/crypto/cms/cms_smime.c
--- openssl-3.5.5/crypto/cms/cms_smime.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/cms/cms_smime.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -474,8 +474,10 @@
     } else {
         if (dcont && (tmpin == dcont))
             do_free_upto(cmsbio, dcont);
-        else
+        else if (cmsbio != NULL)
             BIO_free_all(cmsbio);
+        else
+            BIO_free(tmpin);
     }
 
     if (out != tmpout)
diff -Nru openssl-3.5.5/crypto/conf/conf_lib.c openssl-3.5.6/crypto/conf/conf_lib.c
--- openssl-3.5.5/crypto/conf/conf_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/conf/conf_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -314,7 +314,7 @@
         return NULL;
     }
     ERR_raise_data(ERR_LIB_CONF, CONF_R_NO_VALUE,
-        "group=%s name=%s", group, name);
+        "group=%s name=%s", group != NULL ? group : "", name);
     return NULL;
 }
 
diff -Nru openssl-3.5.5/crypto/conf/conf_mod.c openssl-3.5.6/crypto/conf/conf_mod.c
--- openssl-3.5.5/crypto/conf/conf_mod.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/conf/conf_mod.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -395,7 +395,7 @@
 {
     CONF_MODULE *tmod;
     int i, nchar;
-    char *p;
+    const char *p;
     STACK_OF(CONF_MODULE) *mods;
 
     p = strrchr(name, '.');
diff -Nru openssl-3.5.5/crypto/des/cfb64ede.c openssl-3.5.6/crypto/des/cfb64ede.c
--- openssl-3.5.5/crypto/des/cfb64ede.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/des/cfb64ede.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -28,7 +28,7 @@
 {
     register DES_LONG v0, v1;
     register long l = length;
-    register int n = *num;
+    register int n = *num & 0x07;
     DES_LONG ti[2];
     unsigned char *iv, c, cc;
 
diff -Nru openssl-3.5.5/crypto/des/cfb64enc.c openssl-3.5.6/crypto/des/cfb64enc.c
--- openssl-3.5.5/crypto/des/cfb64enc.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/des/cfb64enc.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
 {
     register DES_LONG v0, v1;
     register long l = length;
-    register int n = *num;
+    register int n = *num & 0x07;
     DES_LONG ti[2];
     unsigned char *iv, c, cc;
 
diff -Nru openssl-3.5.5/crypto/des/ofb64ede.c openssl-3.5.6/crypto/des/ofb64ede.c
--- openssl-3.5.5/crypto/des/ofb64ede.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/des/ofb64ede.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@
     DES_key_schedule *k3, DES_cblock *ivec, int *num)
 {
     register DES_LONG v0, v1;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     DES_cblock d;
     register char *dp;
diff -Nru openssl-3.5.5/crypto/des/ofb64enc.c openssl-3.5.6/crypto/des/ofb64enc.c
--- openssl-3.5.5/crypto/des/ofb64enc.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/des/ofb64enc.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -25,7 +25,7 @@
     DES_key_schedule *schedule, DES_cblock *ivec, int *num)
 {
     register DES_LONG v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     DES_cblock d;
     register unsigned char *dp;
diff -Nru openssl-3.5.5/crypto/dh/dh_asn1.c openssl-3.5.6/crypto/dh/dh_asn1.c
--- openssl-3.5.5/crypto/dh/dh_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/dh/dh_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -76,7 +76,7 @@
     ASN1_SIMPLE(int_dhvparams, counter, BIGNUM)
 } static_ASN1_SEQUENCE_END_name(int_dhvparams, DHvparams)
 
-    ASN1_SEQUENCE(DHxparams)
+ASN1_SEQUENCE(DHxparams)
     = {
           ASN1_SIMPLE(int_dhx942_dh, p, BIGNUM),
           ASN1_SIMPLE(int_dhx942_dh, g, BIGNUM),
@@ -85,8 +85,7 @@
           ASN1_OPT(int_dhx942_dh, vparams, DHvparams),
       } static_ASN1_SEQUENCE_END_name(int_dhx942_dh, DHxparams)
 
-          int_dhx942_dh
-    * d2i_int_dhx(int_dhx942_dh * *a, const unsigned char **pp, long length);
+int_dhx942_dh *d2i_int_dhx(int_dhx942_dh **a, const unsigned char **pp, long length);
 int i2d_int_dhx(const int_dhx942_dh *a, unsigned char **pp);
 
 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(int_dhx942_dh, DHxparams, int_dhx)
diff -Nru openssl-3.5.5/crypto/dh/dh_rfc5114.c openssl-3.5.6/crypto/dh/dh_rfc5114.c
--- openssl-3.5.5/crypto/dh/dh_rfc5114.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/dh/dh_rfc5114.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -43,5 +43,5 @@
     }
 
 make_dh(1024_160)
-    make_dh(2048_224)
-        make_dh(2048_256)
+make_dh(2048_224)
+make_dh(2048_256)
diff -Nru openssl-3.5.5/crypto/dllmain.c openssl-3.5.6/crypto/dllmain.c
--- openssl-3.5.5/crypto/dllmain.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/dllmain.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -35,7 +35,9 @@
     case DLL_THREAD_ATTACH:
         break;
     case DLL_THREAD_DETACH:
+#ifndef __CYGWIN__
         OPENSSL_thread_stop();
+#endif
         break;
     case DLL_PROCESS_DETACH:
         break;
diff -Nru openssl-3.5.5/crypto/dsa/dsa_asn1.c openssl-3.5.6/crypto/dsa/dsa_asn1.c
--- openssl-3.5.5/crypto/dsa/dsa_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/dsa/dsa_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -47,7 +47,7 @@
     ASN1_SIMPLE(DSA, priv_key, CBIGNUM)
 } static_ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey)
 
-    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPrivateKey, DSAPrivateKey)
 
 ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = {
     ASN1_SIMPLE(DSA, params.p, BIGNUM),
@@ -55,7 +55,7 @@
     ASN1_SIMPLE(DSA, params.g, BIGNUM),
 } static_ASN1_SEQUENCE_END_cb(DSA, DSAparams)
 
-    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAparams, DSAparams)
 
 ASN1_SEQUENCE_cb(DSAPublicKey, dsa_cb) = {
     ASN1_SIMPLE(DSA, pub_key, BIGNUM),
@@ -64,7 +64,7 @@
     ASN1_SIMPLE(DSA, params.g, BIGNUM)
 } static_ASN1_SEQUENCE_END_cb(DSA, DSAPublicKey)
 
-    IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
+IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(DSA, DSAPublicKey, DSAPublicKey)
 
 DSA *DSAparams_dup(const DSA *dsa)
 {
diff -Nru openssl-3.5.5/crypto/ec/ec_asn1.c openssl-3.5.6/crypto/ec/ec_asn1.c
--- openssl-3.5.5/crypto/ec/ec_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/ec/ec_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -105,7 +105,7 @@
     ASN1_EMBED(X9_62_PENTANOMIAL, k3, INT32)
 } static_ASN1_SEQUENCE_END(X9_62_PENTANOMIAL)
 
-    DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_PENTANOMIAL)
 
 ASN1_ADB_TEMPLATE(char_two_def) = ASN1_SIMPLE(X9_62_CHARACTERISTIC_TWO, p.other, ASN1_ANY);
@@ -122,7 +122,7 @@
     ASN1_ADB_OBJECT(X9_62_CHARACTERISTIC_TWO)
 } static_ASN1_SEQUENCE_END(X9_62_CHARACTERISTIC_TWO)
 
-    DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
+DECLARE_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
 IMPLEMENT_ASN1_ALLOC_FUNCTIONS(X9_62_CHARACTERISTIC_TWO)
 
 ASN1_ADB_TEMPLATE(fieldID_def) = ASN1_SIMPLE(X9_62_FIELDID, p.other, ASN1_ANY);
@@ -137,10 +137,10 @@
     ASN1_ADB_OBJECT(X9_62_FIELDID)
 } static_ASN1_SEQUENCE_END(X9_62_FIELDID)
 
-    ASN1_SEQUENCE(X9_62_CURVE)
+ASN1_SEQUENCE(X9_62_CURVE)
     = { ASN1_SIMPLE(X9_62_CURVE, a, ASN1_OCTET_STRING), ASN1_SIMPLE(X9_62_CURVE, b, ASN1_OCTET_STRING), ASN1_OPT(X9_62_CURVE, seed, ASN1_BIT_STRING) } static_ASN1_SEQUENCE_END(X9_62_CURVE)
 
-        ASN1_SEQUENCE(ECPARAMETERS)
+ASN1_SEQUENCE(ECPARAMETERS)
     = { ASN1_EMBED(ECPARAMETERS, version, INT32), ASN1_SIMPLE(ECPARAMETERS, fieldID, X9_62_FIELDID), ASN1_SIMPLE(ECPARAMETERS, curve, X9_62_CURVE), ASN1_SIMPLE(ECPARAMETERS, base, ASN1_OCTET_STRING), ASN1_SIMPLE(ECPARAMETERS, order, ASN1_INTEGER), ASN1_OPT(ECPARAMETERS, cofactor, ASN1_INTEGER) } ASN1_SEQUENCE_END(ECPARAMETERS)
 
 DECLARE_ASN1_ALLOC_FUNCTIONS(ECPARAMETERS)
@@ -163,7 +163,7 @@
     ASN1_EXP_OPT(EC_PRIVATEKEY, publicKey, ASN1_BIT_STRING, 1)
 } static_ASN1_SEQUENCE_END(EC_PRIVATEKEY)
 
-    DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
+DECLARE_ASN1_FUNCTIONS(EC_PRIVATEKEY)
 DECLARE_ASN1_ENCODE_FUNCTIONS_name(EC_PRIVATEKEY, EC_PRIVATEKEY)
 IMPLEMENT_ASN1_FUNCTIONS(EC_PRIVATEKEY)
 
diff -Nru openssl-3.5.5/crypto/ec/ec_check.c openssl-3.5.6/crypto/ec/ec_check.c
--- openssl-3.5.5/crypto/ec/ec_check.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/ec/ec_check.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2002-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,7 +50,7 @@
      * ECC domain parameter validation.
      * See SP800-56A R3 5.5.2 "Assurances of Domain-Parameter Validity" Part 1b.
      */
-    return EC_GROUP_check_named_curve(group, 1, ctx) >= 0 ? 1 : 0;
+    return EC_GROUP_check_named_curve(group, 1, ctx) > 0 ? 1 : 0;
 #else
     int ret = 0;
     const BIGNUM *order;
diff -Nru openssl-3.5.5/crypto/ec/ec_lib.c openssl-3.5.6/crypto/ec/ec_lib.c
--- openssl-3.5.5/crypto/ec/ec_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/ec/ec_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -175,6 +175,8 @@
     dest->libctx = src->libctx;
     dest->curve_name = src->curve_name;
 
+    EC_pre_comp_free(dest);
+
     /* Copy precomputed */
     dest->pre_comp_type = src->pre_comp_type;
     switch (src->pre_comp_type) {
diff -Nru openssl-3.5.5/crypto/err/err_all.c openssl-3.5.6/crypto/err/err_all.c
--- openssl-3.5.5/crypto/err/err_all.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/err/err_all.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,6 +40,7 @@
 #include "crypto/cmperr.h"
 #include "crypto/cterr.h"
 #include "crypto/asyncerr.h"
+#include "crypto/sm2err.h"
 #include "crypto/storeerr.h"
 #include "crypto/esserr.h"
 #include "internal/propertyerr.h"
@@ -104,6 +105,9 @@
 #endif
         || ossl_err_load_ESS_strings() == 0
         || ossl_err_load_ASYNC_strings() == 0
+#ifndef OPENSSL_NO_SM2
+        || ossl_err_load_SM2_strings() == 0
+#endif
         || ossl_err_load_OSSL_STORE_strings() == 0
         || ossl_err_load_PROP_strings() == 0
         || ossl_err_load_PROV_strings() == 0
diff -Nru openssl-3.5.5/crypto/err/openssl.txt openssl-3.5.6/crypto/err/openssl.txt
--- openssl-3.5.5/crypto/err/openssl.txt	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/err/openssl.txt	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,4 @@
-# Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -848,6 +848,7 @@
 EVP_R_XTS_DUPLICATED_KEYS:192:xts duplicated keys
 HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN:108:asn1 len exceeds max resp len
 HTTP_R_CONNECT_FAILURE:100:connect failure
+HTTP_R_CONTENT_TYPE_MISMATCH:131:content type mismatch
 HTTP_R_ERROR_PARSING_ASN1_LENGTH:109:error parsing asn1 length
 HTTP_R_ERROR_PARSING_CONTENT_LENGTH:119:error parsing content length
 HTTP_R_ERROR_PARSING_URL:101:error parsing url
diff -Nru openssl-3.5.5/crypto/ess/ess_asn1.c openssl-3.5.6/crypto/ess/ess_asn1.c
--- openssl-3.5.5/crypto/ess/ess_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/ess/ess_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,7 +21,7 @@
     ASN1_SIMPLE(ESS_ISSUER_SERIAL, serial, ASN1_INTEGER)
 } static_ASN1_SEQUENCE_END(ESS_ISSUER_SERIAL)
 
-    IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_ISSUER_SERIAL)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_ISSUER_SERIAL)
 
 ASN1_SEQUENCE(ESS_CERT_ID) = {
@@ -29,7 +29,7 @@
     ASN1_OPT(ESS_CERT_ID, issuer_serial, ESS_ISSUER_SERIAL)
 } static_ASN1_SEQUENCE_END(ESS_CERT_ID)
 
-    IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID)
 
 ASN1_SEQUENCE(ESS_SIGNING_CERT) = {
@@ -46,7 +46,7 @@
     ASN1_OPT(ESS_CERT_ID_V2, issuer_serial, ESS_ISSUER_SERIAL)
 } static_ASN1_SEQUENCE_END(ESS_CERT_ID_V2)
 
-    IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
+IMPLEMENT_ASN1_FUNCTIONS(ESS_CERT_ID_V2)
 IMPLEMENT_ASN1_DUP_FUNCTION(ESS_CERT_ID_V2)
 
 ASN1_SEQUENCE(ESS_SIGNING_CERT_V2) = {
diff -Nru openssl-3.5.5/crypto/evp/digest.c openssl-3.5.6/crypto/evp/digest.c
--- openssl-3.5.5/crypto/evp/digest.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/digest.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -872,8 +872,9 @@
     if (pctx != NULL
         && (pctx->operation == EVP_PKEY_OP_VERIFYCTX
             || pctx->operation == EVP_PKEY_OP_SIGNCTX)
-        && pctx->op.sig.algctx != NULL
-        && pctx->op.sig.signature->gettable_ctx_md_params != NULL)
+        && pctx->op.sig.signature != NULL
+        && pctx->op.sig.signature->gettable_ctx_md_params != NULL
+        && pctx->op.sig.algctx != NULL)
         return pctx->op.sig.signature->gettable_ctx_md_params(
             pctx->op.sig.algctx);
 
diff -Nru openssl-3.5.5/crypto/evp/e_aes.c openssl-3.5.6/crypto/evp/e_aes.c
--- openssl-3.5.5/crypto/evp/e_aes.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_aes.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2403,14 +2403,14 @@
 
 #endif
 
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                                          \
-    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)               \
-        BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)            \
-            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)     \
-                BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
-                    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                           \
-                        BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                       \
-                            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                              \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)    \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
 
 static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
@@ -2641,10 +2641,10 @@
 }
 
 BLOCK_CIPHER_generic_pack(NID_aes, 128, 0)
-    BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
-        BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_aes, 256, 0)
 
-            static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
+static int aes_gcm_cleanup(EVP_CIPHER_CTX *c)
 {
     EVP_AES_GCM_CTX *gctx = EVP_C_DATA(EVP_AES_GCM_CTX, c);
     if (gctx == NULL)
@@ -3189,12 +3189,12 @@
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, gcm, GCM,
     EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
-        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-        BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
-            EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, gcm, GCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, gcm, GCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 
-            static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_xts_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
     EVP_AES_XTS_CTX *xctx = EVP_C_DATA(EVP_AES_XTS_CTX, c);
 
@@ -3378,9 +3378,9 @@
     | EVP_CIPH_CUSTOM_COPY)
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 16, xts, XTS, XTS_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 16, xts, XTS, XTS_FLAGS)
 
-        static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
+static int aes_ccm_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr)
 {
     EVP_AES_CCM_CTX *cctx = EVP_C_DATA(EVP_AES_CCM_CTX, c);
     switch (type) {
@@ -3654,12 +3654,12 @@
 
 BLOCK_CIPHER_custom(NID_aes, 128, 1, 12, ccm, CCM,
     EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
-        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-        BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
-            EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 1, 12, ccm, CCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 1, 12, ccm, CCM,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 
-            typedef struct {
+typedef struct {
     union {
         OSSL_UNION_ALIGN;
         AES_KEY ks;
@@ -4146,8 +4146,8 @@
 
 BLOCK_CIPHER_custom(NID_aes, 128, 16, 12, ocb, OCB,
     EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-    BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
-        EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
-        BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
-            EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 192, 16, 12, ocb, OCB,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
+BLOCK_CIPHER_custom(NID_aes, 256, 16, 12, ocb, OCB,
+    EVP_CIPH_FLAG_AEAD_CIPHER | CUSTOM_FLAGS)
 #endif /* OPENSSL_NO_OCB */
diff -Nru openssl-3.5.5/crypto/evp/e_aria.c openssl-3.5.6/crypto/evp/e_aria.c
--- openssl-3.5.5/crypto/evp/e_aria.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_aria.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2017, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -194,13 +194,13 @@
 }
 
 BLOCK_CIPHER_generic(NID_aria, 128, 1, 16, ctr, ctr, CTR, 0)
-    BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
-        BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 192, 1, 16, ctr, ctr, CTR, 0)
+BLOCK_CIPHER_generic(NID_aria, 256, 1, 16, ctr, ctr, CTR, 0)
 
-    /* Authenticated cipher modes (GCM/CCM) */
+/* Authenticated cipher modes (GCM/CCM) */
 
-    /* increment counter (64-bit int) by 1 */
-    static void ctr64_inc(unsigned char *counter)
+/* increment counter (64-bit int) by 1 */
+static void ctr64_inc(unsigned char *counter)
 {
     int n = 8;
     unsigned char c;
@@ -778,11 +778,11 @@
     }
 
 BLOCK_CIPHER_aead(128, gcm, GCM)
-    BLOCK_CIPHER_aead(192, gcm, GCM)
-        BLOCK_CIPHER_aead(256, gcm, GCM)
+BLOCK_CIPHER_aead(192, gcm, GCM)
+BLOCK_CIPHER_aead(256, gcm, GCM)
 
-            BLOCK_CIPHER_aead(128, ccm, CCM)
-                BLOCK_CIPHER_aead(192, ccm, CCM)
-                    BLOCK_CIPHER_aead(256, ccm, CCM)
+BLOCK_CIPHER_aead(128, ccm, CCM)
+BLOCK_CIPHER_aead(192, ccm, CCM)
+BLOCK_CIPHER_aead(256, ccm, CCM)
 
 #endif
diff -Nru openssl-3.5.5/crypto/evp/e_camellia.c openssl-3.5.6/crypto/evp/e_camellia.c
--- openssl-3.5.5/crypto/evp/e_camellia.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_camellia.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -183,14 +183,14 @@
 
 #endif
 
-#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                                          \
-    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)               \
-        BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)            \
-            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)     \
-                BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
-                    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                           \
-                        BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                       \
-                            BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
+#define BLOCK_CIPHER_generic_pack(nid, keylen, flags)                                              \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+    BLOCK_CIPHER_generic(nid, keylen, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)    \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb1, cfb1, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, cfb8, cfb8, CFB, flags)                               \
+    BLOCK_CIPHER_generic(nid, keylen, 1, 16, ctr, ctr, CTR, flags)
 
 /* The subkey for Camellia is generated. */
 static int camellia_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
@@ -347,5 +347,5 @@
 }
 
 BLOCK_CIPHER_generic_pack(NID_camellia, 128, 0)
-    BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
-        BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 192, 0)
+BLOCK_CIPHER_generic_pack(NID_camellia, 256, 0)
diff -Nru openssl-3.5.5/crypto/evp/e_des.c openssl-3.5.6/crypto/evp/e_des.c
--- openssl-3.5.5/crypto/evp/e_des.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_des.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -197,16 +197,16 @@
     EVP_CIPH_RAND_KEY, des_init_key, NULL,
     EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
 
-    BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
-        EVP_CIPH_RAND_KEY, des_init_key, NULL,
-        EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
-
-        BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
-            EVP_CIPH_RAND_KEY, des_init_key, NULL,
-            EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 1,
+    EVP_CIPH_RAND_KEY, des_init_key, NULL,
+    EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
+
+BLOCK_CIPHER_def_cfb(des, EVP_DES_KEY, NID_des, 8, 8, 8,
+    EVP_CIPH_RAND_KEY, des_init_key, NULL,
+    EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, des_ctrl)
 
-            static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                const unsigned char *iv, int enc)
+static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
 {
     DES_cblock *deskey = (DES_cblock *)key;
     EVP_DES_KEY *dat = (EVP_DES_KEY *)EVP_CIPHER_CTX_get_cipher_data(ctx);
diff -Nru openssl-3.5.5/crypto/evp/e_des3.c openssl-3.5.6/crypto/evp/e_des3.c
--- openssl-3.5.5/crypto/evp/e_des3.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_des3.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -210,20 +210,20 @@
 #define des_ede3_ofb_cipher des_ede_ofb_cipher
 #define des_ede3_cbc_cipher des_ede_cbc_cipher
 #define des_ede3_ecb_cipher des_ede_ecb_cipher
-    BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
-        EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-        des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
-
-        BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
-            EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-            des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
-
-            BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
-                EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
-                des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64,
+    EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 1,
+    EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
 
-                static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                    const unsigned char *iv, int enc)
+BLOCK_CIPHER_def_cfb(des_ede3, DES_EDE_KEY, NID_des_ede3, 24, 8, 8,
+    EVP_CIPH_RAND_KEY | EVP_CIPH_FLAG_DEFAULT_ASN1,
+    des_ede3_init_key, NULL, NULL, NULL, des3_ctrl)
+
+static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
 {
     DES_cblock *deskey = (DES_cblock *)key;
     DES_EDE_KEY *dat = data(ctx);
diff -Nru openssl-3.5.5/crypto/evp/e_idea.c openssl-3.5.6/crypto/evp/e_idea.c
--- openssl-3.5.5/crypto/evp/e_idea.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_idea.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -54,8 +54,8 @@
                 0, idea_init_key, NULL,
                 EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL)
 
-                static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-                    const unsigned char *iv, int enc)
+static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
+    const unsigned char *iv, int enc)
 {
     if (!enc) {
         if (EVP_CIPHER_CTX_get_mode(ctx) == EVP_CIPH_OFB_MODE)
diff -Nru openssl-3.5.5/crypto/evp/e_sm4.c openssl-3.5.6/crypto/evp/e_sm4.c
--- openssl-3.5.5/crypto/evp/e_sm4.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/e_sm4.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2017 Ribose Inc. All Rights Reserved.
  * Ported from Ribose contributions from Botan.
  *
@@ -49,12 +49,12 @@
         return &sm4_##mode;                                                   \
     }
 
-#define DEFINE_BLOCK_CIPHERS(nid, flags)                                                               \
-    BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)               \
-        BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)            \
-            BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)     \
-                BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
-                    BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
+#define DEFINE_BLOCK_CIPHERS(nid, flags)                                                   \
+    BLOCK_CIPHER_generic(nid, 16, 16, cbc, cbc, CBC, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)   \
+    BLOCK_CIPHER_generic(nid, 16, 0, ecb, ecb, ECB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1)    \
+    BLOCK_CIPHER_generic(nid, 1, 16, ofb128, ofb, OFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, 1, 16, cfb128, cfb, CFB, flags | EVP_CIPH_FLAG_DEFAULT_ASN1) \
+    BLOCK_CIPHER_generic(nid, 1, 16, ctr, ctr, CTR, flags)
 
 static int sm4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
     const unsigned char *iv, int enc)
diff -Nru openssl-3.5.5/crypto/evp/encode.c openssl-3.5.6/crypto/evp/encode.c
--- openssl-3.5.5/crypto/evp/encode.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/encode.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -689,7 +689,7 @@
     l = ((((unsigned long)a) << 18L) | (((unsigned long)b) << 12L) | (((unsigned long)c) << 6L) | (((unsigned long)d)));
 
     if (eof == -1)
-        eof = (f[2] == '=') + (f[3] == '=');
+        eof = (c == '=') + (d == '=');
 
     switch (eof) {
     case 2:
diff -Nru openssl-3.5.5/crypto/evp/evp_enc.c openssl-3.5.6/crypto/evp/evp_enc.c
--- openssl-3.5.5/crypto/evp/evp_enc.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/evp_enc.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -979,6 +979,11 @@
     size_t soutl, inl_ = (size_t)inl;
     int blocksize;
 
+    if (inl < 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+        return 0;
+    }
+
     if (ossl_likely(outl != NULL)) {
         *outl = 0;
     } else {
@@ -1128,6 +1133,11 @@
     size_t soutl, inl_ = (size_t)inl;
     int blocksize;
 
+    if (inl < 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+        return 0;
+    }
+
     if (ossl_likely(outl != NULL)) {
         *outl = 0;
     } else {
diff -Nru openssl-3.5.5/crypto/evp/kem.c openssl-3.5.6/crypto/evp/kem.c
--- openssl-3.5.5/crypto/evp/kem.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/evp/kem.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -181,7 +181,7 @@
         if (provauthkey != NULL && kem->auth_decapsulate_init != NULL) {
             ret = kem->auth_decapsulate_init(ctx->op.encap.algctx, provkey,
                 provauthkey, params);
-        } else if (provauthkey == NULL && kem->encapsulate_init != NULL) {
+        } else if (provauthkey == NULL && kem->decapsulate_init != NULL) {
             ret = kem->decapsulate_init(ctx->op.encap.algctx, provkey, params);
         } else {
             ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
diff -Nru openssl-3.5.5/crypto/hashtable/hashtable.c openssl-3.5.6/crypto/hashtable/hashtable.c
--- openssl-3.5.5/crypto/hashtable/hashtable.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/hashtable/hashtable.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -82,9 +82,11 @@
 #if defined(__GNUC__) || defined(__CLANG__)
 #define PREFETCH_NEIGHBORHOOD(x) __builtin_prefetch(x.entries)
 #define PREFETCH(x) __builtin_prefetch(x)
+#define ALIGN __attribute__((aligned(8)))
 #else
 #define PREFETCH_NEIGHBORHOOD(x)
 #define PREFETCH(x)
+#define ALIGN
 #endif
 
 /*
@@ -112,7 +114,7 @@
 struct ht_neighborhood_entry_st {
     uint64_t hash;
     struct ht_internal_value_st *value;
-};
+} ALIGN;
 
 struct ht_neighborhood_st {
     struct ht_neighborhood_entry_st entries[NEIGHBORHOOD_LEN];
diff -Nru openssl-3.5.5/crypto/http/http_client.c openssl-3.5.6/crypto/http/http_client.c
--- openssl-3.5.5/crypto/http/http_client.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/http/http_client.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2018-2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -551,6 +551,7 @@
 int OSSL_HTTP_REQ_CTX_nbio(OSSL_HTTP_REQ_CTX *rctx)
 {
     int i, found_expected_ct = 0, found_keep_alive = 0;
+    int status_code = 0;
     int got_text = 1;
     long n;
     size_t resp_len = 0;
@@ -751,8 +752,8 @@
 
         /* First line in response header */
         if (rctx->state == OHS_FIRSTLINE) {
-            i = parse_http_line1(buf, &found_keep_alive);
-            switch (i) {
+            status_code = parse_http_line1(buf, &found_keep_alive);
+            switch (status_code) {
             case HTTP_STATUS_CODE_OK:
                 rctx->state = OHS_HEADERS;
                 goto next_line;
@@ -767,7 +768,7 @@
                 /* fall through */
             default:
                 /* must return content if status >= 400 */
-                rctx->state = i < HTTP_STATUS_CODES_NONFATAL_ERROR
+                rctx->state = status_code < HTTP_STATUS_CODES_NONFATAL_ERROR
                     ? OHS_HEADERS_ERROR
                     : OHS_HEADERS;
                 goto next_line; /* continue parsing, also on HTTP error */
@@ -797,6 +798,17 @@
             }
             if (OPENSSL_strcasecmp(key, "Content-Type") == 0) {
                 got_text = HAS_CASE_PREFIX(value, "text/");
+                if (got_text
+                    && rctx->state == OHS_HEADERS
+                    && rctx->expect_asn1
+                    && (status_code >= HTTP_STATUS_CODES_NONFATAL_ERROR
+                        || status_code == HTTP_STATUS_CODE_OK)) {
+                    ERR_raise_data(ERR_LIB_HTTP, HTTP_R_CONTENT_TYPE_MISMATCH,
+                        "expected ASN.1 content but got http code %d with Content-Type: %s",
+                        status_code, value);
+                    rctx->state = OHS_HEADERS_ERROR;
+                    goto next_line;
+                }
                 if (rctx->state == OHS_HEADERS
                     && rctx->expected_ct != NULL) {
                     const char *semicolon;
@@ -1452,7 +1464,11 @@
     }
     BIO_push(fbio, bio);
 
-    BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
+    /* Add square brackets around a naked IPv6 address */
+    if (server[0] != '[' && strchr(server, ':') != NULL)
+        BIO_printf(fbio, "CONNECT [%s]:%s " HTTP_1_0 "\r\n", server, port);
+    else
+        BIO_printf(fbio, "CONNECT %s:%s " HTTP_1_0 "\r\n", server, port);
 
     /*
      * Workaround for broken proxies which would otherwise close
diff -Nru openssl-3.5.5/crypto/http/http_err.c openssl-3.5.6/crypto/http/http_err.c
--- openssl-3.5.5/crypto/http/http_err.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/http/http_err.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,6 +20,8 @@
     { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN),
         "asn1 len exceeds max resp len" },
     { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONNECT_FAILURE), "connect failure" },
+    { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_CONTENT_TYPE_MISMATCH),
+        "content type mismatch" },
     { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_ASN1_LENGTH),
         "error parsing asn1 length" },
     { ERR_PACK(ERR_LIB_HTTP, 0, HTTP_R_ERROR_PARSING_CONTENT_LENGTH),
diff -Nru openssl-3.5.5/crypto/http/http_lib.c openssl-3.5.6/crypto/http/http_lib.c
--- openssl-3.5.5/crypto/http/http_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/http/http_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -55,6 +55,7 @@
     char **ppath, char **pquery, char **pfrag)
 {
     const char *p, *tmp;
+    const char *authority_end;
     const char *scheme, *scheme_end;
     const char *user, *user_end;
     const char *host, *host_end;
@@ -92,7 +93,10 @@
 
     /* parse optional "userinfo@" */
     user = user_end = host = p;
-    host = strchr(p, '@');
+    authority_end = strpbrk(p, "/?#");
+    if (authority_end == NULL)
+        authority_end = p + strlen(p);
+    host = memchr(p, '@', authority_end - p);
     if (host != NULL)
         user_end = host++;
     else
diff -Nru openssl-3.5.5/crypto/idea/i_cfb64.c openssl-3.5.6/crypto/idea/i_cfb64.c
--- openssl-3.5.5/crypto/idea/i_cfb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/idea/i_cfb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -37,6 +37,7 @@
         *num = -1;
         return;
     }
+    n = n & 0x07;
 
     iv = (unsigned char *)ivec;
     if (encrypt) {
diff -Nru openssl-3.5.5/crypto/idea/i_ofb64.c openssl-3.5.6/crypto/idea/i_ofb64.c
--- openssl-3.5.5/crypto/idea/i_ofb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/idea/i_ofb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,6 +39,7 @@
         *num = -1;
         return;
     }
+    n = n & 0x07;
 
     iv = (unsigned char *)ivec;
     n2l(iv, v0);
diff -Nru openssl-3.5.5/crypto/init.c openssl-3.5.6/crypto/init.c
--- openssl-3.5.5/crypto/init.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/init.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -275,27 +275,24 @@
 }
 
 static CRYPTO_ONCE config = CRYPTO_ONCE_STATIC_INIT;
-static int config_inited = 0;
 static const OPENSSL_INIT_SETTINGS *conf_settings = NULL;
 DEFINE_RUN_ONCE_STATIC(ossl_init_config)
 {
     int ret = ossl_config_int(NULL);
 
-    config_inited = 1;
     return ret;
 }
 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_config_settings, ossl_init_config)
 {
     int ret = ossl_config_int(conf_settings);
 
-    config_inited = 1;
     return ret;
 }
 DEFINE_RUN_ONCE_STATIC_ALT(ossl_init_no_config, ossl_init_config)
 {
     OSSL_TRACE(INIT, "ossl_no_config_int()\n");
     ossl_no_config_int();
-    config_inited = 1;
+
     return 1;
 }
 
diff -Nru openssl-3.5.5/crypto/initthread.c openssl-3.5.6/crypto/initthread.c
--- openssl-3.5.5/crypto/initthread.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/initthread.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -200,16 +200,28 @@
 }
 
 static CRYPTO_ONCE ossl_init_thread_runonce = CRYPTO_ONCE_STATIC_INIT;
+/* MSVC linker can use other segment for uninitialized (zeroed) variables */
+#if defined(OPENSSL_SYS_WINDOWS)
 static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)-1;
+#elif defined(OPENSSL_SYS_TANDEM) && (defined(_PUT_MODEL_) || defined(_KLT_MODEL_))
+static CRYPTO_THREAD_ID recursion_guard = { (void *)-1, (short)-1, (short)-1 };
+#else
+static CRYPTO_THREAD_ID recursion_guard = (CRYPTO_THREAD_ID)0;
+#endif
 
 DEFINE_RUN_ONCE_STATIC(ossl_init_thread_once)
 {
+    /* CRYPTO_THREAD_init_local() can call ossl_init_threads() again */
     recursion_guard = CRYPTO_THREAD_get_current_id();
     if (!CRYPTO_THREAD_init_local(&destructor_key.value,
             init_thread_destructor))
         return 0;
 
+#if defined(OPENSSL_SYS_TANDEM)
+    memset(&recursion_guard, 0, sizeof(recursion_guard));
+#else
     recursion_guard = (CRYPTO_THREAD_ID)0;
+#endif
     return 1;
 }
 
diff -Nru openssl-3.5.5/crypto/modes/asm/aes-gcm-ppc.pl openssl-3.5.6/crypto/modes/asm/aes-gcm-ppc.pl
--- openssl-3.5.5/crypto/modes/asm/aes-gcm-ppc.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/modes/asm/aes-gcm-ppc.pl	2026-04-07 12:26:30.000000000 +0000
@@ -409,7 +409,6 @@
 ################################################################################
 .align 4
 aes_gcm_crypt_1x:
-.localentry	aes_gcm_crypt_1x,0
 
 	cmpdi	5, 16
 	bge	__More_1x
@@ -492,7 +491,6 @@
 ################################################################################
 .align 4
 __Process_partial:
-.localentry	__Process_partial,0
 
 	# create partial mask
 	vspltisb 16, -1
@@ -564,7 +562,6 @@
 .global ppc_aes_gcm_encrypt
 .align 5
 ppc_aes_gcm_encrypt:
-.localentry     ppc_aes_gcm_encrypt,0
 
 	SAVE_REGS
 	LOAD_HASH_TABLE
@@ -752,7 +749,6 @@
 .global ppc_aes_gcm_decrypt
 .align 5
 ppc_aes_gcm_decrypt:
-.localentry	ppc_aes_gcm_decrypt, 0
 
 	SAVE_REGS
 	LOAD_HASH_TABLE
@@ -1032,7 +1028,6 @@
 .size   ppc_aes_gcm_decrypt,.-ppc_aes_gcm_decrypt
 
 aes_gcm_out:
-.localentry	aes_gcm_out,0
 
 	mr	3, 11			# return count
 
diff -Nru openssl-3.5.5/crypto/modes/asm/ghash-armv4.pl openssl-3.5.6/crypto/modes/asm/ghash-armv4.pl
--- openssl-3.5.5/crypto/modes/asm/ghash-armv4.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/modes/asm/ghash-armv4.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2010-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -55,7 +55,7 @@
 # Câmara, D.; Gouvêa, C. P. L.; López, J. & Dahab, R.: Fast Software
 # Polynomial Multiplication on ARM Processors using the NEON Engine.
 #
-# http://conradoplg.cryptoland.net/files/2010/12/mocrysen13.pdf
+# https://conradoplg.modp.net/files/2010/12/mocrysen13.pdf
 
 # ====================================================================
 # Note about "528B" variant. In ARM case it makes lesser sense to
diff -Nru openssl-3.5.5/crypto/modes/build.info openssl-3.5.6/crypto/modes/build.info
--- openssl-3.5.5/crypto/modes/build.info	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/modes/build.info	2026-04-07 12:26:30.000000000 +0000
@@ -35,7 +35,7 @@
   $MODESASM_ppc32=ghashp8-ppc.s
   $MODESDEF_ppc32=
   $MODESASM_ppc64=$MODESASM_ppc32
-  IF[{- $target{sys_id} ne "AIX" && $target{sys_id} ne "MACOSX" -}]
+  IF[{- $target{perlasm_scheme} =~ /le$/ -}]
     $MODESASM_ppc64=$MODESASM_ppc32 aes-gcm-ppc.s
   ENDIF
   $MODESDEF_ppc64=$MODESDEF_ppc32
diff -Nru openssl-3.5.5/crypto/o_str.c openssl-3.5.6/crypto/o_str.c
--- openssl-3.5.5/crypto/o_str.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/o_str.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2003-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2003-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -296,6 +296,11 @@
     int has_sep = (sep != CH_ZERO);
     size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2;
 
+    if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
+        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+        return 0;
+    }
+
     if (len == 0)
         ++len;
     if (strlength != NULL)
@@ -339,7 +344,13 @@
     if (buflen == 0)
         return OPENSSL_zalloc(1);
 
-    tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
+    if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
+        || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
+        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
+        return NULL;
+    }
+
+    tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
     if ((tmp = OPENSSL_malloc(tmp_n)) == NULL)
         return NULL;
 
diff -Nru openssl-3.5.5/crypto/param_build.c openssl-3.5.6/crypto/param_build.c
--- openssl-3.5.5/crypto/param_build.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/param_build.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -121,12 +121,22 @@
 
 int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key,
     unsigned int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -134,12 +144,22 @@
 int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key,
     long int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key,
     unsigned long int num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -147,12 +167,22 @@
 int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key,
     int32_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key,
     uint32_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -160,12 +190,22 @@
 int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key,
     int64_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER);
 }
 
 int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key,
     uint64_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -173,6 +213,11 @@
 int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key,
     size_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_UNSIGNED_INTEGER);
 }
@@ -180,6 +225,11 @@
 int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key,
     time_t num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num),
         OSSL_PARAM_INTEGER);
 }
@@ -187,6 +237,11 @@
 int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key,
     double num)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL);
 }
 
@@ -196,6 +251,11 @@
     int n, secure = 0;
     OSSL_PARAM_BLD_DEF *pd;
 
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER
             || type == OSSL_PARAM_INTEGER))
         return 0;
@@ -233,6 +293,11 @@
 int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key,
     const BIGNUM *bn)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bn != NULL && BN_is_negative(bn))
         return push_BN(bld, key, bn, BN_num_bytes(bn) + 1,
             OSSL_PARAM_INTEGER);
@@ -243,6 +308,11 @@
 int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key,
     const BIGNUM *bn, size_t sz)
 {
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bn != NULL && BN_is_negative(bn))
         return push_BN(bld, key, bn, BN_num_bytes(bn),
             OSSL_PARAM_INTEGER);
@@ -255,6 +325,11 @@
     OSSL_PARAM_BLD_DEF *pd;
     int secure;
 
+    if (bld == NULL || key == NULL || buf == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bsize == 0)
         bsize = strlen(buf);
     secure = CRYPTO_secure_allocated(buf);
@@ -270,6 +345,11 @@
 {
     OSSL_PARAM_BLD_DEF *pd;
 
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     if (bsize == 0)
         bsize = strlen(buf);
     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0);
@@ -285,6 +365,11 @@
     OSSL_PARAM_BLD_DEF *pd;
     int secure;
 
+    if (bld == NULL || key == NULL || buf == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     secure = CRYPTO_secure_allocated(buf);
     pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure);
     if (pd == NULL)
@@ -298,6 +383,11 @@
 {
     OSSL_PARAM_BLD_DEF *pd;
 
+    if (bld == NULL || key == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
     pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0);
     if (pd == NULL)
         return 0;
@@ -362,10 +452,18 @@
 {
     OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL;
     OSSL_PARAM *params, *last;
-    const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
-    const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
-    const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
-    const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
+    int num;
+    size_t p_blks, total, ss;
+
+    if (bld == NULL) {
+        ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
+
+    num = sk_OSSL_PARAM_BLD_DEF_num(bld->params);
+    p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params));
+    total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks);
+    ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks;
 
     if (ss > 0) {
         s = OPENSSL_secure_malloc(ss);
diff -Nru openssl-3.5.5/crypto/perlasm/x86_64-xlate.pl openssl-3.5.6/crypto/perlasm/x86_64-xlate.pl
--- openssl-3.5.5/crypto/perlasm/x86_64-xlate.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/perlasm/x86_64-xlate.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -663,8 +663,7 @@
 	);
 
     # Following constants are defined in x86_64 ABI supplement, for
-    # example available at https://www.uclibc.org/docs/psABI-x86_64.pdf,
-    # see section 3.7 "Stack Unwind Algorithm".
+    # example available at https://gitlab.com/x86-psABIs/x86-64-ABI.
     my %DW_reg_idx = (
 	"%rax"=>0,  "%rdx"=>1,  "%rcx"=>2,  "%rbx"=>3,
 	"%rsi"=>4,  "%rdi"=>5,  "%rbp"=>6,  "%rsp"=>7,
diff -Nru openssl-3.5.5/crypto/pkcs12/p12_mutl.c openssl-3.5.6/crypto/pkcs12/p12_mutl.c
--- openssl-3.5.5/crypto/pkcs12/p12_mutl.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/pkcs12/p12_mutl.c	2026-04-07 12:26:30.000000000 +0000
@@ -519,6 +519,8 @@
     X509_ALGOR_free(param->messageAuthScheme);
     param->keyDerivationFunc = alg;
     param->messageAuthScheme = hmac_alg;
+    alg = NULL;
+    hmac_alg = NULL;
 
     X509_SIG_getm(p12->mac->dinfo, &macalg, &macoct);
     if (!ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(PBMAC1PARAM), param, &macalg->parameter))
@@ -540,6 +542,8 @@
     ret = 1;
 
 err:
+    X509_ALGOR_free(alg);
+    X509_ALGOR_free(hmac_alg);
     PBMAC1PARAM_free(param);
     OPENSSL_free(known_salt);
     return ret;
diff -Nru openssl-3.5.5/crypto/pkcs12/p12_utl.c openssl-3.5.6/crypto/pkcs12/p12_utl.c
--- openssl-3.5.5/crypto/pkcs12/p12_utl.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/pkcs12/p12_utl.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -175,7 +175,7 @@
         utf32chr += 0x10000;
     }
 
-    return UTF8_putc((unsigned char *)str, len > 4 ? 4 : len, utf32chr);
+    return UTF8_putc((unsigned char *)str, 4, utf32chr);
 }
 
 char *OPENSSL_uni2utf8(const unsigned char *uni, int unilen)
diff -Nru openssl-3.5.5/crypto/pkcs7/pk7_doit.c openssl-3.5.6/crypto/pkcs7/pk7_doit.c
--- openssl-3.5.5/crypto/pkcs7/pk7_doit.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/pkcs7/pk7_doit.c	2026-04-07 12:26:30.000000000 +0000
@@ -831,6 +831,10 @@
         break;
     case NID_pkcs7_signed:
         si_sk = p7->d.sign->signer_info;
+        if (p7->d.sign->contents == NULL) {
+            ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+            goto err;
+        }
         os = PKCS7_get_octet_string(p7->d.sign->contents);
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.sign->contents) && p7->detached) {
@@ -841,6 +845,10 @@
         break;
 
     case NID_pkcs7_digest:
+        if (p7->d.digest->contents == NULL) {
+            ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+            goto err;
+        }
         os = PKCS7_get_octet_string(p7->d.digest->contents);
         /* If detached data then the content is excluded */
         if (PKCS7_type_is_data(p7->d.digest->contents) && p7->detached) {
diff -Nru openssl-3.5.5/crypto/pkcs7/pk7_lib.c openssl-3.5.6/crypto/pkcs7/pk7_lib.c
--- openssl-3.5.5/crypto/pkcs7/pk7_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/pkcs7/pk7_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -48,7 +48,8 @@
         break;
     case PKCS7_OP_GET_DETACHED_SIGNATURE:
         if (nid == NID_pkcs7_signed) {
-            if (p7->d.sign == NULL || p7->d.sign->contents->d.ptr == NULL)
+            if (p7->d.sign == NULL || p7->d.sign->contents == NULL
+                || p7->d.sign->contents->d.ptr == NULL)
                 ret = 1;
             else
                 ret = 0;
@@ -742,6 +743,10 @@
         break;
 
     case NID_pkcs7_signed:
+        if (p7->d.sign == NULL || p7->d.sign->contents == NULL) {
+            ERR_raise(ERR_LIB_PKCS7, PKCS7_R_NO_CONTENT);
+            break;
+        }
         os = p7->d.sign->contents->d.data;
         break;
 
diff -Nru openssl-3.5.5/crypto/punycode.c openssl-3.5.6/crypto/punycode.c
--- openssl-3.5.5/crypto/punycode.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/punycode.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -268,7 +268,7 @@
         return -1;
 
     while (1) {
-        char *tmpptr = strchr(inptr, '.');
+        const char *tmpptr = strchr(inptr, '.');
         size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
 
         if (!HAS_PREFIX(inptr, "xn--")) {
diff -Nru openssl-3.5.5/crypto/rand/rand_egd.c openssl-3.5.6/crypto/rand/rand_egd.c
--- openssl-3.5.5/crypto/rand/rand_egd.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/rand/rand_egd.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -108,10 +108,13 @@
 {
     FILE *fp = NULL;
     struct sockaddr_un addr;
-    int mybuffer, ret = -1, i, numbytes, fd;
+    int mybuffer, ret = -1, i, numbytes, fd = -1;
     unsigned char tempbuf[255];
+#if defined(OPENSSL_SYS_TANDEM)
+    int hpns_connect_attempt = 0;
+#endif
 
-    if (bytes > (int)sizeof(tempbuf))
+    if (bytes <= 0 || bytes > (int)sizeof(tempbuf))
         return -1;
 
     /* Make socket. */
@@ -126,9 +129,8 @@
 #else
     fd = socket(AF_UNIX, SOCK_STREAM, 0);
 #endif
-    if (fd == -1 || (fp = fdopen(fd, "r+")) == NULL)
+    if (fd == -1)
         return -1;
-    setbuf(fp, NULL);
 
     /* Try to connect */
     for (;;) {
@@ -171,6 +173,14 @@
         }
     }
 
+    /* Create stream only after a successful connect to avoid stale FILE* on fd swap. */
+    fp = fdopen(fd, "r+");
+    if (fp == NULL) {
+        close(fd);
+        return -1;
+    }
+    setbuf(fp, NULL);
+
     /* Make request, see how many bytes we can get back. */
     tempbuf[0] = 1;
     tempbuf[1] = bytes;
@@ -180,6 +190,9 @@
         goto err;
     numbytes = tempbuf[0];
 
+    if (numbytes <= 0 || numbytes > bytes || numbytes > (int)sizeof(tempbuf))
+        goto err;
+
     /* Which buffer are we using? */
     mybuffer = buf == NULL;
     if (mybuffer)
@@ -196,6 +209,8 @@
 err:
     if (fp != NULL)
         fclose(fp);
+    else if (fd != -1)
+        close(fd);
     return ret;
 }
 
diff -Nru openssl-3.5.5/crypto/rc2/rc2cfb64.c openssl-3.5.6/crypto/rc2/rc2cfb64.c
--- openssl-3.5.5/crypto/rc2/rc2cfb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/rc2/rc2cfb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
     int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff -Nru openssl-3.5.5/crypto/rc2/rc2ofb64.c openssl-3.5.6/crypto/rc2/rc2ofb64.c
--- openssl-3.5.5/crypto/rc2/rc2ofb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/rc2/rc2ofb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@
     int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff -Nru openssl-3.5.5/crypto/rc5/rc5cfb64.c openssl-3.5.6/crypto/rc5/rc5cfb64.c
--- openssl-3.5.5/crypto/rc5/rc5cfb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/rc5/rc5cfb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
     unsigned char *ivec, int *num, int encrypt)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned long ti[2];
     unsigned char *iv, c, cc;
diff -Nru openssl-3.5.5/crypto/rc5/rc5ofb64.c openssl-3.5.6/crypto/rc5/rc5ofb64.c
--- openssl-3.5.5/crypto/rc5/rc5ofb64.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/rc5/rc5ofb64.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,7 +26,7 @@
     unsigned char *ivec, int *num)
 {
     register unsigned long v0, v1, t;
-    register int n = *num;
+    register int n = *num & 0x07;
     register long l = length;
     unsigned char d[8];
     register char *dp;
diff -Nru openssl-3.5.5/crypto/riscvcap.c openssl-3.5.6/crypto/riscvcap.c
--- openssl-3.5.5/crypto/riscvcap.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/riscvcap.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -26,9 +26,6 @@
 
 extern size_t riscv_vlen_asm(void);
 
-static void parse_env(const char *envstr);
-static void strtoupper(char *str);
-
 static size_t vlen = 0;
 
 #ifdef OSSL_RISCV_HWPROBE
@@ -50,10 +47,15 @@
     return 0;
 }
 
-static void strtoupper(char *str)
+static void strtoupper(const char *str, char *dst, size_t dstlen)
 {
-    for (char *x = str; *x; ++x)
-        *x = toupper((unsigned char)*x);
+    for (size_t i = 0; i < dstlen; i++) {
+        if (i == dstlen - 1 || str[i] == '\0') {
+            dst[i] = '\0';
+            break;
+        }
+        dst[i] = toupper((unsigned char)str[i]);
+    }
 }
 
 /* parse_env() parses a RISC-V architecture string. An example of such a string
@@ -68,15 +70,24 @@
     char buf[BUFLEN];
 
     /* Convert env str to all uppercase */
-    OPENSSL_strlcpy(envstrupper, envstr, sizeof(envstrupper));
-    strtoupper(envstrupper);
+    strtoupper(envstr, envstrupper, sizeof(envstrupper));
 
     for (size_t i = 0; i < kRISCVNumCaps; ++i) {
+        size_t len = strlen(RISCV_capabilities[i].name);
         /* Prefix capability with underscore in preparation for search */
-        BIO_snprintf(buf, BUFLEN, "_%s", RISCV_capabilities[i].name);
-        if (strstr(envstrupper, buf) != NULL) {
-            /* Match, set relevant bit in OPENSSL_riscvcap_P[] */
-            OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |= (1 << RISCV_capabilities[i].bit_offset);
+        /*
+         * Avoid using higher level library functions which may require
+         * library initialization (such as BIO_snprintf) as this may be called
+         * in a constructor before library initialization
+         */
+        if (len < BUFLEN - 1) {
+            buf[0] = '_';
+            memcpy(buf + 1, RISCV_capabilities[i].name, len);
+            buf[len + 1] = '\0';
+            if (strstr(envstrupper, buf) != NULL) {
+                /* Match, set relevant bit in OPENSSL_riscvcap_P[] */
+                OPENSSL_riscvcap_P[RISCV_capabilities[i].index] |= (1 << RISCV_capabilities[i].bit_offset);
+            }
         }
     }
 }
diff -Nru openssl-3.5.5/crypto/rsa/rsa_backend.c openssl-3.5.6/crypto/rsa/rsa_backend.c
--- openssl-3.5.5/crypto/rsa/rsa_backend.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/rsa/rsa_backend.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -246,6 +246,8 @@
     BN_free(n);
     BN_free(e);
     BN_free(d);
+    BN_clear_free(p);
+    BN_clear_free(q);
     sk_BIGNUM_pop_free(factors, BN_clear_free);
     sk_BIGNUM_pop_free(exps, BN_clear_free);
     sk_BIGNUM_pop_free(coeffs, BN_clear_free);
diff -Nru openssl-3.5.5/crypto/sha/asm/keccak1600-s390x.pl openssl-3.5.6/crypto/sha/asm/keccak1600-s390x.pl
--- openssl-3.5.5/crypto/sha/asm/keccak1600-s390x.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/sha/asm/keccak1600-s390x.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #!/usr/bin/env perl
-# Copyright 2017-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -67,6 +67,7 @@
 
