This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

262 files changed, 0 insertions, 75954 deletions

diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE
deleted file mode 100644
index 892e14a450..0000000000
--- a/src/lib/libssl/LICENSE
+++ /dev/null
@@ -1,133 +0,0 @@
-
-  LibReSSL files are retained under the copyright of the authors. New
-  additions are ISC licensed as per OpenBSD's normal licensing policy,
-  or are placed in the public domain. 
-
-  The OpenSSL code is distributed under the terms of the original OpenSSL
-  licenses which follow:
-
-  LICENSE ISSUES
-  ==============
-
-  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
-  the OpenSSL License and the original SSLeay license apply to the toolkit.
-  See below for the actual license texts.  In case of any license issues
-  related to OpenSSL please contact openssl-core@openssl.org.
-
-  OpenSSL License
-  ---------------
-
-/* ====================================================================
- * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer. 
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
- Original SSLeay License
- -----------------------
-
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
deleted file mode 100644
index 652ad4238f..0000000000
--- a/src/lib/libssl/Makefile
+++ /dev/null
@@ -1,127 +0,0 @@
-# $OpenBSD: Makefile,v 1.85 2024/08/11 13:04:46 jsing Exp $
-
-.include <bsd.own.mk>
-.ifndef NOMAN
-SUBDIR= man
-.endif
-
-PC_FILES=openssl.pc libssl.pc
-
-CLEANFILES=${PC_FILES} ${VERSION_SCRIPT}
-
-LIB=    ssl
-
-CFLAGS+= -Wall -Wundef
-.if ${COMPILER_VERSION:L} == "clang"
-CFLAGS+= -Werror -Wshadow
-.endif
-CFLAGS+= -DLIBRESSL_INTERNAL
-
-CFLAGS+= -DLIBRESSL_NAMESPACE
-
-.ifdef TLS1_3_DEBUG
-CFLAGS+= -DTLS13_DEBUG
-.endif
-CFLAGS+= -I${.CURDIR}
-CFLAGS+= -I${.CURDIR}/../libcrypto
-CFLAGS+= -I${.CURDIR}/../libcrypto/arch/${MACHINE_CPU}
-CFLAGS+= -I${.CURDIR}/../libcrypto/hidden
-CFLAGS+= -I${.CURDIR}/../libcrypto/bio
-CFLAGS+= -I${.CURDIR}/hidden
-
-LDADD+= -L${BSDOBJDIR}/lib/libcrypto -lcrypto
-
-VERSION_SCRIPT= Symbols.map
-SYMBOL_LIST=    ${.CURDIR}/Symbols.list
-
-SRCS= \
-        bio_ssl.c \
-        bs_ber.c \
-        bs_cbb.c \
-        bs_cbs.c \
-        d1_both.c \
-        d1_lib.c \
-        d1_pkt.c \
-        d1_srtp.c \
-        pqueue.c \
-        s3_cbc.c \
-        s3_lib.c \
-        ssl_asn1.c \
-        ssl_both.c \
-        ssl_cert.c \
-        ssl_ciph.c \
-        ssl_ciphers.c \
-        ssl_clnt.c \
-        ssl_err.c \
-        ssl_init.c \
-        ssl_kex.c \
-        ssl_lib.c \
-        ssl_methods.c \
-        ssl_packet.c \
-        ssl_pkt.c \
-        ssl_rsa.c \
-        ssl_seclevel.c \
-        ssl_sess.c \
-        ssl_sigalgs.c \
-        ssl_srvr.c \
-        ssl_stat.c \
-        ssl_tlsext.c \
-        ssl_transcript.c \
-        ssl_txt.c \
-        ssl_versions.c \
-        t1_enc.c \
-        t1_lib.c \
-        tls12_key_schedule.c \
-        tls12_lib.c \
-        tls12_record_layer.c \
-        tls13_client.c \
-        tls13_error.c \
-        tls13_handshake.c \
-        tls13_handshake_msg.c \
-        tls13_key_schedule.c \
-        tls13_legacy.c \
-        tls13_lib.c \
-        tls13_quic.c \
-        tls13_record.c \
-        tls13_record_layer.c \
-        tls13_server.c \
-        tls_buffer.c \
-        tls_content.c \
-        tls_key_share.c \
-        tls_lib.c
-
-HDRS=   dtls1.h srtp.h ssl.h ssl3.h tls1.h
-
-.PATH:  ${.CURDIR}
-
-includes:
-        @test -d ${DESTDIR}/usr/include/openssl || \
-            mkdir ${DESTDIR}/usr/include/openssl
-        @cd ${.CURDIR}; for i in $(HDRS); do \
-            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
-            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
-                ${DESTDIR}/usr/include/openssl"; \
-            echo $$j; \
-            eval "$$j"; \
-        done;
-
-${VERSION_SCRIPT}: ${SYMBOL_LIST}
-        { printf '{\n\tglobal:\n'; \
-          sed '/^[._a-zA-Z]/s/$$/;/; s/^/               /' ${SYMBOL_LIST}; \
-          printf '\n\tlocal:\n\t\t*;\n};\n'; } >$@.tmp && mv $@.tmp $@
-
-.include <bsd.lib.mk>
-
-all: ${PC_FILES}
-${PC_FILES}: ${.CURDIR}/../libcrypto/opensslv.h
-        /bin/sh ${.CURDIR}/generate_pkgconfig.sh -c ${.CURDIR} -o ${.OBJDIR}
-
-beforeinstall:
-        nm -o lib${LIB}.a | egrep -w 'printf|fprintf' && \
-            (echo please fix stdio usage in this library; false) || true
-.for p in ${PC_FILES}
-        ${INSTALL} ${INSTALL_COPY} -o root -g ${SHAREGRP} \
-            -m ${SHAREMODE} ${.OBJDIR}/$p ${DESTDIR}/usr/lib/pkgconfig/
-.endfor
-
-.include <bsd.subdir.mk>
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
deleted file mode 100644
index 65cd3e7f86..0000000000
--- a/src/lib/libssl/Symbols.list
+++ /dev/null
@@ -1,362 +0,0 @@
-BIO_f_ssl
-BIO_new_buffer_ssl_connect
-BIO_new_ssl
-BIO_new_ssl_connect
-BIO_ssl_copy_session_id
-BIO_ssl_shutdown
-DTLS_client_method
-DTLS_method
-DTLS_server_method
-DTLSv1_2_client_method
-DTLSv1_2_method
-DTLSv1_2_server_method
-DTLSv1_client_method
-DTLSv1_method
-DTLSv1_server_method
-ERR_load_SSL_strings
-OPENSSL_init_ssl
-PEM_read_SSL_SESSION
-PEM_read_bio_SSL_SESSION
-PEM_write_SSL_SESSION
-PEM_write_bio_SSL_SESSION
-SSL_CIPHER_description
-SSL_CIPHER_find
-SSL_CIPHER_get_auth_nid
-SSL_CIPHER_get_bits
-SSL_CIPHER_get_cipher_nid
-SSL_CIPHER_get_digest_nid
-SSL_CIPHER_get_handshake_digest
-SSL_CIPHER_get_id
-SSL_CIPHER_get_kx_nid
-SSL_CIPHER_get_name
-SSL_CIPHER_get_value
-SSL_CIPHER_get_version
-SSL_CIPHER_is_aead
-SSL_COMP_get_compression_methods
-SSL_COMP_get_name
-SSL_CTX_add0_chain_cert
-SSL_CTX_add1_chain_cert
-SSL_CTX_add_client_CA
-SSL_CTX_add_session
-SSL_CTX_callback_ctrl
-SSL_CTX_check_private_key
-SSL_CTX_clear_chain_certs
-SSL_CTX_ctrl
-SSL_CTX_flush_sessions
-SSL_CTX_free
-SSL_CTX_get0_certificate
-SSL_CTX_get0_chain_certs
-SSL_CTX_get0_param
-SSL_CTX_get0_privatekey
-SSL_CTX_get_cert_store
-SSL_CTX_get_ciphers
-SSL_CTX_get_client_CA_list
-SSL_CTX_get_client_cert_cb
-SSL_CTX_get_default_passwd_cb
-SSL_CTX_get_default_passwd_cb_userdata
-SSL_CTX_get_ex_data
-SSL_CTX_get_ex_new_index
-SSL_CTX_get_info_callback
-SSL_CTX_get_keylog_callback
-SSL_CTX_get_max_early_data
-SSL_CTX_get_max_proto_version
-SSL_CTX_get_min_proto_version
-SSL_CTX_get_num_tickets
-SSL_CTX_get_quiet_shutdown
-SSL_CTX_get_security_level
-SSL_CTX_get_ssl_method
-SSL_CTX_get_timeout
-SSL_CTX_get_verify_callback
-SSL_CTX_get_verify_depth
-SSL_CTX_get_verify_mode
-SSL_CTX_load_verify_locations
-SSL_CTX_load_verify_mem
-SSL_CTX_new
-SSL_CTX_remove_session
-SSL_CTX_sess_get_get_cb
-SSL_CTX_sess_get_new_cb
-SSL_CTX_sess_get_remove_cb
-SSL_CTX_sess_set_get_cb
-SSL_CTX_sess_set_new_cb
-SSL_CTX_sess_set_remove_cb
-SSL_CTX_sessions
-SSL_CTX_set0_chain
-SSL_CTX_set1_cert_store
-SSL_CTX_set1_chain
-SSL_CTX_set1_groups
-SSL_CTX_set1_groups_list
-SSL_CTX_set1_param
-SSL_CTX_set_alpn_protos
-SSL_CTX_set_alpn_select_cb
-SSL_CTX_set_cert_store
-SSL_CTX_set_cert_verify_callback
-SSL_CTX_set_cipher_list
-SSL_CTX_set_ciphersuites
-SSL_CTX_set_client_CA_list
-SSL_CTX_set_client_cert_cb
-SSL_CTX_set_cookie_generate_cb
-SSL_CTX_set_cookie_verify_cb
-SSL_CTX_set_default_passwd_cb
-SSL_CTX_set_default_passwd_cb_userdata
-SSL_CTX_set_default_verify_paths
-SSL_CTX_set_ex_data
-SSL_CTX_set_generate_session_id
-SSL_CTX_set_info_callback
-SSL_CTX_set_keylog_callback
-SSL_CTX_set_max_early_data
-SSL_CTX_set_max_proto_version
-SSL_CTX_set_min_proto_version
-SSL_CTX_set_msg_callback
-SSL_CTX_set_next_proto_select_cb
-SSL_CTX_set_next_protos_advertised_cb
-SSL_CTX_set_num_tickets
-SSL_CTX_set_post_handshake_auth
-SSL_CTX_set_purpose
-SSL_CTX_set_quic_method
-SSL_CTX_set_quiet_shutdown
-SSL_CTX_set_security_level
-SSL_CTX_set_session_id_context
-SSL_CTX_set_ssl_version
-SSL_CTX_set_timeout
-SSL_CTX_set_tlsext_use_srtp
-SSL_CTX_set_tmp_dh_callback
-SSL_CTX_set_tmp_ecdh_callback
-SSL_CTX_set_tmp_rsa_callback
-SSL_CTX_set_trust
-SSL_CTX_set_verify
-SSL_CTX_set_verify_depth
-SSL_CTX_up_ref
-SSL_CTX_use_PrivateKey
-SSL_CTX_use_PrivateKey_ASN1
-SSL_CTX_use_PrivateKey_file
-SSL_CTX_use_RSAPrivateKey
-SSL_CTX_use_RSAPrivateKey_ASN1
-SSL_CTX_use_RSAPrivateKey_file
-SSL_CTX_use_certificate
-SSL_CTX_use_certificate_ASN1
-SSL_CTX_use_certificate_chain_file
-SSL_CTX_use_certificate_chain_mem
-SSL_CTX_use_certificate_file
-SSL_SESSION_free
-SSL_SESSION_get0_cipher
-SSL_SESSION_get0_id_context
-SSL_SESSION_get0_peer
-SSL_SESSION_get_compress_id
-SSL_SESSION_get_ex_data
-SSL_SESSION_get_ex_new_index
-SSL_SESSION_get_id
-SSL_SESSION_get_master_key
-SSL_SESSION_get_max_early_data
-SSL_SESSION_get_protocol_version
-SSL_SESSION_get_ticket_lifetime_hint
-SSL_SESSION_get_time
-SSL_SESSION_get_timeout
-SSL_SESSION_has_ticket
-SSL_SESSION_is_resumable
-SSL_SESSION_new
-SSL_SESSION_print
-SSL_SESSION_print_fp
-SSL_SESSION_set1_id
-SSL_SESSION_set1_id_context
-SSL_SESSION_set_ex_data
-SSL_SESSION_set_max_early_data
-SSL_SESSION_set_time
-SSL_SESSION_set_timeout
-SSL_SESSION_up_ref
-SSL_accept
-SSL_add0_chain_cert
-SSL_add1_chain_cert
-SSL_add_client_CA
-SSL_add_dir_cert_subjects_to_stack
-SSL_add_file_cert_subjects_to_stack
-SSL_alert_desc_string
-SSL_alert_desc_string_long
-SSL_alert_type_string
-SSL_alert_type_string_long
-SSL_cache_hit
-SSL_callback_ctrl
-SSL_check_private_key
-SSL_clear
-SSL_clear_chain_certs
-SSL_connect
-SSL_copy_session_id
-SSL_ctrl
-SSL_do_handshake
-SSL_dup
-SSL_dup_CA_list
-SSL_export_keying_material
-SSL_free
-SSL_get0_alpn_selected
-SSL_get0_chain_certs
-SSL_get0_next_proto_negotiated
-SSL_get0_param
-SSL_get0_peername
-SSL_get0_verified_chain
-SSL_get1_session
-SSL_get1_supported_ciphers
-SSL_get_SSL_CTX
-SSL_get_certificate
-SSL_get_cipher_list
-SSL_get_ciphers
-SSL_get_client_CA_list
-SSL_get_client_ciphers
-SSL_get_client_random
-SSL_get_current_cipher
-SSL_get_current_compression
-SSL_get_current_expansion
-SSL_get_default_timeout
-SSL_get_early_data_status
-SSL_get_error
-SSL_get_ex_data
-SSL_get_ex_data_X509_STORE_CTX_idx
-SSL_get_ex_new_index
-SSL_get_fd
-SSL_get_finished
-SSL_get_info_callback
-SSL_get_max_early_data
-SSL_get_max_proto_version
-SSL_get_min_proto_version
-SSL_get_num_tickets
-SSL_get_peer_cert_chain
-SSL_get_peer_certificate
-SSL_get_peer_finished
-SSL_get_peer_quic_transport_params
-SSL_get_peer_signature_type_nid
-SSL_get_privatekey
-SSL_get_quiet_shutdown
-SSL_get_rbio
-SSL_get_read_ahead
-SSL_get_rfd
-SSL_get_security_level
-SSL_get_selected_srtp_profile
-SSL_get_server_random
-SSL_get_servername
-SSL_get_servername_type
-SSL_get_session
-SSL_get_shared_ciphers
-SSL_get_shutdown
-SSL_get_signature_type_nid
-SSL_get_srtp_profiles
-SSL_get_ssl_method
-SSL_get_verify_callback
-SSL_get_verify_depth
-SSL_get_verify_mode
-SSL_get_verify_result
-SSL_get_version
-SSL_get_wbio
-SSL_get_wfd
-SSL_has_matching_session_id
-SSL_is_dtls
-SSL_is_quic
-SSL_is_server
-SSL_library_init
-SSL_load_client_CA_file
-SSL_load_error_strings
-SSL_new
-SSL_peek
-SSL_peek_ex
-SSL_pending
-SSL_process_quic_post_handshake
-SSL_provide_quic_data
-SSL_quic_max_handshake_flight_len
-SSL_quic_read_level
-SSL_quic_write_level
-SSL_read
-SSL_read_early_data
-SSL_read_ex
-SSL_renegotiate
-SSL_renegotiate_abbreviated
-SSL_renegotiate_pending
-SSL_rstate_string
-SSL_rstate_string_long
-SSL_select_next_proto
-SSL_set0_chain
-SSL_set0_rbio
-SSL_set1_chain
-SSL_set1_groups
-SSL_set1_groups_list
-SSL_set1_host
-SSL_set1_param
-SSL_set_SSL_CTX
-SSL_set_accept_state
-SSL_set_alpn_protos
-SSL_set_bio
-SSL_set_cipher_list
-SSL_set_ciphersuites
-SSL_set_client_CA_list
-SSL_set_connect_state
-SSL_set_ex_data
-SSL_set_fd
-SSL_set_generate_session_id
-SSL_set_hostflags
-SSL_set_info_callback
-SSL_set_max_early_data
-SSL_set_max_proto_version
-SSL_set_min_proto_version
-SSL_set_msg_callback
-SSL_set_num_tickets
-SSL_set_post_handshake_auth
-SSL_set_psk_use_session_callback
-SSL_set_purpose
-SSL_set_quic_method
-SSL_set_quic_transport_params
-SSL_set_quic_use_legacy_codepoint
-SSL_set_quiet_shutdown
-SSL_set_read_ahead
-SSL_set_rfd
-SSL_set_security_level
-SSL_set_session
-SSL_set_session_id_context
-SSL_set_session_secret_cb
-SSL_set_session_ticket_ext
-SSL_set_session_ticket_ext_cb
-SSL_set_shutdown
-SSL_set_ssl_method
-SSL_set_state
-SSL_set_tlsext_use_srtp
-SSL_set_tmp_dh_callback
-SSL_set_tmp_ecdh_callback
-SSL_set_tmp_rsa_callback
-SSL_set_trust
-SSL_set_verify
-SSL_set_verify_depth
-SSL_set_verify_result
-SSL_set_wfd
-SSL_shutdown
-SSL_state
-SSL_state_string
-SSL_state_string_long
-SSL_up_ref
-SSL_use_PrivateKey
-SSL_use_PrivateKey_ASN1
-SSL_use_PrivateKey_file
-SSL_use_RSAPrivateKey
-SSL_use_RSAPrivateKey_ASN1
-SSL_use_RSAPrivateKey_file
-SSL_use_certificate
-SSL_use_certificate_ASN1
-SSL_use_certificate_chain_file
-SSL_use_certificate_file
-SSL_verify_client_post_handshake
-SSL_version
-SSL_want
-SSL_write
-SSL_write_early_data
-SSL_write_ex
-SSLv23_client_method
-SSLv23_method
-SSLv23_server_method
-TLS_client_method
-TLS_method
-TLS_server_method
-TLSv1_1_client_method
-TLSv1_1_method
-TLSv1_1_server_method
-TLSv1_2_client_method
-TLSv1_2_method
-TLSv1_2_server_method
-TLSv1_client_method
-TLSv1_method
-TLSv1_server_method
-d2i_SSL_SESSION
-i2d_SSL_SESSION
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c
deleted file mode 100644
index 6dd1699606..0000000000
--- a/src/lib/libssl/bio_ssl.c
+++ /dev/null
@@ -1,596 +0,0 @@
-/* $OpenBSD: bio_ssl.c,v 1.40 2023/07/19 13:34:33 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <errno.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/bio.h>
-#include <openssl/crypto.h>
-#include <openssl/err.h>
-#include <openssl/ssl.h>
-
-#include "bio_local.h"
-#include "ssl_local.h"
-
-static int ssl_write(BIO *h, const char *buf, int num);
-static int ssl_read(BIO *h, char *buf, int size);
-static int ssl_puts(BIO *h, const char *str);
-static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2);
-static int ssl_new(BIO *h);
-static int ssl_free(BIO *data);
-static long ssl_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
-typedef struct bio_ssl_st {
-        SSL *ssl; /* The ssl handle :-) */
-        /* re-negotiate every time the total number of bytes is this size */
-        int num_renegotiates;
-        unsigned long renegotiate_count;
-        unsigned long byte_count;
-        unsigned long renegotiate_timeout;
-        time_t last_time;
-} BIO_SSL;
-
-static const BIO_METHOD methods_sslp = {
-        .type = BIO_TYPE_SSL,
-        .name = "ssl",
-        .bwrite = ssl_write,
-        .bread = ssl_read,
-        .bputs = ssl_puts,
-        .ctrl = ssl_ctrl,
-        .create = ssl_new,
-        .destroy = ssl_free,
-        .callback_ctrl = ssl_callback_ctrl,
-};
-
-const BIO_METHOD *
-BIO_f_ssl(void)
-{
-        return (&methods_sslp);
-}
-LSSL_ALIAS(BIO_f_ssl);
-
-static int
-ssl_new(BIO *bi)
-{
-        BIO_SSL *bs;
-
-        bs = calloc(1, sizeof(BIO_SSL));
-        if (bs == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-        bi->init = 0;
-        bi->ptr = (char *)bs;
-        bi->flags = 0;
-        return (1);
-}
-LSSL_ALIAS(BIO_f_ssl);
-
-static int
-ssl_free(BIO *a)
-{
-        BIO_SSL *bs;
-
-        if (a == NULL)
-                return (0);
-        bs = (BIO_SSL *)a->ptr;
-        if (bs->ssl != NULL)
-                SSL_shutdown(bs->ssl);
-        if (a->shutdown) {
-                if (a->init && (bs->ssl != NULL))
-                        SSL_free(bs->ssl);
-                a->init = 0;
-                a->flags = 0;
-        }
-        free(a->ptr);
-        return (1);
-}
-
-static int
-ssl_read(BIO *b, char *out, int outl)
-{
-        int ret = 1;
-        BIO_SSL *sb;
-        SSL *ssl;
-        int retry_reason = 0;
-        int r = 0;
-
-        if (out == NULL)
-                return (0);
-        sb = (BIO_SSL *)b->ptr;
-        ssl = sb->ssl;
-
-        BIO_clear_retry_flags(b);
-
-        ret = SSL_read(ssl, out, outl);
-
-        switch (SSL_get_error(ssl, ret)) {
-        case SSL_ERROR_NONE:
-                if (ret <= 0)
-                        break;
-                if (sb->renegotiate_count > 0) {
-                        sb->byte_count += ret;
-                        if (sb->byte_count > sb->renegotiate_count) {
-                                sb->byte_count = 0;
-                                sb->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                                r = 1;
-                        }
-                }
-                if ((sb->renegotiate_timeout > 0) && (!r)) {
-                        time_t tm;
-
-                        tm = time(NULL);
-                        if (tm > sb->last_time + sb->renegotiate_timeout) {
-                                sb->last_time = tm;
-                                sb->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                        }
-                }
-
-                break;
-        case SSL_ERROR_WANT_READ:
-                BIO_set_retry_read(b);
-                break;
-        case SSL_ERROR_WANT_WRITE:
-                BIO_set_retry_write(b);
-                break;
-        case SSL_ERROR_WANT_X509_LOOKUP:
-                BIO_set_retry_special(b);
-                retry_reason = BIO_RR_SSL_X509_LOOKUP;
-                break;
-        case SSL_ERROR_WANT_ACCEPT:
-                BIO_set_retry_special(b);
-                retry_reason = BIO_RR_ACCEPT;
-                break;
-        case SSL_ERROR_WANT_CONNECT:
-                BIO_set_retry_special(b);
-                retry_reason = BIO_RR_CONNECT;
-                break;
-        case SSL_ERROR_SYSCALL:
-        case SSL_ERROR_SSL:
-        case SSL_ERROR_ZERO_RETURN:
-        default:
-                break;
-        }
-
-        b->retry_reason = retry_reason;
-        return (ret);
-}
-
-static int
-ssl_write(BIO *b, const char *out, int outl)
-{
-        int ret, r = 0;
-        int retry_reason = 0;
-        SSL *ssl;
-        BIO_SSL *bs;
-
-        if (out == NULL)
-                return (0);
-        bs = (BIO_SSL *)b->ptr;
-        ssl = bs->ssl;
-
-        BIO_clear_retry_flags(b);
-
-/*      ret=SSL_do_handshake(ssl);
-        if (ret > 0) */
-                ret = SSL_write(ssl, out, outl);
-
-        switch (SSL_get_error(ssl, ret)) {
-        case SSL_ERROR_NONE:
-                if (ret <= 0)
-                        break;
-                if (bs->renegotiate_count > 0) {
-                        bs->byte_count += ret;
-                        if (bs->byte_count > bs->renegotiate_count) {
-                                bs->byte_count = 0;
-                                bs->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                                r = 1;
-                        }
-                }
-                if ((bs->renegotiate_timeout > 0) && (!r)) {
-                        time_t tm;
-
-                        tm = time(NULL);
-                        if (tm > bs->last_time + bs->renegotiate_timeout) {
-                                bs->last_time = tm;
-                                bs->num_renegotiates++;
-                                SSL_renegotiate(ssl);
-                        }
-                }
-                break;
-        case SSL_ERROR_WANT_WRITE:
-                BIO_set_retry_write(b);
-                break;
-        case SSL_ERROR_WANT_READ:
-                BIO_set_retry_read(b);
-                break;
-        case SSL_ERROR_WANT_X509_LOOKUP:
-                BIO_set_retry_special(b);
-                retry_reason = BIO_RR_SSL_X509_LOOKUP;
-                break;
-        case SSL_ERROR_WANT_CONNECT:
-                BIO_set_retry_special(b);
-                retry_reason = BIO_RR_CONNECT;
-        case SSL_ERROR_SYSCALL:
-        case SSL_ERROR_SSL:
-        default:
-                break;
-        }
-
-        b->retry_reason = retry_reason;
-        return (ret);
-}
-
-static long
-ssl_ctrl(BIO *b, int cmd, long num, void *ptr)
-{
-        SSL **sslp, *ssl;
-        BIO_SSL *bs;
-        BIO *dbio, *bio;
-        long ret = 1;
-
-        bs = (BIO_SSL *)b->ptr;
-        ssl = bs->ssl;
-        if ((ssl == NULL)  && (cmd != BIO_C_SET_SSL))
-                return (0);
-        switch (cmd) {
-        case BIO_CTRL_RESET:
-                SSL_shutdown(ssl);
-
-                if (ssl->handshake_func == ssl->method->ssl_connect)
-                        SSL_set_connect_state(ssl);
-                else if (ssl->handshake_func == ssl->method->ssl_accept)
-                        SSL_set_accept_state(ssl);
-
-                SSL_clear(ssl);
-
-                if (b->next_bio != NULL)
-                        ret = BIO_ctrl(b->next_bio, cmd, num, ptr);
-                else if (ssl->rbio != NULL)
-                        ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
-                else
-                        ret = 1;
-                break;
-        case BIO_CTRL_INFO:
-                ret = 0;
-                break;
-        case BIO_C_SSL_MODE:
-                if (num) /* client mode */
-                        SSL_set_connect_state(ssl);
-                else
-                        SSL_set_accept_state(ssl);
-                break;
-        case BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT:
-                ret = bs->renegotiate_timeout;
-                if (num < 60)
-                        num = 5;
-                bs->renegotiate_timeout = (unsigned long)num;
-                bs->last_time = time(NULL);
-                break;
-        case BIO_C_SET_SSL_RENEGOTIATE_BYTES:
-                ret = bs->renegotiate_count;
-                if ((long)num >=512)
-                        bs->renegotiate_count = (unsigned long)num;
-                break;
-        case BIO_C_GET_SSL_NUM_RENEGOTIATES:
-                ret = bs->num_renegotiates;
-                break;
-        case BIO_C_SET_SSL:
-                if (ssl != NULL) {
-                        ssl_free(b);
-                        if (!ssl_new(b))
-                                return 0;
-                }
-                b->shutdown = (int)num;
-                ssl = (SSL *)ptr;
-                ((BIO_SSL *)b->ptr)->ssl = ssl;
-                bio = SSL_get_rbio(ssl);
-                if (bio != NULL) {
-                        if (b->next_bio != NULL)
-                                BIO_push(bio, b->next_bio);
-                        b->next_bio = bio;
-                        CRYPTO_add(&bio->references, 1, CRYPTO_LOCK_BIO);
-                }
-                b->init = 1;
-                break;
-        case BIO_C_GET_SSL:
-                if (ptr != NULL) {
-                        sslp = (SSL **)ptr;
-                        *sslp = ssl;
-                } else
-                        ret = 0;
-                break;
-        case BIO_CTRL_GET_CLOSE:
-                ret = b->shutdown;
-                break;
-        case BIO_CTRL_SET_CLOSE:
-                b->shutdown = (int)num;
-                break;
-        case BIO_CTRL_WPENDING:
-                ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
-                break;
-        case BIO_CTRL_PENDING:
-                ret = SSL_pending(ssl);
-                if (ret == 0)
-                        ret = BIO_pending(ssl->rbio);
-                break;
-        case BIO_CTRL_FLUSH:
-                BIO_clear_retry_flags(b);
-                ret = BIO_ctrl(ssl->wbio, cmd, num, ptr);
-                BIO_copy_next_retry(b);
-                break;
-        case BIO_CTRL_PUSH:
-                if ((b->next_bio != NULL) && (b->next_bio != ssl->rbio)) {
-                        SSL_set_bio(ssl, b->next_bio, b->next_bio);
-                        CRYPTO_add(&b->next_bio->references, 1,
-                            CRYPTO_LOCK_BIO);
-                }
-                break;
-        case BIO_CTRL_POP:
-                /* Only detach if we are the BIO explicitly being popped */
-                if (b == ptr) {
-                        /* Shouldn't happen in practice because the
-                         * rbio and wbio are the same when pushed.
-                         */
-                        if (ssl->rbio != ssl->wbio)
-                                BIO_free_all(ssl->wbio);
-                        if (b->next_bio != NULL)
-                                CRYPTO_add(&b->next_bio->references, -1, CRYPTO_LOCK_BIO);
-                        ssl->wbio = NULL;
-                        ssl->rbio = NULL;
-                }
-                break;
-        case BIO_C_DO_STATE_MACHINE:
-                BIO_clear_retry_flags(b);
-
-                b->retry_reason = 0;
-                ret = (int)SSL_do_handshake(ssl);
-
-                switch (SSL_get_error(ssl, (int)ret)) {
-                case SSL_ERROR_WANT_READ:
-                        BIO_set_flags(b,
-                            BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY);
-                        break;
-                case SSL_ERROR_WANT_WRITE:
-                        BIO_set_flags(b,
-                            BIO_FLAGS_WRITE|BIO_FLAGS_SHOULD_RETRY);
-                        break;
-                case SSL_ERROR_WANT_CONNECT:
-                        BIO_set_flags(b,
-                            BIO_FLAGS_IO_SPECIAL|BIO_FLAGS_SHOULD_RETRY);
-                        b->retry_reason = b->next_bio->retry_reason;
-                        break;
-                default:
-                        break;
-                }
-                break;
-        case BIO_CTRL_DUP:
-                dbio = (BIO *)ptr;
-                if (((BIO_SSL *)dbio->ptr)->ssl != NULL)
-                        SSL_free(((BIO_SSL *)dbio->ptr)->ssl);
-                ((BIO_SSL *)dbio->ptr)->ssl = SSL_dup(ssl);
-                ((BIO_SSL *)dbio->ptr)->renegotiate_count =
-                    ((BIO_SSL *)b->ptr)->renegotiate_count;
-                ((BIO_SSL *)dbio->ptr)->byte_count =
-                    ((BIO_SSL *)b->ptr)->byte_count;
-                ((BIO_SSL *)dbio->ptr)->renegotiate_timeout =
-                    ((BIO_SSL *)b->ptr)->renegotiate_timeout;
-                ((BIO_SSL *)dbio->ptr)->last_time =
-                    ((BIO_SSL *)b->ptr)->last_time;
-                ret = (((BIO_SSL *)dbio->ptr)->ssl != NULL);
-                break;
-        case BIO_C_GET_FD:
-                ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
-                break;
-        case BIO_CTRL_SET_CALLBACK:
-                {
-                        ret = 0;
-                }
-                break;
-        case BIO_CTRL_GET_CALLBACK:
-                {
-                        void (**fptr)(const SSL *xssl, int type, int val);
-
-                        fptr = (void (**)(const SSL *xssl, int type, int val))
-                            ptr;
-                        *fptr = SSL_get_info_callback(ssl);
-                }
-                break;
-        default:
-                ret = BIO_ctrl(ssl->rbio, cmd, num, ptr);
-                break;
-        }
-        return (ret);
-}
-
-static long
-ssl_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
-{
-        SSL *ssl;
-        BIO_SSL *bs;
-        long ret = 1;
-
-        bs = (BIO_SSL *)b->ptr;
-        ssl = bs->ssl;
-        switch (cmd) {
-        case BIO_CTRL_SET_CALLBACK:
-                {
-                /* FIXME: setting this via a completely different prototype
-                   seems like a crap idea */
-                        SSL_set_info_callback(ssl,
-                            (void (*)(const SSL *, int, int))fp);
-                }
-                break;
-        default:
-                ret = BIO_callback_ctrl(ssl->rbio, cmd, fp);
-                break;
-        }
-        return (ret);
-}
-
-static int
-ssl_puts(BIO *bp, const char *str)
-{
-        int n, ret;
-
-        n = strlen(str);
-        ret = BIO_write(bp, str, n);
-        return (ret);
-}
-
-BIO *
-BIO_new_buffer_ssl_connect(SSL_CTX *ctx)
-{
-        BIO *ret = NULL, *buf = NULL, *ssl = NULL;
-
-        if ((buf = BIO_new(BIO_f_buffer())) == NULL)
-                goto err;
-        if ((ssl = BIO_new_ssl_connect(ctx)) == NULL)
-                goto err;
-        if ((ret = BIO_push(buf, ssl)) == NULL)
-                goto err;
-        return (ret);
-
- err:
-        BIO_free(buf);
-        BIO_free(ssl);
-        return (NULL);
-}
-LSSL_ALIAS(BIO_new_buffer_ssl_connect);
-
-BIO *
-BIO_new_ssl_connect(SSL_CTX *ctx)
-{
-        BIO *ret = NULL, *con = NULL, *ssl = NULL;
-
-        if ((con = BIO_new(BIO_s_connect())) == NULL)
-                goto err;
-        if ((ssl = BIO_new_ssl(ctx, 1)) == NULL)
-                goto err;
-        if ((ret = BIO_push(ssl, con)) == NULL)
-                goto err;
-        return (ret);
-
- err:
-        BIO_free(con);
-        BIO_free(ssl);
-        return (NULL);
-}
-LSSL_ALIAS(BIO_new_ssl_connect);
-
-BIO *
-BIO_new_ssl(SSL_CTX *ctx, int client)
-{
-        BIO *ret;
-        SSL *ssl;
-
-        if ((ret = BIO_new(BIO_f_ssl())) == NULL)
-                goto err;
-        if ((ssl = SSL_new(ctx)) == NULL)
-                goto err;
-
-        if (client)
-                SSL_set_connect_state(ssl);
-        else
-                SSL_set_accept_state(ssl);
-
-        BIO_set_ssl(ret, ssl, BIO_CLOSE);
-        return (ret);
-
- err:
-        BIO_free(ret);
-        return (NULL);
-}
-LSSL_ALIAS(BIO_new_ssl);
-
-int
-BIO_ssl_copy_session_id(BIO *t, BIO *f)
-{
-        t = BIO_find_type(t, BIO_TYPE_SSL);
-        f = BIO_find_type(f, BIO_TYPE_SSL);
-        if ((t == NULL) || (f == NULL))
-                return (0);
-        if ((((BIO_SSL *)t->ptr)->ssl == NULL) ||
-            (((BIO_SSL *)f->ptr)->ssl == NULL))
-                return (0);
-        if (!SSL_copy_session_id(((BIO_SSL *)t->ptr)->ssl,
-            ((BIO_SSL *)f->ptr)->ssl))
-                return (0);
-        return (1);
-}
-LSSL_ALIAS(BIO_ssl_copy_session_id);
-
-void
-BIO_ssl_shutdown(BIO *b)
-{
-        SSL *s;
-
-        while (b != NULL) {
-                if (b->method->type == BIO_TYPE_SSL) {
-                        s = ((BIO_SSL *)b->ptr)->ssl;
-                        SSL_shutdown(s);
-                        break;
-                }
-                b = b->next_bio;
-        }
-}
-LSSL_ALIAS(BIO_ssl_shutdown);
diff --git a/src/lib/libssl/bs_ber.c b/src/lib/libssl/bs_ber.c
deleted file mode 100644
index 923ec06f3d..0000000000
--- a/src/lib/libssl/bs_ber.c
+++ /dev/null
@@ -1,270 +0,0 @@
-/*      $OpenBSD: bs_ber.c,v 1.13 2025/03/28 12:13:03 tb Exp $  */
-/*
- * Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdint.h>
-#include <string.h>
-
-#include "bytestring.h"
-
-/*
- * kMaxDepth is a just a sanity limit. The code should be such that the length
- * of the input being processes always decreases. None the less, a very large
- * input could otherwise cause the stack to overflow.
- */
-static const unsigned int kMaxDepth = 2048;
-
-/* Non-strict version that allows a relaxed DER with indefinite form. */
-static int
-cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
-    size_t *out_header_len)
-{
-        return cbs_get_any_asn1_element_internal(cbs, out,
-            out_tag, out_header_len, 0);
-}
-
-/*
- * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets
- * |*indefinite_found| depending on whether an indefinite length element was
- * found. The value of |orig_in| is not modified.
- *
- * Returns one on success (i.e. |*indefinite_found| was set) and zero on error.
- */
-static int
-cbs_find_indefinite(const CBS *orig_in, char *indefinite_found,
-    unsigned int depth)
-{
-        CBS in;
-
-        if (depth > kMaxDepth)
-                return 0;
-
-        CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in));
-
-        while (CBS_len(&in) > 0) {
-                CBS contents;
-                unsigned int tag;
-                size_t header_len;
-
-                if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag,
-                    &header_len))
-                        return 0;
-
-                /* Indefinite form not allowed by DER. */
-                if (CBS_len(&contents) == header_len && header_len > 0 &&
-                    CBS_data(&contents)[header_len - 1] == 0x80) {
-                        *indefinite_found = 1;
-                        return 1;
-                }
-                if (tag & CBS_ASN1_CONSTRUCTED) {
-                        if (!CBS_skip(&contents, header_len) ||
-                            !cbs_find_indefinite(&contents, indefinite_found,
-                            depth + 1))
-                                return 0;
-                }
-        }
-
-        *indefinite_found = 0;
-        return 1;
-}
-
-/*
- * is_primitive_type returns true if |tag| likely a primitive type. Normally
- * one can just test the "constructed" bit in the tag but, in BER, even
- * primitive tags can have the constructed bit if they have indefinite
- * length.
- */
-static char
-is_primitive_type(unsigned int tag)
-{
-        return (tag & 0xc0) == 0 &&
-            (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) &&
-            (tag & 0x1f) != (CBS_ASN1_SET & 0x1f);
-}
-
-/*
- * is_eoc returns true if |header_len| and |contents|, as returned by
- * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
- * value.
- */
-static char
-is_eoc(size_t header_len, CBS *contents)
-{
-        const unsigned char eoc[] = {0x0, 0x0};
-
-        return header_len == 2 && CBS_mem_equal(contents, eoc, 2);
-}
-
-/*
- * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
- * indefinite form) from |in| and writes definite form DER data to |out|. If
- * |squash_header| is set then the top-level of elements from |in| will not
- * have their headers written. This is used when concatenating the fragments of
- * an indefinite length, primitive value. If |looking_for_eoc| is set then any
- * EOC elements found will cause the function to return after consuming it.
- * It returns one on success and zero on error.
- */
-static int
-cbs_convert_indefinite(CBS *in, CBB *out, char squash_header,
-    char looking_for_eoc, unsigned int depth)
-{
-        if (depth > kMaxDepth)
-                return 0;
-
-        while (CBS_len(in) > 0) {
-                CBS contents;
-                unsigned int tag;
-                size_t header_len;
-                CBB *out_contents, out_contents_storage;
-
-                if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag,
-                    &header_len))
-                        return 0;
-
-                out_contents = out;
-
-                if (CBS_len(&contents) == header_len) {
-                        if (is_eoc(header_len, &contents))
-                                return looking_for_eoc;
-
-                        if (header_len > 0 &&
-                            CBS_data(&contents)[header_len - 1] == 0x80) {
-                                /*
-                                 * This is an indefinite length element. If
-                                 * it's a SEQUENCE or SET then we just need to
-                                 * write the out the contents as normal, but
-                                 * with a concrete length prefix.
-                                 *
-                                 * If it's a something else then the contents
-                                 * will be a series of DER elements of the same
-                                 * type which need to be concatenated.
-                                 */
-                                const char context_specific = (tag & 0xc0)
-                                    == 0x80;
-                                char squash_child_headers =
-                                    is_primitive_type(tag);
-
-                                /*
-                                 * This is a hack, but it sufficies to handle
-                                 * NSS's output. If we find an indefinite
-                                 * length, context-specific tag with a definite,
-                                 * primitive tag inside it, then we assume that
-                                 * the context-specific tag is implicit and the
-                                 * tags within are fragments of a primitive type
-                                 * that need to be concatenated.
-                                 */
-                                if (context_specific &&
-                                    (tag & CBS_ASN1_CONSTRUCTED)) {
-                                        CBS in_copy, inner_contents;
-                                        unsigned int inner_tag;
-                                        size_t inner_header_len;
-
-                                        CBS_init(&in_copy, CBS_data(in),
-                                            CBS_len(in));
-                                        if (!cbs_nonstrict_get_any_asn1_element(
-                                            &in_copy, &inner_contents,
-                                            &inner_tag, &inner_header_len))
-                                                return 0;
-
-                                        if (CBS_len(&inner_contents) >
-                                            inner_header_len &&
-                                            is_primitive_type(inner_tag))
-                                                squash_child_headers = 1;
-                                }
-
-                                if (!squash_header) {
-                                        unsigned int out_tag = tag;
-
-                                        if (squash_child_headers)
-                                                out_tag &=
-                                                    ~CBS_ASN1_CONSTRUCTED;
-
-                                        if (!CBB_add_asn1(out,
-                                            &out_contents_storage, out_tag))
-                                                return 0;
-
-                                        out_contents = &out_contents_storage;
-                                }
-
-                                if (!cbs_convert_indefinite(in, out_contents,
-                                    squash_child_headers,
-                                    1 /* looking for eoc */, depth + 1))
-                                        return 0;
-
-                                if (out_contents != out && !CBB_flush(out))
-                                        return 0;
-
-                                continue;
-                        }
-                }
-
-                if (!squash_header) {
-                        if (!CBB_add_asn1(out, &out_contents_storage, tag))
-                                return 0;
-
-                        out_contents = &out_contents_storage;
-                }
-
-                if (!CBS_skip(&contents, header_len))
-                        return 0;
-
-                if (tag & CBS_ASN1_CONSTRUCTED) {
-                        if (!cbs_convert_indefinite(&contents, out_contents,
-                            0 /* don't squash header */,
-                            0 /* not looking for eoc */, depth + 1))
-                                return 0;
-                } else {
-                        if (!CBB_add_bytes(out_contents, CBS_data(&contents),
-                            CBS_len(&contents)))
-                                return 0;
-                }
-
-                if (out_contents != out && !CBB_flush(out))
-                        return 0;
-        }
-
-        return looking_for_eoc == 0;
-}
-
-int
-CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len)
-{
-        CBB cbb;
-
-        /*
-         * First, do a quick walk to find any indefinite-length elements. Most
-         * of the time we hope that there aren't any and thus we can quickly
-         * return.
-         */
-        char conversion_needed;
-        if (!cbs_find_indefinite(in, &conversion_needed, 0))
-                return 0;
-
-        if (!conversion_needed) {
-                *out = NULL;
-                *out_len = 0;
-                return 1;
-        }
-
-        if (!CBB_init(&cbb, CBS_len(in)))
-                return 0;
-        if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) {
-                CBB_cleanup(&cbb);
-                return 0;
-        }
-
-        return CBB_finish(&cbb, out, out_len);
-}
diff --git a/src/lib/libssl/bs_cbb.c b/src/lib/libssl/bs_cbb.c
deleted file mode 100644
index 9d7ad7d46d..0000000000
--- a/src/lib/libssl/bs_cbb.c
+++ /dev/null
@@ -1,490 +0,0 @@
-/*      $OpenBSD: bs_cbb.c,v 1.30 2024/06/22 15:25:06 jsing Exp $       */
-/*
- * Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "bytestring.h"
-
-#define CBB_INITIAL_SIZE 64
-
-static int
-cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
-{
-        struct cbb_buffer_st *base;
-
-        if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL)
-                return 0;
-
-        base->buf = buf;
-        base->len = 0;
-        base->cap = cap;
-        base->can_resize = 1;
-
-        cbb->base = base;
-        cbb->is_top_level = 1;
-
-        return 1;
-}
-
-int
-CBB_init(CBB *cbb, size_t initial_capacity)
-{
-        uint8_t *buf = NULL;
-
-        memset(cbb, 0, sizeof(*cbb));
-
-        if (initial_capacity == 0)
-                initial_capacity = CBB_INITIAL_SIZE;
-
-        if ((buf = calloc(1, initial_capacity)) == NULL)
-                return 0;
-
-        if (!cbb_init(cbb, buf, initial_capacity)) {
-                free(buf);
-                return 0;
-        }
-
-        return 1;
-}
-
-int
-CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len)
-{
-        memset(cbb, 0, sizeof(*cbb));
-
-        if (!cbb_init(cbb, buf, len))
-                return 0;
-
-        cbb->base->can_resize = 0;
-
-        return 1;
-}
-
-void
-CBB_cleanup(CBB *cbb)
-{
-        if (cbb->base) {
-                if (cbb->base->can_resize)
-                        freezero(cbb->base->buf, cbb->base->cap);
-                free(cbb->base);
-        }
-        cbb->base = NULL;
-        cbb->child = NULL;
-}
-
-static int
-cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len)
-{
-        size_t newlen;
-
-        if (base == NULL)
-                return 0;
-
-        newlen = base->len + len;
-        if (newlen < base->len)
-                /* Overflow */
-                return 0;
-
-        if (newlen > base->cap) {
-                size_t newcap = base->cap * 2;
-                uint8_t *newbuf;
-
-                if (!base->can_resize)
-                        return 0;
-
-                if (newcap < base->cap || newcap < newlen)
-                        newcap = newlen;
-
-                newbuf = recallocarray(base->buf, base->cap, newcap, 1);
-                if (newbuf == NULL)
-                        return 0;
-
-                base->buf = newbuf;
-                base->cap = newcap;
-        }
-
-        if (out)
-                *out = base->buf + base->len;
-
-        base->len = newlen;
-        return 1;
-}
-
-static int
-cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
-{
-        uint8_t *buf;
-        size_t i;
-
-        if (len_len == 0)
-                return 1;
-
-        if (len_len > 4)
-                return 0;
-
-        if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len))
-                return 0;
-
-        for (i = len_len - 1; i < len_len; i--) {
-                buf[i] = v;
-                v >>= 8;
-        }
-        return 1;
-}
-
-int
-CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len)
-{
-        if (!cbb->is_top_level)
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        if (cbb->base->can_resize && (out_data == NULL || out_len == NULL))
-                /*
-                 * |out_data| and |out_len| can only be NULL if the CBB is
-                 * fixed.
-                 */
-                return 0;
-
-        if (out_data != NULL && *out_data != NULL)
-                return 0;
-
-        if (out_data != NULL)
-                *out_data = cbb->base->buf;
-
-        if (out_len != NULL)
-                *out_len = cbb->base->len;
-
-        cbb->base->buf = NULL;
-        CBB_cleanup(cbb);
-        return 1;
-}
-
-/*
- * CBB_flush recurses and then writes out any pending length prefix. The current
- * length of the underlying base is taken to be the length of the
- * length-prefixed data.
- */
-int
-CBB_flush(CBB *cbb)
-{
-        size_t child_start, i, len;
-
-        if (cbb->base == NULL)
-                return 0;
-
-        if (cbb->child == NULL || cbb->pending_len_len == 0)
-                return 1;
-
-        child_start = cbb->offset + cbb->pending_len_len;
-
-        if (!CBB_flush(cbb->child) || child_start < cbb->offset ||
-            cbb->base->len < child_start)
-                return 0;
-
-        len = cbb->base->len - child_start;
-
-        if (cbb->pending_is_asn1) {
-                /*
-                 * For ASN.1, we assumed that we were using short form which
-                 * only requires a single byte for the length octet.
-                 *
-                 * If it turns out that we need long form, we have to move
-                 * the contents along in order to make space for more length
-                 * octets.
-                 */
-                size_t len_len = 1;  /* total number of length octets */
-                uint8_t initial_length_byte;
-
-                /* We already wrote 1 byte for the length. */
-                if (cbb->pending_len_len != 1)
-                        return 0;
-
-                /* Check for long form */
-                if (len > 0xfffffffe)
-                        return 0;       /* 0xffffffff is reserved */
-                else if (len > 0xffffff)
-                        len_len = 5;
-                else if (len > 0xffff)
-                        len_len = 4;
-                else if (len > 0xff)
-                        len_len = 3;
-                else if (len > 0x7f)
-                        len_len = 2;
-
-                if (len_len == 1) {
-                        /* For short form, the initial byte is the length. */
-                        initial_length_byte = len;
-                        len = 0;
-
-                } else {
-                        /*
-                         * For long form, the initial byte is the number of
-                         * subsequent length octets (plus bit 8 set).
-                         */
-                        initial_length_byte = 0x80 | (len_len - 1);
-
-                        /*
-                         * We need to move the contents along in order to make
-                         * space for the long form length octets.
-                         */
-                        size_t extra_bytes = len_len - 1;
-                        if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
-                                return 0;
-
-                        memmove(cbb->base->buf + child_start + extra_bytes,
-                            cbb->base->buf + child_start, len);
-                }
-                cbb->base->buf[cbb->offset++] = initial_length_byte;
-                cbb->pending_len_len = len_len - 1;
-        }
-
-        for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
-                cbb->base->buf[cbb->offset + i] = len;
-                len >>= 8;
-        }
-        if (len != 0)
-                return 0;
-
-        cbb->child->base = NULL;
-        cbb->child = NULL;
-        cbb->pending_len_len = 0;
-        cbb->pending_is_asn1 = 0;
-        cbb->offset = 0;
-
-        return 1;
-}
-
-void
-CBB_discard_child(CBB *cbb)
-{
-        if (cbb->child == NULL)
-                return;
-
-        cbb->base->len = cbb->offset;
-
-        cbb->child->base = NULL;
-        cbb->child = NULL;
-        cbb->pending_len_len = 0;
-        cbb->pending_is_asn1 = 0;
-        cbb->offset = 0;
-}
-
-static int
-cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
-{
-        uint8_t *prefix_bytes;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        cbb->offset = cbb->base->len;
-        if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
-                return 0;
-
-        memset(prefix_bytes, 0, len_len);
-        memset(out_contents, 0, sizeof(CBB));
-        out_contents->base = cbb->base;
-        cbb->child = out_contents;
-        cbb->pending_len_len = len_len;
-        cbb->pending_is_asn1 = 0;
-
-        return 1;
-}
-
-int
-CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents)
-{
-        return cbb_add_length_prefixed(cbb, out_contents, 1);
-}
-
-int
-CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents)
-{
-        return cbb_add_length_prefixed(cbb, out_contents, 2);
-}
-
-int
-CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents)
-{
-        return cbb_add_length_prefixed(cbb, out_contents, 3);
-}
-
-int
-CBB_add_u32_length_prefixed(CBB *cbb, CBB *out_contents)
-{
-        return cbb_add_length_prefixed(cbb, out_contents, 4);
-}
-
-int
-CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag)
-{
-        if (tag > UINT8_MAX)
-                return 0;
-
-        /* Long form identifier octets are not supported. */
-        if ((tag & 0x1f) == 0x1f)
-                return 0;
-
-        /* Short-form identifier octet only needs a single byte */
-        if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag))
-                return 0;
-
-        /*
-         * Add 1 byte to cover the short-form length octet case.  If it turns
-         * out we need long-form, it will be extended later.
-         */
-        cbb->offset = cbb->base->len;
-        if (!CBB_add_u8(cbb, 0))
-                return 0;
-
-        memset(out_contents, 0, sizeof(CBB));
-        out_contents->base = cbb->base;
-        cbb->child = out_contents;
-        cbb->pending_len_len = 1;
-        cbb->pending_is_asn1 = 1;
-
-        return 1;
-}
-
-int
-CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len)
-{
-        uint8_t *dest;
-
-        if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len))
-                return 0;
-
-        memcpy(dest, data, len);
-        return 1;
-}
-
-int
-CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
-{
-        if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
-                return 0;
-
-        memset(*out_data, 0, len);
-        return 1;
-}
-
-int
-CBB_add_u8(CBB *cbb, size_t value)
-{
-        if (value > UINT8_MAX)
-                return 0;
-
-        return cbb_add_u(cbb, (uint32_t)value, 1);
-}
-
-int
-CBB_add_u16(CBB *cbb, size_t value)
-{
-        if (value > UINT16_MAX)
-                return 0;
-
-        return cbb_add_u(cbb, (uint32_t)value, 2);
-}
-
-int
-CBB_add_u24(CBB *cbb, size_t value)
-{
-        if (value > 0xffffffUL)
-                return 0;
-
-        return cbb_add_u(cbb, (uint32_t)value, 3);
-}
-
-int
-CBB_add_u32(CBB *cbb, size_t value)
-{
-        if (value > 0xffffffffUL)
-                return 0;
-
-        return cbb_add_u(cbb, (uint32_t)value, 4);
-}
-
-int
-CBB_add_u64(CBB *cbb, uint64_t value)
-{
-        uint32_t a, b;
-
-        a = value >> 32;
-        b = value & 0xffffffff;
-
-        if (!CBB_add_u32(cbb, a))
-                return 0;
-        return CBB_add_u32(cbb, b);
-}
-
-int
-CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
-{
-        CBB child;
-        size_t i;
-        int started = 0;
-
-        if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
-                return 0;
-
-        for (i = 0; i < 8; i++) {
-                uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
-
-                /*
-                 * ASN.1 restriction: first 9 bits cannot be all zeroes or
-                 * all ones.  Since this function only encodes unsigned
-                 * integers, the only concerns are not encoding leading
-                 * zeros and adding a padding byte if necessary.
-                 *
-                 * In practice, this means:
-                 * 1) Skip leading octets of all zero bits in the value
-                 * 2) After skipping the leading zero octets, if the next 9
-                 *    bits are all ones, add an all zero prefix octet (and
-                 *    set the high bit of the prefix octet if negative).
-                 *
-                 * Additionally, for an unsigned value, add an all zero
-                 * prefix if the high bit of the first octet would be one.
-                 */
-                if (!started) {
-                        if (byte == 0)
-                                /* Don't encode leading zeros. */
-                                continue;
-
-                        /*
-                         * If the high bit is set, add a padding byte to make it
-                         * unsigned.
-                         */
-                        if ((byte & 0x80) && !CBB_add_u8(&child, 0))
-                                return 0;
-
-                        started = 1;
-                }
-                if (!CBB_add_u8(&child, byte))
-                        return 0;
-        }
-
-        /* 0 is encoded as a single 0, not the empty string. */
-        if (!started && !CBB_add_u8(&child, 0))
-                return 0;
-
-        return CBB_flush(cbb);
-}
diff --git a/src/lib/libssl/bs_cbs.c b/src/lib/libssl/bs_cbs.c
deleted file mode 100644
index 76e3bd2a89..0000000000
--- a/src/lib/libssl/bs_cbs.c
+++ /dev/null
@@ -1,616 +0,0 @@
-/*      $OpenBSD: bs_cbs.c,v 1.25 2024/05/25 15:14:26 tb Exp $  */
-/*
- * Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdint.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include "bytestring.h"
-
-void
-CBS_init(CBS *cbs, const uint8_t *data, size_t len)
-{
-        cbs->data = data;
-        cbs->initial_len = len;
-        cbs->len = len;
-}
-
-void
-CBS_dup(const CBS *cbs, CBS *out)
-{
-        CBS_init(out, CBS_data(cbs), CBS_len(cbs));
-        out->initial_len = cbs->initial_len;
-}
-
-static int
-cbs_get(CBS *cbs, const uint8_t **p, size_t n)
-{
-        if (cbs->len < n)
-                return 0;
-
-        *p = cbs->data;
-        cbs->data += n;
-        cbs->len -= n;
-        return 1;
-}
-
-static int
-cbs_peek(CBS *cbs, const uint8_t **p, size_t n)
-{
-        if (cbs->len < n)
-                return 0;
-
-        *p = cbs->data;
-        return 1;
-}
-
-size_t
-CBS_offset(const CBS *cbs)
-{
-        return cbs->initial_len - cbs->len;
-}
-
-int
-CBS_skip(CBS *cbs, size_t len)
-{
-        const uint8_t *dummy;
-        return cbs_get(cbs, &dummy, len);
-}
-
-const uint8_t *
-CBS_data(const CBS *cbs)
-{
-        return cbs->data;
-}
-
-size_t
-CBS_len(const CBS *cbs)
-{
-        return cbs->len;
-}
-
-int
-CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len)
-{
-        free(*out_ptr);
-        *out_ptr = NULL;
-        *out_len = 0;
-
-        if (cbs->len == 0)
-                return 1;
-
-        if ((*out_ptr = malloc(cbs->len)) == NULL)
-                return 0;
-
-        memcpy(*out_ptr, cbs->data, cbs->len);
-
-        *out_len = cbs->len;
-        return 1;
-}
-
-int
-CBS_strdup(const CBS *cbs, char **out_ptr)
-{
-        free(*out_ptr);
-        *out_ptr = NULL;
-
-        if (CBS_contains_zero_byte(cbs))
-                return 0;
-
-        *out_ptr = strndup((const char *)cbs->data, cbs->len);
-        return (*out_ptr != NULL);
-}
-
-int
-CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied)
-{
-        if (dst_len < cbs->len)
-                return 0;
-
-        memmove(dst, cbs->data, cbs->len);
-
-        if (copied != NULL)
-                *copied = cbs->len;
-
-        return 1;
-}
-
-int
-CBS_contains_zero_byte(const CBS *cbs)
-{
-        return memchr(cbs->data, 0, cbs->len) != NULL;
-}
-
-int
-CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len)
-{
-        if (len != cbs->len)
-                return 0;
-
-        return timingsafe_memcmp(cbs->data, data, len) == 0;
-}
-
-static int
-cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
-{
-        uint32_t result = 0;
-        size_t i;
-        const uint8_t *data;
-
-        if (len < 1 || len > 4)
-                return 0;
-
-        if (!cbs_get(cbs, &data, len))
-                return 0;
-
-        for (i = 0; i < len; i++) {
-                result <<= 8;
-                result |= data[i];
-        }
-        *out = result;
-        return 1;
-}
-
-int
-CBS_get_u8(CBS *cbs, uint8_t *out)
-{
-        const uint8_t *v;
-
-        if (!cbs_get(cbs, &v, 1))
-                return 0;
-
-        *out = *v;
-        return 1;
-}
-
-int
-CBS_get_u16(CBS *cbs, uint16_t *out)
-{
-        uint32_t v;
-
-        if (!cbs_get_u(cbs, &v, 2))
-                return 0;
-
-        *out = v;
-        return 1;
-}
-
-int
-CBS_get_u24(CBS *cbs, uint32_t *out)
-{
-        return cbs_get_u(cbs, out, 3);
-}
-
-int
-CBS_get_u32(CBS *cbs, uint32_t *out)
-{
-        return cbs_get_u(cbs, out, 4);
-}
-
-int
-CBS_get_u64(CBS *cbs, uint64_t *out)
-{
-        uint32_t a, b;
-
-        if (cbs->len < 8)
-                return 0;
-
-        if (!CBS_get_u32(cbs, &a))
-                return 0;
-        if (!CBS_get_u32(cbs, &b))
-                return 0;
-
-        *out = (uint64_t)a << 32 | b;
-        return 1;
-}
-
-int
-CBS_get_last_u8(CBS *cbs, uint8_t *out)
-{
-        if (cbs->len == 0)
-                return 0;
-
-        *out = cbs->data[cbs->len - 1];
-        cbs->len--;
-        return 1;
-}
-
-int
-CBS_get_bytes(CBS *cbs, CBS *out, size_t len)
-{
-        const uint8_t *v;
-
-        if (!cbs_get(cbs, &v, len))
-                return 0;
-
-        CBS_init(out, v, len);
-        return 1;
-}
-
-static int
-cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len)
-{
-        uint32_t len;
-
-        if (!cbs_get_u(cbs, &len, len_len))
-                return 0;
-
-        return CBS_get_bytes(cbs, out, len);
-}
-
-int
-CBS_get_u8_length_prefixed(CBS *cbs, CBS *out)
-{
-        return cbs_get_length_prefixed(cbs, out, 1);
-}
-
-int
-CBS_get_u16_length_prefixed(CBS *cbs, CBS *out)
-{
-        return cbs_get_length_prefixed(cbs, out, 2);
-}
-
-int
-CBS_get_u24_length_prefixed(CBS *cbs, CBS *out)
-{
-        return cbs_get_length_prefixed(cbs, out, 3);
-}
-
-static int
-cbs_peek_u(CBS *cbs, uint32_t *out, size_t len)
-{
-        uint32_t result = 0;
-        size_t i;
-        const uint8_t *data;
-
-        if (len < 1 || len > 4)
-                return 0;
-
-        if (!cbs_peek(cbs, &data, len))
-                return 0;
-
-        for (i = 0; i < len; i++) {
-                result <<= 8;
-                result |= data[i];
-        }
-        *out = result;
-        return 1;
-}
-
-int
-CBS_peek_u8(CBS *cbs, uint8_t *out)
-{
-        const uint8_t *v;
-
-        if (!cbs_peek(cbs, &v, 1))
-                return 0;
-
-        *out = *v;
-        return 1;
-}
-
-int
-CBS_peek_u16(CBS *cbs, uint16_t *out)
-{
-        uint32_t v;
-
-        if (!cbs_peek_u(cbs, &v, 2))
-                return 0;
-
-        *out = v;
-        return 1;
-}
-
-int
-CBS_peek_u24(CBS *cbs, uint32_t *out)
-{
-        return cbs_peek_u(cbs, out, 3);
-}
-
-int
-CBS_peek_u32(CBS *cbs, uint32_t *out)
-{
-        return cbs_peek_u(cbs, out, 4);
-}
-
-int
-CBS_peek_last_u8(CBS *cbs, uint8_t *out)
-{
-        if (cbs->len == 0)
-                return 0;
-
-        *out = cbs->data[cbs->len - 1];
-        return 1;
-}
-
-int
-CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
-    size_t *out_header_len)
-{
-        return cbs_get_any_asn1_element_internal(cbs, out, out_tag,
-            out_header_len, 1);
-}
-
-/*
- * Review X.690 for details on ASN.1 DER encoding.
- *
- * If non-strict mode is enabled, then DER rules are relaxed
- * for indefinite constructs (violates DER but a little closer to BER).
- * Non-strict mode should only be used by bs_ber.c
- *
- * Sections 8, 10 and 11 for DER encoding
- */
-int
-cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
-    size_t *out_header_len, int strict)
-{
-        uint8_t tag, length_byte;
-        CBS header = *cbs;
-        CBS throwaway;
-        size_t len;
-
-        if (out == NULL)
-                out = &throwaway;
-
-        /*
-         * Get identifier octet and length octet.  Only 1 octet for each
-         * is a CBS limitation.
-         */
-        if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte))
-                return 0;
-
-        /* CBS limitation: long form tags are not supported. */
-        if ((tag & 0x1f) == 0x1f)
-                return 0;
-
-        if (out_tag != NULL)
-                *out_tag = tag;
-
-        if ((length_byte & 0x80) == 0) {
-                /* Short form length. */
-                len = ((size_t) length_byte) + 2;
-                if (out_header_len != NULL)
-                        *out_header_len = 2;
-
-        } else {
-                /* Long form length. */
-                const size_t num_bytes = length_byte & 0x7f;
-                uint32_t len32;
-
-                /* ASN.1 reserved value for future extensions */
-                if (num_bytes == 0x7f)
-                        return 0;
-
-                /* Handle indefinite form length */
-                if (num_bytes == 0) {
-                        /* DER encoding doesn't allow for indefinite form. */
-                        if (strict)
-                                return 0;
-
-                        /* Primitive cannot use indefinite in BER or DER. */
-                        if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
-                                return 0;
-
-                        /* Constructed, indefinite length allowed in BER. */
-                        if (out_header_len != NULL)
-                                *out_header_len = 2;
-                        return CBS_get_bytes(cbs, out, 2);
-                }
-
-                /* CBS limitation. */
-                if (num_bytes > 4)
-                        return 0;
-
-                if (!cbs_get_u(&header, &len32, num_bytes))
-                        return 0;
-
-                /* DER has a minimum length octet requirement. */
-                if (len32 < 128)
-                        /* Should have used short form instead */
-                        return 0;
-
-                if ((len32 >> ((num_bytes - 1) * 8)) == 0)
-                        /* Length should have been at least one byte shorter. */
-                        return 0;
-
-                len = len32;
-                if (len + 2 + num_bytes < len)
-                        /* Overflow. */
-                        return 0;
-
-                len += 2 + num_bytes;
-                if (out_header_len != NULL)
-                        *out_header_len = 2 + num_bytes;
-        }
-
-        return CBS_get_bytes(cbs, out, len);
-}
-
-static int
-cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header)
-{
-        size_t header_len;
-        unsigned int tag;
-        CBS throwaway;
-
-        if (out == NULL)
-                out = &throwaway;
-
-        if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
-            tag != tag_value)
-                return 0;
-
-        if (skip_header && !CBS_skip(out, header_len))
-                return 0;
-
-        return 1;
-}
-
-int
-CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value)
-{
-        return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
-}
-
-int
-CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value)
-{
-        return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
-}
-
-int
-CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value)
-{
-        if (CBS_len(cbs) < 1)
-                return 0;
-
-        /*
-         * Tag number 31 indicates the start of a long form number.
-         * This is valid in ASN.1, but CBS only supports short form.
-         */
-        if ((tag_value & 0x1f) == 0x1f)
-                return 0;
-
-        return CBS_data(cbs)[0] == tag_value;
-}
-
-/* Encoding details are in ASN.1: X.690 section 8.3 */
-int
-CBS_get_asn1_uint64(CBS *cbs, uint64_t *out)
-{
-        CBS bytes;
-        const uint8_t *data;
-        size_t i, len;
-
-        if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER))
-                return 0;
-
-        *out = 0;
-        data = CBS_data(&bytes);
-        len = CBS_len(&bytes);
-
-        if (len == 0)
-                /* An INTEGER is encoded with at least one content octet. */
-                return 0;
-
-        if ((data[0] & 0x80) != 0)
-                /* Negative number. */
-                return 0;
-
-        if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0)
-                /* Violates smallest encoding rule: excessive leading zeros. */
-                return 0;
-
-        for (i = 0; i < len; i++) {
-                if ((*out >> 56) != 0)
-                        /* Too large to represent as a uint64_t. */
-                        return 0;
-
-                *out <<= 8;
-                *out |= data[i];
-        }
-
-        return 1;
-}
-
-int
-CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag)
-{
-        if (CBS_peek_asn1_tag(cbs, tag)) {
-                if (!CBS_get_asn1(cbs, out, tag))
-                        return 0;
-
-                *out_present = 1;
-        } else {
-                *out_present = 0;
-        }
-        return 1;
-}
-
-int
-CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
-    unsigned int tag)
-{
-        CBS child;
-        int present;
-
-        if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
-                return 0;
-
-        if (present) {
-                if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
-                    CBS_len(&child) != 0)
-                        return 0;
-        } else {
-                CBS_init(out, NULL, 0);
-        }
-        if (out_present)
-                *out_present = present;
-
-        return 1;
-}
-
-int
-CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
-    uint64_t default_value)
-{
-        CBS child;
-        int present;
-
-        if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
-                return 0;
-
-        if (present) {
-                if (!CBS_get_asn1_uint64(&child, out) ||
-                    CBS_len(&child) != 0)
-                        return 0;
-        } else {
-                *out = default_value;
-        }
-        return 1;
-}
-
-int
-CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
-    int default_value)
-{
-        CBS child, child2;
-        int present;
-
-        if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
-                return 0;
-
-        if (present) {
-                uint8_t boolean;
-
-                if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
-                    CBS_len(&child2) != 1 || CBS_len(&child) != 0)
-                        return 0;
-
-                boolean = CBS_data(&child2)[0];
-                if (boolean == 0)
-                        *out = 0;
-                else if (boolean == 0xff)
-                        *out = 1;
-                else
-                        return 0;
-
-        } else {
-                *out = default_value;
-        }
-        return 1;
-}
diff --git a/src/lib/libssl/bytestring.h b/src/lib/libssl/bytestring.h
deleted file mode 100644
index 1d871e0236..0000000000
--- a/src/lib/libssl/bytestring.h
+++ /dev/null
@@ -1,571 +0,0 @@
-/*      $OpenBSD: bytestring.h,v 1.26 2024/12/05 19:57:37 tb Exp $      */
-/*
- * Copyright (c) 2014, Google Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef OPENSSL_HEADER_BYTESTRING_H
-#define OPENSSL_HEADER_BYTESTRING_H
-
-#include <sys/types.h>
-#include <stdint.h>
-
-__BEGIN_HIDDEN_DECLS
-
-/*
- * Bytestrings are used for parsing and building TLS and ASN.1 messages.
- *
- * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
- * provides utility functions for safely parsing length-prefixed structures
- * like TLS and ASN.1 from it.
- *
- * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
- * provides utility functions for building length-prefixed messages.
- */
-
-/* CRYPTO ByteString */
-typedef struct cbs_st {
-        const uint8_t *data;
-        size_t initial_len;
-        size_t len;
-} CBS;
-
-/*
- * CBS_init sets |cbs| to point to |data|. It does not take ownership of
- * |data|.
- */
-void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
-
-/*
- * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
- * otherwise.
- */
-int CBS_skip(CBS *cbs, size_t len);
-
-/*
- * CBS_data returns a pointer to the contents of |cbs|.
- */
-const uint8_t *CBS_data(const CBS *cbs);
-
-/*
- * CBS_len returns the number of bytes remaining in |cbs|.
- */
-size_t CBS_len(const CBS *cbs);
-
-/*
- * CBS_offset returns the current offset into the original data of |cbs|.
- */
-size_t CBS_offset(const CBS *cbs);
-
-/*
- * CBS_stow copies the current contents of |cbs| into |*out_ptr| and
- * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
- * free. It returns one on success and zero on allocation failure. On
- * success, |*out_ptr| should be freed with free. If |cbs| is empty,
- * |*out_ptr| will be NULL.
- */
-int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
-
-/*
- * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
- * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
- * with free. It returns one on success and zero on failure. On success,
- * |*out_ptr| should be freed with free. If |cbs| contains NUL bytes,
- * CBS_strdup will fail.
- */
-int CBS_strdup(const CBS *cbs, char **out_ptr);
-
-/*
- * CBS_write_bytes writes all of the remaining data from |cbs| into |dst|
- * if it is at most |dst_len| bytes.  If |copied| is not NULL, it will be set
- * to the amount copied. It returns one on success and zero otherwise.
- */
-int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len,
-    size_t *copied);
-
-/*
- * CBS_contains_zero_byte returns one if the current contents of |cbs| contains
- * a NUL byte and zero otherwise.
- */
-int CBS_contains_zero_byte(const CBS *cbs);
-
-/*
- * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
- * starting at |data|. If they're equal, it returns one, otherwise zero. If the
- * lengths match, it uses a constant-time comparison.
- */
-int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len);
-
-/*
- * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
- * returns one on success and zero on error.
- */
-int CBS_get_u8(CBS *cbs, uint8_t *out);
-
-/*
- * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
- * advances |cbs|. It returns one on success and zero on error.
- */
-int CBS_get_u16(CBS *cbs, uint16_t *out);
-
-/*
- * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
- * advances |cbs|. It returns one on success and zero on error.
- */
-int CBS_get_u24(CBS *cbs, uint32_t *out);
-
-/*
- * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
- * and advances |cbs|. It returns one on success and zero on error.
- */
-int CBS_get_u32(CBS *cbs, uint32_t *out);
-
-/*
- * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs|
- * and advances |cbs|. It returns one on success and zero on error.
- */
-int CBS_get_u64(CBS *cbs, uint64_t *out);
-
-/*
- * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens
- * |cbs|. It returns one on success and zero on error.
- */
-int CBS_get_last_u8(CBS *cbs, uint8_t *out);
-
-/*
- * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
- * |cbs|. It returns one on success and zero on error.
- */
-int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
-
-/*
- * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
- * length-prefixed value from |cbs| and advances |cbs| over it. It returns one
- * on success and zero on error.
- */
-int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
-
-/*
- * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
- * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
- * returns one on success and zero on error.
- */
-int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
-
-/*
- * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
- * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
- * returns one on success and zero on error.
- */
-int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
-
-/*
- * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance
- * |cbs|. It returns one on success and zero on error.
- */
-int CBS_peek_u8(CBS *cbs, uint8_t *out);
-
-/*
- * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but
- * does not advance |cbs|. It returns one on success and zero on error.
- */
-int CBS_peek_u16(CBS *cbs, uint16_t *out);
-
-/*
- * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but
- * does not advance |cbs|. It returns one on success and zero on error.
- */
-int CBS_peek_u24(CBS *cbs, uint32_t *out);
-
-/*
- * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|,
- * but does not advance |cbs|. It returns one on success and zero on error.
- */
-int CBS_peek_u32(CBS *cbs, uint32_t *out);
-
-/*
- * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not
- * shorten |cbs|. It returns one on success and zero on error.
- */
-int CBS_peek_last_u8(CBS *cbs, uint8_t *out);
-
-
-/* Parsing ASN.1 */
-
-/*
- * While an identifier can be multiple octets, this library only handles the
- * single octet variety currently.  This limits support up to tag number 30
- * since tag number 31 is a reserved value to indicate multiple octets.
- */
-
-/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */
-#define CBS_ASN1_UNIVERSAL              0x00
-#define CBS_ASN1_APPLICATION            0x40
-#define CBS_ASN1_CONTEXT_SPECIFIC       0x80
-#define CBS_ASN1_PRIVATE                0xc0
-
-/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */
-#define CBS_ASN1_PRIMITIVE      0x00
-#define CBS_ASN1_CONSTRUCTED    0x20
-
-/*
- * Bits 5 to 1 are the tag number.  See X.680 section 8.6 for tag numbers of
- * the universal class.
- */
-
-/*
- * Common universal identifier octets.
- * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers.
- *
- * Note: These definitions are the cause of some of the strange behavior in
- * CBS's bs_ber.c.
- *
- * In BER, it is the sender's option to use primitive or constructed for
- * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1).
- *
- * In DER, bitstring and octetstring are required to be primitive
- * (X.690 section 10.2).
- */
-#define CBS_ASN1_BOOLEAN     (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1)
-#define CBS_ASN1_INTEGER     (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2)
-#define CBS_ASN1_BITSTRING   (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3)
-#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4)
-#define CBS_ASN1_OBJECT      (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6)
-#define CBS_ASN1_ENUMERATED  (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa)
-#define CBS_ASN1_SEQUENCE    (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10)
-#define CBS_ASN1_SET         (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11)
-
-/*
- * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
- * including tag and length bytes) and advances |cbs| over it. The ASN.1
- * element must match |tag_value|. It returns one on success and zero
- * on error.
- *
- * Tag numbers greater than 30 are not supported (i.e. short form only).
- */
-int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value);
-
-/*
- * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
- * ASN.1 header bytes too.
- */
-int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value);
-
-/*
- * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
- * if the next ASN.1 element on |cbs| would have tag |tag_value|. If
- * |cbs| is empty or the tag does not match, it returns zero. Note: if
- * it returns one, CBS_get_asn1 may still fail if the rest of the
- * element is malformed.
- */
-int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value);
-
-/*
- * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
- * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
- * the tag number and |*out_header_len| to the length of the ASN.1 header.
- * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore
- * the value.
- *
- * Tag numbers greater than 30 are not supported (i.e. short form only).
- */
-int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
-    size_t *out_header_len);
-
-/*
- * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
- * and sets |*out| to its value. It returns one on success and zero on error,
- * where error includes the integer being negative, or too large to represent
- * in 64 bits.
- */
-int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
-
-/*
- * CBS_get_optional_asn1 gets an optional explicitly-tagged element
- * from |cbs| tagged with |tag| and sets |*out| to its contents. If
- * present, it sets |*out_present| to one, otherwise zero. It returns
- * one on success, whether or not the element was present, and zero on
- * decode failure.
- */
-int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
-    unsigned int tag);
-
-/*
- * CBS_get_optional_asn1_octet_string gets an optional
- * explicitly-tagged OCTET STRING from |cbs|. If present, it sets
- * |*out| to the string and |*out_present| to one. Otherwise, it sets
- * |*out| to empty and |*out_present| to zero. |out_present| may be
- * NULL. It returns one on success, whether or not the element was
- * present, and zero on decode failure.
- */
-int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
-    unsigned int tag);
-
-/*
- * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
- * INTEGER from |cbs|. If present, it sets |*out| to the
- * value. Otherwise, it sets |*out| to |default_value|. It returns one
- * on success, whether or not the element was present, and zero on
- * decode failure.
- */
-int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
-    uint64_t default_value);
-
-/*
- * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
- * |cbs|. If present, it sets |*out| to either zero or one, based on the
- * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
- * success, whether or not the element was present, and zero on decode
- * failure.
- */
-int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
-    int default_value);
-
-
-/*
- * CRYPTO ByteBuilder.
- *
- * |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
- * object is associated with a buffer and new buffers are created with
- * |CBB_init|. Several |CBB| objects can point at the same buffer when a
- * length-prefix is pending, however only a single |CBB| can be 'current' at
- * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
- * the new |CBB| points at the same buffer as the original. But if the original
- * |CBB| is used then the length prefix is written out and the new |CBB| must
- * not be used again.
- *
- * If one needs to force a length prefix to be written out because a |CBB| is
- * going out of scope, use |CBB_flush|.
- */
-
-struct cbb_buffer_st {
-        uint8_t *buf;
-
-        /* The number of valid bytes. */
-        size_t len;
-
-        /* The size of buf. */
-        size_t cap;
-
-        /*
-         * One iff |buf| is owned by this object. If not then |buf| cannot be
-         * resized.
-         */
-        char can_resize;
-};
-
-typedef struct cbb_st {
-        struct cbb_buffer_st *base;
-
-        /*
-         * offset is the offset from the start of |base->buf| to the position of any
-         * pending length-prefix.
-         */
-        size_t offset;
-
-        /* child points to a child CBB if a length-prefix is pending. */
-        struct cbb_st *child;
-
-        /*
-         * pending_len_len contains the number of bytes in a pending length-prefix,
-         * or zero if no length-prefix is pending.
-         */
-        uint8_t pending_len_len;
-
-        char pending_is_asn1;
-
-        /*
-         * is_top_level is true iff this is a top-level |CBB| (as opposed to a child
-         * |CBB|). Top-level objects are valid arguments for |CBB_finish|.
-         */
-        char is_top_level;
-} CBB;
-
-/*
- * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
- * needed, the |initial_capacity| is just a hint. It returns one on success or
- * zero on error.
- */
-int CBB_init(CBB *cbb, size_t initial_capacity);
-
-/*
- * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
- * |buf| cannot grow, trying to write more than |len| bytes will cause CBB
- * functions to fail. It returns one on success or zero on error.
- */
-int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
-
-/*
- * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
- * writing to the same buffer. This should be used in an error case where a
- * serialisation is abandoned.
- */
-void CBB_cleanup(CBB *cbb);
-
-/*
- * CBB_finish completes any pending length prefix and sets |*out_data| to a
- * malloced buffer and |*out_len| to the length of that buffer. The caller
- * takes ownership of the buffer and, unless the buffer was fixed with
- * |CBB_init_fixed|, must call |free| when done.
- *
- * It can only be called on a "top level" |CBB|, i.e. one initialised with
- * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
- * error.
- */
-int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
-
-/*
- * CBB_flush causes any pending length prefixes to be written out and any child
- * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero
- * on error.
- */
-int CBB_flush(CBB *cbb);
-
-/*
- * CBB_discard_child discards the current unflushed child of |cbb|. Neither the
- * child's contents nor the length prefix will be included in the output.
- */
-void CBB_discard_child(CBB *cbb);
-
-/*
- * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
- * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
- * length. It returns one on success or zero on error.
- */
-int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
-
-/*
- * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
- * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
- * big-endian length. It returns one on success or zero on error.
- */
-int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
-
-/*
- * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
- * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
- * big-endian length. It returns one on success or zero on error.
- */
-int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
-
-/*
- * CBB_add_u32_length_prefixed sets |*out_contents| to a new child of |cbb|.
- * The data written to |*out_contents| will be prefixed in |cbb| with a 32-bit,
- * big-endian length. It returns one on success or zero on error.
- */
-int CBB_add_u32_length_prefixed(CBB *cbb, CBB *out_contents);
-
-/*
- * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
- * ASN.1 object can be written. The |tag| argument will be used as the tag for
- * the object. Passing in |tag| number 31 will return in an error since only
- * single octet identifiers are supported. It returns one on success or zero
- * on error.
- */
-int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag);
-
-/*
- * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
- * success and zero otherwise.
- */
-int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
-
-/*
- * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
- * the beginning of that space. The caller must then write |len| bytes of
- * actual contents to |*out_data|. It returns one on success and zero
- * otherwise.
- */
-int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
-
-/*
- * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
- * success and zero otherwise.
- */
-int CBB_add_u8(CBB *cbb, size_t value);
-
-/*
- * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It
- * returns one on success and zero otherwise.
- */
-int CBB_add_u16(CBB *cbb, size_t value);
-
-/*
- * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
- * returns one on success and zero otherwise.
- */
-int CBB_add_u24(CBB *cbb, size_t value);
-
-/*
- * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It
- * returns one on success and zero otherwise.
- */
-int CBB_add_u32(CBB *cbb, size_t value);
-
-/*
- * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It
- * returns one on success and zero otherwise.
- */
-int CBB_add_u64(CBB *cbb, uint64_t value);
-
-/*
- * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
- * and writes |value| in its contents. It returns one on success and zero on
- * error.
- */
-int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
-
-#ifdef LIBRESSL_INTERNAL
-/*
- * CBS_dup sets |out| to point to cbs's |data| and |len|.  It results in two
- * CBS that point to the same buffer.
- */
-void CBS_dup(const CBS *cbs, CBS *out);
-
-/*
- * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
- * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
- * the tag number and |*out_header_len| to the length of the ASN.1 header. If
- * strict mode is disabled and the element has indefinite length then |*out|
- * will only contain the header. Each of |out|, |out_tag|, and
- * |out_header_len| may be NULL to ignore the value.
- *
- * Tag numbers greater than 30 are not supported (i.e. short form only).
- */
-int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
-    size_t *out_header_len, int strict);
-
-/*
- * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it
- * finds indefinite-length elements that otherwise appear to be valid DER, it
- * attempts to convert the DER-like data to DER and sets |*out| and
- * |*out_length| to describe a malloced buffer containing the DER data.
- * Additionally, |*in| will be advanced over the ASN.1 data.
- *
- * If it doesn't find any indefinite-length elements then it sets |*out| to
- * NULL and |*in| is unmodified.
- *
- * This is NOT a conversion from BER to DER.  There are many restrictions when
- * dealing with DER data.  This is only concerned with one: indefinite vs.
- * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output
- * from NSS.
- *
- * It returns one on success and zero otherwise.
- */
-int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
-#endif /* LIBRESSL_INTERNAL */
-
-__END_HIDDEN_DECLS
-
-#endif  /* OPENSSL_HEADER_BYTESTRING_H */
diff --git a/src/lib/libssl/d1_both.c b/src/lib/libssl/d1_both.c
deleted file mode 100644
index e144d8f533..0000000000
--- a/src/lib/libssl/d1_both.c
+++ /dev/null
@@ -1,1198 +0,0 @@
-/* $OpenBSD: d1_both.c,v 1.85 2025/03/09 15:12:18 tb Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "pqueue.h"
-#include "ssl_local.h"
-
-#define RSMBLY_BITMASK_SIZE(msg_len) (((msg_len) + 7) / 8)
-
-#define RSMBLY_BITMASK_MARK(bitmask, start, end) { \
-                        if ((end) - (start) <= 8) { \
-                                long ii; \
-                                for (ii = (start); ii < (end); ii++) bitmask[((ii) >> 3)] |= (1 << ((ii) & 7)); \
-                        } else { \
-                                long ii; \
-                                bitmask[((start) >> 3)] |= bitmask_start_values[((start) & 7)]; \
-                                for (ii = (((start) >> 3) + 1); ii < ((((end) - 1)) >> 3); ii++) bitmask[ii] = 0xff; \
-                                bitmask[(((end) - 1) >> 3)] |= bitmask_end_values[((end) & 7)]; \
-                        } }
-
-#define RSMBLY_BITMASK_IS_COMPLETE(bitmask, msg_len, is_complete) { \
-                        long ii; \
-                        OPENSSL_assert((msg_len) > 0); \
-                        is_complete = 1; \
-                        if (bitmask[(((msg_len) - 1) >> 3)] != bitmask_end_values[((msg_len) & 7)]) is_complete = 0; \
-                        if (is_complete) for (ii = (((msg_len) - 1) >> 3) - 1; ii >= 0 ; ii--) \
-                                if (bitmask[ii] != 0xff) { is_complete = 0; break; } }
-
-static const unsigned char bitmask_start_values[] = {
-        0xff, 0xfe, 0xfc, 0xf8, 0xf0, 0xe0, 0xc0, 0x80
-};
-static const unsigned char bitmask_end_values[] = {
-        0xff, 0x01, 0x03, 0x07, 0x0f, 0x1f, 0x3f, 0x7f
-};
-
-/* XDTLS:  figure out the right values */
-static const unsigned int g_probable_mtu[] = {1500 - 28, 512 - 28, 256 - 28};
-
-static unsigned int dtls1_guess_mtu(unsigned int curr_mtu);
-static void dtls1_fix_message_header(SSL *s, unsigned long frag_off,
-    unsigned long frag_len);
-static int dtls1_write_message_header(const struct hm_header_st *msg_hdr,
-    unsigned long frag_off, unsigned long frag_len, unsigned char *p);
-static long dtls1_get_message_fragment(SSL *s, int st1, int stn, long max,
-    int *ok);
-
-void dtls1_hm_fragment_free(hm_fragment *frag);
-
-static hm_fragment *
-dtls1_hm_fragment_new(unsigned long frag_len, int reassembly)
-{
-        hm_fragment *frag;
-
-        if ((frag = calloc(1, sizeof(*frag))) == NULL)
-                goto err;
-
-        if (frag_len > 0) {
-                if ((frag->fragment = calloc(1, frag_len)) == NULL)
-                        goto err;
-        }
-
-        /* Initialize reassembly bitmask if necessary. */
-        if (reassembly) {
-                if ((frag->reassembly = calloc(1,
-                    RSMBLY_BITMASK_SIZE(frag_len))) == NULL)
-                        goto err;
-        }
-
-        return frag;
-
- err:
-        dtls1_hm_fragment_free(frag);
-        return NULL;
-}
-
-void
-dtls1_hm_fragment_free(hm_fragment *frag)
-{
-        if (frag == NULL)
-                return;
-
-        free(frag->fragment);
-        free(frag->reassembly);
-        free(frag);
-}
-
-/* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */
-int
-dtls1_do_write(SSL *s, int type)
-{
-        int ret;
-        int curr_mtu;
-        unsigned int len, frag_off;
-        size_t overhead;
-
-        /* AHA!  Figure out the MTU, and stick to the right size */
-        if (s->d1->mtu < dtls1_min_mtu() &&
-            !(SSL_get_options(s) & SSL_OP_NO_QUERY_MTU)) {
-                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
-                    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-
-                /*
-                 * I've seen the kernel return bogus numbers when it
-                 * doesn't know the MTU (ie., the initial write), so just
-                 * make sure we have a reasonable number
-                 */
-                if (s->d1->mtu < dtls1_min_mtu()) {
-                        s->d1->mtu = 0;
-                        s->d1->mtu = dtls1_guess_mtu(s->d1->mtu);
-                        BIO_ctrl(SSL_get_wbio(s), BIO_CTRL_DGRAM_SET_MTU,
-                            s->d1->mtu, NULL);
-                }
-        }
-
-        OPENSSL_assert(s->d1->mtu >= dtls1_min_mtu());
-        /* should have something reasonable now */
-
-        if (s->init_off == 0  && type == SSL3_RT_HANDSHAKE)
-                OPENSSL_assert(s->init_num ==
-                    (int)s->d1->w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH);
-
-        if (!tls12_record_layer_write_overhead(s->rl, &overhead))
-                return -1;
-
-        frag_off = 0;
-        while (s->init_num) {
-                curr_mtu = s->d1->mtu - BIO_wpending(SSL_get_wbio(s)) -
-                    DTLS1_RT_HEADER_LENGTH - overhead;
-
-                if (curr_mtu <= DTLS1_HM_HEADER_LENGTH) {
-                        /* grr.. we could get an error if MTU picked was wrong */
-                        ret = BIO_flush(SSL_get_wbio(s));
-                        if (ret <= 0)
-                                return ret;
-                        curr_mtu = s->d1->mtu - DTLS1_RT_HEADER_LENGTH -
-                            overhead;
-                }
-
-                if (s->init_num > curr_mtu)
-                        len = curr_mtu;
-                else
-                        len = s->init_num;
-
-                /* XDTLS: this function is too long.  split out the CCS part */
-                if (type == SSL3_RT_HANDSHAKE) {
-                        if (s->init_off != 0) {
-                                OPENSSL_assert(s->init_off > DTLS1_HM_HEADER_LENGTH);
-                                s->init_off -= DTLS1_HM_HEADER_LENGTH;
-                                s->init_num += DTLS1_HM_HEADER_LENGTH;
-
-                                if (s->init_num > curr_mtu)
-                                        len = curr_mtu;
-                                else
-                                        len = s->init_num;
-                        }
-
-                        dtls1_fix_message_header(s, frag_off,
-                            len - DTLS1_HM_HEADER_LENGTH);
-
-                        if (!dtls1_write_message_header(&s->d1->w_msg_hdr,
-                            s->d1->w_msg_hdr.frag_off, s->d1->w_msg_hdr.frag_len,
-                            (unsigned char *)&s->init_buf->data[s->init_off]))
-                                return -1;
-
-                        OPENSSL_assert(len >= DTLS1_HM_HEADER_LENGTH);
-                }
-
-                ret = dtls1_write_bytes(s, type,
-                    &s->init_buf->data[s->init_off], len);
-                if (ret < 0) {
-                        /*
-                         * Might need to update MTU here, but we don't know
-                         * which previous packet caused the failure -- so
-                         * can't really retransmit anything.  continue as
-                         * if everything is fine and wait for an alert to
-                         * handle the retransmit
-                         */
-                        if (BIO_ctrl(SSL_get_wbio(s),
-                            BIO_CTRL_DGRAM_MTU_EXCEEDED, 0, NULL) > 0)
-                                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
-                                    BIO_CTRL_DGRAM_QUERY_MTU, 0, NULL);
-                        else
-                                return (-1);
-                } else {
-
-                        /*
-                         * Bad if this assert fails, only part of the
-                         * handshake message got sent.  but why would
-                         * this happen?
-                         */
-                        OPENSSL_assert(len == (unsigned int)ret);
-
-                        if (type == SSL3_RT_HANDSHAKE &&
-                            !s->d1->retransmitting) {
-                                /*
-                                 * Should not be done for 'Hello Request's,
-                                 * but in that case we'll ignore the result
-                                 * anyway
-                                 */
-                                unsigned char *p = (unsigned char *)&s->init_buf->data[s->init_off];
-                                const struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-                                int xlen;
-
-                                if (frag_off == 0) {
-                                        /*
-                                         * Reconstruct message header is if it
-                                         * is being sent in single fragment
-                                         */
-                                        if (!dtls1_write_message_header(msg_hdr,
-                                            0, msg_hdr->msg_len, p))
-                                                return (-1);
-                                        xlen = ret;
-                                } else {
-                                        p += DTLS1_HM_HEADER_LENGTH;
-                                        xlen = ret - DTLS1_HM_HEADER_LENGTH;
-                                }
-
-                                tls1_transcript_record(s, p, xlen);
-                        }
-
-                        if (ret == s->init_num) {
-                                if (s->msg_callback)
-                                        s->msg_callback(1, s->version, type,
-                                            s->init_buf->data,
-                                            (size_t)(s->init_off + s->init_num),
-                                            s, s->msg_callback_arg);
-
-                                s->init_off = 0;
-                                /* done writing this message */
-                                s->init_num = 0;
-
-                                return (1);
-                        }
-                        s->init_off += ret;
-                        s->init_num -= ret;
-                        frag_off += (ret -= DTLS1_HM_HEADER_LENGTH);
-                }
-        }
-        return (0);
-}
-
-
-/*
- * Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * Read an entire handshake message.  Handshake messages arrive in
- * fragments.
- */
-int
-dtls1_get_message(SSL *s, int st1, int stn, int mt, long max)
-{
-        struct hm_header_st *msg_hdr;
-        unsigned char *p;
-        unsigned long msg_len;
-        int i, al, ok;
-
-        /*
-         * s3->tmp is used to store messages that are unexpected, caused
-         * by the absence of an optional handshake message
-         */
-        if (s->s3->hs.tls12.reuse_message) {
-                s->s3->hs.tls12.reuse_message = 0;
-                if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        goto fatal_err;
-                }
-                s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-                s->init_num = (int)s->s3->hs.tls12.message_size;
-                return 1;
-        }
-
-        msg_hdr = &s->d1->r_msg_hdr;
-        memset(msg_hdr, 0, sizeof(struct hm_header_st));
-
- again:
-        i = dtls1_get_message_fragment(s, st1, stn, max, &ok);
-        if (i == DTLS1_HM_BAD_FRAGMENT ||
-            i == DTLS1_HM_FRAGMENT_RETRY)  /* bad fragment received */
-                goto again;
-        else if (i <= 0 && !ok)
-                return i;
-
-        p = (unsigned char *)s->init_buf->data;
-        msg_len = msg_hdr->msg_len;
-
-        /* reconstruct message header */
-        if (!dtls1_write_message_header(msg_hdr, 0, msg_len, p))
-                return -1;
-
-        msg_len += DTLS1_HM_HEADER_LENGTH;
-
-        tls1_transcript_record(s, p, msg_len);
-        if (s->msg_callback)
-                s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, msg_len,
-                    s, s->msg_callback_arg);
-
-        memset(msg_hdr, 0, sizeof(struct hm_header_st));
-
-        /* Don't change sequence numbers while listening */
-        if (!s->d1->listen)
-                s->d1->handshake_read_seq++;
-
-        s->init_msg = s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-        return 1;
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-}
-
-static int
-dtls1_preprocess_fragment(SSL *s, struct hm_header_st *msg_hdr, int max)
-{
-        size_t frag_off, frag_len, msg_len;
-
-        msg_len = msg_hdr->msg_len;
-        frag_off = msg_hdr->frag_off;
-        frag_len = msg_hdr->frag_len;
-
-        /* sanity checking */
-        if ((frag_off + frag_len) > msg_len) {
-                SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-                return SSL_AD_ILLEGAL_PARAMETER;
-        }
-
-        if ((frag_off + frag_len) > (unsigned long)max) {
-                SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-                return SSL_AD_ILLEGAL_PARAMETER;
-        }
-
-        if ( s->d1->r_msg_hdr.frag_off == 0) /* first fragment */
-        {
-                /*
-                 * msg_len is limited to 2^24, but is effectively checked
-                 * against max above
-                 */
-                if (!BUF_MEM_grow_clean(s->init_buf,
-                    msg_len + DTLS1_HM_HEADER_LENGTH)) {
-                        SSLerror(s, ERR_R_BUF_LIB);
-                        return SSL_AD_INTERNAL_ERROR;
-                }
-
-                s->s3->hs.tls12.message_size = msg_len;
-                s->d1->r_msg_hdr.msg_len = msg_len;
-                s->s3->hs.tls12.message_type = msg_hdr->type;
-                s->d1->r_msg_hdr.type = msg_hdr->type;
-                s->d1->r_msg_hdr.seq = msg_hdr->seq;
-        } else if (msg_len != s->d1->r_msg_hdr.msg_len) {
-                /*
-                 * They must be playing with us! BTW, failure to enforce
-                 * upper limit would open possibility for buffer overrun.
-                 */
-                SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-                return SSL_AD_ILLEGAL_PARAMETER;
-        }
-
-        return 0; /* no error */
-}
-
-static int
-dtls1_retrieve_buffered_fragment(SSL *s, long max, int *ok)
-{
-        /*
-         * (0) check whether the desired fragment is available
-         * if so:
-         * (1) copy over the fragment to s->init_buf->data[]
-         * (2) update s->init_num
-         */
-        pitem *item;
-        hm_fragment *frag;
-        int al;
-
-        *ok = 0;
-        item = pqueue_peek(s->d1->buffered_messages);
-        if (item == NULL)
-                return 0;
-
-        frag = (hm_fragment *)item->data;
-
-        /* Don't return if reassembly still in progress */
-        if (frag->reassembly != NULL)
-                return 0;
-
-        if (s->d1->handshake_read_seq == frag->msg_header.seq) {
-                unsigned long frag_len = frag->msg_header.frag_len;
-                pqueue_pop(s->d1->buffered_messages);
-
-                al = dtls1_preprocess_fragment(s, &frag->msg_header, max);
-
-                if (al == 0) /* no alert */
-                {
-                        unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-                        memcpy(&p[frag->msg_header.frag_off],
-                            frag->fragment, frag->msg_header.frag_len);
-                }
-
-                dtls1_hm_fragment_free(frag);
-                pitem_free(item);
-
-                if (al == 0) {
-                        *ok = 1;
-                        return frag_len;
-                }
-
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                s->init_num = 0;
-                *ok = 0;
-                return -1;
-        } else
-                return 0;
-}
-
-/*
- * dtls1_max_handshake_message_len returns the maximum number of bytes
- * permitted in a DTLS handshake message for |s|. The minimum is 16KB,
- * but may be greater if the maximum certificate list size requires it.
- */
-static unsigned long
-dtls1_max_handshake_message_len(const SSL *s)
-{
-        unsigned long max_len;
-
-        max_len = DTLS1_HM_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH;
-        if (max_len < (unsigned long)s->max_cert_list)
-                return s->max_cert_list;
-        return max_len;
-}
-
-static int
-dtls1_reassemble_fragment(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-{
-        hm_fragment *frag = NULL;
-        pitem *item = NULL;
-        int i = -1, is_complete;
-        unsigned char seq64be[8];
-        unsigned long frag_len = msg_hdr->frag_len;
-
-        if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len ||
-            msg_hdr->msg_len > dtls1_max_handshake_message_len(s))
-                goto err;
-
-        if (frag_len == 0) {
-                i = DTLS1_HM_FRAGMENT_RETRY;
-                goto err;
-        }
-
-        /* Try to find item in queue */
-        memset(seq64be, 0, sizeof(seq64be));
-        seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
-        seq64be[7] = (unsigned char)msg_hdr->seq;
-        item = pqueue_find(s->d1->buffered_messages, seq64be);
-
-        if (item == NULL) {
-                frag = dtls1_hm_fragment_new(msg_hdr->msg_len, 1);
-                if (frag == NULL)
-                        goto err;
-                memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-                frag->msg_header.frag_len = frag->msg_header.msg_len;
-                frag->msg_header.frag_off = 0;
-        } else {
-                frag = (hm_fragment*)item->data;
-                if (frag->msg_header.msg_len != msg_hdr->msg_len) {
-                        item = NULL;
-                        frag = NULL;
-                        goto err;
-                }
-        }
-
-        /*
-         * If message is already reassembled, this must be a
-         * retransmit and can be dropped.
-         */
-        if (frag->reassembly == NULL) {
-                unsigned char devnull [256];
-
-                while (frag_len) {
-                        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                            devnull, frag_len > sizeof(devnull) ?
-                            sizeof(devnull) : frag_len, 0);
-                        if (i <= 0)
-                                goto err;
-                        frag_len -= i;
-                }
-                i = DTLS1_HM_FRAGMENT_RETRY;
-                goto err;
-        }
-
-        /* read the body of the fragment (header has already been read */
-        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-            frag->fragment + msg_hdr->frag_off, frag_len, 0);
-        if (i <= 0 || (unsigned long)i != frag_len)
-                goto err;
-
-        RSMBLY_BITMASK_MARK(frag->reassembly, (long)msg_hdr->frag_off,
-            (long)(msg_hdr->frag_off + frag_len));
-
-        RSMBLY_BITMASK_IS_COMPLETE(frag->reassembly, (long)msg_hdr->msg_len,
-            is_complete);
-
-        if (is_complete) {
-                free(frag->reassembly);
-                frag->reassembly = NULL;
-        }
-
-        if (item == NULL) {
-                memset(seq64be, 0, sizeof(seq64be));
-                seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
-                seq64be[7] = (unsigned char)(msg_hdr->seq);
-
-                item = pitem_new(seq64be, frag);
-                if (item == NULL) {
-                        i = -1;
-                        goto err;
-                }
-
-                pqueue_insert(s->d1->buffered_messages, item);
-        }
-
-        return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
-        if (item == NULL && frag != NULL)
-                dtls1_hm_fragment_free(frag);
-        *ok = 0;
-        return i;
-}
-
-
-static int
-dtls1_process_out_of_seq_message(SSL *s, struct hm_header_st* msg_hdr, int *ok)
-{
-        int i = -1;
-        hm_fragment *frag = NULL;
-        pitem *item = NULL;
-        unsigned char seq64be[8];
-        unsigned long frag_len = msg_hdr->frag_len;
-
-        if ((msg_hdr->frag_off + frag_len) > msg_hdr->msg_len)
-                goto err;
-
-        /* Try to find item in queue, to prevent duplicate entries */
-        memset(seq64be, 0, sizeof(seq64be));
-        seq64be[6] = (unsigned char) (msg_hdr->seq >> 8);
-        seq64be[7] = (unsigned char) msg_hdr->seq;
-        item = pqueue_find(s->d1->buffered_messages, seq64be);
-
-        /*
-         * If we already have an entry and this one is a fragment,
-         * don't discard it and rather try to reassemble it.
-         */
-        if (item != NULL && frag_len < msg_hdr->msg_len)
-                item = NULL;
-
-        /*
-         * Discard the message if sequence number was already there, is
-         * too far in the future, already in the queue or if we received
-         * a FINISHED before the SERVER_HELLO, which then must be a stale
-         * retransmit.
-         */
-        if (msg_hdr->seq <= s->d1->handshake_read_seq ||
-            msg_hdr->seq > s->d1->handshake_read_seq + 10 || item != NULL ||
-            (s->d1->handshake_read_seq == 0 &&
-            msg_hdr->type == SSL3_MT_FINISHED)) {
-                unsigned char devnull [256];
-
-                while (frag_len) {
-                        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                            devnull, frag_len > sizeof(devnull) ?
-                            sizeof(devnull) : frag_len, 0);
-                        if (i <= 0)
-                                goto err;
-                        frag_len -= i;
-                }
-        } else {
-                if (frag_len < msg_hdr->msg_len)
-                        return dtls1_reassemble_fragment(s, msg_hdr, ok);
-
-                if (frag_len > dtls1_max_handshake_message_len(s))
-                        goto err;
-
-                frag = dtls1_hm_fragment_new(frag_len, 0);
-                if (frag == NULL)
-                        goto err;
-
-                memcpy(&(frag->msg_header), msg_hdr, sizeof(*msg_hdr));
-
-                if (frag_len) {
-                        /* read the body of the fragment (header has already been read */
-                        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                            frag->fragment, frag_len, 0);
-                        if (i <= 0 || (unsigned long)i != frag_len)
-                                goto err;
-                }
-
-                memset(seq64be, 0, sizeof(seq64be));
-                seq64be[6] = (unsigned char)(msg_hdr->seq >> 8);
-                seq64be[7] = (unsigned char)(msg_hdr->seq);
-
-                item = pitem_new(seq64be, frag);
-                if (item == NULL)
-                        goto err;
-
-                pqueue_insert(s->d1->buffered_messages, item);
-        }
-
-        return DTLS1_HM_FRAGMENT_RETRY;
-
- err:
-        if (item == NULL && frag != NULL)
-                dtls1_hm_fragment_free(frag);
-        *ok = 0;
-        return i;
-}
-
-
-static long
-dtls1_get_message_fragment(SSL *s, int st1, int stn, long max, int *ok)
-{
-        unsigned char wire[DTLS1_HM_HEADER_LENGTH];
-        unsigned long len, frag_off, frag_len;
-        struct hm_header_st msg_hdr;
-        int i, al;
-        CBS cbs;
-
- again:
-        /* see if we have the required fragment already */
-        if ((frag_len = dtls1_retrieve_buffered_fragment(s, max, ok)) || *ok) {
-                if (*ok)
-                        s->init_num = frag_len;
-                return frag_len;
-        }
-
-        /* read handshake message header */
-        i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE, wire,
-            DTLS1_HM_HEADER_LENGTH, 0);
-        if (i <= 0) {
-                /* nbio, or an error */
-                s->rwstate = SSL_READING;
-                *ok = 0;
-                return i;
-        }
-
-        CBS_init(&cbs, wire, i);
-        if (!dtls1_get_message_header(&cbs, &msg_hdr)) {
-                /* Handshake fails if message header is incomplete. */
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                goto fatal_err;
-        }
-
-        /*
-         * if this is a future (or stale) message it gets buffered
-         * (or dropped)--no further processing at this time
-         * While listening, we accept seq 1 (ClientHello with cookie)
-         * although we're still expecting seq 0 (ClientHello)
-         */
-        if (msg_hdr.seq != s->d1->handshake_read_seq &&
-            !(s->d1->listen && msg_hdr.seq == 1))
-                return dtls1_process_out_of_seq_message(s, &msg_hdr, ok);
-
-        len = msg_hdr.msg_len;
-        frag_off = msg_hdr.frag_off;
-        frag_len = msg_hdr.frag_len;
-
-        if (frag_len && frag_len < len)
-                return dtls1_reassemble_fragment(s, &msg_hdr, ok);
-
-        if (!s->server && s->d1->r_msg_hdr.frag_off == 0 &&
-            wire[0] == SSL3_MT_HELLO_REQUEST) {
-                /*
-                 * The server may always send 'Hello Request' messages --
-                 * we are doing a handshake anyway now, so ignore them
-                 * if their format is correct. Does not count for
-                 * 'Finished' MAC.
-                 */
-                if (wire[1] == 0 && wire[2] == 0 && wire[3] == 0) {
-                        if (s->msg_callback)
-                                s->msg_callback(0, s->version,
-                                    SSL3_RT_HANDSHAKE, wire,
-                                    DTLS1_HM_HEADER_LENGTH, s,
-                                    s->msg_callback_arg);
-
-                        s->init_num = 0;
-                        goto again;
-                }
-                else /* Incorrectly formatted Hello request */
-                {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        goto fatal_err;
-                }
-        }
-
-        if ((al = dtls1_preprocess_fragment(s, &msg_hdr, max)))
-                goto fatal_err;
-
-        /* XDTLS:  resurrect this when restart is in place */
-        s->s3->hs.state = stn;
-
-        if (frag_len > 0) {
-                unsigned char *p = (unsigned char *)s->init_buf->data + DTLS1_HM_HEADER_LENGTH;
-
-                i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                    &p[frag_off], frag_len, 0);
-                /* XDTLS:  fix this--message fragments cannot span multiple packets */
-                if (i <= 0) {
-                        s->rwstate = SSL_READING;
-                        *ok = 0;
-                        return i;
-                }
-        } else
-                i = 0;
-
-        /*
-         * XDTLS:  an incorrectly formatted fragment should cause the
-         * handshake to fail
-         */
-        if (i != (int)frag_len) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER);
-                goto fatal_err;
-        }
-
-        /*
-         * Note that s->init_num is *not* used as current offset in
-         * s->init_buf->data, but as a counter summing up fragments'
-         * lengths: as soon as they sum up to handshake packet
-         * length, we assume we have got all the fragments.
-         */
-        s->init_num = frag_len;
-        *ok = 1;
-        return frag_len;
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        s->init_num = 0;
-
-        *ok = 0;
-        return (-1);
-}
-
-int
-dtls1_read_failed(SSL *s, int code)
-{
-        if (code > 0) {
-#ifdef DEBUG
-                fprintf(stderr, "invalid state reached %s:%d",
-                    OPENSSL_FILE, OPENSSL_LINE);
-#endif
-                return 1;
-        }
-
-        if (!dtls1_is_timer_expired(s)) {
-                /*
-                 * not a timeout, none of our business, let higher layers
-                 * handle this.  in fact it's probably an error
-                 */
-                return code;
-        }
-
-        if (!SSL_in_init(s))  /* done, no need to send a retransmit */
-        {
-                BIO_set_flags(SSL_get_rbio(s), BIO_FLAGS_READ);
-                return code;
-        }
-
-        return dtls1_handle_timeout(s);
-}
-
-int
-dtls1_get_queue_priority(unsigned short seq, int is_ccs)
-{
-        /*
-         * The index of the retransmission queue actually is the message
-         * sequence number, since the queue only contains messages of a
-         * single handshake. However, the ChangeCipherSpec has no message
-         * sequence number and so using only the sequence will result in
-         * the CCS and Finished having the same index. To prevent this, the
-         * sequence number is multiplied by 2. In case of a CCS 1 is
-         * subtracted.  This does not only differ CSS and Finished, it also
-         * maintains the order of the index (important for priority queues)
-         * and fits in the unsigned short variable.
-         */
-        return seq * 2 - is_ccs;
-}
-
-int
-dtls1_retransmit_buffered_messages(SSL *s)
-{
-        pqueue sent = s->d1->sent_messages;
-        piterator iter;
-        pitem *item;
-        hm_fragment *frag;
-        int found = 0;
-
-        iter = pqueue_iterator(sent);
-
-        for (item = pqueue_next(&iter); item != NULL;
-            item = pqueue_next(&iter)) {
-                frag = (hm_fragment *)item->data;
-                if (dtls1_retransmit_message(s,
-                    (unsigned short)dtls1_get_queue_priority(
-                    frag->msg_header.seq, frag->msg_header.is_ccs), 0,
-                    &found) <= 0 && found) {
-#ifdef DEBUG
-                        fprintf(stderr, "dtls1_retransmit_message() failed\n");
-#endif
-                        return -1;
-                }
-        }
-
-        return 1;
-}
-
-int
-dtls1_buffer_message(SSL *s, int is_ccs)
-{
-        pitem *item;
-        hm_fragment *frag;
-        unsigned char seq64be[8];
-
-        /* Buffer the message in order to handle DTLS retransmissions. */
-
-        /*
-         * This function is called immediately after a message has
-         * been serialized
-         */
-        OPENSSL_assert(s->init_off == 0);
-
-        frag = dtls1_hm_fragment_new(s->init_num, 0);
-        if (frag == NULL)
-                return 0;
-
-        memcpy(frag->fragment, s->init_buf->data, s->init_num);
-
-        OPENSSL_assert(s->d1->w_msg_hdr.msg_len +
-            (is_ccs ? DTLS1_CCS_HEADER_LENGTH : DTLS1_HM_HEADER_LENGTH) ==
-            (unsigned int)s->init_num);
-
-        frag->msg_header.msg_len = s->d1->w_msg_hdr.msg_len;
-        frag->msg_header.seq = s->d1->w_msg_hdr.seq;
-        frag->msg_header.type = s->d1->w_msg_hdr.type;
-        frag->msg_header.frag_off = 0;
-        frag->msg_header.frag_len = s->d1->w_msg_hdr.msg_len;
-        frag->msg_header.is_ccs = is_ccs;
-
-        /* save current state*/
-        frag->msg_header.saved_retransmit_state.session = s->session;
-        frag->msg_header.saved_retransmit_state.epoch =
-            tls12_record_layer_write_epoch(s->rl);
-
-        memset(seq64be, 0, sizeof(seq64be));
-        seq64be[6] = (unsigned char)(dtls1_get_queue_priority(
-            frag->msg_header.seq, frag->msg_header.is_ccs) >> 8);
-        seq64be[7] = (unsigned char)(dtls1_get_queue_priority(
-            frag->msg_header.seq, frag->msg_header.is_ccs));
-
-        item = pitem_new(seq64be, frag);
-        if (item == NULL) {
-                dtls1_hm_fragment_free(frag);
-                return 0;
-        }
-
-        pqueue_insert(s->d1->sent_messages, item);
-        return 1;
-}
-
-int
-dtls1_retransmit_message(SSL *s, unsigned short seq, unsigned long frag_off,
-    int *found)
-{
-        int ret;
-        /* XDTLS: for now assuming that read/writes are blocking */
-        pitem *item;
-        hm_fragment *frag;
-        unsigned long header_length;
-        unsigned char seq64be[8];
-        struct dtls1_retransmit_state saved_state;
-
-        /*
-          OPENSSL_assert(s->init_num == 0);
-          OPENSSL_assert(s->init_off == 0);
-         */
-
-        /* XDTLS:  the requested message ought to be found, otherwise error */
-        memset(seq64be, 0, sizeof(seq64be));
-        seq64be[6] = (unsigned char)(seq >> 8);
-        seq64be[7] = (unsigned char)seq;
-
-        item = pqueue_find(s->d1->sent_messages, seq64be);
-        if (item == NULL) {
-#ifdef DEBUG
-                fprintf(stderr, "retransmit:  message %d non-existent\n", seq);
-#endif
-                *found = 0;
-                return 0;
-        }
-
-        *found = 1;
-        frag = (hm_fragment *)item->data;
-
-        if (frag->msg_header.is_ccs)
-                header_length = DTLS1_CCS_HEADER_LENGTH;
-        else
-                header_length = DTLS1_HM_HEADER_LENGTH;
-
-        memcpy(s->init_buf->data, frag->fragment,
-            frag->msg_header.msg_len + header_length);
-        s->init_num = frag->msg_header.msg_len + header_length;
-
-        dtls1_set_message_header_int(s, frag->msg_header.type,
-            frag->msg_header.msg_len, frag->msg_header.seq, 0,
-            frag->msg_header.frag_len);
-
-        /* save current state */
-        saved_state.session = s->session;
-        saved_state.epoch = tls12_record_layer_write_epoch(s->rl);
-
-        s->d1->retransmitting = 1;
-
-        /* restore state in which the message was originally sent */
-        s->session = frag->msg_header.saved_retransmit_state.session;
-        if (!tls12_record_layer_use_write_epoch(s->rl,
-            frag->msg_header.saved_retransmit_state.epoch))
-                return 0;
-
-        ret = dtls1_do_write(s, frag->msg_header.is_ccs ?
-            SSL3_RT_CHANGE_CIPHER_SPEC : SSL3_RT_HANDSHAKE);
-
-        /* restore current state */
-        s->session = saved_state.session;
-        if (!tls12_record_layer_use_write_epoch(s->rl,
-            saved_state.epoch))
-                return 0;
-
-        s->d1->retransmitting = 0;
-
-        (void)BIO_flush(SSL_get_wbio(s));
-        return ret;
-}
-
-/* call this function when the buffered messages are no longer needed */
-void
-dtls1_clear_record_buffer(SSL *s)
-{
-        hm_fragment *frag;
-        pitem *item;
-
-        for(item = pqueue_pop(s->d1->sent_messages); item != NULL;
-            item = pqueue_pop(s->d1->sent_messages)) {
-                frag = item->data;
-                if (frag->msg_header.is_ccs)
-                        tls12_record_layer_write_epoch_done(s->rl,
-                            frag->msg_header.saved_retransmit_state.epoch);
-                dtls1_hm_fragment_free(frag);
-                pitem_free(item);
-        }
-}
-
-void
-dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
-    unsigned long frag_off, unsigned long frag_len)
-{
-        /* Don't change sequence numbers while listening */
-        if (frag_off == 0 && !s->d1->listen) {
-                s->d1->handshake_write_seq = s->d1->next_handshake_write_seq;
-                s->d1->next_handshake_write_seq++;
-        }
-
-        dtls1_set_message_header_int(s, mt, len, s->d1->handshake_write_seq,
-            frag_off, frag_len);
-}
-
-/* don't actually do the writing, wait till the MTU has been retrieved */
-void
-dtls1_set_message_header_int(SSL *s, unsigned char mt, unsigned long len,
-    unsigned short seq_num, unsigned long frag_off, unsigned long frag_len)
-{
-        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-        msg_hdr->type = mt;
-        msg_hdr->msg_len = len;
-        msg_hdr->seq = seq_num;
-        msg_hdr->frag_off = frag_off;
-        msg_hdr->frag_len = frag_len;
-}
-
-static void
-dtls1_fix_message_header(SSL *s, unsigned long frag_off, unsigned long frag_len)
-{
-        struct hm_header_st *msg_hdr = &s->d1->w_msg_hdr;
-
-        msg_hdr->frag_off = frag_off;
-        msg_hdr->frag_len = frag_len;
-}
-
-static int
-dtls1_write_message_header(const struct hm_header_st *msg_hdr,
-    unsigned long frag_off, unsigned long frag_len, unsigned char *p)
-{
-        CBB cbb;
-
-        /* We assume DTLS1_HM_HEADER_LENGTH bytes are available for now... */
-        if (!CBB_init_fixed(&cbb, p, DTLS1_HM_HEADER_LENGTH))
-                return 0;
-        if (!CBB_add_u8(&cbb, msg_hdr->type))
-                goto err;
-        if (!CBB_add_u24(&cbb, msg_hdr->msg_len))
-                goto err;
-        if (!CBB_add_u16(&cbb, msg_hdr->seq))
-                goto err;
-        if (!CBB_add_u24(&cbb, frag_off))
-                goto err;
-        if (!CBB_add_u24(&cbb, frag_len))
-                goto err;
-        if (!CBB_finish(&cbb, NULL, NULL))
-                goto err;
-
-        return 1;
-
- err:
-        CBB_cleanup(&cbb);
-        return 0;
-}
-
-unsigned int
-dtls1_min_mtu(void)
-{
-        return (g_probable_mtu[(sizeof(g_probable_mtu) /
-            sizeof(g_probable_mtu[0])) - 1]);
-}
-
-static unsigned int
-dtls1_guess_mtu(unsigned int curr_mtu)
-{
-        unsigned int i;
-
-        if (curr_mtu == 0)
-                return g_probable_mtu[0];
-
-        for (i = 0; i < sizeof(g_probable_mtu) / sizeof(g_probable_mtu[0]); i++)
-                if (curr_mtu > g_probable_mtu[i])
-                        return g_probable_mtu[i];
-
-        return curr_mtu;
-}
-
-int
-dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr)
-{
-        uint32_t msg_len, frag_off, frag_len;
-        uint16_t seq;
-        uint8_t type;
-
-        memset(msg_hdr, 0, sizeof(*msg_hdr));
-
-        if (!CBS_get_u8(header, &type))
-                return 0;
-        if (!CBS_get_u24(header, &msg_len))
-                return 0;
-        if (!CBS_get_u16(header, &seq))
-                return 0;
-        if (!CBS_get_u24(header, &frag_off))
-                return 0;
-        if (!CBS_get_u24(header, &frag_len))
-                return 0;
-
-        msg_hdr->type = type;
-        msg_hdr->msg_len = msg_len;
-        msg_hdr->seq = seq;
-        msg_hdr->frag_off = frag_off;
-        msg_hdr->frag_len = frag_len;
-
-        return 1;
-}
diff --git a/src/lib/libssl/d1_lib.c b/src/lib/libssl/d1_lib.c
deleted file mode 100644
index 69db8a0df4..0000000000
--- a/src/lib/libssl/d1_lib.c
+++ /dev/null
@@ -1,414 +0,0 @@
-/* $OpenBSD: d1_lib.c,v 1.65 2024/07/23 14:40:53 jsing Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <sys/time.h>
-
-#include <netinet/in.h>
-
-#include <stdio.h>
-
-#include <openssl/objects.h>
-
-#include "dtls_local.h"
-#include "pqueue.h"
-#include "ssl_local.h"
-
-void dtls1_hm_fragment_free(hm_fragment *frag);
-
-static int dtls1_listen(SSL *s, struct sockaddr *client);
-
-int
-dtls1_new(SSL *s)
-{
-        if (!ssl3_new(s))
-                goto err;
-
-        if ((s->d1 = calloc(1, sizeof(*s->d1))) == NULL)
-                goto err;
-
-        if ((s->d1->unprocessed_rcds.q = pqueue_new()) == NULL)
-                goto err;
-        if ((s->d1->buffered_messages = pqueue_new()) == NULL)
-                goto err;
-        if ((s->d1->sent_messages = pqueue_new()) == NULL)
-                goto err;
-        if ((s->d1->buffered_app_data.q = pqueue_new()) == NULL)
-                goto err;
-
-        if (s->server)
-                s->d1->cookie_len = sizeof(s->d1->cookie);
-
-        s->method->ssl_clear(s);
-        return (1);
-
- err:
-        dtls1_free(s);
-        return (0);
-}
-
-static void
-dtls1_drain_rcontents(pqueue queue)
-{
-        DTLS1_RCONTENT_DATA_INTERNAL *rdata;
-        pitem *item;
-
-        if (queue == NULL)
-                return;
-
-        while ((item = pqueue_pop(queue)) != NULL) {
-                rdata = (DTLS1_RCONTENT_DATA_INTERNAL *)item->data;
-                tls_content_free(rdata->rcontent);
-                free(item->data);
-                pitem_free(item);
-        }
-}
-
-static void
-dtls1_drain_records(pqueue queue)
-{
-        pitem *item;
-        DTLS1_RECORD_DATA_INTERNAL *rdata;
-
-        if (queue == NULL)
-                return;
-
-        while ((item = pqueue_pop(queue)) != NULL) {
-                rdata = (DTLS1_RECORD_DATA_INTERNAL *)item->data;
-                ssl3_release_buffer(&rdata->rbuf);
-                free(item->data);
-                pitem_free(item);
-        }
-}
-
-static void
-dtls1_drain_fragments(pqueue queue)
-{
-        pitem *item;
-
-        if (queue == NULL)
-                return;
-
-        while ((item = pqueue_pop(queue)) != NULL) {
-                dtls1_hm_fragment_free(item->data);
-                pitem_free(item);
-        }
-}
-
-static void
-dtls1_clear_queues(SSL *s)
-{
-        dtls1_drain_records(s->d1->unprocessed_rcds.q);
-        dtls1_drain_fragments(s->d1->buffered_messages);
-        dtls1_drain_fragments(s->d1->sent_messages);
-        dtls1_drain_rcontents(s->d1->buffered_app_data.q);
-}
-
-void
-dtls1_free(SSL *s)
-{
-        if (s == NULL)
-                return;
-
-        ssl3_free(s);
-
-        if (s->d1 == NULL)
-                return;
-
-        dtls1_clear_queues(s);
-
-        pqueue_free(s->d1->unprocessed_rcds.q);
-        pqueue_free(s->d1->buffered_messages);
-        pqueue_free(s->d1->sent_messages);
-        pqueue_free(s->d1->buffered_app_data.q);
-
-        freezero(s->d1, sizeof(*s->d1));
-        s->d1 = NULL;
-}
-
-void
-dtls1_clear(SSL *s)
-{
-        pqueue unprocessed_rcds;
-        pqueue buffered_messages;
-        pqueue sent_messages;
-        pqueue buffered_app_data;
-        unsigned int mtu;
-
-        if (s->d1) {
-                unprocessed_rcds = s->d1->unprocessed_rcds.q;
-                buffered_messages = s->d1->buffered_messages;
-                sent_messages = s->d1->sent_messages;
-                buffered_app_data = s->d1->buffered_app_data.q;
-                mtu = s->d1->mtu;
-
-                dtls1_clear_queues(s);
-
-                memset(s->d1, 0, sizeof(*s->d1));
-
-                s->d1->unprocessed_rcds.epoch =
-                    tls12_record_layer_read_epoch(s->rl) + 1;
-
-                if (s->server) {
-                        s->d1->cookie_len = sizeof(s->d1->cookie);
-                }
-
-                if (SSL_get_options(s) & SSL_OP_NO_QUERY_MTU) {
-                        s->d1->mtu = mtu;
-                }
-
-                s->d1->unprocessed_rcds.q = unprocessed_rcds;
-                s->d1->buffered_messages = buffered_messages;
-                s->d1->sent_messages = sent_messages;
-                s->d1->buffered_app_data.q = buffered_app_data;
-        }
-
-        ssl3_clear(s);
-
-        s->version = DTLS1_VERSION;
-}
-
-long
-dtls1_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-        int ret = 0;
-
-        switch (cmd) {
-        case DTLS_CTRL_GET_TIMEOUT:
-                if (dtls1_get_timeout(s, (struct timeval*) parg) != NULL) {
-                        ret = 1;
-                }
-                break;
-        case DTLS_CTRL_HANDLE_TIMEOUT:
-                ret = dtls1_handle_timeout(s);
-                break;
-        case DTLS_CTRL_LISTEN:
-                ret = dtls1_listen(s, parg);
-                break;
-
-        default:
-                ret = ssl3_ctrl(s, cmd, larg, parg);
-                break;
-        }
-        return (ret);
-}
-
-void
-dtls1_start_timer(SSL *s)
-{
-
-        /* If timer is not set, initialize duration with 1 second */
-        if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-                s->d1->timeout_duration = 1;
-        }
-
-        /* Set timeout to current time */
-        gettimeofday(&(s->d1->next_timeout), NULL);
-
-        /* Add duration to current time */
-        s->d1->next_timeout.tv_sec += s->d1->timeout_duration;
-        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
-            &s->d1->next_timeout);
-}
-
-struct timeval*
-dtls1_get_timeout(SSL *s, struct timeval* timeleft)
-{
-        struct timeval timenow;
-
-        /* If no timeout is set, just return NULL */
-        if (s->d1->next_timeout.tv_sec == 0 && s->d1->next_timeout.tv_usec == 0) {
-                return NULL;
-        }
-
-        /* Get current time */
-        gettimeofday(&timenow, NULL);
-
-        /* If timer already expired, set remaining time to 0 */
-        if (s->d1->next_timeout.tv_sec < timenow.tv_sec ||
-            (s->d1->next_timeout.tv_sec == timenow.tv_sec &&
-             s->d1->next_timeout.tv_usec <= timenow.tv_usec)) {
-                memset(timeleft, 0, sizeof(struct timeval));
-                return timeleft;
-        }
-
-        /* Calculate time left until timer expires */
-        memcpy(timeleft, &(s->d1->next_timeout), sizeof(struct timeval));
-        timeleft->tv_sec -= timenow.tv_sec;
-        timeleft->tv_usec -= timenow.tv_usec;
-        if (timeleft->tv_usec < 0) {
-                timeleft->tv_sec--;
-                timeleft->tv_usec += 1000000;
-        }
-
-        /* If remaining time is less than 15 ms, set it to 0
-         * to prevent issues because of small devergences with
-         * socket timeouts.
-         */
-        if (timeleft->tv_sec == 0 && timeleft->tv_usec < 15000) {
-                memset(timeleft, 0, sizeof(struct timeval));
-        }
-
-
-        return timeleft;
-}
-
-int
-dtls1_is_timer_expired(SSL *s)
-{
-        struct timeval timeleft;
-
-        /* Get time left until timeout, return false if no timer running */
-        if (dtls1_get_timeout(s, &timeleft) == NULL) {
-                return 0;
-        }
-
-        /* Return false if timer is not expired yet */
-        if (timeleft.tv_sec > 0 || timeleft.tv_usec > 0) {
-                return 0;
-        }
-
-        /* Timer expired, so return true */
-        return 1;
-}
-
-void
-dtls1_double_timeout(SSL *s)
-{
-        s->d1->timeout_duration *= 2;
-        if (s->d1->timeout_duration > 60)
-                s->d1->timeout_duration = 60;
-        dtls1_start_timer(s);
-}
-
-void
-dtls1_stop_timer(SSL *s)
-{
-        /* Reset everything */
-        memset(&(s->d1->timeout), 0, sizeof(struct dtls1_timeout_st));
-        memset(&(s->d1->next_timeout), 0, sizeof(struct timeval));
-        s->d1->timeout_duration = 1;
-        BIO_ctrl(SSL_get_rbio(s), BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT, 0,
-            &(s->d1->next_timeout));
-        /* Clear retransmission buffer */
-        dtls1_clear_record_buffer(s);
-}
-
-int
-dtls1_check_timeout_num(SSL *s)
-{
-        s->d1->timeout.num_alerts++;
-
-        /* Reduce MTU after 2 unsuccessful retransmissions */
-        if (s->d1->timeout.num_alerts > 2) {
-                s->d1->mtu = BIO_ctrl(SSL_get_wbio(s),
-                    BIO_CTRL_DGRAM_GET_FALLBACK_MTU, 0, NULL);
-
-        }
-
-        if (s->d1->timeout.num_alerts > DTLS1_TMO_ALERT_COUNT) {
-                /* fail the connection, enough alerts have been sent */
-                SSLerror(s, SSL_R_READ_TIMEOUT_EXPIRED);
-                return -1;
-        }
-
-        return 0;
-}
-
-int
-dtls1_handle_timeout(SSL *s)
-{
-        /* if no timer is expired, don't do anything */
-        if (!dtls1_is_timer_expired(s)) {
-                return 0;
-        }
-
-        dtls1_double_timeout(s);
-
-        if (dtls1_check_timeout_num(s) < 0)
-                return -1;
-
-        s->d1->timeout.read_timeouts++;
-        if (s->d1->timeout.read_timeouts > DTLS1_TMO_READ_COUNT) {
-                s->d1->timeout.read_timeouts = 1;
-        }
-
-        dtls1_start_timer(s);
-        return dtls1_retransmit_buffered_messages(s);
-}
-
-int
-dtls1_listen(SSL *s, struct sockaddr *client)
-{
-        int ret;
-
-        /* Ensure there is no state left over from a previous invocation */
-        SSL_clear(s);
-
-        SSL_set_options(s, SSL_OP_COOKIE_EXCHANGE);
-        s->d1->listen = 1;
-
-        ret = SSL_accept(s);
-        if (ret <= 0)
-                return ret;
-
-        (void)BIO_dgram_get_peer(SSL_get_rbio(s), client);
-        return 1;
-}
diff --git a/src/lib/libssl/d1_pkt.c b/src/lib/libssl/d1_pkt.c
deleted file mode 100644
index 8ba0bb0bcf..0000000000
--- a/src/lib/libssl/d1_pkt.c
+++ /dev/null
@@ -1,1124 +0,0 @@
-/* $OpenBSD: d1_pkt.c,v 1.130 2025/03/12 14:03:55 jsing Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1998-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <endian.h>
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "pqueue.h"
-#include "ssl_local.h"
-#include "tls_content.h"
-
-/* mod 128 saturating subtract of two 64-bit values in big-endian order */
-static int
-satsub64be(const unsigned char *v1, const unsigned char *v2)
-{
-        int ret, sat, brw, i;
-
-        if (sizeof(long) == 8)
-                do {
-                        long l;
-
-                        if (BYTE_ORDER == LITTLE_ENDIAN)
-                                break;
-                        /* not reached on little-endians */
-                        /* following test is redundant, because input is
-                         * always aligned, but I take no chances... */
-                        if (((size_t)v1 | (size_t)v2) & 0x7)
-                                break;
-
-                        l  = *((long *)v1);
-                        l -= *((long *)v2);
-                        if (l > 128)
-                                return 128;
-                        else if (l<-128)
-                                return -128;
-                        else
-                                return (int)l;
-                } while (0);
-
-        ret = (int)v1[7] - (int)v2[7];
-        sat = 0;
-        brw = ret >> 8; /* brw is either 0 or -1 */
-        if (ret & 0x80) {
-                for (i = 6; i >= 0; i--) {
-                        brw += (int)v1[i]-(int)v2[i];
-                        sat |= ~brw;
-                        brw >>= 8;
-                }
-        } else {
-                for (i = 6; i >= 0; i--) {
-                        brw += (int)v1[i]-(int)v2[i];
-                        sat |= brw;
-                        brw >>= 8;
-                }
-        }
-        brw <<= 8;      /* brw is either 0 or -256 */
-
-        if (sat & 0xff)
-                return brw | 0x80;
-        else
-                return brw + (ret & 0xFF);
-}
-
-static int dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-    const unsigned char *seq);
-static void dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap,
-    const unsigned char *seq);
-static DTLS1_BITMAP *dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr,
-    unsigned int *is_next_epoch);
-static int dtls1_buffer_record(SSL *s, record_pqueue *q,
-    unsigned char *priority);
-static int dtls1_process_record(SSL *s);
-
-/* copy buffered record into SSL structure */
-static int
-dtls1_copy_record(SSL *s, DTLS1_RECORD_DATA_INTERNAL *rdata)
-{
-        ssl3_release_buffer(&s->s3->rbuf);
-
-        s->packet = rdata->packet;
-        s->packet_length = rdata->packet_length;
-        memcpy(&(s->s3->rbuf), &(rdata->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
-        memcpy(&(s->s3->rrec), &(rdata->rrec), sizeof(SSL3_RECORD_INTERNAL));
-
-        return (1);
-}
-
-static int
-dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
-{
-        DTLS1_RECORD_DATA_INTERNAL *rdata = NULL;
-        pitem *item = NULL;
-
-        /* Limit the size of the queue to prevent DOS attacks */
-        if (pqueue_size(queue->q) >= 100)
-                return 0;
-
-        if ((rdata = malloc(sizeof(*rdata))) == NULL)
-                goto init_err;
-        if ((item = pitem_new(priority, rdata)) == NULL)
-                goto init_err;
-
-        rdata->packet = s->packet;
-        rdata->packet_length = s->packet_length;
-        memcpy(&(rdata->rbuf), &(s->s3->rbuf), sizeof(SSL3_BUFFER_INTERNAL));
-        memcpy(&(rdata->rrec), &(s->s3->rrec), sizeof(SSL3_RECORD_INTERNAL));
-
-        item->data = rdata;
-
-        s->packet = NULL;
-        s->packet_length = 0;
-        memset(&(s->s3->rbuf), 0, sizeof(SSL3_BUFFER_INTERNAL));
-        memset(&(s->s3->rrec), 0, sizeof(SSL3_RECORD_INTERNAL));
-
-        if (!ssl3_setup_buffers(s))
-                goto err;
-
-        /* insert should not fail, since duplicates are dropped */
-        if (pqueue_insert(queue->q, item) == NULL)
-                goto err;
-
-        return (1);
-
- err:
-        ssl3_release_buffer(&rdata->rbuf);
-
- init_err:
-        SSLerror(s, ERR_R_INTERNAL_ERROR);
-        free(rdata);
-        pitem_free(item);
-        return (-1);
-}
-
-static int
-dtls1_buffer_rcontent(SSL *s, rcontent_pqueue *queue, unsigned char *priority)
-{
-        DTLS1_RCONTENT_DATA_INTERNAL *rdata = NULL;
-        pitem *item = NULL;
-
-        /* Limit the size of the queue to prevent DOS attacks */
-        if (pqueue_size(queue->q) >= 100)
-                return 0;
-
-        if ((rdata = malloc(sizeof(*rdata))) == NULL)
-                goto init_err;
-        if ((item = pitem_new(priority, rdata)) == NULL)
-                goto init_err;
-
-        rdata->rcontent = s->s3->rcontent;
-        s->s3->rcontent = NULL;
-
-        item->data = rdata;
-
-        /* insert should not fail, since duplicates are dropped */
-        if (pqueue_insert(queue->q, item) == NULL)
-                goto err;
-
-        if ((s->s3->rcontent = tls_content_new()) == NULL)
-                goto err;
-
-        return (1);
-
- err:
-        tls_content_free(rdata->rcontent);
-
- init_err:
-        SSLerror(s, ERR_R_INTERNAL_ERROR);
-        free(rdata);
-        pitem_free(item);
-        return (-1);
-}
-
-static int
-dtls1_retrieve_buffered_record(SSL *s, record_pqueue *queue)
-{
-        pitem *item;
-
-        item = pqueue_pop(queue->q);
-        if (item) {
-                dtls1_copy_record(s, item->data);
-
-                free(item->data);
-                pitem_free(item);
-
-                return (1);
-        }
-
-        return (0);
-}
-
-static int
-dtls1_retrieve_buffered_rcontent(SSL *s, rcontent_pqueue *queue)
-{
-        DTLS1_RCONTENT_DATA_INTERNAL *rdata;
-        pitem *item;
-
-        item = pqueue_pop(queue->q);
-        if (item) {
-                rdata = item->data;
-
-                tls_content_free(s->s3->rcontent);
-                s->s3->rcontent = rdata->rcontent;
-                s->s3->rrec.epoch = tls_content_epoch(s->s3->rcontent);
-
-                free(item->data);
-                pitem_free(item);
-
-                return (1);
-        }
-
-        return (0);
-}
-
-static int
-dtls1_process_buffered_record(SSL *s)
-{
-        /* Check if epoch is current. */
-        if (s->d1->unprocessed_rcds.epoch !=
-            tls12_record_layer_read_epoch(s->rl))
-                return (0);
-
-        /* Update epoch once all unprocessed records have been processed. */
-        if (pqueue_peek(s->d1->unprocessed_rcds.q) == NULL) {
-                s->d1->unprocessed_rcds.epoch =
-                    tls12_record_layer_read_epoch(s->rl) + 1;
-                return (0);
-        }
-
-        /* Process one of the records. */
-        if (!dtls1_retrieve_buffered_record(s, &s->d1->unprocessed_rcds))
-                return (-1);
-        if (!dtls1_process_record(s))
-                return (-1);
-
-        return (1);
-}
-
-static int
-dtls1_process_record(SSL *s)
-{
-        SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
-        uint8_t alert_desc;
-
-        tls12_record_layer_set_version(s->rl, s->version);
-
-        if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length,
-            s->s3->rcontent)) {
-                tls12_record_layer_alert(s->rl, &alert_desc);
-
-                if (alert_desc == 0)
-                        goto err;
-
-                /*
-                 * DTLS should silently discard invalid records, including those
-                 * with a bad MAC, as per RFC 6347 section 4.1.2.1.
-                 */
-                if (alert_desc == SSL_AD_BAD_RECORD_MAC)
-                        goto done;
-
-                if (alert_desc == SSL_AD_RECORD_OVERFLOW)
-                        SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-
-                goto fatal_err;
-        }
-
-        /* XXX move to record layer. */
-        tls_content_set_epoch(s->s3->rcontent, rr->epoch);
-
- done:
-        s->packet_length = 0;
-
-        return (1);
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, alert_desc);
- err:
-        return (0);
-}
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by dtls1_read_bytes */
-int
-dtls1_get_record(SSL *s)
-{
-        SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
-        unsigned char *p = NULL;
-        DTLS1_BITMAP *bitmap;
-        unsigned int is_next_epoch;
-        int ret, n;
-
-        /* See if there are pending records that can now be processed. */
-        if ((ret = dtls1_process_buffered_record(s)) != 0)
-                return (ret);
-
-        /* get something from the wire */
-        if (0) {
- again:
-                /* dump this record on all retries */
-                rr->length = 0;
-                s->packet_length = 0;
-        }
-
-        /* check if we have the header */
-        if ((s->rstate != SSL_ST_READ_BODY) ||
-            (s->packet_length < DTLS1_RT_HEADER_LENGTH)) {
-                CBS header, seq_no;
-                uint16_t epoch, len, ssl_version;
-                uint8_t type;
-
-                n = ssl3_packet_read(s, DTLS1_RT_HEADER_LENGTH);
-                if (n <= 0)
-                        return (n);
-
-                /* If this packet contained a partial record, dump it. */
-                if (n != DTLS1_RT_HEADER_LENGTH)
-                        goto again;
-
-                s->rstate = SSL_ST_READ_BODY;
-
-                CBS_init(&header, s->packet, s->packet_length);
-
-                /* Pull apart the header into the DTLS1_RECORD */
-                if (!CBS_get_u8(&header, &type))
-                        goto again;
-                if (!CBS_get_u16(&header, &ssl_version))
-                        goto again;
-
-                /* Sequence number is 64 bits, with top 2 bytes = epoch. */
-                if (!CBS_get_bytes(&header, &seq_no, SSL3_SEQUENCE_SIZE))
-                        goto again;
-                if (!CBS_get_u16(&seq_no, &epoch))
-                        goto again;
-                if (!CBS_write_bytes(&seq_no, &rr->seq_num[2],
-                    sizeof(rr->seq_num) - 2, NULL))
-                        goto again;
-
-                if (!CBS_get_u16(&header, &len))
-                        goto again;
-
-                rr->type = type;
-                rr->epoch = epoch;
-                rr->length = len;
-
-                /* unexpected version, silently discard */
-                if (!s->first_packet && ssl_version != s->version)
-                        goto again;
-
-                /* wrong version, silently discard record */
-                if ((ssl_version & 0xff00) != (s->version & 0xff00))
-                        goto again;
-
-                /* record too long, silently discard it */
-                if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH)
-                        goto again;
-
-                /* now s->rstate == SSL_ST_READ_BODY */
-                p = (unsigned char *)CBS_data(&header);
-        }
-
-        /* s->rstate == SSL_ST_READ_BODY, get and decode the data */
-
-        n = ssl3_packet_extend(s, DTLS1_RT_HEADER_LENGTH + rr->length);
-        if (n <= 0)
-                return (n);
-
-        /* If this packet contained a partial record, dump it. */
-        if (n != DTLS1_RT_HEADER_LENGTH + rr->length)
-                goto again;
-
-        s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
-
-        /* match epochs.  NULL means the packet is dropped on the floor */
-        bitmap = dtls1_get_bitmap(s, rr, &is_next_epoch);
-        if (bitmap == NULL)
-                goto again;
-
-        /*
-         * Check whether this is a repeat, or aged record.
-         * Don't check if we're listening and this message is
-         * a ClientHello. They can look as if they're replayed,
-         * since they arrive from different connections and
-         * would be dropped unnecessarily.
-         */
-        if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
-            p != NULL && *p == SSL3_MT_CLIENT_HELLO) &&
-            !dtls1_record_replay_check(s, bitmap, rr->seq_num))
-                goto again;
-
-        /* just read a 0 length packet */
-        if (rr->length == 0)
-                goto again;
-
-        /* If this record is from the next epoch (either HM or ALERT),
-         * and a handshake is currently in progress, buffer it since it
-         * cannot be processed at this time. However, do not buffer
-         * anything while listening.
-         */
-        if (is_next_epoch) {
-                if ((SSL_in_init(s) || s->in_handshake) && !s->d1->listen) {
-                        if (dtls1_buffer_record(s, &(s->d1->unprocessed_rcds),
-                            rr->seq_num) < 0)
-                                return (-1);
-                        /* Mark receipt of record. */
-                        dtls1_record_bitmap_update(s, bitmap, rr->seq_num);
-                }
-                goto again;
-        }
-
-        if (!dtls1_process_record(s))
-                goto again;
-
-        /* Mark receipt of record. */
-        dtls1_record_bitmap_update(s, bitmap, rr->seq_num);
-
-        return (1);
-}
-
-static int
-dtls1_read_handshake_unexpected(SSL *s)
-{
-        struct hm_header_st hs_msg_hdr;
-        CBS cbs;
-        int ret;
-
-        if (s->in_handshake) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        /* Parse handshake message header. */
-        CBS_dup(tls_content_cbs(s->s3->rcontent), &cbs);
-        if (!dtls1_get_message_header(&cbs, &hs_msg_hdr))
-                return -1; /* XXX - probably should drop/continue. */
-
-        /* This may just be a stale retransmit. */
-        if (tls_content_epoch(s->s3->rcontent) !=
-            tls12_record_layer_read_epoch(s->rl)) {
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                return 1;
-        }
-
-        if (hs_msg_hdr.type == SSL3_MT_HELLO_REQUEST) {
-                /*
-                 * Incoming HelloRequest messages should only be received by a
-                 * client. A server may send these at any time - a client should
-                 * ignore the message if received in the middle of a handshake.
-                 * See RFC 5246 sections 7.4 and 7.4.1.1.
-                 */
-                if (s->server) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                             SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                /* XXX - should also check frag offset/length. */
-                if (hs_msg_hdr.msg_len != 0) {
-                        SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        return -1;
-                }
-
-                ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE,
-                    tls_content_cbs(s->s3->rcontent));
-
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-
-                if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
-                        ssl3_send_alert(s, SSL3_AL_WARNING,
-                            SSL_AD_NO_RENEGOTIATION);
-                        return 1;
-                }
-
-                /*
-                 * It should be impossible to hit this, but keep the safety
-                 * harness for now...
-                 */
-                if (s->session == NULL || s->s3->hs.cipher == NULL)
-                        return 1;
-
-                /*
-                 * Ignore this message if we're currently handshaking,
-                 * renegotiation is already pending or renegotiation is disabled
-                 * via flags.
-                 */
-                if (!SSL_is_init_finished(s) || s->s3->renegotiate ||
-                    (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0)
-                        return 1;
-
-                s->d1->handshake_read_seq++;
-
-                /* XXX - why is this set here but not in ssl3? */
-                s->new_session = 1;
-
-                if (!ssl3_renegotiate(s))
-                        return 1;
-                if (!ssl3_renegotiate_check(s))
-                        return 1;
-
-        } else if (hs_msg_hdr.type == SSL3_MT_CLIENT_HELLO) {
-                /*
-                 * Incoming ClientHello messages should only be received by a
-                 * server. A client may send these in response to server
-                 * initiated renegotiation (HelloRequest) or in order to
-                 * initiate renegotiation by the client. See RFC 5246 section
-                 * 7.4.1.2.
-                 */
-                if (!s->server) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                             SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                /*
-                 * A client should not be sending a ClientHello unless we're not
-                 * currently handshaking.
-                 */
-                if (!SSL_is_init_finished(s)) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0 ||
-                    ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 &&
-                    (s->options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) == 0)) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_NO_RENEGOTIATION);
-                        return -1;
-                }
-
-                if (s->session == NULL || s->s3->hs.cipher == NULL) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        return -1;
-                }
-
-                /* Client requested renegotiation but it is not permitted. */
-                if (!s->s3->send_connection_binding ||
-                    (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) {
-                        ssl3_send_alert(s, SSL3_AL_WARNING,
-                            SSL_AD_NO_RENEGOTIATION);
-                        return 1;
-                }
-
-                s->s3->hs.state = SSL_ST_ACCEPT;
-                s->renegotiate = 1;
-                s->new_session = 1;
-
-        } else if (hs_msg_hdr.type == SSL3_MT_FINISHED && s->server) {
-                /*
-                 * If we are server, we may have a repeated FINISHED of the
-                 * client here, then retransmit our CCS and FINISHED.
-                 */
-                if (dtls1_check_timeout_num(s) < 0)
-                        return -1;
-
-                /* XXX - should this be calling ssl_msg_callback()? */
-
-                dtls1_retransmit_buffered_messages(s);
-
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-
-                return 1;
-
-        } else {
-                SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                return -1;
-        }
-
-        if ((ret = s->handshake_func(s)) < 0)
-                return ret;
-        if (ret == 0) {
-                SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                return -1;
-        }
-
-        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                if (s->s3->rbuf.left == 0) {
-                        ssl_force_want_read(s);
-                        return -1;
-                }
-        }
-
-        /*
-         * We either finished a handshake or ignored the request, now try again
-         * to obtain the (application) data we were asked for.
-         */
-        return 1;
-}
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int
-dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-{
-        int rrcount = 0;
-        ssize_t ssret;
-        int ret;
-
-        if (s->s3->rbuf.buf == NULL) {
-                if (!ssl3_setup_buffers(s))
-                        return -1;
-        }
-
-        if (s->s3->rcontent == NULL) {
-                if ((s->s3->rcontent = tls_content_new()) == NULL)
-                        return -1;
-        }
-
-        if (len < 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        if (type != 0 && type != SSL3_RT_APPLICATION_DATA &&
-            type != SSL3_RT_HANDSHAKE) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-        if (peek && type != SSL3_RT_APPLICATION_DATA) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        if (SSL_in_init(s) && !s->in_handshake) {
-                if ((ret = s->handshake_func(s)) < 0)
-                        return ret;
-                if (ret == 0) {
-                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return -1;
-                }
-        }
-
- start:
-        /*
-         * Do not process more than three consecutive records, otherwise the
-         * peer can cause us to loop indefinitely. Instead, return with an
-         * SSL_ERROR_WANT_READ so the caller can choose when to handle further
-         * processing. In the future, the total number of non-handshake and
-         * non-application data records per connection should probably also be
-         * limited...
-         */
-        if (rrcount++ >= 3) {
-                ssl_force_want_read(s);
-                return -1;
-        }
-
-        s->rwstate = SSL_NOTHING;
-
-        /*
-         * We are not handshaking and have no data yet, so process data buffered
-         * during the last handshake in advance, if any.
-         */
-        if (s->s3->hs.state == SSL_ST_OK &&
-            tls_content_remaining(s->s3->rcontent) == 0)
-                dtls1_retrieve_buffered_rcontent(s, &s->d1->buffered_app_data);
-
-        if (dtls1_handle_timeout(s) > 0)
-                goto start;
-
-        if (tls_content_remaining(s->s3->rcontent) == 0) {
-                if ((ret = dtls1_get_record(s)) <= 0) {
-                        /* Anything other than a timeout is an error. */
-                        if ((ret = dtls1_read_failed(s, ret)) <= 0)
-                                return ret;
-                        goto start;
-                }
-        }
-
-        if (s->d1->listen &&
-            tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                goto start;
-        }
-
-        /* We now have a packet which can be read and processed. */
-
-        if (s->s3->change_cipher_spec &&
-            tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
-                /*
-                 * We now have application data between CCS and Finished.
-                 * Most likely the packets were reordered on their way, so
-                 * buffer the application data for later processing rather
-                 * than dropping the connection.
-                 */
-                if (dtls1_buffer_rcontent(s, &s->d1->buffered_app_data,
-                    s->s3->rrec.seq_num) < 0) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        return (-1);
-                }
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                goto start;
-        }
-
-        /*
-         * If the other end has shut down, throw anything we read away (even in
-         * 'peek' mode).
-         */
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-                s->rwstate = SSL_NOTHING;
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                return 0;
-        }
-
-        /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-        if (tls_content_type(s->s3->rcontent) == type) {
-                /*
-                 * Make sure that we are not getting application data when we
-                 * are doing a handshake for the first time.
-                 */
-                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
-                    !tls12_record_layer_read_protected(s->rl)) {
-                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                if (len <= 0)
-                        return len;
-
-                if (peek) {
-                        ssret = tls_content_peek(s->s3->rcontent, buf, len);
-                } else {
-                        ssret = tls_content_read(s->s3->rcontent, buf, len);
-                }
-                if (ssret < INT_MIN || ssret > INT_MAX)
-                        return -1;
-                if (ssret < 0)
-                        return (int)ssret;
-
-                if (tls_content_remaining(s->s3->rcontent) == 0)
-                        s->rstate = SSL_ST_READ_HEADER;
-
-                return (int)ssret;
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) {
-                if ((ret = ssl3_read_alert(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-
-        if (s->shutdown & SSL_SENT_SHUTDOWN) {
-                s->rwstate = SSL_NOTHING;
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                return (0);
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) {
-                /*
-                 * At this point, we were expecting handshake data, but have
-                 * application data. If the library was running inside
-                 * ssl3_read() (i.e. in_read_app_data is set) and it makes
-                 * sense to read application data at this point (session
-                 * renegotiation not yet started), we will indulge it.
-                 */
-                if (s->s3->in_read_app_data != 0 &&
-                    s->s3->total_renegotiations != 0 &&
-                    (((s->s3->hs.state & SSL_ST_CONNECT) &&
-                    (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-                    (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
-                    (s->s3->hs.state & SSL_ST_ACCEPT) &&
-                    (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                    (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
-                        s->s3->in_read_app_data = 2;
-                        return -1;
-                } else {
-                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) {
-                if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) {
-                if ((ret = dtls1_read_handshake_unexpected(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-
-        /* Unknown record type. */
-        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        return -1;
-}
-
-int
-dtls1_write_app_data_bytes(SSL *s, int type, const void *buf_, int len)
-{
-        int i;
-
-        if (SSL_in_init(s) && !s->in_handshake) {
-                i = s->handshake_func(s);
-                if (i < 0)
-                        return (i);
-                if (i == 0) {
-                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return -1;
-                }
-        }
-
-        if (len > SSL3_RT_MAX_PLAIN_LENGTH) {
-                SSLerror(s, SSL_R_DTLS_MESSAGE_TOO_BIG);
-                return -1;
-        }
-
-        i = dtls1_write_bytes(s, type, buf_, len);
-        return i;
-}
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int
-dtls1_write_bytes(SSL *s, int type, const void *buf, int len)
-{
-        int i;
-
-        OPENSSL_assert(len <= SSL3_RT_MAX_PLAIN_LENGTH);
-        s->rwstate = SSL_NOTHING;
-        i = do_dtls1_write(s, type, buf, len);
-        return i;
-}
-
-int
-do_dtls1_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
-{
-        SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
-        size_t out_len;
-        CBB cbb;
-        int ret;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        /*
-         * First check if there is a SSL3_BUFFER_INTERNAL still being written
-         * out.  This will happen with non blocking IO.
-         */
-        if (wb->left != 0) {
-                OPENSSL_assert(0); /* XDTLS:  want to see if we ever get here */
-                return (ssl3_write_pending(s, type, buf, len));
-        }
-
-        /* If we have an alert to send, let's send it */
-        if (s->s3->alert_dispatch) {
-                if ((ret = ssl3_dispatch_alert(s)) <= 0)
-                        return (ret);
-                /* If it went, fall through and send more stuff. */
-        }
-
-        if (len == 0)
-                return 0;
-
-        wb->offset = 0;
-
-        if (!CBB_init_fixed(&cbb, wb->buf, wb->len))
-                goto err;
-
-        tls12_record_layer_set_version(s->rl, s->version);
-
-        if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
-                goto err;
-
-        if (!CBB_finish(&cbb, NULL, &out_len))
-                goto err;
-
-        wb->left = out_len;
-
-        /*
-         * Memorize arguments so that ssl3_write_pending can detect
-         * bad write retries later.
-         */
-        s->s3->wpend_tot = len;
-        s->s3->wpend_buf = buf;
-        s->s3->wpend_type = type;
-        s->s3->wpend_ret = len;
-
-        /* We now just need to write the buffer. */
-        return ssl3_write_pending(s, type, buf, len);
-
- err:
-        CBB_cleanup(&cbb);
-
-        return -1;
-}
-
-static int
-dtls1_record_replay_check(SSL *s, DTLS1_BITMAP *bitmap,
-    const unsigned char *seq)
-{
-        unsigned int shift;
-        int cmp;
-
-        cmp = satsub64be(seq, bitmap->max_seq_num);
-        if (cmp > 0)
-                return 1; /* this record in new */
-        shift = -cmp;
-        if (shift >= sizeof(bitmap->map)*8)
-                return 0; /* stale, outside the window */
-        else if (bitmap->map & (1UL << shift))
-                return 0; /* record previously received */
-
-        return 1;
-}
-
-static void
-dtls1_record_bitmap_update(SSL *s, DTLS1_BITMAP *bitmap,
-    const unsigned char *seq)
-{
-        unsigned int shift;
-        int cmp;
-
-        cmp = satsub64be(seq, bitmap->max_seq_num);
-        if (cmp > 0) {
-                shift = cmp;
-                if (shift < sizeof(bitmap->map)*8)
-                        bitmap->map <<= shift, bitmap->map |= 1UL;
-                else
-                        bitmap->map = 1UL;
-                memcpy(bitmap->max_seq_num, seq, 8);
-        } else {
-                shift = -cmp;
-                if (shift < sizeof(bitmap->map) * 8)
-                        bitmap->map |= 1UL << shift;
-        }
-}
-
-static DTLS1_BITMAP *
-dtls1_get_bitmap(SSL *s, SSL3_RECORD_INTERNAL *rr, unsigned int *is_next_epoch)
-{
-        uint16_t read_epoch, read_epoch_next;
-
-        *is_next_epoch = 0;
-
-        read_epoch = tls12_record_layer_read_epoch(s->rl);
-        read_epoch_next = read_epoch + 1;
-
-        /* In current epoch, accept HM, CCS, DATA, & ALERT */
-        if (rr->epoch == read_epoch)
-                return &s->d1->bitmap;
-
-        /* Only HM and ALERT messages can be from the next epoch */
-        if (rr->epoch == read_epoch_next &&
-            (rr->type == SSL3_RT_HANDSHAKE || rr->type == SSL3_RT_ALERT)) {
-                *is_next_epoch = 1;
-                return &s->d1->next_bitmap;
-        }
-
-        return NULL;
-}
-
-void
-dtls1_reset_read_seq_numbers(SSL *s)
-{
-        memcpy(&(s->d1->bitmap), &(s->d1->next_bitmap), sizeof(DTLS1_BITMAP));
-        memset(&(s->d1->next_bitmap), 0, sizeof(DTLS1_BITMAP));
-}
diff --git a/src/lib/libssl/d1_srtp.c b/src/lib/libssl/d1_srtp.c
deleted file mode 100644
index 67c4495a17..0000000000
--- a/src/lib/libssl/d1_srtp.c
+++ /dev/null
@@ -1,266 +0,0 @@
-/* $OpenBSD: d1_srtp.c,v 1.33 2023/07/08 16:40:13 beck Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
- * DTLS code by Eric Rescorla <ekr@rtfm.com>
- *
- * Copyright (C) 2006, Network Resonance, Inc.
- * Copyright (C) 2011, RTFM, Inc.
- */
-
-#include <stdio.h>
-
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-
-#ifndef OPENSSL_NO_SRTP
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "srtp.h"
-
-static const SRTP_PROTECTION_PROFILE srtp_known_profiles[] = {
-        {
-                "SRTP_AES128_CM_SHA1_80",
-                SRTP_AES128_CM_SHA1_80,
-        },
-        {
-                "SRTP_AES128_CM_SHA1_32",
-                SRTP_AES128_CM_SHA1_32,
-        },
-        {
-                "SRTP_AEAD_AES_128_GCM",
-                SRTP_AEAD_AES_128_GCM,
-        },
-        {
-                "SRTP_AEAD_AES_256_GCM",
-                SRTP_AEAD_AES_256_GCM,
-        },
-        {0}
-};
-
-int
-srtp_find_profile_by_name(const char *profile_name,
-    const SRTP_PROTECTION_PROFILE **pptr, unsigned int len)
-{
-        const SRTP_PROTECTION_PROFILE *p;
-
-        p = srtp_known_profiles;
-        while (p->name) {
-                if ((len == strlen(p->name)) &&
-                    !strncmp(p->name, profile_name, len)) {
-                        *pptr = p;
-                        return 0;
-                }
-
-                p++;
-        }
-
-        return 1;
-}
-
-int
-srtp_find_profile_by_num(unsigned int profile_num,
-    const SRTP_PROTECTION_PROFILE **pptr)
-{
-        const SRTP_PROTECTION_PROFILE *p;
-
-        p = srtp_known_profiles;
-        while (p->name) {
-                if (p->id == profile_num) {
-                        *pptr = p;
-                        return 0;
-                }
-                p++;
-        }
-
-        return 1;
-}
-
-static int
-ssl_ctx_make_profiles(const char *profiles_string,
-    STACK_OF(SRTP_PROTECTION_PROFILE) **out)
-{
-        STACK_OF(SRTP_PROTECTION_PROFILE) *profiles;
-        char *col;
-        const char *ptr = profiles_string;
-        const SRTP_PROTECTION_PROFILE *p;
-
-        if (!(profiles = sk_SRTP_PROTECTION_PROFILE_new_null())) {
-                SSLerrorx(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES);
-                return 1;
-        }
-
-        do {
-                col = strchr(ptr, ':');
-
-                if (!srtp_find_profile_by_name(ptr, &p,
-                    col ? col - ptr : (int)strlen(ptr))) {
-                        if (!sk_SRTP_PROTECTION_PROFILE_push(profiles, p)) {
-                                sk_SRTP_PROTECTION_PROFILE_free(profiles);
-                                return 1;
-                        }
-                } else {
-                        SSLerrorx(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE);
-                        sk_SRTP_PROTECTION_PROFILE_free(profiles);
-                        return 1;
-                }
-
-                if (col)
-                        ptr = col + 1;
-        } while (col);
-
-        sk_SRTP_PROTECTION_PROFILE_free(*out);
-        *out = profiles;
-
-        return 0;
-}
-
-int
-SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
-{
-        return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
-}
-LSSL_ALIAS(SSL_CTX_set_tlsext_use_srtp);
-
-int
-SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
-{
-        return ssl_ctx_make_profiles(profiles, &s->srtp_profiles);
-}
-LSSL_ALIAS(SSL_set_tlsext_use_srtp);
-
-
-STACK_OF(SRTP_PROTECTION_PROFILE) *
-SSL_get_srtp_profiles(SSL *s)
-{
-        if (s != NULL) {
-                if (s->srtp_profiles != NULL) {
-                        return s->srtp_profiles;
-                } else if ((s->ctx != NULL) &&
-                    (s->ctx->srtp_profiles != NULL)) {
-                        return s->ctx->srtp_profiles;
-                }
-        }
-
-        return NULL;
-}
-LSSL_ALIAS(SSL_get_srtp_profiles);
-
-SRTP_PROTECTION_PROFILE *
-SSL_get_selected_srtp_profile(SSL *s)
-{
-        /* XXX cast away the const */
-        return (SRTP_PROTECTION_PROFILE *)s->srtp_profile;
-}
-LSSL_ALIAS(SSL_get_selected_srtp_profile);
-
-#endif
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf
deleted file mode 100644
index db95bb5c18..0000000000
--- a/src/lib/libssl/doc/openssl.cnf
+++ /dev/null
@@ -1,348 +0,0 @@
-#
-# OpenSSL example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-# This definition stops the following lines choking if HOME isn't
-# defined.
-HOME                    = .
-
-# Extra OBJECT IDENTIFIER info:
-#oid_file               = $ENV::HOME/.oid
-oid_section             = new_oids
-
-# To use this configuration file with the "-extfile" option of the
-# "openssl x509" utility, name here the section containing the
-# X.509v3 extensions to use:
-# extensions            =
-# (Alternatively, use a configuration file that has only
-# X.509v3 extensions in its main [= default] section.)
-
-[ new_oids ]
-
-# We can add new OIDs in here for use by 'ca', 'req' and 'ts'.
-# Add a simple OID like this:
-# testoid1=1.2.3.4
-# Or use config file substitution like this:
-# testoid2=${testoid1}.5.6
-
-# Policies used by the TSA examples.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-####################################################################
-[ ca ]
-default_ca      = CA_default            # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir             = ./demoCA              # Where everything is kept
-certs           = $dir/certs            # Where the issued certs are kept
-crl_dir         = $dir/crl              # Where the issued crl are kept
-database        = $dir/index.txt        # database index file.
-#unique_subject = no                    # Set to 'no' to allow creation of
-                                        # several certificates with same subject.
-new_certs_dir   = $dir/newcerts         # default place for new certs.
-
-certificate     = $dir/cacert.pem       # The CA certificate
-serial          = $dir/serial           # The current serial number
-crlnumber       = $dir/crlnumber        # the current crl number
-                                        # must be commented out to leave a V1 CRL
-crl             = $dir/crl.pem          # The current CRL
-private_key     = $dir/private/cakey.pem# The private key
-
-x509_extensions = usr_cert              # The extensions to add to the cert
-
-# Comment out the following two lines for the "traditional"
-# (and highly broken) format.
-name_opt        = ca_default            # Subject Name options
-cert_opt        = ca_default            # Certificate field options
-
-# Extension copying option: use with caution.
-# copy_extensions = copy
-
-# Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs
-# so this is commented out by default to leave a V1 CRL.
-# crlnumber must also be commented out to leave a V1 CRL.
-# crl_extensions        = crl_ext
-
-default_days    = 365                   # how long to certify for
-default_crl_days= 30                    # how long before next CRL
-default_md      = default               # use public key default MD
-preserve        = no                    # keep passed DN ordering
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy          = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-####################################################################
-[ req ]
-default_bits            = 1024
-default_keyfile         = privkey.pem
-distinguished_name      = req_distinguished_name
-attributes              = req_attributes
-x509_extensions = v3_ca # The extensions to add to the self signed cert
-
-# Passwords for private keys if not present they will be prompted for
-# input_password = secret
-# output_password = secret
-
-# This sets a mask for permitted string types. There are several options.
-# default: PrintableString, T61String, BMPString.
-# pkix   : PrintableString, BMPString (PKIX recommendation before 2004)
-# utf8only: only UTF8Strings (PKIX recommendation after 2004).
-# nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings).
-# MASK:XXXX a literal mask value.
-# WARNING: ancient versions of Netscape crash on BMPStrings or UTF8Strings.
-string_mask = utf8only
-
-# req_extensions = v3_req # The extensions to add to a certificate request
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_min                 = 2
-countryName_max                 = 2
-
-stateOrProvinceName             = State or Province Name (full name)
-stateOrProvinceName_default     = Some-State
-
-localityName                    = Locality Name (eg, city)
-
-0.organizationName              = Organization Name (eg, company)
-0.organizationName_default      = Internet Widgits Pty Ltd
-
-# we can do this but it is not needed normally :-)
-#1.organizationName             = Second Organization Name (eg, company)
-#1.organizationName_default     = World Wide Web Pty Ltd
-
-organizationalUnitName          = Organizational Unit Name (eg, section)
-#organizationalUnitName_default =
-
-commonName                      = Common Name (e.g. server FQDN or YOUR name)
-commonName_max                  = 64
-
-emailAddress                    = Email Address
-emailAddress_max                = 64
-
-# SET-ex3                       = SET extension number 3
-
-[ req_attributes ]
-challengePassword               = A challenge password
-challengePassword_min           = 4
-challengePassword_max           = 20
-
-unstructuredName                = An optional company name
-
-[ usr_cert ]
-
-# These extensions are added when 'ca' signs a request.
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                       = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This is required for TSA certificates.
-# extendedKeyUsage = critical,timeStamping
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-[ v3_ca ]
-
-
-# Extensions for a typical CA
-
-
-# PKIX recommendation.
-
-subjectKeyIdentifier=hash
-
-authorityKeyIdentifier=keyid:always,issuer
-
-# This is what PKIX recommends but some broken software chokes on critical
-# extensions.
-#basicConstraints = critical,CA:true
-# So we do this instead.
-basicConstraints = CA:true
-
-# Key usage: this is typical for a CA certificate. However since it will
-# prevent it being used as an test self-signed certificate it is best
-# left out by default.
-# keyUsage = cRLSign, keyCertSign
-
-# Some might want this also
-# nsCertType = sslCA, emailCA
-
-# Include email address in subject alt name: another PKIX recommendation
-# subjectAltName=email:copy
-# Copy issuer details
-# issuerAltName=issuer:copy
-
-# DER hex encoding of an extension: beware experts only!
-# obj=DER:02:03
-# Where 'obj' is a standard or added object
-# You can even override a supported extension:
-# basicConstraints= critical, DER:30:03:01:01:FF
-
-[ crl_ext ]
-
-# CRL extensions.
-# Only issuerAltName and authorityKeyIdentifier make any sense in a CRL.
-
-# issuerAltName=issuer:copy
-authorityKeyIdentifier=keyid:always
-
-[ proxy_cert_ext ]
-# These extensions should be added when creating a proxy certificate
-
-# This goes against PKIX guidelines but some CAs do it and some software
-# requires this to avoid interpreting an end user certificate as a CA.
-
-basicConstraints=CA:FALSE
-
-# Here are some examples of the usage of nsCertType. If it is omitted
-# the certificate can be used for anything *except* object signing.
-
-# This is OK for an SSL server.
-# nsCertType                    = server
-
-# For an object signing certificate this would be used.
-# nsCertType = objsign
-
-# For normal client use this is typical
-# nsCertType = client, email
-
-# and for everything including object signing:
-# nsCertType = client, email, objsign
-
-# This is typical in keyUsage for a client certificate.
-# keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-
-# This will be displayed in Netscape's comment listbox.
-nsComment                       = "OpenSSL Generated Certificate"
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer
-
-# This stuff is for subjectAltName and issuerAltname.
-# Import the email address.
-# subjectAltName=email:copy
-# An alternative to produce certificates that aren't
-# deprecated according to PKIX.
-# subjectAltName=email:move
-
-# Copy subject details
-# issuerAltName=issuer:copy
-
-#nsCaRevocationUrl              = http://www.domain.dom/ca-crl.pem
-#nsBaseUrl
-#nsRevocationUrl
-#nsRenewalUrl
-#nsCaPolicyUrl
-#nsSslServerName
-
-# This really needs to be in place for it to be a proxy certificate.
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:3,policy:foo
-
-####################################################################
-[ tsa ]
-
-default_tsa = tsa_config1       # the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir             = ./demoCA              # TSA root directory
-serial          = $dir/tsaserial        # The current serial number (mandatory)
-crypto_device   = builtin               # OpenSSL engine to use for signing
-signer_cert     = $dir/tsacert.pem      # The TSA signing certificate
-                                        # (optional)
-certs           = $dir/cacert.pem       # Certificate chain to include in reply
-                                        # (optional)
-signer_key      = $dir/private/tsakey.pem # The TSA private key (optional)
-
-default_policy  = tsa_policy1           # Policy if request did not specify it
-                                        # (optional)
-other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
-digests         = md5, sha1             # Acceptable message digests (mandatory)
-accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
-clock_precision_digits  = 0     # number of digits after dot. (optional)
-ordering                = yes   # Is ordering defined for timestamps?
-                                # (optional, default: no)
-tsa_name                = yes   # Must the TSA name be included in the reply?
-                                # (optional, default: no)
-ess_cert_id_chain       = no    # Must the ESS cert id chain be included?
-                                # (optional, default: no)
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt
deleted file mode 100644
index f8817b0a71..0000000000
--- a/src/lib/libssl/doc/openssl.txt
+++ /dev/null
@@ -1,1254 +0,0 @@
-
-This is some preliminary documentation for OpenSSL.
-
-Contents:
-
- OpenSSL X509V3 extension configuration
- X509V3 Extension code: programmers guide
- PKCS#12 Library
-
-
-==============================================================================
-               OpenSSL X509V3 extension configuration
-==============================================================================
-
-OpenSSL X509V3 extension configuration: preliminary documentation.
-
-INTRODUCTION.
-
-For OpenSSL 0.9.2 the extension code has be considerably enhanced. It is now
-possible to add and print out common X509 V3 certificate and CRL extensions.
-
-BEGINNERS NOTE
-
-For most simple applications you don't need to know too much about extensions:
-the default openssl.cnf values will usually do sensible things.
-
-If you want to know more you can initially quickly look through the sections
-describing how the standard OpenSSL utilities display and add extensions and
-then the list of supported extensions.
-
-For more technical information about the meaning of extensions see:
-
-http://www.imc.org/ietf-pkix/
-http://home.netscape.com/eng/security/certs.html
-
-PRINTING EXTENSIONS.
-
-Extension values are automatically printed out for supported extensions.
-
-openssl x509 -in cert.pem -text
-openssl crl -in crl.pem -text
-
-will give information in the extension printout, for example:
-
-        X509v3 extensions:
-            X509v3 Basic Constraints: 
-                CA:TRUE
-            X509v3 Subject Key Identifier: 
-                73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15
-            X509v3 Authority Key Identifier: 
-                keyid:73:FE:F7:59:A7:E1:26:84:44:D6:44:36:EE:79:1A:95:7C:B1:4B:15, DirName:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/Email=email@1.address/Email=email@2.address, serial:00
-            X509v3 Key Usage: 
-                Certificate Sign, CRL Sign
-            X509v3 Subject Alternative Name: 
-                email:email@1.address, email:email@2.address
-
-CONFIGURATION FILES.
-
-The OpenSSL utilities 'ca' and 'req' can now have extension sections listing
-which certificate extensions to include. In each case a line:
-
-x509_extensions = extension_section
-
-indicates which section contains the extensions. In the case of 'req' the
-extension section is used when the -x509 option is present to create a
-self signed root certificate.
-
-The 'x509' utility also supports extensions when it signs a certificate.
-The -extfile option is used to set the configuration file containing the
-extensions. In this case a line with:
-
-extensions = extension_section
-
-in the nameless (default) section is used. If no such line is included then
-it uses the default section.
-
-You can also add extensions to CRLs: a line
-
-crl_extensions = crl_extension_section
-
-will include extensions when the -gencrl option is used with the 'ca' utility.
-You can add any extension to a CRL but of the supported extensions only
-issuerAltName and authorityKeyIdentifier make any real sense. Note: these are
-CRL extensions NOT CRL *entry* extensions which cannot currently be generated.
-CRL entry extensions can be displayed.
-
-NB. At this time Netscape Communicator rejects V2 CRLs: to get an old V1 CRL
-you should not include a crl_extensions line in the configuration file.
-
-As with all configuration files you can use the inbuilt environment expansion
-to allow the values to be passed in the environment. Therefore if you have
-several extension sections used for different purposes you can have a line:
-
-x509_extensions = $ENV::ENV_EXT
-
-and set the ENV_EXT environment variable before calling the relevant utility.
-
-EXTENSION SYNTAX.
-
-Extensions have the basic form:
-
-extension_name=[critical,] extension_options
-
-the use of the critical option makes the extension critical. Extreme caution
-should be made when using the critical flag. If an extension is marked
-as critical then any client that does not understand the extension should
-reject it as invalid. Some broken software will reject certificates which
-have *any* critical extensions (these violates PKIX but we have to live
-with it).
-
-There are three main types of extension: string extensions, multi-valued
-extensions, and raw extensions.
-
-String extensions simply have a string which contains either the value itself
-or how it is obtained.
-
-For example:
-
-nsComment="This is a Comment"
-
-Multi-valued extensions have a short form and a long form. The short form
-is a list of names and values:
-
-basicConstraints=critical,CA:true,pathlen:1
-
-The long form allows the values to be placed in a separate section:
-
-basicConstraints=critical,@bs_section
-
-[bs_section]
-
-CA=true
-pathlen=1
-
-Both forms are equivalent. However it should be noted that in some cases the
-same name can appear multiple times, for example,
-
-subjectAltName=email:steve@here,email:steve@there
-
-in this case an equivalent long form is:
-
-subjectAltName=@alt_section
-
-[alt_section]
-
-email.1=steve@here
-email.2=steve@there
-
-This is because the configuration file code cannot handle the same name
-occurring twice in the same section.
-
-The syntax of raw extensions is governed by the extension code: it can
-for example contain data in multiple sections. The correct syntax to
-use is defined by the extension code itself: check out the certificate
-policies extension for an example.
-
-There are two ways to encode arbitrary extensions.
-
-The first way is to use the word ASN1 followed by the extension content
-using the same syntax as ASN1_generate_nconf(). For example:
-
-1.2.3.4=critical,ASN1:UTF8String:Some random data
-
-1.2.3.4=ASN1:SEQUENCE:seq_sect
-
-[seq_sect]
-
-field1 = UTF8:field1
-field2 = UTF8:field2
-
-It is also possible to use the word DER to include arbitrary data in any
-extension.
-
-1.2.3.4=critical,DER:01:02:03:04
-1.2.3.4=DER:01020304
-
-The value following DER is a hex dump of the DER encoding of the extension
-Any extension can be placed in this form to override the default behaviour.
-For example:
-
-basicConstraints=critical,DER:00:01:02:03
-
-WARNING: DER should be used with caution. It is possible to create totally
-invalid extensions unless care is taken.
-
-CURRENTLY SUPPORTED EXTENSIONS.
-
-If you aren't sure about extensions then they can be largely ignored: its only
-when you want to do things like restrict certificate usage when you need to
-worry about them. 
-
-The only extension that a beginner might want to look at is Basic Constraints.
-If in addition you want to try Netscape object signing the you should also
-look at Netscape Certificate Type.
-
-Literal String extensions.
-
-In each case the 'value' of the extension is placed directly in the
-extension. Currently supported extensions in this category are: nsBaseUrl,
-nsRevocationUrl, nsCaRevocationUrl, nsRenewalUrl, nsCaPolicyUrl,
-nsSslServerName and nsComment.
-
-For example:
-
-nsComment="This is a test comment"
-
-Bit Strings.
-
-Bit string extensions just consist of a list of supported bits, currently
-two extensions are in this category: PKIX keyUsage and the Netscape specific
-nsCertType.
-
-nsCertType (netscape certificate type) takes the flags: client, server, email,
-objsign, reserved, sslCA, emailCA, objCA.
-
-keyUsage (PKIX key usage) takes the flags: digitalSignature, nonRepudiation,
-keyEncipherment, dataEncipherment, keyAgreement, keyCertSign, cRLSign,
-encipherOnly, decipherOnly.
-
-For example:
-
-nsCertType=server
-
-keyUsage=digitalSignature, nonRepudiation
-
-Hints on Netscape Certificate Type.
-
-Other than Basic Constraints this is the only extension a beginner might
-want to use, if you want to try Netscape object signing, otherwise it can
-be ignored.
-
-If you want a certificate that can be used just for object signing then:
-
-nsCertType=objsign
-
-will do the job. If you want to use it as a normal end user and server
-certificate as well then
-
-nsCertType=objsign,email,server
-
-is more appropriate. You cannot use a self signed certificate for object
-signing (well Netscape signtool can but it cheats!) so you need to create
-a CA certificate and sign an end user certificate with it.
-
-Side note: If you want to conform to the Netscape specifications then you
-should really also set:
-
-nsCertType=objCA
-
-in the *CA* certificate for just an object signing CA and
-
-nsCertType=objCA,emailCA,sslCA
-
-for everything. Current Netscape software doesn't enforce this so it can
-be omitted.
-
-Basic Constraints.
-
-This is generally the only extension you need to worry about for simple
-applications. If you want your certificate to be usable as a CA certificate
-(in addition to an end user certificate) then you set this to:
-
-basicConstraints=CA:TRUE
-
-if you want to be certain the certificate cannot be used as a CA then do:
-
-basicConstraints=CA:FALSE
-
-The rest of this section describes more advanced usage.
-
-Basic constraints is a multi-valued extension that supports a CA and an
-optional pathlen option. The CA option takes the values true and false and
-pathlen takes an integer. Note if the CA option is false the pathlen option
-should be omitted. 
-
-The pathlen parameter indicates the maximum number of CAs that can appear
-below this one in a chain. So if you have a CA with a pathlen of zero it can
-only be used to sign end user certificates and not further CAs. This all
-assumes that the software correctly interprets this extension of course.
-
-Examples:
-
-basicConstraints=CA:TRUE
-basicConstraints=critical,CA:TRUE, pathlen:0
-
-NOTE: for a CA to be considered valid it must have the CA option set to
-TRUE. An end user certificate MUST NOT have the CA value set to true.
-According to PKIX recommendations it should exclude the extension entirely,
-however some software may require CA set to FALSE for end entity certificates.
-
-Extended Key Usage.
-
-This extensions consists of a list of usages.
-
-These can either be object short names of the dotted numerical form of OIDs.
-While any OID can be used only certain values make sense. In particular the
-following PKIX, NS and MS values are meaningful:
-
-Value                   Meaning
------                   -------
-serverAuth              SSL/TLS Web Server Authentication.
-clientAuth              SSL/TLS Web Client Authentication.
-codeSigning             Code signing.
-emailProtection         E-mail Protection (S/MIME).
-timeStamping            Trusted Timestamping
-msCodeInd               Microsoft Individual Code Signing (authenticode)
-msCodeCom               Microsoft Commercial Code Signing (authenticode)
-msCTLSign               Microsoft Trust List Signing
-msSGC                   Microsoft Server Gated Crypto
-msEFS                   Microsoft Encrypted File System
-nsSGC                   Netscape Server Gated Crypto
-
-For example, under IE5 a CA can be used for any purpose: by including a list
-of the above usages the CA can be restricted to only authorised uses.
-
-Note: software packages may place additional interpretations on certificate 
-use, in particular some usages may only work for selected CAs. Don't for example
-expect just including msSGC or nsSGC will automatically mean that a certificate
-can be used for SGC ("step up" encryption) otherwise anyone could use it.
-
-Examples:
-
-extendedKeyUsage=critical,codeSigning,1.2.3.4
-extendedKeyUsage=nsSGC,msSGC
-
-Subject Key Identifier.
-
-This is really a string extension and can take two possible values. Either
-a hex string giving details of the extension value to include or the word
-'hash' which then automatically follow PKIX guidelines in selecting and
-appropriate key identifier. The use of the hex string is strongly discouraged.
-
-Example: subjectKeyIdentifier=hash
-
-Authority Key Identifier.
-
-The authority key identifier extension permits two options. keyid and issuer:
-both can take the optional value "always".
-
-If the keyid option is present an attempt is made to copy the subject key
-identifier from the parent certificate. If the value "always" is present
-then an error is returned if the option fails.
-
-The issuer option copies the issuer and serial number from the issuer
-certificate. Normally this will only be done if the keyid option fails or
-is not included: the "always" flag will always include the value.
-
-Subject Alternative Name.
-
-The subject alternative name extension allows various literal values to be
-included in the configuration file. These include "email" (an email address)
-"URI" a uniform resource indicator, "DNS" (a DNS domain name), RID (a
-registered ID: OBJECT IDENTIFIER), IP (and IP address) and otherName.
-
-Also the email option include a special 'copy' value. This will automatically
-include and email addresses contained in the certificate subject name in
-the extension.
-
-otherName can include arbitrary data associated with an OID: the value
-should be the OID followed by a semicolon and the content in standard
-ASN1_generate_nconf() format.
-
-Examples:
-
-subjectAltName=email:copy,email:my@other.address,URI:http://my.url.here/
-subjectAltName=email:my@other.address,RID:1.2.3.4
-subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
-
-Issuer Alternative Name.
-
-The issuer alternative name option supports all the literal options of
-subject alternative name. It does *not* support the email:copy option because
-that would not make sense. It does support an additional issuer:copy option
-that will copy all the subject alternative name values from the issuer 
-certificate (if possible).
-
-Example:
-
-issuserAltName = issuer:copy
-
-Authority Info Access.
-
-The authority information access extension gives details about how to access
-certain information relating to the CA. Its syntax is accessOID;location
-where 'location' has the same syntax as subject alternative name (except
-that email:copy is not supported). accessOID can be any valid OID but only
-certain values are meaningful for example OCSP and caIssuers. OCSP gives the
-location of an OCSP responder: this is used by Netscape PSM and other software.
-
-Example:
-
-authorityInfoAccess = OCSP;URI:http://ocsp.my.host/
-authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html
-
-CRL distribution points.
-
-This is a multi-valued extension that supports all the literal options of
-subject alternative name. Of the few software packages that currently interpret
-this extension most only interpret the URI option.
-
-Currently each option will set a new DistributionPoint with the fullName
-field set to the given value.
-
-Other fields like cRLissuer and reasons cannot currently be set or displayed:
-at this time no examples were available that used these fields.
-
-If you see this extension with <UNSUPPORTED> when you attempt to print it out
-or it doesn't appear to display correctly then let me know, including the
-certificate (mail me at steve@openssl.org) .
-
-Examples:
-
-crlDistributionPoints=URI:http://www.myhost.com/myca.crl
-crlDistributionPoints=URI:http://www.my.com/my.crl,URI:http://www.oth.com/my.crl
-
-Certificate Policies.
-
-This is a RAW extension. It attempts to display the contents of this extension:
-unfortunately this extension is often improperly encoded.
-
-The certificate policies extension will rarely be used in practice: few
-software packages interpret it correctly or at all. IE5 does partially
-support this extension: but it needs the 'ia5org' option because it will
-only correctly support a broken encoding. Of the options below only the
-policy OID, explicitText and CPS options are displayed with IE5.
-
-All the fields of this extension can be set by using the appropriate syntax.
-
-If you follow the PKIX recommendations of not including any qualifiers and just
-using only one OID then you just include the value of that OID. Multiple OIDs
-can be set separated by commas, for example:
-
-certificatePolicies= 1.2.4.5, 1.1.3.4
-
-If you wish to include qualifiers then the policy OID and qualifiers need to
-be specified in a separate section: this is done by using the @section syntax
-instead of a literal OID value.
-
-The section referred to must include the policy OID using the name
-policyIdentifier, cPSuri qualifiers can be included using the syntax:
-
-CPS.nnn=value
-
-userNotice qualifiers can be set using the syntax:
-
-userNotice.nnn=@notice
-
-The value of the userNotice qualifier is specified in the relevant section.
-This section can include explicitText, organization and noticeNumbers
-options. explicitText and organization are text strings, noticeNumbers is a
-comma separated list of numbers. The organization and noticeNumbers options
-(if included) must BOTH be present. If you use the userNotice option with IE5
-then you need the 'ia5org' option at the top level to modify the encoding:
-otherwise it will not be interpreted properly.
-
-Example:
-
-certificatePolicies=ia5org,1.2.3.4,1.5.6.7.8,@polsect
-
-[polsect]
-
-policyIdentifier = 1.3.5.8
-CPS.1="http://my.host.name/"
-CPS.2="http://my.your.name/"
-userNotice.1=@notice
-
-[notice]
-
-explicitText="Explicit Text Here"
-organization="Organisation Name"
-noticeNumbers=1,2,3,4
-
-TECHNICAL NOTE: the ia5org option changes the type of the 'organization' field,
-according to PKIX it should be of type DisplayText but Verisign uses an 
-IA5STRING and IE5 needs this too.
-
-Display only extensions.
-
-Some extensions are only partially supported and currently are only displayed
-but cannot be set. These include private key usage period, CRL number, and
-CRL reason.
-
-==============================================================================
-                X509V3 Extension code: programmers guide
-==============================================================================
-
-The purpose of the extension code is twofold. It allows an extension to be
-created from a string or structure describing its contents and it prints out an
-extension in a human or machine readable form.
-
-1. Initialisation and cleanup.
-
-No special initialisation is needed before calling the extension functions.
-You used to have to call X509V3_add_standard_extensions(); but this is no longer
-required and this function no longer does anything.
-
-void X509V3_EXT_cleanup(void);
-
-This function should be called to cleanup the extension code if any custom
-extensions have been added. If no custom extensions have been added then this
-call does nothing. After this call all custom extension code is freed up but
-you can still use the standard extensions.
-
-2. Printing and parsing extensions.
-
-The simplest way to print out extensions is via the standard X509 printing
-routines: if you use the standard X509_print() function, the supported
-extensions will be printed out automatically.
-
-The following functions allow finer control over extension display:
-
-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);
-
-These two functions print out an individual extension to a BIO or FILE pointer.
-Currently the flag argument is unused and should be set to 0. The 'indent'
-argument is the number of spaces to indent each line.
-
-void *X509V3_EXT_d2i(X509_EXTENSION *ext);
-
-This function parses an extension and returns its internal structure. The
-precise structure you get back depends on the extension being parsed. If the
-extension if basicConstraints you will get back a pointer to a
-BASIC_CONSTRAINTS structure. Check out the source in crypto/x509v3 for more
-details about the structures returned. The returned structure should be freed
-after use using the relevant free function, BASIC_CONSTRAINTS_free() for 
-example.
-
-void    *       X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx);
-void    *       X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx);
-void    *       X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx);
-void    *       X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx);
-
-These functions combine the operations of searching for extensions and
-parsing them. They search a certificate, a CRL a CRL entry or a stack
-of extensions respectively for extension whose NID is 'nid' and return
-the parsed result of NULL if an error occurred. For example:
-
-BASIC_CONSTRAINTS *bs;
-bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL);
-
-This will search for the basicConstraints extension and either return
-it value or NULL. NULL can mean either the extension was not found, it
-occurred more than once or it could not be parsed.
-
-If 'idx' is NULL then an extension is only parsed if it occurs precisely
-once. This is standard behaviour because extensions normally cannot occur
-more than once. If however more than one extension of the same type can
-occur it can be used to parse successive extensions for example:
-
-int i;
-void *ext;
-
-i = -1;
-for(;;) {
-        ext = X509_get_ext_d2i(x, nid, crit, &idx);
-        if(ext == NULL) break;
-         /* Do something with ext */
-}
-
-If 'crit' is not NULL and the extension was found then the int it points to
-is set to 1 for critical extensions and 0 for non critical. Therefore if the
-function returns NULL but 'crit' is set to 0 or 1 then the extension was
-found but it could not be parsed.
-
-The int pointed to by crit will be set to -1 if the extension was not found
-and -2 if the extension occurred more than once (this will only happen if
-idx is NULL). In both cases the function will return NULL.
-
-3. Generating extensions.
-
-An extension will typically be generated from a configuration file, or some
-other kind of configuration database.
-
-int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-                                                                 X509 *cert);
-int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section,
-                                                                 X509_CRL *crl);
-
-These functions add all the extensions in the given section to the given
-certificate or CRL. They will normally be called just before the certificate
-or CRL is due to be signed. Both return 0 on error on non zero for success.
-
-In each case 'conf' is the LHASH pointer of the configuration file to use
-and 'section' is the section containing the extension details.
-
-See the 'context functions' section for a description of the ctx parameter.
-
-
-X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name,
-                                                                 char *value);
-
-This function returns an extension based on a name and value pair, if the
-pair will not need to access other sections in a config file (or there is no
-config file) then the 'conf' parameter can be set to NULL.
-
-X509_EXTENSION *X509V3_EXT_conf_nid(char *conf, X509V3_CTX *ctx, int nid,
-                                                                 char *value);
-
-This function creates an extension in the same way as X509V3_EXT_conf() but
-takes the NID of the extension rather than its name.
-
-For example to produce basicConstraints with the CA flag and a path length of
-10:
-
-x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10");
-
-
-X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc);
-
-This function sets up an extension from its internal structure. The ext_nid
-parameter is the NID of the extension and 'crit' is the critical flag.
-
-4. Context functions.
-
-The following functions set and manipulate an extension context structure.
-The purpose of the extension context is to allow the extension code to
-access various structures relating to the "environment" of the certificate:
-for example the issuers certificate or the certificate request.
-
-void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject,
-                                 X509_REQ *req, X509_CRL *crl, int flags);
-
-This function sets up an X509V3_CTX structure with details of the certificate
-environment: specifically the issuers certificate, the subject certificate,
-the certificate request and the CRL: if these are not relevant or not
-available then they can be set to NULL. The 'flags' parameter should be set
-to zero.
-
-X509V3_set_ctx_test(ctx)
-
-This macro is used to set the 'ctx' structure to a 'test' value: this is to
-allow the syntax of an extension (or configuration file) to be tested.
-
-X509V3_set_ctx_nodb(ctx)
-
-This macro is used when no configuration database is present.
-
-void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash);
-
-This function is used to set the configuration database when it is an LHASH
-structure: typically a configuration file.
-
-The following functions are used to access a configuration database: they
-should only be used in RAW extensions.
-
-char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section);
-
-This function returns the value of the parameter "name" in "section", or NULL
-if there has been an error.
-
-void X509V3_string_free(X509V3_CTX *ctx, char *str);
-
-This function frees up the string returned by the above function.
-
-STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section);
-
-This function returns a whole section as a STACK_OF(CONF_VALUE) .
-
-void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section);
-
-This function frees up the STACK returned by the above function.
-
-Note: it is possible to use the extension code with a custom configuration
-database. To do this the "db_meth" element of the X509V3_CTX structure should
-be set to an X509V3_CTX_METHOD structure. This structure contains the following
-function pointers:
-
-char * (*get_string)(void *db, char *section, char *value);
-STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section);
-void (*free_string)(void *db, char * string);
-void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section);
-
-these will be called and passed the 'db' element in the X509V3_CTX structure
-to access the database. If a given function is not implemented or not required
-it can be set to NULL.
-
-5. String helper functions.
