git: e833378cf958 - stable/14 - OpenSSL: update to 3.0.12

From: Ed Maste <emaste_at_FreeBSD.org>
Date: Wed, 25 Oct 2023 20:21:30 UTC
The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=e833378cf9589171562ccad4c6ff59c3713770bd

commit e833378cf9589171562ccad4c6ff59c3713770bd
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2023-10-24 18:55:56 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2023-10-25 20:20:31 +0000

    OpenSSL: update to 3.0.12
    
    OpenSSL 3.0.12 addresses:
    
     * Fix incorrect key and IV resizing issues when calling
       EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
       with OSSL_PARAM parameters that alter the key or IV length
       ([CVE-2023-5363]).
    
    Relnotes:       Yes
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit ad991e4c142ebabad7aef488ad97b189ecabb270)
    (cherry picked from commit 575878a533823aa3e5bab715928d9cdffbc4dcbc)
---
 crypto/openssl/CHANGES.md                          |  9 +++
 crypto/openssl/INSTALL.md                          |  4 +-
 crypto/openssl/NEWS.md                             |  6 ++
 crypto/openssl/VERSION.dat                         |  4 +-
 crypto/openssl/apps/dgst.c                         |  2 +
 crypto/openssl/apps/dhparam.c                      |  4 +-
 crypto/openssl/apps/dsaparam.c                     |  4 +-
 crypto/openssl/apps/enc.c                          |  5 +-
 crypto/openssl/apps/gendsa.c                       |  4 +-
 crypto/openssl/apps/genpkey.c                      |  4 +-
 crypto/openssl/apps/genrsa.c                       |  4 +-
 crypto/openssl/apps/lib/apps.c                     | 16 ++++--
 crypto/openssl/apps/req.c                          |  2 +
 crypto/openssl/apps/speed.c                        |  3 +-
 crypto/openssl/crypto/aes/asm/aesv8-armx.pl        |  3 +
 crypto/openssl/crypto/arm_arch.h                   |  7 +--
 crypto/openssl/crypto/bn/bn_gcd.c                  |  8 +--
 crypto/openssl/crypto/build.info                   |  2 -
 crypto/openssl/crypto/cms/cms_enc.c                |  5 +-
 crypto/openssl/crypto/cms/cms_err.c                |  4 +-
 crypto/openssl/crypto/cms/cms_sd.c                 | 14 ++++-
 crypto/openssl/crypto/dh/dh_check.c                |  3 +-
 crypto/openssl/crypto/dh/dh_key.c                  |  3 +-
 crypto/openssl/crypto/dh/dh_lib.c                  |  4 +-
 crypto/openssl/crypto/dsa/dsa_check.c              |  8 ++-
 crypto/openssl/crypto/dsa/dsa_lib.c                |  4 +-
 crypto/openssl/crypto/dsa/dsa_ossl.c               |  1 -
 crypto/openssl/crypto/engine/eng_pkey.c            | 44 ++++++++++++++-
 crypto/openssl/crypto/engine/eng_table.c           |  1 +
 crypto/openssl/crypto/err/openssl.txt              |  1 +
 crypto/openssl/crypto/evp/evp_enc.c                | 45 ++++++++++++++-
 crypto/openssl/crypto/evp/legacy_sha.c             |  8 ++-
 crypto/openssl/crypto/evp/p_lib.c                  |  2 +-
 crypto/openssl/crypto/evp/pmeth_lib.c              |  5 +-
 crypto/openssl/crypto/ex_data.c                    |  4 +-
 crypto/openssl/crypto/ffc/ffc_key_validate.c       | 16 ++----
 crypto/openssl/crypto/lhash/lhash.c                |  6 +-
 crypto/openssl/crypto/mem.c                        | 12 +++-
 crypto/openssl/crypto/modes/asm/ghashv8-armx.pl    |  5 +-
 crypto/openssl/crypto/objects/obj_dat.c            |  7 ++-
 crypto/openssl/crypto/param_build_set.c            | 13 +++--
 .../openssl/crypto/poly1305/asm/poly1305-armv8.pl  | 26 ++++-----
 crypto/openssl/crypto/property/property_parse.c    | 34 +++++++++--
 crypto/openssl/crypto/rsa/rsa_backend.c            | 14 +----
 crypto/openssl/crypto/rsa/rsa_lib.c                | 32 ++++++++---
 crypto/openssl/doc/man3/CMS_add1_signer.pod        |  8 ++-
 crypto/openssl/doc/man3/DH_generate_parameters.pod |  6 +-
 .../openssl/doc/man3/DSA_generate_parameters.pod   |  4 +-
 crypto/openssl/doc/man3/EVP_aes_128_gcm.pod        |  8 +--
 crypto/openssl/doc/man3/EVP_aria_128_gcm.pod       |  2 +-
 crypto/openssl/doc/man3/EVP_bf_cbc.pod             |  2 +-
 crypto/openssl/doc/man3/EVP_blake2b512.pod         |  2 +-
 crypto/openssl/doc/man3/EVP_camellia_128_ecb.pod   |  2 +-
 crypto/openssl/doc/man3/EVP_cast5_cbc.pod          |  2 +-
 crypto/openssl/doc/man3/EVP_chacha20.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_des_cbc.pod            |  2 +-
 crypto/openssl/doc/man3/EVP_desx_cbc.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_idea_cbc.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_md2.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_md4.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_md5.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_mdc2.pod               |  2 +-
 crypto/openssl/doc/man3/EVP_rc2_cbc.pod            |  2 +-
 crypto/openssl/doc/man3/EVP_rc4.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_rc5_32_12_16_cbc.pod   |  2 +-
 crypto/openssl/doc/man3/EVP_ripemd160.pod          |  2 +-
 crypto/openssl/doc/man3/EVP_seed_cbc.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_sha1.pod               |  2 +-
 crypto/openssl/doc/man3/EVP_sha224.pod             |  2 +-
 crypto/openssl/doc/man3/EVP_sha3_224.pod           |  2 +-
 crypto/openssl/doc/man3/EVP_sm3.pod                |  2 +-
 crypto/openssl/doc/man3/EVP_sm4_cbc.pod            |  2 +-
 crypto/openssl/doc/man3/EVP_whirlpool.pod          |  2 +-
 crypto/openssl/doc/man3/PKCS5_PBKDF2_HMAC.pod      |  5 +-
 .../openssl/doc/man3/SSL_CONF_CTX_set_ssl_ctx.pod  | 10 +++-
 .../openssl/doc/man3/SSL_CTX_set_info_callback.pod | 16 ++++--
 .../openssl/doc/man3/d2i_PKCS8PrivateKey_bio.pod   |  4 +-
 crypto/openssl/doc/man3/d2i_X509.pod               | 26 +++++++--
 crypto/openssl/include/openssl/cmserr.h            |  3 +-
 crypto/openssl/include/openssl/evp.h               |  4 +-
 crypto/openssl/include/openssl/opensslv.h          | 10 ++--
 crypto/openssl/include/openssl/pkcs7.h.in          |  6 +-
 crypto/openssl/providers/fips-sources.checksums    | 40 ++++++-------
 crypto/openssl/providers/fips.checksum             |  2 +-
 .../encode_decode/encode_key2text.c                | 65 +++++++++-------------
 .../providers/implementations/keymgmt/dh_kmgmt.c   |  2 +-
 .../providers/implementations/macs/kmac_prov.c     |  6 +-
 secure/lib/libcrypto/Makefile.inc                  |  4 +-
 sys/crypto/openssl/aarch64/aesv8-armx.S            |  6 +-
 sys/crypto/openssl/aarch64/arm_arch.h              |  7 +--
 sys/crypto/openssl/aarch64/ghashv8-armx.S          | 26 ++++-----
 sys/crypto/openssl/aarch64/poly1305-armv8.S        | 24 ++++----
 92 files changed, 471 insertions(+), 281 deletions(-)