 $code.=<<___;
 .text
+.machine	"z10"
 
 .type	__KeccakF1600,\@function
 .align	32
diff -Nru openssl-3.5.5/crypto/slh_dsa/slh_dsa.c openssl-3.5.6/crypto/slh_dsa/slh_dsa.c
--- openssl-3.5.5/crypto/slh_dsa/slh_dsa.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/slh_dsa/slh_dsa.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -119,11 +119,11 @@
         /* Generate ht signature and append to the SLH-DSA signature */
         && ossl_slh_ht_sign(hctx, pk_fors, sk_seed, pk_seed, tree_id, leaf_id,
             wpkt);
-    *sig_len = sig_len_expected;
-    ret = 1;
 err:
     if (!WPACKET_finish(wpkt))
         ret = 0;
+    if (ret)
+        *sig_len = sig_len_expected;
     return ret;
 }
 
@@ -232,6 +232,7 @@
     const uint8_t *ctx, size_t ctx_len, int encode,
     uint8_t *tmp, size_t tmp_len, size_t *out_len)
 {
+    WPACKET pkt;
     uint8_t *encoded = NULL;
     size_t encoded_len;
 
@@ -240,11 +241,14 @@
         *out_len = msg_len;
         return (uint8_t *)msg;
     }
+
     if (ctx_len > SLH_DSA_MAX_CONTEXT_STRING_LEN)
         return NULL;
 
     /* Pure encoding */
     encoded_len = 1 + 1 + ctx_len + msg_len;
+    if (encoded_len < msg_len) /* Check for overflow */
+        return NULL;
     *out_len = encoded_len;
     if (encoded_len <= tmp_len) {
         encoded = tmp;
@@ -253,10 +257,17 @@
         if (encoded == NULL)
             return NULL;
     }
-    encoded[0] = 0;
-    encoded[1] = (uint8_t)ctx_len;
-    memcpy(&encoded[2], ctx, ctx_len);
-    memcpy(&encoded[2 + ctx_len], msg, msg_len);
+    if (!WPACKET_init_static_len(&pkt, encoded, encoded_len, 0)
+        || !WPACKET_put_bytes_u8(&pkt, 0)
+        || !WPACKET_put_bytes_u8(&pkt, (uint8_t)ctx_len)
+        || !WPACKET_memcpy(&pkt, ctx, ctx_len)
+        || !WPACKET_memcpy(&pkt, msg, msg_len)
+        || !WPACKET_finish(&pkt)) {
+        if (encoded != tmp)
+            OPENSSL_free(encoded);
+        encoded = NULL;
+        WPACKET_cleanup(&pkt);
+    }
     return encoded;
 }
 
diff -Nru openssl-3.5.5/crypto/sm4/asm/vpsm4_ex-armv8.pl openssl-3.5.6/crypto/sm4/asm/vpsm4_ex-armv8.pl
--- openssl-3.5.5/crypto/sm4/asm/vpsm4_ex-armv8.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/sm4/asm/vpsm4_ex-armv8.pl	2026-04-07 12:26:30.000000000 +0000
@@ -476,12 +476,13 @@
 
 $code.=<<___;
 	adrp $xtmp2, .Lsbox_magic
-	ldr $MaskQ, [$xtmp2, #:lo12:.Lsbox_magic]
-	ldr $TAHMatQ, [$xtmp2, #:lo12:.Lsbox_magic+16]
-	ldr $TALMatQ, [$xtmp2, #:lo12:.Lsbox_magic+32]
-	ldr $ATAHMatQ, [$xtmp2, #:lo12:.Lsbox_magic+48]
-	ldr $ATALMatQ, [$xtmp2, #:lo12:.Lsbox_magic+64]
-	ldr $ANDMaskQ, [$xtmp2, #:lo12:.Lsbox_magic+80]
+	add $xtmp2, $xtmp2, #:lo12:.Lsbox_magic
+	ldr $MaskQ, [$xtmp2]
+	ldr $TAHMatQ, [$xtmp2, 16]
+	ldr $TALMatQ, [$xtmp2, 32]
+	ldr $ATAHMatQ, [$xtmp2, 48]
+	ldr $ATALMatQ, [$xtmp2, 64]
+	ldr $ANDMaskQ, [$xtmp2, 80]
 ___
 }
 
diff -Nru openssl-3.5.5/crypto/store/store_lib.c openssl-3.5.6/crypto/store/store_lib.c
--- openssl-3.5.5/crypto/store/store_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/store/store_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -498,6 +498,10 @@
     int res = 0;
     struct ossl_passphrase_data_st pwdata = { 0 };
 
+    if (uri == NULL) {
+        ERR_raise(ERR_LIB_OSSL_STORE, ERR_R_PASSED_NULL_PARAMETER);
+        return 0;
+    }
     OPENSSL_strlcpy(scheme, uri, sizeof(scheme));
     if ((p = strchr(scheme, ':')) != NULL)
         *p++ = '\0';
diff -Nru openssl-3.5.5/crypto/threads_none.c openssl-3.5.6/crypto/threads_none.c
--- openssl-3.5.5/crypto/threads_none.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/threads_none.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -217,7 +217,7 @@
 
 CRYPTO_THREAD_ID CRYPTO_THREAD_get_current_id(void)
 {
-    return 0;
+    return 1;
 }
 
 int CRYPTO_THREAD_compare_id(CRYPTO_THREAD_ID a, CRYPTO_THREAD_ID b)
diff -Nru openssl-3.5.5/crypto/threads_pthread.c openssl-3.5.6/crypto/threads_pthread.c
--- openssl-3.5.5/crypto/threads_pthread.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/threads_pthread.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -534,6 +534,9 @@
 CRYPTO_RCU_LOCK *ossl_rcu_lock_new(int num_writers, OSSL_LIB_CTX *ctx)
 {
     struct rcu_lock_st *new;
+    pthread_mutex_t *mutexes[3] = { NULL };
+    pthread_cond_t *conds[2] = { NULL };
+    int i;
 
     /*
      * We need a minimum of 2 qp's
@@ -550,19 +553,40 @@
         return NULL;
 
     new->ctx = ctx;
-    pthread_mutex_init(&new->write_lock, NULL);
-    pthread_mutex_init(&new->prior_lock, NULL);
-    pthread_mutex_init(&new->alloc_lock, NULL);
-    pthread_cond_init(&new->prior_signal, NULL);
-    pthread_cond_init(&new->alloc_signal, NULL);
-
+    i = 0;
+    mutexes[i] = pthread_mutex_init(&new->write_lock, NULL) == 0 ? &new->write_lock : NULL;
+    if (mutexes[i++] == NULL)
+        goto err;
+    mutexes[i] = pthread_mutex_init(&new->prior_lock, NULL) == 0 ? &new->prior_lock : NULL;
+    if (mutexes[i++] == NULL)
+        goto err;
+    mutexes[i] = pthread_mutex_init(&new->alloc_lock, NULL) == 0 ? &new->alloc_lock : NULL;
+    if (mutexes[i++] == NULL)
+        goto err;
+    conds[i - 3] = pthread_cond_init(&new->prior_signal, NULL) == 0 ? &new->prior_signal : NULL;
+    if (conds[i - 3] == NULL)
+        goto err;
+    i++;
+    conds[i - 3] = pthread_cond_init(&new->alloc_signal, NULL) == 0 ? &new->alloc_signal : NULL;
+    if (conds[i - 3] == NULL)
+        goto err;
+    i++;
     new->qp_group = allocate_new_qp_group(new, num_writers);
-    if (new->qp_group == NULL) {
-        OPENSSL_free(new);
-        new = NULL;
-    }
+    if (new->qp_group == NULL)
+        goto err;
 
     return new;
+
+err:
+    for (i = 0; i < 3; i++)
+        if (mutexes[i] != NULL)
+            pthread_mutex_destroy(mutexes[i]);
+    for (i = 0; i < 2; i++)
+        if (conds[i] != NULL)
+            pthread_cond_destroy(conds[i]);
+    OPENSSL_free(new->qp_group);
+    OPENSSL_free(new);
+    return NULL;
 }
 
 void ossl_rcu_lock_free(CRYPTO_RCU_LOCK *lock)
@@ -576,6 +600,17 @@
     ossl_synchronize_rcu(rlock);
 
     OPENSSL_free(rlock->qp_group);
+    /*
+     * Some targets (BSD) allocate heap when initializing
+     * a mutex or condition, to prevent leaks, those need
+     * to be destroyed here
+     */
+    pthread_mutex_destroy(&rlock->write_lock);
+    pthread_mutex_destroy(&rlock->prior_lock);
+    pthread_mutex_destroy(&rlock->alloc_lock);
+    pthread_cond_destroy(&rlock->prior_signal);
+    pthread_cond_destroy(&rlock->alloc_signal);
+
     /* There should only be a single qp left now */
     OPENSSL_free(rlock);
 }
diff -Nru openssl-3.5.5/crypto/threads_win.c openssl-3.5.6/crypto/threads_win.c
--- openssl-3.5.5/crypto/threads_win.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/threads_win.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -50,7 +50,7 @@
  * atomically updated
  */
 struct rcu_qp {
-    volatile uint64_t users;
+    uint64_t users;
 };
 
 struct thread_qp {
diff -Nru openssl-3.5.5/crypto/ts/ts_asn1.c openssl-3.5.6/crypto/ts/ts_asn1.c
--- openssl-3.5.5/crypto/ts/ts_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/ts/ts_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -17,7 +17,7 @@
     ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
 } static_ASN1_SEQUENCE_END(TS_MSG_IMPRINT)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
+IMPLEMENT_ASN1_FUNCTIONS(TS_MSG_IMPRINT)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_MSG_IMPRINT)
 TS_MSG_IMPRINT *d2i_TS_MSG_IMPRINT_bio(BIO *bp, TS_MSG_IMPRINT **a)
 {
@@ -51,7 +51,7 @@
     ASN1_IMP_SEQUENCE_OF_OPT(TS_REQ, extensions, X509_EXTENSION, 0)
 } static_ASN1_SEQUENCE_END(TS_REQ)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
+IMPLEMENT_ASN1_FUNCTIONS(TS_REQ)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_REQ)
 TS_REQ *d2i_TS_REQ_bio(BIO *bp, TS_REQ **a)
 {
@@ -80,7 +80,7 @@
     ASN1_IMP_OPT(TS_ACCURACY, micros, ASN1_INTEGER, 1)
 } static_ASN1_SEQUENCE_END(TS_ACCURACY)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
+IMPLEMENT_ASN1_FUNCTIONS(TS_ACCURACY)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_ACCURACY)
 
 ASN1_SEQUENCE(TS_TST_INFO) = {
@@ -96,7 +96,7 @@
     ASN1_IMP_SEQUENCE_OF_OPT(TS_TST_INFO, extensions, X509_EXTENSION, 1)
 } static_ASN1_SEQUENCE_END(TS_TST_INFO)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_TST_INFO)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_TST_INFO)
 TS_TST_INFO *d2i_TS_TST_INFO_bio(BIO *bp, TS_TST_INFO **a)
 {
@@ -127,7 +127,7 @@
     ASN1_OPT(TS_STATUS_INFO, failure_info, ASN1_BIT_STRING)
 } static_ASN1_SEQUENCE_END(TS_STATUS_INFO)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(TS_STATUS_INFO)
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_STATUS_INFO)
 
 static int ts_resp_set_tst_info(TS_RESP *a)
@@ -175,7 +175,7 @@
     ASN1_OPT(TS_RESP, token, PKCS7),
 } static_ASN1_SEQUENCE_END_cb(TS_RESP, TS_RESP)
 
-    IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
+IMPLEMENT_ASN1_FUNCTIONS(TS_RESP)
 
 IMPLEMENT_ASN1_DUP_FUNCTION(TS_RESP)
 
diff -Nru openssl-3.5.5/crypto/x509/pcy_tree.c openssl-3.5.6/crypto/x509/pcy_tree.c
--- openssl-3.5.5/crypto/x509/pcy_tree.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/pcy_tree.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2004-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2004-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -680,8 +680,10 @@
     } else {
         *pexplicit_policy = 1;
         /* Tree empty and requireExplicit True: Error */
-        if (init_ret & X509_PCY_TREE_EMPTY)
+        if (init_ret & X509_PCY_TREE_EMPTY) {
+            X509_policy_tree_free(tree);
             return X509_PCY_TREE_FAILURE;
+        }
     }
 
     ret = tree_evaluate(tree);
@@ -707,13 +709,15 @@
     if (!ret)
         goto error;
 
-    *ptree = tree;
-
     if (init_ret & X509_PCY_TREE_EXPLICIT) {
         nodes = X509_policy_tree_get0_user_policies(tree);
-        if (sk_X509_POLICY_NODE_num(nodes) <= 0)
+        if (sk_X509_POLICY_NODE_num(nodes) <= 0) {
+            X509_policy_tree_free(tree);
             return X509_PCY_TREE_FAILURE;
+        }
     }
+
+    *ptree = tree;
     return X509_PCY_TREE_VALID;
 
 error:
diff -Nru openssl-3.5.5/crypto/x509/t_acert.c openssl-3.5.6/crypto/x509/t_acert.c
--- openssl-3.5.5/crypto/x509/t_acert.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/t_acert.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -62,8 +62,10 @@
         case V_ASN1_SEQUENCE:
             if (BIO_puts(bp, "\n") <= 0)
                 goto err;
-            ASN1_parse_dump(bp, at->value.sequence->data,
-                at->value.sequence->length, i, 1);
+            if (ASN1_parse_dump(bp, at->value.sequence->data,
+                    at->value.sequence->length, i, 1)
+                <= 0)
+                goto err;
             break;
         default:
             if (BIO_printf(bp, "unable to print attribute of type 0x%X\n",
diff -Nru openssl-3.5.5/crypto/x509/v3_ac_tgt.c openssl-3.5.6/crypto/x509/v3_ac_tgt.c
--- openssl-3.5.5/crypto/x509/v3_ac_tgt.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/v3_ac_tgt.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,7 +41,7 @@
     ASN1_OPT(OSSL_ISSUER_SERIAL, issuerUID, ASN1_BIT_STRING),
 } static_ASN1_SEQUENCE_END(OSSL_ISSUER_SERIAL)
 
-    ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO)
+ASN1_SEQUENCE(OSSL_OBJECT_DIGEST_INFO)
     = {
           ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, digestedObjectType, ASN1_ENUMERATED),
           ASN1_OPT(OSSL_OBJECT_DIGEST_INFO, otherObjectTypeID, ASN1_OBJECT),
@@ -49,14 +49,14 @@
           ASN1_EMBED(OSSL_OBJECT_DIGEST_INFO, objectDigest, ASN1_BIT_STRING),
       } static_ASN1_SEQUENCE_END(OSSL_OBJECT_DIGEST_INFO)
 
-        ASN1_SEQUENCE(OSSL_TARGET_CERT)
+ASN1_SEQUENCE(OSSL_TARGET_CERT)
     = {
           ASN1_SIMPLE(OSSL_TARGET_CERT, targetCertificate, OSSL_ISSUER_SERIAL),
           ASN1_OPT(OSSL_TARGET_CERT, targetName, GENERAL_NAME),
           ASN1_OPT(OSSL_TARGET_CERT, certDigestInfo, OSSL_OBJECT_DIGEST_INFO),
       } static_ASN1_SEQUENCE_END(OSSL_TARGET_CERT)
 
-        ASN1_CHOICE(OSSL_TARGET)
+ASN1_CHOICE(OSSL_TARGET)
     = {
           ASN1_EXP(OSSL_TARGET, choice.targetName, GENERAL_NAME, 0),
           ASN1_EXP(OSSL_TARGET, choice.targetGroup, GENERAL_NAME, 1),
diff -Nru openssl-3.5.5/crypto/x509/v3_cpols.c openssl-3.5.6/crypto/x509/v3_cpols.c
--- openssl-3.5.5/crypto/x509/v3_cpols.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/v3_cpols.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -256,7 +256,7 @@
 
 static int displaytext_get_tag_len(const char *tagstr)
 {
-    char *colon = strchr(tagstr, ':');
+    const char *colon = strchr(tagstr, ':');
 
     return (colon == NULL) ? -1 : colon - tagstr;
 }
diff -Nru openssl-3.5.5/crypto/x509/v3_prn.c openssl-3.5.6/crypto/x509/v3_prn.c
--- openssl-3.5.5/crypto/x509/v3_prn.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/v3_prn.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -191,9 +191,9 @@
         return 1;
 
     case X509V3_EXT_PARSE_UNKNOWN:
-        return ASN1_parse_dump(out, ext, extlen, indent, -1);
+        return ASN1_parse_dump(out, ext, extlen, indent, -1) > 0;
     case X509V3_EXT_DUMP_UNKNOWN:
-        return BIO_dump_indent(out, (const char *)ext, extlen, indent);
+        return BIO_dump_indent(out, (const char *)ext, extlen, indent) > 0;
 
     default:
         return 1;
diff -Nru openssl-3.5.5/crypto/x509/v3_san.c openssl-3.5.6/crypto/x509/v3_san.c
--- openssl-3.5.5/crypto/x509/v3_san.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/v3_san.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -630,7 +630,8 @@
 
 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
 {
-    char *objtmp = NULL, *p;
+    char *objtmp = NULL;
+    const char *p;
     int objlen;
 
     if ((p = strchr(value, ';')) == NULL)
diff -Nru openssl-3.5.5/crypto/x509/v3_timespec.c openssl-3.5.6/crypto/x509/v3_timespec.c
--- openssl-3.5.5/crypto/x509/v3_timespec.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/v3_timespec.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -167,7 +167,7 @@
         return 0;
     if (dt->minute && !ASN1_INTEGER_get_int64(&m, dt->minute))
         return 0;
-    if (dt->minute && !ASN1_INTEGER_get_int64(&s, dt->second))
+    if (dt->second && !ASN1_INTEGER_get_int64(&s, dt->second))
         return 0;
     return BIO_printf(out, "%02lld:%02lld:%02lld",
                (long long int)h, (long long int)m, (long long int)s)
diff -Nru openssl-3.5.5/crypto/x509/v3_utl.c openssl-3.5.6/crypto/x509/v3_utl.c
--- openssl-3.5.5/crypto/x509/v3_utl.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/v3_utl.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1120,15 +1120,16 @@
     ASN1_OCTET_STRING *ret = NULL;
     unsigned char ipout[32];
     char *iptmp = NULL, *p;
+    const char *slash;
     int iplen1, iplen2;
 
-    p = strchr(ipasc, '/');
-    if (p == NULL)
+    slash = strchr(ipasc, '/');
+    if (slash == NULL)
         return NULL;
     iptmp = OPENSSL_strdup(ipasc);
     if (iptmp == NULL)
         return NULL;
-    p = iptmp + (p - ipasc);
+    p = iptmp + (slash - ipasc);
     *p++ = 0;
 
     iplen1 = ossl_a2i_ipadd(ipout, iptmp);
diff -Nru openssl-3.5.5/crypto/x509/x509_vfy.c openssl-3.5.6/crypto/x509/x509_vfy.c
--- openssl-3.5.5/crypto/x509/x509_vfy.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/x509_vfy.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1123,6 +1123,7 @@
                 goto done;
         }
 
+        ctx->current_crl = NULL;
         X509_CRL_free(crl);
         X509_CRL_free(dcrl);
         crl = NULL;
@@ -1307,6 +1308,8 @@
     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
         return 0;
     /* Delta CRL number must exceed full CRL number */
+    if (delta->crl_number == NULL)
+        return 0;
     return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
 }
 
@@ -3015,7 +3018,7 @@
                     break;
                 }
 
-                OPENSSL_free(dane->mcert);
+                X509_free(dane->mcert);
                 dane->mcert = cert;
                 dane->mdpth = depth;
                 dane->mtlsa = t;
diff -Nru openssl-3.5.5/crypto/x509/x_pubkey.c openssl-3.5.6/crypto/x509/x_pubkey.c
--- openssl-3.5.5/crypto/x509/x_pubkey.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/crypto/x509/x_pubkey.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -65,8 +65,8 @@
     ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
 
-                                          X509_PUBKEY
-    * ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx, const char *propq)
+X509_PUBKEY
+*ossl_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx, const char *propq)
 {
     X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
 
diff -Nru openssl-3.5.5/debian/changelog openssl-3.5.6/debian/changelog
--- openssl-3.5.5/debian/changelog	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/changelog	2026-05-04 18:39:11.000000000 +0000
@@ -1,3 +1,9 @@
+openssl (3.5.6-1~deb13u1) trixie; urgency=medium
+
+  * Import 3.5.6
+
+ -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Mon, 04 May 2026 20:39:11 +0200
+
 openssl (3.5.5-1~deb13u2) trixie-security; urgency=medium
 
   * CVE-2026-2673 ("OpenSSL TLS 1.3 server may choose unexpected key agreement
@@ -10,6 +16,7 @@
   * CVE-2026-31789 ("Heap buffer overflow in hexadecimal conversion")
   * CVE-2026-31790 ("Incorrect failure handling in RSA KEM RSASVE
     encapsulation")
+  * CVE-2026-28388 ("NULL Pointer Dereference When Processing a Delta CRL")
 
  -- Sebastian Andrzej Siewior <sebastian@breakpoint.cc>  Fri, 03 Apr 2026 12:05:32 +0200
 
diff -Nru openssl-3.5.5/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch openssl-3.5.6/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch
--- openssl-3.5.5/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Add-test-for-CMS-decryption-with-RSA-keys.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,44 +0,0 @@
-From: Neil Horman <nhorman@openssl.org>
-Date: Sun, 29 Mar 2026 10:47:03 -0400
-Subject: Add test for CMS decryption with RSA keys
-
-Ensure we don't encounter a segfault when decrypting CMS messages with
-malformed EnvelopedData when using RSA-OAEP.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
----
- test/recipes/80-test_cms.t | 14 +++++++++++++-
- 1 file changed, 13 insertions(+), 1 deletion(-)
-
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 90aeb2959707..bbf3925ba98b 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -53,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
- 
- $no_rc2 = 1 if disabled("legacy");
- 
--plan tests => 33;
-+plan tests => 34;
- 
- ok(run(test(["pkcs7_test"])), "test pkcs7");
- 
-@@ -1391,6 +1391,18 @@ with({ exit_checker => sub { return shift == 4; } },
-         }
-     });
- 
-+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der");
-+my $smrsacert = catfile($smdir, "smrsa3.pem");
-+my $smrsakey = catfile($smdir, "smrsa3-key.pem");
-+
-+# Test case for CVE-2026-28390
-+with({ exit_checker => sub { return shift == 4; } },
-+    sub {
-+        ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform",
-+                   "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])),
-+           "Must not crash on malformed cms inputs with RSA key");
-+    });
-+
- # Test encrypt to three recipients, and decrypt using key-only;
- # i.e. do not follow the recommended practice of providing the
- # recipient cert in the decrypt op.
diff -Nru openssl-3.5.5/debian/patches/Added-test-for-CVE-2026-28388.patch openssl-3.5.6/debian/patches/Added-test-for-CVE-2026-28388.patch
--- openssl-3.5.5/debian/patches/Added-test-for-CVE-2026-28388.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Added-test-for-CVE-2026-28388.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,124 +0,0 @@
-From: Daniel Kubec <kubec@openssl.org>
-Date: Tue, 17 Mar 2026 11:14:56 +0100
-Subject: Added test for CVE-2026-28388
-
----
- test/certs/cve-2026-28388-ca.pem   | 19 +++++++++++++++++++
- test/certs/cve-2026-28388-crls.pem | 22 ++++++++++++++++++++++
- test/certs/cve-2026-28388-leaf.pem | 19 +++++++++++++++++++
- test/recipes/25-test_verify.t      | 14 +++++++++++++-
- 4 files changed, 73 insertions(+), 1 deletion(-)
- create mode 100644 test/certs/cve-2026-28388-ca.pem
- create mode 100644 test/certs/cve-2026-28388-crls.pem
- create mode 100644 test/certs/cve-2026-28388-leaf.pem
-
-diff --git a/test/certs/cve-2026-28388-ca.pem b/test/certs/cve-2026-28388-ca.pem
-new file mode 100644
-index 000000000000..9e36d11c4b4b
---- /dev/null
-+++ b/test/certs/cve-2026-28388-ca.pem
-@@ -0,0 +1,19 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL
-+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw
-+ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-+DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp
-+hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO
-+FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF
-+pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f
-+1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW
-+nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt
-+UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi
-+4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B
-+AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q
-+xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC
-+ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu
-+d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh
-+ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud
-+cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA==
-+-----END CERTIFICATE-----
-diff --git a/test/certs/cve-2026-28388-crls.pem b/test/certs/cve-2026-28388-crls.pem
-new file mode 100644
-index 000000000000..46cbd7876dcd
---- /dev/null
-+++ b/test/certs/cve-2026-28388-crls.pem
-@@ -0,0 +1,22 @@
-+-----BEGIN X509 CRL-----
-+MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
-+MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV
-+tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl
-+3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF
-+Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l
-+pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M
-+klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO
-+6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf
-+OohWoSH8tqwrNFZkblAH
-+-----END X509 CRL-----
-+-----BEGIN X509 CRL-----
-+MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
-+MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV
-+tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
-+AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK
-+SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep
-+WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki
-+1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI
-+kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs
-+njcibOSKC9YWgNmZUy0QV5D8
-+-----END X509 CRL-----
-diff --git a/test/certs/cve-2026-28388-leaf.pem b/test/certs/cve-2026-28388-leaf.pem
-new file mode 100644
-index 000000000000..02b22997cdd8
---- /dev/null
-+++ b/test/certs/cve-2026-28388-leaf.pem
-@@ -0,0 +1,19 @@
-+-----BEGIN CERTIFICATE-----
-+MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
-+IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ
-+VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+
-+nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn
-+Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd
-+Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP
-+QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX
-+CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO
-+Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J
-+ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt
-+BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G
-+CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80
-+13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ
-+bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+
-+emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw
-+zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+
-+nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP
-+-----END CERTIFICATE-----
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 673c3d5f1772..fcb343b9ee3a 100644
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -30,7 +30,7 @@ sub verify {
-     run(app([@args]));
- }
- 
--plan tests => 203;
-+plan tests => 204;
- 
- # Canonical success
- ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
-@@ -594,6 +594,18 @@ ok(!verify("ee-cert-policies-bad", "", ["root-cert"], ["ca-pol-cert"],
-            "-explicit_policy"),
-    "Bad certificate policy");
- 
-+# CVE-2026-28388
-+my $cve_28388_stderr = "cve-2026-28388.err";
-+run(app(["openssl", "verify",
-+         "-attime", "1739527200",
-+         "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"),
-+         "-crl_check", "-use_deltas",
-+         "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"),
-+         srctop_file(@certspath, "cve-2026-28388-leaf.pem")],
-+         stderr => $cve_28388_stderr));
-+ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }),
-+   "CVE-2026-28388");
-+
- # CAstore option
- my $rootcertname = "root-cert";
- my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
diff -Nru openssl-3.5.5/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch openssl-3.5.6/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch
--- openssl-3.5.5/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,40 +0,0 @@
-From: Igor Ustinov <igus68@gmail.com>
-Date: Thu, 5 Mar 2026 15:47:34 +0100
-Subject: Avoid possible buffer overflow in buf2hex conversion
-
-Fixes CVE-2026-31789
----
- crypto/o_str.c | 13 ++++++++++++-
- 1 file changed, 12 insertions(+), 1 deletion(-)
-
-diff --git a/crypto/o_str.c b/crypto/o_str.c
-index 35540630be25..9b9e7751fdd9 100644
---- a/crypto/o_str.c
-+++ b/crypto/o_str.c
-@@ -296,6 +296,11 @@ static int buf2hexstr_sep(char *str, size_t str_n, size_t *strlength,
-     int has_sep = (sep != CH_ZERO);
-     size_t i, len = has_sep ? buflen * 3 : 1 + buflen * 2;
- 
-+    if (buflen > (has_sep ? SIZE_MAX / 3 : (SIZE_MAX - 1) / 2)) {
-+        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
-+        return 0;
-+    }
-+
-     if (len == 0)
-         ++len;
-     if (strlength != NULL)
-@@ -339,7 +344,13 @@ char *ossl_buf2hexstr_sep(const unsigned char *buf, long buflen, char sep)
-     if (buflen == 0)
-         return OPENSSL_zalloc(1);
- 
--    tmp_n = (sep != CH_ZERO) ? buflen * 3 : 1 + buflen * 2;
-+    if ((sep != CH_ZERO && (size_t)buflen > SIZE_MAX / 3)
-+        || (sep == CH_ZERO && (size_t)buflen > (SIZE_MAX - 1) / 2)) {
-+        ERR_raise(ERR_LIB_CRYPTO, CRYPTO_R_TOO_MANY_BYTES);
-+        return NULL;
-+    }
-+
-+    tmp_n = (sep != CH_ZERO) ? (size_t)buflen * 3 : 1 + (size_t)buflen * 2;
-     if ((tmp = OPENSSL_malloc(tmp_n)) == NULL)
-         return NULL;
- 
diff -Nru openssl-3.5.5/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch openssl-3.5.6/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
--- openssl-3.5.5/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch	2026-05-04 18:39:11.000000000 +0000
@@ -23,10 +23,10 @@
  2 files changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/Configurations/10-main.conf b/Configurations/10-main.conf
-index cba57b41273f..7fa3eeae412f 100644
+index 692eccbfa1dc..225b1ea7032f 100644
 --- a/Configurations/10-main.conf
 +++ b/Configurations/10-main.conf
-@@ -693,7 +693,7 @@ my %targets = (
+@@ -694,7 +694,7 @@ my %targets = (
          shared_target    => "linux-shared",
          shared_cflag     => "-fPIC",
          shared_ldflag    => sub { $disabled{pinshared} ? () : "-Wl,-znodelete" },
diff -Nru openssl-3.5.5/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch openssl-3.5.6/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch
--- openssl-3.5.5/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,23 +0,0 @@
-From: Daniel Kubec <kubec@openssl.org>
-Date: Tue, 17 Mar 2026 11:11:22 +0100
-Subject: Fix NULL Dereference When Delta CRL Lacks CRL Number Extension
-
-Fixes CVE-2026-28388
-Fixes https://github.com/openssl/srt/issues/77
----
- crypto/x509/x509_vfy.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index ca3ffc420473..e71d71e9caa6 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -1307,6 +1307,8 @@ static int check_delta_base(X509_CRL *delta, X509_CRL *base)
-     if (ASN1_INTEGER_cmp(delta->base_crl_number, base->crl_number) > 0)
-         return 0;
-     /* Delta CRL number must exceed full CRL number */
-+    if (delta->crl_number == NULL)
-+        return 0;
-     return ASN1_INTEGER_cmp(delta->crl_number, base->crl_number) > 0;
- }
- 
diff -Nru openssl-3.5.5/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch openssl-3.5.6/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch
--- openssl-3.5.5/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,100 +0,0 @@
-From: Neil Horman <nhorman@openssl.org>
-Date: Mon, 16 Mar 2026 13:49:07 -0400
-Subject: Fix NULL deref in [ec]dh_cms_set_shared_info
-
-Multiple independent reports indicated a SIGSEGV was possible in CMS
-processing when a crafted CMS EnvelopedData message using A Key
-Agreement Recipient Info field.  If the
-KeyEncryptionAlgorithmIdentifier omits the optional parameter field, the
-referenced functions above will attempt to dereference the
-alg->parameter data prior to checking if the parameter field is NULL.
-
-Confirmed to resolve the issues using the reproducers provided in the
-security reports.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
-
-Fixes CVE-2026-28389
----
- crypto/cms/cms_dh.c | 13 +++++++++----
- crypto/cms/cms_ec.c | 14 ++++++++++----
- 2 files changed, 19 insertions(+), 8 deletions(-)
-
-diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c
-index ab3453d1c7c1..424729523697 100644
---- a/crypto/cms/cms_dh.c
-+++ b/crypto/cms/cms_dh.c
-@@ -89,16 +89,21 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
-     int keylen, plen;
-     EVP_CIPHER *kekcipher = NULL;
-     EVP_CIPHER_CTX *kekctx;
-+    const ASN1_OBJECT *aoid;
-+    const void *parameter = NULL;
-+    int ptype = 0;
-     char name[OSSL_MAX_NAME_SIZE];
- 
-     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
-         goto err;
- 
-+    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
-+
-     /*
-      * For DH we only have one OID permissible. If ever any more get defined
-      * we will need something cleverer.
-      */
--    if (OBJ_obj2nid(alg->algorithm) != NID_id_smime_alg_ESDH) {
-+    if (OBJ_obj2nid(aoid) != NID_id_smime_alg_ESDH) {
-         ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
-         goto err;
-     }
-@@ -107,11 +112,11 @@ static int dh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
-         || EVP_PKEY_CTX_set_dh_kdf_md(pctx, EVP_sha1()) <= 0)
-         goto err;
- 
--    if (alg->parameter->type != V_ASN1_SEQUENCE)
-+    if (ptype != V_ASN1_SEQUENCE)
-         goto err;
- 
--    p = alg->parameter->value.sequence->data;
--    plen = alg->parameter->value.sequence->length;
-+    p = ASN1_STRING_get0_data(parameter);
-+    plen = ASN1_STRING_length(parameter);
-     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-     if (kekalg == NULL)
-         goto err;
-diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c
-index ff8adad61668..e60d0a786ec5 100644
---- a/crypto/cms/cms_ec.c
-+++ b/crypto/cms/cms_ec.c
-@@ -166,21 +166,27 @@ static int ecdh_cms_set_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri)
-     int plen, keylen;
-     EVP_CIPHER *kekcipher = NULL;
-     EVP_CIPHER_CTX *kekctx;
-+    const ASN1_OBJECT *aoid = NULL;
-+    int ptype = 0;
-+    const void *parameter = NULL;
-+
-     char name[OSSL_MAX_NAME_SIZE];
- 
-     if (!CMS_RecipientInfo_kari_get0_alg(ri, &alg, &ukm))
-         return 0;
- 
--    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(alg->algorithm))) {
-+    X509_ALGOR_get0(&aoid, &ptype, &parameter, alg);
-+
-+    if (!ecdh_cms_set_kdf_param(pctx, OBJ_obj2nid(aoid))) {
-         ERR_raise(ERR_LIB_CMS, CMS_R_KDF_PARAMETER_ERROR);
-         return 0;
-     }
- 
--    if (alg->parameter->type != V_ASN1_SEQUENCE)
-+    if (ptype != V_ASN1_SEQUENCE)
-         return 0;
- 
--    p = alg->parameter->value.sequence->data;
--    plen = alg->parameter->value.sequence->length;
-+    p = ASN1_STRING_get0_data(parameter);
-+    plen = ASN1_STRING_length(parameter);
-     kekalg = d2i_X509_ALGOR(NULL, &p, plen);
-     if (kekalg == NULL)
-         goto err;
diff -Nru openssl-3.5.5/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch openssl-3.5.6/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch
--- openssl-3.5.5/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Fix-NULL-deref-in-rsa_cms_decrypt.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,82 +0,0 @@
-From: Neil Horman <nhorman@openssl.org>
-Date: Wed, 1 Apr 2026 10:56:44 +0200
-Subject: Fix NULL deref in rsa_cms_decrypt
-
-Very simmilar to CVE-2026-28389, ensure that if we are missing
-parameters in RSA-OAEP SourceFunc in CMS KeyTransportRecipientInfo,
-we don't segfault when decrypting.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
-
-Fixes CVE-2026-28390
----
- crypto/cms/cms_rsa.c | 31 +++++++++++++++++++------------
- 1 file changed, 19 insertions(+), 12 deletions(-)
-
-diff --git a/crypto/cms/cms_rsa.c b/crypto/cms/cms_rsa.c
-index 6b65842cc14e..34c739a9825a 100644
---- a/crypto/cms/cms_rsa.c
-+++ b/crypto/cms/cms_rsa.c
-@@ -42,10 +42,13 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
-     X509_ALGOR *cmsalg;
-     int nid;
-     int rv = -1;
--    unsigned char *label = NULL;
-+    const unsigned char *label = NULL;
-     int labellen = 0;
-     const EVP_MD *mgf1md = NULL, *md = NULL;
-     RSA_OAEP_PARAMS *oaep;
-+    const ASN1_OBJECT *aoid;
-+    const void *parameter = NULL;
-+    int ptype = 0;
- 
-     pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri);
-     if (pkctx == NULL)
-@@ -75,21 +78,19 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
-         goto err;
- 
-     if (oaep->pSourceFunc != NULL) {
--        X509_ALGOR *plab = oaep->pSourceFunc;
-+        X509_ALGOR_get0(&aoid, &ptype, &parameter, oaep->pSourceFunc);
- 
--        if (OBJ_obj2nid(plab->algorithm) != NID_pSpecified) {
-+        if (OBJ_obj2nid(aoid) != NID_pSpecified) {
-             ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_LABEL_SOURCE);
-             goto err;
-         }
--        if (plab->parameter->type != V_ASN1_OCTET_STRING) {
-+        if (ptype != V_ASN1_OCTET_STRING) {
-             ERR_raise(ERR_LIB_CMS, CMS_R_INVALID_LABEL);
-             goto err;
-         }
- 
--        label = plab->parameter->value.octet_string->data;
--        /* Stop label being freed when OAEP parameters are freed */
--        plab->parameter->value.octet_string->data = NULL;
--        labellen = plab->parameter->value.octet_string->length;
-+        label = ASN1_STRING_get0_data(parameter);
-+        labellen = ASN1_STRING_length(parameter);
-     }
- 
-     if (EVP_PKEY_CTX_set_rsa_padding(pkctx, RSA_PKCS1_OAEP_PADDING) <= 0)
-@@ -98,10 +99,16 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
-         goto err;
-     if (EVP_PKEY_CTX_set_rsa_mgf1_md(pkctx, mgf1md) <= 0)
-         goto err;
--    if (label != NULL
--        && EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, label, labellen) <= 0) {
--        OPENSSL_free(label);
--        goto err;
-+    if (label != NULL) {
-+        unsigned char *dup_label = OPENSSL_memdup(label, labellen);
-+
-+        if (dup_label == NULL)
-+            goto err;
-+
-+        if (EVP_PKEY_CTX_set0_rsa_oaep_label(pkctx, dup_label, labellen) <= 0) {
-+            OPENSSL_free(dup_label);
-+            goto err;
-+        }
-     }
-     /* Carry on */
-     rv = 1;
diff -Nru openssl-3.5.5/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch openssl-3.5.6/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch
--- openssl-3.5.5/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Fix-group-tuple-handling-in-DEFAULT-expansion.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,469 +0,0 @@
-From: Viktor Dukhovni <openssl-users@dukhovni.org>
-Date: Tue, 17 Feb 2026 18:37:06 +1100
-Subject: Fix group tuple handling in DEFAULT expansion
-
-Also fine-tune docs and add tests.
-
-Fixes: #30109
-Fixes: CVE-2026-2673
-
-Reviewed-by: Matt Caswell <matt@openssl.foundation>
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-MergeDate: Fri Mar 13 12:44:06 2026
-(Merged from https://github.com/openssl/openssl/pull/30110)
----
- CHANGES.md                       |  10 ++++
- NEWS.md                          |   1 +
- doc/man3/SSL_CTX_set1_curves.pod | 123 +++++++++++++++++++++++++++------------
- ssl/t1_lib.c                     |  92 +++++++++++++++++------------
- test/tls13groupselection_test.c  |  37 ++++++++++--
- 5 files changed, 183 insertions(+), 80 deletions(-)
-
-diff --git a/CHANGES.md b/CHANGES.md
-index 1a65b72b2965..da430a6c6efb 100644
---- a/CHANGES.md
-+++ b/CHANGES.md
-@@ -28,6 +28,15 @@ OpenSSL Releases
- OpenSSL 3.5
- -----------
- 
-+ * Fixed loss of key agreement group tuple structure when the `DEFAULT` keyword
-+   is used in the server-side configuration of the key-agreement group list.
-+   This could result in accepting a less preferred than intended client
-+   keyshare.
-+
-+   ([CVE-2026-2673])
-+
-+   *Viktor Dukhovni*
-+
- ### Changes between 3.5.4 and 3.5.5 [27 Jan 2026]
- 
-  * Fixed Improper validation of PBMAC1 parameters in PKCS#12 MAC verification.
-@@ -21607,6 +21616,7 @@ ndif
- 
- <!-- Links -->
- 
-+[CVE-2026-2673]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-2673
- [CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
- [CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
- [CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-diff --git a/NEWS.md b/NEWS.md
-index f4ec14718d71..85e298ac8cb0 100644
---- a/NEWS.md
-+++ b/NEWS.md
-@@ -1988,6 +1988,7 @@ OpenSSL 0.9.x
-   * Support for various new platforms
- 
- <!-- Links -->
-+[CVE-2026-2673]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-2673
- [CVE-2026-22796]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22796
- [CVE-2026-22795]: https://www.openssl.org/news/vulnerabilities.html#CVE-2026-22795
- [CVE-2025-69421]: https://www.openssl.org/news/vulnerabilities.html#CVE-2025-69421
-diff --git a/doc/man3/SSL_CTX_set1_curves.pod b/doc/man3/SSL_CTX_set1_curves.pod
-index 017eefd3176a..472d3858315a 100755
---- a/doc/man3/SSL_CTX_set1_curves.pod
-+++ b/doc/man3/SSL_CTX_set1_curves.pod
-@@ -40,13 +40,13 @@ SSL_get1_curves, SSL_get_shared_curve, SSL_CTX_get0_implemented_groups
- 
- For all of the functions below that set the supported groups there must be at
- least one group in the list. A number of these functions identify groups via a
--unique integer NID value. However, support for some groups may be added by
--external providers. In this case there will be no NID assigned for the group.
-+unique integer B<NID> value. However, support for some groups may be added by
-+external providers. In this case there will be no B<NID> assigned for the group.
- When setting such groups applications should use the "list" form of these
- functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()).
- 
- SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
--groups in the array B<glist>. The array consist of all NIDs of supported groups.
-+groups in the array B<glist>. The array consist of all B<NIDs> of supported groups.
- The supported groups for B<TLSv1.3> include:
- B<NID_X9_62_prime256v1>,
- B<NID_secp384r1>,
-@@ -73,20 +73,27 @@ B<SSL_OP_CIPHER_SERVER_PREFERENCE> is set, the order of the elements in the
- array determines the selected group. Otherwise, the order is ignored and the
- client's order determines the selection.
- 
--For a TLS 1.3 server, the groups determine the selected group, but
--selection is more complex. A TLS 1.3 client sends both a group list as well as a
--predicted subset of groups. Choosing a group outside the predicted subset incurs
--an extra roundtrip. However, in some situations, the most preferred group may
--not be predicted. OpenSSL considers all supported groups in I<clist> to be comparable
--in security and prioritizes avoiding roundtrips above either client or server
--preference order. If an application uses an external provider to extend OpenSSL
--with, e.g., a post-quantum algorithm, this behavior may allow a network attacker
--to downgrade connections to a weaker algorithm. It is therefore recommended
--to use SSL_CTX_set1_groups_list() with the ability to specify group tuples.
-+For a TLS 1.3 server, the groups determine the selected group, but selection is
-+more complex.
-+A TLS 1.3 client sends both a group list and predicted keyshares for a subset
-+of groups.
-+A server choosing a group outside the client's predicted subset incurs an extra
-+roundtrip.
-+However, in some situations, the most preferred group may not be predicted.
-+
-+When groups are specified via SSL_CTX_set1_groups() as a list of B<NID>
-+values, OpenSSL considers all supported groups in I<clist> to be comparable in
-+security and prioritises avoiding roundtrips above either client or server
-+preference order.
-+If an application uses an external provider to extend OpenSSL with, e.g., a
-+post-quantum algorithm, this behavior may allow a network attacker to downgrade
-+connections to a weaker algorithm.
-+It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making
-+it possible to specify group tuples as described below.
- 
- SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to
- string I<list>. In contrast to SSL_CTX_set1_groups(), the names of the
--groups, rather than their NIDs, are used.
-+groups, rather than their B<NIDs>, are used.
- 
- The commands below list the available groups for TLS 1.2 and TLS 1.3,
- respectively:
-@@ -102,30 +109,72 @@ The preferred group names are those defined by
- L<IANA|https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>.
- 
- The I<list> can be used to define several group tuples of comparable security
--levels, and can specify which key shares should be sent by a client.
--The specified list elements can optionally be ignored, if not implemented
-+levels, and can specify which predicted key shares should be sent by a client.
-+Group tuples are used by OpenSSL TLS servers to decide whether to request a
-+stronger keyshare than those predicted by sending a Hello Retry Request
-+(B<HRR>) even if some of the predicted groups are supported.
-+OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall
-+order of I<list> elements and which groups are selected as predicted keyshares
-+as described below.
-+
-+The specified list elements can optionally be ignored if not implemented
- (listing unknown groups otherwise results in error).
--It is also possible to specify the built-in default set of groups, and to explicitly
--remove a group from that list.
--
--In its simplest form, the string I<list> is just a colon separated list
--of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first
--group listed will also be used for the B<key_share> sent by a client in a
--TLSv1.3 B<ClientHello>. For servers note the discussion above. The list should
--be in order of preference with the most preferred group first.
--
--Group tuples of comparable security are defined by separating them from each
--other by a tuple separator C</>. Keyshares to be sent by a client are specified
--by prepending a C<*> to the group name, while any C<*> will be ignored by a
--server. The following string I<list> for example defines three tuples when
--used on the server-side, and triggers the generation of three key shares
--when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
--
--If a group name is preceded with the C<?> character, it will be ignored if an
--implementation is missing. If a group name is preceded with the C<-> character, it
--will be removed from the list of groups if present (including not sending a
--key share for this group), ignored otherwise. The pseudo group name
--C<DEFAULT> can be used to select the OpenSSL built-in default list of groups.
-+It is also possible to specify the built-in default set of groups, and to
-+explicitly remove a group from that list.
-+
-+In its simplest legacy form, the string I<list> is just a colon separated list
-+of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048".
-+The first group listed will in this case be used as the sole predicted
-+B<key_share> sent by a client in a TLSv1.3 B<ClientHello>.
-+The list should be in order of preference with the most preferred group first.
-+
-+A more expressive syntax supports definition of group tuples of comparable
-+security by separating them from each other with C</> characters.
-+
-+The predicted keyshares to be sent by clients can be explicitly specified by
-+adding a C<*> prefix to the associated group name.
-+These C<*> prefixes are ignored by servers.
-+
-+If a group name is prefixed with the C<?> character, it will be ignored if an
-+implementation is missing.
-+Otherwise, listing an unknown group name will cause a failure to parse the
-+I<list>.
-+Note that whether a group is known or not may depend on the OpenSSL version,
-+how OpenSSL was compiled and/or which providers are loaded.
-+Make sure you have the correct spelling of the group name and when in doubt
-+prefix it with a C<?> to handle configurations in which it might nevertheless
-+be unknown.
-+
-+If a group name is prefixed with the C<-> character, it will be removed from
-+the list of groups specified up to that point.
-+It can be added again if specified later.
-+Removal of groups that have not been included earlier in the list is silently
-+ignored.
-+
-+The pseudo group name C<DEFAULT> can be used to select the OpenSSL built-in
-+default list of groups.
-+Prepending one or more groups to C<DEFAULT> using only C<:> separators prepends those
-+groups to the built-in default list's first tuple.
-+Additional tuples can be prepended by use of the C</> separator.
-+Appending a set of groups to C<DEFAULT> using only C<:> separators appends those
-+groups to the built-in default list's last tuple.
-+Additional tuples can be appended by use of the C</> separator.
-+
-+The B<DEFAULT> list selects B<X25519MLKEM768> as one of the predicted keyshares.
-+In rare cases this can lead to failures or timeouts because the resulting
-+larger TLS Client Hello message may no longer fit in a single TCP segment and
-+firewall software may erroneously disrupt the TLS handshake.
-+If this is an issue or concern, prepending C<?X25519MLKEM768:> without a C<*>
-+prefix leads to its occurrence in the default list to be ignored as a duplicate,
-+and along with that also the keyshare prediction.
-+The group will then only be selected by servers that specifically expect it,
-+after a Hello Retry Request (HRR).
-+Servers that specifically prefer B<X25519MLKEM768>, are much less likely to be
-+found behind problematic firewalls.
-+
-+The following string I<list> for example defines three tuples when used on the
-+server-side, and triggers the generation of three key shares when used on the
-+client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
- 
- For a TLS 1.3 client, all the groups in the string I<list> are added to the
- supported groups extension of a C<ClientHello>, in the order in which they are listed,
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index cd471a636db1..4e83e40995f3 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -211,7 +211,7 @@ static const uint16_t suiteb_curves[] = {
- 
- /* Group list string of the built-in pseudo group DEFAULT_SUITE_B */
- #define SUITE_B_GROUP_NAME "DEFAULT_SUITE_B"
--#define SUITE_B_GROUP_LIST "secp256r1:secp384r1",
-+#define SUITE_B_GROUP_LIST "?secp256r1:?secp384r1",
- 
- struct provider_ctx_data_st {
-     SSL_CTX *ctx;
-@@ -1244,8 +1244,8 @@ typedef struct {
-     size_t ksidcnt; /* Number of key shares */
-     uint16_t *ksid_arr; /* The IDs of the key share groups (flat list) */
-     /* Variable to keep state between execution of callback or helper functions */
--    size_t tuple_mode; /* Keeps track whether tuple_cb called from 'the top' or from gid_cb */
--    int ignore_unknown_default; /* Flag such that unknown groups for DEFAULT[_XYZ] are ignored */
-+    int inner; /* Are we expanding a DEFAULT list */
-+    int first; /* First tuple of possibly nested expansion? */
- } gid_cb_st;
- 
- /* Forward declaration of tuple callback function */
-@@ -1320,16 +1320,16 @@ static int gid_cb(const char *elem, int len, void *arg)
-             for (i = 0; i < OSSL_NELEM(default_group_strings); i++) {
-                 if ((size_t)len == (strlen(default_group_strings[i].list_name))
-                     && OPENSSL_strncasecmp(default_group_strings[i].list_name, elem, len) == 0) {
-+                    int saved_first;
-+
-                     /*
-                      * We're asked to insert an entire list of groups from a
-                      * DEFAULT[_XYZ] 'pseudo group' which we do by
-                      * recursively calling this function (indirectly via
-                      * CONF_parse_list and tuple_cb); essentially, we treat a DEFAULT
-                      * group string like a tuple which is appended to the current tuple
--                     * rather then starting a new tuple. Variable tuple_mode is the flag which
--                     * controls append tuple vs start new tuple.
-+                     * rather then starting a new tuple.
-                      */
--
-                     if (ignore_unknown || remove_group)
-                         return -1; /* removal or ignore not allowed here -> syntax error */
- 
-@@ -1350,15 +1350,17 @@ static int gid_cb(const char *elem, int len, void *arg)
-                         default_group_strings[i].group_string,
-                         strlen(default_group_strings[i].group_string));
-                     restored_default_group_string[strlen(default_group_strings[i].group_string) + restored_prefix_index] = '\0';
--                    /* We execute the recursive call */
--                    garg->ignore_unknown_default = 1; /* We ignore unknown groups for DEFAULT_XYZ */
--                    /* we enforce group mode (= append tuple) for DEFAULT_XYZ group lists */
--                    garg->tuple_mode = 0;
--                    /* We use the tuple_cb callback to process the pseudo group tuple */
-+                    /*
-+                     * Append first tuple of result to current tuple, and don't
-+                     * terminate the last tuple until we return to a top-level
-+                     * tuple_cb.
-+                     */
-+                    saved_first = garg->first;
-+                    garg->inner = garg->first = 1;
-                     retval = CONF_parse_list(restored_default_group_string,
-                         TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg);
--                    garg->tuple_mode = 1; /* next call to tuple_cb will again start new tuple */
--                    garg->ignore_unknown_default = 0; /* reset to original value */
-+                    garg->inner = 0;
-+                    garg->first = saved_first;
-                     /* We don't need the \0-terminated string anymore */
-                     OPENSSL_free(restored_default_group_string);
- 
-@@ -1378,9 +1380,6 @@ static int gid_cb(const char *elem, int len, void *arg)
-     if (len == 0)
-         return -1; /* Seems we have prefxes without a group name -> syntax error */
- 
--    if (garg->ignore_unknown_default == 1) /* Always ignore unknown groups for DEFAULT[_XYZ] */
--        ignore_unknown = 1;
--
-     /* Memory management in case more groups are present compared to initial allocation */
-     if (garg->gidcnt == garg->gidmax) {
-         uint16_t *tmp = OPENSSL_realloc(garg->gid_arr,
-@@ -1514,7 +1513,7 @@ static int gid_cb(const char *elem, int len, void *arg)
-         /* and update the book keeping for the number of groups in current tuple */
-         garg->tuplcnt_arr[garg->tplcnt]++;
- 
--        /* We memorize if needed that we want to add a key share for the current group */
-+        /* We want to add a key share for the current group */
-         if (add_keyshare)
-             garg->ksid_arr[garg->ksidcnt++] = gid;
-     }
-@@ -1523,6 +1522,39 @@ static int gid_cb(const char *elem, int len, void *arg)
-     return retval;
- }
- 
-+static int grow_tuples(gid_cb_st *garg)
-+{
-+    static size_t max_tplcnt = (~(size_t)0) / sizeof(size_t);
-+
-+    /* This uses OPENSSL_realloc_array() in newer releases */
-+    if (garg->tplcnt == garg->tplmax) {
-+        size_t newcnt = garg->tplmax + GROUPLIST_INCREMENT;
-+        size_t newsz = newcnt * sizeof(size_t);
-+        size_t *tmp;
-+
-+        if (newsz > max_tplcnt
-+            || (tmp = OPENSSL_realloc(garg->tuplcnt_arr, newsz)) == NULL)
-+            return 0;
-+
-+        garg->tplmax = newcnt;
-+        garg->tuplcnt_arr = tmp;
-+    }
-+    return 1;
-+}
-+
-+static int close_tuple(gid_cb_st *garg)
-+{
-+    size_t gidcnt = garg->tuplcnt_arr[garg->tplcnt];
-+
-+    if (gidcnt == 0)
-+        return 1;
-+    if (!grow_tuples(garg))
-+        return 0;
-+
-+    garg->tuplcnt_arr[++garg->tplcnt] = 0;
-+    return 1;
-+}
-+
- /* Extract and process a tuple of groups */
- static int tuple_cb(const char *tuple, int len, void *arg)
- {
-@@ -1536,16 +1568,9 @@ static int tuple_cb(const char *tuple, int len, void *arg)
-         return 0;
-     }
- 
--    /* Memory management for tuples */
--    if (garg->tplcnt == garg->tplmax) {
--        size_t *tmp = OPENSSL_realloc(garg->tuplcnt_arr,
--            (garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr));
--
--        if (tmp == NULL)
--            return 0;
--        garg->tplmax += GROUPLIST_INCREMENT;
--        garg->tuplcnt_arr = tmp;
--    }
-+    if (garg->inner && !garg->first && !close_tuple(garg))
-+        return 0;
-+    garg->first = 0;
- 
-     /* Convert to \0-terminated string */
-     restored_tuple_string = OPENSSL_malloc((len + 1 /* \0 */) * sizeof(char));
-@@ -1560,15 +1585,8 @@ static int tuple_cb(const char *tuple, int len, void *arg)
-     /* We don't need the \o-terminated string anymore */
-     OPENSSL_free(restored_tuple_string);
- 
--    if (garg->tuplcnt_arr[garg->tplcnt] > 0) { /* Some valid groups are present in current tuple... */
--        if (garg->tuple_mode) {
--            /* We 'close' the tuple */
--            garg->tplcnt++;
--            garg->tuplcnt_arr[garg->tplcnt] = 0; /* Next tuple is initialized to be empty */
--            garg->tuple_mode = 1; /* next call will start a tuple (unless overridden in gid_cb) */
--        }
--    }
--
-+    if (!garg->inner && !close_tuple(garg))
-+        return 0;
-     return retval;
- }
- 
-@@ -1599,8 +1617,6 @@ int tls1_set_groups_list(SSL_CTX *ctx,
-     }
- 
-     memset(&gcb, 0, sizeof(gcb));
--    gcb.tuple_mode = 1; /* We prepare to collect the first tuple */
--    gcb.ignore_unknown_default = 0;
-     gcb.gidmax = GROUPLIST_INCREMENT;
-     gcb.tplmax = GROUPLIST_INCREMENT;
-     gcb.ksidmax = GROUPLIST_INCREMENT;
-diff --git a/test/tls13groupselection_test.c b/test/tls13groupselection_test.c
-index 8340a9fd2b3b..bcae5e715944 100644
---- a/test/tls13groupselection_test.c
-+++ b/test/tls13groupselection_test.c
-@@ -40,6 +40,12 @@ typedef enum SERVER_RESPONSE {
-     SH = 2
- } SERVER_RESPONSE;
- 
-+static const char *response_desc[] = {
-+    "HRR",
-+    "INIT",
-+    "SH",
-+};
-+
- static char *cert = NULL;
- static char *privkey = NULL;
- 
-@@ -307,7 +313,23 @@ static const struct tls13groupselection_test_st tls13groupselection_tests[] = {
-     { "*brainpoolP256r1:X25519", /* test 43 */
-         "X25519",
-         SERVER_PREFERENCE,
--        NEGOTIATION_FAILURE, INIT }
-+        NEGOTIATION_FAILURE, INIT },
-+
-+    /* DEFAULT retains tuple structure */
-+    { "*X25519:secp256r1",
-+        "secp256r1:DEFAULT", /* test 44 */
-+        SERVER_PREFERENCE,
-+        "secp256r1", HRR },
-+#ifndef OPENSSL_NO_DH
-+    { "*ffdhe2048:secp256r1",
-+        "DEFAULT:ffdhe4096", /* test 45 */
-+        CLIENT_PREFERENCE,
-+        "secp256r1", HRR },
-+    { "x25519:ffdhe2048:*ffdhe4096",
-+        "DEFAULT:ffdhe4096", /* test 46 */
-+        SERVER_PREFERENCE,
-+        "x25519", HRR },
-+#endif
- };
- 
- static void server_response_check_cb(int write_p, int version,
-@@ -318,10 +340,12 @@ static void server_response_check_cb(int write_p, int version,
-     enum SERVER_RESPONSE *server_response = (enum SERVER_RESPONSE *)arg;
-     /* Prepare check for HRR */
-     const uint8_t *incoming_random = (uint8_t *)buf + 6;
--    const uint8_t magic_HRR_random[32] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
-+    const uint8_t magic_HRR_random[32] = {
-+        0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
-         0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
-         0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
--        0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
-+        0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
-+    };
- 
-     /* Did a server hello arrive? */
-     if (write_p == 0 && /* Incoming data... */
-@@ -450,13 +474,16 @@ static int test_groupnegotiation(const struct tls13groupselection_test_st *curre
-         group_name_client = SSL_group_to_name(clientssl, negotiated_group_client);
-         if (!TEST_int_eq(negotiated_group_client, negotiated_group_server))
-             goto end;
--        if (!TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
-+        if (!TEST_str_eq(response_desc[current_test_vector->expected_server_response],
-+                response_desc[server_response]))
-             goto end;
-         if (TEST_str_eq(group_name_client, current_test_vector->expected_group))
-             ok = 1;
-     } else {
-         TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE));
--        if (test_type == TEST_NEGOTIATION_FAILURE && !TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
-+        if (test_type == TEST_NEGOTIATION_FAILURE
-+            && !TEST_str_eq(response_desc[current_test_vector->expected_server_response],
-+                response_desc[server_response]))
-             goto end;
-         ok = 1;
-     }
diff -Nru openssl-3.5.5/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch openssl-3.5.6/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch
--- openssl-3.5.5/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,157 +0,0 @@
-From: Neil Horman <nhorman@openssl.org>
-Date: Tue, 31 Mar 2026 14:38:03 -0400
-Subject: Test for DH/ECDH CMS KARI processing NULL pointer dereference
-
-Test to ensure that, if we attempt to decrypt a CMS message with a
-missing parameter field of KeyEncryptionAlgorithmIdentifier
-we fail, rather than segfault.
-
-Co-authored-by: Tomas Mraz <tomas@openssl.foundation>
----
- test/recipes/80-test_cms.t                  | 33 ++++++++++++++++++++++++++++-
- test/recipes/80-test_cms_data/dh-cert.pem   | 31 +++++++++++++++++++++++++++
- test/recipes/80-test_cms_data/dh-key.pem    | 15 +++++++++++++
- test/recipes/80-test_cms_data/ecdh-cert.pem | 10 +++++++++
- test/recipes/80-test_cms_data/ecdh-key.pem  |  5 +++++
- 5 files changed, 93 insertions(+), 1 deletion(-)
- create mode 100644 test/recipes/80-test_cms_data/dh-cert.pem
- create mode 100644 test/recipes/80-test_cms_data/dh-key.pem
- create mode 100644 test/recipes/80-test_cms_data/ecdh-cert.pem
- create mode 100644 test/recipes/80-test_cms_data/ecdh-key.pem
-
-diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t
-index 279a498475c8..90aeb2959707 100644
---- a/test/recipes/80-test_cms.t
-+++ b/test/recipes/80-test_cms.t
-@@ -53,7 +53,7 @@ my ($no_des, $no_dh, $no_dsa, $no_ec, $no_ec2m, $no_rc2, $no_zlib)
- 
- $no_rc2 = 1 if disabled("legacy");
- 
--plan tests => 31;
-+plan tests => 33;
- 
- ok(run(test(["pkcs7_test"])), "test pkcs7");
- 
-@@ -1360,6 +1360,37 @@ with({ exit_checker => sub { return shift == 3; } },
- 	   "Check for failure when cipher does not have an assigned OID (issue#22225)");
-      });
- 
-+# Test cases for CVE-2026-28389
-+my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der");
-+my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem");
-+my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem");
-+
-+with({ exit_checker => sub { return shift == 4; } },
-+    sub {
-+        SKIP: {
-+          skip "DH is not supported in this build", 1 if $no_dh;
-+
-+          ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
-+                      "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])),
-+             "Must not crash on malformed cms inputs with dh key");
-+        }
-+    });
-+
-+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der");
-+my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem");
-+my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem");
-+
-+with({ exit_checker => sub { return shift == 4; } },
-+    sub {
-+        SKIP: {
-+          skip "EC is not supported in this build", 1 if $no_ec;
-+
-+          ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
-+                       "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])),
-+             "Must not crash on malformed cms inputs with ecdh key");
-+        }
-+    });
-+
- # Test encrypt to three recipients, and decrypt using key-only;
- # i.e. do not follow the recommended practice of providing the
- # recipient cert in the decrypt op.
-diff --git a/test/recipes/80-test_cms_data/dh-cert.pem b/test/recipes/80-test_cms_data/dh-cert.pem
-new file mode 100644
-index 000000000000..f5fb90b9009b
---- /dev/null
-+++ b/test/recipes/80-test_cms_data/dh-cert.pem
-@@ -0,0 +1,31 @@
-+-----BEGIN CERTIFICATE-----
-+MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL
-+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
-+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2
-+MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC
-+AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD
-+zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf
-+XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP
-+SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI
-+7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8
-+LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH//////
-+////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx
-+hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw
-+c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw
-+a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050
-+wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww
-+lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX
-+l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl
-+IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ
-+ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO
-+M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu
-+lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j
-+BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV
-+HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo
-+cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW
-+AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp
-+JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm
-+eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO
-+VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3
-+NGpnrpeWX4rk4kQmx/I=
-+-----END CERTIFICATE-----
-diff --git a/test/recipes/80-test_cms_data/dh-key.pem b/test/recipes/80-test_cms_data/dh-key.pem
-new file mode 100644
-index 000000000000..16010785214e
---- /dev/null
-+++ b/test/recipes/80-test_cms_data/dh-key.pem
-@@ -0,0 +1,15 @@
-+-----BEGIN PRIVATE KEY-----
-+MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW
-+ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e
-+1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY
-+oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt
-+52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47
-+G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC
-+AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n
-+Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv
-+P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl
-+2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm
-+lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT
-+YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r
-+xDHoWg==
-+-----END PRIVATE KEY-----
-diff --git a/test/recipes/80-test_cms_data/ecdh-cert.pem b/test/recipes/80-test_cms_data/ecdh-cert.pem
-new file mode 100644
-index 000000000000..3a0ab6624ca2
---- /dev/null
-+++ b/test/recipes/80-test_cms_data/ecdh-cert.pem
-@@ -0,0 +1,10 @@
-+-----BEGIN CERTIFICATE-----
-+MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw
-+DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow
-+DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s
-+OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC
-+EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw
-+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw
-+CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+
-+NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ==
-+-----END CERTIFICATE-----
-diff --git a/test/recipes/80-test_cms_data/ecdh-key.pem b/test/recipes/80-test_cms_data/ecdh-key.pem
-new file mode 100644
-index 000000000000..ef9488b3c516
---- /dev/null
-+++ b/test/recipes/80-test_cms_data/ecdh-key.pem
-@@ -0,0 +1,5 @@
-+-----BEGIN PRIVATE KEY-----
-+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1
-+unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC
-+3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ
-+-----END PRIVATE KEY-----
diff -Nru openssl-3.5.5/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch openssl-3.5.6/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch
--- openssl-3.5.5/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/dane_match_cert-should-X509_free-on-mcert-instead.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,32 +0,0 @@
-From: Alexandr Nedvedicky <sashan@openssl.org>
-Date: Tue, 3 Mar 2026 13:23:46 +0100
-Subject: dane_match_cert() should X509_free() on ->mcert instead of
- OPENSSL_free()
-
-Fixes: 170b735820ac "DANE support for X509_verify_cert()"
-
-Reviewed-by: Eugene Syromiatnikov <esyr@openssl.org>
-Reviewed-by: Tomas Mraz <tomas@openssl.org>
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Neil Horman <nhorman@openssl.org>
-MergeDate: Thu Mar  5 12:37:17 2026
-(Merged from https://github.com/openssl/openssl/pull/30250)
-
-(cherry picked from commit 8b5cd6a682f0f6e7b8bf55137137c567d1899c4a)
----
- crypto/x509/x509_vfy.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 20c012def2f3..ca3ffc420473 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -3015,7 +3015,7 @@ static int dane_match_cert(X509_STORE_CTX *ctx, X509 *cert, int depth)
-                     break;
-                 }
- 
--                OPENSSL_free(dane->mcert);
-+                X509_free(dane->mcert);
-                 dane->mcert = cert;
-                 dane->mdpth = depth;
-                 dane->mtlsa = t;
diff -Nru openssl-3.5.5/debian/patches/man-section.patch openssl-3.5.6/debian/patches/man-section.patch
--- openssl-3.5.5/debian/patches/man-section.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/man-section.patch	2026-05-04 18:39:11.000000000 +0000
@@ -7,10 +7,10 @@
  1 file changed, 3 insertions(+), 2 deletions(-)
 
