diff --git a/ChangeLog.txt b/ChangeLog.txt
index 2e81943443..d0cf3fc260 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -7,6 +7,22 @@
    Entries may not always be in chronological/commit order.
    See license at the end of file. */
 
+2025-01-18 04:58 UTC+0100 Przemyslaw Czerpak (druzus/at/poczta.onet.pl)
+  * contrib/hbssl/bio.c
+    ! added missing BIO_free() call in HB_BIO destructor
+    ! fixed BIO_free() function to properly operate on HB_BIO structure
+
+  * contrib/hbssl/evpciph.c
+    ! accept EVP_KEY Harbour pointer items in EVP_SealInit()
+
+  * contrib/hbssl/hbssl.h
+  * contrib/hbssl/rsa.c
+  * contrib/hbssl/evppkey.c
+    ! accept EVP_KEY Harbour pointer items in EVP_PKEY_assign_RSA()
+
+  ; above are only few fixes for chosen problems and still there are many others
+  ; most of HBSSL code should be rewritten to work with OpenSSL 3.0 API
+
 2025-01-16 01:00 UTC+0100 Fazio Diego (diegohfazio gmail.com)
   * contrib/hbcurl/hbcurl.ch
     + added HB_CURLOPT_ER_BUFF_SETUP
diff --git a/contrib/hbssl/bio.c b/contrib/hbssl/bio.c
index ab3a143192..b1d8266368 100644
--- a/contrib/hbssl/bio.c
+++ b/contrib/hbssl/bio.c
@@ -68,6 +68,8 @@ static PHB_BIO PHB_BIO_create( BIO * bio, void * hStrRef )
 
 static void PHB_BIO_free( PHB_BIO hb_bio )
 {
+   if( hb_bio->bio )
+      BIO_free( hb_bio->bio );
    if( hb_bio->hStrRef )
       hb_itemFreeCRef( hb_bio->hStrRef );
 
@@ -614,13 +616,19 @@ HB_FUNC( BIO_PUTS )
 
 HB_FUNC( BIO_FREE )
 {
-   void ** ph = ( void ** ) hb_parptrGC( &s_gcBIOFuncs, 1 );
+   HB_BIO ** ptr = ( HB_BIO ** ) hb_parptrGC( &s_gcBIOFuncs, 1 );
 
-   if( ph )
+   if( ptr )
    {
-      BIO * bio = ( BIO * ) *ph;
-      *ph = NULL;
-      hb_retni( bio ? BIO_free( bio ) : 0 );
+      int result = 0;
+
+      if( *ptr )
+      {
+         PHB_BIO_free( *ptr );
+         *ptr = NULL;
+         result = 1;
+      }
+      hb_retni( result );
    }
    else
       hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
diff --git a/contrib/hbssl/evp.c b/contrib/hbssl/evp.c
index 0a647cf386..a2d3e0a555 100644
--- a/contrib/hbssl/evp.c
+++ b/contrib/hbssl/evp.c
@@ -78,10 +78,10 @@ HB_FUNC( ERR_LOAD_EVP_STRINGS )
 
 HB_FUNC( EVP_PKEY_FREE )
 {
-   EVP_PKEY * key = ( EVP_PKEY * ) hb_parptr( 1 );
+   PHB_ITEM pKey = hb_param( 1, HB_IT_POINTER );
 
-   if( key )
-      EVP_PKEY_free( key );
+   if( pKey )
+      hb_EVP_PKEY_free( pKey );
    else
       hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
diff --git a/contrib/hbssl/evpciph.c b/contrib/hbssl/evpciph.c
index cd064b3376..6c21c4ac6a 100644
--- a/contrib/hbssl/evpciph.c
+++ b/contrib/hbssl/evpciph.c
@@ -1024,10 +1024,22 @@ HB_FUNC( EVP_SEALINIT )
          EVP_PKEY * pkey1  = NULL;
 
          if( HB_ISARRAY( 5 ) )
+         {
+            int tmp;
+
             npubk = ( int ) hb_arrayLen( pArray = hb_param( 5, HB_IT_ARRAY ) );
+            for( tmp = 1; tmp <= npubk; ++tmp )
+            {
+               if( hb_EVP_PKEY_get( hb_arrayGetItemPtr( pArray, tmp + 1 ) ) == NULL )
+               {
+                  npubk = 0;
+                  break;
+               }
+            }
+         }
          else if( HB_ISPOINTER( 5 ) )
          {
-            if( ( pkey1 = ( EVP_PKEY * ) hb_parptr( 5 ) ) != NULL )
+            if( ( pkey1 = hb_EVP_PKEY_par( 5 ) ) != NULL )
                npubk = 1;
          }
 