diff --git a/crypto/openssl/CHANGES.md b/crypto/openssl/CHANGES.md
index a26bdbdd0ad0..f464b2320e9c 100644
--- a/crypto/openssl/CHANGES.md
+++ b/crypto/openssl/CHANGES.md
@@ -28,6 +28,14 @@ breaking changes, and mappings for the large list of deprecated functions.
 
 [Migration guide]: https://github.com/openssl/openssl/tree/master/doc/man7/migration_guide.pod
 
+### Changes between 3.0.11 and 3.0.12 [24 Oct 2023]
+
+ * Fix incorrect key and IV resizing issues when calling EVP_EncryptInit_ex2(),
+   EVP_DecryptInit_ex2() or EVP_CipherInit_ex2() with OSSL_PARAM parameters
+   that alter the key or IV length ([CVE-2023-5363]).
+
+   *Paul Dale*
+
 ### Changes between 3.0.10 and 3.0.11 [19 Sep 2023]
 
  * Fix POLY1305 MAC implementation corrupting XMM registers on Windows.
@@ -19732,6 +19740,7 @@ ndif
 
 <!-- Links -->
 
+[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
diff --git a/crypto/openssl/INSTALL.md b/crypto/openssl/INSTALL.md
index ad4a51026d7c..fef408e9d1e3 100644
--- a/crypto/openssl/INSTALL.md
+++ b/crypto/openssl/INSTALL.md
@@ -2,8 +2,8 @@ Build and Install
 =================
 
 This document describes installation on all supported operating
-systems (the Unix/Linux family, including macOS), OpenVMS,
-and Windows).
+systems: the Unix/Linux family (including macOS), OpenVMS,
+and Windows.
 
 Table of Contents
 =================
diff --git a/crypto/openssl/NEWS.md b/crypto/openssl/NEWS.md
index f7ca47baff87..8f0d973e057b 100644
--- a/crypto/openssl/NEWS.md
+++ b/crypto/openssl/NEWS.md
@@ -18,6 +18,11 @@ OpenSSL Releases
 OpenSSL 3.0
 -----------
 
+### Major changes between OpenSSL 3.0.11 and OpenSSL 3.0.12 [24 Oct 2023]
+
+  * Mitigate incorrect resize handling for symmetric cipher keys and IVs.
+    ([CVE-2023-5363])
+
 ### Major changes between OpenSSL 3.0.10 and OpenSSL 3.0.11 [19 Sep 2023]
 
   * Fix POLY1305 MAC implementation corrupting XMM registers on Windows
@@ -1453,6 +1458,7 @@ OpenSSL 0.9.x
 