-
-There are several "i2s" and "s2i" functions that convert structures to and
-from ASCII strings. In all the "i2s" cases the returned string should be
-freed using Free() after use. Since some of these are part of other extension
-code they may take a 'method' parameter. Unless otherwise stated it can be
-safely set to NULL.
-
-char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *oct);
-
-This returns a hex string from an ASN1_OCTET_STRING.
-
-char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint);
-char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint);
-
-These return a string decimal representations of an ASN1_INTEGER and an
-ASN1_ENUMERATED type, respectively.
-
-ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method,
-                                                   X509V3_CTX *ctx, char *str);
-
-This converts an ASCII hex string to an ASN1_OCTET_STRING.
-
-ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value);
-
-This converts a decimal ASCII string into an ASN1_INTEGER.
-
-6. Multi valued extension helper functions.
-
-The following functions can be used to manipulate STACKs of CONF_VALUE
-structures, as used by multi valued extensions.
-
-int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool);
-
-This function expects a boolean value in 'value' and sets 'asn1_bool' to
-it. That is it sets it to 0 for FALSE or 0xff for TRUE. The following
-strings are acceptable: "TRUE", "true", "Y", "y", "YES", "yes", "FALSE"
-"false", "N", "n", "NO" or "no".
-
-int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint);
-
-This accepts a decimal integer of arbitrary length and sets an ASN1_INTEGER.
-
-int X509V3_add_value(const char *name, const char *value,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This simply adds a string name and value pair.
-
-int X509V3_add_value_uchar(const char *name, const unsigned char *value,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-The same as above but for an unsigned character value.
-
-int X509V3_add_value_bool(const char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool'
-
-int X509V3_add_value_bool_nf(char *name, int asn1_bool,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This is the same as above except it adds nothing if asn1_bool is FALSE.
-
-int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint,
-                                                STACK_OF(CONF_VALUE) **extlist);
-
-This function adds the value of the ASN1_INTEGER in decimal form.
-
-7. Other helper functions.
-
-<to be added>
-
-ADDING CUSTOM EXTENSIONS.
-
-Currently there are three types of supported extensions. 
-
-String extensions are simple strings where the value is placed directly in the
-extensions, and the string returned is printed out.
-
-Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs
-or return a STACK_OF(CONF_VALUE).
-
-Raw extensions are just passed a BIO or a value and it is the extensions
-responsibility to handle all the necessary printing.
-
-There are two ways to add an extension. One is simply as an alias to an already
-existing extension. An alias is an extension that is identical in ASN1 structure
-to an existing extension but has a different OBJECT IDENTIFIER. This can be
-done by calling:
-
-int X509V3_EXT_add_alias(int nid_to, int nid_from);
-
-'nid_to' is the new extension NID and 'nid_from' is the already existing
-extension NID.
-
-Alternatively an extension can be written from scratch. This involves writing
-the ASN1 code to encode and decode the extension and functions to print out and
-generate the extension from strings. The relevant functions are then placed in
-a X509V3_EXT_METHOD structure and int X509V3_EXT_add(X509V3_EXT_METHOD *ext);
-called.
-
-The X509V3_EXT_METHOD structure is described below.
-
-struct {
-int ext_nid;
-int ext_flags;
-X509V3_EXT_NEW ext_new;
-X509V3_EXT_FREE ext_free;
-X509V3_EXT_D2I d2i;
-X509V3_EXT_I2D i2d;
-X509V3_EXT_I2S i2s;
-X509V3_EXT_S2I s2i;
-X509V3_EXT_I2V i2v;
-X509V3_EXT_V2I v2i;
-X509V3_EXT_R2I r2i;
-X509V3_EXT_I2R i2r;
-
-void *usr_data;
-};
-
-The elements have the following meanings.
-
-ext_nid         is the NID of the object identifier of the extension.
-
-ext_flags       is set of flags. Currently the only external flag is
-                X509V3_EXT_MULTILINE which means a multi valued extensions
-                should be printed on separate lines.
-
-usr_data        is an extension specific pointer to any relevant data. This
-                allows extensions to share identical code but have different
-                uses. An example of this is the bit string extension which uses
-                usr_data to contain a list of the bit names.
-
-All the remaining elements are function pointers.
-
-ext_new         is a pointer to a function that allocates memory for the
-                extension ASN1 structure: for example ASN1_OBJECT_new().
-
-ext_free        is a pointer to a function that free up memory of the extension
-                ASN1 structure: for example ASN1_OBJECT_free().
-
-d2i             is the standard ASN1 function that converts a DER buffer into
-                the internal ASN1 structure: for example d2i_ASN1_IA5STRING().
-
-i2d             is the standard ASN1 function that converts the internal
-                structure into the DER representation: for example
-                i2d_ASN1_IA5STRING().
-
-The remaining functions are depend on the type of extension. One i2X and
-one X2i should be set and the rest set to NULL. The types set do not need
-to match up, for example the extension could be set using the multi valued
-v2i function and printed out using the raw i2r.
-
-All functions have the X509V3_EXT_METHOD passed to them in the 'method'
-parameter and an X509V3_CTX structure. Extension code can then access the
-parent structure via the 'method' parameter to for example make use of the value
-of usr_data. If the code needs to use detail relating to the request it can
-use the 'ctx' parameter.
-
-A note should be given here about the 'flags' member of the 'ctx' parameter.
-If it has the value CTX_TEST then the configuration syntax is being checked
-and no actual certificate or CRL exists. Therefore any attempt in the config
-file to access such information should silently succeed. If the syntax is OK
-then it should simply return a (possibly bogus) extension, otherwise it
-should return NULL.
-
-char *i2s(struct v3_ext_method *method, void *ext);
-
-This function takes the internal structure in the ext parameter and returns
-a Malloc'ed string representing its value.
-
-void * s2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-This function takes the string representation in the ext parameter and returns
-an allocated internal structure: ext_free() will be used on this internal
-structure after use.
-
-i2v and v2i handle a STACK_OF(CONF_VALUE):
-
-typedef struct
-{
-        char *section;
-        char *name;
-        char *value;
-} CONF_VALUE;
-
-Only the name and value members are currently used.
-
-STACK_OF(CONF_VALUE) * i2v(struct v3_ext_method *method, void *ext);
-
-This function is passed the internal structure in the ext parameter and
-returns a STACK of CONF_VALUE structures. The values of name, value,
-section and the structure itself will be freed up with Free after use.
-Several helper functions are available to add values to this STACK.
-
-void * v2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx,
-                                                STACK_OF(CONF_VALUE) *values);
-
-This function takes a STACK_OF(CONF_VALUE) structures and should set the
-values of the external structure. This typically uses the name element to
-determine which structure element to set and the value element to determine
-what to set it to. Several helper functions are available for this
-purpose (see above).
-
-int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent);
-
-This function is passed the internal extension structure in the ext parameter
-and sends out a human readable version of the extension to out. The 'indent'
-parameter should be noted to determine the necessary amount of indentation
-needed on the output.
-
-void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-
-This is just passed the string representation of the extension. It is intended
-to be used for more elaborate extensions where the standard single and multi
-valued options are insufficient. They can use the 'ctx' parameter to parse the
-configuration database themselves. See the context functions section for details
-of how to do this.
-
-Note: although this type takes the same parameters as the "r2s" function there
-is a subtle difference. Whereas an "r2i" function can access a configuration
-database an "s2i" function MUST NOT. This is so the internal code can safely
-assume that an "s2i" function will work without a configuration database.
-
-==============================================================================
-                            PKCS#12 Library
-==============================================================================
-
-This section describes the internal PKCS#12 support. There are very few
-differences between the old external library and the new internal code at
-present. This may well change because the external library will not be updated
-much in future.
-
-This version now includes a couple of high level PKCS#12 functions which
-generally "do the right thing" and should make it much easier to handle PKCS#12
-structures.
-
-HIGH LEVEL FUNCTIONS.
-
-For most applications you only need concern yourself with the high level
-functions. They can parse and generate simple PKCS#12 files as produced by
-Netscape and MSIE or indeed any compliant PKCS#12 file containing a single
-private key and certificate pair.
-
-1. Initialisation and cleanup.
-
-No special initialisation is needed for the internal PKCS#12 library: the 
-standard SSLeay_add_all_algorithms() is sufficient. If you do not wish to
-add all algorithms (you should at least add SHA1 though) then you can manually
-initialise the PKCS#12 library with:
-
-PKCS12_PBE_add();
-
-The memory allocated by the PKCS#12 library is freed up when EVP_cleanup() is
-called or it can be directly freed with:
-
-EVP_PBE_cleanup();
-
-after this call (or EVP_cleanup() ) no more PKCS#12 library functions should
-be called.
-
-2. I/O functions.
-
-i2d_PKCS12_bio(bp, p12)
-
-This writes out a PKCS12 structure to a BIO.
-
-i2d_PKCS12_fp(fp, p12)
-
-This is the same but for a FILE pointer.
-
-d2i_PKCS12_bio(bp, p12)
-
-This reads in a PKCS12 structure from a BIO.
-
-d2i_PKCS12_fp(fp, p12)
-
-This is the same but for a FILE pointer.
-
-3. High level functions.
-
-3.1 Parsing with PKCS12_parse().
-
-int PKCS12_parse(PKCS12 *p12, char *pass, EVP_PKEY **pkey, X509 **cert,
-                                                                 STACK **ca);
-
-This function takes a PKCS12 structure and a password (ASCII, null terminated)
-and returns the private key, the corresponding certificate and any CA
-certificates. If any of these is not required it can be passed as a NULL.
-The 'ca' parameter should be either NULL, a pointer to NULL or a valid STACK
-structure. Typically to read in a PKCS#12 file you might do:
-
-p12 = d2i_PKCS12_fp(fp, NULL);
-PKCS12_parse(p12, password, &pkey, &cert, NULL);        /* CAs not wanted */
-PKCS12_free(p12);
-
-3.2 PKCS#12 creation with PKCS12_create().
-
-PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert,
-                        STACK *ca, int nid_key, int nid_cert, int iter,
-                                                 int mac_iter, int keytype);
-
-This function will create a PKCS12 structure from a given password, name,
-private key, certificate and optional STACK of CA certificates. The remaining
-5 parameters can be set to 0 and sensible defaults will be used.
-
-The parameters nid_key and nid_cert are the key and certificate encryption
-algorithms, iter is the encryption iteration count, mac_iter is the MAC
-iteration count and keytype is the type of private key. If you really want
-to know what these last 5 parameters do then read the low level section.
-
-Typically to create a PKCS#12 file the following could be used:
-
-p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0);
-i2d_PKCS12_fp(fp, p12);
-PKCS12_free(p12);
-
-3.3 Changing a PKCS#12 structure password.
-
-int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass);
-
-This changes the password of an already existing PKCS#12 structure. oldpass
-is the old password and newpass is the new one. An error occurs if the old
-password is incorrect.
-
-LOW LEVEL FUNCTIONS.
-
-In some cases the high level functions do not provide the necessary
-functionality. For example if you want to generate or parse more complex
-PKCS#12 files. The sample pkcs12 application uses the low level functions
-to display details about the internal structure of a PKCS#12 file.
-
-Introduction.
-
-This is a brief description of how a PKCS#12 file is represented internally:
-some knowledge of PKCS#12 is assumed.
-
-A PKCS#12 object contains several levels.
-
-At the lowest level is a PKCS12_SAFEBAG. This can contain a certificate, a
-CRL, a private key, encrypted or unencrypted, a set of safebags (so the
-structure can be nested) or other secrets (not documented at present). 
-A safebag can optionally have attributes, currently these are: a unicode
-friendlyName (a Unicode string) or a localKeyID (a string of bytes).
-
-At the next level is an authSafe which is a set of safebags collected into
-a PKCS#7 ContentInfo. This can be just plain data, or encrypted itself.
-
-At the top level is the PKCS12 structure itself which contains a set of
-authSafes in an embedded PKCS#7 Contentinfo of type data. In addition it
-contains a MAC which is a kind of password protected digest to preserve
-integrity (so any unencrypted stuff below can't be tampered with).
-
-The reason for these levels is so various objects can be encrypted in various
-ways. For example you might want to encrypt a set of private keys with
-triple-DES and then include the related certificates either unencrypted or
-with lower encryption. Yes it's the dreaded crypto laws at work again which
-allow strong encryption on private keys and only weak encryption on other
-stuff.
-
-To build one of these things you turn all certificates and keys into safebags
-(with optional attributes). You collect the safebags into (one or more) STACKS
-and convert these into authsafes (encrypted or unencrypted).  The authsafes
-are collected into a STACK and added to a PKCS12 structure.  Finally a MAC
-inserted.
-
-Pulling one apart is basically the reverse process. The MAC is verified against
-the given password. The authsafes are extracted and each authsafe split into
-a set of safebags (possibly involving decryption). Finally the safebags are
-decomposed into the original keys and certificates and the attributes used to
-match up private key and certificate pairs.
-
-Anyway here are the functions that do the dirty work.
-
-1. Construction functions.
-
-1.1 Safebag functions.
-
-M_PKCS12_x5092certbag(x509)
-
-This macro takes an X509 structure and returns a certificate bag. The
-X509 structure can be freed up after calling this function.
-
-M_PKCS12_x509crl2certbag(crl)
-
-As above but for a CRL.
-
-PKCS8_PRIV_KEY_INFO *PKEY2PKCS8(EVP_PKEY *pkey)
-
-Take a private key and convert it into a PKCS#8 PrivateKeyInfo structure.
-Works for both RSA and DSA private keys. NB since the PKCS#8 PrivateKeyInfo
-structure contains a private key data in plain text form it should be free'd
-up as soon as it has been encrypted for security reasons (freeing up the
-structure zeros out the sensitive data). This can be done with
-PKCS8_PRIV_KEY_INFO_free().
-
-PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage)
-
-This sets the key type when a key is imported into MSIE or Outlook 98. Two
-values are currently supported: KEY_EX and KEY_SIG. KEY_EX is an exchange type
-key that can also be used for signing but its size is limited in the export
-versions of MS software to 512 bits, it is also the default. KEY_SIG is a
-signing only key but the keysize is unlimited (well 16K is supposed to work).
-If you are using the domestic version of MSIE then you can ignore this because
-KEY_EX is not limited and can be used for both.
-
-PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8)
-
-Convert a PKCS8 private key structure into a keybag. This routine embeds the
-p8 structure in the keybag so p8 should not be freed up or used after it is
-called.  The p8 structure will be freed up when the safebag is freed.
-
-PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, PKCS8_PRIV_KEY_INFO *p8)
-
-Convert a PKCS#8 structure into a shrouded key bag (encrypted). p8 is not
-embedded and can be freed up after use.
-
-int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
-int PKCS12_add_friendlyname(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen)
-
-Add a local key id or a friendlyname to a safebag.
-
-1.2 Authsafe functions.
-
-PKCS7 *PKCS12_pack_p7data(STACK *sk)
-Take a stack of safebags and convert them into an unencrypted authsafe. The
-stack of safebags can be freed up after calling this function.
-
-PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, STACK *bags);
-
-As above but encrypted.
-
-1.3 PKCS12 functions.
-
-PKCS12 *PKCS12_init(int mode)
-
-Initialise a PKCS12 structure (currently mode should be NID_pkcs7_data).
-
-M_PKCS12_pack_authsafes(p12, safes)
-
-This macro takes a STACK of authsafes and adds them to a PKCS#12 structure.
-
-int PKCS12_set_mac(PKCS12 *p12, unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int iter, EVP_MD *md_type);
-
-Add a MAC to a PKCS12 structure. If EVP_MD is NULL use SHA-1, the spec suggests
-that SHA-1 should be used.
-
-2. Extraction Functions.
-
-2.1 Safebags.
-
-M_PKCS12_bag_type(bag)
-
-Return the type of "bag". Returns one of the following
-
-NID_keyBag
-NID_pkcs8ShroudedKeyBag                 7
-NID_certBag                             8
-NID_crlBag                              9
-NID_secretBag                           10
-NID_safeContentsBag                     11
-
-M_PKCS12_cert_bag_type(bag)
-
-Returns type of certificate bag, following are understood.
-
-NID_x509Certificate                     14
-NID_sdsiCertificate                     15
-
-M_PKCS12_crl_bag_type(bag)
-
-Returns crl bag type, currently only NID_crlBag is recognised.
-
-M_PKCS12_certbag2x509(bag)
-
-This macro extracts an X509 certificate from a certificate bag.
-
-M_PKCS12_certbag2x509crl(bag)
-
-As above but for a CRL.
-
-EVP_PKEY * PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8)
-
-Extract a private key from a PKCS8 private key info structure.
-
-M_PKCS12_decrypt_skey(bag, pass, passlen) 
-
-Decrypt a shrouded key bag and return a PKCS8 private key info structure.
-Works with both RSA and DSA keys
-
-char *PKCS12_get_friendlyname(bag)
-
-Returns the friendlyName of a bag if present or NULL if none. The returned
-string is a null terminated ASCII string allocated with Malloc(). It should 
-thus be freed up with Free() after use.
-
-2.2 AuthSafe functions.
-
-M_PKCS12_unpack_p7data(p7)
-
-Extract a STACK of safe bags from a PKCS#7 data ContentInfo.
-
-#define M_PKCS12_unpack_p7encdata(p7, pass, passlen)
-
-As above but for an encrypted content info.
-
-2.3 PKCS12 functions.
-
-M_PKCS12_unpack_authsafes(p12)
-
-Extract a STACK of authsafes from a PKCS12 structure.
-
-M_PKCS12_mac_present(p12)
-
-Check to see if a MAC is present.
-
-int PKCS12_verify_mac(PKCS12 *p12, unsigned char *pass, int passlen)
-
-Verify a MAC on a PKCS12 structure. Returns an error if MAC not present.
-
-
-Notes.
-
-1. All the function return 0 or NULL on error.
-2. Encryption based functions take a common set of parameters. These are
-described below.
-
-pass, passlen
-ASCII password and length. The password on the MAC is called the "integrity
-password" the encryption password is called the "privacy password" in the
-PKCS#12 documentation. The passwords do not have to be the same. If -1 is
-passed for the length it is worked out by the function itself (currently
-this is sometimes done whatever is passed as the length but that may change).
-
-salt, saltlen
-A 'salt' if salt is NULL a random salt is used. If saltlen is also zero a
-default length is used.
-
-iter
-Iteration count. This is a measure of how many times an internal function is
-called to encrypt the data. The larger this value is the longer it takes, it
-makes dictionary attacks on passwords harder. NOTE: Some implementations do
-not support an iteration count on the MAC. If the password for the MAC and
-encryption is the same then there is no point in having a high iteration
-count for encryption if the MAC has no count. The MAC could be attacked
-and the password used for the main decryption.
-
-pbe_nid
-This is the NID of the password based encryption method used. The following are
-supported.
-NID_pbe_WithSHA1And128BitRC4
-NID_pbe_WithSHA1And40BitRC4
-NID_pbe_WithSHA1And3_Key_TripleDES_CBC
-NID_pbe_WithSHA1And2_Key_TripleDES_CBC
-NID_pbe_WithSHA1And128BitRC2_CBC
-NID_pbe_WithSHA1And40BitRC2_CBC
-
-Which you use depends on the implementation you are exporting to. "Export
-grade" (i.e. cryptographically challenged) products cannot support all
-algorithms. Typically you may be able to use any encryption on shrouded key
-bags but they must then be placed in an unencrypted authsafe. Other authsafes
-may only support 40bit encryption. Of course if you are using SSLeay
-throughout you can strongly encrypt everything and have high iteration counts
-on everything.
-
-3. For decryption routines only the password and length are needed.
-
-4. Unlike the external version the nid's of objects are the values of the
-constants: that is NID_certBag is the real nid, therefore there is no 
-PKCS12_obj_offset() function.  Note the object constants are not the same as
-those of the external version. If you use these constants then you will need
-to recompile your code.
-
-5. With the exception of PKCS12_MAKE_KEYBAG(), after calling any function or 
-macro of the form PKCS12_MAKE_SOMETHING(other) the "other" structure can be
-reused or freed up safely.
-
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt
deleted file mode 100644
index 6b3c5c5038..0000000000
--- a/src/lib/libssl/doc/standards.txt
+++ /dev/null
@@ -1,285 +0,0 @@
-Standards related to OpenSSL
-============================
-
-[Please, this is currently a draft.  I made a first try at finding
- documents that describe parts of what OpenSSL implements.  There are
- big gaps, and I've most certainly done something wrong.  Please
- correct whatever is...  Also, this note should be removed when this
- file is reaching a somewhat correct state.        -- Richard Levitte]
-
-
-All pointers in here will be either URL's or blobs of text borrowed
-from miscellaneous indexes, like rfc-index.txt (index of RFCs),
-1id-index.txt (index of Internet drafts) and the like.
-
-To find the latest possible RFCs, it's recommended to either browse
-ftp://ftp.isi.edu/in-notes/ or go to http://www.rfc-editor.org/ and
-use the search mechanism found there.
-To find the latest possible Internet drafts, it's recommended to
-browse ftp://ftp.isi.edu/internet-drafts/.
-To find the latest possible PKCS, it's recommended to browse
-http://www.rsasecurity.com/rsalabs/pkcs/.
-
-
-Implemented:
-------------
-
-These are documents that describe things that are implemented (in
-whole or at least great parts) in OpenSSL.
-
-1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992.
-     (Format: TXT=25661 bytes) (Status: INFORMATIONAL)
-
-1320 The MD4 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
-     TXT=32407 bytes) (Status: INFORMATIONAL)
-
-1321 The MD5 Message-Digest Algorithm. R. Rivest. April 1992. (Format:
-     TXT=35222 bytes) (Status: INFORMATIONAL)
-
-2246 The TLS Protocol Version 1.0. T. Dierks, C. Allen. January 1999.
-     (Format: TXT=170401 bytes) (Status: PROPOSED STANDARD)
-
-2268 A Description of the RC2(r) Encryption Algorithm. R. Rivest.
-     January 1998. (Format: TXT=19048 bytes) (Status: INFORMATIONAL)
-
-2315 PKCS 7: Cryptographic Message Syntax Version 1.5. B. Kaliski.
-     March 1998. (Format: TXT=69679 bytes) (Status: INFORMATIONAL)
-
-PKCS#8: Private-Key Information Syntax Standard
-
-PKCS#12: Personal Information Exchange Syntax Standard, version 1.0.
-
-2560 X.509 Internet Public Key Infrastructure Online Certificate
-     Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin,
-     C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED
-     STANDARD)
-
-2712 Addition of Kerberos Cipher Suites to Transport Layer Security
-     (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes)
-     (Status: PROPOSED STANDARD)
-
-2898 PKCS #5: Password-Based Cryptography Specification Version 2.0.
-     B. Kaliski. September 2000. (Format: TXT=68692 bytes) (Status:
-     INFORMATIONAL)
-
-2986 PKCS #10: Certification Request Syntax Specification Version 1.7.
-     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=27794 bytes)
-     (Obsoletes RFC2314) (Status: INFORMATIONAL)
-
-3174 US Secure Hash Algorithm 1 (SHA1). D. Eastlake 3rd, P. Jones.
-     September 2001. (Format: TXT=35525 bytes) (Status: INFORMATIONAL)
-
-3161 Internet X.509 Public Key Infrastructure, Time-Stamp Protocol (TSP)
-     C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001
-     (Status: PROPOSED STANDARD)
-
-3268 Advanced Encryption Standard (AES) Ciphersuites for Transport
-     Layer Security (TLS). P. Chown. June 2002. (Format: TXT=13530 bytes)
-     (Status: PROPOSED STANDARD)
-
-3279 Algorithms and Identifiers for the Internet X.509 Public Key
-     Infrastructure Certificate and Certificate Revocation List (CRL)
-     Profile. L. Bassham, W. Polk, R. Housley. April 2002. (Format:
-     TXT=53833 bytes) (Status: PROPOSED STANDARD)
-
-3280 Internet X.509 Public Key Infrastructure Certificate and
-     Certificate Revocation List (CRL) Profile. R. Housley, W. Polk, W.
-     Ford, D. Solo. April 2002. (Format: TXT=295556 bytes) (Obsoletes
-     RFC2459) (Status: PROPOSED STANDARD)
-
-3447 Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography
-     Specifications Version 2.1. J. Jonsson, B. Kaliski. February 2003.
-     (Format: TXT=143173 bytes) (Obsoletes RFC2437) (Status:           
-     INFORMATIONAL)                                         
-
-3713 A Description of the Camellia Encryption Algorithm. M. Matsui,
-     J. Nakajima, S. Moriai. April 2004. (Format: TXT=25031 bytes)
-     (Status: INFORMATIONAL)
-
-3820 Internet X.509 Public Key Infrastructure (PKI) Proxy Certificate
-     Profile. S. Tuecke, V. Welch, D. Engert, L. Pearlman, M. Thompson.
-     June 2004. (Format: TXT=86374 bytes) (Status: PROPOSED STANDARD)
-
-4132 Addition of Camellia Cipher Suites to Transport Layer Security
-     (TLS). S. Moriai, A. Kato, M. Kanda. July 2005. (Format: TXT=13590
-     bytes) (Status: PROPOSED STANDARD)
-
-4162 Addition of SEED Cipher Suites to Transport Layer Security (TLS).
-     H.J. Lee, J.H. Yoon, J.I. Lee. August 2005. (Format: TXT=10578 bytes)
-     (Status: PROPOSED STANDARD)
-
-4269 The SEED Encryption Algorithm. H.J. Lee, S.J. Lee, J.H. Yoon,
-     D.H. Cheon, J.I. Lee. December 2005. (Format: TXT=34390 bytes)
-     (Obsoletes RFC4009) (Status: INFORMATIONAL)
-
-
-Related:
---------
-
-These are documents that are close to OpenSSL, for example the
-STARTTLS documents.
-
-1421 Privacy Enhancement for Internet Electronic Mail: Part I: Message
-     Encryption and Authentication Procedures. J. Linn. February 1993.
-     (Format: TXT=103894 bytes) (Obsoletes RFC1113) (Status: PROPOSED
-     STANDARD)
-
-1422 Privacy Enhancement for Internet Electronic Mail: Part II:
-     Certificate-Based Key Management. S. Kent. February 1993. (Format:
-     TXT=86085 bytes) (Obsoletes RFC1114) (Status: PROPOSED STANDARD)
-
-1423 Privacy Enhancement for Internet Electronic Mail: Part III:
-     Algorithms, Modes, and Identifiers. D. Balenson. February 1993.
-     (Format: TXT=33277 bytes) (Obsoletes RFC1115) (Status: PROPOSED
-     STANDARD)
-
-1424 Privacy Enhancement for Internet Electronic Mail: Part IV: Key
-     Certification and Related Services. B. Kaliski. February 1993.
-     (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD)
-
-2025 The Simple Public-Key GSS-API Mechanism (SPKM). C. Adams. October
-     1996. (Format: TXT=101692 bytes) (Status: PROPOSED STANDARD)
-
-2510 Internet X.509 Public Key Infrastructure Certificate Management
-     Protocols. C. Adams, S. Farrell. March 1999. (Format: TXT=158178
-     bytes) (Status: PROPOSED STANDARD)
-
-2511 Internet X.509 Certificate Request Message Format. M. Myers, C.
-     Adams, D. Solo, D. Kemp. March 1999. (Format: TXT=48278 bytes)
-     (Status: PROPOSED STANDARD)
-
-2527 Internet X.509 Public Key Infrastructure Certificate Policy and
-     Certification Practices Framework. S. Chokhani, W. Ford. March 1999.
-     (Format: TXT=91860 bytes) (Status: INFORMATIONAL)
-
-2538 Storing Certificates in the Domain Name System (DNS). D. Eastlake
-     3rd, O. Gudmundsson. March 1999. (Format: TXT=19857 bytes) (Status:
-     PROPOSED STANDARD)
-
-2539 Storage of Diffie-Hellman Keys in the Domain Name System (DNS).
-     D. Eastlake 3rd. March 1999. (Format: TXT=21049 bytes) (Status:
-     PROPOSED STANDARD)
-
-2559 Internet X.509 Public Key Infrastructure Operational Protocols -
-     LDAPv2. S. Boeyen, T. Howes, P. Richard. April 1999. (Format:
-     TXT=22889 bytes) (Updates RFC1778) (Status: PROPOSED STANDARD)
-
-2585 Internet X.509 Public Key Infrastructure Operational Protocols:
-     FTP and HTTP. R. Housley, P. Hoffman. May 1999. (Format: TXT=14813
-     bytes) (Status: PROPOSED STANDARD)
-
-2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema. S.
-     Boeyen, T. Howes, P. Richard. June 1999. (Format: TXT=15102 bytes)
-     (Status: PROPOSED STANDARD)
-
-2595 Using TLS with IMAP, POP3 and ACAP. C. Newman. June 1999.
-     (Format: TXT=32440 bytes) (Status: PROPOSED STANDARD)
-
-2631 Diffie-Hellman Key Agreement Method. E. Rescorla. June 1999.
-     (Format: TXT=25932 bytes) (Status: PROPOSED STANDARD)
-
-2632 S/MIME Version 3 Certificate Handling. B. Ramsdell, Ed.. June
-     1999. (Format: TXT=27925 bytes) (Status: PROPOSED STANDARD)
-
-2716 PPP EAP TLS Authentication Protocol. B. Aboba, D. Simon. October
-     1999. (Format: TXT=50108 bytes) (Status: EXPERIMENTAL)
-
-2773 Encryption using KEA and SKIPJACK. R. Housley, P. Yee, W. Nace.
-     February 2000. (Format: TXT=20008 bytes) (Updates RFC0959) (Status:
-     EXPERIMENTAL)
-
-2797 Certificate Management Messages over CMS. M. Myers, X. Liu, J.
-     Schaad, J. Weinstein. April 2000. (Format: TXT=103357 bytes) (Status:
-     PROPOSED STANDARD)
-
-2817 Upgrading to TLS Within HTTP/1.1. R. Khare, S. Lawrence. May
-     2000. (Format: TXT=27598 bytes) (Updates RFC2616) (Status: PROPOSED
-     STANDARD)
-
-2818 HTTP Over TLS. E. Rescorla. May 2000. (Format: TXT=15170 bytes)
-     (Status: INFORMATIONAL)
-
-2876 Use of the KEA and SKIPJACK Algorithms in CMS. J. Pawling. July
-     2000. (Format: TXT=29265 bytes) (Status: INFORMATIONAL)
-
-2984 Use of the CAST-128 Encryption Algorithm in CMS. C. Adams.
-     October 2000. (Format: TXT=11591 bytes) (Status: PROPOSED STANDARD)
-
-2985 PKCS #9: Selected Object Classes and Attribute Types Version 2.0.
-     M. Nystrom, B. Kaliski. November 2000. (Format: TXT=70703 bytes)
-     (Status: INFORMATIONAL)
-
-3029 Internet X.509 Public Key Infrastructure Data Validation and
-     Certification Server Protocols. C. Adams, P. Sylvester, M. Zolotarev,
-     R. Zuccherato. February 2001. (Format: TXT=107347 bytes) (Status:
-     EXPERIMENTAL)
-
-3039 Internet X.509 Public Key Infrastructure Qualified Certificates
-     Profile. S. Santesson, W. Polk, P. Barzin, M. Nystrom. January 2001.
-     (Format: TXT=67619 bytes) (Status: PROPOSED STANDARD)
-
-3058 Use of the IDEA Encryption Algorithm in CMS. S. Teiwes, P.
-     Hartmann, D. Kuenzi. February 2001. (Format: TXT=17257 bytes)
-     (Status: INFORMATIONAL)
-
-3161 Internet X.509 Public Key Infrastructure Time-Stamp Protocol
-     (TSP). C. Adams, P. Cain, D. Pinkas, R. Zuccherato. August 2001.
-     (Format: TXT=54585 bytes) (Status: PROPOSED STANDARD)
-
-3185 Reuse of CMS Content Encryption Keys. S. Farrell, S. Turner.
-     October 2001. (Format: TXT=20404 bytes) (Status: PROPOSED STANDARD)
-
-3207 SMTP Service Extension for Secure SMTP over Transport Layer
-     Security. P. Hoffman. February 2002. (Format: TXT=18679 bytes)
-     (Obsoletes RFC2487) (Status: PROPOSED STANDARD)
-
-3217 Triple-DES and RC2 Key Wrapping. R. Housley. December 2001.
-     (Format: TXT=19855 bytes) (Status: INFORMATIONAL)
-
-3274 Compressed Data Content Type for Cryptographic Message Syntax
-     (CMS). P. Gutmann. June 2002. (Format: TXT=11276 bytes) (Status:
-     PROPOSED STANDARD)
-
-3278 Use of Elliptic Curve Cryptography (ECC) Algorithms in
-     Cryptographic Message Syntax (CMS). S. Blake-Wilson, D. Brown, P.
-     Lambert. April 2002. (Format: TXT=33779 bytes) (Status:
-     INFORMATIONAL)
-
-3281 An Internet Attribute Certificate Profile for Authorization. S.
-     Farrell, R. Housley. April 2002. (Format: TXT=90580 bytes) (Status:
-     PROPOSED STANDARD)
-
-3369 Cryptographic Message Syntax (CMS). R. Housley. August 2002.
-     (Format: TXT=113975 bytes) (Obsoletes RFC2630, RFC3211) (Status:
-     PROPOSED STANDARD)
-
-3370 Cryptographic Message Syntax (CMS) Algorithms. R. Housley. August
-     2002. (Format: TXT=51001 bytes) (Obsoletes RFC2630, RFC3211) (Status:
-     PROPOSED STANDARD)
-
-3377 Lightweight Directory Access Protocol (v3): Technical
-     Specification. J. Hodges, R. Morgan. September 2002. (Format:
-     TXT=9981 bytes) (Updates RFC2251, RFC2252, RFC2253, RFC2254, RFC2255,
-     RFC2256, RFC2829, RFC2830) (Status: PROPOSED STANDARD)
-
-3394 Advanced Encryption Standard (AES) Key Wrap Algorithm. J. Schaad,
-     R. Housley. September 2002. (Format: TXT=73072 bytes) (Status:
-     INFORMATIONAL)
-
-3436 Transport Layer Security over Stream Control Transmission
-     Protocol. A. Jungmaier, E. Rescorla, M. Tuexen. December 2002.
-     (Format: TXT=16333 bytes) (Status: PROPOSED STANDARD)
-
-3657 Use of the Camellia Encryption Algorithm in Cryptographic 
-     Message Syntax (CMS). S. Moriai, A. Kato. January 2004.
-     (Format: TXT=26282 bytes) (Status: PROPOSED STANDARD)
-
-"Securing FTP with TLS", 01/27/2000, <draft-murray-auth-ftp-ssl-05.txt>  
- 
-
-To be implemented:
-------------------
-
-These are documents that describe things that are planned to be
-implemented in the hopefully short future.
-
diff --git a/src/lib/libssl/dtls1.h b/src/lib/libssl/dtls1.h
deleted file mode 100644
index 7428d8ec3c..0000000000
--- a/src/lib/libssl/dtls1.h
+++ /dev/null
@@ -1,103 +0,0 @@
-/* $OpenBSD: dtls1.h,v 1.27 2021/05/16 13:56:30 jsing Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS1_H
-#define HEADER_DTLS1_H
-
-#include <sys/time.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <openssl/opensslconf.h>
-#include <openssl/buffer.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define DTLS1_VERSION                   0xFEFF
-#define DTLS1_2_VERSION                 0xFEFD
-#define DTLS1_VERSION_MAJOR             0xFE
-
-/* lengths of messages */
-#define DTLS1_COOKIE_LENGTH                     256
-
-#define DTLS1_RT_HEADER_LENGTH                  13
-
-#define DTLS1_HM_HEADER_LENGTH                  12
-
-#define DTLS1_HM_BAD_FRAGMENT                   -2
-#define DTLS1_HM_FRAGMENT_RETRY                 -3
-
-#define DTLS1_CCS_HEADER_LENGTH                  1
-
-#define DTLS1_AL_HEADER_LENGTH                   2
-
-/* Timeout multipliers (timeout slice is defined in apps/timeouts.h */
-#define DTLS1_TMO_READ_COUNT                      2
-#define DTLS1_TMO_WRITE_COUNT                     2
-
-#define DTLS1_TMO_ALERT_COUNT                     12
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/dtls_local.h b/src/lib/libssl/dtls_local.h
deleted file mode 100644
index c7c413fef4..0000000000
--- a/src/lib/libssl/dtls_local.h
+++ /dev/null
@@ -1,232 +0,0 @@
-/* $OpenBSD: dtls_local.h,v 1.2 2022/11/26 17:23:18 tb Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_DTLS_LOCL_H
-#define HEADER_DTLS_LOCL_H
-
-#include <sys/time.h>
-
-#include <openssl/dtls1.h>
-
-#include "ssl_local.h"
-#include "tls_content.h"
-
-__BEGIN_HIDDEN_DECLS
-
-typedef struct dtls1_bitmap_st {
-        unsigned long map;              /* track 32 packets on 32-bit systems
-                                           and 64 - on 64-bit systems */
-        unsigned char max_seq_num[8];   /* max record number seen so far,
-                                           64-bit value in big-endian
-                                           encoding */
-} DTLS1_BITMAP;
-
-struct dtls1_retransmit_state {
-        SSL_SESSION *session;
-        unsigned short epoch;
-};
-
-struct hm_header_st {
-        unsigned char type;
-        unsigned long msg_len;
-        unsigned short seq;
-        unsigned long frag_off;
-        unsigned long frag_len;
-        unsigned int is_ccs;
-        struct dtls1_retransmit_state saved_retransmit_state;
-};
-
-struct dtls1_timeout_st {
-        /* Number of read timeouts so far */
-        unsigned int read_timeouts;
-
-        /* Number of write timeouts so far */
-        unsigned int write_timeouts;
-
-        /* Number of alerts received so far */
-        unsigned int num_alerts;
-};
-
-struct _pqueue;
-
-typedef struct record_pqueue_st {
-        unsigned short epoch;
-        struct _pqueue *q;
-} record_pqueue;
-
-typedef struct rcontent_pqueue_st {
-        unsigned short epoch;
-        struct _pqueue *q;
-} rcontent_pqueue;
-
-typedef struct hm_fragment_st {
-        struct hm_header_st msg_header;
-        unsigned char *fragment;
-        unsigned char *reassembly;
-} hm_fragment;
-
-typedef struct dtls1_record_data_internal_st {
-        unsigned char *packet;
-        unsigned int packet_length;
-        SSL3_BUFFER_INTERNAL rbuf;
-        SSL3_RECORD_INTERNAL rrec;
-} DTLS1_RECORD_DATA_INTERNAL;
-
-typedef struct dtls1_rcontent_data_internal_st {
-        struct tls_content *rcontent;
-} DTLS1_RCONTENT_DATA_INTERNAL;
-
-struct dtls1_state_st {
-        /* Buffered (sent) handshake records */
-        struct _pqueue *sent_messages;
-
-        /* Indicates when the last handshake msg or heartbeat sent will timeout */
-        struct timeval next_timeout;
-
-        /* Timeout duration */
-        unsigned short timeout_duration;
-
-        unsigned int send_cookie;
-        unsigned char cookie[DTLS1_COOKIE_LENGTH];
-        unsigned char rcvd_cookie[DTLS1_COOKIE_LENGTH];
-        unsigned int cookie_len;
-
-        /* records being received in the current epoch */
-        DTLS1_BITMAP bitmap;
-
-        /* renegotiation starts a new set of sequence numbers */
-        DTLS1_BITMAP next_bitmap;
-
-        /* handshake message numbers */
-        unsigned short handshake_write_seq;
-        unsigned short next_handshake_write_seq;
-
-        unsigned short handshake_read_seq;
-
-        /* Received handshake records (unprocessed) */
-        record_pqueue unprocessed_rcds;
-
-        /* Buffered handshake messages */
-        struct _pqueue *buffered_messages;
-
-        /* Buffered application records.
-         * Only for records between CCS and Finished
-         * to prevent either protocol violation or
-         * unnecessary message loss.
-         */
-        rcontent_pqueue buffered_app_data;
-
-        /* Is set when listening for new connections with dtls1_listen() */
-        unsigned int listen;
-
-        unsigned int mtu; /* max DTLS packet size */
-
-        struct hm_header_st w_msg_hdr;
-        struct hm_header_st r_msg_hdr;
-
-        struct dtls1_timeout_st timeout;
-
-        unsigned int retransmitting;
-        unsigned int change_cipher_spec_ok;
-};
-
-int dtls1_do_write(SSL *s, int type);
-int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-void dtls1_set_message_header(SSL *s, unsigned char mt, unsigned long len,
-    unsigned long frag_off, unsigned long frag_len);
-void dtls1_set_message_header_int(SSL *s, unsigned char mt,
-    unsigned long len, unsigned short seq_num, unsigned long frag_off,
-    unsigned long frag_len);
-
-int do_dtls1_write(SSL *s, int type, const unsigned char *buf,
-    unsigned int len);
-
-int dtls1_write_app_data_bytes(SSL *s, int type, const void *buf, int len);
-int dtls1_write_bytes(SSL *s, int type, const void *buf, int len);
-
-int dtls1_read_failed(SSL *s, int code);
-int dtls1_buffer_message(SSL *s, int ccs);
-int dtls1_retransmit_message(SSL *s, unsigned short seq,
-    unsigned long frag_off, int *found);
-int dtls1_get_queue_priority(unsigned short seq, int is_ccs);
-int dtls1_retransmit_buffered_messages(SSL *s);
-void dtls1_clear_record_buffer(SSL *s);
-int dtls1_get_message_header(CBS *header, struct hm_header_st *msg_hdr);
-void dtls1_reset_read_seq_numbers(SSL *s);
-struct timeval* dtls1_get_timeout(SSL *s, struct timeval* timeleft);
-int dtls1_check_timeout_num(SSL *s);
-int dtls1_handle_timeout(SSL *s);
-const SSL_CIPHER *dtls1_get_cipher(unsigned int u);
-void dtls1_start_timer(SSL *s);
-void dtls1_stop_timer(SSL *s);
-int dtls1_is_timer_expired(SSL *s);
-void dtls1_double_timeout(SSL *s);
-unsigned int dtls1_min_mtu(void);
-
-int dtls1_new(SSL *s);
-void dtls1_free(SSL *s);
-void dtls1_clear(SSL *s);
-long dtls1_ctrl(SSL *s, int cmd, long larg, void *parg);
-
-int dtls1_get_message(SSL *s, int st1, int stn, int mt, long max);
-int dtls1_get_record(SSL *s);
-
-__END_HIDDEN_DECLS
-
-#endif /* !HEADER_DTLS_LOCL_H */
diff --git a/src/lib/libssl/generate_pkgconfig.sh b/src/lib/libssl/generate_pkgconfig.sh
deleted file mode 100644
index e1e663f399..0000000000
--- a/src/lib/libssl/generate_pkgconfig.sh
+++ /dev/null
@@ -1,89 +0,0 @@
-#!/bin/sh
-#
-# $OpenBSD: generate_pkgconfig.sh,v 1.11 2022/02/04 16:42:15 tb Exp $
-#
-# Copyright (c) 2010,2011 Jasper Lievisse Adriaanse <jasper@openbsd.org>
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-#
-# Generate pkg-config files for OpenSSL.
-
-usage() {
-        echo "usage: ${0##*/} -c current_directory -o obj_directory"
-        exit 1
-}
-
-curdir=
-objdir=
-while getopts "c:o:" flag; do
-        case "$flag" in
-                c)
-                        curdir=$OPTARG
-                        ;;
-                o)
-                        objdir=$OPTARG
-                        ;;
-                *)
-                        usage
-                        ;;
-        esac
-done
-
-[ -n "${curdir}" ] || usage
-if [ ! -d "${curdir}" ]; then
-        echo "${0##*/}: ${curdir}: not found"
-        exit 1
-fi
-[ -n "${objdir}" ] || usage
-if [ ! -w "${objdir}" ]; then
-        echo "${0##*/}: ${objdir}: not found or not writable"
-        exit 1
-fi
-
-version_re="s/^#define[[:blank:]]+SHLIB_VERSION_NUMBER[[:blank:]]+\"(.*)\".*/\1/p"
-version_file=${curdir}/../libcrypto/opensslv.h
-#lib_version=$(sed -nE ${version_re} ${version_file})
-lib_version=2.0.0
-
-# Put -I${includedir} into Cflags so configure script tests like
-#   test -n "`pkg-config --cflags openssl`"
-# don't assume that OpenSSL isn't available.
-
-pc_file="${objdir}/libssl.pc"
-cat > ${pc_file} << __EOF__
-prefix=/usr
-exec_prefix=\${prefix}
-libdir=\${exec_prefix}/lib
-includedir=\${prefix}/include
-
-Name: OpenSSL-libssl
-Description: Secure Sockets Layer and cryptography libraries
-Version: ${lib_version}
-Requires.private: libcrypto
-Libs: -L\${libdir} -lssl
-Cflags: -I\${includedir}
-__EOF__
-
-
-pc_file="${objdir}/openssl.pc"
-cat > ${pc_file} << __EOF__
-prefix=/usr
-exec_prefix=\${prefix}
-libdir=\${exec_prefix}/lib
-includedir=\${prefix}/include
-
-Name: OpenSSL
-Description: Secure Sockets Layer and cryptography libraries and tools
-Version: ${lib_version}
-Requires: libssl libcrypto
-__EOF__
diff --git a/src/lib/libssl/hidden/openssl/srtp.h b/src/lib/libssl/hidden/openssl/srtp.h
deleted file mode 100644
index 2440fc93d9..0000000000
--- a/src/lib/libssl/hidden/openssl/srtp.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* $OpenBSD: srtp.h,v 1.1 2023/07/08 16:40:14 beck Exp $ */
-/*
- * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _LIBSSL_SRTP_H
-#define _LIBSSL_SRTP_H
-
-#ifndef _MSC_VER
-#include_next <openssl/srtp.h>
-#else
-#include "../include/openssl/srtp.h"
-#endif
-#include "ssl_namespace.h"
-
-LSSL_USED(SSL_CTX_set_tlsext_use_srtp);
-LSSL_USED(SSL_set_tlsext_use_srtp);
-LSSL_USED(SSL_get_srtp_profiles);
-LSSL_USED(SSL_get_selected_srtp_profile);
-
-#endif /* _LIBSSL_SRTP_H */
diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h
deleted file mode 100644
index b854dd7b73..0000000000
--- a/src/lib/libssl/hidden/openssl/ssl.h
+++ /dev/null
@@ -1,382 +0,0 @@
-/* $OpenBSD: ssl.h,v 1.9 2024/08/31 10:51:48 tb Exp $ */
-/*
- * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _LIBSSL_SSL_H
-#define _LIBSSL_SSL_H
-
-#ifndef _MSC_VER
-#include_next <openssl/ssl.h>
-#else
-#include "../include/openssl/ssl.h"
-#endif
-#include "ssl_namespace.h"
-
-LSSL_USED(SSL_CTX_set_msg_callback);
-LSSL_USED(SSL_set_msg_callback);
-LSSL_USED(SSL_CTX_set_keylog_callback);
-LSSL_USED(SSL_CTX_get_keylog_callback);
-LSSL_USED(SSL_set_num_tickets);
-LSSL_USED(SSL_get_num_tickets);
-LSSL_USED(SSL_CTX_set_num_tickets);
-LSSL_USED(SSL_CTX_get_num_tickets);
-LSSL_USED(SSL_get0_verified_chain);
-LSSL_USED(SSL_CTX_sessions);
-LSSL_USED(SSL_CTX_sess_set_new_cb);
-LSSL_USED(SSL_CTX_sess_get_new_cb);
-LSSL_USED(SSL_CTX_sess_set_remove_cb);
-LSSL_USED(SSL_CTX_sess_get_remove_cb);
-LSSL_USED(SSL_CTX_sess_set_get_cb);
-LSSL_USED(SSL_CTX_set_info_callback);
-LSSL_USED(SSL_CTX_get_info_callback);
-LSSL_USED(SSL_CTX_set_client_cert_cb);
-LSSL_USED(SSL_CTX_get_client_cert_cb);
-LSSL_USED(SSL_CTX_set_cookie_generate_cb);
-LSSL_USED(SSL_CTX_set_cookie_verify_cb);
-LSSL_USED(SSL_CTX_set_next_protos_advertised_cb);
-LSSL_USED(SSL_CTX_set_next_proto_select_cb);
-LSSL_USED(SSL_select_next_proto);
-LSSL_USED(SSL_get0_next_proto_negotiated);
-LSSL_USED(SSL_CTX_set_alpn_protos);
-LSSL_USED(SSL_set_alpn_protos);
-LSSL_USED(SSL_CTX_set_alpn_select_cb);
-LSSL_USED(SSL_get0_alpn_selected);
-LSSL_USED(SSL_set_psk_use_session_callback);
-LSSL_USED(SSL_get_finished);
-LSSL_USED(SSL_get_peer_finished);
-LSSL_USED(SSL_verify_client_post_handshake);
-LSSL_USED(SSL_CTX_set_post_handshake_auth);
-LSSL_USED(SSL_set_post_handshake_auth);
-LSSL_USED(PEM_read_bio_SSL_SESSION);
-LSSL_USED(PEM_read_SSL_SESSION);
-LSSL_USED(PEM_write_bio_SSL_SESSION);
-LSSL_USED(PEM_write_SSL_SESSION);
-LSSL_USED(SSL_CTX_set0_chain);
-LSSL_USED(SSL_CTX_set1_chain);
-LSSL_USED(SSL_CTX_add0_chain_cert);
-LSSL_USED(SSL_CTX_add1_chain_cert);
-LSSL_USED(SSL_CTX_get0_chain_certs);
-LSSL_USED(SSL_CTX_clear_chain_certs);
-LSSL_USED(SSL_set0_chain);
-LSSL_USED(SSL_set1_chain);
-LSSL_USED(SSL_add0_chain_cert);
-LSSL_USED(SSL_add1_chain_cert);
-LSSL_USED(SSL_get0_chain_certs);
-LSSL_USED(SSL_clear_chain_certs);
-LSSL_USED(SSL_CTX_set1_groups);
-LSSL_USED(SSL_CTX_set1_groups_list);
-LSSL_USED(SSL_set1_groups);
-LSSL_USED(SSL_set1_groups_list);
-LSSL_USED(SSL_CTX_get_min_proto_version);
-LSSL_USED(SSL_CTX_get_max_proto_version);
-LSSL_USED(SSL_CTX_set_min_proto_version);
-LSSL_USED(SSL_CTX_set_max_proto_version);
-LSSL_USED(SSL_get_min_proto_version);
-LSSL_USED(SSL_get_max_proto_version);
-LSSL_USED(SSL_set_min_proto_version);
-LSSL_USED(SSL_set_max_proto_version);
-LSSL_USED(SSL_CTX_get_ssl_method);
-LSSL_USED(BIO_f_ssl);
-LSSL_USED(BIO_new_ssl);
-LSSL_USED(BIO_new_ssl_connect);
-LSSL_USED(BIO_new_buffer_ssl_connect);
-LSSL_USED(BIO_ssl_copy_session_id);
-LSSL_USED(BIO_ssl_shutdown);
-LSSL_USED(SSL_CTX_get_ciphers);
-LSSL_USED(SSL_CTX_set_cipher_list);
-LSSL_USED(SSL_CTX_set_ciphersuites);
-LSSL_USED(SSL_CTX_new);
-LSSL_USED(SSL_CTX_free);
-LSSL_USED(SSL_CTX_up_ref);
-LSSL_USED(SSL_CTX_set_timeout);
-LSSL_USED(SSL_CTX_get_timeout);
-LSSL_USED(SSL_CTX_get_cert_store);
-LSSL_USED(SSL_CTX_set_cert_store);
-LSSL_USED(SSL_CTX_set1_cert_store);
-LSSL_USED(SSL_CTX_get0_certificate);
-LSSL_USED(SSL_CTX_get0_privatekey);
-LSSL_USED(SSL_want);
-LSSL_USED(SSL_clear);
-LSSL_USED(SSL_CTX_flush_sessions);
-LSSL_USED(SSL_get_current_cipher);
-LSSL_USED(SSL_CIPHER_get_bits);
-LSSL_USED(SSL_CIPHER_get_version);
-LSSL_USED(SSL_CIPHER_get_name);
-LSSL_USED(SSL_CIPHER_get_id);
-LSSL_USED(SSL_CIPHER_get_value);
-LSSL_USED(SSL_CIPHER_find);
-LSSL_USED(SSL_CIPHER_get_cipher_nid);
-LSSL_USED(SSL_CIPHER_get_digest_nid);
-LSSL_USED(SSL_CIPHER_get_kx_nid);
-LSSL_USED(SSL_CIPHER_get_auth_nid);
-LSSL_USED(SSL_CIPHER_is_aead);
-LSSL_USED(SSL_get_fd);
-LSSL_USED(SSL_get_rfd);
-LSSL_USED(SSL_get_wfd);
-LSSL_USED(SSL_get_cipher_list);
-LSSL_USED(SSL_get_shared_ciphers);
-LSSL_USED(SSL_get_read_ahead);
-LSSL_USED(SSL_pending);
-LSSL_USED(SSL_set_fd);
-LSSL_USED(SSL_set_rfd);
-LSSL_USED(SSL_set_wfd);
-LSSL_USED(SSL_set_bio);
-LSSL_USED(SSL_get_rbio);
-LSSL_USED(SSL_set0_rbio);
-LSSL_USED(SSL_get_wbio);
-LSSL_USED(SSL_set_cipher_list);
-LSSL_USED(SSL_set_ciphersuites);
-LSSL_USED(SSL_set_read_ahead);
-LSSL_USED(SSL_get_verify_mode);
-LSSL_USED(SSL_get_verify_depth);
-LSSL_USED(SSL_get_verify_callback);
-LSSL_USED(SSL_set_verify);
-LSSL_USED(SSL_set_verify_depth);
-LSSL_USED(SSL_use_RSAPrivateKey);
-LSSL_USED(SSL_use_RSAPrivateKey_ASN1);
-LSSL_USED(SSL_use_PrivateKey);
-LSSL_USED(SSL_use_PrivateKey_ASN1);
-LSSL_USED(SSL_use_certificate);
-LSSL_USED(SSL_use_certificate_ASN1);
-LSSL_USED(SSL_use_RSAPrivateKey_file);
-LSSL_USED(SSL_use_PrivateKey_file);
-LSSL_USED(SSL_use_certificate_file);
-LSSL_USED(SSL_use_certificate_chain_file);
-LSSL_USED(SSL_CTX_use_RSAPrivateKey_file);
-LSSL_USED(SSL_CTX_use_PrivateKey_file);
-LSSL_USED(SSL_CTX_use_certificate_file);
-LSSL_USED(SSL_CTX_use_certificate_chain_file);
-LSSL_USED(SSL_CTX_use_certificate_chain_mem);
-LSSL_USED(SSL_load_client_CA_file);
-LSSL_USED(SSL_add_file_cert_subjects_to_stack);
-LSSL_USED(SSL_add_dir_cert_subjects_to_stack);
-LSSL_USED(SSL_load_error_strings);
-LSSL_USED(SSL_state_string);
-LSSL_USED(SSL_rstate_string);
-LSSL_USED(SSL_state_string_long);
-LSSL_USED(SSL_rstate_string_long);
-LSSL_USED(SSL_SESSION_get0_cipher);
-LSSL_USED(SSL_SESSION_get_master_key);
-LSSL_USED(SSL_SESSION_get_protocol_version);
-LSSL_USED(SSL_SESSION_get_time);
-LSSL_USED(SSL_SESSION_set_time);
-LSSL_USED(SSL_SESSION_get_timeout);
-LSSL_USED(SSL_SESSION_set_timeout);
-LSSL_USED(SSL_copy_session_id);
-LSSL_USED(SSL_SESSION_get0_peer);
-LSSL_USED(SSL_SESSION_set1_id);
-LSSL_USED(SSL_SESSION_set1_id_context);
-LSSL_USED(SSL_SESSION_is_resumable);
-LSSL_USED(SSL_SESSION_new);
-LSSL_USED(SSL_SESSION_free);
-LSSL_USED(SSL_SESSION_up_ref);
-LSSL_USED(SSL_SESSION_get_id);
-LSSL_USED(SSL_SESSION_get0_id_context);
-LSSL_USED(SSL_SESSION_get_max_early_data);
-LSSL_USED(SSL_SESSION_set_max_early_data);
-LSSL_USED(SSL_SESSION_get_ticket_lifetime_hint);
-LSSL_USED(SSL_SESSION_has_ticket);
-LSSL_USED(SSL_SESSION_get_compress_id);
-LSSL_USED(SSL_SESSION_print_fp);
-LSSL_USED(SSL_SESSION_print);
-LSSL_USED(i2d_SSL_SESSION);
-LSSL_USED(SSL_set_session);
-LSSL_USED(SSL_CTX_add_session);
-LSSL_USED(SSL_CTX_remove_session);
-LSSL_USED(SSL_CTX_set_generate_session_id);
-LSSL_USED(SSL_set_generate_session_id);
-LSSL_USED(SSL_has_matching_session_id);
-LSSL_USED(d2i_SSL_SESSION);
-LSSL_USED(SSL_get_peer_cert_chain);
-LSSL_USED(SSL_CTX_get_verify_mode);
-LSSL_USED(SSL_CTX_get_verify_depth);
-LSSL_USED(SSL_CTX_get_verify_callback);
-LSSL_USED(SSL_CTX_set_verify);
-LSSL_USED(SSL_CTX_set_verify_depth);
-LSSL_USED(SSL_CTX_set_cert_verify_callback);
-LSSL_USED(SSL_CTX_use_RSAPrivateKey);
-LSSL_USED(SSL_CTX_use_RSAPrivateKey_ASN1);
-LSSL_USED(SSL_CTX_use_PrivateKey);
-LSSL_USED(SSL_CTX_use_PrivateKey_ASN1);
-LSSL_USED(SSL_CTX_use_certificate);
-LSSL_USED(SSL_CTX_use_certificate_ASN1);
-LSSL_USED(SSL_CTX_get_default_passwd_cb);
-LSSL_USED(SSL_CTX_set_default_passwd_cb);
-LSSL_USED(SSL_CTX_get_default_passwd_cb_userdata);
-LSSL_USED(SSL_CTX_set_default_passwd_cb_userdata);
-LSSL_USED(SSL_CTX_check_private_key);
-LSSL_USED(SSL_check_private_key);
-LSSL_USED(SSL_CTX_set_session_id_context);
-LSSL_USED(SSL_set_session_id_context);
-LSSL_USED(SSL_CTX_set_purpose);
-LSSL_USED(SSL_set_purpose);
-LSSL_USED(SSL_CTX_set_trust);
-LSSL_USED(SSL_set_trust);
-LSSL_USED(SSL_set1_host);
-LSSL_USED(SSL_set_hostflags);
-LSSL_USED(SSL_get0_peername);
-LSSL_USED(SSL_CTX_get0_param);
-LSSL_USED(SSL_CTX_set1_param);
-LSSL_USED(SSL_get0_param);
-LSSL_USED(SSL_set1_param);
-LSSL_USED(SSL_new);
-LSSL_USED(SSL_free);
-LSSL_USED(SSL_up_ref);
-LSSL_USED(SSL_accept);
-LSSL_USED(SSL_connect);
-LSSL_USED(SSL_is_dtls);
-LSSL_USED(SSL_is_server);
-LSSL_USED(SSL_read);
-LSSL_USED(SSL_peek);
-LSSL_USED(SSL_write);
-LSSL_USED(SSL_read_ex);
-LSSL_USED(SSL_peek_ex);
-LSSL_USED(SSL_write_ex);
-LSSL_USED(SSL_CTX_get_max_early_data);
-LSSL_USED(SSL_CTX_set_max_early_data);
-LSSL_USED(SSL_get_max_early_data);
-LSSL_USED(SSL_set_max_early_data);
-LSSL_USED(SSL_get_early_data_status);
-LSSL_USED(SSL_read_early_data);
-LSSL_USED(SSL_write_early_data);
-LSSL_USED(SSL_ctrl);
-LSSL_USED(SSL_callback_ctrl);
-LSSL_USED(SSL_CTX_ctrl);
-LSSL_USED(SSL_CTX_callback_ctrl);
-LSSL_USED(SSL_get_error);
-LSSL_USED(SSL_get_version);
-LSSL_USED(SSL_CTX_set_ssl_version);
-LSSL_USED(SSLv23_method);
-LSSL_USED(SSLv23_server_method);
-LSSL_USED(SSLv23_client_method);
-LSSL_USED(TLSv1_method);
-LSSL_USED(TLSv1_server_method);
-LSSL_USED(TLSv1_client_method);
-LSSL_USED(TLSv1_1_method);
-LSSL_USED(TLSv1_1_server_method);
-LSSL_USED(TLSv1_1_client_method);
-LSSL_USED(TLSv1_2_method);
-LSSL_USED(TLSv1_2_server_method);
-LSSL_USED(TLSv1_2_client_method);
-LSSL_USED(TLS_method);
-LSSL_USED(TLS_server_method);
-LSSL_USED(TLS_client_method);
-LSSL_USED(DTLSv1_method);
-LSSL_USED(DTLSv1_server_method);
-LSSL_USED(DTLSv1_client_method);
-LSSL_USED(DTLSv1_2_method);
-LSSL_USED(DTLSv1_2_server_method);
-LSSL_USED(DTLSv1_2_client_method);
-LSSL_USED(DTLS_method);
-LSSL_USED(DTLS_server_method);
-LSSL_USED(DTLS_client_method);
-LSSL_USED(SSL_get_ciphers);
-LSSL_USED(SSL_get_client_ciphers);
-LSSL_USED(SSL_get1_supported_ciphers);
-LSSL_USED(SSL_do_handshake);
-LSSL_USED(SSL_renegotiate);
-LSSL_USED(SSL_renegotiate_abbreviated);
-LSSL_USED(SSL_renegotiate_pending);
-LSSL_USED(SSL_shutdown);
-LSSL_USED(SSL_get_ssl_method);
-LSSL_USED(SSL_set_ssl_method);
-LSSL_USED(SSL_alert_type_string_long);
-LSSL_USED(SSL_alert_type_string);
-LSSL_USED(SSL_alert_desc_string_long);
-LSSL_USED(SSL_alert_desc_string);
-LSSL_USED(SSL_set_client_CA_list);
-LSSL_USED(SSL_CTX_set_client_CA_list);
-LSSL_USED(SSL_get_client_CA_list);
-LSSL_USED(SSL_CTX_get_client_CA_list);
-LSSL_USED(SSL_add_client_CA);
-LSSL_USED(SSL_CTX_add_client_CA);
-LSSL_USED(SSL_set_connect_state);
-LSSL_USED(SSL_set_accept_state);
-LSSL_USED(SSL_get_default_timeout);
-LSSL_USED(SSL_library_init);
-LSSL_USED(SSL_CIPHER_description);
-LSSL_USED(SSL_dup_CA_list);
-LSSL_USED(SSL_dup);
-LSSL_USED(SSL_get_certificate);
-LSSL_USED(SSL_get_privatekey);
-LSSL_USED(SSL_CTX_set_quiet_shutdown);
-LSSL_USED(SSL_CTX_get_quiet_shutdown);
-LSSL_USED(SSL_set_quiet_shutdown);
-LSSL_USED(SSL_get_quiet_shutdown);
-LSSL_USED(SSL_set_shutdown);
-LSSL_USED(SSL_get_shutdown);
-LSSL_USED(SSL_version);
-LSSL_USED(SSL_CTX_set_default_verify_paths);
-LSSL_USED(SSL_CTX_load_verify_locations);
-LSSL_USED(SSL_CTX_load_verify_mem);
-LSSL_USED(SSL_get_session);
-LSSL_USED(SSL_get1_session);
-LSSL_USED(SSL_get_SSL_CTX);
-LSSL_USED(SSL_set_SSL_CTX);
-LSSL_USED(SSL_set_info_callback);
-LSSL_USED(SSL_get_info_callback);
-LSSL_USED(SSL_state);
-LSSL_USED(SSL_set_state);
-LSSL_USED(SSL_set_verify_result);
-LSSL_USED(SSL_get_verify_result);
-LSSL_USED(SSL_set_ex_data);
-LSSL_USED(SSL_get_ex_data);
-LSSL_USED(SSL_get_ex_new_index);
-LSSL_USED(SSL_SESSION_set_ex_data);
-LSSL_USED(SSL_SESSION_get_ex_data);
-LSSL_USED(SSL_SESSION_get_ex_new_index);
-LSSL_USED(SSL_CTX_set_ex_data);
-LSSL_USED(SSL_CTX_get_ex_data);
-LSSL_USED(SSL_CTX_get_ex_new_index);
-LSSL_USED(SSL_get_ex_data_X509_STORE_CTX_idx);
-LSSL_USED(SSL_CTX_set_tmp_rsa_callback);
-LSSL_USED(SSL_set_tmp_rsa_callback);
-LSSL_USED(SSL_CTX_set_tmp_dh_callback);
-LSSL_USED(SSL_set_tmp_dh_callback);
-LSSL_USED(SSL_CTX_set_tmp_ecdh_callback);
-LSSL_USED(SSL_set_tmp_ecdh_callback);
-LSSL_USED(SSL_get_client_random);
-LSSL_USED(SSL_get_server_random);
-LSSL_USED(SSL_get_current_compression);
-LSSL_USED(SSL_get_current_expansion);
-LSSL_USED(SSL_get_peer_certificate);
-LSSL_USED(SSL_COMP_get_name);
-LSSL_USED(SSL_COMP_get_compression_methods);
-LSSL_USED(SSL_set_session_ticket_ext);
-LSSL_USED(SSL_set_session_ticket_ext_cb);
-LSSL_USED(SSL_set_session_secret_cb);
-LSSL_USED(SSL_cache_hit);
-LSSL_USED(SSL_set_security_level);
-LSSL_USED(SSL_get_security_level);
-LSSL_USED(SSL_CTX_set_security_level);
-LSSL_USED(SSL_CTX_get_security_level);
-LSSL_USED(SSL_CTX_set_quic_method);
-LSSL_USED(SSL_CTX_sess_get_get_cb);
-LSSL_USED(SSL_set_quic_method);
-LSSL_USED(SSL_is_quic);
-LSSL_USED(SSL_quic_max_handshake_flight_len);
-LSSL_USED(SSL_quic_read_level);
-LSSL_USED(SSL_quic_write_level);
-LSSL_USED(SSL_provide_quic_data);
-LSSL_USED(SSL_process_quic_post_handshake);
-LSSL_USED(SSL_set_quic_transport_params);
-LSSL_USED(SSL_get_peer_quic_transport_params);
-LSSL_USED(SSL_set_quic_use_legacy_codepoint);
-LSSL_USED(ERR_load_SSL_strings);
-LSSL_USED(OPENSSL_init_ssl);
-LSSL_USED(SSL_CIPHER_get_handshake_digest);
-
-#endif /* _LIBSSL_SSL_H */
diff --git a/src/lib/libssl/hidden/openssl/tls1.h b/src/lib/libssl/hidden/openssl/tls1.h
deleted file mode 100644
index e7c5721951..0000000000
--- a/src/lib/libssl/hidden/openssl/tls1.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/* $OpenBSD: tls1.h,v 1.2 2024/03/02 11:44:47 tb Exp $ */
-/*
- * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _LIBSSL_TLS1_H
-#define _LIBSSL_TLS1_H
-
-#ifndef _MSC_VER
-#include_next <openssl/tls1.h>
-#else
-#include "../include/openssl/tls1.h"
-#endif
-#include "ssl_namespace.h"
-
-LSSL_USED(SSL_get_servername);
-LSSL_USED(SSL_get_servername_type);
-LSSL_USED(SSL_export_keying_material);
-LSSL_USED(SSL_get_peer_signature_type_nid);
-LSSL_USED(SSL_get_signature_type_nid);
-
-#endif /* _LIBSSL_TLS1_H */
diff --git a/src/lib/libssl/hidden/ssl_namespace.h b/src/lib/libssl/hidden/ssl_namespace.h
deleted file mode 100644
index 5d26516f3c..0000000000
--- a/src/lib/libssl/hidden/ssl_namespace.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*      $OpenBSD: ssl_namespace.h,v 1.3 2024/07/12 05:26:34 miod Exp $  */
-/*
- * Copyright (c) 2016 Philip Guenther <guenther@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _LIBSSL_SSL_NAMESPACE_H_
-#define _LIBSSL_SSL_NAMESPACE_H_
-
-/*
- * If marked as 'used', then internal calls use the name with prefix "_lssl_"
- * and we alias that to the normal name.
- */
-
-#ifdef LIBRESSL_NAMESPACE
-#define LSSL_UNUSED(x)          typeof(x) x __attribute__((deprecated))
-#define LSSL_USED(x)            __attribute__((visibility("hidden")))   \
-                                typeof(x) x asm("_lssl_"#x)
-#if defined(__hppa__)
-#define LSSL_ALIAS(x)           asm("! .global "#x" ! .set "#x", _lssl_"#x)
-#else
-#define LSSL_ALIAS(x)           asm(".global "#x"; "#x" = _lssl_"#x)
-#endif
-#else
-#define LSSL_UNUSED(x)
-#define LSSL_USED(x)
-#define LSSL_ALIAS(x)           asm("")
-#endif
-
-#endif  /* _LIBSSL_SSL_NAMESPACE_H_ */
diff --git a/src/lib/libssl/man/BIO_f_ssl.3 b/src/lib/libssl/man/BIO_f_ssl.3
deleted file mode 100644
index 3b74a3d6a4..0000000000
--- a/src/lib/libssl/man/BIO_f_ssl.3
+++ /dev/null
@@ -1,609 +0,0 @@
-.\" $OpenBSD: BIO_f_ssl.3,v 1.16 2024/01/13 18:37:51 tb Exp $
-.\" full merge up to: OpenSSL f672aee4 Feb 9 11:52:40 2016 -0500
-.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
-.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2000, 2003, 2009, 2014-2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 13 2024 $
-.Dt BIO_F_SSL 3
-.Os
-.Sh NAME
-.Nm BIO_f_ssl ,
-.Nm BIO_set_ssl ,
-.Nm BIO_get_ssl ,
-.Nm BIO_set_ssl_mode ,
-.Nm BIO_set_ssl_renegotiate_bytes ,
-.Nm BIO_get_num_renegotiates ,
-.Nm BIO_set_ssl_renegotiate_timeout ,
-.Nm BIO_new_ssl ,
-.Nm BIO_new_ssl_connect ,
-.Nm BIO_new_buffer_ssl_connect ,
-.Nm BIO_ssl_copy_session_id ,
-.Nm BIO_ssl_shutdown ,
-.Nm BIO_do_handshake
-.Nd SSL BIO
-.Sh SYNOPSIS
-.In openssl/bio.h
-.In openssl/ssl.h
-.Ft const BIO_METHOD *
-.Fn BIO_f_ssl void
-.Ft long
-.Fo BIO_set_ssl
-.Fa "BIO *b"
-.Fa "SSL *ssl"
-.Fa "long c"
-.Fc
-.Ft long
-.Fo BIO_get_ssl
-.Fa "BIO *b"
-.Fa "SSL *sslp"
-.Fc
-.Ft long
-.Fo BIO_set_ssl_mode
-.Fa "BIO *b"
-.Fa "long client"
-.Fc
-.Ft long
-.Fo BIO_set_ssl_renegotiate_bytes
-.Fa "BIO *b"
-.Fa "long num"
-.Fc
-.Ft long
-.Fo BIO_set_ssl_renegotiate_timeout
-.Fa "BIO *b"
-.Fa "long seconds"
-.Fc
-.Ft long
-.Fo BIO_get_num_renegotiates
-.Fa "BIO *b"
-.Fc
-.Ft BIO *
-.Fn BIO_new_ssl "SSL_CTX *ctx" "int client"
-.Ft BIO *
-.Fn BIO_new_ssl_connect "SSL_CTX *ctx"
-.Ft BIO *
-.Fn BIO_new_buffer_ssl_connect "SSL_CTX *ctx"
-.Ft int
-.Fn BIO_ssl_copy_session_id "BIO *to" "BIO *from"
-.Ft void
-.Fn BIO_ssl_shutdown "BIO *bio"
-.Ft long
-.Fn BIO_do_handshake "BIO *b"
-.Sh DESCRIPTION
-.Fn BIO_f_ssl
-returns the
-.Vt SSL
-.Vt BIO
-method.
-This is a filter
-.Vt BIO
-which is a wrapper around the OpenSSL
-.Vt SSL
-routines adding a
-.Vt BIO
-.Dq flavor
-to SSL I/O.
-.Pp
-I/O performed on an
-.Vt SSL
-.Vt BIO
-communicates using the SSL protocol with
-the
-.Vt SSL Ns 's
-read and write
-.Vt BIO Ns s .
-If an SSL connection is not established then an attempt is made to establish
-one on the first I/O call.
-.Pp
-If a
-.Vt BIO
-is appended to an
-.Vt SSL
-.Vt BIO
-using
-.Xr BIO_push 3 ,
-it is automatically used as the
-.Vt SSL
-.Vt BIO Ns 's read and write
-.Vt BIO Ns s .
-.Pp
-Calling
-.Xr BIO_reset 3
-on an
-.Vt SSL
-.Vt BIO
-closes down any current SSL connection by calling
-.Xr SSL_shutdown 3 .
-.Xr BIO_reset 3
-is then sent to the next
-.Vt BIO
-in the chain; this will typically disconnect the underlying transport.
-The
-.Vt SSL
-.Vt BIO
-is then reset to the initial accept or connect state.
-.Pp
-If the close flag is set when an
-.Vt SSL
-.Vt BIO
-is freed then the internal
-.Vt SSL
-structure is also freed using
-.Xr SSL_free 3 .
-.Pp
-.Fn BIO_set_ssl
-sets the internal
-.Vt SSL
-pointer of
-.Vt BIO
-.Fa b
-to
-.Fa ssl
-using
-the close flag
-.Fa c .
-.Pp
-.Fn BIO_get_ssl
-retrieves the
-.Vt SSL
-pointer of
-.Vt BIO
-.Fa b ;
-it can then be manipulated using the standard SSL library functions.
-.Pp
-.Fn BIO_set_ssl_mode
-sets the
-.Vt SSL
-.Vt BIO
-mode to
-.Fa client .
-If
-.Fa client
-is 1, client mode is set.
-If
-.Fa client
-is 0, server mode is set.
-.Pp
-.Fn BIO_set_ssl_renegotiate_bytes
-sets the renegotiate byte count to
-.Fa num .
-When set, after every
-.Fa num
-bytes of I/O (read and write) the SSL session is automatically renegotiated.
-.Fa num
-must be at least 512 bytes.
-.Pp
-.Fn BIO_set_ssl_renegotiate_timeout
-sets the renegotiate timeout to
-.Fa seconds .
-When the renegotiate timeout elapses, the session is automatically renegotiated.
-.Pp
-.Fn BIO_get_num_renegotiates
-returns the total number of session renegotiations due to I/O or timeout.
-.Pp
-.Fn BIO_new_ssl
-allocates an
-.Vt SSL
-.Vt BIO
-using
-.Vt SSL_CTX
-.Va ctx
-and using client mode if
-.Fa client
-is nonzero.
-.Pp
-.Fn BIO_new_ssl_connect
-creates a new
-.Vt BIO
-chain consisting of an
-.Vt SSL
-.Vt BIO
-(using
-.Fa ctx )
-followed by a connect BIO.
-.Pp
-.Fn BIO_new_buffer_ssl_connect
-creates a new
-.Vt BIO
-chain consisting of a buffering
-.Vt BIO ,
-an
-.Vt SSL
-.Vt BIO
-(using
-.Fa ctx )
-and a connect
-.Vt BIO .
-.Pp
-.Fn BIO_ssl_copy_session_id
-copies an SSL session id between
-.Vt BIO
-chains
-.Fa from
-and
-.Fa to .
-It does this by locating the
-.Vt SSL
-.Vt BIO Ns s
-in each chain and calling
-.Xr SSL_copy_session_id 3
-on the internal
-.Vt SSL
-pointer.
-.Pp
-.Fn BIO_ssl_shutdown
-closes down an SSL connection on
-.Vt BIO
-chain
-.Fa bio .
-It does this by locating the
-.Vt SSL
-.Vt BIO
-in the
-chain and calling
-.Xr SSL_shutdown 3
-on its internal
-.Vt SSL
-pointer.
-.Pp
-.Fn BIO_do_handshake
-attempts to complete an SSL handshake on the supplied
-.Vt BIO
-and establish the SSL connection.
-It returns 1 if the connection was established successfully.
-A zero or negative value is returned if the connection could not be
-established; the call
-.Xr BIO_should_retry 3
-should be used for non blocking connect
-.Vt BIO Ns s
-to determine if the call should be retried.
-If an SSL connection has already been established, this call has no effect.
-.Pp
-When a chain containing an SSL BIO is copied with
-.Xr BIO_dup_chain 3 ,
-.Xr SSL_dup 3
-is called internally to copy the
-.Vt SSL
-object from the existing BIO object to the new BIO object,
-and the internal data related to
-.Fn BIO_set_ssl_renegotiate_bytes
-and
-.Fn BIO_set_ssl_renegotiate_timeout
-is also copied.
-.Pp
-.Vt SSL
-.Vt BIO Ns s
-are exceptional in that if the underlying transport is non-blocking they can
-still request a retry in exceptional circumstances.
-Specifically this will happen if a session renegotiation takes place during a
-.Xr BIO_read 3
-operation.
-One case where this happens is when step up occurs.
-.Pp
-In OpenSSL 0.9.6 and later the SSL flag
-.Dv SSL_AUTO_RETRY
-can be set to disable this behaviour.
-In other words, when this flag is set an
-.Vt SSL
-.Vt BIO
-using a blocking transport will never request a retry.
-.Pp
-Since unknown
-.Xr BIO_ctrl 3
-operations are sent through filter
-.Vt BIO Ns s ,
-the server name and port can be set using
-.Xr BIO_set_conn_hostname 3
-and
-.Xr BIO_set_conn_port 3
-on the
-.Vt BIO
-returned by
-.Fn BIO_new_ssl_connect
-without having to locate the connect
-.Vt BIO
-first.
-.Pp
-Applications do not have to call
-.Fn BIO_do_handshake
-but may wish to do so to separate the handshake process from other I/O
-processing.
-.Pp
-.Fn BIO_set_ssl ,
-.Fn BIO_get_ssl ,
-.Fn BIO_set_ssl_mode ,
-.Fn BIO_set_ssl_renegotiate_bytes ,
-.Fn BIO_set_ssl_renegotiate_timeout ,
-.Fn BIO_get_num_renegotiates ,
-and
-.Fn BIO_do_handshake
-are implemented as macros.
-.Sh RETURN VALUES
-.Fn BIO_f_ssl
-returns a pointer to a static
-.Vt BIO_METHOD
-structure.
-.Pp
-When called on an SSL BIO object,
-.Xr BIO_method_type 3
-returns the constant
-.Dv BIO_TYPE_SSL
-and
-.Xr BIO_method_name 3
-returns a pointer to the static string
-.Qq ssl .
-.Pp
-.Fn BIO_set_ssl ,
-.Fn BIO_get_ssl ,
-.Fn BIO_set_ssl_mode ,
-.Fn BIO_set_ssl_renegotiate_bytes ,
-.Fn BIO_set_ssl_renegotiate_timeout ,
-and
-.Fn BIO_get_num_renegotiates
-return 1 on success or a value less than or equal to 0
-if an error occurred.
-.Pp
-.Fn BIO_new_ssl ,
-.Fn BIO_new_ssl_connect ,
-and
-.Fn BIO_new_buffer_ssl_connect
-returns a pointer to a newly allocated
-.Vt BIO
-chain or
-.Dv NULL
-if an error occurred.
-.Pp
-.Fn BIO_ssl_copy_session_id
-returns 1 on success or 0 on error.
-.Pp
-.Fn BIO_do_handshake
-returns 1 if the connection was established successfully
-or a value less than or equal to 0 otherwise.
-.Sh EXAMPLES
-This SSL/TLS client example attempts to retrieve a page from an SSL/TLS web
-server.
-The I/O routines are identical to those of the unencrypted example in
-.Xr BIO_s_connect 3 .
-.Bd -literal
-BIO *sbio, *out;
-int len;
-char tmpbuf[1024];
-SSL_CTX *ctx;
-SSL *ssl;
-
-ERR_load_crypto_strings();
-ERR_load_SSL_strings();
-OpenSSL_add_all_algorithms();
-
-/*
- * We would seed the PRNG here if the platform didn't do it automatically
- */
-
-ctx = SSL_CTX_new(SSLv23_client_method());
-
-/*
- * We'd normally set some stuff like the verify paths and mode here because
- * as things stand this will connect to any server whose certificate is
- * signed by any CA.
- */
-
-sbio = BIO_new_ssl_connect(ctx);
-
-BIO_get_ssl(sbio, &ssl);
-
-if (!ssl) {
-        fprintf(stderr, "Can't locate SSL pointer\en");
-        /* whatever ... */
-}
-
-/* Don't want any retries */
-SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
-/* We might want to do other things with ssl here */
-
-BIO_set_conn_hostname(sbio, "localhost:https");
-
-out = BIO_new_fp(stdout, BIO_NOCLOSE);
-if (BIO_do_connect(sbio) <= 0) {
-        fprintf(stderr, "Error connecting to server\en");
-        ERR_print_errors_fp(stderr);
-        /* whatever ... */
-}
-
-if (BIO_do_handshake(sbio) <= 0) {
-        fprintf(stderr, "Error establishing SSL connection\en");
-        ERR_print_errors_fp(stderr);
-        /* whatever ... */
-}
-
-/* Could examine ssl here to get connection info */
-
-BIO_puts(sbio, "GET / HTTP/1.0\en\en");
-for (;;) {
-        len = BIO_read(sbio, tmpbuf, 1024);
-        if(len <= 0) break;
-        BIO_write(out, tmpbuf, len);
-}
-BIO_free_all(sbio);
-BIO_free(out);
-.Ed
-.Pp
-Here is a simple server example.
-It makes use of a buffering
-.Vt BIO
-to allow lines to be read from the
-.Vt SSL
-.Vt BIO
-using
-.Xr BIO_gets 3 .
-It creates a pseudo web page containing the actual request from a client and
-also echoes the request to standard output.
-.Bd -literal
-BIO *sbio, *bbio, *acpt, *out;
-int len;
-char tmpbuf[1024];
-SSL_CTX *ctx;
-SSL *ssl;
-
-ctx = SSL_CTX_new(SSLv23_server_method());
-
-if (!SSL_CTX_use_certificate_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-    || !SSL_CTX_use_PrivateKey_file(ctx,"server.pem",SSL_FILETYPE_PEM)
-    || !SSL_CTX_check_private_key(ctx)) {
-        fprintf(stderr, "Error setting up SSL_CTX\en");
-        ERR_print_errors_fp(stderr);
-        return 0;
-}
-
-/*
- * Might do other things here like setting verify locations and DH and/or
- * RSA temporary key callbacks
- */
-
-/* New SSL BIO setup as server */
-sbio = BIO_new_ssl(ctx,0);
-
-BIO_get_ssl(sbio, &ssl);
-
-if (!ssl) {
-        fprintf(stderr, "Can't locate SSL pointer\en");
-        /* whatever ... */
-}
-
-/* Don't want any retries */
-SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
-
-/* Create the buffering BIO */
-
-bbio = BIO_new(BIO_f_buffer());
-
-/* Add to chain */
-sbio = BIO_push(bbio, sbio);
-
-acpt = BIO_new_accept("4433");
-
-/*
- * By doing this when a new connection is established we automatically
- * have sbio inserted into it. The BIO chain is now 'swallowed' by the
- * accept BIO and will be freed when the accept BIO is freed.
- */
-
-BIO_set_accept_bios(acpt,sbio);
-
-out = BIO_new_fp(stdout, BIO_NOCLOSE);
-
-/* Wait for incoming connection */
-if (BIO_do_accept(acpt) <= 0) {
-        fprintf(stderr, "Error setting up accept BIO\en");
-        ERR_print_errors_fp(stderr);
-        return 0;
-}
-
-/* We only want one connection so remove and free accept BIO */
-
-sbio = BIO_pop(acpt);
-
-BIO_free_all(acpt);
-
-if (BIO_do_handshake(sbio) <= 0) {
-        fprintf(stderr, "Error in SSL handshake\en");
-        ERR_print_errors_fp(stderr);
-        return 0;
-}
-
-BIO_puts(sbio, "HTTP/1.0 200 OK\er\enContent-type: text/plain\er\en\er\en");
-BIO_puts(sbio, "\er\enConnection Established\er\enRequest headers:\er\en");
-BIO_puts(sbio, "--------------------------------------------------\er\en");
-
-for (;;) {
-        len = BIO_gets(sbio, tmpbuf, 1024);
-        if (len <= 0)
-                break;
-        BIO_write(sbio, tmpbuf, len);
-        BIO_write(out, tmpbuf, len);
-        /* Look for blank line signifying end of headers */
-        if ((tmpbuf[0] == '\er') || (tmpbuf[0] == '\en'))
-                break;
-}
-
-BIO_puts(sbio, "--------------------------------------------------\er\en");
-BIO_puts(sbio, "\er\en");
-
-/* Since there is a buffering BIO present we had better flush it */
-BIO_flush(sbio);
-
-BIO_free_all(sbio);
-.Ed
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3
-.Sh HISTORY
-.Fn BIO_f_ssl ,
-.Fn BIO_set_ssl ,
-and
-.Fn BIO_get_ssl
-first appeared in SSLeay 0.6.0.
-.Fn BIO_set_ssl_mode ,
-.Fn BIO_new_ssl ,
-and
-.Fn BIO_ssl_copy_session_id
-first appeared in SSLeay 0.8.0.
-.Fn BIO_ssl_shutdown
-and
-.Fn BIO_do_handshake
-first appeared in SSLeay 0.8.1.
-.Fn BIO_set_ssl_renegotiate_bytes ,
-.Fn BIO_get_num_renegotiates ,
-.Fn BIO_set_ssl_renegotiate_timeout ,
-.Fn BIO_new_ssl_connect ,
-and
-.Fn BIO_new_buffer_ssl_connect
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/DTLSv1_listen.3 b/src/lib/libssl/man/DTLSv1_listen.3
deleted file mode 100644
index 047ec0a7ff..0000000000
--- a/src/lib/libssl/man/DTLSv1_listen.3
+++ /dev/null
@@ -1,187 +0,0 @@
-.\"     $OpenBSD: DTLSv1_listen.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL 7795475f Dec 18 13:18:31 2015 -0500
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt DTLSV1_LISTEN 3
-.Os
-.Sh NAME
-.Nm DTLSv1_listen
-.Nd listen for incoming DTLS connections
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo DTLSv1_listen
-.Fa "SSL *ssl"
-.Fa "struct sockaddr *peer"
-.Fc
-.Sh DESCRIPTION
-.Fn DTLSv1_listen
-listens for new incoming DTLS connections.
-If a ClientHello is received that does not contain a cookie, then
-.Fn DTLSv1_listen
-responds with a HelloVerifyRequest.
-If a ClientHello is received with a cookie that is verified, then
-control is returned to user code to enable the handshake to be
-completed (for example by using
-.Xr SSL_accept 3 ) .
-.Pp
-.Fn DTLSv1_listen
-is currently implemented as a macro.
-.Pp
-Datagram based protocols can be susceptible to Denial of Service
-attacks.
-A DTLS attacker could, for example, submit a series of handshake
-initiation requests that cause the server to allocate state (and
-possibly perform cryptographic operations) thus consuming server
-resources.
-The attacker could also (with UDP) quite simply forge the source IP
-address in such an attack.
-.Pp
-As a counter measure to that DTLS includes a stateless cookie mechanism.
-The idea is that when a client attempts to connect to a server it sends
-a ClientHello message.
-The server responds with a HelloVerifyRequest which contains a unique
-cookie.
-The client then resends the ClientHello, but this time includes the
-cookie in the message thus proving that the client is capable of
-receiving messages sent to that address.
-All of this can be done by the server without allocating any state, and
-thus without consuming expensive resources.
-.Pp
-OpenSSL implements this capability via the
-.Fn DTLSv1_listen
-function.
-The
-.Fa ssl
-parameter should be a newly allocated
-.Vt SSL
-object with its read and write BIOs set, in the same way as might
-be done for a call to
-.Xr SSL_accept 3 .
-Typically the read BIO will be in an "unconnected" state and thus
-capable of receiving messages from any peer.
-.Pp
-When a ClientHello is received that contains a cookie that has been
-verified, then
-.Fn DTLSv1_listen
-will return with the
-.Fa ssl
-parameter updated into a state where the handshake can be continued by a
-call to (for example)
-.Xr SSL_accept 3 .
-Additionally the
-.Vt struct sockaddr
-pointed to by
-.Fa peer
-will be filled in with details of the peer that sent the ClientHello.
-It is the calling code's responsibility to ensure that the
-.Fa peer
-location is sufficiently large to accommodate the addressing scheme in use.
-For example this might be done by allocating space for a
-.Vt struct sockaddr_storage
-and casting the pointer to it to a
-.Vt struct sockaddr *
-for the call to
-.Fn DTLSv1_listen .
-Typically user code is expected to "connect" the underlying socket
-to the peer and continue the handshake in a connected state.
-.Pp
-Prior to calling
-.Fn DTLSv1_listen
-user code must ensure that cookie generation and verification callbacks
-have been set up using
-.Fn SSL_CTX_set_cookie_generate_cb
-and
-.Fn SSL_CTX_set_cookie_verify_cb
-respectively.
-.Pp
-Since
-.Fn DTLSv1_listen
-operates entirely statelessly whilst processing incoming ClientHellos,
-it is unable to process fragmented messages (since this would require
-the allocation of state).
-An implication of this is that
-.Fn DTLSv1_listen
-only supports ClientHellos that fit inside a single datagram.
-.Sh RETURN VALUES
-From OpenSSL 1.1.0 a return value of >= 1 indicates success.
-In this instance the
-.Fa peer
-value will be filled in and the
-.Fa ssl
-object set up ready to continue the handshake.
-.Pp
-A return value of 0 indicates a non-fatal error.
-This could (for example) be because of non-blocking IO, or some invalid
-message having been received from a peer.
-Errors may be placed on the OpenSSL error queue with further information
-if appropriate.
-Typically user code is expected to retry the call to
-.Fn DTLSv1_listen
-in the event of a non-fatal error.
-Any old errors on the error queue will be cleared in the subsequent
-call.
-.Pp
-A return value of <0 indicates a fatal error.
-This could (for example) be because of a failure to allocate sufficient
-memory for the operation.
-.Pp
-Prior to OpenSSL 1.1.0 fatal and non-fatal errors both produce return
-codes <= 0 (in typical implementations user code treats all errors as
-non-fatal), whilst return codes >0 indicate success.
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_get_error 3
-.Sh HISTORY
-.Fn DTLSv1_listen
-first appeared in OpenSSL 0.9.8m and has been available since
-.Ox 4.9 .
diff --git a/src/lib/libssl/man/Makefile b/src/lib/libssl/man/Makefile
deleted file mode 100644
index c8f6e28541..0000000000
--- a/src/lib/libssl/man/Makefile
+++ /dev/null
@@ -1,134 +0,0 @@
-# $OpenBSD: Makefile,v 1.77 2022/07/13 20:52:36 schwarze Exp $
-
-.include <bsd.own.mk>
-
-MAN =   BIO_f_ssl.3 \
-        DTLSv1_listen.3 \
-        OPENSSL_init_ssl.3 \
-        PEM_read_SSL_SESSION.3 \
-        SSL_CIPHER_get_name.3 \
-        SSL_COMP_add_compression_method.3 \
-        SSL_CTX_add1_chain_cert.3 \
-        SSL_CTX_add_extra_chain_cert.3 \
-        SSL_CTX_add_session.3 \
-        SSL_CTX_ctrl.3 \
-        SSL_CTX_flush_sessions.3 \
-        SSL_CTX_free.3 \
-        SSL_CTX_get0_certificate.3 \
-        SSL_CTX_get_ex_new_index.3 \
-        SSL_CTX_get_verify_mode.3 \
-        SSL_CTX_load_verify_locations.3 \
-        SSL_CTX_new.3 \
-        SSL_CTX_sess_number.3 \
-        SSL_CTX_sess_set_cache_size.3 \
-        SSL_CTX_sess_set_get_cb.3 \
-        SSL_CTX_sessions.3 \
-        SSL_CTX_set1_groups.3 \
-        SSL_CTX_set_alpn_select_cb.3 \
-        SSL_CTX_set_cert_store.3 \
-        SSL_CTX_set_cert_verify_callback.3 \
-        SSL_CTX_set_cipher_list.3 \
-        SSL_CTX_set_client_CA_list.3 \
-        SSL_CTX_set_client_cert_cb.3 \
-        SSL_CTX_set_default_passwd_cb.3 \
-        SSL_CTX_set_generate_session_id.3 \
-        SSL_CTX_set_info_callback.3 \
-        SSL_CTX_set_keylog_callback.3 \
-        SSL_CTX_set_max_cert_list.3 \
-        SSL_CTX_set_min_proto_version.3 \
-        SSL_CTX_set_mode.3 \
-        SSL_CTX_set_msg_callback.3 \
-        SSL_CTX_set_options.3 \
-        SSL_CTX_set_quiet_shutdown.3 \
-        SSL_CTX_set_read_ahead.3 \
-        SSL_CTX_set_security_level.3 \
-        SSL_CTX_set_session_cache_mode.3 \
-        SSL_CTX_set_session_id_context.3 \
-        SSL_CTX_set_ssl_version.3 \
-        SSL_CTX_set_timeout.3 \
-        SSL_CTX_set_tlsext_servername_callback.3 \
-        SSL_CTX_set_tlsext_status_cb.3 \
-        SSL_CTX_set_tlsext_ticket_key_cb.3 \
-        SSL_CTX_set_tlsext_use_srtp.3 \
-        SSL_CTX_set_tmp_dh_callback.3 \
-        SSL_CTX_set_tmp_rsa_callback.3 \
-        SSL_CTX_set_verify.3 \
-        SSL_CTX_use_certificate.3 \
-        SSL_SESSION_free.3 \
-        SSL_SESSION_get0_cipher.3 \
-        SSL_SESSION_get0_peer.3 \
-        SSL_SESSION_get_compress_id.3 \
-        SSL_SESSION_get_ex_new_index.3 \
-        SSL_SESSION_get_id.3 \
-        SSL_SESSION_get_protocol_version.3 \
-        SSL_SESSION_get_time.3 \
-        SSL_SESSION_has_ticket.3 \
-        SSL_SESSION_is_resumable.3 \
-        SSL_SESSION_new.3 \
-        SSL_SESSION_print.3 \
-        SSL_SESSION_set1_id_context.3 \
-        SSL_accept.3 \
-        SSL_alert_type_string.3 \
-        SSL_clear.3 \
-        SSL_connect.3 \
-        SSL_copy_session_id.3 \
-        SSL_do_handshake.3 \
-        SSL_dup.3 \
-        SSL_dup_CA_list.3 \
-        SSL_export_keying_material.3 \
-        SSL_free.3 \
-        SSL_get_SSL_CTX.3 \
-        SSL_get_certificate.3 \
-        SSL_get_ciphers.3 \
-        SSL_get_client_CA_list.3 \
-        SSL_get_client_random.3 \
-        SSL_get_current_cipher.3 \
-        SSL_get_default_timeout.3 \
-        SSL_get_error.3 \
-        SSL_get_ex_data_X509_STORE_CTX_idx.3 \
-        SSL_get_ex_new_index.3 \
-        SSL_get_fd.3 \
-        SSL_get_finished.3 \
-        SSL_get_peer_cert_chain.3 \
-        SSL_get_peer_certificate.3 \
-        SSL_get_rbio.3 \
-        SSL_get_server_tmp_key.3 \
-        SSL_get_session.3 \
-        SSL_get_shared_ciphers.3 \
-        SSL_get_state.3 \
-        SSL_get_verify_result.3 \
-        SSL_get_version.3 \
-        SSL_library_init.3 \
-        SSL_load_client_CA_file.3 \
-        SSL_new.3 \
-        SSL_num_renegotiations.3 \
-        SSL_pending.3 \
-        SSL_read.3 \
-        SSL_read_early_data.3 \
-        SSL_renegotiate.3 \
-        SSL_rstate_string.3 \
-        SSL_session_reused.3 \
-        SSL_set1_host.3 \
-        SSL_set1_param.3 \
-        SSL_set_SSL_CTX.3 \
-        SSL_set_bio.3 \
-        SSL_set_connect_state.3 \
-        SSL_set_fd.3 \
-        SSL_set_max_send_fragment.3 \
-        SSL_set_psk_use_session_callback.3 \
-        SSL_set_session.3 \
-        SSL_set_shutdown.3 \
-        SSL_set_tmp_ecdh.3 \
-        SSL_set_verify_result.3 \
-        SSL_shutdown.3 \
-        SSL_state_string.3 \
-        SSL_want.3 \
-        SSL_write.3 \
-        d2i_SSL_SESSION.3 \
-        ssl.3
-
-all clean cleandir depend includes obj tags:
-
-install: maninstall
-
-.include <bsd.man.mk>
diff --git a/src/lib/libssl/man/OPENSSL_init_ssl.3 b/src/lib/libssl/man/OPENSSL_init_ssl.3
deleted file mode 100644
index f37dccfaac..0000000000
--- a/src/lib/libssl/man/OPENSSL_init_ssl.3
+++ /dev/null
@@ -1,76 +0,0 @@
-.\" $OpenBSD: OPENSSL_init_ssl.3,v 1.4 2019/06/14 13:41:31 schwarze Exp $
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 14 2019 $
-.Dt OPENSSL_INIT_SSL 3
-.Os
-.Sh NAME
-.Nm OPENSSL_init_ssl
-.Nd initialise the crypto and ssl libraries
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo OPENSSL_init_ssl
-.Fa "uint64_t options"
-.Fa "const void *dummy"
-.Fc
-.Sh DESCRIPTION
-This function is deprecated.
-It is never useful for any application program to call it explicitly.
-The library automatically calls it internally with an
-.Fa options
-argument of 0 whenever needed.
-It is safest to assume that any function may do so.
-.Pp
-To enable or disable the standard configuration file, instead use
-.Xr OPENSSL_config 3
-or
-.Xr OPENSSL_no_config 3 ,
-respectively.
-To load a non-standard configuration file, refer to
-.Xr CONF_modules_load_file 3 .
-.Pp
-.Fn OPENSSL_init_ssl
-calls
-.Xr OPENSSL_init_crypto 3 ,
-.Xr SSL_load_error_strings 3 ,
-and
-.Xr SSL_library_init 3 .
-.Pp
-The
-.Fa options
-argument is passed on to
-.Xr OPENSSL_init_crypto 3
-and the
-.Fa dummy
-argument is ignored.
-.Pp
-If this function is called more than once,
-none of the calls except the first one have any effect.
-.Sh RETURN VALUES
-.Fn OPENSSL_init_ssl
-is intended to return 1 on success or 0 on error.
-.Sh SEE ALSO
-.Xr CONF_modules_load_file 3 ,
-.Xr OPENSSL_config 3 ,
-.Xr ssl 3
-.Sh HISTORY
-.Fn OPENSSL_init_ssl
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
-.Sh BUGS
-.Fn OPENSSL_init_ssl
-silently ignores even more configuration failures than
-.Xr OPENSSL_init_crypto 3 .
diff --git a/src/lib/libssl/man/PEM_read_SSL_SESSION.3 b/src/lib/libssl/man/PEM_read_SSL_SESSION.3
deleted file mode 100644
index 3eb1414c62..0000000000
--- a/src/lib/libssl/man/PEM_read_SSL_SESSION.3
+++ /dev/null
@@ -1,147 +0,0 @@
-.\"     $OpenBSD: PEM_read_SSL_SESSION.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL doc/man3/PEM_read_CMS.pod b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Rich Salz <rsalz@openssl.org>.
-.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt PEM_READ_SSL_SESSION 3
-.Os
-.Sh NAME
-.Nm PEM_read_SSL_SESSION ,
-.Nm PEM_read_bio_SSL_SESSION ,
-.Nm PEM_write_SSL_SESSION ,
-.Nm PEM_write_bio_SSL_SESSION
-.Nd encode and decode SSL session objects in PEM format
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_SESSION *
-.Fo PEM_read_SSL_SESSION
-.Fa "FILE *fp"
-.Fa "SSL_SESSION **a"
-.Fa "pem_password_cb *cb"
-.Fa "void *u"
-.Fc
-.Ft SSL_SESSION *
-.Fo PEM_read_bio_SSL_SESSION
-.Fa "BIO *bp"
-.Fa "SSL_SESSION **a"
-.Fa "pem_password_cb *cb"
-.Fa "void *u"
-.Fc
-.Ft int
-.Fo PEM_write_SSL_SESSION
-.Fa "FILE *fp"
-.Fa "const SSL_SESSION *a"
-.Fc
-.Ft int
-.Fo PEM_write_bio_SSL_SESSION
-.Fa "BIO *bp"
-.Fa "const SSL_SESSION *a"
-.Fc
-.Sh DESCRIPTION
-These routines convert between local instances of ASN.1
-.Vt SSL_SESSION
-objects and the PEM encoding.
-.Pp
-.Fn PEM_read_SSL_SESSION
-reads a PEM-encoded
-.Vt SSL_SESSION
-object from the file
-.Fa fp
-and returns it.
-The
-.Fa cb
-and
-.Fa u
-parameters are as described in
-.Xr PEM_read_bio_PrivateKey 3 .
-.Pp
-.Fn PEM_read_bio_SSL_SESSION
-is similar to
-.Fn PEM_read_SSL_SESSION
-but reads from the BIO
-.Fa bp .
-.Pp
-.Fn PEM_write_SSL_SESSION
-writes the PEM encoding of the object
-.Fa a
-to the file
-.Fa fp .
-.Pp
-.Fn PEM_write_bio_SSL_SESSION
-similarly writes to the BIO
-.Fa bp .
-.Sh RETURN VALUES
-.Fn PEM_read_SSL_SESSION
-and
-.Fn PEM_read_bio_SSL_SESSION
-return a pointer to an allocated object, which should be released by
-calling
-.Xr SSL_SESSION_free 3 ,
-or
-.Dv NULL
-on error.
-.Pp
-.Fn PEM_write_SSL_SESSION
-and
-.Fn PEM_write_bio_SSL_SESSION
-return the number of bytes written or 0 on error.
-.Sh SEE ALSO
-.Xr PEM_read 3 ,
-.Xr ssl 3
-.Sh HISTORY
-.Fn PEM_read_SSL_SESSION
-and
-.Fn PEM_write_SSL_SESSION
-first appeared in SSLeay 0.5.2.
-.Fn PEM_read_bio_SSL_SESSION
-and
-.Fn PEM_write_bio_SSL_SESSION
-first appeared in SSLeay 0.6.0.
-These functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CIPHER_get_name.3 b/src/lib/libssl/man/SSL_CIPHER_get_name.3
deleted file mode 100644
index 86c1d3c0ba..0000000000
--- a/src/lib/libssl/man/SSL_CIPHER_get_name.3
+++ /dev/null
@@ -1,398 +0,0 @@
-.\" $OpenBSD: SSL_CIPHER_get_name.3,v 1.17 2024/07/16 10:19:38 tb Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
-.\" Dr. Stephen Henson <steve@openssl.org>, Todd Short <tshort@akamai.com>,
-.\" and Paul Yang <yang.yang@baishancloud.com>.
-.\" Copyright (c) 2000, 2005, 2009, 2013, 2014, 2015, 2016, 2017
-.\" The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: July 16 2024 $
-.Dt SSL_CIPHER_GET_NAME 3
-.Os
-.Sh NAME
-.Nm SSL_CIPHER_get_name ,
-.Nm SSL_CIPHER_get_bits ,
-.Nm SSL_CIPHER_get_version ,
-.Nm SSL_CIPHER_get_cipher_nid ,
-.Nm SSL_CIPHER_get_digest_nid ,
-.Nm SSL_CIPHER_get_handshake_digest ,
-.Nm SSL_CIPHER_get_kx_nid ,
-.Nm SSL_CIPHER_get_auth_nid ,
-.Nm SSL_CIPHER_is_aead ,
-.Nm SSL_CIPHER_find ,
-.Nm SSL_CIPHER_get_id ,
-.Nm SSL_CIPHER_description
-.Nd get SSL_CIPHER properties
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const char *
-.Fn SSL_CIPHER_get_name "const SSL_CIPHER *cipher"
-.Ft int
-.Fn SSL_CIPHER_get_bits "const SSL_CIPHER *cipher" "int *alg_bits"
-.Ft const char *
-.Fn SSL_CIPHER_get_version "const SSL_CIPHER *cipher"
-.Ft int
-.Fn SSL_CIPHER_get_cipher_nid "const SSL_CIPHER *cipher"
-.Ft int
-.Fn SSL_CIPHER_get_digest_nid "const SSL_CIPHER *cipher"
-.Ft "const EVP_MD *"
-.Fn SSL_CIPHER_get_handshake_digest "const SSL_CIPHER *cipher"
-.Ft int
-.Fn SSL_CIPHER_get_kx_nid "const SSL_CIPHER *cipher"
-.Ft int
-.Fn SSL_CIPHER_get_auth_nid "const SSL_CIPHER *cipher"
-.Ft int
-.Fn SSL_CIPHER_is_aead "const SSL_CIPHER *cipher"
-.Ft const SSL_CIPHER *
-.Fn SSL_CIPHER_find "SSL *ssl" "const unsigned char *ptr"
-.Ft unsigned long
-.Fn SSL_CIPHER_get_id "const SSL_CIPHER *cipher"
-.Ft char *
-.Fn SSL_CIPHER_description "const SSL_CIPHER *cipher" "char *buf" "int size"
-.Sh DESCRIPTION
-.Fn SSL_CIPHER_get_name
-returns a pointer to the name of
-.Fa cipher .
-.Pp
-.Fn SSL_CIPHER_get_bits
-returns the number of secret bits used for
-.Fa cipher .
-If
-.Fa alg_bits
-is not
-.Dv NULL ,
-the number of bits processed by the chosen algorithm is stored into it.
-.Pp
-.Fn SSL_CIPHER_get_version
-returns a string which indicates the SSL/TLS protocol version that first
-defined the cipher.
-This is currently
-.Qq TLSv1/SSLv3 .
-In some cases it should possibly return
-.Qq TLSv1.2
-but the function does not; use
-.Fn SSL_CIPHER_description
-instead.
-.Pp
-.Fn SSL_CIPHER_get_cipher_nid
-returns the cipher NID corresponding to the
-.Fa cipher .
-If there is no cipher (e.g. for cipher suites with no encryption), then
-.Dv NID_undef
-is returned.
-.Pp
-.Fn SSL_CIPHER_get_digest_nid
-returns the digest NID corresponding to the MAC used by the
-.Fa cipher
-during record encryption/decryption.
-If there is no digest (e.g. for AEAD cipher suites), then
-.Dv NID_undef
-is returned.
-.Pp
-.Fn SSL_CIPHER_get_handshake_digest
-returns the
-.Vt EVP_MD
-object representing the digest used during a TLS handshake with the cipher
-.Fa c ,
-which may be different to the digest used in the message authentication code
-for encrypted records.
-.Pp
-.Fn SSL_CIPHER_get_kx_nid
-returns the key exchange NID corresponding to the method used by the
-.Fa cipher .
-If there is no key exchange, then
-.Dv NID_undef
-is returned.
-Examples of possible return values include
-.Dv NID_kx_rsa ,
-.Dv NID_kx_dhe ,
-and
-.Dv NID_kx_ecdhe .
-.Pp
-.Fn SSL_CIPHER_get_auth_nid
-returns the authentication NID corresponding to the method used by the
-.Fa cipher .
-If there is no authentication,
-.Dv NID_undef
-is returned.
-Examples of possible return values include
-.Dv NID_auth_rsa
-and
-.Dv NID_auth_ecdsa .
-.Pp
-.Fn SSL_CIPHER_is_aead
-returns 1 if the
-.Fa cipher
-is AEAD (e.g. GCM or ChaCha20/Poly1305), or 0 if it is not AEAD.
-.Pp
-.Fn SSL_CIPHER_find
-returns a pointer to a
-.Vt SSL_CIPHER
-structure which has the cipher ID specified in
-.Fa ptr .
-The
-.Fa ptr
-parameter is an array of length two which stores the two-byte
-TLS cipher ID (as allocated by IANA) in network byte order.
-.Fa SSL_CIPHER_find
-returns
-.Dv NULL
-if an error occurs or the indicated cipher is not found.
-.Pp
-.Fn SSL_CIPHER_get_id
-returns the ID of the given
-.Fa cipher ,
-which must not be
-.Dv NULL .
-The ID here is an OpenSSL-specific concept, which stores a prefix
-of 0x0300 in the higher two bytes and the IANA-specified cipher
-suite ID in the lower two bytes.
-For instance, TLS_RSA_WITH_NULL_MD5 has IANA ID "0x00, 0x01", so
-.Fn SSL_CIPHER_get_id
-returns 0x03000001.
-.Pp
-.Fn SSL_CIPHER_description
-copies a textual description of
-.Fa cipher
-into the buffer
-.Fa buf ,
-which must be at least
-.Fa size
-bytes long.
-The
-.Fa cipher
-argument must not be a
-.Dv NULL
-pointer.
-If
-.Fa buf
-is
-.Dv NULL ,
-a buffer is allocated using
-.Xr asprintf 3 ;
-that buffer should be freed using the
-.Xr free 3
-function.
-If
-.Fa len
-is too small to hold the description, a pointer to the static string
-.Qq Buffer too small
-is returned.
-If memory allocation fails, which can happen even if a
-.Fa buf
-of sufficient size is provided, a pointer to the static string
-.Qq OPENSSL_malloc Error
-is returned and the content of
-.Fa buf
-remains unchanged.
-.Pp
-The string returned by
-.Fn SSL_CIPHER_description
-consists of several fields separated by whitespace:
-.Bl -tag -width Ds
-.It Aq Ar ciphername
-Textual representation of the cipher name.
-.It Aq Ar protocol version
-Protocol version:
-.Sy SSLv3 ,
-.Sy TLSv1.2 ,
-or
-.Sy TLSv1.3 .
-The TLSv1.0 ciphers are flagged with SSLv3.
-No new ciphers were added by TLSv1.1.
-.It Kx= Ns Aq Ar key exchange
-Key exchange method:
-.Sy DH ,
-.Sy ECDH ,
-.Sy GOST ,
-.Sy RSA ,
-or
-.Sy TLSv1.3 .
-.It Au= Ns Aq Ar authentication
-Authentication method:
-.Sy ECDSA ,
-.Sy GOST01 ,
-.Sy RSA ,
-.Sy TLSv1.3 ,
-or
-.Sy None .
-.Sy None
-is the representation of anonymous ciphers.
-.It Enc= Ns Aq Ar symmetric encryption method
-Encryption method with number of secret bits:
-.Sy 3DES(168) ,
-.Sy RC4(128) ,
-.Sy AES(128) ,
-.Sy AES(256) ,
-.Sy AESGCM(128) ,
-.Sy AESGCM(256) ,
-.Sy Camellia(128) ,
-.Sy Camellia(256) ,
-.Sy ChaCha20-Poly1305 ,
-.Sy GOST-28178-89-CNT ,
-or
-.Sy None .
-.It Mac= Ns Aq Ar message authentication code
-Message digest:
-.Sy MD5 ,
-.Sy SHA1 ,
-.Sy SHA256 ,
-.Sy SHA384 ,
-.Sy AEAD ,
-.Sy GOST94 ,
-.Sy GOST89IMIT ,
-or
-.Sy STREEBOG256 .
-.El
-.Sh RETURN VALUES
-.Fn SSL_CIPHER_get_name
-returns an internal pointer to a NUL-terminated string.
-.Fn SSL_CIPHER_get_version
-returns a pointer to a static NUL-terminated string.
-If
-.Fa cipher
-is a
-.Dv NULL
-pointer, both functions return a pointer to the static string
-.Qq Pq NONE .
-.Pp
-.Fn SSL_CIPHER_get_bits
-returns a positive integer representing the number of secret bits
-or 0 if
-.Fa cipher
-is a
-.Dv NULL
-pointer.
-.Pp
-.Fn SSL_CIPHER_get_cipher_nid ,
-.Fn SSL_CIPHER_get_digest_nid ,
-.Fn SSL_CIPHER_get_kx_nid ,
-and
-.Fn SSL_CIPHER_get_auth_nid
-return an NID constant or
-.Dv NID_undef
-if an error occurred.
-.Fn SSL_CIPHER_get_handshake_digest
-returns a valid
-.Vt EVP_MD
-object or
-.Dv NULL
-if an error occurred.
-.Pp
-.Fn SSL_CIPHER_is_aead
-returns 1 if the
-.Fa cipher
-is AEAD or 0 otherwise.
-.Pp
-.Fn SSL_CIPHER_find
-returns a pointer to a valid
-.Vt SSL_CIPHER
-structure or
-.Dv NULL
-if an error occurred.
-.Pp
-.Fn SSL_CIPHER_get_id
-returns a 32-bit unsigned integer.
-.Pp
-.Fn SSL_CIPHER_description
-returns
-.Fa buf
-or a newly allocated string on success or a pointer to a static
-string on error.
-.Sh EXAMPLES
-An example for the output of
-.Fn SSL_CIPHER_description :
-.Bd -literal
-ECDHE-RSA-AES256-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD
-.Ed
-.Pp
-A complete list can be retrieved by invoking the following command:
-.Pp
-.Dl $ openssl ciphers -v ALL:COMPLEMENTOFALL
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr ssl 3 ,
-.Xr SSL_get_ciphers 3 ,
-.Xr SSL_get_current_cipher 3
-.Sh HISTORY
-.Fn SSL_CIPHER_description
-first appeared in SSLeay 0.8.0.
-.Fn SSL_CIPHER_get_name ,
-.Fn SSL_CIPHER_get_bits ,
-and
-.Fn SSL_CIPHER_get_version
-first appeared in SSLeay 0.8.1.
-These functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CIPHER_get_id
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
-.Pp
-.Fn SSL_CIPHER_get_cipher_nid ,
-.Fn SSL_CIPHER_get_digest_nid ,
-.Fn SSL_CIPHER_get_kx_nid ,
-.Fn SSL_CIPHER_get_auth_nid ,
-and
-.Fn SSL_CIPHER_is_aead
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 6.3 .
-.Fn SSL_CIPHER_find
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 7.0 .
-.Fn SSL_CIPHER_get_handshake_digest
-first appeared in OpenSSL 1.1.1 and has been available since
-.Ox 7.6 .
-.Sh BUGS
-If
-.Fn SSL_CIPHER_description
-cannot handle a built-in cipher,
-the according description of the cipher property is
-.Qq unknown .
-This case should not occur.
diff --git a/src/lib/libssl/man/SSL_COMP_add_compression_method.3 b/src/lib/libssl/man/SSL_COMP_add_compression_method.3
deleted file mode 100644
index f9e25358d7..0000000000
--- a/src/lib/libssl/man/SSL_COMP_add_compression_method.3
+++ /dev/null
@@ -1,42 +0,0 @@
-.\" $OpenBSD: SSL_COMP_add_compression_method.3,v 1.7 2024/08/31 10:51:48 tb Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: August 31 2024 $
-.Dt SSL_COMP_ADD_COMPRESSION_METHOD 3
-.Os
-.Sh NAME
-.Nm SSL_COMP_get_compression_methods
-.Nd handle SSL/TLS integrated compression methods
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft STACK_OF(SSL_COMP) *
-.Fn SSL_COMP_get_compression_methods void
-.Sh DESCRIPTION
-This function is deprecated and has no effect.
-It is provided purely for compatibility with legacy application code.
-.Pp
-.Fn SSL_COMP_get_compression_methods
-used to return a stack of available compression methods.
-.Sh RETURN VALUES
-.Fn SSL_COMP_get_compression_methods
-always returns
-.Dv NULL .
-.Sh SEE ALSO
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_COMP_get_compression_methods
-first appeared in OpenSSL 0.9.8 and has been available since
-.Ox 4.5 .
diff --git a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
deleted file mode 100644
index 86eb27a523..0000000000
--- a/src/lib/libssl/man/SSL_CTX_add1_chain_cert.3
+++ /dev/null
@@ -1,222 +0,0 @@
-.\" $OpenBSD: SSL_CTX_add1_chain_cert.3,v 1.2 2025/01/18 10:45:12 tb Exp $
-.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>
-.\" and Rob Stradling <rob.stradling@comodo.com>.
-.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 18 2025 $
-.Dt SSL_CTX_ADD1_CHAIN_CERT 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set0_chain ,
-.Nm SSL_CTX_set1_chain ,
-.Nm SSL_CTX_add0_chain_cert ,
-.Nm SSL_CTX_add1_chain_cert ,
-.Nm SSL_CTX_get0_chain_certs ,
-.Nm SSL_CTX_clear_chain_certs ,
-.Nm SSL_set0_chain ,
-.Nm SSL_set1_chain ,
-.Nm SSL_add0_chain_cert ,
-.Nm SSL_add1_chain_cert ,
-.Nm SSL_get0_chain_certs ,
-.Nm SSL_clear_chain_certs
-.Nd extra chain certificate processing
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set0_chain
-.Fa "SSL_CTX *ctx"
-.Fa "STACK_OF(X509) *chain"
-.Fc
-.Ft int
-.Fo SSL_CTX_set1_chain
-.Fa "SSL_CTX *ctx"
-.Fa "STACK_OF(X509) *chain"
-.Fc
-.Ft int
-.Fo SSL_CTX_add0_chain_cert
-.Fa "SSL_CTX *ctx"
-.Fa "X509 *cert"
-.Fc
-.Ft int
-.Fo SSL_CTX_add1_chain_cert
-.Fa "SSL_CTX *ctx"
-.Fa "X509 *cert"
-.Fc
-.Ft int
-.Fo SSL_CTX_get0_chain_certs
-.Fa "SSL_CTX *ctx"
-.Fa "STACK_OF(X509) **chain"
-.Fc
-.Ft int
-.Fo SSL_CTX_clear_chain_certs
-.Fa "SSL_CTX *ctx"
-.Fc
-.Ft int
-.Fo SSL_set0_chain
-.Fa "SSL *ssl"
-.Fa "STACK_OF(X509) *chain"
-.Fc
-.Ft int
-.Fo SSL_set1_chain
-.Fa "SSL *ssl"
-.Fa "STACK_OF(X509) *chain"
-.Fc
-.Ft int
-.Fo SSL_add0_chain_cert
-.Fa "SSL *ssl"
-.Fa "X509 *cert"
-.Fc
-.Ft int
-.Fo SSL_add1_chain_cert
-.Fa "SSL *ssl"
-.Fa "X509 *cert"
-.Fc
-.Ft int
-.Fo SSL_get0_chain_certs
-.Fa "SSL *ssl"
-.Fa "STACK_OF(X509) **chain"
-.Fc
-.Ft int
-.Fo SSL_clear_chain_certs
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set0_chain
-and
-.Fn SSL_CTX_set1_chain
-set the certificate chain associated with the current certificate of
-.Fa ctx
-to
-.Fa chain .
-The
-.Fa chain
-is not supposed to include the current certificate itself.
-.Pp
-.Fn SSL_CTX_add0_chain_cert
-and
-.Fn SSL_CTX_add1_chain_cert
-append the single certificate
-.Fa cert
-to the chain associated with the current certificate of
-.Fa ctx .
-.Pp
-.Fn SSL_CTX_get0_chain_certs
-retrieves the chain associated with the current certificate of
-.Fa ctx .
-.Pp
-.Fn SSL_CTX_clear_chain_certs
-clears the existing chain associated with the current certificate of
-.Fa ctx ,
-if any.
-This is equivalent to calling
-.Fn SSL_CTX_set0_chain
-with
-.Fa chain
-set to
-.Dv NULL .
-.Pp
-Each of these functions operates on the
-.Em current
-end entity (i.e. server or client) certificate.
-This is the last certificate loaded or selected on the corresponding
-.Fa ctx
-structure, for example using
-.Xr SSL_CTX_use_certificate 3 .
-.Pp
-.Fn SSL_set0_chain ,
-.Fn SSL_set1_chain ,
-.Fn SSL_add0_chain_cert ,
-.Fn SSL_add1_chain_cert ,
-.Fn SSL_get0_chain_certs ,
-and
-.Fn SSL_clear_chain_certs
-are similar except that they operate on the
-.Fa ssl
-connection.
-.Pp
-The functions containing a
-.Sy 1
-in their name increment the reference count of the supplied certificate
-or chain, so it must be freed at some point after the operation.
-Those containing a
-.Sy 0
-do not increment reference counts and the supplied certificate or chain
-must not be freed after the operation.
-.Pp
-The chains associated with an
-.Vt SSL_CTX
-structure are copied to the new
-.Vt SSL
-structure when
-.Xr SSL_new 3
-is called.
-Existing
-.Vt SSL
-structures are not affected by any chains subsequently changed
-in the parent
-.Vt SSL_CTX .
-.Pp
-One chain can be set for each key type supported by a server.
-So, for example, an RSA and an ECDSA certificate can have
-different chains.
-.Pp
-If any certificates are added using these functions, no certificates
-added using
-.Xr SSL_CTX_add_extra_chain_cert 3
-will be used.
-.Sh RETURN VALUES
-These functions return 1 for success or 0 for failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_use_certificate 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.0.2
-and have been available since
-.Ox 6.5 .
diff --git a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3 b/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
deleted file mode 100644
index b9694b0cbc..0000000000
--- a/src/lib/libssl/man/SSL_CTX_add_extra_chain_cert.3
+++ /dev/null
@@ -1,160 +0,0 @@
-.\" $OpenBSD: SSL_CTX_add_extra_chain_cert.3,v 1.8 2025/01/18 10:45:12 tb Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
-.\" Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2000, 2002, 2013, 2015 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 18 2025 $
-.Dt SSL_CTX_ADD_EXTRA_CHAIN_CERT 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_add_extra_chain_cert ,
-.Nm SSL_CTX_get_extra_chain_certs_only ,
-.Nm SSL_CTX_get_extra_chain_certs ,
-.Nm SSL_CTX_clear_extra_chain_certs
-.Nd add, retrieve, and clear extra chain certificates
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_add_extra_chain_cert "SSL_CTX *ctx" "X509 *x509"
-.Ft long
-.Fn SSL_CTX_get_extra_chain_certs_only "SSL_CTX *ctx" "STACK_OF(X509) **certs"
-.Ft long
-.Fn SSL_CTX_get_extra_chain_certs "SSL_CTX *ctx" "STACK_OF(X509) **certs"
-.Ft long
-.Fn SSL_CTX_clear_extra_chain_certs "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_add_extra_chain_cert
-adds the certificate
-.Fa x509
-to the extra chain certificates associated with
-.Fa ctx .
-Several certificates can be added one after another.
-.Pp
-.Fn SSL_CTX_get_extra_chain_certs_only
-retrieves an internal pointer to the stack of extra chain certificates
-associated with
-.Fa ctx ,
-or set
-.Pf * Fa certs
-to
-.Dv NULL
-if there are none.
-.Pp
-.Fn SSL_CTX_get_extra_chain_certs
-does the same except that it retrieves an internal pointer
-to the chain associated with the certificate
-if there are no extra chain certificates.
-.Pp
-.Fn SSL_CTX_clear_extra_chain_certs
-clears all extra chain certificates associated with
-.Fa ctx .
-.Pp
-These functions are implemented as macros.
-.Pp
-When sending a certificate chain, extra chain certificates are sent
-in order following the end entity certificate.
-.Pp
-If no chain is specified, the library will try to complete the chain from the
-available CA certificates in the trusted CA storage, see
-.Xr SSL_CTX_load_verify_locations 3 .
-.Pp
-The x509 certificate provided to
-.Fn SSL_CTX_add_extra_chain_cert
-will be freed by the library when the
-.Vt SSL_CTX
-is destroyed.
-An application should not free the
-.Fa x509
-object, nor the
-.Pf * Fa certs
-object retrieved by
-.Fn SSL_CTX_get_extra_chain_certs .
-.Sh RETURN VALUES
-These functions return 1 on success or 0 for failure.
-Check out the error stack to find out the reason for failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add1_chain_cert 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_client_cert_cb 3 ,
-.Xr SSL_CTX_use_certificate 3
-.Sh HISTORY
-.Fn SSL_CTX_add_extra_chain_cert
-first appeared in SSLeay 0.9.1 and has been available since
-.Ox 2.6 .
-.Pp
-.Fn SSL_CTX_get_extra_chain_certs
-and
-.Fn SSL_CTX_clear_extra_chain_certs
-first appeared in OpenSSL 1.0.1 and have been available since
-.Ox 5.3 .
-.Pp
-.Fn SSL_CTX_get_extra_chain_certs_only
-first appeared in OpenSSL 1.0.2 and has been available since
-.Ox 6.7 .
-.Sh CAVEATS
-Certificates added with
-.Fn SSL_CTX_add_extra_chain_cert
-are ignored when certificates are also available that have been
-added using the functions documented in
-.Xr SSL_CTX_set1_chain 3 .
-.Pp
-Only one set of extra chain certificates can be specified per
-.Vt SSL_CTX
-structure using
-.Fn SSL_CTX_add_extra_chain_cert .
-Different chains for different certificates (for example if both
-RSA and ECDSA certificates are specified by the same server) or
-different SSL structures with the same parent
-.Vt SSL_CTX
-require using the functions documented in
-.Xr SSL_CTX_set1_chain 3
-instead.
diff --git a/src/lib/libssl/man/SSL_CTX_add_session.3 b/src/lib/libssl/man/SSL_CTX_add_session.3
deleted file mode 100644
index 443bdb542a..0000000000
--- a/src/lib/libssl/man/SSL_CTX_add_session.3
+++ /dev/null
@@ -1,132 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_add_session.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL SSL_CTX_add_session.pod 1722496f Jun 8 15:18:38 2017 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
-.\" Geoff Thorpe <geoff@openssl.org>.
-.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_ADD_SESSION 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_add_session ,
-.Nm SSL_CTX_remove_session
-.Nd manipulate session cache
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_add_session "SSL_CTX *ctx" "SSL_SESSION *c"
-.Ft int
-.Fn SSL_CTX_remove_session "SSL_CTX *ctx" "SSL_SESSION *c"
-.Sh DESCRIPTION
-.Fn SSL_CTX_add_session
-adds the session
-.Fa c
-to the context
-.Fa ctx .
-The reference count for session
-.Fa c
-is incremented by 1.
-If a session with the same session id already exists,
-the old session is removed by calling
-.Xr SSL_SESSION_free 3 .
-.Pp
-.Fn SSL_CTX_remove_session
-removes the session
-.Fa c
-from the context
-.Fa ctx
-and marks it as non-resumable.
-.Xr SSL_SESSION_free 3
-is called once for
-.Fa c .
-.Pp
-When adding a new session to the internal session cache, it is examined
-whether a session with the same session id already exists.
-In this case it is assumed that both sessions are identical.
-If the same session is stored in a different
-.Vt SSL_SESSION
-object, the old session is removed and replaced by the new session.
-If the session is actually identical (the
-.Vt SSL_SESSION
-object is identical),
-.Fn SSL_CTX_add_session
-is a no-op, and the return value is 0.
-.Pp
-If a server
-.Vt SSL_CTX
-is configured with the
-.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
-flag then the internal cache will not be populated automatically by new
-sessions negotiated by the SSL/TLS implementation, even though the internal
-cache will be searched automatically for session-resume requests (the
-latter can be suppressed by
-.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ) .
-So the application can use
-.Fn SSL_CTX_add_session
-directly to have full control over the sessions that can be resumed if desired.
-.Sh RETURN VALUES
-The following values are returned by all functions:
-.Bl -tag -width Ds
-.It 0
-The operation failed.
-In case of the add operation, it was tried to add the same (identical) session
-twice.
-In case of the remove operation, the session was not found in the cache.
-.It 1
-The operation succeeded.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_SESSION_free 3
-.Sh HISTORY
-.Fn SSL_CTX_add_session
-and
-.Fn SSL_CTX_remove_session
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_ctrl.3 b/src/lib/libssl/man/SSL_CTX_ctrl.3
deleted file mode 100644
index c91ddff374..0000000000
--- a/src/lib/libssl/man/SSL_CTX_ctrl.3
+++ /dev/null
@@ -1,122 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_ctrl.3,v 1.7 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_CTRL 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_ctrl ,
-.Nm SSL_CTX_callback_ctrl ,
-.Nm SSL_ctrl ,
-.Nm SSL_callback_ctrl
-.Nd internal handling functions for SSL_CTX and SSL objects
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_ctrl "SSL_CTX *ctx" "int cmd" "long larg" "void *parg"
-.Ft long
-.Fn SSL_CTX_callback_ctrl "SSL_CTX *" "int cmd" "void (*fp)()"
-.Ft long
-.Fn SSL_ctrl "SSL *ssl" "int cmd" "long larg" "void *parg"
-.Ft long
-.Fn SSL_callback_ctrl "SSL *" "int cmd" "void (*fp)()"
-.Sh DESCRIPTION
-The
-.Fn SSL_*_ctrl
-family of functions is used to manipulate settings of
-the
-.Vt SSL_CTX
-and
-.Vt SSL
-objects.
-Depending on the command
-.Fa cmd
-the arguments
-.Fa larg ,
-.Fa parg ,
-or
-.Fa fp
-are evaluated.
-These functions should never be called directly.
-All functionalities needed are made available via other functions or macros.
-.Sh RETURN VALUES
-The return values of the
-.Fn SSL*_ctrl
-functions depend on the command supplied via the
-.Fn cmd
-parameter.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_sess_number 3 ,
-.Xr SSL_CTX_sess_set_cache_size 3 ,
-.Xr SSL_CTX_set_max_cert_list 3 ,
-.Xr SSL_CTX_set_mode 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_CTX_set_tlsext_servername_callback 3 ,
-.Xr SSL_CTX_set_tlsext_status_cb 3 ,
-.Xr SSL_CTX_set_tlsext_ticket_key_cb 3 ,
-.Xr SSL_get_server_tmp_key 3 ,
-.Xr SSL_num_renegotiations 3 ,
-.Xr SSL_session_reused 3 ,
-.Xr SSL_set_max_send_fragment 3
-.Sh HISTORY
-.Fn SSL_CTX_ctrl
-and
-.Fn SSL_ctrl
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_callback_ctrl
-and
-.Fn SSL_callback_ctrl
-first appeared in OpenSSL 0.9.5 and have been available since
-.Ox 2.7 .
diff --git a/src/lib/libssl/man/SSL_CTX_flush_sessions.3 b/src/lib/libssl/man/SSL_CTX_flush_sessions.3
deleted file mode 100644
index 2ef781cb4a..0000000000
--- a/src/lib/libssl/man/SSL_CTX_flush_sessions.3
+++ /dev/null
@@ -1,100 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_flush_sessions.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL SSL_CTX_flush_sessions.pod 1722496f Jun 8 15:18:38 2017 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_FLUSH_SESSIONS 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_flush_sessions
-.Nd remove expired sessions
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_CTX_flush_sessions "SSL_CTX *ctx" "long tm"
-.Sh DESCRIPTION
-.Fn SSL_CTX_flush_sessions
-causes a run through the session cache of
-.Fa ctx
-to remove sessions expired at time
-.Fa tm .
-.Pp
-If enabled, the internal session cache will collect all sessions established
-up to the specified maximum number (see
-.Xr SSL_CTX_sess_set_cache_size 3 ) .
-As sessions will not be reused once they are expired, they should be
-removed from the cache to save resources.
-This can either be done automatically whenever 255 new sessions were
-established (see
-.Xr SSL_CTX_set_session_cache_mode 3 )
-or manually by calling
-.Fn SSL_CTX_flush_sessions .
-.Pp
-The parameter
-.Fa tm
-specifies the time which should be used for the
-expiration test, in most cases the actual time given by
-.Fn time 0
-will be used.
-.Pp
-.Fn SSL_CTX_flush_sessions
-will only check sessions stored in the internal cache.
-When a session is found and removed, the
-.Va remove_session_cb
-is however called to synchronize with the external cache (see
-.Xr SSL_CTX_sess_set_get_cb 3 ) .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_CTX_set_timeout 3
-.Sh HISTORY
-.Fn SSL_CTX_flush_sessions
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_free.3 b/src/lib/libssl/man/SSL_CTX_free.3
deleted file mode 100644
index 47f247631b..0000000000
--- a/src/lib/libssl/man/SSL_CTX_free.3
+++ /dev/null
@@ -1,101 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_free.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2003 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_FREE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_free
-.Nd free an allocated SSL_CTX object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_CTX_free "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_free
-decrements the reference count of
-.Fa ctx ,
-and removes the
-.Vt SSL_CTX
-object pointed to by
-.Fa ctx
-and frees up the allocated memory if the reference count has reached 0.
-If
-.Fa ctx
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-It also calls the
-.Xr free 3 Ns ing
-procedures for indirectly affected items, if applicable:
-the session cache, the list of ciphers, the list of Client CAs,
-the certificates and keys.
-.Sh WARNINGS
-If a session-remove callback is set
-.Pq Xr SSL_CTX_sess_set_remove_cb 3 ,
-this callback will be called for each session being freed from
-.Fa ctx Ns 's
-session cache.
-This implies that all corresponding sessions from an external session cache are
-removed as well.
-If this is not desired, the user should explicitly unset the callback by
-calling
-.Fn SSL_CTX_sess_set_remove_cb ctx NULL
-prior to calling
-.Fn SSL_CTX_free .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3
-.Sh HISTORY
-.Fn SSL_CTX_free
-first appeared in SSLeay 0.5.1 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_get0_certificate.3 b/src/lib/libssl/man/SSL_CTX_get0_certificate.3
deleted file mode 100644
index 63c86bd5e0..0000000000
--- a/src/lib/libssl/man/SSL_CTX_get0_certificate.3
+++ /dev/null
@@ -1,51 +0,0 @@
-.\" $OpenBSD: SSL_CTX_get0_certificate.3,v 1.3 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_CTX_GET0_CERTIFICATE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_get0_certificate
-.Nd get the active certificate from an SSL context
-.Sh SYNOPSIS
-.Ft X509 *
-.Fo SSL_CTX_get0_certificate
-.Fa "const SSL_CTX *ctx"
-.Fc
-.Sh DESCRIPTION
-The
-.Fn SSL_CTX_get0_certificate
-function returns an internal pointer
-to the ASN.1 certificate currently active in
-.Fa ctx
-or
-.Dv NULL
-if none was installed with
-.Xr SSL_CTX_use_certificate 3
-or similar functions.
-.Pp
-The returned pointer must not be freed by the caller.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_use_certificate 3 ,
-.Xr X509_get_pubkey 3 ,
-.Xr X509_get_subject_name 3 ,
-.Xr X509_new 3
-.Sh HISTORY
-.Fn SSL_CTX_get0_certificate
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3 b/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3
deleted file mode 100644
index 3dbaf2e981..0000000000
--- a/src/lib/libssl/man/SSL_CTX_get_ex_new_index.3
+++ /dev/null
@@ -1,124 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_get_ex_new_index.3,v 1.3 2018/03/21 08:06:34 schwarze Exp $
-.\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 21 2018 $
-.Dt SSL_CTX_GET_EX_NEW_INDEX 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_get_ex_new_index ,
-.Nm SSL_CTX_set_ex_data ,
-.Nm SSL_CTX_get_ex_data
-.Nd internal application specific data functions
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_get_ex_new_index
-.Fa "long argl"
-.Fa "void *argp"
-.Fa "CRYPTO_EX_new *new_func"
-.Fa "CRYPTO_EX_dup *dup_func"
-.Fa "CRYPTO_EX_free *free_func"
-.Fc
-.Ft int
-.Fn SSL_CTX_set_ex_data "SSL_CTX *ctx" "int idx" "void *arg"
-.Ft void *
-.Fn SSL_CTX_get_ex_data "const SSL_CTX *ctx" "int idx"
-.Bd -literal
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
-                int idx, long argl, void *argp);
-.Ed
-.Sh DESCRIPTION
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate application
-specific data attached to a specific structure.
-.Pp
-.Fn SSL_CTX_get_ex_new_index
-is used to register a new index for application specific data.
-.Pp
-.Fn SSL_CTX_set_ex_data
-is used to store application data at
-.Fa arg
-for
-.Fa idx
-into the
-.Fa ctx
-object.
-.Pp
-.Fn SSL_CTX_get_ex_data
-is used to retrieve the information for
-.Fa idx
-from
-.Fa ctx .
-.Pp
-A detailed description for the
-.Fn *_get_ex_new_index
-functionality can be found in
-.Xr RSA_get_ex_new_index 3 .
-The
-.Fn *_get_ex_data
-and
-.Fn *_set_ex_data
-functionality is described in
-.Xr CRYPTO_set_ex_data 3 .
-.Sh SEE ALSO
-.Xr CRYPTO_set_ex_data 3 ,
-.Xr RSA_get_ex_new_index 3 ,
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_CTX_get_ex_new_index ,
-.Fn SSL_CTX_set_ex_data ,
-and
-.Fn SSL_CTX_get_ex_data
-first appeared in SSLeay 0.9.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_get_verify_mode.3 b/src/lib/libssl/man/SSL_CTX_get_verify_mode.3
deleted file mode 100644
index 7c87775069..0000000000
--- a/src/lib/libssl/man/SSL_CTX_get_verify_mode.3
+++ /dev/null
@@ -1,131 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_get_verify_mode.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_GET_VERIFY_MODE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_get_verify_mode ,
-.Nm SSL_get_verify_mode ,
-.Nm SSL_CTX_get_verify_depth ,
-.Nm SSL_get_verify_depth ,
-.Nm SSL_get_verify_callback ,
-.Nm SSL_CTX_get_verify_callback
-.Nd get currently set verification parameters
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_get_verify_mode "const SSL_CTX *ctx"
-.Ft int
-.Fn SSL_get_verify_mode "const SSL *ssl"
-.Ft int
-.Fn SSL_CTX_get_verify_depth "const SSL_CTX *ctx"
-.Ft int
-.Fn SSL_get_verify_depth "const SSL *ssl"
-.Ft int
-.Fo "(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))"
-.Fa int "X509_STORE_CTX *"
-.Fc
-.Ft int
-.Fo "(*SSL_get_verify_callback(const SSL *ssl))"
-.Fa int "X509_STORE_CTX *"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_get_verify_mode
-returns the verification mode currently set in
-.Fa ctx .
-.Pp
-.Fn SSL_get_verify_mode
-returns the verification mode currently set in
-.Fa ssl .
-.Pp
-.Fn SSL_CTX_get_verify_depth
-returns the verification depth limit currently set
-in
-.Fa ctx .
-If no limit has been explicitly set,
-\(mi1 is returned and the default value will be used.
-.Pp
-.Fn SSL_get_verify_depth
-returns the verification depth limit currently set in
-.Fa ssl .
-If no limit has been explicitly set,
-\(mi1 is returned and the default value will be used.
-.Pp
-.Fn SSL_CTX_get_verify_callback
-returns a function pointer to the verification callback currently set in
-.Fa ctx .
-If no callback was explicitly set, the
-.Dv NULL
-pointer is returned and the default callback will be used.
-.Pp
-.Fn SSL_get_verify_callback
-returns a function pointer to the verification callback currently set in
-.Fa ssl .
-If no callback was explicitly set, the
-.Dv NULL
-pointer is returned and the default callback will be used.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3
-.Sh HISTORY
-.Fn SSL_CTX_get_verify_mode ,
-.Fn SSL_get_verify_mode ,
-.Fn SSL_get_verify_callback ,
-and
-.Fn SSL_CTX_get_verify_callback
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_get_verify_depth
-and
-.Fn SSL_get_verify_depth
-first appeared in OpenSSL 0.9.3 and have been available since
-.Ox 2.6 .
diff --git a/src/lib/libssl/man/SSL_CTX_load_verify_locations.3 b/src/lib/libssl/man/SSL_CTX_load_verify_locations.3
deleted file mode 100644
index 373df2402e..0000000000
--- a/src/lib/libssl/man/SSL_CTX_load_verify_locations.3
+++ /dev/null
@@ -1,238 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_load_verify_locations.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2015, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_LOAD_VERIFY_LOCATIONS 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_load_verify_locations ,
-.Nm SSL_CTX_set_default_verify_paths
-.Nd set default locations for trusted CA certificates
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_load_verify_locations
-.Fa "SSL_CTX *ctx" "const char *CAfile" "const char *CApath"
-.Fc
-.Ft int
-.Fo SSL_CTX_set_default_verify_paths
-.Fa "SSL_CTX *ctx"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_load_verify_locations
-specifies the locations for
-.Fa ctx ,
-at which CA certificates for verification purposes are located.
-The certificates available via
-.Fa CAfile
-and
-.Fa CApath
-are trusted.
-.Pp
-.Fn SSL_CTX_set_default_verify_paths
-specifies that the default locations from which CA certificates are
-loaded should be used.
-There is one default directory and one default file.
-The default CA certificates directory is called
-.Pa certs
-in the default OpenSSL directory.
-The default CA certificates file is called
-.Pa cert.pem
-in the default OpenSSL directory.
-.Pp
-If
-.Fa CAfile
-is not
-.Dv NULL ,
-it points to a file of CA certificates in PEM format.
-The file can contain several CA certificates identified by sequences of:
-.Bd -literal
- -----BEGIN CERTIFICATE-----
- ... (CA certificate in base64 encoding) ...
- -----END CERTIFICATE-----
-.Ed
-.Pp
-Before, between, and after the certificates arbitrary text is allowed which can
-be used, e.g., for descriptions of the certificates.
-.Pp
-The
-.Fa CAfile
-is processed on execution of the
-.Fn SSL_CTX_load_verify_locations
-function.
-.Pp
-If
-.Fa CApath
-is not NULL, it points to a directory containing CA certificates in PEM format.
-The files each contain one CA certificate.
-The files are looked up by the CA subject name hash value,
-which must hence be available.
-If more than one CA certificate with the same name hash value exist,
-the extension must be different (e.g.,
-.Pa 9d66eef0.0 ,
-.Pa 9d66eef0.1 ,
-etc.).
-The search is performed in the ordering of the extension number,
-regardless of other properties of the certificates.
-.Pp
-The certificates in
-.Fa CApath
-are only looked up when required, e.g., when building the certificate chain or
-when actually performing the verification of a peer certificate.
-.Pp
-When looking up CA certificates, the OpenSSL library will first search the
-certificates in
-.Fa CAfile ,
-then those in
-.Fa CApath .
-Certificate matching is done based on the subject name, the key identifier (if
-present), and the serial number as taken from the certificate to be verified.
-If these data do not match, the next certificate will be tried.
-If a first certificate matching the parameters is found,
-the verification process will be performed;
-no other certificates for the same parameters will be searched in case of
-failure.
-.Pp
-In server mode, when requesting a client certificate, the server must send
-the list of CAs of which it will accept client certificates.
-This list is not influenced by the contents of
-.Fa CAfile
-or
-.Fa CApath
-and must explicitly be set using the
-.Xr SSL_CTX_set_client_CA_list 3
-family of functions.
-.Pp
-When building its own certificate chain, an OpenSSL client/server will try to
-fill in missing certificates from
-.Fa CAfile Ns / Fa CApath ,
-if the
-certificate chain was not explicitly specified (see
-.Xr SSL_CTX_add_extra_chain_cert 3
-and
-.Xr SSL_CTX_use_certificate 3 ) .
-.Sh RETURN VALUES
-For
-.Fn SSL_CTX_load_verify_locations ,
-the following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The operation failed because
-.Fa CAfile
-and
-.Fa CApath
-are
-.Dv NULL
-or the processing at one of the locations specified failed.
-Check the error stack to find out the reason.
-.It 1
-The operation succeeded.
-.El
-.Pp
-.Fn SSL_CTX_set_default_verify_paths
-returns 1 on success or 0 on failure.
-A missing default location is still treated as a success.
-.Sh EXAMPLES
-Generate a CA certificate file with descriptive text from the CA certificates
-.Pa ca1.pem
-.Pa ca2.pem
-.Pa ca3.pem :
-.Bd -literal
-#!/bin/sh
-rm CAfile.pem
-for i in ca1.pem ca2.pem ca3.pem; do
-        openssl x509 -in $i -text >> CAfile.pem
-done
-.Ed
-.Pp
-Prepare the directory /some/where/certs containing several CA certificates
-for use as
-.Fa CApath :
-.Bd -literal
-$ cd /some/where/certs
-$ rm -f *.[0-9]* *.r[0-9]*
-$ for c in *.pem; do
->    [ "$c" = "*.pem" ] && continue
->    hash=$(openssl x509 -noout -hash -in "$c")
->    if egrep -q -- '-BEGIN( X509 | TRUSTED | )CERTIFICATE-' "$c"; then
->      suf=0
->      while [ -e $hash.$suf ]; do suf=$(( $suf + 1 )); done
->      ln -s "$c" $hash.$suf
->    fi
->    if egrep -q -- '-BEGIN X509 CRL-' "$c"; then
->      suf=0
->      while [ -e $hash.r$suf ]; do suf=$(( $suf + 1 )); done
->      ln -s "$c" $hash.r$suf
->    fi
-> done
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_set_cert_store 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
-.Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_get_client_CA_list 3
-.Sh HISTORY
-.Fn SSL_CTX_load_verify_locations
-and
-.Fn SSL_CTX_set_default_verify_paths
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Sh CAVEATS
-If several CA certificates matching the name, key identifier, and serial
-number condition are available, only the first one will be examined.
-This may lead to unexpected results if the same CA certificate is available
-with different expiration dates.
-If a
-.Dq certificate expired
-verification error occurs, no other certificate will be searched.
-Make sure to not have expired certificates mixed with valid ones.
diff --git a/src/lib/libssl/man/SSL_CTX_new.3 b/src/lib/libssl/man/SSL_CTX_new.3
deleted file mode 100644
index 4b50a03de4..0000000000
--- a/src/lib/libssl/man/SSL_CTX_new.3
+++ /dev/null
@@ -1,345 +0,0 @@
-.\" $OpenBSD: SSL_CTX_new.3,v 1.17 2022/07/13 22:05:53 schwarze Exp $
-.\" full merge up to: OpenSSL 21cd6e00 Oct 21 14:40:15 2015 +0100
-.\" selective merge up to: OpenSSL 8f75443f May 24 14:04:26 2019 +0200
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2005, 2012, 2013, 2015, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: July 13 2022 $
-.Dt SSL_CTX_NEW 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_new ,
-.Nm SSL_CTX_up_ref ,
-.Nm TLS_method ,
-.Nm TLS_server_method ,
-.Nm TLS_client_method ,
-.Nm SSLv23_method ,
-.Nm SSLv23_server_method ,
-.Nm SSLv23_client_method ,
-.Nm TLSv1_method ,
-.Nm TLSv1_server_method ,
-.Nm TLSv1_client_method ,
-.Nm TLSv1_1_method ,
-.Nm TLSv1_1_server_method ,
-.Nm TLSv1_1_client_method ,
-.Nm TLSv1_2_method ,
-.Nm TLSv1_2_server_method ,
-.Nm TLSv1_2_client_method ,
-.Nm DTLS_method ,
-.Nm DTLS_server_method ,
-.Nm DTLS_client_method ,
-.Nm DTLSv1_method ,
-.Nm DTLSv1_server_method ,
-.Nm DTLSv1_client_method ,
-.Nm DTLSv1_2_method ,
-.Nm DTLSv1_2_server_method ,
-.Nm DTLSv1_2_client_method
-.Nd create a new SSL_CTX object as a framework for TLS enabled functions
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_CTX *
-.Fn SSL_CTX_new "const SSL_METHOD *method"
-.Ft int
-.Fn SSL_CTX_up_ref "SSL_CTX *ctx"
-.Ft const SSL_METHOD *
-.Fn TLS_method void
-.Ft const SSL_METHOD *
-.Fn TLS_server_method void
-.Ft const SSL_METHOD *
-.Fn TLS_client_method void
-.Ft const SSL_METHOD *
-.Fn SSLv23_method void
-.Ft const SSL_METHOD *
-.Fn SSLv23_server_method void
-.Ft const SSL_METHOD *
-.Fn SSLv23_client_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_server_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_client_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_1_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_1_server_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_1_client_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_2_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_2_server_method void
-.Ft const SSL_METHOD *
-.Fn TLSv1_2_client_method void
-.Ft const SSL_METHOD *
-.Fn DTLS_method void
-.Ft const SSL_METHOD *
-.Fn DTLS_server_method void
-.Ft const SSL_METHOD *
-.Fn DTLS_client_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_server_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_client_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_2_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_2_server_method void
-.Ft const SSL_METHOD *
-.Fn DTLSv1_2_client_method void
-.Sh DESCRIPTION
-.Fn SSL_CTX_new
-creates a new
-.Vt SSL_CTX
-object as a framework to establish TLS or DTLS enabled connections.
-It initializes the list of ciphers, the session cache setting, the
-callbacks, the keys and certificates, the options, and the security
-level to its default values.
-.Pp
-An
-.Vt SSL_CTX
-object is reference counted.
-Creating a new
-.Vt SSL_CTX
-object sets its reference count to 1.
-Calling
-.Fn SSL_CTX_up_ref
-on it increments the reference count by 1.
-Calling
-.Xr SSL_CTX_free 3
-on it decrements the reference count by 1.
-When the reference count drops to zero,
-any memory or resources allocated to the
-.Vt SSL_CTX
-object are freed.
-.Pp
-The
-.Vt SSL_CTX
-object uses
-.Fa method
-as its connection method, which can be:
-.Bl -tag -width Ds
-.It Fn TLS_method
-The general-purpose version-flexible TLS method.
-The protocol version used will be negotiated to the highest
-version mutually supported by the client and the server.
-The supported protocols are TLSv1, TLSv1.1, TLSv1.2, and TLSv1.3.
-.It Fn DTLS_method
-The version-flexible DTLS method.
-The currently supported protocols are DTLSv1 and DTLSv1.2.
-.El
-.Pp
-The following
-.Fa method
-arguments are deprecated:
-.Bl -tag -width Ds
-.It Xo
-.Fn TLS_server_method ,
-.Fn TLS_client_method ,
-.Fn SSLv23_method ,
-.Fn SSLv23_server_method ,
-.Fn SSLv23_client_method
-.Xc
-Deprecated aliases for
-.Fn TLS_method .
-.It Xo
-.Fn DTLS_server_method ,
-.Fn DTLS_client_method
-.Xc
-Deprecated aliases for
-.Fn DTLS_method .
-.It Xo
-.Fn TLSv1_method ,
-.Fn TLSv1_server_method ,
-.Fn TLSv1_client_method
-.Xc
-A connection established with these methods will only
-understand the TLSv1 protocol.
-.It Xo
-.Fn TLSv1_1_method ,
-.Fn TLSv1_1_server_method ,
-.Fn TLSv1_1_client_method
-.Xc
-A connection established with these methods will only
-understand the TLSv1.1 protocol.
-.It Xo
-.Fn TLSv1_2_method ,
-.Fn TLSv1_2_server_method ,
-.Fn TLSv1_2_client_method
-.Xc
-A connection established with these methods will only
-understand the TLSv1.2 protocol.
-.It Xo
-.Fn DTLSv1_method ,
-.Fn DTLSv1_server_method ,
-.Fn DTLSv1_client_method
-.Xc
-These are the version-specific methods for DTLSv1.
-.It Xo
-.Fn DTLSv1_2_method ,
-.Fn DTLSv1_2_server_method ,
-.Fn DTLSv1_2_client_method
-These are the version-specific methods for DTLSv1.2.
-.Xc
-.El
-.Pp
-In LibreSSL, the methods containing the substrings
-.Dq _server
-or
-.Dq _client
-in their names return the same objects
-as the methods without these substrings.
-.Pp
-The list of protocols available can also be limited using the
-.Dv SSL_OP_NO_TLSv1 ,
-.Dv SSL_OP_NO_TLSv1_1 ,
-and
-.Dv SSL_OP_NO_TLSv1_2
-options of the
-.Xr SSL_CTX_set_options 3
-or
-.Xr SSL_set_options 3
-functions, but this approach is not recommended.
-Clients should avoid creating "holes" in the set of protocols they support.
-When disabling a protocol, make sure that you also disable either
-all previous or all subsequent protocol versions.
-In clients, when a protocol version is disabled without disabling
-all previous protocol versions, the effect is to also disable all
-subsequent protocol versions.
-.Pp
-DTLSv1 and DTLSv1.2 can be disabled with
-.Xr SSL_CTX_set_options 3
-or
-.Xr SSL_set_options 3
-using the
-.Dv SSL_OP_NO_DTLSv1
-and
-.Dv SSL_OP_NO_DTLSv1_2
-options, respectively.
-.Sh RETURN VALUES
-.Fn SSL_CTX_new
-returns a pointer to the newly allocated object or
-.Dv NULL
-on failure.
-Check the error stack to find out the reason for failure.
-.Pp
-.Fn SSL_CTX_up_ref
-returns 1 for success or 0 for failure.
-.Pp
-.Fn TLS_method
-and the other
-.Fn *_method
-functions return pointers to constant static objects.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_CTX_free 3 ,
-.Xr SSL_CTX_set_min_proto_version 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_security_level 3 ,
-.Xr SSL_set_connect_state 3
-.Sh HISTORY
-.Fn SSL_CTX_new
-first appeared in SSLeay 0.5.1.
-.Fn SSLv23_method ,
-.Fn SSLv23_server_method ,
-and
-.Fn SSLv23_client_method
-first appeared in SSLeay 0.8.0.
-.Fn TLSv1_method ,
-.Fn TLSv1_server_method ,
-and
-.Fn TLSv1_client_method
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn DTLSv1_method ,
-.Fn DTLSv1_server_method ,
-and
-.Fn DTLSv1_client_method
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
-.Fn TLSv1_1_method ,
-.Fn TLSv1_1_server_method ,
-.Fn TLSv1_1_client_method ,
-.Fn TLSv1_2_method ,
-.Fn TLSv1_2_server_method ,
-and
-.Fn TLSv1_2_client_method
-first appeared in OpenSSL 1.0.1 and have been available since
-.Ox 5.3 .
-.Pp
-.Fn DTLS_method ,
-.Fn DTLS_server_method ,
-and
-.Fn DTLS_client_method
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 6.5 .
-.Pp
-.Fn TLS_method ,
-.Fn TLS_server_method ,
-and
-.Fn TLS_client_method
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 5.8 .
-.Pp
-.Fn SSL_CTX_up_ref
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
-.Pp
-.Fn DTLSv1_2_method ,
-.Fn DTLSv1_2_server_method ,
-and
-.Fn DTLSv1_2_client_method
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 6.9 .
diff --git a/src/lib/libssl/man/SSL_CTX_sess_number.3 b/src/lib/libssl/man/SSL_CTX_sess_number.3
deleted file mode 100644
index 76d436cd17..0000000000
--- a/src/lib/libssl/man/SSL_CTX_sess_number.3
+++ /dev/null
@@ -1,168 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_sess_number.3,v 1.9 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL SSL_CTX_sess_number.pod 7bd27895 Mar 29 11:45:29 2017 +1000
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_CTX_SESS_NUMBER 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_sess_number ,
-.Nm SSL_CTX_sess_connect ,
-.Nm SSL_CTX_sess_connect_good ,
-.Nm SSL_CTX_sess_connect_renegotiate ,
-.Nm SSL_CTX_sess_accept ,
-.Nm SSL_CTX_sess_accept_good ,
-.Nm SSL_CTX_sess_accept_renegotiate ,
-.Nm SSL_CTX_sess_hits ,
-.Nm SSL_CTX_sess_cb_hits ,
-.Nm SSL_CTX_sess_misses ,
-.Nm SSL_CTX_sess_timeouts ,
-.Nm SSL_CTX_sess_cache_full
-.Nd obtain session cache statistics
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_sess_number "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_connect "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_connect_good "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_connect_renegotiate "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_accept "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_accept_good "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_accept_renegotiate "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_hits "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_cb_hits "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_misses "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_timeouts "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_CTX_sess_cache_full "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_sess_number
-returns the current number of sessions in the internal session cache.
-.Pp
-.Fn SSL_CTX_sess_connect
-returns the number of started SSL/TLS handshakes in client mode.
-.Pp
-.Fn SSL_CTX_sess_connect_good
-returns the number of successfully established SSL/TLS sessions in client mode.
-.Pp
-.Fn SSL_CTX_sess_connect_renegotiate
-returns the number of started renegotiations in client mode.
-.Pp
-.Fn SSL_CTX_sess_accept
-returns the number of started SSL/TLS handshakes in server mode.
-.Pp
-.Fn SSL_CTX_sess_accept_good
-returns the number of successfully established SSL/TLS sessions in server mode.
-.Pp
-.Fn SSL_CTX_sess_accept_renegotiate
-returns the number of started renegotiations in server mode.
-.Pp
-.Fn SSL_CTX_sess_hits
-returns the number of successfully reused sessions.
-In client mode a session set with
-.Xr SSL_set_session 3
-successfully reused is counted as a hit.
-In server mode a session successfully retrieved from internal or external cache
-is counted as a hit.
-.Pp
-.Fn SSL_CTX_sess_cb_hits
-returns the number of successfully retrieved sessions from the external session
-cache in server mode.
-.Pp
-.Fn SSL_CTX_sess_misses
-returns the number of sessions proposed by clients that were not found in the
-internal session cache in server mode.
-.Pp
-.Fn SSL_CTX_sess_timeouts
-returns the number of sessions proposed by clients and either found in the
-internal or external session cache in server mode,
-but that were invalid due to timeout.
-These sessions are not included in the
-.Fn SSL_CTX_sess_hits
-count.
-.Pp
-.Fn SSL_CTX_sess_cache_full
-returns the number of sessions that were removed because the maximum session
-cache size was exceeded.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_sess_set_cache_size 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_set_session 3
-.Sh HISTORY
-.Fn SSL_CTX_sess_number ,
-.Fn SSL_CTX_sess_connect ,
-.Fn SSL_CTX_sess_connect_good ,
-.Fn SSL_CTX_sess_accept ,
-.Fn SSL_CTX_sess_accept_good ,
-.Fn SSL_CTX_sess_hits ,
-.Fn SSL_CTX_sess_misses ,
-and
-.Fn SSL_CTX_sess_timeouts
-first appeared in SSLeay 0.5.2.
-.Fn SSL_CTX_sess_cb_hits
-first appeared in SSLeay 0.6.0.
-.Fn SSL_CTX_sess_connect_renegotiate ,
-.Fn SSL_CTX_sess_accept_renegotiate ,
-and
-.Fn SSL_CTX_sess_cache_full
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3 b/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
deleted file mode 100644
index 6d5fede0b6..0000000000
--- a/src/lib/libssl/man/SSL_CTX_sess_set_cache_size.3
+++ /dev/null
@@ -1,109 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_sess_set_cache_size.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2002, 2014 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_CTX_SESS_SET_CACHE_SIZE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_sess_set_cache_size ,
-.Nm SSL_CTX_sess_get_cache_size
-.Nd manipulate session cache size
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_sess_set_cache_size "SSL_CTX *ctx" "long t"
-.Ft long
-.Fn SSL_CTX_sess_get_cache_size "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_sess_set_cache_size
-sets the size of the internal session cache of context
-.Fa ctx
-to
-.Fa t .
-.Pp
-.Fn SSL_CTX_sess_get_cache_size
-returns the currently valid session cache size.
-.Pp
-The internal session cache size is
-.Dv SSL_SESSION_CACHE_MAX_SIZE_DEFAULT ,
-currently 1024\(mu20, so that up to 20000 sessions can be held.
-This size can be modified using the
-.Fn SSL_CTX_sess_set_cache_size
-call.
-A special case is the size 0, which is used for unlimited size.
-.Pp
-If adding the session makes the cache exceed its size, then unused
-sessions are dropped from the end of the cache.
-Cache space may also be reclaimed by calling
-.Xr SSL_CTX_flush_sessions 3
-to remove expired sessions.
-.Pp
-If the size of the session cache is reduced and more sessions are already in
-the session cache,
-old session will be removed the next time a session shall be added.
-This removal is not synchronized with the expiration of sessions.
-.Sh RETURN VALUES
-.Fn SSL_CTX_sess_set_cache_size
-returns the previously valid size.
-.Pp
-.Fn SSL_CTX_sess_get_cache_size
-returns the currently valid size.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_sess_number 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3
-.Sh HISTORY
-.Fn SSL_CTX_sess_set_cache_size
-and
-.Fn SSL_CTX_sess_get_cache_size
-first appeared in SSLeay 0.9.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3 b/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
deleted file mode 100644
index e99f2be671..0000000000
--- a/src/lib/libssl/man/SSL_CTX_sess_set_get_cb.3
+++ /dev/null
@@ -1,221 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_sess_set_get_cb.3,v 1.7 2022/03/29 18:15:52 naddy Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2002, 2003, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 29 2022 $
-.Dt SSL_CTX_SESS_SET_GET_CB 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_sess_set_new_cb ,
-.Nm SSL_CTX_sess_set_remove_cb ,
-.Nm SSL_CTX_sess_set_get_cb ,
-.Nm SSL_CTX_sess_get_new_cb ,
-.Nm SSL_CTX_sess_get_remove_cb ,
-.Nm SSL_CTX_sess_get_get_cb
-.Nd provide callback functions for server side external session caching
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_sess_set_new_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*new_session_cb)(SSL *, SSL_SESSION *)"
-.Fc
-.Ft void
-.Fo SSL_CTX_sess_set_remove_cb
-.Fa "SSL_CTX *ctx"
-.Fa "void (*remove_session_cb)(SSL_CTX *ctx, SSL_SESSION *)"
-.Fc
-.Ft void
-.Fo SSL_CTX_sess_set_get_cb
-.Fa "SSL_CTX *ctx"
-.Fa "SSL_SESSION (*get_session_cb)(SSL *, const unsigned char *, int, int *)"
-.Fc
-.Ft int
-.Fo "(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))"
-.Fa "SSL *ssl"
-.Fa "SSL_SESSION *sess"
-.Fc
-.Ft void
-.Fo "(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))"
-.Fa "SSL_CTX *ctx"
-.Fa "SSL_SESSION *sess"
-.Fc
-.Ft SSL_SESSION *
-.Fo "(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))"
-.Fa "SSL *ssl"
-.Fa "const unsigned char *data"
-.Fa "int len"
-.Fa "int *copy"
-.Fc
-.Ft int
-.Fo "(*new_session_cb)"
-.Fa "SSL *ssl"
-.Fa "SSL_SESSION *sess"
-.Fc
-.Ft void
-.Fo "(*remove_session_cb)"
-.Fa "SSL_CTX *ctx"
-.Fa "SSL_SESSION *sess"
-.Fc
-.Ft SSL_SESSION *
-.Fo "(*get_session_cb)"
-.Fa "SSL *ssl"
-.Fa "unsigned char *data"
-.Fa "int len"
-.Fa "int *copy"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_sess_set_new_cb
-sets the callback function which is automatically called whenever a new session
-was negotiated.
-.Pp
-.Fn SSL_CTX_sess_set_remove_cb
-sets the callback function which is automatically called whenever a session is
-removed by the SSL engine (because it is considered faulty or the session has
-become obsolete because of exceeding the timeout value).
-.Pp
-.Fn SSL_CTX_sess_set_get_cb
-sets the callback function which is called whenever a SSL/TLS client proposes
-to resume a session but the session cannot be found in the internal session
-cache (see
-.Xr SSL_CTX_set_session_cache_mode 3 ) .
-(SSL/TLS server only.)
-.Pp
-.Fn SSL_CTX_sess_get_new_cb ,
-.Fn SSL_CTX_sess_get_remove_cb ,
-and
-.Fn SSL_CTX_sess_get_get_cb
-retrieve the function pointers of the provided callback functions.
-If a callback function has not been set, the
-.Dv NULL
-pointer is returned.
-.Pp
-In order to allow external session caching, synchronization with the internal
-session cache is realized via callback functions.
-Inside these callback functions, session can be saved to disk or put into a
-database using the
-.Xr d2i_SSL_SESSION 3
-interface.
-.Pp
-The
-.Fn new_session_cb
-function is called whenever a new session has been negotiated and session
-caching is enabled (see
-.Xr SSL_CTX_set_session_cache_mode 3 ) .
-The
-.Fn new_session_cb
-function is passed the
-.Fa ssl
-connection and the ssl session
-.Fa sess .
-If the callback returns 0, the session will be immediately removed again.
-.Pp
-The
-.Fn remove_session_cb
-function is called whenever the SSL engine removes a session from the
-internal cache.
-This happens when the session is removed because it is expired or when a
-connection was not shut down cleanly.
-It also happens for all sessions in the internal session cache when
-.Xr SSL_CTX_free 3
-is called.
-The
-.Fn remove_session_cb
-function is passed the
-.Fa ctx
-and the
-.Vt ssl
-session
-.Fa sess .
-It does not provide any feedback.
-.Pp
-The
-.Fn get_session_cb
-function is only called on SSL/TLS servers with the session id proposed by the
-client.
-The
-.Fn get_session_cb
-function is always called, also when session caching was disabled.
-The
-.Fn get_session_cb
-function is passed the
-.Fa ssl
-connection, the session id of length
-.Fa length
-at the memory location
-.Fa data .
-With the parameter
-.Fa copy
-the callback can require the SSL engine to increment the reference count of the
-.Vt SSL_SESSION
-object,
-Normally the reference count is not incremented and therefore the session must
-not be explicitly freed with
-.Xr SSL_SESSION_free 3 .
-.Sh SEE ALSO
-.Xr d2i_SSL_SESSION 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_free 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_SESSION_free 3
-.Sh HISTORY
-.Fn SSL_CTX_sess_set_new_cb ,
-.Fn SSL_CTX_sess_set_get_cb ,
-.Fn SSL_CTX_sess_get_new_cb ,
-and
-.Fn SSL_CTX_sess_get_get_cb
-first appeared in SSLeay 0.6.0.
-.Fn SSL_CTX_sess_set_remove_cb
-and
-.Fn SSL_CTX_sess_get_remove_cb
-first appeared in SSLeay 0.8.0.
-These functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_sessions.3 b/src/lib/libssl/man/SSL_CTX_sessions.3
deleted file mode 100644
index 964d1a7346..0000000000
--- a/src/lib/libssl/man/SSL_CTX_sessions.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_sessions.3,v 1.5 2018/04/25 14:19:39 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 25 2018 $
-.Dt SSL_CTX_SESSIONS 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_sessions
-.Nd access internal session cache
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft LHASH_OF(SSL_SESSION) *
-.Fn SSL_CTX_sessions "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_sessions
-returns a pointer to the lhash databases containing the internal session cache
-for
-.Fa ctx .
-.Pp
-The sessions in the internal session cache are kept in an
-lhash-type database
-(see
-.Xr lh_new 3 ) .
-It is possible to directly access this database, e.g., for searching.
-In parallel,
-the sessions form a linked list which is maintained separately from the
-lhash operations,
-so that the database must not be modified directly but by using the
-.Xr SSL_CTX_add_session 3
-family of functions.
-.Sh SEE ALSO
-.Xr lh_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_session 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3
-.Sh HISTORY
-.Fn SSL_CTX_sessions
-first appeared in SSLeay 0.5.2 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_set1_groups.3 b/src/lib/libssl/man/SSL_CTX_set1_groups.3
deleted file mode 100644
index 0d1eb36ea7..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set1_groups.3
+++ /dev/null
@@ -1,163 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set1_groups.3,v 1.2 2017/08/19 19:36:39 schwarze Exp $
-.\"     OpenSSL SSL_CTX_set1_curves.pod de4d764e Nov 9 14:51:06 2016 +0000
-.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2013, 2014, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: August 19 2017 $
-.Dt SSL_CTX_SET1_GROUPS 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set1_groups ,
-.Nm SSL_CTX_set1_groups_list ,
-.Nm SSL_set1_groups ,
-.Nm SSL_set1_groups_list ,
-.Nm SSL_CTX_set1_curves ,
-.Nm SSL_CTX_set1_curves_list ,
-.Nm SSL_set1_curves ,
-.Nm SSL_set1_curves_list
-.Nd choose supported EC groups
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set1_groups
-.Fa "SSL_CTX *ctx"
-.Fa "const int *glist"
-.Fa "size_t glistlen"
-.Fc
-.Ft int
-.Fo SSL_CTX_set1_groups_list
-.Fa "SSL_CTX *ctx"
-.Fa "const char *list"
-.Fc
-.Ft int
-.Fo SSL_set1_groups
-.Fa "SSL *ssl"
-.Fa "const int *glist"
-.Fa "size_t glistlen"
-.Fc
-.Ft int
-.Fo SSL_set1_groups_list
-.Fa "SSL *ssl"
-.Fa "const char *list"
-.Fc
-.Ft int
-.Fo SSL_CTX_set1_curves
-.Fa "SSL_CTX *ctx"
-.Fa "const int *clist"
-.Fa "size_t clistlen"
-.Fc
-.Ft int
-.Fo SSL_CTX_set1_curves_list
-.Fa "SSL_CTX *ctx"
-.Fa "const char *list"
-.Fc
-.Ft int
-.Fo SSL_set1_curves
-.Fa "SSL *ssl"
-.Fa "const int *clist"
-.Fa "size_t clistlen"
-.Fc
-.Ft int
-.Fo SSL_set1_curves_list
-.Fa "SSL *ssl"
-.Fa "const char *list"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set1_groups
-sets the supported groups for
-.Fa ctx
-to the
-.Fa glistlen
-groups in the array
-.Fa glist .
-The array consists of group NIDs in preference order.
-For a TLS client, the groups are used directly in the supported groups
-extension.
-For a TLS server, the groups are used to determine the set of shared
-groups.
-.Pp
-.Fn SSL_CTX_set1_groups_list
-sets the supported groups for
-.Fa ctx
-to the
-.Fa list
-represented as a colon separated list of group NIDs or names, for example
-"P-521:P-384:P-256".
-.Pp
-.Fn SSL_set1_groups
-and
-.Fn SSL_set1_groups_list
-are similar except that they set supported groups for the SSL structure
-.Fa ssl
-only.
-.Pp
-The curve functions are deprecated synonyms for the equivalently
-named group functions and are identical in every respect except
-that they are implemented as macros.
-They exist because prior to TLS1.3, there was only the concept of
-supported curves.
-In TLS1.3, this was renamed to supported groups and extended to include
-Diffie Hellman groups.
-.Pp
-If an application wishes to make use of several of these functions for
-configuration purposes either on a command line or in a file, it should
-consider using the SSL_CONF interface instead of manually parsing
-options.
-.Sh RETURN VALUES
-All these functions return 1 for success or 0 for failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_new 3
-.Sh HISTORY
-The curve functions first appeared in OpenSSL 1.0.2
-and the group functions in OpenSSL 1.1.1.
-Both have been available since
-.Ox 6.1 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3 b/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
deleted file mode 100644
index 2317c57af4..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_alpn_select_cb.3
+++ /dev/null
@@ -1,305 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_alpn_select_cb.3,v 1.11 2025/02/04 14:00:05 tb Exp $
-.\"     OpenSSL 87b81496 Apr 19 12:38:27 2017 -0400
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Todd Short <tshort@akamai.com>.
-.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: February 4 2025 $
-.Dt SSL_CTX_SET_ALPN_SELECT_CB 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_alpn_protos ,
-.Nm SSL_set_alpn_protos ,
-.Nm SSL_CTX_set_alpn_select_cb ,
-.Nm SSL_select_next_proto ,
-.Nm SSL_get0_alpn_selected
-.Nd handle application layer protocol negotiation (ALPN)
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set_alpn_protos
-.Fa "SSL_CTX *ctx"
-.Fa "const unsigned char *protos"
-.Fa "unsigned int protos_len"
-.Fc
-.Ft int
-.Fo SSL_set_alpn_protos
-.Fa "SSL *ssl"
-.Fa "const unsigned char *protos"
-.Fa "unsigned int protos_len"
-.Fc
-.Ft void
-.Fo SSL_CTX_set_alpn_select_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*cb)(SSL *ssl, const unsigned char **out,\
- unsigned char *outlen, const unsigned char *in,\
- unsigned int inlen, void *arg)"
-.Fa "void *arg"
-.Fc
-.Ft int
-.Fo SSL_select_next_proto
-.Fa "unsigned char **out"
-.Fa "unsigned char *outlen"
-.Fa "const unsigned char *peer_list"
-.Fa "unsigned int peer_list_len"
-.Fa "const unsigned char *supported_list"
-.Fa "unsigned int supported_list_len"
-.Fc
-.Ft void
-.Fo SSL_get0_alpn_selected
-.Fa "const SSL *ssl"
-.Fa "const unsigned char **data"
-.Fa "unsigned int *len"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_alpn_protos
-and
-.Fn SSL_set_alpn_protos
-are used by the client to set the list of protocols available to be
-negotiated.
-The
-.Fa protos
-must be in protocol-list format, described below.
-The length of
-.Fa protos
-is specified in
-.Fa protos_len .
-.Pp
-.Fn SSL_CTX_set_alpn_select_cb
-sets the application callback
-.Fa cb
-used by a server to select which protocol to use for the incoming
-connection.
-When
-.Fa cb
-is
-.Dv NULL ,
-ALPN is not used.
-The
-.Fa arg
-value is a pointer which is passed to the application callback.
-.Pp
-.Fa cb
-is the application defined callback.
-The
-.Fa in ,
-.Fa inlen
-parameters are a vector in protocol-list format.
-The value of the
-.Fa out ,
-.Fa outlen
-vector should be set to the value of a single protocol selected from the
-.Fa in ,
-.Fa inlen
-vector.
-The
-.Fa out
-buffer may point directly into
-.Fa in ,
-or to a buffer that outlives the handshake.
-The
-.Fa arg
-parameter is the pointer set via
-.Fn SSL_CTX_set_alpn_select_cb .
-.Pp
-.Fn SSL_select_next_proto
-is a helper function used to select protocols.
-It is expected that this function is called from the application
-callback
-.Fa cb .
-If
-.Fn SSL_select_next_proto
-returns
-.Dv OPENSSL_NPN_NO_OVERLAP ,
-.Fa cb
-should ignore
-.Fa out
-and fail by returning
-.Dv SSL_TLSEXT_ERR_ALERT_FATAL .
-The protocol data in
-.Fa peer_list ,
-.Fa peer_list_len
-and
-.Fa supported_list ,
-.Fa supported_list_len
-must be two non-empty lists, validly encoded
-in the protocol-list format described below.
-The first item in the
-.Fa peer_list
-that matches an item in the
-.Fa supported_list
-is selected, and returned in
-.Fa out ,
-.Fa outlen .
-The
-.Fa out
-value will point into either
-.Fa peer_list
-or
-.Fa supported_list ,
-so it must not be modified and
-should be copied immediately.
-If no match is found, the first item in
-.Fa supported_list
-is returned in
-.Fa out ,
-.Fa outlen .
-.Pp
-.Fn SSL_get0_alpn_selected
-returns a pointer to the selected protocol in
-.Fa data
-with length
-.Fa len .
-It is not NUL-terminated.
-.Fa data
-is set to
-.Dv NULL
-and
-.Fa len
-is set to 0 if no protocol has been selected.
-.Fa data
-must not be freed.
-.Pp
-The protocol-lists must be in wire-format, which is defined as a vector
-of non-empty, 8-bit length-prefixed byte strings.
-The length-prefix byte is not included in the length.
-Each string is limited to 255 bytes.
-A byte-string length of 0 is invalid.
-The length of the vector is not in the vector itself, but in a separate
-variable.
-.Pp
-For example:
-.Bd -literal
-const unsigned char *vector = "\ex06" "spdy/1" "\ex08" "http/1.1";
-unsigned int length = strlen(vector);
-.Ed
-.Pp
-The ALPN callback is executed after the servername callback; as that
-servername callback may update the SSL_CTX, and subsequently, the ALPN
-callback.
-.Pp
-If there is no ALPN proposed in the ClientHello, the ALPN callback is
-not invoked.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_alpn_protos
-and
-.Fn SSL_set_alpn_protos
-return 0 on success or non-zero on failure.
-WARNING: these functions reverse the return value convention.
-.Pp
-.Fn SSL_select_next_proto
-returns one of the following:
-.Bl -tag -width Ds
-.It OPENSSL_NPN_NEGOTIATED
-A match was found and is returned in
-.Fa out ,
-.Fa outlen .
-.It OPENSSL_NPN_NO_OVERLAP
-No match was found.
-The first item in
-.Fa supported_list ,
-.Fa supported_list_len
-is returned in
-.Fa out ,
-.Fa outlen .
-.El
-.Pp
-The ALPN select callback
-.Fa cb
-must return one of the following:
-.Bl -tag -width Ds
-.It SSL_TLSEXT_ERR_OK
-ALPN protocol selected.
-.It SSL_TLSEXT_ERR_ALERT_FATAL
-There was no overlap between the client's supplied list and the
-server configuration.
-.It SSL_TLSEXT_ERR_NOACK
-ALPN protocol not selected, e.g., because no ALPN protocols are
-configured for this connection.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_tlsext_servername_arg 3 ,
-.Xr SSL_CTX_set_tlsext_servername_callback 3
-.Sh STANDARDS
-.Rs
-.%T TLS Application-Layer Protocol Negotiation Extension
-.%R RFC 7301
-.Re
-.Pp
-.Rs
-.%T TLS Next Protocol Negotiation Extension
-.%U https://datatracker.ietf.org/doc/html/draft-agl-tls-nextprotoneg
-.Re
-.Sh HISTORY
-.Fn SSL_select_next_proto
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
-.Pp
-.Fn SSL_CTX_set_alpn_protos ,
-.Fn SSL_set_alpn_protos ,
-.Fn SSL_CTX_set_alpn_select_cb ,
-and
-.Fn SSL_get0_alpn_selected
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 5.7 .
-.Sh CAVEATS
-The fallback to the first supported protocol in
-.Fn SSL_select_next_proto
-comes from the opportunistic fallback mechanism in the NPN extension.
-This behavior does not make sense for ALPN,
-where missing protocol overlap should result in a handshake failure.
-To avoid accidental selection of a protocol that the server does not
-support, it is recommended to pass the locally configured protocols
-as second pair of protocols in the ALPN callback.
-.Sh BUGS
-The
-.Fa out
-argument of
-.Fn SSL_select_next_proto
-should have been const.
diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_store.3 b/src/lib/libssl/man/SSL_CTX_set_cert_store.3
deleted file mode 100644
index 1be1ba2f68..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_cert_store.3
+++ /dev/null
@@ -1,146 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_cert_store.3,v 1.8 2024/08/03 04:53:01 tb Exp $
-.\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2002, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: August 3 2024 $
-.Dt SSL_CTX_SET_CERT_STORE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_cert_store ,
-.Nm SSL_CTX_set1_cert_store ,
-.Nm SSL_CTX_get_cert_store
-.Nd manipulate X509 certificate verification storage
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_CTX_set_cert_store "SSL_CTX *ctx" "X509_STORE *store"
-.Ft void
-.Fn SSL_CTX_set1_cert_store "SSL_CTX *ctx" "X509_STORE *store"
-.Ft X509_STORE *
-.Fn SSL_CTX_get_cert_store "const SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_cert_store
-sets the verification storage of
-.Fa ctx
-to or replaces it with
-.Fa store .
-If another
-.Vt X509_STORE
-object is currently set in
-.Fa ctx ,
-it will be freed.
-.Pp
-.Fn SSL_CTX_set1_cert_store
-sets the verification storage of
-.Fa ctx
-to or replaces it with
-.Fa store .
-The
-.Fa store Ns 's
-reference count is incremented.
-.Pp
-.Fn SSL_CTX_get_cert_store
-returns a pointer to the current certificate verification storage.
-.Pp
-In order to verify the certificates presented by the peer, trusted CA
-certificates must be accessed.
-These CA certificates are made available via lookup methods, handled inside the
-.Vt X509_STORE .
-From the
-.Vt X509_STORE
-the
-.Vt X509_STORE_CTX
-used when verifying certificates is created.
-.Pp
-Typically the trusted certificate store is handled indirectly via using
-.Xr SSL_CTX_load_verify_locations 3 .
-Using the
-.Fn SSL_CTX_set_cert_store
-and
-.Fn SSL_CTX_get_cert_store
-functions it is possible to manipulate the
-.Vt X509_STORE
-object beyond the
-.Xr SSL_CTX_load_verify_locations 3
-call.
-.Pp
-Currently no detailed documentation on how to use the
-.Vt X509_STORE
-object is available.
-Not all members of the
-.Vt X509_STORE
-are used when the verification takes place.
-So will, for example, the
-.Fn verify_callback
-be overridden with the
-.Fn verify_callback
-set via the
-.Xr SSL_CTX_set_verify 3
-family of functions.
-This document must therefore be updated when documentation about the
-.Vt X509_STORE
-object and its handling becomes available.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_cert_store
-returns the current setting.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr X509_STORE_new 3
-.Sh HISTORY
-.Fn SSL_CTX_set_cert_store
-and
-.Fn SSL_CTX_get_cert_store
-first appeared in SSLeay 0.8.1 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_set1_cert_store
-first appeared in OpenSSL 1.1.1 and has been available since
-.Ox 7.6 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3 b/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
deleted file mode 100644
index 0e12b48c78..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_cert_verify_callback.3
+++ /dev/null
@@ -1,163 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_cert_verify_callback.3,v 1.5 2019/06/08 15:25:43 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2002 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 8 2019 $
-.Dt SSL_CTX_SET_CERT_VERIFY_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_cert_verify_callback
-.Nd set peer certificate verification procedure
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_cert_verify_callback
-.Fa "SSL_CTX *ctx"
-.Fa "int (*callback)(X509_STORE_CTX *, void *)"
-.Fa "void *arg"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_cert_verify_callback
-sets the verification callback function for
-.Fa ctx .
-.Vt SSL
-objects that are created from
-.Fa ctx
-inherit the setting valid at the time when
-.Xr SSL_new 3
-is called.
-.Pp
-Whenever a certificate is verified during a SSL/TLS handshake,
-a verification function is called.
-If the application does not explicitly specify a verification callback
-function, the built-in verification function is used.
-If a verification callback
-.Fa callback
-is specified via
-.Fn SSL_CTX_set_cert_verify_callback ,
-the supplied callback function is called instead.
-By setting
-.Fa callback
-to
-.Dv NULL ,
-the default behaviour is restored.
-.Pp
-When the verification must be performed,
-.Fa callback
-will be called with the arguments
-.Fn callback "X509_STORE_CTX *x509_store_ctx" "void *arg" .
-The argument
-.Fa arg
-is specified by the application when setting
-.Fa callback .
-.Pp
-.Fa callback
-should return 1 to indicate verification success and 0 to indicate verification
-failure.
-If
-.Dv SSL_VERIFY_PEER
-is set and
-.Fa callback
-returns 0, the handshake will fail.
-As the verification procedure may allow the connection to continue in case of
-failure (by always returning 1) the verification result must be set in any case
-using the
-.Fa error
-member of
-.Fa x509_store_ctx
-so that the calling application will be informed about the detailed result of
-the verification procedure!
-.Pp
-Within
-.Fa x509_store_ctx ,
-.Fa callback
-has access to the
-.Fa verify_callback
-function set using
-.Xr SSL_CTX_set_verify 3 .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_get_verify_result 3
-.Sh HISTORY
-.Fn SSL_CTX_set_cert_verify_callback
-first appeared in SSLeay 0.6.1 and has been available since
-.Ox 2.4 .
-.Pp
-Previous to OpenSSL 0.9.7, the
-.Fa arg
-argument to
-.Fn SSL_CTX_set_cert_verify_callback
-was ignored, and
-.Fa callback
-was called
-simply as
-.Ft int
-.Fn (*callback) "X509_STORE_CTX *" .
-To compile software written for previous versions of OpenSSL,
-a dummy argument will have to be added to
-.Fa callback .
-.Sh CAVEATS
-Do not mix the verification callback described in this function with the
-.Fa verify_callback
-function called during the verification process.
-The latter is set using the
-.Xr SSL_CTX_set_verify 3
-family of functions.
-.Pp
-Providing a complete verification procedure including certificate purpose
-settings, etc., is a complex task.
-The built-in procedure is quite powerful and in most cases it should be
-sufficient to modify its behaviour using the
-.Fa verify_callback
-function.
-.Sh BUGS
-.Fn SSL_CTX_set_cert_verify_callback
-does not provide diagnostic information.
diff --git a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3 b/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
deleted file mode 100644
index b3f0dc3541..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_cipher_list.3
+++ /dev/null
@@ -1,375 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_cipher_list.3,v 1.18 2025/01/18 12:20:02 tb Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2018, 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 18 2025 $
-.Dt SSL_CTX_SET_CIPHER_LIST 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_cipher_list ,
-.Nm SSL_set_cipher_list
-.Nd choose list of available SSL_CIPHERs
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_set_cipher_list "SSL_CTX *ctx" "const char *control"
-.Ft int
-.Fn SSL_set_cipher_list "SSL *ssl" "const char *control"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_cipher_list
-sets the list of available cipher suites for
-.Fa ctx
-using the
-.Fa control
-string.
-The list of cipher suites is inherited by all
-.Fa ssl
-objects created from
-.Fa ctx .
-.Pp
-.Fn SSL_set_cipher_list
-sets the list of cipher suites only for
-.Fa ssl .
-.Pp
-The control string consists of one or more control words
-separated by colon characters
-.Pq Ql \&: .
-Space
-.Pq Ql \ \& ,
-semicolon
-.Pq Ql \&; ,
-and comma
-.Pq Ql \&,
-characters can also be used as separators.
-Each control words selects a set of cipher suites
-and can take one of the following optional prefix characters:
-.Bl -tag -width Ds
-.It \&No prefix:
-Those of the selected cipher suites that have not been made available
-yet are added to the end of the list of available cipher suites,
-preserving their order.
-.It Prefixed minus sign Pq Ql \- :
-Those of the selected cipher suites that have been made available
-earlier are moved back from the list of available cipher suites to
-the beginning of the list of unavailable cipher suites,
-also preserving their order.
-.It Prefixed plus sign Pq Ql + :
-Those of the selected cipher suites have been made available earlier
-are moved to end of the list of available cipher suites, reducing
-their priority, but preserving the order among themselves.
-.It Prefixed exclamation mark Pq Ql \&! :
-The selected cipher suites are permanently deleted, no matter whether
-they had earlier been made available or not, and can no longer
-be added or re-added by later words.
-.El
-.Pp
-The following special words can only be used without a prefix:
-.Bl -tag -width Ds
-.It Cm DEFAULT
-An alias for
-.Sm off
-.Cm ALL No :! Cm aNULL No :! Cm eNULL .
-.Sm on
-It can only be used as the first word.
-The
-.Cm DEFAULT
-cipher list can be displayed with the
-.Xr openssl 1
-.Cm ciphers
-command.
-.It Cm @SECLEVEL=n
-Set the security level to n, which should be a number between
-zero and five.
-See
-.Xr SSL_CTX_set_security_level 3
-for details.
-.It Cm @STRENGTH
-Sort the list by decreasing encryption strength,
-preserving the order of cipher suites that have the same strength.
-It is usually given as the last word.
-.El
-.Pp
-The following words can be used to select groups of cipher suites,
-with or without a prefix character.
-If two or more of these words are joined with plus signs
-.Pq Ql +
-to form a longer word, only the intersection of the specified sets
-is selected.
-.Bl -tag -width Ds
-.It Cm ADH
-Cipher suites using ephemeral DH for key exchange
-without doing any server authentication.
-Equivalent to
-.Cm DH Ns + Ns Cm aNULL .
-.It Cm AEAD
-Cipher suites using Authenticated Encryption with Additional Data.
-.It Cm AECDH
-Cipher suites using ephemeral ECDH for key exchange
-without doing any server authentication.
-Equivalent to
-.Cm ECDH Ns + Ns Cm aNULL .
-.It Cm aECDSA
-Cipher suites using ECDSA server authentication.
-.It Cm AES
-Cipher suites using AES or AESGCM for symmetric encryption.
-.It Cm AES128
-Cipher suites using AES(128) or AESGCM(128) for symmetric encryption.
-.It Cm AES256
-Cipher suites using AES(256) or AESGCM(256) for symmetric encryption.
-.It Cm AESGCM
-Cipher suites using AESGCM for symmetric encryption.
-.It Cm aGOST
-An alias for
-.Cm aGOST01 .
-.It Cm aGOST01
-Cipher suites using GOST R 34.10-2001 server authentication.
-.It Cm ALL
-All cipher suites except those selected by
-.Cm eNULL .
-.It Cm aNULL
-Cipher suites that don't do any server authentication.
-Not enabled by
-.Cm DEFAULT .
-Beware of man-in-the-middle attacks.
-.It Cm aRSA
-Cipher suites using RSA server authentication.
-.It Cm CAMELLIA
-Cipher suites using Camellia for symmetric encryption.
-.It Cm CAMELLIA128
-Cipher suites using Camellia(128) for symmetric encryption.
-.It Cm CAMELLIA256
-Cipher suites using Camellia(256) for symmetric encryption.
-.It Cm CHACHA20
-Cipher suites using ChaCha20-Poly1305 for symmetric encryption.
-.It Cm COMPLEMENTOFALL
-Cipher suites that are not included in
-.Cm ALL .
-Currently an alias for
-.Cm eNULL .
-.It Cm COMPLEMENTOFDEFAULT
-Cipher suites that are included in
-.Cm ALL ,
-but not included in
-.Cm DEFAULT .
-Currently similar to
-.Cm aNULL Ns :! Ns Cm eNULL
-except for the order of the cipher suites which are
-.Em not
-selected.
-.It Cm 3DES
-Cipher suites using triple DES for symmetric encryption.
-.It Cm DH
-Cipher suites using ephemeral DH for key exchange.
-.It Cm DHE
-Cipher suites using ephemeral DH for key exchange,
-but excluding those that don't do any server authentication.
-Similar to
-.Cm DH Ns :! Ns Cm aNULL
-except for the order of the cipher suites which are
-.Em not
-selected.
-.It Cm ECDH
-Cipher suites using ephemeral ECDH for key exchange.
-.It Cm ECDHE
-Cipher suites using ephemeral ECDH for key exchange,
-but excluding those that don't do any server authentication.
-Similar to
-.Cm ECDH Ns :! Ns Cm aNULL
-except for the order of the cipher suites which are
-.Em not
-selected.
-.It Cm ECDSA
-An alias for
-.Cm aECDSA .
-.It Cm eNULL
-Cipher suites that do not use any encryption.
-Not enabled by
-.Cm DEFAULT ,
-and not even included in
-.Cm ALL .
-.It Cm GOST89MAC
-Cipher suites using GOST 28147-89 for message authentication
-instead of HMAC.
-.It Cm GOST94
-Cipher suites using HMAC based on GOST R 34.11-94
-for message authentication.
-.It Cm HIGH
-Cipher suites of high strength.
-.It Cm kGOST
-Cipher suites using VKO 34.10 key exchange, specified in RFC 4357.
-.It Cm kRSA
-Cipher suites using RSA key exchange.
-.It Cm LOW
-Cipher suites of low strength.
-.It Cm MD5
-Cipher suites using MD5 for message authentication.
-.It Cm MEDIUM
-Cipher suites of medium strength.
-.It Cm NULL
-An alias for
-.Cm eNULL .
-.It Cm RC4
-Cipher suites using RC4 for symmetric encryption.
-.It Cm RSA
-Cipher suites using RSA for both key exchange and server authentication.
-Equivalent to
-.Cm kRSA Ns + Ns Cm aRSA .
-.It Cm SHA
-An alias for
-.Cm SHA1 .