 diff --git a/Configurations/unix-Makefile.tmpl b/Configurations/unix-Makefile.tmpl
-index 78be4a319964..59e78839a563 100644
+index 5bf397eba021..8e12268c0777 100644
 --- a/Configurations/unix-Makefile.tmpl
 +++ b/Configurations/unix-Makefile.tmpl
-@@ -358,7 +358,8 @@ HTMLDIR=$(DOCDIR)/html
+@@ -359,7 +359,8 @@ HTMLDIR=$(DOCDIR)/html
  # MANSUFFIX is for the benefit of anyone who may want to have a suffix
  # appended after the manpage file section number.  "ssl" is popular,
  # resulting in files such as config.5ssl rather than config.5.
@@ -20,7 +20,7 @@
  HTMLSUFFIX=html
  
  # For "optional" echo messages, to get "real" silence
-@@ -1584,7 +1585,7 @@ EOF
+@@ -1585,7 +1586,7 @@ EOF
            my $pod = $gen0;
            return <<"EOF";
  $args{src}: $pod
diff -Nru openssl-3.5.5/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch openssl-3.5.6/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch
--- openssl-3.5.5/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,108 +0,0 @@
-From: Nikola Pajkovsky <nikolap@openssl.org>
-Date: Mon, 23 Mar 2026 08:41:20 +0100
-Subject: rsa_kem: test RSA_public_encrypt() result in RSASVE
-
-RSA_public_encrypt() returns the number of bytes written on success and
--1 on failure.
-
-Add regression coverage in evp_extra_test using invalid RSA pubkey
-which triggers -1 in RSA_public_encrypt() using encapsulation.
-
-Fixes: https://github.com/openssl/srt/issues/95
-Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
----
- test/evp_extra_test.c | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 67 insertions(+)
-
-diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
-index f55d17258d1f..d45f497f032a 100644
---- a/test/evp_extra_test.c
-+++ b/test/evp_extra_test.c
-@@ -929,6 +929,32 @@ static EVP_PKEY *load_example_ec_key(void)
- #endif
- 
- #ifndef OPENSSL_NO_DEPRECATED_3_0
-+
-+static EVP_PKEY *make_bad_rsa_pubkey(void)
-+{
-+    RSA *rsa = NULL;
-+    BIGNUM *n = NULL, *e = NULL;
-+    EVP_PKEY *pkey = NULL;
-+
-+    /* Deliberately invalid public key: n = 17, e = 17 */
-+    if (!TEST_ptr(pkey = EVP_PKEY_new())
-+        || !TEST_ptr(rsa = RSA_new())
-+        || !TEST_ptr(n = BN_new())
-+        || !TEST_ptr(e = BN_new())
-+        || !TEST_true(BN_set_word(n, 17))
-+        || !TEST_true(BN_set_word(e, 17))
-+        || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
-+        || !EVP_PKEY_assign_RSA(pkey, rsa))
-+        goto err;
-+
-+    return pkey;
-+err:
-+    BN_free(n);
-+    BN_free(e);
-+    RSA_free(rsa);
-+    return NULL;
-+}
-+
- #ifndef OPENSSL_NO_DH
- static EVP_PKEY *load_example_dh_key(void)
- {
-@@ -5898,6 +5924,46 @@ static int test_custom_ciph_meth(void)
-     return testresult;
- }
- 
-+static int test_rsasve_kem_with_invalid_pub_key(void)
-+{
-+    RSA *rsa = NULL;
-+    EVP_PKEY *pkey = NULL;
-+    EVP_PKEY_CTX *ctx = NULL;
-+    unsigned char *ct = NULL;
-+    unsigned char *secret = NULL;
-+    size_t ctlen = 0, secretlen = 0;
-+    int testresult = 0;
-+
-+    if (nullprov != NULL) {
-+        testresult = TEST_skip("Test does not support a non-default library context");
-+        goto err;
-+    }
-+
-+    if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
-+        goto err;
-+
-+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
-+        || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
-+        || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
-+        || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
-+        || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
-+        || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
-+        goto err;
-+
-+    if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
-+        goto err;
-+
-+    testresult = 1;
-+
-+err:
-+    OPENSSL_free(secret);
-+    OPENSSL_free(ct);
-+    EVP_PKEY_CTX_free(ctx);
-+    RSA_free(rsa);
-+    EVP_PKEY_free(pkey);
-+    return testresult;
-+}
-+
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
- /* Test we can create a signature keys with an associated ENGINE */
- static int test_signatures_with_engine(int tst)
-@@ -6854,6 +6920,7 @@ int setup_tests(void)
-     ADD_TEST(test_evp_md_cipher_meth);
-     ADD_TEST(test_custom_md_meth);
-     ADD_TEST(test_custom_ciph_meth);
-+    ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
- 
- #ifndef OPENSSL_NO_DYNAMIC_ENGINE
-     /* Tests only support the default libctx */
diff -Nru openssl-3.5.5/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch openssl-3.5.6/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch
--- openssl-3.5.5/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,56 +0,0 @@
-From: Nikola Pajkovsky <nikolap@openssl.org>
-Date: Thu, 19 Mar 2026 12:16:08 +0100
-Subject: rsa_kem: validate RSA_public_encrypt() result in RSASVE
-
-RSA_public_encrypt() returns the number of bytes written on success and
--1 on failure. With the existing `if (ret)` check, a provider-side RSA KEM
-encapsulation can incorrectly succeed when the underlying RSA public
-encrypt operation fails. In that case the code reports success, returns
-lengths as if encapsulation completed normally, and leaves the freshly
-generated secret available instead of discarding it.
-
-Tighten the success condition so RSASVE only succeeds when
-RSA_public_encrypt() returns a positive value equal to the modulus-sized
-output expected for RSA_NO_PADDING. Any other return value is treated as
-failure, and the generated secret is cleansed before returning.
-
-Fixes CVE: CVE-2026-31790
-Fixes: https://github.com/openssl/srt/issues/95
-Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
----
- providers/implementations/kem/rsa_kem.c | 20 +++++++++++---------
- 1 file changed, 11 insertions(+), 9 deletions(-)
-
-diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
-index f7bf368a0dfc..74dfafddd9e0 100644
---- a/providers/implementations/kem/rsa_kem.c
-+++ b/providers/implementations/kem/rsa_kem.c
-@@ -316,17 +316,19 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
-         return 0;
- 
-     /* Step(3): out = RSAEP((n,e), z) */
--    ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
--    if (ret) {
--        ret = 1;
--        if (outlen != NULL)
--            *outlen = nlen;
--        if (secretlen != NULL)
--            *secretlen = nlen;
--    } else {
-+    ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
-+        RSA_NO_PADDING);
-+    if (ret <= 0 || ret != (int)nlen) {
-         OPENSSL_cleanse(secret, nlen);
-+        return 0;
-     }
--    return ret;
-+
-+    if (outlen != NULL)
-+        *outlen = nlen;
-+    if (secretlen != NULL)
-+        *secretlen = nlen;
-+
-+    return 1;
- }
- 
- /**
diff -Nru openssl-3.5.5/debian/patches/series openssl-3.5.6/debian/patches/series
--- openssl-3.5.5/debian/patches/series	2026-04-03 10:05:32.000000000 +0000
+++ openssl-3.5.6/debian/patches/series	2026-05-04 18:39:11.000000000 +0000
@@ -5,14 +5,3 @@
 c_rehash-compat.patch
 Configure-allow-to-enable-ktls-if-target-does-not-start-w.patch
 conf-Serialize-allocation-free-of-ssl_names.patch
-Fix-group-tuple-handling-in-DEFAULT-expansion.patch
-dane_match_cert-should-X509_free-on-mcert-instead.patch
-Fix-NULL-Dereference-When-Delta-CRL-Lacks-CRL-Number-Exte.patch
-Added-test-for-CVE-2026-28388.patch
-Fix-NULL-deref-in-ec-dh_cms_set_shared_info.patch
-Test-for-DH-ECDH-CMS-KARI-processing-NULL-pointer-derefer.patch
-Fix-NULL-deref-in-rsa_cms_decrypt.patch
-Add-test-for-CMS-decryption-with-RSA-keys.patch
-Avoid-possible-buffer-overflow-in-buf2hex-conversion.patch
-rsa_kem-validate-RSA_public_encrypt-result-in-RSASVE.patch
-rsa_kem-test-RSA_public_encrypt-result-in-RSASVE.patch
diff -Nru openssl-3.5.5/doc/build.info openssl-3.5.6/doc/build.info
--- openssl-3.5.5/doc/build.info	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/build.info	2026-04-07 12:26:30.000000000 +0000
@@ -2903,6 +2903,10 @@
 GENERATE[html/man3/UI_new.html]=man3/UI_new.pod
 DEPEND[man/man3/UI_new.3]=man3/UI_new.pod
 GENERATE[man/man3/UI_new.3]=man3/UI_new.pod
+DEPEND[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod
+GENERATE[html/man3/X509V3_EXT_print.html]=man3/X509V3_EXT_print.pod
+DEPEND[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod
+GENERATE[man/man3/X509V3_EXT_print.3]=man3/X509V3_EXT_print.pod
 DEPEND[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod
 GENERATE[html/man3/X509V3_get_d2i.html]=man3/X509V3_get_d2i.pod
 DEPEND[man/man3/X509V3_get_d2i.3]=man3/X509V3_get_d2i.pod
@@ -3787,6 +3791,7 @@
 html/man3/UI_UTIL_read_pw.html \
 html/man3/UI_create_method.html \
 html/man3/UI_new.html \
+html/man3/X509V3_EXT_print.html \
 html/man3/X509V3_get_d2i.html \
 html/man3/X509V3_set_ctx.html \
 html/man3/X509_ACERT_add1_attr.html \
@@ -4463,6 +4468,7 @@
 man/man3/UI_UTIL_read_pw.3 \
 man/man3/UI_create_method.3 \
 man/man3/UI_new.3 \
+man/man3/X509V3_EXT_print.3 \
 man/man3/X509V3_get_d2i.3 \
 man/man3/X509V3_set_ctx.3 \
 man/man3/X509_ACERT_add1_attr.3 \
diff -Nru openssl-3.5.5/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod openssl-3.5.6/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod
--- openssl-3.5.5/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/internal/man3/OSSL_SAFE_MATH_SIGNED.pod	2026-04-07 12:26:30.000000000 +0000
@@ -80,7 +80,7 @@
 has a four byte element count which is followed by that many elements.
 It returns zero on overflow.
 
- OSSL_SAFE_MATH_UNSIGNED(sizet, size_t, SIZE_MAX)
+ OSSL_SAFE_MATH_UNSIGNED(sizet, size_t)
 
  size_t compute_record_size(uint32_t n)
  {
@@ -99,7 +99,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/internal/man3/ossl_cmp_msg_check_update.pod openssl-3.5.6/doc/internal/man3/ossl_cmp_msg_check_update.pod
--- openssl-3.5.5/doc/internal/man3/ossl_cmp_msg_check_update.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/internal/man3/ossl_cmp_msg_check_update.pod	2026-04-07 12:26:30.000000000 +0000
@@ -51,6 +51,7 @@
 The callback should return 1 on acceptance, 0 on rejection, or -1 on error.
 It should not put an error on the error stack since this could be misleading.
 
+Unless the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> is set in the B<ctx>,
 ossl_cmp_msg_check_update() adds all extraCerts contained in the <msg> to
 the list of untrusted certificates in B<ctx> such that they are already usable
 for OSSL_CMP_validate_msg(), which is called internally, and for future use.
@@ -58,7 +59,7 @@
 peer does not need to send them again (at least not in the same transaction).
 Note that it does not help validating the message before storing the extraCerts
 because they are not part of the protected portion of the message anyway.
-For efficiency, the extraCerts are prepended to the list so they get used first.
+For efficiency, the extraCerts being cached are prepended to the list so they get used first.
 
 If all checks pass then ossl_cmp_msg_check_update()
 records in B<ctx> the senderNonce of the received message as the new recipNonce
@@ -85,7 +86,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/internal/man7/deprecation.pod openssl-3.5.6/doc/internal/man7/deprecation.pod
--- openssl-3.5.5/doc/internal/man7/deprecation.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/internal/man7/deprecation.pod	2026-04-07 12:26:30.000000000 +0000
@@ -2,6 +2,8 @@
 
 =head1 NAME
 
+OPENSSL_NO_DEPRECATED_3_5, OSSL_DEPRECATEDIN_3_5,
+OPENSSL_NO_DEPRECATED_3_4, OSSL_DEPRECATEDIN_3_4,
 OPENSSL_NO_DEPRECATED_3_1, OSSL_DEPRECATEDIN_3_1,
 OPENSSL_NO_DEPRECATED_3_0, OSSL_DEPRECATEDIN_3_0,
 OPENSSL_NO_DEPRECATED_1_1_1, OSSL_DEPRECATEDIN_1_1_1,
@@ -131,7 +133,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/CA.pl.pod openssl-3.5.6/doc/man1/CA.pl.pod
--- openssl-3.5.5/doc/man1/CA.pl.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/CA.pl.pod	2026-04-07 12:26:30.000000000 +0000
@@ -106,7 +106,7 @@
 list box), otherwise the name "My Certificate" is used.
 Delegates work to L<openssl-pkcs12(1)>.
 
-=item B<-sign>, B<-signcert>, B<-xsign>
+=item B<-sign>, B<-xsign>
 
 Calls the L<openssl-ca(1)> command to sign a certificate request. It expects the
 request to be in the file F<newreq.pem>. The new certificate is written to the
@@ -191,7 +191,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/openssl-ciphers.pod.in openssl-3.5.6/doc/man1/openssl-ciphers.pod.in
--- openssl-3.5.5/doc/man1/openssl-ciphers.pod.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-ciphers.pod.in	2026-04-07 12:26:30.000000000 +0000
@@ -120,16 +120,16 @@
 
 The actual cipher string can take several different forms.
 
-It can consist of a single cipher suite such as B<RC4-SHA>.
+It can consist of a single cipher suite such as B<AES256-SHA>.
 
 It can represent a list of cipher suites containing a certain algorithm, or
-cipher suites of a certain type. For example B<SHA1> represents all ciphers
-suites using the digest algorithm SHA1 and B<SSLv3> represents all SSL v3
-algorithms.
+cipher suites of a certain type. For example B<SHA256> represents all cipher
+suites using the digest algorithm SHA256 and B<TLSv1.2> represents all
+cipher suites introduced in TLS v.1.2.
 
 Lists of cipher suites can be combined in a single cipher string using the
 B<+> character. This is used as a logical B<and> operation. For example
-B<SHA1+DES> represents all cipher suites containing the SHA1 B<and> the DES
+B<SHA256+AES> represents all cipher suites using the SHA256 B<and> the AES
 algorithms.
 
 Each cipher string can be optionally preceded by the characters B<!>,
@@ -160,7 +160,7 @@
 The cipher list can be prefixed with the B<DEFAULT> keyword, which enables
 the default cipher list as defined below.  Unlike cipher strings,
 this prefix may not be combined with other strings using B<+> character.
-For example, B<DEFAULT+DES> is not valid.
+For example, B<DEFAULT+AES> is not valid.
 
 The content of the default list is determined at compile time and normally
 corresponds to B<ALL:!COMPLEMENTOFDEFAULT:!eNULL>.
@@ -173,11 +173,12 @@
 
 =item B<COMPLEMENTOFDEFAULT>
 
-The ciphers included in B<ALL>, but not enabled by default. Currently
-this includes all RC4 and anonymous ciphers. Note that this rule does
-not cover B<eNULL>, which is not included by B<ALL> (use B<COMPLEMENTOFALL> if
-necessary). Note that RC4 based cipher suites are not built into OpenSSL by
-default (see the enable-weak-ssl-ciphers option to Configure).
+The cipher suites included in B<ALL>, but not enabled by default. The default
+cipher suite list provides strong security and reasonable interoperability.
+A cipher suite can be not included in the default list for different reasons:
+because it is weak, or not "mature" enough, or not widely used, etc.
+Note that this rule does not cover B<eNULL>, which is not included by B<ALL>
+(use B<COMPLEMENTOFALL> if necessary).
 
 =item B<ALL>
 
@@ -205,6 +206,10 @@
 encryption algorithms but excluding export cipher suites.  All these
 cipher suites have been removed as of OpenSSL 1.1.0.
 
+=item B<FIPS>
+
+Cipher suites permitted in FIPS mode.
+
 =item B<eNULL>, B<NULL>
 
 The "NULL" ciphers that is those offering no encryption. Because these offer no
@@ -227,14 +232,8 @@
 
 =item B<kRSA>, B<aRSA>, B<RSA>
 
-Cipher suites using RSA key exchange or authentication. B<RSA> is an alias for
-B<kRSA>.
-
-=item B<kDHr>, B<kDHd>, B<kDH>
-
-Cipher suites using static DH key agreement and DH certificates signed by CAs
-with RSA and DSS keys or either respectively.
-All these cipher suites have been removed in OpenSSL 1.1.0.
+Cipher suites using RSA key exchange, RSA authentication, or both of them
+respectively.
 
 =item B<kDHE>, B<kEDH>, B<DH>
 
@@ -267,12 +266,6 @@
 
 Cipher suites using DSS authentication, i.e. the certificates carry DSS keys.
 
-=item B<aDH>
-
-Cipher suites effectively using DH authentication, i.e. the certificates carry
-DH keys.
-All these cipher suites have been removed in OpenSSL 1.1.0.
-
 =item B<aECDSA>, B<ECDSA>
 
 Cipher suites using ECDSA authentication, i.e. the certificates carry ECDSA
@@ -280,8 +273,7 @@
 
 =item B<TLSv1.2>, B<TLSv1.0>, B<SSLv3>
 
-Lists cipher suites which are only supported in at least TLS v1.2, TLS v1.0 or
-SSL v3.0 respectively.
+Lists cipher suites introduced in TLS v1.2, TLS v1.0 or SSL v3.0 respectively.
 Note: there are no cipher suites specific to TLS v1.1.
 Since this is only the minimum version, if, for example, TLSv1.0 is negotiated
 then both TLSv1.0 and SSLv3.0 cipher suites are available.
@@ -305,10 +297,13 @@
 cipher suites using both 16 and 8 octet Integrity Check Value (ICV)
 while B<AESCCM8> only references 8 octet ICV.
 
-=item B<ARIA128>, B<ARIA256>, B<ARIA>
+=item B<ARIA128>, B<ARIA256>
+
+Cipher suites using 128 bit ARIA or 256 bit ARIA respectively.
+
+=item B<ARIA>, B<ARIAGCM>
 
-Cipher suites using 128 bit ARIA, 256 bit ARIA or either 128 or 256 bit
-ARIA.
+Cipher suites using either 128 or 256 bit ARIA.
 
 =item B<CAMELLIA128>, B<CAMELLIA256>, B<CAMELLIA>
 
@@ -358,24 +353,46 @@
 
 =item B<aGOST>
 
-Cipher suites using GOST R 34.10 (either 2001 or 94) for authentication
+Cipher suites using GOST R 34.10 (either 2001 or 2012) for authentication
 (needs an engine supporting GOST algorithms).
 
 =item B<aGOST01>
 
-Cipher suites using GOST R 34.10-2001 authentication.
+Cipher suites that can be uses with GOST R 34.10-2001 keys for authentication.
+
+=item B<aGOST12>
+
+Cipher suites that can be used with GOST R 34.10-2012 keys for authentication.
 
 =item B<kGOST>
 
-Cipher suites, using VKO 34.10 key exchange, specified in the RFC 4357.
+Cipher suites using VKO 34.10 key exchange and key wrap specified in the
+RFC 4357 or RFC 7836.
+
+=item B<kGOST18>
+
+Cipher suites using VKO 34.10 key exchange specified in the RFC 7836 and
+KExp15 key export specified in the RFC 9189.
 
 =item B<GOST94>
 
 Cipher suites, using HMAC based on GOST R 34.11-94.
 
+=item B<GOST12>
+
+Cipher suites, using HMAC based on GOST R 34.11-2012 256 bits.
+
 =item B<GOST89MAC>
 
-Cipher suites using GOST 28147-89 MAC B<instead of> HMAC.
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes A.
+
+=item B<GOST89MAC12>
+
+Cipher suites using GOST 28147-89 MAC B<instead of> HMAC with S-boxes Z.
+
+=item B<GOST89>
+
+Cipher suites using any GOST cipher (GOST 28147-89, Magma or Kuznyechik).
 
 =item B<PSK>
 
@@ -390,6 +407,14 @@
 Cipher suites using PSK authentication (currently all PSK modes apart from
 RSA_PSK).
 
+=item B<kSRP>, B<SRP>
+
+Cipher suites using SRP key exchange.
+
+=item B<aSRP>
+
+Cipher suites using SRP authentication.
+
 =item B<SUITEB128>, B<SUITEB128ONLY>, B<SUITEB192>
 
 Enables suite B mode of operation using 128 (permitting 192 bit mode by peer)
@@ -424,310 +449,398 @@
 authentication used, e.g. DES-CBC3-SHA. In these cases, RSA authentication
 is used.
 
-=head2 SSL v3.0 cipher suites
-
- SSL_RSA_WITH_NULL_MD5                   NULL-MD5
- SSL_RSA_WITH_NULL_SHA                   NULL-SHA
- SSL_RSA_WITH_RC4_128_MD5                RC4-MD5
- SSL_RSA_WITH_RC4_128_SHA                RC4-SHA
- SSL_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- SSL_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
-
- SSL_DH_DSS_WITH_3DES_EDE_CBC_SHA        DH-DSS-DES-CBC3-SHA
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA        DH-RSA-DES-CBC3-SHA
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
-
- SSL_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- SSL_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-
- SSL_FORTEZZA_KEA_WITH_NULL_SHA          Not implemented.
- SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA  Not implemented.
- SSL_FORTEZZA_KEA_WITH_RC4_128_SHA       Not implemented.
-
-=head2 TLS v1.0 cipher suites
-
- TLS_RSA_WITH_NULL_MD5                   NULL-MD5
- TLS_RSA_WITH_NULL_SHA                   NULL-SHA
- TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
- TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
- TLS_RSA_WITH_IDEA_CBC_SHA               IDEA-CBC-SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA           DES-CBC3-SHA
+=head2 AES cipher suites for  TLS v1.2
 
- TLS_DH_DSS_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA        Not implemented.
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA       DHE-DSS-DES-CBC3-SHA
- TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA       DHE-RSA-DES-CBC3-SHA
+ TLS_DH_anon_WITH_AES_128_CBC_SHA256            ADH-AES128-SHA256
+ TLS_DH_anon_WITH_AES_128_CBC_SHA               ADH-AES128-SHA
+ TLS_DH_anon_WITH_AES_128_GCM_SHA256            ADH-AES128-GCM-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA256            ADH-AES256-SHA256
+ TLS_DH_anon_WITH_AES_256_CBC_SHA               ADH-AES256-SHA
+ TLS_DH_anon_WITH_AES_256_GCM_SHA384            ADH-AES256-GCM-SHA384
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256            DHE-DSS-AES128-SHA256
+ TLS_DHE_DSS_WITH_AES_128_CBC_SHA               DHE-DSS-AES128-SHA
+ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256            DHE-DSS-AES128-GCM-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA256            DHE-DSS-AES256-SHA256
+ TLS_DHE_DSS_WITH_AES_256_CBC_SHA               DHE-DSS-AES256-SHA
+ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384            DHE-DSS-AES256-GCM-SHA384
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256            DHE-PSK-AES128-CBC-SHA256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA               DHE-PSK-AES128-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8                 DHE-PSK-AES128-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CCM                   DHE-PSK-AES128-CCM
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256            DHE-PSK-AES128-GCM-SHA256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384            DHE-PSK-AES256-CBC-SHA384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA               DHE-PSK-AES256-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_256_CCM_8                 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_256_CCM                   DHE-PSK-AES256-CCM
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384            DHE-PSK-AES256-GCM-SHA384
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA256            DHE-RSA-AES128-SHA256
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA               DHE-RSA-AES128-SHA
+ TLS_DHE_RSA_WITH_AES_128_CCM_8                 DHE-RSA-AES128-CCM8
+ TLS_DHE_RSA_WITH_AES_128_CCM                   DHE-RSA-AES128-CCM
+ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256            DHE-RSA-AES128-GCM-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA256            DHE-RSA-AES256-SHA256
+ TLS_DHE_RSA_WITH_AES_256_CBC_SHA               DHE-RSA-AES256-SHA
+ TLS_DHE_RSA_WITH_AES_256_CCM_8                 DHE-RSA-AES256-CCM8
+ TLS_DHE_RSA_WITH_AES_256_CCM                   DHE-RSA-AES256-CCM
+ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384            DHE-RSA-AES256-GCM-SHA384
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA             AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_128_CCM_8               AECDH-AES128-CCM8
+ TLS_ECDH_anon_WITH_AES_128_CCM                 AECDH-AES128-CCM
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA             AECDH-AES256-SHA
+ TLS_ECDH_anon_WITH_AES_256_CCM_8               AECDH-AES256-CCM8
+ TLS_ECDH_anon_WITH_AES_256_CCM                 AECDH-AES256-CCM
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256         ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA            ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256         ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384         ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA            ECDH-ECDSA-AES256-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384         ECDH-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA           ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8             ECDHE-ECDSA-AES128-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM               ECDHE-ECDSA-AES128-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256        ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384        ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA           ECDHE-ECDSA-AES256-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8             ECDHE-ECDSA-AES256-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM               ECDHE-ECDSA-AES256-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384        ECDHE-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256          ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA             ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256        ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256          ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256          ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384          ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA             ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384          ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256          ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA             ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CCM_8               ECDHE-RSA-AES128-CCM8
+ TLS_ECDHE_RSA_WITH_AES_128_CCM                 ECDHE-RSA-AES128-CCM
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256          ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384          ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA             ECDHE-RSA-AES256-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CCM_8               ECDHE-RSA-AES256-CCM8
+ TLS_ECDHE_RSA_WITH_AES_256_CCM                 ECDHE-RSA-AES256-CCM
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384          ECDHE-RSA-AES256-GCM-SHA384
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256           ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA              ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256           ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384           ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA              ECDH-RSA-AES256-SHA
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384           ECDH-RSA-AES256-GCM-SHA384
+ TLS_PSK_WITH_AES_128_CBC_SHA256                PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA                   PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_128_CCM_8                     PSK-AES128-CCM8
+ TLS_PSK_WITH_AES_128_CCM                       PSK-AES128-CCM
+ TLS_PSK_WITH_AES_128_GCM_SHA256                PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384                PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_256_CBC_SHA                   PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_256_CCM_8                     PSK-AES256-CCM8
+ TLS_PSK_WITH_AES_256_CCM                       PSK-AES256-CCM
+ TLS_PSK_WITH_AES_256_GCM_SHA384                PSK-AES256-GCM-SHA384
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256            RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA               RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256            RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384            RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA               RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384            RSA-PSK-AES256-GCM-SHA384
+ TLS_RSA_WITH_AES_128_CBC_SHA256                AES128-SHA256
+ TLS_RSA_WITH_AES_128_CBC_SHA                   AES128-SHA
+ TLS_RSA_WITH_AES_128_CCM_8                     AES128-CCM8
+ TLS_RSA_WITH_AES_128_CCM                       AES128-CCM
+ TLS_RSA_WITH_AES_128_GCM_SHA256                AES128-GCM-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA256                AES256-SHA256
+ TLS_RSA_WITH_AES_256_CBC_SHA                   AES256-SHA
+ TLS_RSA_WITH_AES_256_CCM_8                     AES256-CCM8
+ TLS_RSA_WITH_AES_256_CCM                       AES256-CCM
+ TLS_RSA_WITH_AES_256_GCM_SHA384                AES256-GCM-SHA384
+
+=head2 Camellia cipher suites for TLS v1.2
+
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA256       ADH-CAMELLIA128-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA          ADH-CAMELLIA128-SHA
+ TLS_DH_anon_WITH_CAMELLIA_128_GCM_SHA256       ADH-CAMELLIA128-GCM-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA256       ADH-CAMELLIA256-SHA256
+ TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA          ADH-CAMELLIA256-SHA
+ TLS_DH_anon_WITH_CAMELLIA_256_GCM_SHA384       ADH-CAMELLIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256       DHE-DSS-CAMELLIA128-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA          DHE-DSS-CAMELLIA128-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_128_GCM_SHA256       DHE-DSS-CAMELLIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256       DHE-DSS-CAMELLIA256-SHA256
+ TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA          DHE-DSS-CAMELLIA256-SHA
+ TLS_DHE_DSS_WITH_CAMELLIA_256_GCM_SHA384       DHE-DSS-CAMELLIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256       DHE-RSA-CAMELLIA128-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA          DHE-RSA-CAMELLIA128-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_128_GCM_SHA256       DHE-RSA-CAMELLIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256       DHE-RSA-CAMELLIA256-SHA256
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA          DHE-RSA-CAMELLIA256-SHA
+ TLS_DHE_RSA_WITH_CAMELLIA_256_GCM_SHA384       DHE-RSA-CAMELLIA256-GCM-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256      ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384      ECDH-RSA-CAMELLIA256-SHA384
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256           CAMELLIA128-SHA256
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA              CAMELLIA128-SHA
+ TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256           CAMELLIA128-GCM-SHA256
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256           CAMELLIA256-SHA256
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA              CAMELLIA256-SHA
+ TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384           CAMELLIA256-GCM-SHA384
+
+=head2 SEED cipher suites for TLS v1.2
+
+ TLS_DH_anon_WITH_SEED_CBC_SHA                  ADH-SEED-SHA
+ TLS_DHE_DSS_WITH_SEED_CBC_SHA                  DHE-DSS-SEED-SHA
+ TLS_DHE_RSA_WITH_SEED_CBC_SHA                  DHE-RSA-SEED-SHA
+ TLS_RSA_WITH_SEED_CBC_SHA                      SEED-SHA
 
- TLS_DH_anon_WITH_RC4_128_MD5            ADH-RC4-MD5
- TLS_DH_anon_WITH_3DES_EDE_CBC_SHA       ADH-DES-CBC3-SHA
-
-=head2 AES cipher suites from RFC3268, extending TLS v1.0
-
- TLS_RSA_WITH_AES_128_CBC_SHA            AES128-SHA
- TLS_RSA_WITH_AES_256_CBC_SHA            AES256-SHA
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA         DH-DSS-AES128-SHA
- TLS_DH_DSS_WITH_AES_256_CBC_SHA         DH-DSS-AES256-SHA
- TLS_DH_RSA_WITH_AES_128_CBC_SHA         DH-RSA-AES128-SHA
- TLS_DH_RSA_WITH_AES_256_CBC_SHA         DH-RSA-AES256-SHA
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA        DHE-DSS-AES128-SHA
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA        DHE-DSS-AES256-SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA        DHE-RSA-AES128-SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA        DHE-RSA-AES256-SHA
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA        ADH-AES128-SHA
- TLS_DH_anon_WITH_AES_256_CBC_SHA        ADH-AES256-SHA
-
-=head2 Camellia cipher suites from RFC4132, extending TLS v1.0
-
- TLS_RSA_WITH_CAMELLIA_128_CBC_SHA      CAMELLIA128-SHA
- TLS_RSA_WITH_CAMELLIA_256_CBC_SHA      CAMELLIA256-SHA
-
- TLS_DH_DSS_WITH_CAMELLIA_128_CBC_SHA   DH-DSS-CAMELLIA128-SHA
- TLS_DH_DSS_WITH_CAMELLIA_256_CBC_SHA   DH-DSS-CAMELLIA256-SHA
- TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA   DH-RSA-CAMELLIA128-SHA
- TLS_DH_RSA_WITH_CAMELLIA_256_CBC_SHA   DH-RSA-CAMELLIA256-SHA
-
- TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA  DHE-DSS-CAMELLIA128-SHA
- TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA  DHE-DSS-CAMELLIA256-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA  DHE-RSA-CAMELLIA128-SHA
- TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA  DHE-RSA-CAMELLIA256-SHA
-
- TLS_DH_anon_WITH_CAMELLIA_128_CBC_SHA  ADH-CAMELLIA128-SHA
- TLS_DH_anon_WITH_CAMELLIA_256_CBC_SHA  ADH-CAMELLIA256-SHA
-
-=head2 SEED cipher suites from RFC4162, extending TLS v1.0
-
- TLS_RSA_WITH_SEED_CBC_SHA              SEED-SHA
-
- TLS_DH_DSS_WITH_SEED_CBC_SHA           DH-DSS-SEED-SHA
- TLS_DH_RSA_WITH_SEED_CBC_SHA           DH-RSA-SEED-SHA
-
- TLS_DHE_DSS_WITH_SEED_CBC_SHA          DHE-DSS-SEED-SHA
- TLS_DHE_RSA_WITH_SEED_CBC_SHA          DHE-RSA-SEED-SHA
-
- TLS_DH_anon_WITH_SEED_CBC_SHA          ADH-SEED-SHA
-
-=head2 GOST cipher suites from draft-chudov-cryptopro-cptls, extending TLS v1.0
+=head2 GOST cipher suites for TLS v1.2
 
 Note: these ciphers require an engine which including GOST cryptographic
 algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
 distribution.
 