 <!-- Links -->
 
+[CVE-2023-5363]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-5363
 [CVE-2023-4807]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-4807
 [CVE-2023-3817]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3817
 [CVE-2023-3446]: https://www.openssl.org/news/vulnerabilities.html#CVE-2023-3446
diff --git a/crypto/openssl/VERSION.dat b/crypto/openssl/VERSION.dat
index c4157a86274d..9d9448118e6d 100644
--- a/crypto/openssl/VERSION.dat
+++ b/crypto/openssl/VERSION.dat
@@ -1,7 +1,7 @@
 MAJOR=3
 MINOR=0
-PATCH=11
+PATCH=12
 PRE_RELEASE_TAG=
 BUILD_METADATA=
-RELEASE_DATE="19 Sep 2023"
+RELEASE_DATE="24 Oct 2023"
 SHLIB_VERSION=3
diff --git a/crypto/openssl/apps/dgst.c b/crypto/openssl/apps/dgst.c
index e12389197de4..3f02af0d5738 100644
--- a/crypto/openssl/apps/dgst.c
+++ b/crypto/openssl/apps/dgst.c
@@ -320,6 +320,8 @@ int dgst_main(int argc, char **argv)
         sigkey = app_keygen(mac_ctx, mac_name, 0, 0 /* not verbose */);
         /* Verbose output would make external-tests gost-engine fail */
         EVP_PKEY_CTX_free(mac_ctx);
+        if (sigkey == NULL)
+            goto end;
     }
 
     if (hmac_key != NULL) {
diff --git a/crypto/openssl/apps/dhparam.c b/crypto/openssl/apps/dhparam.c
index 43906cea5649..2a54dca9d8b5 100644
--- a/crypto/openssl/apps/dhparam.c
+++ b/crypto/openssl/apps/dhparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -222,6 +222,8 @@ int dhparam_main(int argc, char **argv)
         }
 
         tmppkey = app_paramgen(ctx, alg);
+        if (tmppkey == NULL)
+            goto end;
         EVP_PKEY_CTX_free(ctx);
         ctx = NULL;
         if (dsaparam) {
diff --git a/crypto/openssl/apps/dsaparam.c b/crypto/openssl/apps/dsaparam.c
index b5555282be6e..ca91beb5b893 100644
--- a/crypto/openssl/apps/dsaparam.c
+++ b/crypto/openssl/apps/dsaparam.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -218,6 +218,8 @@ int dsaparam_main(int argc, char **argv)
             goto end;
         }
         pkey = app_keygen(ctx, "DSA", numbits, verbose);
+        if (pkey == NULL)
+            goto end;
         assert(private);
         if (outformat == FORMAT_ASN1)
             i = i2d_PrivateKey_bio(out, pkey);
diff --git a/crypto/openssl/apps/enc.c b/crypto/openssl/apps/enc.c
index b3bf4cc2592d..c275046cf57a 100644
--- a/crypto/openssl/apps/enc.c
+++ b/crypto/openssl/apps/enc.c
@@ -624,7 +624,10 @@ int enc_main(int argc, char **argv)
         }
     }
     if (!BIO_flush(wbio)) {
-        BIO_printf(bio_err, "bad decrypt\n");
+        if (enc)
+            BIO_printf(bio_err, "bad encrypt\n");
+        else
+            BIO_printf(bio_err, "bad decrypt\n");
         goto end;
     }
 
diff --git a/crypto/openssl/apps/gendsa.c b/crypto/openssl/apps/gendsa.c
index 27feb793fed2..8aefca65566c 100644
--- a/crypto/openssl/apps/gendsa.c
+++ b/crypto/openssl/apps/gendsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -146,6 +146,8 @@ int gendsa_main(int argc, char **argv)
         goto end;
     }
     pkey = app_keygen(ctx, "DSA", nbits, verbose);
+    if (pkey == NULL)
+        goto end;
 
     assert(private);
     if (!PEM_write_bio_PrivateKey(out, pkey, enc, NULL, 0, NULL, passout)) {
diff --git a/crypto/openssl/apps/genpkey.c b/crypto/openssl/apps/genpkey.c
index d00754eeaca0..705e5c76b47d 100644
--- a/crypto/openssl/apps/genpkey.c
+++ b/crypto/openssl/apps/genpkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -183,6 +183,8 @@ int genpkey_main(int argc, char **argv)
 
     pkey = do_param ? app_paramgen(ctx, algname)
                     : app_keygen(ctx, algname, 0, 0 /* not verbose */);
+    if (pkey == NULL)
+        goto end;
 
     if (do_param) {
         rv = PEM_write_bio_Parameters(out, pkey);
diff --git a/crypto/openssl/apps/genrsa.c b/crypto/openssl/apps/genrsa.c
index 4436b7fa1745..6a683517a15f 100644
--- a/crypto/openssl/apps/genrsa.c
+++ b/crypto/openssl/apps/genrsa.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -203,6 +203,8 @@ opthelp:
         goto end;
     }
     pkey = app_keygen(ctx, "RSA", num, verbose);
+    if (pkey == NULL)
+        goto end;
 
     if (verbose) {
         BIGNUM *e = NULL;
diff --git a/crypto/openssl/apps/lib/apps.c b/crypto/openssl/apps/lib/apps.c
index 572f6a3f8f28..a632b0cff2bf 100644
--- a/crypto/openssl/apps/lib/apps.c
+++ b/crypto/openssl/apps/lib/apps.c
@@ -960,10 +960,14 @@ int load_key_certs_crls_suppress(const char *uri, int format, int maybe_stdin,
         ctx = OSSL_STORE_open_ex(uri, libctx, propq, get_ui_method(), &uidata,
                                  params, NULL, NULL);
     }
-    if (ctx == NULL)
+    if (ctx == NULL) {
+        BIO_printf(bio_err, "Could not open file or uri for loading");
         goto end;
-    if (expect > 0 && !OSSL_STORE_expect(ctx, expect))
+    }
+    if (expect > 0 && !OSSL_STORE_expect(ctx, expect)) {
+        BIO_printf(bio_err, "Internal error trying to load");
         goto end;
+    }
 