-.It Cm SHA1
-Cipher suites using SHA1 for message authentication.
-.It Cm SHA256
-Cipher suites using SHA256 for message authentication.
-.It Cm SHA384
-Cipher suites using SHA384 for message authentication.
-.It Cm SSLv3
-An alias for
-.Cm TLSv1 .
-.It Cm STREEBOG256
-Cipher suites using STREEBOG256 for message authentication.
-.It Cm TLSv1
-Cipher suites usable with the TLSv1.0, TLSv1.1, and TLSv1.2 protocols.
-.It Cm TLSv1.2
-Cipher suites for the TLSv1.2 protocol.
-.It Cm TLSv1.3
-Cipher suites for the TLSv1.3 protocol.
-If the
-.Fa control
-string selects at least one cipher suite but neither contains the word
-.Cm TLSv1.3
-nor specifically includes nor excludes any TLSv1.3 cipher suites, all the
-.Cm TLSv1.3
-cipher suites are made available, too.
-.El
-.Pp
-The full words returned by the
-.Xr openssl 1
-.Cm ciphers
-command can be used to select individual cipher suites.
-.Pp
-The following are deprecated aliases:
-.Pp
-.Bl -column kEECDH ECDHE -compact -offset indent
-.It    avoid: Ta    use:
-.It Cm EDH    Ta Cm DHE
-.It Cm EECDH  Ta Cm ECDHE
-.It Cm kEDH   Ta Cm DH
-.It Cm kEECDH Ta Cm ECDH
-.El
-.Pp
-Unknown words are silently ignored, selecting no cipher suites.
-Failure is only flagged if the
-.Fa control
-string contains invalid bytes
-or if no matching cipher suites are available at all.
-.Pp
-On the client side, including a cipher suite into the list of
-available cipher suites is sufficient for using it.
-On the server side, all cipher suites have additional requirements.
-ADH ciphers don't need a certificate, but DH-parameters must have been set.
-All other cipher suites need a corresponding certificate and key.
-.Pp
-A RSA cipher can only be chosen when an RSA certificate is available.
-RSA ciphers using DHE need a certificate and key and additional DH-parameters
-(see
-.Xr SSL_CTX_set_tmp_dh_callback 3 ) .
-.Pp
-When these conditions are not met
-for any cipher suite in the list (for example, a
-client only supports export RSA ciphers with an asymmetric key length of 512
-bits and the server is not configured to use temporary RSA keys), the
-.Dq no shared cipher
-.Pq Dv SSL_R_NO_SHARED_CIPHER
-error is generated and the handshake will fail.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_cipher_list
-and
-.Fn SSL_set_cipher_list
-return 1 if any cipher suite could be selected and 0 on complete failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set1_groups 3 ,
-.Xr SSL_CTX_set_tmp_dh_callback 3 ,
-.Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_get_ciphers 3
-.Sh HISTORY
-.Fn SSL_CTX_set_cipher_list
-and
-.Fn SSL_set_cipher_list
-first appeared in SSLeay 0.5.2 and have been available since
-.Ox 2.4 .
-.Sh CAVEATS
-In LibreSSL,
-.Fn SSL_CTX_set_cipher_list
-and
-.Fn SSL_set_cipher_list
-can be used to configure the list of available cipher suites for
-all versions of the TLS protocol, whereas in OpenSSL, they only
-control cipher suites for protocols up to TLSv1.2.
-If compatibility with OpenSSL is required, the list of
-available TLSv1.3 cipher suites can only be changed with
-.Fn SSL_set_ciphersuites .
diff --git a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3 b/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3
deleted file mode 100644
index d19fb93ed0..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_client_CA_list.3
+++ /dev/null
@@ -1,183 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_client_CA_list.3,v 1.6 2020/03/30 10:28:59 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 30 2020 $
-.Dt SSL_CTX_SET_CLIENT_CA_LIST 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_client_CA_list ,
-.Nm SSL_set_client_CA_list ,
-.Nm SSL_CTX_add_client_CA ,
-.Nm  SSL_add_client_CA
-.Nd set list of CAs sent to the client when requesting a client certificate
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_CTX_set_client_CA_list "SSL_CTX *ctx" "STACK_OF(X509_NAME) *list"
-.Ft void
-.Fn SSL_set_client_CA_list "SSL *s" "STACK_OF(X509_NAME) *list"
-.Ft int
-.Fn SSL_CTX_add_client_CA "SSL_CTX *ctx" "X509 *cacert"
-.Ft int
-.Fn SSL_add_client_CA "SSL *ssl" "X509 *cacert"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_client_CA_list
-sets the
-.Fa list
-of CAs sent to the client when requesting a client certificate for
-.Fa ctx .
-.Pp
-.Fn SSL_set_client_CA_list
-sets the
-.Fa list
-of CAs sent to the client when requesting a client certificate for the chosen
-.Fa ssl ,
-overriding the setting valid for
-.Fa ssl Ns 's
-.Vt SSL_CTX
-object.
-.Pp
-.Fn SSL_CTX_add_client_CA
-adds the CA name extracted from
-.Fa cacert
-to the list of CAs sent to the client when requesting a client certificate for
-.Fa ctx .
-.Pp
-.Fn SSL_add_client_CA
-adds the CA name extracted from
-.Fa cacert
-to the list of CAs sent to the client when requesting a client certificate for
-the chosen
-.Fa ssl ,
-overriding the setting valid for
-.Fa ssl Ns 's
-.Va SSL_CTX
-object.
-.Pp
-When a TLS/SSL server requests a client certificate (see
-.Fn SSL_CTX_set_verify ) ,
-it sends a list of CAs for which it will accept certificates to the client.
-.Pp
-This list must explicitly be set using
-.Fn SSL_CTX_set_client_CA_list
-for
-.Fa ctx
-and
-.Fn SSL_set_client_CA_list
-for the specific
-.Fa ssl .
-The list specified overrides the previous setting.
-The CAs listed do not become trusted
-.Po
-.Fa list
-only contains the names, not the complete certificates
-.Pc ;
-use
-.Xr SSL_CTX_load_verify_locations 3
-to additionally load them for verification.
-.Pp
-If the list of acceptable CAs is compiled in a file, the
-.Xr SSL_load_client_CA_file 3
-function can be used to help importing the necessary data.
-.Pp
-.Fn SSL_CTX_add_client_CA
-and
-.Fn SSL_add_client_CA
-can be used to add additional items the list of client CAs.
-If no list was specified before using
-.Fn SSL_CTX_set_client_CA_list
-or
-.Fn SSL_set_client_CA_list ,
-a new client CA list for
-.Fa ctx
-or
-.Fa ssl
-(as appropriate) is opened.
-.Pp
-These functions are only useful for TLS/SSL servers.
-.Sh RETURN VALUES
-.Fn SSL_CTX_add_client_CA
-and
-.Fn SSL_add_client_CA
-have the following return values:
-.Bl -tag -width Ds
-.It 0
-A failure while manipulating the
-.Dv STACK_OF Ns
-.Pq Vt X509_NAME
-object occurred or the
-.Vt X509_NAME
-could not be extracted from
-.Fa cacert .
-Check the error stack to find out the reason.
-.It 1
-The operation succeeded.
-.El
-.Sh EXAMPLES
-Scan all certificates in
-.Fa CAfile
-and list them as acceptable CAs:
-.Bd -literal
-SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(CAfile));
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_get_client_CA_list 3 ,
-.Xr SSL_load_client_CA_file 3 ,
-.Xr X509_NAME_new 3
-.Sh HISTORY
-.Fn SSL_CTX_set_client_CA_list ,
-.Fn SSL_set_client_CA_list ,
-.Fn SSL_CTX_add_client_CA ,
-and
-.Fn SSL_add_client_CA
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3 b/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
deleted file mode 100644
index a2433b5e92..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_client_cert_cb.3
+++ /dev/null
@@ -1,191 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_client_cert_cb.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_SET_CLIENT_CERT_CB 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_client_cert_cb ,
-.Nm SSL_CTX_get_client_cert_cb
-.Nd handle client certificate callback function
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_client_cert_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey)"
-.Fc
-.Ft int
-.Fo "(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))"
-.Fa "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
-.Fc
-.Ft int
-.Fn "(*client_cert_cb)" "SSL *ssl" "X509 **x509" "EVP_PKEY **pkey"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_client_cert_cb
-sets the
-.Fa client_cert_cb()
-callback that is called when a client certificate is requested by a server and
-no certificate was yet set for the SSL object.
-.Pp
-When
-.Fa client_cert_cb
-is
-.Dv NULL ,
-no callback function is used.
-.Pp
-.Fn SSL_CTX_get_client_cert_cb
-returns a pointer to the currently set callback function.
-.Pp
-.Fn client_cert_cb
-is the application-defined callback.
-If it wants to set a certificate,
-a certificate/private key combination must be set using the
-.Fa x509
-and
-.Fa pkey
-arguments and 1 must be returned.
-The certificate will be installed into
-.Fa ssl .
-If no certificate should be set,
-0 has to be returned and no certificate will be sent.
-A negative return value will suspend the handshake and the handshake function
-will return immediately.
-.Xr SSL_get_error 3
-will return
-.Dv SSL_ERROR_WANT_X509_LOOKUP
-to indicate that the handshake was suspended.
-The next call to the handshake function will again lead to the call of
-.Fa client_cert_cb() .
-It is the job of the
-.Fa client_cert_cb()
-to store information
-about the state of the last call, if required to continue.
-.Pp
-During a handshake (or renegotiation)
-a server may request a certificate from the client.
-A client certificate must only be sent when the server did send the request.
-.Pp
-When a certificate has been set using the
-.Xr SSL_CTX_use_certificate 3
-family of functions,
-it will be sent to the server.
-The TLS standard requires that only a certificate is sent if it matches the
-list of acceptable CAs sent by the server.
-This constraint is violated by the default behavior of the OpenSSL library.
-Using the callback function it is possible to implement a proper selection
-routine or to allow a user interaction to choose the certificate to be sent.
-.Pp
-If a callback function is defined and no certificate was yet defined for the
-.Vt SSL
-object, the callback function will be called.
-If the callback function returns a certificate, the OpenSSL library
-will try to load the private key and certificate data into the
-.Vt SSL
-object using the
-.Fn SSL_use_certificate
-and
-.Fn SSL_use_private_key
-functions.
-Thus it will permanently install the certificate and key for this SSL object.
-It will not be reset by calling
-.Xr SSL_clear 3 .
-If the callback returns no certificate, the OpenSSL library will not send a
-certificate.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_get_client_CA_list 3
-.Sh HISTORY
-.Fn SSL_CTX_set_client_cert_cb
-and
-.Fn SSL_CTX_get_client_cert_cb
-first appeared in SSLeay 0.6.6 and have been available since
-.Ox 2.4 .
-.Sh BUGS
-The
-.Fa client_cert_cb()
-cannot return a complete certificate chain;
-it can only return one client certificate.
-If the chain only has a length of 2,
-the root CA certificate may be omitted according to the TLS standard and
-thus a standard conforming answer can be sent to the server.
-For a longer chain, the client must send the complete chain
-(with the option to leave out the root CA certificate).
-This can be accomplished only by either adding the intermediate CA certificates
-into the trusted certificate store for the
-.Vt SSL_CTX
-object (resulting in having to add CA certificates that otherwise maybe would
-not be trusted), or by adding the chain certificates using the
-.Xr SSL_CTX_add_extra_chain_cert 3
-function, which is only available for the
-.Vt SSL_CTX
-object as a whole and that therefore probably can only apply for one client
-certificate, making the concept of the callback function
-(to allow the choice from several certificates) questionable.
-.Pp
-Once the
-.Vt SSL
-object has been used in conjunction with the callback function,
-the certificate will be set for the
-.Vt SSL
-object and will not be cleared even when
-.Xr SSL_clear 3
-is called.
-It is therefore
-.Em mandatory
-to destroy the
-.Vt SSL
-object using
-.Xr SSL_free 3
-and create a new one to return to the previous state.
diff --git a/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3 b/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
deleted file mode 100644
index 94b4ea543d..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_default_passwd_cb.3
+++ /dev/null
@@ -1,216 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_default_passwd_cb.3,v 1.9 2023/09/19 09:40:35 schwarze Exp $
-.\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\" selective merge up to: OpenSSL 18bad535 Apr 9 15:13:55 2019 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Lutz Jaenicke <jaenicke@openssl.org>
-.\" and Christian Heimes <cheimes@redhat.com>.
-.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 19 2023 $
-.Dt SSL_CTX_SET_DEFAULT_PASSWD_CB 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_default_passwd_cb ,
-.Nm SSL_CTX_set_default_passwd_cb_userdata ,
-.Nm SSL_CTX_get_default_passwd_cb ,
-.Nm SSL_CTX_get_default_passwd_cb_userdata
-.Nd set or get passwd callback for encrypted PEM file handling
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_CTX_set_default_passwd_cb "SSL_CTX *ctx" "pem_password_cb *cb"
-.Ft void
-.Fn SSL_CTX_set_default_passwd_cb_userdata "SSL_CTX *ctx" "void *userdata"
-.Ft pem_password_cb *
-.Fn SSL_CTX_get_default_passwd_cb "SSL_CTX *ctx"
-.Ft void *
-.Fn SSL_CTX_get_default_passwd_cb_userdata "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_default_passwd_cb
-sets the password callback for loading a certificate or private key
-from encrypted PEM format.
-In particular, the callback is used by
-.Xr SSL_CTX_use_certificate_file 3 ,
-.Xr SSL_use_certificate_file 3 ,
-.Xr SSL_CTX_use_certificate_chain_file 3 ,
-.Xr SSL_use_certificate_chain_file 3 ,
-.Xr SSL_CTX_use_certificate_chain_mem 3 ,
-.Xr SSL_CTX_use_PrivateKey_file 3 ,
-.Xr SSL_use_PrivateKey_file 3 ,
-.Xr SSL_CTX_use_RSAPrivateKey_file 3 ,
-and
-.Xr SSL_use_RSAPrivateKey_file 3 .
-.Pp
-The function pointer type of the
-.Fa cb
-argument is documented in the
-.Xr pem_password_cb 3
-manual page.
-If
-.Fn SSL_CTX_set_default_passwd_cb
-is not called on
-.Fa ctx
-or if it is called with a
-.Fa cb
-argument of
-.Dv NULL ,
-.Xr PEM_def_callback 3
-is used instead.
-.Pp
-.Fn SSL_CTX_set_default_passwd_cb_userdata
-sets a pointer to the
-.Fa userdata
-which will be provided to the password callback on invocation.
-.Pp
-Since the
-.Fa cb
-passed to
-.Fn SSL_CTX_set_default_passwd_cb
-will only be used for reading and decryption and not for writing and
-encryption, the library will only call it with a
-.Fa verify
-argument of 0.
-.Pp
-If an application program only needs to read and decrypt
-one single private key, it can be practical to have the
-callback handle the password dialog interactively.
-This happens by default if neither
-.Fn SSL_CTX_set_default_passwd_cb
-nor
-.Fn SSL_CTX_set_default_passwd_cb_userdata
-is called.
-In that case, the library uses
-.Xr PEM_def_callback 3
-with a
-.Fa userdata
-argument of
-.Dv NULL .
-.Pp
-If several keys have to be handled, it can be practical
-to ask for the password once, for example using
-.Xr UI_UTIL_read_pw_string 3 ,
-then keep it in memory and use it several times by passing a pointer to it to
-.Fn SSL_CTX_set_default_passwd_cb_userdata .
-.Xr PEM_def_callback 3
-is able to handle this case, too, so calling
-.Fn SSL_CTX_set_default_passwd_cb
-is not needed in this case either.
-.Pp
-Other items in PEM formatting (certificates) can also be encrypted; it is
-however atypical, as certificate information is considered public.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_default_passwd_cb
-returns a function pointer to the password callback currently set in
-.Fa ctx ,
-or
-.Dv NULL
-if none is set.
-.Pp
-.Fn SSL_CTX_get_default_passwd_cb_userdata
-returns a pointer to the userdata currently set in
-.Fa ctx ,
-or
-.Dv NULL
-if none is set.
-.Sh EXAMPLES
-The following example provides a subset of the functionality of
-.Xr PEM_def_callback 3 ,
-except that
-.Xr PEM_def_callback 3
-does not NUL-terminate and copies up to
-.Fa size
-rather than
-.Fa size No \- 1
-bytes.
-It interprets
-.Fa userdata
-as a NUL-terminated string and copies it to the
-.Fa password
-buffer, truncating the copy if it does not fit.
-.Bd -literal
-int
-trivial_passwd_cb(char *password, int size, int verify, void *userdata)
-{
-        strlcpy(password, userdata, size);
-        return strlen(password);
-}
-.Ed
-.Sh SEE ALSO
-.Xr pem_password_cb 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_use_certificate 3
-.Sh HISTORY
-.Fn SSL_CTX_set_default_passwd_cb
-first appeared in SSLeay 0.6.2 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_set_default_passwd_cb_userdata
-first appeared in OpenSSL 0.9.4 and has been available since
-.Ox 2.6 .
-.Pp
-.Fn SSL_CTX_get_default_passwd_cb
-and
-.Fn SSL_CTX_get_default_passwd_cb_userdata
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3 b/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3
deleted file mode 100644
index d85383d776..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_generate_session_id.3
+++ /dev/null
@@ -1,221 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_generate_session_id.3,v 1.5 2018/03/22 21:09:18 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2014 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 22 2018 $
-.Dt SSL_CTX_SET_GENERATE_SESSION_ID 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_generate_session_id ,
-.Nm SSL_set_generate_session_id ,
-.Nm SSL_has_matching_session_id ,
-.Nm GEN_SESSION_CB
-.Nd manipulate generation of SSL session IDs (server only)
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft typedef int
-.Fo (*GEN_SESSION_CB)
-.Fa "const SSL *ssl"
-.Fa "unsigned char *id"
-.Fa "unsigned int *id_len"
-.Fc
-.Ft int
-.Fn SSL_CTX_set_generate_session_id "SSL_CTX *ctx" "GEN_SESSION_CB cb"
-.Ft int
-.Fn SSL_set_generate_session_id "SSL *ssl" "GEN_SESSION_CB cb"
-.Ft int
-.Fo SSL_has_matching_session_id
-.Fa "const SSL *ssl" "const unsigned char *id" "unsigned int id_len"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_generate_session_id
-sets the callback function for generating new session ids for SSL/TLS sessions
-for
-.Fa ctx
-to be
-.Fa cb .
-.Pp
-.Fn SSL_set_generate_session_id
-sets the callback function for generating new session ids for SSL/TLS sessions
-for
-.Fa ssl
-to be
-.Fa cb .
-.Pp
-.Fn SSL_has_matching_session_id
-checks, whether a session with id
-.Fa id
-(of length
-.Fa id_len )
-is already contained in the internal session cache
-of the parent context of
-.Fa ssl .
-.Pp
-When a new session is established between client and server,
-the server generates a session id.
-The session id is an arbitrary sequence of bytes.
-The length of the session id is between 1 and 32 bytes.
-The session id is not security critical but must be unique for the server.
-Additionally, the session id is transmitted in the clear when reusing the
-session so it must not contain sensitive information.
-.Pp
-Without a callback being set, an OpenSSL server will generate a unique session
-id from pseudo random numbers of the maximum possible length.
-Using the callback function, the session id can be changed to contain
-additional information like, e.g., a host id in order to improve load balancing
-or external caching techniques.
-.Pp
-The callback function receives a pointer to the memory location to put
-.Fa id
-into and a pointer to the maximum allowed length
-.Fa id_len .
-The buffer at location
-.Fa id
-is only guaranteed to have the size
-.Fa id_len .
-The callback is only allowed to generate a shorter id and reduce
-.Fa id_len ;
-the callback
-.Em must never
-increase
-.Fa id_len
-or write to the location
-.Fa id
-exceeding the given limit.
-.Pp
-The location
-.Fa id
-is filled with 0x00 before the callback is called,
-so the callback may only fill part of the possible length and leave
-.Fa id_len
-untouched while maintaining reproducibility.
-.Pp
-Since the sessions must be distinguished, session ids must be unique.
-Without the callback a random number is used,
-so that the probability of generating the same session id is extremely small
-(2^256 for TLSv1).
-In order to ensure the uniqueness of the generated session id,
-the callback must call
-.Fn SSL_has_matching_session_id
-and generate another id if a conflict occurs.
-If an id conflict is not resolved, the handshake will fail.
-If the application codes, e.g., a unique host id, a unique process number, and
-a unique sequence number into the session id, uniqueness could easily be
-achieved without randomness added (it should however be taken care that
-no confidential information is leaked this way).
-If the application cannot guarantee uniqueness,
-it is recommended to use the maximum
-.Fa id_len
-and fill in the bytes not used to code special information with random data to
-avoid collisions.
-.Pp
-.Fn SSL_has_matching_session_id
-will only query the internal session cache, not the external one.
-Since the session id is generated before the handshake is completed,
-it is not immediately added to the cache.
-If another thread is using the same internal session cache,
-a race condition can occur in that another thread generates the same session id.
-Collisions can also occur when using an external session cache,
-since the external cache is not tested with
-.Fn SSL_has_matching_session_id
-and the same race condition applies.
-.Pp
-The callback must return 0 if it cannot generate a session id for whatever
-reason and return 1 on success.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_generate_session_id
-and
-.Fn SSL_set_generate_session_id
-always return 1.
-.Pp
-.Fn SSL_has_matching_session_id
-returns 1 if another session with the same id is already in the cache.
-.Sh EXAMPLES
-The callback function listed will generate a session id with the server id
-given, and will fill the rest with pseudo random bytes:
-.Bd -literal
-const char session_id_prefix = "www-18";
-
-#define MAX_SESSION_ID_ATTEMPTS 10
-static int
-generate_session_id(const SSL *ssl, unsigned char *id,
-    unsigned int *id_len)
-{
-        unsigned int count = 0;
-
-        do {
-                RAND_pseudo_bytes(id, *id_len);
-                /*
-                 * Prefix the session_id with the required prefix. NB: If
-                 * our prefix is too long, clip it \(en but there will be
-                 * worse effects anyway, e.g., the server could only
-                 * possibly create one session ID (the prefix!) so all
-                 * future session negotiations will fail due to conflicts.
-                 */
-                memcpy(id, session_id_prefix,
-                    (strlen(session_id_prefix) < *id_len) ?
-                    strlen(session_id_prefix) : *id_len);
-        } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
-            (++count < MAX_SESSION_ID_ATTEMPTS));
-
-        if (count >= MAX_SESSION_ID_ATTEMPTS)
-                return 0;
-        return 1;
-}
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_version 3
-.Sh HISTORY
-.Fn SSL_CTX_set_generate_session_id ,
-.Fn SSL_set_generate_session_id
-and
-.Fn SSL_has_matching_session_id
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_info_callback.3 b/src/lib/libssl/man/SSL_CTX_set_info_callback.3
deleted file mode 100644
index 76eb8bee61..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_info_callback.3
+++ /dev/null
@@ -1,233 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_info_callback.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_SET_INFO_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_info_callback ,
-.Nm SSL_CTX_get_info_callback ,
-.Nm SSL_set_info_callback ,
-.Nm SSL_get_info_callback
-.Nd handle information callback for SSL connections
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_info_callback
-.Fa "SSL_CTX *ctx"
-.Fa "void (*callback)(const SSL *ssl, int where, int ret)"
-.Fc
-.Ft void
-.Fo "(*SSL_CTX_get_info_callback(const SSL_CTX *ctx))"
-.Fa "const SSL *ssl"
-.Fa "int where"
-.Fa "int ret"
-.Fc
-.Ft void
-.Fo SSL_set_info_callback
-.Fa "SSL *ssl"
-.Fa "void (*callback)(const SSL *ssl, int where, int ret)"
-.Fc
-.Ft void
-.Fo "(*SSL_get_info_callback(const SSL *ssl))"
-.Fa "const SSL *ssl"
-.Fa "int where"
-.Fa "int ret"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_info_callback
-sets the
-.Fa callback
-function that can be used to obtain state information for SSL objects created
-from
-.Fa ctx
-during connection setup and use.
-The setting for
-.Fa ctx
-is overridden from the setting for a specific SSL object, if specified.
-When
-.Fa callback
-is
-.Dv NULL ,
-no callback function is used.
-.Pp
-.Fn SSL_set_info_callback
-sets the
-.Fa callback
-function that can be used to
-obtain state information for
-.Fa ssl
-during connection setup and use.
-When
-.Fa callback
-is
-.Dv NULL ,
-the callback setting currently valid for
-.Fa ctx
-is used.
-.Pp
-.Fn SSL_CTX_get_info_callback
-returns a pointer to the currently set information callback function for
-.Fa ctx .
-.Pp
-.Fn SSL_get_info_callback
-returns a pointer to the currently set information callback function for
-.Fa ssl .
-.Pp
-When setting up a connection and during use,
-it is possible to obtain state information from the SSL/TLS engine.
-When set, an information callback function is called whenever the state changes,
-an alert appears, or an error occurs.
-.Pp
-The callback function is called as
-.Fn callback "SSL *ssl" "int where" "int ret" .
-The
-.Fa where
-argument specifies information about where (in which context)
-the callback function was called.
-If
-.Fa ret
-is 0, an error condition occurred.
-If an alert is handled,
-.Dv SSL_CB_ALERT
-is set and
-.Fa ret
-specifies the alert information.
-.Pp
-.Fa where
-is a bitmask made up of the following bits:
-.Bl -tag -width Ds
-.It Dv SSL_CB_LOOP
-Callback has been called to indicate state change inside a loop.
-.It Dv SSL_CB_EXIT
-Callback has been called to indicate error exit of a handshake function.
-(May be soft error with retry option for non-blocking setups.)
-.It Dv SSL_CB_READ
-Callback has been called during read operation.
-.It Dv SSL_CB_WRITE
-Callback has been called during write operation.
-.It Dv SSL_CB_ALERT
-Callback has been called due to an alert being sent or received.
-.It Dv SSL_CB_READ_ALERT
-.It Dv SSL_CB_WRITE_ALERT
-.It Dv SSL_CB_ACCEPT_LOOP
-.It Dv SSL_CB_ACCEPT_EXIT
-.It Dv SSL_CB_CONNECT_LOOP
-.It Dv SSL_CB_CONNECT_EXIT
-.It Dv SSL_CB_HANDSHAKE_START
-Callback has been called because a new handshake is started.
-.It Dv SSL_CB_HANDSHAKE_DONE
-Callback has been called because a handshake is finished.
-.El
-.Pp
-The current state information can be obtained using the
-.Xr SSL_state_string 3
-family of functions.
-.Pp
-The
-.Fa ret
-information can be evaluated using the
-.Xr SSL_alert_type_string 3
-family of functions.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_info_callback
-and
-.Fn SSL_get_info_callback
-return a pointer to the current callback or
-.Dv NULL
-if none is set.
-.Sh EXAMPLES
-The following example callback function prints state strings,
-information about alerts being handled and error messages to the
-.Va bio_err
-.Vt BIO .
-.Bd -literal
-void
-apps_ssl_info_callback(SSL *s, int where, int ret)
-{
-        const char *str;
-        int w;
-
-        w = where & ~SSL_ST_MASK;
-
-        if (w & SSL_ST_CONNECT)
-                str = "SSL_connect";
-        else if (w & SSL_ST_ACCEPT)
-                str = "SSL_accept";
-        else
-                str = "undefined";
-
-        if (where & SSL_CB_LOOP) {
-                BIO_printf(bio_err, "%s:%s\en", str,
-                    SSL_state_string_long(s));
-        } else if (where & SSL_CB_ALERT) {
-                str = (where & SSL_CB_READ) ? "read" : "write";
-                BIO_printf(bio_err, "SSL3 alert %s:%s:%s\en", str,
-                        SSL_alert_type_string_long(ret),
-                        SSL_alert_desc_string_long(ret));
-        } else if (where & SSL_CB_EXIT) {
-                if (ret == 0)
-                        BIO_printf(bio_err, "%s:failed in %s\en",
-                                str, SSL_state_string_long(s));
-                else if (ret < 0) {
-                        BIO_printf(bio_err, "%s:error in %s\en",
-                                str, SSL_state_string_long(s));
-                }
-        }
-}
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_alert_type_string 3 ,
-.Xr SSL_state_string 3
-.Sh HISTORY
-These functions first appeared in SSLeay 0.6.0
-and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3 b/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3
deleted file mode 100644
index 24b8f9992f..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_keylog_callback.3
+++ /dev/null
@@ -1,56 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_keylog_callback.3,v 1.3 2024/05/16 08:39:30 tb Exp $
-.\" OpenSSL pod checked up to: 61f805c1 Jan 16 01:01:46 2018 +0800
-.\"
-.\" Copyright (c) 2021 Bob Beck <beck@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: May 16 2024 $
-.Dt SSL_CTX_SET_KEYLOG_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_keylog_callback ,
-.Nm SSL_CTX_get_keylog_callback
-.Nd set and get the unused key logging callback
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft typedef void
-.Fo (*SSL_CTX_keylog_cb_func)
-.Fa "const SSL *ssl"
-.Fa "const char *line"
-.Fc
-.Ft void
-.Fn SSL_CTX_set_keylog_callback "SSL_CTX *ctx" "SSL_CTX_keylog_cb_func cb"
-.Ft SSL_CTX_keylog_cb_func
-.Fn SSL_CTX_get_keylog_callback "const SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_keylog_callback
-sets the TLS key logging callback.
-This callback is never called in LibreSSL.
-.Pp
-.Fn SSL_CTX_get_keylog_callback
-retrieves the previously set TLS key logging callback.
-.Pp
-These functions are provided only for compatibility with OpenSSL.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_keylog_callback
-returns the previously set TLS key logging callback, or
-.Dv NULL
-if no callback has been set.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_new 3
-.Sh HISTORY
-These function first appeared in OpenSSL 1.1.1
-and have been available since
-.Ox 7.1 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3 b/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3
deleted file mode 100644
index 89513b1006..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_max_cert_list.3
+++ /dev/null
@@ -1,154 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_max_cert_list.3,v 1.6 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_CTX_SET_MAX_CERT_LIST 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_max_cert_list ,
-.Nm SSL_CTX_get_max_cert_list ,
-.Nm SSL_set_max_cert_list ,
-.Nm SSL_get_max_cert_list
-.Nd manipulate allowed size for the peer's certificate chain
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_set_max_cert_list "SSL_CTX *ctx" "long size"
-.Ft long
-.Fn SSL_CTX_get_max_cert_list "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_set_max_cert_list "SSL *ssl" "long size"
-.Ft long
-.Fn SSL_get_max_cert_list "SSL *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_max_cert_list
-sets the maximum size allowed for the peer's certificate chain for all
-.Vt SSL
-objects created from
-.Fa ctx
-to be
-.Fa size
-bytes.
-The
-.Vt SSL
-objects inherit the setting valid for
-.Fa ctx
-at the time
-.Xr SSL_new 3
-is being called.
-.Pp
-.Fn SSL_CTX_get_max_cert_list
-returns the currently set maximum size for
-.Fa ctx .
-.Pp
-.Fn SSL_set_max_cert_list
-sets the maximum size allowed for the peer's certificate chain for
-.Fa ssl
-to be
-.Fa size
-bytes.
-This setting stays valid until a new value is set.
-.Pp
-.Fn SSL_get_max_cert_list
-returns the currently set maximum size for
-.Fa ssl .
-.Pp
-During the handshake process, the peer may send a certificate chain.
-The TLS/SSL standard does not give any maximum size of the certificate chain.
-The OpenSSL library handles incoming data by a dynamically allocated buffer.
-In order to prevent this buffer from growing without bound due to data
-received from a faulty or malicious peer, a maximum size for the certificate
-chain is set.
-.Pp
-The default value for the maximum certificate chain size is 100kB (30kB
-on the 16bit DOS platform).
-This should be sufficient for usual certificate chains
-(OpenSSL's default maximum chain length is 10, see
-.Xr SSL_CTX_set_verify 3 ,
-and certificates without special extensions have a typical size of 1-2kB).
-.Pp
-For special applications it can be necessary to extend the maximum certificate
-chain size allowed to be sent by the peer.
-See for example the work on
-.%T "Internet X.509 Public Key Infrastructure Proxy Certificate Profile"
-and
-.%T "TLS Delegation Protocol"
-at
-.Lk https://www.ietf.org/
-and
-.Lk http://www.globus.org/ .
-.Pp
-Under normal conditions it should never be necessary to set a value smaller
-than the default, as the buffer is handled dynamically and only uses the
-memory actually required by the data sent by the peer.
-.Pp
-If the maximum certificate chain size allowed is exceeded, the handshake will
-fail with a
-.Dv SSL_R_EXCESSIVE_MESSAGE_SIZE
-error.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_max_cert_list
-and
-.Fn SSL_set_max_cert_list
-return the previously set value.
-.Pp
-.Fn SSL_CTX_get_max_cert_list
-and
-.Fn SSL_get_max_cert_list
-return the currently set value.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_new 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.7
-and have been available since
-.Ox 3.2 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3 b/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3
deleted file mode 100644
index a2597cda83..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_min_proto_version.3
+++ /dev/null
@@ -1,156 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_min_proto_version.3,v 1.5 2021/04/15 16:40:32 tb Exp $
-.\" full merge up to: OpenSSL 3edabd3c Sep 14 09:28:39 2017 +0200
-.\"
-.\" This file was written by Kurt Roeckx <kurt@roeckx.be> and
-.\" Christian Heimes <christian@python.org>.
-.\" Copyright (c) 2015, 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 15 2021 $
-.Dt SSL_CTX_SET_MIN_PROTO_VERSION 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_min_proto_version ,
-.Nm SSL_CTX_set_max_proto_version ,
-.Nm SSL_CTX_get_min_proto_version ,
-.Nm SSL_CTX_get_max_proto_version ,
-.Nm SSL_set_min_proto_version ,
-.Nm SSL_set_max_proto_version ,
-.Nm SSL_get_min_proto_version ,
-.Nm SSL_get_max_proto_version
-.Nd get and set minimum and maximum supported protocol version
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set_min_proto_version
-.Fa "SSL_CTX *ctx"
-.Fa "uint16_t version"
-.Fc
-.Ft int
-.Fo SSL_CTX_set_max_proto_version
-.Fa "SSL_CTX *ctx"
-.Fa "uint16_t version"
-.Fc
-.Ft int
-.Fo SSL_CTX_get_min_proto_version
-.Fa "SSL_CTX *ctx"
-.Fc
-.Ft int
-.Fo SSL_CTX_get_max_proto_version
-.Fa "SSL_CTX *ctx"
-.Fc
-.Ft int
-.Fo SSL_set_min_proto_version
-.Fa "SSL *ssl"
-.Fa "uint16_t version"
-.Fc
-.Ft int
-.Fo SSL_set_max_proto_version
-.Fa "SSL *ssl"
-.Fa "uint16_t version"
-.Fc
-.Ft int
-.Fo SSL_get_min_proto_version
-.Fa "SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_get_max_proto_version
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-These functions get or set the minimum and maximum supported protocol
-versions for
-.Fa ctx
-or
-.Fa ssl .
-This works in combination with the options set via
-.Xr SSL_CTX_set_options 3
-that also make it possible to disable specific protocol versions.
-Use these functions instead of disabling specific protocol versions.
-.Pp
-Setting the minimum or maximum version to 0 will enable protocol
-versions down to the lowest or up to the highest version supported
-by the library, respectively.
-.Pp
-Currently supported versions are
-.Dv TLS1_VERSION ,
-.Dv TLS1_1_VERSION ,
-and
-.Dv TLS1_2_VERSION
-for TLS and
-.Dv DTLS1_VERSION
-and
-.Dv DTLS1_2_VERSION
-for DTLS.
-.Pp
-In other implementations, these functions may be implemented as macros.
-.Sh RETURN VALUES
-The setter functions return 1 on success or 0 on failure.
-.Pp
-The getter functions return the configured version or 0 if
-.Fa ctx
-or
-.Fa ssl
-has been configured to automatically use the lowest or highest
-version supported by the library.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_set_options 3
-.Sh HISTORY
-The setter functions first appeared in BoringSSL in December 2014,
-with shorter names without the
-.Sy proto_
-part.
-Two years later, OpenSSL included them in their 1.1.0 release,
-gratuitously changing the names; Google shrugged and adopted
-the longer names one month later.
-They have been available since
-.Ox 6.2 .
-.Pp
-The getter functions first appeared in OpenSSL 1.1.0g
-and have been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_mode.3 b/src/lib/libssl/man/SSL_CTX_set_mode.3
deleted file mode 100644
index fca1a977d0..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_mode.3
+++ /dev/null
@@ -1,204 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_mode.3,v 1.7 2020/10/08 16:02:38 tb Exp $
-.\" full merge up to: OpenSSL 8671b898 Jun 3 02:48:34 2008 +0000
-.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
-.\" Ben Laurie <ben@openssl.org>.
-.\" Copyright (c) 2001, 2008 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: October 8 2020 $
-.Dt SSL_CTX_SET_MODE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_mode ,
-.Nm SSL_set_mode ,
-.Nm SSL_CTX_clear_mode ,
-.Nm SSL_clear_mode ,
-.Nm SSL_CTX_get_mode ,
-.Nm SSL_get_mode
-.Nd manipulate SSL engine mode
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_set_mode "SSL_CTX *ctx" "long mode"
-.Ft long
-.Fn SSL_set_mode "SSL *ssl" "long mode"
-.Ft long
-.Fn SSL_CTX_clear_mode "SSL_CTX *ctx" "long mode"
-.Ft long
-.Fn SSL_clear_mode "SSL *ssl" "long mode"
-.Ft long
-.Fn SSL_CTX_get_mode "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_get_mode "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_mode
-and
-.Fn SSL_set_mode
-enable the options contained in the bitmask
-.Fa mode
-for the
-.Fa ctx
-or
-.Fa ssl
-object, respectively.
-Options that were already enabled before the call are not disabled.
-.Pp
-.Fn SSL_CTX_clear_mode
-and
-.Fn SSL_clear_mode
-disable the options contained in the bitmask
-.Fa mode
-for the
-.Fa ctx
-or
-.Fa ssl
-object.
-.Pp
-.Fn SSL_CTX_get_mode
-and
-.Fn SSL_get_mode
-return a bitmask representing the options
-that are currently enabled for the
-.Fa ctx
-or
-.Fa ssl
-object.
-.Pp
-The following options are available:
-.Bl -tag -width Ds
-.It Dv SSL_MODE_ENABLE_PARTIAL_WRITE
-Allow
-.Fn SSL_write ... n
-to return
-.Ms r
-with
-.EQ
-0 < r < n
-.EN
-(i.e., report success when just a single record has been written).
-When not set (the default),
-.Xr SSL_write 3
-will only report success once the complete chunk was written.
-Once
-.Xr SSL_write 3
-returns with
-.Ms r ,
-.Ms r
-bytes have been successfully written and the next call to
-.Xr SSL_write 3
-must only send the
-.Ms n \(mi r
-bytes left, imitating the behaviour of
-.Xr write 2 .
-.It Dv SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER
-Make it possible to retry
-.Xr SSL_write 3
-with changed buffer location (the buffer contents must stay the same).
-This is not the default to avoid the misconception that non-blocking
-.Xr SSL_write 3
-behaves like non-blocking
-.Xr write 2 .
-.It Dv SSL_MODE_AUTO_RETRY
-Never bother the application with retries if the transport is blocking.
-If a renegotiation takes place during normal operation, a
-.Xr SSL_read 3
-or
-.Xr SSL_write 3
-would return
-with \(mi1 and indicate the need to retry with
-.Dv SSL_ERROR_WANT_READ .
-In a non-blocking environment applications must be prepared to handle
-incomplete read/write operations.
-In a blocking environment, applications are not always prepared to deal with
-read/write operations returning without success report.
-The flag
-.Dv SSL_MODE_AUTO_RETRY
-will cause read/write operations to only return after the handshake and
-successful completion.
-.It Dv SSL_MODE_RELEASE_BUFFERS
-When we no longer need a read buffer or a write buffer for a given
-.Vt SSL ,
-then release the memory we were using to hold it.
-Using this flag can save around 34k per idle SSL connection.
-This flag has no effect on SSL v2 connections, or on DTLS connections.
-.El
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_mode ,
-.Fn SSL_set_mode ,
-.Fn SSL_CTX_clear_mode ,
-and
-.Fn SSL_clear_mode
-return the new mode bitmask after adding or clearing
-.Fa mode .
-.Pp
-.Fn SSL_CTX_get_mode
-and
-.Fn SSL_get_mode
-return the current bitmask.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_write 3
-.Sh HISTORY
-.Fn SSL_CTX_set_mode ,
-.Fn SSL_set_mode ,
-.Fn SSL_CTX_get_mode ,
-and
-.Fn SSL_get_mode
-first appeared in OpenSSL 0.9.4 and have been available since
-.Ox 2.6 .
-.Pp
-.Fn SSL_CTX_clear_mode
-and
-.Fn SSL_clear_mode
-first appeared in OpenSSL 0.9.8m and have been available since
-.Ox 4.9 .
-.Pp
-.Dv SSL_MODE_AUTO_RETRY
-was added in OpenSSL 0.9.6.
diff --git a/src/lib/libssl/man/SSL_CTX_set_msg_callback.3 b/src/lib/libssl/man/SSL_CTX_set_msg_callback.3
deleted file mode 100644
index a27333e6d9..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_msg_callback.3
+++ /dev/null
@@ -1,183 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_msg_callback.3,v 1.5 2021/04/15 16:43:27 tb Exp $
-.\"     OpenSSL SSL_CTX_set_msg_callback.pod e9b77246 Jan 20 19:58:49 2017 +0100
-.\"     OpenSSL SSL_CTX_set_msg_callback.pod b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Bodo Moeller <bodo@openssl.org>.
-.\" Copyright (c) 2001, 2014, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 15 2021 $
-.Dt SSL_CTX_SET_MSG_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_msg_callback ,
-.Nm SSL_CTX_set_msg_callback_arg ,
-.Nm SSL_set_msg_callback ,
-.Nm SSL_set_msg_callback_arg
-.Nd install callback for observing protocol messages
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_msg_callback
-.Fa "SSL_CTX *ctx"
-.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
-.Fc
-.Ft void
-.Fn SSL_CTX_set_msg_callback_arg "SSL_CTX *ctx" "void *arg"
-.Ft void
-.Fo SSL_set_msg_callback
-.Fa "SSL *ssl"
-.Fa "void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)"
-.Fc
-.Ft void
-.Fn SSL_set_msg_callback_arg "SSL *ssl" "void *arg"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_msg_callback
-or
-.Fn SSL_set_msg_callback
-can be used to define a message callback function
-.Fa cb
-for observing all SSL/TLS protocol messages (such as handshake messages)
-that are received or sent.
-.Fn SSL_CTX_set_msg_callback_arg
-and
-.Fn SSL_set_msg_callback_arg
-can be used to set argument
-.Fa arg
-to the callback function, which is available for arbitrary application use.
-.Pp
-.Fn SSL_CTX_set_msg_callback
-and
-.Fn SSL_CTX_set_msg_callback_arg
-specify default settings that will be copied to new
-.Vt SSL
-objects by
-.Xr SSL_new 3 .
-.Fn SSL_set_msg_callback
-and
-.Fn SSL_set_msg_callback_arg
-modify the actual settings of an
-.Vt SSL
-object.
-Using a
-.Dv NULL
-pointer for
-.Fa cb
-disables the message callback.
-.Pp
-When
-.Fa cb
-is called by the SSL/TLS library for a protocol message,
-the function arguments have the following meaning:
-.Bl -tag -width Ds
-.It Fa write_p
-This flag is 0 when a protocol message has been received and 1 when a protocol
-message has been sent.
-.It Fa version
-The protocol version according to which the protocol message is
-interpreted by the library, such as
-.Dv TLS1_VERSION ,
-.Dv TLS1_1_VERSION ,
-.Dv TLS1_2_VERSION ,
-.Dv DTLS1_VERSION ,
-or
-.Dv DTLS1_2_VERSION .
-.It Fa content_type
-This is one of the
-.Em ContentType
-values defined in the protocol specification
-.Po
-.Dv SSL3_RT_CHANGE_CIPHER_SPEC ,
-.Dv SSL3_RT_ALERT ,
-.Dv SSL3_RT_HANDSHAKE ,
-but never
-.Dv SSL3_RT_APPLICATION_DATA
-because the callback will only be called for protocol messages.
-.Pc
-.It Fa buf , Fa len
-.Fa buf
-points to a buffer containing the protocol message, which consists of
-.Fa len
-bytes.
-The buffer is no longer valid after the callback function has returned.
-.It Fa ssl
-The
-.Vt SSL
-object that received or sent the message.
-.It Fa arg
-The user-defined argument optionally defined by
-.Fn SSL_CTX_set_msg_callback_arg
-or
-.Fn SSL_set_msg_callback_arg .
-.El
-.Pp
-Protocol messages are passed to the callback function after decryption
-and fragment collection where applicable.
-(Thus record boundaries are not visible.)
-.Pp
-If processing a received protocol message results in an error,
-the callback function may not be called.
-For example, the callback function will never see messages that are considered
-too large to be processed.
-.Pp
-Due to automatic protocol version negotiation,
-.Fa version
-is not necessarily the protocol version used by the sender of the message:
-If a TLS 1.0 ClientHello message is received by an SSL 3.0-only server,
-.Fa version
-will be
-.Dv SSL3_VERSION .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_new 3
-.Sh HISTORY
-.Fn SSL_CTX_set_msg_callback ,
-.Fn SSL_CTX_set_msg_callback_arg ,
-.Fn SSL_set_msg_callback
-and
-.Fn SSL_set_msg_callback_arg
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_num_tickets.3 b/src/lib/libssl/man/SSL_CTX_set_num_tickets.3
deleted file mode 100644
index cb6d7e000a..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_num_tickets.3
+++ /dev/null
@@ -1,63 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_num_tickets.3,v 1.2 2021/10/23 17:20:50 schwarze Exp $
-.\" OpenSSL pod checked up to: 5402f96a Sep 11 09:58:52 2021 +0100
-.\"
-.\" Copyright (c) 2021 Bob Beck <beck@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: October 23 2021 $
-.Dt SSL_CTX_SET_NUM_TICKETS 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_num_tickets ,
-.Nm SSL_CTX_get_num_tickets ,
-.Nm SSL_set_num_tickets ,
-.Nm SSL_get_num_tickets
-.Nd set and get the number of TLS 1.3 session tickets to be sent
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_set_num_tickets "SSL_CTX *ctx" "size_t num_tickets"
-.Ft size_t
-.Fn SSL_CTX_get_num_tickets "const SSL_CTX *ctx"
-.Ft int
-.Fn SSL_set_num_tickets "SSL *ssl" "size_t num_tickets"
-.Ft size_t
-.Fn SSL_get_num_tickets "const SSL *ssl"
-.Sh DESCRIPTION
-These functions set and retrieve
-the configured number of session tickets for
-.Fa ctx
-and
-.Fa ssl ,
-respectively.
-.Pp
-They are provided only for compatibility with OpenSSL
-and have no effect in LibreSSL.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_num_tickets
-and
-.Fn SSL_set_num_tickets
-always return 1.
-.Pp
-.Fn SSL_CTX_get_num_tickets
-and
-.Fn SSL_get_num_tickets
-return the previously set number of tickets, or 0 if it has not been set.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_new 3
-.Sh HISTORY
-These function first appeared in OpenSSL 1.1.1
-and have been available since
-.Ox 7.1 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_options.3 b/src/lib/libssl/man/SSL_CTX_set_options.3
deleted file mode 100644
index 5df0b07785..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_options.3
+++ /dev/null
@@ -1,374 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_options.3,v 1.16 2022/03/31 17:27:18 naddy Exp $
-.\" full merge up to: OpenSSL 7946ab33 Dec 6 17:56:41 2015 +0100
-.\" selective merge up to: OpenSSL edb79c3a Mar 29 10:07:14 2017 +1000
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
-.\" Bodo Moeller <bodo@openssl.org>, and
-.\" Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2001-2003, 2005, 2007, 2009, 2010, 2013-2015
-.\" The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 31 2022 $
-.Dt SSL_CTX_SET_OPTIONS 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_options ,
-.Nm SSL_set_options ,
-.Nm SSL_CTX_clear_options ,
-.Nm SSL_clear_options ,
-.Nm SSL_CTX_get_options ,
-.Nm SSL_get_options ,
-.Nm SSL_get_secure_renegotiation_support
-.Nd manipulate SSL options
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_set_options "SSL_CTX *ctx" "long options"
-.Ft long
-.Fn SSL_set_options "SSL *ssl" "long options"
-.Ft long
-.Fn SSL_CTX_clear_options "SSL_CTX *ctx" "long options"
-.Ft long
-.Fn SSL_clear_options "SSL *ssl" "long options"
-.Ft long
-.Fn SSL_CTX_get_options "SSL_CTX *ctx"
-.Ft long
-.Fn SSL_get_options "SSL *ssl"
-.Ft long
-.Fn SSL_get_secure_renegotiation_support "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_options
-adds the options set via bitmask in
-.Fa options
-to
-.Fa ctx .
-Options already set before are not cleared!
-.Pp
-.Fn SSL_set_options
-adds the options set via bitmask in
-.Fa options
-to
-.Fa ssl .
-Options already set before are not cleared!
-.Pp
-.Fn SSL_CTX_clear_options
-clears the options set via bitmask in
-.Fa options
-to
-.Fa ctx .
-.Pp
-.Fn SSL_clear_options
-clears the options set via bitmask in
-.Fa options
-to
-.Fa ssl .
-.Pp
-.Fn SSL_CTX_get_options
-returns the options set for
-.Fa ctx .
-.Pp
-.Fn SSL_get_options
-returns the options set for
-.Fa ssl .
-.Pp
-.Fn SSL_get_secure_renegotiation_support
-indicates whether the peer supports secure renegotiation.
-.Pp
-All these functions are implemented using macros.
-.Pp
-The behaviour of the SSL library can be changed by setting several options.
-The options are coded as bitmasks and can be combined by a bitwise OR
-operation (|).
-.Pp
-.Fn SSL_CTX_set_options
-and
-.Fn SSL_set_options
-affect the (external) protocol behaviour of the SSL library.
-The (internal) behaviour of the API can be changed by using the similar
-.Xr SSL_CTX_set_mode 3
-and
-.Xr SSL_set_mode 3
-functions.
-.Pp
-During a handshake, the option settings of the SSL object are used.
-When a new SSL object is created from a context using
-.Xr SSL_new 3 ,
-the current option setting is copied.
-Changes to
-.Fa ctx
-do not affect already created
-.Vt SSL
-objects.
-.Fn SSL_clear
-does not affect the settings.
-.Pp
-The following
-.Em bug workaround
-options are available:
-.Bl -tag -width Ds
-.It Dv SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
-Disables a countermeasure against a TLS 1.0 protocol vulnerability
-affecting CBC ciphers, which cannot be handled by some broken SSL
-implementations.
-This option has no effect for connections using other ciphers.
-.It Dv SSL_OP_ALL
-This is currently an alias for
-.Dv SSL_OP_LEGACY_SERVER_CONNECT .
-.El
-.Pp
-It is usually safe to use
-.Dv SSL_OP_ALL
-to enable the bug workaround options if compatibility with somewhat broken
-implementations is desired.
-.Pp
-The following
-.Em modifying
-options are available:
-.Bl -tag -width Ds
-.It Dv SSL_OP_CIPHER_SERVER_PREFERENCE
-When choosing a cipher, use the server's preferences instead of the client
-preferences.
-When not set, the server will always follow the client's preferences.
-When set, the server will choose following its own preferences.
-.It Dv SSL_OP_COOKIE_EXCHANGE
-Turn on Cookie Exchange as described in RFC 4347 Section 4.2.1.
-Only affects DTLS connections.
-.It Dv SSL_OP_LEGACY_SERVER_CONNECT
-Allow legacy insecure renegotiation between OpenSSL and unpatched servers
-.Em only :
-this option is currently set by default.
-See the
-.Sx SECURE RENEGOTIATION
-section for more details.
-.It Dv SSL_OP_NO_DTLSv1
-Do not use the DTLSv1 protocol.
-Deprecated; use
-.Xr SSL_CTX_set_min_proto_version 3
-instead.
-.It Dv SSL_OP_NO_DTLSv1_2
-Do not use the DTLSv1.2 protocol.
-Deprecated; use
-.Xr SSL_CTX_set_min_proto_version 3
-instead.
-.It Dv SSL_OP_NO_QUERY_MTU
-Do not query the MTU.
-Only affects DTLS connections.
-.It Dv SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION
-When performing renegotiation as a server, always start a new session (i.e.,
-session resumption requests are only accepted in the initial handshake).
-This option is not needed for clients.
-.It Dv SSL_OP_NO_TICKET
-Normally clients and servers using TLSv1.2 and earlier will, where possible,
-transparently make use of
-RFC 5077 tickets for stateless session resumption.
-.Pp
-If this option is set, this functionality is disabled and tickets will not be
-used by clients or servers.
-.It Dv SSL_OP_NO_TLSv1
-Do not use the TLSv1.0 protocol.
-Deprecated; use
-.Xr SSL_CTX_set_min_proto_version 3
-instead.
-.It Dv SSL_OP_NO_TLSv1_1
-Do not use the TLSv1.1 protocol.
-Deprecated; use
-.Xr SSL_CTX_set_min_proto_version 3
-instead.
-.It Dv SSL_OP_NO_TLSv1_2
-Do not use the TLSv1.2 protocol.
-Deprecated; use
-.Xr SSL_CTX_set_max_proto_version 3
-instead.
-.El
-.Pp
-The following options used to be supported at some point in the past
-and no longer have any effect:
-.Dv SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION ,
-.Dv SSL_OP_EPHEMERAL_RSA ,
-.Dv SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER ,
-.Dv SSL_OP_MICROSOFT_SESS_ID_BUG ,
-.Dv SSL_OP_NETSCAPE_CA_DN_BUG ,
-.Dv SSL_OP_NETSCAPE_CHALLENGE_BUG ,
-.Dv SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG ,
-.Dv SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG ,
-.Dv SSL_OP_NO_COMPRESSION ,
-.Dv SSL_OP_NO_SSLv2 ,
-.Dv SSL_OP_NO_SSLv3 ,
-.Dv SSL_OP_PKCS1_CHECK_1 ,
-.Dv SSL_OP_PKCS1_CHECK_2 ,
-.Dv SSL_OP_SAFARI_ECDHE_ECDSA_BUG ,
-.Dv SSL_OP_SINGLE_DH_USE ,
-.Dv SSL_OP_SINGLE_ECDH_USE ,
-.Dv SSL_OP_SSLEAY_080_CLIENT_DH_BUG ,
-.Dv SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG ,
-.Dv SSL_OP_TLS_BLOCK_PADDING_BUG ,
-.Dv SSL_OP_TLS_D5_BUG ,
-.Dv SSL_OP_TLS_ROLLBACK_BUG ,
-.Dv SSL_OP_TLSEXT_PADDING .
-.Sh SECURE RENEGOTIATION
-OpenSSL 0.9.8m and later always attempts to use secure renegotiation as
-described in RFC 5746.
-This counters the prefix attack described in CVE-2009-3555 and elsewhere.
-.Pp
-This attack has far-reaching consequences which application writers should be
-aware of.
-In the description below an implementation supporting secure renegotiation is
-referred to as
-.Dq patched .
-A server not supporting secure
-renegotiation is referred to as
-.Dq unpatched .
-.Pp
-The following sections describe the operations permitted by OpenSSL's secure
-renegotiation implementation.
-.Ss Patched client and server
-Connections and renegotiation are always permitted by OpenSSL implementations.
-.Ss Unpatched client and patched OpenSSL server
-The initial connection succeeds but client renegotiation is denied by the
-server with a
-.Em no_renegotiation
-warning alert.
-.Pp
-If the patched OpenSSL server attempts to renegotiate, a fatal
-.Em handshake_failure
-alert is sent.
-This is because the server code may be unaware of the unpatched nature of the
-client.
-.Pp
-Note that a bug in OpenSSL clients earlier than 0.9.8m (all of which
-are unpatched) will result in the connection hanging if it receives a
-.Em no_renegotiation
-alert.
-OpenSSL versions 0.9.8m and later will regard a
-.Em no_renegotiation
-alert as fatal and respond with a fatal
-.Em handshake_failure
-alert.
-This is because the OpenSSL API currently has no provision to indicate to an
-application that a renegotiation attempt was refused.
-.Ss Patched OpenSSL client and unpatched server
-If the option
-.Dv SSL_OP_LEGACY_SERVER_CONNECT
-is set then initial connections and renegotiation between patched OpenSSL
-clients and unpatched servers succeeds.
-If neither option is set then initial connections to unpatched servers will
-fail.
-.Pp
-The option
-.Dv SSL_OP_LEGACY_SERVER_CONNECT
-is currently set by default even though it has security implications:
-otherwise it would be impossible to connect to unpatched servers (i.e., all of
-them initially) and this is clearly not acceptable.
-Renegotiation is permitted because this does not add any additional security
-issues: during an attack clients do not see any renegotiations anyway.
-.Pp
-As more servers become patched, the option
-.Dv SSL_OP_LEGACY_SERVER_CONNECT
-will
-.Em not
-be set by default in a future version of OpenSSL.
-.Pp
-OpenSSL client applications wishing to ensure they can connect to unpatched
-servers should always
-.Em set
-.Dv SSL_OP_LEGACY_SERVER_CONNECT .
-.Pp
-OpenSSL client applications that want to ensure they can
-.Em not
-connect to unpatched servers (and thus avoid any security issues) should always
-.Em clear
-.Dv SSL_OP_LEGACY_SERVER_CONNECT
-using
-.Fn SSL_CTX_clear_options
-or
-.Fn SSL_clear_options .
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_options
-and
-.Fn SSL_set_options
-return the new options bitmask after adding
-.Fa options .
-.Pp
-.Fn SSL_CTX_clear_options
-and
-.Fn SSL_clear_options
-return the new options bitmask after clearing
-.Fa options .
-.Pp
-.Fn SSL_CTX_get_options
-and
-.Fn SSL_get_options
-return the current bitmask.
-.Pp
-.Fn SSL_get_secure_renegotiation_support
-returns 1 is the peer supports secure renegotiation and 0 if it does not.
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_set_min_proto_version 3 ,
-.Xr SSL_new 3
-.Sh HISTORY
-.Fn SSL_CTX_set_options
-and
-.Fn SSL_set_options
-first appeared in SSLeay 0.9.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_get_options
-and
-.Fn SSL_get_options
-first appeared in OpenSSL 0.9.2b and have been available since
-.Ox 2.6 .
-.Pp
-.Fn SSL_CTX_clear_options ,
-.Fn SSL_clear_options ,
-and
-.Fn SSL_get_secure_renegotiation_support
-first appeared in OpenSSL 0.9.8m and have been available since
-.Ox 4.9 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3 b/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
deleted file mode 100644
index 71463f1eca..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_quiet_shutdown.3
+++ /dev/null
@@ -1,161 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_quiet_shutdown.3,v 1.6 2020/03/30 10:28:59 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 30 2020 $
-.Dt SSL_CTX_SET_QUIET_SHUTDOWN 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_quiet_shutdown ,
-.Nm SSL_CTX_get_quiet_shutdown ,
-.Nm SSL_set_quiet_shutdown ,
-.Nm SSL_get_quiet_shutdown
-.Nd manipulate shutdown behaviour
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_CTX_set_quiet_shutdown "SSL_CTX *ctx" "int mode"
-.Ft int
-.Fn SSL_CTX_get_quiet_shutdown "const SSL_CTX *ctx"
-.Ft void
-.Fn SSL_set_quiet_shutdown "SSL *ssl" "int mode"
-.Ft int
-.Fn SSL_get_quiet_shutdown "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_quiet_shutdown
-sets the
-.Dq quiet shutdown
-flag for
-.Fa ctx
-to be
-.Fa mode .
-.Vt SSL
-objects created from
-.Fa ctx
-inherit the
-.Fa mode
-valid at the time
-.Xr SSL_new 3
-is called.
-.Fa mode
-may be 0 or 1.
-.Pp
-.Fn SSL_CTX_get_quiet_shutdown
-returns the
-.Dq quiet shutdown
-setting of
-.Fa ctx .
-.Pp
-.Fn SSL_set_quiet_shutdown
-sets the
-.Dq quiet shutdown
-flag for
-.Fa ssl
-to be
-.Fa mode .
-The setting stays valid until
-.Fa ssl
-is removed with
-.Xr SSL_free 3
-or
-.Fn SSL_set_quiet_shutdown
-is called again.
-It is not changed when
-.Xr SSL_clear 3
-is called.
-.Fa mode
-may be 0 or 1.
-.Pp
-.Fn SSL_get_quiet_shutdown
-returns the
-.Dq quiet shutdown
-setting of
-.Fa ssl .
-.Pp
-Normally when a SSL connection is finished, the parties must send out
-.Dq close notify
-alert messages using
-.Xr SSL_shutdown 3
-for a clean shutdown.
-.Pp
-When setting the
-.Dq quiet shutdown
-flag to 1,
-.Xr SSL_shutdown 3
-will set the internal flags to
-.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN
-.Po
-.Xr SSL_shutdown 3
-then behaves like
-.Xr SSL_set_shutdown 3
-called with
-.Dv SSL_SENT_SHUTDOWN Ns | Ns Dv SSL_RECEIVED_SHUTDOWN
-.Pc .
-The session is thus considered to be shut down, but no
-.Dq close notify
-alert is sent to the peer.
-This behaviour violates the TLS standard.
-.Pp
-The default is normal shutdown behaviour as described by the TLS standard.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_quiet_shutdown
-and
-.Fn SSL_get_quiet_shutdown
-return the current setting.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_shutdown 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-These functions first appeared in SSLeay 0.8.1
-and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_read_ahead.3 b/src/lib/libssl/man/SSL_CTX_set_read_ahead.3
deleted file mode 100644
index eae76eb472..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_read_ahead.3
+++ /dev/null
@@ -1,144 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_read_ahead.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_SET_READ_AHEAD 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_read_ahead ,
-.Nm SSL_CTX_get_read_ahead ,
-.Nm SSL_set_read_ahead ,
-.Nm SSL_get_read_ahead ,
-.Nm SSL_CTX_get_default_read_ahead
-.Nd manage whether to read as many input bytes as possible
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_read_ahead
-.Fa "SSL_CTX *ctx"
-.Fa "int yes"
-.Fc
-.Ft long
-.Fo SSL_CTX_get_read_ahead
-.Fa "SSL_CTX *ctx"
-.Fc
-.Ft void
-.Fo SSL_set_read_ahead
-.Fa "SSL *s"
-.Fa "int yes"
-.Fc
-.Ft long
-.Fo SSL_get_read_ahead
-.Fa "const SSL *s"
-.Fc
-.Ft long
-.Fo SSL_CTX_get_default_read_ahead
-.Fa "SSL_CTX *ctx"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_read_ahead
-and
-.Fn SSL_set_read_ahead
-set whether as many input bytes as possible are read for non-blocking
-reads.
-For example if
-.Ar x
-bytes are currently required by OpenSSL, but
-.Ar y
-bytes are available from the underlying BIO (where
-.Ar y No > Ar x ) ,
-then OpenSSL will read all
-.Ar y
-bytes into its buffer (provided that the buffer is large enough) if
-reading ahead is on, or
-.Ar x
-bytes otherwise.
-The parameter
-.Fa yes
-should be 0 to ensure reading ahead is off, or non zero otherwise.
-.Pp
-.Fn SSL_CTX_get_read_ahead
-and
-.Fn SSL_get_read_ahead
-indicate whether reading ahead is set or not.
-.Pp
-.Fn SSL_CTX_get_default_read_ahead
-is identical to
-.Fn SSL_CTX_get_read_ahead .
-.Pp
-These functions are implemented as macros.
-.Pp
-These functions have no effect when used with DTLS.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_read_ahead
-and
-.Fn SSL_get_read_ahead
-return 0 if reading ahead is off or non-zero otherwise,
-except that the return values are undefined for DTLS.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_pending 3
-.Sh HISTORY
-.Fn SSL_set_read_ahead
-and
-.Fn SSL_get_read_ahead
-appeared in SSLeay 0.4 or earlier and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_set_read_ahead ,
-.Fn SSL_CTX_get_read_ahead ,
-and
-.Fn SSL_CTX_get_default_read_ahead
-first appeared in OpenSSL 0.9.2b and have been available since
-.Ox 2.6 .
-.Sh CAVEATS
-Switching read ahead on can impact the behaviour of the
-.Xr SSL_pending 3
-function.
diff --git a/src/lib/libssl/man/SSL_CTX_set_security_level.3 b/src/lib/libssl/man/SSL_CTX_set_security_level.3
deleted file mode 100644
index 89adb3d65d..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_security_level.3
+++ /dev/null
@@ -1,159 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_security_level.3,v 1.2 2025/01/18 10:45:12 tb Exp $
-.\"
-.\" Copyright (c) 2022 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: January 18 2025 $
-.Dt SSL_CTX_SET_SECURITY_LEVEL 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_security_level ,
-.Nm SSL_set_security_level ,
-.Nm SSL_CTX_get_security_level ,
-.Nm SSL_get_security_level
-.Nd change security level for TLS
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_security_level
-.Fa "SSL_CTX *ctx"
-.Fa "int level"
-.Fc
-.Ft void
-.Fo SSL_set_security_level
-.Fa "SSL *s"
-.Fa "int level"
-.Fc
-.Ft int
-.Fo SSL_CTX_get_security_level
-.Fa "const SSL_CTX *ctx"
-.Fc
-.Ft int
-.Fo SSL_get_security_level
-.Fa "const SSL *s"
-.Fc
-.Sh DESCRIPTION
-A security level is a set of restrictions on algorithms, key lengths,
-protocol versions, and other features in TLS connections.
-These restrictions apply in addition to those that exist from individually
-selecting supported features, for example ciphers, curves, or algorithms.
-.Pp
-The following table shows properties of the various security levels:
-.Bl -column # sec 15360 ECC TLS SHA1 -offset indent
-.It # Ta   sec Ta   \0\0RSA Ta   ECC Ta TLS Ta MAC
-.It 0 Ta \0\00 Ta \0\0\0\00 Ta \0\00 Ta 1.0 Ta MD5
-.It 1 Ta  \080 Ta    \01024 Ta   160 Ta 1.0 Ta RC4
-.It 2 Ta   112 Ta    \02048 Ta   224 Ta 1.0 Ta
-.It 3 Ta   128 Ta    \03072 Ta   256 Ta 1.1 Ta SHA1
-.It 4 Ta   192 Ta    \07680 Ta   384 Ta 1.2 Ta
-.It 5 Ta   256 Ta     15360 Ta   512 Ta 1.2 Ta
-.El
-.Pp
-The meaning of the columns is as follows:
-.Pp
-.Bl -tag -width features -compact
-.It #
-The number of the
-.Fa level .
-.It sec
-The minimum security strength measured in bits, which is approximately
-the binary logarithm of the number of operations an attacker has
-to perform in order to break a cryptographic key.
-This minimum strength is enforced for all relevant parameters
-including cipher suite encryption algorithms, ECC curves, signature
-algorithms, DH parameter sizes, and certificate algorithms and key
-sizes.
-See SP800-57 below
-.Sx SEE ALSO
-for details on individual algorithms.
-.It RSA
-The minimum key length in bits for the RSA and DH algorithms.
-.It ECC
-The minimum key length in bits for ECC algorithms.
-.It TLS
-The minimum TLS protocol version.
-.It MAC
-Cipher suites using the given MACs are allowed on this level
-and on lower levels, but not on higher levels.
-.El
-.Pp
-Level 0 is only provided for backward compatibility and permits everything.
-.Pp
-Level 3 and higher disable support for session tickets
-and only accept cipher suites that provide forward secrecy.
-.Pp
-The functions
-.Fn SSL_CTX_set_security_level
-and
-.Fn SSL_set_security_level
-choose the security
-.Fa level
-for
-.Fa ctx
-or
-.Fa s ,
-respectively.
-If not set, security level 1 is used.
-.Pp
-.Xr SSL_CTX_new 3
-initializes the security level of the new object to 1.
-.Pp
-.Xr SSL_new 3
-and
-.Xr SSL_set_SSL_CTX 3
-copy the security level from the context to the SSL object.
-.Pp
-.Xr SSL_dup 3
-copies the security level from the old to the new object.
-.Sh RETURN VALUES
-.Fn SSL_CTX_get_security_level
-and
-.Fn SSL_get_security_level
-return the security level configured in
-.Fa ctx
-or
-.Fa s ,
-respectively.
-.Sh SEE ALSO
-.Xr EVP_PKEY_security_bits 3 ,
-.Xr RSA_security_bits 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_new 3
-.Rs
-.%A Elaine Barker
-.%T Recommendation for Key Management
-.%I U.S. National Institute of Standards and Technology
-.%R NIST Special Publication 800-57 Part 1 Revision 5
-.%U https://doi.org/10.6028/NIST.SP.800-57pt1r5
-.%C Gaithersburg, MD
-.%D May 2020
-.Re
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
-and have been available since
-.Ox 7.2 .
-.Sh CAVEATS
-Applications which do not check the return values
-of configuration functions will misbehave.
-For example, if an application does not check the return value
-after trying to set a certificate and the certificate is rejected
-because of the security level, the application may behave as if
-no certificate had been provided at all.
-.Pp
-While some restrictions may be handled gracefully by negotiations
-between the client and the server, other restrictions may be
-fatal and abort the TLS handshake.
-For example, this can happen if the peer certificate contains a key
-that is too short or if the DH parameter size is too small.
diff --git a/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3 b/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
deleted file mode 100644
index 1fe67b2a7e..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_session_cache_mode.3
+++ /dev/null
@@ -1,198 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_session_cache_mode.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL 67adf0a7 Dec 25 19:58:38 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
-.\" Geoff Thorpe <geoff@openssl.org>.
-.\" Copyright (c) 2001, 2002 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_CTX_SET_SESSION_CACHE_MODE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_session_cache_mode ,
-.Nm SSL_CTX_get_session_cache_mode
-.Nd enable/disable session caching
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_set_session_cache_mode "SSL_CTX ctx" "long mode"
-.Ft long
-.Fn SSL_CTX_get_session_cache_mode "SSL_CTX ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_session_cache_mode
-enables/disables session caching by setting the operational mode for
-.Ar ctx
-to
-.Ar mode .
-.Pp
-.Fn SSL_CTX_get_session_cache_mode
-returns the currently used cache mode.
-.Pp
-The OpenSSL library can store/retrieve SSL/TLS sessions for later reuse.
-The sessions can be held in memory for each
-.Fa ctx ,
-if more than one
-.Vt SSL_CTX
-object is being maintained, the sessions are unique for each
-.Vt SSL_CTX
-object.
-.Pp
-In order to reuse a session, a client must send the session's id to the server.
-It can only send exactly one id.
-The server then either agrees to reuse the session or it starts a full
-handshake (to create a new session).
-.Pp
-A server will look up the session in its internal session storage.
-If the session is not found in internal storage or lookups for the internal
-storage have been deactivated
-.Pq Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP ,
-the server will try the external storage if available.
-.Pp
-Since a client may try to reuse a session intended for use in a different
-context, the session id context must be set by the server (see
-.Xr SSL_CTX_set_session_id_context 3 ) .
-.Pp
-The following session cache modes and modifiers are available:
-.Bl -tag -width Ds
-.It Dv SSL_SESS_CACHE_OFF
-No session caching for client or server takes place.
-.It Dv SSL_SESS_CACHE_CLIENT
-Client sessions are added to the session cache.
-As there is no reliable way for the OpenSSL library to know whether a session
-should be reused or which session to choose (due to the abstract BIO layer the
-SSL engine does not have details about the connection),
-the application must select the session to be reused by using the
-.Xr SSL_set_session 3
-function.
-This option is not activated by default.
-.It Dv SSL_SESS_CACHE_SERVER
-Server sessions are added to the session cache.
-When a client proposes a session to be reused, the server looks for the
-corresponding session in (first) the internal session cache (unless
-.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-is set), then (second) in the external cache if available.
-If the session is found, the server will try to reuse the session.
-This is the default.
-.It Dv SSL_SESS_CACHE_BOTH
-Enable both
-.Dv SSL_SESS_CACHE_CLIENT
-and
-.Dv SSL_SESS_CACHE_SERVER
-at the same time.
-.It Dv SSL_SESS_CACHE_NO_AUTO_CLEAR
-Normally the session cache is checked for expired sessions every 255
-connections using the
-.Xr SSL_CTX_flush_sessions 3
-function.
-Since this may lead to a delay which cannot be controlled,
-the automatic flushing may be disabled and
-.Xr SSL_CTX_flush_sessions 3
-can be called explicitly by the application.
-.It Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-By setting this flag, session-resume operations in an SSL/TLS server will not
-automatically look up sessions in the internal cache,
-even if sessions are automatically stored there.
-If external session caching callbacks are in use,
-this flag guarantees that all lookups are directed to the external cache.
-As automatic lookup only applies for SSL/TLS servers,
-the flag has no effect on clients.
-.It Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
-Depending on the presence of
-.Dv SSL_SESS_CACHE_CLIENT
-and/or
-.Dv SSL_SESS_CACHE_SERVER ,
-sessions negotiated in an SSL/TLS handshake may be cached for possible reuse.
-Normally a new session is added to the internal cache as well as any external
-session caching (callback) that is configured for the
-.Vt SSL_CTX .
-This flag will prevent sessions being stored in the internal cache
-(though the application can add them manually using
-.Xr SSL_CTX_add_session 3 ) .
-Note:
-in any SSL/TLS servers where external caching is configured, any successful
-session lookups in the external cache (e.g., for session-resume requests) would
-normally be copied into the local cache before processing continues \(en this
-flag prevents these additions to the internal cache as well.
-.It Dv SSL_SESS_CACHE_NO_INTERNAL
-Enable both
-.Dv SSL_SESS_CACHE_NO_INTERNAL_LOOKUP
-and
-.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
-at the same time.
-.El
-.Pp
-The default mode is
-.Dv SSL_SESS_CACHE_SERVER .
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_session_cache_mode
-returns the previously set cache mode.
-.Pp
-.Fn SSL_CTX_get_session_cache_mode
-returns the currently set cache mode.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_session 3 ,
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_sess_number 3 ,
-.Xr SSL_CTX_sess_set_cache_size 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_CTX_set_session_id_context 3 ,
-.Xr SSL_CTX_set_timeout 3 ,
-.Xr SSL_session_reused 3 ,
-.Xr SSL_set_session 3
-.Sh HISTORY
-.Fn SSL_CTX_set_session_cache_mode
-and
-.Fn SSL_CTX_get_session_cache_mode
-first appeared in SSLeay 0.6.1 and have been available since
-.Ox 2.4 .
-.Pp
-.Dv SSL_SESS_CACHE_NO_INTERNAL_STORE
-and
-.Dv SSL_SESS_CACHE_NO_INTERNAL
-were introduced in OpenSSL 0.9.6h.
diff --git a/src/lib/libssl/man/SSL_CTX_set_session_id_context.3 b/src/lib/libssl/man/SSL_CTX_set_session_id_context.3
deleted file mode 100644
index 06fd9348ae..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_session_id_context.3
+++ /dev/null
@@ -1,160 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_session_id_context.3,v 1.6 2019/06/08 15:25:43 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2004 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 8 2019 $
-.Dt SSL_CTX_SET_SESSION_ID_CONTEXT 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_session_id_context ,
-.Nm SSL_set_session_id_context
-.Nd set context within which session can be reused (server side only)
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set_session_id_context
-.Fa "SSL_CTX *ctx"
-.Fa "const unsigned char *sid_ctx"
-.Fa "unsigned int sid_ctx_len"
-.Fc
-.Ft int
-.Fo SSL_set_session_id_context
-.Fa "SSL *ssl"
-.Fa "const unsigned char *sid_ctx"
-.Fa "unsigned int sid_ctx_len"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_session_id_context
-sets the context
-.Fa sid_ctx
-of length
-.Fa sid_ctx_len
-within which a session can be reused for the
-.Fa ctx
-object.
-.Pp
-.Fn SSL_set_session_id_context
-sets the context
-.Fa sid_ctx
-of length
-.Fa sid_ctx_len
-within which a session can be reused for the
-.Fa ssl
-object.
-.Pp
-Sessions are generated within a certain context.
-When exporting/importing sessions with
-.Xr i2d_SSL_SESSION 3
-and
-.Xr d2i_SSL_SESSION 3 ,
-it would be possible to re-import a session generated from another context
-(e.g., another application), which might lead to malfunctions.
-Therefore each application must set its own session id context
-.Fa sid_ctx
-which is used to distinguish the contexts and is stored in exported sessions.
-The
-.Fa sid_ctx
-can be any kind of binary data with a given length; it is therefore possible
-to use, for instance, the name of the application, the hostname, the service
-name...
-.Pp
-The session id context becomes part of the session.
-The session id context is set by the SSL/TLS server.
-The
-.Fn SSL_CTX_set_session_id_context
-and
-.Fn SSL_set_session_id_context
-functions are therefore only useful on the server side.
-.Pp
-OpenSSL clients will check the session id context returned by the server when
-reusing a session.
-.Pp
-The maximum length of the
-.Fa sid_ctx
-is limited to
-.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
-.Sh WARNINGS
-If the session id context is not set on an SSL/TLS server and client
-certificates are used, stored sessions will not be reused but a fatal error
-will be flagged and the handshake will fail.
-.Pp
-If a server returns a different session id context to an OpenSSL client
-when reusing a session, an error will be flagged and the handshake will
-fail.
-OpenSSL servers will always return the correct session id context,
-as an OpenSSL server checks the session id context itself before reusing
-a session as described above.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_session_id_context
-and
-.Fn SSL_set_session_id_context
-return the following values:
-.Bl -tag -width Ds
-.It 0
-The length
-.Fa sid_ctx_len
-of the session id context
-.Fa sid_ctx
-exceeded
-the maximum allowed length of
-.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
-The error is logged to the error stack.
-.It 1
-The operation succeeded.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_SESSION_set1_id_context 3
-.Sh HISTORY
-.Fn SSL_set_session_id_context
-first appeared in OpenSSL 0.9.2b.
-.Fn SSL_CTX_set_session_id_context
-first appeared in OpenSSL 0.9.3.
-Both functions have been available since
-.Ox 2.6 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_ssl_version.3 b/src/lib/libssl/man/SSL_CTX_set_ssl_version.3
deleted file mode 100644
index b1bdb92bb0..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_ssl_version.3
+++ /dev/null
@@ -1,146 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_ssl_version.3,v 1.5 2021/05/11 19:48:56 tb Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: May 11 2021 $
-.Dt SSL_CTX_SET_SSL_VERSION 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_ssl_version ,
-.Nm SSL_set_ssl_method ,
-.Nm SSL_CTX_get_ssl_method ,
-.Nm SSL_get_ssl_method
-.Nd choose a new TLS/SSL method
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_set_ssl_version "SSL_CTX *ctx" "const SSL_METHOD *method"
-.Ft int
-.Fn SSL_set_ssl_method "SSL *s" "const SSL_METHOD *method"
-.Ft const SSL_METHOD *
-.Fn SSL_CTX_get_ssl_method "SSL_CTX *ctx"
-.Ft const SSL_METHOD *
-.Fn SSL_get_ssl_method "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_ssl_version
-sets a new default TLS/SSL
-.Fa method
-for
-.Vt SSL
-objects newly created from this
-.Fa ctx .
-.Vt SSL
-objects already created with
-.Xr SSL_new 3
-are not affected, except when
-.Xr SSL_clear 3
-is called.
-.Pp
-.Fn SSL_set_ssl_method
-sets a new TLS/SSL
-.Fa method
-for a particular
-.Vt SSL
-object
-.Fa s .
-It may be reset when
-.Xr SSL_clear 3
-is called.
-.Pp
-.Fn SSL_CTX_get_ssl_method
-and
-.Fn SSL_get_ssl_method
-return a function pointer to the TLS/SSL method set in
-.Fa ctx
-and
-.Fa ssl ,
-respectively.
-.Pp
-The available
-.Fa method
-choices are described in
-.Xr SSL_CTX_new 3 .
-.Pp
-When
-.Xr SSL_clear 3
-is called and no session is connected to an
-.Vt SSL
-object, the method of the
-.Vt SSL
-object is reset to the method currently set in the corresponding
-.Vt SSL_CTX
-object.
-.Sh RETURN VALUES
-The following return values can occur for
-.Fn SSL_CTX_set_ssl_version
-and
-.Fn SSL_set_ssl_method :
-.Bl -tag -width Ds
-.It  0
-The new choice failed.
-Check the error stack to find out the reason.
-.It  1
-The operation succeeded.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_connect_state 3
-.Sh HISTORY
-.Fn SSL_CTX_set_ssl_version ,
-.Fn SSL_set_ssl_method ,
-and
-.Fn SSL_get_ssl_method
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Fn SSL_CTX_get_ssl_method
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 7.0 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_timeout.3 b/src/lib/libssl/man/SSL_CTX_set_timeout.3
deleted file mode 100644
index ab99e2016e..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_timeout.3
+++ /dev/null
@@ -1,118 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_timeout.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CTX_SET_TIMEOUT 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_timeout ,
-.Nm SSL_CTX_get_timeout
-.Nd manipulate timeout values for session caching
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_CTX_set_timeout "SSL_CTX *ctx" "long t"
-.Ft long
-.Fn SSL_CTX_get_timeout "SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_timeout
-sets the timeout for newly created sessions for
-.Fa ctx
-to
-.Fa t .
-The timeout value
-.Fa t
-must be given in seconds.
-.Pp
-.Fn SSL_CTX_get_timeout
-returns the currently set timeout value for
-.Fa ctx .
-.Pp
-Whenever a new session is created, it is assigned a maximum lifetime.
-This lifetime is specified by storing the creation time of the session and the
-timeout value valid at this time.
-If the actual time is later than creation time plus timeout,
-the session is not reused.
-.Pp
-Due to this realization, all sessions behave according to the timeout value
-valid at the time of the session negotiation.
-Changes of the timeout value do not affect already established sessions.
-.Pp
-The expiration time of a single session can be modified using the
-.Xr SSL_SESSION_get_time 3
-family of functions.
-.Pp
-Expired sessions are removed from the internal session cache, whenever
-.Xr SSL_CTX_flush_sessions 3
-is called, either directly by the application or automatically (see
-.Xr SSL_CTX_set_session_cache_mode 3 ) .
-.Pp
-The default value for session timeout is decided on a per-protocol basis; see
-.Xr SSL_get_default_timeout 3 .
-All currently supported protocols have the same default timeout value of 300
-seconds.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_timeout
-returns the previously set timeout value.
-.Pp
-.Fn SSL_CTX_get_timeout
-returns the currently set timeout value.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_get_default_timeout 3 ,
-.Xr SSL_SESSION_get_time 3
-.Sh HISTORY
-.Fn SSL_CTX_set_timeout
-and
-.Fn SSL_CTX_get_timeout
-first appeared in SSLeay 0.6.1 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
deleted file mode 100644
index 2b54406de8..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_tlsext_servername_callback.3
+++ /dev/null
@@ -1,247 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_tlsext_servername_callback.3,v 1.6 2021/09/01 13:56:03 schwarze Exp $
-.\" full merge up to: OpenSSL 190b9a03 Jun 28 15:46:13 2017 +0800
-.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
-.\"
-.\" This file was written by Jon Spillett <jon.spillett@oracle.com>,
-.\" Paul Yang <yang dot yang at baishancloud dot com>, and
-.\" Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2017, 2019 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 1 2021 $
-.Dt SSL_CTX_SET_TLSEXT_SERVERNAME_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_tlsext_servername_callback ,
-.Nm SSL_CTX_set_tlsext_servername_arg ,
-.Nm SSL_get_servername_type ,
-.Nm SSL_get_servername ,
-.Nm SSL_set_tlsext_host_name
-.Nd handle server name indication (SNI)
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fo SSL_CTX_set_tlsext_servername_callback
-.Fa "SSL_CTX *ctx"
-.Fa "int (*cb)(SSL *ssl, int *alert, void *arg)"
-.Fc
-.Ft long
-.Fo SSL_CTX_set_tlsext_servername_arg
-.Fa "SSL_CTX *ctx"
-.Fa "void *arg"
-.Fc
-.Ft const char *
-.Fo SSL_get_servername
-.Fa "const SSL *ssl"
-.Fa "const int type"
-.Fc
-.Ft int
-.Fo SSL_get_servername_type
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_set_tlsext_host_name
-.Fa "const SSL *ssl"
-.Fa "const char *name"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_tlsext_servername_callback
-sets the application callback
-.Fa cb
-used by a server to perform any actions or configuration required based
-on the servername extension received in the incoming connection.
-Like the ALPN callback, it is executed during Client Hello processing.
-When
-.Fa cb
-is
-.Dv NULL ,
-SNI is not used.
-.Pp
-The servername callback should return one of the following values:
-.Bl -tag -width Ds
-.It Dv SSL_TLSEXT_ERR_OK
-This is used to indicate that the servername requested by the client
-has been accepted.
-Typically a server will call
-.Xr SSL_set_SSL_CTX 3
-in the callback to set up a different configuration
-for the selected servername in this case.
-.It Dv SSL_TLSEXT_ERR_ALERT_FATAL
-In this case the servername requested by the client is not accepted
-and the handshake will be aborted.
-The value of the alert to be used should be stored in the location
-pointed to by the
-.Fa alert
-parameter to the callback.
-By default this value is initialised to
-.Dv SSL_AD_UNRECOGNIZED_NAME .
-.It Dv SSL_TLSEXT_ERR_ALERT_WARNING
-If this value is returned, then the servername is not accepted by the server.
-However, the handshake will continue and send a warning alert instead.
-The value of the alert should be stored in the location pointed to by the
-.Fa alert
-parameter as for
-.Dv SSL_TLSEXT_ERR_ALERT_FATAL
-above.
-Note that TLSv1.3 does not support warning alerts, so if TLSv1.3 has
-been negotiated then this return value is treated the same way as
-.Dv SSL_TLSEXT_ERR_NOACK .
-.It Dv SSL_TLSEXT_ERR_NOACK
-This return value indicates
-that the servername is not accepted by the server.
-No alerts are sent
-and the server will not acknowledge the requested servername.
-.El
-.Pp
-.Fn SSL_CTX_set_tlsext_servername_arg
-sets a context-specific argument to be passed into the callback via the
-.Fa arg
-parameter for
-.Fa ctx .
-.ig end_of_get_servername_details
-.\" I would suggest to comment out that second wall text of dubious
-.\" usefulness and see if we can meet all these documented API
-.\" requirements in the future or decide that it's not worth the
-.\" effort.  -- tb@ Aug 30, 2021
-.Pp
-The behaviour of
-.Fn SSL_get_servername
-depends on a number of different factors.
-In particular note that in TLSv1.3,
-the servername is negotiated in every handshake.
-In TLSv1.2 the servername is only negotiated on initial handshakes
-and not on resumption handshakes.
-.Bl -tag -width Ds
-.It On the client, before the handshake:
-If a servername has been set via a call to
-.Fn SSL_set_tlsext_host_name ,
-then it will return that servername.
-If one has not been set, but a TLSv1.2 resumption is being attempted
-and the session from the original handshake had a servername
-accepted by the server, then it will return that servername.
-Otherwise it returns
-.Dv NULL .
-.It On the client, during or after the handshake,\
- if a TLSv1.2 (or below) resumption occurred:
-If the session from the original handshake had a servername accepted by the
-server, then it will return that servername.
-Otherwise it returns the servername set via
-.Fn SSL_set_tlsext_host_name
-or
-.Dv NULL
-if it was not called.
-.It On the client, during or after the handshake,\
- if a TLSv1.2 (or below) resumption did not occur:
-It will return the servername set via
-.Fn SSL_set_tlsext_host_name
-or
-.Dv NULL
-if it was not called.
-.It On the server, before the handshake:
-The function will always return
-.Dv NULL
-before the handshake.
-.It On the server, after the servername extension has been processed,\
- if a TLSv1.2 (or below) resumption occurred:
-If a servername was accepted by the server in the original handshake,
-then it will return that servername, or
-.Dv NULL
-otherwise.
-.It On the server, after the servername extension has been processed,\
- if a TLSv1.2 (or below) resumption did not occur:
-The function will return the servername
-requested by the client in this handshake or
-.Dv NULL
-if none was requested.
-.El
-.Pp
-Note that the early callback occurs before a servername extension
-from the client is processed.
-The servername, certificate and ALPN callbacks occur
-after a servername extension from the client is processed.
-.end_of_get_servername_details
-.Pp
-.Fn SSL_set_tlsext_host_name
-sets the server name indication ClientHello extension
-to contain the value
-.Fa name ,
-or clears it if
-.Fa name
-is
-.Dv NULL .
-The type of server name indication
-extension is set to
-.Dv TLSEXT_NAMETYPE_host_name
-as defined in RFC 3546.
-.Pp
-All three functions are implemented as macros.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_tlsext_servername_callback
-and
-.Fn SSL_CTX_set_tlsext_servername_arg
-always return 1 indicating success.
-.Pp
-.Fn SSL_get_servername
-returns a servername extension value of the specified type if provided
-in the Client Hello, or
-.Dv NULL
-otherwise.
-.Pp
-.Fn SSL_get_servername_type
-returns the servername type or -1 if no servername is present.
-Currently the only supported type (defined in RFC 3546) is
-.Dv TLSEXT_NAMETYPE_host_name .
-.Pp
-.Fn SSL_set_tlsext_host_name
-returns 1 on success or 0 in case of an error.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_callback_ctrl 3 ,
-.Xr SSL_CTX_set_alpn_select_cb 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 0.9.8f
-and have been available since
-.Ox 4.5 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
deleted file mode 100644
index d5979af1e8..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_tlsext_status_cb.3
+++ /dev/null
@@ -1,238 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_tlsext_status_cb.3,v 1.8 2021/09/11 18:58:41 schwarze Exp $
-.\" full merge up to: OpenSSL 43c34894 Nov 30 16:04:51 2015 +0000
-.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2015, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 11 2021 $
-.Dt SSL_CTX_SET_TLSEXT_STATUS_CB 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_tlsext_status_cb ,
-.Nm SSL_CTX_get_tlsext_status_cb ,
-.Nm SSL_CTX_set_tlsext_status_arg ,
-.Nm SSL_CTX_get_tlsext_status_arg ,
-.Nm SSL_set_tlsext_status_type ,
-.Nm SSL_get_tlsext_status_type ,
-.Nm SSL_get_tlsext_status_ocsp_resp ,
-.Nm SSL_set_tlsext_status_ocsp_resp
-.Nd OCSP Certificate Status Request functions
-.Sh SYNOPSIS
-.In openssl/tls1.h
-.Ft long
-.Fo SSL_CTX_set_tlsext_status_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*callback)(SSL *, void *)"
-.Fc
-.Ft long
-.Fo SSL_CTX_get_tlsext_status_cb
-.Fa "SSL_CTX *ctx"
-.Fa "int (*callback)(SSL *, void *)"
-.Fc
-.Ft long
-.Fo SSL_CTX_set_tlsext_status_arg
-.Fa "SSL_CTX *ctx"
-.Fa "void *arg"
-.Fc
-.Ft long
-.Fo SSL_CTX_get_tlsext_status_arg
-.Fa "SSL_CTX *ctx"
-.Fa "void **arg"
-.Fc
-.Ft long
-.Fo SSL_set_tlsext_status_type
-.Fa "SSL *s"
-.Fa "int type"
-.Fc
-.Ft long
-.Fo SSL_get_tlsext_status_type
-.Fa "SSL *s"
-.Fc
-.Ft long
-.Fo SSL_get_tlsext_status_ocsp_resp
-.Fa ssl
-.Fa "unsigned char **resp"
-.Fc
-.Ft long
-.Fo SSL_set_tlsext_status_ocsp_resp
-.Fa ssl
-.Fa "unsigned char *resp"
-.Fa "int len"
-.Fc
-.Sh DESCRIPTION
-A client application may request that a server send back an OCSP status
-response (also known as OCSP stapling).
-To do so the client should call the
-.Fn SSL_set_tlsext_status_type
-function on an individual
-.Vt SSL
-object prior to the start of the handshake.
-Currently the only supported type is
-.Dv TLSEXT_STATUSTYPE_ocsp .
-This value should be passed in the
-.Fa type
-argument.
-.Pp
-The client should additionally provide a callback function to decide
-what to do with the returned OCSP response by calling
-.Fn SSL_CTX_set_tlsext_status_cb .
-The callback function should determine whether the returned OCSP
-response is acceptable or not.
-The callback will be passed as an argument the value previously set via
-a call to
-.Fn SSL_CTX_set_tlsext_status_arg .
-Note that the callback will not be called in the event of a handshake
-where session resumption occurs (because there are no Certificates
-exchanged in such a handshake).
-.Pp
-The callback previously set via
-.Fn SSL_CTX_set_tlsext_status_cb
-can be retrieved by calling
-.Fn SSL_CTX_get_tlsext_status_cb ,
-and the argument by calling
-.Fn SSL_CTX_get_tlsext_status_arg .
-.Pp
-On the client side,
-.Fn SSL_get_tlsext_status_type
-can be used to determine whether the client has previously called
-.Fn SSL_set_tlsext_status_type .
-It will return
-.Dv TLSEXT_STATUSTYPE_ocsp
-if it has been called or \-1 otherwise.
-On the server side,
-.Fn SSL_get_tlsext_status_type
-can be used to determine whether the client requested OCSP stapling.
-If the client requested it, then this function will return
-.Dv TLSEXT_STATUSTYPE_ocsp ,
-or \-1 otherwise.
-.Pp
-The response returned by the server can be obtained via a call to
-.Fn SSL_get_tlsext_status_ocsp_resp .
-The value
-.Pf * Fa resp
-will be updated to point to the OCSP response data and the return value
-will be the length of that data.
-If the server has not provided any response data, then
-.Pf * Fa resp
-will be
-.Dv NULL
-and the return value from
-.Fn SSL_get_tlsext_status_ocsp_resp
-will be -1.
-.Pp
-A server application must also call the
-.Fn SSL_CTX_set_tlsext_status_cb
-function if it wants to be able to provide clients with OCSP Certificate
-Status responses.
-Typically the server callback would obtain the server certificate that
-is being sent back to the client via a call to
-.Xr SSL_get_certificate 3 ,
-obtain the OCSP response to be sent back, and then set that response
-data by calling
-.Fn SSL_set_tlsext_status_ocsp_resp .
-A pointer to the response data should be provided in the
-.Fa resp
-argument, and the length of that data should be in the
-.Fa len
-argument.
-.Sh RETURN VALUES
-The callback when used on the client side should return a negative
-value on error, 0 if the response is not acceptable (in which case
-the handshake will fail), or a positive value if it is acceptable.
-.Pp
-The callback when used on the server side should return with either
-.Dv SSL_TLSEXT_ERR_OK
-(meaning that the OCSP response that has been set should be returned),
-.Dv SSL_TLSEXT_ERR_NOACK
-(meaning that an OCSP response should not be returned), or
-.Dv SSL_TLSEXT_ERR_ALERT_FATAL
-(meaning that a fatal error has occurred).
-.Pp
-.Fn SSL_CTX_set_tlsext_status_cb ,
-.Fn SSL_CTX_get_tlsext_status_cb ,
-.Fn SSL_CTX_set_tlsext_status_arg ,
-.Fn SSL_CTX_get_tlsext_status_arg ,
-.Fn SSL_set_tlsext_status_type ,
-and
-.Fn SSL_set_tlsext_status_ocsp_resp
-always return 1, indicating success.
-.Pp
-.Fn SSL_get_tlsext_status_type
-returns
-.Dv TLSEXT_STATUSTYPE_ocsp
-on the client side if
-.Fn SSL_set_tlsext_status_type
-was previously called, or on the server side
-if the client requested OCSP stapling.
-Otherwise \-1 is returned.
-.Pp
-.Fn SSL_get_tlsext_status_ocsp_resp
-returns the length of the OCSP response data
-or \-1 if there is no OCSP response data.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_callback_ctrl 3
-.Sh HISTORY
-.Fn SSL_CTX_set_tlsext_status_cb ,
-.Fn SSL_CTX_set_tlsext_status_arg ,
-.Fn SSL_set_tlsext_status_type ,
-.Fn SSL_get_tlsext_status_ocsp_resp ,
-and
-.Fn SSL_set_tlsext_status_ocsp_resp
-first appeared in OpenSSL 0.9.8h and have been available since
-.Ox 4.5 .
-.Pp
-.Fn SSL_CTX_get_tlsext_status_cb
-and
-.Fn SSL_CTX_get_tlsext_status_arg
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 6.3 .
-.Pp
-.Fn SSL_get_tlsext_status_type
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 7.0 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
deleted file mode 100644
index b6ccabaeca..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_tlsext_ticket_key_cb.3
+++ /dev/null
@@ -1,300 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_tlsext_ticket_key_cb.3,v 1.8 2022/01/25 18:01:20 tb Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Rich Salz <rsalz@akamai.com>
-.\" Copyright (c) 2014, 2015, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 25 2022 $
-.Dt SSL_CTX_SET_TLSEXT_TICKET_KEY_CB 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_tlsext_ticket_key_cb
-.Nd set a callback for session ticket processing
-.Sh SYNOPSIS
-.In openssl/tls1.h
-.Ft long
-.Fo SSL_CTX_set_tlsext_ticket_key_cb
-.Fa "SSL_CTX sslctx"
-.Fa "int (*cb)(SSL *s, unsigned char key_name[16],\
- unsigned char iv[EVP_MAX_IV_LENGTH],\
- EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_tlsext_ticket_key_cb
-sets a callback function
-.Fa cb
-for handling session tickets for the ssl context
-.Fa sslctx .
-Session tickets, defined in RFC 5077, provide an enhanced session
-resumption capability where the server implementation is not required to
-maintain per session state.
-.Pp
-The callback function
-.Fa cb
-will be called for every client instigated TLS session when session
-ticket extension is presented in the TLS hello message.
-It is the responsibility of this function to create or retrieve the
-cryptographic parameters and to maintain their state.
-.Pp
-The OpenSSL library uses the callback function to help implement a
-common TLS ticket construction state according to RFC 5077 Section 4 such
-that per session state is unnecessary and a small set of cryptographic
-variables needs to be maintained by the callback function
-implementation.
-.Pp
-In order to reuse a session, a TLS client must send a session ticket
-extension to the server.
-The client can only send exactly one session ticket.
-The server, through the callback function, either agrees to reuse the
-session ticket information or it starts a full TLS handshake to create a
-new session ticket.
-.Pp
-The callback is called with
-.Fa ctx
-and
-.Fa hctx
-which were newly allocated with
-.Xr EVP_CIPHER_CTX_new 3
-and
-.Xr HMAC_CTX_new 3 ,
-respectively.
-.Pp
-For new sessions tickets, when the client doesn't present a session
-ticket, or an attempted retrieval of the ticket failed, or a renew
-option was indicated, the callback function will be called with
-.Fa enc
-equal to 1.
-The OpenSSL library expects that the function will set an arbitrary
-.Fa key_name ,
-initialize
-.Fa iv ,
-and set the cipher context
-.Fa ctx
-and the hash context
-.Fa hctx .
-.Pp
-The
-.Fa key_name
-is 16 characters long and is used as a key identifier.
-.Pp
-The
-.Fa iv
-length is the length of the IV of the corresponding cipher.
-The maximum IV length is
-.Dv EVP_MAX_IV_LENGTH
-bytes defined in
-.In openssl/evp.h .
-.Pp
-The initialization vector
-.Fa iv
-should be a random value.
-The cipher context
-.Fa ctx
-should use the initialisation vector
-.Fa iv .
-The cipher context can be set using
-.Xr EVP_EncryptInit_ex 3 .
-The hmac context can be set using
-.Xr HMAC_Init_ex 3 .
-.Pp
-When the client presents a session ticket, the callback function
-with be called with
-.Fa enc
-set to 0 indicating that the
-.Fa cb
-function should retrieve a set of parameters.
-In this case
-.Fa key_name
-and
-.Fa iv
-have already been parsed out of the session ticket.
-The OpenSSL library expects that the
-.Em key_name
-will be used to retrieve a cryptographic parameters and that the
-cryptographic context
-.Fa ctx
-will be set with the retrieved parameters and the initialization vector
-.Fa iv
-using a function like
-.Xr EVP_DecryptInit_ex 3 .
-The
-.Fa hctx
-needs to be set using
-.Xr HMAC_Init_ex 3 .
-.Pp
-If the
-.Fa key_name
-is still valid but a renewal of the ticket is required, the callback
-function should return 2.
-The library will call the callback again with an argument of
-.Fa enc
-equal to 1 to set the new ticket.
-.Pp
-The return value of the
-.Fa cb
-function is used by OpenSSL to determine what further processing will
-occur.
-The following return values have meaning:
-.Bl -tag -width Ds
-.It 2
-This indicates that the
-.Fa ctx
-and
-.Fa hctx
-have been set and the session can continue on those parameters.
-Additionally it indicates that the session ticket is in a renewal period
-and should be replaced.
-The OpenSSL library will call
-.Fa cb
-again with an
-.Fa enc
-argument of 1 to set the new ticket (see RFC 5077 3.3 paragraph 2).
-.It 1
-This indicates that the
-.Fa ctx
-and
-.Fa hctx
-have been set and the session can continue on those parameters.
-.It 0
-This indicates that it was not possible to set/retrieve a session ticket
-and the SSL/TLS session will continue by negotiating a set of
-cryptographic parameters or using the alternate SSL/TLS resumption
-mechanism, session ids.
-.Pp
-If called with
-.Fa enc
-equal to 0, the library will call the
-.Fa cb
-again to get a new set of parameters.
-.It less than 0
-This indicates an error.
-.El
-.Pp
-Session resumption shortcuts the TLS so that the client certificate
-negotiation don't occur.
-It makes up for this by storing client certificate and all other
-negotiated state information encrypted within the ticket.
-In a resumed session the applications will have all this state
-information available exactly as if a full negotiation had occurred.
-.Pp
-If an attacker can obtain the key used to encrypt a session ticket, they
-can obtain the master secret for any ticket using that key and decrypt
-any traffic using that session: even if the ciphersuite supports forward
-secrecy.
-As a result applications may wish to use multiple keys and avoid using
-long term keys stored in files.
-.Pp
-Applications can use longer keys to maintain a consistent level of
-security.
-For example if a ciphersuite uses 256 bit ciphers but only a 128 bit
-ticket key the overall security is only 128 bits because breaking the
-ticket key will enable an attacker to obtain the session keys.
-.Sh RETURN VALUES
-This function returns 0 to indicate that the callback function was set.
-.Sh EXAMPLES
-Reference Implementation:
-.Bd -literal
-SSL_CTX_set_tlsext_ticket_key_cb(SSL, ssl_tlsext_ticket_key_cb);
-\&....
-static int ssl_tlsext_ticket_key_cb(SSL *s, unsigned char key_name[16],
-    unsigned char *iv, EVP_CIPHER_CTX *ctx, HMAC_CTX *hctx, int enc)
-{
-        if (enc) { /* create new session */
-                if (RAND_bytes(iv, EVP_MAX_IV_LENGTH))
-                        return -1; /* insufficient random */
-
-                key = currentkey(); /* something you need to implement */
-                if (!key) {
-                        /* current key doesn't exist or isn't valid */
-                        key = createkey();
-                            /* something that you need to implement.
-                             * createkey needs to initialise a name,
-                             * an aes_key, a hmac_key, and optionally
-                             * an expire time. */
-                        if (!key) /* key couldn't be created */
-                                return 0;
-                }
-                memcpy(key_name, key->name, 16);
-
-                EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                    key->aes_key, iv);
-                HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
-
-                return 1;
-
-        } else { /* retrieve session */
-                key = findkey(name);
-
-                if  (!key || key->expire < now())
-                        return 0;
-
-                HMAC_Init_ex(&hctx, key->hmac_key, 16, EVP_sha256(), NULL);
-                EVP_DecryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL,
-                    key->aes_key, iv );
-
-                if (key->expire < (now() - RENEW_TIME))
-                    /* this session will get a new ticket
-                     * even though the current is still valid */
-                    return 2;
-
-                return 1;
-        }
-}
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_add_session 3 ,
-.Xr SSL_CTX_callback_ctrl 3 ,
-.Xr SSL_CTX_sess_number 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_CTX_set_session_id_context 3 ,
-.Xr SSL_session_reused 3 ,
-.Xr SSL_set_session 3
-.Sh HISTORY
-.Fn SSL_CTX_set_tlsext_ticket_key_cb
-first appeared in OpenSSL 0.9.8h and has been available since
-.Ox 4.5 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3 b/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3
deleted file mode 100644
index 04c4833c6a..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_tlsext_use_srtp.3
+++ /dev/null
@@ -1,197 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_tlsext_use_srtp.3,v 1.6 2021/06/11 19:41:39 jmc Exp $
-.\" full merge up to: OpenSSL b0edda11 Mar 20 13:00:17 2018 +0000
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 11 2021 $
-.Dt SSL_CTX_SET_TLSEXT_USE_SRTP 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_tlsext_use_srtp ,
-.Nm SSL_set_tlsext_use_srtp ,
-.Nm SSL_get_srtp_profiles ,
-.Nm SSL_get_selected_srtp_profile
-.Nd Configure and query SRTP support
-.Sh SYNOPSIS
-.In openssl/srtp.h
-.Ft int
-.Fo SSL_CTX_set_tlsext_use_srtp
-.Fa "SSL_CTX *ctx"
-.Fa "const char *profiles"
-.Fc
-.Ft int
-.Fo SSL_set_tlsext_use_srtp
-.Fa "SSL *ssl"
-.Fa "const char *profiles"
-.Fc
-.Ft STACK_OF(SRTP_PROTECTION_PROFILE) *
-.Fo SSL_get_srtp_profiles
-.Fa "SSL *ssl"
-.Fc
-.Ft SRTP_PROTECTION_PROFILE *
-.Fo SSL_get_selected_srtp_profile
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-SRTP is the Secure Real-Time Transport Protocol.
-OpenSSL implements support for the "use_srtp" DTLS extension
-defined in RFC 5764.
-This provides a mechanism for establishing SRTP keying material,
-algorithms and parameters using DTLS.
-This capability may be used as part of an implementation that
-conforms to RFC 5763.
-OpenSSL does not implement SRTP itself or RFC 5763.
-Note that OpenSSL does not support the use of SRTP Master Key
-Identifiers (MKIs).
-Also note that this extension is only supported in DTLS.
-Any SRTP configuration is ignored if a TLS connection is attempted.
-.Pp
-An OpenSSL client wishing to send the "use_srtp" extension should call
-.Fn SSL_CTX_set_tlsext_use_srtp
-to set its use for all
-.Vt SSL
-objects subsequently created from
-.Fa ctx .
-Alternatively a client may call
-.Fn SSL_set_tlsext_use_srtp
-to set its use for an individual
-.Vt SSL
-object.
-The
-.Fa profiles
-parameter should point to a NUL-terminated, colon delimited list of
-SRTP protection profile names.
-.Pp
-The currently supported protection profile names are:
-.Bl -tag -width Ds
-.It Dv SRTP_AES128_CM_SHA1_80
-This corresponds to SRTP_AES128_CM_HMAC_SHA1_80 defined in RFC 5764.
-.It Dv SRTP_AES128_CM_SHA1_32
-This corresponds to SRTP_AES128_CM_HMAC_SHA1_32 defined in RFC 5764.
-.It Dv SRTP_AEAD_AES_128_GCM
-This corresponds to SRTP_AEAD_AES_128_GCM defined in RFC 7714.
-.It Dv SRTP_AEAD_AES_256_GCM
-This corresponds to SRTP_AEAD_AES_256_GCM defined in RFC 7714.
-.El
-.Pp
-Supplying an unrecognised protection profile name results in an error.
-.Pp
-An OpenSSL server wishing to support the "use_srtp" extension should
-also call
-.Fn SSL_CTX_set_tlsext_use_srtp
-or
-.Fn SSL_set_tlsext_use_srtp
-to indicate the protection profiles that it is willing to negotiate.
-.Pp
-The currently configured list of protection profiles for either a client
-or a server can be obtained by calling
-.Fn SSL_get_srtp_profiles .
-This returns a stack of
-.Vt SRTP_PROTECTION_PROFILE
-objects.
-The memory pointed to in the return value of this function should not be
-freed by the caller.
-.Pp
-After a handshake has been completed, the negotiated SRTP protection
-profile (if any) can be obtained (on the client or the server) by
-calling
-.Fn SSL_get_selected_srtp_profile .
-This function returns
-.Dv NULL
-if no SRTP protection profile was negotiated.
-The memory returned from this function should not be freed by the
-caller.
-.Pp
-If an SRTP protection profile has been successfully negotiated,
-then the SRTP keying material (on both the client and server)
-should be obtained by calling
-.Xr SSL_export_keying_material 3
-with a
-.Fa label
-of
-.Qq EXTRACTOR-dtls_srtp ,
-a
-.Fa context
-of
-.Dv NULL ,
-and a
-.Fa use_context
-argument of 0.
-The total length of keying material obtained should be equal to two
-times the sum of the master key length and the salt length as defined
-for the protection profile in use.
-This provides the client write master key, the server write master key,
-the client write master salt and the server write master salt in that
-order.
-.Sh RETURN VALUES
-Contrary to OpenSSL conventions,
-.Fn SSL_CTX_set_tlsext_use_srtp
-and
-.Fn SSL_set_tlsext_use_srtp
-return 0 on success or 1 on error.
-.Pp
-.Fn SSL_get_srtp_profiles
-returns a stack of
-.Vt SRTP_PROTECTION_PROFILE
-objects on success or
-.Dv NULL
-on error or if no protection profiles have been configured.
-.Pp
-.Fn SSL_get_selected_srtp_profile
-returns a pointer to an
-.Vt SRTP_PROTECTION_PROFILE
-object if one has been negotiated or
-.Dv NULL
-otherwise.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_export_keying_material 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.0.1
-and have been available since
-.Ox 5.3 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
deleted file mode 100644
index c6f5253431..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_dh_callback.3
+++ /dev/null
@@ -1,229 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_dh_callback.3,v 1.11 2025/01/18 10:45:12 tb Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2014, 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 18 2025 $
-.Dt SSL_CTX_SET_TMP_DH_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_tmp_dh_callback ,
-.Nm SSL_CTX_set_tmp_dh ,
-.Nm SSL_set_tmp_dh_callback ,
-.Nm SSL_set_tmp_dh
-.Nd handle DH keys for ephemeral key exchange
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_tmp_dh_callback
-.Fa "SSL_CTX *ctx"
-.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength)"
-.Fc
-.Ft long
-.Fn SSL_CTX_set_tmp_dh "SSL_CTX *ctx" "DH *dh"
-.Ft void
-.Fo SSL_set_tmp_dh_callback
-.Fa "SSL *ssl"
-.Fa "DH *(*tmp_dh_callback)(SSL *ssl, int is_export, int keylength"
-.Fc
-.Ft long
-.Fn SSL_set_tmp_dh "SSL *ssl" "DH *dh"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_tmp_dh_callback
-sets the callback function for
-.Fa ctx
-to be used when a DH parameters are required to
-.Fa tmp_dh_callback .
-The callback is inherited by all
-.Vt ssl
-objects created from
-.Fa ctx .
-.Pp
-.Fn SSL_CTX_set_tmp_dh
-sets DH parameters to be used by
-.Fa ctx .
-The key is inherited by all
-.Fa ssl
-objects created from
-.Fa ctx .
-.Pp
-.Fn SSL_set_tmp_dh_callback
-sets the callback only for
-.Fa ssl .
-.Pp
-.Fn SSL_set_tmp_dh
-sets the parameters only for
-.Fa ssl .
-.Pp
-These functions apply to SSL/TLS servers only.
-.Pp
-When using a cipher with RSA authentication,
-an ephemeral DH key exchange can take place.
-In these cases, the session data are negotiated using the ephemeral/temporary
-DH key and the key supplied and certified by the certificate chain is only used
-for signing.
-Anonymous ciphers (without a permanent server key) also use ephemeral DH keys.
-.Pp
-Using ephemeral DH key exchange yields forward secrecy,
-as the connection can only be decrypted when the DH key is known.
-By generating a temporary DH key inside the server application that is lost
-when the application is left, it becomes impossible for attackers to decrypt
-past sessions, even if they get hold of the normal (certified) key,
-as this key was only used for signing.
-.Pp
-In order to perform a DH key exchange, the server must use a DH group
-(DH parameters) and generate a DH key.
-The server will always generate a new DH key during the negotiation.
-.Pp
-As generating DH parameters is extremely time consuming, an application should
-not generate the parameters on the fly but supply the parameters.
-DH parameters can be reused,
-as the actual key is newly generated during the negotiation.
-The risk in reusing DH parameters is that an attacker may specialize on a very
-often used DH group.
-Applications should therefore generate their own DH parameters during the
-installation process using the
-.Xr openssl 1
-.Cm dhparam
-application.
-This application guarantees that "strong" primes are used.
-.Pp
-Files
-.Pa dh2048.pem
-and
-.Pa dh4096.pem
-in the
-.Pa apps
-directory of the current version of the OpenSSL distribution contain the
-.Sq SKIP
-DH parameters,
-which use safe primes and were generated verifiably pseudo-randomly.
-These files can be converted into C code using the
-.Fl C
-option of the
-.Xr openssl 1
-.Cm dhparam
-application.
-Generation of custom DH parameters during installation should still
-be preferred to stop an attacker from specializing on a commonly
-used group.
-The file
-.Pa dh1024.pem
-contains old parameters that must not be used by applications.
-.Pp
-An application may either directly specify the DH parameters or can supply the
-DH parameters via a callback function.
-.Pp
-Previous versions of the callback used
-.Fa is_export
-and
-.Fa keylength
-parameters to control parameter generation for export and non-export
-cipher suites.
-Modern servers that do not support export ciphersuites are advised
-to either use
-.Fn SSL_CTX_set_tmp_dh
-or alternatively, use the callback but ignore
-.Fa keylength
-and
-.Fa is_export
-and simply supply at least 2048-bit parameters in the callback.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_tmp_dh
-and
-.Fn SSL_set_tmp_dh
-do return 1 on success and 0 on failure.
-Check the error queue to find out the reason of failure.
-.Sh EXAMPLES
-Set up DH parameters with a key length of 2048 bits.
-Error handling is partly left out.
-.Pp
-Command-line parameter generation:
-.Pp
-.Dl openssl dhparam -out dh_param_2048.pem 2048
-.Pp
-Code for setting up parameters during server initialization:
-.Bd -literal
-SSL_CTX ctx = SSL_CTX_new();
-\&...
-
-/* Set up ephemeral DH parameters. */
-DH *dh_2048 = NULL;
-FILE *paramfile;
-paramfile = fopen("dh_param_2048.pem", "r");
-if (paramfile) {
-        dh_2048 = PEM_read_DHparams(paramfile, NULL, NULL, NULL);
-        fclose(paramfile);
-} else {
-        /* Error. */
-}
-if (dh_2048 == NULL) {
-        /* Error. */
-}
-if (SSL_CTX_set_tmp_dh(ctx, dh_2048) != 1) {
-        /* Error. */
-}
-.Ed
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_set_tmp_ecdh 3
-.Sh HISTORY
-.Fn SSL_CTX_set_tmp_dh_callback
-and
-.Fn SSL_CTX_set_tmp_dh
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_set_tmp_dh_callback
-and
-.Fn SSL_set_tmp_dh
-first appeared in OpenSSL 0.9.2b and have been available since
-.Ox 2.6 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3 b/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
deleted file mode 100644
index b4c3a3c647..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_tmp_rsa_callback.3
+++ /dev/null
@@ -1,114 +0,0 @@
-.\"     $OpenBSD: SSL_CTX_set_tmp_rsa_callback.3,v 1.9 2022/03/29 14:27:59 naddy Exp $
-.\"     OpenSSL 0b30fc90 Dec 19 15:23:05 2013 -0500
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2006, 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 29 2022 $
-.Dt SSL_CTX_SET_TMP_RSA_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_tmp_rsa_callback ,
-.Nm SSL_CTX_set_tmp_rsa ,
-.Nm SSL_CTX_need_tmp_RSA ,
-.Nm SSL_set_tmp_rsa_callback ,
-.Nm SSL_set_tmp_rsa ,
-.Nm SSL_need_tmp_RSA
-.Nd handle RSA keys for ephemeral key exchange
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_tmp_rsa_callback
-.Fa "SSL_CTX *ctx"
-.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
-.Fc
-.Ft long
-.Fn SSL_CTX_set_tmp_rsa "SSL_CTX *ctx" "RSA *rsa"
-.Ft long
-.Fn SSL_CTX_need_tmp_RSA "SSL_CTX *ctx"
-.Ft void
-.Fo SSL_set_tmp_rsa_callback
-.Fa "SSL_CTX *ctx"
-.Fa "RSA *(*tmp_rsa_callback)(SSL *ssl, int is_export, int keylength)"
-.Fc
-.Ft long
-.Fn SSL_set_tmp_rsa "SSL *ssl" "RSA *rsa"
-.Ft long
-.Fn SSL_need_tmp_RSA "SSL *ssl"
-.Sh DESCRIPTION
-Since they mattered only for deliberately insecure RSA authentication
-mandated by historical U.S. export restrictions, these functions
-are all deprecated and have no effect except that
-.Fn SSL_CTX_set_tmp_rsa_callback ,
-.Fn SSL_CTX_set_tmp_rsa ,
-.Fn SSL_set_tmp_rsa_callback ,
-and
-.Fn SSL_set_tmp_rsa
-issue error messages when called.
-.Sh RETURN VALUES
-These functions always return 0, indicating failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_tmp_dh_callback 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_tmp_ecdh 3
-.Sh HISTORY
-.Fn SSL_CTX_set_tmp_rsa_callback ,
-.Fn SSL_CTX_set_tmp_rsa ,
-and
-.Fn SSL_CTX_need_tmp_RSA
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_set_tmp_rsa_callback ,
-.Fn SSL_set_tmp_rsa ,
-and
-.Fn SSL_need_tmp_RSA
-first appeared in OpenSSL 0.9.2b and have been available since
-.Ox 2.6 .
diff --git a/src/lib/libssl/man/SSL_CTX_set_verify.3 b/src/lib/libssl/man/SSL_CTX_set_verify.3
deleted file mode 100644
index 1ed86407e9..0000000000
--- a/src/lib/libssl/man/SSL_CTX_set_verify.3
+++ /dev/null
@@ -1,479 +0,0 @@
-.\" $OpenBSD: SSL_CTX_set_verify.3,v 1.9 2021/06/12 16:59:53 jmc Exp $
-.\" full merge up to: OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\" selective merge up to: OpenSSL 1cb7eff4 Sep 10 13:56:40 2019 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2003, 2014 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2021 $
-.Dt SSL_CTX_SET_VERIFY 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_verify ,
-.Nm SSL_set_verify ,
-.Nm SSL_CTX_set_verify_depth ,
-.Nm SSL_set_verify_depth
-.Nd set peer certificate verification parameters
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fo SSL_CTX_set_verify
-.Fa "SSL_CTX *ctx"
-.Fa "int mode"
-.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
-.Fc
-.Ft void
-.Fo SSL_set_verify
-.Fa "SSL *s"
-.Fa "int mode"
-.Fa "int (*verify_callback)(int, X509_STORE_CTX *)"
-.Fc
-.Ft void
-.Fn SSL_CTX_set_verify_depth "SSL_CTX *ctx" "int depth"
-.Ft void
-.Fn SSL_set_verify_depth "SSL *s" "int depth"
-.Ft int
-.Fn verify_callback "int preverify_ok" "X509_STORE_CTX *x509_ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_verify
-sets the verification flags for
-.Fa ctx
-to be
-.Fa mode
-and
-specifies the
-.Fa verify_callback
-function to be used.
-If no callback function shall be specified, the
-.Dv NULL
-pointer can be used for
-.Fa verify_callback .
-.Pp
-.Fn SSL_set_verify
-sets the verification flags for
-.Fa ssl
-to be
-.Fa mode
-and specifies the
-.Fa verify_callback
-function to be used.
-If no callback function shall be specified, the
-.Dv NULL
-pointer can be used for
-.Fa verify_callback .
-In this case last
-.Fa verify_callback
-set specifically for this
-.Fa ssl
-remains.
-If no special callback was set before, the default callback for the underlying
-.Fa ctx
-is used, that was valid at the time
-.Fa ssl
-was created with
-.Xr SSL_new 3 .
-Within the callback function,
-.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3
-can be called to get the data index of the current
-.Vt SSL
-object that is doing the verification.
-.Pp
-.Fn SSL_CTX_set_verify_depth
-sets the maximum
-.Fa depth
-for the certificate chain verification that shall be allowed for
-.Fa ctx .
-(See the
-.Sx BUGS
-section.)
-.Pp
-.Fn SSL_set_verify_depth
-sets the maximum
-.Fa depth
-for the certificate chain verification that shall be allowed for
-.Fa ssl .
-(See the
-.Sx BUGS
-section.)
-.Pp
-The verification of certificates can be controlled by a set of bitwise ORed
-.Fa mode
-flags:
-.Bl -tag -width Ds
-.It Dv SSL_VERIFY_NONE
-.Em Server mode :
-the server will not send a client certificate request to the client,
-so the client will not send a certificate.
-.Pp
-.Em Client mode :
-if not using an anonymous cipher (by default disabled),
-the server will send a certificate which will be checked.
-The result of the certificate verification process can be checked after the
-TLS/SSL handshake using the
-.Xr SSL_get_verify_result 3
-function.
-The handshake will be continued regardless of the verification result.
-.It Dv SSL_VERIFY_PEER
-.Em Server mode :
-the server sends a client certificate request to the client.
-The certificate returned (if any) is checked.
-If the verification process fails,
-the TLS/SSL handshake is immediately terminated with an alert message
-containing the reason for the verification failure.
-The behaviour can be controlled by the additional
-.Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
-and
-.Dv SSL_VERIFY_CLIENT_ONCE
-flags.
-.Pp
-.Em Client mode :
-the server certificate is verified.
-If the verification process fails,
-the TLS/SSL handshake is immediately terminated with an alert message
-containing the reason for the verification failure.
-If no server certificate is sent, because an anonymous cipher is used,
-.Dv SSL_VERIFY_PEER
-is ignored.
-.It Dv SSL_VERIFY_FAIL_IF_NO_PEER_CERT
-.Em Server mode :
-if the client did not return a certificate, the TLS/SSL
-handshake is immediately terminated with a
-.Dq handshake failure
-alert.
-This flag must be used together with
-.Dv SSL_VERIFY_PEER .
-.Pp
-.Em Client mode :
-ignored
-.It Dv SSL_VERIFY_CLIENT_ONCE
-.Em Server mode :
-only request a client certificate on the initial TLS/SSL handshake.
-Do not ask for a client certificate again in case of a renegotiation.
-This flag must be used together with
-.Dv SSL_VERIFY_PEER .
-.Pp
-.Em Client mode :
-ignored
-.El
-.Pp
-Exactly one of the
-.Fa mode
-flags
-.Dv SSL_VERIFY_NONE
-and
-.Dv SSL_VERIFY_PEER
-must be set at any time.
-.Pp
-The actual verification procedure is performed either using the built-in
-verification procedure or using another application provided verification
-function set with
-.Xr SSL_CTX_set_cert_verify_callback 3 .
-The following descriptions apply in the case of the built-in procedure.
-An application provided procedure also has access to the verify depth
-information and the
-.Fa verify_callback Ns ()
-function, but the way this information is used may be different.
-.Pp
-.Fn SSL_CTX_set_verify_depth
-and
-.Fn SSL_set_verify_depth
-set the limit up to which depth certificates in a chain are used during the
-verification procedure.
-If the certificate chain is longer than allowed,
-the certificates above the limit are ignored.
-Error messages are generated as if these certificates would not be present,
-most likely a
-.Dv X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY
-will be issued.
-The depth count is
-.Dq level 0: peer certificate ,
-.Dq level 1: CA certificate ,
-.Dq level 2: higher level CA certificate ,
-and so on.
-Setting the maximum depth to 2 allows the levels 0, 1, and 2.
-The default depth limit is 100,
-allowing for the peer certificate and an additional 100 CA certificates.
-.Pp
-The
-.Fa verify_callback
-function is used to control the behaviour when the
-.Dv SSL_VERIFY_PEER
-flag is set.
-It must be supplied by the application and receives two arguments:
-.Fa preverify_ok
-indicates whether the verification of the certificate in question was passed
-(preverify_ok=1) or not (preverify_ok=0).
-.Fa x509_ctx
-is a pointer to the complete context used
-for the certificate chain verification.
-.Pp
-The certificate chain is checked starting with the deepest nesting level
-(the root CA certificate) and worked upward to the peer's certificate.
-At each level signatures and issuer attributes are checked.
-Whenever a verification error is found, the error number is stored in
-.Fa x509_ctx
-and
-.Fa verify_callback
-is called with
-.Fa preverify_ok
-equal to 0.
-By applying
-.Fn X509_CTX_store_*
-functions
-.Fa verify_callback
-can locate the certificate in question and perform additional steps (see
-.Sx EXAMPLES ) .
-If no error is found for a certificate,
-.Fa verify_callback
-is called with
-.Fa preverify_ok
-equal to 1 before advancing to the next level.
-.Pp
-The return value of
-.Fa verify_callback
-controls the strategy of the further verification process.
-If
-.Fa verify_callback
-returns 0, the verification process is immediately stopped with
-.Dq verification failed
-state.
-If
-.Dv SSL_VERIFY_PEER
-is set, a verification failure alert is sent to the peer and the TLS/SSL
-handshake is terminated.
-If
-.Fa verify_callback
-returns 1, the verification process is continued.
-If
-.Fa verify_callback
-always returns 1,
-the TLS/SSL handshake will not be terminated with respect to verification
-failures and the connection will be established.
-The calling process can however retrieve the error code of the last
-verification error using
-.Xr SSL_get_verify_result 3
-or by maintaining its own error storage managed by
-.Fa verify_callback .
-.Pp
-If no
-.Fa verify_callback
-is specified, the default callback will be used.
-Its return value is identical to
-.Fa preverify_ok ,
-so that any verification
-failure will lead to a termination of the TLS/SSL handshake with an
-alert message, if
-.Dv SSL_VERIFY_PEER
-is set.
-.Sh EXAMPLES
-The following code sequence realizes an example
-.Fa verify_callback
-function that will always continue the TLS/SSL handshake regardless of
-verification failure, if wished.
-The callback realizes a verification depth limit with more informational output.
-.Pp
-All verification errors are printed;
-information about the certificate chain is printed on request.
-The example is realized for a server that does allow but not require client
-certificates.
-.Pp
-The example makes use of the ex_data technique to store application data
-into/retrieve application data from the
-.Vt SSL
-structure (see
-.Xr SSL_get_ex_new_index 3 ,
-.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ) .
-.Bd -literal
-\&...
-
-typedef struct {
-        int     verbose_mode;
-        int     verify_depth;
-        int     always_continue;
-} mydata_t;
-int mydata_index;
-\&...
-static int
-verify_callback(int preverify_ok, X509_STORE_CTX *ctx)
-{
-        char buf[256];
-        X509 *err_cert;
-        int err, depth;
-        SSL *ssl;
-        mydata_t *mydata;
-
-        err_cert = X509_STORE_CTX_get_current_cert(ctx);
-        err = X509_STORE_CTX_get_error(ctx);
-        depth = X509_STORE_CTX_get_error_depth(ctx);
-
-        /*
-         * Retrieve the pointer to the SSL of the connection currently
-         * treated * and the application specific data stored into the
-         * SSL object.
-         */
-        ssl = X509_STORE_CTX_get_ex_data(ctx,
-            SSL_get_ex_data_X509_STORE_CTX_idx());
-        mydata = SSL_get_ex_data(ssl, mydata_index);
-
-        X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
-
-        /*
-         * Catch a too long certificate chain. The depth limit set using
-         * SSL_CTX_set_verify_depth() is by purpose set to "limit+1" so
-         * that whenever the "depth>verify_depth" condition is met, we
-         * have violated the limit and want to log this error condition.
-         * We must do it here, because the CHAIN_TOO_LONG error would not
-         * be found explicitly; only errors introduced by cutting off the
-         * additional certificates would be logged.
-         */
-        if (depth > mydata->verify_depth) {
-                preverify_ok = 0;
-                err = X509_V_ERR_CERT_CHAIN_TOO_LONG;
-                X509_STORE_CTX_set_error(ctx, err);
-        }
-        if (!preverify_ok) {
-                printf("verify error:num=%d:%s:depth=%d:%s\en", err,
-                    X509_verify_cert_error_string(err), depth, buf);
-        } else if (mydata->verbose_mode) {
-                printf("depth=%d:%s\en", depth, buf);
-        }
-
-        /*
-         * At this point, err contains the last verification error.
-         * We can use it for something special
-         */
-        if (!preverify_ok && (err ==
-            X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT)) {
-                X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert),
-                    buf, 256);
-                printf("issuer= %s\en", buf);
-        }
-
-        if (mydata->always_continue)
-                return 1;
-        else
-                return preverify_ok;
-}
-\&...
-
-mydata_t mydata;
-
-\&...
-
-mydata_index = SSL_get_ex_new_index(0, "mydata index", NULL, NULL, NULL);
-
-\&...
-
-SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE,
-    verify_callback);
-
-/*
- * Let the verify_callback catch the verify_depth error so that we get
- * an appropriate error in the logfile.
- */
-SSL_CTX_set_verify_depth(verify_depth + 1);
-
-/*
- * Set up the SSL specific data into "mydata" and store it into the SSL
- * structure.
- */
-mydata.verify_depth = verify_depth; ...
-SSL_set_ex_data(ssl, mydata_index, &mydata);
-
-\&...
-
-SSL_accept(ssl); /* check of success left out for clarity */
-if (peer = SSL_get_peer_certificate(ssl)) {
-        if (SSL_get_verify_result(ssl) == X509_V_OK) {
-                /* The client sent a certificate which verified OK */
-        }
-}
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_get_verify_mode 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_cert_verify_callback 3 ,
-.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
-.Xr SSL_get_ex_new_index 3 ,
-.Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_get_verify_result 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set1_host 3
-.Sh HISTORY
-.Fn SSL_set_verify
-appeared in SSLeay 0.4 or earlier.
-.Fn SSL_CTX_set_verify
-first appeared in SSLeay 0.6.4.
-Both functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_set_verify_depth
-and
-.Fn SSL_set_verify_depth
-first appeared in OpenSSL 0.9.3 and have been available since
-.Ox 2.6 .
-.Sh BUGS
-In client mode, it is not checked whether the
-.Dv SSL_VERIFY_PEER
-flag is set, but whether
-.Dv SSL_VERIFY_NONE
-is not set.
-This can lead to unexpected behaviour, if the
-.Dv SSL_VERIFY_PEER
-and
-.Dv SSL_VERIFY_NONE
-are not used as required (exactly one must be set at any time).
-.Pp
-The certificate verification depth set with
-.Fn SSL[_CTX]_verify_depth
-stops the verification at a certain depth.
-The error message produced will be that of an incomplete certificate chain and
-not
-.Dv X509_V_ERR_CERT_CHAIN_TOO_LONG
-as may be expected.
diff --git a/src/lib/libssl/man/SSL_CTX_use_certificate.3 b/src/lib/libssl/man/SSL_CTX_use_certificate.3
deleted file mode 100644
index c88a6971b2..0000000000
--- a/src/lib/libssl/man/SSL_CTX_use_certificate.3
+++ /dev/null
@@ -1,451 +0,0 @@
-.\" $OpenBSD: SSL_CTX_use_certificate.3,v 1.17 2025/01/18 10:45:12 tb Exp $
-.\" full merge up to: OpenSSL 3aaa1bd0 Mar 28 16:35:25 2017 +1000
-.\" selective merge up to: OpenSSL d1f7a1e6 Apr 26 14:05:40 2018 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2003, 2005 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 18 2025 $
-.Dt SSL_CTX_USE_CERTIFICATE 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_use_certificate ,
-.Nm SSL_CTX_use_certificate_ASN1 ,
-.Nm SSL_CTX_use_certificate_file ,
-.Nm SSL_use_certificate ,
-.Nm SSL_use_certificate_ASN1 ,
-.Nm SSL_use_certificate_chain_file ,
-.Nm SSL_use_certificate_file ,
-.Nm SSL_CTX_use_certificate_chain_file ,
-.Nm SSL_CTX_use_certificate_chain_mem ,
-.Nm SSL_CTX_use_PrivateKey ,
-.Nm SSL_CTX_use_PrivateKey_ASN1 ,
-.Nm SSL_CTX_use_PrivateKey_file ,
-.Nm SSL_CTX_use_RSAPrivateKey ,
-.Nm SSL_CTX_use_RSAPrivateKey_ASN1 ,
-.Nm SSL_CTX_use_RSAPrivateKey_file ,
-.Nm SSL_use_PrivateKey_file ,
-.Nm SSL_use_PrivateKey_ASN1 ,
-.Nm SSL_use_PrivateKey ,
-.Nm SSL_use_RSAPrivateKey ,
-.Nm SSL_use_RSAPrivateKey_ASN1 ,
-.Nm SSL_use_RSAPrivateKey_file ,
-.Nm SSL_CTX_check_private_key ,
-.Nm SSL_check_private_key
-.Nd load certificate and key data
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_CTX_use_certificate "SSL_CTX *ctx" "X509 *x"
-.Ft int
-.Fn SSL_CTX_use_certificate_ASN1 "SSL_CTX *ctx" "int len" "unsigned char *d"
-.Ft int
-.Fn SSL_CTX_use_certificate_file "SSL_CTX *ctx" "const char *file" "int type"
-.Ft int
-.Fn SSL_use_certificate "SSL *ssl" "X509 *x"
-.Ft int
-.Fn SSL_use_certificate_ASN1 "SSL *ssl" "unsigned char *d" "int len"
-.Ft int
-.Fn SSL_use_certificate_chain_file "SSL *ssl" "const char *file"
-.Ft int
-.Fn SSL_use_certificate_file "SSL *ssl" "const char *file" "int type"
-.Ft int
-.Fn SSL_CTX_use_certificate_chain_file "SSL_CTX *ctx" "const char *file"
-.Ft int
-.Fn SSL_CTX_use_certificate_chain_mem "SSL_CTX *ctx" "void *buf" "int len"
-.Ft int
-.Fn SSL_CTX_use_PrivateKey "SSL_CTX *ctx" "EVP_PKEY *pkey"
-.Ft int
-.Fo SSL_CTX_use_PrivateKey_ASN1
-.Fa "int pk" "SSL_CTX *ctx" "unsigned char *d" "long len"
-.Fc
-.Ft int
-.Fn SSL_CTX_use_PrivateKey_file "SSL_CTX *ctx" "const char *file" "int type"
-.Ft int
-.Fn SSL_CTX_use_RSAPrivateKey "SSL_CTX *ctx" "RSA *rsa"
-.Ft int
-.Fn SSL_CTX_use_RSAPrivateKey_ASN1 "SSL_CTX *ctx" "unsigned char *d" "long len"
-.Ft int
-.Fn SSL_CTX_use_RSAPrivateKey_file "SSL_CTX *ctx" "const char *file" "int type"
-.Ft int
-.Fn SSL_use_PrivateKey "SSL *ssl" "EVP_PKEY *pkey"
-.Ft int
-.Fn SSL_use_PrivateKey_ASN1 "int pk" "SSL *ssl" "unsigned char *d" "long len"
-.Ft int
-.Fn SSL_use_PrivateKey_file "SSL *ssl" "const char *file" "int type"
-.Ft int
-.Fn SSL_use_RSAPrivateKey "SSL *ssl" "RSA *rsa"
-.Ft int
-.Fn SSL_use_RSAPrivateKey_ASN1 "SSL *ssl" "const unsigned char *d" "long len"
-.Ft int
-.Fn SSL_use_RSAPrivateKey_file "SSL *ssl" "const char *file" "int type"
-.Ft int
-.Fn SSL_CTX_check_private_key "const SSL_CTX *ctx"
-.Ft int
-.Fn SSL_check_private_key "const SSL *ssl"
-.Sh DESCRIPTION
-These functions load the certificates and private keys into the
-.Vt SSL_CTX
-or
-.Vt SSL
-object, respectively.
-.Pp
-The
-.Fn SSL_CTX_*
-class of functions loads the certificates and keys into the
-.Vt SSL_CTX
-object
-.Fa ctx .
-The information is passed to
-.Vt SSL
-objects
-.Fa ssl
-created from
-.Fa ctx
-with
-.Xr SSL_new 3
-by copying, so that changes applied to
-.Fa ctx
-do not propagate to already existing
-.Vt SSL
-objects.
-.Pp
-The
-.Fn SSL_*
-class of functions only loads certificates and keys into a specific
-.Vt SSL
-object.
-The specific information is kept when
-.Xr SSL_clear 3
-is called for this
-.Vt SSL
-object.
-.Pp
-.Fn SSL_CTX_use_certificate
-loads the certificate
-.Fa x
-into
-.Fa ctx ;
-.Fn SSL_use_certificate
-loads
-.Fa x
-into
-.Fa ssl .
-The rest of the certificates needed to form the complete certificate chain can
-be specified using the
-.Xr SSL_CTX_add_extra_chain_cert 3
-function.
-.Pp
-.Fn SSL_CTX_use_certificate_ASN1
-loads the ASN1 encoded certificate from the memory location
-.Fa d
-(with length
-.Fa len )
-into
-.Fa ctx ;
-.Fn SSL_use_certificate_ASN1
-loads the ASN1 encoded certificate into
-.Fa ssl .
-.Pp
-.Fn SSL_CTX_use_certificate_file
-loads the first certificate stored in
-.Fa file
-into
-.Fa ctx .
-The formatting
-.Fa type
-of the certificate must be specified from the known types
-.Dv SSL_FILETYPE_PEM
-and
-.Dv SSL_FILETYPE_ASN1 .
-.Fn SSL_use_certificate_file
-loads the certificate from
-.Fa file
-into
-.Fa ssl .
-See the
-.Sx NOTES
-section on why
-.Fn SSL_CTX_use_certificate_chain_file
-should be preferred.
-.Pp
-The
-.Fn SSL_CTX_use_certificate_chain*
-functions load a certificate chain into
-.Fa ctx .
-The certificates must be in PEM format and must be sorted starting with the
-subject's certificate (actual client or server certificate),
-followed by intermediate CA certificates if applicable,
-and ending at the highest level (root) CA.
-With the exception of
-.Fn SSL_use_certificate_chain_file ,
-there is no corresponding function working on a single
-.Vt SSL
-object.
-.Pp
-.Fn SSL_CTX_use_PrivateKey
-adds
-.Fa pkey
-as private key to
-.Fa ctx .
-.Fn SSL_CTX_use_RSAPrivateKey
-adds the private key
-.Fa rsa
-of type RSA to
-.Fa ctx .
-.Fn SSL_use_PrivateKey
-adds
-.Fa pkey
-as private key to
-.Fa ssl ;
-.Fn SSL_use_RSAPrivateKey
-adds
-.Fa rsa
-as private key of type RSA to
-.Fa ssl .
-If a certificate has already been set and the private does not belong to the
-certificate, an error is returned.
-To change a certificate private key pair,
-the new certificate needs to be set with
-.Fn SSL_use_certificate
-or
-.Fn SSL_CTX_use_certificate
-before setting the private key with
-.Fn SSL_CTX_use_PrivateKey
-or
-.Fn SSL_use_PrivateKey .
-.Pp
-.Fn SSL_CTX_use_PrivateKey_ASN1
-adds the private key of type
-.Fa pk
-stored at memory location
-.Fa d
-(length
-.Fa len )
-to
-.Fa ctx .
-.Fn SSL_CTX_use_RSAPrivateKey_ASN1
-adds the private key of type RSA stored at memory location
-.Fa d
-(length
-.Fa len )
-to
-.Fa ctx .
-.Fn SSL_use_PrivateKey_ASN1
-and
-.Fn SSL_use_RSAPrivateKey_ASN1
-add the private key to
-.Fa ssl .
-.Pp
-.Fn SSL_CTX_use_PrivateKey_file
-adds the first private key found in
-.Fa file
-to
-.Fa ctx .
-The formatting
-.Fa type
-of the private key must be specified from the known types
-.Dv SSL_FILETYPE_PEM
-and
-.Dv SSL_FILETYPE_ASN1 .
-.Fn SSL_CTX_use_RSAPrivateKey_file
-adds the first private RSA key found in
-.Fa file
-to
-.Fa ctx .
-.Fn SSL_use_PrivateKey_file
-adds the first private key found in
-.Fa file
-to
-.Fa ssl ;
-.Fn SSL_use_RSAPrivateKey_file
-adds the first private RSA key found to
-.Fa ssl .
-.Pp
-The
-.Fn SSL_CTX_check_private_key
-function is seriously misnamed.
-It compares the
-.Em public
-key components and parameters of an OpenSSL private key with the
-corresponding certificate loaded into
-.Fa ctx .
-If more than one key/certificate pair (RSA/ECDSA) is installed,
-the last item installed will be compared.
-If, e.g., the last item was an RSA certificate or key,
-the RSA key/certificate pair will be checked.
-.Fn SSL_check_private_key
-performs the same
-.Em public
-key comparison for
-.Fa ssl .
-If no key/certificate was explicitly added for this
-.Fa ssl ,
-the last item added into
-.Fa ctx
-will be checked.
-.Pp
-Despite the name, neither
-.Fn SSL_CTX_check_private_key
-nor
-.Fn SSL_check_private_key
-checks whether the private key component is indeed a private key,
-nor whether it matches the public key component.
-They merely compare the public materials (e.g. exponent and modulus of
-an RSA key) and/or key parameters (e.g. EC params of an EC key) of a
-key pair.
-.Sh NOTES
-The internal certificate store of OpenSSL can hold several private
-key/certificate pairs at a time.
-The certificate used depends on the cipher selected.
-See also
-.Xr SSL_CTX_set_cipher_list 3 .
-.Pp
-When reading certificates and private keys from file, files of type
-.Dv SSL_FILETYPE_ASN1
-(also known as
-.Em DER ,
-binary encoding) can only contain one certificate or private key; consequently,
-.Fn SSL_CTX_use_certificate_chain_file
-is only applicable to PEM formatting.
-Files of type
-.Dv SSL_FILETYPE_PEM
-can contain more than one item.
-.Pp
-.Fn SSL_CTX_use_certificate_chain_file
-adds the first certificate found in the file to the certificate store.
-The other certificates are added to the store of chain certificates using
-.Xr SSL_CTX_add1_chain_cert 3 .
-It is recommended to use the
-.Fn SSL_CTX_use_certificate_chain_file
-instead of the
-.Fn SSL_CTX_use_certificate_file
-function in order to allow the use of complete certificate chains even when no
-trusted CA storage is used or when the CA issuing the certificate shall not be
-added to the trusted CA storage.
-.Pp
-If additional certificates are needed to complete the chain during the TLS
-negotiation, CA certificates are additionally looked up in the locations of
-trusted CA certificates (see
-.Xr SSL_CTX_load_verify_locations 3 ) .
-.Pp
-The private keys loaded from file can be encrypted.
-In order to successfully load encrypted keys,
-a function returning the passphrase must have been supplied (see
-.Xr SSL_CTX_set_default_passwd_cb 3 ) .
-(Certificate files might be encrypted as well from the technical point of view,
-it however does not make sense as the data in the certificate is considered
-public anyway.)
-.Sh RETURN VALUES
-On success, the functions return 1.
-Otherwise check out the error stack to find out the reason.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_add1_chain_cert 3 ,
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
-.Xr SSL_CTX_set_client_cert_cb 3 ,
-.Xr SSL_CTX_set_default_passwd_cb 3 ,
-.Xr SSL_new 3 ,
-.Xr X509_check_private_key 3
-.Sh HISTORY
-.Fn SSL_use_certificate ,
-.Fn SSL_use_certificate_file ,
-.Fn SSL_use_RSAPrivateKey ,
-and
-.Fn SSL_use_RSAPrivateKey_file
-appeared in SSLeay 0.4 or earlier.
-.Fn SSL_use_certificate_ASN1
-and
-.Fn SSL_use_RSAPrivateKey_ASN1
-first appeared in SSLeay 0.5.1.
-.Fn SSL_use_PrivateKey_file ,
-.Fn SSL_use_PrivateKey_ASN1 ,
-and
-.Fn SSL_use_PrivateKey
-first appeared in SSLeay 0.6.0.
-.Fn SSL_CTX_use_certificate ,
-.Fn SSL_CTX_use_certificate_ASN1 ,
-.Fn SSL_CTX_use_certificate_file ,
-.Fn SSL_CTX_use_PrivateKey ,
-.Fn SSL_CTX_use_PrivateKey_ASN1 ,
-.Fn SSL_CTX_use_PrivateKey_file ,
-.Fn SSL_CTX_use_RSAPrivateKey ,
-.Fn SSL_CTX_use_RSAPrivateKey_ASN1 ,
-and
-.Fn SSL_CTX_use_RSAPrivateKey_file
-first appeared in SSLeay 0.6.1.
-.Fn SSL_CTX_check_private_key
-and
-.Fn SSL_check_private_key
-first appeared in SSLeay 0.6.5.
-All these functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_use_certificate_chain_file
-first appeared in OpenSSL 0.9.4 and has been available since
-.Ox 2.6 .
-.Pp
-.Fn SSL_use_certificate_chain_file
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.9 .
-.Pp
-Support for DER encoded private keys
-.Pq Dv SSL_FILETYPE_ASN1
-in
-.Fn SSL_CTX_use_PrivateKey_file
-and
-.Fn SSL_use_PrivateKey_file
-was added in 0.9.8.
-.Pp
-.Fn SSL_CTX_use_certificate_chain_mem
-first appeared in
-.Ox 5.7 .
diff --git a/src/lib/libssl/man/SSL_SESSION_free.3 b/src/lib/libssl/man/SSL_SESSION_free.3
deleted file mode 100644
index 3f785e95e5..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_free.3
+++ /dev/null
@@ -1,148 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_free.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $
-.\" full merge up to: OpenSSL b31db505 Mar 24 16:01:50 2017 +0000
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
-.\" and Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2009, 2017 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_SESSION_FREE 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_up_ref ,
-.Nm SSL_SESSION_free
-.Nd SSL_SESSION reference counting
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_SESSION_up_ref "SSL_SESSION *session"
-.Ft void
-.Fn SSL_SESSION_free "SSL_SESSION *session"
-.Sh DESCRIPTION
-.Fn SSL_SESSION_up_ref
-increments the reference count of the given
-.Fa session
-by 1.
-.Pp
-.Fn SSL_SESSION_free
-decrements the reference count of the given
-.Fa session
-by 1.
-If the reference count reaches 0, it frees the memory used by the
-.Fa session .
-If
-.Fa session
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Vt SSL_SESSION
-objects are allocated when a TLS/SSL handshake operation is successfully
-completed.
-Depending on the settings, see
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-the
-.Vt SSL_SESSION
-objects are internally referenced by the
-.Vt SSL_CTX
-and linked into its session cache.
-.Vt SSL
-objects may be using the
-.Vt SSL_SESSION
-object; as a session may be reused, several
-.Vt SSL
-objects may be using one
-.Vt SSL_SESSION
-object at the same time.
-It is therefore crucial to keep the reference count (usage information) correct
-and not delete a
-.Vt SSL_SESSION
-object that is still used, as this may lead to program failures due to dangling
-pointers.
-These failures may also appear delayed, e.g., when an
-.Vt SSL_SESSION
-object is completely freed as the reference count incorrectly becomes 0, but it
-is still referenced in the internal session cache and the cache list is
-processed during a
-.Xr SSL_CTX_flush_sessions 3
-operation.
-.Pp
-.Fn SSL_SESSION_free
-must only be called for
-.Vt SSL_SESSION
-objects, for which the reference count was explicitly incremented (e.g., by
-calling
-.Xr SSL_get1_session 3 ;
-see
-.Xr SSL_get_session 3 )
-or when the
-.Vt SSL_SESSION
-object was generated outside a TLS handshake operation, e.g., by using
-.Xr d2i_SSL_SESSION 3 .
-It must not be called on other
-.Vt SSL_SESSION
-objects, as this would cause incorrect reference counts and therefore program
-failures.
-.Sh RETURN VALUES
-.Fn SSL_SESSION_up_ref
-returns 1 on success or 0 on error.
-.Sh SEE ALSO
-.Xr d2i_SSL_SESSION 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_free
-first appeared in SSLeay 0.5.2 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_SESSION_up_ref
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get0_cipher.3 b/src/lib/libssl/man/SSL_SESSION_get0_cipher.3
deleted file mode 100644
index 239a426dbd..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get0_cipher.3
+++ /dev/null
@@ -1,94 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_get0_cipher.3,v 1.1 2021/05/12 14:16:25 tb Exp $
-.\" full merge up to: OpenSSL d42e7759f Mar 30 19:40:04 2017 +0200
-.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Rich Salz <rsalz@openssl.org>.
-.\" Copyright (c) 2016, 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: May 12 2021 $
-.Dt SSL_SESSION_GET0_CIPHER 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get0_cipher
-.Nd retrieve the SSL cipher associated with a session
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const SSL_CIPHER *
-.Fo SSL_SESSION_get0_cipher
-.Fa "const SSL_SESSION *session"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_get0_cipher
-retrieves the cipher that was used by the connection when the session
-was created, or
-.Dv NULL
-if it cannot be determined.
-.Pp
-The value returned is a pointer to an object maintained within
-.Fa session
-and should not be released.
-.Sh RETURN VALUES
-.Fn SSL_SESSION_get0_cipher
-returns the
-.Vt SSL_CIPHER
-associated with
-.Fa session
-or
-.Dv NULL
-if it cannot be determined.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CIPHER_get_name 3 ,
-.Xr SSL_get_current_cipher 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-The
-.Fn SSL_SESSION_get0_cipher
-function first appeared in OpenSSL 1.1.0
-and has been available since
-.Ox 7.0 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get0_peer.3 b/src/lib/libssl/man/SSL_SESSION_get0_peer.3
deleted file mode 100644
index 6b1ef6680e..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get0_peer.3
+++ /dev/null
@@ -1,80 +0,0 @@
-.\"     $OpenBSD: SSL_SESSION_get0_peer.3,v 1.2 2018/03/23 05:50:30 schwarze Exp $
-.\"     OpenSSL SSL_SESSION_get0_peer.pod b31db505 Mar 24 16:01:50 2017 +0000
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 23 2018 $
-.Dt SSL_SESSION_GET0_PEER 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get0_peer
-.Nd get details about peer's certificate for a session
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft X509 *
-.Fo SSL_SESSION_get0_peer
-.Fa "SSL_SESSION *s"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_get0_peer
-returns a pointer to the peer certificate associated with the session
-.Fa s
-or
-.Dv NULL
-if no peer certificate is available.
-The caller should not free the returned value, unless
-.Xr X509_up_ref 3
-has also been called.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_get0_peer
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get_compress_id.3 b/src/lib/libssl/man/SSL_SESSION_get_compress_id.3
deleted file mode 100644
index aedc216a15..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get_compress_id.3
+++ /dev/null
@@ -1,78 +0,0 @@
-.\"     $OpenBSD: SSL_SESSION_get_compress_id.3,v 1.3 2018/03/23 05:50:30 schwarze Exp $
-.\"     OpenSSL SSL_SESSION_get_compress_id.pod b31db505 Mar 24 16:01:50 2017
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 23 2018 $
-.Dt SSL_SESSION_GET_COMPRESS_ID 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get_compress_id
-.Nd get details about the compression associated with a session
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft unsigned int
-.Fo SSL_SESSION_get_compress_id
-.Fa "const SSL_SESSION *s"
-.Fc
-.Sh DESCRIPTION
-If compression has been negotiated for an ssl session,
-.Fn SSL_SESSION_get_compress_id
-returns the id for the compression method, or 0 otherwise.
-The only built-in supported compression method is zlib,
-which has an id of 1.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_protocol_version 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_get_compress_id
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3 b/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
deleted file mode 100644
index 9fd6949b6a..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get_ex_new_index.3
+++ /dev/null
@@ -1,134 +0,0 @@
-.\"     $OpenBSD: SSL_SESSION_get_ex_new_index.3,v 1.3 2018/03/21 08:06:34 schwarze Exp $
-.\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 21 2018 $
-.Dt SSL_SESSION_GET_EX_NEW_INDEX 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get_ex_new_index ,
-.Nm SSL_SESSION_set_ex_data ,
-.Nm SSL_SESSION_get_ex_data
-.Nd internal application specific data functions
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_SESSION_get_ex_new_index
-.Fa "long argl"
-.Fa "void *argp"
-.Fa "CRYPTO_EX_new *new_func"
-.Fa "CRYPTO_EX_dup *dup_func"
-.Fa "CRYPTO_EX_free *free_func"
-.Fc
-.Ft int
-.Fn SSL_SESSION_set_ex_data "SSL_SESSION *session" "int idx" "void *arg"
-.Ft void *
-.Fn SSL_SESSION_get_ex_data "const SSL_SESSION *session" "int idx"
-.Bd -literal
- typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
- typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-                int idx, long argl, void *argp);
- typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
-                int idx, long argl, void *argp);
-.Ed
-.Sh DESCRIPTION
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate
-application-specific data attached to a specific structure.
-.Pp
-.Fn SSL_SESSION_get_ex_new_index
-is used to register a new index for application-specific data.
-.Pp
-.Fn SSL_SESSION_set_ex_data
-is used to store application data at
-.Fa arg
-for
-.Fa idx
-into the
-.Fa session
-object.
-.Pp
-.Fn SSL_SESSION_get_ex_data
-is used to retrieve the information for
-.Fa idx
-from
-.Fa session .
-.Pp
-A detailed description for the
-.Fn *_get_ex_new_index
-functionality
-can be found in
-.Xr RSA_get_ex_new_index 3 .
-The
-.Fn *_get_ex_data
-and
-.Fn *_set_ex_data
-functionality is described in
-.Xr CRYPTO_set_ex_data 3 .
-.Sh WARNINGS
-The application data is only maintained for sessions held in memory.
-The application data is not included when dumping the session with
-.Xr i2d_SSL_SESSION 3
-(and all functions indirectly calling the dump functions like
-.Xr PEM_write_SSL_SESSION 3
-and
-.Xr PEM_write_bio_SSL_SESSION 3 )
-and can therefore not be restored.
-.Sh SEE ALSO
-.Xr CRYPTO_set_ex_data 3 ,
-.Xr RSA_get_ex_new_index 3 ,
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_SESSION_get_ex_new_index ,
-.Fn SSL_SESSION_set_ex_data ,
-and
-.Fn SSL_SESSION_get_ex_data
-first appeared in SSLeay 0.9.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get_id.3 b/src/lib/libssl/man/SSL_SESSION_get_id.3
deleted file mode 100644
index 6d0de1e52e..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get_id.3
+++ /dev/null
@@ -1,112 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_get_id.3,v 1.6 2018/03/24 00:55:37 schwarze Exp $
-.\" full merge up to:
-.\" OpenSSL SSL_SESSION_set1_id 17b60280 Dec 21 09:08:25 2017 +0100
-.\"
-.\" This file was written by Remi Gacogne <rgacogne-github@coredump.fr>
-.\" and Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2016, 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 24 2018 $
-.Dt SSL_SESSION_GET_ID 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get_id ,
-.Nm SSL_SESSION_set1_id
-.Nd get and set the SSL session ID
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const unsigned char *
-.Fo SSL_SESSION_get_id
-.Fa "const SSL_SESSION *s"
-.Fa "unsigned int *len"
-.Fc
-.Ft int
-.Fo SSL_SESSION_set1_id
-.Fa "SSL_SESSION *s"
-.Fa "const unsigned char *sid"
-.Fa "unsigned int sid_len"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_get_id
-returns a pointer to the internal session ID value for the session
-.Fa s .
-The length of the ID in bytes is stored in
-.Pf * Fa len .
-The length may be 0.
-The caller should not free the returned pointer directly.
-.Pp
-.Fn SSL_SESSION_set1_id
-sets the session ID for
-.Fa s
-to a copy of the
-.Fa sid
-of length
-.Fa sid_len .
-.Sh RETURN VALUES
-.Fn SSL_SESSION_get_id
-returns a pointer to the session ID value.
-.Pp
-.Fn SSL_SESSION_set1_id
-returns 1 for success and 0 for failure,
-for example if the supplied session ID length exceeds
-.Dv SSL_MAX_SSL_SESSION_ID_LENGTH .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_copy_session_id 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_get_compress_id 3 ,
-.Xr SSL_SESSION_get_protocol_version 3 ,
-.Xr SSL_SESSION_has_ticket 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_get_id
-first appeared in OpenSSL 0.9.8 and has been available since
-.Ox 4.5 .
-.Pp
-.Fn SSL_SESSION_set1_id
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3 b/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3
deleted file mode 100644
index f14c0490e9..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get_protocol_version.3
+++ /dev/null
@@ -1,84 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_get_protocol_version.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by TJ Saunders <tj@castaglia.org>
-.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 24 2018 $
-.Dt SSL_SESSION_GET_PROTOCOL_VERSION 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get_protocol_version
-.Nd get the session protocol version
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_SESSION_get_protocol_version
-.Fa "const SSL_SESSION *s"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_get_protocol_version
-returns the protocol version number used by the session
-.Fa s .
-.Sh RETURN VALUES
-.Fn SSL_SESSION_get_protocol_version
-returns a constant like
-.Dv TLS1_VERSION
-or
-.Dv TLS1_2_VERSION .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_get0_peer 3 ,
-.Xr SSL_SESSION_get_compress_id 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_get_protocol_version
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_SESSION_get_time.3 b/src/lib/libssl/man/SSL_SESSION_get_time.3
deleted file mode 100644
index aaadec5137..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_get_time.3
+++ /dev/null
@@ -1,165 +0,0 @@
-.\"     $OpenBSD: SSL_SESSION_get_time.3,v 1.8 2019/06/08 15:25:43 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005, 2006, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 8 2019 $
-.Dt SSL_SESSION_GET_TIME 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get_time ,
-.Nm SSL_SESSION_set_time ,
-.Nm SSL_SESSION_get_timeout ,
-.Nm SSL_SESSION_set_timeout ,
-.Nm SSL_get_time ,
-.Nm SSL_set_time ,
-.Nm SSL_get_timeout ,
-.Nm SSL_set_timeout
-.Nd retrieve and manipulate session time and timeout settings
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_SESSION_get_time "const SSL_SESSION *s"
-.Ft long
-.Fn SSL_SESSION_set_time "SSL_SESSION *s" "long tm"
-.Ft long
-.Fn SSL_SESSION_get_timeout "const SSL_SESSION *s"
-.Ft long
-.Fn SSL_SESSION_set_timeout "SSL_SESSION *s" "long tm"
-.Ft long
-.Fn SSL_get_time "const SSL_SESSION *s"
-.Ft long
-.Fn SSL_set_time "SSL_SESSION *s" "long tm"
-.Ft long
-.Fn SSL_get_timeout "const SSL_SESSION *s"
-.Ft long
-.Fn SSL_set_timeout "SSL_SESSION *s" "long tm"
-.Sh DESCRIPTION
-.Fn SSL_SESSION_get_time
-returns the time at which the session
-.Fa s
-was established.
-The time is given in seconds since the Epoch and therefore compatible to the
-time delivered by the
-.Xr time 3
-call.
-.Pp
-.Fn SSL_SESSION_set_time
-replaces the creation time of the session
-.Fa s
-with
-the chosen value
-.Fa tm .
-.Pp
-.Fn SSL_SESSION_get_timeout
-returns the timeout value set for session
-.Fa s
-in seconds.
-.Pp
-.Fn SSL_SESSION_set_timeout
-sets the timeout value for session
-.Fa s
-in seconds to
-.Fa tm .
-.Pp
-The
-.Fn SSL_get_time ,
-.Fn SSL_set_time ,
-.Fn SSL_get_timeout ,
-and
-.Fn SSL_set_timeout
-functions are synonyms for the
-.Fn SSL_SESSION_*
-counterparts.
-.Pp
-Sessions are expired by examining the creation time and the timeout value.
-Both are set at creation time of the session to the actual time and the default
-timeout value at creation, respectively, as set by
-.Xr SSL_CTX_set_timeout 3 .
-Using these functions it is possible to extend or shorten the lifetime of the
-session.
-.Sh RETURN VALUES
-.Fn SSL_SESSION_get_time
-and
-.Fn SSL_SESSION_get_timeout
-return the currently valid values.
-.Pp
-.Fn SSL_SESSION_set_time
-and
-.Fn SSL_SESSION_set_timeout
-return 1 on success.
-.Pp
-If any of the function is passed the
-.Dv NULL
-pointer for the session
-.Fa s ,
-0 is returned.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_timeout 3 ,
-.Xr SSL_get_default_timeout 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_has_ticket 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_get_time ,
-.Fn SSL_get_timeout ,
-and
-.Fn SSL_set_timeout
-appeared in SSLeay 0.4 or earlier.
-.Fn SSL_set_time
-first appeared in SSLeay 0.5.2.
-.Fn SSL_SESSION_get_time ,
-.Fn SSL_SESSION_set_time ,
-.Fn SSL_SESSION_get_timeout ,
-and
-.Fn SSL_SESSION_set_timeout
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_SESSION_has_ticket.3 b/src/lib/libssl/man/SSL_SESSION_has_ticket.3
deleted file mode 100644
index 322b49feef..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_has_ticket.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_has_ticket.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $
-.\" full merge up to: OpenSSL f2baac27 Feb 8 15:43:16 2015 +0000
-.\" selective merge up to: OpenSSL 61f805c1 Jan 16 01:01:46 2018 +0800
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 24 2018 $
-.Dt SSL_SESSION_HAS_TICKET 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_has_ticket ,
-.Nm SSL_SESSION_get_ticket_lifetime_hint
-.Nd get details about the ticket associated with a session
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_SESSION_has_ticket
-.Fa "const SSL_SESSION *s"
-.Fc
-.Ft unsigned long
-.Fo SSL_SESSION_get_ticket_lifetime_hint
-.Fa "const SSL_SESSION *s"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_has_ticket
-returns 1 if there is a Session Ticket associated with
-.Fa s
-or 0 otherwise.
-.Pp
-.Fn SSL_SESSION_get_ticket_lifetime_hint
-returns the lifetime hint in seconds associated with the session ticket.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
-and have been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_SESSION_is_resumable.3 b/src/lib/libssl/man/SSL_SESSION_is_resumable.3
deleted file mode 100644
index 48d7d17889..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_is_resumable.3
+++ /dev/null
@@ -1,81 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_is_resumable.3,v 1.1 2021/09/14 14:08:15 schwarze Exp $
-.\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 14 2021 $
-.Dt SSL_SESSION_IS_RESUMABLE 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_is_resumable
-.Nd determine whether an SSL_SESSION object can be used for resumption
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_SESSION_is_resumable
-.Fa "const SSL_SESSION *session"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_is_resumable
-determines whether the
-.Fa session
-object can be used to resume a session.
-Note that attempting to resume with a non-resumable session
-will result in a full handshake.
-.Sh RETURN VALUES
-.Fn SSL_SESSION_is_resumable
-returns 1 if the session is resumable or 0 otherwise.
-It always returns 0 with LibreSSL.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_sess_set_new_cb 3 ,
-.Xr SSL_get_session 3
-.Sh HISTORY
-.Fn SSL_SESSION_is_resumable
-first appeared in OpenSSL 1.1.1 and has been available since
-.Ox 7.0 .
diff --git a/src/lib/libssl/man/SSL_SESSION_new.3 b/src/lib/libssl/man/SSL_SESSION_new.3
deleted file mode 100644
index 2dcdb264c1..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_new.3
+++ /dev/null
@@ -1,78 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_new.3,v 1.9 2021/09/14 14:08:15 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: September 14 2021 $
-.Dt SSL_SESSION_NEW 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_new
-.Nd construct a new SSL_SESSION object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_SESSION *
-.Fn SSL_SESSION_new void
-.Sh DESCRIPTION
-.Fn SSL_SESSION_new
-allocates and initializes a new
-.Vt SSL_SESSION
-object.
-The reference count is set to 1, the time to the current time, and
-the timeout to five minutes.
-.Pp
-When the object is no longer needed, it can be destructed with
-.Xr SSL_SESSION_free 3 .
-.Pp
-.Fn SSL_SESSION_new
-is used internally, for example by
-.Xr SSL_connect 3 .
-.Sh RETURN VALUES
-.Fn SSL_SESSION_new
-returns the new
-.Vt SSL_SESSION
-object or
-.Dv NULL
-if insufficient memory is available.
-.Pp
-After failure,
-.Xr ERR_get_error 3
-returns
-.Dv ERR_R_MALLOC_FAILURE .
-.Sh SEE ALSO
-.Xr d2i_SSL_SESSION 3 ,
-.Xr PEM_read_SSL_SESSION 3 ,
-.Xr ssl 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_copy_session_id 3 ,
-.Xr SSL_CTX_add_session 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_free 3 ,
-.Xr SSL_SESSION_get0_peer 3 ,
-.Xr SSL_SESSION_get_compress_id 3 ,
-.Xr SSL_SESSION_get_ex_new_index 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_master_key 3 ,
-.Xr SSL_SESSION_get_protocol_version 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_has_ticket 3 ,
-.Xr SSL_SESSION_is_resumable 3 ,
-.Xr SSL_SESSION_print 3 ,
-.Xr SSL_SESSION_set1_id_context 3 ,
-.Xr SSL_set_session 3
-.Sh HISTORY
-.Fn SSL_SESSION_new
-first appeared in SSLeay 0.5.2 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_SESSION_print.3 b/src/lib/libssl/man/SSL_SESSION_print.3
deleted file mode 100644
index e92debde0e..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_print.3
+++ /dev/null
@@ -1,74 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_print.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_SESSION_PRINT 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_print ,
-.Nm SSL_SESSION_print_fp
-.Nd print some properties of an SSL_SESSION object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_SESSION_print
-.Fa "BIO *bp"
-.Fa "const SSL_SESSION *session"
-.Fc
-.Ft int
-.Fo SSL_SESSION_print_fp
-.Fa "FILE *fp"
-.Fa "const SSL_SESSION *session"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_print
-prints some properties of
-.Fa session
-in a human-readable format to the
-.Fa "BIO *bp" ,
-including protocol version, cipher name, session ID,
-session ID context, master key, session ticket lifetime hint,
-session ticket, start time, timeout, and verify return code.
-.Pp
-.Fn SSL_SESSION_print_fp
-does the same as
-.Fn SSL_SESSION_print
-except that it prints to the
-.Fa "FILE *fp" .
-.Sh RETURN VALUES
-.Fn SSL_SESSION_print
-and
-.Fn SSL_SESSION_print_fp
-return 1 for success or 0 for failure.
-.Pp
-In some cases, the reason for failure can be determined with
-.Xr ERR_get_error 3 .
-.Sh SEE ALSO
-.Xr d2i_SSL_SESSION 3 ,
-.Xr PEM_read_SSL_SESSION 3 ,
-.Xr ssl 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_free 3 ,
-.Xr SSL_SESSION_get_ex_new_index 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_print
-first appeared in SSLeay 0.5.2.
-.Fn SSL_SESSION_print_fp
-first appeared in SSLeay 0.6.0.
-Both functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_SESSION_set1_id_context.3 b/src/lib/libssl/man/SSL_SESSION_set1_id_context.3
deleted file mode 100644
index dd7595baca..0000000000
--- a/src/lib/libssl/man/SSL_SESSION_set1_id_context.3
+++ /dev/null
@@ -1,113 +0,0 @@
-.\" $OpenBSD: SSL_SESSION_set1_id_context.3,v 1.4 2018/03/24 00:55:37 schwarze Exp $
-.\" full merge up to:
-.\" OpenSSL SSL_SESSION_get0_id_context b31db505 Mar 24 16:01:50 2017
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 24 2018 $
-.Dt SSL_SESSION_SET1_ID_CONTEXT 3
-.Os
-.Sh NAME
-.Nm SSL_SESSION_get0_id_context ,
-.Nm SSL_SESSION_set1_id_context
-.Nd get and set the SSL ID context associated with a session
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const unsigned char *
-.Fo SSL_SESSION_get0_id_context
-.Fa "const SSL_SESSION *s"
-.Fa "unsigned int *len"
-.Fc
-.Ft int
-.Fo SSL_SESSION_set1_id_context
-.Fa "SSL_SESSION *s"
-.Fa "const unsigned char *sid_ctx"
-.Fa "unsigned int sid_ctx_len"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_SESSION_get0_id_context
-returns the ID context associated with
-.Fa s .
-The length of the ID context in bytes is written to
-.Pf * Fa len
-if
-.Fa len
-is not
-.Dv NULL .
-.Pp
-.Fn SSL_SESSION_set1_id_context
-takes a copy of the provided ID context given in
-.Fa sid_ctx
-and associates it with the session
-.Fa s .
-The length of the ID context is given by
-.Fa sid_ctx_len
-which must not exceed
-.Dv SSL_MAX_SID_CTX_LENGTH
-bytes.
-.Sh RETURN VALUES
-.Fn SSL_SESSION_get0_id_context
-returns an internal pointer to an object maintained within
-.Fa s
-that should not be freed by the caller.
-.Pp
-.Fn SSL_SESSION_set1_id_context
-returns 1 on success or 0 on error.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_session_id_context 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-.Fn SSL_SESSION_set1_id_context
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
-.Pp
-.Fn SSL_SESSION_get0_id_context
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_accept.3 b/src/lib/libssl/man/SSL_accept.3
deleted file mode 100644
index fb1d89eb57..0000000000
--- a/src/lib/libssl/man/SSL_accept.3
+++ /dev/null
@@ -1,155 +0,0 @@
-.\"     $OpenBSD: SSL_accept.3,v 1.6 2019/06/08 15:25:43 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 8 2019 $
-.Dt SSL_ACCEPT 3
-.Os
-.Sh NAME
-.Nm SSL_accept
-.Nd wait for a TLS/SSL client to initiate a TLS/SSL handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_accept "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_accept
-waits for a TLS/SSL client to initiate the TLS/SSL handshake.
-The communication channel must already have been set and assigned to the
-.Fa ssl
-object by setting an underlying
-.Vt BIO .
-.Pp
-The behaviour of
-.Fn SSL_accept
-depends on the underlying
-.Vt BIO .
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em blocking ,
-.Fn SSL_accept
-will only return once the handshake has been finished or an error occurred.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em non-blocking ,
-.Fn SSL_accept
-will also return when the underlying
-.Vt BIO
-could not satisfy the needs of
-.Fn SSL_accept
-to continue the handshake, indicating the problem by the return value \(mi1.
-In this case a call to
-.Xr SSL_get_error 3
-with the
-return value of
-.Fn SSL_accept
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
-.Fn SSL_accept .
-The action depends on the underlying
-.Dv BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the
-.Vt BIO
-before being able to continue.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The TLS/SSL handshake was not successful but was shut down controlled and by
-the specifications of the TLS/SSL protocol.
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.It 1
-The TLS/SSL handshake was successfully completed,
-and a TLS/SSL connection has been established.
-.It <0
-The TLS/SSL handshake was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred.
-The shutdown was not clean.
-It can also occur of action is need to continue the operation for non-blocking
-.Vt BIO Ns
-s.
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_do_handshake 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_set_connect_state 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_accept
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_alert_type_string.3 b/src/lib/libssl/man/SSL_alert_type_string.3
deleted file mode 100644
index 354865e546..0000000000
--- a/src/lib/libssl/man/SSL_alert_type_string.3
+++ /dev/null
@@ -1,253 +0,0 @@
-.\"     $OpenBSD: SSL_alert_type_string.3,v 1.7 2024/10/13 08:25:09 jsg Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2011 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: October 13 2024 $
-.Dt SSL_ALERT_TYPE_STRING 3
-.Os
-.Sh NAME
-.Nm SSL_alert_type_string ,
-.Nm SSL_alert_type_string_long ,
-.Nm SSL_alert_desc_string ,
-.Nm SSL_alert_desc_string_long
-.Nd get textual description of alert information
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const char *
-.Fn SSL_alert_type_string "int value"
-.Ft const char *
-.Fn SSL_alert_type_string_long "int value"
-.Ft const char *
-.Fn SSL_alert_desc_string "int value"
-.Ft const char *
-.Fn SSL_alert_desc_string_long "int value"
-.Sh DESCRIPTION
-.Fn SSL_alert_type_string
-returns a one letter string indicating the type of the alert specified by
-.Fa value .
-.Pp
-.Fn SSL_alert_type_string_long
-returns a string indicating the type of the alert specified by
-.Fa value .
-.Pp
-.Fn SSL_alert_desc_string
-returns a two letter string as a short form describing the reason of the alert
-specified by
-.Fa value .
-.Pp
-.Fn SSL_alert_desc_string_long
-returns a string describing the reason of the alert specified by
-.Fa value .
-.Pp
-When one side of an SSL/TLS communication wants to inform the peer about
-a special situation, it sends an alert.
-The alert is sent as a special message and does not influence the normal data
-stream (unless its contents results in the communication being canceled).
-.Pp
-A warning alert is sent, when a non-fatal error condition occurs.
-The
-.Dq close notify
-alert is sent as a warning alert.
-Other examples for non-fatal errors are certificate errors
-.Po
-.Dq certificate expired ,
-.Dq unsupported certificate
-.Pc ,
-for which a warning alert may be sent.
-(The sending party may, however, decide to send a fatal error.)
-The receiving side may cancel the connection on reception of a warning alert at
-its discretion.
-.Pp
-Several alert messages must be sent as fatal alert messages as specified
-by the TLS RFC.
-A fatal alert always leads to a connection abort.
-.Sh RETURN VALUES
-The following strings can occur for
-.Fn SSL_alert_type_string
-or
-.Fn SSL_alert_type_string_long :
-.Bl -tag -width Ds
-.It \(dqW\(dq/\(dqwarning\(dq
-.It \(dqF\(dq/\(dqfatal\(dq
-.It \(dqU\(dq/\(dqunknown\(dq
-This indicates that no support is available for this alert type.
-Probably
-.Fa value
-does not contain a correct alert message.
-.El
-.Pp
-The following strings can occur for
-.Fn SSL_alert_desc_string
-or
-.Fn SSL_alert_desc_string_long :
-.Bl -tag -width Ds
-.It \(dqCN\(dq/\(dqclose notify\(dq
-The connection shall be closed.
-This is a warning alert.
-.It \(dqUM\(dq/\(dqunexpected message\(dq
-An inappropriate message was received.
-This alert is always fatal and should never be observed in communication
-between proper implementations.
-.It \(dqBM\(dq/\(dqbad record mac\(dq
-This alert is returned if a record is received with an incorrect MAC.
-This message is always fatal.
-.It \(dqDF\(dq/\(dqdecompression failure\(dq
-The decompression function received improper input
-(e.g., data that would expand to excessive length).
-This message is always fatal.
-.It \(dqHF\(dq/\(dqhandshake failure\(dq
-Reception of a handshake_failure alert message indicates that the sender was
-unable to negotiate an acceptable set of security parameters given the options
-available.
-This is a fatal error.
-.It \(dqNC\(dq/\(dqno certificate\(dq
-A client, that was asked to send a certificate, does not send a certificate
-(SSLv3 only).
-.It \(dqBC\(dq/\(dqbad certificate\(dq
-A certificate was corrupt, contained signatures that did not verify correctly,
-etc.
-.It \(dqUC\(dq/\(dqunsupported certificate\(dq
-A certificate was of an unsupported type.
-.It \(dqCR\(dq/\(dqcertificate revoked\(dq
-A certificate was revoked by its signer.
-.It \(dqCE\(dq/\(dqcertificate expired\(dq
-A certificate has expired or is not currently valid.
-.It \(dqCU\(dq/\(dqcertificate unknown\(dq
-Some other (unspecified) issue arose in processing the certificate,
-rendering it unacceptable.
-.It \(dqIP\(dq/\(dqillegal parameter\(dq
-A field in the handshake was out of range or inconsistent with other fields.
-This is always fatal.
-.It \(dqDC\(dq/\(dqdecryption failed\(dq
-A TLSCiphertext decrypted in an invalid way: either it wasn't an even multiple
-of the block length or its padding values, when checked, weren't correct.
-This message is always fatal.
-.It \(dqRO\(dq/\(dqrecord overflow\(dq
-A TLSCiphertext record was received which had a length more than
-2^14+2048 bytes, or a record decrypted to a TLSCompressed record with more than
-2^14+1024 bytes.
-This message is always fatal.
-.It \(dqCA\(dq/\(dqunknown CA\(dq
-A valid certificate chain or partial chain was received,
-but the certificate was not accepted because the CA certificate could not be
-located or couldn't be matched with a known, trusted CA.
-This message is always fatal.
-.It \(dqAD\(dq/\(dqaccess denied\(dq
-A valid certificate was received, but when access control was applied,
-the sender decided not to proceed with negotiation.
-This message is always fatal.
-.It \(dqDE\(dq/\(dqdecode error\(dq
-A message could not be decoded because some field was out of the specified
-range or the length of the message was incorrect.
-This message is always fatal.
-.It \(dqCY\(dq/\(dqdecrypt error\(dq
-A handshake cryptographic operation failed, including being unable to correctly
-verify a signature, decrypt a key exchange, or validate a finished message.
-.It \(dqER\(dq/\(dqexport restriction\(dq
-A negotiation not in compliance with export restrictions was detected;
-for example, attempting to transfer a 1024 bit ephemeral RSA key for the
-RSA_EXPORT handshake method.
-This message is always fatal.
-.It \(dqPV\(dq/\(dqprotocol version\(dq
-The protocol version the client has attempted to negotiate is recognized,
-but not supported.
-(For example, old protocol versions might be avoided for security reasons.)
-This message is always fatal.
-.It \(dqIS\(dq/\(dqinsufficient security\(dq
-Returned instead of handshake_failure when a negotiation has failed
-specifically because the server requires ciphers more secure than those
-supported by the client.
-This message is always fatal.
-.It \(dqIE\(dq/\(dqinternal error\(dq
-An internal error unrelated to the peer or the correctness of the protocol
-makes it impossible to continue (such as a memory allocation failure).
-This message is always fatal.
-.It \(dqIF\(dq/\(dqinappropriate fallback\(dq
-Sent by a server in response to an invalid connection retry attempt from
-a client (see RFC 7507).
-.It \(dqUS\(dq/\(dquser canceled\(dq
-This handshake is being canceled for some reason unrelated to a protocol
-failure.
-If the user cancels an operation after the handshake is complete,
-just closing the connection by sending a close_notify is more appropriate.
-This alert should be followed by a close_notify.
-This message is generally a warning.
-.It \(dqNR\(dq/\(dqno renegotiation\(dq
-Sent by the client in response to a hello request or by the server in response
-to a client hello after initial handshaking.
-Either of these would normally lead to renegotiation; when that is not
-appropriate, the recipient should respond with this alert; at that point,
-the original requester can decide whether to proceed with the connection.
-One case where this would be appropriate would be where a server has spawned a
-process to satisfy a request; the process might receive security parameters
-(key length, authentication, etc.) at startup and it might be difficult to
-communicate changes to these parameters after that point.
-This message is always a warning.
-.It \(dqUP\(dq/\(dqunknown PSK identity\(dq
-Sent by the server to indicate that it does not recognize a PSK identity or an
-SRP identity.
-.It \(dqCQ\(dq/\(dqcertificate required\(dq
-Sent by servers when a client certificate is desired but none was provided
-by the client.
-.It \(dqAP\(dq/\(dqno application protocol\(dq
-Sent by servers when a client ALPN extension advertises only protocols that
-the server does not support (see RFC 7301).
-.It \(dqUK\(dq/\(dqunknown\(dq
-This indicates that no description is available for this alert type.
-Probably
-.Fa value
-does not contain a correct alert message.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_info_callback 3
-.Sh HISTORY
-These functions first appeared in SSLeay 0.8.0
-and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_clear.3 b/src/lib/libssl/man/SSL_clear.3
deleted file mode 100644
index 809c3b20f4..0000000000
--- a/src/lib/libssl/man/SSL_clear.3
+++ /dev/null
@@ -1,144 +0,0 @@
-.\"     $OpenBSD: SSL_clear.3,v 1.5 2021/06/11 19:41:39 jmc Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2011, 2015 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 11 2021 $
-.Dt SSL_CLEAR 3
-.Os
-.Sh NAME
-.Nm SSL_clear
-.Nd reset SSL object to allow another connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_clear "SSL *ssl"
-.Sh DESCRIPTION
-Reset
-.Fa ssl
-to allow another connection.
-All settings (method, ciphers, BIOs) are kept.
-.Pp
-.Fn SSL_clear
-is used to prepare an
-.Vt SSL
-object for a new connection.
-While all settings are kept,
-a side effect is the handling of the current SSL session.
-If a session is still
-.Em open ,
-it is considered bad and will be removed from the session cache,
-as required by RFC 2246.
-A session is considered open if
-.Xr SSL_shutdown 3
-was not called for the connection or at least
-.Xr SSL_set_shutdown 3
-was used to
-set the
-.Dv SSL_SENT_SHUTDOWN
-state.
-.Pp
-If a session was closed cleanly,
-the session object will be kept and all settings corresponding.
-This explicitly means that for example the special method used during the
-session will be kept for the next handshake.
-So if the session was a TLSv1 session, a
-.Vt SSL
-client object will use a TLSv1 client method for the next handshake and a
-.Vt SSL
-server object will use a TLSv1 server method, even if
-.Fn TLS_*_method Ns s
-were chosen on startup.
-This might lead to connection failures (see
-.Xr SSL_new 3 )
-for a description of the method's properties.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The
-.Fn SSL_clear
-operation could not be performed.
-Check the error stack to find out the reason.
-.It 1
-The
-.Fn SSL_clear
-operation was successful.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_client_cert_cb 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_shutdown 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_clear
-first appeared in SSLeay 0.4.5b and has been available since
-.Ox 2.4 .
-.Sh CAVEATS
-.Fn SSL_clear
-resets the
-.Vt SSL
-object to allow for another connection.
-The reset operation however keeps several settings of the last sessions
-(some of these settings were made automatically during the last handshake).
-It only makes sense for a new connection with the exact same peer that shares
-these settings,
-and may fail if that peer changes its settings between connections.
-Use the sequence
-.Xr SSL_get_session 3 ;
-.Xr SSL_new 3 ;
-.Xr SSL_set_session 3 ;
-.Xr SSL_free 3
-instead to avoid such failures (or simply
-.Xr SSL_free 3 ;
-.Xr SSL_new 3
-if session reuse is not desired).
diff --git a/src/lib/libssl/man/SSL_connect.3 b/src/lib/libssl/man/SSL_connect.3
deleted file mode 100644
index d5b962a480..0000000000
--- a/src/lib/libssl/man/SSL_connect.3
+++ /dev/null
@@ -1,154 +0,0 @@
-.\"     $OpenBSD: SSL_connect.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2003 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_CONNECT 3
-.Os
-.Sh NAME
-.Nm SSL_connect
-.Nd initiate the TLS/SSL handshake with a TLS/SSL server
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_connect "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_connect
-initiates the TLS/SSL handshake with a server.
-The communication channel must already have been set and assigned to the
-.Fa ssl
-by setting an underlying
-.Vt BIO .
-.Pp
-The behaviour of
-.Fn SSL_connect
-depends on the underlying
-.Vt BIO .
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em blocking ,
-.Fn SSL_connect
-will only return once the handshake has been finished or an error occurred.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em non-blocking ,
-.Fn SSL_connect
-will also return when the underlying
-.Vt BIO
-could not satisfy the needs of
-.Fn SSL_connect
-to continue the handshake, indicating the problem with the return value \(mi1.
-In this case a call to
-.Xr SSL_get_error 3
-with the return value of
-.Fn SSL_connect
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
-.Fn SSL_connect .
-The action depends on the underlying
-.Vt BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the
-.Vt BIO
-before being able to continue.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The TLS/SSL handshake was not successful but was shut down controlled and
-by the specifications of the TLS/SSL protocol.
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.It 1
-The TLS/SSL handshake was successfully completed,
-and a TLS/SSL connection has been established.
-.It <0
-The TLS/SSL handshake was not successful, because either a fatal error occurred
-at the protocol level or a connection failure occurred.
-The shutdown was not clean.
-It can also occur if action is needed to continue the operation for
-non-blocking
-.Vt BIO Ns s .
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_do_handshake 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_set_connect_state 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_connect
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_copy_session_id.3 b/src/lib/libssl/man/SSL_copy_session_id.3
deleted file mode 100644
index a7a7a8aa99..0000000000
--- a/src/lib/libssl/man/SSL_copy_session_id.3
+++ /dev/null
@@ -1,79 +0,0 @@
-.\" $OpenBSD: SSL_copy_session_id.3,v 1.7 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_COPY_SESSION_ID 3
-.Os
-.Sh NAME
-.Nm SSL_copy_session_id
-.Nd copy session details between SSL objects
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_copy_session_id
-.Fa "SSL *to"
-.Fa "const SSL *from"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_copy_session_id
-copies the following data from
-.Fa from
-to
-.Fa to :
-.Bl -dash
-.It
-the pointer to the
-.Vt SSL_SESSION
-object, incrementing its reference count by 1
-.It
-the pointer to the
-.Vt SSL_METHOD
-object; if that changes the method, protocol-specific data is
-reinitialized
-.It
-the pointer to the
-.Vt CERT
-object, incrementing its reference count by 1
-.It
-the session ID context
-.El
-.Pp
-This function is used internally by
-.Xr SSL_dup 3
-and by
-.Xr BIO_ssl_copy_session_id 3 .
-.Sh RETURN VALUES
-.Fn SSL_copy_session_id
-returns 1 on success and 0 on error.
-.Sh SEE ALSO
-.Xr BIO_ssl_copy_session_id 3 ,
-.Xr ssl 3 ,
-.Xr SSL_dup 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_new 3 ,
-.Xr SSL_set_session 3 ,
-.Xr SSL_set_session_id_context 3
-.Sh HISTORY
-.Fn SSL_copy_session_id
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
-.Sh BUGS
-Failures of
-.Xr CRYPTO_add 3
-are silently ignored and may leave
-.Fa to
-in an invalid or inconsistent state.
diff --git a/src/lib/libssl/man/SSL_do_handshake.3 b/src/lib/libssl/man/SSL_do_handshake.3
deleted file mode 100644
index e9327b4229..0000000000
--- a/src/lib/libssl/man/SSL_do_handshake.3
+++ /dev/null
@@ -1,152 +0,0 @@
-.\"     $OpenBSD: SSL_do_handshake.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Martin Sjoegren <martin@strakt.com>.
-.\" Copyright (c) 2002 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_DO_HANDSHAKE 3
-.Os
-.Sh NAME
-.Nm SSL_do_handshake
-.Nd perform a TLS/SSL handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_do_handshake "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_do_handshake
-will wait for a SSL/TLS handshake to take place.
-If the connection is in client mode, the handshake will be started.
-The handshake routines may have to be explicitly set in advance using either
-.Xr SSL_set_connect_state 3
-or
-.Xr SSL_set_accept_state 3 .
-.Pp
-The behaviour of
-.Fn SSL_do_handshake
-depends on the underlying
-.Vt BIO .
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em blocking ,
-.Fn SSL_do_handshake
-will only return once the handshake has been finished or an error occurred.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em non-blocking ,
-.Fn SSL_do_handshake
-will also return when the underlying
-.Vt BIO
-could not satisfy the needs of
-.Fn SSL_do_handshake
-to continue the handshake.
-In this case a call to
-.Xr SSL_get_error 3
-with the return value of
-.Fn SSL_do_handshake
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
-.Fn SSL_do_handshake .
-The action depends on the underlying
-.Vt BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the
-.Vt BIO
-before being able to continue.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The TLS/SSL handshake was not successful but was shut down controlled and
-by the specifications of the TLS/SSL protocol.
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.It 1
-The TLS/SSL handshake was successfully completed,
-and a TLS/SSL connection has been established.
-.It <0
-The TLS/SSL handshake was not successful because either a fatal error occurred
-at the protocol level or a connection failure occurred.
-The shutdown was not clean.
-It can also occur if action is needed to continue the operation for
-non-blocking
-.Vt BIO Ns s .
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_set_connect_state 3
-.Sh HISTORY
-.Fn SSL_do_handshake
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_dup.3 b/src/lib/libssl/man/SSL_dup.3
deleted file mode 100644
index a83440b431..0000000000
--- a/src/lib/libssl/man/SSL_dup.3
+++ /dev/null
@@ -1,62 +0,0 @@
-.\" $OpenBSD: SSL_dup.3,v 1.5 2022/07/13 22:05:53 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: July 13 2022 $
-.Dt SSL_DUP 3
-.Os
-.Sh NAME
-.Nm SSL_dup
-.Nd deep copy of an SSL object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL *
-.Fo SSL_dup
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_dup
-constructs a new
-.Vt SSL
-object in the same context as
-.Fa ssl
-and copies much of the contained data from
-.Fa ssl
-to the new
-.Vt SSL
-object, but many fields, for example tlsext data, are not copied.
-.Pp
-As an exception from deep copying, if a session is already established,
-the new object shares
-.Fa ssl->cert
-with the original object.
-.Sh RETURN VALUES
-.Fn SSL_dup
-returns the new
-.Vt SSL
-object or
-.Dv NULL
-on failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_copy_session_id 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_security_level 3
-.Sh HISTORY
-.Fn SSL_dup
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_dup_CA_list.3 b/src/lib/libssl/man/SSL_dup_CA_list.3
deleted file mode 100644
index d073b07176..0000000000
--- a/src/lib/libssl/man/SSL_dup_CA_list.3
+++ /dev/null
@@ -1,54 +0,0 @@
-.\" $OpenBSD: SSL_dup_CA_list.3,v 1.6 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_DUP_CA_LIST 3
-.Os
-.Sh NAME
-.Nm SSL_dup_CA_list
-.Nd deep copy of a stack of X.509 Name objects
-.\" The capital "N" in "Name" is intentional (X.509 syntax).
-.Sh SYNOPSIS
-.Ft STACK_OF(X509_NAME) *
-.Fo SSL_dup_CA_list
-.Fa "const STACK_OF(X509_NAME) *sk"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_dup_CA_list
-constructs a new
-.Vt STACK_OF(X509_NAME)
-object and places copies of all the
-.Vt X509_NAME
-objects found on
-.Fa sk
-on it.
-.Sh RETURN VALUES
-.Fn SSL_dup_CA_list
-returns the new
-.Vt STACK_OF(X509_NAME)
-or
-.Dv NULL
-on failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
-.Xr SSL_get_client_CA_list 3 ,
-.Xr SSL_load_client_CA_file 3 ,
-.Xr X509_NAME_new 3
-.Sh HISTORY
-.Fn SSL_dup_CA_list
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_export_keying_material.3 b/src/lib/libssl/man/SSL_export_keying_material.3
deleted file mode 100644
index e32a5c5d61..0000000000
--- a/src/lib/libssl/man/SSL_export_keying_material.3
+++ /dev/null
@@ -1,133 +0,0 @@
-.\"     $OpenBSD: SSL_export_keying_material.3,v 1.3 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL a599574b Jun 28 17:18:27 2017 +0100
-.\"     OpenSSL 23cec1f4 Jun 21 13:55:02 2017 +0100
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_EXPORT_KEYING_MATERIAL 3
-.Os
-.Sh NAME
-.Nm SSL_export_keying_material
-.Nd obtain keying material for application use
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_export_keying_material
-.Fa "SSL *s"
-.Fa "unsigned char *out"
-.Fa "size_t olen"
-.Fa "const char *label"
-.Fa "size_t llen"
-.Fa "const unsigned char *context"
-.Fa "size_t contextlen"
-.Fa "int use_context"
-.Fc
-.Sh DESCRIPTION
-During the creation of a TLS or DTLS connection,
-shared keying material is established between the two endpoints.