- TLS_GOSTR341094_WITH_28147_CNT_IMIT GOST94-GOST89-GOST89
- TLS_GOSTR341001_WITH_28147_CNT_IMIT GOST2001-GOST89-GOST89
- TLS_GOSTR341094_WITH_NULL_GOSTR3411 GOST94-NULL-GOST94
- TLS_GOSTR341001_WITH_NULL_GOSTR3411 GOST2001-NULL-GOST94
-
-=head2 GOST cipher suites, extending TLS v1.2
-
-Note: these ciphers require an engine which including GOST cryptographic
-algorithms, such as the B<gost> engine, which isn't part of the OpenSSL
-distribution.
-
- TLS_GOSTR341112_256_WITH_28147_CNT_IMIT GOST2012-GOST8912-GOST8912
- TLS_GOSTR341112_256_WITH_NULL_GOSTR3411 GOST2012-NULL-GOST12
-
-Note: GOST2012-GOST8912-GOST8912 is an alias for two ciphers ID
-old LEGACY-GOST2012-GOST8912-GOST8912 and new IANA-GOST2012-GOST8912-GOST8912
-
-
-=head2 Additional Export 1024 and other cipher suites
-
-Note: these ciphers can also be used in SSL v3.
-
- TLS_DHE_DSS_WITH_RC4_128_SHA            DHE-DSS-RC4-SHA
-
-=head2 Elliptic curve cipher suites
-
- TLS_ECDHE_RSA_WITH_NULL_SHA             ECDHE-RSA-NULL-SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA          ECDHE-RSA-RC4-SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA     ECDHE-RSA-DES-CBC3-SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA      ECDHE-RSA-AES128-SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA      ECDHE-RSA-AES256-SHA
-
- TLS_ECDHE_ECDSA_WITH_NULL_SHA           ECDHE-ECDSA-NULL-SHA
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA        ECDHE-ECDSA-RC4-SHA
- TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA   ECDHE-ECDSA-DES-CBC3-SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA    ECDHE-ECDSA-AES128-SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA    ECDHE-ECDSA-AES256-SHA
-
- TLS_ECDH_anon_WITH_NULL_SHA             AECDH-NULL-SHA
- TLS_ECDH_anon_WITH_RC4_128_SHA          AECDH-RC4-SHA
- TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA     AECDH-DES-CBC3-SHA
- TLS_ECDH_anon_WITH_AES_128_CBC_SHA      AECDH-AES128-SHA
- TLS_ECDH_anon_WITH_AES_256_CBC_SHA      AECDH-AES256-SHA
-
-=head2 TLS v1.2 cipher suites
-
- TLS_RSA_WITH_NULL_SHA256                  NULL-SHA256
-
- TLS_RSA_WITH_AES_128_CBC_SHA256           AES128-SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256           AES256-SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256           AES128-GCM-SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384           AES256-GCM-SHA384
-
- TLS_DH_RSA_WITH_AES_128_CBC_SHA256        DH-RSA-AES128-SHA256
- TLS_DH_RSA_WITH_AES_256_CBC_SHA256        DH-RSA-AES256-SHA256
- TLS_DH_RSA_WITH_AES_128_GCM_SHA256        DH-RSA-AES128-GCM-SHA256
- TLS_DH_RSA_WITH_AES_256_GCM_SHA384        DH-RSA-AES256-GCM-SHA384
-
- TLS_DH_DSS_WITH_AES_128_CBC_SHA256        DH-DSS-AES128-SHA256
- TLS_DH_DSS_WITH_AES_256_CBC_SHA256        DH-DSS-AES256-SHA256
- TLS_DH_DSS_WITH_AES_128_GCM_SHA256        DH-DSS-AES128-GCM-SHA256
- TLS_DH_DSS_WITH_AES_256_GCM_SHA384        DH-DSS-AES256-GCM-SHA384
-
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256       DHE-RSA-AES128-SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256       DHE-RSA-AES256-SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256       DHE-RSA-AES128-GCM-SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384       DHE-RSA-AES256-GCM-SHA384
-
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256       DHE-DSS-AES128-SHA256
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256       DHE-DSS-AES256-SHA256
- TLS_DHE_DSS_WITH_AES_128_GCM_SHA256       DHE-DSS-AES128-GCM-SHA256
- TLS_DHE_DSS_WITH_AES_256_GCM_SHA384       DHE-DSS-AES256-GCM-SHA384
-
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256     ECDHE-RSA-AES128-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384     ECDHE-RSA-AES256-SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256     ECDHE-RSA-AES128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384     ECDHE-RSA-AES256-GCM-SHA384
-
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256   ECDHE-ECDSA-AES128-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384   ECDHE-ECDSA-AES256-SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256   ECDHE-ECDSA-AES128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384   ECDHE-ECDSA-AES256-GCM-SHA384
-
- TLS_DH_anon_WITH_AES_128_CBC_SHA256       ADH-AES128-SHA256
- TLS_DH_anon_WITH_AES_256_CBC_SHA256       ADH-AES256-SHA256
- TLS_DH_anon_WITH_AES_128_GCM_SHA256       ADH-AES128-GCM-SHA256
- TLS_DH_anon_WITH_AES_256_GCM_SHA384       ADH-AES256-GCM-SHA384
-
- RSA_WITH_AES_128_CCM                      AES128-CCM
- RSA_WITH_AES_256_CCM                      AES256-CCM
- DHE_RSA_WITH_AES_128_CCM                  DHE-RSA-AES128-CCM
- DHE_RSA_WITH_AES_256_CCM                  DHE-RSA-AES256-CCM
- RSA_WITH_AES_128_CCM_8                    AES128-CCM8
- RSA_WITH_AES_256_CCM_8                    AES256-CCM8
- DHE_RSA_WITH_AES_128_CCM_8                DHE-RSA-AES128-CCM8
- DHE_RSA_WITH_AES_256_CCM_8                DHE-RSA-AES256-CCM8
- ECDHE_ECDSA_WITH_AES_128_CCM              ECDHE-ECDSA-AES128-CCM
- ECDHE_ECDSA_WITH_AES_256_CCM              ECDHE-ECDSA-AES256-CCM
- ECDHE_ECDSA_WITH_AES_128_CCM_8            ECDHE-ECDSA-AES128-CCM8
- ECDHE_ECDSA_WITH_AES_256_CCM_8            ECDHE-ECDSA-AES256-CCM8
+ TLS_GOSTR341001_WITH_28147_CNT_IMIT         GOST2001-GOST89-GOST89
+ TLS_GOSTR341001_WITH_NULL_GOSTR3411         GOST2001-NULL-GOST94
+                                             IANA-GOST2012-GOST8912-GOST8912
+                                             LEGACY-GOST2012-GOST8912-GOST8912
+                                             GOST2012-NULL-GOST12
+                                             GOST2012-KUZNYECHIK-KUZNYECHIKOMAC
+                                             GOST2012-MAGMA-MAGMAOMAC
 
 =head2 ARIA cipher suites from RFC6209, extending TLS v1.2
 
 Note: the CBC modes mentioned in this RFC are not supported.
 
- TLS_RSA_WITH_ARIA_128_GCM_SHA256          ARIA128-GCM-SHA256
- TLS_RSA_WITH_ARIA_256_GCM_SHA384          ARIA256-GCM-SHA384
- TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256      DHE-RSA-ARIA128-GCM-SHA256
- TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384      DHE-RSA-ARIA256-GCM-SHA384
- TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256      DHE-DSS-ARIA128-GCM-SHA256
- TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384      DHE-DSS-ARIA256-GCM-SHA384
- TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256  ECDHE-ECDSA-ARIA128-GCM-SHA256
- TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384  ECDHE-ECDSA-ARIA256-GCM-SHA384
- TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256    ECDHE-ARIA128-GCM-SHA256
- TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384    ECDHE-ARIA256-GCM-SHA384
- TLS_PSK_WITH_ARIA_128_GCM_SHA256          PSK-ARIA128-GCM-SHA256
- TLS_PSK_WITH_ARIA_256_GCM_SHA384          PSK-ARIA256-GCM-SHA384
- TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256      DHE-PSK-ARIA128-GCM-SHA256
- TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384      DHE-PSK-ARIA256-GCM-SHA384
- TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256      RSA-PSK-ARIA128-GCM-SHA256
- TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384      RSA-PSK-ARIA256-GCM-SHA384
-
-=head2 Camellia HMAC-Based cipher suites from RFC6367, extending TLS v1.2
-
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256 ECDHE-ECDSA-CAMELLIA128-SHA256
- TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384 ECDHE-ECDSA-CAMELLIA256-SHA384
- TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-RSA-CAMELLIA128-SHA256
- TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_DH_anon_WITH_ARIA_128_CBC_SHA256           ADH-ARIA128-CBC-SHA256
+ TLS_DH_anon_WITH_ARIA_128_GCM_SHA256           ADH-ARIA128-GCM-SHA256
+ TLS_DH_anon_WITH_ARIA_256_CBC_SHA384           ADH-ARIA256-CBC-SHA384
+ TLS_DH_anon_WITH_ARIA_256_GCM_SHA384           ADH-ARIA256-GCM-SHA384
+ TLS_DHE_DSS_WITH_ARIA_128_GCM_SHA256           DHE-DSS-ARIA128-GCM-SHA256
+ TLS_DHE_DSS_WITH_ARIA_256_GCM_SHA384           DHE-DSS-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256           DHE-PSK-ARIA128-CBC-SHA256
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256           DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384           DHE-PSK-ARIA256-CBC-SHA384
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384           DHE-PSK-ARIA256-GCM-SHA384
+ TLS_DHE_RSA_WITH_ARIA_128_CBC_SHA256           DHE-RSA-ARIA128-CBC-SHA256
+ TLS_DHE_RSA_WITH_ARIA_128_GCM_SHA256           DHE-RSA-ARIA128-GCM-SHA256
+ TLS_DHE_RSA_WITH_ARIA_256_CBC_SHA384           DHE-RSA-ARIA256-CBC-SHA384
+ TLS_DHE_RSA_WITH_ARIA_256_GCM_SHA384           DHE-RSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256       ECDHE-ECDSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256       ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384       ECDHE-ECDSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384       ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256         ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256         ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384         ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384         ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256         ECDHE-RSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256         ECDHE-RSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384         ECDHE-RSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384         ECDHE-RSA-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256               PSK-ARIA128-CBC-SHA256
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256               PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384               PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256           RSA-PSK-ARIA128-CBC-SHA256
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256           RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384           RSA-PSK-ARIA256-CBC-SHA384
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384           RSA-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_WITH_ARIA_128_CBC_SHA256               ARIA128-CBC-SHA256
+ TLS_RSA_WITH_ARIA_128_GCM_SHA256               ARIA128-GCM-SHA256
+ TLS_RSA_WITH_ARIA_256_CBC_SHA384               ARIA256-CBC-SHA384
+ TLS_RSA_WITH_ARIA_256_GCM_SHA384               ARIA256-GCM-SHA384
 
-=head2 Pre-shared keying (PSK) cipher suites
+=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
 
- PSK_WITH_NULL_SHA                         PSK-NULL-SHA
- DHE_PSK_WITH_NULL_SHA                     DHE-PSK-NULL-SHA
- RSA_PSK_WITH_NULL_SHA                     RSA-PSK-NULL-SHA
-
- PSK_WITH_RC4_128_SHA                      PSK-RC4-SHA
- PSK_WITH_3DES_EDE_CBC_SHA                 PSK-3DES-EDE-CBC-SHA
- PSK_WITH_AES_128_CBC_SHA                  PSK-AES128-CBC-SHA
- PSK_WITH_AES_256_CBC_SHA                  PSK-AES256-CBC-SHA
-
- DHE_PSK_WITH_RC4_128_SHA                  DHE-PSK-RC4-SHA
- DHE_PSK_WITH_3DES_EDE_CBC_SHA             DHE-PSK-3DES-EDE-CBC-SHA
- DHE_PSK_WITH_AES_128_CBC_SHA              DHE-PSK-AES128-CBC-SHA
- DHE_PSK_WITH_AES_256_CBC_SHA              DHE-PSK-AES256-CBC-SHA
-
- RSA_PSK_WITH_RC4_128_SHA                  RSA-PSK-RC4-SHA
- RSA_PSK_WITH_3DES_EDE_CBC_SHA             RSA-PSK-3DES-EDE-CBC-SHA
- RSA_PSK_WITH_AES_128_CBC_SHA              RSA-PSK-AES128-CBC-SHA
- RSA_PSK_WITH_AES_256_CBC_SHA              RSA-PSK-AES256-CBC-SHA
-
- PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
- PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
- DHE_PSK_WITH_AES_128_GCM_SHA256           DHE-PSK-AES128-GCM-SHA256
- DHE_PSK_WITH_AES_256_GCM_SHA384           DHE-PSK-AES256-GCM-SHA384
- RSA_PSK_WITH_AES_128_GCM_SHA256           RSA-PSK-AES128-GCM-SHA256
- RSA_PSK_WITH_AES_256_GCM_SHA384           RSA-PSK-AES256-GCM-SHA384
-
- PSK_WITH_AES_128_CBC_SHA256               PSK-AES128-CBC-SHA256
- PSK_WITH_AES_256_CBC_SHA384               PSK-AES256-CBC-SHA384
- PSK_WITH_NULL_SHA256                      PSK-NULL-SHA256
- PSK_WITH_NULL_SHA384                      PSK-NULL-SHA384
- DHE_PSK_WITH_AES_128_CBC_SHA256           DHE-PSK-AES128-CBC-SHA256
- DHE_PSK_WITH_AES_256_CBC_SHA384           DHE-PSK-AES256-CBC-SHA384
- DHE_PSK_WITH_NULL_SHA256                  DHE-PSK-NULL-SHA256
- DHE_PSK_WITH_NULL_SHA384                  DHE-PSK-NULL-SHA384
- RSA_PSK_WITH_AES_128_CBC_SHA256           RSA-PSK-AES128-CBC-SHA256
- RSA_PSK_WITH_AES_256_CBC_SHA384           RSA-PSK-AES256-CBC-SHA384
- RSA_PSK_WITH_NULL_SHA256                  RSA-PSK-NULL-SHA256
- RSA_PSK_WITH_NULL_SHA384                  RSA-PSK-NULL-SHA384
- PSK_WITH_AES_128_GCM_SHA256               PSK-AES128-GCM-SHA256
- PSK_WITH_AES_256_GCM_SHA384               PSK-AES256-GCM-SHA384
-
- ECDHE_PSK_WITH_RC4_128_SHA                ECDHE-PSK-RC4-SHA
- ECDHE_PSK_WITH_3DES_EDE_CBC_SHA           ECDHE-PSK-3DES-EDE-CBC-SHA
- ECDHE_PSK_WITH_AES_128_CBC_SHA            ECDHE-PSK-AES128-CBC-SHA
- ECDHE_PSK_WITH_AES_256_CBC_SHA            ECDHE-PSK-AES256-CBC-SHA
- ECDHE_PSK_WITH_AES_128_CBC_SHA256         ECDHE-PSK-AES128-CBC-SHA256
- ECDHE_PSK_WITH_AES_256_CBC_SHA384         ECDHE-PSK-AES256-CBC-SHA384
- ECDHE_PSK_WITH_NULL_SHA                   ECDHE-PSK-NULL-SHA
- ECDHE_PSK_WITH_NULL_SHA256                ECDHE-PSK-NULL-SHA256
- ECDHE_PSK_WITH_NULL_SHA384                ECDHE-PSK-NULL-SHA384
-
- PSK_WITH_CAMELLIA_128_CBC_SHA256          PSK-CAMELLIA128-SHA256
- PSK_WITH_CAMELLIA_256_CBC_SHA384          PSK-CAMELLIA256-SHA384
-
- DHE_PSK_WITH_CAMELLIA_128_CBC_SHA256      DHE-PSK-CAMELLIA128-SHA256
- DHE_PSK_WITH_CAMELLIA_256_CBC_SHA384      DHE-PSK-CAMELLIA256-SHA384
-
- RSA_PSK_WITH_CAMELLIA_128_CBC_SHA256      RSA-PSK-CAMELLIA128-SHA256
- RSA_PSK_WITH_CAMELLIA_256_CBC_SHA384      RSA-PSK-CAMELLIA256-SHA384
-
- ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256    ECDHE-PSK-CAMELLIA128-SHA256
- ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384    ECDHE-PSK-CAMELLIA256-SHA384
-
- PSK_WITH_AES_128_CCM                      PSK-AES128-CCM
- PSK_WITH_AES_256_CCM                      PSK-AES256-CCM
- DHE_PSK_WITH_AES_128_CCM                  DHE-PSK-AES128-CCM
- DHE_PSK_WITH_AES_256_CCM                  DHE-PSK-AES256-CCM
- PSK_WITH_AES_128_CCM_8                    PSK-AES128-CCM8
- PSK_WITH_AES_256_CCM_8                    PSK-AES256-CCM8
- DHE_PSK_WITH_AES_128_CCM_8                DHE-PSK-AES128-CCM8
- DHE_PSK_WITH_AES_256_CCM_8                DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256      DHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256      DHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256    ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-RSA-CHACHA20-POLY1305
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256          PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256      RSA-PSK-CHACHA20-POLY1305
+
+=head2 Elliptic curve cipher suites for TLS v.1.2
+
+ TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA            AECDH-DES-CBC3-SHA
+ TLS_ECDH_anon_WITH_AES_128_CBC_SHA             AECDH-AES128-SHA
+ TLS_ECDH_anon_WITH_AES_128_CCM_8               AECDH-AES128-CCM8
+ TLS_ECDH_anon_WITH_AES_128_CCM                 AECDH-AES128-CCM
+ TLS_ECDH_anon_WITH_AES_256_CBC_SHA             AECDH-AES256-SHA
+ TLS_ECDH_anon_WITH_AES_256_CCM_8               AECDH-AES256-CCM8
+ TLS_ECDH_anon_WITH_AES_256_CCM                 AECDH-AES256-CCM
+ TLS_ECDH_anon_WITH_RC4_128_SHA                 AECDH-RC4-SHA
+ TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA           ECDH-ECDSA-DES-CBC3-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256         ECDH-ECDSA-AES128-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA            ECDH-ECDSA-AES128-SHA
+ TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256         ECDH-ECDSA-AES128-GCM-SHA256
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384         ECDH-ECDSA-AES256-SHA384
+ TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA            ECDH-ECDSA-AES256-SHA
+ TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384         ECDH-ECDSA-AES256-GCM-SHA384
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_128_CBC_SHA256    ECDH-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDH_ECDSA_WITH_CAMELLIA_256_CBC_SHA384    ECDH-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDH_ECDSA_WITH_RC4_128_SHA                ECDH-ECDSA-RC4-SHA
+ TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA             ECDH-RSA-DES-CBC3-SHA
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256           ECDH-RSA-AES128-SHA256
+ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA              ECDH-RSA-AES128-SHA
+ TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256           ECDH-RSA-AES128-GCM-SHA256
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384           ECDH-RSA-AES256-SHA384
+ TLS_ECDH_RSA_WITH_AES_256_CBC_SHA              ECDH-RSA-AES256-SHA
+ TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384           ECDH-RSA-AES256-GCM-SHA384
+ TLS_ECDH_RSA_WITH_CAMELLIA_128_CBC_SHA256      ECDH-RSA-CAMELLIA128-SHA256
+ TLS_ECDH_RSA_WITH_CAMELLIA_256_CBC_SHA384      ECDH-RSA-CAMELLIA256-SHA384
+ TLS_ECDH_RSA_WITH_RC4_128_SHA                  ECDH-RSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA          ECDHE-ECDSA-DES-CBC3-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256        ECDHE-ECDSA-AES128-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA           ECDHE-ECDSA-AES128-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8             ECDHE-ECDSA-AES128-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_128_CCM               ECDHE-ECDSA-AES128-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256        ECDHE-ECDSA-AES128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384        ECDHE-ECDSA-AES256-SHA384
+ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA           ECDHE-ECDSA-AES256-SHA
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8             ECDHE-ECDSA-AES256-CCM8
+ TLS_ECDHE_ECDSA_WITH_AES_256_CCM               ECDHE-ECDSA-AES256-CCM
+ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384        ECDHE-ECDSA-AES256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_CBC_SHA256       ECDHE-ECDSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_128_GCM_SHA256       ECDHE-ECDSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_CBC_SHA384       ECDHE-ECDSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_ECDSA_WITH_ARIA_256_GCM_SHA384       ECDHE-ECDSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_CBC_SHA256   ECDHE-ECDSA-CAMELLIA128-SHA256
+ TLS_ECDHE_ECDSA_WITH_CAMELLIA_256_CBC_SHA384   ECDHE-ECDSA-CAMELLIA256-SHA384
+ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256  ECDHE-ECDSA-CHACHA20-POLY1305
+ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA               ECDHE-ECDSA-RC4-SHA
+ TLS_ECDHE_ECDSA_WITH_SM4_CCM_SM3               ECDHE-ECDSA-SM4-CCM-SM3
+ TLS_ECDHE_ECDSA_WITH_SM4_GCM_SM3               ECDHE-ECDSA-SM4-GCM-SM3
+ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA            ECDHE-RSA-DES-CBC3-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256          ECDHE-RSA-AES128-SHA256
+ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA             ECDHE-RSA-AES128-SHA
+ TLS_ECDHE_RSA_WITH_AES_128_CCM_8               ECDHE-RSA-AES128-CCM8
+ TLS_ECDHE_RSA_WITH_AES_128_CCM                 ECDHE-RSA-AES128-CCM
+ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256          ECDHE-RSA-AES128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384          ECDHE-RSA-AES256-SHA384
+ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA             ECDHE-RSA-AES256-SHA
+ TLS_ECDHE_RSA_WITH_AES_256_CCM_8               ECDHE-RSA-AES256-CCM8
+ TLS_ECDHE_RSA_WITH_AES_256_CCM                 ECDHE-RSA-AES256-CCM
+ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384          ECDHE-RSA-AES256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_128_CBC_SHA256         ECDHE-RSA-ARIA128-CBC-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_128_GCM_SHA256         ECDHE-RSA-ARIA128-GCM-SHA256
+ TLS_ECDHE_RSA_WITH_ARIA_256_CBC_SHA384         ECDHE-RSA-ARIA256-CBC-SHA384
+ TLS_ECDHE_RSA_WITH_ARIA_256_GCM_SHA384         ECDHE-RSA-ARIA256-GCM-SHA384
+ TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-RSA-CAMELLIA128-SHA256
+ TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-RSA-CAMELLIA256-SHA384
+ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-RSA-CHACHA20-POLY1305
+ TLS_ECDHE_RSA_WITH_RC4_128_SHA                 ECDHE-RSA-RC4-SHA
+ TLS_ECDHE_RSA_WITH_SM4_CCM_SM3                 ECDHE-RSA-SM4-CCM-SM3
+ TLS_ECDHE_RSA_WITH_SM4_GCM_SM3                 ECDHE-RSA-SM4-GCM-SM3
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA            ECDHE-PSK-DES-CBC3-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256          ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA             ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256        ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256          ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256          ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384          ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA             ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384          ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256         ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256         ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384         ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384         ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256    ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA                 ECDHE-PSK-RC4-SHA
+ TLS_ECDHE_PSK_WITH_SM4_CCM_SM3                 ECDHE-PSK-SM4-CCM-SM3
+ TLS_ECDHE_PSK_WITH_SM4_GCM_SM3                 ECDHE-PSK-SM4-GCM-SM3
 
-=head2 ChaCha20-Poly1305 cipher suites, extending TLS v1.2
+=head2 Pre-shared keying (PSK) cipher suites
 
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256      ECDHE-RSA-CHACHA20-POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256    ECDHE-ECDSA-CHACHA20-POLY1305
- TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256        DHE-RSA-CHACHA20-POLY1305
- TLS_PSK_WITH_CHACHA20_POLY1305_SHA256            PSK-CHACHA20-POLY1305
- TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256      ECDHE-PSK-CHACHA20-POLY1305
- TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256        DHE-PSK-CHACHA20-POLY1305
- TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256        RSA-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA256            DHE-PSK-AES128-CBC-SHA256
+ TLS_DHE_PSK_WITH_AES_128_CBC_SHA               DHE-PSK-AES128-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_128_CCM_8                 DHE-PSK-AES128-CCM8
+ TLS_DHE_PSK_WITH_AES_128_CCM                   DHE-PSK-AES128-CCM
+ TLS_DHE_PSK_WITH_AES_128_GCM_SHA256            DHE-PSK-AES128-GCM-SHA256
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA384            DHE-PSK-AES256-CBC-SHA384
+ TLS_DHE_PSK_WITH_AES_256_CBC_SHA               DHE-PSK-AES256-CBC-SHA
+ TLS_DHE_PSK_WITH_AES_256_CCM_8                 DHE-PSK-AES256-CCM8
+ TLS_DHE_PSK_WITH_AES_256_CCM                   DHE-PSK-AES256-CCM
+ TLS_DHE_PSK_WITH_AES_256_GCM_SHA384            DHE-PSK-AES256-GCM-SHA384
+ TLS_DHE_PSK_WITH_ARIA_128_CBC_SHA256           DHE-PSK-ARIA128-CBC-SHA256
+ TLS_DHE_PSK_WITH_ARIA_128_GCM_SHA256           DHE-PSK-ARIA128-GCM-SHA256
+ TLS_DHE_PSK_WITH_ARIA_256_CBC_SHA384           DHE-PSK-ARIA256-CBC-SHA384
+ TLS_DHE_PSK_WITH_ARIA_256_GCM_SHA384           DHE-PSK-ARIA256-GCM-SHA384
+ TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256      DHE-PSK-CHACHA20-POLY1305
+ TLS_DHE_PSK_WITH_SM4_CCM_SM3                   DHE-PSK-SM4-CCM-SM3
+ TLS_DHE_PSK_WITH_SM4_GCM_SM3                   DHE-PSK-SM4-GCM-SM3
+ TLS_ECDHE_PSK_WITH_3DES_EDE_CBC_SHA            ECDHE-PSK-DES-CBC3-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256          ECDHE-PSK-AES128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA             ECDHE-PSK-AES128-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_8_SHA256        ECDHE-PSK-AES128-CCM8
+ TLS_ECDHE_PSK_WITH_AES_128_CCM_SHA256          ECDHE-PSK-AES128-CCM
+ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256          ECDHE-PSK-AES128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384          ECDHE-PSK-AES256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA             ECDHE-PSK-AES256-CBC-SHA
+ TLS_ECDHE_PSK_WITH_AES_256_GCM_SHA384          ECDHE-PSK-AES256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_128_CBC_SHA256         ECDHE-PSK-ARIA128-CBC-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_128_GCM_SHA256         ECDHE-PSK-ARIA128-GCM-SHA256
+ TLS_ECDHE_PSK_WITH_ARIA_256_CBC_SHA384         ECDHE-PSK-ARIA256-CBC-SHA384
+ TLS_ECDHE_PSK_WITH_ARIA_256_GCM_SHA384         ECDHE-PSK-ARIA256-GCM-SHA384
+ TLS_ECDHE_PSK_WITH_CAMELLIA_128_CBC_SHA256     ECDHE-PSK-CAMELLIA128-SHA256
+ TLS_ECDHE_PSK_WITH_CAMELLIA_256_CBC_SHA384     ECDHE-PSK-CAMELLIA256-SHA384
+ TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256    ECDHE-PSK-CHACHA20-POLY1305
+ TLS_ECDHE_PSK_WITH_RC4_128_SHA                 ECDHE-PSK-RC4-SHA
+ TLS_ECDHE_PSK_WITH_SM4_CCM_SM3                 ECDHE-PSK-SM4-CCM-SM3
+ TLS_ECDHE_PSK_WITH_SM4_GCM_SM3                 ECDHE-PSK-SM4-GCM-SM3
+ TLS_PSK_WITH_AES_128_CBC_SHA256                PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_128_CBC_SHA                   PSK-AES128-CBC-SHA
+ TLS_PSK_WITH_AES_128_CCM_8                     PSK-AES128-CCM8
+ TLS_PSK_WITH_AES_128_CCM                       PSK-AES128-CCM
+ TLS_PSK_WITH_AES_128_GCM_SHA256                PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384                PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_256_CBC_SHA                   PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_256_CCM_8                     PSK-AES256-CCM8
+ TLS_PSK_WITH_AES_256_CCM                       PSK-AES256-CCM
+ TLS_PSK_WITH_AES_256_GCM_SHA384                PSK-AES256-GCM-SHA384
+ TLS_PSK_WITH_ARIA_128_CBC_SHA256               PSK-ARIA128-CBC-SHA256
+ TLS_PSK_WITH_ARIA_128_GCM_SHA256               PSK-ARIA128-GCM-SHA256
+ TLS_PSK_WITH_ARIA_256_GCM_SHA384               PSK-ARIA256-GCM-SHA384
+ TLS_PSK_WITH_CHACHA20_POLY1305_SHA256          PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256            RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA               RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256            RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384            RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA               RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384            RSA-PSK-AES256-GCM-SHA384
+ TLS_RSA_PSK_WITH_ARIA_128_CBC_SHA256           RSA-PSK-ARIA128-CBC-SHA256
+ TLS_RSA_PSK_WITH_ARIA_128_GCM_SHA256           RSA-PSK-ARIA128-GCM-SHA256
+ TLS_RSA_PSK_WITH_ARIA_256_CBC_SHA384           RSA-PSK-ARIA256-CBC-SHA384
+ TLS_RSA_PSK_WITH_ARIA_256_GCM_SHA384           RSA-PSK-ARIA256-GCM-SHA384
+ TLS_RSA_PSK_WITH_CHACHA20_POLY1305_SHA256      RSA-PSK-CHACHA20-POLY1305
+ TLS_RSA_PSK_WITH_SM4_CCM_SM3                   RSA-PSK-SM4-CCM-SM3
+ TLS_RSA_PSK_WITH_SM4_GCM_SM3                   RSA-PSK-SM4-GCM-SM3
+
+=head2 Other TLS v1.2 cipher suites
+
+ TLS_RSA_WITH_NULL_MD5                          NULL-MD5
+ TLS_RSA_WITH_NULL_SHA                          NULL-SHA
+ TLS_RSA_WITH_NULL_SHA256                       NULL-SHA256
+ TLS_RSA_WITH_RC4_128_MD5                       RC4-MD5
+ TLS_RSA_WITH_RC4_128_SHA                       RC4-SHA
+ TLS_RSA_WITH_IDEA_CBC_SHA                      IDEA-CBC-SHA
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA                  DES-CBC3-SHA
+ TLS_RSA_WITH_SM4_CCM_SM3                       SM4-CCM-SM3
+ TLS_RSA_WITH_SM4_GCM_SM3                       SM4-GCM-SM3
+ TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA              DHE-DSS-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA              DHE-RSA-DES-CBC3-SHA
+ TLS_DHE_RSA_WITH_SM4_CCM_SM3                   DHE-RSA-SM4-CCM-SM3
+ TLS_DHE_RSA_WITH_SM4_GCM_SM3                   DHE-RSA-SM4-GCM-SM3
+ TLS_DH_anon_WITH_RC4_128_MD5                   ADH-RC4-MD5
+ TLS_DH_anon_WITH_3DES_EDE_CBC_SHA              ADH-DES-CBC3-SHA
 
 =head2 TLS v1.3 cipher suites
 
@@ -746,12 +859,12 @@
 and thus are disabled by default.
 These ciphers are only available at security level 0.
 
-=head2 Older names used by OpenSSL
+=head2 "EDH-" aliases to "DHE-" names for backward compatibility
 
 The following names are accepted by older releases:
 
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA    EDH-RSA-DES-CBC3-SHA (DHE-RSA-DES-CBC3-SHA)
- SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA    EDH-DSS-DES-CBC3-SHA (DHE-DSS-DES-CBC3-SHA)
+ EDH-RSA-DES-CBC3-SHA - alias of DHE-RSA-DES-CBC3-SHA
+ EDH-DSS-DES-CBC3-SHA - alias of DHE-DSS-DES-CBC3-SHA
 
 =head1 NOTES
 
@@ -774,13 +887,9 @@
 
  openssl ciphers -v 'ALL:!aNULL'
 
-Include only 3DES ciphers and then place RSA ciphers last:
-
- openssl ciphers -v '3DES:+RSA'
-
-Include all RC4 ciphers but leave out those without authentication:
+Include only AES ciphers and then place RSA ciphers last:
 
- openssl ciphers -v 'RC4:!COMPLEMENTOFDEFAULT'
+ openssl ciphers -v 'AES:+RSA'
 
 Include all ciphers with RSA authentication but leave out ciphers without
 encryption.
@@ -814,7 +923,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/openssl-cmp.pod.in openssl-3.5.6/doc/man1/openssl-cmp.pod.in
--- openssl-3.5.5/doc/man1/openssl-cmp.pod.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-cmp.pod.in	2026-04-07 12:26:30.000000000 +0000
@@ -718,9 +718,15 @@
 =item B<-no_cache_extracerts>
 
 Do not cache certificates in the extraCerts field of CMP messages received.
-By default, they are kept as they may be helful for validating further messages.
+By default, they are kept as they may be helpful for validating further messages.
 This option applies to both CMP clients and the mock server.
 
+In any case, after successfully validating an incoming message, its protection
+certificate (if any) is cached for reuse with validation of subsequent messages.
+This is done not only for efficiency but also
+to eliminate the need for the sender to include its certificate and related chain
+in the extraCerts field of subsequent messages of the same transaction.
+
 =item B<-srvcertout> I<filename>
 
 The file where to save the successfully validated certificate, if any,
@@ -1533,7 +1539,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/openssl-cms.pod.in openssl-3.5.6/doc/man1/openssl-cms.pod.in
--- openssl-3.5.5/doc/man1/openssl-cms.pod.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-cms.pod.in	2026-04-07 12:26:30.000000000 +0000
@@ -881,7 +881,7 @@
 
 Print CMS signed binary data in human-readable form:
 
-openssl cms -in signed.cms -binary -inform DER -cmsout -print
+ openssl cms -in signed.cms -binary -inform DER -cmsout -print
 
 =head1 BUGS
 
diff -Nru openssl-3.5.5/doc/man1/openssl-format-options.pod openssl-3.5.6/doc/man1/openssl-format-options.pod
--- openssl-3.5.5/doc/man1/openssl-format-options.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-format-options.pod	2026-04-07 12:26:30.000000000 +0000
@@ -75,7 +75,7 @@
 
 A DER-encoded file containing a PKCS#12 object.
 It might be necessary to provide a decryption password to retrieve
-the private key.
+the private key or certificate.
 
 =item B<PEM>
 
@@ -135,7 +135,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/openssl-pkeyutl.pod.in openssl-3.5.6/doc/man1/openssl-pkeyutl.pod.in
--- openssl-3.5.5/doc/man1/openssl-pkeyutl.pod.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-pkeyutl.pod.in	2026-04-07 12:26:30.000000000 +0000
@@ -207,7 +207,7 @@
 Encapsulation is supported with a number of public key algorithms, currently:
 L<ML-KEM|EVP_PKEY-ML-KEM(7)>,
 L<X25519|EVP_KEM-X25519(7)>,
-L<X449|EVP_KEM-X448(7)>,
+L<X448|EVP_KEM-X448(7)>,
 and
 L<EC|EVP_KEM-EC(7)>.
 The ECX and EC algorithms use the
@@ -693,7 +693,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2006-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/openssl-verification-options.pod openssl-3.5.6/doc/man1/openssl-verification-options.pod
--- openssl-3.5.5/doc/man1/openssl-verification-options.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-verification-options.pod	2026-04-07 12:26:30.000000000 +0000
@@ -142,6 +142,12 @@
 The lookup first searches for issuer certificates in the trust store.
 If it does not find a match there it consults
 the list of untrusted ("intermediate" CA) certificates, if provided.
+If one issuer certificate was found in the trust store, the list of
+untrusted certificates will not be consulted anymore to find further
+issuer certificates. Therefore, either only the root certificate or an
+uninterrupted chain to the root certificate must be provided in the trust
+store for a successful verification, if B<X509_V_FLAG_PARTIAL_CHAIN>
+is not enabled.
 
 =head2 Certification Path Validation
 
@@ -732,7 +738,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man1/openssl-verify.pod.in openssl-3.5.6/doc/man1/openssl-verify.pod.in
--- openssl-3.5.5/doc/man1/openssl-verify.pod.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man1/openssl-verify.pod.in	2026-04-07 12:26:30.000000000 +0000
@@ -104,6 +104,11 @@
 
 =back
 
+Note that the first parameter that does not begin with a B<-> ends the list
+of options and starts the list of certificates. If you place any options
+after a certificate filename, they will be interpreted not as options
+but as certificates.
+
 =head1 DIAGNOSTICS
 
 When a verify operation fails the output messages can be somewhat cryptic. The
@@ -140,7 +145,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/ADMISSIONS.pod openssl-3.5.6/doc/man3/ADMISSIONS.pod
--- openssl-3.5.5/doc/man3/ADMISSIONS.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/ADMISSIONS.pod	2026-04-07 12:26:30.000000000 +0000
@@ -98,7 +98,7 @@
 The B<PROFESSION_INFOS>, B<ADMISSION_SYNTAX>, B<ADMISSIONS>, and
 B<PROFESSION_INFO> types are opaque structures representing the
 analogous types defined in the Common PKI Specification published
-by L<https://www.t7ev.org>.
+by L<T7 & TELETRUST|https://www.bundesnetzagentur.de/EVD/DE/SharedDocuments/Downloads/Anbieter_Infothek/Common_PKI_v2.0_02.pdf?__blob=publicationFile&v=1>.
 Knowledge of those structures and their semantics is assumed.
 
 The conventional routines to convert between DER and the local format
@@ -169,7 +169,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/BIO_get_data.pod openssl-3.5.6/doc/man3/BIO_get_data.pod
--- openssl-3.5.5/doc/man3/BIO_get_data.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/BIO_get_data.pod	2026-04-07 12:26:30.000000000 +0000
@@ -18,7 +18,7 @@
 
 =head1 DESCRIPTION
 
-These functions are mainly useful when implementing a custom BIO.
+These functions can be used when implementing a custom BIO.
 
 The BIO_set_data() function associates the custom data pointed to by B<ptr> with
 the BIO. This data can subsequently be retrieved via a call to BIO_get_data().
@@ -36,6 +36,13 @@
 this BIO's shutdown (i.e. BIO_CLOSE) flag. If set then the underlying resource
 is also closed when the BIO is freed.
 
+=head1 WARNINGS
+
+Do not use BIO_set_data(), BIO_get_data(), BIO_set_init(), BIO_get_init(), outside
+the implementation of a custom BIO.
+Calling BIO_set_data() on an existing BIO implementation with data that it does
+not expect will lead to unexpected results.
+
 =head1 RETURN VALUES
 
 BIO_get_data() returns a pointer to the implementation specific custom data
@@ -55,7 +62,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/BIO_push.pod openssl-3.5.6/doc/man3/BIO_push.pod
--- openssl-3.5.5/doc/man3/BIO_push.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/BIO_push.pod	2026-04-07 12:26:30.000000000 +0000
@@ -20,7 +20,7 @@
 to I<next> (unless I<next> is NULL).
 It then makes a control call on I<b> and returns I<b>.
 
-BIO_pop() removes the BIO I<b> from any chain is is part of.
+BIO_pop() removes the BIO I<b> from any chain it is part of.
 If I<b> is NULL the function does nothing and returns NULL.
 Otherwise it makes a control call on I<b> and
 returns the next BIO in the chain, or NULL if there is no next BIO.
@@ -88,7 +88,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/BIO_read.pod openssl-3.5.6/doc/man3/BIO_read.pod
--- openssl-3.5.5/doc/man3/BIO_read.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/BIO_read.pod	2026-04-07 12:26:30.000000000 +0000
@@ -52,7 +52,9 @@
 
 BIO_write() attempts to write I<len> bytes from I<buf> to BIO I<b>.
 
-BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>.
+BIO_puts() attempts to write a NUL-terminated string I<buf> to BIO I<b>,
+without the terminating NUL byte and without appending '\n'
+(so, similar to fputs(3), and not puts(3)).
 
 =head1 RETURN VALUES
 
@@ -119,7 +121,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/EVP_EncryptInit.pod openssl-3.5.6/doc/man3/EVP_EncryptInit.pod
--- openssl-3.5.5/doc/man3/EVP_EncryptInit.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/EVP_EncryptInit.pod	2026-04-07 12:26:30.000000000 +0000
@@ -1453,6 +1453,9 @@
 EVP_CIPHER_names_do_all() returns 1 if the callback was called for all names.
 A return value of 0 means that the callback was not called for any names.
 
+EVP_CIPHER_get_params(), EVP_CIPHER_CTX_get_params() and
+EVP_CIPHER_CTX_set_params() return 1 for success and 0 for failure.
+
 =head1 CIPHER LISTING
 
 All algorithms have a fixed key length unless otherwise stated.
@@ -1477,7 +1480,12 @@
 To specify additional authenticated data (AAD), a call to EVP_CipherUpdate(),
 EVP_EncryptUpdate() or EVP_DecryptUpdate() should be made with the output
 parameter I<out> set to NULL. In this case, on success, the parameter
-I<outl> is set to the number of bytes authenticated.
+I<outl> is set to the number of AAD bytes processed in that call
+(that is, the value of I<inl>), and does not include any plaintext
+or ciphertext bytes processed by other calls.
+
+If no AAD is used, this call can be omitted. See the mode-specific notes
+below for any exceptions.
 
 When decrypting, the return value of EVP_DecryptFinal() or EVP_CipherFinal()
 indicates whether the operation was successful. If it does not indicate success,
diff -Nru openssl-3.5.5/doc/man3/OPENSSL_malloc.pod openssl-3.5.6/doc/man3/OPENSSL_malloc.pod
--- openssl-3.5.5/doc/man3/OPENSSL_malloc.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/OPENSSL_malloc.pod	2026-04-07 12:26:30.000000000 +0000
@@ -117,8 +117,8 @@
 OPENSSL_clear_realloc() and OPENSSL_clear_free() should be used
 when the buffer at B<addr> holds sensitive information.
 The old buffer is filled with zero's by calling OPENSSL_cleanse()
-before ultimately calling OPENSSL_free(). If the argument to OPENSSL_free() is
-NULL, nothing is done.
+before ultimately calling OPENSSL_free(). If the argument to
+OPENSSL_clear_free() is NULL, nothing is done.
 
 OPENSSL_cleanse() fills B<ptr> of size B<len> with a string of 0's.
 It is useful in cases when it is needed to ensure that memory (that contains
@@ -258,7 +258,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2016-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/OSSL_CMP_CTX_new.pod openssl-3.5.6/doc/man3/OSSL_CMP_CTX_new.pod
--- openssl-3.5.5/doc/man3/OSSL_CMP_CTX_new.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/OSSL_CMP_CTX_new.pod	2026-04-07 12:26:30.000000000 +0000
@@ -356,6 +356,12 @@
 Do not cache certificates received in the extraCerts CMP message field.
 Otherwise they are stored to potentially help validate further messages.
 
+In any case, after successfully validating an incoming message, its protection
+certificate (if any) is cached for reuse with validation of subsequent messages.
+This is done not only for efficiency but also
+to eliminate the need for the sender to include its certificate and related chain
+in the extraCerts field of subsequent messages of the same transaction.
+
 =back
 
 OSSL_CMP_CTX_get_option() reads the current value of the given option
@@ -877,14 +883,15 @@
 OSSL_CMP_CTX_get0_libctx(), OSSL_CMP_CTX_get0_propq(), and
 OSSL_CMP_CTX_get0_validatedSrvCert() were added in OpenSSL 3.2.
 
-OSSL_CMP_CTX_get0_geninfo_ITAVs() was added in OpenSSL 3.3.
+OSSL_CMP_CTX_get0_geninfo_ITAVs() and
+the B<OSSL_CMP_OPT_NO_CACHE_EXTRACERTS> option were added in OpenSSL 3.3.
 
 Support for central key generation, requested via B<OSSL_CRMF_POPO_NONE>,
 was added in OpenSSL 3.5.
 
 =head1 COPYRIGHT
 
-Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/OSSL_HPKE_CTX_new.pod openssl-3.5.6/doc/man3/OSSL_HPKE_CTX_new.pod
--- openssl-3.5.5/doc/man3/OSSL_HPKE_CTX_new.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/OSSL_HPKE_CTX_new.pod	2026-04-07 12:26:30.000000000 +0000
@@ -451,12 +451,12 @@
 
 OSSL_HPKE_str2suite() maps input I<str> strings to an B<OSSL_HPKE_SUITE> object.
 The input I<str> should be a comma-separated string with a KEM,
-KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes128gcm".
+KDF and AEAD name in that order, for example "x25519,hkdf-sha256,aes-128-gcm".
 This can be used by command line tools that accept string form names for HPKE
 codepoints. Valid (case-insensitive) names are:
 "p-256", "p-384", "p-521", "x25519" and "x448" for KEM,
 "hkdf-sha256", "hkdf-sha384" and "hkdf-sha512" for KDF, and
-"aes-gcm-128", "aes-gcm-256", "chacha20-poly1305" and "exporter" for AEAD.
+"aes-128-gcm", "aes-256-gcm", "chacha20-poly1305" and "exporter" for AEAD.
 String variants of the numbers listed in L</OSSL_HPKE_SUITE Identifiers>
 can also be used.
 
@@ -566,7 +566,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/PKCS5_PBE_keyivgen.pod openssl-3.5.6/doc/man3/PKCS5_PBE_keyivgen.pod
--- openssl-3.5.5/doc/man3/PKCS5_PBE_keyivgen.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/PKCS5_PBE_keyivgen.pod	2026-04-07 12:26:30.000000000 +0000
@@ -110,6 +110,13 @@
 
 I<digest> is the message digest function used in the derivation.
 
+I<aiv> is the initialization vector (IV) to use for the encryption algorithm.
+If I<aiv> is NULL, then a random IV will be generated.
+
+I<prf_nid> is the numeric identifier (NID) for the pseudo-random function to
+use with PBKDF2. If I<prf_nid> is not specified (for example, I<prf_nid> is set to 0),
+a default PRF is used, which is currently set to SHA-256 (NID_hmacWithSHA256).
+
 Functions ending in _ex() take optional parameters I<libctx> and I<propq> which
 are used to select appropriate algorithm implementations.
 
@@ -118,7 +125,9 @@
 PKCS5_pbe_set(), PKCS5_pbe_set_ex(), PKCS5_pbe2_set(), PKCS5_pbe2_set_iv(),
 PKCS5_pbe2_set_iv_ex() and PKCS5_pbe2_set_scrypt() generate an B<X509_ALGOR>
 object which represents an AlgorithmIdentifier containing the algorithm OID and
-associated parameters for the PBE algorithm.
+associated parameters for the PBE algorithm. These functions encode the
+key derivation parameters (such as salt and iteration count) and the
+encryption parameters (such as the IV) into the ASN.1 structure.
 
 PKCS5_pbkdf2_set() and PKCS5_pbkdf2_set_ex() generate an B<X509_ALGOR>
 object which represents an AlgorithmIdentifier containing the algorithm OID and
@@ -177,7 +186,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/RSA_set_method.pod openssl-3.5.6/doc/man3/RSA_set_method.pod
--- openssl-3.5.5/doc/man3/RSA_set_method.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/RSA_set_method.pod	2026-04-07 12:26:30.000000000 +0000
@@ -148,13 +148,7 @@
 
 RSA_set_default_method() returns no value.
 
-RSA_set_method() returns a pointer to the old RSA_METHOD implementation
-that was replaced. However, this return value should probably be ignored
-because if it was supplied by an ENGINE, the pointer could be invalidated
-at any time if the ENGINE is unloaded (in fact it could be unloaded as a
-result of the RSA_set_method() function releasing its handle to the
-ENGINE). For this reason, the return type may be replaced with a B<void>
-declaration in a future release.
+RSA_set_method() returns 1 for success. It always succeeds.
 
 RSA_new_method() returns NULL and sets an error code that can be obtained
 by L<ERR_get_error(3)> if the allocation fails. Otherwise
@@ -185,7 +179,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/SSL_CONF_cmd.pod openssl-3.5.6/doc/man3/SSL_CONF_cmd.pod
--- openssl-3.5.5/doc/man3/SSL_CONF_cmd.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/SSL_CONF_cmd.pod	2026-04-07 12:26:30.000000000 +0000
@@ -176,16 +176,14 @@
     $ openssl list -tls1_2 -tls-groups
     $ openssl list -tls1_3 -tls-groups
 
-The recommended groups (in order of decreasing performance) for TLS 1.3 are presently:
+The recommended groups for TLS 1.3 are presently documented in the default
+TLS group list in the OpenSSL code base. Starting with OpenSSL 3.5, the
+hybrid algorithm B<X25519MLKEM768> is first in this default list.
+It mitigates against threats from future quantum computers while
+still providing state-of-the-art classical key exchange protection.
 
-B<x25519>,
-B<secp256r1>,
-B<x448>,
-and
-B<secp384r1>.
-
-The stronger security margins of the last two, come at a significant
-performance penalty.
+Further details regarding post-quantum algorithm considerations are documented
+in the HISTORY section below.
 
 An enriched alternative syntax, that enables clients to send multiple keyshares
 and allows servers to prioritise some groups over others, is described in
@@ -884,7 +882,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2012-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/SSL_CTX_set1_curves.pod openssl-3.5.6/doc/man3/SSL_CTX_set1_curves.pod
--- openssl-3.5.5/doc/man3/SSL_CTX_set1_curves.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/SSL_CTX_set1_curves.pod	2026-04-07 12:26:30.000000000 +0000
@@ -40,13 +40,13 @@
 
 For all of the functions below that set the supported groups there must be at
 least one group in the list. A number of these functions identify groups via a
-unique integer NID value. However, support for some groups may be added by
-external providers. In this case there will be no NID assigned for the group.
+unique integer B<NID> value. However, support for some groups may be added by
+external providers. In this case there will be no B<NID> assigned for the group.
 When setting such groups applications should use the "list" form of these
 functions (i.e. SSL_CTX_set1_groups_list() and SSL_set1_groups_list()).
 
 SSL_CTX_set1_groups() sets the supported groups for B<ctx> to B<glistlen>
-groups in the array B<glist>. The array consist of all NIDs of supported groups.
+groups in the array B<glist>. The array consist of all B<NIDs> of supported groups.
 The supported groups for B<TLSv1.3> include:
 B<NID_X9_62_prime256v1>,
 B<NID_secp384r1>,
@@ -73,20 +73,27 @@
 array determines the selected group. Otherwise, the order is ignored and the
 client's order determines the selection.
 
-For a TLS 1.3 server, the groups determine the selected group, but
-selection is more complex. A TLS 1.3 client sends both a group list as well as a
-predicted subset of groups. Choosing a group outside the predicted subset incurs
-an extra roundtrip. However, in some situations, the most preferred group may
-not be predicted. OpenSSL considers all supported groups in I<clist> to be comparable
-in security and prioritizes avoiding roundtrips above either client or server
-preference order. If an application uses an external provider to extend OpenSSL
-with, e.g., a post-quantum algorithm, this behavior may allow a network attacker
-to downgrade connections to a weaker algorithm. It is therefore recommended
-to use SSL_CTX_set1_groups_list() with the ability to specify group tuples.
+For a TLS 1.3 server, the groups determine the selected group, but selection is
+more complex.
+A TLS 1.3 client sends both a group list and predicted keyshares for a subset
+of groups.
+A server choosing a group outside the client's predicted subset incurs an extra
+roundtrip.
+However, in some situations, the most preferred group may not be predicted.
+
+When groups are specified via SSL_CTX_set1_groups() as a list of B<NID>
+values, OpenSSL considers all supported groups in I<clist> to be comparable in
+security and prioritises avoiding roundtrips above either client or server
+preference order.
+If an application uses an external provider to extend OpenSSL with, e.g., a
+post-quantum algorithm, this behavior may allow a network attacker to downgrade
+connections to a weaker algorithm.
+It is therefore recommended to use SSL_CTX_set1_groups_list() instead, making
+it possible to specify group tuples as described below.
 
 SSL_CTX_set1_groups_list() sets the supported groups for B<ctx> to
 string I<list>. In contrast to SSL_CTX_set1_groups(), the names of the
-groups, rather than their NIDs, are used.
+groups, rather than their B<NIDs>, are used.
 
 The commands below list the available groups for TLS 1.2 and TLS 1.3,
 respectively:
@@ -102,30 +109,72 @@
 L<IANA|https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-8>.
 
 The I<list> can be used to define several group tuples of comparable security
-levels, and can specify which key shares should be sent by a client.
-The specified list elements can optionally be ignored, if not implemented
+levels, and can specify which predicted key shares should be sent by a client.
+Group tuples are used by OpenSSL TLS servers to decide whether to request a
+stronger keyshare than those predicted by sending a Hello Retry Request
+(B<HRR>) even if some of the predicted groups are supported.
+OpenSSL clients ignore tuple boundaries, and pay attenion only to the overall
+order of I<list> elements and which groups are selected as predicted keyshares
+as described below.
+
+The specified list elements can optionally be ignored if not implemented
 (listing unknown groups otherwise results in error).
-It is also possible to specify the built-in default set of groups, and to explicitly
-remove a group from that list.
+It is also possible to specify the built-in default set of groups, and to
+explicitly remove a group from that list.
 