     failed = NULL;
     while (cnt_expectations > 0 && !OSSL_STORE_eof(ctx)) {
@@ -3359,8 +3363,8 @@ EVP_PKEY *app_keygen(EVP_PKEY_CTX *ctx, const char *alg, int bits, int verbose)
         BIO_printf(bio_err, "Warning: generating random key material may take a long time\n"
                    "if the system has a poor entropy source\n");
     if (EVP_PKEY_keygen(ctx, &res) <= 0)
-        app_bail_out("%s: Error generating %s key\n", opt_getprog(),
-                     alg != NULL ? alg : "asymmetric");
+        BIO_printf(bio_err, "%s: Error generating %s key\n", opt_getprog(),
+                   alg != NULL ? alg : "asymmetric");
     return res;
 }
 
@@ -3372,8 +3376,8 @@ EVP_PKEY *app_paramgen(EVP_PKEY_CTX *ctx, const char *alg)
         BIO_printf(bio_err, "Warning: generating random key parameters may take a long time\n"
                    "if the system has a poor entropy source\n");
     if (EVP_PKEY_paramgen(ctx, &res) <= 0)
-        app_bail_out("%s: Generating %s key parameters failed\n",
-                     opt_getprog(), alg != NULL ? alg : "asymmetric");
+        BIO_printf(bio_err, "%s: Generating %s key parameters failed\n",
+                   opt_getprog(), alg != NULL ? alg : "asymmetric");
     return res;
 }
 
diff --git a/crypto/openssl/apps/req.c b/crypto/openssl/apps/req.c
index 926f0796bc8f..41191803aef4 100644
--- a/crypto/openssl/apps/req.c
+++ b/crypto/openssl/apps/req.c
@@ -685,6 +685,8 @@ int req_main(int argc, char **argv)
         EVP_PKEY_CTX_set_app_data(genctx, bio_err);
 
         pkey = app_keygen(genctx, keyalgstr, newkey_len, verbose);
+        if (pkey == NULL)
+            goto end;
 
         EVP_PKEY_CTX_free(genctx);
         genctx = NULL;
diff --git a/crypto/openssl/apps/speed.c b/crypto/openssl/apps/speed.c
index f30435704d19..1113d775b8ab 100644
--- a/crypto/openssl/apps/speed.c
+++ b/crypto/openssl/apps/speed.c
@@ -3700,7 +3700,8 @@ static void multiblock_speed(const EVP_CIPHER *evp_cipher, int lengths_single,
             } else {
                 int pad;
 
-                RAND_bytes(out, 16);
+                if (RAND_bytes(inp, 16) <= 0)
+                    app_bail_out("error setting random bytes\n");
                 len += 16;
                 aad[11] = (unsigned char)(len >> 8);
                 aad[12] = (unsigned char)(len);
diff --git a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
index 544dc7e8effe..d0e0be6187bd 100755
--- a/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
+++ b/crypto/openssl/crypto/aes/asm/aesv8-armx.pl
@@ -3661,6 +3661,9 @@ if ($flavour =~ /64/) {			######## 64-bit code
 	s/\.[ui]?64//o and s/\.16b/\.2d/go;
 	s/\.[42]([sd])\[([0-3])\]/\.$1\[$2\]/o;
 
+	# Switch preprocessor checks to aarch64 versions.
+	s/__ARME([BL])__/__AARCH64E$1__/go;
+
 	print $_,"\n";
     }
 } else {				######## 32-bit code
diff --git a/crypto/openssl/crypto/arm_arch.h b/crypto/openssl/crypto/arm_arch.h
index 45d7e1556475..ec4a087fede2 100644
--- a/crypto/openssl/crypto/arm_arch.h
+++ b/crypto/openssl/crypto/arm_arch.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 2011-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2011-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -21,11 +21,6 @@
 #  elif defined(__GNUC__)
 #   if   defined(__aarch64__)
 #    define __ARM_ARCH__ 8
-#    if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__
-#     define __ARMEB__
-#    else
-#     define __ARMEL__
-#    endif
   /*
    * Why doesn't gcc define __ARM_ARCH__? Instead it defines
    * bunch of below macros. See all_architectures[] table in
diff --git a/crypto/openssl/crypto/bn/bn_gcd.c b/crypto/openssl/crypto/bn/bn_gcd.c
index 59d024f674eb..cd0b0151ec7e 100644
--- a/crypto/openssl/crypto/bn/bn_gcd.c
+++ b/crypto/openssl/crypto/bn/bn_gcd.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -611,9 +611,9 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
 