@@ -1042,9 +1054,9 @@ HB_FUNC( EVP_SEALINIT )
             PHB_ITEM    pPKEY;
             int         tmp;
 
-            for( tmp = 0; tmp < npubk; tmp++ )
+            for( tmp = 0; tmp < npubk; ++tmp )
             {
-               pubk[ tmp ] = pkey1 ? pkey1 : ( EVP_PKEY * ) hb_arrayGetPtr( pArray, tmp + 1 );
+               pubk[ tmp ] = pkey1 ? pkey1 : hb_EVP_PKEY_get( hb_arrayGetItemPtr( pArray, tmp + 1 ) );
                ek[ tmp ]   = ( unsigned char * ) hb_xgrab( EVP_PKEY_size( pubk[ tmp ] ) + 1 );
                ekl[ tmp ]  = 0;
             }
@@ -1157,7 +1169,7 @@ HB_FUNC( EVP_OPENINIT )
    if( hb_EVP_CIPHER_CTX_is( 1 ) && cipher )
    {
       EVP_CIPHER_CTX * ctx  = hb_EVP_CIPHER_CTX_par( 1 );
-      EVP_PKEY *       priv = ( EVP_PKEY * ) hb_parptr( 5 );
+      EVP_PKEY *       priv = hb_EVP_PKEY_par( 5 );
 
       if( ctx && priv )
          hb_retni( EVP_OpenInit( ctx,
diff --git a/contrib/hbssl/evppkey.c b/contrib/hbssl/evppkey.c
index 6579c395cf..ee989efa07 100644
--- a/contrib/hbssl/evppkey.c
+++ b/contrib/hbssl/evppkey.c
@@ -84,6 +84,24 @@ EVP_PKEY * hb_EVP_PKEY_par( int iParam )
    return ph ? ( EVP_PKEY * ) *ph : NULL;
 }
 
+EVP_PKEY * hb_EVP_PKEY_get( PHB_ITEM pItem )
+{
+   void ** ph = ( void ** ) hb_itemGetPtrGC( pItem, &s_gcEVP_PKEY_funcs );
+
+   return ph ? ( EVP_PKEY * ) *ph : NULL;
+}
+
+void hb_EVP_PKEY_free( PHB_ITEM pItem )
+{
+   void ** ph = ( void ** ) hb_itemGetPtrGC( pItem, &s_gcEVP_PKEY_funcs );
+
+   if( ph && *ph )
+   {
+      EVP_PKEY_free( ( EVP_PKEY * ) *ph );
+      *ph = NULL;
+   }
+}
+
 void hb_EVP_PKEY_ret( EVP_PKEY * pkey )
 {
    void ** ph = ( void ** ) hb_gcAllocate( sizeof( EVP_PKEY * ), &s_gcEVP_PKEY_funcs );
@@ -212,10 +230,16 @@ HB_FUNC( EVP_PKEY_ASSIGN_RSA )
    if( hb_EVP_PKEY_is( 1 ) && HB_ISPOINTER( 2 ) )
    {
       EVP_PKEY * pkey = hb_EVP_PKEY_par( 1 );
-      RSA *      key  = ( RSA * ) hb_parptr( 2 );
+      RSA *      key  = hb_RSA_par( 2 );
 
       if( pkey && key )
-         hb_retni( EVP_PKEY_assign_RSA( pkey, key ) );
+      {
+         int result = EVP_PKEY_assign_RSA( pkey, key );
+
+         if( result != 0 )
+            hb_RSA_par_free( 2 );
+         hb_retni( result );
+      }
    }
    else
       hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
diff --git a/contrib/hbssl/hbssl.h b/contrib/hbssl/hbssl.h
index 273d9a09d4..004eaf4905 100644
--- a/contrib/hbssl/hbssl.h
+++ b/contrib/hbssl/hbssl.h
@@ -219,6 +219,7 @@ extern void               hb_X509_ret( X509 * x509, HB_BOOL fRelease );
 