-In its simplest form, the string I<list> is just a colon separated list
-of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048". The first
-group listed will also be used for the B<key_share> sent by a client in a
-TLSv1.3 B<ClientHello>. For servers note the discussion above. The list should
-be in order of preference with the most preferred group first.
-
-Group tuples of comparable security are defined by separating them from each
-other by a tuple separator C</>. Keyshares to be sent by a client are specified
-by prepending a C<*> to the group name, while any C<*> will be ignored by a
-server. The following string I<list> for example defines three tuples when
-used on the server-side, and triggers the generation of three key shares
-when used on the client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
-
-If a group name is preceded with the C<?> character, it will be ignored if an
-implementation is missing. If a group name is preceded with the C<-> character, it
-will be removed from the list of groups if present (including not sending a
-key share for this group), ignored otherwise. The pseudo group name
-C<DEFAULT> can be used to select the OpenSSL built-in default list of groups.
+In its simplest legacy form, the string I<list> is just a colon separated list
+of group names, for example "P-521:P-384:P-256:X25519:ffdhe2048".
+The first group listed will in this case be used as the sole predicted
+B<key_share> sent by a client in a TLSv1.3 B<ClientHello>.
+The list should be in order of preference with the most preferred group first.
+
+A more expressive syntax supports definition of group tuples of comparable
+security by separating them from each other with C</> characters.
+
+The predicted keyshares to be sent by clients can be explicitly specified by
+adding a C<*> prefix to the associated group name.
+These C<*> prefixes are ignored by servers.
+
+If a group name is prefixed with the C<?> character, it will be ignored if an
+implementation is missing.
+Otherwise, listing an unknown group name will cause a failure to parse the
+I<list>.
+Note that whether a group is known or not may depend on the OpenSSL version,
+how OpenSSL was compiled and/or which providers are loaded.
+Make sure you have the correct spelling of the group name and when in doubt
+prefix it with a C<?> to handle configurations in which it might nevertheless
+be unknown.
+
+If a group name is prefixed with the C<-> character, it will be removed from
+the list of groups specified up to that point.
+It can be added again if specified later.
+Removal of groups that have not been included earlier in the list is silently
+ignored.
+
+The pseudo group name C<DEFAULT> can be used to select the OpenSSL built-in
+default list of groups.
+Prepending one or more groups to C<DEFAULT> using only C<:> separators prepends those
+groups to the built-in default list's first tuple.
+Additional tuples can be prepended by use of the C</> separator.
+Appending a set of groups to C<DEFAULT> using only C<:> separators appends those
+groups to the built-in default list's last tuple.
+Additional tuples can be appended by use of the C</> separator.
+
+The B<DEFAULT> list selects B<X25519MLKEM768> as one of the predicted keyshares.
+In rare cases this can lead to failures or timeouts because the resulting
+larger TLS Client Hello message may no longer fit in a single TCP segment and
+firewall software may erroneously disrupt the TLS handshake.
+If this is an issue or concern, prepending C<?X25519MLKEM768:> without a C<*>
+prefix leads to its occurrence in the default list to be ignored as a duplicate,
+and along with that also the keyshare prediction.
+The group will then only be selected by servers that specifically expect it,
+after a Hello Retry Request (HRR).
+Servers that specifically prefer B<X25519MLKEM768>, are much less likely to be
+found behind problematic firewalls.
+
+The following string I<list> for example defines three tuples when used on the
+server-side, and triggers the generation of three key shares when used on the
+client-side: P-521:*P-256/*P-384/*X25519:P-384:ffdhe2048.
 
 For a TLS 1.3 client, all the groups in the string I<list> are added to the
 supported groups extension of a C<ClientHello>, in the order in which they are listed,
@@ -351,7 +400,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2013-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2013-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/SSL_CTX_set_psk_client_callback.pod openssl-3.5.6/doc/man3/SSL_CTX_set_psk_client_callback.pod
--- openssl-3.5.5/doc/man3/SSL_CTX_set_psk_client_callback.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/SSL_CTX_set_psk_client_callback.pod	2026-04-07 12:26:30.000000000 +0000
@@ -93,6 +93,14 @@
 Ownership of the SSL_SESSION object is passed to the OpenSSL library and so it
 should not be freed by the application.
 
+Note that as described above, the callback may be called a second time during a
+handshake. Since ownership of the SSL_SESSION is transferred to OpenSSL on each
+call, if the callback wishes to return the same SSL_SESSION pointer on a
+subsequent invocation, it must first call L<SSL_SESSION_up_ref(3)> to increment
+the reference count. Failure to do so will result in a use-after-free error.
+Alternatively, the callback may return a different SSL_SESSION object on each
+call (e.g., by calling L<SSL_SESSION_dup(3)>).
+
 It is also possible for the callback to succeed but not supply a PSK. In this
 case no PSK will be sent to the server but the handshake will continue. To do
 this the callback should return successfully and ensure that B<*sess> is
@@ -169,7 +177,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2006-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/SSL_get_ciphers.pod openssl-3.5.6/doc/man3/SSL_get_ciphers.pod
--- openssl-3.5.5/doc/man3/SSL_get_ciphers.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/SSL_get_ciphers.pod	2026-04-07 12:26:30.000000000 +0000
@@ -75,6 +75,8 @@
 available shared ciphersuites whether or not they are enabled. This is a server
 side function only and must only be called after the completion of the initial
 handshake.
+The function sets an empty string when B<ssl> fails the handshake due to the
+absence of shared ciphers.
 
 =head1 NOTES
 
@@ -107,7 +109,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2000-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man3/X509V3_EXT_print.pod openssl-3.5.6/doc/man3/X509V3_EXT_print.pod
--- openssl-3.5.5/doc/man3/X509V3_EXT_print.pod	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/doc/man3/X509V3_EXT_print.pod	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,51 @@
+=pod
+
+=head1 NAME
+
+X509V3_EXT_print, X509V3_EXT_print_fp - pretty print X509 certificate extensions
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509v3.h>
+
+ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent);
+ int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
+
+=head1 DESCRIPTION
+
+X509V3_EXT_print() and X509V3_EXT_print_fp() parse and print the extension
+info from I<ext> to I<bio> or I<out> with indentation set via I<indent>.
+I<flag> determines the behaviour if an extension could not be parsed and can be
+one of:
+B<X509V3_EXT_DEFAULT> (equivalent to 0): an unknown or unparsable extension
+stops the parsing and the function returns a failure.
+B<X509V3_EXT_PARSE_UNKNOWN>: an unknown or unparsable extension is handled by
+printing it through the B<ASN1_parse_dump()> function, and the function returns
+success.
+B<X509V3_EXT_DUMP_UNKNOWN>: an unknown or unparsable extension is handled by
+printing it through the B<BIO_dump_indent()> function, and the function returns
+success,
+B<X509V3_EXT_ERROR_UNKNOWN>: an unknown or unparsable extension is handled by
+printing either "<Not Supported>" or  "<Parse Error>", and the function returns
+success.
+
+=head1 RETURN VALUES
+
+X509V3_EXT_print() and X509V3_EXT_print_fp() return 1 for success and 0 for
+failure.
+
+=head1 SEE ALSO
+
+L<BIO_dump_indent(3)>,
+L<ASN1_parse_dump(3)>,
+
+=head1 COPYRIGHT
+
+Copyright 2026 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff -Nru openssl-3.5.5/doc/man3/X509_NAME_print_ex.pod openssl-3.5.6/doc/man3/X509_NAME_print_ex.pod
--- openssl-3.5.5/doc/man3/X509_NAME_print_ex.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man3/X509_NAME_print_ex.pod	2026-04-07 12:26:30.000000000 +0000
@@ -32,9 +32,8 @@
 Otherwise, at most I<size> bytes will be written, including the ending '\0',
 and I<buf> is returned.
 
-X509_NAME_print() prints out I<name> to I<bp> indenting each line by I<obase>
-characters. Multiple lines are used if the output (including indent) exceeds
-80 characters.
+X509_NAME_print() prints out I<name> to I<bp> on a single line.
+The I<obase> parameter is ignored and retained only for API compatibility.
 
 =head1 NOTES
 
@@ -122,7 +121,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2002-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-DSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-DSA.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-DSA.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-DSA.pod	2026-04-07 12:26:30.000000000 +0000
@@ -3,7 +3,7 @@
 =head1 NAME
 
 EVP_SIGNATURE-DSA
-- The B<EVP_PKEY> DSA signature implementation
+- The EVP_PKEY B<DSA> signature implementation
 
 =head1 DESCRIPTION
 
@@ -116,7 +116,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-ECDSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-ECDSA.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-ECDSA.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-ECDSA.pod	2026-04-07 12:26:30.000000000 +0000
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-EVP_SIGNATURE-ECDSA - The EVP_PKEY ECDSA signature implementation.
+EVP_SIGNATURE-ECDSA - The EVP_PKEY B<ECDSA> signature implementation
 
 =head1 DESCRIPTION
 
@@ -104,7 +104,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-ED25519.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-ED25519.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-ED25519.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-ED25519.pod	2026-04-07 12:26:30.000000000 +0000
@@ -6,7 +6,7 @@
 EVP_SIGNATURE-ED448,
 Ed25519,
 Ed448
-- EVP_PKEY Ed25519 and Ed448 support
+- The EVP_PKEY B<Ed25519> and B<Ed448> signature implementations
 
 =head1 DESCRIPTION
 
@@ -175,7 +175,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-HMAC.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-HMAC.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-HMAC.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-HMAC.pod	2026-04-07 12:26:30.000000000 +0000
@@ -4,7 +4,7 @@
 
 EVP_SIGNATURE-HMAC, EVP_SIGNATURE-Siphash, EVP_SIGNATURE-Poly1305,
 EVP_SIGNATURE-CMAC
-- The legacy B<EVP_PKEY> MAC signature implementations
+- The legacy EVP_PKEY B<MAC> signature implementations
 
 =head1 DESCRIPTION
 
@@ -39,7 +39,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-ML-DSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-ML-DSA.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-ML-DSA.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-ML-DSA.pod	2026-04-07 12:26:30.000000000 +0000
@@ -3,8 +3,8 @@
 =head1 NAME
 
 EVP_SIGNATURE-ML-DSA,
-EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87,
-- EVP_SIGNATURE ML-DSA support
+EVP_SIGNATURE-ML-DSA-44, EVP_SIGNATURE-ML-DSA-65, EVP_SIGNATURE-ML-DSA-87
+- The EVP_PKEY B<ML-DSA> signature implementations
 
 =head1 DESCRIPTION
 
@@ -131,7 +131,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-RSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-RSA.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-RSA.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-RSA.pod	2026-04-07 12:26:30.000000000 +0000
@@ -3,7 +3,7 @@
 =head1 NAME
 
 EVP_SIGNATURE-RSA
-- The EVP_PKEY RSA signature implementation
+- The EVP_PKEY B<RSA> signature implementation
 
 =head1 DESCRIPTION
 
@@ -192,7 +192,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/EVP_SIGNATURE-SLH-DSA.pod openssl-3.5.6/doc/man7/EVP_SIGNATURE-SLH-DSA.pod
--- openssl-3.5.5/doc/man7/EVP_SIGNATURE-SLH-DSA.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/EVP_SIGNATURE-SLH-DSA.pod	2026-04-07 12:26:30.000000000 +0000
@@ -9,7 +9,7 @@
 EVP_SIGNATURE-SLH-DSA-SHAKE-128s, EVP_SIGNATURE-SLH-DSA-SHAKE-128f,
 EVP_SIGNATURE-SLH-DSA-SHAKE-192s, EVP_SIGNATURE-SLH-DSA-SHAKE-192f,
 EVP_SIGNATURE-SLH-DSA-SHAKE-256s, EVP_SIGNATURE-SLH-DSA-SHAKE-256f
-- EVP_PKEY SLH-DSA support
+- The EVP_PKEY B<SLH-DSA> signature implementations
 
 =head1 DESCRIPTION
 
@@ -126,7 +126,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/openssl-env.pod openssl-3.5.6/doc/man7/openssl-env.pod
--- openssl-3.5.5/doc/man7/openssl-env.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/openssl-env.pod	2026-04-07 12:26:30.000000000 +0000
@@ -64,6 +64,13 @@
 The value of this environment variable is a comma-separated list of names,
 with the following available:
 
+=item B<OPENSSL_RUNNING_UNIT_TESTS>
+
+This environment variable is used to flag the fact that unit tests are being run
+(i.e. `make test`).  It is used to detect when the OpenSSL should behave in a special
+manner during unit tests (i.e. when unit tests are being run on fuzzing builds).  It should
+generally not be set by users.
+
 =over 4
 
 =item B<TRACE>
@@ -205,7 +212,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/ossl-guide-tls-introduction.pod openssl-3.5.6/doc/man7/ossl-guide-tls-introduction.pod
--- openssl-3.5.5/doc/man7/ossl-guide-tls-introduction.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/ossl-guide-tls-introduction.pod	2026-04-07 12:26:30.000000000 +0000
@@ -165,7 +165,7 @@
 then save it as "/usr/local/ssl/cert.pem".
 
 You can also use environment variables to override the default location that
-OpenSSL will look for its trusted certificate store. Set the B<SSL_CERT_PATH>
+OpenSSL will look for its trusted certificate store. Set the B<SSL_CERT_DIR>
 environment variable to give the directory where OpenSSL should looks for its
 certificates or the B<SSL_CERT_FILE> environment variable to give the name of
 a single file containing all of the certificates. See L<openssl-env(7)> for
@@ -311,7 +311,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/property.pod openssl-3.5.6/doc/man7/property.pod
--- openssl-3.5.5/doc/man7/property.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/property.pod	2026-04-07 12:26:30.000000000 +0000
@@ -142,6 +142,38 @@
 disallow any implementations with "fips=yes" rather than not caring about the
 setting.
 
+=head1 PREDEFINED NAMES
+
+=for comment This list should correspond to the array 'predefined_names' in crypto/property/property_parse.c
+
+Currently known predefined names are:
+
+=over 4
+
+=item C<provider>
+
+The conventional property value is the provider's name.  This may be different from the name returned by L<OSSL_PROVIDER_get0_name(3)>.
+
+It is a convention among OpenSSL provider implementations to define a property with this name.  It is not mandatory to do this.
+
+=item C<version>
+
+The conventional property value is the provider's version.
+
+OpenSSL provider implementations do not define a property with this name.
+
+=item C<fips>
+
+The conventional property value is boolean (C<"yes"> or C<"no">), indication whether the implementation conforms to FIPS standards or not.
+
+It is a convention among OpenSSL provider implementations to define a property with this name where applicable.  It is not mandatory to do this, but is strongly recommended.
+
+=item C<output>, C<input>, C<structure>
+
+Properties with these names are used by encoders (see L<provider-encoder(7)>) and decoders (see L<provider-decoder(7)>).
+
+=back
+
 =head1 SYNTAX
 
 The lexical syntax in EBNF is given by:
@@ -167,7 +199,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/doc/man7/provider-base.pod openssl-3.5.6/doc/man7/provider-base.pod
--- openssl-3.5.5/doc/man7/provider-base.pod	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/doc/man7/provider-base.pod	2026-04-07 12:26:30.000000000 +0000
@@ -141,7 +141,8 @@
  static ossl_inline OSSL_NAME_core_gettable_params_fn
      OSSL_FUNC_core_gettable_params(const OSSL_DISPATCH *opf);
 
-L<OSSL_DISPATCH(3)> arrays are indexed by numbers that are provided as
+L<OSSL_DISPATCH(3)> array entries contain a I<function_id> field that
+identifies the function. The I<function_id> numbers are provided as
 macros in L<openssl-core_dispatch.h(7)>, as follows:
 
 For I<in> (the L<OSSL_DISPATCH(3)> array passed from F<libcrypto> to the
@@ -1016,7 +1017,7 @@
 
 =head1 COPYRIGHT
 
-Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
 
 Licensed under the Apache License 2.0 (the "License").  You may not use
 this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/exporters/cmake/OpenSSLConfig.cmake.in openssl-3.5.6/exporters/cmake/OpenSSLConfig.cmake.in
--- openssl-3.5.5/exporters/cmake/OpenSSLConfig.cmake.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/exporters/cmake/OpenSSLConfig.cmake.in	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,5 @@
 # Generated by OpenSSL
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
 {-
    use lib catdir($config{sourcedir}, 'Configurations');
    use platform;
diff -Nru openssl-3.5.5/exporters/cmake/OpenSSLConfigVersion.cmake.in openssl-3.5.6/exporters/cmake/OpenSSLConfigVersion.cmake.in
--- openssl-3.5.5/exporters/cmake/OpenSSLConfigVersion.cmake.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/exporters/cmake/OpenSSLConfigVersion.cmake.in	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,5 @@
 # Generated by OpenSSL
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
 
 set(PACKAGE_VERSION {- $config{version} -})
 
diff -Nru openssl-3.5.5/exporters/pkg-config/libcrypto.pc.in openssl-3.5.6/exporters/pkg-config/libcrypto.pc.in
--- openssl-3.5.5/exporters/pkg-config/libcrypto.pc.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/exporters/pkg-config/libcrypto.pc.in	2026-04-07 12:26:30.000000000 +0000
@@ -1,3 +1,4 @@
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
 prefix={- $OpenSSL::safe::installdata::PREFIX[0] -}
 exec_prefix=${prefix}
 libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) {
diff -Nru openssl-3.5.5/exporters/pkg-config/libssl.pc.in openssl-3.5.6/exporters/pkg-config/libssl.pc.in
--- openssl-3.5.5/exporters/pkg-config/libssl.pc.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/exporters/pkg-config/libssl.pc.in	2026-04-07 12:26:30.000000000 +0000
@@ -1,3 +1,4 @@
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
 prefix={- $OpenSSL::safe::installdata::PREFIX[0] -}
 exec_prefix=${prefix}
 libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) {
diff -Nru openssl-3.5.5/exporters/pkg-config/openssl.pc.in openssl-3.5.6/exporters/pkg-config/openssl.pc.in
--- openssl-3.5.5/exporters/pkg-config/openssl.pc.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/exporters/pkg-config/openssl.pc.in	2026-04-07 12:26:30.000000000 +0000
@@ -1,3 +1,4 @@
+# {- $OpenSSL::safe::installdata::COMMENT // "" -}
 prefix={- $OpenSSL::safe::installdata::PREFIX[0] -}
 exec_prefix=${prefix}
 libdir={- if (defined $OpenSSL::safe::installdata::LIBDIR_REL_PREFIX[0]) {
diff -Nru openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm
--- openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template/Preprocess.pm	2026-04-07 12:26:30.000000000 +0000
@@ -122,8 +122,8 @@
 
 =head1 SOURCE
 
-The development version is on github at L<https://https://github.com/mschout/perl-text-template>
-and may be cloned from L<git://https://github.com/mschout/perl-text-template.git>
+The development version is on github at L<https://github.com/mschout/perl-text-template>
+and may be cloned from L<https://github.com/mschout/perl-text-template.git>
 
 =head1 BUGS
 
diff -Nru openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template.pm openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template.pm
--- openssl-3.5.5/external/perl/Text-Template-1.56/lib/Text/Template.pm	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/external/perl/Text-Template-1.56/lib/Text/Template.pm	2026-04-07 12:26:30.000000000 +0000
@@ -2337,8 +2337,8 @@
 
 =head1 SOURCE
 
-The development version is on github at L<https://https://github.com/mschout/perl-text-template>
-and may be cloned from L<git://https://github.com/mschout/perl-text-template.git>
+The development version is on github at L<https://github.com/mschout/perl-text-template>
+and may be cloned from L<https://github.com/mschout/perl-text-template.git>
 
 =head1 BUGS
 
diff -Nru openssl-3.5.5/include/crypto/aes_platform.h openssl-3.5.6/include/crypto/aes_platform.h
--- openssl-3.5.5/include/crypto/aes_platform.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/crypto/aes_platform.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -77,7 +77,9 @@
 #define HWAES_xts_decrypt aes_p8_xts_decrypt
 #endif /* OPENSSL_SYS_MACOSX */
 #if !defined(OPENSSL_SYS_AIX) && !defined(OPENSSL_SYS_MACOSX)
+#if defined(__BYTE_ORDER__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
 #define PPC_AES_GCM_CAPABLE (OPENSSL_ppccap_P & PPC_MADD300)
+#endif
 #define AES_GCM_ENC_BYTES 128
 #define AES_GCM_DEC_BYTES 128
 size_t ppc_aes_gcm_encrypt(const unsigned char *in, unsigned char *out,
diff -Nru openssl-3.5.5/include/crypto/evp.h openssl-3.5.6/include/crypto/evp.h
--- openssl-3.5.5/include/crypto/evp.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/crypto/evp.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -488,17 +488,17 @@
     BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \
         0, flags, init_key, cleanup, set_asn1, get_asn1, ctrl)
 
-#define BLOCK_CIPHER_defs(cname, kstruct,                                             \
-    nid, block_size, key_len, iv_len, cbits, flags,                                   \
-    init_key, cleanup, set_asn1, get_asn1, ctrl)                                      \
-    BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags,     \
-        init_key, cleanup, set_asn1, get_asn1, ctrl)                                  \
-        BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits,             \
-            flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                       \
-            BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits,         \
-                flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                   \
-                BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags, \
-                    init_key, cleanup, set_asn1, get_asn1, ctrl)
+#define BLOCK_CIPHER_defs(cname, kstruct,                                         \
+    nid, block_size, key_len, iv_len, cbits, flags,                               \
+    init_key, cleanup, set_asn1, get_asn1, ctrl)                                  \
+    BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \
+        init_key, cleanup, set_asn1, get_asn1, ctrl)                              \
+    BLOCK_CIPHER_def_cfb(cname, kstruct, nid, key_len, iv_len, cbits,             \
+        flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                       \
+    BLOCK_CIPHER_def_ofb(cname, kstruct, nid, key_len, iv_len, cbits,             \
+        flags, init_key, cleanup, set_asn1, get_asn1, ctrl)                       \
+    BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, flags,         \
+        init_key, cleanup, set_asn1, get_asn1, ctrl)
 
 /*-
 #define BLOCK_CIPHER_defs(cname, kstruct, \
diff -Nru openssl-3.5.5/include/crypto/httperr.h openssl-3.5.6/include/crypto/httperr.h
--- openssl-3.5.5/include/crypto/httperr.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/crypto/httperr.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff -Nru openssl-3.5.5/include/crypto/sparc_arch.h openssl-3.5.6/include/crypto/sparc_arch.h
--- openssl-3.5.5/include/crypto/sparc_arch.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/crypto/sparc_arch.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2012-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2012-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -79,10 +79,14 @@
 
 #if defined(__arch64__)
 
+/* clang-format off */
 #define SPARC_LOAD_ADDRESS(SYM, reg) \
-    setx SYM, % o7, reg;
+    setx SYM, %o7, reg;
+/* clang-format on */
 #define LDPTR ldx
-#define SIZE_T_CC % xcc
+/* clang-format off */
+#define SIZE_T_CC %xcc
+/* clang-format on */
 #define STACK_FRAME 192
 #define STACK_BIAS 2047
 #define STACK_7thARG (STACK_BIAS + 176)
@@ -92,7 +96,9 @@
 #define SPARC_LOAD_ADDRESS(SYM, reg) \
     set SYM, reg;
 #define LDPTR ld
-#define SIZE_T_CC % icc
+/* clang-format off */
+#define SIZE_T_CC %icc
+/* clang-format on */
 #define STACK_FRAME 112
 #define STACK_BIAS 0
 #define STACK_7thARG 92
diff -Nru openssl-3.5.5/include/crypto/sparse_array.h openssl-3.5.6/include/crypto/sparse_array.h
--- openssl-3.5.5/include/crypto/sparse_array.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/crypto/sparse_array.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2019, Oracle and/or its affiliates.  All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -62,7 +62,7 @@
     }                                                                                                              \
     static ossl_unused ossl_inline int                                                                             \
     ossl_sa_##type##_set(SPARSE_ARRAY_OF(type) * sa,                                                               \
-        ossl_uintmax_t n, ctype * val)                                                                             \
+        ossl_uintmax_t n, ctype *val)                                                                              \
     {                                                                                                              \
         return ossl_sa_set((OPENSSL_SA *)sa, n, (void *)val);                                                      \
     }                                                                                                              \
diff -Nru openssl-3.5.5/include/internal/time.h openssl-3.5.6/include/internal/time.h
--- openssl-3.5.5/include/internal/time.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/internal/time.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -54,9 +54,8 @@
 OSSL_SAFE_MATH_UNSIGNED(time, uint64_t)
 
 /* Convert a tick count into a time */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_ticks2time(uint64_t ticks)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_ticks2time(uint64_t ticks)
 {
     OSSL_TIME r;
 
@@ -65,9 +64,8 @@
 }
 
 /* Convert a time to a tick count */
-static ossl_unused ossl_inline
-    uint64_t
-    ossl_time2ticks(OSSL_TIME t)
+static ossl_unused ossl_inline uint64_t
+ossl_time2ticks(OSSL_TIME t)
 {
     return t.t;
 }
@@ -76,16 +74,14 @@
 OSSL_TIME ossl_time_now(void);
 
 /* The beginning and end of the time range */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_zero(void)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_zero(void)
 {
     return ossl_ticks2time(0);
 }
 
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_infinite(void)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_infinite(void)
 {
     return ossl_ticks2time(~(uint64_t)0);
 }
@@ -114,9 +110,8 @@
 }
 
 /* Convert timeval to time */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_from_timeval(struct timeval tv)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_from_timeval(struct timeval tv)
 {
     OSSL_TIME t;
 
@@ -137,9 +132,8 @@
 }
 
 /* Convert time_t to OSSL_TIME */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_from_time_t(time_t t)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_from_time_t(time_t t)
 {
     OSSL_TIME ot;
 
@@ -170,9 +164,8 @@
     return ossl_time_compare(t, ossl_time_infinite()) == 0;
 }
 
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_add(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_add(OSSL_TIME a, OSSL_TIME b)
 {
     OSSL_TIME r;
     int err = 0;
@@ -181,9 +174,8 @@
     return err ? ossl_time_infinite() : r;
 }
 
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_subtract(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_subtract(OSSL_TIME a, OSSL_TIME b)
 {
     OSSL_TIME r;
     int err = 0;
@@ -193,17 +185,15 @@
 }
 
 /* Returns |a - b|. */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_abs_difference(OSSL_TIME a, OSSL_TIME b)
 {
     return a.t > b.t ? ossl_time_subtract(a, b)
                      : ossl_time_subtract(b, a);
 }
 
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_multiply(OSSL_TIME a, uint64_t b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_multiply(OSSL_TIME a, uint64_t b)
 {
     OSSL_TIME r;
     int err = 0;
@@ -212,9 +202,8 @@
     return err ? ossl_time_infinite() : r;
 }
 
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_divide(OSSL_TIME a, uint64_t b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_divide(OSSL_TIME a, uint64_t b)
 {
     OSSL_TIME r;
     int err = 0;
@@ -223,9 +212,8 @@
     return err ? ossl_time_zero() : r;
 }
 
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_muldiv(OSSL_TIME a, uint64_t b, uint64_t c)
 {
     OSSL_TIME r;
     int err = 0;
@@ -235,17 +223,15 @@
 }
 
 /* Return higher of the two given time values. */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_max(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_max(OSSL_TIME a, OSSL_TIME b)
 {
     return a.t > b.t ? a : b;
 }
 
 /* Return the lower of the two given time values. */
-static ossl_unused ossl_inline
-    OSSL_TIME
-    ossl_time_min(OSSL_TIME a, OSSL_TIME b)
+static ossl_unused ossl_inline OSSL_TIME
+ossl_time_min(OSSL_TIME a, OSSL_TIME b)
 {
     return a.t < b.t ? a : b;
 }
diff -Nru openssl-3.5.5/include/openssl/cmp.h.in openssl-3.5.6/include/openssl/cmp.h.in
--- openssl-3.5.5/include/openssl/cmp.h.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/openssl/cmp.h.in	2026-04-07 12:26:30.000000000 +0000
@@ -1,7 +1,7 @@
 /*
  * {- join("\n * ", @autowarntext) -}
  *
- * Copyright 2007-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -197,6 +197,8 @@
  *       -- CertReqMsg
  *   }
  */
+#define OSSL_CMP_PKISTATUS_rejected_by_client -5
+#define OSSL_CMP_PKISTATUS_checking_response -4
 #define OSSL_CMP_PKISTATUS_request -3
 #define OSSL_CMP_PKISTATUS_trans -2
 #define OSSL_CMP_PKISTATUS_unspecified -1
diff -Nru openssl-3.5.5/include/openssl/core_dispatch.h openssl-3.5.6/include/openssl/core_dispatch.h
--- openssl-3.5.5/include/openssl/core_dispatch.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/openssl/core_dispatch.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -162,16 +162,16 @@
 
 OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_file, (const char *filename, const char *mode))
 OSSL_CORE_MAKE_FUNC(OSSL_CORE_BIO *, BIO_new_membuf, (const void *buf, int len))
-OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO * bio, void *data, size_t data_len, size_t *bytes_read))
-OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO * bio, const void *data, size_t data_len, size_t *written))
-OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO * bio, char *buf, int size))
-OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO * bio, const char *str))
-OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO * bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO * bio))
-OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO * bio, const char *format, va_list args))
+OSSL_CORE_MAKE_FUNC(int, BIO_read_ex, (OSSL_CORE_BIO *bio, void *data, size_t data_len, size_t *bytes_read))
+OSSL_CORE_MAKE_FUNC(int, BIO_write_ex, (OSSL_CORE_BIO *bio, const void *data, size_t data_len, size_t *written))
+OSSL_CORE_MAKE_FUNC(int, BIO_gets, (OSSL_CORE_BIO *bio, char *buf, int size))
+OSSL_CORE_MAKE_FUNC(int, BIO_puts, (OSSL_CORE_BIO *bio, const char *str))
+OSSL_CORE_MAKE_FUNC(int, BIO_up_ref, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_free, (OSSL_CORE_BIO *bio))
+OSSL_CORE_MAKE_FUNC(int, BIO_vprintf, (OSSL_CORE_BIO *bio, const char *format, va_list args))
 OSSL_CORE_MAKE_FUNC(int, BIO_vsnprintf,
     (char *buf, size_t n, const char *fmt, va_list args))
-OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO * bio, int cmd, long num, void *ptr))
+OSSL_CORE_MAKE_FUNC(int, BIO_ctrl, (OSSL_CORE_BIO *bio, int cmd, long num, void *ptr))
 
 /* New seeding functions prototypes with the 101-104 series */
 #define OSSL_FUNC_CLEANUP_USER_ENTROPY 96
@@ -180,9 +180,9 @@
 #define OSSL_FUNC_GET_USER_NONCE 99
 
 #define OSSL_FUNC_INDICATOR_CB 95
-OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX * ctx, OSSL_INDICATOR_CALLBACK **cb))
+OSSL_CORE_MAKE_FUNC(void, indicator_cb, (OPENSSL_CORE_CTX *ctx, OSSL_INDICATOR_CALLBACK **cb))
 #define OSSL_FUNC_SELF_TEST_CB 100
-OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX * ctx, OSSL_CALLBACK **cb, void **cbarg))
+OSSL_CORE_MAKE_FUNC(void, self_test_cb, (OPENSSL_CORE_CTX *ctx, OSSL_CALLBACK **cb, void **cbarg))
 
 /* Functions to get seed material from the operating system */
 #define OSSL_FUNC_GET_ENTROPY 101
@@ -257,26 +257,26 @@
 /* Libssl related functions */
 #define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_SEND 2001
 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_send,
-    (SSL * s, const unsigned char *buf, size_t buf_len,
+    (SSL *s, const unsigned char *buf, size_t buf_len,
         size_t *consumed, void *arg))
 #define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RECV_RCD 2002
 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_recv_rcd,
-    (SSL * s, const unsigned char **buf, size_t *bytes_read,
+    (SSL *s, const unsigned char **buf, size_t *bytes_read,
         void *arg))
 #define OSSL_FUNC_SSL_QUIC_TLS_CRYPTO_RELEASE_RCD 2003
 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_crypto_release_rcd,
-    (SSL * s, size_t bytes_read, void *arg))
+    (SSL *s, size_t bytes_read, void *arg))
 #define OSSL_FUNC_SSL_QUIC_TLS_YIELD_SECRET 2004
 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_yield_secret,
-    (SSL * s, uint32_t prot_level, int direction,
+    (SSL *s, uint32_t prot_level, int direction,
         const unsigned char *secret, size_t secret_len, void *arg))
 #define OSSL_FUNC_SSL_QUIC_TLS_GOT_TRANSPORT_PARAMS 2005
 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_got_transport_params,
-    (SSL * s, const unsigned char *params, size_t params_len,
+    (SSL *s, const unsigned char *params, size_t params_len,
         void *arg))
 #define OSSL_FUNC_SSL_QUIC_TLS_ALERT 2006
 OSSL_CORE_MAKE_FUNC(int, SSL_QUIC_TLS_alert,
-    (SSL * s, unsigned char alert_code, void *arg))
+    (SSL *s, unsigned char alert_code, void *arg))
 
 /* Operations */
 
diff -Nru openssl-3.5.5/include/openssl/httperr.h openssl-3.5.6/include/openssl/httperr.h
--- openssl-3.5.5/include/openssl/httperr.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/openssl/httperr.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,6 +21,7 @@
  */
 #define HTTP_R_ASN1_LEN_EXCEEDS_MAX_RESP_LEN 108
 #define HTTP_R_CONNECT_FAILURE 100
+#define HTTP_R_CONTENT_TYPE_MISMATCH 131
 #define HTTP_R_ERROR_PARSING_ASN1_LENGTH 109
 #define HTTP_R_ERROR_PARSING_CONTENT_LENGTH 119
 #define HTTP_R_ERROR_PARSING_URL 101
diff -Nru openssl-3.5.5/include/openssl/macros.h openssl-3.5.6/include/openssl/macros.h
--- openssl-3.5.5/include/openssl/macros.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/openssl/macros.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,6 +168,7 @@
  * 'no-deprecated'.
  */
 
+#undef OPENSSL_NO_DEPRECATED_3_5
 #undef OPENSSL_NO_DEPRECATED_3_4
 #undef OPENSSL_NO_DEPRECATED_3_1
 #undef OPENSSL_NO_DEPRECATED_3_0
diff -Nru openssl-3.5.5/include/openssl/rsa.h openssl-3.5.6/include/openssl/rsa.h
--- openssl-3.5.5/include/openssl/rsa.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/openssl/rsa.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -334,13 +334,13 @@
 DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
 DECLARE_ASN1_DUP_FUNCTION(RSA_PSS_PARAMS)
 
-typedef struct rsa_oaep_params_st {
+struct rsa_oaep_params_st {
     X509_ALGOR *hashFunc;
     X509_ALGOR *maskGenFunc;
     X509_ALGOR *pSourceFunc;
     /* Decoded hash algorithm from maskGenFunc */
     X509_ALGOR *maskHash;
-} RSA_OAEP_PARAMS;
+};
 
 DECLARE_ASN1_FUNCTIONS(RSA_OAEP_PARAMS)
 
diff -Nru openssl-3.5.5/include/openssl/types.h openssl-3.5.6/include/openssl/types.h
--- openssl-3.5.5/include/openssl/types.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/include/openssl/types.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -155,7 +155,9 @@
 typedef struct rsa_st RSA;
 typedef struct rsa_meth_st RSA_METHOD;
 #endif
+
 typedef struct rsa_pss_params_st RSA_PSS_PARAMS;
+typedef struct rsa_oaep_params_st RSA_OAEP_PARAMS;
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 typedef struct ec_key_st EC_KEY;
diff -Nru openssl-3.5.5/providers/fips/self_test.c openssl-3.5.6/providers/fips/self_test.c
--- openssl-3.5.5/providers/fips/self_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/fips/self_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -101,7 +101,9 @@
         init();
         break;
     case DLL_PROCESS_DETACH:
+#ifndef __CYGWIN__
         cleanup();
+#endif
         break;
     default:
         break;
diff -Nru openssl-3.5.5/providers/fips/self_test_kats.c openssl-3.5.6/providers/fips/self_test_kats.c
--- openssl-3.5.5/providers/fips/self_test_kats.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/fips/self_test_kats.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1025,6 +1025,8 @@
     EVP_RAND *rand;
     unsigned int strength = 256;
     EVP_RAND_CTX *parent_rand = NULL;
+    int reseed_time_interval = 0;
+    unsigned int reseed_requests = 0;
     OSSL_PARAM drbg_params[3] = {
         OSSL_PARAM_END, OSSL_PARAM_END, OSSL_PARAM_END
     };
@@ -1071,7 +1073,12 @@
     EVP_RAND_CTX_free(parent_rand);
     parent_rand = NULL;
 
-    if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, NULL))
+    /* Disable time/request based reseeding to make selftests deterministic */
+    drbg_params[0] = OSSL_PARAM_construct_int(OSSL_DRBG_PARAM_RESEED_TIME_INTERVAL,
+        &reseed_time_interval);
+    drbg_params[1] = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_RESEED_REQUESTS,
+        &reseed_requests);
+    if (!EVP_RAND_instantiate(kat_rand, strength, 0, persstr, persstr_len, drbg_params))
         goto err;
 