-The function
-.Fn SSL_export_keying_material
-enables an application to use some of this keying material
-for its own purposes in accordance with RFC 5705.
-.Pp
-An application may need to securely establish the context
-within which this keying material will be used.
-For example, this may include identifiers for the application session,
-application algorithms or parameters, or the lifetime of the context.
-The context value is left to the application but must be the same on
-both sides of the communication.
-.Pp
-For a given SSL connection
-.Fa s ,
-.Fa olen
-bytes of data will be written to
-.Fa out .
-The application specific context should be supplied
-in the location pointed to by
-.Fa context
-and should be
-.Fa contextlen
-bytes long.
-Provision of a context is optional.
-If the context should be omitted entirely, then
-.Fa use_context
-should be set to 0.
-Otherwise it should be any other value.
-If
-.Fa use_context
-is 0, then the values of
-.Fa context
-and
-.Fa contextlen
-are ignored.
-.Pp
-In TLSv1.2 and below, a zero length context is treated differently
-from no context at all, and will result in different keying material
-being returned.
-.Pp
-An application specific label should be provided in the location pointed
-to by
-.Fa label
-and should be
-.Fa llen
-bytes long.
-Typically this will be a value from the
-.Lk https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#exporter-labels "IANA Exporter Label Registry" .
-.Pp
-Alternatively, labels beginning with "EXPERIMENTAL" are permitted by the
-standard to be used without registration.
-.Sh RETURN VALUES
-.Fn SSL_export_keying_material
-returns 1 on success or 0 or -1 on failure.
-.Sh SEE ALSO
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_export_keying_material
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
diff --git a/src/lib/libssl/man/SSL_free.3 b/src/lib/libssl/man/SSL_free.3
deleted file mode 100644
index c713ded121..0000000000
--- a/src/lib/libssl/man/SSL_free.3
+++ /dev/null
@@ -1,115 +0,0 @@
-.\"     $OpenBSD: SSL_free.3,v 1.6 2021/06/11 19:41:39 jmc Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 11 2021 $
-.Dt SSL_FREE 3
-.Os
-.Sh NAME
-.Nm SSL_free
-.Nd free an allocated SSL structure
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_free "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_free
-decrements the reference count of
-.Fa ssl ,
-and removes the
-.Vt SSL
-structure pointed to by
-.Fa ssl
-and frees up the allocated memory if the reference count has reached 0.
-If
-.Fa ssl
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn SSL_free
-also calls the
-.Xr free 3 Ns
-ing procedures for indirectly affected items, if applicable: the buffering
-.Vt BIO ,
-the read and write
-.Vt BIOs ,
-cipher lists specially created for this
-.Fa ssl ,
-the
-.Sy SSL_SESSION .
-Do not explicitly free these indirectly freed up items before or after calling
-.Fn SSL_free ,
-as trying to free things twice may lead to program failure.
-.Pp
-The
-.Fa ssl
-session has reference counts from two users: the
-.Vt SSL
-object, for which the reference count is removed by
-.Fn SSL_free
-and the internal session cache.
-If the session is considered bad, because
-.Xr SSL_shutdown 3
-was not called for the connection and
-.Xr SSL_set_shutdown 3
-was not used to set the
-.Vt SSL_SENT_SHUTDOWN
-state, the session will also be removed from the session cache as required by
-RFC 2246.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_shutdown 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_free
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_SSL_CTX.3 b/src/lib/libssl/man/SSL_get_SSL_CTX.3
deleted file mode 100644
index 60fda555bc..0000000000
--- a/src/lib/libssl/man/SSL_get_SSL_CTX.3
+++ /dev/null
@@ -1,79 +0,0 @@
-.\"     $OpenBSD: SSL_get_SSL_CTX.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_SSL_CTX 3
-.Os
-.Sh NAME
-.Nm SSL_get_SSL_CTX
-.Nd get the SSL_CTX from which an SSL is created
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_CTX *
-.Fn SSL_get_SSL_CTX "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_SSL_CTX
-returns a pointer to the
-.Vt SSL_CTX
-object from which
-.Fa ssl
-was created with
-.Xr SSL_new 3 .
-.Sh RETURN VALUES
-The pointer to the
-.Vt SSL_CTX
-object is returned.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_new 3
-.Sh HISTORY
-.Fn SSL_get_SSL_CTX
-first appeared in SSLeay 0.5.1 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_certificate.3 b/src/lib/libssl/man/SSL_get_certificate.3
deleted file mode 100644
index eb53ea49bf..0000000000
--- a/src/lib/libssl/man/SSL_get_certificate.3
+++ /dev/null
@@ -1,64 +0,0 @@
-.\" $OpenBSD: SSL_get_certificate.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_GET_CERTIFICATE 3
-.Os
-.Sh NAME
-.Nm SSL_get_certificate ,
-.Nm SSL_get_privatekey
-.Nd get SSL certificate and private key
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft X509 *
-.Fo SSL_get_certificate
-.Fa "const SSL *ssl"
-.Fc
-.Ft EVP_PKEY *
-.Fo SSL_get_privatekey
-.Fa "const SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-These functions retrieve certificate and key data from an
-.Vt SSL
-object.
-They return internal pointers that must not be freed by the application
-program.
-.Sh RETURN VALUES
-.Fn SSL_get_certificate
-returns the active X.509 certificate currently used by
-.Fa ssl
-or
-.Dv NULL
-if none is active.
-.Pp
-.Fn SSL_get_privatekey
-returns the active private key currently used by
-.Fa ssl
-or
-.Dv NULL
-if none is active.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_check_private_key 3 ,
-.Xr SSL_use_certificate 3
-.Sh HISTORY
-.Fn SSL_get_certificate
-first appeared in SSLeay 0.5.2a.
-.Fn SSL_get_privatekey
-first appeared in SSLeay 0.8.0.
-Both functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_ciphers.3 b/src/lib/libssl/man/SSL_get_ciphers.3
deleted file mode 100644
index 8030f0bbb1..0000000000
--- a/src/lib/libssl/man/SSL_get_ciphers.3
+++ /dev/null
@@ -1,249 +0,0 @@
-.\" $OpenBSD: SSL_get_ciphers.3,v 1.11 2020/09/16 07:25:15 schwarze Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Lutz Jaenicke <jaenicke@openssl.org>,
-.\" Nick Mathewson <nickm@torproject.org>, Kurt Roeckx <kurt@roeckx.be>,
-.\" Kazuki Yamaguchi <k@rhe.jp>, and Benjamin Kaduk <bkaduk@akamai.com>.
-.\" Copyright (c) 2000, 2005, 2015, 2016, 2017 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 16 2020 $
-.Dt SSL_GET_CIPHERS 3
-.Os
-.Sh NAME
-.Nm SSL_get_ciphers ,
-.Nm SSL_CTX_get_ciphers ,
-.Nm SSL_get1_supported_ciphers ,
-.Nm SSL_get_client_ciphers ,
-.Nm SSL_get_cipher_list
-.Nd get lists of available SSL_CIPHERs
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft STACK_OF(SSL_CIPHER) *
-.Fn SSL_get_ciphers "const SSL *ssl"
-.Ft STACK_OF(SSL_CIPHER) *
-.Fn SSL_CTX_get_ciphers "const SSL_CTX *ctx"
-.Ft STACK_OF(SSL_CIPHER) *
-.Fn SSL_get1_supported_ciphers "SSL *ssl"
-.Ft STACK_OF(SSL_CIPHER) *
-.Fn SSL_get_client_ciphers "const SSL *ssl"
-.Ft const char *
-.Fn SSL_get_cipher_list "const SSL *ssl" "int priority"
-.Sh DESCRIPTION
-.Fn SSL_get_ciphers
-returns the stack of available
-.Vt SSL_CIPHER Ns s
-for
-.Fa ssl ,
-sorted by preference.
-.Pp
-.Fn SSL_CTX_get_ciphers
-returns the stack of available
-.Vt SSL_CIPHER Ns s
-for
-.Fa ctx .
-.Pp
-.Fn SSL_get1_supported_ciphers
-returns a stack of enabled
-.Vt SSL_CIPHER Ns s
-for
-.Fa ssl
-as it would be sent in a ClientHello, sorted by preference.
-The list depends on settings like the cipher list, the supported
-protocol versions, the security level, and the enabled signature
-algorithms.
-The list of ciphers that would be sent in a ClientHello can differ
-from the list of ciphers that would be acceptable when acting as a
-server.
-For example,
-additional ciphers may be usable by a server if there is a gap in the
-list of supported protocols, and some ciphers may not be usable by a
-server if there is not a suitable certificate configured.
-.Pp
-.Fn SSL_get_client_ciphers
-returns the stack of available
-.Vt SSL_CIPHER Ns s
-matching the list received from the client on
-.Fa ssl .
-.Pp
-The details of the ciphers obtained by
-.Fn SSL_get_ciphers ,
-.Fn SSL_CTX_get_ciphers ,
-.Fn SSL_get1_supported_ciphers ,
-and
-.Fn SSL_get_client_ciphers
-can be obtained using the
-.Xr SSL_CIPHER_get_name 3
-family of functions.
-.Pp
-.Fn SSL_get_cipher_list
-is deprecated \(em use
-.Fn SSL_get_ciphers
-instead \(em and badly misnamed; it does not return a list
-but the name of one element of the return value of
-.Fn SSL_get_ciphers ,
-with the index given by the
-.Fa priority
-argument.
-Passing 0 selects the cipher with the highest priority.
-To iterate over all available ciphers in decreasing priority,
-repeatedly increment the argument by 1 until
-.Dv NULL
-is returned.
-.Sh RETURN VALUES
-.Fn SSL_get_ciphers
-returns an internal pointer to a list of ciphers or
-.Dv NULL
-if
-.Fa ssl
-is
-.Dv NULL
-or if no ciphers are available.
-The returned pointer may not only become invalid when
-.Fa ssl
-is destroyed or when
-.Xr SSL_set_cipher_list 3
-is called on it, but also when the
-.Vt SSL_CTX
-object in use by
-.Fa ssl
-at the time of the call is freed or when
-.Xr SSL_CTX_set_cipher_list 3
-is called on that context object.
-.Pp
-.Fn SSL_CTX_get_ciphers
-returns an internal pointer to a list of ciphers or
-.Dv NULL
-if
-.Fa ctx
-is
-.Dv NULL
-or if no ciphers are available.
-The returned pointer becomes invalid when
-.Fa ctx
-is destroyed or when
-.Xr SSL_CTX_set_cipher_list 3
-is called on it.
-.Pp
-.Fn SSL_get1_supported_ciphers
-returns a newly allocated list of ciphers or
-.Dv NULL
-if
-.Fa ssl
-is
-.Dv NULL ,
-if no ciphers are available, or if an error occurs.
-When the returned pointer is no longer needed, the caller is
-responsible for freeing it using
-.Fn sk_SSL_CIPHER_free .
-.Pp
-.Fn SSL_get_client_ciphers
-returns an internal pointer to a list of ciphers or
-.Dv NULL
-if
-.Fa ssl
-is
-.Dv NULL ,
-has no active session,
-or is not operating in server mode.
-The returned pointer becomes invalid when the
-.Vt SSL_SESSION
-object is destroyed, even if the
-.Fa ssl
-object remains valid.
-It may also become invalid in other circumstances,
-for example when processing a new ClientHello.
-.Pp
-.Fn SSL_get_cipher_list
-returns an internal pointer to a string or
-.Dv NULL
-if
-.Fa ssl
-is
-.Dv NULL ,
-if no ciphers are available, or if
-.Fa priority
-is greater than or equal to the number of available ciphers.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CIPHER_get_name 3 ,
-.Xr SSL_CTX_set_cipher_list 3
-.Sh HISTORY
-.Fn SSL_get_cipher_list
-first appeared in SSLeay 0.5.2.
-.Fn SSL_get_ciphers
-first appeared in SSLeay 0.8.0.
-Both functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_CTX_get_ciphers
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
-.Pp
-.Fn SSL_get1_supported_ciphers
-and
-.Fn SSL_get_client_ciphers
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.5 .
diff --git a/src/lib/libssl/man/SSL_get_client_CA_list.3 b/src/lib/libssl/man/SSL_get_client_CA_list.3
deleted file mode 100644
index e80e5cb6f5..0000000000
--- a/src/lib/libssl/man/SSL_get_client_CA_list.3
+++ /dev/null
@@ -1,96 +0,0 @@
-.\"     $OpenBSD: SSL_get_client_CA_list.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_CLIENT_CA_LIST 3
-.Os
-.Sh NAME
-.Nm SSL_get_client_CA_list ,
-.Nm SSL_CTX_get_client_CA_list
-.Nd get list of client CAs
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft STACK_OF(X509_NAME) *
-.Fn SSL_get_client_CA_list "const SSL *s"
-.Ft STACK_OF(X509_NAME) *
-.Fn SSL_CTX_get_client_CA_list "const SSL_CTX *ctx"
-.Sh DESCRIPTION
-.Fn SSL_CTX_get_client_CA_list
-returns the list of client CAs explicitly set for
-.Fa ctx
-using
-.Xr SSL_CTX_set_client_CA_list 3 .
-.Pp
-.Fn SSL_get_client_CA_list
-returns the list of client CAs explicitly set for
-.Fa ssl
-using
-.Fn SSL_set_client_CA_list
-or
-.Fa ssl Ns 's
-.Vt SSL_CTX
-object with
-.Xr SSL_CTX_set_client_CA_list 3 ,
-when in server mode.
-In client mode,
-.Fn SSL_get_client_CA_list
-returns the list of client CAs sent from the server, if any.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
-.Xr SSL_CTX_set_client_cert_cb 3 ,
-.Xr X509_NAME_new 3
-.Sh HISTORY
-.Fn SSL_get_client_CA_list
-and
-.Fn SSL_CTX_get_client_CA_list
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_client_random.3 b/src/lib/libssl/man/SSL_get_client_random.3
deleted file mode 100644
index eda74db355..0000000000
--- a/src/lib/libssl/man/SSL_get_client_random.3
+++ /dev/null
@@ -1,150 +0,0 @@
-.\" $OpenBSD: SSL_get_client_random.3,v 1.2 2018/03/24 00:55:37 schwarze Exp $
-.\" full merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
-.\"
-.\" This file was written by Nick Mathewson <nickm@torproject.org>
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 24 2018 $
-.Dt SSL_GET_CLIENT_RANDOM 3
-.Os
-.Sh NAME
-.Nm SSL_get_client_random ,
-.Nm SSL_get_server_random ,
-.Nm SSL_SESSION_get_master_key
-.Nd get internal TLS handshake random values and master key
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft size_t
-.Fo SSL_get_client_random
-.Fa "const SSL *ssl"
-.Fa "unsigned char *out"
-.Fa "size_t outlen"
-.Fc
-.Ft size_t
-.Fo SSL_get_server_random
-.Fa "const SSL *ssl"
-.Fa "unsigned char *out"
-.Fa "size_t outlen"
-.Fc
-.Ft size_t
-.Fo SSL_SESSION_get_master_key
-.Fa "const SSL_SESSION *session"
-.Fa "unsigned char *out"
-.Fa "size_t outlen"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_get_client_random
-extracts the random value that was sent from the client to the server
-during the initial TLS handshake.
-It copies at most
-.Fa outlen
-bytes of this value into the buffer
-.Fa out .
-If
-.Fa outlen
-is zero, nothing is copied.
-.Pp
-.Fn SSL_get_server_random
-behaves the same, but extracts the random value that was sent
-from the server to the client during the initial TLS handshake.
-.Pp
-.Fn SSL_SESSION_get_master_key
-behaves the same, but extracts the master secret used to guarantee the
-security of the TLS session.
-The security of the TLS session depends on keeping the master key
-secret: do not expose it, or any information about it, to anybody.
-To calculate another secret value that depends on the master secret,
-use
-.Xr SSL_export_keying_material 3
-instead.
-.Pp
-All these functions expose internal values from the TLS handshake,
-for use in low-level protocols.
-Avoid using them unless implementing a feature
-that requires access to the internal protocol details.
-.Pp
-Despite the names of
-.Fn SSL_get_client_random
-and
-.Fn SSL_get_server_random ,
-they are not random number generators.
-Instead, they return the mostly-random values that were already
-generated and used in the TLS protocol.
-.Pp
-In current versions of the TLS protocols,
-the length of client_random and server_random is always
-.Dv SSL3_RANDOM_SIZE
-bytes.
-Support for other
-.Fa outlen
-arguments is provided for the unlikely event that a future
-version or variant of TLS uses some other length.
-.Pp
-Finally, though the client_random and server_random values are called
-.Dq random ,
-many TLS implementations generate four bytes of those values
-based on their view of the current time.
-.Sh RETURN VALUES
-If
-.Fa outlen
-is greater than 0, these functions return the number of bytes
-actually copied, which is less than or equal to
-.Fa outlen .
-If
-.Fa outlen
-is 0, these functions return the maximum number of bytes they would
-copy \(em that is, the length of the underlying field.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_export_keying_material 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_new 3
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.1.0
-and have been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_get_current_cipher.3 b/src/lib/libssl/man/SSL_get_current_cipher.3
deleted file mode 100644
index 6b951d03ca..0000000000
--- a/src/lib/libssl/man/SSL_get_current_cipher.3
+++ /dev/null
@@ -1,122 +0,0 @@
-.\"     $OpenBSD: SSL_get_current_cipher.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2005, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_CURRENT_CIPHER 3
-.Os
-.Sh NAME
-.Nm SSL_get_current_cipher ,
-.Nm SSL_get_cipher ,
-.Nm SSL_get_cipher_name ,
-.Nm  SSL_get_cipher_bits ,
-.Nm SSL_get_cipher_version
-.Nd get SSL_CIPHER of a connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const SSL_CIPHER *
-.Fn SSL_get_current_cipher "const SSL *ssl"
-.Ft const char *
-.Fn SSL_get_cipher "const SSL *ssl"
-.Ft const char *
-.Fn SSL_get_cipher_name "const SSL *ssl"
-.Ft int
-.Fn SSL_get_cipher_bits "const SSL *ssl" "int *np"
-.Ft char *
-.Fn SSL_get_cipher_version "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_current_cipher
-returns a pointer to an
-.Vt SSL_CIPHER
-object containing the description of the actually used cipher of a connection
-established with the
-.Fa ssl
-object.
-See
-.Xr SSL_CIPHER_get_name 3
-for more details.
-.Pp
-.Fn SSL_get_cipher_name
-obtains the name of the currently used cipher.
-.Fn SSL_get_cipher
-is identical to
-.Fn SSL_get_cipher_name .
-.Pp
-.Fn SSL_get_cipher_bits
-obtains the number of secret/algorithm bits used and
-.Fn SSL_get_cipher_version
-returns the protocol name.
-.Pp
-.Fn SSL_get_cipher ,
-.Fn SSL_get_cipher_name ,
-.Fn SSL_get_cipher_bits ,
-and
-.Fn SSL_get_cipher_version
-are implemented as macros.
-.Sh RETURN VALUES
-.Fn SSL_get_current_cipher
-returns the cipher actually used, or
-.Dv NULL
-if no session has been established.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CIPHER_get_name 3
-.Sh HISTORY
-.Fn SSL_get_cipher
-appeared in SSLeay 0.4 or earlier.
-.Fn SSL_get_cipher_bits
-first appeared in SSLeay 0.6.4.
-.Fn SSL_get_cipher_name
-and
-.Fn SSL_get_cipher_version
-first appeared in SSLeay 0.8.0.
-.Fn SSL_get_current_cipher
-first appeared in SSLeay 0.8.1.
-These functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_default_timeout.3 b/src/lib/libssl/man/SSL_get_default_timeout.3
deleted file mode 100644
index 47737d8ee0..0000000000
--- a/src/lib/libssl/man/SSL_get_default_timeout.3
+++ /dev/null
@@ -1,85 +0,0 @@
-.\"     $OpenBSD: SSL_get_default_timeout.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_DEFAULT_TIMEOUT 3
-.Os
-.Sh NAME
-.Nm SSL_get_default_timeout
-.Nd get default session timeout value
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_get_default_timeout "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_default_timeout
-returns the default timeout value assigned to
-.Vt SSL_SESSION
-objects negotiated for the protocol valid for
-.Fa ssl .
-.Pp
-Whenever a new session is negotiated, it is assigned a timeout value,
-after which it will not be accepted for session reuse.
-If the timeout value was not explicitly set using
-.Xr SSL_CTX_set_timeout 3 ,
-the hardcoded default timeout for the protocol will be used.
-.Pp
-.Fn SSL_get_default_timeout
-return this hardcoded value, which is 300 seconds for all currently supported
-protocols (SSLv2, SSLv3, and TLSv1).
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_SESSION_get_time 3
-.Sh HISTORY
-.Fn SSL_get_default_timeout
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_error.3 b/src/lib/libssl/man/SSL_get_error.3
deleted file mode 100644
index 5d325b3f56..0000000000
--- a/src/lib/libssl/man/SSL_get_error.3
+++ /dev/null
@@ -1,217 +0,0 @@
-.\"     $OpenBSD: SSL_get_error.3,v 1.5 2018/04/29 07:37:01 guenther Exp $
-.\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
-.\"
-.\" This file was written by Bodo Moeller <bodo@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 29 2018 $
-.Dt SSL_GET_ERROR 3
-.Os
-.Sh NAME
-.Nm SSL_get_error
-.Nd obtain result code for TLS/SSL I/O operation
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_get_error "const SSL *ssl" "int ret"
-.Sh DESCRIPTION
-.Fn SSL_get_error
-returns a result code (suitable for the C
-.Dq switch
-statement) for a preceding call to
-.Xr SSL_connect 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_do_handshake 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_peek 3 ,
-or
-.Xr SSL_write 3
-on
-.Fa ssl .
-The value returned by that TLS/SSL I/O function must be passed to
-.Fn SSL_get_error
-in parameter
-.Fa ret .
-.Pp
-In addition to
-.Fa ssl
-and
-.Fa ret ,
-.Fn SSL_get_error
-inspects the current thread's OpenSSL error queue.
-Thus,
-.Fn SSL_get_error
-must be used in the same thread that performed the TLS/SSL I/O operation,
-and no other OpenSSL function calls should appear in between.
-The current thread's error queue must be empty before the TLS/SSL I/O operation
-is attempted, or
-.Fn SSL_get_error
-will not work reliably.
-.Sh RETURN VALUES
-The following return values can currently occur:
-.Bl -tag -width Ds
-.It Dv SSL_ERROR_NONE
-The TLS/SSL I/O operation completed.
-This result code is returned if and only if
-.Fa ret
-> 0.
-.It Dv SSL_ERROR_ZERO_RETURN
-The TLS/SSL connection has been closed.
-If the protocol version is SSL 3.0 or TLS 1.0, this result code is returned
-only if a closure alert has occurred in the protocol, i.e., if the connection
-has been closed cleanly.
-Note that in this case
-.Dv SSL_ERROR_ZERO_RETURN
-does not necessarily indicate that the underlying transport has been closed.
-.It Dv SSL_ERROR_WANT_READ , Dv SSL_ERROR_WANT_WRITE
-The operation did not complete;
-the same TLS/SSL I/O function should be called again later.
-If, by then, the underlying
-.Vt BIO
-has data available for reading (if the result code is
-.Dv SSL_ERROR_WANT_READ )
-or allows writing data
-.Pq Dv SSL_ERROR_WANT_WRITE ,
-then some TLS/SSL protocol progress will take place,
-i.e., at least part of a TLS/SSL record will be read or written.
-Note that the retry may again lead to a
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE
-condition.
-There is no fixed upper limit for the number of iterations that may be
-necessary until progress becomes visible at application protocol level.
-.Pp
-For socket
-.Fa BIO Ns
-s (e.g., when
-.Fn SSL_set_fd
-was used),
-.Xr select 2
-or
-.Xr poll 2
-on the underlying socket can be used to find out when the TLS/SSL I/O function
-should be retried.
-.Pp
-Caveat: Any TLS/SSL I/O function can lead to either of
-.Dv SSL_ERROR_WANT_READ
-and
-.Dv SSL_ERROR_WANT_WRITE .
-In particular,
-.Xr SSL_read 3
-or
-.Xr SSL_peek 3
-may want to write data and
-.Xr SSL_write 3
-may want
-to read data.
-This is mainly because TLS/SSL handshakes may occur at any time during the
-protocol (initiated by either the client or the server);
-.Xr SSL_read 3 ,
-.Xr SSL_peek 3 ,
-and
-.Xr SSL_write 3
-will handle any pending handshakes.
-.It Dv SSL_ERROR_WANT_CONNECT , Dv SSL_ERROR_WANT_ACCEPT
-The operation did not complete; the same TLS/SSL I/O function should be
-called again later.
-The underlying BIO was not connected yet to the peer and the call would block
-in
-.Xr connect 2 Ns / Ns
-.Xr accept 2 .
-The SSL function should be
-called again when the connection is established.
-These messages can only appear with a
-.Xr BIO_s_connect 3
-or
-.Xr BIO_s_accept 3
-.Vt BIO ,
-respectively.
-In order to find out when the connection has been successfully established,
-on many platforms
-.Xr select 2
-or
-.Xr poll 2
-for writing on the socket file descriptor can be used.
-.It Dv SSL_ERROR_WANT_X509_LOOKUP
-The operation did not complete because an application callback set by
-.Xr SSL_CTX_set_client_cert_cb 3
-has asked to be called again.
-The TLS/SSL I/O function should be called again later.
-Details depend on the application.
-.It Dv SSL_ERROR_SYSCALL
-Some I/O error occurred.
-The OpenSSL error queue may contain more information on the error.
-If the error queue is empty (i.e.,
-.Fn ERR_get_error
-returns 0),
-.Fa ret
-can be used to find out more about the error:
-If
-.Fa ret
-== 0, an
-.Dv EOF
-was observed that violates the protocol.
-If
-.Fa ret
-== \(mi1, the underlying
-.Vt BIO
-reported an
-I/O error (for socket I/O on Unix systems, consult
-.Dv errno
-for details).
-.It Dv SSL_ERROR_SSL
-A failure in the SSL library occurred, usually a protocol error.
-The OpenSSL error queue contains more information on the error.
-.El
-.Sh SEE ALSO
-.Xr err 3 ,
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_get_error
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3 b/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
deleted file mode 100644
index a249cda6ac..0000000000
--- a/src/lib/libssl/man/SSL_get_ex_data_X509_STORE_CTX_idx.3
+++ /dev/null
@@ -1,116 +0,0 @@
-.\"     $OpenBSD: SSL_get_ex_data_X509_STORE_CTX_idx.3,v 1.5 2022/02/06 00:29:02 jsg Exp $
-.\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: February 6 2022 $
-.Dt SSL_GET_EX_DATA_X509_STORE_CTX_IDX 3
-.Os
-.Sh NAME
-.Nm SSL_get_ex_data_X509_STORE_CTX_idx
-.Nd get ex_data index to access SSL structure from X509_STORE_CTX
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx void
-.Sh DESCRIPTION
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx
-returns the index number under which the pointer to the
-.Vt SSL
-object is stored into the
-.Vt X509_STORE_CTX
-object.
-.Pp
-Whenever a
-.Vt X509_STORE_CTX
-object is created for the verification of the peer's certificate during a
-handshake, a pointer to the
-.Vt SSL
-object is stored into the
-.Vt X509_STORE_CTX
-object to identify the connection affected.
-To retrieve this pointer the
-.Xr X509_STORE_CTX_get_ex_data 3
-function can be used with the correct index.
-This index is globally the same for all
-.Vt X509_STORE_CTX
-objects and can be retrieved using
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx .
-The index value is set when
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx
-is first called either by the application program directly or indirectly during
-other SSL setup functions or during the handshake.
-.Pp
-The value depends on other index values defined for
-.Vt X509_STORE_CTX
-objects before the SSL index is created.
-.Sh RETURN VALUES
-.Bl -tag -width Ds
-.It \(>=0
-The index value to access the pointer.
-.It <0
-An error occurred, check the error stack for a detailed error message.
-.El
-.Sh EXAMPLES
-The index returned from
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx
-provides access to
-.Vt SSL
-object for the connection during the
-.Fn verify_callback
-when checking the peer's certificate.
-Check the example in
-.Xr SSL_CTX_set_verify 3 .
-.Sh SEE ALSO
-.Xr CRYPTO_set_ex_data 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3
-.Sh HISTORY
-.Fn SSL_get_ex_data_X509_STORE_CTX_idx
-first appeared in SSLeay 0.9.1 and has been available since
-.Ox 2.6 .
diff --git a/src/lib/libssl/man/SSL_get_ex_new_index.3 b/src/lib/libssl/man/SSL_get_ex_new_index.3
deleted file mode 100644
index cecd25fa44..0000000000
--- a/src/lib/libssl/man/SSL_get_ex_new_index.3
+++ /dev/null
@@ -1,136 +0,0 @@
-.\"     $OpenBSD: SSL_get_ex_new_index.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_EX_NEW_INDEX 3
-.Os
-.Sh NAME
-.Nm SSL_get_ex_new_index ,
-.Nm SSL_set_ex_data ,
-.Nm SSL_get_ex_data
-.Nd internal application specific data functions
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_get_ex_new_index
-.Fa "long argl"
-.Fa "void *argp"
-.Fa "CRYPTO_EX_new *new_func"
-.Fa "CRYPTO_EX_dup *dup_func"
-.Fa "CRYPTO_EX_free *free_func"
-.Fc
-.Ft int
-.Fn SSL_set_ex_data "SSL *ssl" "int idx" "void *arg"
-.Ft void *
-.Fn SSL_get_ex_data "const SSL *ssl" "int idx"
-.Bd -literal
-typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-               int idx, long argl, void *argp);
-typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad,
-               int idx, long argl, void *argp);
-typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d,
-               int idx, long argl, void *argp);
-.Ed
-.Sh DESCRIPTION
-Several OpenSSL structures can have application specific data attached to them.
-These functions are used internally by OpenSSL to manipulate application
-specific data attached to a specific structure.
-.Pp
-.Fn SSL_get_ex_new_index
-is used to register a new index for application specific data.
-.Pp
-.Fn SSL_set_ex_data
-is used to store application data at
-.Fa arg
-for
-.Fa idx
-into the
-.Fa ssl
-object.
-.Pp
-.Fn SSL_get_ex_data
-is used to retrieve the information for
-.Fa idx
-from
-.Fa ssl .
-.Pp
-A detailed description for the
-.Fn *_get_ex_new_index
-functionality can be found in
-.Xr RSA_get_ex_new_index 3 .
-The
-.Fn *_get_ex_data
-and
-.Fn *_set_ex_data
-functionality is described in
-.Xr CRYPTO_set_ex_data 3 .
-.Sh EXAMPLES
-An example of how to use the functionality is included in the example
-.Fn verify_callback
-in
-.Xr SSL_CTX_set_verify 3 .
-.Sh SEE ALSO
-.Xr CRYPTO_set_ex_data 3 ,
-.Xr RSA_get_ex_new_index 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3
-.Sh HISTORY
-Precursor functions
-.Fn SSL_set_app_data
-and
-.Fn SSL_get_app_data
-first appeared in SSLeay 0.6.1.
-.Pp
-.Fn SSL_get_ex_new_index ,
-.Fn SSL_set_ex_data ,
-and
-.Fn SSL_get_ex_data
-first appeared in SSLeay 0.9.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_fd.3 b/src/lib/libssl/man/SSL_get_fd.3
deleted file mode 100644
index 1e093424cb..0000000000
--- a/src/lib/libssl/man/SSL_get_fd.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\"     $OpenBSD: SSL_get_fd.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2005, 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_FD 3
-.Os
-.Sh NAME
-.Nm SSL_get_fd ,
-.Nm SSL_get_rfd ,
-.Nm SSL_get_wfd
-.Nd get file descriptor linked to an SSL object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_get_fd "const SSL *ssl"
-.Ft int
-.Fn SSL_get_rfd "const SSL *ssl"
-.Ft int
-.Fn SSL_get_wfd "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_fd
-returns the file descriptor which is linked to
-.Fa ssl .
-.Fn SSL_get_rfd
-and
-.Fn SSL_get_wfd
-return the file descriptors for the read or the write channel,
-which can be different.
-If the read and the write channel are different,
-.Fn SSL_get_fd
-will return the file descriptor of the read channel.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It \(mi1
-The operation failed, because the underlying
-.Vt BIO
-is not of the correct type (suitable for file descriptors).
-.It \(>=0
-The file descriptor linked to
-.Fa ssl .
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_set_fd 3
-.Sh HISTORY
-.Fn SSL_get_fd
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_get_rfd
-and
-.Fn SSL_get_wfd
-first appeared in OpenSSL 0.9.6c and have been available since
-.Ox 3.2 .
diff --git a/src/lib/libssl/man/SSL_get_finished.3 b/src/lib/libssl/man/SSL_get_finished.3
deleted file mode 100644
index 3cfb655ea0..0000000000
--- a/src/lib/libssl/man/SSL_get_finished.3
+++ /dev/null
@@ -1,77 +0,0 @@
-.\" $OpenBSD: SSL_get_finished.3,v 1.2 2021/01/30 10:48:15 tb Exp $
-.\"
-.\" Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: January 30 2021 $
-.Dt SSL_GET_FINISHED 3
-.Os
-.Sh NAME
-.Nm SSL_get_finished ,
-.Nm SSL_get_peer_finished
-.Nd get last sent or last expected finished message
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft size_t
-.Fn SSL_get_finished "const SSL *ssl" "void *buf" "size_t count"
-.Ft size_t
-.Fn SSL_get_peer_finished "const SSL *ssl" "void *buf" "size_t count"
-.Sh DESCRIPTION
-.Fn SSL_get_finished
-and
-.Fn SSL_get_peer_finished
-copy
-.Fa count
-bytes from the last finished message sent to the peer
-or expected from the peer into the
-caller-provided buffer
-.Fa buf .
-.Pp
-The finished message is computed from a checksum of the handshake records
-exchanged with the peer.
-Its length depends on the ciphersuite in use and is at most
-.Dv EVP_MAX_MD_SIZE ,
-i.e., 64 bytes.
-.\" In TLSv1.3 the length is equal to the length of the hash algorithm
-.\" used by the hash-based message authentication code (HMAC),
-.\" which is currently either 32 bytes for SHA-256 or 48 bytes for SHA-384.
-.\" In TLSv1.2 the length defaults to 12 bytes, but it can explicitly be
-.\" specified by the ciphersuite to be longer.
-.\" In TLS versions 1.1 and 1.0, the finished message has a fixed length
-.\" of 12 bytes.
-.Sh RETURN VALUES
-.Fn SSL_get_finished
-and
-.Fn SSL_get_peer_finished
-return the number of bytes copied into
-.Fa buf .
-The return value is zero if the handshake has not reached the
-finished message.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_set_session 3
-.Sh STANDARDS
-RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3,
-section 4.4.4: Finished.
-.Pp
-RFC 5246: The Transport Layer Security (TLS) Protocol Version 1.2,
-section 7.4.9: Finished.
-.Sh HISTORY
-.Fn SSL_get_finished
-and
-.Fn SSL_get_peer_finished
-first appeared in SSLeay 0.9.5
-and have been available since
-.Ox 2.7 .
diff --git a/src/lib/libssl/man/SSL_get_peer_cert_chain.3 b/src/lib/libssl/man/SSL_get_peer_cert_chain.3
deleted file mode 100644
index eb2ae53dc4..0000000000
--- a/src/lib/libssl/man/SSL_get_peer_cert_chain.3
+++ /dev/null
@@ -1,107 +0,0 @@
-.\"     $OpenBSD: SSL_get_peer_cert_chain.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL SSL_get_peer_cert_chain.pod 1f164c6f Jan 18 01:40:36 2017 +0100
-.\"     OpenSSL SSL_get_peer_cert_chain.pod 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2005, 2014, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_PEER_CERT_CHAIN 3
-.Os
-.Sh NAME
-.Nm SSL_get_peer_cert_chain
-.Nd get the X509 certificate chain sent by the peer
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft STACK_OF(X509) *
-.Fn SSL_get_peer_cert_chain "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_peer_cert_chain
-returns a pointer to
-.Dv STACK_OF Ns Po Vt X509 Pc
-certificates forming the certificate chain of the peer.
-If called on the client side, the stack also contains the peer's certificate;
-if called on the server side, the peer's certificate must be obtained
-separately using
-.Xr SSL_get_peer_certificate 3 .
-If the peer did not present a certificate,
-.Dv NULL
-is returned.
-.Pp
-.Fn SSL_get_peer_cert_chain
-returns the peer chain as sent by the peer: it only consists of
-certificates the peer has sent (in the order the peer has sent them)
-and it is not a verified chain.
-.Pp
-If the session is resumed, peers do not send certificates, so a
-.Dv NULL
-pointer is returned.
-Applications can call
-.Fn SSL_session_reused
-to determine whether a session is resumed.
-.Pp
-The reference count of the
-.Dv STACK_OF Ns Po Vt X509 Pc
-object is not incremented.
-If the corresponding session is freed, the pointer must not be used any longer.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It Dv NULL
-No certificate was presented by the peer or no connection was established or
-the certificate chain is no longer available when a session is reused.
-.It Pointer to a Dv STACK_OF Ns Po X509 Pc
-The return value points to the certificate chain presented by the peer.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_peer_certificate 3
-.Sh HISTORY
-.Fn SSL_get_peer_cert_chain
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_peer_certificate.3 b/src/lib/libssl/man/SSL_get_peer_certificate.3
deleted file mode 100644
index 99f9330288..0000000000
--- a/src/lib/libssl/man/SSL_get_peer_certificate.3
+++ /dev/null
@@ -1,105 +0,0 @@
-.\" $OpenBSD: SSL_get_peer_certificate.3,v 1.6 2021/06/26 17:36:28 tb Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 26 2021 $
-.Dt SSL_GET_PEER_CERTIFICATE 3
-.Os
-.Sh NAME
-.Nm SSL_get_peer_certificate
-.Nd get the X509 certificate of the peer
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft X509 *
-.Fn SSL_get_peer_certificate "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_peer_certificate
-returns a pointer to the X509 certificate the peer presented.
-If the peer did not present a certificate,
-.Dv NULL
-is returned.
-.Pp
-Due to the protocol definition, a TLS/SSL server will always send a
-certificate, if present.
-A client will only send a certificate when explicitly requested to do so by the
-server (see
-.Xr SSL_CTX_set_verify 3 ) .
-If an anonymous cipher is used, no certificates are sent.
-.Pp
-That a certificate is returned does not indicate information about the
-verification state.
-Use
-.Xr SSL_get_verify_result 3
-to check the verification state.
-.Pp
-The reference count of the
-.Vt X509
-object is incremented by one, so that it will not be destroyed when the session
-containing the peer certificate is freed.
-The
-.Vt X509
-object must be explicitly freed using
-.Xr X509_free 3 .
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It Dv NULL
-No certificate was presented by the peer or no connection was established.
-.It Pointer to an X509 certificate
-The return value points to the certificate presented by the peer.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_get0_peername 3 ,
-.Xr SSL_get_verify_result 3
-.Sh HISTORY
-.Fn SSL_get_peer_certificate
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_rbio.3 b/src/lib/libssl/man/SSL_get_rbio.3
deleted file mode 100644
index 38096fbecf..0000000000
--- a/src/lib/libssl/man/SSL_get_rbio.3
+++ /dev/null
@@ -1,98 +0,0 @@
-.\"     $OpenBSD: SSL_get_rbio.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_GET_RBIO 3
-.Os
-.Sh NAME
-.Nm SSL_get_rbio ,
-.Nm SSL_get_wbio
-.Nd get BIO linked to an SSL object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft BIO *
-.Fn SSL_get_rbio "SSL *ssl"
-.Ft BIO *
-.Fn SSL_get_wbio "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_rbio
-and
-.Fn SSL_get_wbio
-return pointers to the
-.Vt BIO Ns s
-for the read or the write channel, which can be different.
-The reference count of the
-.Vt BIO
-is not incremented.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It Dv NULL
-No
-.Vt BIO
-was connected to the
-.Vt SSL
-object.
-.It Any other pointer
-The
-.Vt BIO
-linked to
-.Fa ssl .
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_set_bio 3
-.Sh HISTORY
-.Fn SSL_get_rbio
-and
-.Fn SSL_get_wbio
-first appeared in SSLeay 0.6.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_server_tmp_key.3 b/src/lib/libssl/man/SSL_get_server_tmp_key.3
deleted file mode 100644
index aeeb358240..0000000000
--- a/src/lib/libssl/man/SSL_get_server_tmp_key.3
+++ /dev/null
@@ -1,89 +0,0 @@
-.\"     $OpenBSD: SSL_get_server_tmp_key.3,v 1.4 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL SSL_get_server_tmp_key.pod 508fafd8 Apr 3 15:41:21 2017 +0100
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_GET_SERVER_TMP_KEY 3
-.Os
-.Sh NAME
-.Nm SSL_get_server_tmp_key
-.Nd temporary server key during a handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fo SSL_get_server_tmp_key
-.Fa "SSL *ssl"
-.Fa "EVP_PKEY **key"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_get_server_tmp_key
-retrieves the temporary key provided by the server
-and used during key exchange.
-For example, if ECDHE is in use,
-this represents the server's public ECDHE key.
-.Pp
-In case of success, a copy of the key is stored in
-.Pf * Fa key .
-It is the caller's responsibility to free this key after use using
-.Xr EVP_PKEY_free 3 .
-.Pp
-This function may only be called by the client.
-.Pp
-This function is implemented as a macro.
-.Sh RETURN VALUES
-.Fn SSL_get_server_tmp_key
-returns 1 on success or 0 on failure.
-.Sh SEE ALSO
-.Xr EVP_PKEY_free 3 ,
-.Xr ssl 3 ,
-.Xr SSL_ctrl 3
-.Sh HISTORY
-.Fn SSL_get_server_tmp_key
-first appeared in OpenSSL 1.0.2 and has been available since
-.Ox 6.1 .
diff --git a/src/lib/libssl/man/SSL_get_session.3 b/src/lib/libssl/man/SSL_get_session.3
deleted file mode 100644
index 2ab43fdd3e..0000000000
--- a/src/lib/libssl/man/SSL_get_session.3
+++ /dev/null
@@ -1,163 +0,0 @@
-.\"     $OpenBSD: SSL_get_session.3,v 1.8 2022/03/31 17:27:18 naddy Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2005, 2013, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 31 2022 $
-.Dt SSL_GET_SESSION 3
-.Os
-.Sh NAME
-.Nm SSL_get_session ,
-.Nm SSL_get0_session ,
-.Nm SSL_get1_session
-.Nd retrieve TLS/SSL session data
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_SESSION *
-.Fn SSL_get_session "const SSL *ssl"
-.Ft SSL_SESSION *
-.Fn SSL_get0_session "const SSL *ssl"
-.Ft SSL_SESSION *
-.Fn SSL_get1_session "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_session
-returns a pointer to the
-.Vt SSL_SESSION
-actually used in
-.Fa ssl .
-The reference count of the
-.Vt SSL_SESSION
-is not incremented, so that the pointer can become invalid by other operations.
-.Pp
-.Fn SSL_get0_session
-is the same as
-.Fn SSL_get_session .
-.Pp
-.Fn SSL_get1_session
-is the same as
-.Fn SSL_get_session ,
-but the reference count of the
-.Vt SSL_SESSION
-is incremented by one.
-.Pp
-The
-.Fa ssl
-session contains all information required to re-establish the connection
-without a new handshake.
-.Pp
-.Fn SSL_get0_session
-returns a pointer to the actual session.
-As the reference counter is not incremented,
-the pointer is only valid while the connection is in use.
-If
-.Xr SSL_clear 3
-or
-.Xr SSL_free 3
-is called, the session may be removed completely (if considered bad),
-and the pointer obtained will become invalid.
-Even if the session is valid,
-it can be removed at any time due to timeout during
-.Xr SSL_CTX_flush_sessions 3 .
-.Pp
-If the data is to be kept,
-.Fn SSL_get1_session
-will increment the reference count, so that the session will not be implicitly
-removed by other operations but stays in memory.
-In order to remove the session,
-.Xr SSL_SESSION_free 3
-must be explicitly called once to decrement the reference count again.
-.Pp
-.Vt SSL_SESSION
-objects keep internal link information about the session cache list when being
-inserted into one
-.Vt SSL_CTX
-object's session cache.
-One
-.Vt SSL_SESSION
-object, regardless of its reference count, must therefore only be used with one
-.Vt SSL_CTX
-object (and the
-.Vt SSL
-objects created from this
-.Vt SSL_CTX
-object).
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It Dv NULL
-There is no session available in
-.Fa ssl .
-.It Pointer to an Vt SSL_SESSION
-The return value points to the data of an
-.Vt SSL
-session.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_SESSION_free 3 ,
-.Xr SSL_SESSION_get0_peer 3 ,
-.Xr SSL_SESSION_get_compress_id 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_protocol_version 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_new 3 ,
-.Xr SSL_SESSION_print 3 ,
-.Xr SSL_set_session 3
-.Sh HISTORY
-.Fn SSL_get_session
-first appeared in SSLeay 0.5.2 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_get0_session
-and
-.Fn SSL_get1_session
-first appeared in OpenSSL 0.9.5 and have been available since
-.Ox 2.7 .
diff --git a/src/lib/libssl/man/SSL_get_shared_ciphers.3 b/src/lib/libssl/man/SSL_get_shared_ciphers.3
deleted file mode 100644
index 207e8c42eb..0000000000
--- a/src/lib/libssl/man/SSL_get_shared_ciphers.3
+++ /dev/null
@@ -1,103 +0,0 @@
-.\" $OpenBSD: SSL_get_shared_ciphers.3,v 1.5 2021/01/09 10:50:02 tb Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: January 9 2021 $
-.Dt SSL_GET_SHARED_CIPHERS 3
-.Os
-.Sh NAME
-.Nm SSL_get_shared_ciphers
-.Nd ciphers supported by both client and server
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft char *
-.Fo SSL_get_shared_ciphers
-.Fa "const SSL *ssl"
-.Fa "char *buf"
-.Fa "int len"
-.Fc
-.Sh DESCRIPTION
-If
-.Fa ssl
-contains a session in server mode,
-.Fn SSL_get_shared_ciphers
-puts as many names of ciphers that are supported by both the client
-and the server into the buffer
-.Fa buf
-as the buffer is long enough to contain.
-Names are separated by colons.
-At most
-.Fa len
-bytes are written to
-.Fa buf
-including the terminating NUL character.
-.Sh RETURN VALUES
-.Fn SSL_get_shared_ciphers
-returns
-.Fa buf
-on success or
-.Dv NULL
-on failure.
-The following situations cause failure:
-.Bl -bullet
-.It
-.Xr SSL_is_server 3
-is false, i.e.,
-.Ar ssl
-is not set to server mode.
-.It
-.Xr SSL_get_ciphers 3
-is
-.Dv NULL
-or empty, i.e., no ciphers are available for use by the server.
-.It
-.Xr SSL_get_session 3
-is
-.Dv NULL ,
-i.e.,
-.Ar ssl
-contains no session.
-.It
-.Xr SSL_get_client_ciphers 3
-is
-.Dv NULL
-or empty, i.e.,
-.Ar ssl
-contains no information about ciphers supported by the client,
-or the client does not support any ciphers.
-.It
-The
-.Fa len
-argument is less than 2.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_get_ciphers 3
-.Sh HISTORY
-.Fn SSL_get_shared_ciphers
-first appeared in SSLeay 0.4.5b and has been available since
-.Ox 2.4 .
-.Sh BUGS
-If the list is too long to fit into
-.Fa len
-bytes, it is silently truncated after the last cipher name that fits,
-and all following ciphers are skipped.
-If the buffer is very short such that even the first cipher name
-does not fit, an empty string is returned even when some shared
-ciphers are actually available.
-.Pp
-There is no easy way to find out how much space is required for
-.Fa buf
-or whether the supplied space was sufficient.
diff --git a/src/lib/libssl/man/SSL_get_state.3 b/src/lib/libssl/man/SSL_get_state.3
deleted file mode 100644
index 297bbce876..0000000000
--- a/src/lib/libssl/man/SSL_get_state.3
+++ /dev/null
@@ -1,161 +0,0 @@
-.\" $OpenBSD: SSL_get_state.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_GET_STATE 3
-.Os
-.Sh NAME
-.Nm SSL_get_state ,
-.Nm SSL_state ,
-.Nm SSL_in_accept_init ,
-.Nm SSL_in_before ,
-.Nm SSL_in_connect_init ,
-.Nm SSL_in_init ,
-.Nm SSL_is_init_finished
-.Nd inspect the state of the SSL state machine
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_get_state
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_state
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_in_accept_init
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_in_before
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_in_connect_init
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_in_init
-.Fa "const SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_is_init_finished
-.Fa "const SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_get_state
-returns an encoded representation of the current state of the SSL
-state machine.
-.Fn SSL_state
-is a deprecated alias for
-.Fn SSL_get_state .
-.Pp
-The following bits may be set:
-.Bl -tag -width Ds
-.It Dv SSL_ST_ACCEPT
-This bit is set by
-.Xr SSL_accept 3
-and by
-.Xr SSL_set_accept_state 3 .
-It indicates that
-.Fa ssl
-is set up for server mode and no client initiated the TLS handshake yet.
-The function
-.Fn SSL_in_accept_init
-returns non-zero if this bit is set or 0 otherwise.
-.It Dv SSL_ST_BEFORE
-This bit is set by the
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_set_accept_state 3 ,
-and
-.Xr SSL_set_connect_state 3
-functions.
-It indicates that the TLS handshake was not initiated yet.
-The function
-.Fn SSL_in_before
-returns non-zero if this bit is set or 0 otherwise.
-.It Dv SSL_ST_CONNECT
-This bit is set by
-.Xr SSL_connect 3
-and by
-.Xr SSL_set_connect_state 3 .
-It indicates that
-.Fa ssl
-is set up for client mode and no TLS handshake was initiated yet.
-The function
-.Fn SSL_in_connect_init
-returns non-zero if this bit is set or 0 otherwise.
-.El
-.Pp
-The following masks can be used:
-.Bl -tag -width Ds
-.It Dv SSL_ST_INIT
-Set if
-.Dv SSL_ST_ACCEPT
-or
-.Dv SSL_ST_CONNECT
-is set.
-The function
-.Fn SSL_in_init
-returns a non-zero value if one of these is set or 0 otherwise.
-.It Dv SSL_ST_MASK
-This mask includes all bits except
-.Dv SSL_ST_ACCEPT ,
-.Dv SSL_ST_BEFORE ,
-and
-.Dv SSL_ST_CONNECT .
-.It Dv SSL_ST_OK
-The state is set to this value when a connection is established.
-The function
-.Fn SSL_is_init_finished
-returns a non-zero value if the state equals this constant, or 0 otherwise.
-.It Dv SSL_ST_RENEGOTIATE
-The program is about to renegotiate, for example when entering
-.Xr SSL_read 3
-or
-.Xr SSL_write 3
-right after
-.Xr SSL_renegotiate 3
-was called.
-.El
-.Pp
-The meaning of other bits is protocol-dependent.
-Application programs usually do not need to inspect any of those
-other bits.
-.Pp
-All these functions may be implemented as macros.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_renegotiate 3 ,
-.Xr SSL_set_connect_state 3
-.Sh HISTORY
-.Fn SSL_is_init_finished
-first appeared in SSLeay 0.4.5b.
-.Fn SSL_state
-first appeared in SSLeay 0.5.2.
-.Fn SSL_in_accept_init ,
-.Fn SSL_in_connect_init ,
-and
-.Fn SSL_in_init
-first appeared in SSLeay 0.6.0.
-.Fn SSL_in_before
-first appeared in SSLeay 0.8.0.
-.Fn SSL_get_state
-first appeared in SSLeay 0.9.0.
-All these functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_get_verify_result.3 b/src/lib/libssl/man/SSL_get_verify_result.3
deleted file mode 100644
index 180cf1bb73..0000000000
--- a/src/lib/libssl/man/SSL_get_verify_result.3
+++ /dev/null
@@ -1,102 +0,0 @@
-.\" $OpenBSD: SSL_get_verify_result.3,v 1.6 2021/06/26 17:36:28 tb Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 26 2021 $
-.Dt SSL_GET_VERIFY_RESULT 3
-.Os
-.Sh NAME
-.Nm SSL_get_verify_result
-.Nd get result of peer certificate verification
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fn SSL_get_verify_result "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_verify_result
-returns the result of the verification of the X509 certificate presented by the
-peer, if any.
-.Pp
-.Fn SSL_get_verify_result
-can only return one error code while the verification of a certificate can fail
-because of many reasons at the same time.
-Only the last verification error that occurred during the processing is
-available from
-.Fn SSL_get_verify_result .
-.Pp
-The verification result is part of the established session and is restored when
-a session is reused.
-.Sh RETURN VALUES
-The following return values can currently occur:
-.Bl -tag -width Ds
-.It Dv X509_V_OK
-The verification succeeded or no peer certificate was presented.
-.It Any other value
-Documented in
-.Xr openssl 1 .
-.El
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_get0_peername 3 ,
-.Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_set_verify_result 3
-.Sh HISTORY
-.Fn SSL_get_verify_result
-first appeared in SSLeay 0.6.1 and has been available since
-.Ox 2.4 .
-.Sh BUGS
-If no peer certificate was presented, the returned result code is
-.Dv X509_V_OK .
-This is because no verification error occurred;
-however, it does not indicate success.
-.Fn SSL_get_verify_result
-is only useful in connection with
-.Xr SSL_get_peer_certificate 3 .
diff --git a/src/lib/libssl/man/SSL_get_version.3 b/src/lib/libssl/man/SSL_get_version.3
deleted file mode 100644
index a6cefb055b..0000000000
--- a/src/lib/libssl/man/SSL_get_version.3
+++ /dev/null
@@ -1,123 +0,0 @@
-.\" $OpenBSD: SSL_get_version.3,v 1.9 2021/04/15 16:13:22 tb Exp $
-.\" full merge up to: OpenSSL e417070c Jun 8 11:37:06 2016 -0400
-.\" selective merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 15 2021 $
-.Dt SSL_GET_VERSION 3
-.Os
-.Sh NAME
-.Nm SSL_get_version ,
-.Nm SSL_is_dtls ,
-.Nm SSL_version
-.\" The following are intentionally undocumented because
-.\" - the longer term plan is to remove them
-.\" - nothing appears to be using them in the wild
-.\" - and they have the wrong namespace prefix
-.\" Nm TLS1_get_version
-.\" Nm TLS1_get_client_version
-.Nd get the protocol information of a connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const char *
-.Fn SSL_get_version "const SSL *ssl"
-.Ft int
-.Fn SSL_is_dtls "const SSL *ssl"
-.Ft int
-.Fn SSL_version "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_get_version
-returns the name of the protocol used for the connection
-.Fa ssl .
-.Pp
-.Fn SSL_is_dtls
-returns 1 if the connection is using DTLS, 0 if not.
-.Pp
-.Fn SSL_version
-returns an integer constant representing that protocol.
-.Pp
-These functions only return reliable results
-after the initial handshake has been completed.
-.Sh RETURN VALUES
-The following strings or integers can be returned by
-.Fn SSL_get_version
-and
-.Fn SSL_version :
-.Bl -tag -width Ds
-.It Qo TLSv1 Qc No or Dv TLS1_VERSION
-The connection uses the TLSv1.0 protocol.
-.It Qo TLSv1.1 Qc No or Dv TLS1_1_VERSION
-The connection uses the TLSv1.1 protocol.
-.It Qo TLSv1.2 Qc No or Dv TLS1_2_VERSION
-The connection uses the TLSv1.2 protocol.
-.It Qo TLSv1.3 Qc No or Dv TLS1_3_VERSION
-The connection uses the TLSv1.3 protocol.
-.It Qo DTLSv1 Qc No or Dv DTLS1_VERSION
-The connection uses the Datagram Transport Layer Security 1.0 protocol.
-.It Qo DTLSv1.2 Qc No or Dv DTLS1_2_VERSION
-The connection uses the Datagram Transport Layer Security 1.2 protocol.
-.It Qq unknown
-This indicates an unknown protocol version;
-it cannot currently happen with LibreSSL.
-.El
-.Pp
-.Fn SSL_is_dtls
-returns 1 if the connection uses DTLS, 0 if not.
-.Sh SEE ALSO
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_get_version
-and
-.Fn SSL_version
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_is_dtls
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.9 .
diff --git a/src/lib/libssl/man/SSL_library_init.3 b/src/lib/libssl/man/SSL_library_init.3
deleted file mode 100644
index 053c1e6fcb..0000000000
--- a/src/lib/libssl/man/SSL_library_init.3
+++ /dev/null
@@ -1,98 +0,0 @@
-.\"     $OpenBSD: SSL_library_init.3,v 1.7 2019/06/14 13:41:31 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2006, 2010 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 14 2019 $
-.Dt SSL_LIBRARY_INIT 3
-.Os
-.Sh NAME
-.Nm SSL_library_init ,
-.Nm OpenSSL_add_ssl_algorithms ,
-.Nm SSLeay_add_ssl_algorithms
-.Nd initialize SSL library by registering algorithms
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_library_init void
-.Ft int
-.Fn OpenSSL_add_ssl_algorithms void
-.Ft int
-.Fn SSLeay_add_ssl_algorithms void
-.Sh DESCRIPTION
-These functions are deprecated.
-It is never useful for any application program to call any of them explicitly.
-The library automatically calls them internally whenever needed.
-.Pp
-.Fn SSL_library_init
-registers the available ciphers and digests
-which are used directly or indirectly by TLS.
-.Pp
-.Fn OpenSSL_add_ssl_algorithms
-and
-.Fn SSLeay_add_ssl_algorithms
-are synonyms for
-.Fn SSL_library_init
-and are implemented as macros.
-.Sh RETURN VALUES
-.Fn SSL_library_init
-always returns 1.
-.Sh SEE ALSO
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSLeay_add_ssl_algorithms
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_library_init
-first appeared in OpenSSL 0.9.2b and has been available since
-.Ox 2.6 .
-.Pp
-.Fn OpenSSL_add_ssl_algorithms
-first appeared in OpenSSL 0.9.5 and has been available since
-.Ox 2.7 .
diff --git a/src/lib/libssl/man/SSL_load_client_CA_file.3 b/src/lib/libssl/man/SSL_load_client_CA_file.3
deleted file mode 100644
index f782d96dce..0000000000
--- a/src/lib/libssl/man/SSL_load_client_CA_file.3
+++ /dev/null
@@ -1,185 +0,0 @@
-.\"     $OpenBSD: SSL_load_client_CA_file.3,v 1.9 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_LOAD_CLIENT_CA_FILE 3
-.Os
-.Sh NAME
-.Nm SSL_load_client_CA_file ,
-.Nm SSL_add_file_cert_subjects_to_stack ,
-.Nm SSL_add_dir_cert_subjects_to_stack
-.Nd load certificate names from files
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft STACK_OF(X509_NAME) *
-.Fn SSL_load_client_CA_file "const char *file"
-.Ft int
-.Fo SSL_add_file_cert_subjects_to_stack
-.Fa "STACK_OF(X509_NAME) *stack"
-.Fa "const char *file"
-.Fc
-.Ft int
-.Fo SSL_add_dir_cert_subjects_to_stack
-.Fa "STACK_OF(X509_NAME) *stack"
-.Fa "const char *dir"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_load_client_CA_file
-reads PEM formatted certificates from
-.Fa file
-and returns a new
-.Vt STACK_OF(X509_NAME)
-with the subject names found.
-While the name suggests the specific usage as a support function for
-.Xr SSL_CTX_set_client_CA_list 3 ,
-it is not limited to CA certificates.
-.Pp
-.Fn SSL_add_file_cert_subjects_to_stack
-is similar except that the names are added to the existing
-.Fa stack .
-.Pp
-.Fn SSL_add_dir_cert_subjects_to_stack
-calls
-.Fn SSL_add_file_cert_subjects_to_stack
-on every file in the directory
-.Fa dir .
-.Pp
-If a name is already on the stack, all these functions skip it and
-do not add it again.
-.Sh RETURN VALUES
-.Fn SSL_load_client_CA_file
-returns a pointer to the new
-.Vt STACK_OF(X509_NAME)
-or
-.Dv NULL on failure .
-.Pp
-.Fn SSL_add_file_cert_subjects_to_stack
-and
-.Fn SSL_add_dir_cert_subjects_to_stack
-return 1 for success or 0 for failure.
-.Pp
-All these functions treat empty files and directories as failures.
-.Pp
-In some cases of failure, the reason can be determined with
-.Xr ERR_get_error 3 .
-.Sh EXAMPLES
-Load names of CAs from a file and use it as a client CA list:
-.Bd -literal
-SSL_CTX *ctx;
-STACK_OF(X509_NAME) *cert_names;
-\&...
-cert_names = SSL_load_client_CA_file("/path/to/CAfile.pem");
-if (cert_names != NULL)
-        SSL_CTX_set_client_CA_list(ctx, cert_names);
-else
-        error_handling();
-\&...
-.Ed
-.Sh SEE ALSO
-.Xr PEM_read_bio_X509 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
-.Xr X509_get_subject_name 3 ,
-.Xr X509_NAME_new 3
-.Sh HISTORY
-.Fn SSL_load_client_CA_file
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_add_file_cert_subjects_to_stack
-and
-.Fn SSL_add_dir_cert_subjects_to_stack
-first appeared in OpenSSL 0.9.2b and have been available since
-.Ox 2.6 .
-.Sh AUTHORS
-.Fn SSL_add_file_cert_subjects_to_stack
-and
-.Fn SSL_add_dir_cert_subjects_to_stack
-were written by
-.An Ben Laurie Aq Mt ben@openssl.org
-in 1999.
-.Sh BUGS
-In some cases of failure, for example for empty files and directories,
-these functions fail to report an error, in the sense that
-.Xr ERR_get_error 3
-does not work.
-.Pp
-Even in case of failure, for example when parsing one of the
-files or certificates fails,
-.Fn SSL_add_file_cert_subjects_to_stack
-and
-.Fn SSL_add_dir_cert_subjects_to_stack
-may still have added some certificates to the stack.
-.Pp
-The behaviour of
-.Fn SSL_add_dir_cert_subjects_to_stack
-is non-deterministic.
-If parsing one file fails, parsing of the whole directory is aborted.
-Files in the directory are not parsed in any specific order.
-For example, adding an empty file to
-.Fa dir
-may or may not cause some of the other files to be ignored.
diff --git a/src/lib/libssl/man/SSL_new.3 b/src/lib/libssl/man/SSL_new.3
deleted file mode 100644
index 22c5dbf2db..0000000000
--- a/src/lib/libssl/man/SSL_new.3
+++ /dev/null
@@ -1,110 +0,0 @@
-.\" $OpenBSD: SSL_new.3,v 1.7 2022/07/13 22:05:53 schwarze Exp $
-.\" full merge up to: OpenSSL 1c7ae3dd Mar 29 19:17:55 2017 +1000
-.\"
-.\" This file was written by Richard Levitte <levitte@openssl.org>
-.\" and Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2000, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: July 13 2022 $
-.Dt SSL_NEW 3
-.Os
-.Sh NAME
-.Nm SSL_new ,
-.Nm SSL_up_ref
-.Nd create a new SSL structure for a connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL *
-.Fn SSL_new "SSL_CTX *ctx"
-.Ft int
-.Fn SSL_up_ref "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_new
-creates a new
-.Vt SSL
-structure which is needed to hold the data for a TLS/SSL connection.
-The new structure inherits the settings of the underlying context
-.Fa ctx :
-connection method, options, verification settings,
-timeout settings, security level.
-The reference count of the new structure is set to 1.
-.Pp
-.Fn SSL_up_ref
-increments the reference count of
-.Fa ssl
-by 1.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It Dv NULL
-The creation of a new
-.Vt SSL
-structure failed.
-Check the error stack to find out the reason.
-.It Pointer to an Vt SSL No structure
-The return value points to an allocated
-.Vt SSL
-structure.
-.El
-.Pp
-.Fn SSL_up_ref
-returns 1 for success or 0 for failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_security_level 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_get_SSL_CTX 3
-.Sh HISTORY
-.Fn SSL_new
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_up_ref
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_num_renegotiations.3 b/src/lib/libssl/man/SSL_num_renegotiations.3
deleted file mode 100644
index 6a81b76a60..0000000000
--- a/src/lib/libssl/man/SSL_num_renegotiations.3
+++ /dev/null
@@ -1,75 +0,0 @@
-.\" $OpenBSD: SSL_num_renegotiations.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $
-.\"
-.\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_NUM_RENEGOTIATIONS 3
-.Os
-.Sh NAME
-.Nm SSL_num_renegotiations ,
-.Nm SSL_clear_num_renegotiations ,
-.Nm SSL_total_renegotiations
-.Nd renegotiation counters
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fo SSL_num_renegotiations
-.Fa "SSL *ssl"
-.Fc
-.Ft long
-.Fo SSL_clear_num_renegotiations
-.Fa "SSL *ssl"
-.Fc
-.Ft long
-.Fo SSL_total_renegotiations
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_num_renegotiations
-reports the number of renegotiations initiated in
-.Fa ssl
-since
-.Xr SSL_new 3 ,
-.Xr SSL_clear 3 ,
-or
-.Fn SSL_clear_num_renegotiations
-was last called on that object.
-.Pp
-.Fn SSL_clear_num_renegotiations
-does the same and additionally resets the renegotiation counter to 0.
-.Pp
-.Fn SSL_total_renegotiations
-reports the number of renegotiations initiated in
-.Fa ssl
-since
-.Xr SSL_new 3
-or
-.Xr SSL_clear 3
-was last called on that object.
-.Pp
-These functions are implemented as macros.
-.Sh RETURN VALUES
-All these functions return a number of renegotiations.
-.Sh SEE ALSO
-.Xr BIO_set_ssl_renegotiate_bytes 3 ,
-.Xr ssl 3 ,
-.Xr SSL_ctrl 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_renegotiate 3 ,
-.Xr SSL_write 3
-.Sh HISTORY
-These functions first appeared in SSLeay 0.9.0
-and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_pending.3 b/src/lib/libssl/man/SSL_pending.3
deleted file mode 100644
index bbc2e9bdd2..0000000000
--- a/src/lib/libssl/man/SSL_pending.3
+++ /dev/null
@@ -1,90 +0,0 @@
-.\"     $OpenBSD: SSL_pending.3,v 1.5 2020/01/23 03:40:18 beck Exp $
-.\"     OpenSSL a528d4f0 Oct 27 13:40:11 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>,
-.\" Bodo Moeller <bodo@openssl.org>, and Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2000, 2005, 2015, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: January 23 2020 $
-.Dt SSL_PENDING 3
-.Os
-.Sh NAME
-.Nm SSL_pending
-.Nd obtain number of readable bytes buffered in an SSL object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_pending "const SSL *ssl"
-.Sh DESCRIPTION
-Data is received in whole blocks known as records from the peer.
-A whole record is processed, for example decrypted, in one go and
-is buffered until it is read by the application via a call to
-.Xr SSL_read 3 .
-.Pp
-.Fn SSL_pending
-returns the number of bytes of application data which are available
-for immediate read.
-.Pp
-.Fn SSL_pending
-takes into account only bytes from the TLS/SSL record that is
-currently being processed (if any).
-.Sh RETURN VALUES
-.Fn SSL_pending
-returns the number of buffered and processed application data
-bytes that are pending and are available for immediate read.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_read 3
-.Sh HISTORY
-.Fn SSL_pending
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
-.Sh BUGS
-Up to OpenSSL 0.9.6,
-.Fn SSL_pending
-did not check if the record type of pending data is application data.
diff --git a/src/lib/libssl/man/SSL_read.3 b/src/lib/libssl/man/SSL_read.3
deleted file mode 100644
index bb72a8ed82..0000000000
--- a/src/lib/libssl/man/SSL_read.3
+++ /dev/null
@@ -1,278 +0,0 @@
-.\" $OpenBSD: SSL_read.3,v 1.8 2021/10/24 15:10:13 schwarze Exp $
-.\" full merge up to: OpenSSL 5a2443ae Nov 14 11:37:36 2016 +0000
-.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org> and
-.\" Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2008, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: October 24 2021 $
-.Dt SSL_READ 3
-.Os
-.Sh NAME
-.Nm SSL_read_ex ,
-.Nm SSL_read ,
-.Nm SSL_peek_ex ,
-.Nm SSL_peek
-.Nd read bytes from a TLS connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_read_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes"
-.Ft int
-.Fn SSL_read "SSL *ssl" "void *buf" "int num"
-.Ft int
-.Fn SSL_peek_ex "SSL *ssl" "void *buf" "size_t num" "size_t *readbytes"
-.Ft int
-.Fn SSL_peek "SSL *ssl" "void *buf" "int num"
-.Sh DESCRIPTION
-.Fn SSL_read_ex
-and
-.Fn SSL_read
-try to read
-.Fa num
-bytes from the specified
-.Fa ssl
-into the buffer
-.Fa buf .
-On success
-.Fn SSL_read_ex
-stores the number of bytes actually read in
-.Pf * Fa readbytes .
-.Pp
-.Fn SSL_peek_ex
-and
-.Fn SSL_peek
-are identical to
-.Fn SSL_read_ex
-and
-.Fn SSL_read ,
-respectively,
-except that no bytes are removed from the underlying BIO during
-the read, such that a subsequent call to
-.Fn SSL_read_ex
-or
-.Fn SSL_read
-will yield at least the same bytes once again.
-.Pp
-In the following,
-.Fn SSL_read_ex ,
-.Fn SSL_read ,
-.Fn SSL_peek_ex ,
-and
-.Fn SSL_peek
-are called
-.Dq read functions .
-.Pp
-If necessary, a read function will negotiate a TLS session, if
-not already explicitly performed by
-.Xr SSL_connect 3
-or
-.Xr SSL_accept 3 .
-If the peer requests a re-negotiation, it will be performed
-transparently during the read function operation.
-The behaviour of the read functions depends on the underlying
-.Vt BIO .
-.Pp
-For the transparent negotiation to succeed, the
-.Fa ssl
-must have been initialized to client or server mode.
-This is done by calling
-.Xr SSL_set_connect_state 3
-or
-.Xr SSL_set_accept_state 3
-before the first call to a read function.
-.Pp
-The read functions work based on the TLS records.
-The data are received in records (with a maximum record size of 16kB).
-Only when a record has been completely received, it can be processed
-(decrypted and checked for integrity).
-Therefore, data that was not retrieved at the last read call can
-still be buffered inside the TLS layer and will be retrieved on the
-next read call.
-If
-.Fa num
-is higher than the number of bytes buffered, the read functions
-will return with the bytes buffered.
-If no more bytes are in the buffer, the read functions will trigger
-the processing of the next record.
-Only when the record has been received and processed completely
-will the read functions return reporting success.
-At most the contents of the record will be returned.
-As the size of a TLS record may exceed the maximum packet size
-of the underlying transport (e.g., TCP), it may be necessary to
-read several packets from the transport layer before the record is
-complete and the read call can succeed.
-.Pp
-If the underlying
-.Vt BIO
-is blocking,
-a read function will only return once the read operation has been
-finished or an error occurred, except when a renegotiation takes
-place, in which case an
-.Dv SSL_ERROR_WANT_READ
-may occur.
-This behavior can be controlled with the
-.Dv SSL_MODE_AUTO_RETRY
-flag of the
-.Xr SSL_CTX_set_mode 3
-call.
-.Pp
-If the underlying
-.Vt BIO
-is non-blocking, a read function will also return when the underlying
-.Vt BIO
-could not satisfy the needs of the function to continue the operation.
-In this case a call to
-.Xr SSL_get_error 3
-with the return value of the read function will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-As at any time a re-negotiation is possible, a read function may
-also cause write operations.
-The calling process must then repeat the call after taking appropriate
-action to satisfy the needs of the read function.
-The action depends on the underlying
-.Vt BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the
-.Vt BIO
-before being able to continue.
-.Pp
-.Xr SSL_pending 3
-can be used to find out whether there are buffered bytes available for
-immediate retrieval.
-In this case a read function can be called without blocking or
-actually receiving new data from the underlying socket.
-.Pp
-When a read function operation has to be repeated because of
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE ,
-it must be repeated with the same arguments.
-.Sh RETURN VALUES
-.Fn SSL_read_ex
-and
-.Fn SSL_peek_ex
-return 1 for success or 0 for failure.
-Success means that one or more application data bytes
-have been read from the SSL connection.
-Failure means that no bytes could be read from the SSL connection.
-Failures can be retryable (e.g. we are waiting for more bytes to be
-delivered by the network) or non-retryable (e.g. a fatal network error).
-In the event of a failure, call
-.Xr SSL_get_error 3
-to find out the reason which indicates whether the call is retryable or not.
-.Pp
-For
-.Fn SSL_read
-and
-.Fn SSL_peek ,
-the following return values can occur:
-.Bl -tag -width Ds
-.It >0
-The read operation was successful.
-The return value is the number of bytes actually read from the
-TLS connection.
-.It 0
-The read operation was not successful.
-The reason may either be a clean shutdown due to a
-.Dq close notify
-alert sent by the peer (in which case the
-.Dv SSL_RECEIVED_SHUTDOWN
-flag in the ssl shutdown state is set (see
-.Xr SSL_shutdown 3
-and
-.Xr SSL_set_shutdown 3 ) .
-It is also possible that the peer simply shut down the underlying transport and
-the shutdown is incomplete.
-Call
-.Xr SSL_get_error 3
-with the return value to find out whether an error occurred or the connection
-was shut down cleanly
-.Pq Dv SSL_ERROR_ZERO_RETURN .
-.It <0
-The read operation was not successful, because either an error occurred or
-action must be taken by the calling process.
-Call
-.Xr SSL_get_error 3
-with the return value to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_set_mode 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_pending 3 ,
-.Xr SSL_set_connect_state 3 ,
-.Xr SSL_set_shutdown 3 ,
-.Xr SSL_shutdown 3 ,
-.Xr SSL_write 3
-.Sh HISTORY
-.Fn SSL_read
-appeared in SSLeay 0.4 or earlier.
-.Fn SSL_peek
-first appeared in SSLeay 0.6.6.
-Both functions have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_read_ex
-and
-.Fn SSL_peek_ex
-first appeared in OpenSSL 1.1.1 and have been available since
-.Ox 7.1 .
diff --git a/src/lib/libssl/man/SSL_read_early_data.3 b/src/lib/libssl/man/SSL_read_early_data.3
deleted file mode 100644
index 1435c15935..0000000000
--- a/src/lib/libssl/man/SSL_read_early_data.3
+++ /dev/null
@@ -1,174 +0,0 @@
-.\" $OpenBSD: SSL_read_early_data.3,v 1.4 2021/11/26 13:48:22 jsg Exp $
-.\" content checked up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
-.\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 26 2021 $
-.Dt SSL_READ_EARLY_DATA 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_max_early_data ,
-.Nm SSL_set_max_early_data ,
-.Nm SSL_SESSION_set_max_early_data ,
-.Nm SSL_CTX_get_max_early_data ,
-.Nm SSL_get_max_early_data ,
-.Nm SSL_SESSION_get_max_early_data ,
-.Nm SSL_write_early_data ,
-.Nm SSL_read_early_data ,
-.Nm SSL_get_early_data_status
-.Nd transmit application data during the handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_CTX_set_max_early_data
-.Fa "SSL_CTX *ctx"
-.Fa "uint32_t max_bytes"
-.Fc
-.Ft int
-.Fo SSL_set_max_early_data
-.Fa "SSL *ssl"
-.Fa "uint32_t max_bytes"
-.Fc
-.Ft int
-.Fo SSL_SESSION_set_max_early_data
-.Fa "SSL_SESSION *session"
-.Fa "uint32_t max_bytes"
-.Fc
-.Ft uint32_t
-.Fo SSL_CTX_get_max_early_data
-.Fa "const SSL_CTX *ctx"
-.Fc
-.Ft uint32_t
-.Fo SSL_get_max_early_data
-.Fa "const SSL *ssl"
-.Fc
-.Ft uint32_t
-.Fo SSL_SESSION_get_max_early_data
-.Fa "const SSL_SESSION *session"
-.Fc
-.Ft int
-.Fo SSL_write_early_data
-.Fa "SSL *ssl"
-.Fa "const void *buf"
-.Fa "size_t len"
-.Fa "size_t *written"
-.Fc
-.Ft int
-.Fo SSL_read_early_data
-.Fa "SSL *ssl"
-.Fa "void *buf"
-.Fa "size_t maxlen"
-.Fa "size_t *readbytes"
-.Fc
-.Ft int
-.Fo SSL_get_early_data_status
-.Fa "const SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-In LibreSSL, these functions have no effect.
-They are only provided because some application programs
-expect the API to be available when TLSv1.3 is supported.
-Using these functions is strongly discouraged because they provide
-marginal benefit in the first place even when implemented and
-used as designed, because they have absurdly complicated semantics,
-and because when they are used, inconspicuous oversights are likely
-to cause serious security vulnerabilities.
-.Pp
-If these functions are used, other TLS implementations
-may allow the transfer of application data during the initial handshake.
-Even when used as designed, security of the connection is compromised;
-in particular, application data is exchanged with unauthenticated peers,
-and there is no forward secrecy.
-Other downsides include an increased risk of replay attacks.
-.Pp
-.Fn SSL_CTX_set_max_early_data ,
-.Fn SSL_set_max_early_data ,
-and
-.Fn SSL_SESSION_set_max_early_data
-are intended to configure the maximum number of bytes per session
-that can be transmitted during the handshake.
-With LibreSSL, all arguments are ignored.
-.Pp
-An endpoint can attempt to send application data with
-.Fn SSL_write_early_data
-during the handshake.
-With LibreSSL, such attempts always fail and set
-.Pf * Fa written
-to 0.
-.Pp
-A server can attempt to read application data from the client using
-.Fn SSL_read_early_data
-during the handshake.
-With LibreSSL, no such data is ever accepted and
-.Pf * Fa readbytes
-is always set to 0.
-.Sh RETURN VALUES
-.Fn SSL_CTX_set_max_early_data ,
-.Fn SSL_set_max_early_data ,
-and
-.Fn SSL_SESSION_set_max_early_data
-return 1 for success or 0 for failure.
-With LibreSSL, they always succeed.
-.Pp
-.Fn SSL_CTX_get_max_early_data ,
-.Fn SSL_get_max_early_data ,
-and
-.Fn SSL_SESSION_get_max_early_data
-return the maximum number of bytes of application data
-that will be accepted from the peer during the handshake.
-With LibreSSL, they always return 0.
-.Pp
-.Fn SSL_write_early_data
-returns 1 for success or 0 for failure.
-With LibreSSL, it always fails.
-.Pp
-With LibreSSL,
-.Fn SSL_read_early_data
-always returns
-.Dv SSL_READ_EARLY_DATA_FINISH
-on the server side and
-.Dv SSL_READ_EARLY_DATA_ERROR
-on the client side.
-.Dv SSL_READ_EARLY_DATA_SUCCESS
-can occur with other implementations, but not with LibreSSL.
-.Pp
-With LibreSSL,
-.Fn SSL_get_early_data_status
-always returns
-.Dv SSL_EARLY_DATA_REJECTED .
-With other implementations, it might also return
-.Dv SSL_EARLY_DATA_NOT_SENT
-or
-.Dv SSL_EARLY_DATA_ACCEPTED .
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_write 3
-.Sh STANDARDS
-RFC 8446: The Transport Layer Security (TLS) Protocol Version 1.3:
-.Bl -tag -width "section 4.2.10" -compact
-.It Section 2.3
-0-RTT data
-.It Section 4.2.10
-Early Data Indication
-.It Section 8
-0-RTT and Anti-Replay
-.It Appendix E.5
-Replay Attacks on 0-RTT
-.El
-.Sh HISTORY
-These functions first appeared in OpenSSL 1.1.1
-and have been available since
-.Ox 7.0 .
diff --git a/src/lib/libssl/man/SSL_renegotiate.3 b/src/lib/libssl/man/SSL_renegotiate.3
deleted file mode 100644
index 8188d37323..0000000000
--- a/src/lib/libssl/man/SSL_renegotiate.3
+++ /dev/null
@@ -1,166 +0,0 @@
-.\"     $OpenBSD: SSL_renegotiate.3,v 1.9 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL SSL_key_update.pod 4fbfe86a Feb 16 17:04:40 2017 +0000
-.\"
-.\" This file is a derived work.
-.\" Some parts are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2016, 2017 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" Other parts were written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_RENEGOTIATE 3
-.Os
-.Sh NAME
-.Nm SSL_renegotiate ,
-.Nm SSL_renegotiate_abbreviated ,
-.Nm SSL_renegotiate_pending
-.Nd initiate a new TLS handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_renegotiate
-.Fa "SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_renegotiate_abbreviated
-.Fa "SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_renegotiate_pending
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-When called from the client side,
-.Fn SSL_renegotiate
-schedules a completely new handshake over an existing TLS connection.
-The next time an I/O operation such as
-.Fn SSL_read
-or
-.Fn SSL_write
-takes place on the connection, a check is performed to confirm
-that it is a suitable time to start a renegotiation.
-If so, a new handshake is initiated immediately.
-An existing session associated with the connection is not resumed.
-.Pp
-This function is automatically called by
-.Xr SSL_read 3
-and
-.Xr SSL_write 3
-whenever the renegotiation byte count set by
-.Xr BIO_set_ssl_renegotiate_bytes 3
-or the timeout set by
-.Xr BIO_set_ssl_renegotiate_timeout 3
-are exceeded.
-.Pp
-When called from the client side,
-.Fn SSL_renegotiate_abbreviated
-is similar to
-.Fn SSL_renegotiate
-except that resuming the session associated with the current
-connection is attempted in the new handshake.
-.Pp
-When called from the server side,
-.Fn SSL_renegotiate
-and
-.Fn SSL_renegotiate_abbreviated
-behave identically.
-They both schedule a request for a new handshake to be sent to the client.
-The next time an I/O operation is performed, the same checks as on
-the client side are performed and then, if appropriate, the request
-is sent.
-The client may or may not respond with a new handshake and it may
-or may not attempt to resume an existing session.
-If a new handshake is started, it is handled transparently during
-any I/O function.
-.Pp
-If a LibreSSL client receives a renegotiation request from a server,
-it is also handled transparently during any I/O function.
-The client attempts to resume the current session in the new
-handshake.
-For historical reasons, DTLS clients do not attempt to resume
-the session in the new handshake.
-.Sh RETURN VALUES
-.Fn SSL_renegotiate
-and
-.Fn SSL_renegotiate_abbreviated
-return 1 on success or 0 on error.
-.Pp
-.Fn SSL_renegotiate_pending
-returns 1 if a renegotiation or renegotiation request has been
-scheduled but not yet acted on, or 0 otherwise.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_do_handshake 3 ,
-.Xr SSL_num_renegotiations 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_write 3
-.Sh HISTORY
-.Fn SSL_renegotiate
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_renegotiate_pending
-first appeared in OpenSSL 0.9.7 and has been available since
-.Ox 3.2 .
-.Pp
-.Fn SSL_renegotiate_abbreviated
-first appeared in OpenSSL 1.0.1 and has been available since
-.Ox 5.3 .
diff --git a/src/lib/libssl/man/SSL_rstate_string.3 b/src/lib/libssl/man/SSL_rstate_string.3
deleted file mode 100644
index 99613ba3c0..0000000000
--- a/src/lib/libssl/man/SSL_rstate_string.3
+++ /dev/null
@@ -1,108 +0,0 @@
-.\"     $OpenBSD: SSL_rstate_string.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_RSTATE_STRING 3
-.Os
-.Sh NAME
-.Nm SSL_rstate_string ,
-.Nm SSL_rstate_string_long
-.Nd get textual description of state of an SSL object during read operation
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const char *
-.Fn SSL_rstate_string "SSL *ssl"
-.Ft const char *
-.Fn SSL_rstate_string_long "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_rstate_string
-returns a 2-letter string indicating the current read state of the
-.Vt SSL
-object
-.Fa ssl .
-.Pp
-.Fn SSL_rstate_string_long
-returns a string indicating the current read state of the
-.Vt SSL
-object
-.Fa ssl .
-.Pp
-When performing a read operation, the SSL/TLS engine must parse the record,
-consisting of header and body.
-When working in a blocking environment,
-.Fn SSL_rstate_string[_long]
-should always return
-.Qo RD Qc Ns / Ns Qo read done Qc .
-.Pp
-This function should only seldom be needed in applications.
-.Sh RETURN VALUES
-.Fn SSL_rstate_string
-and
-.Fn SSL_rstate_string_long
-can return the following values:
-.Bl -tag -width Ds
-.It Qo RH Qc Ns / Ns Qo read header Qc
-The header of the record is being evaluated.
-.It Qo RB Qc Ns / Ns Qo read body Qc
-The body of the record is being evaluated.
-.It Qo RD Qc Ns / Ns Qo read done Qc
-The record has been completely processed.
-.It Qo unknown Qc Ns / Ns Qo unknown Qc
-The read state is unknown.
-This should never happen.
-.El
-.Sh SEE ALSO
-.Xr ssl 3
-.Sh HISTORY
-.Fn SSL_rstate_string
-and
-.Fn SSL_rstate_string_long
-first appeared in SSLeay 0.6.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_session_reused.3 b/src/lib/libssl/man/SSL_session_reused.3
deleted file mode 100644
index add61a904b..0000000000
--- a/src/lib/libssl/man/SSL_session_reused.3
+++ /dev/null
@@ -1,84 +0,0 @@
-.\"     $OpenBSD: SSL_session_reused.3,v 1.6 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_SESSION_REUSED 3
-.Os
-.Sh NAME
-.Nm SSL_session_reused
-.Nd query whether a reused session was negotiated during handshake
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_session_reused "SSL *ssl"
-.Sh DESCRIPTION
-Query whether a reused session was negotiated during the handshake.
-.Pp
-During the negotiation, a client can propose to reuse a session.
-The server then looks up the session in its cache.
-If both client and server agree on the session,
-it will be reused and a flag is set that can be queried by the application.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-A new session was negotiated.
-.It 1
-A session was reused.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_ctrl 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_set_session 3
-.Sh HISTORY
-.Fn SSL_session_reused
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_set1_host.3 b/src/lib/libssl/man/SSL_set1_host.3
deleted file mode 100644
index 2a3935c3f2..0000000000
--- a/src/lib/libssl/man/SSL_set1_host.3
+++ /dev/null
@@ -1,172 +0,0 @@
-.\" $OpenBSD: SSL_set1_host.3,v 1.4 2021/03/31 16:56:46 tb Exp $
-.\" selective merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
-.\"
-.\" This file was written by Viktor Dukhovni <viktor@openssl.org>
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 31 2021 $
-.Dt SSL_SET1_HOST 3
-.Os
-.Sh NAME
-.Nm SSL_set1_host ,
-.Nm SSL_set_hostflags ,
-.Nm SSL_get0_peername
-.Nd SSL server verification parameters
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fo SSL_set1_host
-.Fa "SSL *ssl"
-.Fa "const char *hostname"
-.Fc
-.Ft void
-.Fo SSL_set_hostflags
-.Fa "SSL *ssl"
-.Fa "unsigned int flags"
-.Fc
-.Ft const char *
-.Fo SSL_get0_peername
-.Fa "SSL *ssl"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_set1_host
-configures a server hostname check in the
-.Fa ssl
-client, setting the expected DNS hostname to
-.Fa hostname
-and clearing any previously specified hostname.
-If
-.Fa hostname
-is
-.Dv NULL
-or the empty string, name checks are not performed on the peer certificate.
-If a nonempty
-.Fa hostname
-is specified, certificate verification automatically checks the peer
-hostname via
-.Xr X509_check_host 3
-with
-.Fa flags
-set to 0.
-.Pp
-.Fn SSL_set_hostflags
-sets the flags that will be passed to
-.Xr X509_check_host 3
-when name checks are applicable,
-by default the flags value is 0.
-See
-.Xr X509_check_host 3
-for the list of available flags and their meaning.
-.Pp
-.Fn SSL_get0_peername
-returns the DNS hostname or subject CommonName from the peer certificate
-that matched one of the reference identifiers.
-Unless wildcard matching is disabled, the name matched in the peer
-certificate may be a wildcard name.
-A reference identifier starting with
-.Sq \&.
-indicates a parent domain prefix rather than a fixed name.
-In this case, the matched peername may be a sub-domain
-of the reference identifier.
-The returned string is owned by the library and is no longer valid
-once the associated
-.Fa ssl
-object is cleared or freed, or if a renegotiation takes place.
-Applications must not free the return value.
-.Pp
-SSL clients are advised to use these functions in preference to
-explicitly calling
-.Xr X509_check_host 3 .
-.Sh RETURN VALUES
-.Fn SSL_set1_host
-returns 1 for success or 0 for failure.
-.Pp
-.Fn SSL_get0_peername
-returns the matched peername or
-.Dv NULL
-if peername verification is not applicable
-or no trusted peername was matched.
-Use
-.Xr SSL_get_verify_result 3
-to determine whether verification succeeded.
-.Sh EXAMPLES
-The calls below check the hostname.
-Wildcards are supported, but they must match the entire label.
-The actual name matched in the certificate (which might be a wildcard)
-is retrieved, and must be copied by the application if it is to be
-retained beyond the lifetime of the SSL connection.
-.Bd -literal
-if (!SSL_set1_host(ssl, "smtp.example.com"))
-        /* error */
-
-/* XXX: Perform SSL_connect() handshake and handle errors here */
-
-if (SSL_get_verify_result(ssl) == X509_V_OK) {
-        const char *peername = SSL_get0_peername(ssl);
-
-        if (peername != NULL)
-                /* Name checks were in scope and matched the peername */
-}
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_get_verify_result 3 ,
-.Xr X509_check_host 3 ,
-.Xr X509_VERIFY_PARAM_set1_host 3
-.Sh HISTORY
-All three functions first appeared in OpenSSL 1.1.0.
-.Fn SSL_set1_host
-has been available since
-.Ox 6.5 ,
-and
-.Fn SSL_set_hostflags
-and
-.Fn SSL_get0_peername
-since
-.Ox 6.9 .
diff --git a/src/lib/libssl/man/SSL_set1_param.3 b/src/lib/libssl/man/SSL_set1_param.3
deleted file mode 100644
index cd8ad40ad0..0000000000
--- a/src/lib/libssl/man/SSL_set1_param.3
+++ /dev/null
@@ -1,137 +0,0 @@
-.\" $OpenBSD: SSL_set1_param.3,v 1.6 2022/09/10 10:22:46 jsg Exp $
-.\" full merge up to:
-.\" OpenSSL man3/SSL_CTX_get0_param 99d63d46 Oct 26 13:56:48 2016 -0400
-.\"
-.\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
-.\" Copyright (c) 2015 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: September 10 2022 $
-.Dt SSL_SET1_PARAM 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_get0_param ,
-.Nm SSL_get0_param ,
-.Nm SSL_CTX_set1_param ,
-.Nm SSL_set1_param
-.Nd get and set verification parameters
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft X509_VERIFY_PARAM *
-.Fo SSL_CTX_get0_param
-.Fa "SSL_CTX *ctx"
-.Fc
-.Ft X509_VERIFY_PARAM *
-.Fo SSL_get0_param
-.Fa "SSL *ssl"
-.Fc
-.Ft int
-.Fo SSL_CTX_set1_param
-.Fa "SSL_CTX *ctx"
-.Fa "X509_VERIFY_PARAM *vpm"
-.Fc
-.Ft int
-.Fo SSL_set1_param
-.Fa "SSL *ssl"
-.Fa "X509_VERIFY_PARAM *vpm"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_get0_param
-and
-.Fn SSL_get0_param
-retrieve an internal pointer to the verification parameters for
-.Fa ctx
-or
-.Fa ssl ,
-respectively.
-The returned pointer must not be freed by the calling application,
-but the application can modify the parameters pointed to,
-to suit its needs: for example to add a hostname check.
-.Pp
-.Fn SSL_CTX_set1_param
-and
-.Fn SSL_set1_param
-set the verification parameters to
-.Fa vpm
-for
-.Fa ctx
-or
-.Fa ssl .
-.Sh RETURN VALUES
-.Fn SSL_CTX_get0_param
-and
-.Fn SSL_get0_param
-return a pointer to an
-.Vt X509_VERIFY_PARAM
-structure.
-.Pp
-.Fn SSL_CTX_set1_param
-and
-.Fn SSL_set1_param
-return 1 for success or 0 for failure.
-.Sh EXAMPLES
-Check that the hostname matches
-.Pa www.foo.com
-in the peer certificate:
-.Bd -literal -offset indent
-X509_VERIFY_PARAM *vpm = SSL_get0_param(ssl);
-X509_VERIFY_PARAM_set1_host(vpm, "www.foo.com", 0);
-.Ed
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr X509_VERIFY_PARAM_set_flags 3
-.Sh HISTORY
-.Fn SSL_CTX_set1_param
-and
-.Fn SSL_set1_param
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .
-.Pp
-.Fn SSL_CTX_get0_param
-and
-.Fn SSL_get0_param
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_set_SSL_CTX.3 b/src/lib/libssl/man/SSL_set_SSL_CTX.3
deleted file mode 100644
index 2abaefb292..0000000000
--- a/src/lib/libssl/man/SSL_set_SSL_CTX.3
+++ /dev/null
@@ -1,67 +0,0 @@
-.\" $OpenBSD: SSL_set_SSL_CTX.3,v 1.4 2022/07/13 22:05:53 schwarze Exp $
-.\"
-.\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: July 13 2022 $
-.Dt SSL_SET_SSL_CTX 3
-.Os
-.Sh NAME
-.Nm SSL_set_SSL_CTX
-.Nd modify an SSL connection object to use another context
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft SSL_CTX *
-.Fo SSL_set_SSL_CTX
-.Fa "SSL *ssl"
-.Fa "SSL_CTX* ctx"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_set_SSL_CTX
-causes
-.Fa ssl
-to use the context
-.Fa ctx .
-.Pp
-If
-.Fa ctx
-is
-.Dv NULL ,
-.Fa ssl
-reverts to using the context that it was initially created from with
-.Xr SSL_new 3 .
-.Pp
-If
-.Fa ssl
-already uses
-.Fa ctx ,
-no action occurs.
-.Sh RETURN VALUES
-.Fn SSL_set_SSL_CTX
-returns an internal pointer to the context that
-.Fa ssl
-is using as a result of the call, or
-.Dv NULL
-if memory allocation fails.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_get_SSL_CTX 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_set_security_level 3
-.Sh HISTORY
-.Fn SSL_set_SSL_CTX
-first appeared in OpenSSL 0.9.8f and has been available since
-.Ox 4.5 .
diff --git a/src/lib/libssl/man/SSL_set_bio.3 b/src/lib/libssl/man/SSL_set_bio.3
deleted file mode 100644
index e727f442d6..0000000000
--- a/src/lib/libssl/man/SSL_set_bio.3
+++ /dev/null
@@ -1,99 +0,0 @@
-.\"     $OpenBSD: SSL_set_bio.3,v 1.6 2020/10/08 18:21:30 tb Exp $
-.\"     OpenSSL acb5b343 Sep 16 16:00:38 2000 +0000
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: October 8 2020 $
-.Dt SSL_SET_BIO 3
-.Os
-.Sh NAME
-.Nm SSL_set_bio
-.Nd connect the SSL object with a BIO
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_set_bio "SSL *ssl" "BIO *rbio" "BIO *wbio"
-.Sh DESCRIPTION
-.Fn SSL_set_bio
-connects the
-.Vt BIO Ns
-s
-.Fa rbio
-and
-.Fa wbio
-for the read and write operations of the TLS/SSL (encrypted) side of
-.Fa ssl .
-.Pp
-The SSL engine inherits the behaviour of
-.Fa rbio
-and
-.Fa wbio ,
-respectively.
-If a
-.Vt BIO
-is non-blocking, the
-.Fa ssl
-will also have non-blocking behaviour.
-.Pp
-If there was already a
-.Vt BIO
-connected to
-.Fa ssl ,
-.Xr BIO_free 3
-will be called (for both the reading and writing side, if different).
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_get_rbio 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_set_bio
-first appeared in SSLeay 0.6.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_set_connect_state.3 b/src/lib/libssl/man/SSL_set_connect_state.3
deleted file mode 100644
index c2072c4370..0000000000
--- a/src/lib/libssl/man/SSL_set_connect_state.3
+++ /dev/null
@@ -1,153 +0,0 @@
-.\" $OpenBSD: SSL_set_connect_state.3,v 1.6 2018/03/27 17:35:50 schwarze Exp $
-.\" full merge up to OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
-.\" selective merge up to: OpenSSL dbd007d7 Jul 28 13:31:27 2017 +0800
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
-.\" and Paul Yang <yang.yang@baishancloud.com>.
-.\" Copyright (c) 2001, 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_SET_CONNECT_STATE 3
-.Os
-.Sh NAME
-.Nm SSL_set_connect_state ,
-.Nm SSL_set_accept_state ,
-.Nm SSL_is_server
-.Nd prepare SSL object to work in client or server mode
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_set_connect_state "SSL *ssl"
-.Ft void
-.Fn SSL_set_accept_state "SSL *ssl"
-.Ft int
-.Fn SSL_is_server "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_set_connect_state
-sets
-.Fa ssl
-to work in client mode.
-.Pp
-.Fn SSL_set_accept_state
-sets
-.Fa ssl
-to work in server mode.
-.Pp
-.Fn SSL_is_server
-checks whether
-.Fa ssl
-is set to server mode.
-.Pp
-When the
-.Vt SSL_CTX
-object was created with
-.Xr SSL_CTX_new 3 ,
-it was either assigned a dedicated client method, a dedicated server method, or
-a generic method, that can be used for both client and server connections.
-(The method might have been changed with
-.Xr SSL_CTX_set_ssl_version 3
-or
-.Xr SSL_set_ssl_method 3 . )
-.Pp
-When beginning a new handshake, the SSL engine must know whether it must call
-the connect (client) or accept (server) routines.
-Even though it may be clear from the method chosen whether client or server
-mode was requested, the handshake routines must be explicitly set.
-.Pp
-When using the
-.Xr SSL_connect 3
-or
-.Xr SSL_accept 3
-routines, the correct handshake routines are automatically set.
-When performing a transparent negotiation using
-.Xr SSL_write 3
-or
-.Xr SSL_read 3 ,
-the handshake routines must be explicitly set in advance using either
-.Fn SSL_set_connect_state
-or
-.Fn SSL_set_accept_state .
-.Pp
-If
-.Fn SSL_is_server
-is called before
-.Fn SSL_set_connect_state
-or
-.Fn SSL_set_accept_state
-was called either automatically or explicitly,
-the result depends on what method was used when the
-.Fa SSL_CTX
-was created.
-If a generic method or a dedicated server method was passed to
-.Xr SSL_CTX_new 3 ,
-.Fn SSL_is_server
-returns 1; otherwise, it returns 0.
-.Sh RETURN VALUES
-.Fn SSL_is_server
-returns 1 if
-.Fa ssl
-is set to server mode or 0 if it is set to client mode.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_set_ssl_version 3 ,
-.Xr SSL_do_handshake 3 ,
-.Xr SSL_new 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_write 3
-.Sh HISTORY
-.Fn SSL_set_connect_state
-and
-.Fn SSL_set_accept_state
-first appeared in SSLeay 0.6.0 and have been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_is_server
-first appeared in OpenSSL 1.0.2 and has been available since
-.Ox 6.3 .
diff --git a/src/lib/libssl/man/SSL_set_fd.3 b/src/lib/libssl/man/SSL_set_fd.3
deleted file mode 100644
index 7b9727e9ad..0000000000
--- a/src/lib/libssl/man/SSL_set_fd.3
+++ /dev/null
@@ -1,129 +0,0 @@
-.\"     $OpenBSD: SSL_set_fd.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_SET_FD 3
-.Os
-.Sh NAME
-.Nm SSL_set_fd ,
-.Nm SSL_set_rfd ,
-.Nm SSL_set_wfd
-.Nd connect the SSL object with a file descriptor
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_set_fd "SSL *ssl" "int fd"
-.Ft int
-.Fn SSL_set_rfd "SSL *ssl" "int fd"
-.Ft int
-.Fn SSL_set_wfd "SSL *ssl" "int fd"
-.Sh DESCRIPTION
-.Fn SSL_set_fd
-sets the file descriptor
-.Fa fd
-as the input/output facility for the TLS/SSL (encrypted) side of
-.Fa ssl .
-.Fa fd
-will typically be the socket file descriptor of a network connection.
-.Pp
-When performing the operation, a socket
-.Vt BIO
-is automatically created to interface between the
-.Fa ssl
-and
-.Fa fd .
-The
-.Vt BIO
-and hence the SSL engine inherit the behaviour of
-.Fa fd .
-If
-.Fa fd
-is non-blocking, the
-.Fa ssl
-will also have non-blocking behaviour.
-.Pp
-If there was already a
-.Vt BIO
-connected to
-.Fa ssl ,
-.Xr BIO_free 3
-will be called (for both the reading and writing side, if different).
-.Pp
-.Fn SSL_set_rfd
-and
-.Fn SSL_set_wfd
-perform the respective action, but only for the read channel or the write
-channel, which can be set independently.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The operation failed.
-Check the error stack to find out why.
-.It 1
-The operation succeeded.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_get_fd 3 ,
-.Xr SSL_set_bio 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_set_fd
-appeared in SSLeay 0.4 or earlier.
-.Fn SSL_set_rfd
-and
-.Fn SSL_set_wfd
-first appeared in SSLeay 0.6.0.
-These functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_set_max_send_fragment.3 b/src/lib/libssl/man/SSL_set_max_send_fragment.3
deleted file mode 100644
index 7de087a743..0000000000
--- a/src/lib/libssl/man/SSL_set_max_send_fragment.3
+++ /dev/null
@@ -1,97 +0,0 @@
-.\"     $OpenBSD: SSL_set_max_send_fragment.3,v 1.5 2019/06/12 09:36:30 schwarze Exp $
-.\"     OpenSSL doc/man3/SSL_CTX_set_split_send_fragment.pod
-.\"     OpenSSL 6782e5fd Oct 21 16:16:20 2016 +0100
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 12 2019 $
-.Dt SSL_SET_MAX_SEND_FRAGMENT 3
-.Os
-.Sh NAME
-.Nm SSL_CTX_set_max_send_fragment ,
-.Nm SSL_set_max_send_fragment
-.Nd control fragment sizes
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fo SSL_CTX_set_max_send_fragment
-.Fa "SSL_CTX *ctx"
-.Fa "long m"
-.Fc
-.Ft long
-.Fo SSL_set_max_send_fragment
-.Fa "SSL *ssl"
-.Fa "long m"
-.Fc
-.Sh DESCRIPTION
-.Fn SSL_CTX_set_max_send_fragment
-and
-.Fn SSL_set_max_send_fragment
-set the
-.Sy max_send_fragment
-parameter for SSL_CTX and SSL objects respectively.
-This value restricts the amount of plaintext bytes that will be sent in
-any one SSL/TLS record.
-By default its value is SSL3_RT_MAX_PLAIN_LENGTH (16384).
-These functions will only accept a value in the range 512 -
-SSL3_RT_MAX_PLAIN_LENGTH.
-.Pp
-These functions are implemented using macros.
-.Sh RETURN VALUES
-These functions return 1 on success or 0 on failure.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_ctrl 3 ,
-.Xr SSL_CTX_set_read_ahead 3 ,
-.Xr SSL_pending 3
-.Sh HISTORY
-.Fn SSL_CTX_set_max_send_fragment
-and
-.Fn SSL_set_max_send_fragment
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .
diff --git a/src/lib/libssl/man/SSL_set_psk_use_session_callback.3 b/src/lib/libssl/man/SSL_set_psk_use_session_callback.3
deleted file mode 100644
index 7f2bfcc010..0000000000
--- a/src/lib/libssl/man/SSL_set_psk_use_session_callback.3
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" $OpenBSD: SSL_set_psk_use_session_callback.3,v 1.1 2021/09/14 14:30:57 schwarze Exp $
-.\" OpenSSL man3/SSL_CTX_set_psk_client_callback.pod
-.\" checked up to 24a535ea Sep 22 13:14:20 2020 +0100
-.\"
-.\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: September 14 2021 $
-.Dt SSL_SET_PSK_USE_SESSION_CALLBACK 3
-.Os
-.Sh NAME
-.Nm SSL_set_psk_use_session_callback ,
-.Nm SSL_psk_use_session_cb_func
-.Nd set TLS pre-shared key client callback
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft typedef int
-.Fo (*SSL_psk_use_session_cb_func)
-.Fa "SSL *ssl"
-.Fa "const EVP_MD *md"
-.Fa "const unsigned char **id"
-.Fa "size_t *idlen"
-.Fa "SSL_SESSION **session"
-.Fc
-.Ft void
-.Fo SSL_set_psk_use_session_callback
-.Fa "SSL *ssl"
-.Fa "SSL_psk_use_session_cb_func cb"
-.Fc
-.Sh DESCRIPTION
-LibreSSL provides the stub function
-.Fn SSL_set_psk_use_session_callback
-to allow compiling application programs
-that contain optional support for TLSv1.3 pre-shared keys.
-.Pp
-LibreSSL does not support TLS pre-shared keys,
-and no action occurs when
-.Fn SSL_set_psk_use_session_callback
-is called.
-In particular, both arguments are ignored.
-During session negotiation,
-LibreSSL never calls the callback
-.Fa cb
-and always behaves as if that callback succeeded and set the
-.Pf * Fa session
-pointer to
-.Dv NULL .
-That is, LibreSSL never sends a pre-shared key to the server
-and never aborts the handshake for lack of a pre-shared key.
-.Pp
-With OpenSSL, a client application wishing to use TLSv1.3 pre-shared keys
-can install a callback function
-.Fa cb
-using
-.Fn SSL_set_psk_use_session_callback .
-The OpenSSL library may call
-.Fa cb
-once or twice during session negotiation.
-If the callback fails, OpenSSL aborts connection setup.
-If the callback succeeds but sets the
-.Pf * Fa session
-pointer to
-.Dv NULL ,
-OpenSSL continues the handshake
-but does not send a pre-shared key to the server.
-.Sh RETURN VALUES
-The
-.Fn SSL_psk_use_session_cb_func
-callback is expected to return 1 on success or 0 on failure.
-.Sh HISTORY
-.Fn SSL_set_psk_use_session_callback
-and
-.Fn SSL_psk_use_session_cb_func
-first appeared in OpenSSL 1.1.1 and have been available since
-.Ox 7.0 .
diff --git a/src/lib/libssl/man/SSL_set_session.3 b/src/lib/libssl/man/SSL_set_session.3
deleted file mode 100644
index 7d85f5ad0c..0000000000
--- a/src/lib/libssl/man/SSL_set_session.3
+++ /dev/null
@@ -1,119 +0,0 @@
-.\"     $OpenBSD: SSL_set_session.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL 05ea606a May 20 20:52:46 2016 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2016 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_SET_SESSION 3
-.Os
-.Sh NAME
-.Nm SSL_set_session
-.Nd set a TLS/SSL session to be used during TLS/SSL connect
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_set_session "SSL *ssl" "SSL_SESSION *session"
-.Sh DESCRIPTION
-.Fn SSL_set_session
-sets
-.Fa session
-to be used when the TLS/SSL connection is to be established.
-.Fn SSL_set_session
-is only useful for TLS/SSL clients.
-When the session is set, the reference count of
-.Fa session
-is incremented
-by 1.
-If the session is not reused, the reference count is decremented again during
-.Fn SSL_connect .
-Whether the session was reused can be queried with the
-.Xr SSL_session_reused 3
-call.
-.Pp
-If there is already a session set inside
-.Fa ssl
-(because it was set with
-.Fn SSL_set_session
-before or because the same
-.Fa ssl
-was already used for a connection),
-.Xr SSL_SESSION_free 3
-will be called for that session.
-.Pp
-.Vt SSL_SESSION
-objects keep internal link information about the session cache list when being
-inserted into one
-.Vt SSL_CTX
-object's session cache.
-One
-.Vt SSL_SESSION
-object, regardless of its reference count, must therefore only be used with one
-.Vt SSL_CTX
-object (and the
-.Vt SSL
-objects created from this
-.Vt SSL_CTX
-object).
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The operation failed; check the error stack to find out the reason.
-.It 1
-The operation succeeded.
-.El
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_SESSION_free 3 ,
-.Xr SSL_session_reused 3
-.Sh HISTORY
-.Fn SSL_set_session
-first appeared in SSLeay 0.5.2 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_set_shutdown.3 b/src/lib/libssl/man/SSL_set_shutdown.3
deleted file mode 100644
index ef8c004f76..0000000000
--- a/src/lib/libssl/man/SSL_set_shutdown.3
+++ /dev/null
@@ -1,138 +0,0 @@
-.\"     $OpenBSD: SSL_set_shutdown.3,v 1.7 2024/12/19 06:45:21 jmc Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 19 2024 $
-.Dt SSL_SET_SHUTDOWN 3
-.Os
-.Sh NAME
-.Nm SSL_set_shutdown ,
-.Nm SSL_get_shutdown
-.Nd manipulate shutdown state of an SSL connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_set_shutdown "SSL *ssl" "int mode"
-.Ft int
-.Fn SSL_get_shutdown "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_set_shutdown
-sets the shutdown state of
-.Fa ssl
-to
-.Fa mode .
-.Pp
-.Fn SSL_get_shutdown
-returns the shutdown mode of
-.Fa ssl .
-.Pp
-The shutdown state of an ssl connection is a bitmask of:
-.Bl -tag -width Ds
-.It 0
-No shutdown setting, yet.
-.It Dv SSL_SENT_SHUTDOWN
-A
-.Dq close notify
-shutdown alert was sent to the peer; the connection is being considered closed
-and the session is closed and correct.
-.It Dv SSL_RECEIVED_SHUTDOWN
-A shutdown alert was received from the peer, either a normal
-.Dq close notify
-or a fatal error.
-.El
-.Pp
-.Dv SSL_SENT_SHUTDOWN
-and
-.Dv SSL_RECEIVED_SHUTDOWN
-can be set at the same time.
-.Pp
-The shutdown state of the connection is used to determine the state of the
-.Fa ssl
-session.
-If the session is still open when
-.Xr SSL_clear 3
-or
-.Xr SSL_free 3
-is called, it is considered bad and removed according to RFC 2246.
-The actual condition for a correctly closed session is
-.Dv SSL_SENT_SHUTDOWN
-(according to the TLS RFC, it is acceptable to only send the
-.Dq close notify
-alert but to not wait for the peer's answer when the underlying connection is
-closed).
-.Fn SSL_set_shutdown
-can be used to set this state without sending a close alert to the peer (see
-.Xr SSL_shutdown 3 ) .
-.Pp
-If a
-.Dq close notify
-was received,
-.Dv SSL_RECEIVED_SHUTDOWN
-will be set, but to set
-.Dv SSL_SENT_SHUTDOWN
-the application must still call
-.Xr SSL_shutdown 3
-or
-.Fn SSL_set_shutdown
-itself.
-.Sh RETURN VALUES
-.Fn SSL_get_shutdown
-returns the current setting.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_CTX_set_quiet_shutdown 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_shutdown 3
-.Sh HISTORY
-.Fn SSL_set_shutdown
-and
-.Fn SSL_get_shutdown
-first appeared in SSLeay 0.8.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_set_tmp_ecdh.3 b/src/lib/libssl/man/SSL_set_tmp_ecdh.3
deleted file mode 100644
index 8fd2d9fd5b..0000000000
--- a/src/lib/libssl/man/SSL_set_tmp_ecdh.3
+++ /dev/null
@@ -1,119 +0,0 @@
-.\"     $OpenBSD: SSL_set_tmp_ecdh.3,v 1.6 2021/11/30 15:58:08 jsing Exp $
-.\"
-.\" Copyright (c) 2017 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.Dd $Mdocdate: November 30 2021 $
-.Dt SSL_SET_TMP_ECDH 3
-.Os
-.Sh NAME
-.Nm SSL_set_tmp_ecdh ,
-.Nm SSL_CTX_set_tmp_ecdh ,
-.Nm SSL_set_ecdh_auto ,
-.Nm SSL_CTX_set_ecdh_auto ,
-.Nm SSL_set_tmp_ecdh_callback ,
-.Nm SSL_CTX_set_tmp_ecdh_callback
-.Nd select a curve for ECDH ephemeral key exchange
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft long
-.Fo SSL_set_tmp_ecdh
-.Fa "SSL *ssl"
-.Fa "EC_KEY *ecdh"
-.Fc
-.Ft long
-.Fo SSL_CTX_set_tmp_ecdh
-.Fa "SSL_CTX *ctx"
-.Fa "EC_KEY *ecdh"
-.Fc
-.Ft long
-.Fo SSL_set_ecdh_auto
-.Fa "SSL *ssl"
-.Fa "int state"
-.Fc
-.Ft long
-.Fo SSL_CTX_set_ecdh_auto
-.Fa "SSL_CTX *ctx"
-.Fa "int state"
-.Fc
-.Ft void
-.Fo SSL_set_tmp_ecdh_callback
-.Fa "SSL *ssl"
-.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
-.Fc
-.Ft void
-.Fo SSL_CTX_set_tmp_ecdh_callback
-.Fa "SSL_CTX *ctx"
-.Fa "EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength)"
-.Fc
-.Sh DESCRIPTION
-Automatic EC curve selection and generation is always enabled in
-LibreSSL, and applications cannot manually provide EC keys for use
-with ECDH key exchange.
-.Pp
-The only remaining effect of
-.Fn SSL_set_tmp_ecdh
-is that the curve of the given
-.Fa ecdh
-key becomes the only curve enabled for the
-.Fa ssl
-connection, so it is equivalent to calling
-.Xr SSL_set1_groups_list 3
-with the same single curve name.
-.Pp
-.Fn SSL_CTX_set_tmp_ecdh
-has the same effect on all connections that will be created from
-.Fa ctx
-in the future.
-.Pp
-The functions
-.Fn SSL_set_ecdh_auto ,
-.Fn SSL_CTX_set_ecdh_auto ,
-.Fn SSL_set_tmp_ecdh_callback ,
-and
-.Fn SSL_CTX_set_tmp_ecdh_callback
-are deprecated and have no effect.
-.Sh RETURN VALUES
-.Fn SSL_set_tmp_ecdh
-and
-.Fn SSL_CTX_set_tmp_ecdh
-return 1 on success or 0 on failure.
-.Pp
-.Fn SSL_set_ecdh_auto ,
-.Fn SSL_CTX_set_ecdh_auto ,
-.Fn SSL_set_tmp_ecdh_callback ,
-and
-.Fn SSL_CTX_set_tmp_ecdh_callback
-always return 1.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set1_groups 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_tmp_dh_callback 3 ,
-.Xr SSL_new 3
-.Sh HISTORY
-.Fn SSL_set_tmp_ecdh ,
-.Fn SSL_CTX_set_tmp_ecdh ,
-.Fn SSL_set_tmp_ecdh_callback ,
-and
-.Fn SSL_CTX_set_tmp_ecdh_callback
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
-.Fn SSL_CTX_set_ecdh_auto
-and
-.Fn SSL_set_ecdh_auto
-first appeared in OpenSSL 1.0.2 and have been available since
-.Ox 5.7 .
diff --git a/src/lib/libssl/man/SSL_set_verify_result.3 b/src/lib/libssl/man/SSL_set_verify_result.3
deleted file mode 100644
index 4b7cc6ec3c..0000000000
--- a/src/lib/libssl/man/SSL_set_verify_result.3
+++ /dev/null
@@ -1,90 +0,0 @@
-.\"     $OpenBSD: SSL_set_verify_result.3,v 1.5 2020/03/29 17:05:02 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 29 2020 $
-.Dt SSL_SET_VERIFY_RESULT 3
-.Os
-.Sh NAME
-.Nm SSL_set_verify_result
-.Nd override result of peer certificate verification
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft void
-.Fn SSL_set_verify_result "SSL *ssl" "long verify_result"
-.Sh DESCRIPTION
-.Fn SSL_set_verify_result
-sets
-.Fa verify_result
-of the object
-.Fa ssl
-to be the result of the verification of the X509 certificate presented by the
-peer, if any.
-.Pp
-.Fn SSL_set_verify_result
-overrides the verification result.
-It only changes the verification result of the
-.Fa ssl
-object.
-It does not become part of the established session, so if the session is to be
-reused later, the original value will reappear.
-.Pp
-The valid codes for
-.Fa verify_result
-are documented in
-.Xr openssl 1 .
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr ssl 3 ,
-.Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_get_verify_result 3
-.Sh HISTORY
-.Fn SSL_set_verify_result
-first appeared in SSLeay 0.6.1 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_shutdown.3 b/src/lib/libssl/man/SSL_shutdown.3
deleted file mode 100644
index bfb1e91ea7..0000000000
--- a/src/lib/libssl/man/SSL_shutdown.3
+++ /dev/null
@@ -1,253 +0,0 @@
-.\"     $OpenBSD: SSL_shutdown.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2004, 2014 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_SHUTDOWN 3
-.Os
-.Sh NAME
-.Nm SSL_shutdown
-.Nd shut down a TLS/SSL connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_shutdown "SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_shutdown
-shuts down an active TLS/SSL connection.
-It sends the
-.Dq close notify
-shutdown alert to the peer.
-.Pp
-.Fn SSL_shutdown
-tries to send the
-.Dq close notify
-shutdown alert to the peer.
-Whether the operation succeeds or not, the
-.Dv SSL_SENT_SHUTDOWN
-flag is set and a currently open session is considered closed and good and will
-be kept in the session cache for further reuse.
-.Pp
-The shutdown procedure consists of 2 steps: the sending of the
-.Dq close notify
-shutdown alert and the reception of the peer's
-.Dq close notify
-shutdown alert.
-According to the TLS standard, it is acceptable for an application to only send
-its shutdown alert and then close the underlying connection without waiting for
-the peer's response (this way resources can be saved, as the process can
-already terminate or serve another connection).
-When the underlying connection shall be used for more communications,
-the complete shutdown procedure (bidirectional
-.Dq close notify
-alerts) must be performed, so that the peers stay synchronized.
-.Pp
-.Fn SSL_shutdown
-supports both uni- and bidirectional shutdown by its 2 step behavior.
-.Pp
-When the application is the first party to send the
-.Dq close notify
-alert,
-.Fn SSL_shutdown
-will only send the alert and then set the
-.Dv SSL_SENT_SHUTDOWN
-flag (so that the session is considered good and will be kept in cache).
-.Fn SSL_shutdown
-will then return 0.
-If a unidirectional shutdown is enough
-(the underlying connection shall be closed anyway), this first call to
-.Fn SSL_shutdown
-is sufficient.
-In order to complete the bidirectional shutdown handshake,
-.Fn SSL_shutdown
-must be called again.
-The second call will make
-.Fn SSL_shutdown
-wait for the peer's
-.Dq close notify
-shutdown alert.
-On success, the second call to
-.Fn SSL_shutdown
-will return 1.
-.Pp
-If the peer already sent the
-.Dq close notify
-alert and it was already processed implicitly inside another function
-.Pq Xr SSL_read 3 ,
-the
-.Dv SSL_RECEIVED_SHUTDOWN
-flag is set.
-.Fn SSL_shutdown
-will send the
-.Dq close notify
-alert, set the
-.Dv SSL_SENT_SHUTDOWN
-flag and will immediately return with 1.
-Whether
-.Dv SSL_RECEIVED_SHUTDOWN
-is already set can be checked using the
-.Fn SSL_get_shutdown
-(see also the
-.Xr SSL_set_shutdown 3
-call).
-.Pp
-It is therefore recommended to check the return value of
-.Fn SSL_shutdown
-and call
-.Fn SSL_shutdown
-again, if the bidirectional shutdown is not yet complete (return value of the
-first call is 0).
-.Pp
-The behaviour of
-.Fn SSL_shutdown
-additionally depends on the underlying
-.Vt BIO .
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em blocking ,
-.Fn SSL_shutdown
-will only return once the
-handshake step has been finished or an error occurred.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em non-blocking ,
-.Fn SSL_shutdown
-will also return when the underlying
-.Vt BIO
-could not satisfy the needs of
-.Fn SSL_shutdown
-to continue the handshake.
-In this case a call to
-.Xr SSL_get_error 3
-with the
-return value of
-.Fn SSL_shutdown
-will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of
-.Fn SSL_shutdown .
-The action depends on the underlying
-.Vt BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the
-.Vt BIO
-before being able to continue.
-.Pp
-.Fn SSL_shutdown
-can be modified to only set the connection to
-.Dq shutdown
-state but not actually send the
-.Dq close notify
-alert messages; see
-.Xr SSL_CTX_set_quiet_shutdown 3 .
-When
-.Dq quiet shutdown
-is enabled,
-.Fn SSL_shutdown
-will always succeed and return 1.
-.Sh RETURN VALUES
-The following return values can occur:
-.Bl -tag -width Ds
-.It 0
-The shutdown is not yet finished.
-Call
-.Fn SSL_shutdown
-for a second time, if a bidirectional shutdown shall be performed.
-The output of
-.Xr SSL_get_error 3
-may be misleading, as an erroneous
-.Dv SSL_ERROR_SYSCALL
-may be flagged even though no error occurred.
-.It 1
-The shutdown was successfully completed.
-The
-.Dq close notify
-alert was sent and the peer's
-.Dq close notify
-alert was received.
-.It \(mi1
-The shutdown was not successful because a fatal error occurred either
-at the protocol level or a connection failure occurred.
-It can also occur if action is need to continue the operation for non-blocking
-.Vt BIO Ns
-s.
-Call
-.Xr SSL_get_error 3
-with the return value
-.Fa ret
-to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_clear 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_CTX_set_quiet_shutdown 3 ,
-.Xr SSL_free 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_set_shutdown 3
-.Sh HISTORY
-.Fn SSL_shutdown
-first appeared in SSLeay 0.8.0 and has been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_state_string.3 b/src/lib/libssl/man/SSL_state_string.3
deleted file mode 100644
index 1070335448..0000000000
--- a/src/lib/libssl/man/SSL_state_string.3
+++ /dev/null
@@ -1,110 +0,0 @@
-.\"     $OpenBSD: SSL_state_string.3,v 1.4 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_STATE_STRING 3
-.Os
-.Sh NAME
-.Nm SSL_state_string ,
-.Nm SSL_state_string_long
-.Nd get textual description of state of an SSL object
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft const char *
-.Fn SSL_state_string "const SSL *ssl"
-.Ft const char *
-.Fn SSL_state_string_long "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_state_string
-returns a 6 letter string indicating the current state of the
-.Vt SSL
-object
-.Fa ssl .
-.Pp
-.Fn SSL_state_string_long
-returns a string indicating the current state of the
-.Vt SSL
-object
-.Fa ssl .
-.Pp
-During its use, an
-.Vt SSL
-object passes several states.
-The state is internally maintained.
-Querying the state information is not very informative before or when a
-connection has been established.
-It however can be of significant interest during the handshake.
-.Pp
-When using non-blocking sockets,
-the function call performing the handshake may return with
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE
-condition, so that
-.Fn SSL_state_string[_long]
-may be called.
-.Pp
-For both blocking or non-blocking sockets,
-the details state information can be used within the
-.Fn info_callback
-function set with the
-.Xr SSL_set_info_callback 3
-call.
-.Sh RETURN VALUES
-Detailed description of possible states to be included later.
-.Sh SEE ALSO
-.Xr ssl 3 ,
-.Xr SSL_CTX_set_info_callback 3
-.Sh HISTORY
-.Fn SSL_state_string
-and
-.Fn SSL_state_string_long
-first appeared in SSLeay 0.6.0 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_want.3 b/src/lib/libssl/man/SSL_want.3
deleted file mode 100644
index 24e8645ba8..0000000000
--- a/src/lib/libssl/man/SSL_want.3
+++ /dev/null
@@ -1,161 +0,0 @@
-.\"     $OpenBSD: SSL_want.3,v 1.5 2018/03/27 17:35:50 schwarze Exp $
-.\"     OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 27 2018 $
-.Dt SSL_WANT 3
-.Os
-.Sh NAME
-.Nm SSL_want ,
-.Nm SSL_want_nothing ,
-.Nm SSL_want_read ,
-.Nm SSL_want_write ,
-.Nm SSL_want_x509_lookup
-.Nd obtain state information TLS/SSL I/O operation
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_want "const SSL *ssl"
-.Ft int
-.Fn SSL_want_nothing "const SSL *ssl"
-.Ft int
-.Fn SSL_want_read "const SSL *ssl"
-.Ft int
-.Fn SSL_want_write "const SSL *ssl"
-.Ft int
-.Fn SSL_want_x509_lookup "const SSL *ssl"
-.Sh DESCRIPTION
-.Fn SSL_want
-returns state information for the
-.Vt SSL
-object
-.Fa ssl .
-.Pp
-The other
-.Fn SSL_want_*
-calls are shortcuts for the possible states returned by
-.Fn SSL_want .
-.Pp
-.Fn SSL_want
-examines the internal state information of the
-.Vt SSL
-object.
-Its return values are similar to those of
-.Xr SSL_get_error 3 .
-Unlike
-.Xr SSL_get_error 3 ,
-which also evaluates the error queue,
-the results are obtained by examining an internal state flag only.
-The information must therefore only be used for normal operation under
-non-blocking I/O.
-Error conditions are not handled and must be treated using
-.Xr SSL_get_error 3 .
-.Pp
-The result returned by
-.Fn SSL_want
-should always be consistent with the result of
-.Xr SSL_get_error 3 .
-.Sh RETURN VALUES
-The following return values can currently occur for
-.Fn SSL_want :
-.Bl -tag -width Ds
-.It Dv SSL_NOTHING
-There is no data to be written or to be read.
-.It Dv SSL_WRITING
-There are data in the SSL buffer that must be written to the underlying
-.Vt BIO
-layer in order to complete the actual
-.Fn SSL_*
-operation.
-A call to
-.Xr SSL_get_error 3
-should return
-.Dv SSL_ERROR_WANT_WRITE .
-.It Dv SSL_READING
-More data must be read from the underlying
-.Vt BIO
-layer in order to
-complete the actual
-.Fn SSL_*
-operation.
-A call to
-.Xr SSL_get_error 3
-should return
-.Dv SSL_ERROR_WANT_READ .
-.It Dv SSL_X509_LOOKUP
-The operation did not complete because an application callback set by
-.Xr SSL_CTX_set_client_cert_cb 3
-has asked to be called again.
-A call to
-.Xr SSL_get_error 3
-should return
-.Dv SSL_ERROR_WANT_X509_LOOKUP .
-.El
-.Pp
-.Fn SSL_want_nothing ,
-.Fn SSL_want_read ,
-.Fn SSL_want_write ,
-and
-.Fn SSL_want_x509_lookup
-return 1 when the corresponding condition is true or 0 otherwise.
-.Sh SEE ALSO
-.Xr err 3 ,
-.Xr ssl 3 ,
-.Xr SSL_get_error 3
-.Sh HISTORY
-.Fn SSL_want ,
-.Fn SSL_want_nothing ,
-.Fn SSL_want_read ,
-and
-.Fn SSL_want_write
-first appeared in SSLeay 0.5.2.
-.Fn SSL_want_x509_lookup
-first appeared in SSLeay 0.6.0.
-These functions have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/SSL_write.3 b/src/lib/libssl/man/SSL_write.3
deleted file mode 100644
index 2c6fbcef08..0000000000
--- a/src/lib/libssl/man/SSL_write.3
+++ /dev/null
@@ -1,249 +0,0 @@
-.\" $OpenBSD: SSL_write.3,v 1.7 2021/10/24 15:10:13 schwarze Exp $
-.\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\" partial merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>
-.\" and Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2000, 2001, 2002, 2016 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: October 24 2021 $
-.Dt SSL_WRITE 3
-.Os
-.Sh NAME
-.Nm SSL_write_ex ,
-.Nm SSL_write
-.Nd write bytes to a TLS connection
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft int
-.Fn SSL_write_ex "SSL *ssl" "const void *buf" "size_t num" "size_t *written"
-.Ft int
-.Fn SSL_write "SSL *ssl" "const void *buf" "int num"
-.Sh DESCRIPTION
-.Fn SSL_write_ex
-and
-.Fn SSL_write
-write
-.Fa num
-bytes from the buffer
-.Fa buf
-into the specified
-.Fa ssl
-connection.
-On success
-.Fn SSL_write_ex
-stores the number of bytes written in
-.Pf * Fa written .
-.Pp
-In the following,
-.Fn SSL_write_ex
-and
-.Fn SSL_write
-are called
-.Dq write functions .
-.Pp
-If necessary, a write function negotiates a TLS session,
-if not already explicitly performed by
-.Xr SSL_connect 3
-or
-.Xr SSL_accept 3 .
-If the peer requests a re-negotiation,
-it will be performed transparently during the
-write function operation.
-The behaviour of the write functions depends on the underlying
-.Vt BIO .
-.Pp
-For the transparent negotiation to succeed, the
-.Fa ssl
-must have been initialized to client or server mode.
-This is done by calling
-.Xr SSL_set_connect_state 3
-or
-.Xr SSL_set_accept_state 3
-before the first call to a write function.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em blocking ,
-the write function
-will only return once the write operation has been finished or an error
-occurred, except when a renegotiation takes place, in which case a
-.Dv SSL_ERROR_WANT_READ
-may occur.
-This behaviour can be controlled with the
-.Dv SSL_MODE_AUTO_RETRY
-flag of the
-.Xr SSL_CTX_set_mode 3
-call.
-.Pp
-If the underlying
-.Vt BIO
-is
-.Em non-blocking ,
-the write function will also return when the underlying
-.Vt BIO
-could not satisfy the needs of the function to continue the operation.
-In this case a call to
-.Xr SSL_get_error 3
-with the return value of the write function will yield
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE .
-As at any time a re-negotiation is possible, a call to
-a write function can also cause read operations.
-The calling process then must repeat the call after taking appropriate action
-to satisfy the needs of the write function.
-The action depends on the underlying
-.Vt BIO .
-When using a non-blocking socket, nothing is to be done, but
-.Xr select 2
-can be used to check for the required condition.
-When using a buffering
-.Vt BIO ,
-like a
-.Vt BIO
-pair, data must be written into or retrieved out of the BIO before being able
-to continue.
-.Pp
-The write functions
-will only return with success when the complete contents of
-.Fa buf
-of length
-.Fa num
-have been written.
-This default behaviour can be changed with the
-.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
-option of
-.Xr SSL_CTX_set_mode 3 .
-When this flag is set, the write functions will also return with
-success when a partial write has been successfully completed.
-In this case the write function operation is considered completed.
-The bytes are sent and a new write call with a new buffer (with the
-already sent bytes removed) must be started.
-A partial write is performed with the size of a message block,
-which is 16kB.
-.Pp
-When a write function call has to be repeated because
-.Xr SSL_get_error 3
-returned
-.Dv SSL_ERROR_WANT_READ
-or
-.Dv SSL_ERROR_WANT_WRITE ,
-it must be repeated with the same arguments.
-.Pp
-When calling
-.Fn SSL_write
-with
-.Fa num Ns =0
-bytes to be sent, the behaviour is undefined.
-.Fn SSL_write_ex
-can be called with
-.Fa num Ns =0 ,
-but will not send application data to the peer.
-.Sh RETURN VALUES
-.Fn SSL_write_ex
-returns 1 for success or 0 for failure.
-Success means that all requested application data bytes have been
-written to the TLS connection or, if
-.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
-is in use, at least one application data byte has been written
-to the TLS connection.
-Failure means that not all the requested bytes have been written yet (if
-.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
-is not in use) or no bytes could be written to the TLS connection (if
-.Dv SSL_MODE_ENABLE_PARTIAL_WRITE
-is in use).
-Failures can be retryable (e.g. the network write buffer has temporarily
-filled up) or non-retryable (e.g. a fatal network error).
-In the event of a failure, call
-.Xr SSL_get_error 3
-to find out the reason
-which indicates whether the call is retryable or not.
-.Pp
-For
-.Fn SSL_write ,
-the following return values can occur:
-.Bl -tag -width Ds
-.It >0
-The write operation was successful.
-The return value is the number of bytes actually written to the TLS
-connection.
-.It 0
-The write operation was not successful.
-Probably the underlying connection was closed.
-Call
-.Xr SSL_get_error 3
-with the return value to find out whether an error occurred or the connection
-was shut down cleanly
-.Pq Dv SSL_ERROR_ZERO_RETURN .
-.It <0
-The write operation was not successful, because either an error occurred or
-action must be taken by the calling process.
-Call
-.Xr SSL_get_error 3
-with the return value to find out the reason.
-.El
-.Sh SEE ALSO
-.Xr BIO_new 3 ,
-.Xr ssl 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_set_mode 3 ,
-.Xr SSL_get_error 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_set_connect_state 3
-.Sh HISTORY
-.Fn SSL_write
-appeared in SSLeay 0.4 or earlier and has been available since
-.Ox 2.4 .
-.Pp
-.Fn SSL_write_ex
-first appeared in OpenSSL 1.1.1 and has been available since
-.Ox 7.1 .
diff --git a/src/lib/libssl/man/d2i_SSL_SESSION.3 b/src/lib/libssl/man/d2i_SSL_SESSION.3
deleted file mode 100644
index 7a2bc529ab..0000000000
--- a/src/lib/libssl/man/d2i_SSL_SESSION.3
+++ /dev/null
@@ -1,181 +0,0 @@
-.\"     $OpenBSD: d2i_SSL_SESSION.3,v 1.7 2019/06/08 15:25:43 schwarze Exp $
-.\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
-.\"
-.\" This file was written by Lutz Jaenicke <jaenicke@openssl.org>.
-.\" Copyright (c) 2001, 2005, 2014 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: June 8 2019 $
-.Dt D2I_SSL_SESSION 3
-.Os
-.Sh NAME
-.Nm d2i_SSL_SESSION ,
-.Nm i2d_SSL_SESSION
-.Nd convert SSL_SESSION object from/to ASN1 representation
-.Sh SYNOPSIS
-.In openssl/ssl.h
-.Ft  SSL_SESSION *
-.Fn d2i_SSL_SESSION "SSL_SESSION **a" "const unsigned char **pp" "long length"
-.Ft  int
-.Fn i2d_SSL_SESSION "SSL_SESSION *in" "unsigned char **pp"
-.Sh DESCRIPTION
-.Fn d2i_SSL_SESSION
-transforms the external ASN1 representation of an SSL/TLS session,
-stored as binary data at location
-.Fa pp
-with length
-.Fa length ,
-into
-an
-.Vt SSL_SESSION
-object.
-.Pp
-.Fn i2d_SSL_SESSION
-transforms the
-.Vt SSL_SESSION
-object
-.Fa in
-into the ASN1 representation and stores it into the memory location pointed to
-by
-.Fa pp .
-The length of the resulting ASN1 representation is returned.
-If
-.Fa pp
-is the
-.Dv NULL
-pointer, only the length is calculated and returned.
-.Pp
-The
-.Vt SSL_SESSION
-object is built from several
-.Xr malloc 3 Ns
--ed parts; it can therefore not be moved, copied or stored directly.
-In order to store session data on disk or into a database,
-it must be transformed into a binary ASN1 representation.
-.Pp
-When using
-.Fn d2i_SSL_SESSION ,
-the
-.Vt SSL_SESSION
-object is automatically allocated.
-The reference count is 1, so that the session must be explicitly removed using
-.Xr SSL_SESSION_free 3 ,
-unless the
-.Vt SSL_SESSION
-object is completely taken over, when being called inside the
-.Fn get_session_cb ,
-see
-.Xr SSL_CTX_sess_set_get_cb 3 .
-.Pp
-.Vt SSL_SESSION
-objects keep internal link information about the session cache list when being
-inserted into one
-.Vt SSL_CTX
-object's session cache.
-One
-.Vt SSL_SESSION
-object, regardless of its reference count, must therefore only be used with one
-.Vt SSL_CTX
-object (and the
-.Vt SSL
-objects created from this
-.Vt SSL_CTX
-object).
-.Pp
-When using
-.Fn i2d_SSL_SESSION ,
-the memory location pointed to by
-.Fa pp
-must be large enough to hold the binary representation of the session.
-There is no known limit on the size of the created ASN1 representation,
-so call
-.Fn i2d_SSL_SESSION
-first with
-.Fa pp Ns = Ns Dv NULL
-to obtain the encoded size, before allocating the required amount of memory and
-calling
-.Fn i2d_SSL_SESSION
-again.
-Note that this will advance the value contained in
-.Fa *pp
-so it is necessary to save a copy of the original allocation.
-For example:
-.Bd -literal -offset indent
-char    *p, *pp;
-int      elen, len;
-
-elen = i2d_SSL_SESSION(sess, NULL);
-p = pp = malloc(elen);
-if (p != NULL) {
-        len = i2d_SSL_SESSION(sess, &pp);
-        assert(elen == len);
-        assert(p + len == pp);
-}
-.Ed
-.Sh RETURN VALUES
-.Fn d2i_SSL_SESSION
-returns a pointer to the newly allocated
-.Vt SSL_SESSION
-object.
-In case of failure a
-.Dv NULL
-pointer is returned and the error message can be retrieved from the error
-stack.
-.Pp
-.Fn i2d_SSL_SESSION
-returns the size of the ASN1 representation in bytes.
-When the session is not valid, 0 is returned and no operation is performed.
-.Sh SEE ALSO
-.Xr d2i_X509 3 ,
-.Xr ssl 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_SESSION_free 3
-.Sh HISTORY
-.Fn d2i_SSL_SESSION
-and
-.Fn i2d_SSL_SESSION
-first appeared in SSLeay 0.5.2 and have been available since
-.Ox 2.4 .
diff --git a/src/lib/libssl/man/ssl.3 b/src/lib/libssl/man/ssl.3
deleted file mode 100644
index 314a1b0a94..0000000000
--- a/src/lib/libssl/man/ssl.3
+++ /dev/null
@@ -1,353 +0,0 @@
-.\" $OpenBSD: ssl.3,v 1.26 2024/08/31 10:51:48 tb Exp $
-.\" full merge up to: OpenSSL e330f55d Nov 11 00:51:04 2016 +0100
-.\" selective merge up to: OpenSSL 322755cc Sep 1 08:40:51 2018 +0800
-.\"
-.\" This file was written by Ralf S. Engelschall <rse@openssl.org>,
-.\" Ben Laurie <ben@openssl.org>, and Ulf Moeller <ulf@openssl.org>.
-.\" Copyright (c) 1998-2002, 2005, 2013, 2015 The OpenSSL Project.
-.\" All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: August 31 2024 $
-.Dt SSL 3
-.Os
-.Sh NAME
-.Nm ssl
-.Nd OpenSSL TLS library
-.Sh DESCRIPTION
-The
-.Nm ssl
-library implements the Transport Layer Security (TLS) protocol,
-the successor to the Secure Sockets Layer (SSL) protocol.
-.Pp
-An
-.Vt SSL_CTX
-object is created as a framework to establish TLS/SSL enabled connections (see
-.Xr SSL_CTX_new 3 ) .
-Various options regarding certificates, algorithms, etc., can be set in this
-object.
-.Pp
-When a network connection has been created, it can be assigned to an
-.Vt SSL
-object.
-After the
-.Vt SSL
-object has been created using
-.Xr SSL_new 3 ,
-.Xr SSL_set_fd 3
-or
-.Xr SSL_set_bio 3
-can be used to associate the network connection with the object.
-.Pp
-Then the TLS/SSL handshake is performed using
-.Xr SSL_accept 3
-or
-.Xr SSL_connect 3
-respectively.
-.Xr SSL_read 3
-and
-.Xr SSL_write 3
-are used to read and write data on the TLS/SSL connection.
-.Xr SSL_shutdown 3
-can be used to shut down the TLS/SSL connection.
-.Sh DATA STRUCTURES
-Currently the
-.Nm ssl
-library functions deal with the following data structures:
-.Bl -tag -width Ds
-.It Vt SSL_METHOD No (SSL Method)
-That's a dispatch structure describing the internal
-.Nm ssl
-library methods/functions which implement the various protocol versions.
-It's needed to create an
-.Vt SSL_CTX .
-See
-.Xr TLS_method 3
-for constructors.
-.It Vt SSL_CIPHER No (SSL Cipher)
-This structure holds the algorithm information for a particular cipher which
-is a core part of the SSL/TLS protocol.
-The available ciphers are configured on an
-.Vt SSL_CTX
-basis and the actually used ones are then part of the
-.Vt SSL_SESSION .
-.It Vt SSL_CTX No (SSL Context)
-That's the global context structure which is created by a server or client
-once per program lifetime and which holds mainly default values for the
-.Vt SSL
-structures which are later created for the connections.
-.It Vt SSL_SESSION No (SSL Session)
-This is a structure containing the current TLS/SSL session details for a
-connection:
-.Vt SSL_CIPHER Ns s ,
-client and server certificates, keys, etc.
-.It Vt SSL No (SSL Connection)
-That's the main SSL/TLS structure which is created by a server or client per
-established connection.
-This actually is the core structure in the SSL API.
-At run-time the application usually deals with this structure which has
-links to mostly all other structures.
-.El
-.Sh HEADER FILES
-Currently the
-.Nm ssl
-library provides the following C header files containing the prototypes for the
-data structures and functions:
-.Bl -tag -width Ds
-.It Pa ssl.h
-That's the common header file for the SSL/TLS API.
-Include it into your program to make the API of the
-.Nm ssl
-library available.
-It internally includes both more private SSL headers and headers from the
-.Em crypto
-library.
-Whenever you need hardcore details on the internals of the SSL API, look inside
-this header file.
-.It Pa ssl3.h
-That's the sub header file dealing with the SSLv3 protocol only.
-.Bf Em
-Usually you don't have to include it explicitly because it's already included
-by
-.Pa ssl.h .
-.Ef
-.It Pa tls1.h
-That's the sub header file dealing with the TLSv1 protocol only.
-.Bf Em
-Usually you don't have to include it explicitly because it's already included
-by
-.Pa ssl.h .
-.Ef
-.El
-.Sh API FUNCTIONS
-.Ss Ciphers
-The following pages describe functions acting on
-.Vt SSL_CIPHER
-objects:
-.Xr SSL_get_ciphers 3 ,
-.Xr SSL_get_current_cipher 3 ,
-.Xr SSL_CIPHER_get_name 3
-.Ss Protocol contexts
-The following pages describe functions acting on
-.Vt SSL_CTX
-objects.
-.Pp
-Constructors and destructors:
-.Xr SSL_CTX_new 3 ,
-.Xr SSL_CTX_set_ssl_version 3 ,
-.Xr SSL_CTX_free 3
-.Pp
-Certificate configuration:
-.Xr SSL_CTX_add_extra_chain_cert 3 ,
-.Xr SSL_CTX_get0_certificate 3 ,
-.Xr SSL_CTX_load_verify_locations 3 ,
-.Xr SSL_CTX_set_cert_store 3 ,
-.Xr SSL_CTX_set_cert_verify_callback 3 ,
-.Xr SSL_CTX_set_client_cert_cb 3 ,
-.Xr SSL_CTX_set_default_passwd_cb 3 ,
-.Xr SSL_CTX_set_tlsext_status_cb 3
-.Pp
-Session configuration:
-.Xr SSL_CTX_add_session 3 ,
-.Xr SSL_CTX_flush_sessions 3 ,
-.Xr SSL_CTX_sess_number 3 ,
-.Xr SSL_CTX_sess_set_cache_size 3 ,
-.Xr SSL_CTX_sess_set_get_cb 3 ,
-.Xr SSL_CTX_sessions 3 ,
-.Xr SSL_CTX_set_session_cache_mode 3 ,
-.Xr SSL_CTX_set_timeout 3 ,
-.Xr SSL_CTX_set_tlsext_ticket_key_cb 3
-.Pp
-Various configuration:
-.Xr SSL_CTX_get_ex_new_index 3 ,
-.Xr SSL_CTX_set_tlsext_servername_callback 3
-.Ss Common configuration of contexts and connections
-The functions on the following pages each come in two variants:
-one to directly configure a single
-.Vt SSL
-connection and another to be called on an
-.Vt SSL_CTX
-object, to set up defaults for all future
-.Vt SSL
-connections created from that context.
-.Pp
-Protocol and algorithm configuration:
-.Xr SSL_CTX_set_alpn_select_cb 3 ,
-.Xr SSL_CTX_set_cipher_list 3 ,
-.Xr SSL_CTX_set_min_proto_version 3 ,
-.Xr SSL_CTX_set_options 3 ,
-.Xr SSL_CTX_set_security_level 3 ,
-.Xr SSL_CTX_set_tlsext_use_srtp 3 ,
-.Xr SSL_CTX_set_tmp_dh_callback 3 ,
-.Xr SSL_CTX_set1_groups 3
-.Pp
-Certificate configuration:
-.Xr SSL_CTX_add1_chain_cert 3 ,
-.Xr SSL_CTX_get_verify_mode 3 ,
-.Xr SSL_CTX_set_client_CA_list 3 ,
-.Xr SSL_CTX_set_max_cert_list 3 ,
-.Xr SSL_CTX_set_verify 3 ,
-.Xr SSL_CTX_use_certificate 3 ,
-.Xr SSL_get_client_CA_list 3
-.Xr SSL_set1_param 3
-.Pp
-Session configuration:
-.Xr SSL_CTX_set_generate_session_id 3 ,
-.Xr SSL_CTX_set_session_id_context 3
-.Pp
-Various configuration:
-.Xr SSL_CTX_ctrl 3 ,
-.Xr SSL_CTX_set_info_callback 3 ,
-.Xr SSL_CTX_set_mode 3 ,
-.Xr SSL_CTX_set_msg_callback 3 ,
-.Xr SSL_CTX_set_quiet_shutdown 3 ,
-.Xr SSL_CTX_set_read_ahead 3 ,
-.Xr SSL_set_max_send_fragment 3
-.Ss Sessions
-The following pages describe functions acting on
-.Vt SSL_SESSION
-objects.
-.Pp
-Constructors and destructors:
-.Xr SSL_SESSION_new 3 ,
-.Xr SSL_SESSION_free 3
-.Pp
-Accessors:
-.Xr SSL_SESSION_get_compress_id 3 ,
-.Xr SSL_SESSION_get_ex_new_index 3 ,
-.Xr SSL_SESSION_get_id 3 ,
-.Xr SSL_SESSION_get_protocol_version 3 ,
-.Xr SSL_SESSION_get_time 3 ,
-.Xr SSL_SESSION_get0_peer 3 ,
-.Xr SSL_SESSION_has_ticket 3 ,
-.Xr SSL_SESSION_set1_id_context 3
-.Pp
-Encoding and decoding:
-.Xr d2i_SSL_SESSION 3 ,
-.Xr PEM_read_SSL_SESSION 3 ,
-.Xr SSL_SESSION_print 3
-.Ss Connections
-The following pages describe functions acting on
-.Vt SSL
-connection objects:
-.Pp
-Constructors and destructors:
-.Xr SSL_new 3 ,
-.Xr SSL_dup 3 ,
-.Xr SSL_free 3 ,
-.Xr BIO_f_ssl 3
-.Pp
-To change the configuration:
-.Xr SSL_clear 3 ,
-.Xr SSL_set_SSL_CTX 3 ,
-.Xr SSL_copy_session_id 3 ,
-.Xr SSL_set_bio 3 ,
-.Xr SSL_set_connect_state 3 ,
-.Xr SSL_set_fd 3 ,
-.Xr SSL_set_session 3 ,
-.Xr SSL_set1_host 3 ,
-.Xr SSL_set_verify_result 3
-.Pp
-To inspect the configuration:
-.Xr SSL_get_certificate 3 ,
-.Xr SSL_get_default_timeout 3 ,
-.Xr SSL_get_ex_new_index 3 ,
-.Xr SSL_get_fd 3 ,
-.Xr SSL_get_rbio 3 ,
-.Xr SSL_get_SSL_CTX 3
-.Pp
-To transmit data:
-.Xr DTLSv1_listen 3 ,
-.Xr SSL_accept 3 ,
-.Xr SSL_connect 3 ,
-.Xr SSL_do_handshake 3 ,
-.Xr SSL_read 3 ,
-.Xr SSL_read_early_data 3 ,
-.Xr SSL_renegotiate 3 ,
-.Xr SSL_shutdown 3 ,
-.Xr SSL_write 3
-.Pp
-To inspect the state after a connection is established:
-.Xr SSL_export_keying_material 3 ,
-.Xr SSL_get_client_random 3 ,
-.Xr SSL_get_ex_data_X509_STORE_CTX_idx 3 ,
-.Xr SSL_get_peer_cert_chain 3 ,
-.Xr SSL_get_peer_certificate 3 ,
-.Xr SSL_get_server_tmp_key 3 ,
-.Xr SSL_get_servername 3 ,
-.Xr SSL_get_session 3 ,
-.Xr SSL_get_shared_ciphers 3 ,
-.Xr SSL_get_verify_result 3 ,
-.Xr SSL_get_version 3 ,
-.Xr SSL_session_reused 3
-.Pp
-To inspect the state during ongoing communication:
-.Xr SSL_get_error 3 ,
-.Xr SSL_get_shutdown 3 ,
-.Xr SSL_get_state 3 ,
-.Xr SSL_num_renegotiations 3 ,
-.Xr SSL_pending 3 ,
-.Xr SSL_rstate_string 3 ,
-.Xr SSL_state_string 3 ,
-.Xr SSL_want 3
-.Ss Utility functions
-.Xr SSL_alert_type_string 3 ,
-.Xr SSL_dup_CA_list 3 ,
-.Xr SSL_load_client_CA_file 3
-.Ss Obsolete functions
-.Xr OPENSSL_init_ssl 3 ,
-.Xr SSL_COMP_get_compression_methods 3 ,
-.Xr SSL_CTX_set_tmp_rsa_callback 3 ,
-.Xr SSL_library_init 3 ,
-.Xr SSL_set_tmp_ecdh 3
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr crypto 3 ,
-.Xr tls_init 3
-.Sh HISTORY
-The
-.Nm
-document appeared in OpenSSL 0.9.2.
diff --git a/src/lib/libssl/pqueue.c b/src/lib/libssl/pqueue.c
deleted file mode 100644
index 602969deb0..0000000000
--- a/src/lib/libssl/pqueue.c
+++ /dev/null
@@ -1,201 +0,0 @@
-/* $OpenBSD: pqueue.c,v 1.5 2014/06/12 15:49:31 deraadt Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "pqueue.h"
-
-typedef struct _pqueue {
-        pitem *items;
-        int count;
-} pqueue_s;
-
-pitem *
-pitem_new(unsigned char *prio64be, void *data)
-{
-        pitem *item = malloc(sizeof(pitem));
-
-        if (item == NULL)
-                return NULL;
-
-        memcpy(item->priority, prio64be, sizeof(item->priority));
-
-        item->data = data;
-        item->next = NULL;
-
-        return item;
-}
-
-void
-pitem_free(pitem *item)
-{
-        free(item);
-}
-
-pqueue_s *
-pqueue_new(void)
-{
-        return calloc(1, sizeof(pqueue_s));
-}
-
-void
-pqueue_free(pqueue_s *pq)
-{
-        free(pq);
-}
-
-pitem *
-pqueue_insert(pqueue_s *pq, pitem *item)
-{
-        pitem *curr, *next;
-
-        if (pq->items == NULL) {
-                pq->items = item;
-                return item;
-        }
-
-        for (curr = NULL, next = pq->items; next != NULL;
-            curr = next, next = next->next) {
-                /* we can compare 64-bit value in big-endian encoding
-                 * with memcmp:-) */
-                int cmp = memcmp(next->priority, item->priority,
-                    sizeof(item->priority));
-                if (cmp > 0) {          /* next > item */
-                        item->next = next;
-
-                        if (curr == NULL)
-                                pq->items = item;
-                        else
-                                curr->next = item;
-
-                        return item;
-                } else if (cmp == 0)    /* duplicates not allowed */
-                        return NULL;
-        }
-
-        item->next = NULL;
-        curr->next = item;
-
-        return item;
-}
-
-pitem *
-pqueue_peek(pqueue_s *pq)
-{
-        return pq->items;
-}
-
-pitem *
-pqueue_pop(pqueue_s *pq)
-{
-        pitem *item = pq->items;
-
-        if (pq->items != NULL)
-                pq->items = pq->items->next;
-
-        return item;
-}
-
-pitem *
-pqueue_find(pqueue_s *pq, unsigned char *prio64be)
-{
-        pitem *next;
-
-        for (next = pq->items; next != NULL; next = next->next)
-                if (memcmp(next->priority, prio64be,
-                    sizeof(next->priority)) == 0)
-                        return next;
-
-        return NULL;
-}
-
-pitem *
-pqueue_iterator(pqueue_s *pq)
-{
-        return pqueue_peek(pq);
-}
-
-pitem *
-pqueue_next(pitem **item)
-{
-        pitem *ret;
-
-        if (item == NULL || *item == NULL)
-                return NULL;
-
-        /* *item != NULL */
-        ret = *item;
-        *item = (*item)->next;
-
-        return ret;
-}
-
-int
-pqueue_size(pqueue_s *pq)
-{
-        pitem *item = pq->items;
-        int count = 0;
-
-        while (item != NULL) {
-                count++;
-                item = item->next;
-        }
-        return count;
-}
diff --git a/src/lib/libssl/pqueue.h b/src/lib/libssl/pqueue.h
deleted file mode 100644
index cdda4a3961..0000000000
--- a/src/lib/libssl/pqueue.h
+++ /dev/null
@@ -1,93 +0,0 @@
-/* $OpenBSD: pqueue.h,v 1.4 2016/11/04 18:28:58 guenther Exp $ */
-
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#ifndef HEADER_PQUEUE_H
-#define HEADER_PQUEUE_H
-
-__BEGIN_HIDDEN_DECLS 
-
-typedef struct _pqueue *pqueue;
-
-typedef struct _pitem {
-        unsigned char priority[8]; /* 64-bit value in big-endian encoding */
-        void *data;
-        struct _pitem *next;
-} pitem;
-
-typedef struct _pitem *piterator;
-
-pitem *pitem_new(unsigned char *prio64be, void *data);
-void   pitem_free(pitem *item);
-
-pqueue pqueue_new(void);
-void   pqueue_free(pqueue pq);
-
-pitem *pqueue_insert(pqueue pq, pitem *item);
-pitem *pqueue_peek(pqueue pq);
-pitem *pqueue_pop(pqueue pq);
-pitem *pqueue_find(pqueue pq, unsigned char *prio64be);
-pitem *pqueue_iterator(pqueue pq);
-pitem *pqueue_next(piterator *iter);
-
-int    pqueue_size(pqueue pq);
-
-__END_HIDDEN_DECLS 
-
-#endif /* ! HEADER_PQUEUE_H */
diff --git a/src/lib/libssl/s3_cbc.c b/src/lib/libssl/s3_cbc.c
deleted file mode 100644
index 32b7460870..0000000000
--- a/src/lib/libssl/s3_cbc.c
+++ /dev/null
@@ -1,628 +0,0 @@
-/* $OpenBSD: s3_cbc.c,v 1.26 2022/11/26 16:08:55 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 2012 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <openssl/md5.h>
-#include <openssl/sha.h>
-
-#include "ssl_local.h"
-
-/* MAX_HASH_BIT_COUNT_BYTES is the maximum number of bytes in the hash's length
- * field. (SHA-384/512 have 128-bit length.) */
-#define MAX_HASH_BIT_COUNT_BYTES 16
-
-/* MAX_HASH_BLOCK_SIZE is the maximum hash block size that we'll support.
- * Currently SHA-384/512 has a 128-byte block size and that's the largest
- * supported by TLS.) */
-#define MAX_HASH_BLOCK_SIZE 128
-
-/* Some utility functions are needed:
- *
- * These macros return the given value with the MSB copied to all the other
- * bits. They use the fact that arithmetic shift shifts-in the sign bit.
- * However, this is not ensured by the C standard so you may need to replace
- * them with something else on odd CPUs. */
-#define DUPLICATE_MSB_TO_ALL(x) ((unsigned int)((int)(x) >> (sizeof(int) * 8 - 1)))
-#define DUPLICATE_MSB_TO_ALL_8(x) ((unsigned char)(DUPLICATE_MSB_TO_ALL(x)))
-
-/* constant_time_lt returns 0xff if a<b and 0x00 otherwise. */
-static unsigned int
-constant_time_lt(unsigned int a, unsigned int b)
-{
-        a -= b;
-        return DUPLICATE_MSB_TO_ALL(a);
-}
-
-/* constant_time_ge returns 0xff if a>=b and 0x00 otherwise. */
-static unsigned int
-constant_time_ge(unsigned int a, unsigned int b)
-{
-        a -= b;
-        return DUPLICATE_MSB_TO_ALL(~a);
-}
-
-/* constant_time_eq_8 returns 0xff if a==b and 0x00 otherwise. */
-static unsigned char
-constant_time_eq_8(unsigned int a, unsigned int b)
-{
-        unsigned int c = a ^ b;
-        c--;
-        return DUPLICATE_MSB_TO_ALL_8(c);
-}
-
-/* ssl3_cbc_remove_padding removes the CBC padding from the decrypted, TLS, CBC
- * record in |rec| in constant time and returns 1 if the padding is valid and
- * -1 otherwise. It also removes any explicit IV from the start of the record
- * without leaking any timing about whether there was enough space after the
- * padding was removed.
- *
- * block_size: the block size of the cipher used to encrypt the record.
- * returns:
- *   0: (in non-constant time) if the record is publicly invalid.
- *   1: if the padding was valid
- *  -1: otherwise. */
-int
-ssl3_cbc_remove_padding(SSL3_RECORD_INTERNAL *rec, unsigned int eiv_len,
-    unsigned int mac_size)
-{
-        unsigned int padding_length, good, to_check, i;
-        const unsigned int overhead = 1 /* padding length byte */ + mac_size;
-
-        /*
-         * These lengths are all public so we can test them in
-         * non-constant time.
-         */
-        if (overhead + eiv_len > rec->length)
-                return 0;
-
-        /* We can now safely skip explicit IV, if any. */
-        rec->data += eiv_len;
-        rec->input += eiv_len;
-        rec->length -= eiv_len;
-
-        padding_length = rec->data[rec->length - 1];
-
-        good = constant_time_ge(rec->length, overhead + padding_length);
-        /* The padding consists of a length byte at the end of the record and
-         * then that many bytes of padding, all with the same value as the
-         * length byte. Thus, with the length byte included, there are i+1
-         * bytes of padding.
-         *
-         * We can't check just |padding_length+1| bytes because that leaks
-         * decrypted information. Therefore we always have to check the maximum
-         * amount of padding possible. (Again, the length of the record is
-         * public information so we can use it.) */
-        to_check = 256; /* maximum amount of padding, inc length byte. */
-        if (to_check > rec->length)
-                to_check = rec->length;
-
-        for (i = 0; i < to_check; i++) {
-                unsigned char mask = constant_time_ge(padding_length, i);
-                unsigned char b = rec->data[rec->length - 1 - i];
-                /* The final |padding_length+1| bytes should all have the value
-                 * |padding_length|. Therefore the XOR should be zero. */
-                good &= ~(mask&(padding_length ^ b));
-        }
-
-        /* If any of the final |padding_length+1| bytes had the wrong value,
-         * one or more of the lower eight bits of |good| will be cleared. We
-         * AND the bottom 8 bits together and duplicate the result to all the
-         * bits. */
-        good &= good >> 4;
-        good &= good >> 2;
-        good &= good >> 1;
-        good <<= sizeof(good)*8 - 1;
-        good = DUPLICATE_MSB_TO_ALL(good);
-
-        padding_length = good & (padding_length + 1);
-        rec->length -= padding_length;
-        rec->padding_length = padding_length;
-
-        return (int)((good & 1) | (~good & -1));
-}
-
-/* ssl3_cbc_copy_mac copies |md_size| bytes from the end of |rec| to |out| in
- * constant time (independent of the concrete value of rec->length, which may
- * vary within a 256-byte window).
- *
- * ssl3_cbc_remove_padding or tls1_cbc_remove_padding must be called prior to
- * this function.
- *
- * On entry:
- *   rec->orig_len >= md_size
- *   md_size <= EVP_MAX_MD_SIZE
- *
- * If CBC_MAC_ROTATE_IN_PLACE is defined then the rotation is performed with
- * variable accesses in a 64-byte-aligned buffer. Assuming that this fits into
- * a single or pair of cache-lines, then the variable memory accesses don't
- * actually affect the timing. CPUs with smaller cache-lines [if any] are
- * not multi-core and are not considered vulnerable to cache-timing attacks.
- */
-#define CBC_MAC_ROTATE_IN_PLACE
-
-void
-ssl3_cbc_copy_mac(unsigned char* out, const SSL3_RECORD_INTERNAL *rec,
-    unsigned int md_size, unsigned int orig_len)
-{
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-        unsigned char rotated_mac_buf[64 + EVP_MAX_MD_SIZE];
-        unsigned char *rotated_mac;
-#else
-        unsigned char rotated_mac[EVP_MAX_MD_SIZE];
-#endif
-
-        /* mac_end is the index of |rec->data| just after the end of the MAC. */
-        unsigned int mac_end = rec->length;
-        unsigned int mac_start = mac_end - md_size;
-        /* scan_start contains the number of bytes that we can ignore because
-         * the MAC's position can only vary by 255 bytes. */
-        unsigned int scan_start = 0;
-        unsigned int i, j;
-        unsigned int div_spoiler;
-        unsigned int rotate_offset;
-
-        OPENSSL_assert(orig_len >= md_size);
-        OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-        rotated_mac = rotated_mac_buf + ((0 - (size_t)rotated_mac_buf)&63);
-#endif
-
-        /* This information is public so it's safe to branch based on it. */
-        if (orig_len > md_size + 255 + 1)
-                scan_start = orig_len - (md_size + 255 + 1);
-        /* div_spoiler contains a multiple of md_size that is used to cause the
-         * modulo operation to be constant time. Without this, the time varies
-         * based on the amount of padding when running on Intel chips at least.
-         *
-         * The aim of right-shifting md_size is so that the compiler doesn't
-         * figure out that it can remove div_spoiler as that would require it
-         * to prove that md_size is always even, which I hope is beyond it. */
-        div_spoiler = md_size >> 1;
-        div_spoiler <<= (sizeof(div_spoiler) - 1) * 8;
-        rotate_offset = (div_spoiler + mac_start - scan_start) % md_size;
-
-        memset(rotated_mac, 0, md_size);
-        for (i = scan_start, j = 0; i < orig_len; i++) {
-                unsigned char mac_started = constant_time_ge(i, mac_start);
-                unsigned char mac_ended = constant_time_ge(i, mac_end);
-                unsigned char b = rec->data[i];
-                rotated_mac[j++] |= b & mac_started & ~mac_ended;
-                j &= constant_time_lt(j, md_size);
-        }
-
-        /* Now rotate the MAC */
-#if defined(CBC_MAC_ROTATE_IN_PLACE)
-        j = 0;
-        for (i = 0; i < md_size; i++) {
-                /* in case cache-line is 32 bytes, touch second line */
-                ((volatile unsigned char *)rotated_mac)[rotate_offset^32];
-                out[j++] = rotated_mac[rotate_offset++];
-                rotate_offset &= constant_time_lt(rotate_offset, md_size);
-        }
-#else
-        memset(out, 0, md_size);
-        rotate_offset = md_size - rotate_offset;
-        rotate_offset &= constant_time_lt(rotate_offset, md_size);
-        for (i = 0; i < md_size; i++) {
-                for (j = 0; j < md_size; j++)
-                        out[j] |= rotated_mac[i] & constant_time_eq_8(j, rotate_offset);
-                rotate_offset++;
-                rotate_offset &= constant_time_lt(rotate_offset, md_size);
-        }
-#endif
-}
-
-#define l2n(l,c)        (*((c)++)=(unsigned char)(((l)>>24)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)    )&0xff))
-
-#define l2n8(l,c)       (*((c)++)=(unsigned char)(((l)>>56)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>48)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>40)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>32)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>24)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>>16)&0xff), \
-                         *((c)++)=(unsigned char)(((l)>> 8)&0xff), \
-                         *((c)++)=(unsigned char)(((l)    )&0xff))
-
-/* u32toLE serialises an unsigned, 32-bit number (n) as four bytes at (p) in
- * little-endian order. The value of p is advanced by four. */
-#define u32toLE(n, p) \
-        (*((p)++)=(unsigned char)(n), \
-         *((p)++)=(unsigned char)(n>>8), \
-         *((p)++)=(unsigned char)(n>>16), \
-         *((p)++)=(unsigned char)(n>>24))
-
-/* These functions serialize the state of a hash and thus perform the standard
- * "final" operation without adding the padding and length that such a function
- * typically does. */
-static void
-tls1_md5_final_raw(void* ctx, unsigned char *md_out)
-{
-        MD5_CTX *md5 = ctx;
-        u32toLE(md5->A, md_out);
-        u32toLE(md5->B, md_out);
-        u32toLE(md5->C, md_out);
-        u32toLE(md5->D, md_out);
-}
-
-static void
-tls1_sha1_final_raw(void* ctx, unsigned char *md_out)
-{
-        SHA_CTX *sha1 = ctx;
-        l2n(sha1->h0, md_out);
-        l2n(sha1->h1, md_out);
-        l2n(sha1->h2, md_out);
-        l2n(sha1->h3, md_out);
-        l2n(sha1->h4, md_out);
-}
-
-static void
-tls1_sha256_final_raw(void* ctx, unsigned char *md_out)
-{
-        SHA256_CTX *sha256 = ctx;
-        unsigned int i;
-
-        for (i = 0; i < 8; i++) {
-                l2n(sha256->h[i], md_out);
-        }
-}
-
-static void
-tls1_sha512_final_raw(void* ctx, unsigned char *md_out)
-{
-        SHA512_CTX *sha512 = ctx;
-        unsigned int i;
-
-        for (i = 0; i < 8; i++) {
-                l2n8(sha512->h[i], md_out);
-        }
-}
-
-/* Largest hash context ever used by the functions above. */
-#define LARGEST_DIGEST_CTX SHA512_CTX
-
-/* Type giving the alignment needed by the above */
-#define LARGEST_DIGEST_CTX_ALIGNMENT SHA_LONG64
-
-/* ssl3_cbc_record_digest_supported returns 1 iff |ctx| uses a hash function
- * which ssl3_cbc_digest_record supports. */
-char
-ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx)
-{
-        switch (EVP_MD_CTX_type(ctx)) {
-        case NID_md5:
-        case NID_sha1:
-        case NID_sha224:
-        case NID_sha256:
-        case NID_sha384:
-        case NID_sha512:
-                return 1;
-        default:
-                return 0;
-        }
-}
-
-/* ssl3_cbc_digest_record computes the MAC of a decrypted, padded TLS
- * record.
- *
- *   ctx: the EVP_MD_CTX from which we take the hash function.
- *     ssl3_cbc_record_digest_supported must return true for this EVP_MD_CTX.
- *   md_out: the digest output. At most EVP_MAX_MD_SIZE bytes will be written.
- *   md_out_size: if non-NULL, the number of output bytes is written here.
- *   header: the 13-byte, TLS record header.
- *   data: the record data itself, less any preceeding explicit IV.
- *   data_plus_mac_size: the secret, reported length of the data and MAC
- *     once the padding has been removed.
- *   data_plus_mac_plus_padding_size: the public length of the whole
- *     record, including padding.
- *
- * On entry: by virtue of having been through one of the remove_padding
- * functions, above, we know that data_plus_mac_size is large enough to contain
- * a padding byte and MAC. (If the padding was invalid, it might contain the
- * padding too. )
- */
-int
-ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char* md_out,
-    size_t* md_out_size, const unsigned char header[13],
-    const unsigned char *data, size_t data_plus_mac_size,
-    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-    unsigned int mac_secret_length)
-{
-        union {
-                /*
-                 * Alignment here is to allow this to be cast as SHA512_CTX
-                 * without losing alignment required by the 64-bit SHA_LONG64
-                 * integer it contains.
-                 */
-                LARGEST_DIGEST_CTX_ALIGNMENT align;
-                unsigned char c[sizeof(LARGEST_DIGEST_CTX)];
-        } md_state;
-        void (*md_final_raw)(void *ctx, unsigned char *md_out);
-        void (*md_transform)(void *ctx, const unsigned char *block);
-        unsigned int md_size, md_block_size = 64;
-        unsigned int header_length, variance_blocks,
-        len, max_mac_bytes, num_blocks,
-        num_starting_blocks, k, mac_end_offset, c, index_a, index_b;
-        unsigned int bits;      /* at most 18 bits */
-        unsigned char length_bytes[MAX_HASH_BIT_COUNT_BYTES];
-        /* hmac_pad is the masked HMAC key. */
-        unsigned char hmac_pad[MAX_HASH_BLOCK_SIZE];
-        unsigned char first_block[MAX_HASH_BLOCK_SIZE];
-        unsigned char mac_out[EVP_MAX_MD_SIZE];
-        unsigned int i, j, md_out_size_u;
-        EVP_MD_CTX *md_ctx;
-        /* mdLengthSize is the number of bytes in the length field that terminates
-        * the hash. */
-        unsigned int md_length_size = 8;
-        char length_is_big_endian = 1;
-
-        /* This is a, hopefully redundant, check that allows us to forget about
-         * many possible overflows later in this function. */
-        OPENSSL_assert(data_plus_mac_plus_padding_size < 1024*1024);
-
-        switch (EVP_MD_CTX_type(ctx)) {
-        case NID_md5:
-                MD5_Init((MD5_CTX*)md_state.c);
-                md_final_raw = tls1_md5_final_raw;
-                md_transform = (void(*)(void *ctx, const unsigned char *block)) MD5_Transform;
-                md_size = 16;
-                length_is_big_endian = 0;
-                break;
-        case NID_sha1:
-                SHA1_Init((SHA_CTX*)md_state.c);
-                md_final_raw = tls1_sha1_final_raw;
-                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA1_Transform;
-                md_size = 20;
-                break;
-        case NID_sha224:
-                SHA224_Init((SHA256_CTX*)md_state.c);
-                md_final_raw = tls1_sha256_final_raw;
-                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
-                md_size = 224/8;
-                break;
-        case NID_sha256:
-                SHA256_Init((SHA256_CTX*)md_state.c);
-                md_final_raw = tls1_sha256_final_raw;
-                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA256_Transform;
-                md_size = 32;
-                break;
-        case NID_sha384:
-                SHA384_Init((SHA512_CTX*)md_state.c);
-                md_final_raw = tls1_sha512_final_raw;
-                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
-                md_size = 384/8;
-                md_block_size = 128;
-                md_length_size = 16;
-                break;
-        case NID_sha512:
-                SHA512_Init((SHA512_CTX*)md_state.c);
-                md_final_raw = tls1_sha512_final_raw;
-                md_transform = (void(*)(void *ctx, const unsigned char *block)) SHA512_Transform;
-                md_size = 64;
-                md_block_size = 128;
-                md_length_size = 16;
-                break;
-        default:
-                /* ssl3_cbc_record_digest_supported should have been
-                 * called first to check that the hash function is
-                 * supported. */
-                OPENSSL_assert(0);
-                if (md_out_size)
-                        *md_out_size = 0;
-                return 0;
-        }
-
-        OPENSSL_assert(md_length_size <= MAX_HASH_BIT_COUNT_BYTES);
-        OPENSSL_assert(md_block_size <= MAX_HASH_BLOCK_SIZE);
-        OPENSSL_assert(md_size <= EVP_MAX_MD_SIZE);
-
-        header_length = 13;
-
-        /* variance_blocks is the number of blocks of the hash that we have to
-         * calculate in constant time because they could be altered by the
-         * padding value.
-         *
-         * TLSv1 has MACs up to 48 bytes long (SHA-384) and the padding is not
-         * required to be minimal. Therefore we say that the final six blocks
-         * can vary based on the padding.
-         *
-         * Later in the function, if the message is short and there obviously
-         * cannot be this many blocks then variance_blocks can be reduced. */
-        variance_blocks = 6;
-        /* From now on we're dealing with the MAC, which conceptually has 13
-         * bytes of `header' before the start of the data (TLS) */
-        len = data_plus_mac_plus_padding_size + header_length;
-        /* max_mac_bytes contains the maximum bytes of bytes in the MAC, including
-        * |header|, assuming that there's no padding. */
-        max_mac_bytes = len - md_size - 1;
-        /* num_blocks is the maximum number of hash blocks. */
-        num_blocks = (max_mac_bytes + 1 + md_length_size + md_block_size - 1) / md_block_size;
-        /* In order to calculate the MAC in constant time we have to handle
-         * the final blocks specially because the padding value could cause the
-         * end to appear somewhere in the final |variance_blocks| blocks and we
-         * can't leak where. However, |num_starting_blocks| worth of data can
-         * be hashed right away because no padding value can affect whether
-         * they are plaintext. */
-        num_starting_blocks = 0;
-        /* k is the starting byte offset into the conceptual header||data where
-         * we start processing. */
-        k = 0;
-        /* mac_end_offset is the index just past the end of the data to be
-         * MACed. */
-        mac_end_offset = data_plus_mac_size + header_length - md_size;
-        /* c is the index of the 0x80 byte in the final hash block that
-         * contains application data. */
-        c = mac_end_offset % md_block_size;
-        /* index_a is the hash block number that contains the 0x80 terminating
-         * value. */
-        index_a = mac_end_offset / md_block_size;
-        /* index_b is the hash block number that contains the 64-bit hash
-         * length, in bits. */
-        index_b = (mac_end_offset + md_length_size) / md_block_size;
-        /* bits is the hash-length in bits. It includes the additional hash
-         * block for the masked HMAC key. */
-
-        if (num_blocks > variance_blocks) {
-                num_starting_blocks = num_blocks - variance_blocks;
-                k = md_block_size*num_starting_blocks;
-        }
-
-        bits = 8*mac_end_offset;
-        /* Compute the initial HMAC block. */
-        bits += 8*md_block_size;
-        memset(hmac_pad, 0, md_block_size);
-        OPENSSL_assert(mac_secret_length <= sizeof(hmac_pad));
-        memcpy(hmac_pad, mac_secret, mac_secret_length);
-        for (i = 0; i < md_block_size; i++)
-                hmac_pad[i] ^= 0x36;
-
-        md_transform(md_state.c, hmac_pad);
-
-        if (length_is_big_endian) {
-                memset(length_bytes, 0, md_length_size - 4);
-                length_bytes[md_length_size - 4] = (unsigned char)(bits >> 24);
-                length_bytes[md_length_size - 3] = (unsigned char)(bits >> 16);
-                length_bytes[md_length_size - 2] = (unsigned char)(bits >> 8);
-                length_bytes[md_length_size - 1] = (unsigned char)bits;
-        } else {
-                memset(length_bytes, 0, md_length_size);
-                length_bytes[md_length_size - 5] = (unsigned char)(bits >> 24);
-                length_bytes[md_length_size - 6] = (unsigned char)(bits >> 16);
-                length_bytes[md_length_size - 7] = (unsigned char)(bits >> 8);
-                length_bytes[md_length_size - 8] = (unsigned char)bits;
-        }
-
-        if (k > 0) {
-                /* k is a multiple of md_block_size. */
-                memcpy(first_block, header, 13);
-                memcpy(first_block + 13, data, md_block_size - 13);
-                md_transform(md_state.c, first_block);
-                for (i = 1; i < k/md_block_size; i++)
-                        md_transform(md_state.c, data + md_block_size*i - 13);
-        }
-
-        memset(mac_out, 0, sizeof(mac_out));
-
-        /* We now process the final hash blocks. For each block, we construct
-         * it in constant time. If the |i==index_a| then we'll include the 0x80
-         * bytes and zero pad etc. For each block we selectively copy it, in
-         * constant time, to |mac_out|. */
-        for (i = num_starting_blocks; i <= num_starting_blocks + variance_blocks; i++) {
-                unsigned char block[MAX_HASH_BLOCK_SIZE];
-                unsigned char is_block_a = constant_time_eq_8(i, index_a);
-                unsigned char is_block_b = constant_time_eq_8(i, index_b);
-                for (j = 0; j < md_block_size; j++) {
-                        unsigned char b = 0, is_past_c, is_past_cp1;
-                        if (k < header_length)
-                                b = header[k];
-                        else if (k < data_plus_mac_plus_padding_size + header_length)
-                                b = data[k - header_length];
-                        k++;
-
-                        is_past_c = is_block_a & constant_time_ge(j, c);
-                        is_past_cp1 = is_block_a & constant_time_ge(j, c + 1);
-                        /* If this is the block containing the end of the
-                         * application data, and we are at the offset for the
-                         * 0x80 value, then overwrite b with 0x80. */
-                        b = (b&~is_past_c) | (0x80&is_past_c);
-                        /* If this is the block containing the end of the
-                         * application data and we're past the 0x80 value then
-                         * just write zero. */
-                        b = b&~is_past_cp1;
-                        /* If this is index_b (the final block), but not
-                         * index_a (the end of the data), then the 64-bit
-                         * length didn't fit into index_a and we're having to
-                         * add an extra block of zeros. */
-                        b &= ~is_block_b | is_block_a;
-
-                        /* The final bytes of one of the blocks contains the
-                         * length. */
-                        if (j >= md_block_size - md_length_size) {
-                                /* If this is index_b, write a length byte. */
-                                b = (b&~is_block_b) | (is_block_b&length_bytes[j - (md_block_size - md_length_size)]);
-                        }
-                        block[j] = b;
-                }
-
-                md_transform(md_state.c, block);
-                md_final_raw(md_state.c, block);
-                /* If this is index_b, copy the hash value to |mac_out|. */
-                for (j = 0; j < md_size; j++)
-                        mac_out[j] |= block[j]&is_block_b;
-        }
-
-        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
-                return 0;
-        if (!EVP_DigestInit_ex(md_ctx, EVP_MD_CTX_md(ctx), NULL /* engine */)) {
-                EVP_MD_CTX_free(md_ctx);
-                return 0;
-        }
-
-        /* Complete the HMAC in the standard manner. */
-        for (i = 0; i < md_block_size; i++)
-                hmac_pad[i] ^= 0x6a;
-
-        EVP_DigestUpdate(md_ctx, hmac_pad, md_block_size);
-        EVP_DigestUpdate(md_ctx, mac_out, md_size);
-
-        EVP_DigestFinal(md_ctx, md_out, &md_out_size_u);
-        if (md_out_size)
-                *md_out_size = md_out_size_u;
-        EVP_MD_CTX_free(md_ctx);
-
-        return 1;
-}
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
deleted file mode 100644
index 86b32aec15..0000000000
--- a/src/lib/libssl/s3_lib.c
+++ /dev/null
@@ -1,2534 +0,0 @@
-/* $OpenBSD: s3_lib.c,v 1.257 2024/07/23 14:40:53 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <stdlib.h>
-
-#include <openssl/bn.h>
-#include <openssl/curve25519.h>
-#include <openssl/dh.h>
-#include <openssl/md5.h>
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-#include "tls_content.h"
-
-#define SSL3_NUM_CIPHERS        (sizeof(ssl3_ciphers) / sizeof(SSL_CIPHER))
-
-/* list of available SSLv3 ciphers (sorted by id) */
-const SSL_CIPHER ssl3_ciphers[] = {
-
-        /*
-         * SSLv3 RSA cipher suites (RFC 6101, appendix A.6).
-         */
-        {
-                .value = 0x0001,
-                .name = SSL3_TXT_RSA_NULL_MD5,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_MD5,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 0,
-                .alg_bits = 0,
-        },
-        {
-                .value = 0x0002,
-                .name = SSL3_TXT_RSA_NULL_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 0,
-                .alg_bits = 0,
-        },
-        {
-                .value = 0x0004,
-                .name = SSL3_TXT_RSA_RC4_128_MD5,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_MD5,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x0005,
-                .name = SSL3_TXT_RSA_RC4_128_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x000a,
-                .name = SSL3_TXT_RSA_DES_192_CBC3_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-
-        /*
-         * SSLv3 DHE cipher suites (RFC 6101, appendix A.6).
-         */
-        {
-                .value = 0x0016,
-                .name = SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-        {
-                .value = 0x0018,
-                .name = SSL3_TXT_ADH_RC4_128_MD5,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_MD5,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x001b,
-                .name = SSL3_TXT_ADH_DES_192_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_SSLV3,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-
-        /*
-         * TLSv1.0 AES cipher suites (RFC 3268).
-         */
-        {
-                .value = 0x002f,
-                .name = TLS1_TXT_RSA_WITH_AES_128_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x0033,
-                .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x0034,
-                .name = TLS1_TXT_ADH_WITH_AES_128_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x0035,
-                .name = TLS1_TXT_RSA_WITH_AES_256_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x0039,
-                .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x003a,
-                .name = TLS1_TXT_ADH_WITH_AES_256_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-        /*
-         * TLSv1.2 RSA cipher suites (RFC 5246, appendix A.5).
-         */
-        {
-                .value = 0x003b,
-                .name = TLS1_TXT_RSA_WITH_NULL_SHA256,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 0,
-                .alg_bits = 0,
-        },
-        {
-                .value = 0x003c,
-                .name = TLS1_TXT_RSA_WITH_AES_128_SHA256,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x003d,
-                .name = TLS1_TXT_RSA_WITH_AES_256_SHA256,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-#ifndef OPENSSL_NO_CAMELLIA
-        /*
-         * TLSv1.0 Camellia 128 bit cipher suites (RFC 4132).
-         */
-        {
-                .value = 0x0041,
-                .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x0045,
-                .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x0046,
-                .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-        /*
-         * TLSv1.2 DHE cipher suites (RFC 5246, appendix A.5).
-         */
-        {
-                .value = 0x0067,
-                .name = TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x006b,
-                .name = TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x006c,
-                .name = TLS1_TXT_ADH_WITH_AES_128_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x006d,
-                .name = TLS1_TXT_ADH_WITH_AES_256_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-#ifndef OPENSSL_NO_CAMELLIA
-        /*
-         * TLSv1.0 Camellia 256 bit cipher suites (RFC 4132).
-         */
-        {
-                .value = 0x0084,
-                .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x0088,
-                .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x0089,
-                .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-        /*
-         * TLSv1.2 AES GCM cipher suites (RFC 5288).
-         */
-        {
-                .value = 0x009c,
-                .name = TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x009d,
-                .name = TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x009e,
-                .name = TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x009f,
-                .name = TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x00a6,
-                .name = TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x00a7,
-                .name = TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-#ifndef OPENSSL_NO_CAMELLIA
-        /*
-         * TLSv1.2 Camellia SHA-256 cipher suites (RFC 5932).
-         */
-        {
-                .value = 0x00ba,
-                .name = TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x000be,
-                .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x00bf,
-                .name = TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_CAMELLIA128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x00c0,
-                .name = TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x00c4,
-                .name = TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x00c5,
-                .name = TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_CAMELLIA256,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-#endif /* OPENSSL_NO_CAMELLIA */
-
-#ifdef LIBRESSL_HAS_TLS1_3
-        /*
-         * TLSv1.3 cipher suites (RFC 8446).
-         */
-        {
-                .value = 0x1301,
-                .name = TLS1_3_RFC_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kTLS1_3,
-                .algorithm_auth = SSL_aTLS1_3,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_3,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0x1302,
-                .name = TLS1_3_RFC_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kTLS1_3,
-                .algorithm_auth = SSL_aTLS1_3,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_3,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384, /* XXX */
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0x1303,
-                .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
-                .algorithm_mkey = SSL_kTLS1_3,
-                .algorithm_auth = SSL_aTLS1_3,
-                .algorithm_enc = SSL_CHACHA20POLY1305,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_3,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256, /* XXX */
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-#endif
-
-        /*
-         * TLSv1.0 Elliptic Curve cipher suites (RFC 4492, section 6).
-         */
-        {
-                .value = 0xc006,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 0,
-                .alg_bits = 0,
-        },
-        {
-                .value = 0xc007,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc008,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-        {
-                .value = 0xc009,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc00a,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0xc010,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 0,
-                .alg_bits = 0,
-        },
-        {
-                .value = 0xc011,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc012,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-        {
-                .value = 0xc013,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc014,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0xc015,
-                .name = TLS1_TXT_ECDH_anon_WITH_NULL_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_eNULL,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_STRONG_NONE,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 0,
-                .alg_bits = 0,
-        },
-        {
-                .value = 0xc016,
-                .name = TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_RC4,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_LOW,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc017,
-                .name = TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_3DES,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_MEDIUM,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 112,
-                .alg_bits = 168,
-        },
-        {
-                .value = 0xc018,
-                .name = TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc019,
-                .name = TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA1,
-                .algorithm_ssl = SSL_TLSV1,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-        /*
-         * TLSv1.2 Elliptic Curve HMAC cipher suites (RFC 5289, section 3.1).
-         */
-        {
-                .value = 0xc023,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc024,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA384,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0xc027,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128,
-                .algorithm_mac = SSL_SHA256,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc028,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256,
-                .algorithm_mac = SSL_SHA384,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-        /*
-         * TLSv1.2 Elliptic Curve GCM cipher suites (RFC 5289, section 3.2).
-         */
-        {
-                .value = 0xc02b,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc02c,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0xc02f,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES128GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 128,
-                .alg_bits = 128,
-        },
-        {
-                .value = 0xc030,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_AES256GCM,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA384,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-
-        /*
-         * TLSv1.2 ChaCha20-Poly1305 cipher suites (RFC 7905).