 extern HB_BOOL            hb_RSA_is( int iParam );
 extern RSA *              hb_RSA_par( int iParam );
+extern void               hb_RSA_par_free( int iParam );
 extern void               hb_RSA_ret( RSA * rsa );
 
 extern HB_BOOL            hb_EVP_MD_is( int iParam );
@@ -229,6 +230,8 @@ extern const EVP_CIPHER * hb_EVP_CIPHER_par( int iParam );
 
 extern HB_BOOL            hb_EVP_PKEY_is( int iParam );
 extern EVP_PKEY *         hb_EVP_PKEY_par( int iParam );
+extern EVP_PKEY *         hb_EVP_PKEY_get( PHB_ITEM pItem );
+extern void               hb_EVP_PKEY_free( PHB_ITEM pItem );
 extern void               hb_EVP_PKEY_ret( EVP_PKEY * pkey );
 
 extern char *             hb_openssl_strdup( const char * pszText );
diff --git a/contrib/hbssl/pem.c b/contrib/hbssl/pem.c
index 685ffb2248..3396a940b0 100644
--- a/contrib/hbssl/pem.c
+++ b/contrib/hbssl/pem.c
@@ -157,14 +157,10 @@ static void hb_PEM_read_bio( PEM_READ_BIO * func, HB_PEM_TYPES type )
       hb_errRT_BASE( EG_ARG, 2010, NULL, HB_ERR_FUNCNAME, HB_ERR_ARGS_BASEPARAMS );
 }
 
-HB_FUNC( PEM_READ_BIO_PRIVATEKEY    ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_PrivateKey   , hb_PEM_ANY ); }
-HB_FUNC( PEM_READ_BIO_PUBKEY        ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_PUBKEY       , hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_DSAPRIVATEKEY ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_DSAPrivateKey, hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_DSA_PUBKEY    ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_DSA_PUBKEY   , hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_DSAPARAMS     ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_DSAparams    , hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_DHPARAMS      ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_DHparams     , hb_PEM_ANY ); }
-HB_FUNC( PEM_READ_BIO_X509          ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_X509         , hb_PEM_ANY ); }
-HB_FUNC( PEM_READ_BIO_X509_AUX      ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_X509_AUX     , hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_X509_REQ      ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_X509_REQ     , hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_X509_CRL      ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_X509_CRL     , hb_PEM_ANY ); }
 HB_FUNC( PEM_READ_BIO_PKCS7         ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_PKCS7        , hb_PEM_ANY ); }
@@ -177,6 +173,11 @@ HB_FUNC( PEM_READ_X509_AUX          ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_
 HB_FUNC( PEM_READ_PRIVATEKEY        ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_PrivateKey   , hb_PEM_EVP_PKEY ); }
 HB_FUNC( PEM_READ_PUBKEY            ) { hb_PEM_read_bio( ( PEM_READ_BIO * ) PEM_read_bio_PUBKEY       , hb_PEM_EVP_PKEY ); }
 
+HB_FUNC_TRANSLATE( PEM_READ_BIO_PRIVATEKEY, PEM_READ_PRIVATEKEY )
+HB_FUNC_TRANSLATE( PEM_READ_BIO_PUBKEY, PEM_READ_PUBKEY )
+HB_FUNC_TRANSLATE( PEM_READ_BIO_X509, PEM_READ_X509 )
+HB_FUNC_TRANSLATE( PEM_READ_BIO_X509_AUX, PEM_READ_X509_AUX )
+
 #if 0
 
 int PEM_write_bio_RSAPrivateKey(       BIO * bp, RSA      * x, const EVP_CIPHER * enc, unsigned char * kstr, int klen, pem_password_cb * cb, void * u );
diff --git a/contrib/hbssl/rsa.c b/contrib/hbssl/rsa.c
index ff60137e47..aed04343a2 100644
--- a/contrib/hbssl/rsa.c
+++ b/contrib/hbssl/rsa.c
@@ -81,6 +81,14 @@ RSA * hb_RSA_par( int iParam )
    return ph ? ( RSA * ) *ph : NULL;
 }
 
+void hb_RSA_par_free( int iParam )
+{
+   void ** ph = ( void ** ) hb_parptrGC( &s_gcRSA_funcs, iParam );
+
+   if( ph && * ph )
+      *ph = NULL;
+}
+
 void hb_RSA_ret( RSA * rsa )
 {
    void ** ph = ( void ** ) hb_gcAllocate( sizeof( RSA * ), &s_gcRSA_funcs );