     /* When we set the new private generator this one is freed, so upref it */
diff -Nru openssl-3.5.5/providers/fips-sources.checksums openssl-3.5.6/providers/fips-sources.checksums
--- openssl-3.5.5/providers/fips-sources.checksums	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/fips-sources.checksums	2026-04-07 12:26:30.000000000 +0000
@@ -10,12 +10,12 @@
 88b6f8396cd9d86004743d5c3b0f72b7b8c3d5a2b00b0bbb761ba91ae5a7cdc8  crypto/aes/asm/aes-mips.pl
 7ff9c96ef3d591d45d776fa4b244601ea0d9328e289aeab1e1b92436ce7d02ad  crypto/aes/asm/aes-parisc.pl
 f1244cdeadcb4e48f35bc5df19d4cfaf07e0086ad951b84f07ff6966501faa5b  crypto/aes/asm/aes-ppc.pl
-538ce0e80698d773c9419a9ca8892d61bc5b3cd1b071c5fc5f315d7f5573e96d  crypto/aes/asm/aes-riscv32-zkn.pl
-b5cdd6858b1eff7d17b29b78ac8c4a7642c0a74710f8b50821a6265328845aaf  crypto/aes/asm/aes-riscv64-zkn.pl
+f8cc2144b6cc9998d2c55ef446e451a31edde01eae624cb23de02b6b25b82420  crypto/aes/asm/aes-riscv32-zkn.pl
+fe42d33e668beeadd43aa7e67cbe82d3ce3b92c3223c1cc0a34d5cac5b5d501d  crypto/aes/asm/aes-riscv64-zkn.pl
 e1f3805332eb811d9d0c9377b67fe0681063364f1af84d8598f7daa30da65b4d  crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl
 ecd9bdfaf25cdd3d8ec0c50cb4306d98374da1c6056e27e0cf31a057dc5ee150  crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl
-d372152dac004b96a89f8531256bd05597ca0b614b444bb02aee93238dcf83ab  crypto/aes/asm/aes-riscv64-zvkned.pl
-f0388e17ba4268ed0b562da60e0780072180a824a379b79fafb60e25b8da3b52  crypto/aes/asm/aes-riscv64.pl
+972e037dc955511eff7a371462af483e23dba86afeef25031abe1005eee635f3  crypto/aes/asm/aes-riscv64-zvkned.pl
+f1d8b7a3da1ec053d38be4fc776fef1e4fba328bfa2bfd928c2a2cd3b14f08ff  crypto/aes/asm/aes-riscv64.pl
 290ae2a09826d24e83763415a021e328d41a163f41cff8c9e3b882e973677f33  crypto/aes/asm/aes-s390x.pl
 ee4e8cacef972942d2a89c1a83c984df9cad87c61a54383403c5c4864c403ba1  crypto/aes/asm/aes-sparcv9.pl
 391497550eaca253f64b2aba7ba2e53c6bae7dff01583bc6bfc12e930bb7e217  crypto/aes/asm/aes-x86_64.pl
@@ -59,11 +59,11 @@
 0b3350f56d423a4df918a08e90c7c66227c4449a9f9c44096eacc254ebc65f9f  crypto/bn/asm/ppc64-mont-fixed.pl
 a25be64867ab837d93855af232e2bfa71b85b2c6f00e35e620fdc5618187fb6f  crypto/bn/asm/ppc64-mont.pl
 b3aad31ab658eceaa9c5e734e19f39c33991f4839ab55b0cec8018020b1a305e  crypto/bn/asm/rsaz-2k-avx512.pl
-760cc579b8b464991177a337487bb32e22317cb47f69927232da76171c973954  crypto/bn/asm/rsaz-2k-avxifma.pl
+03f6cc678f377c5cd953e8da135c5d76dc1cd011565118c99e25bff91e7271df  crypto/bn/asm/rsaz-2k-avxifma.pl
 e914311420ae4486ab6000cc6ab424f04d8a042bda40ab8f288348dc9f0eb595  crypto/bn/asm/rsaz-3k-avx512.pl
-b8424d830f41a038f3c98d8664c6cf7d2d3e1748cdce260db41fa3c74f1d88d9  crypto/bn/asm/rsaz-3k-avxifma.pl
+95b11e0b04c38bde06d152dfde5ab970dab27cccdfeac998e1bc293e01520474  crypto/bn/asm/rsaz-3k-avxifma.pl
 e13bd2df8c591052ddf16a839072f43353841f9f35e0ac95f836511838dbc771  crypto/bn/asm/rsaz-4k-avx512.pl
-afcf51a732c80eadae1650e22e4af34904112a8b95467087a16d9d2394934730  crypto/bn/asm/rsaz-4k-avxifma.pl
+cf92b66c4032703b7ce03ff6aa36887d14e31a8861e7aa21c46a466ea4802851  crypto/bn/asm/rsaz-4k-avxifma.pl
 6e47bf041e51d8086c4933c2a5da3ce6d1b136592984754461d59aa81e4995a6  crypto/bn/asm/rsaz-avx2.pl
 b42f6cf0fbf9eae58343df9629e7a9e5b8814195ea0c9882d7b143a0841cc018  crypto/bn/asm/rsaz-x86_64.pl
 30fedf48dfc5fec1c2044b6c226dd9fc42a92522cc589797a23a79d452bdd2cf  crypto/bn/asm/s390x-gf2m.pl
@@ -73,7 +73,7 @@
 ca21a9ccbc54e19fb7c2e6cdf286ce7cb08b0fba960c777c6edce5c57ccc2101  crypto/bn/asm/sparcv8.S
 fbc93c8dbbecefe66086f58fe9719ed87b13b2cdc61454a10e841228296fecef  crypto/bn/asm/sparcv8plus.S
 127832c1e3d298aad805236776488f5f8836b6a0fdbce3f6b42678163df3909f  crypto/bn/asm/sparcv9-gf2m.pl
-1622f04a8918724ac0e8804baf285fdafa0eeaaecc36c7facd459d0ff13a8cac  crypto/bn/asm/sparcv9-mont.pl
+0ad54f0cdf6a52ee0b0aab03800cb2b6beb39b138378b93e151cfd6b1aa2f2d6  crypto/bn/asm/sparcv9-mont.pl
 b69083f78b4b4f7097de4462d16649532fb82c453a82cdd9cc1393122661d6e2  crypto/bn/asm/sparcv9a-mont.pl
 d404375a21d33396824a3da212d6646d4f3150dd141ee4b4a250aefae3482efb  crypto/bn/asm/via-mont.pl
 d24f3e97239c8eed5efc721521b025b7256c15e67a54ea6b5c4cf8f7cd0f89ea  crypto/bn/asm/vis3-mont.pl
@@ -89,26 +89,26 @@
 d3b5f02a17ba1c71261f6dad0d4785846567c8a03368d41fc1a6ee7c45aaff78  crypto/bn/bn_const.c
 eee3d2710144b0e860c57e84f5adc6b2bf64fc27cbd202a8ca2630aefed3b84c  crypto/bn/bn_conv.c
 282f06fbdeb991d90337787c6407020e940b6d5e187a06866f1a7787c10a0c1b  crypto/bn/bn_ctx.c
-d84752b5835e9072cb93de0241f1f701933c61283a27679c1ba34e2bbd1bbf76  crypto/bn/bn_dh.c
+b1b1c5fb8a45fde5755dfd5da62b68100b94f8c492c950719c108c384ea7f3c4  crypto/bn/bn_dh.c
 4824f271f0ddc487b5991fbd92f7f7695aeeac234e076078f37da027999cdd88  crypto/bn/bn_div.c
-306a4a4b671f299da0201719862a3ab4f76cd4a13d4d0baa214478603e5cf15d  crypto/bn/bn_exp.c
+d36b2be05469f144f52173616e413a7bdd836607fccf94cf543cc7f5a343b962  crypto/bn/bn_exp.c
 ce5219203bf869561297978d6d416357a441864cd801865503dfd455c481960c  crypto/bn/bn_exp2.c
 18ac3f6fe64225f72243689199839ea2ce2aa61d80b084bc4cd9efe1c7cc9d89  crypto/bn/bn_gcd.c
 b643fdcd91ad7dfcfa97a0bb235221b024b8a77faa7890f0bcb9681ea2c64c49  crypto/bn/bn_gf2m.c
 73ee247467879d4ec984c9900dfe7761233c5b889b8762be37c7e8fdd6d1d210  crypto/bn/bn_intern.c
 ff147e5e032cc7c772b73a91fc6e24d8d9516e642d29354445d1f82d64b1d924  crypto/bn/bn_kron.c
 df9aebbdcca87fc5715dde430687fb516d8de0dac70c8910409fb73d6dd2305b  crypto/bn/bn_lib.c
-830e1932da4e8b409250a9dca0275b853a8d12bd6575649148aee5331180bbcd  crypto/bn/bn_local.h
+cd7bade0f2e223fe34f6e2f8cc87098ac8f0af96ec62ada5e67f6a2344d48ef0  crypto/bn/bn_local.h
 364600145964d5154224fdda2c94ca6fdab2907837a385550b242350be7a1197  crypto/bn/bn_mod.c
 39a8fe0bb625b4c11b74998ce6fd99b7655228aaa7d7ad3076f61741937ae14d  crypto/bn/bn_mont.c
 c2a5230efbda6844b7b2eb10447b054496ae5029130d332536de6c3b12dc58a3  crypto/bn/bn_mpi.c
 488dde761d25fb2eabd8acbea5b3b83520db7733480fab6499f60b8bf680b1ed  crypto/bn/bn_mul.c
 e80177361897632ac9f013415dee8f6d2d942a8b51a4daf84fc7ba51d9d75270  crypto/bn/bn_nist.c
-c7e1d12f14b20e0e34870060459581afcdd58d80097248de5187b9e72bbd7cf0  crypto/bn/bn_prime.c
+0aa8a381dc6ed47746ec90aa739aff1eece4474d92abdd3f9036e7dcb72ee891  crypto/bn/bn_prime.c
 c56ad3073108a0de21c5820a48beae2bccdbf5aa8075ec21738878222eb9adc3  crypto/bn/bn_prime.h
 af5af7057643ee8d35e3a2d5f7b55e37647db46700f2818edc295d727450d521  crypto/bn/bn_rand.c
 b5cc902624b3af2149c9ea91f9d18bea56302144e87dfe49105ec6789b73764b  crypto/bn/bn_recp.c
-4ff6338c3d30ed029b3e4fe509e08d9abf2e84b61c14bf466f642f097a8b7036  crypto/bn/bn_rsa_fips186_4.c
+c4ef2dd742bcd76c40df08a3108a3cf2854d53e93ebf59bf549c3ebc3b0e47cc  crypto/bn/bn_rsa_fips186_4.c
 6889866bca4673bccb8adf870859a867757ccd3c8ad4652675615afff710add3  crypto/bn/bn_shift.c
 97559e9e071a06b8cffa37b7df27af638de84c51d5da190a879752f39e2b6368  crypto/bn/bn_sqr.c
 c748baddfec6734bb50facbadf151a1f22f8a885c677acfb08b4f814e96f0d52  crypto/bn/bn_sqrt.c
@@ -116,7 +116,7 @@
 2f048ca8e8ddc5e2b8b82775197f79334381dd90bab417b2855bfeee07b99db8  crypto/bn/rsaz_exp.c
 b89075a1c43de2e27a29db217c11c1fb4ec04f4270d0106c0679dd44f98eee58  crypto/bn/rsaz_exp.h
 3c934b8abf163b95caf236647153d42d8d48f10f2f5f8b21c013362b1cb8aa8b  crypto/bn/rsaz_exp_x2.c
-21ddcc6948e81597c9b9e9823311cd1c315708819e85f29d5ff80dc72e14e562  crypto/bsearch.c
+f6c72754667c90e3466243f9d21ce6a799db8e58c8b78b2707129dcc540adc3c  crypto/bsearch.c
 82117f6a7cfc31fc86ecd9629bd3bf614126b8e8b2c23717a03ff5c1db7c3c5c  crypto/buffer/buffer.c
 5f43844b5d8665de9ab895f93599150a327d73ec2674bbf7d7c512d30163022d  crypto/c64xpluscpuid.pl
 205f0be0317343b17003f261b427008aad1b31aacc6979c4557fc837e9548b92  crypto/cmac/cmac.c
@@ -182,12 +182,12 @@
 5d3567b3b6d3922fd82641acff29ed12b1028e83eb0c175132ce7f3470b9db6c  crypto/ec/ec2_smpl.c
 a1f22814f501780591da20de5e724895438094824fce440fd026850c46ad8149  crypto/ec/ec_asn1.c
 dfbccf591879eecbd9ed75da1fbe6c7b1672d07648fd43b37755dfe248253bb2  crypto/ec/ec_backend.c
-7f19cebad4a94db291464b0d93006a87d15ccec93b94f725052a1037107a96be  crypto/ec/ec_check.c
+3a3c4f4767513b4fbbabdea2918d7c7d105eb573334a7fd893b866989463c4d2  crypto/ec/ec_check.c
 f3991bfc65a7371b84afd0cc328e3cbd4736edf7267e4b731dd82677bfab047a  crypto/ec/ec_curve.c
 8cfd0dcfb5acbf6105691a2d5e2826dba1ff3906707bc9dd6ff9bffcc306468f  crypto/ec/ec_cvt.c
 add58bcaf43a28e66b3a6ec1f70ed9b0b4a4a0d40230e903a26a1ff1129649e0  crypto/ec/ec_key.c
 35515133fb3c33c5736a9f744e835b9fc0775193357ab2492f11d0f63503c65e  crypto/ec/ec_kmeth.c
-ad6f566595be1d72ef97be7322949092c4530da57793ef5b722025738882410d  crypto/ec/ec_lib.c
+652a1544120bf0fecde46a8e18cc28fffcb7cd864be2e2b84c99d571ba320e64  crypto/ec/ec_lib.c
 0d113ac5dbdb420ba3d1c060f4fa3300fc0a81b571a919c2b176022fdca89878  crypto/ec/ec_local.h
 b545e4539ef2483982f35ee05866060478722e329cfbc4990293b46ccfe5c93c  crypto/ec/ec_mult.c
 c2a81f5f56d304038183ba6b02fdcba8767833f61773ec483e73b330b67ae59b  crypto/ec/ec_oct.c
@@ -206,9 +206,9 @@
 8e50fd1e60ad1ac824e704375096e41f4ae535e533a3334d78c481e34d9d0fb8  crypto/ec/ecx_key.c
 3ba8412897cbf17881fbf23cec27a487b2c587348e1f859ec44e47f366877249  crypto/evp/asymcipher.c
 1f64d4752074f954af4f290788e4332e3874ba3282bd03d3e1d1f5ce4b0888bc  crypto/evp/dh_support.c
-da3140dbda8a35cfe4a0748892a3e381e3988a94ddb945c2371922bb3010d96d  crypto/evp/digest.c
+0e9e206dd4b179ad09e1475949ce9ddb5bce0e0d66072477d94b7788c57e70d9  crypto/evp/digest.c
 4ffc3fc5ee5f0dcadf1516f1cc29338f0f4d85c59881c06d5a777cf4e47a6d5f  crypto/evp/ec_support.c
-6f8a9bb4d8da878aab6bf5f4bef286a0045fee1b140a1f9151c830d03778f879  crypto/evp/evp_enc.c
+8bf5ddf1c8e352a9f9241c7275d3a8cbbd633fc0f93f609158d15aee7af5a9d0  crypto/evp/evp_enc.c
 8683c25d4bcb598375a04d4682399c9eef095225b49498afe819e5193e9cc117  crypto/evp/evp_fetch.c
 75855fc64e44e5bbfb728d85014c65e8b0668faee26f0901aaa729c16679dee8  crypto/evp/evp_lib.c
 e997e921669076c51e230ccb2e36b1c6755fe408c61b1177d2aa67529cab15f3  crypto/evp/evp_local.h
@@ -217,7 +217,7 @@
 8f4194bcc2e0de69236925aa7515bc31f36ed113dcd3cee5d71167ac770cdfdd  crypto/evp/exchange.c
 294284ad040fe4b74845f91b1903c961c757e1ef3fcc2ffa35f43f37f1655e64  crypto/evp/kdf_lib.c
 532f0ff4ab32068f160016f39cd520fadfbd09b81b3b3b562bf543acafb38889  crypto/evp/kdf_meth.c
-6669cf0969c6fcd4e3b240aad6335d159a8169aab891f1388822fe96c6ce0629  crypto/evp/kem.c
+4e60c9e37106b9c28d646f7234d857e8520da953ed7d319531467d334b77a72e  crypto/evp/kem.c
 84cebe10a50c88d0db12a90ad751eae43c7ba2954bc9f42f0c1490d66eac5bb8  crypto/evp/keymgmt_lib.c
 80a5e310a3c3f551ca8e1992793ffbddc525274f90dbf4f36217b57acbc8bd94  crypto/evp/keymgmt_meth.c
 15654f58c113d6eb7100caacd00ceae68113edfd6a921f6af1bea4040fa58f5d  crypto/evp/mac_lib.c
@@ -238,7 +238,7 @@
 bb208ef3a2c7ebdc518bd38f2f07a17cff356040f1c5d68eea13bd9275897a52  crypto/ffc/ffc_params_generate.c
 e9a500ddbe96cb5b302fd2db74fac0924a6ac45732df5ee1c09e82b19d06ccfd  crypto/ffc/ffc_params_validate.c
 f172c8c2112ee82716a7bc3a3e05d5cc26188c66b9d768ac1ff906845063d2cc  crypto/hashtable/hashfunc.c
-16090065da6b94199e997c930d465c613633bf322e89e3e674993ec5a785580e  crypto/hashtable/hashtable.c
+653d1f67e01ce0e9dca48cf513df9e8864a0985ce9bfb094fc3f09d591e6f062  crypto/hashtable/hashtable.c
 7a9af0b14f1463b36de0689bc434a318adcb7990bb23862bf1d2a0adf510583a  crypto/hmac/hmac.c
 907dd44e0bf873eebefcb4d82975b72ecec9e0f3c348c79314450fdaa78d4073  crypto/hmac/hmac_local.h
 0e2d6129504d15ffaf5baa63158ccec0e4b6193a8275333956d8f868ef35127e  crypto/ia64cpuid.S
@@ -267,7 +267,7 @@
 36e24eae5d38cc9666ae40e4e8a2dc12328e1159fea68447cb19dab174d25adf  crypto/modes/asm/aes-gcm-armv8-unroll8_64.pl
 33357356cd739d4ae89d52f0804b6900e4b94d8829323819c6f64c8908e978df  crypto/modes/asm/aes-gcm-armv8_64.pl
 a91995f81b384b175ecf252690030bb068d6af64bfcdab2fe753484b2d07a184  crypto/modes/asm/aes-gcm-avx512.pl
-038e4ac89aa7d1962058f2170efce9024804473a62ae90102c3989555a7858cc  crypto/modes/asm/aes-gcm-ppc.pl
+8fab6574aa99ee635d564dbe68b014562b61af37fa4f151210690837cdae6707  crypto/modes/asm/aes-gcm-ppc.pl
 dd0de5ca8913a941cfff781a42fba43227e133976a24d0fddebf63909f7e010a  crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl
 9dcd3be86cda832ebe0394f5a859a761f4b711f2010fb606457f754722c5fb84  crypto/modes/asm/aesni-gcm-x86_64.pl
 c2e874a8deb418b5d8c935b2e256370566a5150e040c9fa008cdb5b463c26904  crypto/modes/asm/ghash-alpha.pl
@@ -293,9 +293,9 @@
 02e7659d8776f5885ebbc25b930ddec046262f92c9e8fa7e093f2a6a8d973a3b  crypto/modes/wrap128.c
 0a10e0cae6f4ac164afe97a64df09c8412145c8a25f387ff3a53ff7495572cbc  crypto/modes/xts128.c
 9a34ad9ae361f689b0b98c454092e89567d0bfc969c08a14c8001e60976920b2  crypto/modes/xts128gb.c
-3f2c172dccf93227fc4b24f9960e1c0b01e987e1335dd9ab0e3c2d577195fed4  crypto/o_str.c
+515e110e01867d6527bec758a264473b62cb7edff213816e2197faf6e96ec048  crypto/o_str.c
 44594139dab6ada1f34f9c6887c97e258c1204b833a6c20f58097f17d0f1645e  crypto/packet.c
-05563d44cb345e7859093296f95a3ea5139fcc316e98fcb86c6748ee49363a84  crypto/param_build.c
+a108cacd961b0e5a95d279c737926afa4636d8b89a2a912593b01916ea3ce43d  crypto/param_build.c
 cae7bd4973d36edbdc3bdd8d2c8d157f2c4fcfae00fdf821b67aebb789bc8aa6  crypto/param_build_set.c
 d362864eab6707ba2f4efd65c91dd90d669721f2d8fdebc875fd1d2957154396  crypto/params.c
 c0e0ba07ca5d4acfe450e4ae53a10ed254097ed2f537f01a4a43a9f5b5cab501  crypto/params_dup.c
@@ -317,9 +317,9 @@
 dce7413b4c4e588c9a099c6fd7c6c9a397e034f259a2027d4ea8bdfe149164fa  crypto/rcu_internal.h
 0c1d3e0e857e9e4f84752a8ef0b619d8af0d81427b52facbd0174e685dac9a47  crypto/riscv32cpuid.pl
 231263dffc16987f5288592ebf4c0738902d5146bfc16bcd8a157e044cb697da  crypto/riscv64cpuid.pl
-fff6a76f42f3caeff8244fffb379240e43570bc6caf25e4721471bc208b2be81  crypto/riscvcap.c
+32e427d3d75f7b2d37e2765e2d2c111d45ca5871200be98e8943219dc475e458  crypto/riscvcap.c
 f0c8792a99132e0b9c027cfa7370f45594a115934cdc9e8f23bdd64abecaf7fd  crypto/rsa/rsa_acvp_test_params.c
-aadf059519d33f41b859216246d215330a0c73d18153df580927fdfa6ef51b8f  crypto/rsa/rsa_backend.c
+b1584c4a1a5f83a1fd43d854ce72bb11735aa34945f2b2f983228f36f27fdad2  crypto/rsa/rsa_backend.c
 38a102cd1da1f6ca5a46e6a22f018237964336274385f5c70cbedcaa6997647e  crypto/rsa/rsa_chk.c
 e762c599b17d5c89f4b1c9eb7d0ca1f04a95d815c86a3e72c30b231ce57fb199  crypto/rsa/rsa_crpt.c
 e666568eadfd01ff3e435364dee2575fca7ff3e6855b2c258fa1e4d04239d933  crypto/rsa/rsa_gen.c
@@ -347,7 +347,7 @@
 33bdcc6f7668460c3bdf779633e43bfad62b937042a73acb007b462fc5b0a034  crypto/sha/asm/keccak1600-c64x.pl
 09fc831dd39bd90a701e9b16d9e9987cc215252a22e1e0355f5da6c495fca35a  crypto/sha/asm/keccak1600-mmx.pl
 6689c3adaa270bd88026ca686ce76b8aaa83a7cadf3954d84d3cf89c044cc958  crypto/sha/asm/keccak1600-ppc64.pl
-fea3ce181c7a33bc673e3a4607e0f737a3a3e5958a3826596fb911b1297e2ca4  crypto/sha/asm/keccak1600-s390x.pl
+79dec13ccbee4a6758a22d92bfd5694565416219e48b6894dfb63c6b0029ae28  crypto/sha/asm/keccak1600-s390x.pl
 3fb93b9440f5c3008b5c876a8106acc5f8d38f1afedd79381f0befec7dd7d72b  crypto/sha/asm/keccak1600-x86_64.pl
 831b8b02ab25d78ba6300ce960d96c13439bfba5844e13061e19c4e25cbacc3d  crypto/sha/asm/keccak1600p8-ppc.pl
 75d832db9bf0e98e7a5c522169060a6dd276c5118cfb297fc3f1111f55cd4007  crypto/sha/asm/sha1-586.pl
@@ -391,7 +391,7 @@
 61ab6d7d7da9e65120ec59cfa9f5ede785502ae371696c3e4e04e039743ca111  crypto/sha/sha_local.h
 dfd99e02830973ab349409ac6ba0ee901ba7736216030965bd7e5a54356abd7c  crypto/slh_dsa/slh_adrs.c
 c9b270de1259d9fa71a4d352786357bcf1dd3d22075edab84501e2f8e550b271  crypto/slh_dsa/slh_adrs.h
-2aa41787214996542778a42eaf1bc754809f7d4d31185ac77424a3c686d6759c  crypto/slh_dsa/slh_dsa.c
+95d42ca839ff34a050a7006734a06c157ad259512c1a10b978e9f899efe69f12  crypto/slh_dsa/slh_dsa.c
 ab7b580b1cba302c5675918b457794a3b3d00aac42297312d9447bc6f6a40b09  crypto/slh_dsa/slh_dsa_hash_ctx.c
 6a68c788eee184862cf90676324750fd4f17ca666b628ebc69b3b510d19ba819  crypto/slh_dsa/slh_dsa_key.c
 4c7981f7db69025f52495c549fb3b3a76be62b9e13072c3f3b7f1dedeaf8cc91  crypto/slh_dsa/slh_dsa_key.h
@@ -415,13 +415,13 @@
 f06b08138d73b834471abc4a3ba43b2be838f7196c937c3e933694d6cd69f74d  crypto/thread/arch/thread_win.c
 55953eb5a84d03e8d915ee867ddf8ec8be8c5eb444ea0b21b12a040a57e2c2c1  crypto/thread/internal.c
 2e5955d706b96c487e4875ffbe208fac15bdca06b33cee916d5343978c14efa1  crypto/threads_lib.c
-0585d64ace8f607cde3ae8aba27eb203e2fd648d3226c7b87fc49350b1f53d36  crypto/threads_none.c
-a8815d82ccf819040446fccc42984ee515341d7df14c896bee48d61aea55d2f4  crypto/threads_pthread.c
-794e50fd64df6c4da259bd951117291aebb0859c8a47d657a2524e67df3a850b  crypto/threads_win.c
+ca77056d184232d6fcfe39328ab0b887a4fc939913209717fca65898ebbd45c0  crypto/threads_none.c
+021afe4321ff954f3f4dd1b1d07a5e3e7778f7bccfaede08fab193d5752d9740  crypto/threads_pthread.c
+1915c5e3de649873745479df5cc365c38cf56ecb2fa21be6a053055f97013dce  crypto/threads_win.c
 93f8fe09f96492a6be6772ddbf0cc37912fc2a90acb7faea378da1735fe20f6f  crypto/time.c
 88c5f9f4d2611223d283ebd2ae10ae5ecbb9972d00f747d93fcb74b62641e3f9  crypto/x86_64cpuid.pl
 085d9fe93adf232f1ff838be9235046c2c2abe2daeb0e6342921d8f2e955dc18  crypto/x86cpuid.pl
-0f089e0c6ab4091eebc1d3d54dbd18603fa4f90238fc6512610c3ec3469536ba  include/crypto/aes_platform.h
+6486afb23846d3c11c3a655e7e6cae24f8cdaf5dd4d6a887b5a04c53f52895b0  include/crypto/aes_platform.h
 8b68c7b69b8da6e729789dbd99d45c341458786e2bc0e2c6c6a341e6792d6b10  include/crypto/asn1.h
 9acd69adc80fbf9fa88fed4bcc7b3c0ba87e2add98d7ba311d8b092a2d5a0d2c  include/crypto/asn1_dsa.h
 21084935a7f88a5926a087832afe8bc6705b1a7813fe226eb4c0df12c753d3a4  include/crypto/bn.h
@@ -449,7 +449,7 @@
 3f28391ed526d791a578e76a40961592e15ae2bf62b81d5924525e1f21684659  include/crypto/security_bits.h
 70b36014254ca6cbe4126573ea6a71069cc278a6ceaa36412343f19b204c4c13  include/crypto/sha.h
 127ede705ecfa8ec504e57cdee1210c5d7a9044121ff05d1dcf72955958346ed  include/crypto/slh_dsa.h
-8d50d439dd064b66fe349787228435d7a5ba4bc46917a1287c8d876f7faf37db  include/crypto/sparse_array.h
+df915f569207111cdb011e85ee0f40bcd169ac0a413cc858ccee0b5001cefbb5  include/crypto/sparse_array.h
 eb1f4f50bafdd357aa15b54f60f5ecde10876253038f00bf518fbf60840addc1  include/crypto/types.h
 fd5e610fe38804f5de05931706b8efc717663a892f74aa6aee30301ff5e31a25  include/internal/bio.h
 d32565e2b426131dc2415e60a97c94570ca982d29ddd97d2e23d6b9f73b1d81c  include/internal/common.h
@@ -490,7 +490,7 @@
 fb5bdada32614d7214569dc111b8bbc43592886799f0536b844a64a2541727cb  include/internal/thread.h
 a8fa7ddc1e54ca296bda9ee05a7a39bb7e803eb0567cc75a9b949b80cada7552  include/internal/thread_arch.h
 1cc86957e734ce34acd949b9e9e9d588a6c82afb68a09c787fb69f5e4cb20b1a  include/internal/thread_once.h
-d9f5e7c10f41913a25f1ef89bedef6070ed3b8bb3c6ae2fe9f7d8993082d86f4  include/internal/time.h
+07af0c702bf779720f6849dcc54b59235a5ac87513c77d6123aa334d71f5a7b3  include/internal/time.h
 2a4f456b95ae6c60a1bd7be966400f7aa12f791ece6f2d31a22acae6fd77c623  include/internal/tlsgroups.h
 79db205cd380711f09748b4ab020442050acaa0a8a940e2be38c4916e23dd1ff  include/internal/to_hex.h
 47c827eb0766d6aa82cec54648fc57b33a3dfec8539cab7bce161cf73455abaa  include/internal/tsan_assist.h
@@ -511,7 +511,7 @@
 4e195b6f7a734756e21c4269cc245b292e1a563aaec5644402929d0eac423c41  include/openssl/configuration.h.in
 f76830b31c947d86c2e6a302ab8df6b83076f8d29120bce9a58195551eb48e1a  include/openssl/conftypes.h
 a013fca5cc6b5cc26eb1c76eaeba31e99408e88fe89c343a44cc0b22f8e63eab  include/openssl/core.h
-06eff5fb11c68f0fd4b70b0162517647afeefeff345e2541f7f2d820c97a8d95  include/openssl/core_dispatch.h
+8486d6f6818911651b0f3ba02366a362b0d4d988f014089a4f3a3f6ecca7926c  include/openssl/core_dispatch.h
 b47e5195bcf209e120858a2c671eaf0589fbd1baf1c5f69237ab94651772808a  include/openssl/core_names.h.in
 e623d4e8d36d7e0f0825fe5cb48e1176be19c0bedc5053fce488aa48602f351c  include/openssl/crypto.h.in
 128ef415305b704d51461ab98c688c69fde868acb5f5f74c92b2d0517823e71a  include/openssl/cryptoerr.h
@@ -539,7 +539,7 @@
 1dc0dce58de44226fc0afb51073c39933fb65dfd3a0131c4eff17bcb93018665  include/openssl/indicator.h
 36b0013002d44397aa41b021ec13433230221aa9722ce5fc31648f08d27ac448  include/openssl/kdf.h
 f4a6b9adcd0158222878f5c55e3b40c620361d328bc624ce22d4937c0c054fbf  include/openssl/lhash.h.in
-e7753bdc658187d6ac5fb51902c79bff929f3ad416fd907c02cd34568a30864c  include/openssl/macros.h
+3a6bbc7833212d862484513a0f1ec895450c8377290a644c17061051fecd162c  include/openssl/macros.h
 0da95b5743f5c12ba1a30c1ef84f9fe57ccd5816febb1b5fd3a4f573ec885cd8  include/openssl/ml_kem.h
 06f0d4621c344401f280a4e69e48ba987a0600b7f52ee16b25c4620277b081f9  include/openssl/modes.h
 6d40e3edc18bac56826b2beb9439e7e43a680867a0a9ae1d3f75e07dc72b024d  include/openssl/obj_mac.h
@@ -556,7 +556,7 @@
 d0fffeeaf8a20f6c86e8a6bfaeb1eab7c00188b1844c109ead4232c8dfb3705b  include/openssl/provider.h
 c467dcada2506c820e2dcb002dff9d797aaf9527c8778871d79d79a93bc673e7  include/openssl/rand.h
 23d76dfea708747bdc2ffac41e25b156a22d2d0cb744323a3b9859c54bfbb98a  include/openssl/randerr.h
-c477f6a040cbd444318469a9f5899d368b4e42680ab7337f6859549bc55cf2af  include/openssl/rsa.h
+06dd86ec673693fc7c47a8b8489a72b648a56a667469064fbbfc91bcf20ad650  include/openssl/rsa.h
 6f79765285a8244f6c1858b86db8e390e4bc6c7905a7e4576973316612f7b015  include/openssl/rsaerr.h
 546e4277a9897ed5c01b9ab30168e82f4acf9a6a20da430ebf7dd698d5f888fc  include/openssl/safestack.h.in
 695683de2485c3b83d9116877f5d5ca3eb84a3bbb599f6bb02c9e595e7102b41  include/openssl/self_test.h
@@ -565,7 +565,7 @@
 d381d0b4113f0fa18b3e421eae303fc84daf84eacb1236cb6e9976409a2d33a9  include/openssl/symhacks.h
 fc527427bafa6862d9e3847c961dd6cbbcccc39d25762c65ad3b99fae9599e2e  include/openssl/thread.h
 a481e8762c694b3dac0e74aac8626fe60fa94962a14914f1f6969ea1214c40b1  include/openssl/trace.h
-1e0253d1f5487b8e92c39f8c3a15ee3030625c4d9735f9cdbbcc9974c213e925  include/openssl/types.h
+9e04a3e9ca5352adffbdd75a5ea5237e8ff96a8c0a842368cc3a29de006b2ee7  include/openssl/types.h
 62e0cddeedfc217ac02bf37f3669ccea8d0822a88a74a8ec82b844a85b2700aa  include/openssl/x509.h.in
 869959c3d557d2ace84f38b7a8d0f23b3b0854de7f952f46310e828af04554dd  include/openssl/x509_vfy.h.in
 5dbee881fe4e1f08a773e8bd34eeda7639be7c474a3d4d6e7c8d779e19c7eb2a  include/openssl/x509err.h
@@ -616,10 +616,10 @@
 ef204adc49776214dbb299265bc4f2c40b48848cbea4c25b8029f2b46a5c9797  providers/fips/include/fips_indicator_params.inc
 f2581d7b4e105f2bb6d30908f3c2d9959313be08cec6dbeb49030c125a7676d3  providers/fips/include/fips_selftest_params.inc
 7b80823bb5613e17e8576789ec77712d89c81e7beb6ce50b58037e925e465abd  providers/fips/include/fipscommon.h
-44a6e7b590de3d8a7711ac373348e4c9bc7a24dd57759897f2cb5db2cd8bba62  providers/fips/self_test.c
+c00c429b0e022db3ef9b08b3400627a1f268fb071e84d0538fb68c060da6a3db  providers/fips/self_test.c
 5c2c6c2f69e2eb01b88fa35630f27948e00dd2c2fd351735c74f34ccb2005cbe  providers/fips/self_test.h
 df83c901ad13675fbbb4708b6087feba6099870ad3dd0e8d09cfdb6798419770  providers/fips/self_test_data.inc
-bc58582893d748a0a61662cf9363ad73c91f35f2956dbcafc8d1ed37039b15d3  providers/fips/self_test_kats.c
+aab0bbdaa8e70f6cf9c3871d62b1efc6029cbe386c5d6318d7bc730da0fa8f19  providers/fips/self_test_kats.c
 d942921caa433ae9e62959b0ad1caad277b50d005ffc439c6d0e7b0886dba882  providers/implementations/asymciphers/rsa_enc.c
 c2f1b12c64fc369dfc3b9bc9e76a76de7280e6429adaee55d332eb1971ad1879  providers/implementations/ciphers/cipher_aes.c
 6ba7d817081cf0d87ba7bfb38cd9d70e41505480bb8bc796ef896f68d4514ea6  providers/implementations/ciphers/cipher_aes.h
@@ -639,7 +639,7 @@
 60c4f604cf9b5457be48f31cc24ca21729660381081b2dbf99f362a013a09684  providers/implementations/ciphers/cipher_aes_gcm_hw_vaes_avx512.inc
 e2886780637db72b12c9bc488d81647ed55a7f5c850efd4bdbf88ef7127e1913  providers/implementations/ciphers/cipher_aes_hw.c
 89de794c090192459d99d95bc4a422e7782e62192cd0fdb3bdef4128cfedee68  providers/implementations/ciphers/cipher_aes_hw_aesni.inc
-e691fd1ee71c40bc76b01bbe2a6f027496a210a2e49e20908b87033552fc8c52  providers/implementations/ciphers/cipher_aes_ocb.c
+d95dde2258887edca985237a0623855b49dd9e93d21407e9fcfe33497513be4c  providers/implementations/ciphers/cipher_aes_ocb.c
 88138a1aff9705e608c0557653be92eb4de65b152555a2b79ec8b2a8fae73e8f  providers/implementations/ciphers/cipher_aes_ocb.h
 6c3a89771719b36d6917d23464be5441836378393731af96ba165fd788df1a41  providers/implementations/ciphers/cipher_aes_ocb_hw.c
 c7aac28a9dca1ad46e5bce4de93e07dffec1f89fab82394c3ff7cf1bda8b483f  providers/implementations/ciphers/cipher_aes_wrp.c
@@ -653,7 +653,7 @@
 9cfdcc860a03b6e7ced8cc21bcbbc1c070c89aefab04b07f213c7a3db1895553  providers/implementations/ciphers/cipher_tdes.h
 00b931090e26ce9a62ee4ea125586f439a9906db5d7b914ffc67d293a57c7c00  providers/implementations/ciphers/cipher_tdes_common.c
 cca34f1c7baf3a98964f7ce19a59e06d1eaf2ada121a0d4a438f4078a072b325  providers/implementations/ciphers/cipher_tdes_hw.c
-5739bf4391b40a6715e25a03f42701e938b160e1189c33e72b21f57d4991586e  providers/implementations/ciphers/ciphercommon.c
+d2f418806c7ed45f118683bc13329573804592684e522efced0fd0921f4548fd  providers/implementations/ciphers/ciphercommon.c
 ab9a2edb23aa61cf31da6addd8674a6028f93399eceeeee35a56ee770338fd6c  providers/implementations/ciphers/ciphercommon_block.c
 6b6090c233ddf29d819f2559361aeeae03505de7626a127628d5f0f6d3bce295  providers/implementations/ciphers/ciphercommon_ccm.c
 6632a555d5bcd5af67d0355ce46c2906bb3a0dcdf1651595b29189c40a5ca675  providers/implementations/ciphers/ciphercommon_ccm_hw.c
@@ -670,8 +670,8 @@
 b1115636f53bf70f417b183cafeb6d38e230d11d8de731e6896ba60cc850d931  providers/implementations/exchange/kdf_exch.c
 1644609260b996c1a46610d02474f991e1ee4bdff5d8175e759c49a92f2b5107  providers/implementations/include/prov/ciphercommon.h
 f1dd49b30604d9b8e948c135329a270a4d3e04857f7f9159a3e84f46a024d59d  providers/implementations/include/prov/ciphercommon_aead.h
-3226fc5162aff5b2e992b24944c49bc28855a47bbf69a789bc73ccabd886e9c0  providers/implementations/include/prov/ciphercommon_ccm.h
-45885a39d0f9e30a8032c6020970389104c69b909d9699fd1c79335184fb17fa  providers/implementations/include/prov/ciphercommon_gcm.h
+af38be5b3d16c3ced0028bc9b3fbe957a6a817e23967bacc7df65566ba107edb  providers/implementations/include/prov/ciphercommon_ccm.h
+35d1c063e840c9cd5114c5e57b007a19868982a82d8e40a99b2935c9f1f5e05e  providers/implementations/include/prov/ciphercommon_gcm.h
 35596c97faf324823d19a01e1b5674c7a15f1a6e7ff1ef1c7d46400c2a68f63b  providers/implementations/include/prov/digestcommon.h
 1baf1c06b20a0eb8ec271452544922d67c1cc168dbe9853b259191de4bd99918  providers/implementations/include/prov/ecx.h
 b0d1f6fc3c9220fe6d4656e487bad8df16b6f840054018b95b2752ea9aef822d  providers/implementations/include/prov/hmac_drbg.h
@@ -694,7 +694,7 @@
 39207243a84beb670cb0e64b6d0fe7bfc6a3dd84000617b647a3ecf52a1da3c2  providers/implementations/kdfs/x942kdf.c
 748af266d06006da10524f3a621c65b8c3eeddf8b1ccd06ecdc6b689564d220c  providers/implementations/kem/ml_kem_kem.c
 35549cec7031452bb5b46aa8a86028abc7a3a2b39f9f6564fa4bd402451bc647  providers/implementations/kem/mlx_kem.c
-c764555b9dc9b273c280514a5d2d44156f82f3e99155a77c627f2c773209bcd7  providers/implementations/kem/rsa_kem.c
+e89b894af920504160abfc11860b89b505d116d978162a02213f72500180903b  providers/implementations/kem/rsa_kem.c
 aa13d72bc69a374db72b6d44e2f2c2ddd5f7bddbe16b950e3c4666d876c63735  providers/implementations/keymgmt/dh_kmgmt.c
 c0446d1b2101ddd977063516b87d23f424cdca33473f293db4c3974b674169b0  providers/implementations/keymgmt/dsa_kmgmt.c
 2b98ba2124a86eae2adc7b88bfa26e47b548e9628b99180cc2cd841eed5ed8da  providers/implementations/keymgmt/ec_kmgmt.c
@@ -703,7 +703,7 @@
 daf35a7ab961ef70aefca981d80407935904c5da39dca6692432d6e6bc98759d  providers/implementations/keymgmt/kdf_legacy_kmgmt.c
 69b509e9c7fe9692622d1059917c3adb991c0047e11bc116f0a393a3a0539445  providers/implementations/keymgmt/mac_legacy_kmgmt.c
 3c63e65bd1a6a2e853828205c015a50c38a82f2fee9bf6787dce6dab7331bb91  providers/implementations/keymgmt/ml_dsa_kmgmt.c
-716e75fe56847f0c4c7bf7d86d78040ca575cdf1dcf63c1a93d351f0e836477f  providers/implementations/keymgmt/ml_kem_kmgmt.c
+30db36c6fe6b4449179488da1761e219d0c772a8fb8e74c8411d1e0f57e4aed2  providers/implementations/keymgmt/ml_kem_kmgmt.c
 01d75c1eba93ed23f98130d6c308550d0ab2e44c5651101628861bc0238623d0  providers/implementations/keymgmt/mlx_kmgmt.c
 cd4b8129eaccbd77f9b6c725d3cb57b71109c4649115ec786b6495100afaddf2  providers/implementations/keymgmt/rsa_kmgmt.c
 d640cff1c46911b69866eb83f48beba42a1741bb1d3f1db6e7201077a57761fc  providers/implementations/keymgmt/slh_dsa_kmgmt.c
@@ -714,12 +714,12 @@
 0ebc5a48655a697231918644397308e64914c32421e9b8ee7afd7779b6a2fdb8  providers/implementations/rands/drbg.c
 d9e41abc1780bb253bdca6c58cc32af7d0a774e52c91fc5d64577f71defc52c2  providers/implementations/rands/drbg_ctr.c
 cf98646defb0b385d6ce4bedcd51559c9a03424491f4576ea7eb41e3db8a18b3  providers/implementations/rands/drbg_hash.c
-45993825b1224097f6b9ea12643c09a09dc66beecfdfb3dd337d468931ab0f25  providers/implementations/rands/drbg_hmac.c
+57561d4bd3a79e6a250310a989958409437dfa68b2818d5f0dbb8a5e7ef04bb7  providers/implementations/rands/drbg_hmac.c
 841617c81d6d5eae5ea59064e8b45947d436d3e53b49283329d17016866d8f34  providers/implementations/rands/drbg_local.h
 355bd437dde9ecd1da89f42691147f2b5cf9a012ff5f55062bf83b6bead1e181  providers/implementations/rands/fips_crng_test.c
 4913fec58a2648fcec0e5a94dba9decab0505a6d725bed6eb861ce854db81df8  providers/implementations/rands/test_rng.c
-74e60389dc5ab0a69701af0181b6a915fc87ce9a0874cc949f7e9e85ae4642e7  providers/implementations/signature/dsa_sig.c
-ca090b1987debf6a30f17551b0be613f7a2e6ce0d07b0d6924e0f759a970af4d  providers/implementations/signature/ecdsa_sig.c
+c6c709dfd8b1be036e2a5232d3b21dc25f0150f2aae24cc7db6b09cd790a04ee  providers/implementations/signature/dsa_sig.c
+d10d611713a6d9aa5cdbe636f1ba90404043431fd1df01fc1a1ce8499bf96ad0  providers/implementations/signature/ecdsa_sig.c
 a837f69cb1aa5d0327372e26a63a8492b6ffb1156325f66e880c202011d07cbe  providers/implementations/signature/eddsa_sig.c
 e0e67e402ff19b0d2eb5228d7ebd70b9477c12595ac34d6f201373d7c8a516f4  providers/implementations/signature/mac_legacy_sig.c
 51251a1ca4c0b6faea059de5d5268167fe47565163317177d09db39978134f78  providers/implementations/signature/ml_dsa_sig.c
diff -Nru openssl-3.5.5/providers/fips.checksum openssl-3.5.6/providers/fips.checksum
--- openssl-3.5.5/providers/fips.checksum	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/fips.checksum	2026-04-07 12:26:30.000000000 +0000
@@ -1 +1 @@
-7fb222f49c7b3a423c4bb2f62da17eae3e209cb3e9b9a9a3db624bcdfba3151a  providers/fips-sources.checksums
+541f8f3eafccc78db022af2226f0d6501b43a3d96e2e23fd7dffb29a80d218b8  providers/fips-sources.checksums
diff -Nru openssl-3.5.5/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc openssl-3.5.6/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc
--- openssl-3.5.5/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/ciphers/cipher_aes_gcm_hw_ppc.inc	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -44,8 +44,8 @@
 static size_t ppc_aes_gcm_crypt(const unsigned char *in, unsigned char *out, size_t len,
                                 const void *key, unsigned char ivec[16], u64 *Xi, int encrypt)
 {
-    int s = 0;
-    int ndone = 0;
+    size_t s = 0;
+    size_t ndone = 0;
     int ctr_reset = 0;
     u64 blocks_unused;
     u64 nb = len / 16;
@@ -119,7 +119,7 @@
                 size_t res = (16 - ctx->gcm.mres) % 16;
 
                 if (CRYPTO_gcm128_decrypt(&ctx->gcm, in, out, res))
-                    return -1;
+                    return 0;
 
                 bulk = ppc_aes_gcm_crypt(in + res, out + res, len - res,
                                          ctx->gcm.key,
diff -Nru openssl-3.5.5/providers/implementations/ciphers/cipher_aes_ocb.c openssl-3.5.6/providers/implementations/ciphers/cipher_aes_ocb.c
--- openssl-3.5.5/providers/implementations/ciphers/cipher_aes_ocb.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/ciphers/cipher_aes_ocb.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -27,7 +27,7 @@
 #define OCB_MIN_IV_LEN 1
 #define OCB_MAX_IV_LEN 15
 
-PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX * ctx, const unsigned char *in, unsigned char *out, size_t nextblock));
+PROV_CIPHER_FUNC(int, ocb_cipher, (PROV_AES_OCB_CTX *ctx, const unsigned char *in, unsigned char *out, size_t nextblock));
 /* forward declarations */
 static OSSL_FUNC_cipher_encrypt_init_fn aes_ocb_einit;
 static OSSL_FUNC_cipher_decrypt_init_fn aes_ocb_dinit;
diff -Nru openssl-3.5.5/providers/implementations/ciphers/ciphercommon.c openssl-3.5.6/providers/implementations/ciphers/ciphercommon.c
--- openssl-3.5.5/providers/implementations/ciphers/ciphercommon.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/ciphers/ciphercommon.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -691,6 +691,10 @@
             ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
         }
+        if (ctx->blocksize > 0 && num >= (unsigned int)ctx->blocksize) {
+            ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER);
+            return 0;
+        }
         ctx->num = num;
     }
     return 1;
diff -Nru openssl-3.5.5/providers/implementations/include/prov/ciphercommon_ccm.h openssl-3.5.6/providers/implementations/include/prov/ciphercommon_ccm.h
--- openssl-3.5.5/providers/implementations/include/prov/ciphercommon_ccm.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/include/prov/ciphercommon_ccm.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -48,13 +48,13 @@
     const PROV_CCM_HW *hw; /* hardware specific methods  */
 } PROV_CCM_CTX;
 
-PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX * ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len));
-PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX * ctx, const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX * dat, const unsigned char *iv, size_t ivlen, size_t mlen));
-PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX * ctx, const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX * ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
-PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX * ctx, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_cipher, (PROV_CCM_CTX *ctx, unsigned char *out, size_t *padlen, const unsigned char *in, size_t len));
+PROV_CIPHER_FUNC(int, CCM_setkey, (PROV_CCM_CTX *ctx, const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, CCM_setiv, (PROV_CCM_CTX *dat, const unsigned char *iv, size_t ivlen, size_t mlen));
+PROV_CIPHER_FUNC(int, CCM_setaad, (PROV_CCM_CTX *ctx, const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, CCM_auth_encrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_auth_decrypt, (PROV_CCM_CTX *ctx, const unsigned char *in, unsigned char *out, size_t len, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, CCM_gettag, (PROV_CCM_CTX *ctx, unsigned char *tag, size_t taglen));
 
 /*
  * CCM Mode internal method table used to handle hardware specific differences,
diff -Nru openssl-3.5.5/providers/implementations/include/prov/ciphercommon_gcm.h openssl-3.5.6/providers/implementations/include/prov/ciphercommon_gcm.h
--- openssl-3.5.5/providers/implementations/include/prov/ciphercommon_gcm.h	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/include/prov/ciphercommon_gcm.h	2026-04-07 12:26:30.000000000 +0000
@@ -1,6 +1,6 @@
 
 /*
- * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -81,12 +81,12 @@
     ctr128_f ctr;
 } PROV_GCM_CTX;
 
-PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX * ctx, const unsigned char *key, size_t keylen));
-PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX * dat, const unsigned char *iv, size_t ivlen));
-PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX * ctx, const unsigned char *aad, size_t aadlen));
-PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX * ctx, const unsigned char *in, size_t len, unsigned char *out));
-PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX * ctx, unsigned char *tag));
-PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX * ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen));
+PROV_CIPHER_FUNC(int, GCM_setkey, (PROV_GCM_CTX *ctx, const unsigned char *key, size_t keylen));
+PROV_CIPHER_FUNC(int, GCM_setiv, (PROV_GCM_CTX *dat, const unsigned char *iv, size_t ivlen));
+PROV_CIPHER_FUNC(int, GCM_aadupdate, (PROV_GCM_CTX *ctx, const unsigned char *aad, size_t aadlen));
+PROV_CIPHER_FUNC(int, GCM_cipherupdate, (PROV_GCM_CTX *ctx, const unsigned char *in, size_t len, unsigned char *out));
+PROV_CIPHER_FUNC(int, GCM_cipherfinal, (PROV_GCM_CTX *ctx, unsigned char *tag));
+PROV_CIPHER_FUNC(int, GCM_oneshot, (PROV_GCM_CTX *ctx, unsigned char *aad, size_t aad_len, const unsigned char *in, size_t in_len, unsigned char *out, unsigned char *tag, size_t taglen));
 struct prov_gcm_hw_st {
     OSSL_GCM_setkey_fn setkey;
     OSSL_GCM_setiv_fn setiv;
diff -Nru openssl-3.5.5/providers/implementations/kdfs/pkcs12kdf.c openssl-3.5.6/providers/implementations/kdfs/pkcs12kdf.c
--- openssl-3.5.5/providers/implementations/kdfs/pkcs12kdf.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/kdfs/pkcs12kdf.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -266,6 +266,15 @@
     if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_ITER)) != NULL)
         if (!OSSL_PARAM_get_uint64(p, &ctx->iter))
             return 0;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    /*
+     * If we're running the fuzzer, limit iteration count to
+     * 100 so we don't time out running the derivation for
+     * a really long time
+     */
+    if (getenv("OPENSSL_RUNNING_UNIT_TESTS") == NULL && p != NULL && ctx->iter > 100)
+        ctx->iter = 100;
+#endif
     return 1;
 }
 
diff -Nru openssl-3.5.5/providers/implementations/kem/rsa_kem.c openssl-3.5.6/providers/implementations/kem/rsa_kem.c
--- openssl-3.5.5/providers/implementations/kem/rsa_kem.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/kem/rsa_kem.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -316,17 +316,19 @@
         return 0;
 
     /* Step(3): out = RSAEP((n,e), z) */
-    ret = RSA_public_encrypt(nlen, secret, out, prsactx->rsa, RSA_NO_PADDING);
-    if (ret) {
-        ret = 1;
-        if (outlen != NULL)
-            *outlen = nlen;
-        if (secretlen != NULL)
-            *secretlen = nlen;
-    } else {
+    ret = RSA_public_encrypt((int)nlen, secret, out, prsactx->rsa,
+        RSA_NO_PADDING);
+    if (ret <= 0 || ret != (int)nlen) {
         OPENSSL_cleanse(secret, nlen);
+        return 0;
     }
-    return ret;
+
+    if (outlen != NULL)
+        *outlen = nlen;
+    if (secretlen != NULL)
+        *secretlen = nlen;
+
+    return 1;
 }
 
 /**
diff -Nru openssl-3.5.5/providers/implementations/keymgmt/ml_kem_kmgmt.c openssl-3.5.6/providers/implementations/keymgmt/ml_kem_kmgmt.c
--- openssl-3.5.5/providers/implementations/keymgmt/ml_kem_kmgmt.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/keymgmt/ml_kem_kmgmt.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2024-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2024-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -799,7 +799,7 @@
         return;
 
     if (gctx->seed != NULL)
-        OPENSSL_cleanse(gctx->seed, ML_KEM_RANDOM_BYTES);
+        OPENSSL_cleanse(gctx->seed, ML_KEM_SEED_BYTES);
     OPENSSL_free(gctx->propq);
     OPENSSL_free(gctx);
 }
diff -Nru openssl-3.5.5/providers/implementations/rands/drbg_hmac.c openssl-3.5.6/providers/implementations/rands/drbg_hmac.c
--- openssl-3.5.5/providers/implementations/rands/drbg_hmac.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/rands/drbg_hmac.c	2026-04-07 12:26:30.000000000 +0000
@@ -437,7 +437,7 @@
 
     p = OSSL_PARAM_locate_const(params, OSSL_ALG_PARAM_DIGEST);
     if (p) {
-        if (OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) {
+        if (!OSSL_PARAM_get_utf8_string_ptr(p, &digest_name)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
             goto done;
         }
@@ -458,7 +458,7 @@
     if (p == NULL) {
         hmac_name = "HMAC";
     } else {
-        if (OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) {
+        if (!OSSL_PARAM_get_utf8_string_ptr(p, &hmac_name)) {
             ERR_raise(ERR_LIB_PROV, PROV_R_VALUE_ERROR);
             goto done;
         }
diff -Nru openssl-3.5.5/providers/implementations/signature/dsa_sig.c openssl-3.5.6/providers/implementations/signature/dsa_sig.c
--- openssl-3.5.5/providers/implementations/signature/dsa_sig.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/signature/dsa_sig.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -634,13 +634,14 @@
     if (!ossl_prov_is_running())
         return NULL;
 
-    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
-    if (dstctx == NULL)
+    if ((dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL)
         return NULL;
 
-    *dstctx = *srcctx;
     dstctx->dsa = NULL;
     dstctx->propq = NULL;
+    dstctx->md = NULL;
+    dstctx->mdctx = NULL;
+    dstctx->sig = NULL;
 
     if (srcctx->dsa != NULL && !DSA_up_ref(srcctx->dsa))
         goto err;
@@ -650,18 +651,15 @@
         goto err;
     dstctx->md = srcctx->md;
 
-    if (srcctx->mdctx != NULL) {
-        dstctx->mdctx = EVP_MD_CTX_new();
-        if (dstctx->mdctx == NULL
-            || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
-            goto err;
-    }
-
-    if (srcctx->propq != NULL) {
-        dstctx->propq = OPENSSL_strdup(srcctx->propq);
-        if (dstctx->propq == NULL)
-            goto err;
-    }
+    if (srcctx->mdctx != NULL
+        && (dstctx->mdctx = EVP_MD_CTX_dup(srcctx->mdctx)) == NULL)
+        goto err;
+    if (srcctx->propq != NULL
+        && ((dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL))
+        goto err;
+    if (srcctx->sig != NULL
+        && ((dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL))
+        goto err;
 
     return dstctx;
 err:
@@ -972,6 +970,12 @@
             if (!OSSL_PARAM_get_octet_string(p, (void **)&pdsactx->sig,
                     0, &pdsactx->siglen))
                 return 0;
+            /* The signature must not be empty */
+            if (pdsactx->siglen == 0) {
+                OPENSSL_free(pdsactx->sig);
+                pdsactx->sig = NULL;
+                return 0;
+            }
         }
     }
     return 1;
diff -Nru openssl-3.5.5/providers/implementations/signature/ecdsa_sig.c openssl-3.5.6/providers/implementations/signature/ecdsa_sig.c
--- openssl-3.5.5/providers/implementations/signature/ecdsa_sig.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/signature/ecdsa_sig.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -630,40 +630,37 @@
     PROV_ECDSA_CTX *srcctx = (PROV_ECDSA_CTX *)vctx;
     PROV_ECDSA_CTX *dstctx;
 
-    if (!ossl_prov_is_running())
-        return NULL;
-
-    dstctx = OPENSSL_zalloc(sizeof(*srcctx));
-    if (dstctx == NULL)
+    /* Test KATS should not need to be supported */
+    if (!ossl_prov_is_running()
+        || srcctx->kinv != NULL
+        || srcctx->r != NULL
+        || (dstctx = OPENSSL_memdup(srcctx, sizeof(*srcctx))) == NULL)
         return NULL;
 
-    *dstctx = *srcctx;
     dstctx->ec = NULL;
     dstctx->propq = NULL;
+    dstctx->md = NULL;
+    dstctx->mdctx = NULL;
+    dstctx->sig = NULL;
 
     if (srcctx->ec != NULL && !EC_KEY_up_ref(srcctx->ec))
         goto err;
-    /* Test KATS should not need to be supported */
-    if (srcctx->kinv != NULL || srcctx->r != NULL)
-        goto err;
     dstctx->ec = srcctx->ec;
 
     if (srcctx->md != NULL && !EVP_MD_up_ref(srcctx->md))
         goto err;
     dstctx->md = srcctx->md;
 
-    if (srcctx->mdctx != NULL) {
-        dstctx->mdctx = EVP_MD_CTX_new();
-        if (dstctx->mdctx == NULL
-            || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx))
-            goto err;
-    }
-
-    if (srcctx->propq != NULL) {
-        dstctx->propq = OPENSSL_strdup(srcctx->propq);
-        if (dstctx->propq == NULL)
-            goto err;
-    }
+    if (srcctx->mdctx != NULL
+        && ((dstctx->mdctx = EVP_MD_CTX_new()) == NULL
+            || !EVP_MD_CTX_copy_ex(dstctx->mdctx, srcctx->mdctx)))
+        goto err;
+    if (srcctx->propq != NULL
+        && (dstctx->propq = OPENSSL_strdup(srcctx->propq)) == NULL)
+        goto err;
+    if (srcctx->sig != NULL
+        && (dstctx->sig = OPENSSL_memdup(srcctx->sig, srcctx->siglen)) == NULL)
+        goto err;
 
     return dstctx;
 err:
@@ -990,6 +987,12 @@
             if (!OSSL_PARAM_get_octet_string(p, (void **)&ctx->sig,
                     0, &ctx->siglen))
                 return 0;
+            /* The signature must not be empty */
+            if (ctx->siglen == 0) {
+                OPENSSL_free(ctx->sig);
+                ctx->sig = NULL;
+                return 0;
+            }
         }
     }
     return 1;
diff -Nru openssl-3.5.5/providers/implementations/signature/sm2_sig.c openssl-3.5.6/providers/implementations/signature/sm2_sig.c
--- openssl-3.5.5/providers/implementations/signature/sm2_sig.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/signature/sm2_sig.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -214,6 +214,12 @@
     int ret = 0;
     unsigned char *aid = NULL;
 
+    /*
+     * Each EVP_Digest{Sign,Verify}Init_ex(3) starts with fresh content, that
+     * needs to recompute the "Z" digest.
+     */
+    ctx->flag_compute_z_digest = 1;
+
     if (!sm2sig_signature_init(vpsm2ctx, ec, params)
         || !sm2sig_set_mdname(ctx, mdname))
         return ret;
@@ -247,8 +253,6 @@
     if (!EVP_DigestInit_ex2(ctx->mdctx, ctx->md, params))
         goto error;
 
-    ctx->flag_compute_z_digest = 1;
-
     ret = 1;
 
 error:
diff -Nru openssl-3.5.5/providers/implementations/storemgmt/file_store.c openssl-3.5.6/providers/implementations/storemgmt/file_store.c
--- openssl-3.5.5/providers/implementations/storemgmt/file_store.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/storemgmt/file_store.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -104,6 +104,8 @@
 
     /* Expected object type.  May be unspecified */
     int expected_type;
+    /* Fatal error occurred. We should indicate EOF. */
+    int fatal_error;
 };
 
 static void free_file_ctx(struct file_ctx_st *ctx)
@@ -559,8 +561,10 @@
 
     /* Setup the decoders (one time shot per session */
 
-    if (!file_setup_decoders(ctx))
+    if (!file_setup_decoders(ctx)) {
+        ctx->fatal_error = 1;
         return 0;
+    }
 
     /* Setup for this object */
 
@@ -758,6 +762,9 @@
 {
     struct file_ctx_st *ctx = loaderctx;
 
+    if (ctx->fatal_error)
+        return 1;
+
     switch (ctx->type) {
     case IS_DIR:
         return ctx->_.dir.end_reached;
diff -Nru openssl-3.5.5/providers/implementations/storemgmt/winstore_store.c openssl-3.5.6/providers/implementations/storemgmt/winstore_store.c
--- openssl-3.5.5/providers/implementations/storemgmt/winstore_store.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/providers/implementations/storemgmt/winstore_store.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -272,8 +272,10 @@
     const unsigned char *der_ = der;
     size_t der_len_ = der_len;
 
-    if (setup_decoder(ctx) == 0)
+    if (setup_decoder(ctx) == 0) {
+        ctx->state = STATE_EOF;
         return 0;
+    }
 
     data.object_cb = object_cb;
     data.object_cbarg = object_cbarg;
diff -Nru openssl-3.5.5/ssl/quic/quic_impl.c openssl-3.5.6/ssl/quic/quic_impl.c
--- openssl-3.5.5/ssl/quic/quic_impl.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/quic_impl.c	2026-04-07 12:26:30.000000000 +0000
@@ -4504,6 +4504,10 @@
      * to grab reference for qc.
      */
     qc->ch = ossl_quic_port_create_outgoing(qc->port, qc->tls);
+    if (qc->ch == NULL) {
+        QUIC_RAISE_NON_NORMAL_ERROR(NULL, ERR_R_INTERNAL_ERROR, NULL);
+        goto err;
+    }
 
     ossl_quic_channel_set_msg_callback(qc->ch, ql->obj.ssl.ctx->msg_callback, &qc->obj.ssl);
     ossl_quic_channel_set_msg_callback_arg(qc->ch, ql->obj.ssl.ctx->msg_callback_arg);
@@ -4600,9 +4604,10 @@
     int ret;
     QCTX ctx;
     SSL *conn_ssl = NULL;
+    SSL *conn_ssl_tmp = NULL;
     SSL_CONNECTION *conn = NULL;
     QUIC_CHANNEL *new_ch = NULL;
-    QUIC_CONNECTION *qc;
+    QUIC_CONNECTION *qc = NULL;
     int no_block = ((flags & SSL_ACCEPT_CONNECTION_NO_BLOCK) != 0);
 
     if (!expect_quic_listener(ssl, &ctx))
@@ -4651,28 +4656,38 @@
      * bound to new_ch. If channel constructor fails to create any item here
      * it just fails to create channel.
      */
-    if (!ossl_assert((conn_ssl = ossl_quic_channel_get0_tls(new_ch)) != NULL)
-        || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl)) != NULL)
-        || !ossl_assert((conn_ssl = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL))
+    if (!ossl_assert((conn_ssl_tmp = ossl_quic_channel_get0_tls(new_ch)) != NULL)
+        || !ossl_assert((conn = SSL_CONNECTION_FROM_SSL(conn_ssl_tmp)) != NULL)
+        || !ossl_assert((conn_ssl_tmp = SSL_CONNECTION_GET_USER_SSL(conn)) != NULL))
         goto out;
 
-    qc = (QUIC_CONNECTION *)conn_ssl;
-    qc->pending = 0;
-    if (!SSL_up_ref(&ctx.ql->obj.ssl)) {
-        /*
-         * You might expect ossl_quic_channel_free() to be called here. Be
-         * assured it happens, The process goes as follows:
-         *    - The SSL_free() here is being handled by ossl_quic_free().
-         *    - The very last step of ossl_quic_free() is call to qc_cleanup()
-         *      where channel gets freed.
-         */
-        SSL_free(conn_ssl);
+    qc = (QUIC_CONNECTION *)conn_ssl_tmp;
+    if (SSL_up_ref(&ctx.ql->obj.ssl)) {
+        qc->listener = ctx.ql;
+        conn_ssl = conn_ssl_tmp;
+        conn_ssl_tmp = NULL;
+        qc->pending = 0;
     }
-    qc->listener = ctx.ql;
 
 out:
 
     qctx_unlock(&ctx);
+    /*
+     * You might expect ossl_quic_channel_free() to be called here. Be
+     * assured it happens, The process goes as follows:
+     *    - The SSL_free() here is being handled by ossl_quic_free().
+     *    - The very last step of ossl_quic_free() is call to qc_cleanup()
+     *      where channel gets freed.
+     * NOTE: We defer this SSL_free until after the call to qctx_unlock above
+     * to avoid the deadlock that would occur when ossl_quic_free attempts to
+     * re-acquire this mutex.  We also do the gymnastics with conn_ssl and
+     * conn_ssl_tmp above so that we only actually do the free on the SSL
+     * object if the up-ref above fails, in such a way that we don't unbalance
+     * the listener refcount (i.e. if the up-ref fails above, we don't set the
+     * listener pointer so that we don't then drop the ref-count erroneously
+     * during the free operation.
+     */
+    SSL_free(conn_ssl_tmp);
     return conn_ssl;
 }
 
diff -Nru openssl-3.5.5/ssl/quic/quic_lcidm.c openssl-3.5.6/ssl/quic/quic_lcidm.c
--- openssl-3.5.5/ssl/quic/quic_lcidm.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/quic_lcidm.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -74,15 +74,21 @@
         0,
     };
     unsigned long hashval = 0;
+    unsigned char digest[SIPHASH_MIN_DIGEST_SIZE];
 
-    if (!SipHash_set_hash_size(&siphash, sizeof(unsigned long)))
+    /* Use a supported SipHash digest size (8 or 16); 8 is sufficient here. */
+    if (!SipHash_set_hash_size(&siphash, SIPHASH_MIN_DIGEST_SIZE))
         goto out;
     if (!SipHash_Init(&siphash, (uint8_t *)lcid_obj->hash_key, 0, 0))
         goto out;
     SipHash_Update(&siphash, lcid_obj->cid.id, lcid_obj->cid.id_len);
-    if (!SipHash_Final(&siphash, (unsigned char *)&hashval,
-            sizeof(unsigned long)))
+    if (!SipHash_Final(&siphash, digest, SIPHASH_MIN_DIGEST_SIZE))
         goto out;
+
+    /*
+     * Truncate the 64-bit SipHash digest into an unsigned long.
+     */
+    memcpy(&hashval, digest, sizeof(hashval) < sizeof(digest) ? sizeof(hashval) : sizeof(digest));
 out:
     return hashval;
 }
diff -Nru openssl-3.5.5/ssl/quic/quic_reactor.c openssl-3.5.6/ssl/quic/quic_reactor.c
--- openssl-3.5.5/ssl/quic/quic_reactor.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/quic_reactor.c	2026-04-07 12:26:30.000000000 +0000
@@ -76,6 +76,12 @@
 }
 