-         */
-        {
-                .value = 0xcca8,
-                .name = TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CHACHA20POLY1305,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0xcca9,
-                .name = TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aECDSA,
-                .algorithm_enc = SSL_CHACHA20POLY1305,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-        {
-                .value = 0xccaa,
-                .name = TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aRSA,
-                .algorithm_enc = SSL_CHACHA20POLY1305,
-                .algorithm_mac = SSL_AEAD,
-                .algorithm_ssl = SSL_TLSV1_2,
-                .algo_strength = SSL_HIGH,
-                .algorithm2 = SSL_HANDSHAKE_MAC_SHA256,
-                .strength_bits = 256,
-                .alg_bits = 256,
-        },
-};
-
-int
-ssl3_num_ciphers(void)
-{
-        return (SSL3_NUM_CIPHERS);
-}
-
-const SSL_CIPHER *
-ssl3_get_cipher_by_index(int idx)
-{
-        if (idx < 0 || idx >= SSL3_NUM_CIPHERS)
-                return NULL;
-
-        return &ssl3_ciphers[idx];
-}
-
-static int
-ssl3_cipher_value_cmp(const void *value, const void *cipher)
-{
-        uint16_t a = *(const uint16_t *)value;
-        uint16_t b = ((const SSL_CIPHER *)cipher)->value;
-
-        return a < b ? -1 : a > b;
-}
-
-const SSL_CIPHER *
-ssl3_get_cipher_by_value(uint16_t value)
-{
-        return bsearch(&value, ssl3_ciphers, SSL3_NUM_CIPHERS,
-            sizeof(ssl3_ciphers[0]), ssl3_cipher_value_cmp);
-}
-
-int
-ssl3_pending(const SSL *s)
-{
-        if (s->s3->rcontent == NULL)
-                return 0;
-        if (tls_content_type(s->s3->rcontent) != SSL3_RT_APPLICATION_DATA)
-                return 0;
-
-        return tls_content_remaining(s->s3->rcontent);
-}
-
-int
-ssl3_handshake_msg_hdr_len(SSL *s)
-{
-        return (SSL_is_dtls(s) ? DTLS1_HM_HEADER_LENGTH :
-            SSL3_HM_HEADER_LENGTH);
-}
-
-int
-ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body, uint8_t msg_type)
-{
-        int ret = 0;
-
-        if (!CBB_init(handshake, SSL3_RT_MAX_PLAIN_LENGTH))
-                goto err;
-        if (!CBB_add_u8(handshake, msg_type))
-                goto err;
-        if (SSL_is_dtls(s)) {
-                unsigned char *data;
-
-                if (!CBB_add_space(handshake, &data, DTLS1_HM_HEADER_LENGTH -
-                    SSL3_HM_HEADER_LENGTH))
-                        goto err;
-        }
-        if (!CBB_add_u24_length_prefixed(handshake, body))
-                goto err;
-
-        ret = 1;
-
- err:
-        return (ret);
-}
-
-int
-ssl3_handshake_msg_finish(SSL *s, CBB *handshake)
-{
-        unsigned char *data = NULL;
-        size_t outlen;
-        int ret = 0;
-
-        if (!CBB_finish(handshake, &data, &outlen))
-                goto err;
-
-        if (outlen > INT_MAX)
-                goto err;
-
-        if (!BUF_MEM_grow_clean(s->init_buf, outlen))
-                goto err;
-
-        memcpy(s->init_buf->data, data, outlen);
-
-        s->init_num = (int)outlen;
-        s->init_off = 0;
-
-        if (SSL_is_dtls(s)) {
-                unsigned long len;
-                uint8_t msg_type;
-                CBS cbs;
-
-                CBS_init(&cbs, data, outlen);
-                if (!CBS_get_u8(&cbs, &msg_type))
-                        goto err;
-
-                len = outlen - ssl3_handshake_msg_hdr_len(s);
-
-                dtls1_set_message_header(s, msg_type, len, 0, len);
-                dtls1_buffer_message(s, 0);
-        }
-
-        ret = 1;
-
- err:
-        free(data);
-
-        return (ret);
-}
-
-int
-ssl3_handshake_write(SSL *s)
-{
-        return ssl3_record_write(s, SSL3_RT_HANDSHAKE);
-}
-
-int
-ssl3_record_write(SSL *s, int type)
-{
-        if (SSL_is_dtls(s))
-                return dtls1_do_write(s, type);
-
-        return ssl3_do_write(s, type);
-}
-
-int
-ssl3_new(SSL *s)
-{
-        if ((s->s3 = calloc(1, sizeof(*s->s3))) == NULL)
-                return (0);
-
-        s->method->ssl_clear(s);
-
-        return (1);
-}
-
-void
-ssl3_free(SSL *s)
-{
-        if (s == NULL)
-                return;
-
-        tls1_cleanup_key_block(s);
-        ssl3_release_read_buffer(s);
-        ssl3_release_write_buffer(s);
-
-        tls_content_free(s->s3->rcontent);
-
-        tls_buffer_free(s->s3->alert_fragment);
-        tls_buffer_free(s->s3->handshake_fragment);
-
-        freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
-
-        sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-        sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
-        sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
-        sk_X509_pop_free(s->s3->hs.verified_chain, X509_free);
-        tls_key_share_free(s->s3->hs.key_share);
-
-        tls13_secrets_destroy(s->s3->hs.tls13.secrets);
-        freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
-        tls13_clienthello_hash_clear(&s->s3->hs.tls13);
-
-        tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
-
-        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-
-        tls1_transcript_free(s);
-        tls1_transcript_hash_free(s);
-
-        free(s->s3->alpn_selected);
-
-        freezero(s->s3->peer_quic_transport_params,
-            s->s3->peer_quic_transport_params_len);
-
-        freezero(s->s3, sizeof(*s->s3));
-
-        s->s3 = NULL;
-}
-
-void
-ssl3_clear(SSL *s)
-{
-        unsigned char *rp, *wp;
-        size_t rlen, wlen;
-
-        tls1_cleanup_key_block(s);
-        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-
-        tls_buffer_free(s->s3->alert_fragment);
-        s->s3->alert_fragment = NULL;
-        tls_buffer_free(s->s3->handshake_fragment);
-        s->s3->handshake_fragment = NULL;
-
-        freezero(s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
-        s->s3->hs.sigalgs = NULL;
-        s->s3->hs.sigalgs_len = 0;
-
-        sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-        s->s3->hs.client_ciphers = NULL;
-        sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
-        s->s3->hs.peer_certs = NULL;
-        sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
-        s->s3->hs.peer_certs_no_leaf = NULL;
-        sk_X509_pop_free(s->s3->hs.verified_chain, X509_free);
-        s->s3->hs.verified_chain = NULL;
-
-        tls_key_share_free(s->s3->hs.key_share);
-        s->s3->hs.key_share = NULL;
-
-        tls13_secrets_destroy(s->s3->hs.tls13.secrets);
-        s->s3->hs.tls13.secrets = NULL;
-        freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
-        s->s3->hs.tls13.cookie = NULL;
-        s->s3->hs.tls13.cookie_len = 0;
-        tls13_clienthello_hash_clear(&s->s3->hs.tls13);
-
-        tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
-        s->s3->hs.tls13.quic_read_buffer = NULL;
-        s->s3->hs.tls13.quic_read_level = ssl_encryption_initial;
-        s->s3->hs.tls13.quic_write_level = ssl_encryption_initial;
-
-        s->s3->hs.extensions_seen = 0;
-
-        rp = s->s3->rbuf.buf;
-        wp = s->s3->wbuf.buf;
-        rlen = s->s3->rbuf.len;
-        wlen = s->s3->wbuf.len;
-
-        tls_content_free(s->s3->rcontent);
-        s->s3->rcontent = NULL;
-
-        tls1_transcript_free(s);
-        tls1_transcript_hash_free(s);
-
-        free(s->s3->alpn_selected);
-        s->s3->alpn_selected = NULL;
-        s->s3->alpn_selected_len = 0;
-
-        freezero(s->s3->peer_quic_transport_params,
-            s->s3->peer_quic_transport_params_len);
-        s->s3->peer_quic_transport_params = NULL;
-        s->s3->peer_quic_transport_params_len = 0;
-
-        memset(s->s3, 0, sizeof(*s->s3));
-
-        s->s3->rbuf.buf = rp;
-        s->s3->wbuf.buf = wp;
-        s->s3->rbuf.len = rlen;
-        s->s3->wbuf.len = wlen;
-
-        ssl_free_wbio_buffer(s);
-
-        /* Not needed... */
-        s->s3->renegotiate = 0;
-        s->s3->total_renegotiations = 0;
-        s->s3->num_renegotiations = 0;
-        s->s3->in_read_app_data = 0;
-
-        s->packet_length = 0;
-        s->version = TLS1_2_VERSION;
-
-        s->s3->hs.state = SSL_ST_BEFORE|((s->server) ? SSL_ST_ACCEPT : SSL_ST_CONNECT);
-}
-
-long
-_SSL_get_shared_group(SSL *s, long n)
-{
-        size_t count;
-        int nid;
-
-        /* OpenSSL document that they return -1 for clients. They return 0. */
-        if (!s->server)
-                return 0;
-
-        if (n == -1) {
-                if (!tls1_count_shared_groups(s, &count))
-                        return 0;
-
-                if (count > LONG_MAX)
-                        count = LONG_MAX;
-
-                return count;
-        }
-
-        /* Undocumented special case added for Suite B profile support. */
-        if (n == -2)
-                n = 0;
-
-        if (n < 0)
-                return 0;
-
-        if (!tls1_get_shared_group_by_index(s, n, &nid))
-                return NID_undef;
-
-        return nid;
-}
-
-long
-_SSL_get_peer_tmp_key(SSL *s, EVP_PKEY **key)
-{
-        EVP_PKEY *pkey = NULL;
-        int ret = 0;
-
-        *key = NULL;
-
-        if (s->s3->hs.key_share == NULL)
-                goto err;
-
-        if ((pkey = EVP_PKEY_new()) == NULL)
-                goto err;
-        if (!tls_key_share_peer_pkey(s->s3->hs.key_share, pkey))
-                goto err;
-
-        *key = pkey;
-        pkey = NULL;
-
-        ret = 1;
-
- err:
-        EVP_PKEY_free(pkey);
-
-        return (ret);
-}
-
-static int
-_SSL_session_reused(SSL *s)
-{
-        return s->hit;
-}
-
-static int
-_SSL_num_renegotiations(SSL *s)
-{
-        return s->s3->num_renegotiations;
-}
-
-static int
-_SSL_clear_num_renegotiations(SSL *s)
-{
-        int renegs;
-
-        renegs = s->s3->num_renegotiations;
-        s->s3->num_renegotiations = 0;
-
-        return renegs;
-}
-
-static int
-_SSL_total_renegotiations(SSL *s)
-{
-        return s->s3->total_renegotiations;
-}
-
-static int
-_SSL_set_tmp_dh(SSL *s, DH *dh)
-{
-        DH *dhe_params;
-
-        if (dh == NULL) {
-                SSLerror(s, ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-
-        if (!ssl_security_dh(s, dh)) {
-                SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
-                return 0;
-        }
-
-        if ((dhe_params = DHparams_dup(dh)) == NULL) {
-                SSLerror(s, ERR_R_DH_LIB);
-                return 0;
-        }
-
-        DH_free(s->cert->dhe_params);
-        s->cert->dhe_params = dhe_params;
-
-        return 1;
-}
-
-static int
-_SSL_set_dh_auto(SSL *s, int state)
-{
-        s->cert->dhe_params_auto = state;
-        return 1;
-}
-
-static int
-_SSL_set_tmp_ecdh(SSL *s, EC_KEY *ecdh)
-{
-        const EC_GROUP *group;
-        int nid;
-
-        if (ecdh == NULL)
-                return 0;
-        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
-                return 0;
-
-        nid = EC_GROUP_get_curve_name(group);
-        return SSL_set1_groups(s, &nid, 1);
-}
-
-static int
-_SSL_set_ecdh_auto(SSL *s, int state)
-{
-        return 1;
-}
-
-static int
-_SSL_set_tlsext_host_name(SSL *s, const char *name)
-{
-        int is_ip;
-        CBS cbs;
-
-        free(s->tlsext_hostname);
-        s->tlsext_hostname = NULL;
-
-        if (name == NULL)
-                return 1;
-
-        CBS_init(&cbs, name, strlen(name));
-
-        if (!tlsext_sni_is_valid_hostname(&cbs, &is_ip)) {
-                SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME);
-                return 0;
-        }
-        if ((s->tlsext_hostname = strdup(name)) == NULL) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return 0;
-        }
-
-        return 1;
-}
-
-static int
-_SSL_set_tlsext_debug_arg(SSL *s, void *arg)
-{
-        s->tlsext_debug_arg = arg;
-        return 1;
-}
-
-static int
-_SSL_get_tlsext_status_type(SSL *s)
-{
-        return s->tlsext_status_type;
-}
-
-static int
-_SSL_set_tlsext_status_type(SSL *s, int type)
-{
-        s->tlsext_status_type = type;
-        return 1;
-}
-
-static int
-_SSL_get_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) **exts)
-{
-        *exts = s->tlsext_ocsp_exts;
-        return 1;
-}
-
-static int
-_SSL_set_tlsext_status_exts(SSL *s, STACK_OF(X509_EXTENSION) *exts)
-{
-        /* XXX - leak... */
-        s->tlsext_ocsp_exts = exts;
-        return 1;
-}
-
-static int
-_SSL_get_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) **ids)
-{
-        *ids = s->tlsext_ocsp_ids;
-        return 1;
-}
-
-static int
-_SSL_set_tlsext_status_ids(SSL *s, STACK_OF(OCSP_RESPID) *ids)
-{
-        /* XXX - leak... */
-        s->tlsext_ocsp_ids = ids;
-        return 1;
-}
-
-static int
-_SSL_get_tlsext_status_ocsp_resp(SSL *s, unsigned char **resp)
-{
-        if (s->tlsext_ocsp_resp != NULL &&
-            s->tlsext_ocsp_resp_len < INT_MAX) {
-                *resp = s->tlsext_ocsp_resp;
-                return (int)s->tlsext_ocsp_resp_len;
-        }
-
-        *resp = NULL;
-
-        return -1;
-}
-
-static int
-_SSL_set_tlsext_status_ocsp_resp(SSL *s, unsigned char *resp, int resp_len)
-{
-        free(s->tlsext_ocsp_resp);
-        s->tlsext_ocsp_resp = NULL;
-        s->tlsext_ocsp_resp_len = 0;
-
-        if (resp_len < 0)
-                return 0;
-
-        s->tlsext_ocsp_resp = resp;
-        s->tlsext_ocsp_resp_len = (size_t)resp_len;
-
-        return 1;
-}
-
-int
-SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain)
-{
-        return ssl_cert_set0_chain(NULL, ssl, chain);
-}
-LSSL_ALIAS(SSL_set0_chain);
-
-int
-SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain)
-{
-        return ssl_cert_set1_chain(NULL, ssl, chain);
-}
-LSSL_ALIAS(SSL_set1_chain);
-
-int
-SSL_add0_chain_cert(SSL *ssl, X509 *x509)
-{
-        return ssl_cert_add0_chain_cert(NULL, ssl, x509);
-}
-LSSL_ALIAS(SSL_add0_chain_cert);
-
-int
-SSL_add1_chain_cert(SSL *ssl, X509 *x509)
-{
-        return ssl_cert_add1_chain_cert(NULL, ssl, x509);
-}
-LSSL_ALIAS(SSL_add1_chain_cert);
-
-int
-SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain)
-{
-        *out_chain = NULL;
-
-        if (ssl->cert->key != NULL)
-                *out_chain = ssl->cert->key->chain;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_get0_chain_certs);
-
-int
-SSL_clear_chain_certs(SSL *ssl)
-{
-        return ssl_cert_set0_chain(NULL, ssl, NULL);
-}
-LSSL_ALIAS(SSL_clear_chain_certs);
-
-int
-SSL_set1_groups(SSL *s, const int *groups, size_t groups_len)
-{
-        return tls1_set_groups(&s->tlsext_supportedgroups,
-            &s->tlsext_supportedgroups_length, groups, groups_len);
-}
-LSSL_ALIAS(SSL_set1_groups);
-
-int
-SSL_set1_groups_list(SSL *s, const char *groups)
-{
-        return tls1_set_group_list(&s->tlsext_supportedgroups,
-            &s->tlsext_supportedgroups_length, groups);
-}
-LSSL_ALIAS(SSL_set1_groups_list);
-
-static int
-_SSL_get_signature_nid(SSL *s, int *nid)
-{
-        const struct ssl_sigalg *sigalg;
-
-        if ((sigalg = s->s3->hs.our_sigalg) == NULL)
-                return 0;
-
-        *nid = EVP_MD_type(sigalg->md());
-
-        return 1;
-}
-
-static int
-_SSL_get_peer_signature_nid(SSL *s, int *nid)
-{
-        const struct ssl_sigalg *sigalg;
-
-        if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
-                return 0;
-
-        *nid = EVP_MD_type(sigalg->md());
-
-        return 1;
-}
-
-int
-SSL_get_signature_type_nid(const SSL *s, int *nid)
-{
-        const struct ssl_sigalg *sigalg;
-
-        if ((sigalg = s->s3->hs.our_sigalg) == NULL)
-                return 0;
-
-        *nid = sigalg->key_type;
-        if (sigalg->key_type == EVP_PKEY_RSA &&
-            (sigalg->flags & SIGALG_FLAG_RSA_PSS))
-                *nid = EVP_PKEY_RSA_PSS;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_get_signature_type_nid);
-
-int
-SSL_get_peer_signature_type_nid(const SSL *s, int *nid)
-{
-        const struct ssl_sigalg *sigalg;
-
-        if ((sigalg = s->s3->hs.peer_sigalg) == NULL)
-                return 0;
-
-        *nid = sigalg->key_type;
-        if (sigalg->key_type == EVP_PKEY_RSA &&
-            (sigalg->flags & SIGALG_FLAG_RSA_PSS))
-                *nid = EVP_PKEY_RSA_PSS;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_get_peer_signature_type_nid);
-
-long
-ssl3_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-        switch (cmd) {
-        case SSL_CTRL_GET_SESSION_REUSED:
-                return _SSL_session_reused(s);
-
-        case SSL_CTRL_GET_NUM_RENEGOTIATIONS:
-                return _SSL_num_renegotiations(s);
-
-        case SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS:
-                return _SSL_clear_num_renegotiations(s);
-
-        case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS:
-                return _SSL_total_renegotiations(s);
-
-        case SSL_CTRL_SET_TMP_DH:
-                return _SSL_set_tmp_dh(s, parg);
-
-        case SSL_CTRL_SET_TMP_DH_CB:
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-
-        case SSL_CTRL_SET_DH_AUTO:
-                return _SSL_set_dh_auto(s, larg);
-
-        case SSL_CTRL_SET_TMP_ECDH:
-                return _SSL_set_tmp_ecdh(s, parg);
-
-        case SSL_CTRL_SET_TMP_ECDH_CB:
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-
-        case SSL_CTRL_SET_ECDH_AUTO:
-                return _SSL_set_ecdh_auto(s, larg);
-
-        case SSL_CTRL_SET_TLSEXT_HOSTNAME:
-                if (larg != TLSEXT_NAMETYPE_host_name) {
-                        SSLerror(s, SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE);
-                        return 0;
-                }
-                return _SSL_set_tlsext_host_name(s, parg);
-
-        case SSL_CTRL_SET_TLSEXT_DEBUG_ARG:
-                return _SSL_set_tlsext_debug_arg(s, parg);
-
-        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE:
-                return _SSL_get_tlsext_status_type(s);
-
-        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE:
-                return _SSL_set_tlsext_status_type(s, larg);
-
-        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS:
-                return _SSL_get_tlsext_status_exts(s, parg);
-
-        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS:
-                return _SSL_set_tlsext_status_exts(s, parg);
-
-        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS:
-                return _SSL_get_tlsext_status_ids(s, parg);
-
-        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS:
-                return _SSL_set_tlsext_status_ids(s, parg);
-
-        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP:
-                return _SSL_get_tlsext_status_ocsp_resp(s, parg);
-
-        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP:
-                return _SSL_set_tlsext_status_ocsp_resp(s, parg, larg);
-
-        case SSL_CTRL_CHAIN:
-                if (larg == 0)
-                        return SSL_set0_chain(s, (STACK_OF(X509) *)parg);
-                else
-                        return SSL_set1_chain(s, (STACK_OF(X509) *)parg);
-
-        case SSL_CTRL_CHAIN_CERT:
-                if (larg == 0)
-                        return SSL_add0_chain_cert(s, (X509 *)parg);
-                else
-                        return SSL_add1_chain_cert(s, (X509 *)parg);
-
-        case SSL_CTRL_GET_CHAIN_CERTS:
-                return SSL_get0_chain_certs(s, (STACK_OF(X509) **)parg);
-
-        case SSL_CTRL_SET_GROUPS:
-                return SSL_set1_groups(s, parg, larg);
-
-        case SSL_CTRL_SET_GROUPS_LIST:
-                return SSL_set1_groups_list(s, parg);
-
-        case SSL_CTRL_GET_SHARED_GROUP:
-                return _SSL_get_shared_group(s, larg);
-
-        /* XXX - rename to SSL_CTRL_GET_PEER_TMP_KEY and remove server check. */
-        case SSL_CTRL_GET_SERVER_TMP_KEY:
-                if (s->server != 0)
-                        return 0;
-                return _SSL_get_peer_tmp_key(s, parg);
-
-        case SSL_CTRL_GET_MIN_PROTO_VERSION:
-                return SSL_get_min_proto_version(s);
-
-        case SSL_CTRL_GET_MAX_PROTO_VERSION:
-                return SSL_get_max_proto_version(s);
-
-        case SSL_CTRL_SET_MIN_PROTO_VERSION:
-                if (larg < 0 || larg > UINT16_MAX)
-                        return 0;
-                return SSL_set_min_proto_version(s, larg);
-
-        case SSL_CTRL_SET_MAX_PROTO_VERSION:
-                if (larg < 0 || larg > UINT16_MAX)
-                        return 0;
-                return SSL_set_max_proto_version(s, larg);
-
-        case SSL_CTRL_GET_SIGNATURE_NID:
-                return _SSL_get_signature_nid(s, parg);
-
-        case SSL_CTRL_GET_PEER_SIGNATURE_NID:
-                return _SSL_get_peer_signature_nid(s, parg);
-
-        /*
-         * Legacy controls that should eventually be removed.
-         */
-        case SSL_CTRL_GET_CLIENT_CERT_REQUEST:
-                return 0;
-
-        case SSL_CTRL_GET_FLAGS:
-                return (int)(s->s3->flags);
-
-        case SSL_CTRL_NEED_TMP_RSA:
-                return 0;
-
-        case SSL_CTRL_SET_TMP_RSA:
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-        }
-
-        return 0;
-}
-
-long
-ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
-{
-        switch (cmd) {
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-
-        case SSL_CTRL_SET_TMP_DH_CB:
-                s->cert->dhe_params_cb = (DH *(*)(SSL *, int, int))fp;
-                return 1;
-
-        case SSL_CTRL_SET_TMP_ECDH_CB:
-                return 1;
-
-        case SSL_CTRL_SET_TLSEXT_DEBUG_CB:
-                s->tlsext_debug_cb = (void (*)(SSL *, int , int,
-                    unsigned char *, int, void *))fp;
-                return 1;
-        }
-
-        return 0;
-}
-
-static int
-_SSL_CTX_set_tmp_dh(SSL_CTX *ctx, DH *dh)
-{
-        DH *dhe_params;
-
-        if (dh == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-
-        if (!ssl_ctx_security_dh(ctx, dh)) {
-                SSLerrorx(SSL_R_DH_KEY_TOO_SMALL);
-                return 0;
-        }
-
-        if ((dhe_params = DHparams_dup(dh)) == NULL) {
-                SSLerrorx(ERR_R_DH_LIB);
-                return 0;
-        }
-
-        DH_free(ctx->cert->dhe_params);
-        ctx->cert->dhe_params = dhe_params;
-
-        return 1;
-}
-
-static int
-_SSL_CTX_set_dh_auto(SSL_CTX *ctx, int state)
-{
-        ctx->cert->dhe_params_auto = state;
-        return 1;
-}
-
-static int
-_SSL_CTX_set_tmp_ecdh(SSL_CTX *ctx, EC_KEY *ecdh)
-{
-        const EC_GROUP *group;
-        int nid;
-
-        if (ecdh == NULL)
-                return 0;
-        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
-                return 0;
-
-        nid = EC_GROUP_get_curve_name(group);
-        return SSL_CTX_set1_groups(ctx, &nid, 1);
-}
-
-static int
-_SSL_CTX_set_ecdh_auto(SSL_CTX *ctx, int state)
-{
-        return 1;
-}
-
-static int
-_SSL_CTX_set_tlsext_servername_arg(SSL_CTX *ctx, void *arg)
-{
-        ctx->tlsext_servername_arg = arg;
-        return 1;
-}
-
-static int
-_SSL_CTX_get_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
-{
-        if (keys == NULL)
-                return 48;
-
-        if (keys_len != 48) {
-                SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
-                return 0;
-        }
-
-        memcpy(keys, ctx->tlsext_tick_key_name, 16);
-        memcpy(keys + 16, ctx->tlsext_tick_hmac_key, 16);
-        memcpy(keys + 32, ctx->tlsext_tick_aes_key, 16);
-
-        return 1;
-}
-
-static int
-_SSL_CTX_set_tlsext_ticket_keys(SSL_CTX *ctx, unsigned char *keys, int keys_len)
-{
-        if (keys == NULL)
-                return 48;
-
-        if (keys_len != 48) {
-                SSLerrorx(SSL_R_INVALID_TICKET_KEYS_LENGTH);
-                return 0;
-        }
-
-        memcpy(ctx->tlsext_tick_key_name, keys, 16);
-        memcpy(ctx->tlsext_tick_hmac_key, keys + 16, 16);
-        memcpy(ctx->tlsext_tick_aes_key, keys + 32, 16);
-
-        return 1;
-}
-
-static int
-_SSL_CTX_get_tlsext_status_arg(SSL_CTX *ctx, void **arg)
-{
-        *arg = ctx->tlsext_status_arg;
-        return 1;
-}
-
-static int
-_SSL_CTX_set_tlsext_status_arg(SSL_CTX *ctx, void *arg)
-{
-        ctx->tlsext_status_arg = arg;
-        return 1;
-}
-
-int
-SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain)
-{
-        return ssl_cert_set0_chain(ctx, NULL, chain);
-}
-LSSL_ALIAS(SSL_CTX_set0_chain);
-
-int
-SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain)
-{
-        return ssl_cert_set1_chain(ctx, NULL, chain);
-}
-LSSL_ALIAS(SSL_CTX_set1_chain);
-
-int
-SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509)
-{
-        return ssl_cert_add0_chain_cert(ctx, NULL, x509);
-}
-LSSL_ALIAS(SSL_CTX_add0_chain_cert);
-
-int
-SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509)
-{
-        return ssl_cert_add1_chain_cert(ctx, NULL, x509);
-}
-LSSL_ALIAS(SSL_CTX_add1_chain_cert);
-
-int
-SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain)
-{
-        *out_chain = NULL;
-
-        if (ctx->cert->key != NULL)
-                *out_chain = ctx->cert->key->chain;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_CTX_get0_chain_certs);
-
-int
-SSL_CTX_clear_chain_certs(SSL_CTX *ctx)
-{
-        return ssl_cert_set0_chain(ctx, NULL, NULL);
-}
-LSSL_ALIAS(SSL_CTX_clear_chain_certs);
-
-static int
-_SSL_CTX_add_extra_chain_cert(SSL_CTX *ctx, X509 *cert)
-{
-        if (ctx->extra_certs == NULL) {
-                if ((ctx->extra_certs = sk_X509_new_null()) == NULL)
-                        return 0;
-        }
-        if (sk_X509_push(ctx->extra_certs, cert) == 0)
-                return 0;
-
-        return 1;
-}
-
-static int
-_SSL_CTX_get_extra_chain_certs(SSL_CTX *ctx, STACK_OF(X509) **certs)
-{
-        *certs = ctx->extra_certs;
-        if (*certs == NULL)
-                *certs = ctx->cert->key->chain;
-
-        return 1;
-}
-
-static int
-_SSL_CTX_get_extra_chain_certs_only(SSL_CTX *ctx, STACK_OF(X509) **certs)
-{
-        *certs = ctx->extra_certs;
-        return 1;
-}
-
-static int
-_SSL_CTX_clear_extra_chain_certs(SSL_CTX *ctx)
-{
-        sk_X509_pop_free(ctx->extra_certs, X509_free);
-        ctx->extra_certs = NULL;
-        return 1;
-}
-
-int
-SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len)
-{
-        return tls1_set_groups(&ctx->tlsext_supportedgroups,
-            &ctx->tlsext_supportedgroups_length, groups, groups_len);
-}
-LSSL_ALIAS(SSL_CTX_set1_groups);
-
-int
-SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups)
-{
-        return tls1_set_group_list(&ctx->tlsext_supportedgroups,
-            &ctx->tlsext_supportedgroups_length, groups);
-}
-LSSL_ALIAS(SSL_CTX_set1_groups_list);
-
-long
-ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-        switch (cmd) {
-        case SSL_CTRL_SET_TMP_DH:
-                return _SSL_CTX_set_tmp_dh(ctx, parg);
-
-        case SSL_CTRL_SET_TMP_DH_CB:
-                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-
-        case SSL_CTRL_SET_DH_AUTO:
-                return _SSL_CTX_set_dh_auto(ctx, larg);
-
-        case SSL_CTRL_SET_TMP_ECDH:
-                return _SSL_CTX_set_tmp_ecdh(ctx, parg);
-
-        case SSL_CTRL_SET_TMP_ECDH_CB:
-                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-
-        case SSL_CTRL_SET_ECDH_AUTO:
-                return _SSL_CTX_set_ecdh_auto(ctx, larg);
-
-        case SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG:
-                return _SSL_CTX_set_tlsext_servername_arg(ctx, parg);
-
-        case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
-                return _SSL_CTX_get_tlsext_ticket_keys(ctx, parg, larg);
-
-        case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
-                return _SSL_CTX_set_tlsext_ticket_keys(ctx, parg, larg);
-
-        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG:
-                return _SSL_CTX_get_tlsext_status_arg(ctx, parg);
-
-        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG:
-                return _SSL_CTX_set_tlsext_status_arg(ctx, parg);
-
-        case SSL_CTRL_CHAIN:
-                if (larg == 0)
-                        return SSL_CTX_set0_chain(ctx, (STACK_OF(X509) *)parg);
-                else
-                        return SSL_CTX_set1_chain(ctx, (STACK_OF(X509) *)parg);
-
-        case SSL_CTRL_CHAIN_CERT:
-                if (larg == 0)
-                        return SSL_CTX_add0_chain_cert(ctx, (X509 *)parg);
-                else
-                        return SSL_CTX_add1_chain_cert(ctx, (X509 *)parg);
-
-        case SSL_CTRL_GET_CHAIN_CERTS:
-                return SSL_CTX_get0_chain_certs(ctx, (STACK_OF(X509) **)parg);
-
-        case SSL_CTRL_EXTRA_CHAIN_CERT:
-                return _SSL_CTX_add_extra_chain_cert(ctx, parg);
-
-        case SSL_CTRL_GET_EXTRA_CHAIN_CERTS:
-                if (larg == 0)
-                        return _SSL_CTX_get_extra_chain_certs(ctx, parg);
-                else
-                        return _SSL_CTX_get_extra_chain_certs_only(ctx, parg);
-
-        case SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS:
-                return _SSL_CTX_clear_extra_chain_certs(ctx);
-
-        case SSL_CTRL_SET_GROUPS:
-                return SSL_CTX_set1_groups(ctx, parg, larg);
-
-        case SSL_CTRL_SET_GROUPS_LIST:
-                return SSL_CTX_set1_groups_list(ctx, parg);
-
-        case SSL_CTRL_GET_MIN_PROTO_VERSION:
-                return SSL_CTX_get_min_proto_version(ctx);
-
-        case SSL_CTRL_GET_MAX_PROTO_VERSION:
-                return SSL_CTX_get_max_proto_version(ctx);
-
-        case SSL_CTRL_SET_MIN_PROTO_VERSION:
-                if (larg < 0 || larg > UINT16_MAX)
-                        return 0;
-                return SSL_CTX_set_min_proto_version(ctx, larg);
-
-        case SSL_CTRL_SET_MAX_PROTO_VERSION:
-                if (larg < 0 || larg > UINT16_MAX)
-                        return 0;
-                return SSL_CTX_set_max_proto_version(ctx, larg);
-
-        /*
-         * Legacy controls that should eventually be removed.
-         */
-        case SSL_CTRL_NEED_TMP_RSA:
-                return 0;
-
-        case SSL_CTRL_SET_TMP_RSA:
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-        }
-
-        return 0;
-}
-
-long
-ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
-{
-        switch (cmd) {
-        case SSL_CTRL_SET_TMP_RSA_CB:
-                SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-
-        case SSL_CTRL_SET_TMP_DH_CB:
-                ctx->cert->dhe_params_cb =
-                    (DH *(*)(SSL *, int, int))fp;
-                return 1;
-
-        case SSL_CTRL_SET_TMP_ECDH_CB:
-                return 1;
-
-        case SSL_CTRL_SET_TLSEXT_SERVERNAME_CB:
-                ctx->tlsext_servername_callback =
-                    (int (*)(SSL *, int *, void *))fp;
-                return 1;
-
-        case SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB:
-                *(int (**)(SSL *, void *))fp = ctx->tlsext_status_cb;
-                return 1;
-
-        case SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB:
-                ctx->tlsext_status_cb = (int (*)(SSL *, void *))fp;
-                return 1;
-
-        case SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB:
-                ctx->tlsext_ticket_key_cb = (int (*)(SSL *, unsigned char  *,
-                    unsigned char *, EVP_CIPHER_CTX *, HMAC_CTX *, int))fp;
-                return 1;
-        }
-
-        return 0;
-}
-
-SSL_CIPHER *
-ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
-    STACK_OF(SSL_CIPHER) *srvr)
-{
-        unsigned long alg_k, alg_a, mask_k, mask_a;
-        STACK_OF(SSL_CIPHER) *prio, *allow;
-        SSL_CIPHER *c, *ret = NULL;
-        int can_use_ecc;
-        int i, ii, nid, ok;
-        SSL_CERT *cert;
-
-        /* Let's see which ciphers we can support */
-        cert = s->cert;
-
-        can_use_ecc = tls1_get_supported_group(s, &nid);
-
-        /*
-         * Do not set the compare functions, because this may lead to a
-         * reordering by "id". We want to keep the original ordering.
-         * We may pay a price in performance during sk_SSL_CIPHER_find(),
-         * but would have to pay with the price of sk_SSL_CIPHER_dup().
-         */
-
-        if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) {
-                prio = srvr;
-                allow = clnt;
-        } else {
-                prio = clnt;
-                allow = srvr;
-        }
-
-        for (i = 0; i < sk_SSL_CIPHER_num(prio); i++) {
-                c = sk_SSL_CIPHER_value(prio, i);
-
-                /* Skip TLS v1.2 only ciphersuites if not supported. */
-                if ((c->algorithm_ssl & SSL_TLSV1_2) &&
-                    !SSL_USE_TLS1_2_CIPHERS(s))
-                        continue;
-
-                /* Skip TLS v1.3 only ciphersuites if not supported. */
-                if ((c->algorithm_ssl & SSL_TLSV1_3) &&
-                    !SSL_USE_TLS1_3_CIPHERS(s))
-                        continue;
-
-                /* If TLS v1.3, only allow TLS v1.3 ciphersuites. */
-                if (SSL_USE_TLS1_3_CIPHERS(s) &&
-                    !(c->algorithm_ssl & SSL_TLSV1_3))
-                        continue;
-
-                if (!ssl_security_shared_cipher(s, c))
-                        continue;
-
-                ssl_set_cert_masks(cert, c);
-                mask_k = cert->mask_k;
-                mask_a = cert->mask_a;
-
-                alg_k = c->algorithm_mkey;
-                alg_a = c->algorithm_auth;
-
-                ok = (alg_k & mask_k) && (alg_a & mask_a);
-
-                /*
-                 * If we are considering an ECC cipher suite that uses our
-                 * certificate check it.
-                 */
-                if (alg_a & SSL_aECDSA)
-                        ok = ok && tls1_check_ec_server_key(s);
-                /*
-                 * If we are considering an ECC cipher suite that uses
-                 * an ephemeral EC key check it.
-                 */
-                if (alg_k & SSL_kECDHE)
-                        ok = ok && can_use_ecc;
-
-                if (!ok)
-                        continue;
-                ii = sk_SSL_CIPHER_find(allow, c);
-                if (ii >= 0) {
-                        ret = sk_SSL_CIPHER_value(allow, ii);
-                        break;
-                }
-        }
-        return (ret);
-}
-
-#define SSL3_CT_RSA_SIGN        1
-#define SSL3_CT_RSA_FIXED_DH    3
-#define SSL3_CT_ECDSA_SIGN      64
-
-int
-ssl3_get_req_cert_types(SSL *s, CBB *cbb)
-{
-        unsigned long alg_k;
-
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-
-        if ((alg_k & SSL_kDHE) != 0) {
-                if (!CBB_add_u8(cbb, SSL3_CT_RSA_FIXED_DH))
-                        return 0;
-        }
-
-        if (!CBB_add_u8(cbb, SSL3_CT_RSA_SIGN))
-                return 0;
-
-        /*
-         * ECDSA certs can be used with RSA cipher suites as well
-         * so we don't need to check for SSL_kECDH or SSL_kECDHE.
-         */
-        if (!CBB_add_u8(cbb, SSL3_CT_ECDSA_SIGN))
-                return 0;
-
-        return 1;
-}
-
-int
-ssl3_shutdown(SSL *s)
-{
-        int     ret;
-
-        /*
-         * Don't do anything much if we have not done the handshake or
-         * we don't want to send messages :-)
-         */
-        if ((s->quiet_shutdown) || (s->s3->hs.state == SSL_ST_BEFORE)) {
-                s->shutdown = (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN);
-                return (1);
-        }
-
-        if (!(s->shutdown & SSL_SENT_SHUTDOWN)) {
-                s->shutdown|=SSL_SENT_SHUTDOWN;
-                ssl3_send_alert(s, SSL3_AL_WARNING, SSL_AD_CLOSE_NOTIFY);
-                /*
-                 * Our shutdown alert has been sent now, and if it still needs
-                 * to be written, s->s3->alert_dispatch will be true
-                 */
-                if (s->s3->alert_dispatch)
-                        return (-1);    /* return WANT_WRITE */
-        } else if (s->s3->alert_dispatch) {
-                /* resend it if not sent */
-                ret = ssl3_dispatch_alert(s);
-                if (ret == -1) {
-                        /*
-                         * We only get to return -1 here the 2nd/Nth
-                         * invocation, we must  have already signalled
-                         * return 0 upon a previous invoation,
-                         * return WANT_WRITE
-                         */
-                        return (ret);
-                }
-        } else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
-                /* If we are waiting for a close from our peer, we are closed */
-                s->method->ssl_read_bytes(s, 0, NULL, 0, 0);
-                if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) {
-                        return (-1);    /* return WANT_READ */
-                }
-        }
-
-        if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) &&
-            !s->s3->alert_dispatch)
-                return (1);
-        else
-                return (0);
-}
-
-int
-ssl3_write(SSL *s, const void *buf, int len)
-{
-        errno = 0;
-
-        if (s->s3->renegotiate)
-                ssl3_renegotiate_check(s);
-
-        return s->method->ssl_write_bytes(s, SSL3_RT_APPLICATION_DATA,
-            buf, len);
-}
-
-static int
-ssl3_read_internal(SSL *s, void *buf, int len, int peek)
-{
-        int     ret;
-
-        errno = 0;
-        if (s->s3->renegotiate)
-                ssl3_renegotiate_check(s);
-        s->s3->in_read_app_data = 1;
-
-        ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA, buf, len,
-            peek);
-        if ((ret == -1) && (s->s3->in_read_app_data == 2)) {
-                /*
-                 * ssl3_read_bytes decided to call s->handshake_func,
-                 * which called ssl3_read_bytes to read handshake data.
-                 * However, ssl3_read_bytes actually found application data
-                 * and thinks that application data makes sense here; so disable
-                 * handshake processing and try to read application data again.
-                 */
-                s->in_handshake++;
-                ret = s->method->ssl_read_bytes(s, SSL3_RT_APPLICATION_DATA,
-                    buf, len, peek);
-                s->in_handshake--;
-        } else
-                s->s3->in_read_app_data = 0;
-
-        return (ret);
-}
-
-int
-ssl3_read(SSL *s, void *buf, int len)
-{
-        return ssl3_read_internal(s, buf, len, 0);
-}
-
-int
-ssl3_peek(SSL *s, void *buf, int len)
-{
-        return ssl3_read_internal(s, buf, len, 1);
-}
-
-int
-ssl3_renegotiate(SSL *s)
-{
-        if (s->handshake_func == NULL)
-                return 1;
-
-        if (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
-                return 0;
-
-        s->s3->renegotiate = 1;
-
-        return 1;
-}
-
-int
-ssl3_renegotiate_check(SSL *s)
-{
-        if (!s->s3->renegotiate)
-                return 0;
-        if (SSL_in_init(s) || s->s3->rbuf.left != 0 || s->s3->wbuf.left != 0)
-                return 0;
-
-        s->s3->hs.state = SSL_ST_RENEGOTIATE;
-        s->s3->renegotiate = 0;
-        s->s3->num_renegotiations++;
-        s->s3->total_renegotiations++;
-
-        return 1;
-}
diff --git a/src/lib/libssl/shlib_version b/src/lib/libssl/shlib_version
deleted file mode 100644
index c2665004b4..0000000000
--- a/src/lib/libssl/shlib_version
+++ /dev/null
@@ -1,3 +0,0 @@
-# Don't forget to give libtls the same type of bump!
-major=59
-minor=1
diff --git a/src/lib/libssl/srtp.h b/src/lib/libssl/srtp.h
deleted file mode 100644
index 686e9d924a..0000000000
--- a/src/lib/libssl/srtp.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/* $OpenBSD: srtp.h,v 1.8 2025/03/13 10:26:41 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/*
- * DTLS code by Eric Rescorla <ekr@rtfm.com>
- *
- * Copyright (C) 2006, Network Resonance, Inc.
- * Copyright (C) 2011, RTFM, Inc.
- */
-
-#ifndef HEADER_D1_SRTP_H
-#define HEADER_D1_SRTP_H
-
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define SRTP_AES128_CM_SHA1_80 0x0001
-#define SRTP_AES128_CM_SHA1_32 0x0002
-#define SRTP_AES128_F8_SHA1_80 0x0003
-#define SRTP_AES128_F8_SHA1_32 0x0004
-#define SRTP_NULL_SHA1_80      0x0005
-#define SRTP_NULL_SHA1_32      0x0006
-
-/* AEAD SRTP protection profiles from RFC 7714 */
-#define SRTP_AEAD_AES_128_GCM  0x0007
-#define SRTP_AEAD_AES_256_GCM  0x0008
-
-int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
-int SSL_set_tlsext_use_srtp(SSL *ctx, const char *profiles);
-
-STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
-SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);
-
-#ifdef  __cplusplus
-}
-#endif
-
-#endif
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
deleted file mode 100644
index a1ed22b778..0000000000
--- a/src/lib/libssl/ssl.h
+++ /dev/null
@@ -1,2343 +0,0 @@
-/* $OpenBSD: ssl.h,v 1.247 2025/03/12 14:03:55 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_H
-#define HEADER_SSL_H
-
-#include <stdint.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/hmac.h>
-#include <openssl/pem.h>
-#include <openssl/safestack.h>
-
-#include <openssl/bio.h>
-
-#ifndef OPENSSL_NO_DEPRECATED
-#include <openssl/buffer.h>
-#include <openssl/crypto.h>
-#include <openssl/lhash.h>
-
-#ifndef OPENSSL_NO_X509
-#include <openssl/x509.h>
-#endif
-#endif
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* SSLeay version number for ASN.1 encoding of the session information */
-/* Version 0 - initial version
- * Version 1 - added the optional peer certificate
- */
-#define SSL_SESSION_ASN1_VERSION 0x0001
-
-/* text strings for the ciphers */
-#define SSL_TXT_NULL_WITH_MD5           SSL2_TXT_NULL_WITH_MD5
-#define SSL_TXT_RC4_128_WITH_MD5        SSL2_TXT_RC4_128_WITH_MD5
-#define SSL_TXT_RC4_128_EXPORT40_WITH_MD5 SSL2_TXT_RC4_128_EXPORT40_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_WITH_MD5    SSL2_TXT_RC2_128_CBC_WITH_MD5
-#define SSL_TXT_RC2_128_CBC_EXPORT40_WITH_MD5 SSL2_TXT_RC2_128_CBC_EXPORT40_WITH_MD5
-#define SSL_TXT_IDEA_128_CBC_WITH_MD5   SSL2_TXT_IDEA_128_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_MD5     SSL2_TXT_DES_64_CBC_WITH_MD5
-#define SSL_TXT_DES_64_CBC_WITH_SHA     SSL2_TXT_DES_64_CBC_WITH_SHA
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5
-#define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL_TXT_KRB5_RC4_128_SHA      SSL3_TXT_KRB5_RC4_128_SHA
-#define SSL_TXT_KRB5_IDEA_128_CBC_SHA SSL3_TXT_KRB5_IDEA_128_CBC_SHA
-#define SSL_TXT_KRB5_RC4_128_MD5      SSL3_TXT_KRB5_RC4_128_MD5
-#define SSL_TXT_KRB5_IDEA_128_CBC_MD5 SSL3_TXT_KRB5_IDEA_128_CBC_MD5
-
-#define SSL_TXT_KRB5_RC2_40_CBC_SHA   SSL3_TXT_KRB5_RC2_40_CBC_SHA
-#define SSL_TXT_KRB5_RC4_40_SHA       SSL3_TXT_KRB5_RC4_40_SHA
-#define SSL_TXT_KRB5_RC2_40_CBC_MD5   SSL3_TXT_KRB5_RC2_40_CBC_MD5
-#define SSL_TXT_KRB5_RC4_40_MD5       SSL3_TXT_KRB5_RC4_40_MD5
-
-#define SSL_TXT_KRB5_DES_40_CBC_SHA   SSL3_TXT_KRB5_DES_40_CBC_SHA
-#define SSL_TXT_KRB5_DES_40_CBC_MD5   SSL3_TXT_KRB5_DES_40_CBC_MD5
-#define SSL_TXT_KRB5_DES_64_CBC_SHA   SSL3_TXT_KRB5_DES_64_CBC_SHA
-#define SSL_TXT_KRB5_DES_64_CBC_MD5   SSL3_TXT_KRB5_DES_64_CBC_MD5
-#define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA
-#define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5
-#define SSL_MAX_KRB5_PRINCIPAL_LENGTH  256
-
-#define SSL_MAX_SSL_SESSION_ID_LENGTH           32
-#define SSL_MAX_SID_CTX_LENGTH                  32
-
-#define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES     (512/8)
-#define SSL_MAX_KEY_ARG_LENGTH                  8
-#define SSL_MAX_MASTER_KEY_LENGTH               48
-
-
-/* These are used to specify which ciphers to use and not to use */
-
-#define SSL_TXT_LOW             "LOW"
-#define SSL_TXT_MEDIUM          "MEDIUM"
-#define SSL_TXT_HIGH            "HIGH"
-
-#define SSL_TXT_kFZA            "kFZA" /* unused! */
-#define SSL_TXT_aFZA            "aFZA" /* unused! */
-#define SSL_TXT_eFZA            "eFZA" /* unused! */
-#define SSL_TXT_FZA             "FZA"  /* unused! */
-
-#define SSL_TXT_aNULL           "aNULL"
-#define SSL_TXT_eNULL           "eNULL"
-#define SSL_TXT_NULL            "NULL"
-
-#define SSL_TXT_kRSA            "kRSA"
-#define SSL_TXT_kDHr            "kDHr" /* no such ciphersuites supported! */
-#define SSL_TXT_kDHd            "kDHd" /* no such ciphersuites supported! */
-#define SSL_TXT_kDH             "kDH"  /* no such ciphersuites supported! */
-#define SSL_TXT_kEDH            "kEDH"
-#define SSL_TXT_kKRB5           "kKRB5"
-#define SSL_TXT_kECDHr          "kECDHr"
-#define SSL_TXT_kECDHe          "kECDHe"
-#define SSL_TXT_kECDH           "kECDH"
-#define SSL_TXT_kEECDH          "kEECDH"
-#define SSL_TXT_kPSK            "kPSK"
-#define SSL_TXT_kSRP            "kSRP"
-
-#define SSL_TXT_aRSA            "aRSA"
-#define SSL_TXT_aDSS            "aDSS"
-#define SSL_TXT_aDH             "aDH" /* no such ciphersuites supported! */
-#define SSL_TXT_aECDH           "aECDH"
-#define SSL_TXT_aKRB5           "aKRB5"
-#define SSL_TXT_aECDSA          "aECDSA"
-#define SSL_TXT_aPSK            "aPSK"
-
-#define SSL_TXT_DSS             "DSS"
-#define SSL_TXT_DH              "DH"
-#define SSL_TXT_DHE             "DHE" /* same as "kDHE:-ADH" */
-#define SSL_TXT_EDH             "EDH" /* previous name for DHE */
-#define SSL_TXT_ADH             "ADH"
-#define SSL_TXT_RSA             "RSA"
-#define SSL_TXT_ECDH            "ECDH"
-#define SSL_TXT_ECDHE           "ECDHE" /* same as "kECDHE:-AECDH" */
-#define SSL_TXT_EECDH           "EECDH" /* previous name for ECDHE */
-#define SSL_TXT_AECDH           "AECDH"
-#define SSL_TXT_ECDSA           "ECDSA"
-#define SSL_TXT_KRB5            "KRB5"
-#define SSL_TXT_PSK             "PSK"
-#define SSL_TXT_SRP             "SRP"
-
-#define SSL_TXT_DES             "DES"
-#define SSL_TXT_3DES            "3DES"
-#define SSL_TXT_RC4             "RC4"
-#define SSL_TXT_RC2             "RC2"
-#define SSL_TXT_IDEA            "IDEA"
-#define SSL_TXT_SEED            "SEED"
-#define SSL_TXT_AES128          "AES128"
-#define SSL_TXT_AES256          "AES256"
-#define SSL_TXT_AES             "AES"
-#define SSL_TXT_AES_GCM         "AESGCM"
-#define SSL_TXT_CAMELLIA128     "CAMELLIA128"
-#define SSL_TXT_CAMELLIA256     "CAMELLIA256"
-#define SSL_TXT_CAMELLIA        "CAMELLIA"
-#define SSL_TXT_CHACHA20        "CHACHA20"
-
-#define SSL_TXT_AEAD            "AEAD"
-#define SSL_TXT_MD5             "MD5"
-#define SSL_TXT_SHA1            "SHA1"
-#define SSL_TXT_SHA             "SHA" /* same as "SHA1" */
-#define SSL_TXT_SHA256          "SHA256"
-#define SSL_TXT_SHA384          "SHA384"
-
-#define SSL_TXT_DTLS1           "DTLSv1"
-#define SSL_TXT_DTLS1_2         "DTLSv1.2"
-#define SSL_TXT_SSLV2           "SSLv2"
-#define SSL_TXT_SSLV3           "SSLv3"
-#define SSL_TXT_TLSV1           "TLSv1"
-#define SSL_TXT_TLSV1_1         "TLSv1.1"
-#define SSL_TXT_TLSV1_2         "TLSv1.2"
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define SSL_TXT_TLSV1_3         "TLSv1.3"
-#endif
-
-#define SSL_TXT_EXP             "EXP"
-#define SSL_TXT_EXPORT          "EXPORT"
-
-#define SSL_TXT_ALL             "ALL"
-
-/*
- * COMPLEMENTOF* definitions. These identifiers are used to (de-select)
- * ciphers normally not being used.
- * Example: "RC4" will activate all ciphers using RC4 including ciphers
- * without authentication, which would normally disabled by DEFAULT (due
- * the "!ADH" being part of default). Therefore "RC4:!COMPLEMENTOFDEFAULT"
- * will make sure that it is also disabled in the specific selection.
- * COMPLEMENTOF* identifiers are portable between version, as adjustments
- * to the default cipher setup will also be included here.
- *
- * COMPLEMENTOFDEFAULT does not experience the same special treatment that
- * DEFAULT gets, as only selection is being done and no sorting as needed
- * for DEFAULT.
- */
-#define SSL_TXT_CMPALL          "COMPLEMENTOFALL"
-#define SSL_TXT_CMPDEF          "COMPLEMENTOFDEFAULT"
-
-/* The following cipher list is used by default.
- * It also is substituted when an application-defined cipher list string
- * starts with 'DEFAULT'. */
-#define SSL_DEFAULT_CIPHER_LIST "ALL:!aNULL:!eNULL:!SSLv2"
-/* As of OpenSSL 1.0.0, ssl_create_cipher_list() in ssl/ssl_ciph.c always
- * starts with a reasonable order, and all we have to do for DEFAULT is
- * throwing out anonymous and unencrypted ciphersuites!
- * (The latter are not actually enabled by ALL, but "ALL:RSA" would enable
- * some of them.)
- */
-
-/* Used in SSL_set_shutdown()/SSL_get_shutdown(); */
-#define SSL_SENT_SHUTDOWN       1
-#define SSL_RECEIVED_SHUTDOWN   2
-
-
-#define SSL_FILETYPE_ASN1       X509_FILETYPE_ASN1
-#define SSL_FILETYPE_PEM        X509_FILETYPE_PEM
-
-/* This is needed to stop compilers complaining about the
- * 'struct ssl_st *' function parameters used to prototype callbacks
- * in SSL_CTX. */
-typedef struct ssl_st *ssl_crock_st;
-
-typedef struct ssl_method_st SSL_METHOD;
-typedef struct ssl_cipher_st SSL_CIPHER;
-typedef struct ssl_session_st SSL_SESSION;
-
-#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL)
-typedef struct ssl_quic_method_st SSL_QUIC_METHOD;
-#endif
-
-DECLARE_STACK_OF(SSL_CIPHER)
-
-/* SRTP protection profiles for use with the use_srtp extension (RFC 5764)*/
-typedef struct srtp_protection_profile_st {
-        const char *name;
-        unsigned long id;
-} SRTP_PROTECTION_PROFILE;
-
-DECLARE_STACK_OF(SRTP_PROTECTION_PROFILE)
-
-typedef int (*tls_session_ticket_ext_cb_fn)(SSL *s, const unsigned char *data,
-    int len, void *arg);
-typedef int (*tls_session_secret_cb_fn)(SSL *s, void *secret, int *secret_len,
-    STACK_OF(SSL_CIPHER) *peer_ciphers, const SSL_CIPHER **cipher, void *arg);
-
-/* Allow initial connection to servers that don't support RI */
-#define SSL_OP_LEGACY_SERVER_CONNECT                    0x00000004L
-
-/* Disable SSL 3.0/TLS 1.0 CBC vulnerability workaround that was added
- * in OpenSSL 0.9.6d.  Usually (depending on the application protocol)
- * the workaround is not needed.
- * Unfortunately some broken SSL/TLS implementations cannot handle it
- * at all, which is why it was previously included in SSL_OP_ALL.
- * Now it's not.
- */
-#define SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS              0x00000800L
-
-/* DTLS options */
-#define SSL_OP_NO_QUERY_MTU                             0x00001000L
-/* Turn on Cookie Exchange (on relevant for servers) */
-#define SSL_OP_COOKIE_EXCHANGE                          0x00002000L
-/* Don't use RFC4507 ticket extension */
-#define SSL_OP_NO_TICKET                                0x00004000L
-
-/* As server, disallow session resumption on renegotiation */
-#define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION   0x00010000L
-/* Disallow client initiated renegotiation. */
-#define SSL_OP_NO_CLIENT_RENEGOTIATION                  0x00020000L
-/* Disallow client and server initiated renegotiation. */
-#define SSL_OP_NO_RENEGOTIATION                         0x00040000L
-/* Allow client initiated renegotiation. */
-#define SSL_OP_ALLOW_CLIENT_RENEGOTIATION               0x00080000L
-/* If set, always create a new key when using tmp_dh parameters */
-#define SSL_OP_SINGLE_DH_USE                            0x00100000L
-/* Set on servers to choose the cipher according to the server's
- * preferences */
-#define SSL_OP_CIPHER_SERVER_PREFERENCE                 0x00400000L
-
-#define SSL_OP_NO_TLSv1                                 0x04000000L
-#define SSL_OP_NO_TLSv1_2                               0x08000000L
-#define SSL_OP_NO_TLSv1_1                               0x10000000L
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define SSL_OP_NO_TLSv1_3                               0x20000000L
-#endif
-
-#define SSL_OP_NO_DTLSv1                                0x40000000L
-#define SSL_OP_NO_DTLSv1_2                              0x80000000L
-
-/* SSL_OP_ALL: various bug workarounds that should be rather harmless. */
-#define SSL_OP_ALL \
-    (SSL_OP_LEGACY_SERVER_CONNECT)
-
-/* Obsolete flags kept for compatibility. No sane code should use them. */
-#define SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION        0x0
-#define SSL_OP_CISCO_ANYCONNECT                         0x0
-#define SSL_OP_CRYPTOPRO_TLSEXT_BUG                     0x0
-#define SSL_OP_EPHEMERAL_RSA                            0x0
-#define SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER               0x0
-#define SSL_OP_MICROSOFT_SESS_ID_BUG                    0x0
-#define SSL_OP_MSIE_SSLV2_RSA_PADDING                   0x0
-#define SSL_OP_NETSCAPE_CA_DN_BUG                       0x0
-#define SSL_OP_NETSCAPE_CHALLENGE_BUG                   0x0
-#define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG          0x0
-#define SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG         0x0
-#define SSL_OP_NO_COMPRESSION                           0x0
-#define SSL_OP_NO_SSLv2                                 0x0
-#define SSL_OP_NO_SSLv3                                 0x0
-#define SSL_OP_PKCS1_CHECK_1                            0x0
-#define SSL_OP_PKCS1_CHECK_2                            0x0
-#define SSL_OP_SAFARI_ECDHE_ECDSA_BUG                   0x0
-#define SSL_OP_SINGLE_ECDH_USE                          0x0
-#define SSL_OP_SSLEAY_080_CLIENT_DH_BUG                 0x0
-#define SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG              0x0
-#define SSL_OP_TLSEXT_PADDING                           0x0
-#define SSL_OP_TLS_BLOCK_PADDING_BUG                    0x0
-#define SSL_OP_TLS_D5_BUG                               0x0
-#define SSL_OP_TLS_ROLLBACK_BUG                         0x0
-
-/* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success
- * when just a single record has been written): */
-#define SSL_MODE_ENABLE_PARTIAL_WRITE       0x00000001L
-/* Make it possible to retry SSL_write() with changed buffer location
- * (buffer contents must stay the same!); this is not the default to avoid
- * the misconception that non-blocking SSL_write() behaves like
- * non-blocking write(): */
-#define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L
-/* Never bother the application with retries if the transport
- * is blocking: */
-#define SSL_MODE_AUTO_RETRY 0x00000004L
-/* Don't attempt to automatically build certificate chain */
-#define SSL_MODE_NO_AUTO_CHAIN 0x00000008L
-/* Save RAM by releasing read and write buffers when they're empty. (SSL3 and
- * TLS only.)  "Released" buffers are put onto a free-list in the context
- * or just freed (depending on the context's setting for freelist_max_len). */
-#define SSL_MODE_RELEASE_BUFFERS 0x00000010L
-
-/* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value,
- * they cannot be used to clear bits. */
-
-#define SSL_CTX_set_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_CTX_clear_options(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_CTX_get_options(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL)
-#define SSL_set_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL)
-#define SSL_clear_options(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_OPTIONS,(op),NULL)
-#define SSL_get_options(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL)
-
-#define SSL_CTX_set_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL)
-#define SSL_CTX_clear_mode(ctx,op) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_CTX_get_mode(ctx) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL)
-#define SSL_clear_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_MODE,(op),NULL)
-#define SSL_set_mode(ssl,op) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL)
-#define SSL_get_mode(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL)
-#define SSL_set_mtu(ssl, mtu) \
-        SSL_ctrl((ssl),SSL_CTRL_SET_MTU,(mtu),NULL)
-
-#define SSL_get_secure_renegotiation_support(ssl) \
-        SSL_ctrl((ssl), SSL_CTRL_GET_RI_SUPPORT, 0, NULL)
-
-void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p,
-    int version, int content_type, const void *buf, size_t len, SSL *ssl,
-    void *arg));
-void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
-    int content_type, const void *buf, size_t len, SSL *ssl, void *arg));
-#define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-#define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg))
-typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
-void SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb);
-SSL_CTX_keylog_cb_func SSL_CTX_get_keylog_callback(const SSL_CTX *ctx);
-int SSL_set_num_tickets(SSL *s, size_t num_tickets);
-size_t SSL_get_num_tickets(const SSL *s);
-int SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets);
-size_t SSL_CTX_get_num_tickets(const SSL_CTX *ctx);
-STACK_OF(X509) *SSL_get0_verified_chain(const SSL *s);
-
-#define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */
-
-#define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT      (1024*20)
-
-/* This callback type is used inside SSL_CTX, SSL, and in the functions that set
- * them. It is used to override the generation of SSL/TLS session IDs in a
- * server. Return value should be zero on an error, non-zero to proceed. Also,
- * callbacks should themselves check if the id they generate is unique otherwise
- * the SSL handshake will fail with an error - callbacks can do this using the
- * 'ssl' value they're passed by;
- *      SSL_has_matching_session_id(ssl, id, *id_len)
- * The length value passed in is set at the maximum size the session ID can be.
- * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback
- * can alter this length to be less if desired, but under SSLv2 session IDs are
- * supposed to be fixed at 16 bytes so the id will be padded after the callback
- * returns in this case. It is also an error for the callback to set the size to
- * zero. */
-typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id,
-    unsigned int *id_len);
-
-typedef struct ssl_comp_st SSL_COMP;
-
-#ifdef LIBRESSL_INTERNAL
-DECLARE_STACK_OF(SSL_COMP)
-struct lhash_st_SSL_SESSION {
-        int dummy;
-};
-#endif
-
-#define SSL_SESS_CACHE_OFF                      0x0000
-#define SSL_SESS_CACHE_CLIENT                   0x0001
-#define SSL_SESS_CACHE_SERVER                   0x0002
-#define SSL_SESS_CACHE_BOTH     (SSL_SESS_CACHE_CLIENT|SSL_SESS_CACHE_SERVER)
-#define SSL_SESS_CACHE_NO_AUTO_CLEAR            0x0080
-/* enough comments already ... see SSL_CTX_set_session_cache_mode(3) */
-#define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP       0x0100
-#define SSL_SESS_CACHE_NO_INTERNAL_STORE        0x0200
-#define SSL_SESS_CACHE_NO_INTERNAL \
-        (SSL_SESS_CACHE_NO_INTERNAL_LOOKUP|SSL_SESS_CACHE_NO_INTERNAL_STORE)
-
-struct lhash_st_SSL_SESSION *SSL_CTX_sessions(SSL_CTX *ctx);
-#define SSL_CTX_sess_number(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL)
-#define SSL_CTX_sess_connect(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL)
-#define SSL_CTX_sess_connect_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL)
-#define SSL_CTX_sess_connect_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL)
-#define SSL_CTX_sess_accept_renegotiate(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL)
-#define SSL_CTX_sess_accept_good(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL)
-#define SSL_CTX_sess_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL)
-#define SSL_CTX_sess_cb_hits(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL)
-#define SSL_CTX_sess_misses(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL)
-#define SSL_CTX_sess_timeouts(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL)
-#define SSL_CTX_sess_cache_full(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL)
-
-void SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-    int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess));
-int (*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
-    SSL_SESSION *sess);
-void SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-    void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess));
-void (*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(struct ssl_ctx_st *ctx,
-    SSL_SESSION *sess);
-void SSL_CTX_sess_set_get_cb(SSL_CTX *ctx,
-    SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-    const unsigned char *data, int len, int *copy));
-SSL_SESSION *(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(struct ssl_st *ssl,
-    const unsigned char *data, int len, int *copy);
-void SSL_CTX_set_info_callback(SSL_CTX *ctx, void (*cb)(const SSL *ssl,
-    int type, int val));
-void (*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type,
-    int val);
-void SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-    int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey));
-int (*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL *ssl, X509 **x509,
-    EVP_PKEY **pkey);
-void SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-    int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
-    unsigned int *cookie_len));
-void SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-    int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
-    unsigned int cookie_len));
-void SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-    const unsigned char **out, unsigned int *outlen, void *arg), void *arg);
-void SSL_CTX_set_next_proto_select_cb(SSL_CTX *s, int (*cb)(SSL *ssl,
-    unsigned char **out, unsigned char *outlen, const unsigned char *in,
-    unsigned int inlen, void *arg), void *arg);
-
-int SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-    const unsigned char *in, unsigned int inlen, const unsigned char *client,
-    unsigned int client_len);
-void SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-    unsigned int *len);
-
-#define OPENSSL_NPN_UNSUPPORTED 0
-#define OPENSSL_NPN_NEGOTIATED  1
-#define OPENSSL_NPN_NO_OVERLAP  2
-
-int SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
-    unsigned int protos_len);
-int SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
-    unsigned int protos_len);
-void SSL_CTX_set_alpn_select_cb(SSL_CTX *ctx,
-    int (*cb)(SSL *ssl, const unsigned char **out, unsigned char *outlen,
-    const unsigned char *in, unsigned int inlen, void *arg), void *arg);
-void SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-    unsigned int *len);
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-typedef int (*SSL_psk_use_session_cb_func)(SSL *ssl, const EVP_MD *md,
-    const unsigned char **id, size_t *idlen, SSL_SESSION **sess);
-void SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb);
-#endif
-
-#define SSL_NOTHING     1
-#define SSL_WRITING     2
-#define SSL_READING     3
-#define SSL_X509_LOOKUP 4
-
-/* These will only be used when doing non-blocking IO */
-#define SSL_want_nothing(s)     (SSL_want(s) == SSL_NOTHING)
-#define SSL_want_read(s)        (SSL_want(s) == SSL_READING)
-#define SSL_want_write(s)       (SSL_want(s) == SSL_WRITING)
-#define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP)
-
-#define SSL_MAC_FLAG_READ_MAC_STREAM 1
-#define SSL_MAC_FLAG_WRITE_MAC_STREAM 2
-
-#ifdef __cplusplus
-}
-#endif
-
-#include <openssl/ssl3.h>
-#include <openssl/tls1.h>       /* This is mostly sslv3 with a few tweaks */
-#include <openssl/dtls1.h>      /* Datagram TLS */
-#include <openssl/srtp.h>       /* Support for the use_srtp extension */
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* compatibility */
-#define SSL_set_app_data(s,arg)         (SSL_set_ex_data(s,0,(char *)arg))
-#define SSL_get_app_data(s)             (SSL_get_ex_data(s,0))
-#define SSL_SESSION_set_app_data(s,a)   (SSL_SESSION_set_ex_data(s,0,(char *)a))
-#define SSL_SESSION_get_app_data(s)     (SSL_SESSION_get_ex_data(s,0))
-#define SSL_CTX_get_app_data(ctx)       (SSL_CTX_get_ex_data(ctx,0))
-#define SSL_CTX_set_app_data(ctx,arg)   (SSL_CTX_set_ex_data(ctx,0,(char *)arg))
-
-/* The following are the possible values for ssl->state are are
- * used to indicate where we are up to in the SSL connection establishment.
- * The macros that follow are about the only things you should need to use
- * and even then, only when using non-blocking IO.
- * It can also be useful to work out where you were when the connection
- * failed */
-
-#define SSL_ST_CONNECT                  0x1000
-#define SSL_ST_ACCEPT                   0x2000
-#define SSL_ST_MASK                     0x0FFF
-#define SSL_ST_INIT                     (SSL_ST_CONNECT|SSL_ST_ACCEPT)
-#define SSL_ST_BEFORE                   0x4000
-#define SSL_ST_OK                       0x03
-#define SSL_ST_RENEGOTIATE              (0x04|SSL_ST_INIT)
-
-#define SSL_CB_LOOP                     0x01
-#define SSL_CB_EXIT                     0x02
-#define SSL_CB_READ                     0x04
-#define SSL_CB_WRITE                    0x08
-#define SSL_CB_ALERT                    0x4000 /* used in callback */
-#define SSL_CB_READ_ALERT               (SSL_CB_ALERT|SSL_CB_READ)
-#define SSL_CB_WRITE_ALERT              (SSL_CB_ALERT|SSL_CB_WRITE)
-#define SSL_CB_ACCEPT_LOOP              (SSL_ST_ACCEPT|SSL_CB_LOOP)
-#define SSL_CB_ACCEPT_EXIT              (SSL_ST_ACCEPT|SSL_CB_EXIT)
-#define SSL_CB_CONNECT_LOOP             (SSL_ST_CONNECT|SSL_CB_LOOP)
-#define SSL_CB_CONNECT_EXIT             (SSL_ST_CONNECT|SSL_CB_EXIT)
-#define SSL_CB_HANDSHAKE_START          0x10
-#define SSL_CB_HANDSHAKE_DONE           0x20
-
-/* Is the SSL_connection established? */
-#define SSL_get_state(a)                (SSL_state((a)))
-#define SSL_is_init_finished(a)         (SSL_state((a)) == SSL_ST_OK)
-#define SSL_in_init(a)                  (SSL_state((a))&SSL_ST_INIT)
-#define SSL_in_before(a)                (SSL_state((a))&SSL_ST_BEFORE)
-#define SSL_in_connect_init(a)          (SSL_state((a))&SSL_ST_CONNECT)
-#define SSL_in_accept_init(a)           (SSL_state((a))&SSL_ST_ACCEPT)
-
-/* The following 2 states are kept in ssl->rstate when reads fail,
- * you should not need these */
-#define SSL_ST_READ_HEADER              0xF0
-#define SSL_ST_READ_BODY                0xF1
-#define SSL_ST_READ_DONE                0xF2
-
-/* Obtain latest Finished message
- *   -- that we sent (SSL_get_finished)
- *   -- that we expected from peer (SSL_get_peer_finished).
- * Returns length (0 == no Finished so far), copies up to 'count' bytes. */
-size_t SSL_get_finished(const SSL *s, void *buf, size_t count);
-size_t SSL_get_peer_finished(const SSL *s, void *buf, size_t count);
-
-/* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options
- * are 'ored' with SSL_VERIFY_PEER if they are desired */
-#define SSL_VERIFY_NONE                 0x00
-#define SSL_VERIFY_PEER                 0x01
-#define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02
-#define SSL_VERIFY_CLIENT_ONCE          0x04
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define SSL_VERIFY_POST_HANDSHAKE       0x08
-
-int SSL_verify_client_post_handshake(SSL *s);
-void SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val);
-void SSL_set_post_handshake_auth(SSL *s, int val);
-#endif
-
-#define OpenSSL_add_ssl_algorithms()    SSL_library_init()
-#define SSLeay_add_ssl_algorithms()     SSL_library_init()
-
-/* More backward compatibility */
-#define SSL_get_cipher(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_cipher_bits(s,np) \
-                SSL_CIPHER_get_bits(SSL_get_current_cipher(s),np)
-#define SSL_get_cipher_version(s) \
-                SSL_CIPHER_get_version(SSL_get_current_cipher(s))
-#define SSL_get_cipher_name(s) \
-                SSL_CIPHER_get_name(SSL_get_current_cipher(s))
-#define SSL_get_time(a)         SSL_SESSION_get_time(a)
-#define SSL_set_time(a,b)       SSL_SESSION_set_time((a),(b))
-#define SSL_get_timeout(a)      SSL_SESSION_get_timeout(a)
-#define SSL_set_timeout(a,b)    SSL_SESSION_set_timeout((a),(b))
-
-#define d2i_SSL_SESSION_bio(bp,s_id) ASN1_d2i_bio_of(SSL_SESSION,SSL_SESSION_new,d2i_SSL_SESSION,bp,s_id)
-#define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio_of(SSL_SESSION,i2d_SSL_SESSION,bp,s_id)
-
-SSL_SESSION *PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x,
-    pem_password_cb *cb, void *u);
-SSL_SESSION *PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x,
-    pem_password_cb *cb, void *u);
-int PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x);
-int PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x);
-
-/*
- * TLS Alerts.
- *
- * https://www.iana.org/assignments/tls-parameters/#tls-parameters-6
- */
-
-/* Obsolete alerts. */
-#ifndef LIBRESSL_INTERNAL
-#define SSL_AD_DECRYPTION_FAILED                21      /* Removed in TLSv1.1 */
-#define SSL_AD_NO_CERTIFICATE                   41      /* Removed in TLSv1.0 */
-#define SSL_AD_EXPORT_RESTRICTION               60      /* Removed in TLSv1.1 */
-#endif
-
-#define SSL_AD_CLOSE_NOTIFY                     0
-#define SSL_AD_UNEXPECTED_MESSAGE               10
-#define SSL_AD_BAD_RECORD_MAC                   20
-#define SSL_AD_RECORD_OVERFLOW                  22
-#define SSL_AD_DECOMPRESSION_FAILURE            30      /* Removed in TLSv1.3 */
-#define SSL_AD_HANDSHAKE_FAILURE                40
-#define SSL_AD_BAD_CERTIFICATE                  42
-#define SSL_AD_UNSUPPORTED_CERTIFICATE          43
-#define SSL_AD_CERTIFICATE_REVOKED              44
-#define SSL_AD_CERTIFICATE_EXPIRED              45
-#define SSL_AD_CERTIFICATE_UNKNOWN              46
-#define SSL_AD_ILLEGAL_PARAMETER                47
-#define SSL_AD_UNKNOWN_CA                       48
-#define SSL_AD_ACCESS_DENIED                    49
-#define SSL_AD_DECODE_ERROR                     50
-#define SSL_AD_DECRYPT_ERROR                    51
-#define SSL_AD_PROTOCOL_VERSION                 70
-#define SSL_AD_INSUFFICIENT_SECURITY            71
-#define SSL_AD_INTERNAL_ERROR                   80
-#define SSL_AD_INAPPROPRIATE_FALLBACK           86
-#define SSL_AD_USER_CANCELLED                   90
-#define SSL_AD_NO_RENEGOTIATION                 100     /* Removed in TLSv1.3 */
-#define SSL_AD_MISSING_EXTENSION                109     /* Added in TLSv1.3. */
-#define SSL_AD_UNSUPPORTED_EXTENSION            110
-#define SSL_AD_CERTIFICATE_UNOBTAINABLE         111     /* Removed in TLSv1.3 */
-#define SSL_AD_UNRECOGNIZED_NAME                112
-#define SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE  113
-#define SSL_AD_BAD_CERTIFICATE_HASH_VALUE       114     /* Removed in TLSv1.3 */
-#define SSL_AD_UNKNOWN_PSK_IDENTITY             115
-#define SSL_AD_CERTIFICATE_REQUIRED             116
-#define SSL_AD_NO_APPLICATION_PROTOCOL          120
-
-/* Offset to get an SSL_R_... value from an SSL_AD_... value. */
-#define SSL_AD_REASON_OFFSET                    1000
-
-#define SSL_ERROR_NONE                          0
-#define SSL_ERROR_SSL                           1
-#define SSL_ERROR_WANT_READ                     2
-#define SSL_ERROR_WANT_WRITE                    3
-#define SSL_ERROR_WANT_X509_LOOKUP              4
-#define SSL_ERROR_SYSCALL                       5
-#define SSL_ERROR_ZERO_RETURN                   6
-#define SSL_ERROR_WANT_CONNECT                  7
-#define SSL_ERROR_WANT_ACCEPT                   8
-#define SSL_ERROR_WANT_ASYNC                    9
-#define SSL_ERROR_WANT_ASYNC_JOB                10
-#define SSL_ERROR_WANT_CLIENT_HELLO_CB          11
-
-#define SSL_CTRL_NEED_TMP_RSA                   1
-#define SSL_CTRL_SET_TMP_RSA                    2
-#define SSL_CTRL_SET_TMP_DH                     3
-#define SSL_CTRL_SET_TMP_ECDH                   4
-#define SSL_CTRL_SET_TMP_RSA_CB                 5
-#define SSL_CTRL_SET_TMP_DH_CB                  6
-#define SSL_CTRL_SET_TMP_ECDH_CB                7
-
-#define SSL_CTRL_GET_SESSION_REUSED             8
-#define SSL_CTRL_GET_CLIENT_CERT_REQUEST        9
-#define SSL_CTRL_GET_NUM_RENEGOTIATIONS         10
-#define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS       11
-#define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS       12
-#define SSL_CTRL_GET_FLAGS                      13
-#define SSL_CTRL_EXTRA_CHAIN_CERT               14
-
-#define SSL_CTRL_SET_MSG_CALLBACK               15
-#define SSL_CTRL_SET_MSG_CALLBACK_ARG           16
-
-/* only applies to datagram connections */
-#define SSL_CTRL_SET_MTU                17
-/* Stats */
-#define SSL_CTRL_SESS_NUMBER                    20
-#define SSL_CTRL_SESS_CONNECT                   21
-#define SSL_CTRL_SESS_CONNECT_GOOD              22
-#define SSL_CTRL_SESS_CONNECT_RENEGOTIATE       23
-#define SSL_CTRL_SESS_ACCEPT                    24
-#define SSL_CTRL_SESS_ACCEPT_GOOD               25
-#define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE        26
-#define SSL_CTRL_SESS_HIT                       27
-#define SSL_CTRL_SESS_CB_HIT                    28
-#define SSL_CTRL_SESS_MISSES                    29
-#define SSL_CTRL_SESS_TIMEOUTS                  30
-#define SSL_CTRL_SESS_CACHE_FULL                31
-#define SSL_CTRL_OPTIONS                        32
-#define SSL_CTRL_MODE                           33
-
-#define SSL_CTRL_GET_READ_AHEAD                 40
-#define SSL_CTRL_SET_READ_AHEAD                 41
-#define SSL_CTRL_SET_SESS_CACHE_SIZE            42
-#define SSL_CTRL_GET_SESS_CACHE_SIZE            43
-#define SSL_CTRL_SET_SESS_CACHE_MODE            44
-#define SSL_CTRL_GET_SESS_CACHE_MODE            45
-
-#define SSL_CTRL_GET_MAX_CERT_LIST              50
-#define SSL_CTRL_SET_MAX_CERT_LIST              51
-
-#define SSL_CTRL_SET_MAX_SEND_FRAGMENT          52
-
-/* see tls1.h for macros based on these */
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_CB       53
-#define SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG      54
-#define SSL_CTRL_SET_TLSEXT_HOSTNAME            55
-#define SSL_CTRL_SET_TLSEXT_DEBUG_CB            56
-#define SSL_CTRL_SET_TLSEXT_DEBUG_ARG           57
-#define SSL_CTRL_GET_TLSEXT_TICKET_KEYS         58
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEYS         59
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB       128
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB       63
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG   129
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG   64
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE     127
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE     65
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS     66
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS     67
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS      68
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS      69
-#define SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP        70
-#define SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP        71
-
-#define SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB       72
-
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME_CB    75
-#define SSL_CTRL_SET_SRP_VERIFY_PARAM_CB                76
-#define SSL_CTRL_SET_SRP_GIVE_CLIENT_PWD_CB             77
-
-#define SSL_CTRL_SET_SRP_ARG            78
-#define SSL_CTRL_SET_TLS_EXT_SRP_USERNAME               79
-#define SSL_CTRL_SET_TLS_EXT_SRP_STRENGTH               80
-#define SSL_CTRL_SET_TLS_EXT_SRP_PASSWORD               81
-
-#define DTLS_CTRL_GET_TIMEOUT           73
-#define DTLS_CTRL_HANDLE_TIMEOUT        74
-#define DTLS_CTRL_LISTEN                        75
-
-#define SSL_CTRL_GET_RI_SUPPORT                 76
-#define SSL_CTRL_CLEAR_OPTIONS                  77
-#define SSL_CTRL_CLEAR_MODE                     78
-
-#define SSL_CTRL_GET_EXTRA_CHAIN_CERTS          82
-#define SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS        83
-
-#define SSL_CTRL_CHAIN                                  88
-#define SSL_CTRL_CHAIN_CERT                             89
-
-#define SSL_CTRL_SET_GROUPS                             91
-#define SSL_CTRL_SET_GROUPS_LIST                        92
-#define SSL_CTRL_GET_SHARED_GROUP                       93
-#define SSL_CTRL_SET_ECDH_AUTO                          94
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define SSL_CTRL_GET_PEER_SIGNATURE_NID                 108
-#define SSL_CTRL_GET_PEER_TMP_KEY                       109
-#define SSL_CTRL_GET_SERVER_TMP_KEY SSL_CTRL_GET_PEER_TMP_KEY
-#else
-#define SSL_CTRL_GET_SERVER_TMP_KEY             109
-#endif
-
-#define SSL_CTRL_GET_CHAIN_CERTS                        115
-
-#define SSL_CTRL_SET_DH_AUTO                    118
-
-#define SSL_CTRL_SET_MIN_PROTO_VERSION                  123
-#define SSL_CTRL_SET_MAX_PROTO_VERSION                  124
-#define SSL_CTRL_GET_MIN_PROTO_VERSION                  130
-#define SSL_CTRL_GET_MAX_PROTO_VERSION                  131
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define SSL_CTRL_GET_SIGNATURE_NID                      132
-#endif
-
-#define DTLSv1_get_timeout(ssl, arg) \
-        SSL_ctrl(ssl,DTLS_CTRL_GET_TIMEOUT,0, (void *)arg)
-#define DTLSv1_handle_timeout(ssl) \
-        SSL_ctrl(ssl,DTLS_CTRL_HANDLE_TIMEOUT,0, NULL)
-#define DTLSv1_listen(ssl, peer) \
-        SSL_ctrl(ssl,DTLS_CTRL_LISTEN,0, (void *)peer)
-
-#define SSL_session_reused(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL)
-#define SSL_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_clear_num_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS,0,NULL)
-#define SSL_total_renegotiations(ssl) \
-        SSL_ctrl((ssl),SSL_CTRL_GET_TOTAL_RENEGOTIATIONS,0,NULL)
-
-#define SSL_CTX_need_tmp_RSA(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_CTX_set_tmp_rsa(ctx,rsa) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_CTX_set_tmp_dh(ctx,dh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_CTX_set_tmp_ecdh(ctx,ecdh) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-#define SSL_CTX_set_dh_auto(ctx, onoff) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
-#define SSL_CTX_set_ecdh_auto(ctx, onoff) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
-
-#define SSL_need_tmp_RSA(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL)
-#define SSL_set_tmp_rsa(ssl,rsa) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa)
-#define SSL_set_tmp_dh(ssl,dh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh)
-#define SSL_set_tmp_ecdh(ssl,ecdh) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_TMP_ECDH,0,(char *)ecdh)
-#define SSL_set_dh_auto(s, onoff) \
-        SSL_ctrl(s,SSL_CTRL_SET_DH_AUTO,onoff,NULL)
-#define SSL_set_ecdh_auto(s, onoff) \
-        SSL_ctrl(s,SSL_CTRL_SET_ECDH_AUTO,onoff,NULL)
-
-int SSL_CTX_set0_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);
-int SSL_CTX_set1_chain(SSL_CTX *ctx, STACK_OF(X509) *chain);
-int SSL_CTX_add0_chain_cert(SSL_CTX *ctx, X509 *x509);
-int SSL_CTX_add1_chain_cert(SSL_CTX *ctx, X509 *x509);
-int SSL_CTX_get0_chain_certs(const SSL_CTX *ctx, STACK_OF(X509) **out_chain);
-int SSL_CTX_clear_chain_certs(SSL_CTX *ctx);
-
-int SSL_set0_chain(SSL *ssl, STACK_OF(X509) *chain);
-int SSL_set1_chain(SSL *ssl, STACK_OF(X509) *chain);
-int SSL_add0_chain_cert(SSL *ssl, X509 *x509);
-int SSL_add1_chain_cert(SSL *ssl, X509 *x509);
-int SSL_get0_chain_certs(const SSL *ssl, STACK_OF(X509) **out_chain);
-int SSL_clear_chain_certs(SSL *ssl);
-
-int SSL_CTX_set1_groups(SSL_CTX *ctx, const int *groups, size_t groups_len);
-int SSL_CTX_set1_groups_list(SSL_CTX *ctx, const char *groups);
-
-int SSL_set1_groups(SSL *ssl, const int *groups, size_t groups_len);
-int SSL_set1_groups_list(SSL *ssl, const char *groups);
-
-int SSL_CTX_get_min_proto_version(SSL_CTX *ctx);
-int SSL_CTX_get_max_proto_version(SSL_CTX *ctx);
-int SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version);
-int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version);
-
-int SSL_get_min_proto_version(SSL *ssl);
-int SSL_get_max_proto_version(SSL *ssl);
-int SSL_set_min_proto_version(SSL *ssl, uint16_t version);
-int SSL_set_max_proto_version(SSL *ssl, uint16_t version);
-
-const SSL_METHOD *SSL_CTX_get_ssl_method(const SSL_CTX *ctx);
-
-#ifndef LIBRESSL_INTERNAL
-#define SSL_CTRL_SET_CURVES                     SSL_CTRL_SET_GROUPS
-#define SSL_CTRL_SET_CURVES_LIST                SSL_CTRL_SET_GROUPS_LIST
-
-#define SSL_CTX_set1_curves SSL_CTX_set1_groups
-#define SSL_CTX_set1_curves_list SSL_CTX_set1_groups_list
-#define SSL_set1_curves SSL_set1_groups
-#define SSL_set1_curves_list SSL_set1_groups_list
-#endif
-
-#define SSL_CTX_add_extra_chain_cert(ctx, x509) \
-        SSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, (char *)x509)
-#define SSL_CTX_get_extra_chain_certs(ctx, px509) \
-        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 0, px509)
-#define SSL_CTX_get_extra_chain_certs_only(ctx, px509) \
-        SSL_CTX_ctrl(ctx, SSL_CTRL_GET_EXTRA_CHAIN_CERTS, 1, px509)
-#define SSL_CTX_clear_extra_chain_certs(ctx) \
-        SSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0, NULL)
-
-#define SSL_get_shared_group(s, n) \
-        SSL_ctrl((s), SSL_CTRL_GET_SHARED_GROUP, (n), NULL)
-#define SSL_get_shared_curve SSL_get_shared_group
-
-#define SSL_get_server_tmp_key(s, pk) \
-        SSL_ctrl(s,SSL_CTRL_GET_SERVER_TMP_KEY,0,pk)
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define SSL_get_signature_nid(s, pn) \
-        SSL_ctrl(s, SSL_CTRL_GET_SIGNATURE_NID, 0, pn)
-
-#define SSL_get_peer_signature_nid(s, pn) \
-        SSL_ctrl(s, SSL_CTRL_GET_PEER_SIGNATURE_NID, 0, pn)
-#define SSL_get_peer_tmp_key(s, pk) \
-        SSL_ctrl(s, SSL_CTRL_GET_PEER_TMP_KEY, 0, pk)
-#endif /* LIBRESSL_HAS_TLS1_3 || LIBRESSL_INTERNAL */
-
-#ifndef LIBRESSL_INTERNAL
-/*
- * Also provide those functions as macros for compatibility with
- * existing users.
- */
-#define SSL_CTX_set0_chain              SSL_CTX_set0_chain
-#define SSL_CTX_set1_chain              SSL_CTX_set1_chain
-#define SSL_CTX_add0_chain_cert         SSL_CTX_add0_chain_cert
-#define SSL_CTX_add1_chain_cert         SSL_CTX_add1_chain_cert
-#define SSL_CTX_get0_chain_certs        SSL_CTX_get0_chain_certs
-#define SSL_CTX_clear_chain_certs       SSL_CTX_clear_chain_certs
-
-#define SSL_add0_chain_cert             SSL_add0_chain_cert
-#define SSL_add1_chain_cert             SSL_add1_chain_cert
-#define SSL_set0_chain                  SSL_set0_chain
-#define SSL_set1_chain                  SSL_set1_chain
-#define SSL_get0_chain_certs            SSL_get0_chain_certs
-#define SSL_clear_chain_certs           SSL_clear_chain_certs
-
-#define SSL_CTX_set1_groups             SSL_CTX_set1_groups
-#define SSL_CTX_set1_groups_list        SSL_CTX_set1_groups_list
-#define SSL_set1_groups                 SSL_set1_groups
-#define SSL_set1_groups_list            SSL_set1_groups_list
-
-#define SSL_CTX_get_min_proto_version   SSL_CTX_get_min_proto_version
-#define SSL_CTX_get_max_proto_version   SSL_CTX_get_max_proto_version
-#define SSL_CTX_set_min_proto_version   SSL_CTX_set_min_proto_version
-#define SSL_CTX_set_max_proto_version   SSL_CTX_set_max_proto_version
-
-#define SSL_get_min_proto_version       SSL_get_min_proto_version
-#define SSL_get_max_proto_version       SSL_get_max_proto_version
-#define SSL_set_min_proto_version       SSL_set_min_proto_version
-#define SSL_set_max_proto_version       SSL_set_max_proto_version
-#endif
-
-const BIO_METHOD *BIO_f_ssl(void);
-BIO *BIO_new_ssl(SSL_CTX *ctx, int client);
-BIO *BIO_new_ssl_connect(SSL_CTX *ctx);
-BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx);
-int BIO_ssl_copy_session_id(BIO *to, BIO *from);
-void BIO_ssl_shutdown(BIO *ssl_bio);
-
-STACK_OF(SSL_CIPHER) *SSL_CTX_get_ciphers(const SSL_CTX *ctx);
-int     SSL_CTX_set_cipher_list(SSL_CTX *, const char *str);
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-int SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str);
-#endif
-SSL_CTX *SSL_CTX_new(const SSL_METHOD *meth);
-void    SSL_CTX_free(SSL_CTX *);
-int SSL_CTX_up_ref(SSL_CTX *ctx);
-long SSL_CTX_set_timeout(SSL_CTX *ctx, long t);
-long SSL_CTX_get_timeout(const SSL_CTX *ctx);
-X509_STORE *SSL_CTX_get_cert_store(const SSL_CTX *);
-void SSL_CTX_set_cert_store(SSL_CTX *, X509_STORE *);
-void SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store);
-X509 *SSL_CTX_get0_certificate(const SSL_CTX *ctx);
-EVP_PKEY *SSL_CTX_get0_privatekey(const SSL_CTX *ctx);
-int SSL_want(const SSL *s);
-int     SSL_clear(SSL *s);
-
-void    SSL_CTX_flush_sessions(SSL_CTX *ctx, long tm);
-
-const SSL_CIPHER *SSL_get_current_cipher(const SSL *s);
-int     SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits);
-const char *    SSL_CIPHER_get_version(const SSL_CIPHER *c);
-const char *    SSL_CIPHER_get_name(const SSL_CIPHER *c);
-unsigned long   SSL_CIPHER_get_id(const SSL_CIPHER *c);
-uint16_t SSL_CIPHER_get_value(const SSL_CIPHER *c);
-const SSL_CIPHER *SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr);
-int SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c);
-int SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c);
-int SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c);
-int SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c);
-const EVP_MD *SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c);
-int SSL_CIPHER_is_aead(const SSL_CIPHER *c);
-
-int     SSL_get_fd(const SSL *s);
-int     SSL_get_rfd(const SSL *s);
-int     SSL_get_wfd(const SSL *s);
-const char  * SSL_get_cipher_list(const SSL *s, int n);
-char *  SSL_get_shared_ciphers(const SSL *s, char *buf, int len);
-int     SSL_get_read_ahead(const SSL * s);
-int     SSL_pending(const SSL *s);
-int     SSL_set_fd(SSL *s, int fd);
-int     SSL_set_rfd(SSL *s, int fd);
-int     SSL_set_wfd(SSL *s, int fd);
-void    SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio);
-BIO *   SSL_get_rbio(const SSL *s);
-void    SSL_set0_rbio(SSL *s, BIO *rbio);
-BIO *   SSL_get_wbio(const SSL *s);
-int     SSL_set_cipher_list(SSL *s, const char *str);
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-int     SSL_set_ciphersuites(SSL *s, const char *str);
-#endif
-void    SSL_set_read_ahead(SSL *s, int yes);
-int     SSL_get_verify_mode(const SSL *s);
-int     SSL_get_verify_depth(const SSL *s);
-int     (*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *);
-void    SSL_set_verify(SSL *s, int mode,
-            int (*callback)(int ok, X509_STORE_CTX *ctx));
-void    SSL_set_verify_depth(SSL *s, int depth);
-int     SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa);
-int     SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len);
-int     SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey);
-int     SSL_use_PrivateKey_ASN1(int pk, SSL *ssl, const unsigned char *d, long len);
-int     SSL_use_certificate(SSL *ssl, X509 *x);
-int     SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len);
-
-int     SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type);
-int     SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type);
-int     SSL_use_certificate_file(SSL *ssl, const char *file, int type);
-int     SSL_use_certificate_chain_file(SSL *ssl, const char *file);
-int     SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int     SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type);
-int     SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type);
-int     SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */
-int     SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len);
-STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file);
-int     SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-            const char *file);
-int     SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs,
-            const char *dir);
-
-void    SSL_load_error_strings(void );
-const char *SSL_state_string(const SSL *s);
-const char *SSL_rstate_string(const SSL *s);
-const char *SSL_state_string_long(const SSL *s);
-const char *SSL_rstate_string_long(const SSL *s);
-const SSL_CIPHER *SSL_SESSION_get0_cipher(const SSL_SESSION *ss);
-size_t  SSL_SESSION_get_master_key(const SSL_SESSION *ss,
-            unsigned char *out, size_t max_out);
-int     SSL_SESSION_get_protocol_version(const SSL_SESSION *s);
-long    SSL_SESSION_get_time(const SSL_SESSION *s);
-long    SSL_SESSION_set_time(SSL_SESSION *s, long t);
-long    SSL_SESSION_get_timeout(const SSL_SESSION *s);
-long    SSL_SESSION_set_timeout(SSL_SESSION *s, long t);
-int     SSL_copy_session_id(SSL *to, const SSL *from);
-X509    *SSL_SESSION_get0_peer(SSL_SESSION *s);
-int     SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
-            unsigned int sid_len);
-int     SSL_SESSION_set1_id_context(SSL_SESSION *s,
-            const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-int SSL_SESSION_is_resumable(const SSL_SESSION *s);
-#endif
-
-SSL_SESSION *SSL_SESSION_new(void);
-void    SSL_SESSION_free(SSL_SESSION *ses);
-int     SSL_SESSION_up_ref(SSL_SESSION *ss);
-const unsigned char *SSL_SESSION_get_id(const SSL_SESSION *ss,
-            unsigned int *len);
-const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *ss,
-            unsigned int *len);
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-uint32_t SSL_SESSION_get_max_early_data(const SSL_SESSION *sess);
-int SSL_SESSION_set_max_early_data(SSL_SESSION *sess, uint32_t max_early_data);
-#endif
-unsigned long SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s);
-int     SSL_SESSION_has_ticket(const SSL_SESSION *s);
-unsigned int SSL_SESSION_get_compress_id(const SSL_SESSION *ss);
-int     SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *ses);
-int     SSL_SESSION_print(BIO *fp, const SSL_SESSION *ses);
-int     i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp);
-int     SSL_set_session(SSL *to, SSL_SESSION *session);
-int     SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c);
-int     SSL_CTX_remove_session(SSL_CTX *, SSL_SESSION *c);
-int     SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB);
-int     SSL_set_generate_session_id(SSL *, GEN_SESSION_CB);
-int     SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-            unsigned int id_len);
-SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp,
-            long length);
-
-#ifdef HEADER_X509_H
-X509 *  SSL_get_peer_certificate(const SSL *s);
-#endif
-
-STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s);
-
-int SSL_CTX_get_verify_mode(const SSL_CTX *ctx);
-int SSL_CTX_get_verify_depth(const SSL_CTX *ctx);
-int (*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *);
-void SSL_CTX_set_verify(SSL_CTX *ctx, int mode,
-    int (*callback)(int, X509_STORE_CTX *));
-void SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth);
-void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *, void *), void *arg);
-int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa);
-int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len);
-int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey);
-int SSL_CTX_use_PrivateKey_ASN1(int pk, SSL_CTX *ctx, const unsigned char *d, long len);
-int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x);
-int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d);
-
-pem_password_cb *SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx);
-void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb);
-void *SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx);
-void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u);
-
-int SSL_CTX_check_private_key(const SSL_CTX *ctx);
-int SSL_check_private_key(const SSL *ctx);
-
-int SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-
-int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len);
-
-int SSL_CTX_set_purpose(SSL_CTX *s, int purpose);
-int SSL_set_purpose(SSL *s, int purpose);
-int SSL_CTX_set_trust(SSL_CTX *s, int trust);
-int SSL_set_trust(SSL *s, int trust);
-int SSL_set1_host(SSL *s, const char *hostname);
-void SSL_set_hostflags(SSL *s, unsigned int flags);
-const char *SSL_get0_peername(SSL *s);
-
-X509_VERIFY_PARAM *SSL_CTX_get0_param(SSL_CTX *ctx);
-int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
-X509_VERIFY_PARAM *SSL_get0_param(SSL *ssl);
-int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
-
-SSL *SSL_new(SSL_CTX *ctx);
-void    SSL_free(SSL *ssl);
-int     SSL_up_ref(SSL *ssl);
-int     SSL_accept(SSL *ssl);
-int     SSL_connect(SSL *ssl);
-int     SSL_is_dtls(const SSL *s);
-int     SSL_is_server(const SSL *s);
-int     SSL_read(SSL *ssl, void *buf, int num);
-int     SSL_peek(SSL *ssl, void *buf, int num);
-int     SSL_write(SSL *ssl, const void *buf, int num);
-int     SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_read);
-int     SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *bytes_peeked);
-int     SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *bytes_written);
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-uint32_t SSL_CTX_get_max_early_data(const SSL_CTX *ctx);
-int SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data);
-
-uint32_t SSL_get_max_early_data(const SSL *s);
-int SSL_set_max_early_data(SSL *s, uint32_t max_early_data);
-
-#define SSL_EARLY_DATA_NOT_SENT         0
-#define SSL_EARLY_DATA_REJECTED         1
-#define SSL_EARLY_DATA_ACCEPTED         2
-int SSL_get_early_data_status(const SSL *s);
-
-#define SSL_READ_EARLY_DATA_ERROR       0
-#define SSL_READ_EARLY_DATA_SUCCESS     1
-#define SSL_READ_EARLY_DATA_FINISH      2
-int SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes);
-int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written);
-#endif
-
-long    SSL_ctrl(SSL *ssl, int cmd, long larg, void *parg);
-long    SSL_callback_ctrl(SSL *, int, void (*)(void));
-long    SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg);
-long    SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)(void));
-
-int     SSL_get_error(const SSL *s, int ret_code);
-const char *SSL_get_version(const SSL *s);
-
-/* This sets the 'default' SSL version that SSL_new() will create */
-int SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth);
-
-const SSL_METHOD *SSLv23_method(void);          /* SSLv3 or TLSv1.* */
-const SSL_METHOD *SSLv23_server_method(void);   /* SSLv3 or TLSv1.* */
-const SSL_METHOD *SSLv23_client_method(void);   /* SSLv3 or TLSv1.* */
-
-const SSL_METHOD *TLSv1_method(void);           /* TLSv1.0 */
-const SSL_METHOD *TLSv1_server_method(void);    /* TLSv1.0 */
-const SSL_METHOD *TLSv1_client_method(void);    /* TLSv1.0 */
-
-const SSL_METHOD *TLSv1_1_method(void);         /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_server_method(void);  /* TLSv1.1 */
-const SSL_METHOD *TLSv1_1_client_method(void);  /* TLSv1.1 */
-
-const SSL_METHOD *TLSv1_2_method(void);         /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_server_method(void);  /* TLSv1.2 */
-const SSL_METHOD *TLSv1_2_client_method(void);  /* TLSv1.2 */
-
-const SSL_METHOD *TLS_method(void);             /* TLS v1.0 or later */
-const SSL_METHOD *TLS_server_method(void);      /* TLS v1.0 or later */
-const SSL_METHOD *TLS_client_method(void);      /* TLS v1.0 or later */
-
-const SSL_METHOD *DTLSv1_method(void);          /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_server_method(void);   /* DTLSv1.0 */
-const SSL_METHOD *DTLSv1_client_method(void);   /* DTLSv1.0 */
-
-const SSL_METHOD *DTLSv1_2_method(void);        /* DTLSv1.2 */
-const SSL_METHOD *DTLSv1_2_server_method(void); /* DTLSv1.2 */
-const SSL_METHOD *DTLSv1_2_client_method(void); /* DTLSv1.2 */
-
-const SSL_METHOD *DTLS_method(void);            /* DTLS v1.0 or later */
-const SSL_METHOD *DTLS_server_method(void);     /* DTLS v1.0 or later */
-const SSL_METHOD *DTLS_client_method(void);     /* DTLS v1.0 or later */
-
-STACK_OF(SSL_CIPHER) *SSL_get_ciphers(const SSL *s);
-STACK_OF(SSL_CIPHER) *SSL_get_client_ciphers(const SSL *s);
-STACK_OF(SSL_CIPHER) *SSL_get1_supported_ciphers(SSL *s);
-
-int SSL_do_handshake(SSL *s);
-int SSL_renegotiate(SSL *s);
-int SSL_renegotiate_abbreviated(SSL *s);
-int SSL_renegotiate_pending(SSL *s);
-int SSL_shutdown(SSL *s);
-
-const SSL_METHOD *SSL_get_ssl_method(SSL *s);
-int SSL_set_ssl_method(SSL *s, const SSL_METHOD *method);
-const char *SSL_alert_type_string_long(int value);
-const char *SSL_alert_type_string(int value);
-const char *SSL_alert_desc_string_long(int value);
-const char *SSL_alert_desc_string(int value);
-
-void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list);
-void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list);
-STACK_OF(X509_NAME) *SSL_get_client_CA_list(const SSL *s);
-STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(const SSL_CTX *s);
-int SSL_add_client_CA(SSL *ssl, X509 *x);
-int SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x);
-
-void SSL_set_connect_state(SSL *s);
-void SSL_set_accept_state(SSL *s);
-
-long SSL_get_default_timeout(const SSL *s);
-
-char *SSL_CIPHER_description(const SSL_CIPHER *, char *buf, int size);
-STACK_OF(X509_NAME) *SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk);
-
-SSL *SSL_dup(SSL *ssl);
-
-X509 *SSL_get_certificate(const SSL *ssl);
-/* EVP_PKEY */ struct evp_pkey_st *SSL_get_privatekey(const SSL *ssl);
-
-void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode);
-int SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx);
-void SSL_set_quiet_shutdown(SSL *ssl,int mode);
-int SSL_get_quiet_shutdown(const SSL *ssl);
-void SSL_set_shutdown(SSL *ssl,int mode);
-int SSL_get_shutdown(const SSL *ssl);
-int SSL_version(const SSL *ssl);
-int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx);
-int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-    const char *CApath);
-int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len);
-#define SSL_get0_session SSL_get_session /* just peek at pointer */
-SSL_SESSION *SSL_get_session(const SSL *ssl);
-SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */
-SSL_CTX *SSL_get_SSL_CTX(const SSL *ssl);
-SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx);
-void SSL_set_info_callback(SSL *ssl,
-    void (*cb)(const SSL *ssl, int type, int val));
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val);
-int SSL_state(const SSL *ssl);
-void SSL_set_state(SSL *ssl, int state);
-
-void SSL_set_verify_result(SSL *ssl, long v);
-long SSL_get_verify_result(const SSL *ssl);
-
-int SSL_set_ex_data(SSL *ssl, int idx, void *data);
-void *SSL_get_ex_data(const SSL *ssl, int idx);
-int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_SESSION_set_ex_data(SSL_SESSION *ss, int idx, void *data);
-void *SSL_SESSION_get_ex_data(const SSL_SESSION *ss, int idx);
-int SSL_SESSION_get_ex_new_index(long argl, void *argp,
-    CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func,
-    CRYPTO_EX_free *free_func);
-
-int SSL_CTX_set_ex_data(SSL_CTX *ssl, int idx, void *data);
-void *SSL_CTX_get_ex_data(const SSL_CTX *ssl, int idx);
-int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
-
-int SSL_get_ex_data_X509_STORE_CTX_idx(void );
-
-#define SSL_CTX_sess_set_cache_size(ctx,t) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL)
-#define SSL_CTX_sess_get_cache_size(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL)
-#define SSL_CTX_set_session_cache_mode(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL)
-#define SSL_CTX_get_session_cache_mode(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL)
-
-#define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx)
-#define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m)
-#define SSL_CTX_get_read_ahead(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL)
-#define SSL_CTX_set_read_ahead(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL)
-#define SSL_CTX_get_max_cert_list(ctx) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_CTX_set_max_cert_list(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-#define SSL_get_max_cert_list(ssl) \
-        SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL)
-#define SSL_set_max_cert_list(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL)
-
-#define SSL_CTX_set_max_send_fragment(ctx,m) \
-        SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-#define SSL_set_max_send_fragment(ssl,m) \
-        SSL_ctrl(ssl,SSL_CTRL_SET_MAX_SEND_FRAGMENT,m,NULL)
-
-/* NB: the keylength is only applicable when is_export is true */
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-
-void SSL_set_tmp_rsa_callback(SSL *ssl,
-    RSA *(*cb)(SSL *ssl, int is_export, int keylength));
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
-    DH *(*dh)(SSL *ssl, int is_export, int keylength));
-void SSL_set_tmp_dh_callback(SSL *ssl,
-    DH *(*dh)(SSL *ssl, int is_export, int keylength));
-void SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx,
-    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-void SSL_set_tmp_ecdh_callback(SSL *ssl,
-    EC_KEY *(*ecdh)(SSL *ssl, int is_export, int keylength));
-
-size_t SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out);
-size_t SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out);
-
-const void *SSL_get_current_compression(SSL *s);
-const void *SSL_get_current_expansion(SSL *s);
-
-const char *SSL_COMP_get_name(const void *comp);
-void *SSL_COMP_get_compression_methods(void);
-
-/* TLS extensions functions */
-int SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len);
-
-int SSL_set_session_ticket_ext_cb(SSL *s,
-    tls_session_ticket_ext_cb_fn cb, void *arg);
-
-/* Pre-shared secret session resumption functions */
-int SSL_set_session_secret_cb(SSL *s,
-    tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
-
-int SSL_cache_hit(SSL *s);
-
-/* What the "other" parameter contains in security callback */
-/* Mask for type */
-#define SSL_SECOP_OTHER_TYPE            0xffff0000
-#define SSL_SECOP_OTHER_NONE            0
-#define SSL_SECOP_OTHER_CIPHER          (1 << 16)
-#define SSL_SECOP_OTHER_CURVE           (2 << 16)
-#define SSL_SECOP_OTHER_DH              (3 << 16)
-#define SSL_SECOP_OTHER_PKEY            (4 << 16)
-#define SSL_SECOP_OTHER_SIGALG          (5 << 16)
-#define SSL_SECOP_OTHER_CERT            (6 << 16)
-
-/* Indicated operation refers to peer key or certificate */
-#define SSL_SECOP_PEER                  0x1000
-
-/* Values for "op" parameter in security callback */
-
-/* Called to filter ciphers */
-/* Ciphers client supports */
-#define SSL_SECOP_CIPHER_SUPPORTED      (1 | SSL_SECOP_OTHER_CIPHER)
-/* Cipher shared by client/server */
-#define SSL_SECOP_CIPHER_SHARED         (2 | SSL_SECOP_OTHER_CIPHER)
-/* Sanity check of cipher server selects */
-#define SSL_SECOP_CIPHER_CHECK          (3 | SSL_SECOP_OTHER_CIPHER)
-/* Curves supported by client */
-#define SSL_SECOP_CURVE_SUPPORTED       (4 | SSL_SECOP_OTHER_CURVE)
-/* Curves shared by client/server */
-#define SSL_SECOP_CURVE_SHARED          (5 | SSL_SECOP_OTHER_CURVE)
-/* Sanity check of curve server selects */
-#define SSL_SECOP_CURVE_CHECK           (6 | SSL_SECOP_OTHER_CURVE)
-/* Temporary DH key */
-/*
- * XXX: changed in OpenSSL e2b420fdd70 to (7 | SSL_SECOP_OTHER_PKEY)
- * Needs switching internal use of DH to EVP_PKEY. The code is not reachable
- * from outside the library as long as we do not expose the callback in the API.
- */
-#define SSL_SECOP_TMP_DH                (7 | SSL_SECOP_OTHER_DH)
-/* SSL/TLS version */
-#define SSL_SECOP_VERSION               (9 | SSL_SECOP_OTHER_NONE)
-/* Session tickets */
-#define SSL_SECOP_TICKET                (10 | SSL_SECOP_OTHER_NONE)
-/* Supported signature algorithms sent to peer */
-#define SSL_SECOP_SIGALG_SUPPORTED      (11 | SSL_SECOP_OTHER_SIGALG)
-/* Shared signature algorithm */
-#define SSL_SECOP_SIGALG_SHARED         (12 | SSL_SECOP_OTHER_SIGALG)
-/* Sanity check signature algorithm allowed */
-#define SSL_SECOP_SIGALG_CHECK          (13 | SSL_SECOP_OTHER_SIGALG)
-/* Used to get mask of supported public key signature algorithms */
-#define SSL_SECOP_SIGALG_MASK           (14 | SSL_SECOP_OTHER_SIGALG)
-/* Use to see if compression is allowed */
-#define SSL_SECOP_COMPRESSION           (15 | SSL_SECOP_OTHER_NONE)
-/* EE key in certificate */
-#define SSL_SECOP_EE_KEY                (16 | SSL_SECOP_OTHER_CERT)
-/* CA key in certificate */
-#define SSL_SECOP_CA_KEY                (17 | SSL_SECOP_OTHER_CERT)
-/* CA digest algorithm in certificate */
-#define SSL_SECOP_CA_MD                 (18 | SSL_SECOP_OTHER_CERT)
-/* Peer EE key in certificate */
-#define SSL_SECOP_PEER_EE_KEY           (SSL_SECOP_EE_KEY | SSL_SECOP_PEER)
-/* Peer CA key in certificate */
-#define SSL_SECOP_PEER_CA_KEY           (SSL_SECOP_CA_KEY | SSL_SECOP_PEER)
-/* Peer CA digest algorithm in certificate */
-#define SSL_SECOP_PEER_CA_MD            (SSL_SECOP_CA_MD | SSL_SECOP_PEER)
-
-void SSL_set_security_level(SSL *ssl, int level);
-int SSL_get_security_level(const SSL *ssl);
-
-void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
-int SSL_CTX_get_security_level(const SSL_CTX *ctx);
-
-#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL)
-/*
- * QUIC integration.
- *
- * QUIC acts as an underlying transport for the TLS 1.3 handshake. The following
- * functions allow a QUIC implementation to serve as the underlying transport as
- * described in RFC 9001.
- *
- * When configured for QUIC, |SSL_do_handshake| will drive the handshake as
- * before, but it will not use the configured |BIO|. It will call functions on
- * |SSL_QUIC_METHOD| to configure secrets and send data. If data is needed from
- * the peer, it will return |SSL_ERROR_WANT_READ|. As the caller receives data
- * it can decrypt, it calls |SSL_provide_quic_data|. Subsequent
- * |SSL_do_handshake| calls will then consume that data and progress the
- * handshake. After the handshake is complete, the caller should continue to
- * call |SSL_provide_quic_data| for any post-handshake data, followed by
- * |SSL_process_quic_post_handshake| to process it. It is an error to call
- * |SSL_peek|, |SSL_read| and |SSL_write| in QUIC.
- *
- * To avoid DoS attacks, the QUIC implementation must limit the amount of data
- * being queued up. The implementation can call
- * |SSL_quic_max_handshake_flight_len| to get the maximum buffer length at each
- * encryption level.
- *
- * QUIC implementations must additionally configure transport parameters with
- * |SSL_set_quic_transport_params|. |SSL_get_peer_quic_transport_params| may be
- * used to query the value received from the peer. This extension is handled
- * as an opaque byte string, which the caller is responsible for serializing
- * and parsing. See RFC 9000 section 7.4 for further details.
- */
-
-/*
- * ssl_encryption_level_t specifies the QUIC encryption level used to transmit
- * handshake messages.
- */
-typedef enum ssl_encryption_level_t {
-        ssl_encryption_initial = 0,
-        ssl_encryption_early_data,
-        ssl_encryption_handshake,
-        ssl_encryption_application,
-} OSSL_ENCRYPTION_LEVEL;
-
-/*
- * ssl_quic_method_st (aka |SSL_QUIC_METHOD|) describes custom QUIC hooks.
- *
- * Note that we provide both the new (BoringSSL) secrets interface
- * (set_read_secret/set_write_secret) along with the old interface
- * (set_encryption_secrets), which quictls is still using.
- *
- * Since some consumers fail to use named initialisers, the order of these
- * functions is important. Hopefully all of these consumers use the old version.
- */
-struct ssl_quic_method_st {
-        /*
-         * set_encryption_secrets configures the read and write secrets for the
-         * given encryption level. This function will always be called before an
-         * encryption level other than |ssl_encryption_initial| is used.
-         *
-         * When reading packets at a given level, the QUIC implementation must
-         * send ACKs at the same level, so this function provides read and write
-         * secrets together. The exception is |ssl_encryption_early_data|, where
-         * secrets are only available in the client to server direction. The
-         * other secret will be NULL. The server acknowledges such data at
-         * |ssl_encryption_application|, which will be configured in the same
-         * |SSL_do_handshake| call.
-         *
-         * This function should use |SSL_get_current_cipher| to determine the TLS
-         * cipher suite.
-         */
-        int (*set_encryption_secrets)(SSL *ssl, enum ssl_encryption_level_t level,
-            const uint8_t *read_secret, const uint8_t *write_secret,
-            size_t secret_len);
-
-        /*
-         * add_handshake_data adds handshake data to the current flight at the
-         * given encryption level. It returns one on success and zero on error.
-         * Callers should defer writing data to the network until |flush_flight|
-         * to better pack QUIC packets into transport datagrams.
-         *
-         * If |level| is not |ssl_encryption_initial|, this function will not be
-         * called before |level| is initialized with |set_write_secret|.
-         */
-        int (*add_handshake_data)(SSL *ssl, enum ssl_encryption_level_t level,
-            const uint8_t *data, size_t len);
-
-        /*
-         * flush_flight is called when the current flight is complete and should
-         * be written to the transport. Note a flight may contain data at
-         * several encryption levels. It returns one on success and zero on
-         * error.
-         */
-        int (*flush_flight)(SSL *ssl);
-
-        /*
-         * send_alert sends a fatal alert at the specified encryption level. It
-         * returns one on success and zero on error.
-         *
-         * If |level| is not |ssl_encryption_initial|, this function will not be
-         * called before |level| is initialized with |set_write_secret|.
-         */
-        int (*send_alert)(SSL *ssl, enum ssl_encryption_level_t level,
-            uint8_t alert);
-
-        /*
-         * set_read_secret configures the read secret and cipher suite for the
-         * given encryption level. It returns one on success and zero to
-         * terminate the handshake with an error. It will be called at most once
-         * per encryption level.
-         *
-         * Read keys will not be released before QUIC may use them. Once a level
-         * has been initialized, QUIC may begin processing data from it.
-         * Handshake data should be passed to |SSL_provide_quic_data| and
-         * application data (if |level| is |ssl_encryption_early_data| or
-         * |ssl_encryption_application|) may be processed according to the rules
-         * of the QUIC protocol.
-         */
-        int (*set_read_secret)(SSL *ssl, enum ssl_encryption_level_t level,
-            const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
-
-        /*
-         * set_write_secret behaves like |set_read_secret| but configures the
-         * write secret and cipher suite for the given encryption level. It will
-         * be called at most once per encryption level.
-         *
-         * Write keys will not be released before QUIC may use them. If |level|
-         * is |ssl_encryption_early_data| or |ssl_encryption_application|, QUIC
-         * may begin sending application data at |level|.
-         */
-        int (*set_write_secret)(SSL *ssl, enum ssl_encryption_level_t level,
-            const SSL_CIPHER *cipher, const uint8_t *secret, size_t secret_len);
-};
-
-/*
- * SSL_CTX_set_quic_method configures the QUIC hooks. This should only be
- * configured with a minimum version of TLS 1.3. |quic_method| must remain valid
- * for the lifetime of |ctx|. It returns one on success and zero on error.
- */
-int SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method);
-
-/*
- * SSL_set_quic_method configures the QUIC hooks. This should only be
- * configured with a minimum version of TLS 1.3. |quic_method| must remain valid
- * for the lifetime of |ssl|. It returns one on success and zero on error.
- */
-int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method);
-
-/* SSL_is_quic returns true if an SSL has been configured for use with QUIC. */
-int SSL_is_quic(const SSL *ssl);
-
-/*
- * SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes
- * that may be received at the given encryption level. This function should be
- * used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5.
- */
-size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
-    enum ssl_encryption_level_t level);
-
-/*
- * SSL_quic_read_level returns the current read encryption level.
- */
-enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl);
-
-/*
- * SSL_quic_write_level returns the current write encryption level.
- */
-enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl);
-
-/*
- * SSL_provide_quic_data provides data from QUIC at a particular encryption
- * level |level|. It returns one on success and zero on error. Note this
- * function will return zero if the handshake is not expecting data from |level|
- * at this time. The QUIC implementation should then close the connection with
- * an error.
- */
-int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
-    const uint8_t *data, size_t len);
-
-/*
- * SSL_process_quic_post_handshake processes any data that QUIC has provided
- * after the handshake has completed. This includes NewSessionTicket messages
- * sent by the server. It returns one on success and zero on error.
- */
-int SSL_process_quic_post_handshake(SSL *ssl);
-
-/*
- * SSL_set_quic_transport_params configures |ssl| to send |params| (of length
- * |params_len|) in the quic_transport_parameters extension in either the
- * ClientHello or EncryptedExtensions handshake message. It is an error to set
- * transport parameters if |ssl| is not configured for QUIC. The buffer pointed
- * to by |params| only need be valid for the duration of the call to this
- * function. This function returns 1 on success and 0 on failure.
- */
-int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
-    size_t params_len);
-
-/*
- * SSL_get_peer_quic_transport_params provides the caller with the value of the
- * quic_transport_parameters extension sent by the peer. A pointer to the buffer
- * containing the TransportParameters will be put in |*out_params|, and its
- * length in |*params_len|. This buffer will be valid for the lifetime of the
- * |SSL|. If no params were received from the peer, |*out_params_len| will be 0.
- */
-void SSL_get_peer_quic_transport_params(const SSL *ssl,
-    const uint8_t **out_params, size_t *out_params_len);
-
-/*
- * SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC
- * extension codepoint 0xffa5 as opposed to the official value 57. This is
- * unsupported in LibreSSL.
- */
-void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy);
-
-#endif
-
-void ERR_load_SSL_strings(void);
-
-/* Error codes for the SSL functions. */
-
-/* Function codes. */
-#define SSL_F_CLIENT_CERTIFICATE                         100
-#define SSL_F_CLIENT_FINISHED                            167
-#define SSL_F_CLIENT_HELLO                               101
-#define SSL_F_CLIENT_MASTER_KEY                          102
-#define SSL_F_D2I_SSL_SESSION                            103
-#define SSL_F_DO_DTLS1_WRITE                             245
-#define SSL_F_DO_SSL3_WRITE                              104
-#define SSL_F_DTLS1_ACCEPT                               246
-#define SSL_F_DTLS1_ADD_CERT_TO_BUF                      295
-#define SSL_F_DTLS1_BUFFER_RECORD                        247
-#define SSL_F_DTLS1_CHECK_TIMEOUT_NUM                    316
-#define SSL_F_DTLS1_CLIENT_HELLO                         248
-#define SSL_F_DTLS1_CONNECT                              249
-#define SSL_F_DTLS1_ENC                                  250
-#define SSL_F_DTLS1_GET_HELLO_VERIFY                     251
-#define SSL_F_DTLS1_GET_MESSAGE                          252
-#define SSL_F_DTLS1_GET_MESSAGE_FRAGMENT                 253
-#define SSL_F_DTLS1_GET_RECORD                           254
-#define SSL_F_DTLS1_HANDLE_TIMEOUT                       297
-#define SSL_F_DTLS1_HEARTBEAT                            305
-#define SSL_F_DTLS1_OUTPUT_CERT_CHAIN                    255
-#define SSL_F_DTLS1_PREPROCESS_FRAGMENT                  288
-#define SSL_F_DTLS1_PROCESS_OUT_OF_SEQ_MESSAGE           256
-#define SSL_F_DTLS1_PROCESS_RECORD                       257
-#define SSL_F_DTLS1_READ_BYTES                           258
-#define SSL_F_DTLS1_READ_FAILED                          259
-#define SSL_F_DTLS1_SEND_CERTIFICATE_REQUEST             260
-#define SSL_F_DTLS1_SEND_CLIENT_CERTIFICATE              261
-#define SSL_F_DTLS1_SEND_CLIENT_KEY_EXCHANGE             262
-#define SSL_F_DTLS1_SEND_CLIENT_VERIFY                   263
-#define SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST            264
-#define SSL_F_DTLS1_SEND_SERVER_CERTIFICATE              265
-#define SSL_F_DTLS1_SEND_SERVER_HELLO                    266
-#define SSL_F_DTLS1_SEND_SERVER_KEY_EXCHANGE             267
-#define SSL_F_DTLS1_WRITE_APP_DATA_BYTES                 268
-#define SSL_F_GET_CLIENT_FINISHED                        105
-#define SSL_F_GET_CLIENT_HELLO                           106
-#define SSL_F_GET_CLIENT_MASTER_KEY                      107
-#define SSL_F_GET_SERVER_FINISHED                        108
-#define SSL_F_GET_SERVER_HELLO                           109
-#define SSL_F_GET_SERVER_VERIFY                          110
-#define SSL_F_I2D_SSL_SESSION                            111
-#define SSL_F_READ_N                                     112
-#define SSL_F_REQUEST_CERTIFICATE                        113
-#define SSL_F_SERVER_FINISH                              239
-#define SSL_F_SERVER_HELLO                               114
-#define SSL_F_SERVER_VERIFY                              240
-#define SSL_F_SSL23_ACCEPT                               115
-#define SSL_F_SSL23_CLIENT_HELLO                         116
-#define SSL_F_SSL23_CONNECT                              117
-#define SSL_F_SSL23_GET_CLIENT_HELLO                     118
-#define SSL_F_SSL23_GET_SERVER_HELLO                     119
-#define SSL_F_SSL23_PEEK                                 237
-#define SSL_F_SSL23_READ                                 120
-#define SSL_F_SSL23_WRITE                                121
-#define SSL_F_SSL2_ACCEPT                                122
-#define SSL_F_SSL2_CONNECT                               123
-#define SSL_F_SSL2_ENC_INIT                              124
-#define SSL_F_SSL2_GENERATE_KEY_MATERIAL                 241
-#define SSL_F_SSL2_PEEK                                  234
-#define SSL_F_SSL2_READ                                  125
-#define SSL_F_SSL2_READ_INTERNAL                         236
-#define SSL_F_SSL2_SET_CERTIFICATE                       126
-#define SSL_F_SSL2_WRITE                                 127
-#define SSL_F_SSL3_ACCEPT                                128
-#define SSL_F_SSL3_ADD_CERT_TO_BUF                       296
-#define SSL_F_SSL3_CALLBACK_CTRL                         233
-#define SSL_F_SSL3_CHANGE_CIPHER_STATE                   129
-#define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM              130
-#define SSL_F_SSL3_CHECK_CLIENT_HELLO                    304
-#define SSL_F_SSL3_CLIENT_HELLO                          131
-#define SSL_F_SSL3_CONNECT                               132
-#define SSL_F_SSL3_CTRL                                  213
-#define SSL_F_SSL3_CTX_CTRL                              133
-#define SSL_F_SSL3_DIGEST_CACHED_RECORDS                 293
-#define SSL_F_SSL3_DO_CHANGE_CIPHER_SPEC                 292
-#define SSL_F_SSL3_ENC                                   134
-#define SSL_F_SSL3_GENERATE_KEY_BLOCK                    238
-#define SSL_F_SSL3_GET_CERTIFICATE_REQUEST               135
-#define SSL_F_SSL3_GET_CERT_STATUS                       289
-#define SSL_F_SSL3_GET_CERT_VERIFY                       136
-#define SSL_F_SSL3_GET_CLIENT_CERTIFICATE                137
-#define SSL_F_SSL3_GET_CLIENT_HELLO                      138
-#define SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE               139
-#define SSL_F_SSL3_GET_FINISHED                          140
-#define SSL_F_SSL3_GET_KEY_EXCHANGE                      141
-#define SSL_F_SSL3_GET_MESSAGE                           142
-#define SSL_F_SSL3_GET_NEW_SESSION_TICKET                283
-#define SSL_F_SSL3_GET_NEXT_PROTO                        306
-#define SSL_F_SSL3_GET_RECORD                            143
-#define SSL_F_SSL3_GET_SERVER_CERTIFICATE                144
-#define SSL_F_SSL3_GET_SERVER_DONE                       145
-#define SSL_F_SSL3_GET_SERVER_HELLO                      146
-#define SSL_F_SSL3_HANDSHAKE_MAC                         285
-#define SSL_F_SSL3_NEW_SESSION_TICKET                    287
-#define SSL_F_SSL3_OUTPUT_CERT_CHAIN                     147
-#define SSL_F_SSL3_PEEK                                  235
-#define SSL_F_SSL3_READ_BYTES                            148
-#define SSL_F_SSL3_READ_N                                149
-#define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST              150
-#define SSL_F_SSL3_SEND_CLIENT_CERTIFICATE               151
-#define SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE              152
-#define SSL_F_SSL3_SEND_CLIENT_VERIFY                    153
-#define SSL_F_SSL3_SEND_SERVER_CERTIFICATE               154
-#define SSL_F_SSL3_SEND_SERVER_HELLO                     242
-#define SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE              155
-#define SSL_F_SSL3_SETUP_KEY_BLOCK                       157
-#define SSL_F_SSL3_SETUP_READ_BUFFER                     156
-#define SSL_F_SSL3_SETUP_WRITE_BUFFER                    291
-#define SSL_F_SSL3_WRITE_BYTES                           158
-#define SSL_F_SSL3_WRITE_PENDING                         159
-#define SSL_F_SSL_ADD_CLIENTHELLO_RENEGOTIATE_EXT        298
-#define SSL_F_SSL_ADD_CLIENTHELLO_TLSEXT                 277
-#define SSL_F_SSL_ADD_CLIENTHELLO_USE_SRTP_EXT           307
-#define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK         215
-#define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK        216
-#define SSL_F_SSL_ADD_SERVERHELLO_RENEGOTIATE_EXT        299
-#define SSL_F_SSL_ADD_SERVERHELLO_TLSEXT                 278
-#define SSL_F_SSL_ADD_SERVERHELLO_USE_SRTP_EXT           308
-#define SSL_F_SSL_BAD_METHOD                             160
-#define SSL_F_SSL_BYTES_TO_CIPHER_LIST                   161
-#define SSL_F_SSL_CERT_DUP                               221
-#define SSL_F_SSL_CERT_INST                              222
-#define SSL_F_SSL_CERT_INSTANTIATE                       214
-#define SSL_F_SSL_CERT_NEW                               162
-#define SSL_F_SSL_CHECK_PRIVATE_KEY                      163
-#define SSL_F_SSL_CHECK_SERVERHELLO_TLSEXT               280
-#define SSL_F_SSL_CHECK_SRVR_ECC_CERT_AND_ALG            279
-#define SSL_F_SSL_CIPHER_PROCESS_RULESTR                 230
-#define SSL_F_SSL_CIPHER_STRENGTH_SORT                   231
-#define SSL_F_SSL_CLEAR                                  164
-#define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD            165
-#define SSL_F_SSL_CREATE_CIPHER_LIST                     166
-#define SSL_F_SSL_CTRL                                   232
-#define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY                  168
-#define SSL_F_SSL_CTX_MAKE_PROFILES                      309
-#define SSL_F_SSL_CTX_NEW                                169
-#define SSL_F_SSL_CTX_SET_CIPHER_LIST                    269
-#define SSL_F_SSL_CTX_SET_CLIENT_CERT_ENGINE             290
-#define SSL_F_SSL_CTX_SET_PURPOSE                        226
-#define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT             219
-#define SSL_F_SSL_CTX_SET_SSL_VERSION                    170
-#define SSL_F_SSL_CTX_SET_TRUST                          229
-#define SSL_F_SSL_CTX_USE_CERTIFICATE                    171
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1               172
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE         220
-#define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE               173
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY                     174
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1                175
-#define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE                176
-#define SSL_F_SSL_CTX_USE_PSK_IDENTITY_HINT              272
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY                  177
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1             178
-#define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE             179
-#define SSL_F_SSL_DO_HANDSHAKE                           180
-#define SSL_F_SSL_GET_NEW_SESSION                        181
-#define SSL_F_SSL_GET_PREV_SESSION                       217
-#define SSL_F_SSL_GET_SERVER_SEND_CERT                   182
-#define SSL_F_SSL_GET_SERVER_SEND_PKEY                   317
-#define SSL_F_SSL_GET_SIGN_PKEY                          183
-#define SSL_F_SSL_INIT_WBIO_BUFFER                       184
-#define SSL_F_SSL_LOAD_CLIENT_CA_FILE                    185
-#define SSL_F_SSL_NEW                                    186
-#define SSL_F_SSL_PARSE_CLIENTHELLO_RENEGOTIATE_EXT      300
-#define SSL_F_SSL_PARSE_CLIENTHELLO_TLSEXT               302
-#define SSL_F_SSL_PARSE_CLIENTHELLO_USE_SRTP_EXT         310
-#define SSL_F_SSL_PARSE_SERVERHELLO_RENEGOTIATE_EXT      301
-#define SSL_F_SSL_PARSE_SERVERHELLO_TLSEXT               303
-#define SSL_F_SSL_PARSE_SERVERHELLO_USE_SRTP_EXT         311
-#define SSL_F_SSL_PEEK                                   270
-#define SSL_F_SSL_PREPARE_CLIENTHELLO_TLSEXT             281
-#define SSL_F_SSL_PREPARE_SERVERHELLO_TLSEXT             282
-#define SSL_F_SSL_READ                                   223
-#define SSL_F_SSL_RSA_PRIVATE_DECRYPT                    187
-#define SSL_F_SSL_RSA_PUBLIC_ENCRYPT                     188
-#define SSL_F_SSL_SESSION_NEW                            189
-#define SSL_F_SSL_SESSION_PRINT_FP                       190
-#define SSL_F_SSL_SESSION_SET1_ID_CONTEXT                312
-#define SSL_F_SSL_SESS_CERT_NEW                          225
-#define SSL_F_SSL_SET_CERT                               191
-#define SSL_F_SSL_SET_CIPHER_LIST                        271
-#define SSL_F_SSL_SET_FD                                 192
-#define SSL_F_SSL_SET_PKEY                               193
-#define SSL_F_SSL_SET_PURPOSE                            227
-#define SSL_F_SSL_SET_RFD                                194
-#define SSL_F_SSL_SET_SESSION                            195
-#define SSL_F_SSL_SET_SESSION_ID_CONTEXT                 218
-#define SSL_F_SSL_SET_SESSION_TICKET_EXT                 294
-#define SSL_F_SSL_SET_TRUST                              228
-#define SSL_F_SSL_SET_WFD                                196
-#define SSL_F_SSL_SHUTDOWN                               224
-#define SSL_F_SSL_SRP_CTX_INIT                           313
-#define SSL_F_SSL_UNDEFINED_CONST_FUNCTION               243
-#define SSL_F_SSL_UNDEFINED_FUNCTION                     197
-#define SSL_F_SSL_UNDEFINED_VOID_FUNCTION                244
-#define SSL_F_SSL_USE_CERTIFICATE                        198
-#define SSL_F_SSL_USE_CERTIFICATE_ASN1                   199
-#define SSL_F_SSL_USE_CERTIFICATE_FILE                   200
-#define SSL_F_SSL_USE_PRIVATEKEY                         201
-#define SSL_F_SSL_USE_PRIVATEKEY_ASN1                    202
-#define SSL_F_SSL_USE_PRIVATEKEY_FILE                    203
-#define SSL_F_SSL_USE_PSK_IDENTITY_HINT                  273
-#define SSL_F_SSL_USE_RSAPRIVATEKEY                      204
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1                 205
-#define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE                 206
-#define SSL_F_SSL_VERIFY_CERT_CHAIN                      207
-#define SSL_F_SSL_WRITE                                  208
-#define SSL_F_TLS1_AEAD_CTX_INIT                         339
-#define SSL_F_TLS1_CERT_VERIFY_MAC                       286
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE                   209
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE_AEAD              340
-#define SSL_F_TLS1_CHANGE_CIPHER_STATE_CIPHER            338
-#define SSL_F_TLS1_CHECK_SERVERHELLO_TLSEXT              274
-#define SSL_F_TLS1_ENC                                   210
-#define SSL_F_TLS1_EXPORT_KEYING_MATERIAL                314
-#define SSL_F_TLS1_HEARTBEAT                             315
-#define SSL_F_TLS1_PREPARE_CLIENTHELLO_TLSEXT            275
-#define SSL_F_TLS1_PREPARE_SERVERHELLO_TLSEXT            276
-#define SSL_F_TLS1_PRF                                   284
-#define SSL_F_TLS1_SETUP_KEY_BLOCK                       211
-#define SSL_F_WRITE_PENDING                              212
-
-/* Reason codes. */
-#define SSL_R_APP_DATA_IN_HANDSHAKE                      100
-#define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272
-#define SSL_R_BAD_ALERT_RECORD                           101
-#define SSL_R_BAD_AUTHENTICATION_TYPE                    102
-#define SSL_R_BAD_CHANGE_CIPHER_SPEC                     103
-#define SSL_R_BAD_CHECKSUM                               104
-#define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK              106
-#define SSL_R_BAD_DECOMPRESSION                          107
-#define SSL_R_BAD_DH_G_LENGTH                            108
-#define SSL_R_BAD_DH_PUB_KEY_LENGTH                      109
-#define SSL_R_BAD_DH_P_LENGTH                            110
-#define SSL_R_BAD_DIGEST_LENGTH                          111
-#define SSL_R_BAD_DSA_SIGNATURE                          112
-#define SSL_R_BAD_ECC_CERT                               304
-#define SSL_R_BAD_ECDSA_SIGNATURE                        305
-#define SSL_R_BAD_ECPOINT                                306
-#define SSL_R_BAD_HANDSHAKE_LENGTH                       332
-#define SSL_R_BAD_HELLO_REQUEST                          105
-#define SSL_R_BAD_LENGTH                                 271
-#define SSL_R_BAD_MAC_DECODE                             113
-#define SSL_R_BAD_MAC_LENGTH                             333
-#define SSL_R_BAD_MESSAGE_TYPE                           114
-#define SSL_R_BAD_PACKET_LENGTH                          115
-#define SSL_R_BAD_PROTOCOL_VERSION_NUMBER                116
-#define SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH               316
-#define SSL_R_BAD_RESPONSE_ARGUMENT                      117
-#define SSL_R_BAD_RSA_DECRYPT                            118
-#define SSL_R_BAD_RSA_ENCRYPT                            119
-#define SSL_R_BAD_RSA_E_LENGTH                           120
-#define SSL_R_BAD_RSA_MODULUS_LENGTH                     121
-#define SSL_R_BAD_RSA_SIGNATURE                          122
-#define SSL_R_BAD_SIGNATURE                              123
-#define SSL_R_BAD_SRP_A_LENGTH                           347
-#define SSL_R_BAD_SRP_B_LENGTH                           348
-#define SSL_R_BAD_SRP_G_LENGTH                           349
-#define SSL_R_BAD_SRP_N_LENGTH                           350
-#define SSL_R_BAD_SRP_S_LENGTH                           351
-#define SSL_R_BAD_SRTP_MKI_VALUE                         352
-#define SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST           353
-#define SSL_R_BAD_SSL_FILETYPE                           124
-#define SSL_R_BAD_SSL_SESSION_ID_LENGTH                  125
-#define SSL_R_BAD_STATE                                  126
-#define SSL_R_BAD_WRITE_RETRY                            127
-#define SSL_R_BIO_NOT_SET                                128
-#define SSL_R_BLOCK_CIPHER_PAD_IS_WRONG                  129
-#define SSL_R_BN_LIB                                     130
-#define SSL_R_CA_DN_LENGTH_MISMATCH                      131
-#define SSL_R_CA_DN_TOO_LONG                             132
-#define SSL_R_CA_KEY_TOO_SMALL                           397
-#define SSL_R_CA_MD_TOO_WEAK                             398
-#define SSL_R_CCS_RECEIVED_EARLY                         133
-#define SSL_R_CERTIFICATE_VERIFY_FAILED                  134
-#define SSL_R_CERT_LENGTH_MISMATCH                       135
-#define SSL_R_CHALLENGE_IS_DIFFERENT                     136
-#define SSL_R_CIPHER_CODE_WRONG_LENGTH                   137
-#define SSL_R_CIPHER_COMPRESSION_UNAVAILABLE             371
-#define SSL_R_CIPHER_OR_HASH_UNAVAILABLE                 138
-#define SSL_R_CIPHER_TABLE_SRC_ERROR                     139
-#define SSL_R_CLIENTHELLO_TLSEXT                         226
-#define SSL_R_COMPRESSED_LENGTH_TOO_LONG                 140
-#define SSL_R_COMPRESSION_DISABLED                       343
-#define SSL_R_COMPRESSION_FAILURE                        141
-#define SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE    307
-#define SSL_R_COMPRESSION_LIBRARY_ERROR                  142
-#define SSL_R_CONNECTION_ID_IS_DIFFERENT                 143
-#define SSL_R_CONNECTION_TYPE_NOT_SET                    144
-#define SSL_R_COOKIE_MISMATCH                            308
-#define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED              145
-#define SSL_R_DATA_LENGTH_TOO_LONG                       146
-#define SSL_R_DECRYPTION_FAILED                          147
-#define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC        281
-#define SSL_R_DH_KEY_TOO_SMALL                           394
-#define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG            148
-#define SSL_R_DIGEST_CHECK_FAILED                        149
-#define SSL_R_DTLS_MESSAGE_TOO_BIG                       334
-#define SSL_R_DUPLICATE_COMPRESSION_ID                   309
-#define SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT             317
-#define SSL_R_ECC_CERT_NOT_FOR_SIGNING                   318
-#define SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE         322
-#define SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE        323
-#define SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER               310
-#define SSL_R_EE_KEY_TOO_SMALL                           399
-#define SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST         354
-#define SSL_R_ENCRYPTED_LENGTH_TOO_LONG                  150
-#define SSL_R_ERROR_GENERATING_TMP_RSA_KEY               282
-#define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST              151
-#define SSL_R_EXCESSIVE_MESSAGE_SIZE                     152
-#define SSL_R_EXTRA_DATA_IN_MESSAGE                      153
-#define SSL_R_GOT_A_FIN_BEFORE_A_CCS                     154
-#define SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS                355
-#define SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION           356
-#define SSL_R_HTTPS_PROXY_REQUEST                        155
-#define SSL_R_HTTP_REQUEST                               156
-#define SSL_R_ILLEGAL_PADDING                            283
-#define SSL_R_INAPPROPRIATE_FALLBACK                     373
-#define SSL_R_INCONSISTENT_COMPRESSION                   340
-#define SSL_R_INVALID_CHALLENGE_LENGTH                   158
-#define SSL_R_INVALID_COMMAND                            280
-#define SSL_R_INVALID_COMPRESSION_ALGORITHM              341
-#define SSL_R_INVALID_PURPOSE                            278
-#define SSL_R_INVALID_SRP_USERNAME                       357
-#define SSL_R_INVALID_STATUS_RESPONSE                    328
-#define SSL_R_INVALID_TICKET_KEYS_LENGTH                 325
-#define SSL_R_INVALID_TRUST                              279
-#define SSL_R_KEY_ARG_TOO_LONG                           284
-#define SSL_R_KRB5                                       285
-#define SSL_R_KRB5_C_CC_PRINC                            286
-#define SSL_R_KRB5_C_GET_CRED                            287
-#define SSL_R_KRB5_C_INIT                                288
-#define SSL_R_KRB5_C_MK_REQ                              289
-#define SSL_R_KRB5_S_BAD_TICKET                          290
-#define SSL_R_KRB5_S_INIT                                291
-#define SSL_R_KRB5_S_RD_REQ                              292
-#define SSL_R_KRB5_S_TKT_EXPIRED                         293
-#define SSL_R_KRB5_S_TKT_NYV                             294
-#define SSL_R_KRB5_S_TKT_SKEW                            295
-#define SSL_R_LENGTH_MISMATCH                            159
-#define SSL_R_LENGTH_TOO_SHORT                           160
-#define SSL_R_LIBRARY_BUG                                274
-#define SSL_R_LIBRARY_HAS_NO_CIPHERS                     161
-#define SSL_R_MESSAGE_TOO_LONG                           296
-#define SSL_R_MISSING_DH_DSA_CERT                        162
-#define SSL_R_MISSING_DH_KEY                             163
-#define SSL_R_MISSING_DH_RSA_CERT                        164
-#define SSL_R_MISSING_DSA_SIGNING_CERT                   165
-#define SSL_R_MISSING_EXPORT_TMP_DH_KEY                  166
-#define SSL_R_MISSING_EXPORT_TMP_RSA_KEY                 167
-#define SSL_R_MISSING_RSA_CERTIFICATE                    168
-#define SSL_R_MISSING_RSA_ENCRYPTING_CERT                169
-#define SSL_R_MISSING_RSA_SIGNING_CERT                   170
-#define SSL_R_MISSING_SRP_PARAM                          358
-#define SSL_R_MISSING_TMP_DH_KEY                         171
-#define SSL_R_MISSING_TMP_ECDH_KEY                       311
-#define SSL_R_MISSING_TMP_RSA_KEY                        172
-#define SSL_R_MISSING_TMP_RSA_PKEY                       173
-#define SSL_R_MISSING_VERIFY_MESSAGE                     174
-#define SSL_R_MULTIPLE_SGC_RESTARTS                      346
-#define SSL_R_NON_SSLV2_INITIAL_PACKET                   175
-#define SSL_R_NO_APPLICATION_PROTOCOL                    235
-#define SSL_R_NO_CERTIFICATES_RETURNED                   176
-#define SSL_R_NO_CERTIFICATE_ASSIGNED                    177
-#define SSL_R_NO_CERTIFICATE_RETURNED                    178
-#define SSL_R_NO_CERTIFICATE_SET                         179
-#define SSL_R_NO_CERTIFICATE_SPECIFIED                   180
-#define SSL_R_NO_CIPHERS_AVAILABLE                       181
-#define SSL_R_NO_CIPHERS_PASSED                          182
-#define SSL_R_NO_CIPHERS_SPECIFIED                       183
-#define SSL_R_NO_CIPHER_LIST                             184
-#define SSL_R_NO_CIPHER_MATCH                            185
-#define SSL_R_NO_CLIENT_CERT_METHOD                      331
-#define SSL_R_NO_CLIENT_CERT_RECEIVED                    186
-#define SSL_R_NO_COMPRESSION_SPECIFIED                   187
-#define SSL_R_NO_METHOD_SPECIFIED                        188
-#define SSL_R_NO_PRIVATEKEY                              189
-#define SSL_R_NO_PRIVATE_KEY_ASSIGNED                    190
-#define SSL_R_NO_PROTOCOLS_AVAILABLE                     191
-#define SSL_R_NO_PUBLICKEY                               192
-#define SSL_R_NO_RENEGOTIATION                           339
-#define SSL_R_NO_REQUIRED_DIGEST                         324
-#define SSL_R_NO_SHARED_CIPHER                           193
-#define SSL_R_NO_SRTP_PROFILES                           359
-#define SSL_R_NO_VERIFY_CALLBACK                         194
-#define SSL_R_NULL_SSL_CTX                               195
-#define SSL_R_NULL_SSL_METHOD_PASSED                     196
-#define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED            197
-#define SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED 344
-#define SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE              297
-#define SSL_R_PACKET_LENGTH_TOO_LONG                     198
-#define SSL_R_PARSE_TLSEXT                               227
-#define SSL_R_PATH_TOO_LONG                              270
-#define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE          199
-#define SSL_R_PEER_ERROR                                 200
-#define SSL_R_PEER_ERROR_CERTIFICATE                     201
-#define SSL_R_PEER_ERROR_NO_CERTIFICATE                  202
-#define SSL_R_PEER_ERROR_NO_CIPHER                       203
-#define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE    204
-#define SSL_R_PRE_MAC_LENGTH_TOO_LONG                    205
-#define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS          206
-#define SSL_R_PROTOCOL_IS_SHUTDOWN                       207
-#define SSL_R_PSK_IDENTITY_NOT_FOUND                     223
-#define SSL_R_PSK_NO_CLIENT_CB                           224
-#define SSL_R_PSK_NO_SERVER_CB                           225
-#define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR                   208
-#define SSL_R_PUBLIC_KEY_IS_NOT_RSA                      209
-#define SSL_R_PUBLIC_KEY_NOT_RSA                         210
-#define SSL_R_READ_BIO_NOT_SET                           211
-#define SSL_R_READ_TIMEOUT_EXPIRED                       312
-#define SSL_R_READ_WRONG_PACKET_TYPE                     212
-#define SSL_R_RECORD_LENGTH_MISMATCH                     213
-#define SSL_R_RECORD_TOO_LARGE                           214
-#define SSL_R_RECORD_TOO_SMALL                           298
-#define SSL_R_RENEGOTIATE_EXT_TOO_LONG                   335
-#define SSL_R_RENEGOTIATION_ENCODING_ERR                 336
-#define SSL_R_RENEGOTIATION_MISMATCH                     337
-#define SSL_R_REQUIRED_CIPHER_MISSING                    215
-#define SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING    342
-#define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO                 216
-#define SSL_R_REUSE_CERT_TYPE_NOT_ZERO                   217
-#define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO                 218
-#define SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING           345
-#define SSL_R_SERVERHELLO_TLSEXT                         275
-#define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED           277
-#define SSL_R_SHORT_READ                                 219
-#define SSL_R_SIGNATURE_ALGORITHMS_ERROR                 360
-#define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE      220
-#define SSL_R_SRP_A_CALC                                 361
-#define SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES           362
-#define SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG      363
-#define SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE            364
-#define SSL_R_SSL23_DOING_SESSION_ID_REUSE               221
-#define SSL_R_SSL2_CONNECTION_ID_TOO_LONG                299
-#define SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT             321
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME                319
-#define SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE           320
-#define SSL_R_SSL3_SESSION_ID_TOO_LONG                   300
-#define SSL_R_SSL3_SESSION_ID_TOO_SHORT                  222
-#define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE                1042
-#define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC                 1020
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED            1045
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED            1044
-#define SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN            1046
-#define SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE          1030
-#define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE              1040
-#define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER              1047
-#define SSL_R_SSLV3_ALERT_NO_CERTIFICATE                 1041
-#define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             1010
-#define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE        1043
-#define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION         228
-#define SSL_R_SSL_HANDSHAKE_FAILURE                      229
-#define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS                 230
-#define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED             301
-#define SSL_R_SSL_SESSION_ID_CONFLICT                    302
-#define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG            273
-#define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH              303
-#define SSL_R_SSL_SESSION_ID_IS_DIFFERENT                231
-#define SSL_R_SSL_SESSION_ID_TOO_LONG                    408
-#define SSL_R_TLSV13_ALERT_MISSING_EXTENSION             1109
-#define SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED          1116
-#define SSL_R_TLSV1_ALERT_ACCESS_DENIED                  1049
-#define SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL        1120
-#define SSL_R_TLSV1_ALERT_DECODE_ERROR                   1050
-#define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED              1021
-#define SSL_R_TLSV1_ALERT_DECRYPT_ERROR                  1051
-#define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION             1060
-#define SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK         1086
-#define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY          1071
-#define SSL_R_TLSV1_ALERT_INTERNAL_ERROR                 1080
-#define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION               1100
-#define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION               1070
-#define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW                1022
-#define SSL_R_TLSV1_ALERT_UNKNOWN_CA                     1048
-#define SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY           1115
-#define SSL_R_TLSV1_ALERT_USER_CANCELLED                 1090
-#define SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE           1114
-#define SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE      1113
-#define SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE             1111
-#define SSL_R_TLSV1_UNRECOGNIZED_NAME                    1112
-#define SSL_R_TLSV1_UNSUPPORTED_EXTENSION                1110
-#define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER       232
-#define SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT           365
-#define SSL_R_TLS_HEARTBEAT_PENDING                      366
-#define SSL_R_TLS_ILLEGAL_EXPORTER_LABEL                 367
-#define SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST             157
-#define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233
-#define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG    234
-#define SSL_R_UNABLE_TO_DECODE_DH_CERTS                  236
-#define SSL_R_UNABLE_TO_DECODE_ECDH_CERTS                313
-#define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY               237
-#define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS               238
-#define SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS             314
-#define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS       239
-#define SSL_R_UNABLE_TO_FIND_SSL_METHOD                  240
-#define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES           241
-#define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES           242
-#define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES          243
-#define SSL_R_UNEXPECTED_MESSAGE                         244
-#define SSL_R_UNEXPECTED_RECORD                          245
-#define SSL_R_UNINITIALIZED                              276
-#define SSL_R_UNKNOWN_ALERT_TYPE                         246
-#define SSL_R_UNKNOWN_CERTIFICATE_TYPE                   247
-#define SSL_R_UNKNOWN_CIPHER_RETURNED                    248
-#define SSL_R_UNKNOWN_CIPHER_TYPE                        249
-#define SSL_R_UNKNOWN_DIGEST                             368
-#define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE                  250
-#define SSL_R_UNKNOWN_PKEY_TYPE                          251
-#define SSL_R_UNKNOWN_PROTOCOL                           252
-#define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE                  253
-#define SSL_R_UNKNOWN_SSL_VERSION                        254
-#define SSL_R_UNKNOWN_STATE                              255
-#define SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED       338
-#define SSL_R_UNSUPPORTED_CIPHER                         256
-#define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM          257
-#define SSL_R_UNSUPPORTED_DIGEST_TYPE                    326
-#define SSL_R_UNSUPPORTED_ELLIPTIC_CURVE                 315
-#define SSL_R_UNSUPPORTED_PROTOCOL                       258
-#define SSL_R_UNSUPPORTED_SSL_VERSION                    259
-#define SSL_R_UNSUPPORTED_STATUS_TYPE                    329
-#define SSL_R_USE_SRTP_NOT_NEGOTIATED                    369
-#define SSL_R_VERSION_TOO_LOW                            396
-#define SSL_R_WRITE_BIO_NOT_SET                          260
-#define SSL_R_WRONG_CIPHER_RETURNED                      261
-#define SSL_R_WRONG_CURVE                                378
-#define SSL_R_WRONG_MESSAGE_TYPE                         262
-#define SSL_R_WRONG_NUMBER_OF_KEY_BITS                   263
-#define SSL_R_WRONG_SIGNATURE_LENGTH                     264
-#define SSL_R_WRONG_SIGNATURE_SIZE                       265
-#define SSL_R_WRONG_SIGNATURE_TYPE                       370
-#define SSL_R_WRONG_SSL_VERSION                          266
-#define SSL_R_WRONG_VERSION_NUMBER                       267
-#define SSL_R_X509_LIB                                   268
-#define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS           269
-#define SSL_R_PEER_BEHAVING_BADLY                        666
-#define SSL_R_QUIC_INTERNAL_ERROR                        667
-#define SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED            668
-#define SSL_R_UNKNOWN                                    999
-
-/*
- * OpenSSL compatible OPENSSL_INIT options
- */
-
-/*
- * These are provided for compatibility, but have no effect
- * on how LibreSSL is initialized.
- */
-#define OPENSSL_INIT_LOAD_SSL_STRINGS   _OPENSSL_INIT_FLAG_NOOP
-#define OPENSSL_INIT_SSL_DEFAULT        _OPENSSL_INIT_FLAG_NOOP
-
-int OPENSSL_init_ssl(uint64_t opts, const void *settings);
-int SSL_library_init(void);
-
-/*
- * A few things still use this without #ifdef guard.
- */
-
-#define SSL2_VERSION    0x0002
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h
deleted file mode 100644
index 1b1110b4e9..0000000000
--- a/src/lib/libssl/ssl3.h
+++ /dev/null
@@ -1,441 +0,0 @@
-/* $OpenBSD: ssl3.h,v 1.60 2024/03/02 11:47:41 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#ifndef HEADER_SSL3_H
-#define HEADER_SSL3_H
-
-#include <openssl/opensslconf.h>
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-/* TLS_EMPTY_RENEGOTIATION_INFO_SCSV from RFC 5746. */
-#define SSL3_CK_SCSV                            0x030000FF
-
-/* TLS_FALLBACK_SCSV from draft-ietf-tls-downgrade-scsv-03. */
-#define SSL3_CK_FALLBACK_SCSV                   0x03005600
-
-#define SSL3_CK_RSA_NULL_MD5                    0x03000001
-#define SSL3_CK_RSA_NULL_SHA                    0x03000002
-#define SSL3_CK_RSA_RC4_40_MD5                  0x03000003
-#define SSL3_CK_RSA_RC4_128_MD5                 0x03000004
-#define SSL3_CK_RSA_RC4_128_SHA                 0x03000005
-#define SSL3_CK_RSA_RC2_40_MD5                  0x03000006
-#define SSL3_CK_RSA_IDEA_128_SHA                0x03000007
-#define SSL3_CK_RSA_DES_40_CBC_SHA              0x03000008
-#define SSL3_CK_RSA_DES_64_CBC_SHA              0x03000009
-#define SSL3_CK_RSA_DES_192_CBC3_SHA            0x0300000A
-
-#define SSL3_CK_DH_DSS_DES_40_CBC_SHA           0x0300000B
-#define SSL3_CK_DH_DSS_DES_64_CBC_SHA           0x0300000C
-#define SSL3_CK_DH_DSS_DES_192_CBC3_SHA         0x0300000D
-#define SSL3_CK_DH_RSA_DES_40_CBC_SHA           0x0300000E
-#define SSL3_CK_DH_RSA_DES_64_CBC_SHA           0x0300000F
-#define SSL3_CK_DH_RSA_DES_192_CBC3_SHA         0x03000010
-
-#define SSL3_CK_EDH_DSS_DES_40_CBC_SHA          0x03000011
-#define SSL3_CK_EDH_DSS_DES_64_CBC_SHA          0x03000012
-#define SSL3_CK_EDH_DSS_DES_192_CBC3_SHA        0x03000013
-#define SSL3_CK_EDH_RSA_DES_40_CBC_SHA          0x03000014
-#define SSL3_CK_EDH_RSA_DES_64_CBC_SHA          0x03000015
-#define SSL3_CK_EDH_RSA_DES_192_CBC3_SHA        0x03000016
-
-#define SSL3_CK_ADH_RC4_40_MD5                  0x03000017
-#define SSL3_CK_ADH_RC4_128_MD5                 0x03000018
-#define SSL3_CK_ADH_DES_40_CBC_SHA              0x03000019
-#define SSL3_CK_ADH_DES_64_CBC_SHA              0x0300001A
-#define SSL3_CK_ADH_DES_192_CBC_SHA             0x0300001B
-
-/*    VRS Additional Kerberos5 entries
- */
-#define SSL3_CK_KRB5_DES_64_CBC_SHA             0x0300001E
-#define SSL3_CK_KRB5_DES_192_CBC3_SHA           0x0300001F
-#define SSL3_CK_KRB5_RC4_128_SHA                0x03000020
-#define SSL3_CK_KRB5_IDEA_128_CBC_SHA           0x03000021
-#define SSL3_CK_KRB5_DES_64_CBC_MD5             0x03000022
-#define SSL3_CK_KRB5_DES_192_CBC3_MD5           0x03000023
-#define SSL3_CK_KRB5_RC4_128_MD5                0x03000024
-#define SSL3_CK_KRB5_IDEA_128_CBC_MD5           0x03000025
-
-#define SSL3_CK_KRB5_DES_40_CBC_SHA             0x03000026
-#define SSL3_CK_KRB5_RC2_40_CBC_SHA             0x03000027
-#define SSL3_CK_KRB5_RC4_40_SHA                 0x03000028
-#define SSL3_CK_KRB5_DES_40_CBC_MD5             0x03000029
-#define SSL3_CK_KRB5_RC2_40_CBC_MD5             0x0300002A
-#define SSL3_CK_KRB5_RC4_40_MD5                 0x0300002B
-
-#define SSL3_TXT_RSA_NULL_MD5                   "NULL-MD5"
-#define SSL3_TXT_RSA_NULL_SHA                   "NULL-SHA"
-#define SSL3_TXT_RSA_RC4_40_MD5                 "EXP-RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_MD5                "RC4-MD5"
-#define SSL3_TXT_RSA_RC4_128_SHA                "RC4-SHA"
-#define SSL3_TXT_RSA_RC2_40_MD5                 "EXP-RC2-CBC-MD5"
-#define SSL3_TXT_RSA_IDEA_128_SHA               "IDEA-CBC-SHA"
-#define SSL3_TXT_RSA_DES_40_CBC_SHA             "EXP-DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_64_CBC_SHA             "DES-CBC-SHA"
-#define SSL3_TXT_RSA_DES_192_CBC3_SHA           "DES-CBC3-SHA"
-
-#define SSL3_TXT_DH_DSS_DES_40_CBC_SHA          "EXP-DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_64_CBC_SHA          "DH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_DH_DSS_DES_192_CBC3_SHA        "DH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_DH_RSA_DES_40_CBC_SHA          "EXP-DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_64_CBC_SHA          "DH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_DH_RSA_DES_192_CBC3_SHA        "DH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_EDH_DSS_DES_40_CBC_SHA         "EXP-EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_64_CBC_SHA         "EDH-DSS-DES-CBC-SHA"
-#define SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA       "EDH-DSS-DES-CBC3-SHA"
-#define SSL3_TXT_EDH_RSA_DES_40_CBC_SHA         "EXP-EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_64_CBC_SHA         "EDH-RSA-DES-CBC-SHA"
-#define SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA       "EDH-RSA-DES-CBC3-SHA"
-
-#define SSL3_TXT_ADH_RC4_40_MD5                 "EXP-ADH-RC4-MD5"
-#define SSL3_TXT_ADH_RC4_128_MD5                "ADH-RC4-MD5"
-#define SSL3_TXT_ADH_DES_40_CBC_SHA             "EXP-ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_64_CBC_SHA             "ADH-DES-CBC-SHA"
-#define SSL3_TXT_ADH_DES_192_CBC_SHA            "ADH-DES-CBC3-SHA"
-
-#define SSL3_TXT_KRB5_DES_64_CBC_SHA            "KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_192_CBC3_SHA          "KRB5-DES-CBC3-SHA"
-#define SSL3_TXT_KRB5_RC4_128_SHA               "KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_SHA          "KRB5-IDEA-CBC-SHA"
-#define SSL3_TXT_KRB5_DES_64_CBC_MD5            "KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_DES_192_CBC3_MD5          "KRB5-DES-CBC3-MD5"
-#define SSL3_TXT_KRB5_RC4_128_MD5               "KRB5-RC4-MD5"
-#define SSL3_TXT_KRB5_IDEA_128_CBC_MD5          "KRB5-IDEA-CBC-MD5"
-
-#define SSL3_TXT_KRB5_DES_40_CBC_SHA            "EXP-KRB5-DES-CBC-SHA"
-#define SSL3_TXT_KRB5_RC2_40_CBC_SHA            "EXP-KRB5-RC2-CBC-SHA"
-#define SSL3_TXT_KRB5_RC4_40_SHA                "EXP-KRB5-RC4-SHA"
-#define SSL3_TXT_KRB5_DES_40_CBC_MD5            "EXP-KRB5-DES-CBC-MD5"
-#define SSL3_TXT_KRB5_RC2_40_CBC_MD5            "EXP-KRB5-RC2-CBC-MD5"
-#define SSL3_TXT_KRB5_RC4_40_MD5                "EXP-KRB5-RC4-MD5"
-
-#define SSL3_SSL_SESSION_ID_LENGTH              32
-#define SSL3_MAX_SSL_SESSION_ID_LENGTH          32
-
-#define SSL3_MASTER_SECRET_SIZE                 48
-#define SSL3_RANDOM_SIZE                        32
-#define SSL3_SEQUENCE_SIZE                      8
-#define SSL3_SESSION_ID_SIZE                    32
-#define SSL3_CIPHER_VALUE_SIZE                  2
-
-#define SSL3_RT_HEADER_LENGTH                   5
-#define SSL3_HM_HEADER_LENGTH                   4
-
-#define SSL3_ALIGN_PAYLOAD                      8
-
-/* This is the maximum MAC (digest) size used by the SSL library.
- * Currently maximum of 20 is used by SHA1, but we reserve for
- * future extension for 512-bit hashes.
- */
-
-#define SSL3_RT_MAX_MD_SIZE                     64
-
-/* Maximum block size used in all ciphersuites. Currently 16 for AES.
- */
-
-#define SSL_RT_MAX_CIPHER_BLOCK_SIZE            16
-
-#define SSL3_RT_MAX_EXTRA                       (16384)
-
-/* Maximum plaintext length: defined by SSL/TLS standards */
-#define SSL3_RT_MAX_PLAIN_LENGTH                16384
-/* Maximum compression overhead: defined by SSL/TLS standards */
-#define SSL3_RT_MAX_COMPRESSED_OVERHEAD         1024
-
-/* The standards give a maximum encryption overhead of 1024 bytes.
- * In practice the value is lower than this. The overhead is the maximum
- * number of padding bytes (256) plus the mac size.
- */
-#define SSL3_RT_MAX_ENCRYPTED_OVERHEAD  (256 + SSL3_RT_MAX_MD_SIZE)
-
-/* OpenSSL currently only uses a padding length of at most one block so
- * the send overhead is smaller.
- */
-
-#define SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD \
-                        (SSL_RT_MAX_CIPHER_BLOCK_SIZE + SSL3_RT_MAX_MD_SIZE)
-
-/* If compression isn't used don't include the compression overhead */
-#define SSL3_RT_MAX_COMPRESSED_LENGTH           SSL3_RT_MAX_PLAIN_LENGTH
-#define SSL3_RT_MAX_ENCRYPTED_LENGTH    \
-                (SSL3_RT_MAX_ENCRYPTED_OVERHEAD+SSL3_RT_MAX_COMPRESSED_LENGTH)
-#define SSL3_RT_MAX_PACKET_SIZE         \
-                (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH)
-
-#define SSL3_MD_CLIENT_FINISHED_CONST   "\x43\x4C\x4E\x54"
-#define SSL3_MD_SERVER_FINISHED_CONST   "\x53\x52\x56\x52"
-
-#define SSL3_VERSION                    0x0300
-#define SSL3_VERSION_MAJOR              0x03
-#define SSL3_VERSION_MINOR              0x00
-
-#define SSL3_RT_CHANGE_CIPHER_SPEC      20
-#define SSL3_RT_ALERT                   21
-#define SSL3_RT_HANDSHAKE               22
-#define SSL3_RT_APPLICATION_DATA        23
-
-#define SSL3_AL_WARNING                 1
-#define SSL3_AL_FATAL                   2
-
-#ifndef LIBRESSL_INTERNAL
-#define SSL3_AD_CLOSE_NOTIFY             0
-#define SSL3_AD_UNEXPECTED_MESSAGE      10      /* fatal */
-#define SSL3_AD_BAD_RECORD_MAC          20      /* fatal */
-#define SSL3_AD_DECOMPRESSION_FAILURE   30      /* fatal */
-#define SSL3_AD_HANDSHAKE_FAILURE       40      /* fatal */
-#define SSL3_AD_NO_CERTIFICATE          41
-#define SSL3_AD_BAD_CERTIFICATE         42
-#define SSL3_AD_UNSUPPORTED_CERTIFICATE 43
-#define SSL3_AD_CERTIFICATE_REVOKED     44
-#define SSL3_AD_CERTIFICATE_EXPIRED     45
-#define SSL3_AD_CERTIFICATE_UNKNOWN     46
-#define SSL3_AD_ILLEGAL_PARAMETER       47      /* fatal */
-#endif
-
-#define TLS1_HB_REQUEST         1
-#define TLS1_HB_RESPONSE        2
-
-#define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS       0x0001
-#define TLS1_FLAGS_FREEZE_TRANSCRIPT            0x0020
-#define SSL3_FLAGS_CCS_OK                       0x0080
-
-/* SSLv3 */
-/*client */
-/* extra state */
-#define SSL3_ST_CW_FLUSH                        (0x100|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CLNT_HELLO_A                 (0x110|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CLNT_HELLO_B                 (0x111|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_SRVR_HELLO_A                 (0x120|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_HELLO_B                 (0x121|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A      (0x126|SSL_ST_CONNECT)
-#define DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B      (0x127|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_A                       (0x130|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_B                       (0x131|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_A                   (0x140|SSL_ST_CONNECT)
-#define SSL3_ST_CR_KEY_EXCH_B                   (0x141|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_A                   (0x150|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_REQ_B                   (0x151|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_A                  (0x160|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SRVR_DONE_B                  (0x161|SSL_ST_CONNECT)
-/* write to server */
-#define SSL3_ST_CW_CERT_A                       (0x170|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_B                       (0x171|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_C                       (0x172|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_D                       (0x173|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_A                   (0x180|SSL_ST_CONNECT)
-#define SSL3_ST_CW_KEY_EXCH_B                   (0x181|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_A                  (0x190|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CERT_VRFY_B                  (0x191|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_A                     (0x1A0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_CHANGE_B                     (0x1A1|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_A                   (0x1B0|SSL_ST_CONNECT)
-#define SSL3_ST_CW_FINISHED_B                   (0x1B1|SSL_ST_CONNECT)
-/* read from server */
-#define SSL3_ST_CR_CHANGE_A                     (0x1C0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CHANGE_B                     (0x1C1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_A                   (0x1D0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_FINISHED_B                   (0x1D1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_A             (0x1E0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_SESSION_TICKET_B             (0x1E1|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_A                (0x1F0|SSL_ST_CONNECT)
-#define SSL3_ST_CR_CERT_STATUS_B                (0x1F1|SSL_ST_CONNECT)
-
-/* server */
-/* extra state */
-#define SSL3_ST_SW_FLUSH                        (0x100|SSL_ST_ACCEPT)
-/* read from client */
-/* Do not change the number values, they do matter */
-#define SSL3_ST_SR_CLNT_HELLO_A                 (0x110|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_B                 (0x111|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CLNT_HELLO_C                 (0x112|SSL_ST_ACCEPT)
-/* write to client */
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A      (0x113|SSL_ST_ACCEPT)
-#define DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B      (0x114|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_A                  (0x120|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_B                  (0x121|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_HELLO_REQ_C                  (0x122|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_A                 (0x130|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_HELLO_B                 (0x131|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_A                       (0x140|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_B                       (0x141|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_A                   (0x150|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_KEY_EXCH_B                   (0x151|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_A                   (0x160|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_REQ_B                   (0x161|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_A                  (0x170|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SRVR_DONE_B                  (0x171|SSL_ST_ACCEPT)
-/* read from client */
-#define SSL3_ST_SR_CERT_A                       (0x180|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_B                       (0x181|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_A                   (0x190|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_KEY_EXCH_B                   (0x191|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_A                  (0x1A0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CERT_VRFY_B                  (0x1A1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_A                     (0x1B0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_CHANGE_B                     (0x1B1|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_A                   (0x1C0|SSL_ST_ACCEPT)
-#define SSL3_ST_SR_FINISHED_B                   (0x1C1|SSL_ST_ACCEPT)
-/* write to client */
-#define SSL3_ST_SW_CHANGE_A                     (0x1D0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CHANGE_B                     (0x1D1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_A                   (0x1E0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_FINISHED_B                   (0x1E1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_A             (0x1F0|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_SESSION_TICKET_B             (0x1F1|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_A                (0x200|SSL_ST_ACCEPT)
-#define SSL3_ST_SW_CERT_STATUS_B                (0x201|SSL_ST_ACCEPT)
-
-#define SSL3_MT_HELLO_REQUEST                   0
-#define SSL3_MT_CLIENT_HELLO                    1
-#define SSL3_MT_SERVER_HELLO                    2
-#define SSL3_MT_NEWSESSION_TICKET               4
-#define SSL3_MT_CERTIFICATE                     11
-#define SSL3_MT_SERVER_KEY_EXCHANGE             12
-#define SSL3_MT_CERTIFICATE_REQUEST             13
-#define SSL3_MT_SERVER_DONE                     14
-#define SSL3_MT_CERTIFICATE_VERIFY              15
-#define SSL3_MT_CLIENT_KEY_EXCHANGE             16
-#define SSL3_MT_FINISHED                        20
-#define SSL3_MT_CERTIFICATE_STATUS              22
-
-#define DTLS1_MT_HELLO_VERIFY_REQUEST           3
-
-#define SSL3_MT_CCS                             1
-
-#ifndef LIBRESSL_INTERNAL
-/* These are used when changing over to a new cipher */
-#define SSL3_CC_READ            0x01
-#define SSL3_CC_WRITE           0x02
-#define SSL3_CC_CLIENT          0x10
-#define SSL3_CC_SERVER          0x20
-#define SSL3_CHANGE_CIPHER_CLIENT_WRITE         (SSL3_CC_CLIENT|SSL3_CC_WRITE)
-#define SSL3_CHANGE_CIPHER_SERVER_READ          (SSL3_CC_SERVER|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_CLIENT_READ          (SSL3_CC_CLIENT|SSL3_CC_READ)
-#define SSL3_CHANGE_CIPHER_SERVER_WRITE         (SSL3_CC_SERVER|SSL3_CC_WRITE)
-#endif
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c
deleted file mode 100644
index fcf4631a59..0000000000
--- a/src/lib/libssl/ssl_asn1.c
+++ /dev/null
@@ -1,410 +0,0 @@
-/* $OpenBSD: ssl_asn1.c,v 1.69 2024/07/22 14:47:15 jsing Exp $ */
-/*
- * Copyright (c) 2016 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <limits.h>
-
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-
-#define SSLASN1_TAG     (CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC)
-#define SSLASN1_TIME_TAG                (SSLASN1_TAG | 1)
-#define SSLASN1_TIMEOUT_TAG             (SSLASN1_TAG | 2)
-#define SSLASN1_PEER_CERT_TAG           (SSLASN1_TAG | 3)
-#define SSLASN1_SESSION_ID_CTX_TAG      (SSLASN1_TAG | 4)
-#define SSLASN1_VERIFY_RESULT_TAG       (SSLASN1_TAG | 5)
-#define SSLASN1_HOSTNAME_TAG            (SSLASN1_TAG | 6)
-#define SSLASN1_LIFETIME_TAG            (SSLASN1_TAG | 9)
-#define SSLASN1_TICKET_TAG              (SSLASN1_TAG | 10)
-
-static uint64_t
-time_max(void)
-{
-        if (sizeof(time_t) == sizeof(int32_t))
-                return INT32_MAX;
-        if (sizeof(time_t) == sizeof(int64_t))
-                return INT64_MAX;
-        return 0;
-}
-
-static int
-SSL_SESSION_encode(SSL_SESSION *s, unsigned char **out, size_t *out_len,
-    int ticket_encoding)
-{
-        CBB cbb, session, cipher_suite, session_id, master_key, time, timeout;
-        CBB peer_cert, sidctx, verify_result, hostname, lifetime, ticket, value;
-        unsigned char *peer_cert_bytes = NULL;
-        int len, rv = 0;
-
-        if (!CBB_init(&cbb, 0))
-                goto err;
-
-        if (!CBB_add_asn1(&cbb, &session, CBS_ASN1_SEQUENCE))
-                goto err;
-
-        /* Session ASN1 version. */
-        if (!CBB_add_asn1_uint64(&session, SSL_SESSION_ASN1_VERSION))
-                goto err;
-
-        /* TLS/SSL protocol version. */
-        if (s->ssl_version < 0)
-                goto err;
-        if (!CBB_add_asn1_uint64(&session, s->ssl_version))
-                goto err;
-
-        /* Cipher suite value. */
-        if (!CBB_add_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBB_add_u16(&cipher_suite, s->cipher_value))
-                goto err;
-
-        /* Session ID - zero length for a ticket. */
-        if (!CBB_add_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBB_add_bytes(&session_id, s->session_id,
-            ticket_encoding ? 0 : s->session_id_length))
-                goto err;
-
-        /* Master key. */
-        if (!CBB_add_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBB_add_bytes(&master_key, s->master_key, s->master_key_length))
-                goto err;
-
-        /* Time [1]. */
-        if (s->time != 0) {
-                if (s->time < 0)
-                        goto err;
-                if (!CBB_add_asn1(&session, &time, SSLASN1_TIME_TAG))
-                        goto err;
-                if (!CBB_add_asn1_uint64(&time, s->time))
-                        goto err;
-        }
-
-        /* Timeout [2]. */
-        if (s->timeout != 0) {
-                if (s->timeout < 0)
-                        goto err;
-                if (!CBB_add_asn1(&session, &timeout, SSLASN1_TIMEOUT_TAG))
-                        goto err;
-                if (!CBB_add_asn1_uint64(&timeout, s->timeout))
-                        goto err;
-        }
-
-        /* Peer certificate [3]. */
-        if (s->peer_cert != NULL) {
-                if ((len = i2d_X509(s->peer_cert, &peer_cert_bytes)) <= 0)
-                        goto err;
-                if (!CBB_add_asn1(&session, &peer_cert, SSLASN1_PEER_CERT_TAG))
-                        goto err;
-                if (!CBB_add_bytes(&peer_cert, peer_cert_bytes, len))
-                        goto err;
-        }
-
-        /* Session ID context [4]. */
-        /* XXX - Actually handle this as optional? */
-        if (!CBB_add_asn1(&session, &sidctx, SSLASN1_SESSION_ID_CTX_TAG))
-                goto err;
-        if (!CBB_add_asn1(&sidctx, &value, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBB_add_bytes(&value, s->sid_ctx, s->sid_ctx_length))
-                goto err;
-
-        /* Verify result [5]. */
-        if (s->verify_result != X509_V_OK) {
-                if (s->verify_result < 0)
-                        goto err;
-                if (!CBB_add_asn1(&session, &verify_result,
-                    SSLASN1_VERIFY_RESULT_TAG))
-                        goto err;
-                if (!CBB_add_asn1_uint64(&verify_result, s->verify_result))
-                        goto err;
-        }
-
-        /* Hostname [6]. */
-        if (s->tlsext_hostname != NULL) {
-                if (!CBB_add_asn1(&session, &hostname, SSLASN1_HOSTNAME_TAG))
-                        goto err;
-                if (!CBB_add_asn1(&hostname, &value, CBS_ASN1_OCTETSTRING))
-                        goto err;
-                if (!CBB_add_bytes(&value, (const uint8_t *)s->tlsext_hostname,
-                    strlen(s->tlsext_hostname)))
-                        goto err;
-        }
-
-        /* PSK identity hint [7]. */
-        /* PSK identity [8]. */
-
-        /* Ticket lifetime hint [9]. */
-        if (s->tlsext_tick_lifetime_hint > 0) {
-                if (!CBB_add_asn1(&session, &lifetime, SSLASN1_LIFETIME_TAG))
-                        goto err;
-                if (!CBB_add_asn1_uint64(&lifetime,
-                    s->tlsext_tick_lifetime_hint))
-                        goto err;
-        }
-
-        /* Ticket [10]. */
-        if (s->tlsext_tick != NULL) {
-                if (!CBB_add_asn1(&session, &ticket, SSLASN1_TICKET_TAG))
-                        goto err;
-                if (!CBB_add_asn1(&ticket, &value, CBS_ASN1_OCTETSTRING))
-                        goto err;
-                if (!CBB_add_bytes(&value, s->tlsext_tick, s->tlsext_ticklen))
-                        goto err;
-        }
-
-        /* Compression method [11]. */
-        /* SRP username [12]. */
-
-        if (!CBB_finish(&cbb, out, out_len))
-                goto err;
-
-        rv = 1;
-
- err:
-        CBB_cleanup(&cbb);
-        free(peer_cert_bytes);
-
-        return rv;
-}
-
-int
-SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len)
-{
-        if (ss == NULL)
-                return 0;
-
-        if (ss->cipher_value == 0)
-                return 0;
-
-        return SSL_SESSION_encode(ss, out, out_len, 1);
-}
-
-int
-i2d_SSL_SESSION(SSL_SESSION *ss, unsigned char **pp)
-{
-        unsigned char *data = NULL;
-        size_t data_len = 0;
-        int rv = -1;
-
-        if (ss == NULL)
-                return 0;
-
-        if (ss->cipher_value == 0)
-                return 0;
-
-        if (!SSL_SESSION_encode(ss, &data, &data_len, 0))
-                goto err;
-
-        if (data_len > INT_MAX)
-                goto err;
-
-        if (pp != NULL) {
-                if (*pp == NULL) {
-                        *pp = data;
-                        data = NULL;
-                } else {
-                        memcpy(*pp, data, data_len);
-                        *pp += data_len;
-                }
-        }
-
-        rv = (int)data_len;
-
- err:
-        freezero(data, data_len);
-
-        return rv;
-}
-LSSL_ALIAS(i2d_SSL_SESSION);
-
-SSL_SESSION *
-d2i_SSL_SESSION(SSL_SESSION **a, const unsigned char **pp, long length)
-{
-        CBS cbs, session, cipher_suite, session_id, master_key, peer_cert;
-        CBS hostname, ticket;
-        uint64_t version, tls_version, stime, timeout, verify_result, lifetime;
-        const unsigned char *peer_cert_bytes;
-        SSL_SESSION *s = NULL;
-        size_t data_len;
-        int present;
-
-        if (a != NULL)
-                s = *a;
-
-        if (s == NULL) {
-                if ((s = SSL_SESSION_new()) == NULL) {
-                        SSLerrorx(ERR_R_MALLOC_FAILURE);
-                        return (NULL);
-                }
-        }
-
-        CBS_init(&cbs, *pp, length);
-
-        if (!CBS_get_asn1(&cbs, &session, CBS_ASN1_SEQUENCE))
-                goto err;
-
-        /* Session ASN1 version. */
-        if (!CBS_get_asn1_uint64(&session, &version))
-                goto err;
-        if (version != SSL_SESSION_ASN1_VERSION)
-                goto err;
-
-        /* TLS/SSL Protocol Version. */
-        if (!CBS_get_asn1_uint64(&session, &tls_version))
-                goto err;
-        if (tls_version > INT_MAX)
-                goto err;
-        s->ssl_version = (int)tls_version;
-
-        /* Cipher suite value. */
-        if (!CBS_get_asn1(&session, &cipher_suite, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBS_get_u16(&cipher_suite, &s->cipher_value))
-                goto err;
-        if (CBS_len(&cipher_suite) != 0)
-                goto err;
-
-        /* Session ID. */
-        if (!CBS_get_asn1(&session, &session_id, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBS_write_bytes(&session_id, s->session_id, sizeof(s->session_id),
-            &s->session_id_length))
-                goto err;
-
-        /* Master key. */
-        if (!CBS_get_asn1(&session, &master_key, CBS_ASN1_OCTETSTRING))
-                goto err;
-        if (!CBS_write_bytes(&master_key, s->master_key, sizeof(s->master_key),
-            &s->master_key_length))
-                goto err;
-
-        /* Time [1]. */
-        s->time = time(NULL);
-        if (!CBS_get_optional_asn1_uint64(&session, &stime, SSLASN1_TIME_TAG,
-            0))
-                goto err;
-        if (stime > time_max())
-                goto err;
-        if (stime != 0)
-                s->time = (time_t)stime;
-
-        /* Timeout [2]. */
-        s->timeout = 3;
-        if (!CBS_get_optional_asn1_uint64(&session, &timeout,
-            SSLASN1_TIMEOUT_TAG, 0))
-                goto err;
-        if (timeout > LONG_MAX)
-                goto err;
-        if (timeout != 0)
-                s->timeout = (long)timeout;
-
-        /* Peer certificate [3]. */
-        X509_free(s->peer_cert);
-        s->peer_cert = NULL;
-        if (!CBS_get_optional_asn1(&session, &peer_cert, &present,
-            SSLASN1_PEER_CERT_TAG))
-                goto err;
-        if (present) {
-                data_len = CBS_len(&peer_cert);
-                if (data_len > LONG_MAX)
-                        goto err;
-                peer_cert_bytes = CBS_data(&peer_cert);
-                if (d2i_X509(&s->peer_cert, &peer_cert_bytes,
-                    (long)data_len) == NULL)
-                        goto err;
-        }
-
-        /* Session ID context [4]. */
-        s->sid_ctx_length = 0;
-        if (!CBS_get_optional_asn1_octet_string(&session, &session_id, &present,
-            SSLASN1_SESSION_ID_CTX_TAG))
-                goto err;
-        if (present) {
-                if (!CBS_write_bytes(&session_id, (uint8_t *)&s->sid_ctx,
-                    sizeof(s->sid_ctx), &s->sid_ctx_length))
-                        goto err;
-        }
-
-        /* Verify result [5]. */
-        s->verify_result = X509_V_OK;
-        if (!CBS_get_optional_asn1_uint64(&session, &verify_result,
-            SSLASN1_VERIFY_RESULT_TAG, X509_V_OK))
-                goto err;
-        if (verify_result > LONG_MAX)
-                goto err;
-        s->verify_result = (long)verify_result;
-
-        /* Hostname [6]. */
-        free(s->tlsext_hostname);
-        s->tlsext_hostname = NULL;
-        if (!CBS_get_optional_asn1_octet_string(&session, &hostname, &present,
-            SSLASN1_HOSTNAME_TAG))
-                goto err;
-        if (present) {
-                if (CBS_contains_zero_byte(&hostname))
-                        goto err;
-                if (!CBS_strdup(&hostname, &s->tlsext_hostname))
-                        goto err;
-        }
-
-        /* PSK identity hint [7]. */
-        /* PSK identity [8]. */
-
-        /* Ticket lifetime [9]. */
-        s->tlsext_tick_lifetime_hint = 0;
-        if (!CBS_get_optional_asn1_uint64(&session, &lifetime,
-            SSLASN1_LIFETIME_TAG, 0))
-                goto err;
-        if (lifetime > UINT32_MAX)
-                goto err;
-        if (lifetime > 0)
-                s->tlsext_tick_lifetime_hint = (uint32_t)lifetime;
-
-        /* Ticket [10]. */
-        free(s->tlsext_tick);
-        s->tlsext_tick = NULL;
-        if (!CBS_get_optional_asn1_octet_string(&session, &ticket, &present,
-            SSLASN1_TICKET_TAG))
-                goto err;
-        if (present) {
-                if (!CBS_stow(&ticket, &s->tlsext_tick, &s->tlsext_ticklen))
-                        goto err;
-        }
-
-        /* Compression method [11]. */
-        /* SRP username [12]. */
-
-        *pp = CBS_data(&cbs);
-
-        if (a != NULL)
-                *a = s;
-
-        return (s);
-
- err:
-        ERR_asprintf_error_data("offset=%d", (int)(CBS_data(&cbs) - *pp));
-
-        if (s != NULL && (a == NULL || *a != s))
-                SSL_SESSION_free(s);
-
-        return (NULL);
-}
-LSSL_ALIAS(d2i_SSL_SESSION);
diff --git a/src/lib/libssl/ssl_both.c b/src/lib/libssl/ssl_both.c
deleted file mode 100644
index 995f1c4601..0000000000
--- a/src/lib/libssl/ssl_both.c
+++ /dev/null
@@ -1,577 +0,0 @@
-/* $OpenBSD: ssl_both.c,v 1.47 2024/02/03 15:58:33 beck Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-
-/*
- * Send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or
- * SSL3_RT_CHANGE_CIPHER_SPEC).
- */
-int
-ssl3_do_write(SSL *s, int type)
-{
-        int ret;
-
-        ret = ssl3_write_bytes(s, type, &s->init_buf->data[s->init_off],
-            s->init_num);
-        if (ret < 0)
-                return (-1);
-
-        if (type == SSL3_RT_HANDSHAKE)
-                /*
-                 * Should not be done for 'Hello Request's, but in that case
-                 * we'll ignore the result anyway.
-                 */
-                tls1_transcript_record(s,
-                    (unsigned char *)&s->init_buf->data[s->init_off], ret);
-
-        if (ret == s->init_num) {
-                ssl_msg_callback(s, 1, type, s->init_buf->data,
-                    (size_t)(s->init_off + s->init_num));
-                return (1);
-        }
-
-        s->init_off += ret;
-        s->init_num -= ret;
-
-        return (0);
-}
-
-static int
-ssl3_add_cert(CBB *cbb, X509 *x)
-{
-        unsigned char *data;
-        int cert_len;
-        int ret = 0;
-        CBB cert;
-
-        if ((cert_len = i2d_X509(x, NULL)) < 0)
-                goto err;
-
-        if (!CBB_add_u24_length_prefixed(cbb, &cert))
-                goto err;
-        if (!CBB_add_space(&cert, &data, cert_len))
-                goto err;
-        if (i2d_X509(x, &data) < 0)
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-
-        ret = 1;
-
- err:
-        return (ret);
-}
-
-int
-ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk)
-{
-        X509_STORE_CTX *xs_ctx = NULL;
-        STACK_OF(X509) *chain;
-        CBB cert_list;
-        X509 *x;
-        int ret = 0;
-        int i;
-
-        if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
-                goto err;
-
-        /* Send an empty certificate list when no certificate is available. */
-        if (cpk == NULL)
-                goto done;
-
-        if ((chain = cpk->chain) == NULL)
-                chain = s->ctx->extra_certs;
-
-        if (chain != NULL || (s->mode & SSL_MODE_NO_AUTO_CHAIN)) {
-                if (!ssl3_add_cert(&cert_list, cpk->x509))
-                        goto err;
-        } else {
-                if ((xs_ctx = X509_STORE_CTX_new()) == NULL)
-                        goto err;
-                if (!X509_STORE_CTX_init(xs_ctx, s->ctx->cert_store,
-                    cpk->x509, NULL)) {
-                        SSLerror(s, ERR_R_X509_LIB);
-                        goto err;
-                }
-                X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xs_ctx),
-                    X509_V_FLAG_LEGACY_VERIFY);
-                X509_verify_cert(xs_ctx);
-                ERR_clear_error();
-                chain = X509_STORE_CTX_get0_chain(xs_ctx);
-        }
-
-        for (i = 0; i < sk_X509_num(chain); i++) {
-                x = sk_X509_value(chain, i);
-                if (!ssl3_add_cert(&cert_list, x))
-                        goto err;
-        }
-
- done:
-        if (!CBB_flush(cbb))
-                goto err;
-
-        ret = 1;
-
- err:
-        X509_STORE_CTX_free(xs_ctx);
-
-        return (ret);
-}
-
-/*
- * Obtain handshake message of message type 'mt' (any if mt == -1),
- * maximum acceptable body length 'max'.
- * The first four bytes (msg_type and length) are read in state 'st1',
- * the body is read in state 'stn'.
- */
-int
-ssl3_get_message(SSL *s, int st1, int stn, int mt, long max)
-{
-        unsigned char *p;
-        uint32_t l;
-        long n;
-        int i, al;
-        CBS cbs;
-        uint8_t u8;
-
-        if (SSL_is_dtls(s))
-                return dtls1_get_message(s, st1, stn, mt, max);
-
-        if (s->s3->hs.tls12.reuse_message) {
-                s->s3->hs.tls12.reuse_message = 0;
-                if ((mt >= 0) && (s->s3->hs.tls12.message_type != mt)) {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        goto fatal_err;
-                }
-                s->init_msg = s->init_buf->data +
-                    SSL3_HM_HEADER_LENGTH;
-                s->init_num = (int)s->s3->hs.tls12.message_size;
-                return 1;
-        }
-
-        p = (unsigned char *)s->init_buf->data;
-
-        if (s->s3->hs.state == st1) {
-                int skip_message;
-
-                do {
-                        while (s->init_num < SSL3_HM_HEADER_LENGTH) {
-                                i = s->method->ssl_read_bytes(s,
-                                    SSL3_RT_HANDSHAKE, &p[s->init_num],
-                                    SSL3_HM_HEADER_LENGTH - s->init_num, 0);
-                                if (i <= 0) {
-                                        s->rwstate = SSL_READING;
-                                        return i;
-                                }
-                                s->init_num += i;
-                        }
-
-                        skip_message = 0;
-                        if (!s->server && p[0] == SSL3_MT_HELLO_REQUEST) {
-                                /*
-                                 * The server may always send 'Hello Request'
-                                 * messages -- we are doing a handshake anyway
-                                 * now, so ignore them if their format is
-                                 * correct.  Does not count for 'Finished' MAC.
-                                 */
-                                if (p[1] == 0 && p[2] == 0 &&p[3] == 0) {
-                                        s->init_num = 0;
-                                        skip_message = 1;
-
-                                        ssl_msg_callback(s, 0,
-                                            SSL3_RT_HANDSHAKE, p,
-                                            SSL3_HM_HEADER_LENGTH);
-                                }
-                        }
-                } while (skip_message);
-
-                if ((mt >= 0) && (*p != mt)) {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        goto fatal_err;
-                }
-
-                CBS_init(&cbs, p, SSL3_HM_HEADER_LENGTH);
-                if (!CBS_get_u8(&cbs, &u8) ||
-                    !CBS_get_u24(&cbs, &l)) {
-                        SSLerror(s, ERR_R_BUF_LIB);
-                        goto err;
-                }
-                s->s3->hs.tls12.message_type = u8;
-
-                if (l > (unsigned long)max) {
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_EXCESSIVE_MESSAGE_SIZE);
-                        goto fatal_err;
-                }
-                if (l && !BUF_MEM_grow_clean(s->init_buf,
-                    l + SSL3_HM_HEADER_LENGTH)) {
-                        SSLerror(s, ERR_R_BUF_LIB);
-                        goto err;
-                }
-                s->s3->hs.tls12.message_size = l;
-                s->s3->hs.state = stn;
-
-                s->init_msg = s->init_buf->data +
-                    SSL3_HM_HEADER_LENGTH;
-                s->init_num = 0;
-        }
-
-        /* next state (stn) */
-        p = s->init_msg;
-        n = s->s3->hs.tls12.message_size - s->init_num;
-        while (n > 0) {
-                i = s->method->ssl_read_bytes(s, SSL3_RT_HANDSHAKE,
-                    &p[s->init_num], n, 0);
-                if (i <= 0) {
-                        s->rwstate = SSL_READING;
-                        return i;
-                }
-                s->init_num += i;
-                n -= i;
-        }
-
-        /* Feed this message into MAC computation. */
-        if (s->mac_packet) {
-                tls1_transcript_record(s, (unsigned char *)s->init_buf->data,
-                    s->init_num + SSL3_HM_HEADER_LENGTH);
-
-                ssl_msg_callback(s, 0, SSL3_RT_HANDSHAKE,
-                    s->init_buf->data,
-                    (size_t)s->init_num + SSL3_HM_HEADER_LENGTH);
-        }
-
-        return 1;
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        return -1;
-}
-
-int
-ssl_cert_type(EVP_PKEY *pkey)
-{
-        if (pkey == NULL)
-                return -1;
-
-        switch (EVP_PKEY_id(pkey)) {
-        case EVP_PKEY_EC:
-                return SSL_PKEY_ECC;
-        case EVP_PKEY_RSA:
-        case EVP_PKEY_RSA_PSS:
-                return SSL_PKEY_RSA;
-        }
-
-        return -1;
-}
-
-int
-ssl_verify_alarm_type(long type)
-{
-        int al;
-
-        switch (type) {
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
-        case X509_V_ERR_UNABLE_TO_GET_CRL:
-        case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER:
-                al = SSL_AD_UNKNOWN_CA;
-                break;
-        case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE:
-        case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE:
-        case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
-        case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
-        case X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD:
-        case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD:
-        case X509_V_ERR_CERT_NOT_YET_VALID:
-        case X509_V_ERR_CRL_NOT_YET_VALID:
-        case X509_V_ERR_CERT_UNTRUSTED:
-        case X509_V_ERR_CERT_REJECTED:
-                al = SSL_AD_BAD_CERTIFICATE;
-                break;
-        case X509_V_ERR_CERT_SIGNATURE_FAILURE:
-        case X509_V_ERR_CRL_SIGNATURE_FAILURE:
-                al = SSL_AD_DECRYPT_ERROR;
-                break;
-        case X509_V_ERR_CERT_HAS_EXPIRED:
-        case X509_V_ERR_CRL_HAS_EXPIRED:
-                al = SSL_AD_CERTIFICATE_EXPIRED;
-                break;
-        case X509_V_ERR_CERT_REVOKED:
-                al = SSL_AD_CERTIFICATE_REVOKED;
-                break;
-        case X509_V_ERR_OUT_OF_MEM:
-                al = SSL_AD_INTERNAL_ERROR;
-                break;
-        case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
-        case X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN:
-        case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY:
-        case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE:
-        case X509_V_ERR_CERT_CHAIN_TOO_LONG:
-        case X509_V_ERR_PATH_LENGTH_EXCEEDED:
-        case X509_V_ERR_INVALID_CA:
-                al = SSL_AD_UNKNOWN_CA;
-                break;
-        case X509_V_ERR_APPLICATION_VERIFICATION:
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                break;
-        case X509_V_ERR_INVALID_PURPOSE:
-                al = SSL_AD_UNSUPPORTED_CERTIFICATE;
-                break;
-        default:
-                al = SSL_AD_CERTIFICATE_UNKNOWN;
-                break;
-        }
-        return (al);
-}
-
-int
-ssl3_setup_init_buffer(SSL *s)
-{
-        BUF_MEM *buf = NULL;
-
-        if (s->init_buf != NULL)
-                return (1);
-
-        if ((buf = BUF_MEM_new()) == NULL)
-                goto err;
-        if (!BUF_MEM_grow(buf, SSL3_RT_MAX_PLAIN_LENGTH))
-                goto err;
-
-        s->init_buf = buf;
-        return (1);
-
- err:
-        BUF_MEM_free(buf);
-        return (0);
-}
-
-void
-ssl3_release_init_buffer(SSL *s)
-{
-        BUF_MEM_free(s->init_buf);
-        s->init_buf = NULL;
-        s->init_msg = NULL;
-        s->init_num = 0;
-        s->init_off = 0;
-}
-
-int
-ssl3_setup_read_buffer(SSL *s)
-{
-        unsigned char *p;
-        size_t len, align, headerlen;
-
-        if (SSL_is_dtls(s))
-                headerlen = DTLS1_RT_HEADER_LENGTH;
-        else
-                headerlen = SSL3_RT_HEADER_LENGTH;
-
-        align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-
-        if (s->s3->rbuf.buf == NULL) {
-                len = SSL3_RT_MAX_PLAIN_LENGTH +
-                    SSL3_RT_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-                if ((p = calloc(1, len)) == NULL)
-                        goto err;
-                s->s3->rbuf.buf = p;
-                s->s3->rbuf.len = len;
-        }
-
-        s->packet = s->s3->rbuf.buf;
-        return 1;
-
- err:
-        SSLerror(s, ERR_R_MALLOC_FAILURE);
-        return 0;
-}
-
-int
-ssl3_setup_write_buffer(SSL *s)
-{
-        unsigned char *p;
-        size_t len, align, headerlen;
-
-        if (SSL_is_dtls(s))
-                headerlen = DTLS1_RT_HEADER_LENGTH + 1;
-        else
-                headerlen = SSL3_RT_HEADER_LENGTH;
-
-        align = (-SSL3_RT_HEADER_LENGTH) & (SSL3_ALIGN_PAYLOAD - 1);
-
-        if (s->s3->wbuf.buf == NULL) {
-                len = s->max_send_fragment +
-                    SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD + headerlen + align;
-                if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS))
-                        len += headerlen + align +
-                            SSL3_RT_SEND_MAX_ENCRYPTED_OVERHEAD;
-
-                if ((p = calloc(1, len)) == NULL)
-                        goto err;
-                s->s3->wbuf.buf = p;
-                s->s3->wbuf.len = len;
-        }
-
-        return 1;
-
- err:
-        SSLerror(s, ERR_R_MALLOC_FAILURE);
-        return 0;
-}
-
-int
-ssl3_setup_buffers(SSL *s)
-{
-        if (!ssl3_setup_read_buffer(s))
-                return 0;
-        if (!ssl3_setup_write_buffer(s))
-                return 0;
-        return 1;
-}
-
-void
-ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b)
-{
-        freezero(b->buf, b->len);
-        b->buf = NULL;
-        b->len = 0;
-}
-
-void
-ssl3_release_read_buffer(SSL *s)
-{
-        ssl3_release_buffer(&s->s3->rbuf);
-}
-
-void
-ssl3_release_write_buffer(SSL *s)
-{
-        ssl3_release_buffer(&s->s3->wbuf);
-}
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c
deleted file mode 100644
index 5b2fe1a48d..0000000000
--- a/src/lib/libssl/ssl_cert.c
+++ /dev/null
@@ -1,737 +0,0 @@
-/* $OpenBSD: ssl_cert.c,v 1.108 2024/02/03 15:58:33 beck Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-
-#include <sys/types.h>
-
-#include <dirent.h>
-#include <stdio.h>
-#include <unistd.h>
-
-#include <openssl/bio.h>
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-#include <openssl/pem.h>
-#include <openssl/x509v3.h>
-
-#include "ssl_local.h"
-
-int
-SSL_get_ex_data_X509_STORE_CTX_idx(void)
-{
-        static volatile int ssl_x509_store_ctx_idx = -1;
-        int got_write_lock = 0;
-
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-
-        if (ssl_x509_store_ctx_idx < 0) {
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-                got_write_lock = 1;
-
-                if (ssl_x509_store_ctx_idx < 0) {
-                        ssl_x509_store_ctx_idx =
-                            X509_STORE_CTX_get_ex_new_index(
-                                0, "SSL for verify callback", NULL, NULL, NULL);
-                }
-        }
-
-        if (got_write_lock)
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        else
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-
-        return ssl_x509_store_ctx_idx;
-}
-LSSL_ALIAS(SSL_get_ex_data_X509_STORE_CTX_idx);
-
-SSL_CERT *
-ssl_cert_new(void)
-{
-        SSL_CERT *ret;
-
-        ret = calloc(1, sizeof(SSL_CERT));
-        if (ret == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (NULL);
-        }
-        ret->key = &(ret->pkeys[SSL_PKEY_RSA]);
-        ret->references = 1;
-        ret->security_cb = ssl_security_default_cb;
-        ret->security_level = OPENSSL_TLS_SECURITY_LEVEL;
-        ret->security_ex_data = NULL;
-        return (ret);
-}
-
-SSL_CERT *
-ssl_cert_dup(SSL_CERT *cert)
-{
-        SSL_CERT *ret;
-        int i;
-
-        ret = calloc(1, sizeof(SSL_CERT));
-        if (ret == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (NULL);
-        }
-
-        /*
-         * same as ret->key = ret->pkeys + (cert->key - cert->pkeys),
-         * if you find that more readable
-         */
-        ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]];
-
-        ret->valid = cert->valid;
-        ret->mask_k = cert->mask_k;
-        ret->mask_a = cert->mask_a;
-
-        if (cert->dhe_params != NULL) {
-                ret->dhe_params = DHparams_dup(cert->dhe_params);
-                if (ret->dhe_params == NULL) {
-                        SSLerrorx(ERR_R_DH_LIB);
-                        goto err;
-                }
-        }
-        ret->dhe_params_cb = cert->dhe_params_cb;
-        ret->dhe_params_auto = cert->dhe_params_auto;
-
-        for (i = 0; i < SSL_PKEY_NUM; i++) {
-                if (cert->pkeys[i].x509 != NULL) {
-                        ret->pkeys[i].x509 = cert->pkeys[i].x509;
-                        X509_up_ref(ret->pkeys[i].x509);
-                }
-
-                if (cert->pkeys[i].privatekey != NULL) {
-                        ret->pkeys[i].privatekey = cert->pkeys[i].privatekey;
-                        EVP_PKEY_up_ref(ret->pkeys[i].privatekey);
-                        switch (i) {
-                                /*
-                                 * If there was anything special to do for
-                                 * certain types of keys, we'd do it here.