     for (i = 0; i < m; i++) {
         /* conditionally flip signs if delta is positive and g is odd */
-        cond = (-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
+        cond = ((unsigned int)-delta >> (8 * sizeof(delta) - 1)) & g->d[0] & 1
             /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
-            & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1)));
+            & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1)));
         delta = (-cond & -delta) | ((cond - 1) & delta);
         r->neg ^= cond;
         /* swap */
@@ -625,7 +625,7 @@ int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx)
             goto err;
         BN_consttime_swap(g->d[0] & 1 /* g is odd */
                 /* make sure g->top > 0 (i.e. if top == 0 then g == 0 always) */
-                & (~((g->top - 1) >> (sizeof(g->top) * 8 - 1))),
+                & (~((unsigned int)(g->top - 1) >> (sizeof(g->top) * 8 - 1))),
                 g, temp, top);
         if (!BN_rshift1(g, g))
             goto err;
diff --git a/crypto/openssl/crypto/build.info b/crypto/openssl/crypto/build.info
index b90390ae864c..c04db5591120 100644
--- a/crypto/openssl/crypto/build.info
+++ b/crypto/openssl/crypto/build.info
@@ -97,8 +97,6 @@ $UTIL_COMMON=\
         context.c sparse_array.c asn1_dsa.c packet.c param_build.c \
         param_build_set.c der_writer.c threads_lib.c params_dup.c
 
-SHARED_SOURCE[../libssl]=sparse_array.c
-
 SOURCE[../libcrypto]=$UTIL_COMMON \
         mem.c mem_sec.c \
         cversion.c info.c cpt_err.c ebcdic.c uid.c o_time.c o_dir.c \
diff --git a/crypto/openssl/crypto/cms/cms_enc.c b/crypto/openssl/crypto/cms/cms_enc.c
index f7007c12319e..ae88df33a7f0 100644
--- a/crypto/openssl/crypto/cms/cms_enc.c
+++ b/crypto/openssl/crypto/cms/cms_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -15,6 +15,7 @@
 #include <openssl/cms.h>
 #include <openssl/rand.h>
 #include "crypto/evp.h"
+#include "crypto/asn1.h"
 #include "cms_local.h"
 
 /* CMS EncryptedData Utilities */
@@ -81,7 +82,7 @@ BIO *ossl_cms_EncryptedContent_init_bio(CMS_EncryptedContentInfo *ec,
 
     if (enc) {
         calg->algorithm = OBJ_nid2obj(EVP_CIPHER_CTX_get_type(ctx));
-        if (calg->algorithm == NULL) {
+        if (calg->algorithm == NULL || calg->algorithm->nid == NID_undef) {
             ERR_raise(ERR_LIB_CMS, CMS_R_UNSUPPORTED_CONTENT_ENCRYPTION_ALGORITHM);
             goto err;
         }
diff --git a/crypto/openssl/crypto/cms/cms_err.c b/crypto/openssl/crypto/cms/cms_err.c
index dcbea201c8e5..4bd6a0dc1bf1 100644
--- a/crypto/openssl/crypto/cms/cms_err.c
+++ b/crypto/openssl/crypto/cms/cms_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -154,6 +154,8 @@ static const ERR_STRING_DATA CMS_str_reasons[] = {
     "unsupported recipientinfo type"},
     {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_RECIPIENT_TYPE),
     "unsupported recipient type"},
+    {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM),
+    "unsupported signature algorithm"},
     {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNSUPPORTED_TYPE), "unsupported type"},
     {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_ERROR), "unwrap error"},
     {ERR_PACK(ERR_LIB_CMS, 0, CMS_R_UNWRAP_FAILURE), "unwrap failure"},
diff --git a/crypto/openssl/crypto/cms/cms_sd.c b/crypto/openssl/crypto/cms/cms_sd.c
index 53c8e378f318..2093657a2a4a 100644
--- a/crypto/openssl/crypto/cms/cms_sd.c
+++ b/crypto/openssl/crypto/cms/cms_sd.c
@@ -354,11 +354,16 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
 
     if (md == NULL) {
         int def_nid;
-        if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0)
+
+        if (EVP_PKEY_get_default_digest_nid(pk, &def_nid) <= 0) {
+            ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
+                           "pkey nid=%d", EVP_PKEY_get_id(pk));
             goto err;
+        }
         md = EVP_get_digestbynid(def_nid);
         if (md == NULL) {
-            ERR_raise(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST);
+            ERR_raise_data(ERR_LIB_CMS, CMS_R_NO_DEFAULT_DIGEST,
+                           "default md nid=%d", def_nid);
             goto err;
         }
     }
@@ -398,8 +403,11 @@ CMS_SignerInfo *CMS_add1_signer(CMS_ContentInfo *cms,
         }
     }
 
-    if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0))
+    if (!(flags & CMS_KEY_PARAM) && !cms_sd_asn1_ctrl(si, 0)) {
+        ERR_raise_data(ERR_LIB_CMS, CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM,
+                       "pkey nid=%d", EVP_PKEY_get_id(pk));
         goto err;
+    }
     if (!(flags & CMS_NOATTR)) {
         /*
          * Initialize signed attributes structure so other attributes
diff --git a/crypto/openssl/crypto/dh/dh_check.c b/crypto/openssl/crypto/dh/dh_check.c
index f4173e21371e..7ba2beae7fd6 100644
--- a/crypto/openssl/crypto/dh/dh_check.c
+++ b/crypto/openssl/crypto/dh/dh_check.c
@@ -259,7 +259,8 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret)
  */
 int ossl_dh_check_pub_key_partial(const DH *dh, const BIGNUM *pub_key, int *ret)
 {
-    return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret);
+    return ossl_ffc_validate_public_key_partial(&dh->params, pub_key, ret)
+           && *ret == 0;
 }
 