 #if defined(OPENSSL_SYS_WINDOWS)
+
+/* Work around for MinGW builds. */
+#if defined(__MINGW32__) && !defined(SIO_UDP_NETRESET)
+#define SIO_UDP_NETRESET _WSAIOW(IOC_VENDOR, 15)
+#endif
+
 /*
  * On Windows recvfrom() may return WSAECONNRESET when destination port
  * used in preceding call to sendto() is no longer reachable. The reset
diff -Nru openssl-3.5.5/ssl/quic/quic_rx_depack.c openssl-3.5.6/ssl/quic/quic_rx_depack.c
--- openssl-3.5.5/ssl/quic/quic_rx_depack.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/quic_rx_depack.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1316,6 +1316,7 @@
                     OSSL_QUIC_ERR_PROTOCOL_VIOLATION,
                     frame_type,
                     "NEW_CONN_ID valid only in 0/1-RTT");
+                return 0;
             }
             if (!depack_do_frame_new_conn_id(pkt, ch, ackm_data))
                 return 0;
diff -Nru openssl-3.5.5/ssl/quic/quic_srtm.c openssl-3.5.6/ssl/quic/quic_srtm.c
--- openssl-3.5.5/ssl/quic/quic_srtm.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/quic_srtm.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2023-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -168,6 +168,11 @@
 
     lh_SRTM_ITEM_free(srtm->items_rev);
     if (srtm->items_fwd != NULL) {
+        /*
+         * We don't need to call lh_SRTM_ITEM_set_down_load(..., 0)
+         * here because srtm_free_each() callback for _doall() does
+         * not call to lh_SRTIM_ITEM_delete().
+         */
         lh_SRTM_ITEM_doall(srtm->items_fwd, srtm_free_each);
         lh_SRTM_ITEM_free(srtm->items_fwd);
     }
diff -Nru openssl-3.5.5/ssl/quic/quic_stream_map.c openssl-3.5.6/ssl/quic/quic_stream_map.c
--- openssl-3.5.5/ssl/quic/quic_stream_map.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/quic_stream_map.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -122,6 +122,7 @@
 
 void ossl_quic_stream_map_cleanup(QUIC_STREAM_MAP *qsm)
 {
+    lh_QUIC_STREAM_set_down_load(qsm->map, 0);
     ossl_quic_stream_map_visit(qsm, release_each, qsm);
 
     lh_QUIC_STREAM_free(qsm->map);
diff -Nru openssl-3.5.5/ssl/quic/uint_set.c openssl-3.5.6/ssl/quic/uint_set.c
--- openssl-3.5.5/ssl/quic/uint_set.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/quic/uint_set.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -303,6 +303,8 @@
              * handled by the above cases.
              */
             y = create_set_item(end + 1, z->range.end);
+            if (y == NULL)
+                return 0;
             ossl_list_uint_set_insert_after(s, z, y);
             z->range.end = start - 1;
             break;
diff -Nru openssl-3.5.5/ssl/record/methods/tls_common.c openssl-3.5.6/ssl/record/methods/tls_common.c
--- openssl-3.5.5/ssl/record/methods/tls_common.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/record/methods/tls_common.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -620,6 +620,11 @@
 
                 thisrr->length = sslv2len & 0x7fff;
 
+                if (!rl->funcs->validate_record_header(rl, thisrr)) {
+                    /* RLAYERfatal already called */
+                    return OSSL_RECORD_RETURN_FATAL;
+                }
+
                 if (thisrr->length > TLS_BUFFER_get_len(rbuf)
                         - SSL2_RT_HEADER_LENGTH) {
                     RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
@@ -656,6 +661,11 @@
                 if (rl->msg_callback != NULL)
                     rl->msg_callback(0, version, SSL3_RT_HEADER, p, 5, rl->cbarg);
 
+                if (!rl->funcs->validate_record_header(rl, thisrr)) {
+                    /* RLAYERfatal already called */
+                    return OSSL_RECORD_RETURN_FATAL;
+                }
+
                 if (thisrr->length > TLS_BUFFER_get_len(rbuf) - SSL3_RT_HEADER_LENGTH) {
                     RLAYERfatal(rl, SSL_AD_RECORD_OVERFLOW,
                         SSL_R_PACKET_LENGTH_TOO_LONG);
@@ -663,11 +673,6 @@
                 }
             }
 
-            if (!rl->funcs->validate_record_header(rl, thisrr)) {
-                /* RLAYERfatal already called */
-                return OSSL_RECORD_RETURN_FATAL;
-            }
-
             /* now rl->rstate == SSL_ST_READ_BODY */
         }
 
diff -Nru openssl-3.5.5/ssl/s3_lib.c openssl-3.5.6/ssl/s3_lib.c
--- openssl-3.5.5/ssl/s3_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/s3_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -4322,7 +4322,7 @@
     switch (cmd) {
 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_DH_CB:
-        sc->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
+        sc->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
         ret = 1;
         break;
 #endif
@@ -4593,7 +4593,7 @@
     switch (cmd) {
 #if !defined(OPENSSL_NO_DEPRECATED_3_0)
     case SSL_CTRL_SET_TMP_DH_CB: {
-        ctx->cert->dh_tmp_cb = (DH * (*)(SSL *, int, int)) fp;
+        ctx->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp;
     } break;
 #endif
     case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
diff -Nru openssl-3.5.5/ssl/ssl_asn1.c openssl-3.5.6/ssl/ssl_asn1.c
--- openssl-3.5.5/ssl/ssl_asn1.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/ssl_asn1.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright 2005 Nokia. All rights reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -81,7 +81,7 @@
     ASN1_EXP_OPT(SSL_SESSION_ASN1, peer_rpk, ASN1_OCTET_STRING, 20)
 } static_ASN1_SEQUENCE_END(SSL_SESSION_ASN1)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(SSL_SESSION_ASN1)
 
 /* Utility functions for i2d_SSL_SESSION */
 
diff -Nru openssl-3.5.5/ssl/ssl_lib.c openssl-3.5.6/ssl/ssl_lib.c
--- openssl-3.5.5/ssl/ssl_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/ssl_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved
  * Copyright 2005 Nokia. All rights reserved.
  *
@@ -3412,22 +3412,21 @@
     int i;
     const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s);
 
-    if (sc == NULL)
+    if (size < 2 || buf == NULL)
         return NULL;
 
-    if (!sc->server
-        || sc->peer_ciphers == NULL
-        || size < 2)
+    buf[0] = '\0';
+
+    if (sc == NULL || !sc->server)
         return NULL;
 
     p = buf;
     clntsk = sc->peer_ciphers;
     srvrsk = SSL_get_ciphers(s);
-    if (clntsk == NULL || srvrsk == NULL)
-        return NULL;
 
-    if (sk_SSL_CIPHER_num(clntsk) == 0 || sk_SSL_CIPHER_num(srvrsk) == 0)
-        return NULL;
+    if (clntsk == NULL || sk_SSL_CIPHER_num(clntsk) == 0
+        || srvrsk == NULL || sk_SSL_CIPHER_num(srvrsk) == 0)
+        return buf;
 
     for (i = 0; i < sk_SSL_CIPHER_num(clntsk); i++) {
         int n;
@@ -3447,10 +3446,9 @@
     }
 
     /* No overlap */
-    if (p == buf)
-        return NULL;
+    if (p != buf)
+        p[-1] = '\0';
 
-    p[-1] = '\0';
     return buf;
 }
 
diff -Nru openssl-3.5.5/ssl/ssl_sess.c openssl-3.5.6/ssl/ssl_sess.c
--- openssl-3.5.5/ssl/ssl_sess.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/ssl_sess.c	2026-04-07 12:26:30.000000000 +0000
@@ -790,9 +790,9 @@
                     ssl_tsan_counter(ctx, &ctx->stats.sess_cache_full);
             }
         }
-    }
 
-    SSL_SESSION_list_add(ctx, c);
+        SSL_SESSION_list_add(ctx, c);
+    }
 
     if (s != NULL) {
         /*
diff -Nru openssl-3.5.5/ssl/statem/statem_dtls.c openssl-3.5.6/ssl/statem/statem_dtls.c
--- openssl-3.5.5/ssl/statem/statem_dtls.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/statem/statem_dtls.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2005-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2005-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1177,7 +1177,11 @@
         return 0;
     }
 
-    pqueue_insert(s->d1->sent_messages, item);
+    if (pqueue_insert(s->d1->sent_messages, item) == NULL) {
+        dtls1_hm_fragment_free(frag);
+        pitem_free(item);
+        return 0;
+    }
     return 1;
 }
 
diff -Nru openssl-3.5.5/ssl/t1_lib.c openssl-3.5.6/ssl/t1_lib.c
--- openssl-3.5.5/ssl/t1_lib.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/ssl/t1_lib.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -211,7 +211,7 @@
 
 /* Group list string of the built-in pseudo group DEFAULT_SUITE_B */
 #define SUITE_B_GROUP_NAME "DEFAULT_SUITE_B"
-#define SUITE_B_GROUP_LIST "secp256r1:secp384r1",
+#define SUITE_B_GROUP_LIST "?secp256r1:?secp384r1",
 
 struct provider_ctx_data_st {
     SSL_CTX *ctx;
@@ -1244,8 +1244,8 @@
     size_t ksidcnt; /* Number of key shares */
     uint16_t *ksid_arr; /* The IDs of the key share groups (flat list) */
     /* Variable to keep state between execution of callback or helper functions */
-    size_t tuple_mode; /* Keeps track whether tuple_cb called from 'the top' or from gid_cb */
-    int ignore_unknown_default; /* Flag such that unknown groups for DEFAULT[_XYZ] are ignored */
+    int inner; /* Are we expanding a DEFAULT list */
+    int first; /* First tuple of possibly nested expansion? */
 } gid_cb_st;
 
 /* Forward declaration of tuple callback function */
@@ -1264,7 +1264,7 @@
     int found_group = 0;
     char etmp[GROUP_NAME_BUFFER_LENGTH];
     int retval = 1; /* We assume success */
-    char *current_prefix;
+    const char *current_prefix;
     int ignore_unknown = 0;
     int add_keyshare = 0;
     int remove_group = 0;
@@ -1320,16 +1320,16 @@
             for (i = 0; i < OSSL_NELEM(default_group_strings); i++) {
                 if ((size_t)len == (strlen(default_group_strings[i].list_name))
                     && OPENSSL_strncasecmp(default_group_strings[i].list_name, elem, len) == 0) {
+                    int saved_first;
+
                     /*
                      * We're asked to insert an entire list of groups from a
                      * DEFAULT[_XYZ] 'pseudo group' which we do by
                      * recursively calling this function (indirectly via
                      * CONF_parse_list and tuple_cb); essentially, we treat a DEFAULT
                      * group string like a tuple which is appended to the current tuple
-                     * rather then starting a new tuple. Variable tuple_mode is the flag which
-                     * controls append tuple vs start new tuple.
+                     * rather then starting a new tuple.
                      */
-
                     if (ignore_unknown || remove_group)
                         return -1; /* removal or ignore not allowed here -> syntax error */
 
@@ -1350,15 +1350,17 @@
                         default_group_strings[i].group_string,
                         strlen(default_group_strings[i].group_string));
                     restored_default_group_string[strlen(default_group_strings[i].group_string) + restored_prefix_index] = '\0';
-                    /* We execute the recursive call */
-                    garg->ignore_unknown_default = 1; /* We ignore unknown groups for DEFAULT_XYZ */
-                    /* we enforce group mode (= append tuple) for DEFAULT_XYZ group lists */
-                    garg->tuple_mode = 0;
-                    /* We use the tuple_cb callback to process the pseudo group tuple */
+                    /*
+                     * Append first tuple of result to current tuple, and don't
+                     * terminate the last tuple until we return to a top-level
+                     * tuple_cb.
+                     */
+                    saved_first = garg->first;
+                    garg->inner = garg->first = 1;
                     retval = CONF_parse_list(restored_default_group_string,
                         TUPLE_DELIMITER_CHARACTER, 1, tuple_cb, garg);
-                    garg->tuple_mode = 1; /* next call to tuple_cb will again start new tuple */
-                    garg->ignore_unknown_default = 0; /* reset to original value */
+                    garg->inner = 0;
+                    garg->first = saved_first;
                     /* We don't need the \0-terminated string anymore */
                     OPENSSL_free(restored_default_group_string);
 
@@ -1378,9 +1380,6 @@
     if (len == 0)
         return -1; /* Seems we have prefxes without a group name -> syntax error */
 
-    if (garg->ignore_unknown_default == 1) /* Always ignore unknown groups for DEFAULT[_XYZ] */
-        ignore_unknown = 1;
-
     /* Memory management in case more groups are present compared to initial allocation */
     if (garg->gidcnt == garg->gidmax) {
         uint16_t *tmp = OPENSSL_realloc(garg->gid_arr,
@@ -1514,7 +1513,7 @@
         /* and update the book keeping for the number of groups in current tuple */
         garg->tuplcnt_arr[garg->tplcnt]++;
 
-        /* We memorize if needed that we want to add a key share for the current group */
+        /* We want to add a key share for the current group */
         if (add_keyshare)
             garg->ksid_arr[garg->ksidcnt++] = gid;
     }
@@ -1523,6 +1522,39 @@
     return retval;
 }
 
+static int grow_tuples(gid_cb_st *garg)
+{
+    static size_t max_tplcnt = (~(size_t)0) / sizeof(size_t);
+
+    /* This uses OPENSSL_realloc_array() in newer releases */
+    if (garg->tplcnt == garg->tplmax) {
+        size_t newcnt = garg->tplmax + GROUPLIST_INCREMENT;
+        size_t newsz = newcnt * sizeof(size_t);
+        size_t *tmp;
+
+        if (newsz > max_tplcnt
+            || (tmp = OPENSSL_realloc(garg->tuplcnt_arr, newsz)) == NULL)
+            return 0;
+
+        garg->tplmax = newcnt;
+        garg->tuplcnt_arr = tmp;
+    }
+    return 1;
+}
+
+static int close_tuple(gid_cb_st *garg)
+{
+    size_t gidcnt = garg->tuplcnt_arr[garg->tplcnt];
+
+    if (gidcnt == 0)
+        return 1;
+    if (!grow_tuples(garg))
+        return 0;
+
+    garg->tuplcnt_arr[++garg->tplcnt] = 0;
+    return 1;
+}
+
 /* Extract and process a tuple of groups */
 static int tuple_cb(const char *tuple, int len, void *arg)
 {
@@ -1536,16 +1568,9 @@
         return 0;
     }
 
-    /* Memory management for tuples */
-    if (garg->tplcnt == garg->tplmax) {
-        size_t *tmp = OPENSSL_realloc(garg->tuplcnt_arr,
-            (garg->tplmax + GROUPLIST_INCREMENT) * sizeof(*garg->tuplcnt_arr));
-
-        if (tmp == NULL)
-            return 0;
-        garg->tplmax += GROUPLIST_INCREMENT;
-        garg->tuplcnt_arr = tmp;
-    }
+    if (garg->inner && !garg->first && !close_tuple(garg))
+        return 0;
+    garg->first = 0;
 
     /* Convert to \0-terminated string */
     restored_tuple_string = OPENSSL_malloc((len + 1 /* \0 */) * sizeof(char));
@@ -1560,15 +1585,8 @@
     /* We don't need the \o-terminated string anymore */
     OPENSSL_free(restored_tuple_string);
 
-    if (garg->tuplcnt_arr[garg->tplcnt] > 0) { /* Some valid groups are present in current tuple... */
-        if (garg->tuple_mode) {
-            /* We 'close' the tuple */
-            garg->tplcnt++;
-            garg->tuplcnt_arr[garg->tplcnt] = 0; /* Next tuple is initialized to be empty */
-            garg->tuple_mode = 1; /* next call will start a tuple (unless overridden in gid_cb) */
-        }
-    }
-
+    if (!garg->inner && !close_tuple(garg))
+        return 0;
     return retval;
 }
 
@@ -1599,8 +1617,6 @@
     }
 
     memset(&gcb, 0, sizeof(gcb));
-    gcb.tuple_mode = 1; /* We prepare to collect the first tuple */
-    gcb.ignore_unknown_default = 0;
     gcb.gidmax = GROUPLIST_INCREMENT;
     gcb.tplmax = GROUPLIST_INCREMENT;
     gcb.ksidmax = GROUPLIST_INCREMENT;
diff -Nru openssl-3.5.5/test/README-external.md openssl-3.5.6/test/README-external.md
--- openssl-3.5.5/test/README-external.md	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/README-external.md	2026-04-07 12:26:30.000000000 +0000
@@ -39,7 +39,7 @@
 
 You will need a git checkout of krb5 at the top level:
 
-    $ git clone https://github.com/krb5/krb5
+    $ git submodule update --init
 
 krb5's master has to pass this same CI, but a known-good version is
 krb5-1.15.1-final if you want to be sure.
diff -Nru openssl-3.5.5/test/asn1_decode_test.c openssl-3.5.6/test/asn1_decode_test.c
--- openssl-3.5.5/test/asn1_decode_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/asn1_decode_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -41,7 +41,7 @@
     ASN1_EMBED(ASN1_LONG_DATA, test_long, LONG),
 } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
 
 static int test_long(void)
@@ -67,7 +67,7 @@
     ASN1_EMBED(ASN1_INT32_DATA, test_int32, INT32),
 } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
 
 static int test_int32(void)
@@ -92,7 +92,7 @@
     ASN1_EMBED(ASN1_UINT32_DATA, test_uint32, UINT32),
 } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
 
 static int test_uint32(void)
@@ -117,7 +117,7 @@
     ASN1_EMBED(ASN1_INT64_DATA, test_int64, INT64),
 } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
 
 static int test_int64(void)
@@ -142,7 +142,7 @@
     ASN1_EMBED(ASN1_UINT64_DATA, test_uint64, UINT64),
 } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
 
 static int test_uint64(void)
@@ -243,7 +243,7 @@
     ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
 } static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
 
 /* Empty sequence for invalid template test */
diff -Nru openssl-3.5.5/test/asn1_encode_test.c openssl-3.5.6/test/asn1_encode_test.c
--- openssl-3.5.5/test/asn1_encode_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/asn1_encode_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2017-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -198,7 +198,7 @@
     ASN1_EXP_OPT(ASN1_LONG_DATA, test_zlong, ZLONG, 0)
 } static_ASN1_SEQUENCE_END(ASN1_LONG_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_LONG_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_LONG_DATA)
 
 static ASN1_LONG_DATA long_expected_32bit[] = {
@@ -292,7 +292,7 @@
     ASN1_EXP_OPT_EMBED(ASN1_INT32_DATA, test_zint32, ZINT32, 0)
 } static_ASN1_SEQUENCE_END(ASN1_INT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT32_DATA)
 
 static ASN1_INT32_DATA int32_expected[] = {
@@ -340,7 +340,7 @@
     ASN1_EXP_OPT_EMBED(ASN1_UINT32_DATA, test_zuint32, ZUINT32, 0)
 } static_ASN1_SEQUENCE_END(ASN1_UINT32_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT32_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT32_DATA)
 
 static ASN1_UINT32_DATA uint32_expected[] = {
@@ -388,7 +388,7 @@
     ASN1_EXP_OPT_EMBED(ASN1_INT64_DATA, test_zint64, ZINT64, 0)
 } static_ASN1_SEQUENCE_END(ASN1_INT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_INT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_INT64_DATA)
 
 static ASN1_INT64_DATA int64_expected[] = {
@@ -437,7 +437,7 @@
     ASN1_EXP_OPT_EMBED(ASN1_UINT64_DATA, test_zuint64, ZUINT64, 0)
 } static_ASN1_SEQUENCE_END(ASN1_UINT64_DATA)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(ASN1_UINT64_DATA)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(ASN1_UINT64_DATA)
 
 static ASN1_UINT64_DATA uint64_expected[] = {
@@ -873,7 +873,7 @@
     ASN1_IMP(INVALIDTEMPLATE, invalidDirString, DIRECTORYSTRING, 12)
 } static_ASN1_SEQUENCE_END(INVALIDTEMPLATE)
 
-    IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
+IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS(INVALIDTEMPLATE)
 IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(INVALIDTEMPLATE)
 
 static int test_invalid_template(void)
diff -Nru openssl-3.5.5/test/asn1_internal_test.c openssl-3.5.6/test/asn1_internal_test.c
--- openssl-3.5.5/test/asn1_internal_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/asn1_internal_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -20,6 +20,7 @@
 
 #include <openssl/asn1.h>
 #include <openssl/evp.h>
+#include <openssl/pkcs12.h>
 #include <openssl/objects.h>
 #include "testutil.h"
 #include "internal/nelem.h"
@@ -290,6 +291,22 @@
     return 1;
 }
 
+static int test_ossl_uni2utf8(void)
+{
+    const unsigned char in[] = { 0x21, 0x92 }; /* unicode right arrow */
+    int inlen = 2;
+    char *out = NULL;
+    int ok = 0;
+
+    /* reproducer for CVE-2025-69419 */
+    out = OPENSSL_uni2utf8(in, inlen);
+    if (TEST_str_eq(out, "\xe2\x86\x92"))
+        ok = 1;
+
+    OPENSSL_free(out);
+    return ok;
+}
+
 int setup_tests(void)
 {
     ADD_TEST(test_tbl_standard);
@@ -300,5 +317,6 @@
     ADD_TEST(test_obj_create);
     ADD_TEST(test_obj_nid_undef);
     ADD_TEST(test_mbstring_ncopy);
+    ADD_TEST(test_ossl_uni2utf8);
     return 1;
 }
diff -Nru openssl-3.5.5/test/bntest.c openssl-3.5.6/test/bntest.c
--- openssl-3.5.5/test/bntest.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/bntest.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -1664,6 +1664,52 @@
     return st;
 }
 
+static int file_modsqr(STANZA *s)
+{
+    BIGNUM *a = NULL, *m = NULL, *mod_sqr = NULL, *ret = NULL;
+    int st = 0;
+
+    if (!TEST_ptr(a = getBN(s, "A"))
+        || !TEST_ptr(m = getBN(s, "M"))
+        || !TEST_ptr(mod_sqr = getBN(s, "ModSqr"))
+        || !TEST_ptr(ret = BN_new()))
+        goto err;
+
+    if (!TEST_true(BN_mod_sqr(ret, a, m, ctx))
+        || !equalBN("A^2 (mod M)", mod_sqr, ret))
+        goto err;
+
+    if (BN_is_odd(m)) {
+        /* Reduce |a| and test the Montgomery version. */
+        BN_MONT_CTX *mont = BN_MONT_CTX_new();
+        BIGNUM *a_tmp = BN_new();
+
+        if (mont == NULL || a_tmp == NULL
+            || !TEST_true(BN_MONT_CTX_set(mont, m, ctx))
+            || !TEST_true(BN_nnmod(a_tmp, a, m, ctx))
+            || !TEST_true(BN_to_montgomery(a_tmp, a_tmp, mont, ctx))
+            || !TEST_true(BN_mod_mul_montgomery(ret, a_tmp, a_tmp,
+                mont, ctx))
+            || !TEST_true(BN_from_montgomery(ret, ret, mont, ctx))
+            || !equalBN("A^2 (mod M) (mont)", mod_sqr, ret))
+            st = 0;
+        else
+            st = 1;
+        BN_MONT_CTX_free(mont);
+        BN_free(a_tmp);
+        if (st == 0)
+            goto err;
+    }
+
+    st = 1;
+err:
+    BN_free(a);
+    BN_free(m);
+    BN_free(mod_sqr);
+    BN_free(ret);
+    return st;
+}
+
 static int file_modexp(STANZA *s)
 {
     BIGNUM *a = NULL, *e = NULL, *m = NULL, *mod_exp = NULL, *ret = NULL;
@@ -3274,6 +3320,7 @@
         { "Product", file_product },
         { "Quotient", file_quotient },
         { "ModMul", file_modmul },
+        { "ModSqr", file_modsqr },
         { "ModExp", file_modexp },
         { "Exp", file_exp },
         { "ModSqrt", file_modsqrt },
diff -Nru openssl-3.5.5/test/certs/cve-2026-28388-ca.pem openssl-3.5.6/test/certs/cve-2026-28388-ca.pem
--- openssl-3.5.5/test/certs/cve-2026-28388-ca.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/certs/cve-2026-28388-ca.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDFTCCAf2gAwIBAgIUOl5NN/jfsuLU9JSGLZAfRzviF+owDQYJKoZIhvcNAQEL
+BQAwEjEQMA4GA1UEAwwHVGVzdCBDQTAeFw0yNjAzMTcwODE5NDdaFw0yNzAzMTcw
+ODE5NDdaMBIxEDAOBgNVBAMMB1Rlc3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQD0m4KETjF0c25spNWUiNChWP0GalDL0gVDFbtAoMVF/lvlZEcp
+hcg62ifHJRPntWyVAmH70DAI87cWzl/73QYGaOcMVcH5yEM31BoK83FvhsS3RTPO
+FSrNCHaZrrWuga+QkBmMcR6qX7GF5eb6ASMBsLuuDqbkCRbTJ2ryhYeWF+VFemBF
+pSHpcinSSLvswTVbZiCqmoy0WkK8eiyfLMZA17PgVLQpyPZ3rp5YG5vEZZoqFc/f
+1bCHjwQ7fNdLCEMqPvE/I0mg2skRClb1L1Vieud/jmjL8nVd9I12j1eUOcSKtCkW
+nj4BFa7TRz13sN3LZOFvV774ZaXRJ1GxoAlnAgMBAAGjYzBhMB0GA1UdDgQWBBSt
+UxfaVbV9QMmfwMoImdgi4MZHzTAfBgNVHSMEGDAWgBStUxfaVbV9QMmfwMoImdgi
+4MZHzTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0B
+AQsFAAOCAQEA84w49n0pPJlqiD1/mn3pUZ66lBP0fFZiCuV/3YatBZcW+xcboW0Q
+xImYztjZo0i+sQLZOalI4GoBqD77Dv4Qas0QoJZIp0wM8DjE3YcudCr4cpUhT1XC
+ruHVHQA9bY5rW0GsfUBW6/3RbRpiK4SaFG3sUBbXPo0dC2EaLDjpLM7o2UljRrWu
+d/vg6ieKuAicexLxqQLdM4SxjyvBpCwHg/dnMxawSj4Xhks1BHJ0hTLKJGDgfVHh
+ex8+878u6Gf7fAOZa5idWUgTvdt5WHSW5x+Tm/P6LGG3HkM425ZU6BLTCHONoBud
+cOlfWTTuIyweX5TRL5HY3SuO1cpMBpjiAA==
+-----END CERTIFICATE-----
diff -Nru openssl-3.5.5/test/certs/cve-2026-28388-crls.pem openssl-3.5.6/test/certs/cve-2026-28388-crls.pem
--- openssl-3.5.5/test/certs/cve-2026-28388-crls.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/certs/cve-2026-28388-crls.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,22 @@
+-----BEGIN X509 CRL-----
+MIIBizB1AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
+MDMxNzA4MTk0N1oXDTI2MDQxNjA4MTk0N1qgLzAtMB8GA1UdIwQYMBaAFK1TF9pV
+tX1AyZ/AygiZ2CLgxkfNMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQBl
+3vVknchCNA/oW0ovtnrE+xQs8yAk3uElooQlw88moTcts2YAcKWl49lnNWZk/RbF
+Zs8m+MUuNb2W861siuvY3EwnSKVaJB2tKPfCRBP4xt+Q0g/Tn5CWxzpzHjQfLT6l
+pvWOwaO7aE6bthX7MQ9XBpnHSPxsbul+MhV5PER11BYZGVh5MH0XxfMI0jDHFh2M
+klTamgaao3TkVOI3OQPgzUx/q0Lz/YoCIH0pYGGP6KTGUX2x7UfD1tcIOcUp6tvO
+6hG3utMgJOpZJl9yMzhG+ZURjbz4MSbBM0FVIaWnBn2VzY1jHGky0nK83IZhiddf
+OohWoSH8tqwrNFZkblAH
+-----END X509 CRL-----
+-----BEGIN X509 CRL-----
+MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Rlc3QgQ0EXDTI2
+MDEwODEyMDAwMFoXDTI2MDIwODEyMDAwMFqgMjAwMB8GA1UdIwQYMBaAFK1TF9pV
+tX1AyZ/AygiZ2CLgxkfNMA0GA1UdGwEB/wQDAgEBMA0GCSqGSIb3DQEBCwUAA4IB
+AQCyYxa5iVUFxBpdXgBGSMqkuxJqQzVni8nXK0DiXHfgbTud+HD5Qp/6PX2EQuwK
+SrT0yeNJBU1gxxMMsbdA0yVTPa7N2Ny39mjq/27yBXduiljo3Gs4NLEW9grJRnep
+WOD1cQe3Fea5HlEfUoQJF1WVekF6CnOSqESaDvTAzqpZd7pxU8cuduiRJPin93ki
+1nicQAU/G4Td190+JEAWD3/dJTg2LF6LKrmHiv2ZUTuNsVBfcbhFSoC6FpnjFUAI
+kF8EgJpuBEfqV6erIuT1GD+5p1QGNqdcNl7LO9erJaUFnssJBJtj84iXd7RZARNs
+njcibOSKC9YWgNmZUy0QV5D8
+-----END X509 CRL-----
diff -Nru openssl-3.5.5/test/certs/cve-2026-28388-leaf.pem openssl-3.5.6/test/certs/cve-2026-28388-leaf.pem
--- openssl-3.5.5/test/certs/cve-2026-28388-leaf.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/certs/cve-2026-28388-leaf.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDHTCCAgWgAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdUZXN0
+IENBMB4XDTI2MDMxNzA4MTk0N1oXDTI3MDMxNzA4MTk0N1owFDESMBAGA1UEAwwJ
+VGVzdCBMZWFmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqx7jpC6+
+nRZ4ol6sShkpv04hGYtt7y+Ns4oIfdQTqo57DItFab8D8cH04zR8NND42MMnsPPn
+Ovh9gv2l1mj9ZfwgXI5PvaKc6CoXvXb0ttekdDUS1iw9g04BxIXTDANxsdSXrCDd
+Npyr1Pxdo3N2fiH6qN9/Lsh7yg0vJW/aJzdvhLcCTFcr89qmCsh17XfcTR0wZJXP
+QdlRib9EK8aa6aKOYmm44SBbuXXyWojhheUaqVuzDj6A0L9opmh/DVXa9bdIN/FX
+CKJB+d60Qxy5pKwpzDDxbCdG2vA1U2cPz8yAgelFG5AmXSHF7Id4G6GTCAY6PbTO
+Jy2Z4I6NY+mj5wIDAQABo3wwejAdBgNVHQ4EFgQUlf2YZ93MvS4kZm7fshosgp+J
+ImkwHwYDVR0jBBgwFoAUrVMX2lW1fUDJn8DKCJnYIuDGR80wCQYDVR0TBAIwADAt
+BgNVHS4EJjAkMCKgIKAehhxodHRwOi8vZXhhbXBsZS5jb20vZGVsdGEucGVtMA0G
+CSqGSIb3DQEBCwUAA4IBAQDoNAQGLS0Juf3i2fhuVQyWIFvNIMElLexeLnnd/y80
+13nsP68ZGT2D3DoHQSz3SL7sNjLBc2CiUVftdaRQ4dNCz8sBY5BRTS5XEGbbTAFZ
+bQUReykuuTy83CGw/JYN6YT/OHcf4gEhUnWtRMCmIz3J/NMRVSRnpV2Ezjltm/Q+
+emFS/QclRhkP6Vu+lwM/nV6uAN8T7Ba68Hym2MN0clozrpoKeqFouB7D0i+iCZMw
+zbac5as0hn7Fm+HGTbfTs2/fqUslvE6PmagepceP37pTSSVmYRmdpOD2cyCb30A+
+nJFGQg7PcacGSL1re65W35XzdU8Si8OYD+PxjDaRbPcP
+-----END CERTIFICATE-----
diff -Nru openssl-3.5.5/test/certs/ext-timeSpecification-periodic-no-second.pem openssl-3.5.6/test/certs/ext-timeSpecification-periodic-no-second.pem
--- openssl-3.5.5/test/certs/ext-timeSpecification-periodic-no-second.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/certs/ext-timeSpecification-periodic-no-second.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICLzCCAhmgAwIBAgIEDCI4TjANBgkqhkiG9w0BAQUFADARMQ8wDQYDVQQDDAZI
+aSBtb20wIhgPMjAyMjEyMjExNDQ5NDJaGA8yMDIyMTIyMTE0NDk0MlowETEPMA0G
+A1UEAwwGSGkgbW9tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtnjL
+m1ts1hC4fNNt3UnQD9y73bDXgioTyWYSI3ca/KNfuTydjFTEYAmqnuGrBOUfgbmH
+3PRQ0AmpqljgWTb3d3K8H4UFvDWQTPSS21IMjm8oqd19nE5GxWirGu0oDRzhWLHe
+1RZ7ZrohCPg/1Ocsy47QZuK2laFB0rEmrRWBmEYbDl3/wxf5XfqIqpOynJB02thX
+rTCcTM7Rz1FqCFt/ZVZB5hKY2S+CTdE9OIVKlr4WHMfuvUYeOj06GkwLFJHNv2tU
++tovI3mYRxUuY4UupkS3MC+Otey7XKm1P+INjWWoegm6iCAt3VuspVz+6pU2xgl3
+nrAVMQHB4fReQPH0pQIDAQABo4GMMIGJMIGGBgNVHSsEfzB9MXUwUaAlMSMwIaAM
+MAqgAwIBBaEDAgEroREwD6ADAgEMoQMCASKiAwIBOKEIMQYCAQECAQKiCDEGAgED
+AgEEowgxBgIBBQIBBqQKMQgCAgfmAgIH5zAgoQgxBgIBAwIBBKMIMQYCAQcCAQik
+CjEIAgIH5wICB+gBAf8CAfswDQYJKoZIhvcNAQEFBQADAQA=
+-----END CERTIFICATE-----
diff -Nru openssl-3.5.5/test/certs/mkcert.sh openssl-3.5.6/test/certs/mkcert.sh
--- openssl-3.5.5/test/certs/mkcert.sh	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/certs/mkcert.sh	2026-04-07 12:26:30.000000000 +0000
@@ -1,6 +1,6 @@
 #! /bin/bash
 #
-# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 # Copyright (c) 2016 Viktor Dukhovni <openssl-users@dukhovni.org>.
 # All rights reserved.
 #
@@ -257,7 +257,7 @@
     local cakey=$1; shift
     local ca=$1; shift
 
-    exts=$(printf "%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
+    exts=$(printf "%s\n%s\n%s\n%s\n%s\n%s\n[alts]\n%s\n" \
 	    "subjectKeyIdentifier = hash" \
 	    "authorityKeyIdentifier = keyid, issuer" \
 	    "basicConstraints = CA:false" \
diff -Nru openssl-3.5.5/test/cmp_client_test.c openssl-3.5.6/test/cmp_client_test.c
--- openssl-3.5.5/test/cmp_client_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/cmp_client_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2007-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2007-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Nokia 2007-2019
  * Copyright Siemens AG 2015-2019
  *
@@ -35,7 +35,7 @@
 static X509 *server_cert = NULL;
 static EVP_PKEY *client_key = NULL;
 static X509 *client_cert = NULL;
-static unsigned char ref[CMP_TEST_REFVALUE_LENGTH];
+static unsigned char ref[CMP_TEST_REFVALUE_LENGTH]; /* not actually used */
 
 /*
  * For these unit tests, the client abandons message protection, and for
@@ -51,6 +51,30 @@
     OPENSSL_free(fixture);
 }
 
+static int set_simple_trust(OSSL_CMP_CTX *ctx, X509 *trusted)
+{
+    X509_STORE *ts = X509_STORE_new();
+    X509_VERIFY_PARAM *vpm;
+
+    /*
+     * not simply using OSSL_CMP_CTX_set1_srvCert() (to pin the server cert)
+     * in order to make sure that validated server cert gets cached,
+     * which is needed for the negative test case test_exec_KUR_bad_pkiConf_protection
+     */
+    if (ts == NULL || !X509_STORE_add_cert(ts, trusted))
+        goto err;
+
+    vpm = X509_STORE_get0_param(ts);
+    if (!X509_VERIFY_PARAM_set_flags(vpm, X509_V_FLAG_NO_CHECK_TIME | X509_V_FLAG_PARTIAL_CHAIN)
+        || !OSSL_CMP_CTX_set0_trusted(ctx, ts))
+        goto err;
+
+    return 1;
+err:
+    X509_STORE_free(ts);
+    return 0;
+}
+
 static CMP_SES_TEST_FIXTURE *set_up(const char *const test_case_name)
 {
     CMP_SES_TEST_FIXTURE *fixture;
@@ -70,15 +94,15 @@
         goto err;
     if (!TEST_ptr(fixture->cmp_ctx = ctx = OSSL_CMP_CTX_new(libctx, NULL))
         || !OSSL_CMP_CTX_set_log_cb(fixture->cmp_ctx, print_to_bio_out)
-        || !OSSL_CMP_CTX_set_transfer_cb(ctx, OSSL_CMP_CTX_server_perform)
+        /* using default verbosity: OSSL_CMP_LOG_INFO */
+        || !OSSL_CMP_CTX_set_transfer_cb(ctx, ossl_cmp_mock_server_perform)
         || !OSSL_CMP_CTX_set_transfer_cb_arg(ctx, fixture->srv_ctx)
         || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_SEND, 1)
-        || !OSSL_CMP_CTX_set_option(ctx, OSSL_CMP_OPT_UNPROTECTED_ERRORS, 1)
         || !OSSL_CMP_CTX_set1_oldCert(ctx, client_cert)
         || !OSSL_CMP_CTX_set1_pkey(ctx, client_key)
         /* client_key is by default used also for newPkey */
-        || !OSSL_CMP_CTX_set1_srvCert(ctx, server_cert)
-        || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref)))
+        || !set_simple_trust(ctx, server_cert)
+        || !OSSL_CMP_CTX_set1_referenceValue(ctx, ref, sizeof(ref))) /* not actually needed */
         goto err;
     fixture->req_type = -1;
     return fixture;
@@ -128,9 +152,7 @@
     int status = OSSL_CMP_CTX_get_status(ctx);
 
     OSSL_CMP_CTX_print_errors(ctx);
-    if (!TEST_int_eq(status, fixture->expected)
-        && !(fixture->expected == OSSL_CMP_PKISTATUS_waiting
-            && TEST_int_eq(status, OSSL_CMP_PKISTATUS_trans)))
+    if (!TEST_int_eq(status, fixture->expected))
         return 0;
     if (fixture->expected != OSSL_CMP_PKISTATUS_accepted)
         return TEST_ptr_null(res);
@@ -234,9 +256,9 @@
 
 static int test_exec_IR_ses_poll_total_timeout(void)
 {
-    return !test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1,
+    return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_IR, checkAfter + 1,
         3 /* pollCount */, checkAfter + 6,
-        OSSL_CMP_PKISTATUS_waiting);
+        OSSL_CMP_PKISTATUS_trans);
 }
 
 static int test_exec_CR_ses(int implicit_confirm, int granted, int reject)
@@ -266,7 +288,9 @@
         && test_exec_CR_ses(1, 1 /* granted */, 0);
 }
 
-static int test_exec_KUR_ses(int transfer_error, int pubkey, int raverified)
+/* the KUR transactions include certConf/pkiConf */
+static int test_exec_KUR_ses(int transfer_error, int server_use_bad_protection,
+    int pubkey, int raverified)
 {
     SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
     fixture->req_type = OSSL_CMP_PKIBODY_KUR;
@@ -274,6 +298,8 @@
 
     if (transfer_error)
         OSSL_CMP_CTX_set_transfer_cb_arg(fixture->cmp_ctx, NULL);
+    (void)ossl_cmp_mock_srv_set_useBadProtection(fixture->srv_ctx, server_use_bad_protection);
+
     if (pubkey) {
         EVP_PKEY *key = raverified /* wrong key */ ? server_key : client_key;
 
@@ -286,7 +312,8 @@
     if (pubkey || raverified)
         OSSL_CMP_CTX_set_option(fixture->cmp_ctx, OSSL_CMP_OPT_POPO_METHOD,
             OSSL_CRMF_POPO_RAVERIFIED);
-    fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? OSSL_CMP_PKISTATUS_rejection
+    fixture->expected = transfer_error ? OSSL_CMP_PKISTATUS_trans : raverified ? (pubkey ? OSSL_CMP_PKISTATUS_rejected_by_client : OSSL_CMP_PKISTATUS_rejection)
+        : server_use_bad_protection != -1                                      ? OSSL_CMP_PKISTATUS_checking_response
                                                                                : OSSL_CMP_PKISTATUS_accepted;
     EXECUTE_TEST(execute_exec_certrequest_ses_test, tear_down);
     return result;
@@ -294,18 +321,23 @@
 
 static int test_exec_KUR_ses_ok(void)
 {
-    return test_exec_KUR_ses(0, 0, 0);
+    return test_exec_KUR_ses(0, -1, 0, 0);
 }
 
 static int test_exec_KUR_ses_transfer_error(void)
 {
-    return test_exec_KUR_ses(1, 0, 0);
+    return test_exec_KUR_ses(1, -1, 0, 0);
+}
+
+static int test_exec_KUR_bad_pkiConf_protection(void)
+{
+    return test_exec_KUR_ses(0, -1 /* disabled: OSSL_CMP_PKIBODY_PKICONF */, 0, 0);
 }
 
 static int test_exec_KUR_ses_wrong_popo(void)
 {
 #ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION /* cf ossl_cmp_verify_popo() */
-    return test_exec_KUR_ses(0, 0, 1);
+    return test_exec_KUR_ses(0, -1, 0, 1);
 #else
     return 1;
 #endif
@@ -313,12 +345,12 @@
 
 static int test_exec_KUR_ses_pub(void)
 {
-    return test_exec_KUR_ses(0, 1, 0);
+    return test_exec_KUR_ses(0, -1, 1, 0);
 }
 
 static int test_exec_KUR_ses_wrong_pub(void)
 {
-    return test_exec_KUR_ses(0, 1, 1);
+    return test_exec_KUR_ses(0, -1, 1, 1);
 }
 
 static int test_certConf_cb(OSSL_CMP_CTX *ctx, X509 *cert, int fail_info,
@@ -340,7 +372,7 @@
 
     SETUP_TEST_FIXTURE(CMP_SES_TEST_FIXTURE, set_up);
     fixture->req_type = OSSL_CMP_PKIBODY_P10CR;
-    fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejection
+    fixture->expected = reject ? OSSL_CMP_PKISTATUS_rejected_by_client
                                : OSSL_CMP_PKISTATUS_accepted;
     ctx = fixture->cmp_ctx;
     if (!TEST_ptr(csr = load_csr_der(pkcs10_f, libctx))
@@ -436,7 +468,7 @@
 {
     return test_exec_REQ_ses_poll(OSSL_CMP_PKIBODY_GENM, checkAfter + 1,
         3 /* pollCount */, checkAfter + 2,
-        OSSL_CMP_PKISTATUS_waiting);
+        OSSL_CMP_PKISTATUS_trans);
 }
 
 static int test_exec_GENM_ses(int transfer_error, int total_timeout, int expect)
@@ -546,7 +578,7 @@
         || !TEST_ptr(server_cert = load_cert_pem(server_cert_f, libctx))
         || !TEST_ptr(client_key = load_pkey_pem(client_key_f, libctx))
         || !TEST_ptr(client_cert = load_cert_pem(client_cert_f, libctx))
-        || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) {
+        || !TEST_int_eq(1, RAND_bytes_ex(libctx, ref, sizeof(ref), 0))) { /* not actually used */
         cleanup_tests();
         return 0;
     }
@@ -562,6 +594,7 @@
     ADD_TEST(test_exec_IR_ses_poll_total_timeout);
     ADD_TEST(test_exec_KUR_ses_ok);
     ADD_TEST(test_exec_KUR_ses_transfer_error);
+    ADD_TEST(test_exec_KUR_bad_pkiConf_protection);
     ADD_TEST(test_exec_KUR_ses_wrong_popo);
     ADD_TEST(test_exec_KUR_ses_pub);
     ADD_TEST(test_exec_KUR_ses_wrong_pub);
diff -Nru openssl-3.5.5/test/evp_extra_test.c openssl-3.5.6/test/evp_extra_test.c
--- openssl-3.5.5/test/evp_extra_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/evp_extra_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -929,6 +929,32 @@
 #endif
 
 #ifndef OPENSSL_NO_DEPRECATED_3_0
+
+static EVP_PKEY *make_bad_rsa_pubkey(void)
+{
+    RSA *rsa = NULL;
+    BIGNUM *n = NULL, *e = NULL;
+    EVP_PKEY *pkey = NULL;
+
+    /* Deliberately invalid public key: n = 17, e = 17 */
+    if (!TEST_ptr(pkey = EVP_PKEY_new())
+        || !TEST_ptr(rsa = RSA_new())
+        || !TEST_ptr(n = BN_new())
+        || !TEST_ptr(e = BN_new())
+        || !TEST_true(BN_set_word(n, 17))
+        || !TEST_true(BN_set_word(e, 17))
+        || !TEST_true(RSA_set0_key(rsa, n, e, NULL))
+        || !EVP_PKEY_assign_RSA(pkey, rsa))
+        goto err;
+
+    return pkey;
+err:
+    BN_free(n);
+    BN_free(e);
+    RSA_free(rsa);
+    return NULL;
+}
+
 #ifndef OPENSSL_NO_DH
 static EVP_PKEY *load_example_dh_key(void)
 {
@@ -5898,6 +5924,46 @@
     return testresult;
 }
 
+static int test_rsasve_kem_with_invalid_pub_key(void)
+{
+    RSA *rsa = NULL;
+    EVP_PKEY *pkey = NULL;
+    EVP_PKEY_CTX *ctx = NULL;
+    unsigned char *ct = NULL;
+    unsigned char *secret = NULL;
+    size_t ctlen = 0, secretlen = 0;
+    int testresult = 0;
+
+    if (nullprov != NULL) {
+        testresult = TEST_skip("Test does not support a non-default library context");
+        goto err;
+    }
+
+    if (!TEST_ptr(pkey = make_bad_rsa_pubkey()))
+        goto err;
+
+    if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL))
+        || !TEST_int_eq(EVP_PKEY_encapsulate_init(ctx, NULL), 1)
+        || !TEST_int_eq(EVP_PKEY_CTX_set_kem_op(ctx, "RSASVE"), 1)
+        || !TEST_int_eq(EVP_PKEY_encapsulate(ctx, NULL, &ctlen, NULL, &secretlen), 1)
+        || !TEST_ptr(ct = OPENSSL_malloc(ctlen))
+        || !TEST_ptr(secret = OPENSSL_malloc(secretlen)))
+        goto err;
+
+    if (!TEST_int_eq(EVP_PKEY_encapsulate(ctx, ct, &ctlen, secret, &secretlen), 0))
+        goto err;
+
+    testresult = 1;
+
+err:
+    OPENSSL_free(secret);
+    OPENSSL_free(ct);
+    EVP_PKEY_CTX_free(ctx);
+    RSA_free(rsa);
+    EVP_PKEY_free(pkey);
+    return testresult;
+}
+
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
 /* Test we can create a signature keys with an associated ENGINE */
 static int test_signatures_with_engine(int tst)
@@ -6481,6 +6547,45 @@
     return ret;
 }
 
+static int test_evp_cipher_negative_length(void)
+{
+    EVP_CIPHER_CTX *ctx = NULL;
+    EVP_CIPHER *cipher = NULL;
+    unsigned char key[16] = { 0 };
+    unsigned char iv[16] = { 0 };
+    unsigned char buffer[32] = { 0 };
+    int outl = 0;
+    int ret = 0;
+
+    if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
+        goto end;
+
+    if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-128-CBC", testpropq)))
+        goto end;
+
+    /* Initialize encryption context */
+    if (!TEST_int_eq(EVP_EncryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
+        goto end;
+
+    /* Test EVP_EncryptUpdate with negative length - should fail */
+    if (!TEST_int_eq(EVP_EncryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
+        goto end;
+
+    /* Reinitialize for decryption */
+    if (!TEST_int_eq(EVP_DecryptInit_ex2(ctx, cipher, key, iv, NULL), 1))
+        goto end;
+
+    /* Test EVP_DecryptUpdate with negative length - should fail */
+    if (!TEST_int_eq(EVP_DecryptUpdate(ctx, buffer, &outl, (unsigned char *)"test", -1), 0))
+        goto end;
+
+    ret = 1;
+end:
+    EVP_CIPHER_free(cipher);
+    EVP_CIPHER_CTX_free(ctx);
+    return ret;
+}
+
 static int test_evp_cipher_pipeline(void)
 {
     OSSL_PROVIDER *fake_pipeline = NULL;
@@ -6854,6 +6959,7 @@
     ADD_TEST(test_evp_md_cipher_meth);
     ADD_TEST(test_custom_md_meth);
     ADD_TEST(test_custom_ciph_meth);
+    ADD_TEST(test_rsasve_kem_with_invalid_pub_key);
 
 #ifndef OPENSSL_NO_DYNAMIC_ENGINE
     /* Tests only support the default libctx */
@@ -6883,6 +6989,8 @@
 
     ADD_TEST(test_invalid_ctx_for_digest);
 
+    ADD_TEST(test_evp_cipher_negative_length);
+
     ADD_TEST(test_evp_cipher_pipeline);
 
     return 1;
diff -Nru openssl-3.5.5/test/evp_test.c openssl-3.5.6/test/evp_test.c
--- openssl-3.5.5/test/evp_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/evp_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2607,7 +2607,7 @@
 static int pkey_add_control(EVP_TEST *t, STACK_OF(OPENSSL_STRING) *controls,
     const char *value)
 {
-    char *p;
+    const char *p;
 
     if (controls == NULL)
         return 0;
diff -Nru openssl-3.5.5/test/fake_rsaprov.c openssl-3.5.6/test/fake_rsaprov.c
--- openssl-3.5.5/test/fake_rsaprov.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/fake_rsaprov.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -776,8 +776,7 @@
     ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
 
-                                          static X509_PUBKEY
-    * fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
+static X509_PUBKEY *fake_rsa_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
 {
     X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
 
diff -Nru openssl-3.5.5/test/http_test.c openssl-3.5.6/test/http_test.c
--- openssl-3.5.5/test/http_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/http_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  * Copyright Siemens AG 2020
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -331,6 +331,18 @@
     return res;
 }
 
+static int test_http_url_host_ok(const char *url, const char *exp_host)
+{
+    char *host;
+    int res;
+
+    res = TEST_true(OSSL_HTTP_parse_url(url, NULL, NULL, &host, NULL, NULL,
+              NULL, NULL, NULL))
+        && TEST_str_eq(host, exp_host);
+    OPENSSL_free(host);
+    return res;
+}
+
 static int test_http_url_dns(void)
 {
     return test_http_url_ok("host:65535/path", 0, "host", "65535", "/path");
@@ -358,6 +370,13 @@
     return test_http_url_ok("user:pass@host/p?q#fr", 0, "host", "80", "/p");
 }
 