-                                 * (Nothing at the moment, I think.)
-                                 */
-
-                        case SSL_PKEY_RSA:
-                                /* We have an RSA key. */
-                                break;
-
-                        case SSL_PKEY_ECC:
-                                /* We have an ECC key */
-                                break;
-
-                        default:
-                                /* Can't happen. */
-                                SSLerrorx(SSL_R_LIBRARY_BUG);
-                        }
-                }
-
-                if (cert->pkeys[i].chain != NULL) {
-                        if ((ret->pkeys[i].chain =
-                            X509_chain_up_ref(cert->pkeys[i].chain)) == NULL)
-                                goto err;
-                }
-        }
-
-        ret->security_cb = cert->security_cb;
-        ret->security_level = cert->security_level;
-        ret->security_ex_data = cert->security_ex_data;
-
-        /*
-         * ret->extra_certs *should* exist, but currently the own certificate
-         * chain is held inside SSL_CTX
-         */
-
-        ret->references = 1;
-
-        return (ret);
-
- err:
-        DH_free(ret->dhe_params);
-
-        for (i = 0; i < SSL_PKEY_NUM; i++) {
-                X509_free(ret->pkeys[i].x509);
-                EVP_PKEY_free(ret->pkeys[i].privatekey);
-                sk_X509_pop_free(ret->pkeys[i].chain, X509_free);
-        }
-        free (ret);
-        return NULL;
-}
-
-
-void
-ssl_cert_free(SSL_CERT *c)
-{
-        int i;
-
-        if (c == NULL)
-                return;
-
-        i = CRYPTO_add(&c->references, -1, CRYPTO_LOCK_SSL_CERT);
-        if (i > 0)
-                return;
-
-        DH_free(c->dhe_params);
-
-        for (i = 0; i < SSL_PKEY_NUM; i++) {
-                X509_free(c->pkeys[i].x509);
-                EVP_PKEY_free(c->pkeys[i].privatekey);
-                sk_X509_pop_free(c->pkeys[i].chain, X509_free);
-        }
-
-        free(c);
-}
-
-SSL_CERT *
-ssl_get0_cert(SSL_CTX *ctx, SSL *ssl)
-{
-        if (ssl != NULL)
-                return ssl->cert;
-
-        return ctx->cert;
-}
-
-int
-ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain)
-{
-        SSL_CERT *ssl_cert;
-        SSL_CERT_PKEY *cpk;
-        X509 *x509;
-        int ssl_err;
-        int i;
-
-        if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL)
-                return 0;
-
-        if ((cpk = ssl_cert->key) == NULL)
-                return 0;
-
-        for (i = 0; i < sk_X509_num(chain); i++) {
-                x509 = sk_X509_value(chain, i);
-                if (!ssl_security_cert(ctx, ssl, x509, 0, &ssl_err)) {
-                        SSLerrorx(ssl_err);
-                        return 0;
-                }
-        }
-
-        sk_X509_pop_free(cpk->chain, X509_free);
-        cpk->chain = chain;
-
-        return 1;
-}
-
-int
-ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain)
-{
-        STACK_OF(X509) *new_chain = NULL;
-
-        if (chain != NULL) {
-                if ((new_chain = X509_chain_up_ref(chain)) == NULL)
-                        return 0;
-        }
-        if (!ssl_cert_set0_chain(ctx, ssl, new_chain)) {
-                sk_X509_pop_free(new_chain, X509_free);
-                return 0;
-        }
-
-        return 1;
-}
-
-int
-ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert)
-{
-        SSL_CERT *ssl_cert;
-        SSL_CERT_PKEY *cpk;
-        int ssl_err;
-
-        if ((ssl_cert = ssl_get0_cert(ctx, ssl)) == NULL)
-                return 0;
-
-        if ((cpk = ssl_cert->key) == NULL)
-                return 0;
-
-        if (!ssl_security_cert(ctx, ssl, cert, 0, &ssl_err)) {
-                SSLerrorx(ssl_err);
-                return 0;
-        }
-
-        if (cpk->chain == NULL) {
-                if ((cpk->chain = sk_X509_new_null()) == NULL)
-                        return 0;
-        }
-        if (!sk_X509_push(cpk->chain, cert))
-                return 0;
-
-        return 1;
-}
-
-int
-ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert)
-{
-        if (!ssl_cert_add0_chain_cert(ctx, ssl, cert))
-                return 0;
-
-        X509_up_ref(cert);
-
-        return 1;
-}
-
-int
-ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *certs)
-{
-        X509_STORE_CTX *ctx = NULL;
-        X509_VERIFY_PARAM *param;
-        X509 *cert;
-        int ret = 0;
-
-        if (sk_X509_num(certs) < 1)
-                goto err;
-
-        if ((ctx = X509_STORE_CTX_new()) == NULL)
-                goto err;
-
-        cert = sk_X509_value(certs, 0);
-        if (!X509_STORE_CTX_init(ctx, s->ctx->cert_store, cert, certs)) {
-                SSLerror(s, ERR_R_X509_LIB);
-                goto err;
-        }
-        X509_STORE_CTX_set_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s);
-
-        /*
-         * We need to inherit the verify parameters. These can be
-         * determined by the context: if its a server it will verify
-         * SSL client certificates or vice versa.
-         */
-        X509_STORE_CTX_set_default(ctx, s->server ? "ssl_client" : "ssl_server");
-
-        param = X509_STORE_CTX_get0_param(ctx);
-
-        X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
-
-        /*
-         * Anything non-default in "param" should overwrite anything
-         * in the ctx.
-         */
-        X509_VERIFY_PARAM_set1(param, s->param);
-
-        if (s->verify_callback)
-                X509_STORE_CTX_set_verify_cb(ctx, s->verify_callback);
-
-        if (s->ctx->app_verify_callback != NULL)
-                ret = s->ctx->app_verify_callback(ctx,
-                    s->ctx->app_verify_arg);
-        else
-                ret = X509_verify_cert(ctx);
-
-        s->verify_result = X509_STORE_CTX_get_error(ctx);
-        sk_X509_pop_free(s->s3->hs.verified_chain, X509_free);
-        s->s3->hs.verified_chain = NULL;
-        if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
-                s->s3->hs.verified_chain = X509_STORE_CTX_get1_chain(ctx);
-                if (s->s3->hs.verified_chain == NULL) {
-                        SSLerrorx(ERR_R_MALLOC_FAILURE);
-                        ret = 0;
-                }
-        }
-
- err:
-        X509_STORE_CTX_free(ctx);
-
-        return (ret);
-}
-
-static void
-set_client_CA_list(STACK_OF(X509_NAME) **ca_list,
-    STACK_OF(X509_NAME) *name_list)
-{
-        sk_X509_NAME_pop_free(*ca_list, X509_NAME_free);
-        *ca_list = name_list;
-}
-
-STACK_OF(X509_NAME) *
-SSL_dup_CA_list(const STACK_OF(X509_NAME) *sk)
-{
-        int i;
-        STACK_OF(X509_NAME) *ret;
-        X509_NAME *name = NULL;
-
-        if ((ret = sk_X509_NAME_new_null()) == NULL)
-                goto err;
-
-        for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                if ((name = X509_NAME_dup(sk_X509_NAME_value(sk, i))) == NULL)
-                        goto err;
-                if (!sk_X509_NAME_push(ret, name))
-                        goto err;
-        }
-        return (ret);
-
- err:
-        X509_NAME_free(name);
-        sk_X509_NAME_pop_free(ret, X509_NAME_free);
-        return NULL;
-}
-LSSL_ALIAS(SSL_dup_CA_list);
-
-void
-SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *name_list)
-{
-        set_client_CA_list(&(s->client_CA), name_list);
-}
-LSSL_ALIAS(SSL_set_client_CA_list);
-
-void
-SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *name_list)
-{
-        set_client_CA_list(&(ctx->client_CA), name_list);
-}
-LSSL_ALIAS(SSL_CTX_set_client_CA_list);
-
-STACK_OF(X509_NAME) *
-SSL_CTX_get_client_CA_list(const SSL_CTX *ctx)
-{
-        return (ctx->client_CA);
-}
-LSSL_ALIAS(SSL_CTX_get_client_CA_list);
-
-STACK_OF(X509_NAME) *
-SSL_get_client_CA_list(const SSL *s)
-{
-        if (!s->server) {
-                /* We are in the client. */
-                if ((s->version >> 8) == SSL3_VERSION_MAJOR)
-                        return (s->s3->hs.tls12.ca_names);
-                else
-                        return (NULL);
-        } else {
-                if (s->client_CA != NULL)
-                        return (s->client_CA);
-                else
-                        return (s->ctx->client_CA);
-        }
-}
-LSSL_ALIAS(SSL_get_client_CA_list);
-
-static int
-add_client_CA(STACK_OF(X509_NAME) **sk, X509 *x)
-{
-        X509_NAME *name;
-
-        if (x == NULL)
-                return (0);
-        if ((*sk == NULL) && ((*sk = sk_X509_NAME_new_null()) == NULL))
-                return (0);
-
-        if ((name = X509_NAME_dup(X509_get_subject_name(x))) == NULL)
-                return (0);
-
-        if (!sk_X509_NAME_push(*sk, name)) {
-                X509_NAME_free(name);
-                return (0);
-        }
-        return (1);
-}
-
-int
-SSL_add_client_CA(SSL *ssl, X509 *x)
-{
-        return (add_client_CA(&(ssl->client_CA), x));
-}
-LSSL_ALIAS(SSL_add_client_CA);
-
-int
-SSL_CTX_add_client_CA(SSL_CTX *ctx, X509 *x)
-{
-        return (add_client_CA(&(ctx->client_CA), x));
-}
-LSSL_ALIAS(SSL_CTX_add_client_CA);
-
-static int
-xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
-{
-        return (X509_NAME_cmp(*a, *b));
-}
-
-/*!
- * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed;
- * it doesn't really have anything to do with clients (except that a common use
- * for a stack of CAs is to send it to the client). Actually, it doesn't have
- * much to do with CAs, either, since it will load any old cert.
- * \param file the file containing one or more certs.
- * \return a ::STACK containing the certs.
- */
-STACK_OF(X509_NAME) *
-SSL_load_client_CA_file(const char *file)
-{
-        BIO *in;
-        X509 *x = NULL;
-        X509_NAME *xn = NULL;
-        STACK_OF(X509_NAME) *ret = NULL, *sk;
-
-        sk = sk_X509_NAME_new(xname_cmp);
-
-        in = BIO_new(BIO_s_file());
-
-        if ((sk == NULL) || (in == NULL)) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        if (!BIO_read_filename(in, file))
-                goto err;
-
-        for (;;) {
-                if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
-                        break;
-                if (ret == NULL) {
-                        ret = sk_X509_NAME_new_null();
-                        if (ret == NULL) {
-                                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                }
-                if ((xn = X509_get_subject_name(x)) == NULL)
-                        goto err;
-                /* check for duplicates */
-                xn = X509_NAME_dup(xn);
-                if (xn == NULL)
-                        goto err;
-                if (sk_X509_NAME_find(sk, xn) >= 0)
-                        X509_NAME_free(xn);
-                else {
-                        if (!sk_X509_NAME_push(sk, xn))
-                                goto err;
-                        if (!sk_X509_NAME_push(ret, xn))
-                                goto err;
-                }
-        }
-
-        if (0) {
- err:
-                sk_X509_NAME_pop_free(ret, X509_NAME_free);
-                ret = NULL;
-        }
-        sk_X509_NAME_free(sk);
-        BIO_free(in);
-        X509_free(x);
-        if (ret != NULL)
-                ERR_clear_error();
-
-        return (ret);
-}
-LSSL_ALIAS(SSL_load_client_CA_file);
-
-/*!
- * Add a file of certs to a stack.
- * \param stack the stack to add to.
- * \param file the file to add from. All certs in this file that are not
- * already in the stack will be added.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int
-SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack,
-    const char *file)
-{
-        BIO *in;
-        X509 *x = NULL;
-        X509_NAME *xn = NULL;
-        int ret = 1;
-        int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b);
-
-        oldcmp = sk_X509_NAME_set_cmp_func(stack, xname_cmp);
-
-        in = BIO_new(BIO_s_file());
-
-        if (in == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        if (!BIO_read_filename(in, file))
-                goto err;
-
-        for (;;) {
-                if (PEM_read_bio_X509(in, &x, NULL, NULL) == NULL)
-                        break;
-                if ((xn = X509_get_subject_name(x)) == NULL)
-                        goto err;
-                xn = X509_NAME_dup(xn);
-                if (xn == NULL)
-                        goto err;
-                if (sk_X509_NAME_find(stack, xn) >= 0)
-                        X509_NAME_free(xn);
-                else
-                        if (!sk_X509_NAME_push(stack, xn))
-                                goto err;
-        }
-
-        ERR_clear_error();
-
-        if (0) {
- err:
-                ret = 0;
-        }
-        BIO_free(in);
-        X509_free(x);
-
-        (void)sk_X509_NAME_set_cmp_func(stack, oldcmp);
-
-        return ret;
-}
-LSSL_ALIAS(SSL_add_file_cert_subjects_to_stack);
-
-/*!
- * Add a directory of certs to a stack.
- * \param stack the stack to append to.
- * \param dir the directory to append from. All files in this directory will be
- * examined as potential certs. Any that are acceptable to
- * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will
- * be included.
- * \return 1 for success, 0 for failure. Note that in the case of failure some
- * certs may have been added to \c stack.
- */
-
-int
-SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, const char *dir)
-{
-        DIR *dirp = NULL;
-        char *path = NULL;
-        int ret = 0;
-
-        dirp = opendir(dir);
-        if (dirp) {
-                struct dirent *dp;
-                while ((dp = readdir(dirp)) != NULL) {
-                        if (asprintf(&path, "%s/%s", dir, dp->d_name) != -1) {
-                                ret = SSL_add_file_cert_subjects_to_stack(
-                                    stack, path);
-                                free(path);
-                        }
-                        if (!ret)
-                                break;
-                }
-                (void) closedir(dirp);
-        }
-        if (!ret) {
-                SYSerror(errno);
-                ERR_asprintf_error_data("opendir ('%s')", dir);
-                SSLerrorx(ERR_R_SYS_LIB);
-        }
-        return ret;
-}
-LSSL_ALIAS(SSL_add_dir_cert_subjects_to_stack);
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c
deleted file mode 100644
index 7d84e42cfe..0000000000
--- a/src/lib/libssl/ssl_ciph.c
+++ /dev/null
@@ -1,1631 +0,0 @@
-/* $OpenBSD: ssl_ciph.c,v 1.151 2025/01/18 12:20:37 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-
-#include "ssl_local.h"
-
-#define CIPHER_ADD      1
-#define CIPHER_KILL     2
-#define CIPHER_DEL      3
-#define CIPHER_ORD      4
-#define CIPHER_SPECIAL  5
-
-typedef struct cipher_order_st {
-        const SSL_CIPHER *cipher;
-        int active;
-        int dead;
-        struct cipher_order_st *next, *prev;
-} CIPHER_ORDER;
-
-static const SSL_CIPHER cipher_aliases[] = {
-
-        /* "ALL" doesn't include eNULL (must be specifically enabled) */
-        {
-                .name = SSL_TXT_ALL,
-                .algorithm_enc = ~SSL_eNULL,
-        },
-
-        /* "COMPLEMENTOFALL" */
-        {
-                .name = SSL_TXT_CMPALL,
-                .algorithm_enc = SSL_eNULL,
-        },
-
-        /*
-         * "COMPLEMENTOFDEFAULT"
-         * (does *not* include ciphersuites not found in ALL!)
-         */
-        {
-                .name = SSL_TXT_CMPDEF,
-                .algorithm_mkey = SSL_kDHE|SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-                .algorithm_enc = ~SSL_eNULL,
-        },
-
-        /*
-         * key exchange aliases
-         * (some of those using only a single bit here combine multiple key
-         * exchange algs according to the RFCs, e.g. kEDH combines DHE_DSS
-         * and DHE_RSA)
-         */
-        {
-                .name = SSL_TXT_kRSA,
-                .algorithm_mkey = SSL_kRSA,
-        },
-        {
-                .name = SSL_TXT_kEDH,
-                .algorithm_mkey = SSL_kDHE,
-        },
-        {
-                .name = SSL_TXT_DH,
-                .algorithm_mkey = SSL_kDHE,
-        },
-        {
-                .name = SSL_TXT_kEECDH,
-                .algorithm_mkey = SSL_kECDHE,
-        },
-        {
-                .name = SSL_TXT_ECDH,
-                .algorithm_mkey = SSL_kECDHE,
-        },
-
-        /* server authentication aliases */
-        {
-                .name = SSL_TXT_aRSA,
-                .algorithm_auth = SSL_aRSA,
-        },
-        {
-                .name = SSL_TXT_aNULL,
-                .algorithm_auth = SSL_aNULL,
-        },
-        {
-                .name = SSL_TXT_aECDSA,
-                .algorithm_auth = SSL_aECDSA,
-        },
-        {
-                .name = SSL_TXT_ECDSA,
-                .algorithm_auth = SSL_aECDSA,
-        },
-
-        /* aliases combining key exchange and server authentication */
-        {
-                .name = SSL_TXT_DHE,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = ~SSL_aNULL,
-        },
-        {
-                .name = SSL_TXT_EDH,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = ~SSL_aNULL,
-        },
-        {
-                .name = SSL_TXT_ECDHE,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = ~SSL_aNULL,
-        },
-        {
-                .name = SSL_TXT_EECDH,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = ~SSL_aNULL,
-        },
-        {
-                .name = SSL_TXT_NULL,
-                .algorithm_enc = SSL_eNULL,
-        },
-        {
-                .name = SSL_TXT_RSA,
-                .algorithm_mkey = SSL_kRSA,
-                .algorithm_auth = SSL_aRSA,
-        },
-        {
-                .name = SSL_TXT_ADH,
-                .algorithm_mkey = SSL_kDHE,
-                .algorithm_auth = SSL_aNULL,
-        },
-        {
-                .name = SSL_TXT_AECDH,
-                .algorithm_mkey = SSL_kECDHE,
-                .algorithm_auth = SSL_aNULL,
-        },
-
-        /* symmetric encryption aliases */
-        {
-                .name = SSL_TXT_3DES,
-                .algorithm_enc = SSL_3DES,
-        },
-        {
-                .name = SSL_TXT_RC4,
-                .algorithm_enc = SSL_RC4,
-        },
-        {
-                .name = SSL_TXT_eNULL,
-                .algorithm_enc = SSL_eNULL,
-        },
-        {
-                .name = SSL_TXT_AES128,
-                .algorithm_enc = SSL_AES128|SSL_AES128GCM,
-        },
-        {
-                .name = SSL_TXT_AES256,
-                .algorithm_enc = SSL_AES256|SSL_AES256GCM,
-        },
-        {
-                .name = SSL_TXT_AES,
-                .algorithm_enc = SSL_AES,
-        },
-        {
-                .name = SSL_TXT_AES_GCM,
-                .algorithm_enc = SSL_AES128GCM|SSL_AES256GCM,
-        },
-        {
-                .name = SSL_TXT_CAMELLIA128,
-                .algorithm_enc = SSL_CAMELLIA128,
-        },
-        {
-                .name = SSL_TXT_CAMELLIA256,
-                .algorithm_enc = SSL_CAMELLIA256,
-        },
-        {
-                .name = SSL_TXT_CAMELLIA,
-                .algorithm_enc = SSL_CAMELLIA128|SSL_CAMELLIA256,
-        },
-        {
-                .name = SSL_TXT_CHACHA20,
-                .algorithm_enc = SSL_CHACHA20POLY1305,
-        },
-
-        /* MAC aliases */
-        {
-                .name = SSL_TXT_AEAD,
-                .algorithm_mac = SSL_AEAD,
-        },
-        {
-                .name = SSL_TXT_MD5,
-                .algorithm_mac = SSL_MD5,
-        },
-        {
-                .name = SSL_TXT_SHA1,
-                .algorithm_mac = SSL_SHA1,
-        },
-        {
-                .name = SSL_TXT_SHA,
-                .algorithm_mac = SSL_SHA1,
-        },
-        {
-                .name = SSL_TXT_SHA256,
-                .algorithm_mac = SSL_SHA256,
-        },
-        {
-                .name = SSL_TXT_SHA384,
-                .algorithm_mac = SSL_SHA384,
-        },
-
-        /* protocol version aliases */
-        {
-                .name = SSL_TXT_SSLV3,
-                .algorithm_ssl = SSL_SSLV3,
-        },
-        {
-                .name = SSL_TXT_TLSV1,
-                .algorithm_ssl = SSL_TLSV1,
-        },
-        {
-                .name = SSL_TXT_TLSV1_2,
-                .algorithm_ssl = SSL_TLSV1_2,
-        },
-        {
-                .name = SSL_TXT_TLSV1_3,
-                .algorithm_ssl = SSL_TLSV1_3,
-        },
-
-        /* cipher suite aliases */
-#ifdef LIBRESSL_HAS_TLS1_3
-        {
-                .value = 0x1301,
-                .name = "TLS_AES_128_GCM_SHA256",
-                .algorithm_ssl = SSL_TLSV1_3,
-        },
-        {
-                .value = 0x1302,
-                .name = "TLS_AES_256_GCM_SHA384",
-                .algorithm_ssl = SSL_TLSV1_3,
-        },
-        {
-                .value = 0x1303,
-                .name = "TLS_CHACHA20_POLY1305_SHA256",
-                .algorithm_ssl = SSL_TLSV1_3,
-        },
-#endif
-
-        /* strength classes */
-        {
-                .name = SSL_TXT_LOW,
-                .algo_strength = SSL_LOW,
-        },
-        {
-                .name = SSL_TXT_MEDIUM,
-                .algo_strength = SSL_MEDIUM,
-        },
-        {
-                .name = SSL_TXT_HIGH,
-                .algo_strength = SSL_HIGH,
-        },
-};
-
-int
-ssl_cipher_get_evp(SSL *s, const EVP_CIPHER **enc, const EVP_MD **md,
-    int *mac_pkey_type, int *mac_secret_size)
-{
-        const SSL_CIPHER *cipher;
-
-        *enc = NULL;
-        *md = NULL;
-        *mac_pkey_type = NID_undef;
-        *mac_secret_size = 0;
-
-        if ((cipher = s->s3->hs.cipher) == NULL)
-                return 0;
-
-        /*
-         * This function does not handle EVP_AEAD.
-         * See ssl_cipher_get_evp_aead instead.
-         */
-        if (cipher->algorithm_mac & SSL_AEAD)
-                return 0;
-
-        switch (cipher->algorithm_enc) {
-        case SSL_3DES:
-                *enc = EVP_des_ede3_cbc();
-                break;
-        case SSL_RC4:
-                *enc = EVP_rc4();
-                break;
-        case SSL_eNULL:
-                *enc = EVP_enc_null();
-                break;
-        case SSL_AES128:
-                *enc = EVP_aes_128_cbc();
-                break;
-        case SSL_AES256:
-                *enc = EVP_aes_256_cbc();
-                break;
-        case SSL_CAMELLIA128:
-                *enc = EVP_camellia_128_cbc();
-                break;
-        case SSL_CAMELLIA256:
-                *enc = EVP_camellia_256_cbc();
-                break;
-        }
-
-        switch (cipher->algorithm_mac) {
-        case SSL_MD5:
-                *md = EVP_md5();
-                break;
-        case SSL_SHA1:
-                *md = EVP_sha1();
-                break;
-        case SSL_SHA256:
-                *md = EVP_sha256();
-                break;
-        case SSL_SHA384:
-                *md = EVP_sha384();
-                break;
-        }
-        if (*enc == NULL || *md == NULL)
-                return 0;
-
-        /* XXX remove these from ssl_cipher_get_evp? */
-        /*
-         * EVP_CIPH_FLAG_AEAD_CIPHER and EVP_CIPH_GCM_MODE ciphers are not
-         * supported via EVP_CIPHER (they should be using EVP_AEAD instead).
-         */
-        if (EVP_CIPHER_flags(*enc) & EVP_CIPH_FLAG_AEAD_CIPHER)
-                return 0;
-        if (EVP_CIPHER_mode(*enc) == EVP_CIPH_GCM_MODE)
-                return 0;
-
-        *mac_pkey_type = EVP_PKEY_HMAC;
-        *mac_secret_size = EVP_MD_size(*md);
-        return 1;
-}
-
-/*
- * ssl_cipher_get_evp_aead sets aead to point to the correct EVP_AEAD object
- * for s->cipher. It returns 1 on success and 0 on error.
- */
-int
-ssl_cipher_get_evp_aead(SSL *s, const EVP_AEAD **aead)
-{
-        const SSL_CIPHER *cipher;
-
-        *aead = NULL;
-
-        if ((cipher = s->s3->hs.cipher) == NULL)
-                return 0;
-        if ((cipher->algorithm_mac & SSL_AEAD) == 0)
-                return 0;
-
-        switch (cipher->algorithm_enc) {
-        case SSL_AES128GCM:
-                *aead = EVP_aead_aes_128_gcm();
-                return 1;
-        case SSL_AES256GCM:
-                *aead = EVP_aead_aes_256_gcm();
-                return 1;
-        case SSL_CHACHA20POLY1305:
-                *aead = EVP_aead_chacha20_poly1305();
-                return 1;
-        default:
-                break;
-        }
-        return 0;
-}
-
-int
-ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md)
-{
-        const SSL_CIPHER *cipher;
-
-        *md = NULL;
-
-        if ((cipher = s->s3->hs.cipher) == NULL)
-                return 0;
-
-        switch (cipher->algorithm2 & SSL_HANDSHAKE_MAC_MASK) {
-        case SSL_HANDSHAKE_MAC_SHA256:
-                *md = EVP_sha256();
-                return 1;
-        case SSL_HANDSHAKE_MAC_SHA384:
-                *md = EVP_sha384();
-                return 1;
-        default:
-                break;
-        }
-
-        return 0;
-}
-
-#define ITEM_SEP(a) \
-        (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ','))
-
-static void
-ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-    CIPHER_ORDER **tail)
-{
-        if (curr == *tail)
-                return;
-        if (curr == *head)
-                *head = curr->next;
-        if (curr->prev != NULL)
-                curr->prev->next = curr->next;
-        if (curr->next != NULL)
-                curr->next->prev = curr->prev;
-        (*tail)->next = curr;
-        curr->prev= *tail;
-        curr->next = NULL;
-        *tail = curr;
-}
-
-static void
-ll_append_head(CIPHER_ORDER **head, CIPHER_ORDER *curr,
-    CIPHER_ORDER **tail)
-{
-        if (curr == *head)
-                return;
-        if (curr == *tail)
-                *tail = curr->prev;
-        if (curr->next != NULL)
-                curr->next->prev = curr->prev;
-        if (curr->prev != NULL)
-                curr->prev->next = curr->next;
-        (*head)->prev = curr;
-        curr->next= *head;
-        curr->prev = NULL;
-        *head = curr;
-}
-
-static void
-ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, int num_of_ciphers,
-    unsigned long disabled_mkey, unsigned long disabled_auth,
-    unsigned long disabled_enc, unsigned long disabled_mac,
-    unsigned long disabled_ssl, CIPHER_ORDER *co_list,
-    CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-{
-        int i, co_list_num;
-        const SSL_CIPHER *c;
-
-        /*
-         * We have num_of_ciphers descriptions compiled in, depending on the
-         * method selected (SSLv3, TLSv1, etc). These will later be sorted in
-         * a linked list with at most num entries.
-         */
-
-        /*
-         * Get the initial list of ciphers, iterating backwards over the
-         * cipher list - the list is ordered by cipher value and we currently
-         * hope that ciphers with higher cipher values are preferable...
-         */
-        co_list_num = 0;        /* actual count of ciphers */
-        for (i = num_of_ciphers - 1; i >= 0; i--) {
-                c = ssl3_get_cipher_by_index(i);
-
-                /*
-                 * Drop any invalid ciphers and any which use unavailable
-                 * algorithms.
-                 */
-                if ((c != NULL) &&
-                    !(c->algorithm_mkey & disabled_mkey) &&
-                    !(c->algorithm_auth & disabled_auth) &&
-                    !(c->algorithm_enc & disabled_enc) &&
-                    !(c->algorithm_mac & disabled_mac) &&
-                    !(c->algorithm_ssl & disabled_ssl)) {
-                        co_list[co_list_num].cipher = c;
-                        co_list[co_list_num].next = NULL;
-                        co_list[co_list_num].prev = NULL;
-                        co_list[co_list_num].active = 0;
-                        co_list_num++;
-                }
-        }
-
-        /*
-         * Prepare linked list from list entries
-         */
-        if (co_list_num > 0) {
-                co_list[0].prev = NULL;
-
-                if (co_list_num > 1) {
-                        co_list[0].next = &co_list[1];
-
-                        for (i = 1; i < co_list_num - 1; i++) {
-                                co_list[i].prev = &co_list[i - 1];
-                                co_list[i].next = &co_list[i + 1];
-                        }
-
-                        co_list[co_list_num - 1].prev =
-                            &co_list[co_list_num - 2];
-                }
-
-                co_list[co_list_num - 1].next = NULL;
-
-                *head_p = &co_list[0];
-                *tail_p = &co_list[co_list_num - 1];
-        }
-}
-
-static void
-ssl_cipher_collect_aliases(const SSL_CIPHER **ca_list, int num_of_group_aliases,
-    unsigned long disabled_mkey, unsigned long disabled_auth,
-    unsigned long disabled_enc, unsigned long disabled_mac,
-    unsigned long disabled_ssl, CIPHER_ORDER *head)
-{
-        CIPHER_ORDER *ciph_curr;
-        const SSL_CIPHER **ca_curr;
-        int i;
-        unsigned long mask_mkey = ~disabled_mkey;
-        unsigned long mask_auth = ~disabled_auth;
-        unsigned long mask_enc = ~disabled_enc;
-        unsigned long mask_mac = ~disabled_mac;
-        unsigned long mask_ssl = ~disabled_ssl;
-
-        /*
-         * First, add the real ciphers as already collected
-         */
-        ciph_curr = head;
-        ca_curr = ca_list;
-        while (ciph_curr != NULL) {
-                *ca_curr = ciph_curr->cipher;
-                ca_curr++;
-                ciph_curr = ciph_curr->next;
-        }
-
-        /*
-         * Now we add the available ones from the cipher_aliases[] table.
-         * They represent either one or more algorithms, some of which
-         * in any affected category must be supported (set in enabled_mask),
-         * or represent a cipher strength value (will be added in any case because algorithms=0).
-         */
-        for (i = 0; i < num_of_group_aliases; i++) {
-                unsigned long algorithm_mkey = cipher_aliases[i].algorithm_mkey;
-                unsigned long algorithm_auth = cipher_aliases[i].algorithm_auth;
-                unsigned long algorithm_enc = cipher_aliases[i].algorithm_enc;
-                unsigned long algorithm_mac = cipher_aliases[i].algorithm_mac;
-                unsigned long algorithm_ssl = cipher_aliases[i].algorithm_ssl;
-
-                if (algorithm_mkey)
-                        if ((algorithm_mkey & mask_mkey) == 0)
-                                continue;
-
-                if (algorithm_auth)
-                        if ((algorithm_auth & mask_auth) == 0)
-                                continue;
-
-                if (algorithm_enc)
-                        if ((algorithm_enc & mask_enc) == 0)
-                                continue;
-
-                if (algorithm_mac)
-                        if ((algorithm_mac & mask_mac) == 0)
-                                continue;
-
-                if (algorithm_ssl)
-                        if ((algorithm_ssl & mask_ssl) == 0)
-                                continue;
-
-                *ca_curr = (SSL_CIPHER *)(cipher_aliases + i);
-                ca_curr++;
-        }
-
-        *ca_curr = NULL;        /* end of list */
-}
-
-static void
-ssl_cipher_apply_rule(uint16_t cipher_value, unsigned long alg_mkey,
-    unsigned long alg_auth, unsigned long alg_enc, unsigned long alg_mac,
-    unsigned long alg_ssl, unsigned long algo_strength, int rule,
-    int strength_bits, CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-{
-        CIPHER_ORDER *head, *tail, *curr, *next, *last;
-        const SSL_CIPHER *cp;
-        int reverse = 0;
-
-        if (rule == CIPHER_DEL)
-                reverse = 1; /* needed to maintain sorting between currently deleted ciphers */
-
-        head = *head_p;
-        tail = *tail_p;
-
-        if (reverse) {
-                next = tail;
-                last = head;
-        } else {
-                next = head;
-                last = tail;
-        }
-
-        curr = NULL;
-        for (;;) {
-                if (curr == last)
-                        break;
-                curr = next;
-                next = reverse ? curr->prev : curr->next;
-
-                cp = curr->cipher;
-
-                if (cipher_value != 0 && cp->value != cipher_value)
-                        continue;
-
-                /*
-                 * Selection criteria is either the value of strength_bits
-                 * or the algorithms used.
-                 */
-                if (strength_bits >= 0) {
-                        if (strength_bits != cp->strength_bits)
-                                continue;
-                } else {
-                        if (alg_mkey && !(alg_mkey & cp->algorithm_mkey))
-                                continue;
-                        if (alg_auth && !(alg_auth & cp->algorithm_auth))
-                                continue;
-                        if (alg_enc && !(alg_enc & cp->algorithm_enc))
-                                continue;
-                        if (alg_mac && !(alg_mac & cp->algorithm_mac))
-                                continue;
-                        if (alg_ssl && !(alg_ssl & cp->algorithm_ssl))
-                                continue;
-                        if ((algo_strength & SSL_STRONG_MASK) && !(algo_strength & SSL_STRONG_MASK & cp->algo_strength))
-                                continue;
-                }
-
-                /* add the cipher if it has not been added yet. */
-                if (rule == CIPHER_ADD) {
-                        /* reverse == 0 */
-                        if (!curr->active) {
-                                ll_append_tail(&head, curr, &tail);
-                                curr->active = 1;
-                        }
-                }
-                /* Move the added cipher to this location */
-                else if (rule == CIPHER_ORD) {
-                        /* reverse == 0 */
-                        if (curr->active) {
-                                ll_append_tail(&head, curr, &tail);
-                        }
-                } else if (rule == CIPHER_DEL) {
-                        /* reverse == 1 */
-                        if (curr->active) {
-                                /* most recently deleted ciphersuites get best positions
-                                 * for any future CIPHER_ADD (note that the CIPHER_DEL loop
-                                 * works in reverse to maintain the order) */
-                                ll_append_head(&head, curr, &tail);
-                                curr->active = 0;
-                        }
-                } else if (rule == CIPHER_KILL) {
-                        /* reverse == 0 */
-                        if (head == curr)
-                                head = curr->next;
-                        else
-                                curr->prev->next = curr->next;
-                        if (tail == curr)
-                                tail = curr->prev;
-                        curr->active = 0;
-                        if (curr->next != NULL)
-                                curr->next->prev = curr->prev;
-                        if (curr->prev != NULL)
-                                curr->prev->next = curr->next;
-                        curr->next = NULL;
-                        curr->prev = NULL;
-                }
-        }
-
-        *head_p = head;
-        *tail_p = tail;
-}
-
-static int
-ssl_cipher_strength_sort(CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p)
-{
-        int max_strength_bits, i, *number_uses;
-        CIPHER_ORDER *curr;
-
-        /*
-         * This routine sorts the ciphers with descending strength. The sorting
-         * must keep the pre-sorted sequence, so we apply the normal sorting
-         * routine as '+' movement to the end of the list.
-         */
-        max_strength_bits = 0;
-        curr = *head_p;
-        while (curr != NULL) {
-                if (curr->active &&
-                    (curr->cipher->strength_bits > max_strength_bits))
-                        max_strength_bits = curr->cipher->strength_bits;
-                curr = curr->next;
-        }
-
-        number_uses = calloc((max_strength_bits + 1), sizeof(int));
-        if (!number_uses) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (0);
-        }
-
-        /*
-         * Now find the strength_bits values actually used
-         */
-        curr = *head_p;
-        while (curr != NULL) {
-                if (curr->active)
-                        number_uses[curr->cipher->strength_bits]++;
-                curr = curr->next;
-        }
-        /*
-         * Go through the list of used strength_bits values in descending
-         * order.
-         */
-        for (i = max_strength_bits; i >= 0; i--)
-                if (number_uses[i] > 0)
-                        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ORD, i, head_p, tail_p);
-
-        free(number_uses);
-        return (1);
-}
-
-static int
-ssl_cipher_process_rulestr(const char *rule_str, CIPHER_ORDER **head_p,
-    CIPHER_ORDER **tail_p, const SSL_CIPHER **ca_list, SSL_CERT *cert,
-    int *tls13_seen)
-{
-        unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
-        unsigned long algo_strength;
-        int j, multi, found, rule, retval, ok, buflen;
-        uint16_t cipher_value = 0;
-        const char *l, *buf;
-        char ch;
-
-        *tls13_seen = 0;
-
-        retval = 1;
-        l = rule_str;
-        for (;;) {
-                ch = *l;
-
-                if (ch == '\0')
-                        break;
-
-                if (ch == '-') {
-                        rule = CIPHER_DEL;
-                        l++;
-                } else if (ch == '+') {
-                        rule = CIPHER_ORD;
-                        l++;
-                } else if (ch == '!') {
-                        rule = CIPHER_KILL;
-                        l++;
-                } else if (ch == '@') {
-                        rule = CIPHER_SPECIAL;
-                        l++;
-                } else {
-                        rule = CIPHER_ADD;
-                }
-
-                if (ITEM_SEP(ch)) {
-                        l++;
-                        continue;
-                }
-
-                alg_mkey = 0;
-                alg_auth = 0;
-                alg_enc = 0;
-                alg_mac = 0;
-                alg_ssl = 0;
-                algo_strength = 0;
-
-                for (;;) {
-                        ch = *l;
-                        buf = l;
-                        buflen = 0;
-                        while (((ch >= 'A') && (ch <= 'Z')) ||
-                            ((ch >= '0') && (ch <= '9')) ||
-                            ((ch >= 'a') && (ch <= 'z')) ||
-                            (ch == '-') || (ch == '.') ||
-                            (ch == '_') || (ch == '=')) {
-                                ch = *(++l);
-                                buflen++;
-                        }
-
-                        if (buflen == 0) {
-                                /*
-                                 * We hit something we cannot deal with,
-                                 * it is no command or separator nor
-                                 * alphanumeric, so we call this an error.
-                                 */
-                                SSLerrorx(SSL_R_INVALID_COMMAND);
-                                return 0;
-                        }
-
-                        if (rule == CIPHER_SPECIAL) {
-                                 /* unused -- avoid compiler warning */
-                                found = 0;
-                                /* special treatment */
-                                break;
-                        }
-
-                        /* check for multi-part specification */
-                        if (ch == '+') {
-                                multi = 1;
-                                l++;
-                        } else
-                                multi = 0;
-
-                        /*
-                         * Now search for the cipher alias in the ca_list.
-                         * Be careful with the strncmp, because the "buflen"
-                         * limitation will make the rule "ADH:SOME" and the
-                         * cipher "ADH-MY-CIPHER" look like a match for
-                         * buflen=3. So additionally check whether the cipher
-                         * name found has the correct length. We can save a
-                         * strlen() call: just checking for the '\0' at the
-                         * right place is sufficient, we have to strncmp()
-                         * anyway (we cannot use strcmp(), because buf is not
-                         * '\0' terminated.)
-                         */
-                        j = found = 0;
-                        cipher_value = 0;
-                        while (ca_list[j]) {
-                                if (!strncmp(buf, ca_list[j]->name, buflen) &&
-                                    (ca_list[j]->name[buflen] == '\0')) {
-                                        found = 1;
-                                        break;
-                                } else
-                                        j++;
-                        }
-
-                        if (!found)
-                                break;  /* ignore this entry */
-
-                        if (ca_list[j]->algorithm_mkey) {
-                                if (alg_mkey) {
-                                        alg_mkey &= ca_list[j]->algorithm_mkey;
-                                        if (!alg_mkey) {
-                                                found = 0;
-                                                break;
-                                        }
-                                } else
-                                        alg_mkey = ca_list[j]->algorithm_mkey;
-                        }
-
-                        if (ca_list[j]->algorithm_auth) {
-                                if (alg_auth) {
-                                        alg_auth &= ca_list[j]->algorithm_auth;
-                                        if (!alg_auth) {
-                                                found = 0;
-                                                break;
-                                        }
-                                } else
-                                        alg_auth = ca_list[j]->algorithm_auth;
-                        }
-
-                        if (ca_list[j]->algorithm_enc) {
-                                if (alg_enc) {
-                                        alg_enc &= ca_list[j]->algorithm_enc;
-                                        if (!alg_enc) {
-                                                found = 0;
-                                                break;
-                                        }
-                                } else
-                                        alg_enc = ca_list[j]->algorithm_enc;
-                        }
-
-                        if (ca_list[j]->algorithm_mac) {
-                                if (alg_mac) {
-                                        alg_mac &= ca_list[j]->algorithm_mac;
-                                        if (!alg_mac) {
-                                                found = 0;
-                                                break;
-                                        }
-                                } else
-                                        alg_mac = ca_list[j]->algorithm_mac;
-                        }
-
-                        if (ca_list[j]->algo_strength & SSL_STRONG_MASK) {
-                                if (algo_strength & SSL_STRONG_MASK) {
-                                        algo_strength &=
-                                            (ca_list[j]->algo_strength &
-                                            SSL_STRONG_MASK) | ~SSL_STRONG_MASK;
-                                        if (!(algo_strength &
-                                            SSL_STRONG_MASK)) {
-                                                found = 0;
-                                                break;
-                                        }
-                                } else
-                                        algo_strength |=
-                                            ca_list[j]->algo_strength &
-                                            SSL_STRONG_MASK;
-                        }
-
-                        if (ca_list[j]->value != 0) {
-                                /*
-                                 * explicit ciphersuite found; its protocol
-                                 * version does not become part of the search
-                                 * pattern!
-                                 */
-                                cipher_value = ca_list[j]->value;
-                                if (ca_list[j]->algorithm_ssl == SSL_TLSV1_3)
-                                        *tls13_seen = 1;
-                        } else {
-                                /*
-                                 * not an explicit ciphersuite; only in this
-                                 * case, the protocol version is considered
-                                 * part of the search pattern
-                                 */
-                                if (ca_list[j]->algorithm_ssl) {
-                                        if (alg_ssl) {
-                                                alg_ssl &=
-                                                    ca_list[j]->algorithm_ssl;
-                                                if (!alg_ssl) {
-                                                        found = 0;
-                                                        break;
-                                                }
-                                        } else
-                                                alg_ssl =
-                                                    ca_list[j]->algorithm_ssl;
-                                }
-                        }
-
-                        if (!multi)
-                                break;
-                }
-
-                /*
-                 * Ok, we have the rule, now apply it
-                 */
-                if (rule == CIPHER_SPECIAL) {
-                        /* special command */
-                        ok = 0;
-                        if (buflen == 8 && strncmp(buf, "STRENGTH", 8) == 0) {
-                                ok = ssl_cipher_strength_sort(head_p, tail_p);
-                        } else if (buflen == 10 &&
-                            strncmp(buf, "SECLEVEL=", 9) == 0) {
-                                int level = buf[9] - '0';
-
-                                if (level >= 0 && level <= 5) {
-                                        cert->security_level = level;
-                                        ok = 1;
-                                } else {
-                                        SSLerrorx(SSL_R_INVALID_COMMAND);
-                                }
-                        } else {
-                                SSLerrorx(SSL_R_INVALID_COMMAND);
-                        }
-                        if (ok == 0)
-                                retval = 0;
-
-                        while ((*l != '\0') && !ITEM_SEP(*l))
-                                l++;
-                } else if (found) {
-                        if (alg_ssl == SSL_TLSV1_3)
-                                *tls13_seen = 1;
-                        ssl_cipher_apply_rule(cipher_value, alg_mkey, alg_auth,
-                            alg_enc, alg_mac, alg_ssl, algo_strength, rule,
-                            -1, head_p, tail_p);
-                } else {
-                        while ((*l != '\0') && !ITEM_SEP(*l))
-                                l++;
-                }
-                if (*l == '\0')
-                        break; /* done */
-        }
-
-        return (retval);
-}
-
-static inline int
-ssl_aes_is_accelerated(void)
-{
-        return (OPENSSL_cpu_caps() & CRYPTO_CPU_CAPS_ACCELERATED_AES) != 0;
-}
-
-STACK_OF(SSL_CIPHER) *
-ssl_create_cipher_list(const SSL_METHOD *ssl_method,
-    STACK_OF(SSL_CIPHER) **cipher_list,
-    STACK_OF(SSL_CIPHER) *cipher_list_tls13,
-    const char *rule_str, SSL_CERT *cert)
-{
-        int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases;
-        unsigned long disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl;
-        STACK_OF(SSL_CIPHER) *cipherstack = NULL, *ret = NULL;
-        const char *rule_p;
-        CIPHER_ORDER *co_list = NULL, *head = NULL, *tail = NULL, *curr;
-        const SSL_CIPHER **ca_list = NULL;
-        const SSL_CIPHER *cipher;
-        int tls13_seen = 0;
-        int any_active;
-        int i;
-
-        /*
-         * Return with error if nothing to do.
-         */
-        if (rule_str == NULL || cipher_list == NULL)
-                goto err;
-
-        disabled_mkey = 0;
-        disabled_auth = 0;
-        disabled_enc = 0;
-        disabled_mac = 0;
-        disabled_ssl = 0;
-
-#ifdef SSL_FORBID_ENULL
-        disabled_enc |= SSL_eNULL;
-#endif
-
-        /* DTLS cannot be used with stream ciphers. */
-        if (ssl_method->dtls)
-                disabled_enc |= SSL_RC4;
-
-        /*
-         * Now we have to collect the available ciphers from the compiled
-         * in ciphers. We cannot get more than the number compiled in, so
-         * it is used for allocation.
-         */
-        num_of_ciphers = ssl3_num_ciphers();
-        co_list = reallocarray(NULL, num_of_ciphers, sizeof(CIPHER_ORDER));
-        if (co_list == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers,
-            disabled_mkey, disabled_auth, disabled_enc, disabled_mac, disabled_ssl,
-            co_list, &head, &tail);
-
-
-        /* Now arrange all ciphers by preference: */
-
-        /* Everything else being equal, prefer ephemeral ECDH over other key exchange mechanisms */
-        ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-        ssl_cipher_apply_rule(0, SSL_kECDHE, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
-
-        if (ssl_aes_is_accelerated()) {
-                /*
-                 * We have hardware assisted AES - prefer AES as a symmetric
-                 * cipher, with CHACHA20 second.
-                 */
-                ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
-                    CIPHER_ADD, -1, &head, &tail);
-                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
-                    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-        } else {
-                /*
-                 * CHACHA20 is fast and safe on all hardware and is thus our
-                 * preferred symmetric cipher, with AES second.
-                 */
-                ssl_cipher_apply_rule(0, 0, 0, SSL_CHACHA20POLY1305,
-                    0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-                ssl_cipher_apply_rule(0, 0, 0, SSL_AES, 0, 0, 0,
-                    CIPHER_ADD, -1, &head, &tail);
-        }
-
-        /* Temporarily enable everything else for sorting */
-        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_ADD, -1, &head, &tail);
-
-        /* Low priority for MD5 */
-        ssl_cipher_apply_rule(0, 0, 0, 0, SSL_MD5, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-        /* Move anonymous ciphers to the end.  Usually, these will remain disabled.
-         * (For applications that allow them, they aren't too bad, but we prefer
-         * authenticated ciphers.) */
-        ssl_cipher_apply_rule(0, 0, SSL_aNULL, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-        /* Move ciphers without forward secrecy to the end */
-        ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-        /* RC4 is sort of broken - move it to the end */
-        ssl_cipher_apply_rule(0, 0, 0, SSL_RC4, 0, 0, 0, CIPHER_ORD, -1, &head, &tail);
-
-        /* Now sort by symmetric encryption strength.  The above ordering remains
-         * in force within each class */
-        if (!ssl_cipher_strength_sort(&head, &tail))
-                goto err;
-
-        /* Now disable everything (maintaining the ordering!) */
-        ssl_cipher_apply_rule(0, 0, 0, 0, 0, 0, 0, CIPHER_DEL, -1, &head, &tail);
-
-        /* TLSv1.3 first. */
-        ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_ADD, -1, &head, &tail);
-        ssl_cipher_apply_rule(0, 0, 0, 0, 0, SSL_TLSV1_3, 0, CIPHER_DEL, -1, &head, &tail);
-
-        /*
-         * We also need cipher aliases for selecting based on the rule_str.
-         * There might be two types of entries in the rule_str: 1) names
-         * of ciphers themselves 2) aliases for groups of ciphers.
-         * For 1) we need the available ciphers and for 2) the cipher
-         * groups of cipher_aliases added together in one list (otherwise
-         * we would be happy with just the cipher_aliases table).
-         */
-        num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER);
-        num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1;
-        ca_list = reallocarray(NULL, num_of_alias_max, sizeof(SSL_CIPHER *));
-        if (ca_list == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mkey,
-            disabled_auth, disabled_enc, disabled_mac, disabled_ssl, head);
-
-        /*
-         * If the rule_string begins with DEFAULT, apply the default rule
-         * before using the (possibly available) additional rules.
-         */
-        ok = 1;
-        rule_p = rule_str;
-        if (strncmp(rule_str, "DEFAULT", 7) == 0) {
-                ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST,
-                    &head, &tail, ca_list, cert, &tls13_seen);
-                rule_p += 7;
-                if (*rule_p == ':')
-                        rule_p++;
-        }
-
-        if (ok && (strlen(rule_p) > 0))
-                ok = ssl_cipher_process_rulestr(rule_p, &head, &tail, ca_list,
-                    cert, &tls13_seen);
-
-        if (!ok) {
-                /* Rule processing failure */
-                goto err;
-        }
-
-        /*
-         * Allocate new "cipherstack" for the result, return with error
-         * if we cannot get one.
-         */
-        if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        /* Prefer TLSv1.3 cipher suites. */
-        if (cipher_list_tls13 != NULL) {
-                for (i = 0; i < sk_SSL_CIPHER_num(cipher_list_tls13); i++) {
-                        cipher = sk_SSL_CIPHER_value(cipher_list_tls13, i);
-                        if (!sk_SSL_CIPHER_push(cipherstack, cipher)) {
-                                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                }
-                tls13_seen = 1;
-        }
-
-        /*
-         * The cipher selection for the list is done. The ciphers are added
-         * to the resulting precedence to the STACK_OF(SSL_CIPHER).
-         *
-         * If the rule string did not contain any references to TLSv1.3 and
-         * TLSv1.3 cipher suites have not been configured separately,
-         * include inactive TLSv1.3 cipher suites. This avoids attempts to
-         * use TLSv1.3 with an older rule string that does not include
-         * TLSv1.3 cipher suites. If the rule string resulted in no active
-         * cipher suites then we return an empty stack.
-         */
-        any_active = 0;
-        for (curr = head; curr != NULL; curr = curr->next) {
-                if (curr->active ||
-                    (!tls13_seen && curr->cipher->algorithm_ssl == SSL_TLSV1_3)) {
-                        if (!sk_SSL_CIPHER_push(cipherstack, curr->cipher)) {
-                                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                }
-                any_active |= curr->active;
-        }
-        if (!any_active)
-                sk_SSL_CIPHER_zero(cipherstack);
-
-        sk_SSL_CIPHER_free(*cipher_list);
-        *cipher_list = cipherstack;
-        cipherstack = NULL;
-
-        ret = *cipher_list;
-
- err:
-        sk_SSL_CIPHER_free(cipherstack);
-        free((void *)ca_list);
-        free(co_list);
-
-        return ret;
-}
-
-char *
-SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
-{
-        unsigned long alg_mkey, alg_auth, alg_enc, alg_mac, alg_ssl;
-        const char *ver, *kx, *au, *enc, *mac;
-        char *ret;
-        int l;
-
-        alg_mkey = cipher->algorithm_mkey;
-        alg_auth = cipher->algorithm_auth;
-        alg_enc = cipher->algorithm_enc;
-        alg_mac = cipher->algorithm_mac;
-        alg_ssl = cipher->algorithm_ssl;
-
-        if (alg_ssl & SSL_SSLV3)
-                ver = "SSLv3";
-        else if (alg_ssl & SSL_TLSV1_2)
-                ver = "TLSv1.2";
-        else if (alg_ssl & SSL_TLSV1_3)
-                ver = "TLSv1.3";
-        else
-                ver = "unknown";
-
-        switch (alg_mkey) {
-        case SSL_kRSA:
-                kx = "RSA";
-                break;
-        case SSL_kDHE:
-                kx = "DH";
-                break;
-        case SSL_kECDHE:
-                kx = "ECDH";
-                break;
-        case SSL_kTLS1_3:
-                kx = "TLSv1.3";
-                break;
-        default:
-                kx = "unknown";
-        }
-
-        switch (alg_auth) {
-        case SSL_aRSA:
-                au = "RSA";
-                break;
-        case SSL_aNULL:
-                au = "None";
-                break;
-        case SSL_aECDSA:
-                au = "ECDSA";
-                break;
-        case SSL_aTLS1_3:
-                au = "TLSv1.3";
-                break;
-        default:
-                au = "unknown";
-                break;
-        }
-
-        switch (alg_enc) {
-        case SSL_3DES:
-                enc = "3DES(168)";
-                break;
-        case SSL_RC4:
-                enc = "RC4(128)";
-                break;
-        case SSL_eNULL:
-                enc = "None";
-                break;
-        case SSL_AES128:
-                enc = "AES(128)";
-                break;
-        case SSL_AES256:
-                enc = "AES(256)";
-                break;
-        case SSL_AES128GCM:
-                enc = "AESGCM(128)";
-                break;
-        case SSL_AES256GCM:
-                enc = "AESGCM(256)";
-                break;
-        case SSL_CAMELLIA128:
-                enc = "Camellia(128)";
-                break;
-        case SSL_CAMELLIA256:
-                enc = "Camellia(256)";
-                break;
-        case SSL_CHACHA20POLY1305:
-                enc = "ChaCha20-Poly1305";
-                break;
-        default:
-                enc = "unknown";
-                break;
-        }
-
-        switch (alg_mac) {
-        case SSL_MD5:
-                mac = "MD5";
-                break;
-        case SSL_SHA1:
-                mac = "SHA1";
-                break;
-        case SSL_SHA256:
-                mac = "SHA256";
-                break;
-        case SSL_SHA384:
-                mac = "SHA384";
-                break;
-        case SSL_AEAD:
-                mac = "AEAD";
-                break;
-        default:
-                mac = "unknown";
-                break;
-        }
-
-        if (asprintf(&ret, "%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s\n",
-            cipher->name, ver, kx, au, enc, mac) == -1)
-                return "OPENSSL_malloc Error";
-
-        if (buf != NULL) {
-                l = strlcpy(buf, ret, len);
-                free(ret);
-                ret = buf;
-                if (l >= len)
-                        ret = "Buffer too small";
-        }
-
-        return (ret);
-}
-LSSL_ALIAS(SSL_CIPHER_description);
-
-const char *
-SSL_CIPHER_get_version(const SSL_CIPHER *cipher)
-{
-        if (cipher == NULL)
-                return "(NONE)";
-
-        return "TLSv1/SSLv3";
-}
-LSSL_ALIAS(SSL_CIPHER_get_version);
-
-/* return the actual cipher being used */
-const char *
-SSL_CIPHER_get_name(const SSL_CIPHER *cipher)
-{
-        if (cipher == NULL)
-                return "(NONE)";
-
-        return cipher->name;
-}
-LSSL_ALIAS(SSL_CIPHER_get_name);
-
-/* number of bits for symmetric cipher */
-int
-SSL_CIPHER_get_bits(const SSL_CIPHER *c, int *alg_bits)
-{
-        int ret = 0;
-
-        if (c != NULL) {
-                if (alg_bits != NULL)
-                        *alg_bits = c->alg_bits;
-                ret = c->strength_bits;
-        }
-        return (ret);
-}
-LSSL_ALIAS(SSL_CIPHER_get_bits);
-
-unsigned long
-SSL_CIPHER_get_id(const SSL_CIPHER *cipher)
-{
-        return SSL3_CK_ID | cipher->value;
-}
-LSSL_ALIAS(SSL_CIPHER_get_id);
-
-uint16_t
-SSL_CIPHER_get_value(const SSL_CIPHER *cipher)
-{
-        return cipher->value;
-}
-LSSL_ALIAS(SSL_CIPHER_get_value);
-
-const SSL_CIPHER *
-SSL_CIPHER_find(SSL *ssl, const unsigned char *ptr)
-{
-        uint16_t cipher_value;
-        CBS cbs;
-
-        /* This API is documented with ptr being an array of length two. */
-        CBS_init(&cbs, ptr, 2);
-        if (!CBS_get_u16(&cbs, &cipher_value))
-                return NULL;
-
-        return ssl3_get_cipher_by_value(cipher_value);
-}
-LSSL_ALIAS(SSL_CIPHER_find);
-
-int
-SSL_CIPHER_get_cipher_nid(const SSL_CIPHER *c)
-{
-        switch (c->algorithm_enc) {
-        case SSL_eNULL:
-                return NID_undef;
-        case SSL_3DES:
-                return NID_des_ede3_cbc;
-        case SSL_AES128:
-                return NID_aes_128_cbc;
-        case SSL_AES128GCM:
-                return NID_aes_128_gcm;
-        case SSL_AES256:
-                return NID_aes_256_cbc;
-        case SSL_AES256GCM:
-                return NID_aes_256_gcm;
-        case SSL_CAMELLIA128:
-                return NID_camellia_128_cbc;
-        case SSL_CAMELLIA256:
-                return NID_camellia_256_cbc;
-        case SSL_CHACHA20POLY1305:
-                return NID_chacha20_poly1305;
-        case SSL_RC4:
-                return NID_rc4;
-        default:
-                return NID_undef;
-        }
-}
-LSSL_ALIAS(SSL_CIPHER_get_cipher_nid);
-
-int
-SSL_CIPHER_get_digest_nid(const SSL_CIPHER *c)
-{
-        switch (c->algorithm_mac) {
-        case SSL_AEAD:
-                return NID_undef;
-        case SSL_MD5:
-                return NID_md5;
-        case SSL_SHA1:
-                return NID_sha1;
-        case SSL_SHA256:
-                return NID_sha256;
-        case SSL_SHA384:
-                return NID_sha384;
-        default:
-                return NID_undef;
-        }
-}
-LSSL_ALIAS(SSL_CIPHER_get_digest_nid);
-
-int
-SSL_CIPHER_get_kx_nid(const SSL_CIPHER *c)
-{
-        switch (c->algorithm_mkey) {
-        case SSL_kDHE:
-                return NID_kx_dhe;
-        case SSL_kECDHE:
-                return NID_kx_ecdhe;
-        case SSL_kRSA:
-                return NID_kx_rsa;
-        default:
-                return NID_undef;
-        }
-}
-LSSL_ALIAS(SSL_CIPHER_get_kx_nid);
-
-int
-SSL_CIPHER_get_auth_nid(const SSL_CIPHER *c)
-{
-        switch (c->algorithm_auth) {
-        case SSL_aNULL:
-                return NID_auth_null;
-        case SSL_aECDSA:
-                return NID_auth_ecdsa;
-        case SSL_aRSA:
-                return NID_auth_rsa;
-        default:
-                return NID_undef;
-        }
-}
-LSSL_ALIAS(SSL_CIPHER_get_auth_nid);
-
-const EVP_MD *
-SSL_CIPHER_get_handshake_digest(const SSL_CIPHER *c)
-{
-        switch (c->algorithm2 & SSL_HANDSHAKE_MAC_MASK) {
-        case SSL_HANDSHAKE_MAC_SHA256:
-                return EVP_sha256();
-        case SSL_HANDSHAKE_MAC_SHA384:
-                return EVP_sha384();
-        default:
-                return NULL;
-        }
-}
-LSSL_ALIAS(SSL_CIPHER_get_handshake_digest);
-
-int
-SSL_CIPHER_is_aead(const SSL_CIPHER *c)
-{
-        return (c->algorithm_mac & SSL_AEAD) == SSL_AEAD;
-}
-LSSL_ALIAS(SSL_CIPHER_is_aead);
-
-void *
-SSL_COMP_get_compression_methods(void)
-{
-        return NULL;
-}
-LSSL_ALIAS(SSL_COMP_get_compression_methods);
-
-const char *
-SSL_COMP_get_name(const void *comp)
-{
-        return NULL;
-}
-LSSL_ALIAS(SSL_COMP_get_name);
diff --git a/src/lib/libssl/ssl_ciphers.c b/src/lib/libssl/ssl_ciphers.c
deleted file mode 100644
index 503ef9d03c..0000000000
--- a/src/lib/libssl/ssl_ciphers.c
+++ /dev/null
@@ -1,286 +0,0 @@
-/*      $OpenBSD: ssl_ciphers.c,v 1.18 2024/07/22 14:47:15 jsing Exp $ */
-/*
- * Copyright (c) 2015-2017 Doug Hogan <doug@openbsd.org>
- * Copyright (c) 2015-2018, 2020 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <openssl/safestack.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-
-int
-ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher)
-{
-        int i;
-
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-                if (sk_SSL_CIPHER_value(ciphers, i)->value == cipher->value)
-                        return 1;
-        }
-
-        return 0;
-}
-
-int
-ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher, uint16_t min_ver,
-    uint16_t max_ver)
-{
-        switch(cipher->algorithm_ssl) {
-        case SSL_SSLV3:
-                return (min_ver <= TLS1_2_VERSION);
-        case SSL_TLSV1_2:
-                return (min_ver <= TLS1_2_VERSION && TLS1_2_VERSION <= max_ver);
-        case SSL_TLSV1_3:
-                return (min_ver <= TLS1_3_VERSION && TLS1_3_VERSION <= max_ver);
-        }
-        return 0;
-}
-
-int
-ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb)
-{
-        SSL_CIPHER *cipher;
-        int num_ciphers = 0;
-        uint16_t min_vers, max_vers;
-        int i;
-
-        if (ciphers == NULL)
-                return 0;
-
-        if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
-                return 0;
-
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-                if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
-                        return 0;
-                if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
-                    max_vers))
-                        continue;
-                if (!ssl_security_cipher_check(s, cipher))
-                        continue;
-                if (!CBB_add_u16(cbb, cipher->value))
-                        return 0;
-
-                num_ciphers++;
-        }
-
-        /* Add SCSV if there are other ciphers and we're not renegotiating. */
-        if (num_ciphers > 0 && !s->renegotiate) {
-                if (!CBB_add_u16(cbb, SSL3_CK_SCSV & SSL3_CK_VALUE_MASK))
-                        return 0;
-        }
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-STACK_OF(SSL_CIPHER) *
-ssl_bytes_to_cipher_list(SSL *s, CBS *cbs)
-{
-        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        const SSL_CIPHER *cipher;
-        uint16_t cipher_value;
-        unsigned long cipher_id;
-
-        s->s3->send_connection_binding = 0;
-
-        if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        while (CBS_len(cbs) > 0) {
-                if (!CBS_get_u16(cbs, &cipher_value)) {
-                        SSLerror(s, SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST);
-                        goto err;
-                }
-
-                cipher_id = SSL3_CK_ID | cipher_value;
-
-                if (cipher_id == SSL3_CK_SCSV) {
-                        /*
-                         * TLS_EMPTY_RENEGOTIATION_INFO_SCSV is fatal if
-                         * renegotiating.
-                         */
-                        if (s->renegotiate) {
-                                SSLerror(s, SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING);
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_HANDSHAKE_FAILURE);
-
-                                goto err;
-                        }
-                        s->s3->send_connection_binding = 1;
-                        continue;
-                }
-
-                if (cipher_id == SSL3_CK_FALLBACK_SCSV) {
-                        /*
-                         * TLS_FALLBACK_SCSV indicates that the client
-                         * previously tried a higher protocol version.
-                         * Fail if the current version is an unexpected
-                         * downgrade.
-                         */
-                        if (s->s3->hs.negotiated_tls_version <
-                            s->s3->hs.our_max_tls_version) {
-                                SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                        SSL_AD_INAPPROPRIATE_FALLBACK);
-                                goto err;
-                        }
-                        continue;
-                }
-
-                if ((cipher = ssl3_get_cipher_by_value(cipher_value)) != NULL) {
-                        if (!sk_SSL_CIPHER_push(ciphers, cipher)) {
-                                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                }
-        }
-
-        return (ciphers);
-
- err:
-        sk_SSL_CIPHER_free(ciphers);
-
-        return (NULL);
-}
-
-struct ssl_tls13_ciphersuite {
-        const char *name;
-        const char *alias;
-        uint16_t value;
-};
-
-static const struct ssl_tls13_ciphersuite ssl_tls13_ciphersuites[] = {
-        {
-                .name = TLS1_3_RFC_AES_128_GCM_SHA256,
-                .alias = TLS1_3_TXT_AES_128_GCM_SHA256,
-                .value = 0x1301,
-        },
-        {
-                .name = TLS1_3_RFC_AES_256_GCM_SHA384,
-                .alias = TLS1_3_TXT_AES_256_GCM_SHA384,
-                .value = 0x1302,
-        },
-        {
-                .name = TLS1_3_RFC_CHACHA20_POLY1305_SHA256,
-                .alias = TLS1_3_TXT_CHACHA20_POLY1305_SHA256,
-                .value = 0x1303,
-        },
-        {
-                .name = TLS1_3_RFC_AES_128_CCM_SHA256,
-                .alias = TLS1_3_TXT_AES_128_CCM_SHA256,
-                .value = 0x1304,
-        },
-        {
-                .name = TLS1_3_RFC_AES_128_CCM_8_SHA256,
-                .alias = TLS1_3_TXT_AES_128_CCM_8_SHA256,
-                .value = 0x1305,
-        },
-        {
-                .name = NULL,
-        },
-};
-
-int
-ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str)
-{
-        const struct ssl_tls13_ciphersuite *ciphersuite;
-        STACK_OF(SSL_CIPHER) *ciphers;
-        const SSL_CIPHER *cipher;
-        char *s = NULL;
-        char *p, *q;
-        int i;
-        int ret = 0;
-
-        if ((ciphers = sk_SSL_CIPHER_new_null()) == NULL)
-                goto err;
-
-        /* An empty string is valid and means no ciphers. */
-        if (strcmp(str, "") == 0)
-                goto done;
-
-        if ((s = strdup(str)) == NULL)
-                goto err;
-
-        q = s;
-        while ((p = strsep(&q, ":")) != NULL) {
-                ciphersuite = &ssl_tls13_ciphersuites[0];
-                for (i = 0; ciphersuite->name != NULL; i++) {
-                        if (strcmp(p, ciphersuite->name) == 0)
-                                break;
-                        if (strcmp(p, ciphersuite->alias) == 0)
-                                break;
-                        ciphersuite = &ssl_tls13_ciphersuites[i];
-                }
-                if (ciphersuite->name == NULL)
-                        goto err;
-
-                /* We know about the cipher suite, but it is not supported. */
-                if ((cipher = ssl3_get_cipher_by_value(ciphersuite->value)) == NULL)
-                        continue;
-
-                if (!sk_SSL_CIPHER_push(ciphers, cipher))
-                        goto err;
-        }
-
- done:
-        sk_SSL_CIPHER_free(*out_ciphers);
-        *out_ciphers = ciphers;
-        ciphers = NULL;
-        ret = 1;
-
- err:
-        sk_SSL_CIPHER_free(ciphers);
-        free(s);
-
-        return ret;
-}
-
-int
-ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist,
-    STACK_OF(SSL_CIPHER) *cipherlist_tls13,
-    STACK_OF(SSL_CIPHER) **out_cipherlist)
-{
-        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        const SSL_CIPHER *cipher;
-        int i, ret = 0;
-
-        if ((ciphers = sk_SSL_CIPHER_dup(cipherlist_tls13)) == NULL)
-                goto err;
-        for (i = 0; i < sk_SSL_CIPHER_num(cipherlist); i++) {
-                cipher = sk_SSL_CIPHER_value(cipherlist, i);
-                if (cipher->algorithm_ssl == SSL_TLSV1_3)
-                        continue;
-                if (!sk_SSL_CIPHER_push(ciphers, cipher))
-                        goto err;
-        }
-
-        sk_SSL_CIPHER_free(*out_cipherlist);
-        *out_cipherlist = ciphers;
-        ciphers = NULL;
-
-        ret = 1;
-
- err:
-        sk_SSL_CIPHER_free(ciphers);
-
-        return ret;
-}
diff --git a/src/lib/libssl/ssl_clnt.c b/src/lib/libssl/ssl_clnt.c
deleted file mode 100644
index 0d3dcf78af..0000000000
--- a/src/lib/libssl/ssl_clnt.c
+++ /dev/null
@@ -1,2456 +0,0 @@
-/* $OpenBSD: ssl_clnt.c,v 1.169 2025/03/09 15:53:36 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <limits.h>
-#include <stdint.h>
-#include <stdio.h>
-
-#include <openssl/bn.h>
-#include <openssl/buffer.h>
-#include <openssl/curve25519.h>
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-#include <openssl/md5.h>
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-
-static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b);
-
-static int ssl3_send_client_hello(SSL *s);
-static int ssl3_get_dtls_hello_verify(SSL *s);
-static int ssl3_get_server_hello(SSL *s);
-static int ssl3_get_certificate_request(SSL *s);
-static int ssl3_get_new_session_ticket(SSL *s);
-static int ssl3_get_cert_status(SSL *s);
-static int ssl3_get_server_done(SSL *s);
-static int ssl3_send_client_verify(SSL *s);
-static int ssl3_send_client_certificate(SSL *s);
-static int ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey);
-static int ssl3_send_client_key_exchange(SSL *s);
-static int ssl3_get_server_key_exchange(SSL *s);
-static int ssl3_get_server_certificate(SSL *s);
-static int ssl3_check_cert_and_algorithm(SSL *s);
-static int ssl3_check_finished(SSL *s);
-static int ssl3_send_client_change_cipher_spec(SSL *s);
-static int ssl3_send_client_finished(SSL *s);
-static int ssl3_get_server_finished(SSL *s);
-
-int
-ssl3_connect(SSL *s)
-{
-        int new_state, state, skip = 0;
-        int ret = -1;
-
-        ERR_clear_error();
-        errno = 0;
-
-        s->in_handshake++;
-        if (!SSL_in_init(s) || SSL_in_before(s))
-                SSL_clear(s);
-
-        for (;;) {
-                state = s->s3->hs.state;
-
-                switch (s->s3->hs.state) {
-                case SSL_ST_RENEGOTIATE:
-                        s->renegotiate = 1;
-                        s->s3->hs.state = SSL_ST_CONNECT;
-                        s->ctx->stats.sess_connect_renegotiate++;
-                        /* break */
-                case SSL_ST_BEFORE:
-                case SSL_ST_CONNECT:
-                case SSL_ST_BEFORE|SSL_ST_CONNECT:
-                case SSL_ST_OK|SSL_ST_CONNECT:
-
-                        s->server = 0;
-
-                        ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1);
-
-                        if (!ssl_legacy_stack_version(s, s->version)) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!ssl_supported_tls_version_range(s,
-                            &s->s3->hs.our_min_tls_version,
-                            &s->s3->hs.our_max_tls_version)) {
-                                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!ssl_security_version(s,
-                            s->s3->hs.our_min_tls_version)) {
-                                SSLerror(s, SSL_R_VERSION_TOO_LOW);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!ssl3_setup_init_buffer(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        if (!ssl3_setup_buffers(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        if (!ssl_init_wbio_buffer(s, 0)) {
-                                ret = -1;
-                                goto end;
-                        }
-
-                        /* don't push the buffering BIO quite yet */
-
-                        if (!tls1_transcript_init(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-
-                        s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
-                        s->ctx->stats.sess_connect++;
-                        s->init_num = 0;
-
-                        if (SSL_is_dtls(s)) {
-                                /* mark client_random uninitialized */
-                                memset(s->s3->client_random, 0,
-                                    sizeof(s->s3->client_random));
-                                s->d1->send_cookie = 0;
-                                s->hit = 0;
-                        }
-                        break;
-
-                case SSL3_ST_CW_CLNT_HELLO_A:
-                case SSL3_ST_CW_CLNT_HELLO_B:
-                        s->shutdown = 0;
-
-                        if (SSL_is_dtls(s)) {
-                                /* every DTLS ClientHello resets Finished MAC */
-                                tls1_transcript_reset(s);
-
-                                dtls1_start_timer(s);
-                        }
-
-                        ret = ssl3_send_client_hello(s);
-                        if (ret <= 0)
-                                goto end;
-
-                        if (SSL_is_dtls(s) && s->d1->send_cookie) {
-                                s->s3->hs.state = SSL3_ST_CW_FLUSH;
-                                s->s3->hs.tls12.next_state = SSL3_ST_CR_SRVR_HELLO_A;
-                        } else
-                                s->s3->hs.state = SSL3_ST_CR_SRVR_HELLO_A;
-
-                        s->init_num = 0;
-
-                        /* turn on buffering for the next lot of output */
-                        if (s->bbio != s->wbio)
-                                s->wbio = BIO_push(s->bbio, s->wbio);
-
-                        break;
-
-                case SSL3_ST_CR_SRVR_HELLO_A:
-                case SSL3_ST_CR_SRVR_HELLO_B:
-                        ret = ssl3_get_server_hello(s);
-                        if (ret <= 0)
-                                goto end;
-
-                        if (s->hit) {
-                                s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
-                                if (!SSL_is_dtls(s)) {
-                                        if (s->tlsext_ticket_expected) {
-                                                /* receive renewed session ticket */
-                                                s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
-                                        }
-
-                                        /* No client certificate verification. */
-                                        tls1_transcript_free(s);
-                                }
-                        } else if (SSL_is_dtls(s)) {
-                                s->s3->hs.state = DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A;
-                        } else {
-                                s->s3->hs.state = SSL3_ST_CR_CERT_A;
-                        }
-                        s->init_num = 0;
-                        break;
-
-                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-                case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-                        ret = ssl3_get_dtls_hello_verify(s);
-                        if (ret <= 0)
-                                goto end;
-                        dtls1_stop_timer(s);
-                        if (s->d1->send_cookie) /* start again, with a cookie */
-                                s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_A;
-                        else
-                                s->s3->hs.state = SSL3_ST_CR_CERT_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CR_CERT_A:
-                case SSL3_ST_CR_CERT_B:
-                        ret = ssl3_check_finished(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (ret == 2) {
-                                s->hit = 1;
-                                if (s->tlsext_ticket_expected)
-                                        s->s3->hs.state = SSL3_ST_CR_SESSION_TICKET_A;
-                                else
-                                        s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
-                                s->init_num = 0;
-                                break;
-                        }
-                        /* Check if it is anon DH/ECDH. */
-                        if (!(s->s3->hs.cipher->algorithm_auth &
-                            SSL_aNULL)) {
-                                ret = ssl3_get_server_certificate(s);
-                                if (ret <= 0)
-                                        goto end;
-                                if (s->tlsext_status_expected)
-                                        s->s3->hs.state = SSL3_ST_CR_CERT_STATUS_A;
-                                else
-                                        s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
-                        } else {
-                                skip = 1;
-                                s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
-                        }
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CR_KEY_EXCH_A:
-                case SSL3_ST_CR_KEY_EXCH_B:
-                        ret = ssl3_get_server_key_exchange(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_CR_CERT_REQ_A;
-                        s->init_num = 0;
-
-                        /*
-                         * At this point we check that we have the
-                         * required stuff from the server.
-                         */
-                        if (!ssl3_check_cert_and_algorithm(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        break;
-
-                case SSL3_ST_CR_CERT_REQ_A:
-                case SSL3_ST_CR_CERT_REQ_B:
-                        ret = ssl3_get_certificate_request(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_CR_SRVR_DONE_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CR_SRVR_DONE_A:
-                case SSL3_ST_CR_SRVR_DONE_B:
-                        ret = ssl3_get_server_done(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (SSL_is_dtls(s))
-                                dtls1_stop_timer(s);
-                        if (s->s3->hs.tls12.cert_request)
-                                s->s3->hs.state = SSL3_ST_CW_CERT_A;
-                        else
-                                s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num = 0;
-
-                        break;
-
-                case SSL3_ST_CW_CERT_A:
-                case SSL3_ST_CW_CERT_B:
-                case SSL3_ST_CW_CERT_C:
-                case SSL3_ST_CW_CERT_D:
-                        if (SSL_is_dtls(s))
-                                dtls1_start_timer(s);
-                        ret = ssl3_send_client_certificate(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CW_KEY_EXCH_A:
-                case SSL3_ST_CW_KEY_EXCH_B:
-                        if (SSL_is_dtls(s))
-                                dtls1_start_timer(s);
-                        ret = ssl3_send_client_key_exchange(s);
-                        if (ret <= 0)
-                                goto end;
-                        /*
-                         * EAY EAY EAY need to check for DH fix cert
-                         * sent back
-                         */
-                        /*
-                         * For TLS, cert_req is set to 2, so a cert chain
-                         * of nothing is sent, but no verify packet is sent
-                         */
-                        /*
-                         * XXX: For now, we do not support client
-                         * authentication in ECDH cipher suites with
-                         * ECDH (rather than ECDSA) certificates.
-                         * We need to skip the certificate verify
-                         * message when client's ECDH public key is sent
-                         * inside the client certificate.
-                         */
-                        if (s->s3->hs.tls12.cert_request == 1) {
-                                s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_A;
-                        } else {
-                                s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
-                                s->s3->change_cipher_spec = 0;
-                        }
-
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CW_CERT_VRFY_A:
-                case SSL3_ST_CW_CERT_VRFY_B:
-                        if (SSL_is_dtls(s))
-                                dtls1_start_timer(s);
-                        ret = ssl3_send_client_verify(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
-                        s->init_num = 0;
-                        s->s3->change_cipher_spec = 0;
-                        break;
-
-                case SSL3_ST_CW_CHANGE_A:
-                case SSL3_ST_CW_CHANGE_B:
-                        if (SSL_is_dtls(s) && !s->hit)
-                                dtls1_start_timer(s);
-                        ret = ssl3_send_client_change_cipher_spec(s);
-                        if (ret <= 0)
-                                goto end;
-
-                        s->s3->hs.state = SSL3_ST_CW_FINISHED_A;
-                        s->init_num = 0;
-                        s->session->cipher_value = s->s3->hs.cipher->value;
-
-                        if (!tls1_setup_key_block(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        if (!tls1_change_write_cipher_state(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        break;
-
-                case SSL3_ST_CW_FINISHED_A:
-                case SSL3_ST_CW_FINISHED_B:
-                        if (SSL_is_dtls(s) && !s->hit)
-                                dtls1_start_timer(s);
-                        ret = ssl3_send_client_finished(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (!SSL_is_dtls(s))
-                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                        s->s3->hs.state = SSL3_ST_CW_FLUSH;
-
-                        /* clear flags */
-                        if (s->hit) {
-                                s->s3->hs.tls12.next_state = SSL_ST_OK;
-                        } else {
-                                /* Allow NewSessionTicket if ticket expected */
-                                if (s->tlsext_ticket_expected)
-                                        s->s3->hs.tls12.next_state =
-                                            SSL3_ST_CR_SESSION_TICKET_A;
-                                else
-                                        s->s3->hs.tls12.next_state =
-                                            SSL3_ST_CR_FINISHED_A;
-                        }
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CR_SESSION_TICKET_A:
-                case SSL3_ST_CR_SESSION_TICKET_B:
-                        ret = ssl3_get_new_session_ticket(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_CR_FINISHED_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CR_CERT_STATUS_A:
-                case SSL3_ST_CR_CERT_STATUS_B:
-                        ret = ssl3_get_cert_status(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_CR_KEY_EXCH_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CR_FINISHED_A:
-                case SSL3_ST_CR_FINISHED_B:
-                        if (SSL_is_dtls(s))
-                                s->d1->change_cipher_spec_ok = 1;
-                        else
-                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                        ret = ssl3_get_server_finished(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (SSL_is_dtls(s))
-                                dtls1_stop_timer(s);
-
-                        if (s->hit)
-                                s->s3->hs.state = SSL3_ST_CW_CHANGE_A;
-                        else
-                                s->s3->hs.state = SSL_ST_OK;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_CW_FLUSH:
-                        s->rwstate = SSL_WRITING;
-                        if (BIO_flush(s->wbio) <= 0) {
-                                if (SSL_is_dtls(s)) {
-                                        /* If the write error was fatal, stop trying */
-                                        if (!BIO_should_retry(s->wbio)) {
-                                                s->rwstate = SSL_NOTHING;
-                                                s->s3->hs.state = s->s3->hs.tls12.next_state;
-                                        }
-                                }
-                                ret = -1;
-                                goto end;
-                        }
-                        s->rwstate = SSL_NOTHING;
-                        s->s3->hs.state = s->s3->hs.tls12.next_state;
-                        break;
-
-                case SSL_ST_OK:
-                        /* clean a few things up */
-                        tls1_cleanup_key_block(s);
-
-                        if (s->s3->handshake_transcript != NULL) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!SSL_is_dtls(s))
-                                ssl3_release_init_buffer(s);
-
-                        ssl_free_wbio_buffer(s);
-
-                        s->init_num = 0;
-                        s->renegotiate = 0;
-                        s->new_session = 0;
-
-                        ssl_update_cache(s, SSL_SESS_CACHE_CLIENT);
-                        if (s->hit)
-                                s->ctx->stats.sess_hit++;
-
-                        ret = 1;
-                        /* s->server=0; */
-                        s->handshake_func = ssl3_connect;
-                        s->ctx->stats.sess_connect_good++;
-
-                        ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1);
-
-                        if (SSL_is_dtls(s)) {
-                                /* done with handshaking */
-                                s->d1->handshake_read_seq = 0;
-                                s->d1->next_handshake_write_seq = 0;
-                        }
-
-                        goto end;
-                        /* break; */
-
-                default:
-                        SSLerror(s, SSL_R_UNKNOWN_STATE);
-                        ret = -1;
-                        goto end;
-                        /* break; */
-                }
-
-                /* did we do anything */
-                if (!s->s3->hs.tls12.reuse_message && !skip) {
-                        if (s->s3->hs.state != state) {
-                                new_state = s->s3->hs.state;
-                                s->s3->hs.state = state;
-                                ssl_info_callback(s, SSL_CB_CONNECT_LOOP, 1);
-                                s->s3->hs.state = new_state;
-                        }
-                }
-                skip = 0;
-        }
-
- end:
-        s->in_handshake--;
-        ssl_info_callback(s, SSL_CB_CONNECT_EXIT, ret);
-
-        return (ret);
-}
-
-static int
-ssl3_send_client_hello(SSL *s)
-{
-        CBB cbb, client_hello, session_id, cookie, cipher_suites;
-        CBB compression_methods;
-        uint16_t max_version;
-        size_t sl;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_CW_CLNT_HELLO_A) {
-                SSL_SESSION *sess = s->session;
-
-                if (!ssl_max_supported_version(s, &max_version)) {
-                        SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
-                        return (-1);
-                }
-                s->version = max_version;
-
-                if (sess == NULL || sess->ssl_version != s->version ||
-                    (sess->session_id_length == 0 && sess->tlsext_tick == NULL) ||
-                    sess->not_resumable) {
-                        if (!ssl_get_new_session(s, 0))
-                                goto err;
-                }
-                /* else use the pre-loaded session */
-
-                /*
-                 * If a DTLS ClientHello message is being resent after a
-                 * HelloVerifyRequest, we must retain the original client
-                 * random value.
-                 */
-                if (!SSL_is_dtls(s) || s->d1->send_cookie == 0)
-                        arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
-
-                if (!ssl3_handshake_msg_start(s, &cbb, &client_hello,
-                    SSL3_MT_CLIENT_HELLO))
-                        goto err;
-
-                if (!CBB_add_u16(&client_hello, s->version))
-                        goto err;
-
-                /* Random stuff */
-                if (!CBB_add_bytes(&client_hello, s->s3->client_random,
-                    sizeof(s->s3->client_random)))
-                        goto err;
-
-                /* Session ID */
-                if (!CBB_add_u8_length_prefixed(&client_hello, &session_id))
-                        goto err;
-                if (!s->new_session &&
-                    s->session->session_id_length > 0) {
-                        sl = s->session->session_id_length;
-                        if (sl > sizeof(s->session->session_id)) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
-                        if (!CBB_add_bytes(&session_id,
-                            s->session->session_id, sl))
-                                goto err;
-                }
-
-                /* DTLS Cookie. */
-                if (SSL_is_dtls(s)) {
-                        if (s->d1->cookie_len > sizeof(s->d1->cookie)) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                goto err;
-                        }
-                        if (!CBB_add_u8_length_prefixed(&client_hello, &cookie))
-                                goto err;
-                        if (!CBB_add_bytes(&cookie, s->d1->cookie,
-                            s->d1->cookie_len))
-                                goto err;
-                }
-
-                /* Ciphers supported */
-                if (!CBB_add_u16_length_prefixed(&client_hello, &cipher_suites))
-                        return 0;
-                if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s),
-                    &cipher_suites)) {
-                        SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);
-                        goto err;
-                }
-
-                /* Add in compression methods (null) */
-                if (!CBB_add_u8_length_prefixed(&client_hello,
-                    &compression_methods))
-                        goto err;
-                if (!CBB_add_u8(&compression_methods, 0))
-                        goto err;
-
-                /* TLS extensions */
-                if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, &client_hello)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_CW_CLNT_HELLO_B;
-        }
-
-        /* SSL3_ST_CW_CLNT_HELLO_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_get_dtls_hello_verify(SSL *s)
-{
-        CBS hello_verify_request, cookie;
-        size_t cookie_len;
-        uint16_t ssl_version;
-        int al, ret;
-
-        if ((ret = ssl3_get_message(s, DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A,
-            DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B, -1, s->max_cert_list)) <= 0)
-                return ret;
-
-        if (s->s3->hs.tls12.message_type != DTLS1_MT_HELLO_VERIFY_REQUEST) {
-                s->d1->send_cookie = 0;
-                s->s3->hs.tls12.reuse_message = 1;
-                return (1);
-        }
-
-        if (s->init_num < 0)
-                goto decode_err;
-
-        CBS_init(&hello_verify_request, s->init_msg,
-            s->init_num);
-
-        if (!CBS_get_u16(&hello_verify_request, &ssl_version))
-                goto decode_err;
-        if (!CBS_get_u8_length_prefixed(&hello_verify_request, &cookie))
-                goto decode_err;
-        if (CBS_len(&hello_verify_request) != 0)
-                goto decode_err;
-
-        /*
-         * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should always
-         * contain DTLSv1.0 the version that is going to be negotiated.
-         * Tolerate DTLSv1.2 just in case.
-         */
-        if (ssl_version != DTLS1_VERSION && ssl_version != DTLS1_2_VERSION) {
-                SSLerror(s, SSL_R_WRONG_SSL_VERSION);
-                s->version = (s->version & 0xff00) | (ssl_version & 0xff);
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto fatal_err;
-        }
-
-        if (!CBS_write_bytes(&cookie, s->d1->cookie,
-            sizeof(s->d1->cookie), &cookie_len)) {
-                s->d1->cookie_len = 0;
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                goto fatal_err;
-        }
-        s->d1->cookie_len = cookie_len;
-        s->d1->send_cookie = 1;
-
-        return 1;
-
- decode_err:
-        al = SSL_AD_DECODE_ERROR;
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return -1;
-}
-
-static int
-ssl3_get_server_hello(SSL *s)
-{
-        CBS cbs, server_random, session_id;
-        uint16_t server_version, cipher_suite;
-        uint8_t compression_method;
-        const SSL_CIPHER *cipher;
-        const SSL_METHOD *method;
-        int al, ret;
-
-        s->first_packet = 1;
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_HELLO_A,
-            SSL3_ST_CR_SRVR_HELLO_B, -1, 20000 /* ?? */)) <= 0)
-                return ret;
-        s->first_packet = 0;
-
-        if (s->init_num < 0)
-                goto decode_err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        if (SSL_is_dtls(s)) {
-                if (s->s3->hs.tls12.message_type == DTLS1_MT_HELLO_VERIFY_REQUEST) {
-                        if (s->d1->send_cookie == 0) {
-                                s->s3->hs.tls12.reuse_message = 1;
-                                return (1);
-                        } else {
-                                /* Already sent a cookie. */
-                                al = SSL_AD_UNEXPECTED_MESSAGE;
-                                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
-                                goto fatal_err;
-                        }
-                }
-        }
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_HELLO) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
-                goto fatal_err;
-        }
-
-        if (!CBS_get_u16(&cbs, &server_version))
-                goto decode_err;
-
-        if (!ssl_check_version_from_server(s, server_version)) {
-                SSLerror(s, SSL_R_WRONG_SSL_VERSION);
-                s->version = (s->version & 0xff00) | (server_version & 0xff);
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto fatal_err;
-        }
-        s->s3->hs.peer_legacy_version = server_version;
-        s->version = server_version;
-
-        s->s3->hs.negotiated_tls_version = ssl_tls_version(server_version);
-        if (s->s3->hs.negotiated_tls_version == 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-
-        if ((method = ssl_get_method(server_version)) == NULL) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-        s->method = method;
-
-        /* Server random. */
-        if (!CBS_get_bytes(&cbs, &server_random, SSL3_RANDOM_SIZE))
-                goto decode_err;
-        if (!CBS_write_bytes(&server_random, s->s3->server_random,
-            sizeof(s->s3->server_random), NULL))
-                goto err;
-
-        if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
-            s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
-                /*
-                 * RFC 8446 section 4.1.3. We must not downgrade if the server
-                 * random value contains the TLS 1.2 or TLS 1.1 magical value.
-                 */
-                if (!CBS_skip(&server_random,
-                    CBS_len(&server_random) - sizeof(tls13_downgrade_12)))
-                        goto err;
-                if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION &&
-                    CBS_mem_equal(&server_random, tls13_downgrade_12,
-                    sizeof(tls13_downgrade_12))) {
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
-                        goto fatal_err;
-                }
-                if (CBS_mem_equal(&server_random, tls13_downgrade_11,
-                    sizeof(tls13_downgrade_11))) {
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_INAPPROPRIATE_FALLBACK);
-                        goto fatal_err;
-                }
-        }
-
-        /* Session ID. */
-        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
-                goto decode_err;
-
-        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
-                goto fatal_err;
-        }
-
-        /* Cipher suite. */
-        if (!CBS_get_u16(&cbs, &cipher_suite))
-                goto decode_err;
-
-        /*
-         * Check if we want to resume the session based on external
-         * pre-shared secret.
-         */
-        if (s->tls_session_secret_cb != NULL) {
-                const SSL_CIPHER *pref_cipher = NULL;
-                int master_key_length = sizeof(s->session->master_key);
-
-                if (!s->tls_session_secret_cb(s,
-                    s->session->master_key, &master_key_length, NULL,
-                    &pref_cipher, s->tls_session_secret_cb_arg)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                if (master_key_length <= 0) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                s->session->master_key_length = master_key_length;
-
-                /*
-                 * XXX - this appears to be completely broken. The
-                 * client cannot change the cipher at this stage,
-                 * as the server has already made a selection.
-                 */
-                if ((s->s3->hs.cipher = pref_cipher) == NULL)
-                        s->s3->hs.cipher =
-                            ssl3_get_cipher_by_value(cipher_suite);
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-        }
-
-        if (s->session->session_id_length != 0 &&
-            CBS_mem_equal(&session_id, s->session->session_id,
-                s->session->session_id_length)) {
-                if (s->sid_ctx_length != s->session->sid_ctx_length ||
-                    timingsafe_memcmp(s->session->sid_ctx,
-                    s->sid_ctx, s->sid_ctx_length) != 0) {
-                        /* actually a client application bug */
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT);
-                        goto fatal_err;
-                }
-                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                s->hit = 1;
-        } else {
-                /* a miss or crap from the other end */
-
-                /* If we were trying for session-id reuse, make a new
-                 * SSL_SESSION so we don't stuff up other people */
-                s->hit = 0;
-                if (s->session->session_id_length > 0) {
-                        if (!ssl_get_new_session(s, 0)) {
-                                al = SSL_AD_INTERNAL_ERROR;
-                                goto fatal_err;
-                        }
-                }
-
-                /*
-                 * XXX - improve the handling for the case where there is a
-                 * zero length session identifier.
-                 */
-                if (!CBS_write_bytes(&session_id, s->session->session_id,
-                    sizeof(s->session->session_id),
-                    &s->session->session_id_length))
-                        goto err;
-
-                s->session->ssl_version = s->version;
-        }
-
-        if ((cipher = ssl3_get_cipher_by_value(cipher_suite)) == NULL) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_UNKNOWN_CIPHER_RETURNED);
-                goto fatal_err;
-        }
-
-        /* TLS v1.2 only ciphersuites require v1.2 or later. */
-        if ((cipher->algorithm_ssl & SSL_TLSV1_2) &&
-            s->s3->hs.negotiated_tls_version < TLS1_2_VERSION) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
-                goto fatal_err;
-        }
-
-        if (!ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
-                /* we did not say we would use this cipher */
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_WRONG_CIPHER_RETURNED);
-                goto fatal_err;
-        }
-
-        /*
-         * Depending on the session caching (internal/external), the cipher
-         * and/or cipher_id values may not be set. Make sure that
-         * cipher_id is set and use it for comparison.
-         */
-        if (s->hit && (s->session->cipher_value != cipher->value)) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED);
-                goto fatal_err;
-        }
-        s->s3->hs.cipher = cipher;
-        s->session->cipher_value = cipher->value;
-
-        if (!tls1_transcript_hash_init(s))
-                goto err;
-
-        /*
-         * Don't digest cached records if no sigalgs: we may need them for
-         * client authentication.
-         */
-        if (!SSL_USE_SIGALGS(s))
-                tls1_transcript_free(s);
-
-        if (!CBS_get_u8(&cbs, &compression_method))
-                goto decode_err;
-
-        if (compression_method != 0) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM);
-                goto fatal_err;
-        }
-
-        if (!tlsext_client_parse(s, SSL_TLSEXT_MSG_SH, &cbs, &al)) {
-                SSLerror(s, SSL_R_PARSE_TLSEXT);
-                goto fatal_err;
-        }
-
-        if (CBS_len(&cbs) != 0)
-                goto decode_err;
-
-        /*
-         * Determine if we need to see RI. Strictly speaking if we want to
-         * avoid an attack we should *always* see RI even on initial server
-         * hello because the client doesn't see any renegotiation during an
-         * attack. However this would mean we could not connect to any server
-         * which doesn't support RI so for the immediate future tolerate RI
-         * absence on initial connect only.
-         */
-        if (!s->s3->renegotiate_seen &&
-            !(s->options & SSL_OP_LEGACY_SERVER_CONNECT)) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                goto fatal_err;
-        }
-
-        if (ssl_check_serverhello_tlsext(s) <= 0) {
-                SSLerror(s, SSL_R_SERVERHELLO_TLSEXT);
-                goto err;
-        }
-
-        return (1);
-
- decode_err:
-        /* wrong packet length */
-        al = SSL_AD_DECODE_ERROR;
-        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        return (-1);
-}
-
-static int
-ssl3_get_server_certificate(SSL *s)
-{
-        CBS cbs, cert_list, cert_data;
-        STACK_OF(X509) *certs = NULL;
-        X509 *cert = NULL;
-        const uint8_t *p;
-        int al, ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
-            SSL3_ST_CR_CERT_B, -1, s->max_cert_list)) <= 0)
-                return ret;
-
-        ret = -1;
-
-        if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
-                s->s3->hs.tls12.reuse_message = 1;
-                return (1);
-        }
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
-                goto fatal_err;
-        }
-
-        if ((certs = sk_X509_new_null()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        if (s->init_num < 0)
-                goto decode_err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        if (!CBS_get_u24_length_prefixed(&cbs, &cert_list))
-                goto decode_err;
-        if (CBS_len(&cbs) != 0)
-                goto decode_err;
-
-        while (CBS_len(&cert_list) > 0) {
-                if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
-                        goto decode_err;
-                p = CBS_data(&cert_data);
-                if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) {
-                        al = SSL_AD_BAD_CERTIFICATE;
-                        SSLerror(s, ERR_R_ASN1_LIB);
-                        goto fatal_err;
-                }
-                if (p != CBS_data(&cert_data) + CBS_len(&cert_data))
-                        goto decode_err;
-                if (!sk_X509_push(certs, cert)) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                cert = NULL;
-        }
-
-        /* A server must always provide a non-empty certificate list. */
-        if (sk_X509_num(certs) < 1) {
-                SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                goto decode_err;
-        }
-
-        if (ssl_verify_cert_chain(s, certs) <= 0 &&
-            s->verify_mode != SSL_VERIFY_NONE) {
-                al = ssl_verify_alarm_type(s->verify_result);
-                SSLerror(s, SSL_R_CERTIFICATE_VERIFY_FAILED);
-                goto fatal_err;
-        }
-        s->session->verify_result = s->verify_result;
-        ERR_clear_error();
-
-        if (!tls_process_peer_certs(s, certs))
-                goto err;
-
-        ret = 1;
-
-        if (0) {
- decode_err:
-                /* wrong packet length */
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- fatal_err:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        }
- err:
-        sk_X509_pop_free(certs, X509_free);
-        X509_free(cert);
-
-        return (ret);
-}
-
-static int
-ssl3_get_server_kex_dhe(SSL *s, CBS *cbs)
-{
-        int decode_error, invalid_params, invalid_key;
-        int nid = NID_dhKeyAgreement;
-
-        tls_key_share_free(s->s3->hs.key_share);
-        if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
-                goto err;
-
-        if (!tls_key_share_peer_params(s->s3->hs.key_share, cbs,
-            &decode_error, &invalid_params)) {
-                if (decode_error) {
-                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                }
-                goto err;
-        }
-        if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
-            &decode_error, &invalid_key)) {
-                if (decode_error) {
-                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                }
-                goto err;
-        }
-
-        if (invalid_params) {
-                SSLerror(s, SSL_R_BAD_DH_P_LENGTH);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-                goto err;
-        }
-        if (invalid_key) {
-                SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-                goto err;
-        }
-
-        if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) {
-                SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                return 0;
-        }
-
-        return 1;
-
- err:
-        return 0;
-}
-
-static int
-ssl3_get_server_kex_ecdhe(SSL *s, CBS *cbs)
-{
-        uint8_t curve_type;
-        uint16_t group_id;
-        int decode_error;
-        CBS public;
-
-        if (!CBS_get_u8(cbs, &curve_type))
-                goto decode_err;
-        if (!CBS_get_u16(cbs, &group_id))
-                goto decode_err;
-
-        /* Only named curves are supported. */
-        if (curve_type != NAMED_CURVE_TYPE) {
-                SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-        }
-
-        if (!CBS_get_u8_length_prefixed(cbs, &public))
-                goto decode_err;
-
-        /*
-         * Check that the group is one of our preferences - if it is not,
-         * the server has sent us an invalid group.
-         */
-        if (!tls1_check_group(s, group_id)) {
-                SSLerror(s, SSL_R_WRONG_CURVE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-                goto err;
-        }
-
-        tls_key_share_free(s->s3->hs.key_share);
-        if ((s->s3->hs.key_share = tls_key_share_new(group_id)) == NULL)
-                goto err;
-
-        if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
-            &decode_error, NULL)) {
-                if (decode_error)
-                        goto decode_err;
-                goto err;
-        }
-
-        return 1;
-
- decode_err:
-        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
- err:
-        return 0;
-}
-
-static int
-ssl3_get_server_key_exchange(SSL *s)
-{
-        CBB cbb;
-        CBS cbs, params, signature;
-        EVP_MD_CTX *md_ctx;
-        unsigned char *signed_params = NULL;
-        size_t signed_params_len;
-        size_t params_len;
-        long alg_k, alg_a;
-        int al, ret;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-        alg_a = s->s3->hs.cipher->algorithm_auth;
-
-        /*
-         * Use same message size as in ssl3_get_certificate_request()
-         * as ServerKeyExchange message may be skipped.
-         */
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_KEY_EXCH_A,
-            SSL3_ST_CR_KEY_EXCH_B, -1, s->max_cert_list)) <= 0)
-                return ret;
-
-        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        if (s->init_num < 0)
-                goto err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_SERVER_KEY_EXCHANGE) {
-                /*
-                 * Do not skip server key exchange if this cipher suite uses
-                 * ephemeral keys.
-                 */
-                if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        goto fatal_err;
-                }
-
-                s->s3->hs.tls12.reuse_message = 1;
-                EVP_MD_CTX_free(md_ctx);
-                return (1);
-        }
-
-        if (!CBB_init(&cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE))
-                goto err;
-
-        CBS_dup(&cbs, &params);
-
-        if (alg_k & SSL_kDHE) {
-                if (!ssl3_get_server_kex_dhe(s, &cbs))
-                        goto err;
-        } else if (alg_k & SSL_kECDHE) {
-                if (!ssl3_get_server_kex_ecdhe(s, &cbs))
-                        goto err;
-        } else if (alg_k != 0) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                goto fatal_err;
-        }
-
-        if ((params_len = CBS_offset(&cbs)) > CBS_len(&params))
-                goto err;
-        if (!CBB_add_bytes(&cbb, CBS_data(&params), params_len))
-                goto err;
-        if (!CBB_finish(&cbb, &signed_params, &signed_params_len))
-                goto err;
-
-        /* if it was signed, check the signature */
-        if ((alg_a & SSL_aNULL) == 0) {
-                uint16_t sigalg_value = SIGALG_NONE;
-                const struct ssl_sigalg *sigalg;
-                EVP_PKEY_CTX *pctx;
-                EVP_PKEY *pkey = NULL;
-
-                if ((alg_a & SSL_aRSA) != 0 &&
-                    s->session->peer_cert_type == SSL_PKEY_RSA) {
-                        pkey = X509_get0_pubkey(s->session->peer_cert);
-                } else if ((alg_a & SSL_aECDSA) != 0 &&
-                    s->session->peer_cert_type == SSL_PKEY_ECC) {
-                        pkey = X509_get0_pubkey(s->session->peer_cert);
-                }
-                if (pkey == NULL) {
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                        goto fatal_err;
-                }
-
-                if (SSL_USE_SIGALGS(s)) {
-                        if (!CBS_get_u16(&cbs, &sigalg_value))
-                                goto decode_err;
-                }
-                if (!CBS_get_u16_length_prefixed(&cbs, &signature))
-                        goto decode_err;
-                if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(s, SSL_R_WRONG_SIGNATURE_LENGTH);
-                        goto fatal_err;
-                }
-
-                if ((sigalg = ssl_sigalg_for_peer(s, pkey,
-                    sigalg_value)) == NULL) {
-                        al = SSL_AD_DECODE_ERROR;
-                        goto fatal_err;
-                }
-                s->s3->hs.peer_sigalg = sigalg;
-
-                if (!EVP_DigestVerifyInit(md_ctx, &pctx, sigalg->md(),
-                    NULL, pkey))
-                        goto err;
-                if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
-                    (!EVP_PKEY_CTX_set_rsa_padding(pctx,
-                    RSA_PKCS1_PSS_PADDING) ||
-                    !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1)))
-                        goto err;
-                if (EVP_DigestVerify(md_ctx, CBS_data(&signature),
-                    CBS_len(&signature), signed_params, signed_params_len) <= 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_SIGNATURE);
-                        goto fatal_err;
-                }
-        }
-
-        if (CBS_len(&cbs) != 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
-                goto fatal_err;
-        }
-
-        EVP_MD_CTX_free(md_ctx);
-        free(signed_params);
-
-        return (1);
-
- decode_err:
-        al = SSL_AD_DECODE_ERROR;
-        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-
- err:
-        CBB_cleanup(&cbb);
-        EVP_MD_CTX_free(md_ctx);
-        free(signed_params);
-
-        return (-1);
-}
-
-static int
-ssl3_get_certificate_request(SSL *s)
-{
-        CBS cert_request, cert_types, rdn_list;
-        X509_NAME *xn = NULL;
-        const unsigned char *q;
-        STACK_OF(X509_NAME) *ca_sk = NULL;
-        int ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_REQ_A,
-            SSL3_ST_CR_CERT_REQ_B, -1, s->max_cert_list)) <= 0)
-                return ret;
-
-        ret = 0;
-
-        s->s3->hs.tls12.cert_request = 0;
-
-        if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_DONE) {
-                s->s3->hs.tls12.reuse_message = 1;
-                /*
-                 * If we get here we don't need any cached handshake records
-                 * as we wont be doing client auth.
-                 */
-                tls1_transcript_free(s);
-                return (1);
-        }
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_REQUEST) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
-                goto err;
-        }
-
-        /* TLS does not like anon-DH with client cert */
-        if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                SSLerror(s, SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER);
-                goto err;
-        }
-
-        if (s->init_num < 0)
-                goto decode_err;
-        CBS_init(&cert_request, s->init_msg, s->init_num);
-
-        if ((ca_sk = sk_X509_NAME_new(ca_dn_cmp)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        if (!CBS_get_u8_length_prefixed(&cert_request, &cert_types))
-                goto decode_err;
-
-        if (SSL_USE_SIGALGS(s)) {
-                CBS sigalgs;
-
-                if (CBS_len(&cert_request) < 2) {
-                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (!CBS_get_u16_length_prefixed(&cert_request, &sigalgs)) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-                if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
-                        goto err;
-                }
-                if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs,
-                    &s->s3->hs.sigalgs_len))
-                        goto err;
-        }
-
-        /* get the CA RDNs */
-        if (CBS_len(&cert_request) < 2) {
-                SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
-                goto err;
-        }
-
-        if (!CBS_get_u16_length_prefixed(&cert_request, &rdn_list) ||
-            CBS_len(&cert_request) != 0) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                goto err;
-        }
-
-        while (CBS_len(&rdn_list) > 0) {
-                CBS rdn;
-
-                if (CBS_len(&rdn_list) < 2) {
-                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
-                        goto err;
-                }
-
-                if (!CBS_get_u16_length_prefixed(&rdn_list, &rdn)) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        SSLerror(s, SSL_R_CA_DN_TOO_LONG);
-                        goto err;
-                }
-
-                q = CBS_data(&rdn);
-                if ((xn = d2i_X509_NAME(NULL, &q, CBS_len(&rdn))) == NULL) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_DECODE_ERROR);
-                        SSLerror(s, ERR_R_ASN1_LIB);
-                        goto err;
-                }
-
-                if (q != CBS_data(&rdn) + CBS_len(&rdn)) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        SSLerror(s, SSL_R_CA_DN_LENGTH_MISMATCH);
-                        goto err;
-                }
-                if (!sk_X509_NAME_push(ca_sk, xn)) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                xn = NULL;      /* avoid free in err block */
-        }
-
-        /* we should setup a certificate to return.... */
-        s->s3->hs.tls12.cert_request = 1;
-        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
-        s->s3->hs.tls12.ca_names = ca_sk;
-        ca_sk = NULL;
-
-        ret = 1;
-        if (0) {
- decode_err:
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-        }
- err:
-        X509_NAME_free(xn);
-        sk_X509_NAME_pop_free(ca_sk, X509_NAME_free);
-        return (ret);
-}
-
-static int
-ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b)
-{
-        return (X509_NAME_cmp(*a, *b));
-}
-
-static int
-ssl3_get_new_session_ticket(SSL *s)
-{
-        uint32_t lifetime_hint;
-        CBS cbs, session_ticket;
-        unsigned int session_id_length = 0;
-        int al, ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_SESSION_TICKET_A,
-            SSL3_ST_CR_SESSION_TICKET_B, -1, 16384)) <= 0)
-                return ret;
-
-        if (s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) {
-                s->s3->hs.tls12.reuse_message = 1;
-                return (1);
-        }
-        if (s->s3->hs.tls12.message_type != SSL3_MT_NEWSESSION_TICKET) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
-                goto fatal_err;
-        }
-
-        if (s->init_num < 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                goto fatal_err;
-        }
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-        if (!CBS_get_u32(&cbs, &lifetime_hint) ||
-            !CBS_get_u16_length_prefixed(&cbs, &session_ticket) ||
-            CBS_len(&cbs) != 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                goto fatal_err;
-        }
-        s->session->tlsext_tick_lifetime_hint = lifetime_hint;
-
-        if (!CBS_stow(&session_ticket, &s->session->tlsext_tick,
-            &s->session->tlsext_ticklen)) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        /*
-         * There are two ways to detect a resumed ticket session.
-         * One is to set an appropriate session ID and then the server
-         * must return a match in ServerHello. This allows the normal
-         * client session ID matching to work and we know much
-         * earlier that the ticket has been accepted.
-         *
-         * The other way is to set zero length session ID when the
-         * ticket is presented and rely on the handshake to determine
-         * session resumption.
-         *
-         * We choose the former approach because this fits in with
-         * assumptions elsewhere in OpenSSL. The session ID is set
-         * to the SHA256 hash of the ticket.
-         */
-        /* XXX - ensure this doesn't overflow session_id if hash is changed. */
-        if (!EVP_Digest(CBS_data(&session_ticket), CBS_len(&session_ticket),
-            s->session->session_id, &session_id_length, EVP_sha256(), NULL)) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto fatal_err;
-        }
-        s->session->session_id_length = session_id_length;
-
-        return (1);
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        return (-1);
-}
-
-static int
-ssl3_get_cert_status(SSL *s)
-{
-        CBS cert_status, response;
-        uint8_t status_type;
-        int al, ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_STATUS_A,
-            SSL3_ST_CR_CERT_STATUS_B, -1, 16384)) <= 0)
-                return ret;
-
-        if (s->s3->hs.tls12.message_type == SSL3_MT_SERVER_KEY_EXCHANGE) {
-                /*
-                 * Tell the callback the server did not send us an OSCP
-                 * response, and has decided to head directly to key exchange.
-                 */
-                if (s->ctx->tlsext_status_cb) {
-                        free(s->tlsext_ocsp_resp);
-                        s->tlsext_ocsp_resp = NULL;
-                        s->tlsext_ocsp_resp_len = 0;
-
-                        ret = s->ctx->tlsext_status_cb(s,
-                            s->ctx->tlsext_status_arg);
-                        if (ret == 0) {
-                                al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-                                SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
-                                goto fatal_err;
-                        }
-                        if (ret < 0) {
-                                al = SSL_AD_INTERNAL_ERROR;
-                                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                                goto fatal_err;
-                        }
-                }
-                s->s3->hs.tls12.reuse_message = 1;
-                return (1);
-        }
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE &&
-            s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_STATUS) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_BAD_MESSAGE_TYPE);
-                goto fatal_err;
-        }
-
-        if (s->init_num < 0) {
-                /* need at least status type + length */
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                goto fatal_err;
-        }
-
-        CBS_init(&cert_status, s->init_msg, s->init_num);
-        if (!CBS_get_u8(&cert_status, &status_type) ||
-            CBS_len(&cert_status) < 3) {
-                /* need at least status type + length */
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                goto fatal_err;
-        }
-
-        if (status_type != TLSEXT_STATUSTYPE_ocsp) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
-                goto fatal_err;
-        }
-
-        if (!CBS_get_u24_length_prefixed(&cert_status, &response) ||
-            CBS_len(&cert_status) != 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                goto fatal_err;
-        }
-
-        if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
-            &s->tlsext_ocsp_resp_len)) {
-                al = SSL_AD_INTERNAL_ERROR;
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto fatal_err;
-        }
-
-        if (s->ctx->tlsext_status_cb) {
-                ret = s->ctx->tlsext_status_cb(s,
-                    s->ctx->tlsext_status_arg);
-                if (ret == 0) {
-                        al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-                        SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
-                        goto fatal_err;
-                }
-                if (ret < 0) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        goto fatal_err;
-                }
-        }
-        return (1);
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return (-1);
-}
-
-static int
-ssl3_get_server_done(SSL *s)
-{
-        int ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_SRVR_DONE_A,
-            SSL3_ST_CR_SRVR_DONE_B, SSL3_MT_SERVER_DONE, 
-            30 /* should be very small, like 0 :-) */)) <= 0)
-                return ret;
-
-        if (s->init_num != 0) {
-                /* should contain no data */
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                return -1;
-        }
-
-        return 1;
-}
-
-static int
-ssl3_send_client_kex_rsa(SSL *s, CBB *cbb)
-{
-        unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH];
-        unsigned char *enc_pms = NULL;
-        uint16_t max_legacy_version;
-        EVP_PKEY *pkey;
-        RSA *rsa;
-        int ret = 0;
-        int enc_len;
-        CBB epms;
-
-        /*
-         * RSA-Encrypted Premaster Secret Message - RFC 5246 section 7.4.7.1.
-         */
-
-        pkey = X509_get0_pubkey(s->session->peer_cert);
-        if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-
-        /*
-         * Our maximum legacy protocol version - while RFC 5246 section 7.4.7.1
-         * says "The latest (newest) version supported by the client", if we're
-         * doing RSA key exchange then we have to presume that we're talking to
-         * a server that does not understand the supported versions extension
-         * and therefore our maximum version is that sent in the ClientHello.
-         */
-        if (!ssl_max_legacy_version(s, &max_legacy_version))
-                goto err;
-        pms[0] = max_legacy_version >> 8;
-        pms[1] = max_legacy_version & 0xff;
-        arc4random_buf(&pms[2], sizeof(pms) - 2);
-
-        if ((enc_pms = malloc(RSA_size(rsa))) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        enc_len = RSA_public_encrypt(sizeof(pms), pms, enc_pms, rsa,
-            RSA_PKCS1_PADDING);
-        if (enc_len <= 0) {
-                SSLerror(s, SSL_R_BAD_RSA_ENCRYPT);
-                goto err;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cbb, &epms))
-                goto err;
-        if (!CBB_add_bytes(&epms, enc_pms, enc_len))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-
-        if (!tls12_derive_master_secret(s, pms, sizeof(pms)))
-                goto err;
-
-        ret = 1;
-
- err:
-        explicit_bzero(pms, sizeof(pms));
-        free(enc_pms);
-
-        return ret;
-}
-
-static int
-ssl3_send_client_kex_dhe(SSL *s, CBB *cbb)
-{
-        uint8_t *key = NULL;
-        size_t key_len = 0;
-        int ret = 0;
-
-        /* Ensure that we have an ephemeral key from the server for DHE. */
-        if (s->s3->hs.key_share == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerror(s, SSL_R_UNABLE_TO_FIND_DH_PARAMETERS);
-                goto err;
-        }
-
-        if (!tls_key_share_generate(s->s3->hs.key_share))
-                goto err;
-        if (!tls_key_share_public(s->s3->hs.key_share, cbb))
-                goto err;
-        if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
-                goto err;
-
-        if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) {
-                SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                return 0;
-        }
-
-        if (!tls12_derive_master_secret(s, key, key_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(key, key_len);
-
-        return ret;
-}
-
-static int
-ssl3_send_client_kex_ecdhe(SSL *s, CBB *cbb)
-{
-        uint8_t *key = NULL;
-        size_t key_len = 0;
-        CBB public;
-        int ret = 0;
-
-        /* Ensure that we have an ephemeral key for ECDHE. */
-        if (s->s3->hs.key_share == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-
-        if (!tls_key_share_generate(s->s3->hs.key_share))
-                goto err;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &public))
-                return 0;
-        if (!tls_key_share_public(s->s3->hs.key_share, &public))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-
-        if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
-                goto err;
-
-        if (!tls12_derive_master_secret(s, key, key_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(key, key_len);
-
-        return ret;
-}
-
-static int
-ssl3_send_client_key_exchange(SSL *s)
-{
-        unsigned long alg_k;
-        CBB cbb, kex;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_CW_KEY_EXCH_A) {
-                alg_k = s->s3->hs.cipher->algorithm_mkey;
-
-                if (!ssl3_handshake_msg_start(s, &cbb, &kex,
-                    SSL3_MT_CLIENT_KEY_EXCHANGE))
-                        goto err;
-
-                if (alg_k & SSL_kRSA) {
-                        if (!ssl3_send_client_kex_rsa(s, &kex))
-                                goto err;
-                } else if (alg_k & SSL_kDHE) {
-                        if (!ssl3_send_client_kex_dhe(s, &kex))
-                                goto err;
-                } else if (alg_k & SSL_kECDHE) {
-                        if (!ssl3_send_client_kex_ecdhe(s, &kex))
-                                goto err;
-                } else {
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_HANDSHAKE_FAILURE);
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_CW_KEY_EXCH_B;
-        }
-
-        /* SSL3_ST_CW_KEY_EXCH_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_send_client_verify_sigalgs(SSL *s, EVP_PKEY *pkey,
-    const struct ssl_sigalg *sigalg, CBB *cert_verify)
-{
-        CBB cbb_signature;
-        EVP_PKEY_CTX *pctx = NULL;
-        EVP_MD_CTX *mctx = NULL;
-        const unsigned char *hdata;
-        unsigned char *signature = NULL;
-        size_t signature_len, hdata_len;
-        int ret = 0;
-
-        if ((mctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        if (!tls1_transcript_data(s, &hdata, &hdata_len)) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-        if (!EVP_DigestSignInit(mctx, &pctx, sigalg->md(), NULL, pkey)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
-            (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING) ||
-            !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_DigestSign(mctx, NULL, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if ((signature = calloc(1, signature_len)) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!EVP_DigestSign(mctx, signature, &signature_len, hdata, hdata_len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-
-        if (!CBB_add_u16(cert_verify, sigalg->value))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-                goto err;
-        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-                goto err;
-        if (!CBB_flush(cert_verify))
-                goto err;
-
-        ret = 1;
-
- err:
-        EVP_MD_CTX_free(mctx);
-        free(signature);
-        return ret;
-}
-
-static int
-ssl3_send_client_verify_rsa(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-        CBB cbb_signature;
-        RSA *rsa;
-        unsigned char data[EVP_MAX_MD_SIZE];
-        unsigned char *signature = NULL;
-        unsigned int signature_len;
-        size_t data_len;
-        int ret = 0;
-
-        if (!tls1_transcript_hash_value(s, data, sizeof(data), &data_len))
-                goto err;
-        if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
-                goto err;
-        if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL)
-                goto err;
-        if (RSA_sign(NID_md5_sha1, data, data_len, signature, &signature_len,
-            rsa) <= 0 ) {
-                SSLerror(s, ERR_R_RSA_LIB);
-                goto err;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-                goto err;
-        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-                goto err;
-        if (!CBB_flush(cert_verify))
-                goto err;
-
-        ret = 1;
- err:
-        free(signature);
-        return ret;
-}
-
-static int
-ssl3_send_client_verify_ec(SSL *s, EVP_PKEY *pkey, CBB *cert_verify)
-{
-        CBB cbb_signature;
-        EC_KEY *eckey;
-        unsigned char data[EVP_MAX_MD_SIZE];
-        unsigned char *signature = NULL;
-        unsigned int signature_len;
-        int ret = 0;
-
-        if (!tls1_transcript_hash_value(s, data, sizeof(data), NULL))
-                goto err;
-        if ((signature = calloc(1, EVP_PKEY_size(pkey))) == NULL)
-                goto err;
-        if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
-                goto err;
-        if (!ECDSA_sign(0, &data[MD5_DIGEST_LENGTH], SHA_DIGEST_LENGTH,
-            signature, &signature_len, eckey)) {
-                SSLerror(s, ERR_R_ECDSA_LIB);
-                goto err;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cert_verify, &cbb_signature))
-                goto err;
-        if (!CBB_add_bytes(&cbb_signature, signature, signature_len))
-                goto err;
-        if (!CBB_flush(cert_verify))
-                goto err;
-
-        ret = 1;
- err:
-        free(signature);
-        return ret;
-}
-
-static int
-ssl3_send_client_verify(SSL *s)
-{
-        const struct ssl_sigalg *sigalg;
-        CBB cbb, cert_verify;
-        EVP_PKEY *pkey;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_CW_CERT_VRFY_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &cert_verify,
-                    SSL3_MT_CERTIFICATE_VERIFY))
-                        goto err;
-
-                pkey = s->cert->key->privatekey;
-                if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
-                        SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
-                        goto err;
-                }
-                s->s3->hs.our_sigalg = sigalg;
-
-                /*
-                 * For TLS v1.2 send signature algorithm and signature using
-                 * agreed digest and cached handshake records.
-                 */
-                if (SSL_USE_SIGALGS(s)) {
-                        if (!ssl3_send_client_verify_sigalgs(s, pkey, sigalg,
-                            &cert_verify))
-                                goto err;
-                } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
-                        if (!ssl3_send_client_verify_rsa(s, pkey, &cert_verify))
-                                goto err;
-                } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
-                        if (!ssl3_send_client_verify_ec(s, pkey, &cert_verify))
-                                goto err;
-                } else {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-
-                tls1_transcript_free(s);
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_CW_CERT_VRFY_B;
-        }
-
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_send_client_certificate(SSL *s)
-{
-        EVP_PKEY *pkey = NULL;
-        X509 *x509 = NULL;
-        CBB cbb, client_cert;
-        int i;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_CW_CERT_A) {
-                if (s->cert->key->x509 == NULL ||
-                    s->cert->key->privatekey == NULL)
-                        s->s3->hs.state = SSL3_ST_CW_CERT_B;
-                else
-                        s->s3->hs.state = SSL3_ST_CW_CERT_C;
-        }
-
-        /* We need to get a client cert */
-        if (s->s3->hs.state == SSL3_ST_CW_CERT_B) {
-                /*
-                 * If we get an error, we need to
-                 * ssl->rwstate = SSL_X509_LOOKUP; return(-1);
-                 * We then get retried later.
-                 */
-                i = ssl_do_client_cert_cb(s, &x509, &pkey);
-                if (i < 0) {
-                        s->rwstate = SSL_X509_LOOKUP;
-                        return (-1);
-                }
-                s->rwstate = SSL_NOTHING;
-                if ((i == 1) && (pkey != NULL) && (x509 != NULL)) {
-                        s->s3->hs.state = SSL3_ST_CW_CERT_B;
-                        if (!SSL_use_certificate(s, x509) ||
-                            !SSL_use_PrivateKey(s, pkey))
-                                i = 0;
-                } else if (i == 1) {
-                        i = 0;
-                        SSLerror(s, SSL_R_BAD_DATA_RETURNED_BY_CALLBACK);
-                }
-
-                X509_free(x509);
-                EVP_PKEY_free(pkey);
-                if (i == 0) {
-                        s->s3->hs.tls12.cert_request = 2;
-
-                        /* There is no client certificate to verify. */
-                        tls1_transcript_free(s);
-                }
-
-                /* Ok, we have a cert */
-                s->s3->hs.state = SSL3_ST_CW_CERT_C;
-        }
-
-        if (s->s3->hs.state == SSL3_ST_CW_CERT_C) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &client_cert,
-                    SSL3_MT_CERTIFICATE))
-                        goto err;
-                if (!ssl3_output_cert_chain(s, &client_cert,
-                    (s->s3->hs.tls12.cert_request == 2) ? NULL : s->cert->key))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_CW_CERT_D;
-        }
-
-        /* SSL3_ST_CW_CERT_D */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (0);
-}
-
-#define has_bits(i,m)   (((i)&(m)) == (m))
-
-static int
-ssl3_check_cert_and_algorithm(SSL *s)
-{
-        long alg_k, alg_a;
-        int nid = NID_undef;
-        int i;
-
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-        alg_a = s->s3->hs.cipher->algorithm_auth;
-
-        /* We don't have a certificate. */
-        if (alg_a & SSL_aNULL)
-                return (1);
-
-        if (s->s3->hs.key_share != NULL)
-                nid = tls_key_share_nid(s->s3->hs.key_share);
-
-        /* This is the passed certificate. */
-
-        if (s->session->peer_cert_type == SSL_PKEY_ECC) {
-                if (!ssl_check_srvr_ecc_cert_and_alg(s, s->session->peer_cert)) {
-                        SSLerror(s, SSL_R_BAD_ECC_CERT);
-                        goto fatal_err;
-                }
-                return (1);
-        }
-
-        i = X509_certificate_type(s->session->peer_cert, NULL);
-
-        /* Check that we have a certificate if we require one. */
-        if ((alg_a & SSL_aRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_SIGN)) {
-                SSLerror(s, SSL_R_MISSING_RSA_SIGNING_CERT);
-                goto fatal_err;
-        }
-        if ((alg_k & SSL_kRSA) && !has_bits(i, EVP_PK_RSA|EVP_PKT_ENC)) {
-                SSLerror(s, SSL_R_MISSING_RSA_ENCRYPTING_CERT);
-                goto fatal_err;
-        }
-        if ((alg_k & SSL_kDHE) &&
-            !(has_bits(i, EVP_PK_DH|EVP_PKT_EXCH) || (nid == NID_dhKeyAgreement))) {
-                SSLerror(s, SSL_R_MISSING_DH_KEY);
-                goto fatal_err;
-        }
-
-        return (1);
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-
-        return (0);
-}
-
-/*
- * Check to see if handshake is full or resumed. Usually this is just a
- * case of checking to see if a cache hit has occurred. In the case of
- * session tickets we have to check the next message to be sure.
- */
-
-static int
-ssl3_check_finished(SSL *s)
-{
-        int ret;
-
-        /* If we have no ticket it cannot be a resumed session. */
-        if (!s->session->tlsext_tick)
-                return (1);
-        /* this function is called when we really expect a Certificate
-         * message, so permit appropriate message length */
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_CERT_A,
-            SSL3_ST_CR_CERT_B, -1, s->max_cert_list)) <= 0)
-                return ret;
-
-        s->s3->hs.tls12.reuse_message = 1;
-        if ((s->s3->hs.tls12.message_type == SSL3_MT_FINISHED) ||
-            (s->s3->hs.tls12.message_type == SSL3_MT_NEWSESSION_TICKET))
-                return (2);
-
-        return (1);
-}
-
-static int
-ssl_do_client_cert_cb(SSL *s, X509 **px509, EVP_PKEY **ppkey)
-{
-        if (s->ctx->client_cert_cb == NULL)
-                return 0;
-
-        return s->ctx->client_cert_cb(s, px509, ppkey);
-}
-
-static int
-ssl3_send_client_change_cipher_spec(SSL *s)
-{
-        size_t outlen;
-        CBB cbb;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_CW_CHANGE_A) {
-                if (!CBB_init_fixed(&cbb, s->init_buf->data,
-                    s->init_buf->length))
-                        goto err;
-                if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
-                        goto err;
-                if (!CBB_finish(&cbb, NULL, &outlen))
-                        goto err;
-
-                if (outlen > INT_MAX)
-                        goto err;
-
-                s->init_num = (int)outlen;
-                s->init_off = 0;
-
-                if (SSL_is_dtls(s)) {
-                        s->d1->handshake_write_seq =
-                            s->d1->next_handshake_write_seq;
-                        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
-                            s->d1->handshake_write_seq, 0, 0);
-                        dtls1_buffer_message(s, 1);
-                }
-
-                s->s3->hs.state = SSL3_ST_CW_CHANGE_B;
-        }
-
-        /* SSL3_ST_CW_CHANGE_B */
-        return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
-
- err:
-        CBB_cleanup(&cbb);
-
-        return -1;
-}
-
-static int
-ssl3_send_client_finished(SSL *s)
-{
-        CBB cbb, finished;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_CW_FINISHED_A) {
-                if (!tls12_derive_finished(s))
-                        goto err;
-
-                /* Copy finished so we can use it for renegotiation checks. */
-                memcpy(s->s3->previous_client_finished,
-                    s->s3->hs.finished, s->s3->hs.finished_len);
-                s->s3->previous_client_finished_len =
-                    s->s3->hs.finished_len;
-
-                if (!ssl3_handshake_msg_start(s, &cbb, &finished,
-                    SSL3_MT_FINISHED))
-                        goto err;
-                if (!CBB_add_bytes(&finished, s->s3->hs.finished,
-                    s->s3->hs.finished_len))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_CW_FINISHED_B;
-        }
-
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_get_server_finished(SSL *s)
-{
-        int al, md_len, ret;
-        CBS cbs;
-
-        /* should actually be 36+4 :-) */
-        if ((ret = ssl3_get_message(s, SSL3_ST_CR_FINISHED_A,
-            SSL3_ST_CR_FINISHED_B, SSL3_MT_FINISHED, 64)) <= 0)
-                return ret;
-
-        /* If this occurs, we have missed a message */
-        if (!s->s3->change_cipher_spec) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
-                goto fatal_err;
-        }
-        s->s3->change_cipher_spec = 0;
-
-        md_len = TLS1_FINISH_MAC_LENGTH;
-
-        if (s->init_num < 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
-                goto fatal_err;
-        }
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        if (s->s3->hs.peer_finished_len != md_len ||
-            CBS_len(&cbs) != md_len) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
-                goto fatal_err;
-        }
-
-        if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) {
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
-                goto fatal_err;
-        }
-
-        /* Copy finished so we can use it for renegotiation checks. */
-        OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
-        memcpy(s->s3->previous_server_finished,
-            s->s3->hs.peer_finished, md_len);
-        s->s3->previous_server_finished_len = md_len;
-
-        return (1);
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return (0);
-}
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c
deleted file mode 100644
index eac2d9e61f..0000000000
--- a/src/lib/libssl/ssl_err.c
+++ /dev/null
@@ -1,676 +0,0 @@
-/* $OpenBSD: ssl_err.c,v 1.53 2024/10/09 08:00:29 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2011 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/err.h>
-#include <openssl/opensslconf.h>
-#include <openssl/ssl.h>
-
-#include "ssl_local.h"
-
-#ifndef OPENSSL_NO_ERR
-
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_SSL,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_SSL,0,reason)
-
-/* See SSL_state_func_code below */
-static const ERR_STRING_DATA SSL_str_functs[] = {
-        {ERR_FUNC(1),  "CONNECT_CW_FLUSH"},
-        {ERR_FUNC(2),  "CONNECT_CW_CLNT_HELLO"},
-        {ERR_FUNC(3),  "CONNECT_CW_CLNT_HELLO"},
-        {ERR_FUNC(4),  "CONNECT_CR_SRVR_HELLO"},
-        {ERR_FUNC(5),  "CONNECT_CR_SRVR_HELLO"},
-        {ERR_FUNC(6),  "CONNECT_CR_CERT"},
-        {ERR_FUNC(7),  "CONNECT_CR_CERT"},
-        {ERR_FUNC(8),  "CONNECT_CR_KEY_EXCH"},
-        {ERR_FUNC(9),  "CONNECT_CR_KEY_EXCH"},
-        {ERR_FUNC(10),  "CONNECT_CR_CERT_REQ"},
-        {ERR_FUNC(11),  "CONNECT_CR_CERT_REQ"},
-        {ERR_FUNC(12),  "CONNECT_CR_SRVR_DONE"},
-        {ERR_FUNC(13),  "CONNECT_CR_SRVR_DONE"},
-        {ERR_FUNC(14),  "CONNECT_CW_CERT"},
-        {ERR_FUNC(15),  "CONNECT_CW_CERT"},
-        {ERR_FUNC(16),  "CONNECT_CW_CERT_C"},
-        {ERR_FUNC(17),  "CONNECT_CW_CERT_D"},
-        {ERR_FUNC(18),  "CONNECT_CW_KEY_EXCH"},
-        {ERR_FUNC(19),  "CONNECT_CW_KEY_EXCH"},
-        {ERR_FUNC(20),  "CONNECT_CW_CERT_VRFY"},
-        {ERR_FUNC(21),  "CONNECT_CW_CERT_VRFY"},
-        {ERR_FUNC(22),  "CONNECT_CW_CHANGE"},
-        {ERR_FUNC(23),  "CONNECT_CW_CHANGE"},
-        {ERR_FUNC(26),  "CONNECT_CW_FINISHED"},
-        {ERR_FUNC(27),  "CONNECT_CW_FINISHED"},
-        {ERR_FUNC(28),  "CONNECT_CR_CHANGE"},
-        {ERR_FUNC(29),  "CONNECT_CR_CHANGE"},
-        {ERR_FUNC(30),  "CONNECT_CR_FINISHED"},
-        {ERR_FUNC(31),  "CONNECT_CR_FINISHED"},
-        {ERR_FUNC(32),  "CONNECT_CR_SESSION_TICKET"},
-        {ERR_FUNC(33),  "CONNECT_CR_SESSION_TICKET"},
-        {ERR_FUNC(34),  "CONNECT_CR_CERT_STATUS"},
-        {ERR_FUNC(35),  "CONNECT_CR_CERT_STATUS"},
-        {ERR_FUNC(36),  "ACCEPT_SW_FLUSH"},
-        {ERR_FUNC(37),  "ACCEPT_SR_CLNT_HELLO"},
-        {ERR_FUNC(38),  "ACCEPT_SR_CLNT_HELLO"},
-        {ERR_FUNC(39),  "ACCEPT_SR_CLNT_HELLO_C"},
-        {ERR_FUNC(40),  "ACCEPT_SW_HELLO_REQ"},
-        {ERR_FUNC(41),  "ACCEPT_SW_HELLO_REQ"},
-        {ERR_FUNC(42),  "ACCEPT_SW_HELLO_REQ_C"},
-        {ERR_FUNC(43),  "ACCEPT_SW_SRVR_HELLO"},
-        {ERR_FUNC(44),  "ACCEPT_SW_SRVR_HELLO"},
-        {ERR_FUNC(45),  "ACCEPT_SW_CERT"},
-        {ERR_FUNC(46),  "ACCEPT_SW_CERT"},
-        {ERR_FUNC(47),  "ACCEPT_SW_KEY_EXCH"},
-        {ERR_FUNC(48),  "ACCEPT_SW_KEY_EXCH"},
-        {ERR_FUNC(49),  "ACCEPT_SW_CERT_REQ"},
-        {ERR_FUNC(50),  "ACCEPT_SW_CERT_REQ"},
-        {ERR_FUNC(51),  "ACCEPT_SW_SRVR_DONE"},
-        {ERR_FUNC(52),  "ACCEPT_SW_SRVR_DONE"},
-        {ERR_FUNC(53),  "ACCEPT_SR_CERT"},
-        {ERR_FUNC(54),  "ACCEPT_SR_CERT"},
-        {ERR_FUNC(55),  "ACCEPT_SR_KEY_EXCH"},
-        {ERR_FUNC(56),  "ACCEPT_SR_KEY_EXCH"},
-        {ERR_FUNC(57),  "ACCEPT_SR_CERT_VRFY"},
-        {ERR_FUNC(58),  "ACCEPT_SR_CERT_VRFY"},
-        {ERR_FUNC(59),  "ACCEPT_SR_CHANGE"},
-        {ERR_FUNC(60),  "ACCEPT_SR_CHANGE"},
-        {ERR_FUNC(63),  "ACCEPT_SR_FINISHED"},
-        {ERR_FUNC(64),  "ACCEPT_SR_FINISHED"},
-        {ERR_FUNC(65),  "ACCEPT_SW_CHANGE"},
-        {ERR_FUNC(66),  "ACCEPT_SW_CHANGE"},
-        {ERR_FUNC(67),  "ACCEPT_SW_FINISHED"},
-        {ERR_FUNC(68),  "ACCEPT_SW_FINISHED"},
-        {ERR_FUNC(69),  "ACCEPT_SW_SESSION_TICKET"},
-        {ERR_FUNC(70),  "ACCEPT_SW_SESSION_TICKET"},
-        {ERR_FUNC(71),  "ACCEPT_SW_CERT_STATUS"},
-        {ERR_FUNC(72),  "ACCEPT_SW_CERT_STATUS"},
-        {ERR_FUNC(73),  "ST_BEFORE"},
-        {ERR_FUNC(74),  "ST_ACCEPT"},
-        {ERR_FUNC(75),  "ST_CONNECT"},
-        {ERR_FUNC(76),  "ST_OK"},
-        {ERR_FUNC(77),  "ST_RENEGOTIATE"},
-        {ERR_FUNC(78),  "ST_BEFORE_CONNECT"},
-        {ERR_FUNC(79),  "ST_OK_CONNECT"},
-        {ERR_FUNC(80),  "ST_BEFORE_ACCEPT"},
-        {ERR_FUNC(81),  "ST_OK_ACCEPT"},
-        {ERR_FUNC(83),  "DTLS1_ST_CR_HELLO_VERIFY_REQUEST"},
-        {ERR_FUNC(84),  "DTLS1_ST_CR_HELLO_VERIFY_REQUEST"},
-        {ERR_FUNC(85),  "DTLS1_ST_SW_HELLO_VERIFY_REQUEST"},
-        {ERR_FUNC(86),  "DTLS1_ST_SW_HELLO_VERIFY_REQUEST"},
-        {ERR_FUNC(0xfff),   "(UNKNOWN)SSL_internal"},
-        {0, NULL}
-};
-
-static const ERR_STRING_DATA SSL_str_reasons[] = {
-        {ERR_REASON(SSL_R_APP_DATA_IN_HANDSHAKE) , "app data in handshake"},
-        {ERR_REASON(SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT), "attempt to reuse session in different context"},
-        {ERR_REASON(SSL_R_BAD_ALERT_RECORD)      , "bad alert record"},
-        {ERR_REASON(SSL_R_BAD_AUTHENTICATION_TYPE), "bad authentication type"},
-        {ERR_REASON(SSL_R_BAD_CHANGE_CIPHER_SPEC), "bad change cipher spec"},
-        {ERR_REASON(SSL_R_BAD_CHECKSUM)          , "bad checksum"},
-        {ERR_REASON(SSL_R_BAD_DATA_RETURNED_BY_CALLBACK), "bad data returned by callback"},
-        {ERR_REASON(SSL_R_BAD_DECOMPRESSION)     , "bad decompression"},
-        {ERR_REASON(SSL_R_BAD_DH_G_LENGTH)       , "bad dh g length"},
-        {ERR_REASON(SSL_R_BAD_DH_PUB_KEY_LENGTH) , "bad dh pub key length"},
-        {ERR_REASON(SSL_R_BAD_DH_P_LENGTH)       , "bad dh p length"},
-        {ERR_REASON(SSL_R_BAD_DIGEST_LENGTH)     , "bad digest length"},
-        {ERR_REASON(SSL_R_BAD_DSA_SIGNATURE)     , "bad dsa signature"},
-        {ERR_REASON(SSL_R_BAD_ECC_CERT)          , "bad ecc cert"},
-        {ERR_REASON(SSL_R_BAD_ECDSA_SIGNATURE)   , "bad ecdsa signature"},
-        {ERR_REASON(SSL_R_BAD_ECPOINT)           , "bad ecpoint"},
-        {ERR_REASON(SSL_R_BAD_HANDSHAKE_LENGTH)  , "bad handshake length"},
-        {ERR_REASON(SSL_R_BAD_HELLO_REQUEST)     , "bad hello request"},
-        {ERR_REASON(SSL_R_BAD_LENGTH)            , "bad length"},
-        {ERR_REASON(SSL_R_BAD_MAC_DECODE)        , "bad mac decode"},
-        {ERR_REASON(SSL_R_BAD_MAC_LENGTH)        , "bad mac length"},
-        {ERR_REASON(SSL_R_BAD_MESSAGE_TYPE)      , "bad message type"},
-        {ERR_REASON(SSL_R_BAD_PACKET_LENGTH)     , "bad packet length"},
-        {ERR_REASON(SSL_R_BAD_PROTOCOL_VERSION_NUMBER), "bad protocol version number"},
-        {ERR_REASON(SSL_R_BAD_PSK_IDENTITY_HINT_LENGTH), "bad psk identity hint length"},
-        {ERR_REASON(SSL_R_BAD_RESPONSE_ARGUMENT) , "bad response argument"},
-        {ERR_REASON(SSL_R_BAD_RSA_DECRYPT)       , "bad rsa decrypt"},
-        {ERR_REASON(SSL_R_BAD_RSA_ENCRYPT)       , "bad rsa encrypt"},
-        {ERR_REASON(SSL_R_BAD_RSA_E_LENGTH)      , "bad rsa e length"},
-        {ERR_REASON(SSL_R_BAD_RSA_MODULUS_LENGTH), "bad rsa modulus length"},
-        {ERR_REASON(SSL_R_BAD_RSA_SIGNATURE)     , "bad rsa signature"},
-        {ERR_REASON(SSL_R_BAD_SIGNATURE)         , "bad signature"},
-        {ERR_REASON(SSL_R_BAD_SRP_A_LENGTH)      , "bad srp a length"},
-        {ERR_REASON(SSL_R_BAD_SRP_B_LENGTH)      , "bad srp b length"},
-        {ERR_REASON(SSL_R_BAD_SRP_G_LENGTH)      , "bad srp g length"},
-        {ERR_REASON(SSL_R_BAD_SRP_N_LENGTH)      , "bad srp n length"},
-        {ERR_REASON(SSL_R_BAD_SRP_S_LENGTH)      , "bad srp s length"},
-        {ERR_REASON(SSL_R_BAD_SRTP_MKI_VALUE)    , "bad srtp mki value"},
-        {ERR_REASON(SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST), "bad srtp protection profile list"},
-        {ERR_REASON(SSL_R_BAD_SSL_FILETYPE)      , "bad ssl filetype"},
-        {ERR_REASON(SSL_R_BAD_SSL_SESSION_ID_LENGTH), "bad ssl session id length"},
-        {ERR_REASON(SSL_R_BAD_STATE)             , "bad state"},
-        {ERR_REASON(SSL_R_BAD_WRITE_RETRY)       , "bad write retry"},
-        {ERR_REASON(SSL_R_BIO_NOT_SET)           , "bio not set"},
-        {ERR_REASON(SSL_R_BLOCK_CIPHER_PAD_IS_WRONG), "block cipher pad is wrong"},
-        {ERR_REASON(SSL_R_BN_LIB)                , "bn lib"},
-        {ERR_REASON(SSL_R_CA_DN_LENGTH_MISMATCH) , "ca dn length mismatch"},
-        {ERR_REASON(SSL_R_CA_DN_TOO_LONG)        , "ca dn too long"},
-        {ERR_REASON(SSL_R_CA_KEY_TOO_SMALL)      , "ca key too small"},
-        {ERR_REASON(SSL_R_CA_MD_TOO_WEAK)        , "ca md too weak"},
-        {ERR_REASON(SSL_R_CCS_RECEIVED_EARLY)    , "ccs received early"},
-        {ERR_REASON(SSL_R_CERTIFICATE_VERIFY_FAILED), "certificate verify failed"},
-        {ERR_REASON(SSL_R_CERT_LENGTH_MISMATCH)  , "cert length mismatch"},
-        {ERR_REASON(SSL_R_CHALLENGE_IS_DIFFERENT), "challenge is different"},
-        {ERR_REASON(SSL_R_CIPHER_CODE_WRONG_LENGTH), "cipher code wrong length"},
-        {ERR_REASON(SSL_R_CIPHER_COMPRESSION_UNAVAILABLE), "cipher compression unavailable"},
-        {ERR_REASON(SSL_R_CIPHER_OR_HASH_UNAVAILABLE), "cipher or hash unavailable"},
-        {ERR_REASON(SSL_R_CIPHER_TABLE_SRC_ERROR), "cipher table src error"},
-        {ERR_REASON(SSL_R_CLIENTHELLO_TLSEXT)    , "clienthello tlsext"},
-        {ERR_REASON(SSL_R_COMPRESSED_LENGTH_TOO_LONG), "compressed length too long"},
-        {ERR_REASON(SSL_R_COMPRESSION_DISABLED)  , "compression disabled"},
-        {ERR_REASON(SSL_R_COMPRESSION_FAILURE)   , "compression failure"},
-        {ERR_REASON(SSL_R_COMPRESSION_ID_NOT_WITHIN_PRIVATE_RANGE), "compression id not within private range"},
-        {ERR_REASON(SSL_R_COMPRESSION_LIBRARY_ERROR), "compression library error"},
-        {ERR_REASON(SSL_R_CONNECTION_ID_IS_DIFFERENT), "connection id is different"},
-        {ERR_REASON(SSL_R_CONNECTION_TYPE_NOT_SET), "connection type not set"},
-        {ERR_REASON(SSL_R_COOKIE_MISMATCH)       , "cookie mismatch"},
-        {ERR_REASON(SSL_R_DATA_BETWEEN_CCS_AND_FINISHED), "data between ccs and finished"},
-        {ERR_REASON(SSL_R_DATA_LENGTH_TOO_LONG)  , "data length too long"},
-        {ERR_REASON(SSL_R_DECRYPTION_FAILED)     , "decryption failed"},
-        {ERR_REASON(SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC), "decryption failed or bad record mac"},
-        {ERR_REASON(SSL_R_DH_KEY_TOO_SMALL)      , "dh key too small"},
-        {ERR_REASON(SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG), "dh public value length is wrong"},
-        {ERR_REASON(SSL_R_DIGEST_CHECK_FAILED)   , "digest check failed"},
-        {ERR_REASON(SSL_R_DTLS_MESSAGE_TOO_BIG)  , "dtls message too big"},
-        {ERR_REASON(SSL_R_DUPLICATE_COMPRESSION_ID), "duplicate compression id"},
-        {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_KEY_AGREEMENT), "ecc cert not for key agreement"},
-        {ERR_REASON(SSL_R_ECC_CERT_NOT_FOR_SIGNING), "ecc cert not for signing"},
-        {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_RSA_SIGNATURE), "ecc cert should have rsa signature"},
-        {ERR_REASON(SSL_R_ECC_CERT_SHOULD_HAVE_SHA1_SIGNATURE), "ecc cert should have sha1 signature"},
-        {ERR_REASON(SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER), "ecgroup too large for cipher"},
-        {ERR_REASON(SSL_R_EE_KEY_TOO_SMALL)      , "ee key too small"},
-        {ERR_REASON(SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST), "empty srtp protection profile list"},
-        {ERR_REASON(SSL_R_ENCRYPTED_LENGTH_TOO_LONG), "encrypted length too long"},
-        {ERR_REASON(SSL_R_ERROR_GENERATING_TMP_RSA_KEY), "error generating tmp rsa key"},
-        {ERR_REASON(SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST), "error in received cipher list"},
-        {ERR_REASON(SSL_R_EXCESSIVE_MESSAGE_SIZE), "excessive message size"},
-        {ERR_REASON(SSL_R_EXTRA_DATA_IN_MESSAGE) , "extra data in message"},
-        {ERR_REASON(SSL_R_GOT_A_FIN_BEFORE_A_CCS), "got a fin before a ccs"},
-        {ERR_REASON(SSL_R_GOT_NEXT_PROTO_BEFORE_A_CCS), "got next proto before a ccs"},
-        {ERR_REASON(SSL_R_GOT_NEXT_PROTO_WITHOUT_EXTENSION), "got next proto without seeing extension"},
-        {ERR_REASON(SSL_R_HTTPS_PROXY_REQUEST)   , "https proxy request"},
-        {ERR_REASON(SSL_R_HTTP_REQUEST)          , "http request"},
-        {ERR_REASON(SSL_R_ILLEGAL_PADDING)       , "illegal padding"},
-        {ERR_REASON(SSL_R_INAPPROPRIATE_FALLBACK), "inappropriate fallback"},
-        {ERR_REASON(SSL_R_INCONSISTENT_COMPRESSION), "inconsistent compression"},
-        {ERR_REASON(SSL_R_INVALID_CHALLENGE_LENGTH), "invalid challenge length"},
-        {ERR_REASON(SSL_R_INVALID_COMMAND)       , "invalid command"},
-        {ERR_REASON(SSL_R_INVALID_COMPRESSION_ALGORITHM), "invalid compression algorithm"},
-        {ERR_REASON(SSL_R_INVALID_PURPOSE)       , "invalid purpose"},
-        {ERR_REASON(SSL_R_INVALID_SRP_USERNAME)  , "invalid srp username"},
-        {ERR_REASON(SSL_R_INVALID_STATUS_RESPONSE), "invalid status response"},
-        {ERR_REASON(SSL_R_INVALID_TICKET_KEYS_LENGTH), "invalid ticket keys length"},
-        {ERR_REASON(SSL_R_INVALID_TRUST)         , "invalid trust"},
-        {ERR_REASON(SSL_R_KEY_ARG_TOO_LONG)      , "key arg too long"},
-        {ERR_REASON(SSL_R_KRB5)                  , "krb5"},
-        {ERR_REASON(SSL_R_KRB5_C_CC_PRINC)       , "krb5 client cc principal (no tkt?)"},
-        {ERR_REASON(SSL_R_KRB5_C_GET_CRED)       , "krb5 client get cred"},
-        {ERR_REASON(SSL_R_KRB5_C_INIT)           , "krb5 client init"},
-        {ERR_REASON(SSL_R_KRB5_C_MK_REQ)         , "krb5 client mk_req (expired tkt?)"},
-        {ERR_REASON(SSL_R_KRB5_S_BAD_TICKET)     , "krb5 server bad ticket"},
-        {ERR_REASON(SSL_R_KRB5_S_INIT)           , "krb5 server init"},
-        {ERR_REASON(SSL_R_KRB5_S_RD_REQ)         , "krb5 server rd_req (keytab perms?)"},
-        {ERR_REASON(SSL_R_KRB5_S_TKT_EXPIRED)    , "krb5 server tkt expired"},
-        {ERR_REASON(SSL_R_KRB5_S_TKT_NYV)        , "krb5 server tkt not yet valid"},
-        {ERR_REASON(SSL_R_KRB5_S_TKT_SKEW)       , "krb5 server tkt skew"},
-        {ERR_REASON(SSL_R_LENGTH_MISMATCH)       , "length mismatch"},
-        {ERR_REASON(SSL_R_LENGTH_TOO_SHORT)      , "length too short"},
-        {ERR_REASON(SSL_R_LIBRARY_BUG)           , "library bug"},
-        {ERR_REASON(SSL_R_LIBRARY_HAS_NO_CIPHERS), "library has no ciphers"},
-        {ERR_REASON(SSL_R_MESSAGE_TOO_LONG)      , "message too long"},
-        {ERR_REASON(SSL_R_MISSING_DH_DSA_CERT)   , "missing dh dsa cert"},
-        {ERR_REASON(SSL_R_MISSING_DH_KEY)        , "missing dh key"},
-        {ERR_REASON(SSL_R_MISSING_DH_RSA_CERT)   , "missing dh rsa cert"},
-        {ERR_REASON(SSL_R_MISSING_DSA_SIGNING_CERT), "missing dsa signing cert"},
-        {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_DH_KEY), "missing export tmp dh key"},
-        {ERR_REASON(SSL_R_MISSING_EXPORT_TMP_RSA_KEY), "missing export tmp rsa key"},
-        {ERR_REASON(SSL_R_MISSING_RSA_CERTIFICATE), "missing rsa certificate"},
-        {ERR_REASON(SSL_R_MISSING_RSA_ENCRYPTING_CERT), "missing rsa encrypting cert"},
-        {ERR_REASON(SSL_R_MISSING_RSA_SIGNING_CERT), "missing rsa signing cert"},
-        {ERR_REASON(SSL_R_MISSING_SRP_PARAM)     , "can't find SRP server param"},
-        {ERR_REASON(SSL_R_MISSING_TMP_DH_KEY)    , "missing tmp dh key"},
-        {ERR_REASON(SSL_R_MISSING_TMP_ECDH_KEY)  , "missing tmp ecdh key"},
-        {ERR_REASON(SSL_R_MISSING_TMP_RSA_KEY)   , "missing tmp rsa key"},
-        {ERR_REASON(SSL_R_MISSING_TMP_RSA_PKEY)  , "missing tmp rsa pkey"},
-        {ERR_REASON(SSL_R_MISSING_VERIFY_MESSAGE), "missing verify message"},
-        {ERR_REASON(SSL_R_MULTIPLE_SGC_RESTARTS) , "multiple sgc restarts"},
-        {ERR_REASON(SSL_R_NON_SSLV2_INITIAL_PACKET), "non sslv2 initial packet"},
-        {ERR_REASON(SSL_R_NO_APPLICATION_PROTOCOL), "no application protocol"},
-        {ERR_REASON(SSL_R_NO_CERTIFICATES_RETURNED), "no certificates returned"},
-        {ERR_REASON(SSL_R_NO_CERTIFICATE_ASSIGNED), "no certificate assigned"},
-        {ERR_REASON(SSL_R_NO_CERTIFICATE_RETURNED), "no certificate returned"},
-        {ERR_REASON(SSL_R_NO_CERTIFICATE_SET)    , "no certificate set"},
-        {ERR_REASON(SSL_R_NO_CERTIFICATE_SPECIFIED), "no certificate specified"},
-        {ERR_REASON(SSL_R_NO_CIPHERS_AVAILABLE)  , "no ciphers available"},
-        {ERR_REASON(SSL_R_NO_CIPHERS_PASSED)     , "no ciphers passed"},
-        {ERR_REASON(SSL_R_NO_CIPHERS_SPECIFIED)  , "no ciphers specified"},
-        {ERR_REASON(SSL_R_NO_CIPHER_LIST)        , "no cipher list"},
-        {ERR_REASON(SSL_R_NO_CIPHER_MATCH)       , "no cipher match"},
-        {ERR_REASON(SSL_R_NO_CLIENT_CERT_METHOD) , "no client cert method"},
-        {ERR_REASON(SSL_R_NO_CLIENT_CERT_RECEIVED), "no client cert received"},
-        {ERR_REASON(SSL_R_NO_COMPRESSION_SPECIFIED), "no compression specified"},
-        {ERR_REASON(SSL_R_NO_METHOD_SPECIFIED)   , "no method specified"},
-        {ERR_REASON(SSL_R_NO_PRIVATEKEY)         , "no privatekey"},
-        {ERR_REASON(SSL_R_NO_PRIVATE_KEY_ASSIGNED), "no private key assigned"},
-        {ERR_REASON(SSL_R_NO_PROTOCOLS_AVAILABLE), "no protocols available"},
-        {ERR_REASON(SSL_R_NO_PUBLICKEY)          , "no publickey"},
-        {ERR_REASON(SSL_R_NO_RENEGOTIATION)      , "no renegotiation"},
-        {ERR_REASON(SSL_R_NO_REQUIRED_DIGEST)    , "digest requred for handshake isn't computed"},
-        {ERR_REASON(SSL_R_NO_SHARED_CIPHER)      , "no shared cipher"},
-        {ERR_REASON(SSL_R_NO_SRTP_PROFILES)      , "no srtp profiles"},
-        {ERR_REASON(SSL_R_NO_VERIFY_CALLBACK)    , "no verify callback"},
-        {ERR_REASON(SSL_R_NULL_SSL_CTX)          , "null ssl ctx"},
-        {ERR_REASON(SSL_R_NULL_SSL_METHOD_PASSED), "null ssl method passed"},
-        {ERR_REASON(SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED), "old session cipher not returned"},
-        {ERR_REASON(SSL_R_OLD_SESSION_COMPRESSION_ALGORITHM_NOT_RETURNED), "old session compression algorithm not returned"},
-        {ERR_REASON(SSL_R_ONLY_TLS_ALLOWED_IN_FIPS_MODE), "only tls allowed in fips mode"},
-        {ERR_REASON(SSL_R_PACKET_LENGTH_TOO_LONG), "packet length too long"},
-        {ERR_REASON(SSL_R_PARSE_TLSEXT)          , "parse tlsext"},
-        {ERR_REASON(SSL_R_PATH_TOO_LONG)         , "path too long"},
-        {ERR_REASON(SSL_R_PEER_BEHAVING_BADLY)   , "peer is doing strange or hostile things"},
-        {ERR_REASON(SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE), "peer did not return a certificate"},
-        {ERR_REASON(SSL_R_PEER_ERROR)            , "peer error"},
-        {ERR_REASON(SSL_R_PEER_ERROR_CERTIFICATE), "peer error certificate"},
-        {ERR_REASON(SSL_R_PEER_ERROR_NO_CERTIFICATE), "peer error no certificate"},
-        {ERR_REASON(SSL_R_PEER_ERROR_NO_CIPHER)  , "peer error no cipher"},
-        {ERR_REASON(SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE), "peer error unsupported certificate type"},
-        {ERR_REASON(SSL_R_PRE_MAC_LENGTH_TOO_LONG), "pre mac length too long"},
-        {ERR_REASON(SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS), "problems mapping cipher functions"},
-        {ERR_REASON(SSL_R_PROTOCOL_IS_SHUTDOWN)  , "protocol is shutdown"},
-        {ERR_REASON(SSL_R_PSK_IDENTITY_NOT_FOUND), "psk identity not found"},
-        {ERR_REASON(SSL_R_PSK_NO_CLIENT_CB)      , "psk no client cb"},
-        {ERR_REASON(SSL_R_PSK_NO_SERVER_CB)      , "psk no server cb"},
-        {ERR_REASON(SSL_R_PUBLIC_KEY_ENCRYPT_ERROR), "public key encrypt error"},
-        {ERR_REASON(SSL_R_PUBLIC_KEY_IS_NOT_RSA) , "public key is not rsa"},
-        {ERR_REASON(SSL_R_PUBLIC_KEY_NOT_RSA)    , "public key not rsa"},
-        {ERR_REASON(SSL_R_QUIC_INTERNAL_ERROR)   , "QUIC: internal error"},
-        {ERR_REASON(SSL_R_READ_BIO_NOT_SET)      , "read bio not set"},
-        {ERR_REASON(SSL_R_READ_TIMEOUT_EXPIRED)  , "read timeout expired"},
-        {ERR_REASON(SSL_R_READ_WRONG_PACKET_TYPE), "read wrong packet type"},
-        {ERR_REASON(SSL_R_RECORD_LENGTH_MISMATCH), "record length mismatch"},
-        {ERR_REASON(SSL_R_RECORD_TOO_LARGE)      , "record too large"},
-        {ERR_REASON(SSL_R_RECORD_TOO_SMALL)      , "record too small"},
-        {ERR_REASON(SSL_R_RENEGOTIATE_EXT_TOO_LONG), "renegotiate ext too long"},
-        {ERR_REASON(SSL_R_RENEGOTIATION_ENCODING_ERR), "renegotiation encoding err"},
-        {ERR_REASON(SSL_R_RENEGOTIATION_MISMATCH), "renegotiation mismatch"},
-        {ERR_REASON(SSL_R_REQUIRED_CIPHER_MISSING), "required cipher missing"},
-        {ERR_REASON(SSL_R_REQUIRED_COMPRESSSION_ALGORITHM_MISSING), "required compresssion algorithm missing"},
-        {ERR_REASON(SSL_R_REUSE_CERT_LENGTH_NOT_ZERO), "reuse cert length not zero"},
-        {ERR_REASON(SSL_R_REUSE_CERT_TYPE_NOT_ZERO), "reuse cert type not zero"},
-        {ERR_REASON(SSL_R_REUSE_CIPHER_LIST_NOT_ZERO), "reuse cipher list not zero"},
-        {ERR_REASON(SSL_R_SCSV_RECEIVED_WHEN_RENEGOTIATING), "scsv received when renegotiating"},
-        {ERR_REASON(SSL_R_SERVERHELLO_TLSEXT)    , "serverhello tlsext"},
-        {ERR_REASON(SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED), "session id context uninitialized"},
-        {ERR_REASON(SSL_R_SHORT_READ)            , "short read"},
-        {ERR_REASON(SSL_R_SIGNATURE_ALGORITHMS_ERROR), "signature algorithms error"},
-        {ERR_REASON(SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE), "signature for non signing certificate"},
-        {ERR_REASON(SSL_R_SRP_A_CALC)            , "error with the srp params"},
-        {ERR_REASON(SSL_R_SRTP_COULD_NOT_ALLOCATE_PROFILES), "srtp could not allocate profiles"},
-        {ERR_REASON(SSL_R_SRTP_PROTECTION_PROFILE_LIST_TOO_LONG), "srtp protection profile list too long"},
-        {ERR_REASON(SSL_R_SRTP_UNKNOWN_PROTECTION_PROFILE), "srtp unknown protection profile"},
-        {ERR_REASON(SSL_R_SSL23_DOING_SESSION_ID_REUSE), "ssl23 doing session id reuse"},
-        {ERR_REASON(SSL_R_SSL2_CONNECTION_ID_TOO_LONG), "ssl2 connection id too long"},
-        {ERR_REASON(SSL_R_SSL3_EXT_INVALID_ECPOINTFORMAT), "ssl3 ext invalid ecpointformat"},
-        {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME), "ssl3 ext invalid servername"},
-        {ERR_REASON(SSL_R_SSL3_EXT_INVALID_SERVERNAME_TYPE), "ssl3 ext invalid servername type"},
-        {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_LONG), "ssl3 session id too long"},
-        {ERR_REASON(SSL_R_SSL3_SESSION_ID_TOO_SHORT), "ssl3 session id too short"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_CERTIFICATE), "sslv3 alert bad certificate"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_BAD_RECORD_MAC), "sslv3 alert bad record mac"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED), "sslv3 alert certificate expired"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED), "sslv3 alert certificate revoked"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN), "sslv3 alert certificate unknown"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE), "sslv3 alert decompression failure"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE), "sslv3 alert handshake failure"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER), "sslv3 alert illegal parameter"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_NO_CERTIFICATE), "sslv3 alert no certificate"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE), "sslv3 alert unexpected message"},
-        {ERR_REASON(SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE), "sslv3 alert unsupported certificate"},
-        {ERR_REASON(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION), "ssl ctx has no default ssl version"},
-        {ERR_REASON(SSL_R_SSL_HANDSHAKE_FAILURE) , "ssl handshake failure"},
-        {ERR_REASON(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS), "ssl library has no ciphers"},
-        {ERR_REASON(SSL_R_SSL_SESSION_ID_CALLBACK_FAILED), "ssl session id callback failed"},
-        {ERR_REASON(SSL_R_SSL_SESSION_ID_CONFLICT), "ssl session id conflict"},
-        {ERR_REASON(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG), "ssl session id context too long"},
-        {ERR_REASON(SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH), "ssl session id has bad length"},
-        {ERR_REASON(SSL_R_SSL_SESSION_ID_IS_DIFFERENT), "ssl session id is different"},
-        {ERR_REASON(SSL_R_SSL_SESSION_ID_TOO_LONG), "ssl session id is too long"},
-        {ERR_REASON(SSL_R_TLSV13_ALERT_CERTIFICATE_REQUIRED), "tlsv13 alert certificate required"},
-        {ERR_REASON(SSL_R_TLSV13_ALERT_MISSING_EXTENSION), "tlsv13 alert missing extension"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_ACCESS_DENIED), "tlsv1 alert access denied"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_DECODE_ERROR), "tlsv1 alert decode error"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPTION_FAILED), "tlsv1 alert decryption failed"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_DECRYPT_ERROR), "tlsv1 alert decrypt error"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION), "tlsv1 alert export restriction"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_INAPPROPRIATE_FALLBACK), "tlsv1 alert inappropriate fallback"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY), "tlsv1 alert insufficient security"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_INTERNAL_ERROR), "tlsv1 alert internal error"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_NO_APPLICATION_PROTOCOL), "tlsv1 alert no application protocol"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_NO_RENEGOTIATION), "tlsv1 alert no renegotiation"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_PROTOCOL_VERSION), "tlsv1 alert protocol version"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_RECORD_OVERFLOW), "tlsv1 alert record overflow"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_CA), "tlsv1 alert unknown ca"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_UNKNOWN_PSK_IDENTITY), "tlsv1 alert unknown psk_identity"},
-        {ERR_REASON(SSL_R_TLSV1_ALERT_USER_CANCELLED), "tlsv1 alert user cancelled"},
-        {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_HASH_VALUE), "tlsv1 bad certificate hash value"},
-        {ERR_REASON(SSL_R_TLSV1_BAD_CERTIFICATE_STATUS_RESPONSE), "tlsv1 bad certificate status response"},
-        {ERR_REASON(SSL_R_TLSV1_CERTIFICATE_UNOBTAINABLE), "tlsv1 certificate unobtainable"},
-        {ERR_REASON(SSL_R_TLSV1_UNRECOGNIZED_NAME), "tlsv1 unrecognized name"},
-        {ERR_REASON(SSL_R_TLSV1_UNSUPPORTED_EXTENSION), "tlsv1 unsupported extension"},
-        {ERR_REASON(SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER), "tls client cert req with anon cipher"},
-        {ERR_REASON(SSL_R_TLS_HEARTBEAT_PEER_DOESNT_ACCEPT), "peer does not accept heartbeats"},
-        {ERR_REASON(SSL_R_TLS_HEARTBEAT_PENDING) , "heartbeat request already pending"},
-        {ERR_REASON(SSL_R_TLS_ILLEGAL_EXPORTER_LABEL), "tls illegal exporter label"},
-        {ERR_REASON(SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST), "tls invalid ecpointformat list"},
-        {ERR_REASON(SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST), "tls peer did not respond with certificate list"},
-        {ERR_REASON(SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG), "tls rsa encrypted value length is wrong"},
-        {ERR_REASON(SSL_R_UNABLE_TO_DECODE_DH_CERTS), "unable to decode dh certs"},
-        {ERR_REASON(SSL_R_UNABLE_TO_DECODE_ECDH_CERTS), "unable to decode ecdh certs"},
-        {ERR_REASON(SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY), "unable to extract public key"},
-        {ERR_REASON(SSL_R_UNABLE_TO_FIND_DH_PARAMETERS), "unable to find dh parameters"},
-        {ERR_REASON(SSL_R_UNABLE_TO_FIND_ECDH_PARAMETERS), "unable to find ecdh parameters"},
-        {ERR_REASON(SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS), "unable to find public key parameters"},
-        {ERR_REASON(SSL_R_UNABLE_TO_FIND_SSL_METHOD), "unable to find ssl method"},
-        {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES), "unable to load ssl2 md5 routines"},
-        {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES), "unable to load ssl3 md5 routines"},
-        {ERR_REASON(SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES), "unable to load ssl3 sha1 routines"},
-        {ERR_REASON(SSL_R_UNEXPECTED_MESSAGE)    , "unexpected message"},
-        {ERR_REASON(SSL_R_UNEXPECTED_RECORD)     , "unexpected record"},
-        {ERR_REASON(SSL_R_UNINITIALIZED)         , "uninitialized"},
-        {ERR_REASON(SSL_R_UNKNOWN), "unknown failure occurred"},
-        {ERR_REASON(SSL_R_UNKNOWN_ALERT_TYPE)    , "unknown alert type"},
-        {ERR_REASON(SSL_R_UNKNOWN_CERTIFICATE_TYPE), "unknown certificate type"},
-        {ERR_REASON(SSL_R_UNKNOWN_CIPHER_RETURNED), "unknown cipher returned"},
-        {ERR_REASON(SSL_R_UNKNOWN_CIPHER_TYPE)   , "unknown cipher type"},
-        {ERR_REASON(SSL_R_UNKNOWN_DIGEST)        , "unknown digest"},
-        {ERR_REASON(SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE), "unknown key exchange type"},
-        {ERR_REASON(SSL_R_UNKNOWN_PKEY_TYPE)     , "unknown pkey type"},
-        {ERR_REASON(SSL_R_UNKNOWN_PROTOCOL)      , "unknown protocol"},
-        {ERR_REASON(SSL_R_UNKNOWN_REMOTE_ERROR_TYPE), "unknown remote error type"},
-        {ERR_REASON(SSL_R_UNKNOWN_SSL_VERSION)   , "unknown ssl version"},
-        {ERR_REASON(SSL_R_UNKNOWN_STATE)         , "unknown state"},
-        {ERR_REASON(SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED), "unsafe legacy renegotiation disabled"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_CIPHER)    , "unsupported cipher"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM), "unsupported compression algorithm"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_DIGEST_TYPE), "unsupported digest type"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_ELLIPTIC_CURVE), "unsupported elliptic curve"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_PROTOCOL)  , "unsupported protocol"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_SSL_VERSION), "unsupported ssl version"},
-        {ERR_REASON(SSL_R_UNSUPPORTED_STATUS_TYPE), "unsupported status type"},
-        {ERR_REASON(SSL_R_USE_SRTP_NOT_NEGOTIATED), "use srtp not negotiated"},
-        {ERR_REASON(SSL_R_VERSION_TOO_LOW)       , "version too low"},
-        {ERR_REASON(SSL_R_WRITE_BIO_NOT_SET)     , "write bio not set"},
-        {ERR_REASON(SSL_R_WRONG_CIPHER_RETURNED) , "wrong cipher returned"},
-        {ERR_REASON(SSL_R_WRONG_CURVE)           , "wrong curve"},
-        {ERR_REASON(SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED), "QUIC: wrong encryption level received"},
-        {ERR_REASON(SSL_R_WRONG_MESSAGE_TYPE)    , "wrong message type"},
-        {ERR_REASON(SSL_R_WRONG_NUMBER_OF_KEY_BITS), "wrong number of key bits"},
-        {ERR_REASON(SSL_R_WRONG_SIGNATURE_LENGTH), "wrong signature length"},
-        {ERR_REASON(SSL_R_WRONG_SIGNATURE_SIZE)  , "wrong signature size"},
-        {ERR_REASON(SSL_R_WRONG_SIGNATURE_TYPE)  , "wrong signature type"},
-        {ERR_REASON(SSL_R_WRONG_SSL_VERSION)     , "wrong ssl version"},
-        {ERR_REASON(SSL_R_WRONG_VERSION_NUMBER)  , "wrong version number"},
-        {ERR_REASON(SSL_R_X509_LIB)              , "x509 lib"},
-        {ERR_REASON(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS), "x509 verification setup problems"},
-        {0, NULL}
-};
-
-#endif
-
-void
-ERR_load_SSL_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-        if (ERR_func_error_string(SSL_str_functs[0].error) == NULL) {
-                /* TMP UGLY CASTS */
-                ERR_load_strings(0, (ERR_STRING_DATA *)SSL_str_functs);
-                ERR_load_strings(0, (ERR_STRING_DATA *)SSL_str_reasons);
-        }
-#endif
-}
-LSSL_ALIAS(ERR_load_SSL_strings);
-
-void
-SSL_load_error_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-        ERR_load_crypto_strings();
-        ERR_load_SSL_strings();
-#endif
-}
-LSSL_ALIAS(SSL_load_error_strings);
-
-int
-SSL_state_func_code(int state) {
-        switch (state) {
-        case SSL3_ST_CW_FLUSH:
-                return 1;
-        case SSL3_ST_CW_CLNT_HELLO_A:
-                return 2;
-        case SSL3_ST_CW_CLNT_HELLO_B:
-                return 3;
-        case SSL3_ST_CR_SRVR_HELLO_A:
-                return 4;
-        case SSL3_ST_CR_SRVR_HELLO_B:
-                return 5;
-        case SSL3_ST_CR_CERT_A:
-                return 6;
-        case SSL3_ST_CR_CERT_B:
-                return 7;
-        case SSL3_ST_CR_KEY_EXCH_A:
-                return 8;
-        case SSL3_ST_CR_KEY_EXCH_B:
-                return 9;
-        case SSL3_ST_CR_CERT_REQ_A:
-                return 10;
-        case SSL3_ST_CR_CERT_REQ_B:
-                return 11;
-        case SSL3_ST_CR_SRVR_DONE_A:
-                return 12;
-        case SSL3_ST_CR_SRVR_DONE_B:
-                return 13;
-        case SSL3_ST_CW_CERT_A:
-                return 14;
-        case SSL3_ST_CW_CERT_B:
-                return 15;
-        case SSL3_ST_CW_CERT_C:
-                return 16;
-        case SSL3_ST_CW_CERT_D:
-                return 17;
-        case SSL3_ST_CW_KEY_EXCH_A:
-                return 18;
-        case SSL3_ST_CW_KEY_EXCH_B:
-                return 19;
-        case SSL3_ST_CW_CERT_VRFY_A:
-                return 20;
-        case SSL3_ST_CW_CERT_VRFY_B:
-                return 21;
-        case SSL3_ST_CW_CHANGE_A:
-                return 22;
-        case SSL3_ST_CW_CHANGE_B:
-                return 23;
-        case SSL3_ST_CW_FINISHED_A:
-                return 26;
-        case SSL3_ST_CW_FINISHED_B:
-                return 27;
-        case SSL3_ST_CR_CHANGE_A:
-                return 28;
-        case SSL3_ST_CR_CHANGE_B:
-                return 29;
-        case SSL3_ST_CR_FINISHED_A:
-                return 30;
-        case SSL3_ST_CR_FINISHED_B:
-                return 31;
-        case SSL3_ST_CR_SESSION_TICKET_A:
-                return 32;
-        case SSL3_ST_CR_SESSION_TICKET_B:
-                return 33;
-        case SSL3_ST_CR_CERT_STATUS_A:
-                return 34;
-        case SSL3_ST_CR_CERT_STATUS_B:
-                return 35;
-        case SSL3_ST_SW_FLUSH:
-                return 36;
-        case SSL3_ST_SR_CLNT_HELLO_A:
-                return 37;
-        case SSL3_ST_SR_CLNT_HELLO_B:
-                return 38;
-        case SSL3_ST_SR_CLNT_HELLO_C:
-                return 39;
-        case SSL3_ST_SW_HELLO_REQ_A:
-                return 40;
-        case SSL3_ST_SW_HELLO_REQ_B:
-                return 41;
-        case SSL3_ST_SW_HELLO_REQ_C:
-                return 42;
-        case SSL3_ST_SW_SRVR_HELLO_A:
-                return 43;
-        case SSL3_ST_SW_SRVR_HELLO_B:
-                return 44;
-        case SSL3_ST_SW_CERT_A:
-                return 45;
-        case SSL3_ST_SW_CERT_B:
-                return 46;
-        case SSL3_ST_SW_KEY_EXCH_A:
-                return 47;
-        case SSL3_ST_SW_KEY_EXCH_B:
-                return 48;
-        case SSL3_ST_SW_CERT_REQ_A:
-                return 49;
-        case SSL3_ST_SW_CERT_REQ_B:
-                return 50;
-        case SSL3_ST_SW_SRVR_DONE_A:
-                return 51;
-        case SSL3_ST_SW_SRVR_DONE_B:
-                return 52;
-        case SSL3_ST_SR_CERT_A:
-                return 53;
-        case SSL3_ST_SR_CERT_B:
-                return 54;
-        case SSL3_ST_SR_KEY_EXCH_A:
-                return 55;
-        case SSL3_ST_SR_KEY_EXCH_B:
-                return 56;
-        case SSL3_ST_SR_CERT_VRFY_A:
-                return 57;
-        case SSL3_ST_SR_CERT_VRFY_B:
-                return 58;
-        case SSL3_ST_SR_CHANGE_A:
-                return 59;
-        case SSL3_ST_SR_CHANGE_B:
-                return 60;
-        case SSL3_ST_SR_FINISHED_A:
-                return 63;
-        case SSL3_ST_SR_FINISHED_B:
-                return 64;
-        case SSL3_ST_SW_CHANGE_A:
-                return 65;
-        case SSL3_ST_SW_CHANGE_B:
-                return 66;
-        case SSL3_ST_SW_FINISHED_A:
-                return 67;
-        case SSL3_ST_SW_FINISHED_B:
-                return 68;
-        case SSL3_ST_SW_SESSION_TICKET_A:
-                return 69;
-        case SSL3_ST_SW_SESSION_TICKET_B:
-                return 70;
-        case SSL3_ST_SW_CERT_STATUS_A:
-                return 71;
-        case SSL3_ST_SW_CERT_STATUS_B:
-                return 72;
-        case SSL_ST_BEFORE:
-                return 73;
-        case SSL_ST_ACCEPT:
-                return 74;
-        case SSL_ST_CONNECT:
-                return 75;
-        case SSL_ST_OK:
-                return 76;
-        case SSL_ST_RENEGOTIATE:
-                return 77;
-        case SSL_ST_BEFORE|SSL_ST_CONNECT:
-                return 78;
-        case SSL_ST_OK|SSL_ST_CONNECT:
-                return 79;
-        case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-                return 80;
-        case SSL_ST_OK|SSL_ST_ACCEPT:
-                return 81;
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-                return 83;
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-                return 84;
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-                return 85;
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-                return 86;
-        default:
-                break;
-        }
-        return 0xfff;
-}
-
-void
-SSL_error_internal(const SSL *s, int r, char *f, int l)
-{
-        ERR_PUT_error(ERR_LIB_SSL,
-            (SSL_state_func_code(s->s3->hs.state)), r, f, l);
-}
diff --git a/src/lib/libssl/ssl_init.c b/src/lib/libssl/ssl_init.c
deleted file mode 100644
index b314e714c1..0000000000
--- a/src/lib/libssl/ssl_init.c
+++ /dev/null
@@ -1,58 +0,0 @@
-/* $OpenBSD: ssl_init.c,v 1.6 2023/11/22 15:53:53 tb Exp $ */
-/*
- * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* OpenSSL style init */
-
-#include <pthread.h>
-#include <stdio.h>
-
-#include <openssl/objects.h>
-
-#include "ssl_local.h"
-
-static pthread_t ssl_init_thread;
-
-int
-SSL_library_init(void)
-{
-        return OPENSSL_init_ssl(0, NULL);
-}
-LSSL_ALIAS(SSL_library_init);
-
-static void
-OPENSSL_init_ssl_internal(void)
-{
-        ssl_init_thread = pthread_self();
-        SSL_load_error_strings();
-}
-
-int
-OPENSSL_init_ssl(uint64_t opts, const void *settings)
-{
-        static pthread_once_t once = PTHREAD_ONCE_INIT;
-
-        if (pthread_equal(pthread_self(), ssl_init_thread))
-                return 1; /* don't recurse */
-
-        OPENSSL_init_crypto(opts, settings);
-
-        if (pthread_once(&once, OPENSSL_init_ssl_internal) != 0)
-                return 0;
-
-        return 1;
-}
-LSSL_ALIAS(OPENSSL_init_ssl);
diff --git a/src/lib/libssl/ssl_kex.c b/src/lib/libssl/ssl_kex.c
deleted file mode 100644
index fa420a35a3..0000000000
--- a/src/lib/libssl/ssl_kex.c
+++ /dev/null
@@ -1,422 +0,0 @@
-/* $OpenBSD: ssl_kex.c,v 1.12 2023/07/28 16:02:34 tb Exp $ */
-/*
- * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-
-#include <openssl/bn.h>
-#include <openssl/dh.h>
-#include <openssl/ec.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-#include "bytestring.h"
-
-#define DHE_MINIMUM_BITS        1024
-
-int
-ssl_kex_generate_dhe(DH *dh, DH *dh_params)
-{
-        BIGNUM *p = NULL, *g = NULL;
-        int ret = 0;
-
-        if ((p = BN_dup(DH_get0_p(dh_params))) == NULL)
-                goto err;
-        if ((g = BN_dup(DH_get0_g(dh_params))) == NULL)
-                goto err;
-
-        if (!DH_set0_pqg(dh, p, NULL, g))
-                goto err;
-        p = NULL;
-        g = NULL;
-
-        if (!DH_generate_key(dh))
-                goto err;
-
-        ret = 1;
-
- err:
-        BN_free(p);
-        BN_free(g);
-
-        return ret;
-}
-
-int
-ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_bits)
-{
-        BIGNUM *p = NULL, *g = NULL;
-        int ret = 0;
-
-        if (key_bits >= 8192)
-                p = BN_get_rfc3526_prime_8192(NULL);
-        else if (key_bits >= 4096)
-                p = BN_get_rfc3526_prime_4096(NULL);
-        else if (key_bits >= 3072)
-                p = BN_get_rfc3526_prime_3072(NULL);
-        else if (key_bits >= 2048)
-                p = BN_get_rfc3526_prime_2048(NULL);
-        else if (key_bits >= 1536)
-                p = BN_get_rfc3526_prime_1536(NULL);
-        else
-                p = BN_get_rfc2409_prime_1024(NULL);
-
-        if (p == NULL)
-                goto err;
-
-        if ((g = BN_new()) == NULL)
-                goto err;
-        if (!BN_set_word(g, 2))
-                goto err;
-
-        if (!DH_set0_pqg(dh, p, NULL, g))
-                goto err;
-        p = NULL;
-        g = NULL;
-
-        if (!DH_generate_key(dh))
-                goto err;
-
-        ret = 1;
-
- err:
-        BN_free(p);
-        BN_free(g);
-
-        return ret;
-}
-
-int
-ssl_kex_params_dhe(DH *dh, CBB *cbb)
-{
-        int dh_p_len, dh_g_len;
-        CBB dh_p, dh_g;
-        uint8_t *data;
-
-        if ((dh_p_len = BN_num_bytes(DH_get0_p(dh))) <= 0)
-                return 0;
-        if ((dh_g_len = BN_num_bytes(DH_get0_g(dh))) <= 0)
-                return 0;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &dh_p))
-                return 0;
-        if (!CBB_add_space(&dh_p, &data, dh_p_len))
-                return 0;
-        if (BN_bn2bin(DH_get0_p(dh), data) != dh_p_len)
-                return 0;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &dh_g))
-                return 0;
-        if (!CBB_add_space(&dh_g, &data, dh_g_len))
-                return 0;
-        if (BN_bn2bin(DH_get0_g(dh), data) != dh_g_len)
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-ssl_kex_public_dhe(DH *dh, CBB *cbb)
-{
-        uint8_t *data;
-        int dh_y_len;
-        CBB dh_y;
-
-        if ((dh_y_len = BN_num_bytes(DH_get0_pub_key(dh))) <= 0)
-                return 0;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &dh_y))
-                return 0;
-        if (!CBB_add_space(&dh_y, &data, dh_y_len))
-                return 0;
-        if (BN_bn2bin(DH_get0_pub_key(dh), data) != dh_y_len)
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error,
-    int *invalid_params)
-{
-        BIGNUM *p = NULL, *g = NULL;
-        CBS dh_p, dh_g;
-        int ret = 0;
-
-        *decode_error = 0;
-        *invalid_params = 0;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &dh_p)) {
-                *decode_error = 1;
-                goto err;
-        }
-        if (!CBS_get_u16_length_prefixed(cbs, &dh_g)) {
-                *decode_error = 1;
-                goto err;
-        }
-
-        if ((p = BN_bin2bn(CBS_data(&dh_p), CBS_len(&dh_p), NULL)) == NULL)
-                goto err;
-        if ((g = BN_bin2bn(CBS_data(&dh_g), CBS_len(&dh_g), NULL)) == NULL)
-                goto err;
-
-        if (!DH_set0_pqg(dh, p, NULL, g))
-                goto err;
-        p = NULL;
-        g = NULL;
-
-        /* XXX - consider calling DH_check(). */
-
-        if (DH_bits(dh) < DHE_MINIMUM_BITS)
-                *invalid_params = 1;
-
-        ret = 1;
-
- err:
-        BN_free(p);
-        BN_free(g);
-
-        return ret;
-}
-
-int
-ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error,
-    int *invalid_key)
-{
-        BIGNUM *pub_key = NULL;
-        int check_flags;
-        CBS dh_y;
-        int ret = 0;
-
-        *decode_error = 0;
-        *invalid_key = 0;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &dh_y)) {
-                *decode_error = 1;
-                goto err;
-        }
-
-        if ((pub_key = BN_bin2bn(CBS_data(&dh_y), CBS_len(&dh_y),
-            NULL)) == NULL)
-                goto err;
-
-        if (!DH_set0_key(dh, pub_key, NULL))
-                goto err;
-        pub_key = NULL;
-
-        if (!DH_check_pub_key(dh, DH_get0_pub_key(dh), &check_flags))
-                goto err;
-        if (check_flags != 0)
-                *invalid_key = 1;
-
-        ret = 1;
-
- err:
-        BN_free(pub_key);
-
-        return ret;
-}
-
-int
-ssl_kex_derive_dhe(DH *dh, DH *dh_peer,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        uint8_t *key = NULL;
-        int key_len = 0;
-        int ret = 0;
-
-        if ((key_len = DH_size(dh)) <= 0)
-                goto err;
-        if ((key = calloc(1, key_len)) == NULL)
-                goto err;
-
-        if ((key_len = DH_compute_key(key, DH_get0_pub_key(dh_peer), dh)) <= 0)
-                goto err;
-
-        *shared_key = key;
-        *shared_key_len = key_len;
-        key = NULL;
-
-        ret = 1;
-
- err:
-        freezero(key, key_len);
-
-        return ret;
-}
-
-int
-ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey)
-{
-        EC_GROUP *group = NULL;
-        EC_POINT *point = NULL;
-        EC_KEY *ec_key = NULL;
-        BIGNUM *order = NULL;
-        int ret = 0;
-
-        /* Fudge up an EC_KEY that looks like X25519... */
-        if ((group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)) == NULL)
-                goto err;
-        if ((point = EC_POINT_new(group)) == NULL)
-                goto err;
-        if ((order = BN_new()) == NULL)
-                goto err;
-        if (!BN_set_bit(order, 252))
-                goto err;
-        if (!EC_GROUP_set_generator(group, point, order, NULL))
-                goto err;
-        EC_GROUP_set_curve_name(group, NID_X25519);
-        if ((ec_key = EC_KEY_new()) == NULL)
-                goto err;
-        if (!EC_KEY_set_group(ec_key, group))
-                goto err;
-        if (!EVP_PKEY_set1_EC_KEY(pkey, ec_key))
-                goto err;
-
-        ret = 1;
-
- err:
-        EC_GROUP_free(group);
-        EC_POINT_free(point);
-        EC_KEY_free(ec_key);
-        BN_free(order);
-
-        return ret;
-}
-
-int
-ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid)
-{
-        EC_GROUP *group;
-        int ret = 0;
-
-        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
-                goto err;
-
-        if (!EC_KEY_set_group(ecdh, group))
-                goto err;
-        if (!EC_KEY_generate_key(ecdh))
-                goto err;
-
-        ret = 1;
-
- err:
-        EC_GROUP_free(group);
-
-        return ret;
-}
-
-int
-ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb)
-{
-        const EC_GROUP *group;
-        const EC_POINT *point;
-        uint8_t *ecp;
-        size_t ecp_len;
-        int ret = 0;
-
-        if ((group = EC_KEY_get0_group(ecdh)) == NULL)
-                goto err;
-        if ((point = EC_KEY_get0_public_key(ecdh)) == NULL)
-                goto err;
-
-        if ((ecp_len = EC_POINT_point2oct(group, point,
-            POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL)) == 0)
-                goto err;
-        if (!CBB_add_space(cbb, &ecp, ecp_len))
-                goto err;
-        if ((EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED,
-            ecp, ecp_len, NULL)) == 0)
-                goto err;
-
-        ret = 1;
-
- err:
-        return ret;
-}
-
-int
-ssl_kex_peer_public_ecdhe_ecp(EC_KEY *ecdh, int nid, CBS *cbs)
-{
-        EC_GROUP *group = NULL;
-        EC_POINT *point = NULL;
-        int ret = 0;
-
-        if ((group = EC_GROUP_new_by_curve_name(nid)) == NULL)
-                goto err;
-
-        if (!EC_KEY_set_group(ecdh, group))
-                goto err;
-
-        if ((point = EC_POINT_new(group)) == NULL)
-                goto err;
-        if (EC_POINT_oct2point(group, point, CBS_data(cbs), CBS_len(cbs),
-            NULL) == 0)
-                goto err;
-        if (!EC_KEY_set_public_key(ecdh, point))
-                goto err;
-
-        ret = 1;
-
- err:
-        EC_GROUP_free(group);
-        EC_POINT_free(point);
-
-        return ret;
-}
-
-int
-ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        const EC_POINT *point;
-        uint8_t *key = NULL;
-        int key_len = 0;
-        int ret = 0;
-
-        if (!EC_GROUP_check(EC_KEY_get0_group(ecdh), NULL))
-                goto err;
-        if (!EC_GROUP_check(EC_KEY_get0_group(ecdh_peer), NULL))
-                goto err;
-
-        if ((point = EC_KEY_get0_public_key(ecdh_peer)) == NULL)
-                goto err;
-
-        if ((key_len = ECDH_size(ecdh)) <= 0)
-                goto err;
-        if ((key = calloc(1, key_len)) == NULL)
-                goto err;
-
-        if (ECDH_compute_key(key, key_len, point, ecdh, NULL) <= 0)
-                goto err;
-
-        *shared_key = key;
-        *shared_key_len = key_len;
-        key = NULL;
-
-        ret = 1;
-
- err:
-        freezero(key, key_len);
-
-        return ret;
-}
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
deleted file mode 100644
index ce68981493..0000000000
--- a/src/lib/libssl/ssl_lib.c
+++ /dev/null
@@ -1,3663 +0,0 @@
-/* $OpenBSD: ssl_lib.c,v 1.331 2025/03/12 14:03:55 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <arpa/inet.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#include <limits.h>
-#include <stdio.h>
-
-#include <openssl/dh.h>
-#include <openssl/lhash.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/opensslconf.h>
-#include <openssl/x509v3.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-#include "tls12_internal.h"
-
-int
-SSL_clear(SSL *s)
-{
-        if (s->method == NULL) {
-                SSLerror(s, SSL_R_NO_METHOD_SPECIFIED);
-                return (0);
-        }
-
-        if (ssl_clear_bad_session(s)) {
-                SSL_SESSION_free(s->session);
-                s->session = NULL;
-        }
-
-        s->error = 0;
-        s->hit = 0;
-        s->shutdown = 0;
-
-        if (s->renegotiate) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return (0);
-        }
-
-        s->version = s->method->version;
-        s->client_version = s->version;
-        s->rwstate = SSL_NOTHING;
-        s->rstate = SSL_ST_READ_HEADER;
-
-        tls13_ctx_free(s->tls13);
-        s->tls13 = NULL;
-
-        ssl3_release_init_buffer(s);
-
-        ssl_clear_cipher_state(s);
-
-        s->first_packet = 0;
-
-        /*
-         * Check to see if we were changed into a different method, if
-         * so, revert back if we are not doing session-id reuse.