 int ossl_dh_check_priv_key(const DH *dh, const BIGNUM *priv_key, int *ret)
diff --git a/crypto/openssl/crypto/dh/dh_key.c b/crypto/openssl/crypto/dh/dh_key.c
index 4e9705beef73..d84ea99241b9 100644
--- a/crypto/openssl/crypto/dh/dh_key.c
+++ b/crypto/openssl/crypto/dh/dh_key.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -190,7 +190,6 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
 static int dh_init(DH *dh)
 {
     dh->flags |= DH_FLAG_CACHE_MONT_P;
-    ossl_ffc_params_init(&dh->params);
     dh->dirty_cnt++;
     return 1;
 }
diff --git a/crypto/openssl/crypto/dh/dh_lib.c b/crypto/openssl/crypto/dh/dh_lib.c
index 29cda5d7bfa8..5577413e1e0c 100644
--- a/crypto/openssl/crypto/dh/dh_lib.c
+++ b/crypto/openssl/crypto/dh/dh_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -116,6 +116,8 @@ static DH *dh_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         goto err;
 #endif /* FIPS_MODULE */
 
+    ossl_ffc_params_init(&ret->params);
+
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         ERR_raise(ERR_LIB_DH, ERR_R_INIT_FAIL);
         goto err;
diff --git a/crypto/openssl/crypto/dsa/dsa_check.c b/crypto/openssl/crypto/dsa/dsa_check.c
index 7ee914a477ec..fb0e9129a295 100644
--- a/crypto/openssl/crypto/dsa/dsa_check.c
+++ b/crypto/openssl/crypto/dsa/dsa_check.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -39,7 +39,8 @@ int ossl_dsa_check_params(const DSA *dsa, int checktype, int *ret)
  */
 int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
 {
-    return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret);
+    return ossl_ffc_validate_public_key(&dsa->params, pub_key, ret)
+           && *ret == 0;
 }
 
 /*
@@ -49,7 +50,8 @@ int ossl_dsa_check_pub_key(const DSA *dsa, const BIGNUM *pub_key, int *ret)
  */
 int ossl_dsa_check_pub_key_partial(const DSA *dsa, const BIGNUM *pub_key, int *ret)
 {
-    return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret);
+    return ossl_ffc_validate_public_key_partial(&dsa->params, pub_key, ret)
+           && *ret == 0;
 }
 
 int ossl_dsa_check_priv_key(const DSA *dsa, const BIGNUM *priv_key, int *ret)
diff --git a/crypto/openssl/crypto/dsa/dsa_lib.c b/crypto/openssl/crypto/dsa/dsa_lib.c
index ccc701659217..2ae3f8e36b26 100644
--- a/crypto/openssl/crypto/dsa/dsa_lib.c
+++ b/crypto/openssl/crypto/dsa/dsa_lib.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -176,6 +176,8 @@ static DSA *dsa_new_intern(ENGINE *engine, OSSL_LIB_CTX *libctx)
         goto err;
 #endif
 
+    ossl_ffc_params_init(&ret->params);
+
     if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
         ERR_raise(ERR_LIB_DSA, ERR_R_INIT_FAIL);
         goto err;
diff --git a/crypto/openssl/crypto/dsa/dsa_ossl.c b/crypto/openssl/crypto/dsa/dsa_ossl.c
index 62f7c70149f4..8fd66a950e37 100644
--- a/crypto/openssl/crypto/dsa/dsa_ossl.c
+++ b/crypto/openssl/crypto/dsa/dsa_ossl.c
@@ -441,7 +441,6 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
 static int dsa_init(DSA *dsa)
 {
     dsa->flags |= DSA_FLAG_CACHE_MONT_P;
-    ossl_ffc_params_init(&dsa->params);
     dsa->dirty_cnt++;
     return 1;
 }
diff --git a/crypto/openssl/crypto/engine/eng_pkey.c b/crypto/openssl/crypto/engine/eng_pkey.c
index 6e6d6df35b2b..f84fcde46016 100644
--- a/crypto/openssl/crypto/engine/eng_pkey.c
+++ b/crypto/openssl/crypto/engine/eng_pkey.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2001-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2001-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -79,6 +79,48 @@ EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id,
         ERR_raise(ERR_LIB_ENGINE, ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
         return NULL;
     }
+    /* We enforce check for legacy key */
+    switch (EVP_PKEY_get_id(pkey)) {
+    case EVP_PKEY_RSA:
+        {
+        RSA *rsa = EVP_PKEY_get1_RSA(pkey);
+        EVP_PKEY_set1_RSA(pkey, rsa);
+        RSA_free(rsa);
+        }
+        break;
+#  ifndef OPENSSL_NO_EC
+    case EVP_PKEY_SM2:
+    case EVP_PKEY_EC:
+        {
+        EC_KEY *ec = EVP_PKEY_get1_EC_KEY(pkey);
+        EVP_PKEY_set1_EC_KEY(pkey, ec);
+        EC_KEY_free(ec);
+        }
+        break;
+#  endif
+#  ifndef OPENSSL_NO_DSA
+    case EVP_PKEY_DSA:
+        {
+        DSA *dsa = EVP_PKEY_get1_DSA(pkey);
+        EVP_PKEY_set1_DSA(pkey, dsa);
+        DSA_free(dsa);
+        }
+        break;
+#endif
+#  ifndef OPENSSL_NO_DH
+    case EVP_PKEY_DH:
+        {
+        DH *dh = EVP_PKEY_get1_DH(pkey);
+        EVP_PKEY_set1_DH(pkey, dh);
+        DH_free(dh);
+        }
+        break;
+#endif
+    default:
+        /*Do nothing */
+        break;
+    }
+
     return pkey;
 }
 