+static int test_http_url_at_sign_outside_authority(void)
+{
+    return test_http_url_host_ok("http://host/p@attacker.test", "host")
+        && test_http_url_host_ok("http://host/p?q=@attacker.test", "host")
+        && test_http_url_host_ok("http://host/p?q#fr@attacker.test", "host");
+}
+
 static int test_http_url_ipv4(void)
 {
     return test_http_url_ok("https://1.2.3.4/p/q", 1, "1.2.3.4", "443", "/p/q");
@@ -576,6 +595,7 @@
     ADD_TEST(test_http_url_timestamp);
     ADD_TEST(test_http_url_path_query);
     ADD_TEST(test_http_url_userinfo_query_fragment);
+    ADD_TEST(test_http_url_at_sign_outside_authority);
     ADD_TEST(test_http_url_ipv4);
     ADD_TEST(test_http_url_ipv6);
     ADD_TEST(test_http_url_invalid_prefix);
diff -Nru openssl-3.5.5/test/ossl_store_test.c openssl-3.5.6/test/ossl_store_test.c
--- openssl-3.5.5/test/ossl_store_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/ossl_store_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -249,6 +249,12 @@
     return ret;
 }
 
+static int test_store_delete_null_uri(void)
+{
+    /* Passing NULL uri must return 0, not crash */
+    return TEST_int_eq(OSSL_STORE_delete(NULL, NULL, NULL, NULL, NULL, NULL), 0);
+}
+
 const OPTIONS *test_get_options(void)
 {
     static const OPTIONS test_options[] = {
@@ -303,6 +309,7 @@
     ADD_TEST(test_store_open_winstore);
 #endif
     ADD_TEST(test_store_search_by_key_fingerprint_fail);
+    ADD_TEST(test_store_delete_null_uri);
     ADD_ALL_TESTS(test_store_get_params, 3);
     if (sm2file != NULL)
         ADD_TEST(test_store_attach_unregistered_scheme);
diff -Nru openssl-3.5.5/test/pkcs12_api_test.c openssl-3.5.6/test/pkcs12_api_test.c
--- openssl-3.5.5/test/pkcs12_api_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/pkcs12_api_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -253,6 +253,35 @@
     return options;
 }
 
+static int test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen(void)
+{
+    int ret = 0;
+    unsigned char salt[8] = { 0 };
+    EVP_PKEY *key = NULL;
+    X509 *cert = NULL;
+    STACK_OF(X509) *ca = NULL;
+    PKCS12 *p12 = NULL;
+
+    if (!TEST_ptr(p12 = PKCS12_load(in_file)))
+        return 0;
+    if (!TEST_true(PKCS12_parse(p12, in_pass, &key, &cert, &ca)))
+        goto err;
+    PKCS12_free(p12);
+
+    if (!TEST_ptr(p12 = PKCS12_create_ex2("pass", NULL, key, cert, ca,
+                      NID_undef, NID_undef, 0, -1, 0,
+                      testctx, NULL, NULL, NULL)))
+        goto err;
+    ret = TEST_false(PKCS12_set_pbmac1_pbkdf2(p12, "pass", -1,
+        salt, -1, 0, NULL, NULL));
+err:
+    PKCS12_free(p12);
+    EVP_PKEY_free(key);
+    X509_free(cert);
+    OSSL_STACK_OF_X509_free(ca);
+    return ret;
+}
+
 int setup_tests(void)
 {
     OPTION_CHOICE o;
@@ -292,6 +321,7 @@
     ADD_TEST(test_null_args);
     ADD_TEST(pkcs12_parse_test);
     ADD_ALL_TESTS(pkcs12_create_ex2_test, 3);
+    ADD_TEST(test_PKCS12_set_pbmac1_pbkdf2_invalid_saltlen);
     return 1;
 }
 
diff -Nru openssl-3.5.5/test/quicapitest.c openssl-3.5.6/test/quicapitest.c
--- openssl-3.5.5/test/quicapitest.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/quicapitest.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2022-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2869,8 +2869,8 @@
     serverssl = SSL_accept_connection(qlistener, 0);
 
     /* Call SSL_accept() and SSL_connect() until we are connected */
-    if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
-            SSL_ERROR_NONE, 0, 0)))
+    if (!TEST_ptr(serverssl)
+        || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0, 0)))
         goto err;
 
     testresult = 1;
@@ -2923,8 +2923,8 @@
     serverssl = SSL_accept_connection(qlistener, 0);
 
     /* Call SSL_accept() and SSL_connect() until we are connected */
-    if (!TEST_true(create_bare_ssl_connection(serverssl, clientssl,
-            SSL_ERROR_NONE, 0, 0)))
+    if (!TEST_ptr(serverssl)
+        || !TEST_true(create_bare_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE, 0, 0)))
         goto err;
 
     testresult = 1;
diff -Nru openssl-3.5.5/test/recipes/10-test_bn_data/bnmod.txt openssl-3.5.6/test/recipes/10-test_bn_data/bnmod.txt
--- openssl-3.5.5/test/recipes/10-test_bn_data/bnmod.txt	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/10-test_bn_data/bnmod.txt	2026-04-07 12:26:30.000000000 +0000
@@ -1,4 +1,4 @@
-# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -2010,6 +2010,14 @@
 B = 8bdfa8fe5ef3b2ad02bc63c4d
 M = 84daecf412b8c50ad6dfdb546c3eb783dcc6f32003eda914bb
 
+# These test vectors satisfy A ^ 2 = ModSqr (mod M) and 0 <= ModSqr < M.
+
+Title = ModSqr tests
+
+# Regression test for https://github.com/openssl/openssl/issues/15587
+ModSqr = 166794ed50cb31b6e6a319f7474416c266d5c3f3115ea2a7ed9638367d1f955f66a7179ee3ce5ee5e04e63c46781f1192beac3abb26ff238f5ed2f5505ae06003ff
+A = 1407833bd4c893195cc32f56a507f15140be687a1994febe0bdbe793125f010a3c1c814737b10ab690498b7990ce4e625ad2f32cbf42626cb9649da38a5c9c76a99
+M = 1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
 
 # These test vectors satisfy A ^ E = ModExp (mod M) and 0 <= ModExp < M.
 
diff -Nru openssl-3.5.5/test/recipes/25-test_verify.t openssl-3.5.6/test/recipes/25-test_verify.t
--- openssl-3.5.5/test/recipes/25-test_verify.t	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/25-test_verify.t	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -30,7 +30,7 @@
     run(app([@args]));
 }
 
-plan tests => 203;
+plan tests => 204;
 
 # Canonical success
 ok(verify("ee-cert", "sslserver", ["root-cert"], ["ca-cert"]),
@@ -594,6 +594,18 @@
            "-explicit_policy"),
    "Bad certificate policy");
 
+# CVE-2026-28388
+my $cve_28388_stderr = "cve-2026-28388.err";
+run(app(["openssl", "verify",
+         "-attime", "1739527200",
+         "-CAfile", srctop_file(@certspath, "cve-2026-28388-ca.pem"),
+         "-crl_check", "-use_deltas",
+         "-CRLfile", srctop_file(@certspath, "cve-2026-28388-crls.pem"),
+         srctop_file(@certspath, "cve-2026-28388-leaf.pem")],
+         stderr => $cve_28388_stderr));
+ok(grep(/CRL is not yet valid/, do { open my $fh, '<', $cve_28388_stderr; <$fh> }),
+   "CVE-2026-28388");
+
 # CAstore option
 my $rootcertname = "root-cert";
 my $rootcert = srctop_file(@certspath, "${rootcertname}.pem");
diff -Nru openssl-3.5.5/test/recipes/25-test_x509.t openssl-3.5.6/test/recipes/25-test_x509.t
--- openssl-3.5.5/test/recipes/25-test_x509.t	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/25-test_x509.t	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,7 +16,7 @@
 
 setup("test_x509");
 
-plan tests => 138;
+plan tests => 139;
 
 # Prevent MSys2 filename munging for arguments that look like file paths but
 # aren't
@@ -413,6 +413,12 @@
               "Years: 2023, 2024",
               1, 'X.509 Time Specification (Periodic)');
 
+my $time_spec_per_no_second_cert =
+    srctop_file(@certs, "ext-timeSpecification-periodic-no-second.pem");
+cert_contains($time_spec_per_no_second_cert,
+              "05:43:00 - 12:34:56",
+              1, 'X.509 Time Specification (Periodic, no second)');
+
 my $attr_map_cert = srctop_file(@certs, "ext-attributeMappings.pem");
 cert_contains($attr_map_cert,
               "commonName == localityName",
diff -Nru openssl-3.5.5/test/recipes/61-test_bio_readbuffer.t openssl-3.5.6/test/recipes/61-test_bio_readbuffer.t
--- openssl-3.5.5/test/recipes/61-test_bio_readbuffer.t	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/61-test_bio_readbuffer.t	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -16,7 +16,7 @@
 my $pemfile = srctop_file("test", "certs", "leaf.pem");
 my $derfile = 'readbuffer_leaf.der';
 
-plan tests => 3;
+plan tests => 4;
 
 ok(run(app([ 'openssl', 'x509', '-inform', 'PEM', '-in', $pemfile,
              '-outform', 'DER', '-out', $derfile])),
@@ -27,3 +27,7 @@
 
 ok(run(test(["bio_readbuffer_test", $pemfile])),
    "Running bio_readbuffer_test $pemfile");
+
+ok(run(app([ 'openssl', 'x509', '-inform', 'DER', '-outform', 'PEM',
+             '-noout' ], stdin => $derfile)),
+   "Test stdin read buffer in openssl app");
diff -Nru openssl-3.5.5/test/recipes/80-test_cmp_http_data/test_commands.csv openssl-3.5.6/test/recipes/80-test_cmp_http_data/test_commands.csv
--- openssl-3.5.5/test/recipes/80-test_cmp_http_data/test_commands.csv	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_cmp_http_data/test_commands.csv	2026-04-07 12:26:30.000000000 +0000
@@ -147,6 +147,7 @@
 0,using popo 1 with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,1, -newkeyout,_RESULT_DIR/newkeyout.pem
 1, using popo -1 redundantly with -centralkeygen, -section,, -cmd,cr,, -centralkeygen, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout2.pem
 1, using popo -1 alternatively to -centralkeygen, -section,, -cmd,cr,, -popo,-1, -newkeyout,_RESULT_DIR/newkeyout3.pem, -newkeypass,pass:12345, -certout,_RESULT_DIR/test.cert3.pem
-1, using centrally generated key (and cert) , -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345
+1, using centrally generated key (and cert) with existing chain, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, issuing.crt
+1, using centrally generated key (and cert) without giving chain (requires sender cert caching), -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:12345, -extracerts, ""
 0, using centrally generated key with wrong password, -section,, -cmd,cr,,-cert,_RESULT_DIR/test.cert3.pem, -key,_RESULT_DIR/newkeyout3.pem, -keypass,pass:wrong
 0, using popo -1 (instead of -centralkeygen) without -newkeyout, -section,, -cmd,cr,, -popo,-1,,BLANK,,BLANK,,BLANK,,BLANK
diff -Nru openssl-3.5.5/test/recipes/80-test_cms.t openssl-3.5.6/test/recipes/80-test_cms.t
--- openssl-3.5.5/test/recipes/80-test_cms.t	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_cms.t	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2025 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -53,7 +53,7 @@
 
 $no_rc2 = 1 if disabled("legacy");
 
-plan tests => 31;
+plan tests => 34;
 
 ok(run(test(["pkcs7_test"])), "test pkcs7");
 
@@ -1360,6 +1360,49 @@
 	   "Check for failure when cipher does not have an assigned OID (issue#22225)");
      });
 
+# Test cases for CVE-2026-28389
+my $smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "dh-malformed.der");
+my $smdhcert = srctop_file("test", "recipes", "80-test_cms_data", "dh-cert.pem");
+my $smdhkey = srctop_file("test", "recipes", "80-test_cms_data", "dh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+    sub {
+        SKIP: {
+          skip "DH is not supported in this build", 1 if $no_dh;
+
+          ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+                      "-inform", "DER", "-recip", $smdhcert, "-inkey", $smdhkey])),
+             "Must not crash on malformed cms inputs with dh key");
+        }
+    });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-malformed.der");
+my $smecdhcert = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-cert.pem");
+my $smecdhkey = srctop_file("test", "recipes", "80-test_cms_data", "ecdh-key.pem");
+
+with({ exit_checker => sub { return shift == 4; } },
+    sub {
+        SKIP: {
+          skip "EC is not supported in this build", 1 if $no_ec;
+
+          ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed,
+                       "-inform", "DER", "-recip", $smecdhcert, "-inkey", $smecdhkey])),
+             "Must not crash on malformed cms inputs with ecdh key");
+        }
+    });
+
+$smcont_malformed = srctop_file("test", "recipes", "80-test_cms_data", "rsa-malformed.der");
+my $smrsacert = catfile($smdir, "smrsa3.pem");
+my $smrsakey = catfile($smdir, "smrsa3-key.pem");
+
+# Test case for CVE-2026-28390
+with({ exit_checker => sub { my $ret = shift; return $ret == 4 || $ret == 0; } },
+    sub {
+        ok(run(app(["openssl", "cms", @prov, "-decrypt", "-in", $smcont_malformed, "-inform",
+                   "DER", "-recip", $smrsacert, "-inkey", $smrsakey, "-out", "{output}.cms"])),
+           "Must not crash on malformed cms inputs with RSA key");
+    });
+
 # Test encrypt to three recipients, and decrypt using key-only;
 # i.e. do not follow the recommended practice of providing the
 # recipient cert in the decrypt op.
diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/dh-cert.pem openssl-3.5.6/test/recipes/80-test_cms_data/dh-cert.pem
--- openssl-3.5.5/test/recipes/80-test_cms_data/dh-cert.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_cms_data/dh-cert.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSjCCBDKgAwIBAgIUAV5WB+HkJTxtCmGX88OYfIRfEu8wDQYJKoZIhvcNAQEL
+BQAwVjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxITAfBgNVBAoM
+GEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDEPMA0GA1UEAwwGcm9vdENBMB4XDTI2
+MDMzMTA4NDUwOVoXDTI2MDQwMTA4NDUwOVowDjEMMAoGA1UEAwwDcG9jMIIDJzCC
+AhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xWICc9PPHYucWD
+zi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e1dX9ZWEkM/Uf
+XwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFYoTat5zUwrMpP
+SDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt52NyuxkLB6fI
+7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47G0xvrXM7tfy8
+LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgECAoIBAH//////
+////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7nEk2ffL6X8bGx
+hjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mvP6vkmswnhjhw
+c0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl2WRx/dy1bVuw
+a/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJmlBoXsMi5f050
+wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUTYNl3/UQ1oRww
+lC5L//////////8DggEGAAKCAQEA8IGxSTAsrdMqlK3rFejocWZ0fmXhLzlhnARX
+l3RL+jHyiFoCyCPRLmGBMaL9HqfcVp7E98IvFBxEjtDVc2tcbUJrbv922QaNYqQl
+IwuUhdBHDpg0aSbDTV0Vvbny0hDuD7T7VTUO5D7XJammA2hlbpcfO8xuWFmRjdBJ
+ctA+MaUbWL21ZzsF8A5rz58mVRHchrAez5ksNb8xaLd0lZqtbiBDntA52XnSp1bO
+M2CPlKcb4qMMxVop2DGakChcxu7BUzob22HpRQl+k5K4Tq+kkToHKMR6obpl9Leu
+lzJdR8cH9WqF6TE2YFYkpvzE7V7/Rp4uC6UqOGr62oS4thwLtqNTMFEwHwYDVR0j
+BBgwFoAUhVaJNeKfABrhhgMLS692Emszbf0wDwYDVR0TAQH/BAUwAwEB/zAdBgNV
+HQ4EFgQUIpXhOwY+ufefb4dBhx3niO/ntO0wDQYJKoZIhvcNAQELBQADggEBABWo
+cJfSVwpnYmDHi9U0r0yickvRyFLiOK1vruoKfbkxfYk9J9OwLr4n4S5P5bGXXOSW
+AAVXnvYKs6Xn07sg+1X1Sti/1wd/OLOvjaz1ebRqP5MiZRbKIlRHkv2maJEmcdyp
+JGR4gHGnu/0I5Zp4DOi+xv1R3vGIkkcl/WIncrJflMJcCRMM4YdMV838kFU2esGm
+eB8pTv7acyYsGeSTIk+AYEtS84w3ZQ2sOuGAep0hp9saV/LKiRzNUG0yX2LWP8EO
+VMqGSXJqg1TYgAa7lcidtXfQgm+xdTeZzJRbl8Ti3d5YbgXW2vt4vhwkXtPGy5Y3
+NGpnrpeWX4rk4kQmx/I=
+-----END CERTIFICATE-----
diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/dh-key.pem openssl-3.5.6/test/recipes/80-test_cms_data/dh-key.pem
--- openssl-3.5.5/test/recipes/80-test_cms_data/dh-key.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_cms_data/dh-key.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,15 @@
+-----BEGIN PRIVATE KEY-----
+MIICQAIBADCCAhkGByqGSM4+AgEwggIMAoIBAQD//////////634VFiiu0qar9xW
+ICc9PPHYucWDzi02lanhNkEUZDP7zJOdziSbPvl9L+NjYwx12PaBsgKuxGF6098e
+1dX9ZWEkM/UfXwZu0IVjZVU97RrztVcTXn9XyTWYTwxw4OaLd+Kmidrz7+hyHfFY
+oTat5zUwrMpPSDp5erwKsYKzJPth0QipS7LI4/u5atq3YNf0aB1PQqPeOU30rlbt
+52NyuxkLB6fI7gptcJ4C/OHN9+LswDQEzSg0L2GRcv6c6YWD/45PEjLu8oGDw/47
+G0xvrXM7tfy8LsIgBcWO8YN9FoOyxvNKJsGy7/qIa0I4YShcl///////////AgEC
+AoIBAH//////////1vwqLFFdpU1X7isQE56eeOxc4sHnFptK1PCbIIoyGf3mSc7n
+Ek2ffL6X8bGxhjrse0DZAVdiML1p749q6v6ysJIZ+o+vgzdoQrGyqp72jXnaq4mv
+P6vkmswnhjhwc0W78VNE7Xn39DkO+KxQm1bzmphWZSekHTy9XgVYwVmSfbDohFSl
+2WRx/dy1bVuwa/o0DqehUe8cpvpXK3bzsbldjIWD0+R3BTa4TwF+cOb78XZgGgJm
+lBoXsMi5f050wsH/xyeJGXd5QMHh/x2NpjfWuZ3a/l4XYRAC4sd4wb6LQdljeaUT
+YNl3/UQ1oRwwlC5L//////////8EHgIcJmHQRSrQ2wQnNyMZhx9Xdkf8hro/xi1r
+xDHoWg==
+-----END PRIVATE KEY-----
Binary files /srv/release.debian.org/tmp/37HDdCioXR/openssl-3.5.5/test/recipes/80-test_cms_data/dh-malformed.der and /srv/release.debian.org/tmp/5ncLo7hkfu/openssl-3.5.6/test/recipes/80-test_cms_data/dh-malformed.der differ
diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-cert.pem openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-cert.pem
--- openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-cert.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-cert.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBcTCCARegAwIBAgIUFyBfipahA11TzFxBhYY2WfTejGswCgYIKoZIzj0EAwIw
+DjEMMAoGA1UEAwwDcG9jMB4XDTI2MDMzMTA3MzQyOVoXDTI2MDQwMTA3MzQyOVow
+DjEMMAoGA1UEAwwDcG9jMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE6iA2FR7s
+OgRtpf8cRXDSLSSB5nSzQt2/hzueZTiQXUT1Knto2U5zRqUoioZ/FKsazdhQVQQC
+EN0/WYGND+XwmaNTMFEwHwYDVR0jBBgwFoAU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU+AH0MqgJJ4WYRK+BmEDebmjREYcw
+CgYIKoZIzj0EAwIDSAAwRQIhAPTS8MWoylN+jfLgRfr75WkJqNFlsrfxCDvMtWV+
+NT2yAiBaY72EVG36EP2gGFEhkBaXb0vLx0r7umDgejEwBWQ9mQ==
+-----END CERTIFICATE-----
diff -Nru openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-key.pem openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-key.pem
--- openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-key.pem	1970-01-01 00:00:00.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-key.pem	2026-04-07 12:26:30.000000000 +0000
@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgeDjy2W+FHVPt1Kg1
+unwzzD9yBC+NtbH/UaZ9PY4wZP6hRANCAATqIDYVHuw6BG2l/xxFcNItJIHmdLNC
+3b+HO55lOJBdRPUqe2jZTnNGpSiKhn8UqxrN2FBVBAIQ3T9ZgY0P5fCZ
+-----END PRIVATE KEY-----
Binary files /srv/release.debian.org/tmp/37HDdCioXR/openssl-3.5.5/test/recipes/80-test_cms_data/ecdh-malformed.der and /srv/release.debian.org/tmp/5ncLo7hkfu/openssl-3.5.6/test/recipes/80-test_cms_data/ecdh-malformed.der differ
Binary files /srv/release.debian.org/tmp/37HDdCioXR/openssl-3.5.5/test/recipes/80-test_cms_data/rsa-malformed.der and /srv/release.debian.org/tmp/5ncLo7hkfu/openssl-3.5.6/test/recipes/80-test_cms_data/rsa-malformed.der differ
diff -Nru openssl-3.5.5/test/recipes/80-test_ocsp.t openssl-3.5.6/test/recipes/80-test_ocsp.t
--- openssl-3.5.5/test/recipes/80-test_ocsp.t	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/recipes/80-test_ocsp.t	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2015-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -37,22 +37,24 @@
     }
     my $expected_exit = shift;
     my $nochecks = shift;
+    my $opt_untrusted = shift // "-verify_other";
     my $outputfile = basename($inputfile, '.ors') . '.dat';
 
     run(app(["openssl", "base64", "-d",
              "-in", catfile($ocspdir,$inputfile),
              "-out", $outputfile]));
+    my @certopt = ($opt_untrusted, catfile($ocspdir, $untrusted));
     with({ exit_checker => sub { return shift == $expected_exit; } },
          sub { ok(run(app(["openssl", "ocsp", "-respin", $outputfile,
                            "-partial_chain", @check_time,
                            "-CAfile", catfile($ocspdir, $CAfile),
-                           "-verify_other", catfile($ocspdir, $untrusted),
+                           @certopt,
                            "-no-CApath", "-no-CAstore",
                            $nochecks ? "-no_cert_checks" : ()])),
                   $title); });
 }
 
-plan tests => 12;
+plan tests => 13;
 
 subtest "=== VALID OCSP RESPONSES ===" => sub {
     plan tests => 7;
@@ -230,6 +232,14 @@
                  "running ocspapitest");
 };
 
+subtest "=== UNTRUSTED ISSUER HINTS ===" => sub {
+    plan tests => 1;
+
+    test_ocsp("NON-DELEGATED; invalid issuer via -issuer",
+              "ND1.ors", "ND1_Cross_Root.pem",
+              "ISIC_ND1_Issuer_ICA.pem", 1, 0, "-issuer");
+};
+
 subtest "=== OCSP handling of identical input and output files ===" => sub {
     plan tests => 5;
 
diff -Nru openssl-3.5.5/test/sslapitest.c openssl-3.5.6/test/sslapitest.c
--- openssl-3.5.5/test/sslapitest.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/sslapitest.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -8343,6 +8343,13 @@
         NULL,
         "AES128-SHA",
         "AES128-SHA" },
+    { TLS1_2_VERSION,
+        "AES256-SHA",
+        NULL,
+        "AES128-SHA",
+        NULL,
+        "",
+        "" },
 #endif
 /*
  * This test combines TLSv1.3 and TLSv1.2 ciphersuites so they must both be
@@ -8367,6 +8374,13 @@
         "TLS_AES_256_GCM_SHA384",
         "TLS_AES_256_GCM_SHA384",
         "TLS_AES_256_GCM_SHA384" },
+    { TLS1_3_VERSION,
+        "AES128-SHA",
+        "TLS_AES_128_GCM_SHA256",
+        "AES256-SHA",
+        "TLS_AES_256_GCM_SHA384",
+        "",
+        "" },
 #endif
 };
 
@@ -8377,6 +8391,9 @@
     int testresult = 0;
     char buf[1024];
     OSSL_LIB_CTX *tmplibctx = OSSL_LIB_CTX_new();
+    const char *expbuf = is_fips ? shared_ciphers_data[tst].fipsshared
+                                 : shared_ciphers_data[tst].shared;
+    int handshakeok = strcmp(expbuf, "") != 0;
 
     if (!TEST_ptr(tmplibctx))
         goto end;
@@ -8417,18 +8434,22 @@
                 shared_ciphers_data[tst].srvrtls13ciphers))))
         goto end;
 
-    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl,
-            NULL, NULL))
-        || !TEST_true(create_ssl_connection(serverssl, clientssl,
-            SSL_ERROR_NONE)))
+    if (!TEST_true(create_ssl_objects(sctx, cctx, &serverssl, &clientssl, NULL,
+            NULL)))
         goto end;
 
+    if (handshakeok) {
+        if (!TEST_true(create_ssl_connection(serverssl, clientssl,
+                SSL_ERROR_NONE)))
+            goto end;
+    } else {
+        if (!TEST_false(create_ssl_connection(serverssl, clientssl,
+                SSL_ERROR_NONE)))
+            goto end;
+    }
+
     if (!TEST_ptr(SSL_get_shared_ciphers(serverssl, buf, sizeof(buf)))
-        || !TEST_int_eq(strcmp(buf,
-                            is_fips
-                                ? shared_ciphers_data[tst].fipsshared
-                                : shared_ciphers_data[tst].shared),
-            0)) {
+        || !TEST_int_eq(strcmp(buf, expbuf), 0)) {
         TEST_info("Shared ciphers are: %s\n", buf);
         goto end;
     }
@@ -9714,6 +9735,7 @@
     SSL *serverssl = NULL, *clientssl = NULL;
     int testresult = 0;
     SSL_SESSION *sess = NULL;
+    int references;
 
 #ifdef OSSL_NO_USABLE_TLS1_3
     /* If no TLSv1.3 available then do nothing in this case */
@@ -9787,6 +9809,15 @@
     get_sess_val = SSL_get_session(serverssl);
     if (!TEST_ptr(get_sess_val))
         goto end;
+    /*
+     * Normally the session is also stored in the cache, thus we have more than
+     * one reference, but due to an out-of-memory error it can happen that this
+     * is the only reference, and in that case the SSL_free(serverssl) below
+     * would free the get_sess_val, causing a use-after-free error.
+     */
+    if (!TEST_true(CRYPTO_GET_REF(&get_sess_val->references, &references))
+        || !TEST_int_ge(references, 2))
+        goto end;
     sess = SSL_get1_session(clientssl);
     if (!TEST_ptr(sess))
         goto end;
@@ -13507,6 +13538,52 @@
 #endif /* !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DH) */
 }
 
+/*
+ * Test that if we attempt to send HTTP to a TLS server that we get the expected
+ * failure reason code.
+ */
+static int test_http_verbs(int idx)
+{
+    SSL_CTX *sctx = NULL;
+    SSL *serverssl = NULL;
+    int testresult = 0;
+    const char *verbs[] = { "GET", "POST", "HEAD" };
+    const char *http_trailer = " / HTTP/1.0\r\n\r\n";
+    BIO *b = BIO_new(BIO_s_mem());
+
+    if (!TEST_true((unsigned int)idx < OSSL_NELEM(verbs)))
+        goto end;
+
+    if (!TEST_true(create_ssl_ctx_pair(libctx, TLS_server_method(),
+            NULL, 0, 0, &sctx, NULL, cert, privkey)))
+        goto end;
+
+    serverssl = SSL_new(sctx);
+    if (!TEST_ptr(serverssl))
+        goto end;
+
+    if (!TEST_int_gt(BIO_write(b, verbs[idx], (int)strlen(verbs[idx])), 0))
+        goto end;
+    if (!TEST_int_gt(BIO_write(b, http_trailer, (int)strlen(http_trailer)), 0))
+        goto end;
+    SSL_set_bio(serverssl, b, b);
+    b = NULL;
+
+    ERR_clear_error();
+    if (!TEST_int_le(SSL_accept(serverssl), 0))
+        goto end;
+    if (!TEST_int_eq(ERR_GET_REASON(ERR_get_error()), SSL_R_HTTP_REQUEST))
+        goto end;
+
+    testresult = 1;
+end:
+    SSL_free(serverssl);
+    SSL_CTX_free(sctx);
+    BIO_free(b);
+
+    return testresult;
+}
+
 OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
 
 int setup_tests(void)
@@ -13840,6 +13917,7 @@
         ADD_TEST(test_ssl_trace);
 #endif
     ADD_ALL_TESTS(test_ssl_set_groups_unsupported_keyshare, 2);
+    ADD_ALL_TESTS(test_http_verbs, 3);
     return 1;
 
 err:
diff -Nru openssl-3.5.5/test/tls-provider.c openssl-3.5.6/test/tls-provider.c
--- openssl-3.5.5/test/tls-provider.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/tls-provider.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -2163,8 +2163,7 @@
     ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING)
 } static_ASN1_SEQUENCE_END_name(X509_PUBKEY, X509_PUBKEY_INTERNAL)
 
-                                          static X509_PUBKEY
-    * xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
+static X509_PUBKEY *xorx_d2i_X509_PUBKEY_INTERNAL(const unsigned char **pp, long len, OSSL_LIB_CTX *libctx)
 {
     X509_PUBKEY *xpub = OPENSSL_zalloc(sizeof(*xpub));
 
diff -Nru openssl-3.5.5/test/tls13groupselection_test.c openssl-3.5.6/test/tls13groupselection_test.c
--- openssl-3.5.5/test/tls13groupselection_test.c	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/test/tls13groupselection_test.c	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 /*
- * Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2025-2026 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,6 +40,12 @@
     SH = 2
 } SERVER_RESPONSE;
 
+static const char *response_desc[] = {
+    "HRR",
+    "INIT",
+    "SH",
+};
+
 static char *cert = NULL;
 static char *privkey = NULL;
 
@@ -307,7 +313,23 @@
     { "*brainpoolP256r1:X25519", /* test 43 */
         "X25519",
         SERVER_PREFERENCE,
-        NEGOTIATION_FAILURE, INIT }
+        NEGOTIATION_FAILURE, INIT },
+
+    /* DEFAULT retains tuple structure */
+    { "*X25519:secp256r1",
+        "secp256r1:DEFAULT", /* test 44 */
+        SERVER_PREFERENCE,
+        "secp256r1", HRR },
+#ifndef OPENSSL_NO_DH
+    { "*ffdhe2048:secp256r1",
+        "DEFAULT:ffdhe4096", /* test 45 */
+        CLIENT_PREFERENCE,
+        "secp256r1", HRR },
+    { "x25519:ffdhe2048:*ffdhe4096",
+        "DEFAULT:ffdhe4096", /* test 46 */
+        SERVER_PREFERENCE,
+        "x25519", HRR },
+#endif
 };
 
 static void server_response_check_cb(int write_p, int version,
@@ -318,10 +340,12 @@
     enum SERVER_RESPONSE *server_response = (enum SERVER_RESPONSE *)arg;
     /* Prepare check for HRR */
     const uint8_t *incoming_random = (uint8_t *)buf + 6;
-    const uint8_t magic_HRR_random[32] = { 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
+    const uint8_t magic_HRR_random[32] = {
+        0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11,
         0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91,
         0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E,
-        0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C };
+        0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C
+    };
 
     /* Did a server hello arrive? */
     if (write_p == 0 && /* Incoming data... */
@@ -450,13 +474,16 @@
         group_name_client = SSL_group_to_name(clientssl, negotiated_group_client);
         if (!TEST_int_eq(negotiated_group_client, negotiated_group_server))
             goto end;
-        if (!TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
+        if (!TEST_str_eq(response_desc[current_test_vector->expected_server_response],
+                response_desc[server_response]))
             goto end;
         if (TEST_str_eq(group_name_client, current_test_vector->expected_group))
             ok = 1;
     } else {
         TEST_false_or_end(create_ssl_connection(serverssl, clientssl, SSL_ERROR_NONE));
-        if (test_type == TEST_NEGOTIATION_FAILURE && !TEST_int_eq((int)current_test_vector->expected_server_response, (int)server_response))
+        if (test_type == TEST_NEGOTIATION_FAILURE
+            && !TEST_str_eq(response_desc[current_test_vector->expected_server_response],
+                response_desc[server_response]))
             goto end;
         ok = 1;
     }
diff -Nru openssl-3.5.5/util/checkplatformsyms.pl openssl-3.5.6/util/checkplatformsyms.pl
--- openssl-3.5.5/util/checkplatformsyms.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/util/checkplatformsyms.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2006-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -14,6 +14,13 @@
 
 shift(@ARGV);
 
+# Check that object files exist
+foreach (@ARGV) {
+    unless (-f $_ && -r $_) {
+        die "Path is not a regular readable file: '$_'";
+    }
+}
+
 my $objlist;
 my $objfilelist = join(" ", @ARGV);
 my $expsyms;
@@ -36,13 +43,13 @@
         {
             chomp;
             my $dllfile = $_;
-            $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE \2/;
+            $dllfile =~ s/( +)(.*)(\.dll)(.*)/DLLFILE $2/;
             if (index($dllfile, "DLLFILE") >= 0) {
                 $currentdll = substr($dllfile, 8);
                 $currentdll =~ s/^\s+|s+$//g;
             }
             # filter imports from our own library
-            if ("$currentdll" ne "libcrypto-3-x64") {
+            if ("$currentdll" !~ /^libcrypto-[1-9][0-9]*(-x64)?$/) {
                 my $line = $_;
                 $line =~ s/                          [0-9a-fA-F]{1,2} /SYMBOL /;
                 if (index($line, "SYMBOL") != -1) {
@@ -51,18 +58,28 @@
                 }
             }
         }
+
+        close($OBJFH);
+        ($? >> 8 == 0) or die "Command '$cmd' has failed.";
+
+        my $ok = 1;
         foreach (@symlist) {
+            chomp;
             if (index($exps, $_) < 0) {
                 print "Symbol $_ not in the allowed platform symbols list\n";
-                exit 1;
+                $ok = 0;
             }
         }
-        exit 0;
+        exit !$ok;
     }
 else {
-        $cmd = "objdump -t " . $objfilelist . " | grep UND | grep -v \@OPENSSL";
-        $cmd = $cmd . " | awk '{print \$NF}' |";
-        $cmd = $cmd . " sed -e\"s/@.*\$//\" | sort | uniq";
+        $cmd = "objdump -t " . $objfilelist . " | awk " .
+            "'/\\\\*UND\\\\*/ {" .
+                "split(\$NF, sym_lib, \"@\");" .
+                "if (sym_lib[2] !~ \"OPENSSL_[1-9][0-9]*\\\\.[0-9]+\\\\.[0-9]+\$\")" .
+                    "syms[sym_lib[1]] = 1;" .
+            "}" .
+            "END { for (s in syms) print s; };'";
 
         open $expsyms, '<', $expectedsyms or die;
         {
@@ -72,13 +89,16 @@
         close($expsyms);
 
         open($OBJFH, "$cmd|") or die "Cannot open process: $!";
+        my $ok = 1;
         while (<$OBJFH>)
         {
+                chomp;
                 if (index($exps, $_) < 0) {
                     print "Symbol $_ not in the allowed platform symbols list\n";
-                    exit 1;
+                    $ok = 0;
                 }
         }
         close($OBJFH);
-        exit 0;
+
+        exit !(!($? >> 8) || !$ok);
     }
diff -Nru openssl-3.5.5/util/missingcrypto.txt openssl-3.5.6/util/missingcrypto.txt
--- openssl-3.5.5/util/missingcrypto.txt	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/util/missingcrypto.txt	2026-04-07 12:26:30.000000000 +0000
@@ -1043,8 +1043,6 @@
 X509V3_EXT_get_nid(3)
 X509V3_EXT_nconf(3)
 X509V3_EXT_nconf_nid(3)
-X509V3_EXT_print(3)
-X509V3_EXT_print_fp(3)
 X509V3_EXT_val_prn(3)
 X509V3_NAME_from_section(3)
 X509V3_add_standard_extensions(3)
diff -Nru openssl-3.5.5/util/mkerr.pl openssl-3.5.6/util/mkerr.pl
--- openssl-3.5.5/util/mkerr.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/util/mkerr.pl	2026-04-07 12:26:30.000000000 +0000
@@ -1,5 +1,5 @@
 #! /usr/bin/env perl
-# Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 1999-2026 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -339,21 +339,21 @@
  */
 
 #ifndef $guard
-# define $guard
-# pragma once
+#define $guard
+#pragma once
 
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
 
-# ifdef  __cplusplus
+#ifdef __cplusplus
 extern \"C\" {
-# endif
+#endif
 
 EOF
         $indent = ' ';
         if ($disablable) {
             print OUT <<"EOF";
-# ifndef OPENSSL_NO_${lib}
+#ifndef OPENSSL_NO_${lib}
 
 EOF
             $indent = "  ";
@@ -380,7 +380,7 @@
                     $rassigned{$lib} .= "$findcode:";
                     print STDERR "New Reason code $i\n" if $debug;
                 }
-                printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+                printf OUT "#define $i $rcodes{$i}\n";
             }
             print OUT "\n";
         }
@@ -389,14 +389,14 @@
         # brace for 'extern "C" {'.
         while (length($indent) > 1) {
             $indent = substr $indent, 0, -1;
-            print OUT "#${indent}endif\n";
+            print OUT "#endif\n";
         }
 
         print OUT <<"EOF";
 
-# ifdef  __cplusplus
+#ifdef __cplusplus
 }
-# endif
+#endif
 #endif
 EOF
         close OUT;
@@ -408,8 +408,8 @@
         my $extra_include =
             $internal
             ? ($lib ne 'SSL'
-               ? "# include <openssl/cryptoerr_legacy.h>\n"
-               : "# include <openssl/sslerr_legacy.h>\n")
+               ? "#include <openssl/cryptoerr_legacy.h>\n"
+               : "#include <openssl/sslerr_legacy.h>\n")
             : '';
         my $hfile = $hpubinc{$lib};
         my $guard = $hfile;
@@ -430,46 +430,43 @@
  */
 
 #ifndef $guard
-# define $guard
-# pragma once
+#define $guard
+#pragma once
 
-# include <openssl/opensslconf.h>
-# include <openssl/symhacks.h>
+#include <openssl/opensslconf.h>
+#include <openssl/symhacks.h>
 $extra_include
-
 EOF
         $indent = ' ';
         if ( $internal ) {
             if ($disablable) {
                 print OUT <<"EOF";
-# ifndef OPENSSL_NO_${lib}
-
+#ifndef OPENSSL_NO_${lib}
 EOF
                 $indent .= ' ';
             }
         } else {
             print OUT <<"EOF";
-# define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
-# define ERR_R_${lib}_LIB ERR_${lib}_lib()
-
+#define ${lib}err(f, r) ERR_${lib}_error(0, (r), OPENSSL_FILE, OPENSSL_LINE)
+#define ERR_R_${lib}_LIB ERR_${lib}_lib()
 EOF
             if ( ! $static ) {
                 print OUT <<"EOF";
 
-# ifdef  __cplusplus
+#ifdef __cplusplus
 extern \"C\" {
-# endif
+#endif
 int ERR_load_${lib}_strings(void);
 void ERR_unload_${lib}_strings(void);
 void ERR_${lib}_error(int function, int reason, const char *file, int line);
-# ifdef  __cplusplus
+#ifdef __cplusplus
 }
-# endif
+#endif
 EOF
             }
         }
 
-        print OUT "\n/*\n * $lib reason codes.\n */\n";
+        print OUT "/*\n * $lib reason codes.\n */\n";
         foreach my $i ( @reasons ) {
             my $z = 48 - length($i);
             $z = 0 if $z < 0;
@@ -484,13 +481,13 @@
                 $rassigned{$lib} .= "$findcode:";
                 print STDERR "New Reason code $i\n" if $debug;
             }
-            printf OUT "#${indent}define $i%s $rcodes{$i}\n", " " x $z;
+            printf OUT "#define $i $rcodes{$i}\n";
         }
         print OUT "\n";
 
         while (length($indent) > 0) {
             $indent = substr $indent, 0, -1;
-            print OUT "#${indent}endif\n";
+            print OUT "#endif\n";
         }
         close OUT;
     }
@@ -550,7 +547,7 @@
             }
         }
         print OUT <<"EOF";
-#${indent}ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_ERR
 
 static ${const}ERR_STRING_DATA ${lib}_str_reasons[] = {
 EOF
@@ -568,26 +565,26 @@
                 $strings{$i} = $rn;
             }
             my $lines;
-            $lines = "    {ERR_PACK($pack_lib, 0, $i), \"$rn\"},";
-            $lines = "    {ERR_PACK($pack_lib, 0, $i),\n     \"$rn\"},"
-                if length($lines) > 80;
+            $lines = "    { ERR_PACK($pack_lib, 0, $i), \"$rn\" },";
+            $lines = "    { ERR_PACK($pack_lib, 0, $i),\n        \"$rn\" },"
+                if length($lines) > 82;
             print OUT "$lines\n";
         }
         print OUT <<"EOF";
-    {0, NULL}
+    { 0, NULL }
 };
 
-#${indent}endif
+#endif
 EOF
         if ( $internal ) {
             print OUT <<"EOF";
 
 int ossl_err_load_${lib}_strings(void)
 {
-#${indent}ifndef OPENSSL_NO_ERR
+#ifndef OPENSSL_NO_ERR
     if (ERR_reason_error_string(${lib}_str_reasons[0].error) == NULL)
         ERR_load_strings_const(${lib}_str_reasons);
-#${indent}endif
+#endif
     return 1;
 }
 EOF
@@ -642,7 +639,7 @@
 
         while (length($indent) > 1) {
             $indent = substr $indent, 0, -1;
-            print OUT "#${indent}endif\n";
+            print OUT "#endif\n";
         }
         if ($internal && $disablable) {
             print OUT <<"EOF";
diff -Nru openssl-3.5.5/util/mkinstallvars.pl openssl-3.5.6/util/mkinstallvars.pl
--- openssl-3.5.5/util/mkinstallvars.pl	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/util/mkinstallvars.pl	2026-04-07 12:26:30.000000000 +0000
@@ -29,7 +29,7 @@
                       LIBDIR => [ qw(ENGINESDIR MODULESDIR PKGCONFIGDIR
                                      CMAKECONFIGDIR) ]);
 # For completeness, other expected variables
-my @others = qw(VERSION LDLIBS);
+my @others = qw(COMMENT VERSION LDLIBS);
 
 my %all = ( );
 foreach (@absolutes) { $all{$_} = 1 }
@@ -135,9 +135,10 @@
 }
 
 print <<_____;
-    \$VERSION \@LDLIBS
+    \$COMMENT \$VERSION \@LDLIBS
 );
 
+our \$COMMENT                    = '$values{COMMENT}->[0]';
 _____
 
 foreach my $k (@absolutes) {
diff -Nru openssl-3.5.5/util/platform_symbols/windows-symbols.txt openssl-3.5.6/util/platform_symbols/windows-symbols.txt
--- openssl-3.5.5/util/platform_symbols/windows-symbols.txt	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/util/platform_symbols/windows-symbols.txt	2026-04-07 12:26:30.000000000 +0000
@@ -1,236 +1,175 @@
-CryptGenRandom
-RegisterEventSourceW
-ReportEventW
-CryptAcquireContextW
-CryptReleaseContext
-DeregisterEventSource
+AcquireSRWLockExclusive
+AcquireSRWLockShared
+CertCloseStore
 CertFindCertificateInStore
 CertFreeCertificateContext
 CertOpenSystemStoreW
-CertCloseStore
-GetUserObjectInformationW
-GetProcessWindowStation
-MessageBoxW
-GetCurrentProcess
-ReadConsoleW
-ReadConsoleA
-SetConsoleMode
-GetConsoleMode
+CloseHandle
+ConvertFiberToThread
+ConvertThreadToFiberEx
+CreateFiberEx
 CreateSemaphoreA
-GetExitCodeThread
-WaitForSingleObject
-ReleaseSemaphore
-GetCurrentProcessId
-TryEnterCriticalSection
-LeaveCriticalSection
+CryptAcquireContextW
+CryptGenRandom
+CryptReleaseContext
+DeleteCriticalSection
+DeleteFiber
+DeregisterEventSource
+DisableThreadLibraryCalls
 EnterCriticalSection
-InitializeCriticalSection
-SystemTimeToFileTime
+FindClose
+FindFirstFileW
+FindNextFileW
+FormatMessageA
+FreeLibrary
+GetACP
+GetConsoleMode
+GetCurrentProcess
+GetCurrentProcessId
+GetCurrentThreadId
+GetEnvironmentVariableW
+GetExitCodeThread
+GetFileType
+GetLastError
+GetModuleHandleExW
+GetModuleHandleW
+GetProcAddress
+GetProcessWindowStation
+GetStartupInfoW
+GetStdHandle
+GetSystemDirectoryA
+GetSystemInfo
 GetSystemTime
-TlsFree
-TlsSetValue
-TlsGetValue
 GetSystemTimeAsFileTime
+GetUserObjectInformationW
+InitializeCriticalSection
+InitializeSListHead
+InitializeSRWLock
+IsDebuggerPresent
+IsProcessorFeaturePresent
+LeaveCriticalSection
+LoadLibraryA
+LoadLibraryW
+MessageBoxW
+MultiByteToWideChar
+QueryPerformanceCounter
+ReadConsoleA
+ReadConsoleW
+RegisterEventSourceW
+ReleaseSRWLockExclusive
+ReleaseSRWLockShared
+ReleaseSemaphore
+ReportEventW
 RtlCaptureContext
 RtlLookupFunctionEntry
-UnhandledExceptionFilter
+RtlVirtualUnwind
+SetConsoleMode
+SetLastError
 SetUnhandledExceptionFilter
-IsProcessorFeaturePresent
-IsDebuggerPresent
-GetStartupInfoW
-QueryPerformanceCounter
-InitializeSListHead
-DeleteCriticalSection
+Sleep
+SwitchToFiber
+SystemTimeToFileTime
 TerminateProcess
 TlsAlloc
-GetCurrentThreadId
-AcquireSRWLockShared
-AcquireSRWLockExclusive
-RtlVirtualUnwind
-ConvertFiberToThread
-ConvertThreadToFiberEx
-SwitchToFiber
-DeleteFiber
-CreateFiberEx
-GetSystemDirectoryA
-FreeLibrary
-GetProcAddress
-LoadLibraryA
-FormatMessageA
-GetLastError
-SetLastError
-CloseHandle
-LoadLibraryW
-GetEnvironmentVariableW
-GetStdHandle
-GetFileType
-WriteFile
-GetModuleHandleW
-MultiByteToWideChar
-WideCharToMultiByte
-GetACP
-GetModuleHandleExW
-GetSystemInfo
+TlsFree
+TlsGetValue
+TlsSetValue
+TryEnterCriticalSection
+UnhandledExceptionFilter
 VirtualAlloc
-VirtualProtect
 VirtualFree
 VirtualLock
-FindClose
-FindFirstFileW
-FindNextFileW
-Sleep
-InitializeSRWLock
-ReleaseSRWLockExclusive
-ReleaseSRWLockShared
-__current_exception
+VirtualProtect
+WSAIoctl
+WSASocketA
+WaitForSingleObject
+WideCharToMultiByte
+WriteFile
 __C_specific_handler
-wcsstr
+__acrt_iob_func
+__current_exception
 __current_exception_context
-strlen
-strstr
-strchr
-memmove
-strrchr
-memcmp
-memset
-memcpy
-memchr
 __std_type_info_destroy_list
-__stdio_common_vsprintf
 __stdio_common_vfprintf
+__stdio_common_vsnprintf_s
+__stdio_common_vsprintf
+__stdio_common_vsprintf_s
 __stdio_common_vsscanf
-ftell
-fseek
-fread
-_fileno
 __stdio_common_vswprintf
-_wfopen
-fopen
-setvbuf
-fflush
-ferror
-feof
-clearerr
-setbuf
-fclose
-fputs
-__acrt_iob_func
-__stdio_common_vsprintf_s
-fwrite
-fgets
-_setmode
-strtoul
-atoi
-strtol
-tolower
-strspn
-strcspn
-strncpy
-strpbrk
-strncmp
-strcmp
-strcat_s
-isspace
-_strdup
-isdigit
-strncpy_s
-strcpy_s
-_gmtime64_s
 __timezone
-_mktime64
-_time64
-qsort
-malloc
-realloc
-calloc
-free
-terminate
-signal
-_initialize_narrow_environment
 _beginthreadex
+_cexit
+_chmod
+_configure_narrow_argv
+_crt_at_quick_exit
+_crt_atexit
+_dclass
 _endthreadex
-_register_onexit_function
-strerror_s
+_errno
 _execute_onexit_table
-raise
-_crt_atexit
 _exit
-_crt_at_quick_exit
-_errno
-_cexit
-_initterm_e
-_configure_narrow_argv
+_fileno
+_fstat64i32
+_get_osfhandle
+_gmtime64_s
+_initialize_narrow_environment
 _initialize_onexit_table
 _initterm
+_initterm_e
+_mktime64
+_register_onexit_function
 _seh_filter_dll
-_chmod
+_setmode
 _stat64i32
-_fstat64i32
+_strdup
+_time64
+_wfopen
+atoi
+calloc
+clearerr
+fclose
+feof
+ferror
+fflush
+fgets
+fopen
+fputs
+fread
+free
+fseek
+ftell
+fwrite
 getenv
-GetStartupInfoW
-RtlLookupFunctionEntry
-RtlVirtualUnwind
-UnhandledExceptionFilter
-GetSystemTime
-SystemTimeToFileTime
-CloseHandle
-InitializeCriticalSection
-EnterCriticalSection
-LeaveCriticalSection
-TryEnterCriticalSection
-DeleteCriticalSection
-ReleaseSemaphore
-WaitForSingleObject
-WSASocketA
-WSAIoctl
-GetCurrentThreadId
-SetUnhandledExceptionFilter
-GetExitCodeThread
-CreateSemaphoreA
-SetLastError
-GetLastError
-GetCurrentProcess
-TerminateProcess
-IsProcessorFeaturePresent
-QueryPerformanceCounter
-RtlCaptureContext
-GetCurrentProcessId
-GetSystemTimeAsFileTime
-DisableThreadLibraryCalls
-InitializeSListHead
-IsDebuggerPresent
-GetModuleHandleW
+isdigit
+isspace
+malloc
+memchr
+memcmp
 memcpy
+memmove
 memset
-__current_exception_context
+qsort
+raise
+realloc
+setbuf
+setvbuf
+signal
+strcat_s
 strchr
-memcmp
-memchr
+strcmp
+strcpy_s
+strcspn
+strerror_s
+strlen
+strncmp
+strncpy
+strncpy_s
+strpbrk
+strrchr
+strspn
 strstr
-memmove
-__std_type_info_destroy_list
-__current_exception
-__C_specific_handler
-_errno
-_endthreadex
+strtol
+strtoul
 terminate
-_initterm
-_initterm_e
-_seh_filter_dll
-_configure_narrow_argv
-_initialize_narrow_environment
-_initialize_onexit_table
-_register_onexit_function
-_execute_onexit_table
-_crt_atexit
-_crt_at_quick_exit
-_cexit
-_beginthreadex
-_time64
-strncmp
-strcmp
-qsort
-_stat64i32
-atoi
-__stdio_common_vsprintf
-_dclass
+tolower
+wcsstr
diff -Nru openssl-3.5.5/util/wrap.pl.in openssl-3.5.6/util/wrap.pl.in
--- openssl-3.5.5/util/wrap.pl.in	2026-01-27 13:42:37.000000000 +0000
+++ openssl-3.5.6/util/wrap.pl.in	2026-04-07 12:26:30.000000000 +0000
@@ -79,6 +79,7 @@
     $std_openssl_conf_include = catdir($there, 'providers');
 }
 
+local $ENV{OPENSSL_RUNNING_UNIT_TESTS} = "yes";
 
 local $ENV{OPENSSL_CONF_INCLUDE} = $std_openssl_conf_include
     if defined $std_openssl_conf_include