-         */
-        if (!s->in_handshake && (s->session == NULL) &&
-            (s->method != s->ctx->method)) {
-                s->method->ssl_free(s);
-                s->method = s->ctx->method;
-                if (!s->method->ssl_new(s))
-                        return (0);
-        } else
-                s->method->ssl_clear(s);
-
-        return (1);
-}
-LSSL_ALIAS(SSL_clear);
-
-/* Used to change an SSL_CTXs default SSL method type */
-int
-SSL_CTX_set_ssl_version(SSL_CTX *ctx, const SSL_METHOD *meth)
-{
-        STACK_OF(SSL_CIPHER) *ciphers;
-
-        ctx->method = meth;
-
-        ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
-            ctx->cipher_list_tls13, SSL_DEFAULT_CIPHER_LIST,
-            ctx->cert);
-        if (ciphers == NULL || sk_SSL_CIPHER_num(ciphers) <= 0) {
-                SSLerrorx(SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS);
-                return (0);
-        }
-        return (1);
-}
-LSSL_ALIAS(SSL_CTX_set_ssl_version);
-
-SSL *
-SSL_new(SSL_CTX *ctx)
-{
-        SSL *s;
-        CBS cbs;
-
-        if (ctx == NULL) {
-                SSLerrorx(SSL_R_NULL_SSL_CTX);
-                return (NULL);
-        }
-        if (ctx->method == NULL) {
-                SSLerrorx(SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION);
-                return (NULL);
-        }
-
-        if ((s = calloc(1, sizeof(*s))) == NULL)
-                goto err;
-
-        if ((s->rl = tls12_record_layer_new()) == NULL)
-                goto err;
-
-        s->min_tls_version = ctx->min_tls_version;
-        s->max_tls_version = ctx->max_tls_version;
-        s->min_proto_version = ctx->min_proto_version;
-        s->max_proto_version = ctx->max_proto_version;
-
-        s->options = ctx->options;
-        s->mode = ctx->mode;
-        s->max_cert_list = ctx->max_cert_list;
-        s->num_tickets = ctx->num_tickets;
-
-        if ((s->cert = ssl_cert_dup(ctx->cert)) == NULL)
-                goto err;
-
-        s->read_ahead = ctx->read_ahead;
-        s->msg_callback = ctx->msg_callback;
-        s->msg_callback_arg = ctx->msg_callback_arg;
-        s->verify_mode = ctx->verify_mode;
-        s->sid_ctx_length = ctx->sid_ctx_length;
-        OPENSSL_assert(s->sid_ctx_length <= sizeof s->sid_ctx);
-        memcpy(&s->sid_ctx, &ctx->sid_ctx, sizeof(s->sid_ctx));
-        s->verify_callback = ctx->default_verify_callback;
-        s->generate_session_id = ctx->generate_session_id;
-
-        s->param = X509_VERIFY_PARAM_new();
-        if (!s->param)
-                goto err;
-        X509_VERIFY_PARAM_inherit(s->param, ctx->param);
-        s->quiet_shutdown = ctx->quiet_shutdown;
-        s->max_send_fragment = ctx->max_send_fragment;
-
-        CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-        s->ctx = ctx;
-        s->tlsext_debug_cb = NULL;
-        s->tlsext_debug_arg = NULL;
-        s->tlsext_ticket_expected = 0;
-        s->tlsext_status_type = -1;
-        s->tlsext_status_expected = 0;
-        s->tlsext_ocsp_ids = NULL;
-        s->tlsext_ocsp_exts = NULL;
-        s->tlsext_ocsp_resp = NULL;
-        s->tlsext_ocsp_resp_len = 0;
-        CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX);
-        s->initial_ctx = ctx;
-
-        if (!tlsext_randomize_build_order(s))
-                goto err;
-
-        if (ctx->tlsext_ecpointformatlist != NULL) {
-                s->tlsext_ecpointformatlist =
-                    calloc(ctx->tlsext_ecpointformatlist_length,
-                        sizeof(ctx->tlsext_ecpointformatlist[0]));
-                if (s->tlsext_ecpointformatlist == NULL)
-                        goto err;
-                memcpy(s->tlsext_ecpointformatlist,
-                    ctx->tlsext_ecpointformatlist,
-                    ctx->tlsext_ecpointformatlist_length *
-                    sizeof(ctx->tlsext_ecpointformatlist[0]));
-                s->tlsext_ecpointformatlist_length =
-                    ctx->tlsext_ecpointformatlist_length;
-        }
-        if (ctx->tlsext_supportedgroups != NULL) {
-                s->tlsext_supportedgroups =
-                    calloc(ctx->tlsext_supportedgroups_length,
-                        sizeof(ctx->tlsext_supportedgroups[0]));
-                if (s->tlsext_supportedgroups == NULL)
-                        goto err;
-                memcpy(s->tlsext_supportedgroups,
-                    ctx->tlsext_supportedgroups,
-                    ctx->tlsext_supportedgroups_length *
-                    sizeof(ctx->tlsext_supportedgroups[0]));
-                s->tlsext_supportedgroups_length =
-                    ctx->tlsext_supportedgroups_length;
-        }
-
-        CBS_init(&cbs, ctx->alpn_client_proto_list,
-            ctx->alpn_client_proto_list_len);
-        if (!CBS_stow(&cbs, &s->alpn_client_proto_list,
-            &s->alpn_client_proto_list_len))
-                goto err;
-
-        s->verify_result = X509_V_OK;
-
-        s->method = ctx->method;
-        s->quic_method = ctx->quic_method;
-
-        if (!s->method->ssl_new(s))
-                goto err;
-
-        s->references = 1;
-        s->server = ctx->method->server;
-
-        SSL_clear(s);
-
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-        return (s);
-
- err:
-        SSL_free(s);
-        SSLerrorx(ERR_R_MALLOC_FAILURE);
-        return (NULL);
-}
-LSSL_ALIAS(SSL_new);
-
-int
-SSL_CTX_set_session_id_context(SSL_CTX *ctx, const unsigned char *sid_ctx,
-    unsigned int sid_ctx_len)
-{
-        if (sid_ctx_len > sizeof ctx->sid_ctx) {
-                SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-                return (0);
-        }
-        ctx->sid_ctx_length = sid_ctx_len;
-        memcpy(ctx->sid_ctx, sid_ctx, sid_ctx_len);
-
-        return (1);
-}
-LSSL_ALIAS(SSL_CTX_set_session_id_context);
-
-int
-SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx,
-    unsigned int sid_ctx_len)
-{
-        if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
-                SSLerror(ssl, SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-                return (0);
-        }
-        ssl->sid_ctx_length = sid_ctx_len;
-        memcpy(ssl->sid_ctx, sid_ctx, sid_ctx_len);
-
-        return (1);
-}
-LSSL_ALIAS(SSL_set_session_id_context);
-
-int
-SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb)
-{
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        ctx->generate_session_id = cb;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        return (1);
-}
-LSSL_ALIAS(SSL_CTX_set_generate_session_id);
-
-int
-SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb)
-{
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL);
-        ssl->generate_session_id = cb;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
-        return (1);
-}
-LSSL_ALIAS(SSL_set_generate_session_id);
-
-int
-SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id,
-    unsigned int id_len)
-{
-        /*
-         * A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp
-         * shows how we can "construct" a session to give us the desired
-         * check - ie. to find if there's a session in the hash table
-         * that would conflict with any new session built out of this
-         * id/id_len and the ssl_version in use by this SSL.
-         */
-        SSL_SESSION r, *p;
-
-        if (id_len > sizeof r.session_id)
-                return (0);
-
-        r.ssl_version = ssl->version;
-        r.session_id_length = id_len;
-        memcpy(r.session_id, id, id_len);
-
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        p = lh_SSL_SESSION_retrieve(ssl->ctx->sessions, &r);
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-        return (p != NULL);
-}
-LSSL_ALIAS(SSL_has_matching_session_id);
-
-int
-SSL_CTX_set_purpose(SSL_CTX *s, int purpose)
-{
-        return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
-}
-LSSL_ALIAS(SSL_CTX_set_purpose);
-
-int
-SSL_set_purpose(SSL *s, int purpose)
-{
-        return (X509_VERIFY_PARAM_set_purpose(s->param, purpose));
-}
-LSSL_ALIAS(SSL_set_purpose);
-
-int
-SSL_CTX_set_trust(SSL_CTX *s, int trust)
-{
-        return (X509_VERIFY_PARAM_set_trust(s->param, trust));
-}
-LSSL_ALIAS(SSL_CTX_set_trust);
-
-int
-SSL_set_trust(SSL *s, int trust)
-{
-        return (X509_VERIFY_PARAM_set_trust(s->param, trust));
-}
-LSSL_ALIAS(SSL_set_trust);
-
-int
-SSL_set1_host(SSL *s, const char *hostname)
-{
-        struct in_addr ina;
-        struct in6_addr in6a;
-
-        if (hostname != NULL && *hostname != '\0' &&
-            (inet_pton(AF_INET, hostname, &ina) == 1 ||
-            inet_pton(AF_INET6, hostname, &in6a) == 1))
-                return X509_VERIFY_PARAM_set1_ip_asc(s->param, hostname);
-        else
-                return X509_VERIFY_PARAM_set1_host(s->param, hostname, 0);
-}
-LSSL_ALIAS(SSL_set1_host);
-
-void
-SSL_set_hostflags(SSL *s, unsigned int flags)
-{
-        X509_VERIFY_PARAM_set_hostflags(s->param, flags);
-}
-LSSL_ALIAS(SSL_set_hostflags);
-
-const char *
-SSL_get0_peername(SSL *s)
-{
-        return X509_VERIFY_PARAM_get0_peername(s->param);
-}
-LSSL_ALIAS(SSL_get0_peername);
-
-X509_VERIFY_PARAM *
-SSL_CTX_get0_param(SSL_CTX *ctx)
-{
-        return (ctx->param);
-}
-LSSL_ALIAS(SSL_CTX_get0_param);
-
-int
-SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm)
-{
-        return (X509_VERIFY_PARAM_set1(ctx->param, vpm));
-}
-LSSL_ALIAS(SSL_CTX_set1_param);
-
-X509_VERIFY_PARAM *
-SSL_get0_param(SSL *ssl)
-{
-        return (ssl->param);
-}
-LSSL_ALIAS(SSL_get0_param);
-
-int
-SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm)
-{
-        return (X509_VERIFY_PARAM_set1(ssl->param, vpm));
-}
-LSSL_ALIAS(SSL_set1_param);
-
-void
-SSL_free(SSL *s)
-{
-        int     i;
-
-        if (s == NULL)
-                return;
-
-        i = CRYPTO_add(&s->references, -1, CRYPTO_LOCK_SSL);
-        if (i > 0)
-                return;
-
-        X509_VERIFY_PARAM_free(s->param);
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data);
-
-        if (s->bbio != NULL) {
-                /* If the buffering BIO is in place, pop it off */
-                if (s->bbio == s->wbio) {
-                        s->wbio = BIO_pop(s->wbio);
-                }
-                BIO_free(s->bbio);
-                s->bbio = NULL;
-        }
-
-        if (s->rbio != s->wbio)
-                BIO_free_all(s->rbio);
-        BIO_free_all(s->wbio);
-
-        tls13_ctx_free(s->tls13);
-
-        ssl3_release_init_buffer(s);
-
-        sk_SSL_CIPHER_free(s->cipher_list);
-        sk_SSL_CIPHER_free(s->cipher_list_tls13);
-
-        /* Make the next call work :-) */
-        if (s->session != NULL) {
-                ssl_clear_bad_session(s);
-                SSL_SESSION_free(s->session);
-        }
-
-        ssl_clear_cipher_state(s);
-
-        ssl_cert_free(s->cert);
-
-        free(s->tlsext_build_order);
-
-        free(s->tlsext_hostname);
-        SSL_CTX_free(s->initial_ctx);
-
-        free(s->tlsext_ecpointformatlist);
-        free(s->tlsext_supportedgroups);
-
-        sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-            X509_EXTENSION_free);
-        sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
-        free(s->tlsext_ocsp_resp);
-
-        sk_X509_NAME_pop_free(s->client_CA, X509_NAME_free);
-
-        if (s->method != NULL)
-                s->method->ssl_free(s);
-
-        SSL_CTX_free(s->ctx);
-
-        free(s->alpn_client_proto_list);
-
-        free(s->quic_transport_params);
-
-#ifndef OPENSSL_NO_SRTP
-        sk_SRTP_PROTECTION_PROFILE_free(s->srtp_profiles);
-#endif
-
-        tls12_record_layer_free(s->rl);
-
-        free(s);
-}
-LSSL_ALIAS(SSL_free);
-
-int
-SSL_up_ref(SSL *s)
-{
-        return CRYPTO_add(&s->references, 1, CRYPTO_LOCK_SSL) > 1;
-}
-LSSL_ALIAS(SSL_up_ref);
-
-void
-SSL_set_bio(SSL *s, BIO *rbio, BIO *wbio)
-{
-        /* If the output buffering BIO is still in place, remove it */
-        if (s->bbio != NULL) {
-                if (s->wbio == s->bbio) {
-                        s->wbio = BIO_next(s->wbio);
-                        BIO_set_next(s->bbio, NULL);
-                }
-        }
-
-        if (s->rbio != rbio && s->rbio != s->wbio)
-                BIO_free_all(s->rbio);
-        if (s->wbio != wbio)
-                BIO_free_all(s->wbio);
-        s->rbio = rbio;
-        s->wbio = wbio;
-}
-LSSL_ALIAS(SSL_set_bio);
-
-BIO *
-SSL_get_rbio(const SSL *s)
-{
-        return (s->rbio);
-}
-LSSL_ALIAS(SSL_get_rbio);
-
-void
-SSL_set0_rbio(SSL *s, BIO *rbio)
-{
-        BIO_free_all(s->rbio);
-        s->rbio = rbio;
-}
-LSSL_ALIAS(SSL_set0_rbio);
-
-BIO *
-SSL_get_wbio(const SSL *s)
-{
-        return (s->wbio);
-}
-LSSL_ALIAS(SSL_get_wbio);
-
-int
-SSL_get_fd(const SSL *s)
-{
-        return (SSL_get_rfd(s));
-}
-LSSL_ALIAS(SSL_get_fd);
-
-int
-SSL_get_rfd(const SSL *s)
-{
-        int      ret = -1;
-        BIO     *b, *r;
-
-        b = SSL_get_rbio(s);
-        r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
-        if (r != NULL)
-                BIO_get_fd(r, &ret);
-        return (ret);
-}
-LSSL_ALIAS(SSL_get_rfd);
-
-int
-SSL_get_wfd(const SSL *s)
-{
-        int      ret = -1;
-        BIO     *b, *r;
-
-        b = SSL_get_wbio(s);
-        r = BIO_find_type(b, BIO_TYPE_DESCRIPTOR);
-        if (r != NULL)
-                BIO_get_fd(r, &ret);
-        return (ret);
-}
-LSSL_ALIAS(SSL_get_wfd);
-
-int
-SSL_set_fd(SSL *s, int fd)
-{
-        int      ret = 0;
-        BIO     *bio = NULL;
-
-        bio = BIO_new(BIO_s_socket());
-
-        if (bio == NULL) {
-                SSLerror(s, ERR_R_BUF_LIB);
-                goto err;
-        }
-        BIO_set_fd(bio, fd, BIO_NOCLOSE);
-        SSL_set_bio(s, bio, bio);
-        ret = 1;
- err:
-        return (ret);
-}
-LSSL_ALIAS(SSL_set_fd);
-
-int
-SSL_set_wfd(SSL *s, int fd)
-{
-        int      ret = 0;
-        BIO     *bio = NULL;
-
-        if ((s->rbio == NULL) || (BIO_method_type(s->rbio) != BIO_TYPE_SOCKET)
-            || ((int)BIO_get_fd(s->rbio, NULL) != fd)) {
-                bio = BIO_new(BIO_s_socket());
-
-                if (bio == NULL) {
-                        SSLerror(s, ERR_R_BUF_LIB);
-                        goto err;
-                }
-                BIO_set_fd(bio, fd, BIO_NOCLOSE);
-                SSL_set_bio(s, SSL_get_rbio(s), bio);
-        } else
-                SSL_set_bio(s, SSL_get_rbio(s), SSL_get_rbio(s));
-        ret = 1;
- err:
-        return (ret);
-}
-LSSL_ALIAS(SSL_set_wfd);
-
-int
-SSL_set_rfd(SSL *s, int fd)
-{
-        int      ret = 0;
-        BIO     *bio = NULL;
-
-        if ((s->wbio == NULL) || (BIO_method_type(s->wbio) != BIO_TYPE_SOCKET)
-            || ((int)BIO_get_fd(s->wbio, NULL) != fd)) {
-                bio = BIO_new(BIO_s_socket());
-
-                if (bio == NULL) {
-                        SSLerror(s, ERR_R_BUF_LIB);
-                        goto err;
-                }
-                BIO_set_fd(bio, fd, BIO_NOCLOSE);
-                SSL_set_bio(s, bio, SSL_get_wbio(s));
-        } else
-                SSL_set_bio(s, SSL_get_wbio(s), SSL_get_wbio(s));
-        ret = 1;
- err:
-        return (ret);
-}
-LSSL_ALIAS(SSL_set_rfd);
-
-
-/* return length of latest Finished message we sent, copy to 'buf' */
-size_t
-SSL_get_finished(const SSL *s, void *buf, size_t count)
-{
-        size_t  ret;
-
-        ret = s->s3->hs.finished_len;
-        if (count > ret)
-                count = ret;
-        memcpy(buf, s->s3->hs.finished, count);
-        return (ret);
-}
-LSSL_ALIAS(SSL_get_finished);
-
-/* return length of latest Finished message we expected, copy to 'buf' */
-size_t
-SSL_get_peer_finished(const SSL *s, void *buf, size_t count)
-{
-        size_t  ret;
-
-        ret = s->s3->hs.peer_finished_len;
-        if (count > ret)
-                count = ret;
-        memcpy(buf, s->s3->hs.peer_finished, count);
-        return (ret);
-}
-LSSL_ALIAS(SSL_get_peer_finished);
-
-
-int
-SSL_get_verify_mode(const SSL *s)
-{
-        return (s->verify_mode);
-}
-LSSL_ALIAS(SSL_get_verify_mode);
-
-int
-SSL_get_verify_depth(const SSL *s)
-{
-        return (X509_VERIFY_PARAM_get_depth(s->param));
-}
-LSSL_ALIAS(SSL_get_verify_depth);
-
-int
-(*SSL_get_verify_callback(const SSL *s))(int, X509_STORE_CTX *)
-{
-        return (s->verify_callback);
-}
-LSSL_ALIAS(SSL_get_verify_callback);
-
-void
-SSL_CTX_set_keylog_callback(SSL_CTX *ctx, SSL_CTX_keylog_cb_func cb)
-{
-        ctx->keylog_callback = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_keylog_callback);
-
-SSL_CTX_keylog_cb_func
-SSL_CTX_get_keylog_callback(const SSL_CTX *ctx)
-{
-        return (ctx->keylog_callback);
-}
-LSSL_ALIAS(SSL_CTX_get_keylog_callback);
-
-int
-SSL_set_num_tickets(SSL *s, size_t num_tickets)
-{
-        s->num_tickets = num_tickets;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_set_num_tickets);
-
-size_t
-SSL_get_num_tickets(const SSL *s)
-{
-        return s->num_tickets;
-}
-LSSL_ALIAS(SSL_get_num_tickets);
-
-int
-SSL_CTX_set_num_tickets(SSL_CTX *ctx, size_t num_tickets)
-{
-        ctx->num_tickets = num_tickets;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_CTX_set_num_tickets);
-
-size_t
-SSL_CTX_get_num_tickets(const SSL_CTX *ctx)
-{
-        return ctx->num_tickets;
-}
-LSSL_ALIAS(SSL_CTX_get_num_tickets);
-
-int
-SSL_CTX_get_verify_mode(const SSL_CTX *ctx)
-{
-        return (ctx->verify_mode);
-}
-LSSL_ALIAS(SSL_CTX_get_verify_mode);
-
-int
-SSL_CTX_get_verify_depth(const SSL_CTX *ctx)
-{
-        return (X509_VERIFY_PARAM_get_depth(ctx->param));
-}
-LSSL_ALIAS(SSL_CTX_get_verify_depth);
-
-int
-(*SSL_CTX_get_verify_callback(const SSL_CTX *ctx))(int, X509_STORE_CTX *)
-{
-        return (ctx->default_verify_callback);
-}
-LSSL_ALIAS(SSL_CTX_get_verify_callback);
-
-void
-SSL_set_verify(SSL *s, int mode,
-    int (*callback)(int ok, X509_STORE_CTX *ctx))
-{
-        s->verify_mode = mode;
-        if (callback != NULL)
-                s->verify_callback = callback;
-}
-LSSL_ALIAS(SSL_set_verify);
-
-void
-SSL_set_verify_depth(SSL *s, int depth)
-{
-        X509_VERIFY_PARAM_set_depth(s->param, depth);
-}
-LSSL_ALIAS(SSL_set_verify_depth);
-
-void
-SSL_set_read_ahead(SSL *s, int yes)
-{
-        s->read_ahead = yes;
-}
-LSSL_ALIAS(SSL_set_read_ahead);
-
-int
-SSL_get_read_ahead(const SSL *s)
-{
-        return (s->read_ahead);
-}
-LSSL_ALIAS(SSL_get_read_ahead);
-
-int
-SSL_pending(const SSL *s)
-{
-        return (s->method->ssl_pending(s));
-}
-LSSL_ALIAS(SSL_pending);
-
-X509 *
-SSL_get_peer_certificate(const SSL *s)
-{
-        X509 *cert;
-
-        if (s == NULL || s->session == NULL)
-                return NULL;
-
-        if ((cert = s->session->peer_cert) == NULL)
-                return NULL;
-
-        X509_up_ref(cert);
-
-        return cert;
-}
-LSSL_ALIAS(SSL_get_peer_certificate);
-
-STACK_OF(X509) *
-SSL_get_peer_cert_chain(const SSL *s)
-{
-        if (s == NULL)
-                return NULL;
-
-        /*
-         * Achtung! Due to API inconsistency, a client includes the peer's leaf
-         * certificate in the peer certificate chain, while a server does not.
-         */
-        if (!s->server)
-                return s->s3->hs.peer_certs;
-
-        return s->s3->hs.peer_certs_no_leaf;
-}
-LSSL_ALIAS(SSL_get_peer_cert_chain);
-
-STACK_OF(X509) *
-SSL_get0_verified_chain(const SSL *s)
-{
-        if (s->s3 == NULL)
-                return NULL;
-        return s->s3->hs.verified_chain;
-}
-LSSL_ALIAS(SSL_get0_verified_chain);
-
-/*
- * Now in theory, since the calling process own 't' it should be safe to
- * modify.  We need to be able to read f without being hassled
- */
-int
-SSL_copy_session_id(SSL *t, const SSL *f)
-{
-        SSL_CERT *tmp;
-
-        /* Do we need to do SSL locking? */
-        if (!SSL_set_session(t, SSL_get_session(f)))
-                return 0;
-
-        /* What if we are set up for one protocol but want to talk another? */
-        if (t->method != f->method) {
-                t->method->ssl_free(t);
-                t->method = f->method;
-                if (!t->method->ssl_new(t))
-                        return 0;
-        }
-
-        tmp = t->cert;
-        if (f->cert != NULL) {
-                CRYPTO_add(&f->cert->references, 1, CRYPTO_LOCK_SSL_CERT);
-                t->cert = f->cert;
-        } else
-                t->cert = NULL;
-        ssl_cert_free(tmp);
-
-        if (!SSL_set_session_id_context(t, f->sid_ctx, f->sid_ctx_length))
-                return 0;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_copy_session_id);
-
-/* Fix this so it checks all the valid key/cert options */
-int
-SSL_CTX_check_private_key(const SSL_CTX *ctx)
-{
-        if ((ctx == NULL) || (ctx->cert == NULL) ||
-            (ctx->cert->key->x509 == NULL)) {
-                SSLerrorx(SSL_R_NO_CERTIFICATE_ASSIGNED);
-                return (0);
-        }
-        if (ctx->cert->key->privatekey == NULL) {
-                SSLerrorx(SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-                return (0);
-        }
-        return (X509_check_private_key(ctx->cert->key->x509,
-            ctx->cert->key->privatekey));
-}
-LSSL_ALIAS(SSL_CTX_check_private_key);
-
-/* Fix this function so that it takes an optional type parameter */
-int
-SSL_check_private_key(const SSL *ssl)
-{
-        if (ssl == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        if (ssl->cert == NULL) {
-                SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
-                return (0);
-        }
-        if (ssl->cert->key->x509 == NULL) {
-                SSLerror(ssl, SSL_R_NO_CERTIFICATE_ASSIGNED);
-                return (0);
-        }
-        if (ssl->cert->key->privatekey == NULL) {
-                SSLerror(ssl, SSL_R_NO_PRIVATE_KEY_ASSIGNED);
-                return (0);
-        }
-        return (X509_check_private_key(ssl->cert->key->x509,
-            ssl->cert->key->privatekey));
-}
-LSSL_ALIAS(SSL_check_private_key);
-
-int
-SSL_accept(SSL *s)
-{
-        if (s->handshake_func == NULL)
-                SSL_set_accept_state(s); /* Not properly initialized yet */
-
-        return (s->method->ssl_accept(s));
-}
-LSSL_ALIAS(SSL_accept);
-
-int
-SSL_connect(SSL *s)
-{
-        if (s->handshake_func == NULL)
-                SSL_set_connect_state(s); /* Not properly initialized yet */
-
-        return (s->method->ssl_connect(s));
-}
-LSSL_ALIAS(SSL_connect);
-
-int
-SSL_is_dtls(const SSL *s)
-{
-        return s->method->dtls;
-}
-LSSL_ALIAS(SSL_is_dtls);
-
-int
-SSL_is_server(const SSL *s)
-{
-        return s->server;
-}
-LSSL_ALIAS(SSL_is_server);
-
-static long
-ssl_get_default_timeout(void)
-{
-        /*
-         * 2 hours, the 24 hours mentioned in the TLSv1 spec
-         * is way too long for http, the cache would over fill.
-         */
-        return (2 * 60 * 60);
-}
-
-long
-SSL_get_default_timeout(const SSL *s)
-{
-        return (ssl_get_default_timeout());
-}
-LSSL_ALIAS(SSL_get_default_timeout);
-
-int
-SSL_read(SSL *s, void *buf, int num)
-{
-        if (num < 0) {
-                SSLerror(s, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-
-        if (SSL_is_quic(s)) {
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return (-1);
-        }
-
-        if (s->handshake_func == NULL) {
-                SSLerror(s, SSL_R_UNINITIALIZED);
-                return (-1);
-        }
-
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-                s->rwstate = SSL_NOTHING;
-                return (0);
-        }
-        return ssl3_read(s, buf, num);
-}
-LSSL_ALIAS(SSL_read);
-
-int
-SSL_read_ex(SSL *s, void *buf, size_t num, size_t *bytes_read)
-{
-        int ret;
-
-        /* We simply don't bother supporting enormous reads */
-        if (num > INT_MAX) {
-                SSLerror(s, SSL_R_BAD_LENGTH);
-                return 0;
-        }
-
-        ret = SSL_read(s, buf, (int)num);
-        if (ret < 0)
-                ret = 0;
-        *bytes_read = ret;
-
-        return ret > 0;
-}
-LSSL_ALIAS(SSL_read_ex);
-
-int
-SSL_peek(SSL *s, void *buf, int num)
-{
-        if (num < 0) {
-                SSLerror(s, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-
-        if (SSL_is_quic(s)) {
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return (-1);
-        }
-
-        if (s->handshake_func == NULL) {
-                SSLerror(s, SSL_R_UNINITIALIZED);
-                return (-1);
-        }
-
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-                return (0);
-        }
-        return ssl3_peek(s, buf, num);
-}
-LSSL_ALIAS(SSL_peek);
-
-int
-SSL_peek_ex(SSL *s, void *buf, size_t num, size_t *bytes_peeked)
-{
-        int ret;
-
-        /* We simply don't bother supporting enormous peeks */
-        if (num > INT_MAX) {
-                SSLerror(s, SSL_R_BAD_LENGTH);
-                return 0;
-        }
-
-        ret = SSL_peek(s, buf, (int)num);
-        if (ret < 0)
-                ret = 0;
-        *bytes_peeked = ret;
-
-        return ret > 0;
-}
-LSSL_ALIAS(SSL_peek_ex);
-
-int
-SSL_write(SSL *s, const void *buf, int num)
-{
-        if (num < 0) {
-                SSLerror(s, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-
-        if (SSL_is_quic(s)) {
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return (-1);
-        }
-
-        if (s->handshake_func == NULL) {
-                SSLerror(s, SSL_R_UNINITIALIZED);
-                return (-1);
-        }
-
-        if (s->shutdown & SSL_SENT_SHUTDOWN) {
-                s->rwstate = SSL_NOTHING;
-                SSLerror(s, SSL_R_PROTOCOL_IS_SHUTDOWN);
-                return (-1);
-        }
-        return ssl3_write(s, buf, num);
-}
-LSSL_ALIAS(SSL_write);
-
-int
-SSL_write_ex(SSL *s, const void *buf, size_t num, size_t *bytes_written)
-{
-        int ret;
-
-        /* We simply don't bother supporting enormous writes */
-        if (num > INT_MAX) {
-                SSLerror(s, SSL_R_BAD_LENGTH);
-                return 0;
-        }
-
-        if (num == 0) {
-                /* This API is special */
-                bytes_written = 0;
-                return 1;
-        }
-
-        ret = SSL_write(s, buf, (int)num);
-        if (ret < 0)
-                ret = 0;
-        *bytes_written = ret;
-
-        return ret > 0;
-}
-LSSL_ALIAS(SSL_write_ex);
-
-uint32_t
-SSL_CTX_get_max_early_data(const SSL_CTX *ctx)
-{
-        return 0;
-}
-LSSL_ALIAS(SSL_CTX_get_max_early_data);
-
-int
-SSL_CTX_set_max_early_data(SSL_CTX *ctx, uint32_t max_early_data)
-{
-        return 1;
-}
-LSSL_ALIAS(SSL_CTX_set_max_early_data);
-
-uint32_t
-SSL_get_max_early_data(const SSL *s)
-{
-        return 0;
-}
-LSSL_ALIAS(SSL_get_max_early_data);
-
-int
-SSL_set_max_early_data(SSL *s, uint32_t max_early_data)
-{
-        return 1;
-}
-LSSL_ALIAS(SSL_set_max_early_data);
-
-int
-SSL_get_early_data_status(const SSL *s)
-{
-        return SSL_EARLY_DATA_REJECTED;
-}
-LSSL_ALIAS(SSL_get_early_data_status);
-
-int
-SSL_read_early_data(SSL *s, void *buf, size_t num, size_t *readbytes)
-{
-        *readbytes = 0;
-
-        if (!s->server) {
-                SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return SSL_READ_EARLY_DATA_ERROR;
-        }
-
-        return SSL_READ_EARLY_DATA_FINISH;
-}
-LSSL_ALIAS(SSL_read_early_data);
-
-int
-SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written)
-{
-        *written = 0;
-        SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return 0;
-}
-LSSL_ALIAS(SSL_write_early_data);
-
-int
-SSL_shutdown(SSL *s)
-{
-        /*
-         * Note that this function behaves differently from what one might
-         * expect.  Return values are 0 for no success (yet),
-         * 1 for success; but calling it once is usually not enough,
-         * even if blocking I/O is used (see ssl3_shutdown).
-         */
-
-        if (s->handshake_func == NULL) {
-                SSLerror(s, SSL_R_UNINITIALIZED);
-                return (-1);
-        }
-
-        if (s != NULL && !SSL_in_init(s))
-                return (s->method->ssl_shutdown(s));
-
-        return (1);
-}
-LSSL_ALIAS(SSL_shutdown);
-
-int
-SSL_renegotiate(SSL *s)
-{
-        if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
-                SSLerror(s, SSL_R_NO_RENEGOTIATION);
-                return 0;
-        }
-
-        if (s->renegotiate == 0)
-                s->renegotiate = 1;
-
-        s->new_session = 1;
-
-        return (s->method->ssl_renegotiate(s));
-}
-LSSL_ALIAS(SSL_renegotiate);
-
-int
-SSL_renegotiate_abbreviated(SSL *s)
-{
-        if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
-                SSLerror(s, SSL_R_NO_RENEGOTIATION);
-                return 0;
-        }
-
-        if (s->renegotiate == 0)
-                s->renegotiate = 1;
-
-        s->new_session = 0;
-
-        return (s->method->ssl_renegotiate(s));
-}
-LSSL_ALIAS(SSL_renegotiate_abbreviated);
-
-int
-SSL_renegotiate_pending(SSL *s)
-{
-        /*
-         * Becomes true when negotiation is requested;
-         * false again once a handshake has finished.
-         */
-        return (s->renegotiate != 0);
-}
-LSSL_ALIAS(SSL_renegotiate_pending);
-
-long
-SSL_ctrl(SSL *s, int cmd, long larg, void *parg)
-{
-        long    l;
-
-        switch (cmd) {
-        case SSL_CTRL_GET_READ_AHEAD:
-                return (s->read_ahead);
-        case SSL_CTRL_SET_READ_AHEAD:
-                l = s->read_ahead;
-                s->read_ahead = larg;
-                return (l);
-
-        case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-                s->msg_callback_arg = parg;
-                return (1);
-
-        case SSL_CTRL_OPTIONS:
-                return (s->options|=larg);
-        case SSL_CTRL_CLEAR_OPTIONS:
-                return (s->options&=~larg);
-        case SSL_CTRL_MODE:
-                return (s->mode|=larg);
-        case SSL_CTRL_CLEAR_MODE:
-                return (s->mode &=~larg);
-        case SSL_CTRL_GET_MAX_CERT_LIST:
-                return (s->max_cert_list);
-        case SSL_CTRL_SET_MAX_CERT_LIST:
-                l = s->max_cert_list;
-                s->max_cert_list = larg;
-                return (l);
-        case SSL_CTRL_SET_MTU:
-                if (larg < (long)dtls1_min_mtu())
-                        return (0);
-                if (SSL_is_dtls(s)) {
-                        s->d1->mtu = larg;
-                        return (larg);
-                }
-                return (0);
-        case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
-                if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
-                        return (0);
-                s->max_send_fragment = larg;
-                return (1);
-        case SSL_CTRL_GET_RI_SUPPORT:
-                if (s->s3)
-                        return (s->s3->send_connection_binding);
-                else return (0);
-        default:
-                if (SSL_is_dtls(s))
-                        return dtls1_ctrl(s, cmd, larg, parg);
-                return ssl3_ctrl(s, cmd, larg, parg);
-        }
-}
-LSSL_ALIAS(SSL_ctrl);
-
-long
-SSL_callback_ctrl(SSL *s, int cmd, void (*fp)(void))
-{
-        switch (cmd) {
-        case SSL_CTRL_SET_MSG_CALLBACK:
-                s->msg_callback = (ssl_msg_callback_fn *)(fp);
-                return (1);
-
-        default:
-                return (ssl3_callback_ctrl(s, cmd, fp));
-        }
-}
-LSSL_ALIAS(SSL_callback_ctrl);
-
-struct lhash_st_SSL_SESSION *
-SSL_CTX_sessions(SSL_CTX *ctx)
-{
-        return (ctx->sessions);
-}
-LSSL_ALIAS(SSL_CTX_sessions);
-
-long
-SSL_CTX_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
-{
-        long    l;
-
-        switch (cmd) {
-        case SSL_CTRL_GET_READ_AHEAD:
-                return (ctx->read_ahead);
-        case SSL_CTRL_SET_READ_AHEAD:
-                l = ctx->read_ahead;
-                ctx->read_ahead = larg;
-                return (l);
-
-        case SSL_CTRL_SET_MSG_CALLBACK_ARG:
-                ctx->msg_callback_arg = parg;
-                return (1);
-
-        case SSL_CTRL_GET_MAX_CERT_LIST:
-                return (ctx->max_cert_list);
-        case SSL_CTRL_SET_MAX_CERT_LIST:
-                l = ctx->max_cert_list;
-                ctx->max_cert_list = larg;
-                return (l);
-
-        case SSL_CTRL_SET_SESS_CACHE_SIZE:
-                l = ctx->session_cache_size;
-                ctx->session_cache_size = larg;
-                return (l);
-        case SSL_CTRL_GET_SESS_CACHE_SIZE:
-                return (ctx->session_cache_size);
-        case SSL_CTRL_SET_SESS_CACHE_MODE:
-                l = ctx->session_cache_mode;
-                ctx->session_cache_mode = larg;
-                return (l);
-        case SSL_CTRL_GET_SESS_CACHE_MODE:
-                return (ctx->session_cache_mode);
-
-        case SSL_CTRL_SESS_NUMBER:
-                return (lh_SSL_SESSION_num_items(ctx->sessions));
-        case SSL_CTRL_SESS_CONNECT:
-                return (ctx->stats.sess_connect);
-        case SSL_CTRL_SESS_CONNECT_GOOD:
-                return (ctx->stats.sess_connect_good);
-        case SSL_CTRL_SESS_CONNECT_RENEGOTIATE:
-                return (ctx->stats.sess_connect_renegotiate);
-        case SSL_CTRL_SESS_ACCEPT:
-                return (ctx->stats.sess_accept);
-        case SSL_CTRL_SESS_ACCEPT_GOOD:
-                return (ctx->stats.sess_accept_good);
-        case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE:
-                return (ctx->stats.sess_accept_renegotiate);
-        case SSL_CTRL_SESS_HIT:
-                return (ctx->stats.sess_hit);
-        case SSL_CTRL_SESS_CB_HIT:
-                return (ctx->stats.sess_cb_hit);
-        case SSL_CTRL_SESS_MISSES:
-                return (ctx->stats.sess_miss);
-        case SSL_CTRL_SESS_TIMEOUTS:
-                return (ctx->stats.sess_timeout);
-        case SSL_CTRL_SESS_CACHE_FULL:
-                return (ctx->stats.sess_cache_full);
-        case SSL_CTRL_OPTIONS:
-                return (ctx->options|=larg);
-        case SSL_CTRL_CLEAR_OPTIONS:
-                return (ctx->options&=~larg);
-        case SSL_CTRL_MODE:
-                return (ctx->mode|=larg);
-        case SSL_CTRL_CLEAR_MODE:
-                return (ctx->mode&=~larg);
-        case SSL_CTRL_SET_MAX_SEND_FRAGMENT:
-                if (larg < 512 || larg > SSL3_RT_MAX_PLAIN_LENGTH)
-                        return (0);
-                ctx->max_send_fragment = larg;
-                return (1);
-        default:
-                return (ssl3_ctx_ctrl(ctx, cmd, larg, parg));
-        }
-}
-LSSL_ALIAS(SSL_CTX_ctrl);
-
-long
-SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)(void))
-{
-        switch (cmd) {
-        case SSL_CTRL_SET_MSG_CALLBACK:
-                ctx->msg_callback = (ssl_msg_callback_fn *)fp;
-                return (1);
-
-        default:
-                return (ssl3_ctx_callback_ctrl(ctx, cmd, fp));
-        }
-}
-LSSL_ALIAS(SSL_CTX_callback_ctrl);
-
-STACK_OF(SSL_CIPHER) *
-SSL_get_ciphers(const SSL *s)
-{
-        if (s == NULL)
-                return (NULL);
-        if (s->cipher_list != NULL)
-                return (s->cipher_list);
-
-        return (s->ctx->cipher_list);
-}
-LSSL_ALIAS(SSL_get_ciphers);
-
-STACK_OF(SSL_CIPHER) *
-SSL_get_client_ciphers(const SSL *s)
-{
-        if (s == NULL || !s->server)
-                return NULL;
-        return s->s3->hs.client_ciphers;
-}
-LSSL_ALIAS(SSL_get_client_ciphers);
-
-STACK_OF(SSL_CIPHER) *
-SSL_get1_supported_ciphers(SSL *s)
-{
-        STACK_OF(SSL_CIPHER) *supported_ciphers = NULL, *ciphers;
-        SSL_CIPHER *cipher;
-        uint16_t min_vers, max_vers;
-        int i;
-
-        if (s == NULL)
-                return NULL;
-        if (!ssl_supported_tls_version_range(s, &min_vers, &max_vers))
-                return NULL;
-        if ((ciphers = SSL_get_ciphers(s)) == NULL)
-                return NULL;
-        if ((supported_ciphers = sk_SSL_CIPHER_new_null()) == NULL)
-                return NULL;
-
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-                if ((cipher = sk_SSL_CIPHER_value(ciphers, i)) == NULL)
-                        goto err;
-                if (!ssl_cipher_allowed_in_tls_version_range(cipher, min_vers,
-                    max_vers))
-                        continue;
-                if (!ssl_security_supported_cipher(s, cipher))
-                        continue;
-                if (!sk_SSL_CIPHER_push(supported_ciphers, cipher))
-                        goto err;
-        }
-
-        if (sk_SSL_CIPHER_num(supported_ciphers) > 0)
-                return supported_ciphers;
-
- err:
-        sk_SSL_CIPHER_free(supported_ciphers);
-        return NULL;
-}
-LSSL_ALIAS(SSL_get1_supported_ciphers);
-
-/* See if we have any ECC cipher suites. */
-int
-ssl_has_ecc_ciphers(SSL *s)
-{
-        STACK_OF(SSL_CIPHER) *ciphers;
-        unsigned long alg_k, alg_a;
-        SSL_CIPHER *cipher;
-        int i;
-
-        if ((ciphers = SSL_get_ciphers(s)) == NULL)
-                return 0;
-
-        for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-                cipher = sk_SSL_CIPHER_value(ciphers, i);
-
-                alg_k = cipher->algorithm_mkey;
-                alg_a = cipher->algorithm_auth;
-
-                if ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA))
-                        return 1;
-        }
-
-        return 0;
-}
-
-/* The old interface to get the same thing as SSL_get_ciphers(). */
-const char *
-SSL_get_cipher_list(const SSL *s, int n)
-{
-        STACK_OF(SSL_CIPHER) *ciphers;
-        const SSL_CIPHER *cipher;
-
-        if ((ciphers = SSL_get_ciphers(s)) == NULL)
-                return (NULL);
-        if ((cipher = sk_SSL_CIPHER_value(ciphers, n)) == NULL)
-                return (NULL);
-
-        return (cipher->name);
-}
-LSSL_ALIAS(SSL_get_cipher_list);
-
-STACK_OF(SSL_CIPHER) *
-SSL_CTX_get_ciphers(const SSL_CTX *ctx)
-{
-        if (ctx == NULL)
-                return NULL;
-        return ctx->cipher_list;
-}
-LSSL_ALIAS(SSL_CTX_get_ciphers);
-
-/* Specify the ciphers to be used by default by the SSL_CTX. */
-int
-SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str)
-{
-        STACK_OF(SSL_CIPHER) *ciphers;
-
-        /*
-         * ssl_create_cipher_list may return an empty stack if it was unable to
-         * find a cipher matching the given rule string (for example if the
-         * rule string specifies a cipher which has been disabled). This is not
-         * an error as far as ssl_create_cipher_list is concerned, and hence
-         * ctx->cipher_list has been updated.
-         */
-        ciphers = ssl_create_cipher_list(ctx->method, &ctx->cipher_list,
-            ctx->cipher_list_tls13, str, ctx->cert);
-        if (ciphers == NULL) {
-                return (0);
-        } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
-                SSLerrorx(SSL_R_NO_CIPHER_MATCH);
-                return (0);
-        }
-        return (1);
-}
-LSSL_ALIAS(SSL_CTX_set_cipher_list);
-
-int
-SSL_CTX_set_ciphersuites(SSL_CTX *ctx, const char *str)
-{
-        if (!ssl_parse_ciphersuites(&ctx->cipher_list_tls13, str)) {
-                SSLerrorx(SSL_R_NO_CIPHER_MATCH);
-                return 0;
-        }
-        if (!ssl_merge_cipherlists(ctx->cipher_list,
-            ctx->cipher_list_tls13, &ctx->cipher_list))
-                return 0;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_CTX_set_ciphersuites);
-
-/* Specify the ciphers to be used by the SSL. */
-int
-SSL_set_cipher_list(SSL *s, const char *str)
-{
-        STACK_OF(SSL_CIPHER) *ciphers, *ciphers_tls13;
-
-        if ((ciphers_tls13 = s->cipher_list_tls13) == NULL)
-                ciphers_tls13 = s->ctx->cipher_list_tls13;
-
-        /* See comment in SSL_CTX_set_cipher_list. */
-        ciphers = ssl_create_cipher_list(s->ctx->method, &s->cipher_list,
-            ciphers_tls13, str, s->cert);
-        if (ciphers == NULL) {
-                return (0);
-        } else if (sk_SSL_CIPHER_num(ciphers) == 0) {
-                SSLerror(s, SSL_R_NO_CIPHER_MATCH);
-                return (0);
-        }
-        return (1);
-}
-LSSL_ALIAS(SSL_set_cipher_list);
-
-int
-SSL_set_ciphersuites(SSL *s, const char *str)
-{
-        STACK_OF(SSL_CIPHER) *ciphers;
-
-        if ((ciphers = s->cipher_list) == NULL)
-                ciphers = s->ctx->cipher_list;
-
-        if (!ssl_parse_ciphersuites(&s->cipher_list_tls13, str)) {
-                SSLerrorx(SSL_R_NO_CIPHER_MATCH);
-                return (0);
-        }
-        if (!ssl_merge_cipherlists(ciphers, s->cipher_list_tls13,
-            &s->cipher_list))
-                return 0;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_set_ciphersuites);
-
-char *
-SSL_get_shared_ciphers(const SSL *s, char *buf, int len)
-{
-        STACK_OF(SSL_CIPHER) *client_ciphers, *server_ciphers;
-        const SSL_CIPHER *cipher;
-        size_t curlen = 0;
-        char *end;
-        int i;
-
-        if (!s->server || len < 2)
-                return NULL;
-
-        if ((client_ciphers = s->s3->hs.client_ciphers) == NULL)
-                return NULL;
-        if ((server_ciphers = SSL_get_ciphers(s)) == NULL)
-                return NULL;
-        if (sk_SSL_CIPHER_num(client_ciphers) == 0 ||
-            sk_SSL_CIPHER_num(server_ciphers) == 0)
-                return NULL;
-
-        buf[0] = '\0';
-        for (i = 0; i < sk_SSL_CIPHER_num(client_ciphers); i++) {
-                cipher = sk_SSL_CIPHER_value(client_ciphers, i);
-
-                if (sk_SSL_CIPHER_find(server_ciphers, cipher) < 0)
-                        continue;
-
-                end = buf + curlen;
-                if (strlcat(buf, cipher->name, len) >= len ||
-                    (curlen = strlcat(buf, ":", len)) >= len) {
-                        /* remove truncated cipher from list */
-                        *end = '\0';
-                        break;
-                }
-        }
-        /* remove trailing colon */
-        if ((end = strrchr(buf, ':')) != NULL)
-                *end = '\0';
-        return buf;
-}
-LSSL_ALIAS(SSL_get_shared_ciphers);
-
-/*
- * Return a servername extension value if provided in Client Hello, or NULL.
- * So far, only host_name types are defined (RFC 3546).
- */
-const char *
-SSL_get_servername(const SSL *s, const int type)
-{
-        if (type != TLSEXT_NAMETYPE_host_name)
-                return (NULL);
-
-        return (s->session && !s->tlsext_hostname ?
-            s->session->tlsext_hostname :
-            s->tlsext_hostname);
-}
-LSSL_ALIAS(SSL_get_servername);
-
-int
-SSL_get_servername_type(const SSL *s)
-{
-        if (s->session &&
-            (!s->tlsext_hostname ?
-            s->session->tlsext_hostname : s->tlsext_hostname))
-                return (TLSEXT_NAMETYPE_host_name);
-        return (-1);
-}
-LSSL_ALIAS(SSL_get_servername_type);
-
-/*
- * SSL_select_next_proto implements standard protocol selection. It is
- * expected that this function is called from the callback set by
- * SSL_CTX_set_alpn_select_cb.
- *
- * The protocol data is assumed to be a vector of 8-bit, length prefixed byte
- * strings. The length byte itself is not included in the length. A byte
- * string of length 0 is invalid. No byte string may be truncated.
- *
- * It returns either:
- * OPENSSL_NPN_NEGOTIATED if a common protocol was found, or
- * OPENSSL_NPN_NO_OVERLAP if the fallback case was reached.
- *
- * XXX - the out argument points into server_list or client_list and should
- * therefore really be const. We can't fix that without breaking the callers.
- */
-int
-SSL_select_next_proto(unsigned char **out, unsigned char *outlen,
-    const unsigned char *peer_list, unsigned int peer_list_len,
-    const unsigned char *supported_list, unsigned int supported_list_len)
-{
-        CBS peer, peer_proto, supported, supported_proto;
-
-        *out = NULL;
-        *outlen = 0;
-
-        /* First check that the supported list is well-formed. */
-        CBS_init(&supported, supported_list, supported_list_len);
-        if (!tlsext_alpn_check_format(&supported))
-                goto err;
-
-        /*
-         * Use first supported protocol as fallback. This is one way of doing
-         * NPN's "opportunistic" protocol selection (see security considerations
-         * in draft-agl-tls-nextprotoneg-04), and it is the documented behavior
-         * of this API. For ALPN it's the callback's responsibility to fail on
-         * OPENSSL_NPN_NO_OVERLAP.
-         */
-
-        if (!CBS_get_u8_length_prefixed(&supported, &supported_proto))
-                goto err;
-
-        *out = (unsigned char *)CBS_data(&supported_proto);
-        *outlen = CBS_len(&supported_proto);
-
-        /* Now check that the peer list is well-formed. */
-        CBS_init(&peer, peer_list, peer_list_len);
-        if (!tlsext_alpn_check_format(&peer))
-                goto err;
-
-        /*
-         * Walk the peer list and select the first protocol that appears in
-         * the supported list. Thus we honor peer preference rather than local
-         * preference contrary to a SHOULD in RFC 7301, section 3.2.
-         */
-        while (CBS_len(&peer) > 0) {
-                if (!CBS_get_u8_length_prefixed(&peer, &peer_proto))
-                        goto err;
-
-                CBS_init(&supported, supported_list, supported_list_len);
-
-                while (CBS_len(&supported) > 0) {
-                        if (!CBS_get_u8_length_prefixed(&supported,
-                            &supported_proto))
-                                goto err;
-
-                        if (CBS_mem_equal(&supported_proto,
-                            CBS_data(&peer_proto), CBS_len(&peer_proto))) {
-                                *out = (unsigned char *)CBS_data(&peer_proto);
-                                *outlen = CBS_len(&peer_proto);
-
-                                return OPENSSL_NPN_NEGOTIATED;
-                        }
-                }
-        }
-
- err:
-        return OPENSSL_NPN_NO_OVERLAP;
-}
-LSSL_ALIAS(SSL_select_next_proto);
-
-/* SSL_get0_next_proto_negotiated is deprecated. */
-void
-SSL_get0_next_proto_negotiated(const SSL *s, const unsigned char **data,
-    unsigned int *len)
-{
-        *data = NULL;
-        *len = 0;
-}
-LSSL_ALIAS(SSL_get0_next_proto_negotiated);
-
-/* SSL_CTX_set_next_protos_advertised_cb is deprecated. */
-void
-SSL_CTX_set_next_protos_advertised_cb(SSL_CTX *ctx, int (*cb) (SSL *ssl,
-    const unsigned char **out, unsigned int *outlen, void *arg), void *arg)
-{
-}
-LSSL_ALIAS(SSL_CTX_set_next_protos_advertised_cb);
-
-/* SSL_CTX_set_next_proto_select_cb is deprecated. */
-void
-SSL_CTX_set_next_proto_select_cb(SSL_CTX *ctx, int (*cb) (SSL *s,
-    unsigned char **out, unsigned char *outlen, const unsigned char *in,
-    unsigned int inlen, void *arg), void *arg)
-{
-}
-LSSL_ALIAS(SSL_CTX_set_next_proto_select_cb);
-
-/*
- * SSL_CTX_set_alpn_protos sets the ALPN protocol list to the specified
- * protocols, which must be in wire-format (i.e. a series of non-empty,
- * 8-bit length-prefixed strings). Returns 0 on success.
- */
-int
-SSL_CTX_set_alpn_protos(SSL_CTX *ctx, const unsigned char *protos,
-    unsigned int protos_len)
-{
-        CBS cbs;
-        int failed = 1;
-
-        if (protos == NULL)
-                protos_len = 0;
-
-        CBS_init(&cbs, protos, protos_len);
-
-        if (protos_len > 0) {
-                if (!tlsext_alpn_check_format(&cbs))
-                        goto err;
-        }
-
-        if (!CBS_stow(&cbs, &ctx->alpn_client_proto_list,
-            &ctx->alpn_client_proto_list_len))
-                goto err;
-
-        failed = 0;
-
- err:
-        /* NOTE: Return values are the reverse of what you expect. */
-        return failed;
-}
-LSSL_ALIAS(SSL_CTX_set_alpn_protos);
-
-/*
- * SSL_set_alpn_protos sets the ALPN protocol list to the specified
- * protocols, which must be in wire-format (i.e. a series of non-empty,
- * 8-bit length-prefixed strings). Returns 0 on success.
- */
-int
-SSL_set_alpn_protos(SSL *ssl, const unsigned char *protos,
-    unsigned int protos_len)
-{
-        CBS cbs;
-        int failed = 1;
-
-        if (protos == NULL)
-                protos_len = 0;
-
-        CBS_init(&cbs, protos, protos_len);
-
-        if (protos_len > 0) {
-                if (!tlsext_alpn_check_format(&cbs))
-                        goto err;
-        }
-
-        if (!CBS_stow(&cbs, &ssl->alpn_client_proto_list,
-            &ssl->alpn_client_proto_list_len))
-                goto err;
-
-        failed = 0;
-
- err:
-        /* NOTE: Return values are the reverse of what you expect. */
-        return failed;
-}
-LSSL_ALIAS(SSL_set_alpn_protos);
-
-/*
- * SSL_CTX_set_alpn_select_cb sets a callback function that is called during
- * ClientHello processing in order to select an ALPN protocol from the
- * client's list of offered protocols.
- */
-void
-SSL_CTX_set_alpn_select_cb(SSL_CTX* ctx,
-    int (*cb) (SSL *ssl, const unsigned char **out, unsigned char *outlen,
-    const unsigned char *in, unsigned int inlen, void *arg), void *arg)
-{
-        ctx->alpn_select_cb = cb;
-        ctx->alpn_select_cb_arg = arg;
-}
-LSSL_ALIAS(SSL_CTX_set_alpn_select_cb);
-
-/*
- * SSL_get0_alpn_selected gets the selected ALPN protocol (if any). On return
- * it sets data to point to len bytes of protocol name (not including the
- * leading length-prefix byte). If the server didn't respond with* a negotiated
- * protocol then len will be zero.
- */
-void
-SSL_get0_alpn_selected(const SSL *ssl, const unsigned char **data,
-    unsigned int *len)
-{
-        *data = ssl->s3->alpn_selected;
-        *len = ssl->s3->alpn_selected_len;
-}
-LSSL_ALIAS(SSL_get0_alpn_selected);
-
-void
-SSL_set_psk_use_session_callback(SSL *s, SSL_psk_use_session_cb_func cb)
-{
-        return;
-}
-LSSL_ALIAS(SSL_set_psk_use_session_callback);
-
-int
-SSL_export_keying_material(SSL *s, unsigned char *out, size_t out_len,
-    const char *label, size_t label_len, const unsigned char *context,
-    size_t context_len, int use_context)
-{
-        if (s->tls13 != NULL && s->version == TLS1_3_VERSION) {
-                if (!use_context) {
-                        context = NULL;
-                        context_len = 0;
-                }
-                return tls13_exporter(s->tls13, label, label_len, context,
-                    context_len, out, out_len);
-        }
-
-        return tls12_exporter(s, label, label_len, context, context_len,
-            use_context, out, out_len);
-}
-LSSL_ALIAS(SSL_export_keying_material);
-
-static unsigned long
-ssl_session_hash(const SSL_SESSION *a)
-{
-        unsigned long   l;
-
-        l = (unsigned long)
-            ((unsigned int) a->session_id[0]     )|
-            ((unsigned int) a->session_id[1]<< 8L)|
-            ((unsigned long)a->session_id[2]<<16L)|
-            ((unsigned long)a->session_id[3]<<24L);
-        return (l);
-}
-
-/*
- * NB: If this function (or indeed the hash function which uses a sort of
- * coarser function than this one) is changed, ensure
- * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being
- * able to construct an SSL_SESSION that will collide with any existing session
- * with a matching session ID.
- */
-static int
-ssl_session_cmp(const SSL_SESSION *a, const SSL_SESSION *b)
-{
-        if (a->ssl_version != b->ssl_version)
-                return (1);
-        if (a->session_id_length != b->session_id_length)
-                return (1);
-        if (timingsafe_memcmp(a->session_id, b->session_id, a->session_id_length) != 0)
-                return (1);
-        return (0);
-}
-
-/*
- * These wrapper functions should remain rather than redeclaring
- * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each
- * variable. The reason is that the functions aren't static, they're exposed via
- * ssl.h.
- */
-static unsigned long
-ssl_session_LHASH_HASH(const void *arg)
-{
-        const SSL_SESSION *a = arg;
-
-        return ssl_session_hash(a);
-}
-
-static int
-ssl_session_LHASH_COMP(const void *arg1, const void *arg2)
-{
-        const SSL_SESSION *a = arg1;
-        const SSL_SESSION *b = arg2;
-
-        return ssl_session_cmp(a, b);
-}
-
-SSL_CTX *
-SSL_CTX_new(const SSL_METHOD *meth)
-{
-        SSL_CTX *ret;
-
-        if (!OPENSSL_init_ssl(0, NULL)) {
-                SSLerrorx(SSL_R_LIBRARY_BUG);
-                return (NULL);
-        }
-
-        if (meth == NULL) {
-                SSLerrorx(SSL_R_NULL_SSL_METHOD_PASSED);
-                return (NULL);
-        }
-
-        if ((ret = calloc(1, sizeof(*ret))) == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (NULL);
-        }
-
-        if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) {
-                SSLerrorx(SSL_R_X509_VERIFICATION_SETUP_PROBLEMS);
-                goto err;
-        }
-
-        ret->method = meth;
-        ret->min_tls_version = meth->min_tls_version;
-        ret->max_tls_version = meth->max_tls_version;
-        ret->min_proto_version = 0;
-        ret->max_proto_version = 0;
-        ret->mode = SSL_MODE_AUTO_RETRY;
-
-        ret->cert_store = NULL;
-        ret->session_cache_mode = SSL_SESS_CACHE_SERVER;
-        ret->session_cache_size = SSL_SESSION_CACHE_MAX_SIZE_DEFAULT;
-        ret->session_cache_head = NULL;
-        ret->session_cache_tail = NULL;
-
-        /* We take the system default */
-        ret->session_timeout = ssl_get_default_timeout();
-
-        ret->new_session_cb = NULL;
-        ret->remove_session_cb = NULL;
-        ret->get_session_cb = NULL;
-        ret->generate_session_id = NULL;
-
-        memset((char *)&ret->stats, 0, sizeof(ret->stats));
-
-        ret->references = 1;
-        ret->quiet_shutdown = 0;
-
-        ret->info_callback = NULL;
-
-        ret->app_verify_callback = NULL;
-        ret->app_verify_arg = NULL;
-
-        ret->max_cert_list = SSL_MAX_CERT_LIST_DEFAULT;
-        ret->read_ahead = 0;
-        ret->msg_callback = NULL;
-        ret->msg_callback_arg = NULL;
-        ret->verify_mode = SSL_VERIFY_NONE;
-        ret->sid_ctx_length = 0;
-        ret->default_verify_callback = NULL;
-
-        if ((ret->cert = ssl_cert_new()) == NULL)
-                goto err;
-
-        ret->default_passwd_callback = NULL;
-        ret->default_passwd_callback_userdata = NULL;
-        ret->client_cert_cb = NULL;
-        ret->app_gen_cookie_cb = NULL;
-        ret->app_verify_cookie_cb = NULL;
-
-        ret->sessions = lh_SSL_SESSION_new();
-        if (ret->sessions == NULL)
-                goto err;
-        ret->cert_store = X509_STORE_new();
-        if (ret->cert_store == NULL)
-                goto err;
-
-        ssl_create_cipher_list(ret->method, &ret->cipher_list,
-            NULL, SSL_DEFAULT_CIPHER_LIST, ret->cert);
-        if (ret->cipher_list == NULL ||
-            sk_SSL_CIPHER_num(ret->cipher_list) <= 0) {
-                SSLerrorx(SSL_R_LIBRARY_HAS_NO_CIPHERS);
-                goto err2;
-        }
-
-        ret->param = X509_VERIFY_PARAM_new();
-        if (!ret->param)
-                goto err;
-
-        if ((ret->client_CA = sk_X509_NAME_new_null()) == NULL)
-                goto err;
-
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data);
-
-        ret->extra_certs = NULL;
-
-        ret->max_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH;
-
-        ret->tlsext_servername_callback = 0;
-        ret->tlsext_servername_arg = NULL;
-
-        /* Setup RFC4507 ticket keys */
-        arc4random_buf(ret->tlsext_tick_key_name, 16);
-        arc4random_buf(ret->tlsext_tick_hmac_key, 16);
-        arc4random_buf(ret->tlsext_tick_aes_key, 16);
-
-        ret->tlsext_status_cb = 0;
-        ret->tlsext_status_arg = NULL;
-
-        /*
-         * Default is to connect to non-RI servers. When RI is more widely
-         * deployed might change this.
-         */
-        ret->options |= SSL_OP_LEGACY_SERVER_CONNECT;
-
-        return (ret);
- err:
-        SSLerrorx(ERR_R_MALLOC_FAILURE);
- err2:
-        SSL_CTX_free(ret);
-        return (NULL);
-}
-LSSL_ALIAS(SSL_CTX_new);
-
-void
-SSL_CTX_free(SSL_CTX *ctx)
-{
-        int     i;
-
-        if (ctx == NULL)
-                return;
-
-        i = CRYPTO_add(&ctx->references, -1, CRYPTO_LOCK_SSL_CTX);
-        if (i > 0)
-                return;
-
-        X509_VERIFY_PARAM_free(ctx->param);
-
-        /*
-         * Free internal session cache. However: the remove_cb() may reference
-         * the ex_data of SSL_CTX, thus the ex_data store can only be removed
-         * after the sessions were flushed.
-         * As the ex_data handling routines might also touch the session cache,
-         * the most secure solution seems to be: empty (flush) the cache, then
-         * free ex_data, then finally free the cache.
-         * (See ticket [openssl.org #212].)
-         */
-        if (ctx->sessions != NULL)
-                SSL_CTX_flush_sessions(ctx, 0);
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ctx, &ctx->ex_data);
-
-        lh_SSL_SESSION_free(ctx->sessions);
-
-        X509_STORE_free(ctx->cert_store);
-        sk_SSL_CIPHER_free(ctx->cipher_list);
-        sk_SSL_CIPHER_free(ctx->cipher_list_tls13);
-        ssl_cert_free(ctx->cert);
-        sk_X509_NAME_pop_free(ctx->client_CA, X509_NAME_free);
-        sk_X509_pop_free(ctx->extra_certs, X509_free);
-
-#ifndef OPENSSL_NO_SRTP
-        if (ctx->srtp_profiles)
-                sk_SRTP_PROTECTION_PROFILE_free(ctx->srtp_profiles);
-#endif
-
-        free(ctx->tlsext_ecpointformatlist);
-        free(ctx->tlsext_supportedgroups);
-
-        free(ctx->alpn_client_proto_list);
-
-        free(ctx);
-}
-LSSL_ALIAS(SSL_CTX_free);
-
-int
-SSL_CTX_up_ref(SSL_CTX *ctx)
-{
-        return CRYPTO_add(&ctx->references, 1, CRYPTO_LOCK_SSL_CTX) > 1;
-}
-LSSL_ALIAS(SSL_CTX_up_ref);
-
-pem_password_cb *
-SSL_CTX_get_default_passwd_cb(SSL_CTX *ctx)
-{
-        return (ctx->default_passwd_callback);
-}
-LSSL_ALIAS(SSL_CTX_get_default_passwd_cb);
-
-void
-SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb)
-{
-        ctx->default_passwd_callback = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_default_passwd_cb);
-
-void *
-SSL_CTX_get_default_passwd_cb_userdata(SSL_CTX *ctx)
-{
-        return ctx->default_passwd_callback_userdata;
-}
-LSSL_ALIAS(SSL_CTX_get_default_passwd_cb_userdata);
-
-void
-SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u)
-{
-        ctx->default_passwd_callback_userdata = u;
-}
-LSSL_ALIAS(SSL_CTX_set_default_passwd_cb_userdata);
-
-void
-SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx,
-    int (*cb)(X509_STORE_CTX *, void *), void *arg)
-{
-        ctx->app_verify_callback = cb;
-        ctx->app_verify_arg = arg;
-}
-LSSL_ALIAS(SSL_CTX_set_cert_verify_callback);
-
-void
-SSL_CTX_set_verify(SSL_CTX *ctx, int mode, int (*cb)(int, X509_STORE_CTX *))
-{
-        ctx->verify_mode = mode;
-        ctx->default_verify_callback = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_verify);
-
-void
-SSL_CTX_set_verify_depth(SSL_CTX *ctx, int depth)
-{
-        X509_VERIFY_PARAM_set_depth(ctx->param, depth);
-}
-LSSL_ALIAS(SSL_CTX_set_verify_depth);
-
-void
-ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher)
-{
-        unsigned long mask_a, mask_k;
-        SSL_CERT_PKEY *cpk;
-
-        if (c == NULL)
-                return;
-
-        mask_a = SSL_aNULL | SSL_aTLS1_3;
-        mask_k = SSL_kECDHE | SSL_kTLS1_3;
-
-        if (c->dhe_params != NULL || c->dhe_params_cb != NULL ||
-            c->dhe_params_auto != 0)
-                mask_k |= SSL_kDHE;
-
-        cpk = &(c->pkeys[SSL_PKEY_ECC]);
-        if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-                /* Key usage, if present, must allow signing. */
-                if (X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE)
-                        mask_a |= SSL_aECDSA;
-        }
-
-        cpk = &(c->pkeys[SSL_PKEY_RSA]);
-        if (cpk->x509 != NULL && cpk->privatekey != NULL) {
-                mask_a |= SSL_aRSA;
-                mask_k |= SSL_kRSA;
-        }
-
-        c->mask_k = mask_k;
-        c->mask_a = mask_a;
-        c->valid = 1;
-}
-
-/* See if this handshake is using an ECC cipher suite. */
-int
-ssl_using_ecc_cipher(SSL *s)
-{
-        unsigned long alg_a, alg_k;
-
-        alg_a = s->s3->hs.cipher->algorithm_auth;
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-
-        return s->session->tlsext_ecpointformatlist != NULL &&
-            s->session->tlsext_ecpointformatlist_length > 0 &&
-            ((alg_k & SSL_kECDHE) || (alg_a & SSL_aECDSA));
-}
-
-int
-ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x)
-{
-        const SSL_CIPHER *cs = s->s3->hs.cipher;
-        unsigned long alg_a;
-
-        alg_a = cs->algorithm_auth;
-
-        if (alg_a & SSL_aECDSA) {
-                /* Key usage, if present, must allow signing. */
-                if (!(X509_get_key_usage(x) & X509v3_KU_DIGITAL_SIGNATURE)) {
-                        SSLerror(s, SSL_R_ECC_CERT_NOT_FOR_SIGNING);
-                        return (0);
-                }
-        }
-
-        return (1);
-}
-
-SSL_CERT_PKEY *
-ssl_get_server_send_pkey(const SSL *s)
-{
-        unsigned long alg_a;
-        SSL_CERT *c;
-        int i;
-
-        c = s->cert;
-        ssl_set_cert_masks(c, s->s3->hs.cipher);
-
-        alg_a = s->s3->hs.cipher->algorithm_auth;
-
-        if (alg_a & SSL_aECDSA) {
-                i = SSL_PKEY_ECC;
-        } else if (alg_a & SSL_aRSA) {
-                i = SSL_PKEY_RSA;
-        } else { /* if (alg_a & SSL_aNULL) */
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return (NULL);
-        }
-
-        return (c->pkeys + i);
-}
-
-EVP_PKEY *
-ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *cipher, const EVP_MD **pmd,
-    const struct ssl_sigalg **sap)
-{
-        const struct ssl_sigalg *sigalg = NULL;
-        EVP_PKEY *pkey = NULL;
-        unsigned long alg_a;
-        SSL_CERT *c;
-        int idx = -1;
-
-        alg_a = cipher->algorithm_auth;
-        c = s->cert;
-
-        if (alg_a & SSL_aRSA) {
-                idx = SSL_PKEY_RSA;
-        } else if ((alg_a & SSL_aECDSA) &&
-            (c->pkeys[SSL_PKEY_ECC].privatekey != NULL))
-                idx = SSL_PKEY_ECC;
-        if (idx == -1) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return (NULL);
-        }
-
-        pkey = c->pkeys[idx].privatekey;
-        if ((sigalg = ssl_sigalg_select(s, pkey)) == NULL) {
-                SSLerror(s, SSL_R_SIGNATURE_ALGORITHMS_ERROR);
-                return (NULL);
-        }
-        *pmd = sigalg->md();
-        *sap = sigalg;
-
-        return (pkey);
-}
-
-size_t
-ssl_dhe_params_auto_key_bits(SSL *s)
-{
-        SSL_CERT_PKEY *cpk;
-        int key_bits;
-
-        if (s->cert->dhe_params_auto == 2) {
-                key_bits = 1024;
-        } else if (s->s3->hs.cipher->algorithm_auth & SSL_aNULL) {
-                key_bits = 1024;
-                if (s->s3->hs.cipher->strength_bits == 256)
-                        key_bits = 3072;
-        } else {
-                if ((cpk = ssl_get_server_send_pkey(s)) == NULL)
-                        return 0;
-                if (cpk->privatekey == NULL ||
-                    EVP_PKEY_get0_RSA(cpk->privatekey) == NULL)
-                        return 0;
-                if ((key_bits = EVP_PKEY_bits(cpk->privatekey)) <= 0)
-                        return 0;
-        }
-
-        return key_bits;
-}
-
-static int
-ssl_should_update_external_cache(SSL *s, int mode)
-{
-        int cache_mode;
-
-        cache_mode = s->session_ctx->session_cache_mode;
-
-        /* Don't cache if mode says not to */
-        if ((cache_mode & mode) == 0)
-                return 0;
-
-        /* if it is not already cached, cache it */
-        if (!s->hit)
-                return 1;
-
-        /* If it's TLS 1.3, do it to match OpenSSL */
-        if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
-                return 1;
-
-        return 0;
-}
-
-static int
-ssl_should_update_internal_cache(SSL *s, int mode)
-{
-        int cache_mode;
-
-        cache_mode = s->session_ctx->session_cache_mode;
-
-        /* Don't cache if mode says not to */
-        if ((cache_mode & mode) == 0)
-                return 0;
-
-        /* If it is already cached, don't cache it again */
-        if (s->hit)
-                return 0;
-
-        if ((cache_mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
-                return 0;
-
-        /* If we are lesser than TLS 1.3, Cache it. */
-        if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
-                return 1;
-
-        /* Below this we consider TLS 1.3 or later */
-
-        /* If it's not a server, add it? OpenSSL does this. */
-        if (!s->server)
-                return 1;
-
-        /* XXX if we support early data / PSK need to add */
-
-        /*
-         * If we have the remove session callback, we will want
-         * to know about this even if it's a stateless ticket
-         * from 1.3 so we can know when it is removed.
-         */
-        if (s->session_ctx->remove_session_cb != NULL)
-                return 1;
-
-        /* If we have set OP_NO_TICKET, cache it. */
-        if ((s->options & SSL_OP_NO_TICKET) != 0)
-                return 1;
-
-        /* Otherwise do not cache */
-        return 0;
-}
-
-void
-ssl_update_cache(SSL *s, int mode)
-{
-        int cache_mode, do_callback;
-
-        if (s->session->session_id_length == 0)
-                return;
-
-        cache_mode = s->session_ctx->session_cache_mode;
-        do_callback = ssl_should_update_external_cache(s, mode);
-
-        if (ssl_should_update_internal_cache(s, mode)) {
-                /*
-                 * XXX should we fail if the add to the internal cache
-                 * fails? OpenSSL doesn't care..
-                 */
-                (void) SSL_CTX_add_session(s->session_ctx, s->session);
-        }
-
-        /*
-         * Update the "external cache" by calling the new session
-         * callback if present, even with TLS 1.3 without early data
-         * "because some application just want to know about the
-         * creation of a session and aren't doing a full cache".
-         * Apparently, if they are doing a full cache, they'll have
-         * some fun, but we endeavour to give application writers the
-         * same glorious experience they expect from OpenSSL which
-         * does it this way.
-         */
-        if (do_callback && s->session_ctx->new_session_cb != NULL) {
-                    CRYPTO_add(&s->session->references, 1, CRYPTO_LOCK_SSL_SESSION);
-                    if (!s->session_ctx->new_session_cb(s, s->session))
-                            SSL_SESSION_free(s->session);
-        }
-
-        /* Auto flush every 255 connections. */
-        if (!(cache_mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) &&
-            (cache_mode & mode) != 0) {
-                int connections;
-                if (mode & SSL_SESS_CACHE_CLIENT)
-                        connections = s->session_ctx->stats.sess_connect_good;
-                else
-                        connections = s->session_ctx->stats.sess_accept_good;
-                if ((connections & 0xff) == 0xff)
-                        SSL_CTX_flush_sessions(s->session_ctx, time(NULL));
-        }
-}
-
-const SSL_METHOD *
-SSL_get_ssl_method(SSL *s)
-{
-        return (s->method);
-}
-LSSL_ALIAS(SSL_get_ssl_method);
-
-int
-SSL_set_ssl_method(SSL *s, const SSL_METHOD *method)
-{
-        int (*handshake_func)(SSL *) = NULL;
-        int ret = 1;
-
-        if (s->method == method)
-                return (ret);
-
-        if (s->handshake_func == s->method->ssl_connect)
-                handshake_func = method->ssl_connect;
-        else if (s->handshake_func == s->method->ssl_accept)
-                handshake_func = method->ssl_accept;
-
-        if (s->method->version == method->version) {
-                s->method = method;
-        } else {
-                s->method->ssl_free(s);
-                s->method = method;
-                ret = s->method->ssl_new(s);
-        }
-        s->handshake_func = handshake_func;
-
-        return (ret);
-}
-LSSL_ALIAS(SSL_set_ssl_method);
-
-int
-SSL_get_error(const SSL *s, int i)
-{
-        unsigned long l;
-        int reason;
-        BIO *bio;
-
-        if (i > 0)
-                return (SSL_ERROR_NONE);
-
-        /*
-         * Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake
-         * etc, where we do encode the error.
-         */
-        if ((l = ERR_peek_error()) != 0) {
-                if (ERR_GET_LIB(l) == ERR_LIB_SYS)
-                        return (SSL_ERROR_SYSCALL);
-                else
-                        return (SSL_ERROR_SSL);
-        }
-
-        if (SSL_want_read(s)) {
-                bio = SSL_get_rbio(s);
-                if (BIO_should_read(bio)) {
-                        return (SSL_ERROR_WANT_READ);
-                } else if (BIO_should_write(bio)) {
-                        /*
-                         * This one doesn't make too much sense...  We never
-                         * try to write to the rbio, and an application
-                         * program where rbio and wbio are separate couldn't
-                         * even know what it should wait for.  However if we
-                         * ever set s->rwstate incorrectly (so that we have
-                         * SSL_want_read(s) instead of SSL_want_write(s))
-                         * and rbio and wbio *are* the same, this test works
-                         * around that bug; so it might be safer to keep it.
-                         */
-                        return (SSL_ERROR_WANT_WRITE);
-                } else if (BIO_should_io_special(bio)) {
-                        reason = BIO_get_retry_reason(bio);
-                        if (reason == BIO_RR_CONNECT)
-                                return (SSL_ERROR_WANT_CONNECT);
-                        else if (reason == BIO_RR_ACCEPT)
-                                return (SSL_ERROR_WANT_ACCEPT);
-                        else
-                                return (SSL_ERROR_SYSCALL); /* unknown */
-                }
-        }
-
-        if (SSL_want_write(s)) {
-                bio = SSL_get_wbio(s);
-                if (BIO_should_write(bio)) {
-                        return (SSL_ERROR_WANT_WRITE);
-                } else if (BIO_should_read(bio)) {
-                        /*
-                         * See above (SSL_want_read(s) with
-                         * BIO_should_write(bio))
-                         */
-                        return (SSL_ERROR_WANT_READ);
-                } else if (BIO_should_io_special(bio)) {
-                        reason = BIO_get_retry_reason(bio);
-                        if (reason == BIO_RR_CONNECT)
-                                return (SSL_ERROR_WANT_CONNECT);
-                        else if (reason == BIO_RR_ACCEPT)
-                                return (SSL_ERROR_WANT_ACCEPT);
-                        else
-                                return (SSL_ERROR_SYSCALL);
-                }
-        }
-
-        if (SSL_want_x509_lookup(s))
-                return (SSL_ERROR_WANT_X509_LOOKUP);
-
-        if ((s->shutdown & SSL_RECEIVED_SHUTDOWN) &&
-            (s->s3->warn_alert == SSL_AD_CLOSE_NOTIFY))
-                return (SSL_ERROR_ZERO_RETURN);
-
-        return (SSL_ERROR_SYSCALL);
-}
-LSSL_ALIAS(SSL_get_error);
-
-int
-SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method)
-{
-        if (ctx->method->dtls)
-                return 0;
-
-        ctx->quic_method = quic_method;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_CTX_set_quic_method);
-
-int
-SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method)
-{
-        if (ssl->method->dtls)
-                return 0;
-
-        ssl->quic_method = quic_method;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_set_quic_method);
-
-size_t
-SSL_quic_max_handshake_flight_len(const SSL *ssl,
-    enum ssl_encryption_level_t level)
-{
-        size_t flight_len;
-
-        /* Limit flights to 16K when there are no large certificate messages. */
-        flight_len = 16384;
-
-        switch (level) {
-        case ssl_encryption_initial:
-                return flight_len;
-
-        case ssl_encryption_early_data:
-                /* QUIC does not send EndOfEarlyData. */
-                return 0;
-
-        case ssl_encryption_handshake:
-                if (ssl->server) {
-                        /*
-                         * Servers may receive Certificate message if configured
-                         * to request client certificates.
-                         */
-                        if ((SSL_get_verify_mode(ssl) & SSL_VERIFY_PEER) != 0 &&
-                            ssl->max_cert_list > flight_len)
-                                flight_len = ssl->max_cert_list;
-                } else {
-                        /*
-                         * Clients may receive both Certificate message and a
-                         * CertificateRequest message.
-                         */
-                        if (ssl->max_cert_list * 2 > flight_len)
-                                flight_len = ssl->max_cert_list * 2;
-                }
-                return flight_len;
-        case ssl_encryption_application:
-                /*
-                 * Note there is not actually a bound on the number of
-                 * NewSessionTickets one may send in a row. This level may need
-                 * more involved flow control.
-                 */
-                return flight_len;
-        }
-
-        return 0;
-}
-LSSL_ALIAS(SSL_quic_max_handshake_flight_len);
-
-enum ssl_encryption_level_t
-SSL_quic_read_level(const SSL *ssl)
-{
-        return ssl->s3->hs.tls13.quic_read_level;
-}
-LSSL_ALIAS(SSL_quic_read_level);
-
-enum ssl_encryption_level_t
-SSL_quic_write_level(const SSL *ssl)
-{
-        return ssl->s3->hs.tls13.quic_write_level;
-}
-LSSL_ALIAS(SSL_quic_write_level);
-
-int
-SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
-    const uint8_t *data, size_t len)
-{
-        if (!SSL_is_quic(ssl)) {
-                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return 0;
-        }
-
-        if (level != SSL_quic_read_level(ssl)) {
-                SSLerror(ssl, SSL_R_WRONG_ENCRYPTION_LEVEL_RECEIVED);
-                return 0;
-        }
-
-        if (ssl->s3->hs.tls13.quic_read_buffer == NULL) {
-                ssl->s3->hs.tls13.quic_read_buffer = tls_buffer_new(0);
-                if (ssl->s3->hs.tls13.quic_read_buffer == NULL) {
-                        SSLerror(ssl, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-        }
-
-        /* XXX - note that this does not currently downsize. */
-        tls_buffer_set_capacity_limit(ssl->s3->hs.tls13.quic_read_buffer,
-            SSL_quic_max_handshake_flight_len(ssl, level));
-
-        /*
-         * XXX - an append that fails due to exceeding capacity should set
-         * SSL_R_EXCESSIVE_MESSAGE_SIZE.
-         */
-        return tls_buffer_append(ssl->s3->hs.tls13.quic_read_buffer, data, len);
-}
-LSSL_ALIAS(SSL_provide_quic_data);
-
-int
-SSL_process_quic_post_handshake(SSL *ssl)
-{
-        /* XXX - this needs to run PHH received. */
-        return 1;
-}
-LSSL_ALIAS(SSL_process_quic_post_handshake);
-
-int
-SSL_do_handshake(SSL *s)
-{
-        if (s->handshake_func == NULL) {
-                SSLerror(s, SSL_R_CONNECTION_TYPE_NOT_SET);
-                return (-1);
-        }
-
-        s->method->ssl_renegotiate_check(s);
-
-        if (!SSL_in_init(s) && !SSL_in_before(s))
-                return 1;
-
-        return s->handshake_func(s);
-}
-LSSL_ALIAS(SSL_do_handshake);
-
-/*
- * For the next 2 functions, SSL_clear() sets shutdown and so
- * one of these calls will reset it
- */
-void
-SSL_set_accept_state(SSL *s)
-{
-        s->server = 1;
-        s->shutdown = 0;
-        s->s3->hs.state = SSL_ST_ACCEPT|SSL_ST_BEFORE;
-        s->handshake_func = s->method->ssl_accept;
-        ssl_clear_cipher_state(s);
-}
-LSSL_ALIAS(SSL_set_accept_state);
-
-void
-SSL_set_connect_state(SSL *s)
-{
-        s->server = 0;
-        s->shutdown = 0;
-        s->s3->hs.state = SSL_ST_CONNECT|SSL_ST_BEFORE;
-        s->handshake_func = s->method->ssl_connect;
-        ssl_clear_cipher_state(s);
-}
-LSSL_ALIAS(SSL_set_connect_state);
-
-int
-ssl_undefined_function(SSL *s)
-{
-        SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return (0);
-}
-
-int
-ssl_undefined_void_function(void)
-{
-        SSLerrorx(ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return (0);
-}
-
-int
-ssl_undefined_const_function(const SSL *s)
-{
-        SSLerror(s, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-        return (0);
-}
-
-const char *
-ssl_version_string(int ver)
-{
-        switch (ver) {
-        case TLS1_VERSION:
-                return (SSL_TXT_TLSV1);
-        case TLS1_1_VERSION:
-                return (SSL_TXT_TLSV1_1);
-        case TLS1_2_VERSION:
-                return (SSL_TXT_TLSV1_2);
-        case TLS1_3_VERSION:
-                return (SSL_TXT_TLSV1_3);
-        case DTLS1_VERSION:
-                return (SSL_TXT_DTLS1);
-        case DTLS1_2_VERSION:
-                return (SSL_TXT_DTLS1_2);
-        default:
-                return ("unknown");
-        }
-}
-
-const char *
-SSL_get_version(const SSL *s)
-{
-        return ssl_version_string(s->version);
-}
-LSSL_ALIAS(SSL_get_version);
-
-SSL *
-SSL_dup(SSL *s)
-{
-        STACK_OF(X509_NAME) *sk;
-        X509_NAME *xn;
-        SSL *ret;
-        int i;
-
-        if ((ret = SSL_new(SSL_get_SSL_CTX(s))) == NULL)
-                goto err;
-
-        ret->version = s->version;
-        ret->method = s->method;
-
-        if (s->session != NULL) {
-                if (!SSL_copy_session_id(ret, s))
-                        goto err;
-        } else {
-                /*
-                 * No session has been established yet, so we have to expect
-                 * that s->cert or ret->cert will be changed later --
-                 * they should not both point to the same object,
-                 * and thus we can't use SSL_copy_session_id.
-                 */
-
-                ret->method->ssl_free(ret);
-                ret->method = s->method;
-                ret->method->ssl_new(ret);
-
-                ssl_cert_free(ret->cert);
-                if ((ret->cert = ssl_cert_dup(s->cert)) == NULL)
-                        goto err;
-
-                if (!SSL_set_session_id_context(ret, s->sid_ctx,
-                    s->sid_ctx_length))
-                        goto err;
-        }
-
-        ret->options = s->options;
-        ret->mode = s->mode;
-        SSL_set_max_cert_list(ret, SSL_get_max_cert_list(s));
-        SSL_set_read_ahead(ret, SSL_get_read_ahead(s));
-        ret->msg_callback = s->msg_callback;
-        ret->msg_callback_arg = s->msg_callback_arg;
-        SSL_set_verify(ret, SSL_get_verify_mode(s),
-        SSL_get_verify_callback(s));
-        SSL_set_verify_depth(ret, SSL_get_verify_depth(s));
-        ret->generate_session_id = s->generate_session_id;
-
-        SSL_set_info_callback(ret, SSL_get_info_callback(s));
-
-        /* copy app data, a little dangerous perhaps */
-        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL,
-            &ret->ex_data, &s->ex_data))
-                goto err;
-
-        /* setup rbio, and wbio */
-        if (s->rbio != NULL) {
-                if (!BIO_dup_state(s->rbio,(char *)&ret->rbio))
-                        goto err;
-        }
-        if (s->wbio != NULL) {
-                if (s->wbio != s->rbio) {
-                        if (!BIO_dup_state(s->wbio,(char *)&ret->wbio))
-                                goto err;
-                } else
-                        ret->wbio = ret->rbio;
-        }
-        ret->rwstate = s->rwstate;
-        ret->in_handshake = s->in_handshake;
-        ret->handshake_func = s->handshake_func;
-        ret->server = s->server;
-        ret->renegotiate = s->renegotiate;
-        ret->new_session = s->new_session;
-        ret->quiet_shutdown = s->quiet_shutdown;
-        ret->shutdown = s->shutdown;
-        /* SSL_dup does not really work at any state, though */
-        ret->s3->hs.state = s->s3->hs.state;
-        ret->rstate = s->rstate;
-
-        /*
-         * Would have to copy ret->init_buf, ret->init_msg, ret->init_num,
-         * ret->init_off
-         */
-        ret->init_num = 0;
-
-        ret->hit = s->hit;
-
-        X509_VERIFY_PARAM_inherit(ret->param, s->param);
-
-        if (s->cipher_list != NULL) {
-                if ((ret->cipher_list =
-                    sk_SSL_CIPHER_dup(s->cipher_list)) == NULL)
-                        goto err;
-        }
-        if (s->cipher_list_tls13 != NULL) {
-                if ((ret->cipher_list_tls13 =
-                    sk_SSL_CIPHER_dup(s->cipher_list_tls13)) == NULL)
-                        goto err;
-        }
-
-        /* Dup the client_CA list */
-        if (s->client_CA != NULL) {
-                if ((sk = sk_X509_NAME_dup(s->client_CA)) == NULL) goto err;
-                        ret->client_CA = sk;
-                for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                        xn = sk_X509_NAME_value(sk, i);
-                        if (sk_X509_NAME_set(sk, i,
-                            X509_NAME_dup(xn)) == NULL) {
-                                X509_NAME_free(xn);
-                                goto err;
-                        }
-                }
-        }
-
-        return ret;
- err:
-        SSL_free(ret);
-        return NULL;
-}
-LSSL_ALIAS(SSL_dup);
-
-void
-ssl_clear_cipher_state(SSL *s)
-{
-        tls12_record_layer_clear_read_state(s->rl);
-        tls12_record_layer_clear_write_state(s->rl);
-}
-
-void
-ssl_info_callback(const SSL *s, int type, int value)
-{
-        ssl_info_callback_fn *cb;
-
-        if ((cb = s->info_callback) == NULL)
-                cb = s->ctx->info_callback;
-        if (cb != NULL)
-                cb(s, type, value);
-}
-
-void
-ssl_msg_callback(SSL *s, int is_write, int content_type,
-    const void *msg_buf, size_t msg_len)
-{
-        if (s->msg_callback == NULL)
-                return;
-
-        s->msg_callback(is_write, s->version, content_type,
-            msg_buf, msg_len, s, s->msg_callback_arg);
-}
-
-void
-ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs)
-{
-        ssl_msg_callback(s, is_write, content_type, CBS_data(cbs), CBS_len(cbs));
-}
-
-/* Fix this function so that it takes an optional type parameter */
-X509 *
-SSL_get_certificate(const SSL *s)
-{
-        return (s->cert->key->x509);
-}
-LSSL_ALIAS(SSL_get_certificate);
-
-/* Fix this function so that it takes an optional type parameter */
-EVP_PKEY *
-SSL_get_privatekey(const SSL *s)
-{
-        return (s->cert->key->privatekey);
-}
-LSSL_ALIAS(SSL_get_privatekey);
-
-const SSL_CIPHER *
-SSL_get_current_cipher(const SSL *s)
-{
-        return s->s3->hs.cipher;
-}
-LSSL_ALIAS(SSL_get_current_cipher);
-
-const void *
-SSL_get_current_compression(SSL *s)
-{
-        return (NULL);
-}
-LSSL_ALIAS(SSL_get_current_compression);
-
-const void *
-SSL_get_current_expansion(SSL *s)
-{
-        return (NULL);
-}
-LSSL_ALIAS(SSL_get_current_expansion);
-
-size_t
-SSL_get_client_random(const SSL *s, unsigned char *out, size_t max_out)
-{
-        size_t len = sizeof(s->s3->client_random);
-
-        if (out == NULL)
-                return len;
-
-        if (len > max_out)
-                len = max_out;
-
-        memcpy(out, s->s3->client_random, len);
-
-        return len;
-}
-LSSL_ALIAS(SSL_get_client_random);
-
-size_t
-SSL_get_server_random(const SSL *s, unsigned char *out, size_t max_out)
-{
-        size_t len = sizeof(s->s3->server_random);
-
-        if (out == NULL)
-                return len;
-
-        if (len > max_out)
-                len = max_out;
-
-        memcpy(out, s->s3->server_random, len);
-
-        return len;
-}
-LSSL_ALIAS(SSL_get_server_random);
-
-int
-ssl_init_wbio_buffer(SSL *s, int push)
-{
-        BIO     *bbio;
-
-        if (s->bbio == NULL) {
-                bbio = BIO_new(BIO_f_buffer());
-                if (bbio == NULL)
-                        return (0);
-                s->bbio = bbio;
-        } else {
-                bbio = s->bbio;
-                if (s->bbio == s->wbio)
-                        s->wbio = BIO_pop(s->wbio);
-        }
-        (void)BIO_reset(bbio);
-/*      if (!BIO_set_write_buffer_size(bbio,16*1024)) */
-        if (!BIO_set_read_buffer_size(bbio, 1)) {
-                SSLerror(s, ERR_R_BUF_LIB);
-                return (0);
-        }
-        if (push) {
-                if (s->wbio != bbio)
-                        s->wbio = BIO_push(bbio, s->wbio);
-        } else {
-                if (s->wbio == bbio)
-                        s->wbio = BIO_pop(bbio);
-        }
-        return (1);
-}
-
-void
-ssl_free_wbio_buffer(SSL *s)
-{
-        if (s == NULL)
-                return;
-
-        if (s->bbio == NULL)
-                return;
-
-        if (s->bbio == s->wbio) {
-                /* remove buffering */
-                s->wbio = BIO_pop(s->wbio);
-        }
-        BIO_free(s->bbio);
-        s->bbio = NULL;
-}
-
-void
-SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx, int mode)
-{
-        ctx->quiet_shutdown = mode;
-}
-LSSL_ALIAS(SSL_CTX_set_quiet_shutdown);
-
-int
-SSL_CTX_get_quiet_shutdown(const SSL_CTX *ctx)
-{
-        return (ctx->quiet_shutdown);
-}
-LSSL_ALIAS(SSL_CTX_get_quiet_shutdown);
-
-void
-SSL_set_quiet_shutdown(SSL *s, int mode)
-{
-        s->quiet_shutdown = mode;
-}
-LSSL_ALIAS(SSL_set_quiet_shutdown);
-
-int
-SSL_get_quiet_shutdown(const SSL *s)
-{
-        return (s->quiet_shutdown);
-}
-LSSL_ALIAS(SSL_get_quiet_shutdown);
-
-void
-SSL_set_shutdown(SSL *s, int mode)
-{
-        s->shutdown = mode;
-}
-LSSL_ALIAS(SSL_set_shutdown);
-
-int
-SSL_get_shutdown(const SSL *s)
-{
-        return (s->shutdown);
-}
-LSSL_ALIAS(SSL_get_shutdown);
-
-int
-SSL_version(const SSL *s)
-{
-        return (s->version);
-}
-LSSL_ALIAS(SSL_version);
-
-SSL_CTX *
-SSL_get_SSL_CTX(const SSL *ssl)
-{
-        return (ssl->ctx);
-}
-LSSL_ALIAS(SSL_get_SSL_CTX);
-
-SSL_CTX *
-SSL_set_SSL_CTX(SSL *ssl, SSL_CTX* ctx)
-{
-        SSL_CERT *new_cert;
-
-        if (ctx == NULL)
-                ctx = ssl->initial_ctx;
-        if (ssl->ctx == ctx)
-                return (ssl->ctx);
-
-        if ((new_cert = ssl_cert_dup(ctx->cert)) == NULL)
-                return NULL;
-        ssl_cert_free(ssl->cert);
-        ssl->cert = new_cert;
-
-        SSL_CTX_up_ref(ctx);
-        SSL_CTX_free(ssl->ctx); /* decrement reference count */
-        ssl->ctx = ctx;
-
-        return (ssl->ctx);
-}
-LSSL_ALIAS(SSL_set_SSL_CTX);
-
-int
-SSL_CTX_set_default_verify_paths(SSL_CTX *ctx)
-{
-        return (X509_STORE_set_default_paths(ctx->cert_store));
-}
-LSSL_ALIAS(SSL_CTX_set_default_verify_paths);
-
-int
-SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile,
-    const char *CApath)
-{
-        return (X509_STORE_load_locations(ctx->cert_store, CAfile, CApath));
-}
-LSSL_ALIAS(SSL_CTX_load_verify_locations);
-
-int
-SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
-{
-        return (X509_STORE_load_mem(ctx->cert_store, buf, len));
-}
-LSSL_ALIAS(SSL_CTX_load_verify_mem);
-
-void
-SSL_set_info_callback(SSL *ssl, void (*cb)(const SSL *ssl, int type, int val))
-{
-        ssl->info_callback = cb;
-}
-LSSL_ALIAS(SSL_set_info_callback);
-
-void (*SSL_get_info_callback(const SSL *ssl))(const SSL *ssl, int type, int val)
-{
-        return (ssl->info_callback);
-}
-LSSL_ALIAS(SSL_get_info_callback);
-
-int
-SSL_state(const SSL *ssl)
-{
-        return (ssl->s3->hs.state);
-}
-LSSL_ALIAS(SSL_state);
-
-void
-SSL_set_state(SSL *ssl, int state)
-{
-        ssl->s3->hs.state = state;
-}
-LSSL_ALIAS(SSL_set_state);
-
-void
-SSL_set_verify_result(SSL *ssl, long arg)
-{
-        ssl->verify_result = arg;
-}
-LSSL_ALIAS(SSL_set_verify_result);
-
-long
-SSL_get_verify_result(const SSL *ssl)
-{
-        return (ssl->verify_result);
-}
-LSSL_ALIAS(SSL_get_verify_result);
-
-int
-SSL_verify_client_post_handshake(SSL *ssl)
-{
-        return 0;
-}
-LSSL_ALIAS(SSL_verify_client_post_handshake);
-
-void
-SSL_CTX_set_post_handshake_auth(SSL_CTX *ctx, int val)
-{
-        return;
-}
-LSSL_ALIAS(SSL_CTX_set_post_handshake_auth);
-
-void
-SSL_set_post_handshake_auth(SSL *ssl, int val)
-{
-        return;
-}
-LSSL_ALIAS(SSL_set_post_handshake_auth);
-
-int
-SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-        return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp,
-            new_func, dup_func, free_func));
-}
-LSSL_ALIAS(SSL_get_ex_new_index);
-
-int
-SSL_set_ex_data(SSL *s, int idx, void *arg)
-{
-        return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
-}
-LSSL_ALIAS(SSL_set_ex_data);
-
-void *
-SSL_get_ex_data(const SSL *s, int idx)
-{
-        return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-LSSL_ALIAS(SSL_get_ex_data);
-
-int
-SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-        return (CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp,
-            new_func, dup_func, free_func));
-}
-LSSL_ALIAS(SSL_CTX_get_ex_new_index);
-
-int
-SSL_CTX_set_ex_data(SSL_CTX *s, int idx, void *arg)
-{
-        return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
-}
-LSSL_ALIAS(SSL_CTX_set_ex_data);
-
-void *
-SSL_CTX_get_ex_data(const SSL_CTX *s, int idx)
-{
-        return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-LSSL_ALIAS(SSL_CTX_get_ex_data);
-
-int
-ssl_ok(SSL *s)
-{
-        return (1);
-}
-
-X509_STORE *
-SSL_CTX_get_cert_store(const SSL_CTX *ctx)
-{
-        return (ctx->cert_store);
-}
-LSSL_ALIAS(SSL_CTX_get_cert_store);
-
-void
-SSL_CTX_set_cert_store(SSL_CTX *ctx, X509_STORE *store)
-{
-        X509_STORE_free(ctx->cert_store);
-        ctx->cert_store = store;
-}
-LSSL_ALIAS(SSL_CTX_set_cert_store);
-
-void
-SSL_CTX_set1_cert_store(SSL_CTX *ctx, X509_STORE *store)
-{
-        if (store != NULL)
-                X509_STORE_up_ref(store);
-
-        SSL_CTX_set_cert_store(ctx, store);
-}
-LSSL_ALIAS(SSL_CTX_set1_cert_store);
-
-X509 *
-SSL_CTX_get0_certificate(const SSL_CTX *ctx)
-{
-        if (ctx->cert == NULL)
-                return NULL;
-
-        return ctx->cert->key->x509;
-}
-LSSL_ALIAS(SSL_CTX_get0_certificate);
-
-EVP_PKEY *
-SSL_CTX_get0_privatekey(const SSL_CTX *ctx)
-{
-        if (ctx->cert == NULL)
-                return NULL;
-
-        return ctx->cert->key->privatekey;
-}
-LSSL_ALIAS(SSL_CTX_get0_privatekey);
-
-int
-SSL_want(const SSL *s)
-{
-        return (s->rwstate);
-}
-LSSL_ALIAS(SSL_want);
-
-void
-SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, RSA *(*cb)(SSL *ssl, int is_export,
-    int keylength))
-{
-        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
-}
-LSSL_ALIAS(SSL_CTX_set_tmp_rsa_callback);
-
-void
-SSL_set_tmp_rsa_callback(SSL *ssl, RSA *(*cb)(SSL *ssl, int is_export,
-    int keylength))
-{
-        SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_RSA_CB,(void (*)(void))cb);
-}
-LSSL_ALIAS(SSL_set_tmp_rsa_callback);
-
-void
-SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, DH *(*dh)(SSL *ssl, int is_export,
-    int keylength))
-{
-        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
-}
-LSSL_ALIAS(SSL_CTX_set_tmp_dh_callback);
-
-void
-SSL_set_tmp_dh_callback(SSL *ssl, DH *(*dh)(SSL *ssl, int is_export,
-    int keylength))
-{
-        SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_DH_CB,(void (*)(void))dh);
-}
-LSSL_ALIAS(SSL_set_tmp_dh_callback);
-
-void
-SSL_CTX_set_tmp_ecdh_callback(SSL_CTX *ctx, EC_KEY *(*ecdh)(SSL *ssl,
-    int is_export, int keylength))
-{
-        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH_CB,
-            (void (*)(void))ecdh);
-}
-LSSL_ALIAS(SSL_CTX_set_tmp_ecdh_callback);
-
-void
-SSL_set_tmp_ecdh_callback(SSL *ssl, EC_KEY *(*ecdh)(SSL *ssl, int is_export,
-    int keylength))
-{
-        SSL_callback_ctrl(ssl, SSL_CTRL_SET_TMP_ECDH_CB,(void (*)(void))ecdh);
-}
-LSSL_ALIAS(SSL_set_tmp_ecdh_callback);
-
-
-void
-SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version,
-    int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
-{
-        SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK,
-            (void (*)(void))cb);
-}
-LSSL_ALIAS(SSL_CTX_set_msg_callback);
-
-void
-SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version,
-    int content_type, const void *buf, size_t len, SSL *ssl, void *arg))
-{
-        SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)(void))cb);
-}
-LSSL_ALIAS(SSL_set_msg_callback);
-
-int
-SSL_cache_hit(SSL *s)
-{
-        return (s->hit);
-}
-LSSL_ALIAS(SSL_cache_hit);
-
-int
-SSL_CTX_get_min_proto_version(SSL_CTX *ctx)
-{
-        return ctx->min_proto_version;
-}
-LSSL_ALIAS(SSL_CTX_get_min_proto_version);
-
-int
-SSL_CTX_set_min_proto_version(SSL_CTX *ctx, uint16_t version)
-{
-        return ssl_version_set_min(ctx->method, version,
-            ctx->max_tls_version, &ctx->min_tls_version,
-            &ctx->min_proto_version);
-}
-LSSL_ALIAS(SSL_CTX_set_min_proto_version);
-
-int
-SSL_CTX_get_max_proto_version(SSL_CTX *ctx)
-{
-        return ctx->max_proto_version;
-}
-LSSL_ALIAS(SSL_CTX_get_max_proto_version);
-
-int
-SSL_CTX_set_max_proto_version(SSL_CTX *ctx, uint16_t version)
-{
-        return ssl_version_set_max(ctx->method, version,
-            ctx->min_tls_version, &ctx->max_tls_version,
-            &ctx->max_proto_version);
-}
-LSSL_ALIAS(SSL_CTX_set_max_proto_version);
-
-int
-SSL_get_min_proto_version(SSL *ssl)
-{
-        return ssl->min_proto_version;
-}
-LSSL_ALIAS(SSL_get_min_proto_version);
-
-int
-SSL_set_min_proto_version(SSL *ssl, uint16_t version)
-{
-        return ssl_version_set_min(ssl->method, version,
-            ssl->max_tls_version, &ssl->min_tls_version,
-            &ssl->min_proto_version);
-}
-LSSL_ALIAS(SSL_set_min_proto_version);
-int
-SSL_get_max_proto_version(SSL *ssl)
-{
-        return ssl->max_proto_version;
-}
-LSSL_ALIAS(SSL_get_max_proto_version);
-
-int
-SSL_set_max_proto_version(SSL *ssl, uint16_t version)
-{
-        return ssl_version_set_max(ssl->method, version,
-            ssl->min_tls_version, &ssl->max_tls_version,
-            &ssl->max_proto_version);
-}
-LSSL_ALIAS(SSL_set_max_proto_version);
-
-const SSL_METHOD *
-SSL_CTX_get_ssl_method(const SSL_CTX *ctx)
-{
-        return ctx->method;
-}
-LSSL_ALIAS(SSL_CTX_get_ssl_method);
-
-int
-SSL_CTX_get_security_level(const SSL_CTX *ctx)
-{
-        return ctx->cert->security_level;
-}
-LSSL_ALIAS(SSL_CTX_get_security_level);
-
-void
-SSL_CTX_set_security_level(SSL_CTX *ctx, int level)
-{
-        ctx->cert->security_level = level;
-}
-LSSL_ALIAS(SSL_CTX_set_security_level);
-
-int
-SSL_get_security_level(const SSL *ssl)
-{
-        return ssl->cert->security_level;
-}
-LSSL_ALIAS(SSL_get_security_level);
-
-void
-SSL_set_security_level(SSL *ssl, int level)
-{
-        ssl->cert->security_level = level;
-}
-LSSL_ALIAS(SSL_set_security_level);
-
-int
-SSL_is_quic(const SSL *ssl)
-{
-        return ssl->quic_method != NULL;
-}
-LSSL_ALIAS(SSL_is_quic);
-
-int
-SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
-    size_t params_len)
-{
-        freezero(ssl->quic_transport_params,
-            ssl->quic_transport_params_len);
-        ssl->quic_transport_params = NULL;
-        ssl->quic_transport_params_len = 0;
-
-        if ((ssl->quic_transport_params = malloc(params_len)) == NULL)
-                return 0;
-
-        memcpy(ssl->quic_transport_params, params, params_len);
-        ssl->quic_transport_params_len = params_len;
-
-        return 1;
-}
-LSSL_ALIAS(SSL_set_quic_transport_params);
-
-void
-SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params,
-    size_t *out_params_len)
-{
-        *out_params = ssl->s3->peer_quic_transport_params;
-        *out_params_len = ssl->s3->peer_quic_transport_params_len;
-}
-LSSL_ALIAS(SSL_get_peer_quic_transport_params);
-
-void
-SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy)
-{
-        /* Not supported. */
-}
-LSSL_ALIAS(SSL_set_quic_use_legacy_codepoint);
diff --git a/src/lib/libssl/ssl_local.h b/src/lib/libssl/ssl_local.h
deleted file mode 100644
index 6095940388..0000000000
--- a/src/lib/libssl/ssl_local.h
+++ /dev/null
@@ -1,1463 +0,0 @@
-/* $OpenBSD: ssl_local.h,v 1.27 2025/03/09 15:12:18 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECC cipher suite support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_SSL_LOCL_H
-#define HEADER_SSL_LOCL_H
-
-#include <sys/types.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <time.h>
-#include <unistd.h>
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/bio.h>
-#include <openssl/buffer.h>
-#include <openssl/err.h>
-#include <openssl/rsa.h>
-#include <openssl/ssl.h>
-#include <openssl/stack.h>
-
-#include "bytestring.h"
-#include "tls_content.h"
-#include "tls13_internal.h"
-
-__BEGIN_HIDDEN_DECLS
-
-#ifndef CTASSERT
-#define CTASSERT(x)     extern char  _ctassert[(x) ? 1 : -1 ]   \
-                            __attribute__((__unused__))
-#endif
-
-#ifndef LIBRESSL_HAS_DTLS1_2
-#define LIBRESSL_HAS_DTLS1_2
-#endif
-
-/* LOCAL STUFF */
-
-#define SSL_DECRYPT     0
-#define SSL_ENCRYPT     1
-
-/*
- * Define the Bitmasks for SSL_CIPHER.algorithms.
- * This bits are used packed as dense as possible. If new methods/ciphers
- * etc will be added, the bits a likely to change, so this information
- * is for internal library use only, even though SSL_CIPHER.algorithms
- * can be publicly accessed.
- * Use the according functions for cipher management instead.
- *
- * The bit mask handling in the selection and sorting scheme in
- * ssl_create_cipher_list() has only limited capabilities, reflecting
- * that the different entities within are mutually exclusive:
- * ONLY ONE BIT PER MASK CAN BE SET AT A TIME.
- */
-
-/* Bits for algorithm_mkey (key exchange algorithm) */
-#define SSL_kRSA                0x00000001L /* RSA key exchange */
-#define SSL_kDHE                0x00000008L /* tmp DH key no DH cert */
-#define SSL_kECDHE              0x00000080L /* ephemeral ECDH */
-#define SSL_kTLS1_3             0x00000400L /* TLSv1.3 key exchange */
-
-/* Bits for algorithm_auth (server authentication) */
-#define SSL_aRSA                0x00000001L /* RSA auth */
-#define SSL_aNULL               0x00000004L /* no auth (i.e. use ADH or AECDH) */
-#define SSL_aECDSA              0x00000040L /* ECDSA auth*/
-#define SSL_aTLS1_3             0x00000400L /* TLSv1.3 authentication */
-
-/* Bits for algorithm_enc (symmetric encryption) */
-#define SSL_3DES                0x00000002L
-#define SSL_RC4                 0x00000004L
-#define SSL_eNULL               0x00000010L
-#define SSL_AES128              0x00000020L
-#define SSL_AES256              0x00000040L
-#define SSL_CAMELLIA128         0x00000080L
-#define SSL_CAMELLIA256         0x00000100L
-#define SSL_AES128GCM           0x00000400L
-#define SSL_AES256GCM           0x00000800L
-#define SSL_CHACHA20POLY1305    0x00001000L
-
-#define SSL_AES                 (SSL_AES128|SSL_AES256|SSL_AES128GCM|SSL_AES256GCM)
-#define SSL_CAMELLIA            (SSL_CAMELLIA128|SSL_CAMELLIA256)
-
-
-/* Bits for algorithm_mac (symmetric authentication) */
-
-#define SSL_MD5                 0x00000001L
-#define SSL_SHA1                0x00000002L
-#define SSL_SHA256              0x00000010L
-#define SSL_SHA384              0x00000020L
-/* Not a real MAC, just an indication it is part of cipher */
-#define SSL_AEAD                0x00000040L
-#define SSL_STREEBOG256         0x00000080L
-
-/* Bits for algorithm_ssl (protocol version) */
-#define SSL_SSLV3               0x00000002L
-#define SSL_TLSV1               SSL_SSLV3       /* for now */
-#define SSL_TLSV1_2             0x00000004L
-#define SSL_TLSV1_3             0x00000008L
-
-
-/* Bits for algorithm2 (handshake digests and other extra flags) */
-
-#define SSL_HANDSHAKE_MAC_MASK          0xff0
-#define SSL_HANDSHAKE_MAC_SHA256        0x080
-#define SSL_HANDSHAKE_MAC_SHA384        0x100
-
-#define SSL3_CK_ID              0x03000000
-#define SSL3_CK_VALUE_MASK      0x0000ffff
-
-/*
- * Cipher strength information.
- */
-#define SSL_STRONG_MASK         0x000001fcL
-#define SSL_STRONG_NONE         0x00000004L
-#define SSL_LOW                 0x00000020L
-#define SSL_MEDIUM              0x00000040L
-#define SSL_HIGH                0x00000080L
-
-/*
- * The keylength (measured in RSA key bits, I guess)  for temporary keys.
- * Cipher argument is so that this can be variable in the future.
- */
-#define SSL_C_PKEYLENGTH(c)     1024
-
-/* See if we use signature algorithms extension. */
-#define SSL_USE_SIGALGS(s) \
-        (s->method->enc_flags & SSL_ENC_FLAG_SIGALGS)
-
-/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
-#define SSL_USE_TLS1_2_CIPHERS(s) \
-        (s->method->enc_flags & SSL_ENC_FLAG_TLS1_2_CIPHERS)
-
-/* Allow TLS 1.3 ciphersuites only. */
-#define SSL_USE_TLS1_3_CIPHERS(s) \
-        (s->method->enc_flags & SSL_ENC_FLAG_TLS1_3_CIPHERS)
-
-#define SSL_PKEY_RSA            0
-#define SSL_PKEY_ECC            1
-#define SSL_PKEY_NUM            2
-
-#define SSL_MAX_EMPTY_RECORDS   32
-
-/* SSL_kRSA <- RSA_ENC | (RSA_TMP & RSA_SIGN) |
- *          <- (EXPORT & (RSA_ENC | RSA_TMP) & RSA_SIGN)
- * SSL_kDH  <- DH_ENC & (RSA_ENC | RSA_SIGN | DSA_SIGN)
- * SSL_kDHE <- RSA_ENC | RSA_SIGN | DSA_SIGN
- * SSL_aRSA <- RSA_ENC | RSA_SIGN
- * SSL_aDSS <- DSA_SIGN
- */
-
-/* From ECC-TLS draft, used in encoding the curve type in
- * ECParameters
- */
-#define EXPLICIT_PRIME_CURVE_TYPE  1
-#define EXPLICIT_CHAR2_CURVE_TYPE  2
-#define NAMED_CURVE_TYPE           3
-
-typedef struct ssl_cert_pkey_st {
-        X509 *x509;
-        EVP_PKEY *privatekey;
-        STACK_OF(X509) *chain;
-} SSL_CERT_PKEY;
-
-typedef struct ssl_cert_st {
-        /* Current active set */
-        /* ALWAYS points to an element of the pkeys array
-         * Probably it would make more sense to store
-         * an index, not a pointer. */
-        SSL_CERT_PKEY *key;
-
-        SSL_CERT_PKEY pkeys[SSL_PKEY_NUM];
-
-        /* The following masks are for the key and auth
-         * algorithms that are supported by the certs below */
-        int valid;
-        unsigned long mask_k;
-        unsigned long mask_a;
-
-        DH *dhe_params;
-        DH *(*dhe_params_cb)(SSL *ssl, int is_export, int keysize);
-        int dhe_params_auto;
-
-        int (*security_cb)(const SSL *s, const SSL_CTX *ctx, int op, int bits,
-            int nid, void *other, void *ex_data); /* Not exposed in API. */
-        int security_level;
-        void *security_ex_data; /* Not exposed in API. */
-
-        int references; /* >1 only if SSL_copy_session_id is used */
-} SSL_CERT;
-
-struct ssl_comp_st {
-        int id;
-        const char *name;
-};
-
-struct ssl_cipher_st {
-        uint16_t value;                 /* Cipher suite value. */
-
-        const char *name;               /* text name */
-
-        unsigned long algorithm_mkey;   /* key exchange algorithm */
-        unsigned long algorithm_auth;   /* server authentication */
-        unsigned long algorithm_enc;    /* symmetric encryption */
-        unsigned long algorithm_mac;    /* symmetric authentication */
-        unsigned long algorithm_ssl;    /* (major) protocol version */
-
-        unsigned long algo_strength;    /* strength and export flags */
-        unsigned long algorithm2;       /* Extra flags */
-        int strength_bits;              /* Number of bits really used */
-        int alg_bits;                   /* Number of bits for algorithm */
-};
-
-struct ssl_method_st {
-        int dtls;
-        int server;
-        int version;
-
-        uint16_t min_tls_version;
-        uint16_t max_tls_version;
-
-        int (*ssl_new)(SSL *s);
-        void (*ssl_clear)(SSL *s);
-        void (*ssl_free)(SSL *s);
-
-        int (*ssl_accept)(SSL *s);
-        int (*ssl_connect)(SSL *s);
-        int (*ssl_shutdown)(SSL *s);
-
-        int (*ssl_renegotiate)(SSL *s);
-        int (*ssl_renegotiate_check)(SSL *s);
-
-        int (*ssl_pending)(const SSL *s);
-        int (*ssl_read_bytes)(SSL *s, int type, unsigned char *buf, int len,
-            int peek);
-        int (*ssl_write_bytes)(SSL *s, int type, const void *buf_, int len);
-
-        unsigned int enc_flags;         /* SSL_ENC_FLAG_* */
-};
-
-/*
- * Let's make this into an ASN.1 type structure as follows
- * SSL_SESSION_ID ::= SEQUENCE {
- *      version                 INTEGER,        -- structure version number
- *      SSLversion              INTEGER,        -- SSL version number
- *      Cipher                  OCTET STRING,   -- the 2 byte cipher ID
- *      Session_ID              OCTET STRING,   -- the Session ID
- *      Master_key              OCTET STRING,   -- the master key
- *      KRB5_principal          OCTET STRING    -- optional Kerberos principal
- *      Time [ 1 ] EXPLICIT     INTEGER,        -- optional Start Time
- *      Timeout [ 2 ] EXPLICIT  INTEGER,        -- optional Timeout ins seconds
- *      Peer [ 3 ] EXPLICIT     X509,           -- optional Peer Certificate
- *      Session_ID_context [ 4 ] EXPLICIT OCTET STRING,   -- the Session ID context
- *      Verify_result [ 5 ] EXPLICIT INTEGER,   -- X509_V_... code for `Peer'
- *      HostName [ 6 ] EXPLICIT OCTET STRING,   -- optional HostName from servername TLS extension
- *      PSK_identity_hint [ 7 ] EXPLICIT OCTET STRING, -- optional PSK identity hint
- *      PSK_identity [ 8 ] EXPLICIT OCTET STRING,  -- optional PSK identity
- *      Ticket_lifetime_hint [9] EXPLICIT INTEGER, -- server's lifetime hint for session ticket
- *      Ticket [10]             EXPLICIT OCTET STRING, -- session ticket (clients only)
- *      Compression_meth [11]   EXPLICIT OCTET STRING, -- optional compression method
- *      SRP_username [ 12 ] EXPLICIT OCTET STRING -- optional SRP username
- * }
- * Look in ssl/ssl_asn1.c for more details
- * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-).
- */
-struct ssl_session_st {
-        int ssl_version;        /* what ssl version session info is
-                                 * being kept in here? */
-
-        size_t master_key_length;
-        unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
-
-        /* session_id - valid? */
-        size_t session_id_length;
-        unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-
-        /* this is used to determine whether the session is being reused in
-         * the appropriate context. It is up to the application to set this,
-         * via SSL_new */
-        size_t sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-        /* Peer provided leaf (end-entity) certificate. */
-        X509 *peer_cert;
-        int peer_cert_type;
-
-        /* when app_verify_callback accepts a session where the peer's certificate
-         * is not ok, we must remember the error for session reuse: */
-        long verify_result; /* only for servers */
-
-        long timeout;
-        time_t time;
-        int references;
-
-        uint16_t cipher_value;
-
-        char *tlsext_hostname;
-
-        /* Session resumption - RFC 5077 and RFC 8446. */
-        unsigned char *tlsext_tick;             /* Session ticket */
-        size_t tlsext_ticklen;                  /* Session ticket length */
-        uint32_t tlsext_tick_lifetime_hint;     /* Session lifetime hint in seconds */
-        uint32_t tlsext_tick_age_add; /* TLSv1.3 ticket age obfuscation (in ms) */
-        struct tls13_secret resumption_master_secret;
-
-        CRYPTO_EX_DATA ex_data; /* application specific data */
-
-        /* These are used to make removal of session-ids more
-         * efficient and to implement a maximum cache size. */
-        struct ssl_session_st *prev, *next;
-
-        /* Used to indicate that session resumption is not allowed.
-         * Applications can also set this bit for a new session via
-         * not_resumable_session_cb to disable session caching and tickets. */
-        int not_resumable;
-
-        size_t tlsext_ecpointformatlist_length;
-        uint8_t *tlsext_ecpointformatlist; /* peer's list */
-        size_t tlsext_supportedgroups_length;
-        uint16_t *tlsext_supportedgroups; /* peer's list */
-};
-
-struct ssl_sigalg;
-
-typedef struct ssl_handshake_tls12_st {
-        /* Used when SSL_ST_FLUSH_DATA is entered. */
-        int next_state;
-
-        /* Handshake message type and size. */
-        int message_type;
-        unsigned long message_size;
-
-        /* Reuse current handshake message. */
-        int reuse_message;
-
-        /* Client certificate requests. */
-        int cert_request;
-        STACK_OF(X509_NAME) *ca_names;
-
-        /* Record-layer key block for TLS 1.2 and earlier. */
-        struct tls12_key_block *key_block;
-
-        /* Transcript hash prior to sending certificate verify message. */
-        uint8_t cert_verify[EVP_MAX_MD_SIZE];
-} SSL_HANDSHAKE_TLS12;
-
-typedef struct ssl_handshake_tls13_st {
-        int use_legacy;
-        int hrr;
-
-        /* Client indicates psk_dhe_ke support in PskKeyExchangeMode. */
-        int use_psk_dhe_ke;
-
-        /* Certificate selected for use (static pointer). */
-        const SSL_CERT_PKEY *cpk;
-
-        /* Version proposed by peer server. */
-        uint16_t server_version;
-
-        uint16_t server_group;
-        struct tls13_secrets *secrets;
-
-        uint8_t *cookie;
-        size_t cookie_len;
-
-        /* Preserved transcript hash. */
-        uint8_t transcript_hash[EVP_MAX_MD_SIZE];
-        size_t transcript_hash_len;
-
-        /* Legacy session ID. */
-        uint8_t legacy_session_id[SSL_MAX_SSL_SESSION_ID_LENGTH];
-        size_t legacy_session_id_len;
-
-        /* ClientHello hash, used to validate following HelloRetryRequest */
-        EVP_MD_CTX *clienthello_md_ctx;
-        unsigned char *clienthello_hash;
-        unsigned int clienthello_hash_len;
-
-        /* QUIC read buffer and read/write encryption levels. */
-        struct tls_buffer *quic_read_buffer;
-        enum ssl_encryption_level_t quic_read_level;
-        enum ssl_encryption_level_t quic_write_level;
-} SSL_HANDSHAKE_TLS13;
-
-typedef struct ssl_handshake_st {
-        /*
-         * Minimum and maximum versions supported for this handshake. These are
-         * initialised at the start of a handshake based on the method in use
-         * and the current protocol version configuration.
-         */
-        uint16_t our_min_tls_version;
-        uint16_t our_max_tls_version;
-
-        /*
-         * Version negotiated for this session. For a client this is set once
-         * the server selected version is parsed from the ServerHello (either
-         * from the legacy version or supported versions extension). For a
-         * server this is set once we select the version we will use with the
-         * client.
-         */
-        uint16_t negotiated_tls_version;
-
-        /*
-         * Legacy version advertised by our peer. For a server this is the
-         * version specified by the client in the ClientHello message. For a
-         * client, this is the version provided in the ServerHello message.
-         */
-        uint16_t peer_legacy_version;
-
-        /*
-         * Current handshake state - contains one of the SSL3_ST_* values and
-         * is used by the TLSv1.2 state machine, as well as being updated by
-         * the TLSv1.3 stack due to it being exposed externally.
-         */
-        int state;
-
-        /* Cipher being negotiated in this handshake. */
-        const SSL_CIPHER *cipher;
-
-        /* Ciphers sent by the client. */
-        STACK_OF(SSL_CIPHER) *client_ciphers;
-
-        /* Extensions seen in this handshake. */
-        uint32_t extensions_seen;
-
-        /* Extensions processed in this handshake. */
-        uint32_t extensions_processed;
-
-        /* Signature algorithms selected for use (static pointers). */
-        const struct ssl_sigalg *our_sigalg;
-        const struct ssl_sigalg *peer_sigalg;
-
-        /* sigalgs offered in this handshake in wire form */
-        uint8_t *sigalgs;
-        size_t sigalgs_len;
-
-        /* Key share for ephemeral key exchange. */
-        struct tls_key_share *key_share;
-
-        /*
-         * Copies of the verify data sent in our finished message and the
-         * verify data received in the finished message sent by our peer.
-         */
-        uint8_t finished[EVP_MAX_MD_SIZE];
-        size_t finished_len;
-        uint8_t peer_finished[EVP_MAX_MD_SIZE];
-        size_t peer_finished_len;
-
-        /* List of certificates received from our peer. */
-        STACK_OF(X509) *peer_certs;
-        STACK_OF(X509) *peer_certs_no_leaf;
-
-        /* Certificate chain resulting from X.509 verification. */
-        STACK_OF(X509) *verified_chain;
-
-        SSL_HANDSHAKE_TLS12 tls12;
-        SSL_HANDSHAKE_TLS13 tls13;
-} SSL_HANDSHAKE;
-
-typedef struct tls_session_ticket_ext_st TLS_SESSION_TICKET_EXT;
-
-/* TLS Session Ticket extension struct. */
-struct tls_session_ticket_ext_st {
-        unsigned short length;
-        void *data;
-};
-
-struct tls12_key_block;
-
-struct tls12_key_block *tls12_key_block_new(void);
-void tls12_key_block_free(struct tls12_key_block *kb);
-void tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key,
-    CBS *key, CBS *iv);
-void tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key,
-    CBS *key, CBS *iv);
-int tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
-    const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash);
-
-struct tls12_record_layer;
-
-struct tls12_record_layer *tls12_record_layer_new(void);
-void tls12_record_layer_free(struct tls12_record_layer *rl);
-void tls12_record_layer_alert(struct tls12_record_layer *rl,
-    uint8_t *alert_desc);
-int tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
-    size_t *overhead);
-int tls12_record_layer_read_protected(struct tls12_record_layer *rl);
-int tls12_record_layer_write_protected(struct tls12_record_layer *rl);
-void tls12_record_layer_set_aead(struct tls12_record_layer *rl,
-    const EVP_AEAD *aead);
-void tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
-    const EVP_CIPHER *cipher, const EVP_MD *handshake_hash,
-    const EVP_MD *mac_hash);
-void tls12_record_layer_set_version(struct tls12_record_layer *rl,
-    uint16_t version);
-void tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
-    uint16_t epoch);
-uint16_t tls12_record_layer_read_epoch(struct tls12_record_layer *rl);
-uint16_t tls12_record_layer_write_epoch(struct tls12_record_layer *rl);
-int tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl,
-    uint16_t epoch);
-void tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl,
-    uint16_t epoch);
-void tls12_record_layer_clear_read_state(struct tls12_record_layer *rl);
-void tls12_record_layer_clear_write_state(struct tls12_record_layer *rl);
-void tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl);
-int tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
-    CBS *mac_key, CBS *key, CBS *iv);
-int tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
-    CBS *mac_key, CBS *key, CBS *iv);
-int tls12_record_layer_open_record(struct tls12_record_layer *rl,
-    uint8_t *buf, size_t buf_len, struct tls_content *out);
-int tls12_record_layer_seal_record(struct tls12_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len,
-    CBB *out);
-
-typedef void (ssl_info_callback_fn)(const SSL *s, int type, int val);
-typedef void (ssl_msg_callback_fn)(int is_write, int version, int content_type,
-    const void *buf, size_t len, SSL *ssl, void *arg);
-
-struct ssl_ctx_st {
-        const SSL_METHOD *method;
-        const SSL_QUIC_METHOD *quic_method;
-
-        STACK_OF(SSL_CIPHER) *cipher_list;
-
-        struct x509_store_st /* X509_STORE */ *cert_store;
-
-        /* If timeout is not 0, it is the default timeout value set
-         * when SSL_new() is called.  This has been put in to make
-         * life easier to set things up */
-        long session_timeout;
-
-        int references;
-
-        /* Default values to use in SSL structures follow (these are copied by SSL_new) */
-
-        STACK_OF(X509) *extra_certs;
-
-        int verify_mode;
-        size_t sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-        X509_VERIFY_PARAM *param;
-
-        /*
-         * XXX
-         * default_passwd_cb used by python and openvpn, need to keep it until we
-         * add an accessor
-         */
-        /* Default password callback. */
-        pem_password_cb *default_passwd_callback;
-
-        /* Default password callback user data. */
-        void *default_passwd_callback_userdata;
-
-        uint16_t min_tls_version;
-        uint16_t max_tls_version;
-
-        /*
-         * These may be zero to imply minimum or maximum version supported by
-         * the method.
-         */
-        uint16_t min_proto_version;
-        uint16_t max_proto_version;
-
-        unsigned long options;
-        unsigned long mode;
-
-        /* If this callback is not null, it will be called each
-         * time a session id is added to the cache.  If this function
-         * returns 1, it means that the callback will do a
-         * SSL_SESSION_free() when it has finished using it.  Otherwise,
-         * on 0, it means the callback has finished with it.
-         * If remove_session_cb is not null, it will be called when
-         * a session-id is removed from the cache.  After the call,
-         * OpenSSL will SSL_SESSION_free() it. */
-        int (*new_session_cb)(struct ssl_st *ssl, SSL_SESSION *sess);
-        void (*remove_session_cb)(struct ssl_ctx_st *ctx, SSL_SESSION *sess);
-        SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl,
-            const unsigned char *data, int len, int *copy);
-
-        /* if defined, these override the X509_verify_cert() calls */
-        int (*app_verify_callback)(X509_STORE_CTX *, void *);
-            void *app_verify_arg;
-
-        /* get client cert callback */
-        int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey);
-
-        /* cookie generate callback */
-        int (*app_gen_cookie_cb)(SSL *ssl, unsigned char *cookie,
-            unsigned int *cookie_len);
-
-        /* verify cookie callback */
-        int (*app_verify_cookie_cb)(SSL *ssl, const unsigned char *cookie,
-            unsigned int cookie_len);
-
-        ssl_info_callback_fn *info_callback;
-
-        /* callback that allows applications to peek at protocol messages */
-        ssl_msg_callback_fn *msg_callback;
-        void *msg_callback_arg;
-
-        int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */
-
-        /* Default generate session ID callback. */
-        GEN_SESSION_CB generate_session_id;
-
-        /* TLS extensions servername callback */
-        int (*tlsext_servername_callback)(SSL*, int *, void *);
-        void *tlsext_servername_arg;
-
-        /* Callback to support customisation of ticket key setting */
-        int (*tlsext_ticket_key_cb)(SSL *ssl, unsigned char *name,
-            unsigned char *iv, EVP_CIPHER_CTX *ectx, HMAC_CTX *hctx, int enc);
-
-        /* certificate status request info */
-        /* Callback for status request */
-        int (*tlsext_status_cb)(SSL *ssl, void *arg);
-        void *tlsext_status_arg;
-
-        struct lhash_st_SSL_SESSION *sessions;
-
-        /* Most session-ids that will be cached, default is
-         * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */
-        unsigned long session_cache_size;
-        struct ssl_session_st *session_cache_head;
-        struct ssl_session_st *session_cache_tail;
-
-        /* This can have one of 2 values, ored together,
-         * SSL_SESS_CACHE_CLIENT,
-         * SSL_SESS_CACHE_SERVER,
-         * Default is SSL_SESSION_CACHE_SERVER, which means only
-         * SSL_accept which cache SSL_SESSIONS. */
-        int session_cache_mode;
-
-        struct {
-                int sess_connect;       /* SSL new conn - started */
-                int sess_connect_renegotiate;/* SSL reneg - requested */
-                int sess_connect_good;  /* SSL new conne/reneg - finished */
-                int sess_accept;        /* SSL new accept - started */
-                int sess_accept_renegotiate;/* SSL reneg - requested */
-                int sess_accept_good;   /* SSL accept/reneg - finished */
-                int sess_miss;          /* session lookup misses  */
-                int sess_timeout;       /* reuse attempt on timeouted session */
-                int sess_cache_full;    /* session removed due to full cache */
-                int sess_hit;           /* session reuse actually done */
-                int sess_cb_hit;        /* session-id that was not
-                                         * in the cache was
-                                         * passed back via the callback.  This
-                                         * indicates that the application is
-                                         * supplying session-id's from other
-                                         * processes - spooky :-) */
-        } stats;
-
-        CRYPTO_EX_DATA ex_data;
-
-        STACK_OF(SSL_CIPHER) *cipher_list_tls13;
-
-        SSL_CERT *cert;
-
-        /* Default values used when no per-SSL value is defined follow */
-
-        /* what we put in client cert requests */
-        STACK_OF(X509_NAME) *client_CA;
-
-        long max_cert_list;
-
-        int read_ahead;
-
-        int quiet_shutdown;
-
-        /* Maximum amount of data to send in one fragment.
-         * actual record size can be more than this due to
-         * padding and MAC overheads.
-         */
-        unsigned int max_send_fragment;
-
-        /* RFC 4507 session ticket keys */
-        unsigned char tlsext_tick_key_name[16];
-        unsigned char tlsext_tick_hmac_key[16];
-        unsigned char tlsext_tick_aes_key[16];
-
-        /* SRTP profiles we are willing to do from RFC 5764 */
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;
-
-        /*
-         * ALPN information.
-         */
-
-        /*
-         * Server callback function that allows the server to select the
-         * protocol for the connection.
-         *   out: on successful return, this must point to the raw protocol
-         *       name (without the length prefix).
-         *   outlen: on successful return, this contains the length of out.
-         *   in: points to the client's list of supported protocols in
-         *       wire-format.
-         *   inlen: the length of in.
-         */
-        int (*alpn_select_cb)(SSL *s, const unsigned char **out,
-            unsigned char *outlen, const unsigned char *in, unsigned int inlen,
-            void *arg);
-        void *alpn_select_cb_arg;
-
-        /* Client list of supported protocols in wire format. */
-        uint8_t *alpn_client_proto_list;
-        size_t alpn_client_proto_list_len;
-
-        size_t tlsext_ecpointformatlist_length;
-        uint8_t *tlsext_ecpointformatlist; /* our list */
-        size_t tlsext_supportedgroups_length;
-        uint16_t *tlsext_supportedgroups; /* our list */
-        SSL_CTX_keylog_cb_func keylog_callback; /* Unused. For OpenSSL compatibility. */
-        size_t num_tickets; /* Unused, for OpenSSL compatibility */
-};
-
-struct ssl_st {
-        /* protocol version
-         * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION, DTLS1_VERSION)
-         */
-        int version;
-
-        const SSL_METHOD *method;
-        const SSL_QUIC_METHOD *quic_method;
-
-        /* There are 2 BIO's even though they are normally both the
-         * same.  This is so data can be read and written to different
-         * handlers */
-
-        BIO *rbio; /* used by SSL_read */
-        BIO *wbio; /* used by SSL_write */
-        BIO *bbio; /* used during session-id reuse to concatenate
-                    * messages */
-        int server;     /* are we the server side? - mostly used by SSL_clear*/
-
-        struct ssl3_state_st *s3; /* SSLv3 variables */
-        struct dtls1_state_st *d1; /* DTLSv1 variables */
-
-        X509_VERIFY_PARAM *param;
-
-        /* crypto */
-        STACK_OF(SSL_CIPHER) *cipher_list;
-
-        /* This is used to hold the server certificate used */
-        SSL_CERT *cert;
-
-        /* the session_id_context is used to ensure sessions are only reused
-         * in the appropriate context */
-        size_t sid_ctx_length;
-        unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH];
-
-        /* This can also be in the session once a session is established */
-        SSL_SESSION *session;
-
-        /* Used in SSL2 and SSL3 */
-        int verify_mode;        /* 0 don't care about verify failure.
-                                 * 1 fail if verify fails */
-        int error;              /* error bytes to be written */
-        int error_code;         /* actual code */
-
-        SSL_CTX *ctx;
-
-        long verify_result;
-
-        int references;
-
-        int client_version;     /* what was passed, used for
-                                 * SSLv3/TLS rollback check */
-
-        unsigned int max_send_fragment;
-
-        const struct tls_extension **tlsext_build_order;
-        size_t tlsext_build_order_len;
-
-        char *tlsext_hostname;
-
-        /* certificate status request info */
-        /* Status type or -1 if no status type */
-        int tlsext_status_type;
-
-        SSL_CTX * initial_ctx; /* initial ctx, used to store sessions */
-#define session_ctx initial_ctx
-
-        struct tls13_ctx *tls13;
-
-        uint16_t min_tls_version;
-        uint16_t max_tls_version;
-
-        /*
-         * These may be zero to imply minimum or maximum version supported by
-         * the method.
-         */
-        uint16_t min_proto_version;
-        uint16_t max_proto_version;
-
-        unsigned long options; /* protocol behaviour */
-        unsigned long mode; /* API behaviour */
-
-        /* Client list of supported protocols in wire format. */
-        uint8_t *alpn_client_proto_list;
-        size_t alpn_client_proto_list_len;
-
-        /* QUIC transport params we will send */
-        uint8_t *quic_transport_params;
-        size_t quic_transport_params_len;
-
-        /* XXX Callbacks */
-
-        /* true when we are actually in SSL_accept() or SSL_connect() */
-        int in_handshake;
-        int (*handshake_func)(SSL *);
-
-        ssl_info_callback_fn *info_callback;
-
-        /* callback that allows applications to peek at protocol messages */
-        ssl_msg_callback_fn *msg_callback;
-        void *msg_callback_arg;
-
-        int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */
-
-        /* Default generate session ID callback. */
-        GEN_SESSION_CB generate_session_id;
-
-        /* TLS extension debug callback */
-        void (*tlsext_debug_cb)(SSL *s, int client_server, int type,
-            unsigned char *data, int len, void *arg);
-        void *tlsext_debug_arg;
-
-        /* TLS Session Ticket extension callback */
-        tls_session_ticket_ext_cb_fn tls_session_ticket_ext_cb;
-        void *tls_session_ticket_ext_cb_arg;
-
-        /* TLS pre-shared secret session resumption */
-        tls_session_secret_cb_fn tls_session_secret_cb;
-        void *tls_session_secret_cb_arg;
-
-        /* XXX non-callback */
-
-        /* This holds a variable that indicates what we were doing
-         * when a 0 or -1 is returned.  This is needed for
-         * non-blocking IO so we know what request needs re-doing when
-         * in SSL_accept or SSL_connect */
-        int rwstate;
-
-        /* Imagine that here's a boolean member "init" that is
-         * switched as soon as SSL_set_{accept/connect}_state
-         * is called for the first time, so that "state" and
-         * "handshake_func" are properly initialized.  But as
-         * handshake_func is == 0 until then, we use this
-         * test instead of an "init" member.
-         */
-
-        int new_session;/* Generate a new session or reuse an old one.
-                         * NB: For servers, the 'new' session may actually be a previously
-                         * cached session or even the previous session unless
-                         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */
-        int quiet_shutdown;/* don't send shutdown packets */
-        int shutdown;   /* we have shut things down, 0x01 sent, 0x02
-                         * for received */
-        BUF_MEM *init_buf;      /* buffer used during init */
-        void *init_msg;         /* pointer to handshake message body, set by ssl3_get_message() */
-        int init_num;           /* amount read/written */
-        int init_off;           /* amount read/written */
-
-        /* used internally to point at a raw packet */
-        unsigned char *packet;
-        unsigned int packet_length;
-
-        int read_ahead;         /* Read as many input bytes as possible
-                                 * (for non-blocking reads) */
-
-        int hit;                /* reusing a previous session */
-
-        STACK_OF(SSL_CIPHER) *cipher_list_tls13;
-
-        struct tls12_record_layer *rl;
-
-        /* session info */
-
-        /* extra application data */
-        CRYPTO_EX_DATA ex_data;
-
-        /* client cert? */
-        /* for server side, keep the list of CA_dn we can use */
-        STACK_OF(X509_NAME) *client_CA;
-
-        long max_cert_list;
-        int first_packet;
-
-        /* Expect OCSP CertificateStatus message */
-        int tlsext_status_expected;
-        /* OCSP status request only */
-        STACK_OF(OCSP_RESPID) *tlsext_ocsp_ids;
-        X509_EXTENSIONS *tlsext_ocsp_exts;
-
-        /* OCSP response received or to be sent */
-        unsigned char *tlsext_ocsp_resp;
-        size_t tlsext_ocsp_resp_len;
-
-        /* RFC4507 session ticket expected to be received or sent */
-        int tlsext_ticket_expected;
-
-        size_t tlsext_ecpointformatlist_length;
-        uint8_t *tlsext_ecpointformatlist; /* our list */
-        size_t tlsext_supportedgroups_length;
-        uint16_t *tlsext_supportedgroups; /* our list */
-
-        /* TLS Session Ticket extension override */
-        TLS_SESSION_TICKET_EXT *tlsext_session_ticket;
-
-        STACK_OF(SRTP_PROTECTION_PROFILE) *srtp_profiles;       /* What we'll do */
-        const SRTP_PROTECTION_PROFILE *srtp_profile;            /* What's been chosen */
-
-        int renegotiate;/* 1 if we are renegotiating.
-                         * 2 if we are a server and are inside a handshake
-                         * (i.e. not just sending a HelloRequest) */
-
-        int rstate;     /* where we are when reading */
-
-        int mac_packet;
-
-        int empty_record_count;
-
-        size_t num_tickets; /* Unused, for OpenSSL compatibility */
-};
-
-typedef struct ssl3_record_internal_st {
-        int type;               /* type of record */
-        unsigned int length;    /* How many bytes available */
-        unsigned int padding_length; /* Number of padding bytes. */
-        unsigned int off;       /* read/write offset into 'buf' */
-        unsigned char *data;    /* pointer to the record data */
-        unsigned char *input;   /* where the decode bytes are */
-        uint16_t epoch;         /* epoch number, needed by DTLS1 */
-        unsigned char seq_num[8]; /* sequence number, needed by DTLS1 */
-} SSL3_RECORD_INTERNAL;
-
-typedef struct ssl3_buffer_internal_st {
-        unsigned char *buf;     /* at least SSL3_RT_MAX_PACKET_SIZE bytes,
-                                 * see ssl3_setup_buffers() */
-        size_t len;             /* buffer size */
-        int offset;             /* where to 'copy from' */
-        int left;               /* how many bytes left */
-} SSL3_BUFFER_INTERNAL;
-
-typedef struct ssl3_state_st {
-        long flags;
-
-        unsigned char server_random[SSL3_RANDOM_SIZE];
-        unsigned char client_random[SSL3_RANDOM_SIZE];
-
-        SSL3_BUFFER_INTERNAL rbuf;      /* read IO goes into here */
-        SSL3_BUFFER_INTERNAL wbuf;      /* write IO goes into here */
-
-        SSL3_RECORD_INTERNAL rrec;      /* each decoded record goes in here */
-
-        struct tls_content *rcontent;   /* Content from opened TLS records. */
-
-        /* we allow one fatal and one warning alert to be outstanding,
-         * send close alert via the warning alert */
-        int alert_dispatch;
-        unsigned char send_alert[2];
-
-        /* flags for countermeasure against known-IV weakness */
-        int need_empty_fragments;
-        int empty_fragment_done;
-
-        /* Unprocessed Alert/Handshake protocol data. */
-        struct tls_buffer *alert_fragment;
-        struct tls_buffer *handshake_fragment;
-
-        /* partial write - check the numbers match */
-        unsigned int wnum;      /* number of bytes sent so far */
-        int wpend_tot;          /* number bytes written */
-        int wpend_type;
-        int wpend_ret;          /* number of bytes submitted */
-        const unsigned char *wpend_buf;
-
-        /* Transcript of handshake messages that have been sent and received. */
-        struct tls_buffer *handshake_transcript;
-
-        /* Rolling hash of handshake messages. */
-        EVP_MD_CTX *handshake_hash;
-
-        /* this is set whenerver we see a change_cipher_spec message
-         * come in when we are not looking for one */
-        int change_cipher_spec;
-
-        int warn_alert;
-        int fatal_alert;
-
-        /* This flag is set when we should renegotiate ASAP, basically when
-         * there is no more data in the read or write buffers */
-        int renegotiate;
-        int total_renegotiations;
-        int num_renegotiations;
-
-        int in_read_app_data;
-
-        SSL_HANDSHAKE hs;
-
-        /* Connection binding to prevent renegotiation attacks */
-        unsigned char previous_client_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_client_finished_len;
-        unsigned char previous_server_finished[EVP_MAX_MD_SIZE];
-        unsigned char previous_server_finished_len;
-        int send_connection_binding; /* TODOEKR */
-
-        /* Set if we saw a Renegotiation Indication extension from our peer. */
-        int renegotiate_seen;
-
-        /*
-         * ALPN information.
-         *
-         * In a server these point to the selected ALPN protocol after the
-         * ClientHello has been processed. In a client these contain the
-         * protocol that the server selected once the ServerHello has been
-         * processed.
-         */
-        uint8_t *alpn_selected;
-        size_t alpn_selected_len;
-
-        /* Contains the QUIC transport params received from our peer. */
-        uint8_t *peer_quic_transport_params;
-        size_t peer_quic_transport_params_len;
-} SSL3_STATE;
-
-/*
- * Flag values for enc_flags.
- */
-
-/* Uses signature algorithms extension. */
-#define SSL_ENC_FLAG_SIGALGS            (1 << 1)
-
-/* Allow TLS 1.2 ciphersuites: applies to DTLS 1.2 as well as TLS 1.2. */
-#define SSL_ENC_FLAG_TLS1_2_CIPHERS     (1 << 4)
-
-/* Allow TLS 1.3 ciphersuites only. */
-#define SSL_ENC_FLAG_TLS1_3_CIPHERS     (1 << 5)
-
-#define TLSV1_ENC_FLAGS         0
-#define TLSV1_1_ENC_FLAGS       0
-#define TLSV1_2_ENC_FLAGS       (SSL_ENC_FLAG_SIGALGS           | \
-                                 SSL_ENC_FLAG_TLS1_2_CIPHERS)
-#define TLSV1_3_ENC_FLAGS       (SSL_ENC_FLAG_SIGALGS           | \
-                                 SSL_ENC_FLAG_TLS1_3_CIPHERS)
-
-extern const SSL_CIPHER ssl3_ciphers[];
-
-const char *ssl_version_string(int ver);
-int ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver,
-    uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver);
-int ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver,
-    uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver);
-int ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
-int ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver);
-uint16_t ssl_tls_version(uint16_t version);
-uint16_t ssl_effective_tls_version(SSL *s);
-int ssl_max_supported_version(SSL *s, uint16_t *max_ver);
-int ssl_max_legacy_version(SSL *s, uint16_t *max_ver);
-int ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver);
-int ssl_check_version_from_server(SSL *s, uint16_t server_version);
-int ssl_legacy_stack_version(SSL *s, uint16_t version);
-int ssl_cipher_in_list(STACK_OF(SSL_CIPHER) *ciphers, const SSL_CIPHER *cipher);
-int ssl_cipher_allowed_in_tls_version_range(const SSL_CIPHER *cipher,
-    uint16_t min_ver, uint16_t max_ver);
-
-const SSL_METHOD *tls_legacy_method(void);
-const SSL_METHOD *ssl_get_method(uint16_t version);
-
-void ssl_clear_cipher_state(SSL *s);
-int ssl_clear_bad_session(SSL *s);
-
-void ssl_info_callback(const SSL *s, int type, int value);
-void ssl_msg_callback(SSL *s, int is_write, int content_type,
-    const void *msg_buf, size_t msg_len);
-void ssl_msg_callback_cbs(SSL *s, int is_write, int content_type, CBS *cbs);
-
-SSL_CERT *ssl_cert_new(void);
-SSL_CERT *ssl_cert_dup(SSL_CERT *cert);
-void ssl_cert_free(SSL_CERT *c);
-SSL_CERT *ssl_get0_cert(SSL_CTX *ctx, SSL *ssl);
-int ssl_cert_set0_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain);
-int ssl_cert_set1_chain(SSL_CTX *ctx, SSL *ssl, STACK_OF(X509) *chain);
-int ssl_cert_add0_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert);
-int ssl_cert_add1_chain_cert(SSL_CTX *ctx, SSL *ssl, X509 *cert);
-
-int ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int op,
-    int bits, int nid, void *other, void *ex_data);
-
-int ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher);
-int ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher);
-int ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher);
-int ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh);
-int ssl_security_dh(const SSL *ssl, DH *dh);
-int ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey);
-int ssl_security_tickets(const SSL *ssl);
-int ssl_security_version(const SSL *ssl, int version);
-int ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
-    int is_peer, int *out_error);
-int ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk,
-    X509 *x509, int *out_error);
-int ssl_security_shared_group(const SSL *ssl, uint16_t group_id);
-int ssl_security_supported_group(const SSL *ssl, uint16_t group_id);
-
-SSL_SESSION *ssl_session_dup(SSL_SESSION *src, int include_ticket);
-int ssl_get_new_session(SSL *s, int session);
-int ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block,
-    int *alert);
-int ssl_cipher_list_to_bytes(SSL *s, STACK_OF(SSL_CIPHER) *ciphers, CBB *cbb);
-STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s, CBS *cbs);
-STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth,
-    STACK_OF(SSL_CIPHER) **pref, STACK_OF(SSL_CIPHER) *tls13,
-    const char *rule_str, SSL_CERT *cert);
-int ssl_parse_ciphersuites(STACK_OF(SSL_CIPHER) **out_ciphers, const char *str);
-int ssl_merge_cipherlists(STACK_OF(SSL_CIPHER) *cipherlist,
-    STACK_OF(SSL_CIPHER) *cipherlist_tls13,
-    STACK_OF(SSL_CIPHER) **out_cipherlist);
-void ssl_update_cache(SSL *s, int mode);
-int ssl_cipher_get_evp(SSL *s, const EVP_CIPHER **enc,
-    const EVP_MD **md, int *mac_pkey_type, int *mac_secret_size);
-int ssl_cipher_get_evp_aead(SSL *s, const EVP_AEAD **aead);
-int ssl_get_handshake_evp_md(SSL *s, const EVP_MD **md);
-
-int ssl_verify_cert_chain(SSL *s, STACK_OF(X509) *sk);
-int ssl_undefined_function(SSL *s);
-int ssl_undefined_void_function(void);
-int ssl_undefined_const_function(const SSL *s);
-SSL_CERT_PKEY *ssl_get_server_send_pkey(const SSL *s);
-EVP_PKEY *ssl_get_sign_pkey(SSL *s, const SSL_CIPHER *c, const EVP_MD **pmd,
-    const struct ssl_sigalg **sap);
-size_t ssl_dhe_params_auto_key_bits(SSL *s);
-int ssl_cert_type(EVP_PKEY *pkey);
-void ssl_set_cert_masks(SSL_CERT *c, const SSL_CIPHER *cipher);
-STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s);
-int ssl_has_ecc_ciphers(SSL *s);
-int ssl_verify_alarm_type(long type);
-
-int SSL_SESSION_ticket(SSL_SESSION *ss, unsigned char **out, size_t *out_len);
-
-int ssl3_do_write(SSL *s, int type);
-int ssl3_send_alert(SSL *s, int level, int desc);
-int ssl3_get_req_cert_types(SSL *s, CBB *cbb);
-int ssl3_get_message(SSL *s, int st1, int stn, int mt, long max);
-int ssl3_num_ciphers(void);
-const SSL_CIPHER *ssl3_get_cipher_by_index(int idx);
-const SSL_CIPHER *ssl3_get_cipher_by_value(uint16_t value);
-int ssl3_renegotiate(SSL *ssl);
-
-int ssl3_renegotiate_check(SSL *ssl);
-
-void ssl_force_want_read(SSL *s);
-
-int ssl3_dispatch_alert(SSL *s);
-int ssl3_read_alert(SSL *s);
-int ssl3_read_change_cipher_spec(SSL *s);
-int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek);
-int ssl3_write_bytes(SSL *s, int type, const void *buf, int len);
-int ssl3_output_cert_chain(SSL *s, CBB *cbb, SSL_CERT_PKEY *cpk);
-SSL_CIPHER *ssl3_choose_cipher(SSL *ssl, STACK_OF(SSL_CIPHER) *clnt,
-    STACK_OF(SSL_CIPHER) *srvr);
-int     ssl3_setup_buffers(SSL *s);
-int     ssl3_setup_init_buffer(SSL *s);
-void ssl3_release_init_buffer(SSL *s);
-int     ssl3_setup_read_buffer(SSL *s);
-int     ssl3_setup_write_buffer(SSL *s);
-void ssl3_release_buffer(SSL3_BUFFER_INTERNAL *b);
-void ssl3_release_read_buffer(SSL *s);
-void ssl3_release_write_buffer(SSL *s);
-int     ssl3_new(SSL *s);
-void    ssl3_free(SSL *s);
-int     ssl3_accept(SSL *s);
-int     ssl3_connect(SSL *s);
-int     ssl3_read(SSL *s, void *buf, int len);
-int     ssl3_peek(SSL *s, void *buf, int len);
-int     ssl3_write(SSL *s, const void *buf, int len);
-int     ssl3_shutdown(SSL *s);
-void    ssl3_clear(SSL *s);
-long    ssl3_ctrl(SSL *s, int cmd, long larg, void *parg);
-long    ssl3_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg);
-long    ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)(void));
-long    ssl3_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp)(void));
-int     ssl3_pending(const SSL *s);
-
-int ssl3_handshake_msg_hdr_len(SSL *s);
-int ssl3_handshake_msg_start(SSL *s, CBB *handshake, CBB *body,
-    uint8_t msg_type);
-int ssl3_handshake_msg_finish(SSL *s, CBB *handshake);
-int ssl3_handshake_write(SSL *s);
-int ssl3_record_write(SSL *s, int type);
-
-int ssl3_do_change_cipher_spec(SSL *ssl);
-
-int ssl3_packet_read(SSL *s, int plen);
-int ssl3_packet_extend(SSL *s, int plen);
-int ssl_server_legacy_first_packet(SSL *s);
-int ssl3_write_pending(SSL *s, int type, const unsigned char *buf,
-    unsigned int len);
-
-int ssl_kex_generate_dhe(DH *dh, DH *dh_params);
-int ssl_kex_generate_dhe_params_auto(DH *dh, size_t key_len);
-int ssl_kex_params_dhe(DH *dh, CBB *cbb);
-int ssl_kex_public_dhe(DH *dh, CBB *cbb);
-int ssl_kex_peer_params_dhe(DH *dh, CBS *cbs, int *decode_error,
-    int *invalid_params);
-int ssl_kex_peer_public_dhe(DH *dh, CBS *cbs, int *decode_error,
-    int *invalid_key);
-int ssl_kex_derive_dhe(DH *dh, DH *dh_peer,
-    uint8_t **shared_key, size_t *shared_key_len);
-
-int ssl_kex_dummy_ecdhe_x25519(EVP_PKEY *pkey);
-int ssl_kex_generate_ecdhe_ecp(EC_KEY *ecdh, int nid);
-int ssl_kex_public_ecdhe_ecp(EC_KEY *ecdh, CBB *cbb);
-int ssl_kex_peer_public_ecdhe_ecp(EC_KEY *ecdh, int nid, CBS *cbs);
-int ssl_kex_derive_ecdhe_ecp(EC_KEY *ecdh, EC_KEY *ecdh_peer,
-    uint8_t **shared_key, size_t *shared_key_len);
-
-int tls1_new(SSL *s);
-void tls1_free(SSL *s);
-void tls1_clear(SSL *s);
-
-int ssl_init_wbio_buffer(SSL *s, int push);
-void ssl_free_wbio_buffer(SSL *s);
-
-int tls1_transcript_hash_init(SSL *s);
-int tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len);
-int tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len,
-    size_t *outlen);
-void tls1_transcript_hash_free(SSL *s);
-
-int tls1_transcript_init(SSL *s);
-void tls1_transcript_free(SSL *s);
-void tls1_transcript_reset(SSL *s);
-int tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len);
-int tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len);
-void tls1_transcript_freeze(SSL *s);
-void tls1_transcript_unfreeze(SSL *s);
-int tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len);
-
-int tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
-    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
-    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
-    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len);
-
-void tls1_cleanup_key_block(SSL *s);
-int tls1_change_read_cipher_state(SSL *s);
-int tls1_change_write_cipher_state(SSL *s);
-int tls1_setup_key_block(SSL *s);
-int tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len);
-int ssl_ok(SSL *s);
-
-int tls12_derive_finished(SSL *s);
-int tls12_derive_peer_finished(SSL *s);
-int tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret,
-    size_t premaster_secret_len);
-
-int ssl_using_ecc_cipher(SSL *s);
-int ssl_check_srvr_ecc_cert_and_alg(SSL *s, X509 *x);
-
-void tls1_get_formatlist(const SSL *s, int client_formats,
-    const uint8_t **pformats, size_t *pformatslen);
-void tls1_get_group_list(const SSL *s, int client_groups,
-    const uint16_t **pgroups, size_t *pgroupslen);
-
-int tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
-    const int *groups, size_t ngroups);
-int tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
-    const char *groups);
-
-int tls1_ec_group_id2nid(uint16_t group_id, int *out_nid);
-int tls1_ec_group_id2bits(uint16_t group_id, int *out_bits);
-int tls1_ec_nid2group_id(int nid, uint16_t *out_group_id);
-int tls1_check_group(SSL *s, uint16_t group_id);
-int tls1_count_shared_groups(const SSL *ssl, size_t *out_count);
-int tls1_get_shared_group_by_index(const SSL *ssl, size_t index, int *out_nid);
-int tls1_get_supported_group(const SSL *s, int *out_nid);
-
-int ssl_check_clienthello_tlsext_early(SSL *s);
-int ssl_check_clienthello_tlsext_late(SSL *s);
-int ssl_check_serverhello_tlsext(SSL *s);
-
-#define TLS1_TICKET_FATAL_ERROR         -1
-#define TLS1_TICKET_NONE                 0
-#define TLS1_TICKET_EMPTY                1
-#define TLS1_TICKET_NOT_DECRYPTED        2
-#define TLS1_TICKET_DECRYPTED            3
-
-int tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret);
-
-int tls1_check_ec_server_key(SSL *s);
-
-/* s3_cbc.c */
-void ssl3_cbc_copy_mac(unsigned char *out, const SSL3_RECORD_INTERNAL *rec,
-    unsigned int md_size, unsigned int orig_len);
-int ssl3_cbc_remove_padding(SSL3_RECORD_INTERNAL *rec, unsigned int eiv_len,
-    unsigned int mac_size);
-char ssl3_cbc_record_digest_supported(const EVP_MD_CTX *ctx);
-int ssl3_cbc_digest_record(const EVP_MD_CTX *ctx, unsigned char *md_out,
-    size_t *md_out_size, const unsigned char header[13],
-    const unsigned char *data, size_t data_plus_mac_size,
-    size_t data_plus_mac_plus_padding_size, const unsigned char *mac_secret,
-    unsigned int mac_secret_length);
-int SSL_state_func_code(int _state);
-
-#define SSLerror(s, r) SSL_error_internal(s, r, OPENSSL_FILE, OPENSSL_LINE)
-#define SSLerrorx(r) ERR_PUT_error(ERR_LIB_SSL,(0xfff),(r),OPENSSL_FILE,OPENSSL_LINE)
-void SSL_error_internal(const SSL *s, int r, char *f, int l);
-
-#ifndef OPENSSL_NO_SRTP
-
-int srtp_find_profile_by_name(const char *profile_name,
-    const SRTP_PROTECTION_PROFILE **pptr, unsigned int len);
-int srtp_find_profile_by_num(unsigned int profile_num,
-    const SRTP_PROTECTION_PROFILE **pptr);
-
-#endif /* OPENSSL_NO_SRTP */
-
-int tls_process_peer_certs(SSL *s, STACK_OF(X509) *peer_certs);
-
-__END_HIDDEN_DECLS
-
-#endif /* !HEADER_SSL_LOCL_H */
diff --git a/src/lib/libssl/ssl_methods.c b/src/lib/libssl/ssl_methods.c
deleted file mode 100644
index dee52decf1..0000000000
--- a/src/lib/libssl/ssl_methods.c
+++ /dev/null
@@ -1,554 +0,0 @@
-/* $OpenBSD: ssl_methods.c,v 1.32 2024/07/23 14:40:54 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "tls13_internal.h"
-
-static const SSL_METHOD DTLS_method_data = {
-        .dtls = 1,
-        .server = 1,
-        .version = DTLS1_2_VERSION,
-        .min_tls_version = TLS1_1_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-static const SSL_METHOD DTLS_client_method_data = {
-        .dtls = 1,
-        .server = 0,
-        .version = DTLS1_2_VERSION,
-        .min_tls_version = TLS1_1_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-static const SSL_METHOD DTLSv1_method_data = {
-        .dtls = 1,
-        .server = 1,
-        .version = DTLS1_VERSION,
-        .min_tls_version = TLS1_1_VERSION,
-        .max_tls_version = TLS1_1_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .enc_flags = TLSV1_1_ENC_FLAGS,
-};
-
-static const SSL_METHOD DTLSv1_client_method_data = {
-        .dtls = 1,
-        .server = 0,
-        .version = DTLS1_VERSION,
-        .min_tls_version = TLS1_1_VERSION,
-        .max_tls_version = TLS1_1_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .enc_flags = TLSV1_1_ENC_FLAGS,
-};
-
-static const SSL_METHOD DTLSv1_2_method_data = {
-        .dtls = 1,
-        .server = 1,
-        .version = DTLS1_2_VERSION,
-        .min_tls_version = TLS1_2_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-static const SSL_METHOD DTLSv1_2_client_method_data = {
-        .dtls = 1,
-        .server = 0,
-        .version = DTLS1_2_VERSION,
-        .min_tls_version = TLS1_2_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = dtls1_new,
-        .ssl_clear = dtls1_clear,
-        .ssl_free = dtls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = dtls1_read_bytes,
-        .ssl_write_bytes = dtls1_write_app_data_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-const SSL_METHOD *
-DTLSv1_client_method(void)
-{
-        return &DTLSv1_client_method_data;
-}
-LSSL_ALIAS(DTLSv1_client_method);
-
-const SSL_METHOD *
-DTLSv1_method(void)
-{
-        return &DTLSv1_method_data;
-}
-LSSL_ALIAS(DTLSv1_method);
-
-const SSL_METHOD *
-DTLSv1_server_method(void)
-{
-        return &DTLSv1_method_data;
-}
-LSSL_ALIAS(DTLSv1_server_method);
-
-const SSL_METHOD *
-DTLSv1_2_client_method(void)
-{
-        return &DTLSv1_2_client_method_data;
-}
-LSSL_ALIAS(DTLSv1_2_client_method);
-
-const SSL_METHOD *
-DTLSv1_2_method(void)
-{
-        return &DTLSv1_2_method_data;
-}
-LSSL_ALIAS(DTLSv1_2_method);
-
-const SSL_METHOD *
-DTLSv1_2_server_method(void)
-{
-        return &DTLSv1_2_method_data;
-}
-LSSL_ALIAS(DTLSv1_2_server_method);
-
-const SSL_METHOD *
-DTLS_client_method(void)
-{
-        return &DTLS_client_method_data;
-}
-LSSL_ALIAS(DTLS_client_method);
-
-const SSL_METHOD *
-DTLS_method(void)
-{
-        return &DTLS_method_data;
-}
-LSSL_ALIAS(DTLS_method);
-
-const SSL_METHOD *
-DTLS_server_method(void)
-{
-        return &DTLS_method_data;
-}
-LSSL_ALIAS(DTLS_server_method);
-
-static const SSL_METHOD TLS_method_data = {
-        .dtls = 0,
-        .server = 1,
-        .version = TLS1_3_VERSION,
-        .min_tls_version = TLS1_VERSION,
-        .max_tls_version = TLS1_3_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = tls13_legacy_accept,
-        .ssl_connect = tls13_legacy_connect,
-        .ssl_shutdown = tls13_legacy_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = tls13_legacy_pending,
-        .ssl_read_bytes = tls13_legacy_read_bytes,
-        .ssl_write_bytes = tls13_legacy_write_bytes,
-        .enc_flags = TLSV1_3_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLS_legacy_method_data = {
-        .dtls = 0,
-        .server = 1,
-        .version = TLS1_2_VERSION,
-        .min_tls_version = TLS1_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLS_client_method_data = {
-        .dtls = 0,
-        .server = 0,
-        .version = TLS1_3_VERSION,
-        .min_tls_version = TLS1_VERSION,
-        .max_tls_version = TLS1_3_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = tls13_legacy_accept,
-        .ssl_connect = tls13_legacy_connect,
-        .ssl_shutdown = tls13_legacy_shutdown,
-        .ssl_renegotiate = ssl_undefined_function,
-        .ssl_renegotiate_check = ssl_ok,
-        .ssl_pending = tls13_legacy_pending,
-        .ssl_read_bytes = tls13_legacy_read_bytes,
-        .ssl_write_bytes = tls13_legacy_write_bytes,
-        .enc_flags = TLSV1_3_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLSv1_method_data = {
-        .dtls = 0,
-        .server = 1,
-        .version = TLS1_VERSION,
-        .min_tls_version = TLS1_VERSION,
-        .max_tls_version = TLS1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLSv1_client_method_data = {
-        .dtls = 0,
-        .server = 0,
-        .version = TLS1_VERSION,
-        .min_tls_version = TLS1_VERSION,
-        .max_tls_version = TLS1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLSv1_1_method_data = {
-        .dtls = 0,
-        .server = 1,
-        .version = TLS1_1_VERSION,
-        .min_tls_version = TLS1_1_VERSION,
-        .max_tls_version = TLS1_1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_1_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLSv1_1_client_method_data = {
-        .dtls = 0,
-        .server = 0,
-        .version = TLS1_1_VERSION,
-        .min_tls_version = TLS1_1_VERSION,
-        .max_tls_version = TLS1_1_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_1_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLSv1_2_method_data = {
-        .dtls = 0,
-        .server = 1,
-        .version = TLS1_2_VERSION,
-        .min_tls_version = TLS1_2_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl3_accept,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-static const SSL_METHOD TLSv1_2_client_method_data = {
-        .dtls = 0,
-        .server = 0,
-        .version = TLS1_2_VERSION,
-        .min_tls_version = TLS1_2_VERSION,
-        .max_tls_version = TLS1_2_VERSION,
-        .ssl_new = tls1_new,
-        .ssl_clear = tls1_clear,
-        .ssl_free = tls1_free,
-        .ssl_accept = ssl_undefined_function,
-        .ssl_connect = ssl3_connect,
-        .ssl_shutdown = ssl3_shutdown,
-        .ssl_renegotiate = ssl3_renegotiate,
-        .ssl_renegotiate_check = ssl3_renegotiate_check,
-        .ssl_pending = ssl3_pending,
-        .ssl_read_bytes = ssl3_read_bytes,
-        .ssl_write_bytes = ssl3_write_bytes,
-        .enc_flags = TLSV1_2_ENC_FLAGS,
-};
-
-const SSL_METHOD *
-TLS_client_method(void)
-{
-        return (&TLS_client_method_data);
-}
-LSSL_ALIAS(TLS_client_method);
-
-const SSL_METHOD *
-TLS_method(void)
-{
-        return (&TLS_method_data);
-}
-LSSL_ALIAS(TLS_method);
-
-const SSL_METHOD *
-TLS_server_method(void)
-{
-        return TLS_method();
-}
-LSSL_ALIAS(TLS_server_method);
-
-const SSL_METHOD *
-tls_legacy_method(void)
-{
-        return (&TLS_legacy_method_data);
-}
-
-const SSL_METHOD *
-SSLv23_client_method(void)
-{
-        return TLS_client_method();
-}
-LSSL_ALIAS(SSLv23_client_method);
-
-const SSL_METHOD *
-SSLv23_method(void)
-{
-        return TLS_method();
-}
-LSSL_ALIAS(SSLv23_method);
-
-const SSL_METHOD *
-SSLv23_server_method(void)
-{
-        return TLS_method();
-}
-LSSL_ALIAS(SSLv23_server_method);
-
-const SSL_METHOD *
-TLSv1_client_method(void)
-{
-        return (&TLSv1_client_method_data);
-}
-LSSL_ALIAS(TLSv1_client_method);
-
-const SSL_METHOD *
-TLSv1_method(void)
-{
-        return (&TLSv1_method_data);
-}
-LSSL_ALIAS(TLSv1_method);
-
-const SSL_METHOD *
-TLSv1_server_method(void)
-{
-        return (&TLSv1_method_data);
-}
-LSSL_ALIAS(TLSv1_server_method);
-
-const SSL_METHOD *
-TLSv1_1_client_method(void)
-{
-        return (&TLSv1_1_client_method_data);
-}
-LSSL_ALIAS(TLSv1_1_client_method);
-
-const SSL_METHOD *
-TLSv1_1_method(void)
-{
-        return (&TLSv1_1_method_data);
-}
-LSSL_ALIAS(TLSv1_1_method);
-
-const SSL_METHOD *
-TLSv1_1_server_method(void)
-{
-        return (&TLSv1_1_method_data);
-}
-LSSL_ALIAS(TLSv1_1_server_method);
-
-const SSL_METHOD *
-TLSv1_2_client_method(void)
-{
-        return (&TLSv1_2_client_method_data);
-}
-LSSL_ALIAS(TLSv1_2_client_method);
-
-const SSL_METHOD *
-TLSv1_2_method(void)
-{
-        return (&TLSv1_2_method_data);
-}
-LSSL_ALIAS(TLSv1_2_method);
-
-const SSL_METHOD *
-TLSv1_2_server_method(void)
-{
-        return (&TLSv1_2_method_data);
-}
-LSSL_ALIAS(TLSv1_2_server_method);
-
-const SSL_METHOD *
-ssl_get_method(uint16_t version)
-{
-        if (version == TLS1_3_VERSION)
-                return (TLS_method());
-        if (version == TLS1_2_VERSION)
-                return (TLSv1_2_method());
-        if (version == TLS1_1_VERSION)
-                return (TLSv1_1_method());
-        if (version == TLS1_VERSION)
-                return (TLSv1_method());
-        if (version == DTLS1_VERSION)
-                return (DTLSv1_method());
-        if (version == DTLS1_2_VERSION)
-                return (DTLSv1_2_method());
-
-        return (NULL);
-}
diff --git a/src/lib/libssl/ssl_packet.c b/src/lib/libssl/ssl_packet.c
deleted file mode 100644
index 32d6cceb7a..0000000000
--- a/src/lib/libssl/ssl_packet.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: ssl_packet.c,v 1.16 2024/06/28 13:37:49 jsing Exp $ */
-/*
- * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "bytestring.h"
-#include "ssl_local.h"
-
-static int
-ssl_is_sslv3_handshake(CBS *header)
-{
-        uint16_t record_version;
-        uint8_t record_type;
-        CBS cbs;
-
-        CBS_dup(header, &cbs);
-
-        if (!CBS_get_u8(&cbs, &record_type) ||
-            !CBS_get_u16(&cbs, &record_version))
-                return 0;
-
-        if (record_type != SSL3_RT_HANDSHAKE)
-                return 0;
-        if ((record_version >> 8) != SSL3_VERSION_MAJOR)
-                return 0;
-
-        return 1;
-}
-
-/*
- * Potentially do legacy processing on the first packet received by a TLS
- * server. We return 1 if we want SSLv3/TLS record processing to continue
- * normally, otherwise we must set an SSLerr and return -1.
- */
-int
-ssl_server_legacy_first_packet(SSL *s)
-{
-        const char *data;
-        CBS header;
-
-        if (SSL_is_dtls(s))
-                return 1;
-
-        CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
-
-        if (ssl_is_sslv3_handshake(&header) == 1)
-                return 1;
-
-        /* Only continue if this is not a version locked method. */
-        if (s->method->min_tls_version == s->method->max_tls_version)
-                return 1;
-
-        /* Ensure that we have SSL3_RT_HEADER_LENGTH (5 bytes) of the packet. */
-        if (CBS_len(&header) != SSL3_RT_HEADER_LENGTH) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-        data = (const char *)CBS_data(&header);
-
-        /* Is this a cleartext protocol? */
-        if (strncmp("GET ", data, 4) == 0 ||
-            strncmp("POST ", data, 5) == 0 ||
-            strncmp("HEAD ", data, 5) == 0 ||
-            strncmp("PUT ", data, 4) == 0) {
-                SSLerror(s, SSL_R_HTTP_REQUEST);
-                return -1;
-        }
-        if (strncmp("CONNE", data, 5) == 0) {
-                SSLerror(s, SSL_R_HTTPS_PROXY_REQUEST);
-                return -1;
-        }
-
-        SSLerror(s, SSL_R_UNKNOWN_PROTOCOL);
-
-        return -1;
-}
diff --git a/src/lib/libssl/ssl_pkt.c b/src/lib/libssl/ssl_pkt.c
deleted file mode 100644
index 7032175aac..0000000000
--- a/src/lib/libssl/ssl_pkt.c
+++ /dev/null
@@ -1,1322 +0,0 @@
-/* $OpenBSD: ssl_pkt.c,v 1.69 2025/03/12 14:03:55 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2002 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <errno.h>
-#include <limits.h>
-#include <stdio.h>
-
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-
-#include "bytestring.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "tls_content.h"
-
-static int do_ssl3_write(SSL *s, int type, const unsigned char *buf,
-    unsigned int len);
-static int ssl3_get_record(SSL *s);
-
-/*
- * Force a WANT_READ return for certain error conditions where
- * we don't want to spin internally.
- */
-void
-ssl_force_want_read(SSL *s)
-{
-        BIO *bio;
-
-        bio = SSL_get_rbio(s);
-        BIO_clear_retry_flags(bio);
-        BIO_set_retry_read(bio);
-
-        s->rwstate = SSL_READING;
-}
-
-/*
- * If extend == 0, obtain new n-byte packet; if extend == 1, increase
- * packet by another n bytes.
- * The packet will be in the sub-array of s->s3->rbuf.buf specified
- * by s->packet and s->packet_length.
- * (If s->read_ahead is set, 'max' bytes may be stored in rbuf
- * [plus s->packet_length bytes if extend == 1].)
- */
-static int
-ssl3_read_n(SSL *s, int n, int max, int extend)
-{
-        SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
-        int i, len, left;
-        size_t align;
-        unsigned char *pkt;
-
-        if (n <= 0)
-                return n;
-
-        if (rb->buf == NULL) {
-                if (!ssl3_setup_read_buffer(s))
-                        return -1;
-        }
-        if (rb->buf == NULL)
-                return -1;
-
-        left = rb->left;
-        align = (size_t)rb->buf + SSL3_RT_HEADER_LENGTH;
-        align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-
-        if (!extend) {
-                /* start with empty packet ... */
-                if (left == 0)
-                        rb->offset = align;
-                else if (align != 0 && left >= SSL3_RT_HEADER_LENGTH) {
-                        /* check if next packet length is large
-                         * enough to justify payload alignment... */
-                        pkt = rb->buf + rb->offset;
-                        if (pkt[0] == SSL3_RT_APPLICATION_DATA &&
-                            (pkt[3]<<8|pkt[4]) >= 128) {
-                                /* Note that even if packet is corrupted
-                                 * and its length field is insane, we can
-                                 * only be led to wrong decision about
-                                 * whether memmove will occur or not.
-                                 * Header values has no effect on memmove
-                                 * arguments and therefore no buffer
-                                 * overrun can be triggered. */
-                                memmove(rb->buf + align, pkt, left);
-                                rb->offset = align;
-                        }
-                }
-                s->packet = rb->buf + rb->offset;
-                s->packet_length = 0;
-                /* ... now we can act as if 'extend' was set */
-        }
-
-        /* For DTLS/UDP reads should not span multiple packets
-         * because the read operation returns the whole packet
-         * at once (as long as it fits into the buffer). */
-        if (SSL_is_dtls(s)) {
-                if (left > 0 && n > left)
-                        n = left;
-        }
-
-        /* if there is enough in the buffer from a previous read, take some */
-        if (left >= n) {
-                s->packet_length += n;
-                rb->left = left - n;
-                rb->offset += n;
-                return (n);
-        }
-
-        /* else we need to read more data */
-
-        len = s->packet_length;
-        pkt = rb->buf + align;
-        /* Move any available bytes to front of buffer:
-         * 'len' bytes already pointed to by 'packet',
-         * 'left' extra ones at the end */
-        if (s->packet != pkt)  {
-                /* len > 0 */
-                memmove(pkt, s->packet, len + left);
-                s->packet = pkt;
-                rb->offset = len + align;
-        }
-
-        if (n > (int)(rb->len - rb->offset)) {
-                /* does not happen */
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        if (s->read_ahead || SSL_is_dtls(s)) {
-                if (max < n)
-                        max = n;
-                if (max > (int)(rb->len - rb->offset))
-                        max = rb->len - rb->offset;
-        } else {
-                /* ignore max parameter */
-                max = n;
-        }
-
-        while (left < n) {
-                /* Now we have len+left bytes at the front of s->s3->rbuf.buf
-                 * and need to read in more until we have len+n (up to
-                 * len+max if possible) */
-
-                errno = 0;
-                if (s->rbio != NULL) {
-                        s->rwstate = SSL_READING;
-                        i = BIO_read(s->rbio, pkt + len + left, max - left);
-                } else {
-                        SSLerror(s, SSL_R_READ_BIO_NOT_SET);
-                        i = -1;
-                }
-
-                if (i <= 0) {
-                        rb->left = left;
-                        if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-                            !SSL_is_dtls(s)) {
-                                if (len + left == 0)
-                                        ssl3_release_read_buffer(s);
-                        }
-                        return (i);
-                }
-                left += i;
-
-                /*
-                 * reads should *never* span multiple packets for DTLS because
-                 * the underlying transport protocol is message oriented as
-                 * opposed to byte oriented as in the TLS case.
-                 */
-                if (SSL_is_dtls(s)) {
-                        if (n > left)
-                                n = left; /* makes the while condition false */
-                }
-        }
-
-        /* done reading, now the book-keeping */
-        rb->offset += n;
-        rb->left = left - n;
-        s->packet_length += n;
-        s->rwstate = SSL_NOTHING;
-
-        return (n);
-}
-
-int
-ssl3_packet_read(SSL *s, int plen)
-{
-        int n;
-
-        n = ssl3_read_n(s, plen, s->s3->rbuf.len, 0);
-        if (n <= 0)
-                return n;
-        if (s->packet_length < plen)
-                return s->packet_length;
-
-        return plen;
-}
-
-int
-ssl3_packet_extend(SSL *s, int plen)
-{
-        int rlen, n;
-
-        if (s->packet_length >= plen)
-                return plen;
-        rlen = plen - s->packet_length;
-
-        n = ssl3_read_n(s, rlen, rlen, 1);
-        if (n <= 0)
-                return n;
-        if (s->packet_length < plen)
-                return s->packet_length;
-
-        return plen;
-}
-
-/* Call this to get a new input record.
- * It will return <= 0 if more data is needed, normally due to an error
- * or non-blocking IO.
- * When it finishes, one packet has been decoded and can be found in
- * ssl->s3->rrec.type    - is the type of record
- * ssl->s3->rrec.data,   - data
- * ssl->s3->rrec.length, - number of bytes
- */
-/* used only by ssl3_read_bytes */
-static int
-ssl3_get_record(SSL *s)
-{
-        SSL3_BUFFER_INTERNAL *rb = &(s->s3->rbuf);
-        SSL3_RECORD_INTERNAL *rr = &(s->s3->rrec);
-        uint8_t alert_desc;
-        int al, n;
-        int ret = -1;
-
- again:
-        /* check if we have the header */
-        if ((s->rstate != SSL_ST_READ_BODY) ||
-            (s->packet_length < SSL3_RT_HEADER_LENGTH)) {
-                CBS header;
-                uint16_t len, ssl_version;
-                uint8_t type;
-
-                n = ssl3_packet_read(s, SSL3_RT_HEADER_LENGTH);
-                if (n <= 0)
-                        return (n);
-
-                s->mac_packet = 1;
-                s->rstate = SSL_ST_READ_BODY;
-
-                if (s->server && s->first_packet) {
-                        if ((ret = ssl_server_legacy_first_packet(s)) != 1)
-                                return (ret);
-                        ret = -1;
-                }
-
-                CBS_init(&header, s->packet, SSL3_RT_HEADER_LENGTH);
-
-                /* Pull apart the header into the SSL3_RECORD_INTERNAL */
-                if (!CBS_get_u8(&header, &type) ||
-                    !CBS_get_u16(&header, &ssl_version) ||
-                    !CBS_get_u16(&header, &len)) {
-                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                        goto err;
-                }
-
-                rr->type = type;
-                rr->length = len;
-
-                /* Lets check version */
-                if (!s->first_packet && ssl_version != s->version) {
-                        if ((s->version & 0xFF00) == (ssl_version & 0xFF00) &&
-                            !tls12_record_layer_write_protected(s->rl)) {
-                                /* Send back error using their minor version number :-) */
-                                s->version = ssl_version;
-                        }
-                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
-                        al = SSL_AD_PROTOCOL_VERSION;
-                        goto fatal_err;
-                }
-
-                if ((ssl_version >> 8) != SSL3_VERSION_MAJOR) {
-                        SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
-                        goto err;
-                }
-
-                if (rr->length > rb->len - SSL3_RT_HEADER_LENGTH) {
-                        al = SSL_AD_RECORD_OVERFLOW;
-                        SSLerror(s, SSL_R_PACKET_LENGTH_TOO_LONG);
-                        goto fatal_err;
-                }
-        }
-
-        n = ssl3_packet_extend(s, SSL3_RT_HEADER_LENGTH + rr->length);
-        if (n <= 0)
-                return (n);
-        if (n != SSL3_RT_HEADER_LENGTH + rr->length)
-                return (n);
-
-        s->rstate = SSL_ST_READ_HEADER; /* set state for later operations */
-
-        /*
-         * A full record has now been read from the wire, which now needs
-         * to be processed.
-         */
-        tls12_record_layer_set_version(s->rl, s->version);
-
-        if (!tls12_record_layer_open_record(s->rl, s->packet, s->packet_length,
-            s->s3->rcontent)) {
-                tls12_record_layer_alert(s->rl, &alert_desc);
-
-                if (alert_desc == 0)
-                        goto err;
-
-                if (alert_desc == SSL_AD_RECORD_OVERFLOW)
-                        SSLerror(s, SSL_R_ENCRYPTED_LENGTH_TOO_LONG);
-                else if (alert_desc == SSL_AD_BAD_RECORD_MAC)
-                        SSLerror(s, SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC);
-
-                al = alert_desc;
-                goto fatal_err;
-        }
-
-        /* we have pulled in a full packet so zero things */
-        s->packet_length = 0;
-
-        if (tls_content_remaining(s->s3->rcontent) == 0) {
-                /*
-                 * Zero-length fragments are only permitted for application
-                 * data, as per RFC 5246 section 6.2.1.
-                 */
-                if (rr->type != SSL3_RT_APPLICATION_DATA) {
-                        SSLerror(s, SSL_R_BAD_LENGTH);
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        goto fatal_err;
-                }
-
-                tls_content_clear(s->s3->rcontent);
-
-                /*
-                 * CBC countermeasures for known IV weaknesses can legitimately
-                 * insert a single empty record, so we allow ourselves to read
-                 * once past a single empty record without forcing want_read.
-                 */
-                if (s->empty_record_count++ > SSL_MAX_EMPTY_RECORDS) {
-                        SSLerror(s, SSL_R_PEER_BEHAVING_BADLY);
-                        return -1;
-                }
-                if (s->empty_record_count > 1) {
-                        ssl_force_want_read(s);
-                        return -1;
-                }
-                goto again;
-        }
-
-        s->empty_record_count = 0;
-
-        return (1);
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        return (ret);
-}
-
-/* Call this to write data in records of type 'type'
- * It will return <= 0 if not all data has been sent or non-blocking IO.
- */
-int
-ssl3_write_bytes(SSL *s, int type, const void *buf_, int len)
-{
-        const unsigned char *buf = buf_;
-        unsigned int tot, n, nw;
-        int i;
-
-        if (len < 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        s->rwstate = SSL_NOTHING;
-        tot = s->s3->wnum;
-        s->s3->wnum = 0;
-
-        if (SSL_in_init(s) && !s->in_handshake) {
-                i = s->handshake_func(s);
-                if (i < 0)
-                        return (i);
-                if (i == 0) {
-                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return -1;
-                }
-        }
-
-        if (len < tot)
-                len = tot;
-        n = (len - tot);
-        for (;;) {
-                if (n > s->max_send_fragment)
-                        nw = s->max_send_fragment;
-                else
-                        nw = n;
-
-                i = do_ssl3_write(s, type, &(buf[tot]), nw);
-                if (i <= 0) {
-                        s->s3->wnum = tot;
-                        return i;
-                }
-
-                if ((i == (int)n) || (type == SSL3_RT_APPLICATION_DATA &&
-                    (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) {
-                        /*
-                         * Next chunk of data should get another prepended
-                         * empty fragment in ciphersuites with known-IV
-                         * weakness.
-                         */
-                        s->s3->empty_fragment_done = 0;
-
-                        return tot + i;
-                }
-
-                n -= i;
-                tot += i;
-        }
-}
-
-static int
-do_ssl3_write(SSL *s, int type, const unsigned char *buf, unsigned int len)
-{
-        SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
-        SSL_SESSION *sess = s->session;
-        int need_empty_fragment = 0;
-        size_t align, out_len;
-        CBB cbb;
-        int ret;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (wb->buf == NULL)
-                if (!ssl3_setup_write_buffer(s))
-                        return -1;
-
-        /*
-         * First check if there is a SSL3_BUFFER_INTERNAL still being written
-         * out.  This will happen with non blocking IO.
-         */
-        if (wb->left != 0)
-                return (ssl3_write_pending(s, type, buf, len));
-
-        /* If we have an alert to send, let's send it. */
-        if (s->s3->alert_dispatch) {
-                if ((ret = ssl3_dispatch_alert(s)) <= 0)
-                        return (ret);
-                /* If it went, fall through and send more stuff. */
-
-                /* We may have released our buffer, if so get it again. */
-                if (wb->buf == NULL)
-                        if (!ssl3_setup_write_buffer(s))
-                                return -1;
-        }
-
-        if (len == 0)
-                return 0;
-
-        /*
-         * Countermeasure against known-IV weakness in CBC ciphersuites
-         * (see http://www.openssl.org/~bodo/tls-cbc.txt). Note that this
-         * is unnecessary for AEAD.
-         */
-        if (sess != NULL && tls12_record_layer_write_protected(s->rl)) {
-                if (s->s3->need_empty_fragments &&
-                    !s->s3->empty_fragment_done &&
-                    type == SSL3_RT_APPLICATION_DATA)
-                        need_empty_fragment = 1;
-        }
-
-        /*
-         * An extra fragment would be a couple of cipher blocks, which would
-         * be a multiple of SSL3_ALIGN_PAYLOAD, so if we want to align the real
-         * payload, then we can just simply pretend we have two headers.
-         */
-        align = (size_t)wb->buf + SSL3_RT_HEADER_LENGTH;
-        if (need_empty_fragment)
-                align += SSL3_RT_HEADER_LENGTH;
-        align = (-align) & (SSL3_ALIGN_PAYLOAD - 1);
-        wb->offset = align;
-
-        if (!CBB_init_fixed(&cbb, wb->buf + align, wb->len - align))
-                goto err;
-
-        tls12_record_layer_set_version(s->rl, s->version);
-
-        if (need_empty_fragment) {
-                if (!tls12_record_layer_seal_record(s->rl, type,
-                    buf, 0, &cbb))
-                        goto err;
-                s->s3->empty_fragment_done = 1;
-        }
-
-        if (!tls12_record_layer_seal_record(s->rl, type, buf, len, &cbb))
-                goto err;
-
-        if (!CBB_finish(&cbb, NULL, &out_len))
-                goto err;
-
-        wb->left = out_len;
-
-        /*
-         * Memorize arguments so that ssl3_write_pending can detect
-         * bad write retries later.
-         */
-        s->s3->wpend_tot = len;
-        s->s3->wpend_buf = buf;
-        s->s3->wpend_type = type;
-        s->s3->wpend_ret = len;
-
-        /* We now just need to write the buffer. */
-        return ssl3_write_pending(s, type, buf, len);
-
- err:
-        CBB_cleanup(&cbb);
-
-        return -1;
-}
-
-/* if s->s3->wbuf.left != 0, we need to call this */
-int
-ssl3_write_pending(SSL *s, int type, const unsigned char *buf, unsigned int len)
-{
-        int i;
-        SSL3_BUFFER_INTERNAL *wb = &(s->s3->wbuf);
-
-        /* XXXX */
-        if ((s->s3->wpend_tot > (int)len) || ((s->s3->wpend_buf != buf) &&
-            !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) ||
-            (s->s3->wpend_type != type)) {
-                SSLerror(s, SSL_R_BAD_WRITE_RETRY);
-                return (-1);
-        }
-
-        for (;;) {
-                errno = 0;
-                if (s->wbio != NULL) {
-                        s->rwstate = SSL_WRITING;
-                        i = BIO_write(s->wbio, (char *)&(wb->buf[wb->offset]),
-                            (unsigned int)wb->left);
-                } else {
-                        SSLerror(s, SSL_R_BIO_NOT_SET);
-                        i = -1;
-                }
-                if (i == wb->left) {
-                        wb->left = 0;
-                        wb->offset += i;
-                        if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-                            !SSL_is_dtls(s))
-                                ssl3_release_write_buffer(s);
-                        s->rwstate = SSL_NOTHING;
-                        return (s->s3->wpend_ret);
-                } else if (i <= 0) {
-                        /*
-                         * For DTLS, just drop it. That's kind of the
-                         * whole point in using a datagram service.
-                         */
-                        if (SSL_is_dtls(s))
-                                wb->left = 0;
-                        return (i);
-                }
-                wb->offset += i;
-                wb->left -= i;
-        }
-}
-
-static ssize_t
-ssl3_read_cb(void *buf, size_t n, void *cb_arg)
-{
-        SSL *s = cb_arg;
-
-        return tls_content_read(s->s3->rcontent, buf, n);
-}
-
-#define SSL3_ALERT_LENGTH       2
-
-int
-ssl3_read_alert(SSL *s)
-{
-        uint8_t alert_level, alert_descr;
-        ssize_t ret;
-        CBS cbs;
-
-        /*
-         * TLSv1.2 permits an alert to be fragmented across multiple records or
-         * for multiple alerts to be be coalesced into a single alert record.
-         * In the case of DTLS, there is no way to reassemble an alert
-         * fragmented across multiple records, hence a full alert must be
-         * available in the record.
-         */
-        if (s->s3->alert_fragment == NULL) {
-                if ((s->s3->alert_fragment = tls_buffer_new(0)) == NULL)
-                        return -1;
-                tls_buffer_set_capacity_limit(s->s3->alert_fragment,
-                    SSL3_ALERT_LENGTH);
-        }
-        ret = tls_buffer_extend(s->s3->alert_fragment, SSL3_ALERT_LENGTH,
-            ssl3_read_cb, s);
-        if (ret <= 0 && ret != TLS_IO_WANT_POLLIN)
-                return -1;
-        if (ret != SSL3_ALERT_LENGTH) {
-                if (SSL_is_dtls(s)) {
-                        SSLerror(s, SSL_R_BAD_LENGTH);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        return -1;
-                }
-                return 1;
-        }
-
-        if (!tls_buffer_data(s->s3->alert_fragment, &cbs))
-                return -1;
-
-        ssl_msg_callback_cbs(s, 0, SSL3_RT_ALERT, &cbs);
-
-        if (!CBS_get_u8(&cbs, &alert_level))
-                return -1;
-        if (!CBS_get_u8(&cbs, &alert_descr))
-                return -1;
-
-        tls_buffer_free(s->s3->alert_fragment);
-        s->s3->alert_fragment = NULL;
-
-        ssl_info_callback(s, SSL_CB_READ_ALERT,
-            (alert_level << 8) | alert_descr);
-
-        if (alert_level == SSL3_AL_WARNING) {
-                s->s3->warn_alert = alert_descr;
-                if (alert_descr == SSL_AD_CLOSE_NOTIFY) {
-                        s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                        return 0;
-                }
-                /* We requested renegotiation and the peer rejected it. */
-                if (alert_descr == SSL_AD_NO_RENEGOTIATION) {
-                        SSLerror(s, SSL_R_NO_RENEGOTIATION);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_HANDSHAKE_FAILURE);
-                        return -1;
-                }
-        } else if (alert_level == SSL3_AL_FATAL) {
-                s->rwstate = SSL_NOTHING;
-                s->s3->fatal_alert = alert_descr;
-                SSLerror(s, SSL_AD_REASON_OFFSET + alert_descr);
-                ERR_asprintf_error_data("SSL alert number %d", alert_descr);
-                s->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                SSL_CTX_remove_session(s->ctx, s->session);
-                return 0;
-        } else {
-                SSLerror(s, SSL_R_UNKNOWN_ALERT_TYPE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-                return -1;
-        }
-
-        return 1;
-}
-
-int
-ssl3_read_change_cipher_spec(SSL *s)
-{
-        const uint8_t ccs[1] = { SSL3_MT_CCS };
-
-        /*
-         * 'Change Cipher Spec' is just a single byte, so we know exactly what
-         * the record payload has to look like.