diff --git a/crypto/openssl/crypto/engine/eng_table.c b/crypto/openssl/crypto/engine/eng_table.c
index 3138a1526002..9dc3144bbfd7 100644
--- a/crypto/openssl/crypto/engine/eng_table.c
+++ b/crypto/openssl/crypto/engine/eng_table.c
@@ -97,6 +97,7 @@ int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
     if (added && !engine_cleanup_add_first(cleanup)) {
         lh_ENGINE_PILE_free(&(*table)->piles);
         *table = NULL;
+        goto end;
     }
     while (num_nids--) {
         tmplate.nid = *nids;
diff --git a/crypto/openssl/crypto/err/openssl.txt b/crypto/openssl/crypto/err/openssl.txt
index a6f61ca3b02f..e51504b7abd5 100644
--- a/crypto/openssl/crypto/err/openssl.txt
+++ b/crypto/openssl/crypto/err/openssl.txt
@@ -375,6 +375,7 @@ CMS_R_UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM:179:\
 CMS_R_UNSUPPORTED_LABEL_SOURCE:193:unsupported label source
 CMS_R_UNSUPPORTED_RECIPIENTINFO_TYPE:155:unsupported recipientinfo type
 CMS_R_UNSUPPORTED_RECIPIENT_TYPE:154:unsupported recipient type
+CMS_R_UNSUPPORTED_SIGNATURE_ALGORITHM:195:unsupported signature algorithm
 CMS_R_UNSUPPORTED_TYPE:156:unsupported type
 CMS_R_UNWRAP_ERROR:157:unwrap error
 CMS_R_UNWRAP_FAILURE:180:unwrap failure
diff --git a/crypto/openssl/crypto/evp/evp_enc.c b/crypto/openssl/crypto/evp/evp_enc.c
index b178d1086473..4e6f83e3d0a9 100644
--- a/crypto/openssl/crypto/evp/evp_enc.c
+++ b/crypto/openssl/crypto/evp/evp_enc.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -192,7 +192,12 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
 #endif
     }
 
-    if (cipher->prov != NULL) {
+    if (!ossl_assert(cipher->prov != NULL)) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
+        return 0;
+    }
+
+    if (cipher != ctx->fetched_cipher) {
         if (!EVP_CIPHER_up_ref((EVP_CIPHER *)cipher)) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
             return 0;
@@ -218,6 +223,42 @@ static int evp_cipher_init_internal(EVP_CIPHER_CTX *ctx,
             return 0;
     }
 
+#ifndef FIPS_MODULE
+    /*
+     * Fix for CVE-2023-5363
+     * Passing in a size as part of the init call takes effect late
+     * so, force such to occur before the initialisation.
+     *
+     * The FIPS provider's internal library context is used in a manner
+     * such that this is not an issue.
+     */
+    if (params != NULL) {
+        OSSL_PARAM param_lens[3] = { OSSL_PARAM_END, OSSL_PARAM_END,
+                                     OSSL_PARAM_END };
+        OSSL_PARAM *q = param_lens;
+        const OSSL_PARAM *p;
+
+        p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); 
+        if (p != NULL)
+            memcpy(q++, p, sizeof(*q));
+
+        /*
+         * Note that OSSL_CIPHER_PARAM_AEAD_IVLEN is a synomym for
+         * OSSL_CIPHER_PARAM_IVLEN so both are covered here.
+         */
+        p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_IVLEN);
+        if (p != NULL)
+            memcpy(q++, p, sizeof(*q));
+
+        if (q != param_lens) {
+            if (!EVP_CIPHER_CTX_set_params(ctx, param_lens)) {
+                ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_LENGTH);
+                return 0;
+            }
+        }
+    }
+#endif
+
     if (enc) {
         if (ctx->cipher->einit == NULL) {
             ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/openssl/crypto/evp/legacy_sha.c b/crypto/openssl/crypto/evp/legacy_sha.c
index 3859286eeb20..ca9a3264978a 100644
--- a/crypto/openssl/crypto/evp/legacy_sha.c
+++ b/crypto/openssl/crypto/evp/legacy_sha.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -71,7 +71,11 @@ static int sha1_int_ctrl(EVP_MD_CTX *ctx, int cmd, int p1, void *p2)
 
 static int shake_ctrl(EVP_MD_CTX *evp_ctx, int cmd, int p1, void *p2)
 {
-    KECCAK1600_CTX *ctx = evp_ctx->md_data;
+    KECCAK1600_CTX *ctx;
+
+    if (evp_ctx == NULL)
+        return 0;
+    ctx = evp_ctx->md_data;
 
     switch (cmd) {
     case EVP_MD_CTRL_XOF_LEN:
diff --git a/crypto/openssl/crypto/evp/p_lib.c b/crypto/openssl/crypto/evp/p_lib.c
index 59a7a867ecbb..04b148a91218 100644
--- a/crypto/openssl/crypto/evp/p_lib.c
+++ b/crypto/openssl/crypto/evp/p_lib.c
@@ -1201,7 +1201,7 @@ int EVP_PKEY_print_public(BIO *out, const EVP_PKEY *pkey,
 int EVP_PKEY_print_private(BIO *out, const EVP_PKEY *pkey,
                            int indent, ASN1_PCTX *pctx)
 {
-    return print_pkey(pkey, out, indent, EVP_PKEY_KEYPAIR, NULL,
+    return print_pkey(pkey, out, indent, EVP_PKEY_PRIVATE_KEY, NULL,
                       (pkey->ameth != NULL ? pkey->ameth->priv_print : NULL),
                       pctx);
 }
diff --git a/crypto/openssl/crypto/evp/pmeth_lib.c b/crypto/openssl/crypto/evp/pmeth_lib.c
index ce6e1a1ccbd5..ba1971ce461d 100644
--- a/crypto/openssl/crypto/evp/pmeth_lib.c
+++ b/crypto/openssl/crypto/evp/pmeth_lib.c
@@ -251,10 +251,11 @@ static EVP_PKEY_CTX *int_ctx_new(OSSL_LIB_CTX *libctx,
      */
     if (e != NULL)
         pmeth = ENGINE_get_pkey_meth(e, id);
-    else if (pkey != NULL && pkey->foreign)
+    else
+# endif /* OPENSSL_NO_ENGINE */
+    if (pkey != NULL && pkey->foreign)
         pmeth = EVP_PKEY_meth_find(id);
     else
-# endif
         app_pmeth = pmeth = evp_pkey_meth_find_added_by_application(id);
 
     /* END legacy */
diff --git a/crypto/openssl/crypto/ex_data.c b/crypto/openssl/crypto/ex_data.c
index 40223f06e4ec..13b928899456 100644
--- a/crypto/openssl/crypto/ex_data.c
+++ b/crypto/openssl/crypto/ex_data.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -163,6 +163,8 @@ int ossl_crypto_get_ex_new_index_ex(OSSL_LIB_CTX *ctx, int class_index,
          * "app_data" routines use ex_data index zero.  See RT 3710. */
         if (ip->meth == NULL
             || !sk_EX_CALLBACK_push(ip->meth, NULL)) {
+            sk_EX_CALLBACK_free(ip->meth);
+            ip->meth = NULL;
             ERR_raise(ERR_LIB_CRYPTO, ERR_R_MALLOC_FAILURE);
             goto err;
         }
diff --git a/crypto/openssl/crypto/ffc/ffc_key_validate.c b/crypto/openssl/crypto/ffc/ffc_key_validate.c
index 342789621d6d..a4a2a58e9a7f 100644
--- a/crypto/openssl/crypto/ffc/ffc_key_validate.c
+++ b/crypto/openssl/crypto/ffc/ffc_key_validate.c
@@ -26,7 +26,7 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
     *ret = 0;
     if (params == NULL || pub_key == NULL || params->p == NULL) {
         *ret = FFC_ERROR_PASSED_NULL_PARAM;
-        return 0;
+        return 1;
     }
 
     ctx = BN_CTX_new_ex(NULL);
@@ -39,18 +39,14 @@ int ossl_ffc_validate_public_key_partial(const FFC_PARAMS *params,
     if (tmp == NULL
         || !BN_set_word(tmp, 1))
         goto err;
-    if (BN_cmp(pub_key, tmp) <= 0) {
+    if (BN_cmp(pub_key, tmp) <= 0)
         *ret |= FFC_ERROR_PUBKEY_TOO_SMALL;
-        goto err;
-    }
     /* Step(1): Verify pub_key <=  p-2 */
     if (BN_copy(tmp, params->p) == NULL
         || !BN_sub_word(tmp, 1))
         goto err;
-    if (BN_cmp(pub_key, tmp) >= 0) {
+    if (BN_cmp(pub_key, tmp) >= 0)
         *ret |= FFC_ERROR_PUBKEY_TOO_LARGE;
-        goto err;
-    }
     ok = 1;
  err:
     if (ctx != NULL) {
@@ -73,7 +69,7 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
     if (!ossl_ffc_validate_public_key_partial(params, pub_key, ret))
         return 0;
 
-    if (params->q != NULL) {
+    if (*ret == 0 && params->q != NULL) {
         ctx = BN_CTX_new_ex(NULL);
         if (ctx == NULL)
             goto err;
@@ -84,10 +80,8 @@ int ossl_ffc_validate_public_key(const FFC_PARAMS *params,
         if (tmp == NULL
             || !BN_mod_exp(tmp, pub_key, params->q, params->p, ctx))
             goto err;
-        if (!BN_is_one(tmp)) {
+        if (!BN_is_one(tmp))
             *ret |= FFC_ERROR_PUBKEY_INVALID;
-            goto err;
-        }
     }
 
     ok = 1;
diff --git a/crypto/openssl/crypto/lhash/lhash.c b/crypto/openssl/crypto/lhash/lhash.c
index 1cd988f01fc7..a01cfa725e38 100644
--- a/crypto/openssl/crypto/lhash/lhash.c
+++ b/crypto/openssl/crypto/lhash/lhash.c
@@ -1,5 +1,5 @@
 /*
- * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -266,12 +266,12 @@ static void contract(OPENSSL_LHASH *lh)
         if (n == NULL) {
             /* fputs("realloc error in lhash",stderr); */
             lh->error++;
-            return;
+        } else {
+            lh->b = n;
         }
         lh->num_alloc_nodes /= 2;
         lh->pmax /= 2;
         lh->p = lh->pmax - 1;
-        lh->b = n;
     } else
*** 1726 LINES SKIPPED ***