-         */
-        if (tls_content_remaining(s->s3->rcontent) != sizeof(ccs)) {
-                SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                return -1;
-        }
-        if (!tls_content_equal(s->s3->rcontent, ccs, sizeof(ccs))) {
-                SSLerror(s, SSL_R_BAD_CHANGE_CIPHER_SPEC);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-                return -1;
-        }
-
-        /* XDTLS: check that epoch is consistent */
-
-        ssl_msg_callback_cbs(s, 0, SSL3_RT_CHANGE_CIPHER_SPEC,
-            tls_content_cbs(s->s3->rcontent));
-
-        /* Check that we have a cipher to change to. */
-        if (s->s3->hs.cipher == NULL) {
-                SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                return -1;
-        }
-
-        /* Check that we should be receiving a Change Cipher Spec. */
-        if (SSL_is_dtls(s)) {
-                if (!s->d1->change_cipher_spec_ok) {
-                        /*
-                         * We can't process a CCS now, because previous
-                         * handshake messages are still missing, so just
-                         * drop it.
-                         */
-                        tls_content_clear(s->s3->rcontent);
-                        return 1;
-                }
-                s->d1->change_cipher_spec_ok = 0;
-        } else {
-                if ((s->s3->flags & SSL3_FLAGS_CCS_OK) == 0) {
-                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-                s->s3->flags &= ~SSL3_FLAGS_CCS_OK;
-        }
-
-        tls_content_clear(s->s3->rcontent);
-
-        s->s3->change_cipher_spec = 1;
-        if (!ssl3_do_change_cipher_spec(s))
-                return -1;
-
-        return 1;
-}
-
-static int
-ssl3_read_handshake_unexpected(SSL *s)
-{
-        uint32_t hs_msg_length;
-        uint8_t hs_msg_type;
-        ssize_t ssret;
-        CBS cbs;
-        int ret;
-
-        /*
-         * We need four bytes of handshake data so we have a handshake message
-         * header - this may be in the same record or fragmented across multiple
-         * records.
-         */
-        if (s->s3->handshake_fragment == NULL) {
-                if ((s->s3->handshake_fragment = tls_buffer_new(0)) == NULL)
-                        return -1;
-                tls_buffer_set_capacity_limit(s->s3->handshake_fragment,
-                    SSL3_HM_HEADER_LENGTH);
-        }
-        ssret = tls_buffer_extend(s->s3->handshake_fragment, SSL3_HM_HEADER_LENGTH,
-            ssl3_read_cb, s);
-        if (ssret <= 0 && ssret != TLS_IO_WANT_POLLIN)
-                return -1;
-        if (ssret != SSL3_HM_HEADER_LENGTH)
-                return 1;
-
-        if (s->in_handshake) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        /*
-         * This code currently deals with HelloRequest and ClientHello messages -
-         * anything else is pushed to the handshake_func. Almost all of this
-         * belongs in the client/server handshake code.
-         */
-
-        /* Parse handshake message header. */
-        if (!tls_buffer_data(s->s3->handshake_fragment, &cbs))
-                return -1;
-        if (!CBS_get_u8(&cbs, &hs_msg_type))
-                return -1;
-        if (!CBS_get_u24(&cbs, &hs_msg_length))
-                return -1;
-
-        if (hs_msg_type == SSL3_MT_HELLO_REQUEST) {
-                /*
-                 * Incoming HelloRequest messages should only be received by a
-                 * client. A server may send these at any time - a client should
-                 * ignore the message if received in the middle of a handshake.
-                 * See RFC 5246 sections 7.4 and 7.4.1.1.
-                 */
-                if (s->server) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                             SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                if (hs_msg_length != 0) {
-                        SSLerror(s, SSL_R_BAD_HELLO_REQUEST);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                        return -1;
-                }
-
-                if (!tls_buffer_data(s->s3->handshake_fragment, &cbs))
-                        return -1;
-                ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE, &cbs);
-
-                tls_buffer_free(s->s3->handshake_fragment);
-                s->s3->handshake_fragment = NULL;
-
-                if ((s->options & SSL_OP_NO_RENEGOTIATION) != 0) {
-                        ssl3_send_alert(s, SSL3_AL_WARNING,
-                            SSL_AD_NO_RENEGOTIATION);
-                        return 1;
-                }
-
-                /*
-                 * It should be impossible to hit this, but keep the safety
-                 * harness for now...
-                 */
-                if (s->session == NULL || s->s3->hs.cipher == NULL)
-                        return 1;
-
-                /*
-                 * Ignore this message if we're currently handshaking,
-                 * renegotiation is already pending or renegotiation is disabled
-                 * via flags.
-                 */
-                if (!SSL_is_init_finished(s) || s->s3->renegotiate ||
-                    (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0)
-                        return 1;
-
-                if (!ssl3_renegotiate(s))
-                        return 1;
-                if (!ssl3_renegotiate_check(s))
-                        return 1;
-
-        } else if (hs_msg_type == SSL3_MT_CLIENT_HELLO) {
-                /*
-                 * Incoming ClientHello messages should only be received by a
-                 * server. A client may send these in response to server
-                 * initiated renegotiation (HelloRequest) or in order to
-                 * initiate renegotiation by the client. See RFC 5246 section
-                 * 7.4.1.2.
-                 */
-                if (!s->server) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                             SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                /*
-                 * A client should not be sending a ClientHello unless we're not
-                 * currently handshaking.
-                 */
-                if (!SSL_is_init_finished(s)) {
-                        SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                if ((s->options & SSL_OP_NO_CLIENT_RENEGOTIATION) != 0 ||
-                    ((s->options & SSL_OP_NO_RENEGOTIATION) != 0 &&
-                    (s->options & SSL_OP_ALLOW_CLIENT_RENEGOTIATION) == 0)) {
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_NO_RENEGOTIATION);
-                        return -1;
-                }
-
-                if (s->session == NULL || s->s3->hs.cipher == NULL) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        return -1;
-                }
-
-                /* Client requested renegotiation but it is not permitted. */
-                if (!s->s3->send_connection_binding ||
-                    (s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) != 0) {
-                        ssl3_send_alert(s, SSL3_AL_WARNING,
-                            SSL_AD_NO_RENEGOTIATION);
-                        return 1;
-                }
-
-                s->s3->hs.state = SSL_ST_ACCEPT;
-                s->renegotiate = 1;
-                s->new_session = 1;
-
-        } else {
-                SSLerror(s, SSL_R_UNEXPECTED_MESSAGE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                return -1;
-        }
-
-        if ((ret = s->handshake_func(s)) < 0)
-                return ret;
-        if (ret == 0) {
-                SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                return -1;
-        }
-
-        if (!(s->mode & SSL_MODE_AUTO_RETRY)) {
-                if (s->s3->rbuf.left == 0) {
-                        ssl_force_want_read(s);
-                        return -1;
-                }
-        }
-
-        /*
-         * We either finished a handshake or ignored the request, now try again
-         * to obtain the (application) data we were asked for.
-         */
-        return 1;
-}
-
-/* Return up to 'len' payload bytes received in 'type' records.
- * 'type' is one of the following:
- *
- *   -  SSL3_RT_HANDSHAKE (when ssl3_get_message calls us)
- *   -  SSL3_RT_APPLICATION_DATA (when ssl3_read calls us)
- *   -  0 (during a shutdown, no data has to be returned)
- *
- * If we don't have stored data to work from, read a SSL/TLS record first
- * (possibly multiple records if we still don't have anything to return).
- *
- * This function must handle any surprises the peer may have for us, such as
- * Alert records (e.g. close_notify), ChangeCipherSpec records (not really
- * a surprise, but handled as if it were), or renegotiation requests.
- * Also if record payloads contain fragments too small to process, we store
- * them until there is enough for the respective protocol (the record protocol
- * may use arbitrary fragmentation and even interleaving):
- *     Change cipher spec protocol
- *             just 1 byte needed, no need for keeping anything stored
- *     Alert protocol
- *             2 bytes needed (AlertLevel, AlertDescription)
- *     Handshake protocol
- *             4 bytes needed (HandshakeType, uint24 length) -- we just have
- *             to detect unexpected Client Hello and Hello Request messages
- *             here, anything else is handled by higher layers
- *     Application data protocol
- *             none of our business
- */
-int
-ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
-{
-        int rrcount = 0;
-        ssize_t ssret;
-        int ret;
-
-        if (s->s3->rbuf.buf == NULL) {
-                if (!ssl3_setup_read_buffer(s))
-                        return -1;
-        }
-
-        if (s->s3->rcontent == NULL) {
-                if ((s->s3->rcontent = tls_content_new()) == NULL)
-                        return -1;
-        }
-
-        if (len < 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        if (type != 0 && type != SSL3_RT_APPLICATION_DATA &&
-            type != SSL3_RT_HANDSHAKE) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-        if (peek && type != SSL3_RT_APPLICATION_DATA) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        if (type == SSL3_RT_HANDSHAKE &&
-            s->s3->handshake_fragment != NULL &&
-            tls_buffer_remaining(s->s3->handshake_fragment) > 0) {
-                ssize_t ssn;
-
-                if ((ssn = tls_buffer_read(s->s3->handshake_fragment, buf,
-                    len)) <= 0)
-                        return -1;
-
-                if (tls_buffer_remaining(s->s3->handshake_fragment) == 0) {
-                        tls_buffer_free(s->s3->handshake_fragment);
-                        s->s3->handshake_fragment = NULL;
-                }
-
-                return (int)ssn;
-        }
-
-        if (SSL_in_init(s) && !s->in_handshake) {
-                if ((ret = s->handshake_func(s)) < 0)
-                        return ret;
-                if (ret == 0) {
-                        SSLerror(s, SSL_R_SSL_HANDSHAKE_FAILURE);
-                        return -1;
-                }
-        }
-
- start:
-        /*
-         * Do not process more than three consecutive records, otherwise the
-         * peer can cause us to loop indefinitely. Instead, return with an
-         * SSL_ERROR_WANT_READ so the caller can choose when to handle further
-         * processing. In the future, the total number of non-handshake and
-         * non-application data records per connection should probably also be
-         * limited...
-         */
-        if (rrcount++ >= 3) {
-                ssl_force_want_read(s);
-                return -1;
-        }
-
-        s->rwstate = SSL_NOTHING;
-
-        if (tls_content_remaining(s->s3->rcontent) == 0) {
-                if ((ret = ssl3_get_record(s)) <= 0)
-                        return ret;
-        }
-
-        /* We now have a packet which can be read and processed. */
-
-        if (s->s3->change_cipher_spec &&
-            tls_content_type(s->s3->rcontent) != SSL3_RT_HANDSHAKE) {
-                SSLerror(s, SSL_R_DATA_BETWEEN_CCS_AND_FINISHED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-                return -1;
-        }
-
-        /*
-         * If the other end has shut down, throw anything we read away (even in
-         * 'peek' mode).
-         */
-        if (s->shutdown & SSL_RECEIVED_SHUTDOWN) {
-                s->rwstate = SSL_NOTHING;
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                return 0;
-        }
-
-        /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */
-        if (tls_content_type(s->s3->rcontent) == type) {
-                /*
-                 * Make sure that we are not getting application data when we
-                 * are doing a handshake for the first time.
-                 */
-                if (SSL_in_init(s) && type == SSL3_RT_APPLICATION_DATA &&
-                    !tls12_record_layer_read_protected(s->rl)) {
-                        SSLerror(s, SSL_R_APP_DATA_IN_HANDSHAKE);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-
-                if (len <= 0)
-                        return len;
-
-                if (peek) {
-                        ssret = tls_content_peek(s->s3->rcontent, buf, len);
-                } else {
-                        ssret = tls_content_read(s->s3->rcontent, buf, len);
-                }
-                if (ssret < INT_MIN || ssret > INT_MAX)
-                        return -1;
-                if (ssret < 0)
-                        return (int)ssret;
-
-                if (tls_content_remaining(s->s3->rcontent) == 0) {
-                        s->rstate = SSL_ST_READ_HEADER;
-
-                        if (s->mode & SSL_MODE_RELEASE_BUFFERS &&
-                            s->s3->rbuf.left == 0)
-                                ssl3_release_read_buffer(s);
-                }
-
-                return ssret;
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_ALERT) {
-                if ((ret = ssl3_read_alert(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-
-        if (s->shutdown & SSL_SENT_SHUTDOWN) {
-                s->rwstate = SSL_NOTHING;
-                tls_content_clear(s->s3->rcontent);
-                s->s3->rrec.length = 0;
-                return 0;
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_APPLICATION_DATA) {
-                /*
-                 * At this point, we were expecting handshake data, but have
-                 * application data. If the library was running inside
-                 * ssl3_read() (i.e. in_read_app_data is set) and it makes
-                 * sense to read application data at this point (session
-                 * renegotiation not yet started), we will indulge it.
-                 */
-                if (s->s3->in_read_app_data != 0 &&
-                    s->s3->total_renegotiations != 0 &&
-                    (((s->s3->hs.state & SSL_ST_CONNECT) &&
-                    (s->s3->hs.state >= SSL3_ST_CW_CLNT_HELLO_A) &&
-                    (s->s3->hs.state <= SSL3_ST_CR_SRVR_HELLO_A)) || (
-                    (s->s3->hs.state & SSL_ST_ACCEPT) &&
-                    (s->s3->hs.state <= SSL3_ST_SW_HELLO_REQ_A) &&
-                    (s->s3->hs.state >= SSL3_ST_SR_CLNT_HELLO_A)))) {
-                        s->s3->in_read_app_data = 2;
-                        return -1;
-                } else {
-                        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_UNEXPECTED_MESSAGE);
-                        return -1;
-                }
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_CHANGE_CIPHER_SPEC) {
-                if ((ret = ssl3_read_change_cipher_spec(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-
-        if (tls_content_type(s->s3->rcontent) == SSL3_RT_HANDSHAKE) {
-                if ((ret = ssl3_read_handshake_unexpected(s)) <= 0)
-                        return ret;
-                goto start;
-        }
-
-        /*
-         * Unknown record type - TLSv1.2 sends an unexpected message alert while
-         * earlier versions silently ignore the record.
-         */
-        if (ssl_effective_tls_version(s) <= TLS1_1_VERSION) {
-                tls_content_clear(s->s3->rcontent);
-                goto start;
-        }
-        SSLerror(s, SSL_R_UNEXPECTED_RECORD);
-        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_UNEXPECTED_MESSAGE);
-        return -1;
-}
-
-int
-ssl3_do_change_cipher_spec(SSL *s)
-{
-        if (s->s3->hs.tls12.key_block == NULL) {
-                if (s->session == NULL || s->session->master_key_length == 0) {
-                        /* might happen if dtls1_read_bytes() calls this */
-                        SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
-                        return (0);
-                }
-
-                s->session->cipher_value = s->s3->hs.cipher->value;
-
-                if (!tls1_setup_key_block(s))
-                        return (0);
-        }
-
-        if (!tls1_change_read_cipher_state(s))
-                return (0);
-
-        /*
-         * We have to record the message digest at this point so we can get it
-         * before we read the finished message.
-         */
-        if (!tls12_derive_peer_finished(s))
-                return (0);
-
-        return (1);
-}
-
-static int
-ssl3_write_alert(SSL *s)
-{
-        if (SSL_is_dtls(s))
-                return do_dtls1_write(s, SSL3_RT_ALERT, s->s3->send_alert,
-                    sizeof(s->s3->send_alert));
-
-        return do_ssl3_write(s, SSL3_RT_ALERT, s->s3->send_alert,
-            sizeof(s->s3->send_alert));
-}
-
-int
-ssl3_send_alert(SSL *s, int level, int desc)
-{
-        /* If alert is fatal, remove session from cache. */
-        if (level == SSL3_AL_FATAL)
-                SSL_CTX_remove_session(s->ctx, s->session);
-
-        s->s3->alert_dispatch = 1;
-        s->s3->send_alert[0] = level;
-        s->s3->send_alert[1] = desc;
-
-        /*
-         * If data is still being written out, the alert will be dispatched at
-         * some point in the future.
-         */
-        if (s->s3->wbuf.left != 0)
-                return -1;
-
-        return ssl3_dispatch_alert(s);
-}
-
-int
-ssl3_dispatch_alert(SSL *s)
-{
-        int ret;
-
-        s->s3->alert_dispatch = 0;
-        if ((ret = ssl3_write_alert(s)) <= 0) {
-                s->s3->alert_dispatch = 1;
-                return ret;
-        }
-
-        /*
-         * Alert sent to BIO.  If it is important, flush it now.
-         * If the message does not get sent due to non-blocking IO,
-         * we will not worry too much.
-         */
-        if (s->s3->send_alert[0] == SSL3_AL_FATAL)
-                (void)BIO_flush(s->wbio);
-
-        ssl_msg_callback(s, 1, SSL3_RT_ALERT, s->s3->send_alert, 2);
-
-        ssl_info_callback(s, SSL_CB_WRITE_ALERT,
-            (s->s3->send_alert[0] << 8) | s->s3->send_alert[1]);
-
-        return ret;
-}
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c
deleted file mode 100644
index 6c8a2be3d3..0000000000
--- a/src/lib/libssl/ssl_rsa.c
+++ /dev/null
@@ -1,777 +0,0 @@
-/* $OpenBSD: ssl_rsa.c,v 1.51 2023/12/30 06:25:56 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/bio.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-
-#include "ssl_local.h"
-
-static int ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl,
-    pem_password_cb **passwd_cb, void **passwd_arg);
-static int ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x509);
-static int ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey);
-static int ssl_use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in);
-static int ssl_use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl,
-    const char *file);
-
-int
-SSL_use_certificate(SSL *ssl, X509 *x)
-{
-        if (x == NULL) {
-                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        return ssl_set_cert(NULL, ssl, x);
-}
-LSSL_ALIAS(SSL_use_certificate);
-
-int
-SSL_use_certificate_file(SSL *ssl, const char *file, int type)
-{
-        int j;
-        BIO *in;
-        int ret = 0;
-        X509 *x = NULL;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerror(ssl, ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerror(ssl, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                x = d2i_X509_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                x = PEM_read_bio_X509(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-
-        if (x == NULL) {
-                SSLerror(ssl, j);
-                goto end;
-        }
-
-        ret = SSL_use_certificate(ssl, x);
- end:
-        X509_free(x);
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_certificate_file);
-
-int
-SSL_use_certificate_ASN1(SSL *ssl, const unsigned char *d, int len)
-{
-        X509 *x;
-        int ret;
-
-        x = d2i_X509(NULL, &d, (long)len);
-        if (x == NULL) {
-                SSLerror(ssl, ERR_R_ASN1_LIB);
-                return (0);
-        }
-
-        ret = SSL_use_certificate(ssl, x);
-        X509_free(x);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_certificate_ASN1);
-
-int
-SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa)
-{
-        EVP_PKEY *pkey = NULL;
-        int ret = 0;
-
-        if (rsa == NULL) {
-                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                goto err;
-        }
-        if ((pkey = EVP_PKEY_new()) == NULL) {
-                SSLerror(ssl, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_PKEY_set1_RSA(pkey, rsa))
-                goto err;
-        if (!ssl_set_pkey(NULL, ssl, pkey))
-                goto err;
-
-        ret = 1;
-
- err:
-        EVP_PKEY_free(pkey);
-
-        return ret;
-}
-LSSL_ALIAS(SSL_use_RSAPrivateKey);
-
-static int
-ssl_set_pkey(SSL_CTX *ctx, SSL *ssl, EVP_PKEY *pkey)
-{
-        SSL_CERT *c;
-        int i;
-
-        i = ssl_cert_type(pkey);
-        if (i < 0) {
-                SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                return (0);
-        }
-
-        if ((c = ssl_get0_cert(ctx, ssl)) == NULL)
-                return (0);
-
-        if (c->pkeys[i].x509 != NULL) {
-                EVP_PKEY *pktmp;
-
-                if ((pktmp = X509_get0_pubkey(c->pkeys[i].x509)) == NULL)
-                        return 0;
-
-                /*
-                 * Callers of EVP_PKEY_copy_parameters() can't distinguish
-                 * errors from the absence of a param_copy() method. So
-                 * pretend it can never fail.
-                 */
-                EVP_PKEY_copy_parameters(pktmp, pkey);
-
-                ERR_clear_error();
-
-                /*
-                 * Don't check the public/private key, this is mostly
-                 * for smart cards.
-                 */
-                if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA ||
-                    !(RSA_flags(EVP_PKEY_get0_RSA(pkey)) & RSA_METHOD_FLAG_NO_CHECK)) {
-                        if (!X509_check_private_key(c->pkeys[i].x509, pkey)) {
-                                X509_free(c->pkeys[i].x509);
-                                c->pkeys[i].x509 = NULL;
-                                return 0;
-                        }
-                }
-        }
-
-        EVP_PKEY_free(c->pkeys[i].privatekey);
-        EVP_PKEY_up_ref(pkey);
-        c->pkeys[i].privatekey = pkey;
-        c->key = &(c->pkeys[i]);
-
-        c->valid = 0;
-        return 1;
-}
-
-int
-SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        RSA *rsa = NULL;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerror(ssl, ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerror(ssl, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                rsa = d2i_RSAPrivateKey_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (rsa == NULL) {
-                SSLerror(ssl, j);
-                goto end;
-        }
-        ret = SSL_use_RSAPrivateKey(ssl, rsa);
-        RSA_free(rsa);
- end:
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_RSAPrivateKey_file);
-
-int
-SSL_use_RSAPrivateKey_ASN1(SSL *ssl, const unsigned char *d, long len)
-{
-        int ret;
-        RSA *rsa;
-
-        if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
-                SSLerror(ssl, ERR_R_ASN1_LIB);
-                return (0);
-        }
-
-        ret = SSL_use_RSAPrivateKey(ssl, rsa);
-        RSA_free(rsa);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_RSAPrivateKey_ASN1);
-
-int
-SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey)
-{
-        int ret;
-
-        if (pkey == NULL) {
-                SSLerror(ssl, ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        ret = ssl_set_pkey(NULL, ssl, pkey);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_PrivateKey);
-
-int
-SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        EVP_PKEY *pkey = NULL;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerror(ssl, ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerror(ssl, ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                pkey = PEM_read_bio_PrivateKey(in, NULL,
-                    ssl->ctx->default_passwd_callback,
-                    ssl->ctx->default_passwd_callback_userdata);
-        } else if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                pkey = d2i_PrivateKey_bio(in, NULL);
-        } else {
-                SSLerror(ssl, SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (pkey == NULL) {
-                SSLerror(ssl, j);
-                goto end;
-        }
-        ret = SSL_use_PrivateKey(ssl, pkey);
-        EVP_PKEY_free(pkey);
- end:
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_PrivateKey_file);
-
-int
-SSL_use_PrivateKey_ASN1(int type, SSL *ssl, const unsigned char *d, long len)
-{
-        int ret;
-        EVP_PKEY *pkey;
-
-        if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
-                SSLerror(ssl, ERR_R_ASN1_LIB);
-                return (0);
-        }
-
-        ret = SSL_use_PrivateKey(ssl, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-LSSL_ALIAS(SSL_use_PrivateKey_ASN1);
-
-int
-SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x)
-{
-        if (x == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        return ssl_set_cert(ctx, NULL, x);
-}
-LSSL_ALIAS(SSL_CTX_use_certificate);
-
-static int
-ssl_get_password_cb_and_arg(SSL_CTX *ctx, SSL *ssl,
-    pem_password_cb **passwd_cb, void **passwd_arg)
-{
-        if (ssl != NULL)
-                ctx = ssl->ctx;
-
-        *passwd_cb = ctx->default_passwd_callback;
-        *passwd_arg = ctx->default_passwd_callback_userdata;
-
-        return 1;
-}
-
-static int
-ssl_set_cert(SSL_CTX *ctx, SSL *ssl, X509 *x)
-{
-        SSL_CERT *c;
-        EVP_PKEY *pkey;
-        int ssl_err;
-        int i;
-
-        if (!ssl_security_cert(ctx, ssl, x, 1, &ssl_err)) {
-                SSLerrorx(ssl_err);
-                return (0);
-        }
-
-        if ((c = ssl_get0_cert(ctx, ssl)) == NULL)
-                return (0);
-
-        pkey = X509_get_pubkey(x);
-        if (pkey == NULL) {
-                SSLerrorx(SSL_R_X509_LIB);
-                return (0);
-        }
-
-        i = ssl_cert_type(pkey);
-        if (i < 0) {
-                SSLerrorx(SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                EVP_PKEY_free(pkey);
-                return (0);
-        }
-
-        if (c->pkeys[i].privatekey != NULL) {
-                EVP_PKEY *priv_key = c->pkeys[i].privatekey;
-
-                EVP_PKEY_copy_parameters(pkey, priv_key);
-                ERR_clear_error();
-
-                /*
-                 * Don't check the public/private key, this is mostly
-                 * for smart cards.
-                 */
-                if (EVP_PKEY_id(priv_key) != EVP_PKEY_RSA ||
-                    !(RSA_flags(EVP_PKEY_get0_RSA(priv_key)) & RSA_METHOD_FLAG_NO_CHECK)) {
-                        if (!X509_check_private_key(x, priv_key)) {
-                                /*
-                                 * don't fail for a cert/key mismatch, just free
-                                 * current private key (when switching to a
-                                 * different cert & key, first this function
-                                 * should be used, then ssl_set_pkey.
-                                 */
-                                EVP_PKEY_free(c->pkeys[i].privatekey);
-                                c->pkeys[i].privatekey = NULL;
-                                ERR_clear_error();
-                        }
-                }
-        }
-
-        EVP_PKEY_free(pkey);
-
-        X509_free(c->pkeys[i].x509);
-        X509_up_ref(x);
-        c->pkeys[i].x509 = x;
-        c->key = &(c->pkeys[i]);
-
-        c->valid = 0;
-        return (1);
-}
-
-int
-SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j;
-        BIO *in;
-        int ret = 0;
-        X509 *x = NULL;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                x = d2i_X509_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                x = PEM_read_bio_X509(in, NULL, ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-
-        if (x == NULL) {
-                SSLerrorx(j);
-                goto end;
-        }
-
-        ret = SSL_CTX_use_certificate(ctx, x);
- end:
-        X509_free(x);
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_certificate_file);
-
-int
-SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, const unsigned char *d)
-{
-        X509 *x;
-        int ret;
-
-        x = d2i_X509(NULL, &d, (long)len);
-        if (x == NULL) {
-                SSLerrorx(ERR_R_ASN1_LIB);
-                return (0);
-        }
-
-        ret = SSL_CTX_use_certificate(ctx, x);
-        X509_free(x);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_certificate_ASN1);
-
-int
-SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa)
-{
-        EVP_PKEY *pkey = NULL;
-        int ret = 0;
-
-        if (rsa == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                goto err;
-        }
-        if ((pkey = EVP_PKEY_new()) == NULL) {
-                SSLerrorx(ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_PKEY_set1_RSA(pkey, rsa))
-                goto err;
-        if (!ssl_set_pkey(ctx, NULL, pkey))
-                goto err;
-
-        ret = 1;
-
- err:
-        EVP_PKEY_free(pkey);
-
-        return ret;
-}
-LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey);
-
-int
-SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        RSA *rsa = NULL;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                rsa = d2i_RSAPrivateKey_bio(in, NULL);
-        } else if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                rsa = PEM_read_bio_RSAPrivateKey(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else {
-                SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (rsa == NULL) {
-                SSLerrorx(j);
-                goto end;
-        }
-        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
-        RSA_free(rsa);
- end:
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey_file);
-
-int
-SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, const unsigned char *d, long len)
-{
-        int ret;
-        RSA *rsa;
-
-        if ((rsa = d2i_RSAPrivateKey(NULL, &d, (long)len)) == NULL) {
-                SSLerrorx(ERR_R_ASN1_LIB);
-                return (0);
-        }
-
-        ret = SSL_CTX_use_RSAPrivateKey(ctx, rsa);
-        RSA_free(rsa);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_RSAPrivateKey_ASN1);
-
-int
-SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey)
-{
-        if (pkey == NULL) {
-                SSLerrorx(ERR_R_PASSED_NULL_PARAMETER);
-                return (0);
-        }
-        return ssl_set_pkey(ctx, NULL, pkey);
-}
-LSSL_ALIAS(SSL_CTX_use_PrivateKey);
-
-int
-SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type)
-{
-        int j, ret = 0;
-        BIO *in;
-        EVP_PKEY *pkey = NULL;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-        if (type == SSL_FILETYPE_PEM) {
-                j = ERR_R_PEM_LIB;
-                pkey = PEM_read_bio_PrivateKey(in, NULL,
-                    ctx->default_passwd_callback,
-                    ctx->default_passwd_callback_userdata);
-        } else if (type == SSL_FILETYPE_ASN1) {
-                j = ERR_R_ASN1_LIB;
-                pkey = d2i_PrivateKey_bio(in, NULL);
-        } else {
-                SSLerrorx(SSL_R_BAD_SSL_FILETYPE);
-                goto end;
-        }
-        if (pkey == NULL) {
-                SSLerrorx(j);
-                goto end;
-        }
-        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        EVP_PKEY_free(pkey);
- end:
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_PrivateKey_file);
-
-int
-SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, const unsigned char *d,
-    long len)
-{
-        int ret;
-        EVP_PKEY *pkey;
-
-        if ((pkey = d2i_PrivateKey(type, NULL, &d, (long)len)) == NULL) {
-                SSLerrorx(ERR_R_ASN1_LIB);
-                return (0);
-        }
-
-        ret = SSL_CTX_use_PrivateKey(ctx, pkey);
-        EVP_PKEY_free(pkey);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_PrivateKey_ASN1);
-
-
-/*
- * Read a bio that contains our certificate in "PEM" format,
- * possibly followed by a sequence of CA certificates that should be
- * sent to the peer in the Certificate message.
- */
-static int
-ssl_use_certificate_chain_bio(SSL_CTX *ctx, SSL *ssl, BIO *in)
-{
-        pem_password_cb *passwd_cb;
-        void *passwd_arg;
-        X509 *ca, *x = NULL;
-        unsigned long err;
-        int ret = 0;
-
-        if (!ssl_get_password_cb_and_arg(ctx, ssl, &passwd_cb, &passwd_arg))
-                goto err;
-
-        if ((x = PEM_read_bio_X509_AUX(in, NULL, passwd_cb, passwd_arg)) ==
-            NULL) {
-                SSLerrorx(ERR_R_PEM_LIB);
-                goto err;
-        }
-
-        if (!ssl_set_cert(ctx, ssl, x))
-                goto err;
-
-        if (!ssl_cert_set0_chain(ctx, ssl, NULL))
-                goto err;
-
-        /* Process any additional CA certificates. */
-        while ((ca = PEM_read_bio_X509(in, NULL, passwd_cb, passwd_arg)) !=
-            NULL) {
-                if (!ssl_cert_add0_chain_cert(ctx, ssl, ca)) {
-                        X509_free(ca);
-                        goto err;
-                }
-        }
-
-        /* When the while loop ends, it's usually just EOF. */
-        err = ERR_peek_last_error();
-        if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
-            ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
-                ERR_clear_error();
-                ret = 1;
-        }
-
- err:
-        X509_free(x);
-
-        return (ret);
-}
-
-int
-ssl_use_certificate_chain_file(SSL_CTX *ctx, SSL *ssl, const char *file)
-{
-        BIO *in;
-        int ret = 0;
-
-        in = BIO_new(BIO_s_file());
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        if (BIO_read_filename(in, file) <= 0) {
-                SSLerrorx(ERR_R_SYS_LIB);
-                goto end;
-        }
-
-        ret = ssl_use_certificate_chain_bio(ctx, ssl, in);
-
- end:
-        BIO_free(in);
-        return (ret);
-}
-
-int
-SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file)
-{
-        return ssl_use_certificate_chain_file(ctx, NULL, file);
-}
-LSSL_ALIAS(SSL_CTX_use_certificate_chain_file);
-
-int
-SSL_use_certificate_chain_file(SSL *ssl, const char *file)
-{
-        return ssl_use_certificate_chain_file(NULL, ssl, file);
-}
-LSSL_ALIAS(SSL_use_certificate_chain_file);
-
-int
-SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, void *buf, int len)
-{
-        BIO *in;
-        int ret = 0;
-
-        in = BIO_new_mem_buf(buf, len);
-        if (in == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                goto end;
-        }
-
-        ret = ssl_use_certificate_chain_bio(ctx, NULL, in);
-
- end:
-        BIO_free(in);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_use_certificate_chain_mem);
diff --git a/src/lib/libssl/ssl_seclevel.c b/src/lib/libssl/ssl_seclevel.c
deleted file mode 100644
index 979da31942..0000000000
--- a/src/lib/libssl/ssl_seclevel.c
+++ /dev/null
@@ -1,479 +0,0 @@
-/*      $OpenBSD: ssl_seclevel.c,v 1.30 2025/01/18 10:52:09 tb Exp $ */
-/*
- * Copyright (c) 2020-2022 Theo Buehler <tb@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stddef.h>
-
-#include <openssl/asn1.h>
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/ossl_typ.h>
-#include <openssl/ssl.h>
-#include <openssl/tls1.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-
-static int
-ssl_security_normalize_level(const SSL_CTX *ctx, const SSL *ssl, int *out_level)
-{
-        int security_level;
-
-        if (ctx != NULL)
-                security_level = SSL_CTX_get_security_level(ctx);
-        else
-                security_level = SSL_get_security_level(ssl);
-
-        if (security_level < 0)
-                security_level = 0;
-        if (security_level > 5)
-                security_level = 5;
-
-        *out_level = security_level;
-
-        return 1;
-}
-
-static int
-ssl_security_level_to_minimum_bits(int security_level, int *out_minimum_bits)
-{
-        if (security_level < 0)
-                return 0;
-
-        if (security_level == 0)
-                *out_minimum_bits = 0;
-        else if (security_level == 1)
-                *out_minimum_bits = 80;
-        else if (security_level == 2)
-                *out_minimum_bits = 112;
-        else if (security_level == 3)
-                *out_minimum_bits = 128;
-        else if (security_level == 4)
-                *out_minimum_bits = 192;
-        else if (security_level >= 5)
-                *out_minimum_bits = 256;
-
-        return 1;
-}
-
-static int
-ssl_security_level_and_minimum_bits(const SSL_CTX *ctx, const SSL *ssl,
-    int *out_level, int *out_minimum_bits)
-{
-        int security_level = 0, minimum_bits = 0;
-
-        if (!ssl_security_normalize_level(ctx, ssl, &security_level))
-                return 0;
-        if (!ssl_security_level_to_minimum_bits(security_level, &minimum_bits))
-                return 0;
-
-        if (out_level != NULL)
-                *out_level = security_level;
-        if (out_minimum_bits != NULL)
-                *out_minimum_bits = minimum_bits;
-
-        return 1;
-}
-
-static int
-ssl_security_secop_cipher(const SSL_CTX *ctx, const SSL *ssl, int bits,
-    void *arg)
-{
-        const SSL_CIPHER *cipher = arg;
-        int security_level, minimum_bits;
-
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
-            &minimum_bits))
-                return 0;
-
-        if (security_level <= 0)
-                return 1;
-
-        if (bits < minimum_bits)
-                return 0;
-
-        /* No unauthenticated ciphersuites. */
-        if (cipher->algorithm_auth & SSL_aNULL)
-                return 0;
-
-        if (cipher->algorithm_mac & SSL_MD5)
-                return 0;
-
-        if (security_level <= 1)
-                return 1;
-
-        if (cipher->algorithm_enc & SSL_RC4)
-                return 0;
-
-        if (security_level <= 2)
-                return 1;
-
-        /* Security level >= 3 requires a cipher with forward secrecy. */
-        if ((cipher->algorithm_mkey & (SSL_kDHE | SSL_kECDHE)) == 0 &&
-            cipher->algorithm_ssl != SSL_TLSV1_3)
-                return 0;
-
-        if (security_level <= 3)
-                return 1;
-
-        if (cipher->algorithm_mac & SSL_SHA1)
-                return 0;
-
-        return 1;
-}
-
-static int
-ssl_security_secop_version(const SSL_CTX *ctx, const SSL *ssl, int version)
-{
-        int min_version = TLS1_2_VERSION;
-        int security_level;
-
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
-                return 0;
-
-        if (security_level < 4)
-                min_version = TLS1_1_VERSION;
-        if (security_level < 3)
-                min_version = TLS1_VERSION;
-
-        return ssl_tls_version(version) >= min_version;
-}
-
-static int
-ssl_security_secop_compression(const SSL_CTX *ctx, const SSL *ssl)
-{
-        return 0;
-}
-
-static int
-ssl_security_secop_tickets(const SSL_CTX *ctx, const SSL *ssl)
-{
-        int security_level;
-
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level, NULL))
-                return 0;
-
-        return security_level < 3;
-}
-
-static int
-ssl_security_secop_tmp_dh(const SSL_CTX *ctx, const SSL *ssl, int bits)
-{
-        int security_level, minimum_bits;
-
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, &security_level,
-            &minimum_bits))
-                return 0;
-
-        /* Disallow DHE keys weaker than 1024 bits even at security level 0. */
-        if (security_level <= 0 && bits < 80)
-                return 0;
-
-        return bits >= minimum_bits;
-}
-
-static int
-ssl_security_secop_default(const SSL_CTX *ctx, const SSL *ssl, int bits)
-{
-        int minimum_bits;
-
-        if (!ssl_security_level_and_minimum_bits(ctx, ssl, NULL, &minimum_bits))
-                return 0;
-
-        return bits >= minimum_bits;
-}
-
-int
-ssl_security_default_cb(const SSL *ssl, const SSL_CTX *ctx, int secop, int bits,
-    int version, void *cipher, void *ex_data)
-{
-        switch (secop) {
-        case SSL_SECOP_CIPHER_SUPPORTED:
-        case SSL_SECOP_CIPHER_SHARED:
-        case SSL_SECOP_CIPHER_CHECK:
-                return ssl_security_secop_cipher(ctx, ssl, bits, cipher);
-        case SSL_SECOP_VERSION:
-                return ssl_security_secop_version(ctx, ssl, version);
-        case SSL_SECOP_COMPRESSION:
-                return ssl_security_secop_compression(ctx, ssl);
-        case SSL_SECOP_TICKET:
-                return ssl_security_secop_tickets(ctx, ssl);
-        case SSL_SECOP_TMP_DH:
-                return ssl_security_secop_tmp_dh(ctx, ssl, bits);
-        default:
-                return ssl_security_secop_default(ctx, ssl, bits);
-        }
-}
-
-static int
-ssl_ctx_security(const SSL_CTX *ctx, int secop, int bits, int nid, void *other)
-{
-        return ctx->cert->security_cb(NULL, ctx, secop, bits, nid,
-            other, ctx->cert->security_ex_data);
-}
-
-static int
-ssl_security(const SSL *ssl, int secop, int bits, int nid, void *other)
-{
-        return ssl->cert->security_cb(ssl, NULL, secop, bits, nid, other,
-            ssl->cert->security_ex_data);
-}
-
-int
-ssl_security_sigalg_check(const SSL *ssl, const EVP_PKEY *pkey)
-{
-        int bits;
-
-        bits = EVP_PKEY_security_bits(pkey);
-
-        return ssl_security(ssl, SSL_SECOP_SIGALG_CHECK, bits, 0, NULL);
-}
-
-int
-ssl_security_tickets(const SSL *ssl)
-{
-        return ssl_security(ssl, SSL_SECOP_TICKET, 0, 0, NULL);
-}
-
-int
-ssl_security_version(const SSL *ssl, int version)
-{
-        return ssl_security(ssl, SSL_SECOP_VERSION, 0, version, NULL);
-}
-
-static int
-ssl_security_cipher(const SSL *ssl, SSL_CIPHER *cipher, int secop)
-{
-        return ssl_security(ssl, secop, cipher->strength_bits, 0, cipher);
-}
-
-int
-ssl_security_cipher_check(const SSL *ssl, SSL_CIPHER *cipher)
-{
-        return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_CHECK);
-}
-
-int
-ssl_security_shared_cipher(const SSL *ssl, SSL_CIPHER *cipher)
-{
-        return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SHARED);
-}
-
-int
-ssl_security_supported_cipher(const SSL *ssl, SSL_CIPHER *cipher)
-{
-        return ssl_security_cipher(ssl, cipher, SSL_SECOP_CIPHER_SUPPORTED);
-}
-
-int
-ssl_ctx_security_dh(const SSL_CTX *ctx, DH *dh)
-{
-        int bits;
-
-        bits = DH_security_bits(dh);
-
-        return ssl_ctx_security(ctx, SSL_SECOP_TMP_DH, bits, 0, dh);
-}
-
-int
-ssl_security_dh(const SSL *ssl, DH *dh)
-{
-        int bits;
-
-        bits = DH_security_bits(dh);
-
-        return ssl_security(ssl, SSL_SECOP_TMP_DH, bits, 0, dh);
-}
-
-static int
-ssl_cert_pubkey_security_bits(const X509 *x509)
-{
-        EVP_PKEY *pkey;
-
-        if ((pkey = X509_get0_pubkey(x509)) == NULL)
-                return -1;
-
-        return EVP_PKEY_security_bits(pkey);
-}
-
-static int
-ssl_security_cert_key(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop)
-{
-        int security_bits;
-
-        security_bits = ssl_cert_pubkey_security_bits(x509);
-
-        if (ssl != NULL)
-                return ssl_security(ssl, secop, security_bits, 0, x509);
-
-        return ssl_ctx_security(ctx, secop, security_bits, 0, x509);
-}
-
-static int
-ssl_security_cert_sig_security_bits(X509 *x509, int *out_md_nid)
-{
-        int pkey_nid, security_bits;
-        uint32_t flags;
-
-        *out_md_nid = NID_undef;
-
-        /*
-         * Returning -1 security bits makes the default security callback fail
-         * to match bonkers behavior in OpenSSL. This in turn lets a security
-         * callback override such failures.
-         */
-        if (!X509_get_signature_info(x509, out_md_nid, &pkey_nid, &security_bits,
-            &flags))
-                return -1;
-        /*
-         * OpenSSL doesn't check flags. Test RSA-PSS certs we were provided have
-         * a salt length distinct from hash length and thus fail this check.
-         */
-        if ((flags & X509_SIG_INFO_TLS) == 0)
-                return -1;
-
-        /* Weird OpenSSL behavior only relevant for EdDSA certs in LibreSSL. */
-        if (*out_md_nid == NID_undef)
-                *out_md_nid = pkey_nid;
-
-        return security_bits;
-}
-
-static int
-ssl_security_cert_sig(const SSL_CTX *ctx, const SSL *ssl, X509 *x509, int secop)
-{
-        int md_nid = NID_undef, security_bits = -1;
-
-        /* Don't check signature if self signed. */
-        if ((X509_get_extension_flags(x509) & EXFLAG_SS) != 0)
-                return 1;
-
-        /*
-         * The default security callback fails on -1 security bits. It ignores
-         * the md_nid (aka version) argument we pass from here.
-         */
-        security_bits = ssl_security_cert_sig_security_bits(x509, &md_nid);
-
-        if (ssl != NULL)
-                return ssl_security(ssl, secop, security_bits, md_nid, x509);
-
-        return ssl_ctx_security(ctx, secop, security_bits, md_nid, x509);
-}
-
-int
-ssl_security_cert(const SSL_CTX *ctx, const SSL *ssl, X509 *x509,
-    int is_ee, int *out_error)
-{
-        int key_error, operation;
-
-        *out_error = 0;
-
-        if (is_ee) {
-                operation = SSL_SECOP_EE_KEY;
-                key_error = SSL_R_EE_KEY_TOO_SMALL;
-        } else {
-                operation = SSL_SECOP_CA_KEY;
-                key_error = SSL_R_CA_KEY_TOO_SMALL;
-        }
-
-        if (!ssl_security_cert_key(ctx, ssl, x509, operation)) {
-                *out_error = key_error;
-                return 0;
-        }
-
-        if (!ssl_security_cert_sig(ctx, ssl, x509, SSL_SECOP_CA_MD)) {
-                *out_error = SSL_R_CA_MD_TOO_WEAK;
-                return 0;
-        }
-
-        return 1;
-}
-
-/*
- * Check security of a chain. If |sk| includes the end entity certificate
- * then |x509| must be NULL.
- */
-int
-ssl_security_cert_chain(const SSL *ssl, STACK_OF(X509) *sk, X509 *x509,
-    int *out_error)
-{
-        int start_idx = 0;
-        int is_ee;
-        int i;
-
-        if (x509 == NULL) {
-                x509 = sk_X509_value(sk, 0);
-                start_idx = 1;
-        }
-
-        is_ee = 1;
-        if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error))
-                return 0;
-
-        is_ee = 0;
-        for (i = start_idx; i < sk_X509_num(sk); i++) {
-                x509 = sk_X509_value(sk, i);
-
-                if (!ssl_security_cert(NULL, ssl, x509, is_ee, out_error))
-                        return 0;
-        }
-
-        return 1;
-}
-
-static int
-ssl_security_group(const SSL *ssl, uint16_t group_id, int secop)
-{
-        CBB cbb;
-        int bits, nid;
-        uint8_t group[2];
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (!tls1_ec_group_id2bits(group_id, &bits))
-                goto err;
-        if (!tls1_ec_group_id2nid(group_id, &nid))
-                goto err;
-
-        if (!CBB_init_fixed(&cbb, group, sizeof(group)))
-                goto err;
-        if (!CBB_add_u16(&cbb, group_id))
-                goto err;
-        if (!CBB_finish(&cbb, NULL, NULL))
-                goto err;
-
-        return ssl_security(ssl, secop, bits, nid, group);
-
- err:
-        CBB_cleanup(&cbb);
-
-        return 0;
-}
-
-int
-ssl_security_shared_group(const SSL *ssl, uint16_t group_id)
-{
-        return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SHARED);
-}
-
-int
-ssl_security_supported_group(const SSL *ssl, uint16_t group_id)
-{
-        return ssl_security_group(ssl, group_id, SSL_SECOP_CURVE_SUPPORTED);
-}
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c
deleted file mode 100644
index a5cfc33c04..0000000000
--- a/src/lib/libssl/ssl_sess.c
+++ /dev/null
@@ -1,1347 +0,0 @@
-/* $OpenBSD: ssl_sess.c,v 1.129 2025/03/09 15:53:36 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <openssl/lhash.h>
-#include <openssl/opensslconf.h>
-
-#include "ssl_local.h"
-
-static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s);
-static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s);
-static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck);
-
-/* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */
-SSL_SESSION *
-SSL_get_session(const SSL *ssl)
-{
-        return (ssl->session);
-}
-LSSL_ALIAS(SSL_get_session);
-
-/* variant of SSL_get_session: caller really gets something */
-SSL_SESSION *
-SSL_get1_session(SSL *ssl)
-{
-        SSL_SESSION *sess;
-
-        /*
-         * Need to lock this all up rather than just use CRYPTO_add so that
-         * somebody doesn't free ssl->session between when we check it's
-         * non-null and when we up the reference count.
-         */
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_SESSION);
-        sess = ssl->session;
-        if (sess)
-                sess->references++;
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_SESSION);
-
-        return (sess);
-}
-LSSL_ALIAS(SSL_get1_session);
-
-int
-SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION,
-            argl, argp, new_func, dup_func, free_func);
-}
-LSSL_ALIAS(SSL_SESSION_get_ex_new_index);
-
-int
-SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg)
-{
-        return (CRYPTO_set_ex_data(&s->ex_data, idx, arg));
-}
-LSSL_ALIAS(SSL_SESSION_set_ex_data);
-
-void *
-SSL_SESSION_get_ex_data(const SSL_SESSION *s, int idx)
-{
-        return (CRYPTO_get_ex_data(&s->ex_data, idx));
-}
-LSSL_ALIAS(SSL_SESSION_get_ex_data);
-
-uint32_t
-SSL_SESSION_get_max_early_data(const SSL_SESSION *s)
-{
-        return 0;
-}
-LSSL_ALIAS(SSL_SESSION_get_max_early_data);
-
-int
-SSL_SESSION_set_max_early_data(SSL_SESSION *s, uint32_t max_early_data)
-{
-        return 1;
-}
-LSSL_ALIAS(SSL_SESSION_set_max_early_data);
-
-SSL_SESSION *
-SSL_SESSION_new(void)
-{
-        SSL_SESSION *ss;
-
-        if (!OPENSSL_init_ssl(0, NULL)) {
-                SSLerrorx(SSL_R_LIBRARY_BUG);
-                return(NULL);
-        }
-
-        if ((ss = calloc(1, sizeof(*ss))) == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                return (NULL);
-        }
-
-        ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */
-        ss->references = 1;
-        ss->timeout = 60 * 5 + 4; /* 5 minutes 4 seconds timeout by default */
-        ss->time = time(NULL);
-        ss->prev = NULL;
-        ss->next = NULL;
-        ss->tlsext_hostname = NULL;
-
-        ss->peer_cert_type = -1;
-
-        ss->tlsext_ecpointformatlist_length = 0;
-        ss->tlsext_ecpointformatlist = NULL;
-        ss->tlsext_supportedgroups_length = 0;
-        ss->tlsext_supportedgroups = NULL;
-
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
-        return (ss);
-}
-LSSL_ALIAS(SSL_SESSION_new);
-
-SSL_SESSION *
-ssl_session_dup(SSL_SESSION *sess, int include_ticket)
-{
-        SSL_SESSION *copy;
-        CBS cbs;
-
-        if ((copy = calloc(1, sizeof(*copy))) == NULL) {
-                SSLerrorx(ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        copy->ssl_version = sess->ssl_version;
-
-        CBS_init(&cbs, sess->master_key, sess->master_key_length);
-        if (!CBS_write_bytes(&cbs, copy->master_key, sizeof(copy->master_key),
-            &copy->master_key_length))
-                goto err;
-
-        CBS_init(&cbs, sess->session_id, sess->session_id_length);
-        if (!CBS_write_bytes(&cbs, copy->session_id, sizeof(copy->session_id),
-            &copy->session_id_length))
-                goto err;
-
-        CBS_init(&cbs, sess->sid_ctx, sess->sid_ctx_length);
-        if (!CBS_write_bytes(&cbs, copy->sid_ctx, sizeof(copy->sid_ctx),
-            &copy->sid_ctx_length))
-                goto err;
-
-        if (sess->peer_cert != NULL) {
-                if (!X509_up_ref(sess->peer_cert))
-                        goto err;
-                copy->peer_cert = sess->peer_cert;
-        }
-        copy->peer_cert_type = sess->peer_cert_type;
-
-        copy->verify_result = sess->verify_result;
-
-        copy->timeout = sess->timeout;
-        copy->time = sess->time;
-        copy->references = 1;
-
-        copy->cipher_value = sess->cipher_value;
-
-        if (sess->tlsext_hostname != NULL) {
-                copy->tlsext_hostname = strdup(sess->tlsext_hostname);
-                if (copy->tlsext_hostname == NULL)
-                        goto err;
-        }
-
-        if (include_ticket) {
-                CBS_init(&cbs, sess->tlsext_tick, sess->tlsext_ticklen);
-                if (!CBS_stow(&cbs, &copy->tlsext_tick, &copy->tlsext_ticklen))
-                        goto err;
-                copy->tlsext_tick_lifetime_hint =
-                    sess->tlsext_tick_lifetime_hint;
-
-                /*
-                 * XXX - copy sess->resumption_master_secret and all other
-                 * TLSv1.3 info here.
-                 */
-        }
-
-        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, copy,
-            &copy->ex_data))
-                goto err;
-
-        if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, &copy->ex_data,
-            &sess->ex_data))
-                goto err;
-
-        /* Omit prev/next: the new session gets its own slot in the cache. */
-
-        copy->not_resumable = sess->not_resumable;
-
-        CBS_init(&cbs, sess->tlsext_ecpointformatlist,
-            sess->tlsext_ecpointformatlist_length);
-        if (!CBS_stow(&cbs, &copy->tlsext_ecpointformatlist,
-            &copy->tlsext_ecpointformatlist_length))
-                goto err;
-
-        if (sess->tlsext_supportedgroups != NULL) {
-                if ((copy->tlsext_supportedgroups = calloc(sizeof(uint16_t),
-                    sess->tlsext_supportedgroups_length)) == NULL)
-                        goto err;
-                memcpy(copy->tlsext_supportedgroups,
-                    sess->tlsext_supportedgroups,
-                    sizeof(uint16_t) * sess->tlsext_supportedgroups_length);
-                copy->tlsext_supportedgroups_length =
-                    sess->tlsext_supportedgroups_length;
-        }
-
-        return copy;
-
- err:
-        SSL_SESSION_free(copy);
-
-        return NULL;
-}
-
-const unsigned char *
-SSL_SESSION_get_id(const SSL_SESSION *ss, unsigned int *len)
-{
-        if (len != NULL)
-                *len = (unsigned int)ss->session_id_length;
-        return ss->session_id;
-}
-LSSL_ALIAS(SSL_SESSION_get_id);
-
-const unsigned char *
-SSL_SESSION_get0_id_context(const SSL_SESSION *ss, unsigned int *len)
-{
-        if (len != NULL)
-                *len = (unsigned int)ss->sid_ctx_length;
-        return ss->sid_ctx;
-}
-LSSL_ALIAS(SSL_SESSION_get0_id_context);
-
-unsigned int
-SSL_SESSION_get_compress_id(const SSL_SESSION *ss)
-{
-        return 0;
-}
-LSSL_ALIAS(SSL_SESSION_get_compress_id);
-
-unsigned long
-SSL_SESSION_get_ticket_lifetime_hint(const SSL_SESSION *s)
-{
-        return s->tlsext_tick_lifetime_hint;
-}
-LSSL_ALIAS(SSL_SESSION_get_ticket_lifetime_hint);
-
-int
-SSL_SESSION_has_ticket(const SSL_SESSION *s)
-{
-        return (s->tlsext_ticklen > 0) ? 1 : 0;
-}
-LSSL_ALIAS(SSL_SESSION_has_ticket);
-
-/*
- * SSLv3/TLSv1 has 32 bytes (256 bits) of session ID space. As such, filling
- * the ID with random gunk repeatedly until we have no conflict is going to
- * complete in one iteration pretty much "most" of the time (btw:
- * understatement). So, if it takes us 10 iterations and we still can't avoid
- * a conflict - well that's a reasonable point to call it quits. Either the
- * arc4random code is broken or someone is trying to open roughly very close to
- * 2^128 (or 2^256) SSL sessions to our server. How you might store that many
- * sessions is perhaps a more interesting question...
- */
-
-#define MAX_SESS_ID_ATTEMPTS 10
-
-static int
-def_generate_session_id(const SSL *ssl, unsigned char *id, unsigned int *id_len)
-{
-        unsigned int retry = 0;
-
-        do {
-                arc4random_buf(id, *id_len);
-        } while (SSL_has_matching_session_id(ssl, id, *id_len) &&
-            (++retry < MAX_SESS_ID_ATTEMPTS));
-
-        if (retry < MAX_SESS_ID_ATTEMPTS)
-                return 1;
-
-        /* else - woops a session_id match */
-        /* XXX We should also check the external cache --
-         * but the probability of a collision is negligible, and
-         * we could not prevent the concurrent creation of sessions
-         * with identical IDs since we currently don't have means
-         * to atomically check whether a session ID already exists
-         * and make a reservation for it if it does not
-         * (this problem applies to the internal cache as well).
-         */
-        return 0;
-}
-
-int
-ssl_get_new_session(SSL *s, int session)
-{
-        unsigned int tmp;
-        SSL_SESSION *ss = NULL;
-        GEN_SESSION_CB cb = def_generate_session_id;
-
-        /* This gets used by clients and servers. */
-
-        if ((ss = SSL_SESSION_new()) == NULL)
-                return (0);
-
-        /* If the context has a default timeout, use it */
-        if (s->session_ctx->session_timeout == 0)
-                ss->timeout = SSL_get_default_timeout(s);
-        else
-                ss->timeout = s->session_ctx->session_timeout;
-
-        if (s->session != NULL) {
-                SSL_SESSION_free(s->session);
-                s->session = NULL;
-        }
-
-        if (session) {
-                switch (s->version) {
-                case TLS1_VERSION:
-                case TLS1_1_VERSION:
-                case TLS1_2_VERSION:
-                case DTLS1_VERSION:
-                case DTLS1_2_VERSION:
-                        ss->ssl_version = s->version;
-                        ss->session_id_length = SSL3_SSL_SESSION_ID_LENGTH;
-                        break;
-                default:
-                        SSLerror(s, SSL_R_UNSUPPORTED_SSL_VERSION);
-                        SSL_SESSION_free(ss);
-                        return (0);
-                }
-
-                /* If RFC4507 ticket use empty session ID. */
-                if (s->tlsext_ticket_expected) {
-                        ss->session_id_length = 0;
-                        goto sess_id_done;
-                }
-
-                /* Choose which callback will set the session ID. */
-                CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-                if (s->generate_session_id)
-                        cb = s->generate_session_id;
-                else if (s->session_ctx->generate_session_id)
-                        cb = s->session_ctx->generate_session_id;
-                CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-
-                /* Choose a session ID. */
-                tmp = ss->session_id_length;
-                if (!cb(s, ss->session_id, &tmp)) {
-                        /* The callback failed */
-                        SSLerror(s, SSL_R_SSL_SESSION_ID_CALLBACK_FAILED);
-                        SSL_SESSION_free(ss);
-                        return (0);
-                }
-
-                /*
-                 * Don't allow the callback to set the session length to zero.
-                 * nor set it higher than it was.
-                 */
-                if (tmp == 0 || tmp > ss->session_id_length) {
-                        /* The callback set an illegal length */
-                        SSLerror(s, SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH);
-                        SSL_SESSION_free(ss);
-                        return (0);
-                }
-                ss->session_id_length = tmp;
-
-                /* Finally, check for a conflict. */
-                if (SSL_has_matching_session_id(s, ss->session_id,
-                    ss->session_id_length)) {
-                        SSLerror(s, SSL_R_SSL_SESSION_ID_CONFLICT);
-                        SSL_SESSION_free(ss);
-                        return (0);
-                }
-
- sess_id_done:
-                if (s->tlsext_hostname) {
-                        ss->tlsext_hostname = strdup(s->tlsext_hostname);
-                        if (ss->tlsext_hostname == NULL) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                SSL_SESSION_free(ss);
-                                return 0;
-                        }
-                }
-        } else {
-                ss->session_id_length = 0;
-        }
-
-        if (s->sid_ctx_length > sizeof ss->sid_ctx) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                SSL_SESSION_free(ss);
-                return 0;
-        }
-
-        memcpy(ss->sid_ctx, s->sid_ctx, s->sid_ctx_length);
-        ss->sid_ctx_length = s->sid_ctx_length;
-        s->session = ss;
-        ss->ssl_version = s->version;
-        ss->verify_result = X509_V_OK;
-
-        return (1);
-}
-
-static SSL_SESSION *
-ssl_session_from_cache(SSL *s, CBS *session_id)
-{
-        SSL_SESSION *sess;
-        SSL_SESSION data;
-
-        if ((s->session_ctx->session_cache_mode &
-             SSL_SESS_CACHE_NO_INTERNAL_LOOKUP))
-                return NULL;
-
-        memset(&data, 0, sizeof(data));
-
-        data.ssl_version = s->version;
-
-        if (!CBS_write_bytes(session_id, data.session_id,
-            sizeof(data.session_id), &data.session_id_length))
-                return NULL;
-
-        CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX);
-        sess = lh_SSL_SESSION_retrieve(s->session_ctx->sessions, &data);
-        if (sess != NULL)
-                CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX);
-
-        if (sess == NULL)
-                s->session_ctx->stats.sess_miss++;
-
-        return sess;
-}
-
-static SSL_SESSION *
-ssl_session_from_callback(SSL *s, CBS *session_id)
-{
-        SSL_SESSION *sess;
-        int copy;
-
-        if (s->session_ctx->get_session_cb == NULL)
-                return NULL;
-
-        copy = 1;
-        if ((sess = s->session_ctx->get_session_cb(s,
-            CBS_data(session_id), CBS_len(session_id), &copy)) == NULL)
-                return NULL;
-        /*
-         * The copy handler may have set copy == 0 to indicate that the session
-         * structures are shared between threads and that it handles the
-         * reference count itself. If it didn't set copy to zero, we must
-         * increment the reference count.
-         */
-        if (copy)
-                CRYPTO_add(&sess->references, 1, CRYPTO_LOCK_SSL_SESSION);
-
-        s->session_ctx->stats.sess_cb_hit++;
-
-        /* Add the externally cached session to the internal cache as well. */
-        if (!(s->session_ctx->session_cache_mode &
-            SSL_SESS_CACHE_NO_INTERNAL_STORE)) {
-                /*
-                 * The following should not return 1,
-                 * otherwise, things are very strange.
-                 */
-                SSL_CTX_add_session(s->session_ctx, sess);
-        }
-
-        return sess;
-}
-
-static SSL_SESSION *
-ssl_session_by_id(SSL *s, CBS *session_id)
-{
-        SSL_SESSION *sess;
-
-        if (CBS_len(session_id) == 0)
-                return NULL;
-
-        if ((sess = ssl_session_from_cache(s, session_id)) == NULL)
-                sess = ssl_session_from_callback(s, session_id);
-
-        return sess;
-}
-
-/*
- * ssl_get_prev_session attempts to find an SSL_SESSION to be used to resume
- * this connection. It is only called by servers.
- *
- *   session_id: points at the session ID in the ClientHello. This code will
- *       read past the end of this in order to parse out the session ticket
- *       extension, if any.
- *   ext_block: a CBS for the ClientHello extensions block.
- *   alert: alert that the caller should send in case of failure.
- *
- * Returns:
- *   -1: error
- *    0: a session may have been found.
- *
- * Side effects:
- *   - If a session is found then s->session is pointed at it (after freeing
- *     an existing session if need be) and s->verify_result is set from the
- *     session.
- *   - For both new and resumed sessions, s->tlsext_ticket_expected
- *     indicates whether the server should issue a new session ticket or not.
- */
-int
-ssl_get_prev_session(SSL *s, CBS *session_id, CBS *ext_block, int *alert)
-{
-        SSL_SESSION *sess = NULL;
-        int alert_desc = SSL_AD_INTERNAL_ERROR, fatal = 0;
-        int ticket_decrypted = 0;
-
-        /* This is used only by servers. */
-
-        if (CBS_len(session_id) > SSL_MAX_SSL_SESSION_ID_LENGTH)
-                goto err;
-
-        /* Sets s->tlsext_ticket_expected. */
-        switch (tls1_process_ticket(s, ext_block, &alert_desc, &sess)) {
-        case TLS1_TICKET_FATAL_ERROR:
-                fatal = 1;
-                goto err;
-        case TLS1_TICKET_NONE:
-        case TLS1_TICKET_EMPTY:
-                if ((sess = ssl_session_by_id(s, session_id)) == NULL)
-                        goto err;
-                break;
-        case TLS1_TICKET_NOT_DECRYPTED:
-                goto err;
-        case TLS1_TICKET_DECRYPTED:
-                ticket_decrypted = 1;
-
-                /*
-                 * The session ID is used by some clients to detect that the
-                 * ticket has been accepted so we copy it into sess.
-                 */
-                if (!CBS_write_bytes(session_id, sess->session_id,
-                    sizeof(sess->session_id), &sess->session_id_length)) {
-                        fatal = 1;
-                        goto err;
-                }
-                break;
-        default:
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                fatal = 1;
-                goto err;
-        }
-
-        /* Now sess is non-NULL and we own one of its reference counts. */
-
-        if (sess->sid_ctx_length != s->sid_ctx_length ||
-            timingsafe_memcmp(sess->sid_ctx, s->sid_ctx,
-            sess->sid_ctx_length) != 0) {
-                /*
-                 * We have the session requested by the client, but we don't
-                 * want to use it in this context. Treat it like a cache miss.
-                 */
-                goto err;
-        }
-
-        if ((s->verify_mode & SSL_VERIFY_PEER) && s->sid_ctx_length == 0) {
-                /*
-                 * We can't be sure if this session is being used out of
-                 * context, which is especially important for SSL_VERIFY_PEER.
-                 * The application should have used
-                 * SSL[_CTX]_set_session_id_context.
-                 *
-                 * For this error case, we generate an error instead of treating
-                 * the event like a cache miss (otherwise it would be easy for
-                 * applications to effectively disable the session cache by
-                 * accident without anyone noticing).
-                 */
-                SSLerror(s, SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED);
-                fatal = 1;
-                goto err;
-        }
-
-        if (sess->timeout < (time(NULL) - sess->time)) {
-                s->session_ctx->stats.sess_timeout++;
-                if (!ticket_decrypted) {
-                        /* The session was from the cache, so remove it. */
-                        SSL_CTX_remove_session(s->session_ctx, sess);
-                }
-                goto err;
-        }
-
-        s->session_ctx->stats.sess_hit++;
-
-        SSL_SESSION_free(s->session);
-        s->session = sess;
-        s->verify_result = s->session->verify_result;
-
-        return 1;
-
- err:
-        SSL_SESSION_free(sess);
-        if (ticket_decrypted) {
-                /*
-                 * The session was from a ticket. Issue a ticket for the new
-                 * session.
-                 */
-                s->tlsext_ticket_expected = 1;
-        }
-        if (fatal) {
-                *alert = alert_desc;
-                return -1;
-        }
-        return 0;
-}
-
-int
-SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
-        int ret = 0;
-        SSL_SESSION *s;
-
-        /*
-         * Add just 1 reference count for the SSL_CTX's session cache
-         * even though it has two ways of access: each session is in a
-         * doubly linked list and an lhash.
-         */
-        CRYPTO_add(&c->references, 1, CRYPTO_LOCK_SSL_SESSION);
-
-        /*
-         * If session c is in already in cache, we take back the increment
-         * later.
-         */
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        s = lh_SSL_SESSION_insert(ctx->sessions, c);
-
-        /*
-         * s != NULL iff we already had a session with the given PID.
-         * In this case, s == c should hold (then we did not really modify
-         * ctx->sessions), or we're in trouble.
-         */
-        if (s != NULL && s != c) {
-                /* We *are* in trouble ... */
-                SSL_SESSION_list_remove(ctx, s);
-                SSL_SESSION_free(s);
-                /*
-                 * ... so pretend the other session did not exist in cache
-                 * (we cannot handle two SSL_SESSION structures with identical
-                 * session ID in the same cache, which could happen e.g. when
-                 * two threads concurrently obtain the same session from an
-                 * external cache).
-                 */
-                s = NULL;
-        }
-
-        /* Put at the head of the queue unless it is already in the cache */
-        if (s == NULL)
-                SSL_SESSION_list_add(ctx, c);
-
-        if (s != NULL) {
-                /*
-                 * existing cache entry -- decrement previously incremented
-                 * reference count because it already takes into account the
-                 * cache.
-                 */
-                SSL_SESSION_free(s); /* s == c */
-                ret = 0;
-        } else {
-                /*
-                 * New cache entry -- remove old ones if cache has become
-                 * too large.
-                 */
-
-                ret = 1;
-
-                if (SSL_CTX_sess_get_cache_size(ctx) > 0) {
-                        while (SSL_CTX_sess_number(ctx) >
-                            SSL_CTX_sess_get_cache_size(ctx)) {
-                                if (!remove_session_lock(ctx,
-                                    ctx->session_cache_tail, 0))
-                                        break;
-                                else
-                                        ctx->stats.sess_cache_full++;
-                        }
-                }
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-        return (ret);
-}
-LSSL_ALIAS(SSL_CTX_add_session);
-
-int
-SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c)
-{
-        return remove_session_lock(ctx, c, 1);
-}
-LSSL_ALIAS(SSL_CTX_remove_session);
-
-static int
-remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck)
-{
-        SSL_SESSION *r;
-        int ret = 0;
-
-        if (c == NULL || c->session_id_length == 0)
-                return 0;
-
-        if (lck)
-                CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        if ((r = lh_SSL_SESSION_retrieve(ctx->sessions, c)) == c) {
-                ret = 1;
-                r = lh_SSL_SESSION_delete(ctx->sessions, c);
-                SSL_SESSION_list_remove(ctx, c);
-        }
-        if (lck)
-                CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-
-        if (ret) {
-                r->not_resumable = 1;
-                if (ctx->remove_session_cb != NULL)
-                        ctx->remove_session_cb(ctx, r);
-                SSL_SESSION_free(r);
-        }
-
-        return ret;
-}
-
-void
-SSL_SESSION_free(SSL_SESSION *ss)
-{
-        int i;
-
-        if (ss == NULL)
-                return;
-
-        i = CRYPTO_add(&ss->references, -1, CRYPTO_LOCK_SSL_SESSION);
-        if (i > 0)
-                return;
-
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data);
-
-        explicit_bzero(ss->master_key, sizeof ss->master_key);
-        explicit_bzero(ss->session_id, sizeof ss->session_id);
-
-        X509_free(ss->peer_cert);
-
-        free(ss->tlsext_hostname);
-        free(ss->tlsext_tick);
-        free(ss->tlsext_ecpointformatlist);
-        free(ss->tlsext_supportedgroups);
-
-        tls13_secret_cleanup(&ss->resumption_master_secret);
-
-        freezero(ss, sizeof(*ss));
-}
-LSSL_ALIAS(SSL_SESSION_free);
-
-int
-SSL_SESSION_up_ref(SSL_SESSION *ss)
-{
-        return CRYPTO_add(&ss->references, 1, CRYPTO_LOCK_SSL_SESSION) > 1;
-}
-LSSL_ALIAS(SSL_SESSION_up_ref);
-
-int
-SSL_set_session(SSL *s, SSL_SESSION *session)
-{
-        const SSL_METHOD *method;
-
-        if (session == NULL) {
-                SSL_SESSION_free(s->session);
-                s->session = NULL;
-
-                return SSL_set_ssl_method(s, s->ctx->method);
-        }
-
-        if ((method = ssl_get_method(session->ssl_version)) == NULL) {
-                SSLerror(s, SSL_R_UNABLE_TO_FIND_SSL_METHOD);
-                return (0);
-        }
-
-        if (!SSL_set_ssl_method(s, method))
-                return (0);
-
-        CRYPTO_add(&session->references, 1, CRYPTO_LOCK_SSL_SESSION);
-        SSL_SESSION_free(s->session);
-        s->session = session;
-        s->verify_result = s->session->verify_result;
-
-        return (1);
-}
-LSSL_ALIAS(SSL_set_session);
-
-size_t
-SSL_SESSION_get_master_key(const SSL_SESSION *ss, unsigned char *out,
-    size_t max_out)
-{
-        size_t len = ss->master_key_length;
-
-        if (out == NULL)
-                return len;
-
-        if (len > max_out)
-                len = max_out;
-
-        memcpy(out, ss->master_key, len);
-
-        return len;
-}
-LSSL_ALIAS(SSL_SESSION_get_master_key);
-
-long
-SSL_SESSION_set_timeout(SSL_SESSION *s, long t)
-{
-        if (s == NULL)
-                return (0);
-        s->timeout = t;
-        return (1);
-}
-LSSL_ALIAS(SSL_SESSION_set_timeout);
-
-long
-SSL_SESSION_get_timeout(const SSL_SESSION *s)
-{
-        if (s == NULL)
-                return (0);
-        return (s->timeout);
-}
-LSSL_ALIAS(SSL_SESSION_get_timeout);
-
-/* XXX 2038 */
-long
-SSL_SESSION_get_time(const SSL_SESSION *s)
-{
-        if (s == NULL)
-                return (0);
-        return (s->time);
-}
-LSSL_ALIAS(SSL_SESSION_get_time);
-
-/* XXX 2038 */
-long
-SSL_SESSION_set_time(SSL_SESSION *s, long t)
-{
-        if (s == NULL)
-                return (0);
-        s->time = t;
-        return (t);
-}
-LSSL_ALIAS(SSL_SESSION_set_time);
-
-int
-SSL_SESSION_get_protocol_version(const SSL_SESSION *s)
-{
-        return s->ssl_version;
-}
-LSSL_ALIAS(SSL_SESSION_get_protocol_version);
-
-const SSL_CIPHER *
-SSL_SESSION_get0_cipher(const SSL_SESSION *s)
-{
-        return ssl3_get_cipher_by_value(s->cipher_value);
-}
-LSSL_ALIAS(SSL_SESSION_get0_cipher);
-
-X509 *
-SSL_SESSION_get0_peer(SSL_SESSION *s)
-{
-        return s->peer_cert;
-}
-LSSL_ALIAS(SSL_SESSION_get0_peer);
-
-int
-SSL_SESSION_set1_id(SSL_SESSION *s, const unsigned char *sid,
-    unsigned int sid_len)
-{
-        if (sid_len > SSL_MAX_SSL_SESSION_ID_LENGTH) {
-                SSLerrorx(SSL_R_SSL_SESSION_ID_TOO_LONG);
-                return 0;
-        }
-        s->session_id_length = sid_len;
-        memmove(s->session_id, sid, sid_len);
-        return 1;
-}
-LSSL_ALIAS(SSL_SESSION_set1_id);
-
-int
-SSL_SESSION_set1_id_context(SSL_SESSION *s, const unsigned char *sid_ctx,
-    unsigned int sid_ctx_len)
-{
-        if (sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) {
-                SSLerrorx(SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG);
-                return 0;
-        }
-        s->sid_ctx_length = sid_ctx_len;
-        memcpy(s->sid_ctx, sid_ctx, sid_ctx_len);
-
-        return 1;
-}
-LSSL_ALIAS(SSL_SESSION_set1_id_context);
-
-int
-SSL_SESSION_is_resumable(const SSL_SESSION *s)
-{
-        return 0;
-}
-LSSL_ALIAS(SSL_SESSION_is_resumable);
-
-long
-SSL_CTX_set_timeout(SSL_CTX *s, long t)
-{
-        long l;
-
-        if (s == NULL)
-                return (0);
-        l = s->session_timeout;
-        s->session_timeout = t;
-
-        return (l);
-}
-LSSL_ALIAS(SSL_CTX_set_timeout);
-
-long
-SSL_CTX_get_timeout(const SSL_CTX *s)
-{
-        if (s == NULL)
-                return (0);
-        return (s->session_timeout);
-}
-LSSL_ALIAS(SSL_CTX_get_timeout);
-
-int
-SSL_set_session_secret_cb(SSL *s, int (*tls_session_secret_cb)(SSL *s,
-    void *secret, int *secret_len, STACK_OF(SSL_CIPHER) *peer_ciphers,
-    const SSL_CIPHER **cipher, void *arg), void *arg)
-{
-        if (s == NULL)
-                return (0);
-        s->tls_session_secret_cb = tls_session_secret_cb;
-        s->tls_session_secret_cb_arg = arg;
-        return (1);
-}
-LSSL_ALIAS(SSL_set_session_secret_cb);
-
-int
-SSL_set_session_ticket_ext_cb(SSL *s, tls_session_ticket_ext_cb_fn cb,
-    void *arg)
-{
-        if (s == NULL)
-                return (0);
-        s->tls_session_ticket_ext_cb = cb;
-        s->tls_session_ticket_ext_cb_arg = arg;
-        return (1);
-}
-LSSL_ALIAS(SSL_set_session_ticket_ext_cb);
-
-int
-SSL_set_session_ticket_ext(SSL *s, void *ext_data, int ext_len)
-{
-        if (s->version >= TLS1_VERSION) {
-                free(s->tlsext_session_ticket);
-                s->tlsext_session_ticket =
-                    malloc(sizeof(TLS_SESSION_TICKET_EXT) + ext_len);
-                if (!s->tlsext_session_ticket) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        return 0;
-                }
-
-                if (ext_data) {
-                        s->tlsext_session_ticket->length = ext_len;
-                        s->tlsext_session_ticket->data =
-                            s->tlsext_session_ticket + 1;
-                        memcpy(s->tlsext_session_ticket->data,
-                            ext_data, ext_len);
-                } else {
-                        s->tlsext_session_ticket->length = 0;
-                        s->tlsext_session_ticket->data = NULL;
-                }
-
-                return 1;
-        }
-
-        return 0;
-}
-LSSL_ALIAS(SSL_set_session_ticket_ext);
-
-typedef struct timeout_param_st {
-        SSL_CTX *ctx;
-        long time;
-        struct lhash_st_SSL_SESSION *cache;
-} TIMEOUT_PARAM;
-
-static void
-timeout_doall_arg(SSL_SESSION *s, TIMEOUT_PARAM *p)
-{
-        if ((p->time == 0) || (p->time > (s->time + s->timeout))) {
-                /* timeout */
-                /* The reason we don't call SSL_CTX_remove_session() is to
-                 * save on locking overhead */
-                (void)lh_SSL_SESSION_delete(p->cache, s);
-                SSL_SESSION_list_remove(p->ctx, s);
-                s->not_resumable = 1;
-                if (p->ctx->remove_session_cb != NULL)
-                        p->ctx->remove_session_cb(p->ctx, s);
-                SSL_SESSION_free(s);
-        }
-}
-
-static void
-timeout_LHASH_DOALL_ARG(void *arg1, void *arg2)
-{
-        SSL_SESSION *a = arg1;
-        TIMEOUT_PARAM *b = arg2;
-
-        timeout_doall_arg(a, b);
-}
-
-/* XXX 2038 */
-void
-SSL_CTX_flush_sessions(SSL_CTX *s, long t)
-{
-        TIMEOUT_PARAM tp;
-
-        tp.ctx = s;
-        tp.cache = s->sessions;
-        if (tp.cache == NULL)
-                return;
-        tp.time = t;
-
-        CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX);
-        lh_SSL_SESSION_doall_arg(tp.cache, timeout_LHASH_DOALL_ARG,
-            TIMEOUT_PARAM, &tp);
-        CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX);
-}
-LSSL_ALIAS(SSL_CTX_flush_sessions);
-
-int
-ssl_clear_bad_session(SSL *s)
-{
-        if ((s->session != NULL) && !(s->shutdown & SSL_SENT_SHUTDOWN) &&
-            !(SSL_in_init(s) || SSL_in_before(s))) {
-                SSL_CTX_remove_session(s->ctx, s->session);
-                return (1);
-        } else
-                return (0);
-}
-
-/* locked by SSL_CTX in the calling function */
-static void
-SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s)
-{
-        if (s->next == NULL || s->prev == NULL)
-                return;
-
-        if (s->next == (SSL_SESSION *)&(ctx->session_cache_tail)) {
-                /* last element in list */
-                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
-                        /* only one element in list */
-                        ctx->session_cache_head = NULL;
-                        ctx->session_cache_tail = NULL;
-                } else {
-                        ctx->session_cache_tail = s->prev;
-                        s->prev->next =
-                            (SSL_SESSION *)&(ctx->session_cache_tail);
-                }
-        } else {
-                if (s->prev == (SSL_SESSION *)&(ctx->session_cache_head)) {
-                        /* first element in list */
-                        ctx->session_cache_head = s->next;
-                        s->next->prev =
-                            (SSL_SESSION *)&(ctx->session_cache_head);
-                } else {
-                        /* middle of list */
-                        s->next->prev = s->prev;
-                        s->prev->next = s->next;
-                }
-        }
-        s->prev = s->next = NULL;
-}
-
-static void
-SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s)
-{
-        if (s->next != NULL && s->prev != NULL)
-                SSL_SESSION_list_remove(ctx, s);
-
-        if (ctx->session_cache_head == NULL) {
-                ctx->session_cache_head = s;
-                ctx->session_cache_tail = s;
-                s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-                s->next = (SSL_SESSION *)&(ctx->session_cache_tail);
-        } else {
-                s->next = ctx->session_cache_head;
-                s->next->prev = s;
-                s->prev = (SSL_SESSION *)&(ctx->session_cache_head);
-                ctx->session_cache_head = s;
-        }
-}
-
-void
-SSL_CTX_sess_set_new_cb(SSL_CTX *ctx,
-    int (*cb)(struct ssl_st *ssl, SSL_SESSION *sess)) {
-        ctx->new_session_cb = cb;
-}
-LSSL_ALIAS(SSL_CTX_sess_set_new_cb);
-
-int
-(*SSL_CTX_sess_get_new_cb(SSL_CTX *ctx))(SSL *ssl, SSL_SESSION *sess)
-{
-        return ctx->new_session_cb;
-}
-LSSL_ALIAS(SSL_CTX_sess_get_new_cb);
-
-void
-SSL_CTX_sess_set_remove_cb(SSL_CTX *ctx,
-    void (*cb)(SSL_CTX *ctx, SSL_SESSION *sess))
-{
-        ctx->remove_session_cb = cb;
-}
-LSSL_ALIAS(SSL_CTX_sess_set_remove_cb);
-
-void
-(*SSL_CTX_sess_get_remove_cb(SSL_CTX *ctx))(SSL_CTX * ctx, SSL_SESSION *sess)
-{
-        return ctx->remove_session_cb;
-}
-LSSL_ALIAS(SSL_CTX_sess_get_remove_cb);
-
-void
-SSL_CTX_sess_set_get_cb(SSL_CTX *ctx, SSL_SESSION *(*cb)(struct ssl_st *ssl,
-    const unsigned char *data, int len, int *copy))
-{
-        ctx->get_session_cb = cb;
-}
-LSSL_ALIAS(SSL_CTX_sess_set_get_cb);
-
-SSL_SESSION *
-(*SSL_CTX_sess_get_get_cb(SSL_CTX *ctx))(SSL *ssl, const unsigned char *data,
-    int len, int *copy)
-{
-        return ctx->get_session_cb;
-}
-LSSL_ALIAS(SSL_CTX_sess_get_get_cb);
-
-void
-SSL_CTX_set_info_callback(SSL_CTX *ctx,
-    void (*cb)(const SSL *ssl, int type, int val))
-{
-        ctx->info_callback = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_info_callback);
-
-void
-(*SSL_CTX_get_info_callback(SSL_CTX *ctx))(const SSL *ssl, int type, int val)
-{
-        return ctx->info_callback;
-}
-LSSL_ALIAS(SSL_CTX_get_info_callback);
-
-void
-SSL_CTX_set_client_cert_cb(SSL_CTX *ctx,
-    int (*cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey))
-{
-        ctx->client_cert_cb = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_client_cert_cb);
-
-int
-(*SSL_CTX_get_client_cert_cb(SSL_CTX *ctx))(SSL * ssl, X509 ** x509,
-    EVP_PKEY **pkey)
-{
-        return ctx->client_cert_cb;
-}
-LSSL_ALIAS(SSL_CTX_get_client_cert_cb);
-
-void
-SSL_CTX_set_cookie_generate_cb(SSL_CTX *ctx,
-    int (*cb)(SSL *ssl, unsigned char *cookie, unsigned int *cookie_len))
-{
-        ctx->app_gen_cookie_cb = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_cookie_generate_cb);
-
-void
-SSL_CTX_set_cookie_verify_cb(SSL_CTX *ctx,
-    int (*cb)(SSL *ssl, const unsigned char *cookie, unsigned int cookie_len))
-{
-        ctx->app_verify_cookie_cb = cb;
-}
-LSSL_ALIAS(SSL_CTX_set_cookie_verify_cb);
-
-int
-PEM_write_SSL_SESSION(FILE *fp, SSL_SESSION *x)
-{
-        return PEM_ASN1_write((i2d_of_void *)i2d_SSL_SESSION,
-            PEM_STRING_SSL_SESSION, fp, x, NULL, NULL, 0, NULL, NULL);
-}
-LSSL_ALIAS(PEM_write_SSL_SESSION);
-
-SSL_SESSION *
-PEM_read_SSL_SESSION(FILE *fp, SSL_SESSION **x, pem_password_cb *cb, void *u)
-{
-        return PEM_ASN1_read((d2i_of_void *)d2i_SSL_SESSION,
-            PEM_STRING_SSL_SESSION, fp, (void **)x, cb, u);
-}
-LSSL_ALIAS(PEM_read_SSL_SESSION);
-
-SSL_SESSION *
-PEM_read_bio_SSL_SESSION(BIO *bp, SSL_SESSION **x, pem_password_cb *cb, void *u)
-{
-        return PEM_ASN1_read_bio((d2i_of_void *)d2i_SSL_SESSION,
-            PEM_STRING_SSL_SESSION, bp, (void **)x, cb, u);
-}
-LSSL_ALIAS(PEM_read_bio_SSL_SESSION);
-
-int
-PEM_write_bio_SSL_SESSION(BIO *bp, SSL_SESSION *x)
-{
-        return PEM_ASN1_write_bio((i2d_of_void *)i2d_SSL_SESSION,
-            PEM_STRING_SSL_SESSION, bp, x, NULL, NULL, 0, NULL, NULL);
-}
-LSSL_ALIAS(PEM_write_bio_SSL_SESSION);
diff --git a/src/lib/libssl/ssl_sigalgs.c b/src/lib/libssl/ssl_sigalgs.c
deleted file mode 100644
index 18d71f6b95..0000000000
--- a/src/lib/libssl/ssl_sigalgs.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/* $OpenBSD: ssl_sigalgs.c,v 1.50 2024/07/09 13:43:57 beck Exp $ */
-/*
- * Copyright (c) 2018-2020 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/evp.h>
-#include <openssl/opensslconf.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "tls13_internal.h"
-
-const struct ssl_sigalg sigalgs[] = {
-        {
-                .value = SIGALG_RSA_PKCS1_SHA512,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha512,
-                .security_level = 5,
-        },
-        {
-                .value = SIGALG_ECDSA_SECP521R1_SHA512,
-                .key_type = EVP_PKEY_EC,
-                .md = EVP_sha512,
-                .security_level = 5,
-                .group_nid = NID_secp521r1,
-        },
-        {
-                .value = SIGALG_RSA_PKCS1_SHA384,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha384,
-                .security_level = 4,
-        },
-        {
-                .value = SIGALG_ECDSA_SECP384R1_SHA384,
-                .key_type = EVP_PKEY_EC,
-                .md = EVP_sha384,
-                .security_level = 4,
-                .group_nid = NID_secp384r1,
-        },
-        {
-                .value = SIGALG_RSA_PKCS1_SHA256,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha256,
-                .security_level = 3,
-        },
-        {
-                .value = SIGALG_ECDSA_SECP256R1_SHA256,
-                .key_type = EVP_PKEY_EC,
-                .md = EVP_sha256,
-                .security_level = 3,
-                .group_nid = NID_X9_62_prime256v1,
-        },
-        {
-                .value = SIGALG_RSA_PSS_RSAE_SHA256,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha256,
-                .security_level = 3,
-                .flags = SIGALG_FLAG_RSA_PSS,
-        },
-        {
-                .value = SIGALG_RSA_PSS_RSAE_SHA384,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha384,
-                .security_level = 4,
-                .flags = SIGALG_FLAG_RSA_PSS,
-        },
-        {
-                .value = SIGALG_RSA_PSS_RSAE_SHA512,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha512,
-                .security_level = 5,
-                .flags = SIGALG_FLAG_RSA_PSS,
-        },
-        {
-                .value = SIGALG_RSA_PSS_PSS_SHA256,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha256,
-                .security_level = 3,
-                .flags = SIGALG_FLAG_RSA_PSS,
-        },
-        {
-                .value = SIGALG_RSA_PSS_PSS_SHA384,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha384,
-                .security_level = 4,
-                .flags = SIGALG_FLAG_RSA_PSS,
-        },
-        {
-                .value = SIGALG_RSA_PSS_PSS_SHA512,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha512,
-                .security_level = 5,
-                .flags = SIGALG_FLAG_RSA_PSS,
-        },
-        {
-                .value = SIGALG_RSA_PKCS1_SHA224,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha224,
-                .security_level = 2,
-        },
-        {
-                .value = SIGALG_ECDSA_SECP224R1_SHA224,
-                .key_type = EVP_PKEY_EC,
-                .md = EVP_sha224,
-                .security_level = 2,
-        },
-        {
-                .value = SIGALG_RSA_PKCS1_SHA1,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_sha1,
-                .security_level = 1,
-        },
-        {
-                .value = SIGALG_ECDSA_SHA1,
-                .key_type = EVP_PKEY_EC,
-                .md = EVP_sha1,
-                .security_level = 1,
-        },
-        {
-                .value = SIGALG_RSA_PKCS1_MD5_SHA1,
-                .key_type = EVP_PKEY_RSA,
-                .md = EVP_md5_sha1,
-                .security_level = 1,
-        },
-        {
-                .value = SIGALG_NONE,
-        },
-};
-
-/* Sigalgs for TLSv1.3, in preference order. */
-const uint16_t tls13_sigalgs[] = {
-        SIGALG_RSA_PSS_RSAE_SHA512,
-        SIGALG_RSA_PKCS1_SHA512,
-        SIGALG_ECDSA_SECP521R1_SHA512,
-        SIGALG_RSA_PSS_RSAE_SHA384,
-        SIGALG_RSA_PKCS1_SHA384,
-        SIGALG_ECDSA_SECP384R1_SHA384,
-        SIGALG_RSA_PSS_RSAE_SHA256,
-        SIGALG_RSA_PKCS1_SHA256,
-        SIGALG_ECDSA_SECP256R1_SHA256,
-};
-const size_t tls13_sigalgs_len = (sizeof(tls13_sigalgs) / sizeof(tls13_sigalgs[0]));
-
-/* Sigalgs for TLSv1.2, in preference order. */
-const uint16_t tls12_sigalgs[] = {
-        SIGALG_RSA_PSS_RSAE_SHA512,
-        SIGALG_RSA_PKCS1_SHA512,
-        SIGALG_ECDSA_SECP521R1_SHA512,
-        SIGALG_RSA_PSS_RSAE_SHA384,
-        SIGALG_RSA_PKCS1_SHA384,
-        SIGALG_ECDSA_SECP384R1_SHA384,
-        SIGALG_RSA_PSS_RSAE_SHA256,
-        SIGALG_RSA_PKCS1_SHA256,
-        SIGALG_ECDSA_SECP256R1_SHA256,
-        SIGALG_RSA_PKCS1_SHA1, /* XXX */
-        SIGALG_ECDSA_SHA1,     /* XXX */
-};
-const size_t tls12_sigalgs_len = (sizeof(tls12_sigalgs) / sizeof(tls12_sigalgs[0]));
-
-static void
-ssl_sigalgs_for_version(uint16_t tls_version, const uint16_t **out_values,
-    size_t *out_len)
-{
-        if (tls_version >= TLS1_3_VERSION) {
-                *out_values = tls13_sigalgs;
-                *out_len = tls13_sigalgs_len;
-        } else {
-                *out_values = tls12_sigalgs;
-                *out_len = tls12_sigalgs_len;
-        }
-}
-
-static const struct ssl_sigalg *
-ssl_sigalg_lookup(uint16_t value)
-{
-        int i;
-
-        for (i = 0; sigalgs[i].value != SIGALG_NONE; i++) {
-                if (sigalgs[i].value == value)
-                        return &sigalgs[i];
-        }
-
-        return NULL;
-}
-
-static const struct ssl_sigalg *
-ssl_sigalg_from_value(SSL *s, uint16_t value)
-{
-        const uint16_t *values;
-        size_t len;
-        int i;
-
-        ssl_sigalgs_for_version(s->s3->hs.negotiated_tls_version,
-            &values, &len);
-
-        for (i = 0; i < len; i++) {
-                if (values[i] == value)
-                        return ssl_sigalg_lookup(value);
-        }
-
-        return NULL;
-}
-
-int
-ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level)
-{
-        const struct ssl_sigalg *sigalg;
-        const uint16_t *values;
-        size_t len;
-        size_t i;
-        int ret = 0;
-
-        ssl_sigalgs_for_version(tls_version, &values, &len);
-
-        /* Add values in order as long as they are supported. */
-        for (i = 0; i < len; i++) {
-                /* Do not allow the legacy value for < 1.2 to be used. */
-                if (values[i] == SIGALG_RSA_PKCS1_MD5_SHA1)
-                        return 0;
-                if ((sigalg = ssl_sigalg_lookup(values[i])) == NULL)
-                        return 0;
-                if (sigalg->security_level < security_level)
-                        continue;
-
-                if (!CBB_add_u16(cbb, values[i]))
-                        return 0;
-
-                ret = 1;
-        }
-        return ret;
-}
-
-static const struct ssl_sigalg *
-ssl_sigalg_for_legacy(SSL *s, EVP_PKEY *pkey)
-{
-        if (SSL_get_security_level(s) > 1)
-                return NULL;
-
-        /* Default signature algorithms used for TLSv1.2 and earlier. */
-        switch (EVP_PKEY_id(pkey)) {
-        case EVP_PKEY_RSA:
-                if (s->s3->hs.negotiated_tls_version < TLS1_2_VERSION)
-                        return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_MD5_SHA1);
-                return ssl_sigalg_lookup(SIGALG_RSA_PKCS1_SHA1);
-        case EVP_PKEY_EC:
-                return ssl_sigalg_lookup(SIGALG_ECDSA_SHA1);
-        }
-        SSLerror(s, SSL_R_UNKNOWN_PKEY_TYPE);
-        return NULL;
-}
-
-static int
-ssl_sigalg_pkey_ok(SSL *s, const struct ssl_sigalg *sigalg, EVP_PKEY *pkey)
-{
-        if (sigalg == NULL || pkey == NULL)
-                return 0;
-        if (sigalg->key_type != EVP_PKEY_id(pkey))
-                return 0;
-
-        /* RSA PSS must have a sufficiently large RSA key. */
-        if ((sigalg->flags & SIGALG_FLAG_RSA_PSS)) {
-                if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA ||
-                    EVP_PKEY_size(pkey) < (2 * EVP_MD_size(sigalg->md()) + 2))
-                        return 0;
-        }
-
-        if (!ssl_security_sigalg_check(s, pkey))
-                return 0;
-
-        if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION)
-                return 1;
-
-        /* RSA cannot be used without PSS in TLSv1.3. */
-        if (sigalg->key_type == EVP_PKEY_RSA &&
-            (sigalg->flags & SIGALG_FLAG_RSA_PSS) == 0)
-                return 0;
-
-        /* Ensure that group matches for EC keys. */
-        if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
-                if (sigalg->group_nid == 0)
-                        return 0;
-                if (EC_GROUP_get_curve_name(EC_KEY_get0_group(
-                    EVP_PKEY_get0_EC_KEY(pkey))) != sigalg->group_nid)
-                        return 0;
-        }
-
-        return 1;
-}
-
-const struct ssl_sigalg *
-ssl_sigalg_select(SSL *s, EVP_PKEY *pkey)
-{
-        CBS cbs;
-
-        if (!SSL_USE_SIGALGS(s))
-                return ssl_sigalg_for_legacy(s, pkey);
-
-        /*
-         * RFC 5246 allows a TLS 1.2 client to send no sigalgs extension,
-         * in which case the server must use the default.
-         */
-        if (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
-            s->s3->hs.sigalgs == NULL)
-                return ssl_sigalg_for_legacy(s, pkey);
-
-        /*
-         * If we get here, we have client or server sent sigalgs, use one.
-         */
-        CBS_init(&cbs, s->s3->hs.sigalgs, s->s3->hs.sigalgs_len);
-        while (CBS_len(&cbs) > 0) {
-                const struct ssl_sigalg *sigalg;
-                uint16_t sigalg_value;
-
-                if (!CBS_get_u16(&cbs, &sigalg_value))
-                        return NULL;
-
-                if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL)
-                        continue;
-                if (ssl_sigalg_pkey_ok(s, sigalg, pkey))
-                        return sigalg;
-        }
-
-        return NULL;
-}
-
-const struct ssl_sigalg *
-ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey, uint16_t sigalg_value)
-{
-        const struct ssl_sigalg *sigalg;
-
-        if (!SSL_USE_SIGALGS(s))
-                return ssl_sigalg_for_legacy(s, pkey);
-
-        if ((sigalg = ssl_sigalg_from_value(s, sigalg_value)) == NULL) {
-                SSLerror(s, SSL_R_UNKNOWN_DIGEST);
-                return NULL;
-        }
-        if (!ssl_sigalg_pkey_ok(s, sigalg, pkey)) {
-                SSLerror(s, SSL_R_WRONG_SIGNATURE_TYPE);
-                return NULL;
-        }
-
-        return sigalg;
-}
diff --git a/src/lib/libssl/ssl_sigalgs.h b/src/lib/libssl/ssl_sigalgs.h
deleted file mode 100644
index 5211ec6b62..0000000000
--- a/src/lib/libssl/ssl_sigalgs.h
+++ /dev/null
@@ -1,71 +0,0 @@
-/* $OpenBSD: ssl_sigalgs.h,v 1.27 2024/02/03 15:58:34 beck Exp $ */
-/*
- * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_SSL_SIGALGS_H
-#define HEADER_SSL_SIGALGS_H
-
-__BEGIN_HIDDEN_DECLS
-
-#define SIGALG_NONE                     0x0000
-
-/*
- * RFC 8446 Section 4.2.3
- * RFC 5246 Section 7.4.1.4.1
- */
-#define SIGALG_RSA_PKCS1_SHA224         0x0301
-#define SIGALG_RSA_PKCS1_SHA256         0x0401
-#define SIGALG_RSA_PKCS1_SHA384         0x0501
-#define SIGALG_RSA_PKCS1_SHA512         0x0601
-#define SIGALG_ECDSA_SECP224R1_SHA224   0x0303
-#define SIGALG_ECDSA_SECP256R1_SHA256   0x0403
-#define SIGALG_ECDSA_SECP384R1_SHA384   0x0503
-#define SIGALG_ECDSA_SECP521R1_SHA512   0x0603
-#define SIGALG_RSA_PSS_RSAE_SHA256      0x0804
-#define SIGALG_RSA_PSS_RSAE_SHA384      0x0805
-#define SIGALG_RSA_PSS_RSAE_SHA512      0x0806
-#define SIGALG_ED25519                  0x0807
-#define SIGALG_ED448                    0x0808
-#define SIGALG_RSA_PSS_PSS_SHA256       0x0809
-#define SIGALG_RSA_PSS_PSS_SHA384       0x080a
-#define SIGALG_RSA_PSS_PSS_SHA512       0x080b
-#define SIGALG_RSA_PKCS1_SHA1           0x0201
-#define SIGALG_ECDSA_SHA1               0x0203
-#define SIGALG_PRIVATE_START            0xFE00
-#define SIGALG_PRIVATE_END              0xFFFF
-
-/* Legacy sigalg for < TLSv1.2 same value as BoringSSL uses. */
-#define SIGALG_RSA_PKCS1_MD5_SHA1       0xFF01
-
-#define SIGALG_FLAG_RSA_PSS     0x00000001
-
-struct ssl_sigalg {
-        uint16_t value;
-        int key_type;
-        const EVP_MD *(*md)(void);
-        int security_level;
-        int group_nid;
-        int flags;
-};
-
-int ssl_sigalgs_build(uint16_t tls_version, CBB *cbb, int security_level);
-const struct ssl_sigalg *ssl_sigalg_select(SSL *s, EVP_PKEY *pkey);
-const struct ssl_sigalg *ssl_sigalg_for_peer(SSL *s, EVP_PKEY *pkey,
-    uint16_t sigalg_value);
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/ssl_srvr.c b/src/lib/libssl/ssl_srvr.c
deleted file mode 100644
index db4ba38b51..0000000000
--- a/src/lib/libssl/ssl_srvr.c
+++ /dev/null
@@ -1,2496 +0,0 @@
-/* $OpenBSD: ssl_srvr.c,v 1.166 2025/03/09 15:53:36 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <limits.h>
-#include <stdio.h>
-
-#include <openssl/bn.h>
-#include <openssl/buffer.h>
-#include <openssl/curve25519.h>
-#include <openssl/evp.h>
-#include <openssl/dh.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/objects.h>
-#include <openssl/opensslconf.h>
-#include <openssl/x509.h>
-
-#include "bytestring.h"
-#include "crypto_internal.h"
-#include "dtls_local.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-
-static int ssl3_get_client_hello(SSL *s);
-static int ssl3_send_dtls_hello_verify_request(SSL *s);
-static int ssl3_send_server_hello(SSL *s);
-static int ssl3_send_hello_request(SSL *s);
-static int ssl3_send_server_certificate(SSL *s);
-static int ssl3_send_server_key_exchange(SSL *s);
-static int ssl3_send_certificate_request(SSL *s);
-static int ssl3_send_server_done(SSL *s);
-static int ssl3_get_client_certificate(SSL *s);
-static int ssl3_get_client_key_exchange(SSL *s);
-static int ssl3_get_cert_verify(SSL *s);
-static int ssl3_send_newsession_ticket(SSL *s);
-static int ssl3_send_cert_status(SSL *s);
-static int ssl3_send_server_change_cipher_spec(SSL *s);
-static int ssl3_send_server_finished(SSL *s);
-static int ssl3_get_client_finished(SSL *s);
-
-int
-ssl3_accept(SSL *s)
-{
-        unsigned long alg_k;
-        int new_state, state, skip = 0;
-        int listen = 0;
-        int ret = -1;
-
-        ERR_clear_error();
-        errno = 0;
-
-        if (SSL_is_dtls(s))
-                listen = s->d1->listen;
-
-        /* init things to blank */
-        s->in_handshake++;
-        if (!SSL_in_init(s) || SSL_in_before(s))
-                SSL_clear(s);
-
-        if (SSL_is_dtls(s))
-                s->d1->listen = listen;
-
-        for (;;) {
-                state = s->s3->hs.state;
-
-                switch (s->s3->hs.state) {
-                case SSL_ST_RENEGOTIATE:
-                        s->renegotiate = 1;
-                        /* s->s3->hs.state=SSL_ST_ACCEPT; */
-
-                case SSL_ST_BEFORE:
-                case SSL_ST_ACCEPT:
-                case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-                case SSL_ST_OK|SSL_ST_ACCEPT:
-                        s->server = 1;
-
-                        ssl_info_callback(s, SSL_CB_HANDSHAKE_START, 1);
-
-                        if (!ssl_legacy_stack_version(s, s->version)) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!ssl_supported_tls_version_range(s,
-                            &s->s3->hs.our_min_tls_version,
-                            &s->s3->hs.our_max_tls_version)) {
-                                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!ssl_security_version(s,
-                            s->s3->hs.our_min_tls_version)) {
-                                SSLerror(s, SSL_R_VERSION_TOO_LOW);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!ssl3_setup_init_buffer(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        if (!ssl3_setup_buffers(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-
-                        s->init_num = 0;
-
-                        if (s->s3->hs.state != SSL_ST_RENEGOTIATE) {
-                                /*
-                                 * Ok, we now need to push on a buffering BIO
-                                 * so that the output is sent in a way that
-                                 * TCP likes :-)
-                                 */
-                                if (!ssl_init_wbio_buffer(s, 1)) {
-                                        ret = -1;
-                                        goto end;
-                                }
-
-                                if (!tls1_transcript_init(s)) {
-                                        ret = -1;
-                                        goto end;
-                                }
-
-                                s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_A;
-                                s->ctx->stats.sess_accept++;
-                        } else if (!SSL_is_dtls(s) && !s->s3->send_connection_binding) {
-                                /*
-                                 * Server attempting to renegotiate with
-                                 * client that doesn't support secure
-                                 * renegotiation.
-                                 */
-                                SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                                ssl3_send_alert(s, SSL3_AL_FATAL,
-                                    SSL_AD_HANDSHAKE_FAILURE);
-                                ret = -1;
-                                goto end;
-                        } else {
-                                /*
-                                 * s->s3->hs.state == SSL_ST_RENEGOTIATE,
-                                 * we will just send a HelloRequest.
-                                 */
-                                s->ctx->stats.sess_accept_renegotiate++;
-                                s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_A;
-                        }
-                        break;
-
-                case SSL3_ST_SW_HELLO_REQ_A:
-                case SSL3_ST_SW_HELLO_REQ_B:
-                        s->shutdown = 0;
-                        if (SSL_is_dtls(s)) {
-                                dtls1_clear_record_buffer(s);
-                                dtls1_start_timer(s);
-                        }
-                        ret = ssl3_send_hello_request(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (SSL_is_dtls(s))
-                                s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-                        else
-                                s->s3->hs.tls12.next_state = SSL3_ST_SW_HELLO_REQ_C;
-                        s->s3->hs.state = SSL3_ST_SW_FLUSH;
-                        s->init_num = 0;
-
-                        if (SSL_is_dtls(s)) {
-                                if (!tls1_transcript_init(s)) {
-                                        ret = -1;
-                                        goto end;
-                                }
-                        }
-                        break;
-
-                case SSL3_ST_SW_HELLO_REQ_C:
-                        s->s3->hs.state = SSL_ST_OK;
-                        break;
-
-                case SSL3_ST_SR_CLNT_HELLO_A:
-                case SSL3_ST_SR_CLNT_HELLO_B:
-                case SSL3_ST_SR_CLNT_HELLO_C:
-                        s->shutdown = 0;
-                        if (SSL_is_dtls(s)) {
-                                ret = ssl3_get_client_hello(s);
-                                if (ret <= 0)
-                                        goto end;
-                                dtls1_stop_timer(s);
-
-                                if (ret == 1 &&
-                                    (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE))
-                                        s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A;
-                                else
-                                        s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
-
-                                s->init_num = 0;
-
-                                /*
-                                 * Reflect ClientHello sequence to remain
-                                 * stateless while listening.
-                                 */
-                                if (listen) {
-                                        tls12_record_layer_reflect_seq_num(
-                                            s->rl);
-                                }
-
-                                /* If we're just listening, stop here */
-                                if (listen && s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
-                                        ret = 2;
-                                        s->d1->listen = 0;
-                                        /*
-                                         * Set expected sequence numbers to
-                                         * continue the handshake.
-                                         */
-                                        s->d1->handshake_read_seq = 2;
-                                        s->d1->handshake_write_seq = 1;
-                                        s->d1->next_handshake_write_seq = 1;
-                                        goto end;
-                                }
-                        } else {
-                                if (s->rwstate != SSL_X509_LOOKUP) {
-                                        ret = ssl3_get_client_hello(s);
-                                        if (ret <= 0)
-                                                goto end;
-                                }
-
-                                s->renegotiate = 2;
-                                s->s3->hs.state = SSL3_ST_SW_SRVR_HELLO_A;
-                                s->init_num = 0;
-                        }
-                        break;
-
-                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-                case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-                        ret = ssl3_send_dtls_hello_verify_request(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_SW_FLUSH;
-                        s->s3->hs.tls12.next_state = SSL3_ST_SR_CLNT_HELLO_A;
-
-                        /* HelloVerifyRequest resets Finished MAC. */
-                        tls1_transcript_reset(s);
-                        break;
-
-                case SSL3_ST_SW_SRVR_HELLO_A:
-                case SSL3_ST_SW_SRVR_HELLO_B:
-                        if (SSL_is_dtls(s)) {
-                                s->renegotiate = 2;
-                                dtls1_start_timer(s);
-                        }
-                        ret = ssl3_send_server_hello(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (s->hit) {
-                                if (s->tlsext_ticket_expected)
-                                        s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
-                                else
-                                        s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
-                        } else {
-                                s->s3->hs.state = SSL3_ST_SW_CERT_A;
-                        }
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_CERT_A:
-                case SSL3_ST_SW_CERT_B:
-                        /* Check if it is anon DH or anon ECDH. */
-                        if (!(s->s3->hs.cipher->algorithm_auth &
-                            SSL_aNULL)) {
-                                if (SSL_is_dtls(s))
-                                        dtls1_start_timer(s);
-                                ret = ssl3_send_server_certificate(s);
-                                if (ret <= 0)
-                                        goto end;
-                                if (s->tlsext_status_expected)
-                                        s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_A;
-                                else
-                                        s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
-                        } else {
-                                skip = 1;
-                                s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
-                        }
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_KEY_EXCH_A:
-                case SSL3_ST_SW_KEY_EXCH_B:
-                        alg_k = s->s3->hs.cipher->algorithm_mkey;
-
-                        /*
-                         * Only send if using a DH key exchange.
-                         *
-                         * For ECC ciphersuites, we send a ServerKeyExchange
-                         * message only if the cipher suite is ECDHE. In other
-                         * cases, the server certificate contains the server's
-                         * public key for key exchange.
-                         */
-                        if (alg_k & (SSL_kDHE|SSL_kECDHE)) {
-                                if (SSL_is_dtls(s))
-                                        dtls1_start_timer(s);
-                                ret = ssl3_send_server_key_exchange(s);
-                                if (ret <= 0)
-                                        goto end;
-                        } else
-                                skip = 1;
-
-                        s->s3->hs.state = SSL3_ST_SW_CERT_REQ_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_CERT_REQ_A:
-                case SSL3_ST_SW_CERT_REQ_B:
-                        /*
-                         * Determine whether or not we need to request a
-                         * certificate.
-                         *
-                         * Do not request a certificate if:
-                         *
-                         * - We did not ask for it (SSL_VERIFY_PEER is unset).
-                         *
-                         * - SSL_VERIFY_CLIENT_ONCE is set and we are
-                         *   renegotiating.
-                         *
-                         * - We are using an anonymous ciphersuites
-                         *   (see section "Certificate request" in SSL 3 drafts
-                         *   and in RFC 2246) ... except when the application
-                         *   insists on verification (against the specs, but
-                         *   s3_clnt.c accepts this for SSL 3).
-                         */
-                        if (!(s->verify_mode & SSL_VERIFY_PEER) ||
-                            ((s->session->peer_cert != NULL) &&
-                             (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) ||
-                            ((s->s3->hs.cipher->algorithm_auth &
-                             SSL_aNULL) && !(s->verify_mode &
-                             SSL_VERIFY_FAIL_IF_NO_PEER_CERT))) {
-                                /* No cert request. */
-                                skip = 1;
-                                s->s3->hs.tls12.cert_request = 0;
-                                s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
-
-                                if (!SSL_is_dtls(s))
-                                        tls1_transcript_free(s);
-                        } else {
-                                s->s3->hs.tls12.cert_request = 1;
-                                if (SSL_is_dtls(s))
-                                        dtls1_start_timer(s);
-                                ret = ssl3_send_certificate_request(s);
-                                if (ret <= 0)
-                                        goto end;
-                                s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_A;
-                                s->init_num = 0;
-                        }
-                        break;
-
-                case SSL3_ST_SW_SRVR_DONE_A:
-                case SSL3_ST_SW_SRVR_DONE_B:
-                        if (SSL_is_dtls(s))
-                                dtls1_start_timer(s);
-                        ret = ssl3_send_server_done(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.tls12.next_state = SSL3_ST_SR_CERT_A;
-                        s->s3->hs.state = SSL3_ST_SW_FLUSH;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_FLUSH:
-                        /*
-                         * This code originally checked to see if
-                         * any data was pending using BIO_CTRL_INFO
-                         * and then flushed. This caused problems
-                         * as documented in PR#1939. The proposed
-                         * fix doesn't completely resolve this issue
-                         * as buggy implementations of BIO_CTRL_PENDING
-                         * still exist. So instead we just flush
-                         * unconditionally.
-                         */
-                        s->rwstate = SSL_WRITING;
-                        if (BIO_flush(s->wbio) <= 0) {
-                                if (SSL_is_dtls(s)) {
-                                        /* If the write error was fatal, stop trying. */
-                                        if (!BIO_should_retry(s->wbio)) {
-                                                s->rwstate = SSL_NOTHING;
-                                                s->s3->hs.state = s->s3->hs.tls12.next_state;
-                                        }
-                                }
-                                ret = -1;
-                                goto end;
-                        }
-                        s->rwstate = SSL_NOTHING;
-                        s->s3->hs.state = s->s3->hs.tls12.next_state;
-                        break;
-
-                case SSL3_ST_SR_CERT_A:
-                case SSL3_ST_SR_CERT_B:
-                        if (s->s3->hs.tls12.cert_request != 0) {
-                                ret = ssl3_get_client_certificate(s);
-                                if (ret <= 0)
-                                        goto end;
-                        }
-                        s->init_num = 0;
-                        s->s3->hs.state = SSL3_ST_SR_KEY_EXCH_A;
-                        break;
-
-                case SSL3_ST_SR_KEY_EXCH_A:
-                case SSL3_ST_SR_KEY_EXCH_B:
-                        ret = ssl3_get_client_key_exchange(s);
-                        if (ret <= 0)
-                                goto end;
-
-                        if (SSL_is_dtls(s)) {
-                                s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
-                                s->init_num = 0;
-                        }
-
-                        alg_k = s->s3->hs.cipher->algorithm_mkey;
-                        if (SSL_USE_SIGALGS(s)) {
-                                s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
-                                s->init_num = 0;
-                                if (!s->session->peer_cert)
-                                        break;
-                                /*
-                                 * Freeze the transcript for use during client
-                                 * certificate verification.
-                                 */
-                                tls1_transcript_freeze(s);
-                        } else {
-                                s->s3->hs.state = SSL3_ST_SR_CERT_VRFY_A;
-                                s->init_num = 0;
-
-                                tls1_transcript_free(s);
-
-                                /*
-                                 * We need to get hashes here so if there is
-                                 * a client cert, it can be verified.
-                                 */
-                                if (!tls1_transcript_hash_value(s,
-                                    s->s3->hs.tls12.cert_verify,
-                                    sizeof(s->s3->hs.tls12.cert_verify),
-                                    NULL)) {
-                                        ret = -1;
-                                        goto end;
-                                }
-                        }
-                        break;
-
-                case SSL3_ST_SR_CERT_VRFY_A:
-                case SSL3_ST_SR_CERT_VRFY_B:
-                        if (SSL_is_dtls(s))
-                                s->d1->change_cipher_spec_ok = 1;
-                        else
-                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-
-                        /* we should decide if we expected this one */
-                        ret = ssl3_get_cert_verify(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_SR_FINISHED_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SR_FINISHED_A:
-                case SSL3_ST_SR_FINISHED_B:
-                        if (SSL_is_dtls(s))
-                                s->d1->change_cipher_spec_ok = 1;
-                        else
-                                s->s3->flags |= SSL3_FLAGS_CCS_OK;
-                        ret = ssl3_get_client_finished(s);
-                        if (ret <= 0)
-                                goto end;
-                        if (SSL_is_dtls(s))
-                                dtls1_stop_timer(s);
-                        if (s->hit)
-                                s->s3->hs.state = SSL_ST_OK;
-                        else if (s->tlsext_ticket_expected)
-                                s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_A;
-                        else
-                                s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_SESSION_TICKET_A:
-                case SSL3_ST_SW_SESSION_TICKET_B:
-                        ret = ssl3_send_newsession_ticket(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_SW_CHANGE_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_CERT_STATUS_A:
-                case SSL3_ST_SW_CERT_STATUS_B:
-                        ret = ssl3_send_cert_status(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_A;
-                        s->init_num = 0;
-                        break;
-
-                case SSL3_ST_SW_CHANGE_A:
-                case SSL3_ST_SW_CHANGE_B:
-                        ret = ssl3_send_server_change_cipher_spec(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_SW_FINISHED_A;
-                        s->init_num = 0;
-                        s->session->cipher_value = s->s3->hs.cipher->value;
-
-                        if (!tls1_setup_key_block(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        if (!tls1_change_write_cipher_state(s)) {
-                                ret = -1;
-                                goto end;
-                        }
-                        break;
-
-                case SSL3_ST_SW_FINISHED_A:
-                case SSL3_ST_SW_FINISHED_B:
-                        ret = ssl3_send_server_finished(s);
-                        if (ret <= 0)
-                                goto end;
-                        s->s3->hs.state = SSL3_ST_SW_FLUSH;
-                        if (s->hit) {
-                                s->s3->hs.tls12.next_state = SSL3_ST_SR_FINISHED_A;
-                                tls1_transcript_free(s);
-                        } else
-                                s->s3->hs.tls12.next_state = SSL_ST_OK;
-                        s->init_num = 0;
-                        break;
-
-                case SSL_ST_OK:
-                        /* clean a few things up */
-                        tls1_cleanup_key_block(s);
-
-                        if (s->s3->handshake_transcript != NULL) {
-                                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                ret = -1;
-                                goto end;
-                        }
-
-                        if (!SSL_is_dtls(s))
-                                ssl3_release_init_buffer(s);
-
-                        /* remove buffering on output */
-                        ssl_free_wbio_buffer(s);
-
-                        s->init_num = 0;
-
-                        /* Skipped if we just sent a HelloRequest. */
-                        if (s->renegotiate == 2) {
-                                s->renegotiate = 0;
-                                s->new_session = 0;
-
-                                ssl_update_cache(s, SSL_SESS_CACHE_SERVER);
-
-                                s->ctx->stats.sess_accept_good++;
-                                /* s->server=1; */
-                                s->handshake_func = ssl3_accept;
-
-                                ssl_info_callback(s, SSL_CB_HANDSHAKE_DONE, 1);
-                        }
-
-                        ret = 1;
-
-                        if (SSL_is_dtls(s)) {
-                                /* Done handshaking, next message is client hello. */
-                                s->d1->handshake_read_seq = 0;
-                                /* Next message is server hello. */
-                                s->d1->handshake_write_seq = 0;
-                                s->d1->next_handshake_write_seq = 0;
-                        }
-                        goto end;
-                        /* break; */
-
-                default:
-                        SSLerror(s, SSL_R_UNKNOWN_STATE);
-                        ret = -1;
-                        goto end;
-                        /* break; */
-                }
-
-                if (!s->s3->hs.tls12.reuse_message && !skip) {
-                        if (s->s3->hs.state != state) {
-                                new_state = s->s3->hs.state;
-                                s->s3->hs.state = state;
-                                ssl_info_callback(s, SSL_CB_ACCEPT_LOOP, 1);
-                                s->s3->hs.state = new_state;
-                        }
-                }
-                skip = 0;
-        }
- end:
-        /* BIO_flush(s->wbio); */
-        s->in_handshake--;
-        ssl_info_callback(s, SSL_CB_ACCEPT_EXIT, ret);
-
-        return (ret);
-}
-
-static int
-ssl3_send_hello_request(SSL *s)
-{
-        CBB cbb, hello;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_HELLO_REQ_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &hello,
-                    SSL3_MT_HELLO_REQUEST))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_HELLO_REQ_B;
-        }
-
-        /* SSL3_ST_SW_HELLO_REQ_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_get_client_hello(SSL *s)
-{
-        CBS cbs, client_random, session_id, cookie, cipher_suites;
-        CBS compression_methods;
-        uint16_t client_version;
-        uint8_t comp_method;
-        int comp_null;
-        int i, j, al, ret, cookie_valid = 0;
-        SSL_CIPHER *c;
-        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        const SSL_METHOD *method;
-        uint16_t shared_version;
-
-        /*
-         * We do this so that we will respond with our native type.
-         * If we are TLSv1 and we get SSLv3, we will respond with TLSv1,
-         * This down switching should be handled by a different method.
-         * If we are SSLv3, we will respond with SSLv3, even if prompted with
-         * TLSv1.
-         */
-        if (s->s3->hs.state == SSL3_ST_SR_CLNT_HELLO_A)
-                s->s3->hs.state = SSL3_ST_SR_CLNT_HELLO_B;
-
-        s->first_packet = 1;
-        if ((ret = ssl3_get_message(s, SSL3_ST_SR_CLNT_HELLO_B,
-            SSL3_ST_SR_CLNT_HELLO_C, SSL3_MT_CLIENT_HELLO,
-            SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
-                return ret;
-        s->first_packet = 0;
-
-        ret = -1;
-
-        if (s->init_num < 0)
-                goto err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        /* Parse client hello up until the extensions (if any). */
-        if (!CBS_get_u16(&cbs, &client_version))
-                goto decode_err;
-        if (!CBS_get_bytes(&cbs, &client_random, SSL3_RANDOM_SIZE))
-                goto decode_err;
-        if (!CBS_get_u8_length_prefixed(&cbs, &session_id))
-                goto decode_err;
-        if (CBS_len(&session_id) > SSL3_SESSION_ID_SIZE) {
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_SSL3_SESSION_ID_TOO_LONG);
-                goto fatal_err;
-        }
-        if (SSL_is_dtls(s)) {
-                if (!CBS_get_u8_length_prefixed(&cbs, &cookie))
-                        goto decode_err;
-        }
-        if (!CBS_get_u16_length_prefixed(&cbs, &cipher_suites))
-                goto decode_err;
-        if (!CBS_get_u8_length_prefixed(&cbs, &compression_methods))
-                goto decode_err;
-
-        /*
-         * Use version from inside client hello, not from record header.
-         * (may differ: see RFC 2246, Appendix E, second paragraph)
-         */
-        if (!ssl_max_shared_version(s, client_version, &shared_version)) {
-                if ((client_version >> 8) == SSL3_VERSION_MAJOR &&
-                    !tls12_record_layer_write_protected(s->rl)) {
-                        /*
-                         * Similar to ssl3_get_record, send alert using remote
-                         * version number.
-                         */
-                        s->version = client_version;
-                }
-                SSLerror(s, SSL_R_WRONG_VERSION_NUMBER);
-                al = SSL_AD_PROTOCOL_VERSION;
-                goto fatal_err;
-        }
-        s->s3->hs.peer_legacy_version = client_version;
-        s->version = shared_version;
-
-        s->s3->hs.negotiated_tls_version = ssl_tls_version(shared_version);
-        if (s->s3->hs.negotiated_tls_version == 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-
-        if ((method = ssl_get_method(shared_version)) == NULL) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-        s->method = method;
-
-        /*
-         * If we require cookies (DTLS) and this ClientHello does not contain
-         * one, just return since we do not want to allocate any memory yet.
-         * So check cookie length...
-         */
-        if (SSL_is_dtls(s)) {
-                if (SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) {
-                        if (CBS_len(&cookie) == 0)
-                                return (1);
-                }
-        }
-
-        if (!CBS_write_bytes(&client_random, s->s3->client_random,
-            sizeof(s->s3->client_random), NULL))
-                goto err;
-
-        s->hit = 0;
-
-        /*
-         * Versions before 0.9.7 always allow clients to resume sessions in
-         * renegotiation. 0.9.7 and later allow this by default, but optionally
-         * ignore resumption requests with flag
-         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION (it's a new flag
-         * rather than a change to default behavior so that applications
-         * relying on this for security won't even compile against older
-         * library versions).
-         *
-         * 1.0.1 and later also have a function SSL_renegotiate_abbreviated()
-         * to request renegotiation but not a new session (s->new_session
-         * remains unset): for servers, this essentially just means that the
-         * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION setting will be
-         * ignored.
-         */
-        if ((s->new_session && (s->options &
-            SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) {
-                if (!ssl_get_new_session(s, 1))
-                        goto err;
-        } else {
-                CBS ext_block;
-
-                CBS_dup(&cbs, &ext_block);
-
-                i = ssl_get_prev_session(s, &session_id, &ext_block, &al);
-                if (i == 1) { /* previous session */
-                        s->hit = 1;
-                } else if (i == -1)
-                        goto fatal_err;
-                else {
-                        /* i == 0 */
-                        if (!ssl_get_new_session(s, 1))
-                                goto err;
-                }
-        }
-
-        if (SSL_is_dtls(s)) {
-                /*
-                 * The ClientHello may contain a cookie even if the HelloVerify
-                 * message has not been sent - make sure that it does not cause
-                 * an overflow.
-                 */
-                if (CBS_len(&cookie) > sizeof(s->d1->rcvd_cookie)) {
-                        al = SSL_AD_DECODE_ERROR;
-                        SSLerror(s, SSL_R_COOKIE_MISMATCH);
-                        goto fatal_err;
-                }
-
-                /* Verify the cookie if appropriate option is set. */
-                if ((SSL_get_options(s) & SSL_OP_COOKIE_EXCHANGE) &&
-                    CBS_len(&cookie) > 0) {
-                        size_t cookie_len;
-
-                        /* XXX - rcvd_cookie seems to only be used here... */
-                        if (!CBS_write_bytes(&cookie, s->d1->rcvd_cookie,
-                            sizeof(s->d1->rcvd_cookie), &cookie_len))
-                                goto err;
-
-                        if (s->ctx->app_verify_cookie_cb != NULL) {
-                                if (s->ctx->app_verify_cookie_cb(s,
-                                    s->d1->rcvd_cookie, cookie_len) == 0) {
-                                        al = SSL_AD_HANDSHAKE_FAILURE;
-                                        SSLerror(s, SSL_R_COOKIE_MISMATCH);
-                                        goto fatal_err;
-                                }
-                                /* else cookie verification succeeded */
-                        /* XXX - can d1->cookie_len > sizeof(rcvd_cookie) ? */
-                        } else if (timingsafe_memcmp(s->d1->rcvd_cookie,
-                            s->d1->cookie, s->d1->cookie_len) != 0) {
-                                /* default verification */
-                                al = SSL_AD_HANDSHAKE_FAILURE;
-                                SSLerror(s, SSL_R_COOKIE_MISMATCH);
-                                goto fatal_err;
-                        }
-                        cookie_valid = 1;
-                }
-        }
-
-        /* XXX - This logic seems wrong... */
-        if (CBS_len(&cipher_suites) == 0 && CBS_len(&session_id) != 0) {
-                /* we need a cipher if we are not resuming a session */
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                SSLerror(s, SSL_R_NO_CIPHERS_SPECIFIED);
-                goto fatal_err;
-        }
-
-        if (CBS_len(&cipher_suites) > 0) {
-                if ((ciphers = ssl_bytes_to_cipher_list(s,
-                    &cipher_suites)) == NULL)
-                        goto err;
-        }
-
-        /* If it is a hit, check that the cipher is in the list */
-        /* XXX - CBS_len(&cipher_suites) will always be zero here... */
-        if (s->hit && CBS_len(&cipher_suites) > 0) {
-                j = 0;
-
-                for (i = 0; i < sk_SSL_CIPHER_num(ciphers); i++) {
-                        c = sk_SSL_CIPHER_value(ciphers, i);
-                        if (c->value == s->session->cipher_value) {
-                                j = 1;
-                                break;
-                        }
-                }
-                if (j == 0) {
-                        /*
-                         * We need to have the cipher in the cipher
-                         * list if we are asked to reuse it
-                         */
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_REQUIRED_CIPHER_MISSING);
-                        goto fatal_err;
-                }
-        }
-
-        comp_null = 0;
-        while (CBS_len(&compression_methods) > 0) {
-                if (!CBS_get_u8(&compression_methods, &comp_method))
-                        goto decode_err;
-                if (comp_method == 0)
-                        comp_null = 1;
-        }
-        if (comp_null == 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_NO_COMPRESSION_SPECIFIED);
-                goto fatal_err;
-        }
-
-        if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, &cbs, &al)) {
-                SSLerror(s, SSL_R_PARSE_TLSEXT);
-                goto fatal_err;
-        }
-
-        if (CBS_len(&cbs) != 0)
-                goto decode_err;
-
-        if (!s->s3->renegotiate_seen && s->renegotiate) {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerror(s, SSL_R_UNSAFE_LEGACY_RENEGOTIATION_DISABLED);
-                goto fatal_err;
-        }
-
-        if (ssl_check_clienthello_tlsext_early(s) <= 0) {
-                SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT);
-                goto err;
-        }
-
-        /*
-         * Check if we want to use external pre-shared secret for this
-         * handshake for not reused session only. We need to generate
-         * server_random before calling tls_session_secret_cb in order to allow
-         * SessionTicket processing to use it in key derivation.
-         */
-        arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
-
-        if (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION &&
-            s->s3->hs.negotiated_tls_version < s->s3->hs.our_max_tls_version) {
-                /*
-                 * RFC 8446 section 4.1.3. If we are downgrading from TLS 1.3
-                 * we must set the last 8 bytes of the server random to magical
-                 * values to indicate we meant to downgrade.  For TLS 1.2 it is
-                 * recommended that we do the same.
-                 */
-                size_t index = SSL3_RANDOM_SIZE - sizeof(tls13_downgrade_12);
-                uint8_t *magic = &s->s3->server_random[index];
-                if (s->s3->hs.negotiated_tls_version == TLS1_2_VERSION) {
-                        /* Indicate we chose to downgrade to 1.2. */
-                        memcpy(magic, tls13_downgrade_12,
-                            sizeof(tls13_downgrade_12));
-                } else {
-                        /* Indicate we chose to downgrade to 1.1 or lower */
-                        memcpy(magic, tls13_downgrade_11,
-                            sizeof(tls13_downgrade_11));
-                }
-        }
-
-        if (!s->hit && s->tls_session_secret_cb != NULL) {
-                const SSL_CIPHER *pref_cipher = NULL;
-                int master_key_length = sizeof(s->session->master_key);
-
-                if (!s->tls_session_secret_cb(s,
-                    s->session->master_key, &master_key_length, ciphers,
-                    &pref_cipher, s->tls_session_secret_cb_arg)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                if (master_key_length <= 0) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                s->session->master_key_length = master_key_length;
-
-                s->hit = 1;
-                s->session->verify_result = X509_V_OK;
-
-                sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-                s->s3->hs.client_ciphers = ciphers;
-                ciphers = NULL;
-
-                /*
-                 * XXX - this allows the callback to use any client cipher and
-                 * completely ignore the server cipher list. We should ensure
-                 * that the pref_cipher is in both the client list and the
-                 * server list.
-                 */
-
-                /* Check if some cipher was preferred by the callback. */
-                if (pref_cipher == NULL)
-                        pref_cipher = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
-                            SSL_get_ciphers(s));
-                if (pref_cipher == NULL) {
-                        al = SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);
-                        goto fatal_err;
-                }
-                s->s3->hs.cipher = pref_cipher;
-
-                /* XXX - why? */
-                sk_SSL_CIPHER_free(s->cipher_list);
-                s->cipher_list = sk_SSL_CIPHER_dup(s->s3->hs.client_ciphers);
-        }
-
-        /*
-         * Given s->session->ciphers and SSL_get_ciphers, we must
-         * pick a cipher
-         */
-
-        if (!s->hit) {
-                if (ciphers == NULL) {
-                        al = SSL_AD_ILLEGAL_PARAMETER;
-                        SSLerror(s, SSL_R_NO_CIPHERS_PASSED);
-                        goto fatal_err;
-                }
-                sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-                s->s3->hs.client_ciphers = ciphers;
-                ciphers = NULL;
-
-                if ((c = ssl3_choose_cipher(s, s->s3->hs.client_ciphers,
-                    SSL_get_ciphers(s))) == NULL) {
-                        al = SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerror(s, SSL_R_NO_SHARED_CIPHER);
-                        goto fatal_err;
-                }
-                s->s3->hs.cipher = c;
-                s->session->cipher_value = s->s3->hs.cipher->value;
-        } else {
-                s->s3->hs.cipher = ssl3_get_cipher_by_value(s->session->cipher_value);
-                if (s->s3->hs.cipher == NULL)
-                        goto fatal_err;
-        }
-
-        if (!tls1_transcript_hash_init(s))
-                goto err;
-
-        if (!SSL_USE_SIGALGS(s) || !(s->verify_mode & SSL_VERIFY_PEER))
-                tls1_transcript_free(s);
-
-        /*
-         * We now have the following setup.
-         * client_random
-         * cipher_list          - our preferred list of ciphers
-         * ciphers              - the clients preferred list of ciphers
-         * compression          - basically ignored right now
-         * ssl version is set   - sslv3
-         * s->session           - The ssl session has been setup.
-         * s->hit               - session reuse flag
-         * s->hs.cipher - the new cipher to use.
-         */
-
-        /* Handles TLS extensions that we couldn't check earlier */
-        if (ssl_check_clienthello_tlsext_late(s) <= 0) {
-                SSLerror(s, SSL_R_CLIENTHELLO_TLSEXT);
-                goto err;
-        }
-
-        ret = cookie_valid ? 2 : 1;
-
-        if (0) {
- decode_err:
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- fatal_err:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        }
- err:
-        sk_SSL_CIPHER_free(ciphers);
-
-        return (ret);
-}
-
-static int
-ssl3_send_dtls_hello_verify_request(SSL *s)
-{
-        CBB cbb, verify, cookie;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A) {
-                if (s->ctx->app_gen_cookie_cb == NULL ||
-                    s->ctx->app_gen_cookie_cb(s, s->d1->cookie,
-                        &(s->d1->cookie_len)) == 0) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        return 0;
-                }
-
-                /*
-                 * Per RFC 6347 section 4.2.1, the HelloVerifyRequest should
-                 * always contain DTLSv1.0 regardless of the version that is
-                 * going to be negotiated.
-                 */
-                if (!ssl3_handshake_msg_start(s, &cbb, &verify,
-                    DTLS1_MT_HELLO_VERIFY_REQUEST))
-                        goto err;
-                if (!CBB_add_u16(&verify, DTLS1_VERSION))
-                        goto err;
-                if (!CBB_add_u8_length_prefixed(&verify, &cookie))
-                        goto err;
-                if (!CBB_add_bytes(&cookie, s->d1->cookie, s->d1->cookie_len))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B;
-        }
-
-        /* s->s3->hs.state = DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_send_server_hello(SSL *s)
-{
-        CBB cbb, server_hello, session_id;
-        size_t sl;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_SRVR_HELLO_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &server_hello,
-                    SSL3_MT_SERVER_HELLO))
-                        goto err;
-
-                if (!CBB_add_u16(&server_hello, s->version))
-                        goto err;
-                if (!CBB_add_bytes(&server_hello, s->s3->server_random,
-                    sizeof(s->s3->server_random)))
-                        goto err;
-
-                /*
-                 * There are several cases for the session ID to send
-                 * back in the server hello:
-                 *
-                 * - For session reuse from the session cache,
-                 *   we send back the old session ID.
-                 * - If stateless session reuse (using a session ticket)
-                 *   is successful, we send back the client's "session ID"
-                 *   (which doesn't actually identify the session).
-                 * - If it is a new session, we send back the new
-                 *   session ID.
-                 * - However, if we want the new session to be single-use,
-                 *   we send back a 0-length session ID.
-                 *
-                 * s->hit is non-zero in either case of session reuse,
-                 * so the following won't overwrite an ID that we're supposed
-                 * to send back.
-                 */
-                if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_SERVER)
-                    && !s->hit)
-                        s->session->session_id_length = 0;
-
-                sl = s->session->session_id_length;
-                if (sl > sizeof(s->session->session_id)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                if (!CBB_add_u8_length_prefixed(&server_hello, &session_id))
-                        goto err;
-                if (!CBB_add_bytes(&session_id, s->session->session_id, sl))
-                        goto err;
-
-                /* Cipher suite. */
-                if (!CBB_add_u16(&server_hello, s->s3->hs.cipher->value))
-                        goto err;
-
-                /* Compression method (null). */
-                if (!CBB_add_u8(&server_hello, 0))
-                        goto err;
-
-                /* TLS extensions */
-                if (!tlsext_server_build(s, SSL_TLSEXT_MSG_SH, &server_hello)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-        }
-
-        /* SSL3_ST_SW_SRVR_HELLO_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_send_server_done(SSL *s)
-{
-        CBB cbb, done;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_SRVR_DONE_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &done,
-                    SSL3_MT_SERVER_DONE))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_SRVR_DONE_B;
-        }
-
-        /* SSL3_ST_SW_SRVR_DONE_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_send_server_kex_dhe(SSL *s, CBB *cbb)
-{
-        int nid = NID_dhKeyAgreement;
-
-        tls_key_share_free(s->s3->hs.key_share);
-        if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
-                goto err;
-
-        if (s->cert->dhe_params_auto != 0) {
-                size_t key_bits;
-
-                if ((key_bits = ssl_dhe_params_auto_key_bits(s)) == 0) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_INTERNAL_ERROR);
-                        goto err;
-                }
-                tls_key_share_set_key_bits(s->s3->hs.key_share,
-                    key_bits);
-        } else {
-                DH *dh_params = s->cert->dhe_params;
-
-                if (dh_params == NULL && s->cert->dhe_params_cb != NULL)
-                        dh_params = s->cert->dhe_params_cb(s, 0,
-                            SSL_C_PKEYLENGTH(s->s3->hs.cipher));
-
-                if (dh_params == NULL) {
-                        SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
-                        ssl3_send_alert(s, SSL3_AL_FATAL,
-                            SSL_AD_HANDSHAKE_FAILURE);
-                        goto err;
-                }
-
-                if (!tls_key_share_set_dh_params(s->s3->hs.key_share, dh_params))
-                        goto err;
-        }
-
-        if (!tls_key_share_generate(s->s3->hs.key_share))
-                goto err;
-
-        if (!tls_key_share_params(s->s3->hs.key_share, cbb))
-                goto err;
-        if (!tls_key_share_public(s->s3->hs.key_share, cbb))
-                goto err;
-
-        if (!tls_key_share_peer_security(s, s->s3->hs.key_share)) {
-                SSLerror(s, SSL_R_DH_KEY_TOO_SMALL);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                return 0;
-        }
-
-        return 1;
-
- err:
-        return 0;
-}
-
-static int
-ssl3_send_server_kex_ecdhe(SSL *s, CBB *cbb)
-{
-        CBB public;
-        int nid;
-
-        if (!tls1_get_supported_group(s, &nid)) {
-                SSLerror(s, SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-        }
-
-        tls_key_share_free(s->s3->hs.key_share);
-        if ((s->s3->hs.key_share = tls_key_share_new_nid(nid)) == NULL)
-                goto err;
-
-        if (!tls_key_share_generate(s->s3->hs.key_share))
-                goto err;
-
-        /*
-         * ECC key exchange - see RFC 8422, section 5.4.
-         */
-        if (!CBB_add_u8(cbb, NAMED_CURVE_TYPE))
-                goto err;
-        if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share)))
-                goto err;
-        if (!CBB_add_u8_length_prefixed(cbb, &public))
-                goto err;
-        if (!tls_key_share_public(s->s3->hs.key_share, &public))
-                goto err;
-        if (!CBB_flush(cbb))
-                goto err;
-
-        return 1;
-
- err:
-        return 0;
-}
-
-static int
-ssl3_send_server_key_exchange(SSL *s)
-{
-        CBB cbb, cbb_signature, cbb_signed_params, server_kex;
-        CBS params;
-        const struct ssl_sigalg *sigalg = NULL;
-        unsigned char *signed_params = NULL;
-        size_t signed_params_len;
-        unsigned char *signature = NULL;
-        size_t signature_len = 0;
-        const EVP_MD *md = NULL;
-        unsigned long type;
-        EVP_MD_CTX *md_ctx = NULL;
-        EVP_PKEY_CTX *pctx;
-        EVP_PKEY *pkey;
-        int al;
-
-        memset(&cbb, 0, sizeof(cbb));
-        memset(&cbb_signed_params, 0, sizeof(cbb_signed_params));
-
-        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        if (s->s3->hs.state == SSL3_ST_SW_KEY_EXCH_A) {
-
-                if (!ssl3_handshake_msg_start(s, &cbb, &server_kex,
-                    SSL3_MT_SERVER_KEY_EXCHANGE))
-                        goto err;
-
-                if (!CBB_init(&cbb_signed_params, 0))
-                        goto err;
-
-                if (!CBB_add_bytes(&cbb_signed_params, s->s3->client_random,
-                    SSL3_RANDOM_SIZE)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-                if (!CBB_add_bytes(&cbb_signed_params, s->s3->server_random,
-                    SSL3_RANDOM_SIZE)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        goto err;
-                }
-
-                type = s->s3->hs.cipher->algorithm_mkey;
-                if (type & SSL_kDHE) {
-                        if (!ssl3_send_server_kex_dhe(s, &cbb_signed_params))
-                                goto err;
-                } else if (type & SSL_kECDHE) {
-                        if (!ssl3_send_server_kex_ecdhe(s, &cbb_signed_params))
-                                goto err;
-                } else {
-                        al = SSL_AD_HANDSHAKE_FAILURE;
-                        SSLerror(s, SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE);
-                        goto fatal_err;
-                }
-
-                if (!CBB_finish(&cbb_signed_params, &signed_params,
-                    &signed_params_len))
-                        goto err;
-
-                CBS_init(&params, signed_params, signed_params_len);
-                if (!CBS_skip(&params, 2 * SSL3_RANDOM_SIZE))
-                        goto err;
-
-                if (!CBB_add_bytes(&server_kex, CBS_data(&params),
-                    CBS_len(&params)))
-                        goto err;
-
-                /* Add signature unless anonymous. */
-                if (!(s->s3->hs.cipher->algorithm_auth & SSL_aNULL)) {
-                        if ((pkey = ssl_get_sign_pkey(s, s->s3->hs.cipher,
-                            &md, &sigalg)) == NULL) {
-                                al = SSL_AD_DECODE_ERROR;
-                                goto fatal_err;
-                        }
-                        s->s3->hs.our_sigalg = sigalg;
-
-                        /* Send signature algorithm. */
-                        if (SSL_USE_SIGALGS(s)) {
-                                if (!CBB_add_u16(&server_kex, sigalg->value)) {
-                                        al = SSL_AD_INTERNAL_ERROR;
-                                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                                        goto fatal_err;
-                                }
-                        }
-
-                        if (!EVP_DigestSignInit(md_ctx, &pctx, md, NULL, pkey)) {
-                                SSLerror(s, ERR_R_EVP_LIB);
-                                goto err;
-                        }
-                        if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
-                            (!EVP_PKEY_CTX_set_rsa_padding(pctx,
-                            RSA_PKCS1_PSS_PADDING) ||
-                            !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
-                                SSLerror(s, ERR_R_EVP_LIB);
-                                goto err;
-                        }
-                        if (!EVP_DigestSign(md_ctx, NULL, &signature_len,
-                            signed_params, signed_params_len)) {
-                                SSLerror(s, ERR_R_EVP_LIB);
-                                goto err;
-                        }
-                        if ((signature = calloc(1, signature_len)) == NULL) {
-                                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                                goto err;
-                        }
-                        if (!EVP_DigestSign(md_ctx, signature, &signature_len,
-                            signed_params, signed_params_len)) {
-                                SSLerror(s, ERR_R_EVP_LIB);
-                                goto err;
-                        }
-
-                        if (!CBB_add_u16_length_prefixed(&server_kex,
-                            &cbb_signature))
-                                goto err;
-                        if (!CBB_add_bytes(&cbb_signature, signature,
-                            signature_len))
-                                goto err;
-                }
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_KEY_EXCH_B;
-        }
-
-        EVP_MD_CTX_free(md_ctx);
-        free(signature);
-        free(signed_params);
-
-        return (ssl3_handshake_write(s));
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        CBB_cleanup(&cbb_signed_params);
-        CBB_cleanup(&cbb);
-        EVP_MD_CTX_free(md_ctx);
-        free(signature);
-        free(signed_params);
-
-        return (-1);
-}
-
-static int
-ssl3_send_certificate_request(SSL *s)
-{
-        CBB cbb, cert_request, cert_types, sigalgs, cert_auth, dn;
-        STACK_OF(X509_NAME) *sk = NULL;
-        X509_NAME *name;
-        int i;
-
-        /*
-         * Certificate Request - RFC 5246 section 7.4.4.
-         */
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_CERT_REQ_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &cert_request,
-                    SSL3_MT_CERTIFICATE_REQUEST))
-                        goto err;
-
-                if (!CBB_add_u8_length_prefixed(&cert_request, &cert_types))
-                        goto err;
-                if (!ssl3_get_req_cert_types(s, &cert_types))
-                        goto err;
-
-                if (SSL_USE_SIGALGS(s)) {
-                        if (!CBB_add_u16_length_prefixed(&cert_request,
-                            &sigalgs))
-                                goto err;
-                        if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version,
-                            &sigalgs, SSL_get_security_level(s)))
-                                goto err;
-                }
-
-                if (!CBB_add_u16_length_prefixed(&cert_request, &cert_auth))
-                        goto err;
-
-                sk = SSL_get_client_CA_list(s);
-                for (i = 0; i < sk_X509_NAME_num(sk); i++) {
-                        unsigned char *name_data;
-                        size_t name_len;
-
-                        name = sk_X509_NAME_value(sk, i);
-                        name_len = i2d_X509_NAME(name, NULL);
-
-                        if (!CBB_add_u16_length_prefixed(&cert_auth, &dn))
-                                goto err;
-                        if (!CBB_add_space(&dn, &name_data, name_len))
-                                goto err;
-                        if (i2d_X509_NAME(name, &name_data) != name_len)
-                                goto err;
-                }
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_CERT_REQ_B;
-        }
-
-        /* SSL3_ST_SW_CERT_REQ_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_get_client_kex_rsa(SSL *s, CBS *cbs)
-{
-        uint8_t fakepms[SSL_MAX_MASTER_KEY_LENGTH];
-        uint8_t *pms = NULL;
-        size_t pms_len = 0;
-        size_t pad_len;
-        EVP_PKEY *pkey = NULL;
-        RSA *rsa = NULL;
-        CBS enc_pms;
-        int decrypt_len;
-        uint8_t mask;
-        size_t i;
-        int valid = 1;
-        int ret = 0;
-
-        /*
-         * Handle key exchange in the form of an RSA-Encrypted Premaster Secret
-         * Message. See RFC 5246, section 7.4.7.1.
-         */
-
-        arc4random_buf(fakepms, sizeof(fakepms));
-
-        fakepms[0] = s->s3->hs.peer_legacy_version >> 8;
-        fakepms[1] = s->s3->hs.peer_legacy_version & 0xff;
-
-        pkey = s->cert->pkeys[SSL_PKEY_RSA].privatekey;
-        if (pkey == NULL || (rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
-                SSLerror(s, SSL_R_MISSING_RSA_CERTIFICATE);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-        }
-
-        /*
-         * The minimum size of an encrypted premaster secret is 11 bytes of
-         * padding (00 02 <8 or more non-zero bytes> 00) (RFC 8017, section
-         * 9.2) and 48 bytes of premaster secret (RFC 5246, section 7.4.7.1).
-         * This means an RSA key size of at least 472 bits.
-         */
-        pms_len = RSA_size(rsa);
-        if (pms_len < 11 + SSL_MAX_MASTER_KEY_LENGTH) {
-                SSLerror(s, SSL_R_DECRYPTION_FAILED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
-                goto err;
-        }
-        pad_len = pms_len - SSL_MAX_MASTER_KEY_LENGTH;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &enc_pms)) {
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                goto err;
-        }
-        if (CBS_len(&enc_pms) != pms_len || CBS_len(cbs) != 0) {
-                SSLerror(s, SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                goto err;
-        }
-
-        if ((pms = calloc(1, pms_len)) == NULL)
-                goto err;
-
-        decrypt_len = RSA_private_decrypt(CBS_len(&enc_pms), CBS_data(&enc_pms),
-            pms, rsa, RSA_NO_PADDING);
-
-        if (decrypt_len != pms_len) {
-                SSLerror(s, SSL_R_DECRYPTION_FAILED);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECRYPT_ERROR);
-                goto err;
-        }
-
-        /*
-         * All processing from here on needs to avoid leaking any information
-         * about the decrypted content, in order to prevent oracle attacks and
-         * minimise timing attacks.
-         */
-
-        /* Check padding - 00 02 <8 or more non-zero bytes> 00 */
-        valid &= crypto_ct_eq_u8(pms[0], 0x00);
-        valid &= crypto_ct_eq_u8(pms[1], 0x02);
-        for (i = 2; i < pad_len - 1; i++)
-                valid &= crypto_ct_ne_u8(pms[i], 0x00);
-        valid &= crypto_ct_eq_u8(pms[pad_len - 1], 0x00);
-
-        /* Ensure client version in premaster secret matches ClientHello version. */
-        valid &= crypto_ct_eq_u8(pms[pad_len + 0], s->s3->hs.peer_legacy_version >> 8);
-        valid &= crypto_ct_eq_u8(pms[pad_len + 1], s->s3->hs.peer_legacy_version & 0xff);
-
-        /* Use the premaster secret if padding is correct, if not use the fake. */
-        mask = crypto_ct_eq_mask_u8(valid, 1);
-        for (i = 0; i < SSL_MAX_MASTER_KEY_LENGTH; i++)
-                pms[i] = (pms[pad_len + i] & mask) | (fakepms[i] & ~mask);
-
-        if (!tls12_derive_master_secret(s, pms, SSL_MAX_MASTER_KEY_LENGTH))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(pms, pms_len);
-
-        return ret;
-}
-
-static int
-ssl3_get_client_kex_dhe(SSL *s, CBS *cbs)
-{
-        uint8_t *key = NULL;
-        size_t key_len = 0;
-        int decode_error, invalid_key;
-        int ret = 0;
-
-        if (s->s3->hs.key_share == NULL) {
-                SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                goto err;
-        }
-
-        if (!tls_key_share_peer_public(s->s3->hs.key_share, cbs,
-            &decode_error, &invalid_key)) {
-                if (decode_error) {
-                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                }
-                goto err;
-        }
-        if (invalid_key) {
-                SSLerror(s, SSL_R_BAD_DH_PUB_KEY_LENGTH);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_ILLEGAL_PARAMETER);
-                goto err;
-        }
-
-        if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
-                goto err;
-
-        if (!tls12_derive_master_secret(s, key, key_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(key, key_len);
-
-        return ret;
-}
-
-static int
-ssl3_get_client_kex_ecdhe(SSL *s, CBS *cbs)
-{
-        uint8_t *key = NULL;
-        size_t key_len = 0;
-        int decode_error;
-        CBS public;
-        int ret = 0;
-
-        if (s->s3->hs.key_share == NULL) {
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_HANDSHAKE_FAILURE);
-                SSLerror(s, SSL_R_MISSING_TMP_DH_KEY);
-                goto err;
-        }
-
-        if (!CBS_get_u8_length_prefixed(cbs, &public)) {
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                goto err;
-        }
-        if (!tls_key_share_peer_public(s->s3->hs.key_share, &public,
-            &decode_error, NULL)) {
-                if (decode_error) {
-                        SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                        ssl3_send_alert(s, SSL3_AL_FATAL, SSL_AD_DECODE_ERROR);
-                }
-                goto err;
-        }
-
-        if (!tls_key_share_derive(s->s3->hs.key_share, &key, &key_len))
-                goto err;
-
-        if (!tls12_derive_master_secret(s, key, key_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(key, key_len);
-
-        return ret;
-}
-
-static int
-ssl3_get_client_key_exchange(SSL *s)
-{
-        unsigned long alg_k;
-        int al, ret;
-        CBS cbs;
-
-        /* 2048 maxlen is a guess.  How long a key does that permit? */
-        if ((ret = ssl3_get_message(s, SSL3_ST_SR_KEY_EXCH_A,
-            SSL3_ST_SR_KEY_EXCH_B, SSL3_MT_CLIENT_KEY_EXCHANGE, 2048)) <= 0)
-                return ret;
-
-        if (s->init_num < 0)
-                goto err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        alg_k = s->s3->hs.cipher->algorithm_mkey;
-
-        if (alg_k & SSL_kRSA) {
-                if (!ssl3_get_client_kex_rsa(s, &cbs))
-                        goto err;
-        } else if (alg_k & SSL_kDHE) {
-                if (!ssl3_get_client_kex_dhe(s, &cbs))
-                        goto err;
-        } else if (alg_k & SSL_kECDHE) {
-                if (!ssl3_get_client_kex_ecdhe(s, &cbs))
-                        goto err;
-        } else {
-                al = SSL_AD_HANDSHAKE_FAILURE;
-                SSLerror(s, SSL_R_UNKNOWN_CIPHER_TYPE);
-                goto fatal_err;
-        }
-
-        if (CBS_len(&cbs) != 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
-                goto fatal_err;
-        }
-
-        return (1);
-
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
- err:
-        return (-1);
-}
-
-static int
-ssl3_get_cert_verify(SSL *s)
-{
-        CBS cbs, signature;
-        const struct ssl_sigalg *sigalg = NULL;
-        uint16_t sigalg_value = SIGALG_NONE;
-        EVP_PKEY *pkey;
-        X509 *peer_cert = NULL;
-        EVP_MD_CTX *mctx = NULL;
-        int al, verify;
-        const unsigned char *hdata;
-        size_t hdatalen;
-        int type = 0;
-        int ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_VRFY_A,
-            SSL3_ST_SR_CERT_VRFY_B, -1, SSL3_RT_MAX_PLAIN_LENGTH)) <= 0)
-                return ret;
-
-        ret = 0;
-
-        if (s->init_num < 0)
-                goto err;
-
-        if ((mctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        peer_cert = s->session->peer_cert;
-        pkey = X509_get0_pubkey(peer_cert);
-        type = X509_certificate_type(peer_cert, pkey);
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE_VERIFY) {
-                s->s3->hs.tls12.reuse_message = 1;
-                if (peer_cert != NULL) {
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        SSLerror(s, SSL_R_MISSING_VERIFY_MESSAGE);
-                        goto fatal_err;
-                }
-                ret = 1;
-                goto end;
-        }
-
-        if (peer_cert == NULL) {
-                SSLerror(s, SSL_R_NO_CLIENT_CERT_RECEIVED);
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                goto fatal_err;
-        }
-
-        if (!(type & EVP_PKT_SIGN)) {
-                SSLerror(s, SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE);
-                al = SSL_AD_ILLEGAL_PARAMETER;
-                goto fatal_err;
-        }
-
-        if (s->s3->change_cipher_spec) {
-                SSLerror(s, SSL_R_CCS_RECEIVED_EARLY);
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                goto fatal_err;
-        }
-
-        if (SSL_USE_SIGALGS(s)) {
-                if (!CBS_get_u16(&cbs, &sigalg_value))
-                        goto decode_err;
-        }
-        if (!CBS_get_u16_length_prefixed(&cbs, &signature))
-                goto err;
-        if (CBS_len(&cbs) != 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_EXTRA_DATA_IN_MESSAGE);
-                goto fatal_err;
-        }
-
-        if (CBS_len(&signature) > EVP_PKEY_size(pkey)) {
-                SSLerror(s, SSL_R_WRONG_SIGNATURE_SIZE);
-                al = SSL_AD_DECODE_ERROR;
-                goto fatal_err;
-        }
-
-        if ((sigalg = ssl_sigalg_for_peer(s, pkey,
-            sigalg_value)) == NULL) {
-                al = SSL_AD_DECODE_ERROR;
-                goto fatal_err;
-        }
-        s->s3->hs.peer_sigalg = sigalg;
-
-        if (SSL_USE_SIGALGS(s)) {
-                EVP_PKEY_CTX *pctx;
-
-                if (!tls1_transcript_data(s, &hdata, &hdatalen)) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if (!EVP_DigestVerifyInit(mctx, &pctx, sigalg->md(),
-                    NULL, pkey)) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if ((sigalg->flags & SIGALG_FLAG_RSA_PSS) &&
-                    (!EVP_PKEY_CTX_set_rsa_padding(pctx,
-                        RSA_PKCS1_PSS_PADDING) ||
-                    !EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-                if (EVP_DigestVerify(mctx, CBS_data(&signature),
-                    CBS_len(&signature), hdata, hdatalen) <= 0) {
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto fatal_err;
-                }
-        } else if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
-                RSA *rsa;
-
-                if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        goto fatal_err;
-                }
-                verify = RSA_verify(NID_md5_sha1, s->s3->hs.tls12.cert_verify,
-                    MD5_DIGEST_LENGTH + SHA_DIGEST_LENGTH, CBS_data(&signature),
-                    CBS_len(&signature), rsa);
-                if (verify < 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_RSA_DECRYPT);
-                        goto fatal_err;
-                }
-                if (verify == 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_RSA_SIGNATURE);
-                        goto fatal_err;
-                }
-        } else if (EVP_PKEY_id(pkey) == EVP_PKEY_EC) {
-                EC_KEY *eckey;
-
-                if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        SSLerror(s, ERR_R_EVP_LIB);
-                        goto fatal_err;
-                }
-                verify = ECDSA_verify(0,
-                    &(s->s3->hs.tls12.cert_verify[MD5_DIGEST_LENGTH]),
-                    SHA_DIGEST_LENGTH, CBS_data(&signature),
-                    CBS_len(&signature), eckey);
-                if (verify <= 0) {
-                        al = SSL_AD_DECRYPT_ERROR;
-                        SSLerror(s, SSL_R_BAD_ECDSA_SIGNATURE);
-                        goto fatal_err;
-                }
-        } else {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                al = SSL_AD_UNSUPPORTED_CERTIFICATE;
-                goto fatal_err;
-        }
-
-        ret = 1;
-        if (0) {
- decode_err:
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- fatal_err:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        }
- end:
-        tls1_transcript_free(s);
- err:
-        EVP_MD_CTX_free(mctx);
-
-        return (ret);
-}
-
-static int
-ssl3_get_client_certificate(SSL *s)
-{
-        CBS cbs, cert_list, cert_data;
-        STACK_OF(X509) *certs = NULL;
-        X509 *cert = NULL;
-        const uint8_t *p;
-        int al, ret;
-
-        if ((ret = ssl3_get_message(s, SSL3_ST_SR_CERT_A, SSL3_ST_SR_CERT_B,
-            -1, s->max_cert_list)) <= 0)
-                return ret;
-
-        ret = -1;
-
-        if (s->s3->hs.tls12.message_type == SSL3_MT_CLIENT_KEY_EXCHANGE) {
-                if ((s->verify_mode & SSL_VERIFY_PEER) &&
-                    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-                        SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                        al = SSL_AD_HANDSHAKE_FAILURE;
-                        goto fatal_err;
-                }
-
-                /*
-                 * If we asked for a client certificate and the client has none,
-                 * it must respond with a certificate list of length zero.
-                 */
-                if (s->s3->hs.tls12.cert_request != 0) {
-                        SSLerror(s, SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST);
-                        al = SSL_AD_UNEXPECTED_MESSAGE;
-                        goto fatal_err;
-                }
-                s->s3->hs.tls12.reuse_message = 1;
-                return (1);
-        }
-
-        if (s->s3->hs.tls12.message_type != SSL3_MT_CERTIFICATE) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_WRONG_MESSAGE_TYPE);
-                goto fatal_err;
-        }
-
-        if (s->init_num < 0)
-                goto decode_err;
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        if (!CBS_get_u24_length_prefixed(&cbs, &cert_list))
-                goto decode_err;
-        if (CBS_len(&cbs) != 0)
-                goto decode_err;
-
-        /*
-         * A TLS client must send an empty certificate list, if no suitable
-         * certificate is available (rather than omitting the Certificate
-         * handshake message) - see RFC 5246 section 7.4.6.
-         */
-        if (CBS_len(&cert_list) == 0) {
-                if ((s->verify_mode & SSL_VERIFY_PEER) &&
-                    (s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) {
-                        SSLerror(s, SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE);
-                        al = SSL_AD_HANDSHAKE_FAILURE;
-                        goto fatal_err;
-                }
-                /* No client certificate so free transcript. */
-                tls1_transcript_free(s);
-                goto done;
-        }
-
-        if ((certs = sk_X509_new_null()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-
-        while (CBS_len(&cert_list) > 0) {
-                if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
-                        goto decode_err;
-                p = CBS_data(&cert_data);
-                if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL) {
-                        SSLerror(s, ERR_R_ASN1_LIB);
-                        goto err;
-                }
-                if (p != CBS_data(&cert_data) + CBS_len(&cert_data))
-                        goto decode_err;
-                if (!sk_X509_push(certs, cert)) {
-                        SSLerror(s, ERR_R_MALLOC_FAILURE);
-                        goto err;
-                }
-                cert = NULL;
-        }
-
-        if (ssl_verify_cert_chain(s, certs) <= 0) {
-                al = ssl_verify_alarm_type(s->verify_result);
-                SSLerror(s, SSL_R_NO_CERTIFICATE_RETURNED);
-                goto fatal_err;
-        }
-        s->session->verify_result = s->verify_result;
-        ERR_clear_error();
-
-        if (!tls_process_peer_certs(s, certs))
-                goto err;
-
- done:
-        ret = 1;
-        if (0) {
- decode_err:
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_PACKET_LENGTH);
- fatal_err:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        }
- err:
-        sk_X509_pop_free(certs, X509_free);
-        X509_free(cert);
-
-        return (ret);
-}
-
-static int
-ssl3_send_server_certificate(SSL *s)
-{
-        CBB cbb, server_cert;
-        SSL_CERT_PKEY *cpk;
-
-        /*
-         * Server Certificate - RFC 5246, section 7.4.2.
-         */
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_CERT_A) {
-                if ((cpk = ssl_get_server_send_pkey(s)) == NULL) {
-                        SSLerror(s, ERR_R_INTERNAL_ERROR);
-                        return (0);
-                }
-
-                if (!ssl3_handshake_msg_start(s, &cbb, &server_cert,
-                    SSL3_MT_CERTIFICATE))
-                        goto err;
-                if (!ssl3_output_cert_chain(s, &server_cert, cpk))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_CERT_B;
-        }
-
-        /* SSL3_ST_SW_CERT_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (0);
-}
-
-/* send a new session ticket (not necessarily for a new session) */
-static int
-ssl3_send_newsession_ticket(SSL *s)
-{
-        CBB cbb, session_ticket, ticket;
-        SSL_CTX *tctx = s->initial_ctx;
-        size_t enc_session_len, enc_session_max_len, hmac_len;
-        size_t session_len = 0;
-        unsigned char *enc_session = NULL, *session = NULL;
-        unsigned char iv[EVP_MAX_IV_LENGTH];
-        unsigned char key_name[16];
-        unsigned char *hmac;
-        unsigned int hlen;
-        EVP_CIPHER_CTX *ctx = NULL;
-        HMAC_CTX *hctx = NULL;
-        int iv_len, len;
-
-        /*
-         * New Session Ticket - RFC 5077, section 3.3.
-         */
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
-                goto err;
-        if ((hctx = HMAC_CTX_new()) == NULL)
-                goto err;
-
-        if (s->s3->hs.state == SSL3_ST_SW_SESSION_TICKET_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &session_ticket,
-                    SSL3_MT_NEWSESSION_TICKET))
-                        goto err;
-
-                if (!SSL_SESSION_ticket(s->session, &session, &session_len))
-                        goto err;
-                if (session_len > 0xffff)
-                        goto err;
-
-                /*
-                 * Initialize HMAC and cipher contexts. If callback is present
-                 * it does all the work, otherwise use generated values from
-                 * parent context.
-                 */
-                if (tctx->tlsext_ticket_key_cb != NULL) {
-                        if (tctx->tlsext_ticket_key_cb(s,
-                            key_name, iv, ctx, hctx, 1) < 0)
-                                goto err;
-                } else {
-                        arc4random_buf(iv, 16);
-                        EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL,
-                            tctx->tlsext_tick_aes_key, iv);
-                        HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-                            16, EVP_sha256(), NULL);
-                        memcpy(key_name, tctx->tlsext_tick_key_name, 16);
-                }
-
-                /* Encrypt the session state. */
-                enc_session_max_len = session_len + EVP_MAX_BLOCK_LENGTH;
-                if ((enc_session = calloc(1, enc_session_max_len)) == NULL)
-                        goto err;
-                enc_session_len = 0;
-                if (!EVP_EncryptUpdate(ctx, enc_session, &len, session,
-                    session_len))
-                        goto err;
-                enc_session_len += len;
-                if (!EVP_EncryptFinal_ex(ctx, enc_session + enc_session_len,
-                    &len))
-                        goto err;
-                enc_session_len += len;
-
-                if (enc_session_len > enc_session_max_len)
-                        goto err;
-
-                /* Generate the HMAC. */
-                if (!HMAC_Update(hctx, key_name, sizeof(key_name)))
-                        goto err;
-                if (!HMAC_Update(hctx, iv, EVP_CIPHER_CTX_iv_length(ctx)))
-                        goto err;
-                if (!HMAC_Update(hctx, enc_session, enc_session_len))
-                        goto err;
-
-                if ((hmac_len = HMAC_size(hctx)) <= 0)
-                        goto err;
-
-                /*
-                 * Ticket lifetime hint (advisory only):
-                 * We leave this unspecified for resumed session
-                 * (for simplicity), and guess that tickets for new
-                 * sessions will live as long as their sessions.
-                 */
-                if (!CBB_add_u32(&session_ticket,
-                    s->hit ? 0 : s->session->timeout))
-                        goto err;
-
-                if (!CBB_add_u16_length_prefixed(&session_ticket, &ticket))
-                        goto err;
-                if (!CBB_add_bytes(&ticket, key_name, sizeof(key_name)))
-                        goto err;
-                if ((iv_len = EVP_CIPHER_CTX_iv_length(ctx)) < 0)
-                        goto err;
-                if (!CBB_add_bytes(&ticket, iv, iv_len))
-                        goto err;
-                if (!CBB_add_bytes(&ticket, enc_session, enc_session_len))
-                        goto err;
-                if (!CBB_add_space(&ticket, &hmac, hmac_len))
-                        goto err;
-
-                if (!HMAC_Final(hctx, hmac, &hlen))
-                        goto err;
-                if (hlen != hmac_len)
-                        goto err;
-
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_SESSION_TICKET_B;
-        }
-
-        EVP_CIPHER_CTX_free(ctx);
-        HMAC_CTX_free(hctx);
-        freezero(session, session_len);
-        free(enc_session);
-
-        /* SSL3_ST_SW_SESSION_TICKET_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-        EVP_CIPHER_CTX_free(ctx);
-        HMAC_CTX_free(hctx);
-        freezero(session, session_len);
-        free(enc_session);
-
-        return (-1);
-}
-
-static int
-ssl3_send_cert_status(SSL *s)
-{
-        CBB cbb, certstatus, ocspresp;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_CERT_STATUS_A) {
-                if (!ssl3_handshake_msg_start(s, &cbb, &certstatus,
-                    SSL3_MT_CERTIFICATE_STATUS))
-                        goto err;
-                if (!CBB_add_u8(&certstatus, s->tlsext_status_type))
-                        goto err;
-                if (!CBB_add_u24_length_prefixed(&certstatus, &ocspresp))
-                        goto err;
-                if (!CBB_add_bytes(&ocspresp, s->tlsext_ocsp_resp,
-                    s->tlsext_ocsp_resp_len))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_CERT_STATUS_B;
-        }
-
-        /* SSL3_ST_SW_CERT_STATUS_B */
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
-
-static int
-ssl3_send_server_change_cipher_spec(SSL *s)
-{
-        size_t outlen;
-        CBB cbb;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_CHANGE_A) {
-                if (!CBB_init_fixed(&cbb, s->init_buf->data,
-                    s->init_buf->length))
-                        goto err;
-                if (!CBB_add_u8(&cbb, SSL3_MT_CCS))
-                        goto err;
-                if (!CBB_finish(&cbb, NULL, &outlen))
-                        goto err;
-
-                if (outlen > INT_MAX)
-                        goto err;
-
-                s->init_num = (int)outlen;
-                s->init_off = 0;
-
-                if (SSL_is_dtls(s)) {
-                        s->d1->handshake_write_seq =
-                            s->d1->next_handshake_write_seq;
-                        dtls1_set_message_header_int(s, SSL3_MT_CCS, 0,
-                            s->d1->handshake_write_seq, 0, 0);
-                        dtls1_buffer_message(s, 1);
-                }
-
-                s->s3->hs.state = SSL3_ST_SW_CHANGE_B;
-        }
-
-        /* SSL3_ST_SW_CHANGE_B */
-        return ssl3_record_write(s, SSL3_RT_CHANGE_CIPHER_SPEC);
-
- err:
-        CBB_cleanup(&cbb);
-
-        return -1;
-}
-
-static int
-ssl3_get_client_finished(SSL *s)
-{
-        int al, md_len, ret;
-        CBS cbs;
-
-        /* should actually be 36+4 :-) */
-        if ((ret = ssl3_get_message(s, SSL3_ST_SR_FINISHED_A,
-            SSL3_ST_SR_FINISHED_B, SSL3_MT_FINISHED, 64)) <= 0)
-                return ret;
-
-        /* If this occurs, we have missed a message */
-        if (!s->s3->change_cipher_spec) {
-                al = SSL_AD_UNEXPECTED_MESSAGE;
-                SSLerror(s, SSL_R_GOT_A_FIN_BEFORE_A_CCS);
-                goto fatal_err;
-        }
-        s->s3->change_cipher_spec = 0;
-
-        md_len = TLS1_FINISH_MAC_LENGTH;
-
-        if (s->init_num < 0) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
-                goto fatal_err;
-        }
-
-        CBS_init(&cbs, s->init_msg, s->init_num);
-
-        if (s->s3->hs.peer_finished_len != md_len ||
-            CBS_len(&cbs) != md_len) {
-                al = SSL_AD_DECODE_ERROR;
-                SSLerror(s, SSL_R_BAD_DIGEST_LENGTH);
-                goto fatal_err;
-        }
-
-        if (!CBS_mem_equal(&cbs, s->s3->hs.peer_finished, CBS_len(&cbs))) {
-                al = SSL_AD_DECRYPT_ERROR;
-                SSLerror(s, SSL_R_DIGEST_CHECK_FAILED);
-                goto fatal_err;
-        }
-
-        /* Copy finished so we can use it for renegotiation checks. */
-        OPENSSL_assert(md_len <= EVP_MAX_MD_SIZE);
-        memcpy(s->s3->previous_client_finished,
-            s->s3->hs.peer_finished, md_len);
-        s->s3->previous_client_finished_len = md_len;
-
-        return (1);
- fatal_err:
-        ssl3_send_alert(s, SSL3_AL_FATAL, al);
-        return (0);
-}
-
-static int
-ssl3_send_server_finished(SSL *s)
-{
-        CBB cbb, finished;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (s->s3->hs.state == SSL3_ST_SW_FINISHED_A) {
-                if (!tls12_derive_finished(s))
-                        goto err;
-
-                /* Copy finished so we can use it for renegotiation checks. */
-                memcpy(s->s3->previous_server_finished,
-                    s->s3->hs.finished, s->s3->hs.finished_len);
-                s->s3->previous_server_finished_len = s->s3->hs.finished_len;
-
-                if (!ssl3_handshake_msg_start(s, &cbb, &finished,
-                    SSL3_MT_FINISHED))
-                        goto err;
-                if (!CBB_add_bytes(&finished, s->s3->hs.finished,
-                    s->s3->hs.finished_len))
-                        goto err;
-                if (!ssl3_handshake_msg_finish(s, &cbb))
-                        goto err;
-
-                s->s3->hs.state = SSL3_ST_SW_FINISHED_B;
-        }
-
-        return (ssl3_handshake_write(s));
-
- err:
-        CBB_cleanup(&cbb);
-
-        return (-1);
-}
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c
deleted file mode 100644
index b19944ca83..0000000000
--- a/src/lib/libssl/ssl_stat.c
+++ /dev/null
@@ -1,596 +0,0 @@
-/* $OpenBSD: ssl_stat.c,v 1.23 2024/10/12 03:54:18 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-
-#include "ssl_local.h"
-
-const char *
-SSL_state_string_long(const SSL *s)
-{
-        switch (s->s3->hs.state) {
-        case SSL_ST_BEFORE:
-                return "before SSL initialization";
-        case SSL_ST_ACCEPT:
-                return "before accept initialization";
-        case SSL_ST_CONNECT:
-                return "before connect initialization";
-        case SSL_ST_OK:
-                return "SSL negotiation finished successfully";
-        case SSL_ST_RENEGOTIATE:
-                return "SSL renegotiate ciphers";
-        case SSL_ST_BEFORE|SSL_ST_CONNECT:
-                return "before/connect initialization";
-        case SSL_ST_OK|SSL_ST_CONNECT:
-                return "ok/connect SSL initialization";
-        case SSL_ST_BEFORE|SSL_ST_ACCEPT:
-                return "before/accept initialization";
-        case SSL_ST_OK|SSL_ST_ACCEPT:
-                return "ok/accept SSL initialization";
-
-        /* SSLv3 additions */
-        case SSL3_ST_CW_CLNT_HELLO_A:
-                return "SSLv3 write client hello A";
-        case SSL3_ST_CW_CLNT_HELLO_B:
-                return "SSLv3 write client hello B";
-        case SSL3_ST_CR_SRVR_HELLO_A:
-                return "SSLv3 read server hello A";
-        case SSL3_ST_CR_SRVR_HELLO_B:
-                return "SSLv3 read server hello B";
-        case SSL3_ST_CR_CERT_A:
-                return "SSLv3 read server certificate A";
-        case SSL3_ST_CR_CERT_B:
-                return "SSLv3 read server certificate B";
-        case SSL3_ST_CR_KEY_EXCH_A:
-                return "SSLv3 read server key exchange A";
-        case SSL3_ST_CR_KEY_EXCH_B:
-                return "SSLv3 read server key exchange B";
-        case SSL3_ST_CR_CERT_REQ_A:
-                return "SSLv3 read server certificate request A";
-        case SSL3_ST_CR_CERT_REQ_B:
-                return "SSLv3 read server certificate request B";
-        case SSL3_ST_CR_SESSION_TICKET_A:
-                return "SSLv3 read server session ticket A";
-        case SSL3_ST_CR_SESSION_TICKET_B:
-                return "SSLv3 read server session ticket B";
-        case SSL3_ST_CR_SRVR_DONE_A:
-                return "SSLv3 read server done A";
-        case SSL3_ST_CR_SRVR_DONE_B:
-                return "SSLv3 read server done B";
-        case SSL3_ST_CW_CERT_A:
-                return "SSLv3 write client certificate A";
-        case SSL3_ST_CW_CERT_B:
-                return "SSLv3 write client certificate B";
-        case SSL3_ST_CW_CERT_C:
-                return "SSLv3 write client certificate C";
-        case SSL3_ST_CW_CERT_D:
-                return "SSLv3 write client certificate D";
-        case SSL3_ST_CW_KEY_EXCH_A:
-                return "SSLv3 write client key exchange A";
-        case SSL3_ST_CW_KEY_EXCH_B:
-                return "SSLv3 write client key exchange B";
-        case SSL3_ST_CW_CERT_VRFY_A:
-                return "SSLv3 write certificate verify A";
-        case SSL3_ST_CW_CERT_VRFY_B:
-                return "SSLv3 write certificate verify B";
-
-        case SSL3_ST_CW_CHANGE_A:
-        case SSL3_ST_SW_CHANGE_A:
-                return "SSLv3 write change cipher spec A";
-        case SSL3_ST_CW_CHANGE_B:
-        case SSL3_ST_SW_CHANGE_B:
-                return "SSLv3 write change cipher spec B";
-        case SSL3_ST_CW_FINISHED_A:
-        case SSL3_ST_SW_FINISHED_A:
-                return "SSLv3 write finished A";
-        case SSL3_ST_CW_FINISHED_B:
-        case SSL3_ST_SW_FINISHED_B:
-                return "SSLv3 write finished B";
-        case SSL3_ST_CR_CHANGE_A:
-        case SSL3_ST_SR_CHANGE_A:
-                return "SSLv3 read change cipher spec A";
-        case SSL3_ST_CR_CHANGE_B:
-        case SSL3_ST_SR_CHANGE_B:
-                return "SSLv3 read change cipher spec B";
-        case SSL3_ST_CR_FINISHED_A:
-        case SSL3_ST_SR_FINISHED_A:
-                return "SSLv3 read finished A";
-        case SSL3_ST_CR_FINISHED_B:
-        case SSL3_ST_SR_FINISHED_B:
-                return "SSLv3 read finished B";
-
-        case SSL3_ST_CW_FLUSH:
-        case SSL3_ST_SW_FLUSH:
-                return "SSLv3 flush data";
-
-        case SSL3_ST_SR_CLNT_HELLO_A:
-                return "SSLv3 read client hello A";
-        case SSL3_ST_SR_CLNT_HELLO_B:
-                return "SSLv3 read client hello B";
-        case SSL3_ST_SR_CLNT_HELLO_C:
-                return "SSLv3 read client hello C";
-        case SSL3_ST_SW_HELLO_REQ_A:
-                return "SSLv3 write hello request A";
-        case SSL3_ST_SW_HELLO_REQ_B:
-                return "SSLv3 write hello request B";
-        case SSL3_ST_SW_HELLO_REQ_C:
-                return "SSLv3 write hello request C";
-        case SSL3_ST_SW_SRVR_HELLO_A:
-                return "SSLv3 write server hello A";
-        case SSL3_ST_SW_SRVR_HELLO_B:
-                return "SSLv3 write server hello B";
-        case SSL3_ST_SW_CERT_A:
-                return "SSLv3 write certificate A";
-        case SSL3_ST_SW_CERT_B:
-                return "SSLv3 write certificate B";
-        case SSL3_ST_SW_KEY_EXCH_A:
-                return "SSLv3 write key exchange A";
-        case SSL3_ST_SW_KEY_EXCH_B:
-                return "SSLv3 write key exchange B";
-        case SSL3_ST_SW_CERT_REQ_A:
-                return "SSLv3 write certificate request A";
-        case SSL3_ST_SW_CERT_REQ_B:
-                return "SSLv3 write certificate request B";
-        case SSL3_ST_SW_SESSION_TICKET_A:
-                return "SSLv3 write session ticket A";
-        case SSL3_ST_SW_SESSION_TICKET_B:
-                return "SSLv3 write session ticket B";
-        case SSL3_ST_SW_SRVR_DONE_A:
-                return "SSLv3 write server done A";
-        case SSL3_ST_SW_SRVR_DONE_B:
-                return "SSLv3 write server done B";
-        case SSL3_ST_SR_CERT_A:
-                return "SSLv3 read client certificate A";
-        case SSL3_ST_SR_CERT_B:
-                return "SSLv3 read client certificate B";
-        case SSL3_ST_SR_KEY_EXCH_A:
-                return "SSLv3 read client key exchange A";
-        case SSL3_ST_SR_KEY_EXCH_B:
-                return "SSLv3 read client key exchange B";
-        case SSL3_ST_SR_CERT_VRFY_A:
-                return "SSLv3 read certificate verify A";
-        case SSL3_ST_SR_CERT_VRFY_B:
-                return "SSLv3 read certificate verify B";
-
-        /* DTLS */
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-                return "DTLS1 read hello verify request A";
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-                return "DTLS1 read hello verify request B";
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-                return "DTLS1 write hello verify request A";
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-                return "DTLS1 write hello verify request B";
-
-        default:
-                return "unknown state";
-        }
-}
-LSSL_ALIAS(SSL_state_string_long);
-
-const char *
-SSL_rstate_string_long(const SSL *s)
-{
-        switch (s->rstate) {
-        case SSL_ST_READ_HEADER:
-                return "read header";
-        case SSL_ST_READ_BODY:
-                return "read body";
-        case SSL_ST_READ_DONE:
-                return "read done";
-        default:
-                return "unknown";
-        }
-}
-LSSL_ALIAS(SSL_rstate_string_long);
-
-const char *
-SSL_state_string(const SSL *s)
-{
-        switch (s->s3->hs.state) {
-        case SSL_ST_BEFORE:
-                return "PINIT ";
-        case SSL_ST_ACCEPT:
-                return "AINIT ";
-        case SSL_ST_CONNECT:
-                return "CINIT ";
-        case SSL_ST_OK:
-                return "SSLOK ";
-
-        /* SSLv3 additions */
-        case SSL3_ST_SW_FLUSH:
-        case SSL3_ST_CW_FLUSH:
-                return "3FLUSH";
-        case SSL3_ST_CW_CLNT_HELLO_A:
-                return "3WCH_A";
-        case SSL3_ST_CW_CLNT_HELLO_B:
-                return "3WCH_B";
-        case SSL3_ST_CR_SRVR_HELLO_A:
-                return "3RSH_A";
-        case SSL3_ST_CR_SRVR_HELLO_B:
-                return "3RSH_B";
-        case SSL3_ST_CR_CERT_A:
-                return "3RSC_A";
-        case SSL3_ST_CR_CERT_B:
-                return "3RSC_B";
-        case SSL3_ST_CR_KEY_EXCH_A:
-                return "3RSKEA";
-        case SSL3_ST_CR_KEY_EXCH_B:
-                return "3RSKEB";
-        case SSL3_ST_CR_CERT_REQ_A:
-                return "3RCR_A";
-        case SSL3_ST_CR_CERT_REQ_B:
-                return "3RCR_B";
-        case SSL3_ST_CR_SRVR_DONE_A:
-                return "3RSD_A";
-        case SSL3_ST_CR_SRVR_DONE_B:
-                return "3RSD_B";
-        case SSL3_ST_CW_CERT_A:
-                return "3WCC_A";
-        case SSL3_ST_CW_CERT_B:
-                return "3WCC_B";
-        case SSL3_ST_CW_CERT_C:
-                return "3WCC_C";
-        case SSL3_ST_CW_CERT_D:
-                return "3WCC_D";
-        case SSL3_ST_CW_KEY_EXCH_A:
-                return "3WCKEA";
-        case SSL3_ST_CW_KEY_EXCH_B:
-                return "3WCKEB";
-        case SSL3_ST_CW_CERT_VRFY_A:
-                return "3WCV_A";
-        case SSL3_ST_CW_CERT_VRFY_B:
-                return "3WCV_B";
-
-        case SSL3_ST_SW_CHANGE_A:
-        case SSL3_ST_CW_CHANGE_A:
-                return "3WCCSA";
-        case SSL3_ST_SW_CHANGE_B:
-        case SSL3_ST_CW_CHANGE_B:
-                return "3WCCSB";
-        case SSL3_ST_SW_FINISHED_A:
-        case SSL3_ST_CW_FINISHED_A:
-                return "3WFINA";
-        case SSL3_ST_SW_FINISHED_B:
-        case SSL3_ST_CW_FINISHED_B:
-                return "3WFINB";
-        case SSL3_ST_SR_CHANGE_A:
-        case SSL3_ST_CR_CHANGE_A:
-                return "3RCCSA";
-        case SSL3_ST_SR_CHANGE_B:
-        case SSL3_ST_CR_CHANGE_B:
-                return "3RCCSB";
-        case SSL3_ST_SR_FINISHED_A:
-        case SSL3_ST_CR_FINISHED_A:
-                return "3RFINA";
-        case SSL3_ST_SR_FINISHED_B:
-        case SSL3_ST_CR_FINISHED_B:
-                return "3RFINB";
-
-        case SSL3_ST_SW_HELLO_REQ_A:
-                return "3WHR_A";
-        case SSL3_ST_SW_HELLO_REQ_B:
-                return "3WHR_B";
-        case SSL3_ST_SW_HELLO_REQ_C:
-                return "3WHR_C";
-        case SSL3_ST_SR_CLNT_HELLO_A:
-                return "3RCH_A";
-        case SSL3_ST_SR_CLNT_HELLO_B:
-                return "3RCH_B";
-        case SSL3_ST_SR_CLNT_HELLO_C:
-                return "3RCH_C";
-        case SSL3_ST_SW_SRVR_HELLO_A:
-                return "3WSH_A";
-        case SSL3_ST_SW_SRVR_HELLO_B:
-                return "3WSH_B";
-        case SSL3_ST_SW_CERT_A:
-                return "3WSC_A";
-        case SSL3_ST_SW_CERT_B:
-                return "3WSC_B";
-        case SSL3_ST_SW_KEY_EXCH_A:
-                return "3WSKEA";
-        case SSL3_ST_SW_KEY_EXCH_B:
-                return "3WSKEB";
-        case SSL3_ST_SW_CERT_REQ_A:
-                return "3WCR_A";
-        case SSL3_ST_SW_CERT_REQ_B:
-                return "3WCR_B";
-        case SSL3_ST_SW_SRVR_DONE_A:
-                return "3WSD_A";
-        case SSL3_ST_SW_SRVR_DONE_B:
-                return "3WSD_B";
-        case SSL3_ST_SR_CERT_A:
-                return "3RCC_A";
-        case SSL3_ST_SR_CERT_B:
-                return "3RCC_B";
-        case SSL3_ST_SR_KEY_EXCH_A:
-                return "3RCKEA";
-        case SSL3_ST_SR_KEY_EXCH_B:
-                return "3RCKEB";
-        case SSL3_ST_SR_CERT_VRFY_A:
-                return "3RCV_A";
-        case SSL3_ST_SR_CERT_VRFY_B:
-                return "3RCV_B";
-
-        /* DTLS */
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_A:
-                return "DRCHVA";
-        case DTLS1_ST_CR_HELLO_VERIFY_REQUEST_B:
-                return "DRCHVB";
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_A:
-                return "DWCHVA";
-        case DTLS1_ST_SW_HELLO_VERIFY_REQUEST_B:
-                return "DWCHVB";
-
-        default:
-                return "UNKWN ";
-        }
-}
-LSSL_ALIAS(SSL_state_string);
-
-const char *
-SSL_alert_type_string_long(int value)
-{
-        value >>= 8;
-        if (value == SSL3_AL_WARNING)
-                return "warning";
-        else if (value == SSL3_AL_FATAL)
-                return "fatal";
-        else
-                return "unknown";
-}
-LSSL_ALIAS(SSL_alert_type_string_long);
-
-const char *
-SSL_alert_type_string(int value)
-{
-        value >>= 8;
-        if (value == SSL3_AL_WARNING)
-                return "W";
-        else if (value == SSL3_AL_FATAL)
-                return "F";
-        else
-                return "U";
-}
-LSSL_ALIAS(SSL_alert_type_string);
-
-const char *
-SSL_alert_desc_string(int value)
-{
-        switch (value & 0xff) {
-        case SSL_AD_CLOSE_NOTIFY:
-                return "CN";
-        case SSL_AD_UNEXPECTED_MESSAGE:
-                return "UM";
-        case SSL_AD_BAD_RECORD_MAC:
-                return "BM";
-        case SSL_AD_RECORD_OVERFLOW:
-                return "RO";
-        case SSL_AD_DECOMPRESSION_FAILURE:
-                return "DF";
-        case SSL_AD_HANDSHAKE_FAILURE:
-                return "HF";
-        case SSL_AD_BAD_CERTIFICATE:
-                return "BC";
-        case SSL_AD_UNSUPPORTED_CERTIFICATE:
-                return "UC";
-        case SSL_AD_CERTIFICATE_REVOKED:
-                return "CR";
-        case SSL_AD_CERTIFICATE_EXPIRED:
-                return "CE";
-        case SSL_AD_CERTIFICATE_UNKNOWN:
-                return "CU";
-        case SSL_AD_ILLEGAL_PARAMETER:
-                return "IP";
-        case SSL_AD_UNKNOWN_CA:
-                return "CA";
-        case SSL_AD_ACCESS_DENIED:
-                return "AD";
-        case SSL_AD_DECODE_ERROR:
-                return "DE";
-        case SSL_AD_DECRYPT_ERROR:
-                return "CY";
-        case SSL_AD_PROTOCOL_VERSION:
-                return "PV";
-        case SSL_AD_INSUFFICIENT_SECURITY:
-                return "IS";
-        case SSL_AD_INTERNAL_ERROR:
-                return "IE";
-        case SSL_AD_INAPPROPRIATE_FALLBACK:
-                return "IF";
-        case SSL_AD_USER_CANCELLED:
-                return "US";
-        case SSL_AD_NO_RENEGOTIATION:
-                return "NR";
-        case SSL_AD_MISSING_EXTENSION:
-                return "ME";
-        case SSL_AD_UNSUPPORTED_EXTENSION:
-                return "UE";
-        case SSL_AD_CERTIFICATE_UNOBTAINABLE:
-                return "CO";
-        case SSL_AD_UNRECOGNIZED_NAME:
-                return "UN";
-        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-                return "BR";
-        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
-                return "BH";
-        case SSL_AD_UNKNOWN_PSK_IDENTITY:
-                return "UP";
-        case SSL_AD_CERTIFICATE_REQUIRED:
-                return "CQ"; /* XXX */
-        case SSL_AD_NO_APPLICATION_PROTOCOL:
-                return "AP";
-        default:
-                return "UK";
-        }
-}
-LSSL_ALIAS(SSL_alert_desc_string);
-
-const char *
-SSL_alert_desc_string_long(int value)
-{
-        switch (value & 0xff) {
-        case SSL_AD_CLOSE_NOTIFY:
-                return "close notify";
-        case SSL_AD_UNEXPECTED_MESSAGE:
-                return "unexpected_message";
-        case SSL_AD_BAD_RECORD_MAC:
-                return "bad record mac";
-        case SSL_AD_RECORD_OVERFLOW:
-                return "record overflow";
-        case SSL_AD_DECOMPRESSION_FAILURE:
-                return "decompression failure";
-        case SSL_AD_HANDSHAKE_FAILURE:
-                return "handshake failure";
-        case SSL_AD_BAD_CERTIFICATE:
-                return "bad certificate";
-        case SSL_AD_UNSUPPORTED_CERTIFICATE:
-                return "unsupported certificate";
-        case SSL_AD_CERTIFICATE_REVOKED:
-                return "certificate revoked";
-        case SSL_AD_CERTIFICATE_EXPIRED:
-                return "certificate expired";
-        case SSL_AD_CERTIFICATE_UNKNOWN:
-                return "certificate unknown";
-        case SSL_AD_ILLEGAL_PARAMETER:
-                return "illegal parameter";
-        case SSL_AD_UNKNOWN_CA:
-                return "unknown CA";
-        case SSL_AD_ACCESS_DENIED:
-                return "access denied";
-        case SSL_AD_DECODE_ERROR:
-                return "decode error";
-        case SSL_AD_DECRYPT_ERROR:
-                return "decrypt error";
-        case SSL_AD_PROTOCOL_VERSION:
-                return "protocol version";
-        case SSL_AD_INSUFFICIENT_SECURITY:
-                return "insufficient security";
-        case SSL_AD_INTERNAL_ERROR:
-                return "internal error";
-        case SSL_AD_INAPPROPRIATE_FALLBACK:
-                return "inappropriate fallback";
-        case SSL_AD_USER_CANCELLED:
-                return "user canceled";
-        case SSL_AD_NO_RENEGOTIATION:
-                return "no renegotiation";
-        case SSL_AD_MISSING_EXTENSION:
-                return "missing extension";
-        case SSL_AD_UNSUPPORTED_EXTENSION:
-                return "unsupported extension";
-        case SSL_AD_CERTIFICATE_UNOBTAINABLE:
-                return "certificate unobtainable";
-        case SSL_AD_UNRECOGNIZED_NAME:
-                return "unrecognized name";
-        case SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE:
-                return "bad certificate status response";
-        case SSL_AD_BAD_CERTIFICATE_HASH_VALUE:
-                return "bad certificate hash value";
-        case SSL_AD_UNKNOWN_PSK_IDENTITY:
-                return "unknown PSK identity";
-        case SSL_AD_CERTIFICATE_REQUIRED:
-                return "certificate required";
-        case SSL_AD_NO_APPLICATION_PROTOCOL:
-                return "no application protocol";
-        default:
-                return "unknown";
-        }
-}
-LSSL_ALIAS(SSL_alert_desc_string_long);
-
-const char *
-SSL_rstate_string(const SSL *s)
-{
-        switch (s->rstate) {
-        case SSL_ST_READ_HEADER:
-                return "RH";
-        case SSL_ST_READ_BODY:
-                return "RB";
-        case SSL_ST_READ_DONE:
-                return "RD";
-        default:
-                return "unknown";
-        }
-}
-LSSL_ALIAS(SSL_rstate_string);
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
deleted file mode 100644
index 08bf5593ec..0000000000
--- a/src/lib/libssl/ssl_tlsext.c
+++ /dev/null
@@ -1,2745 +0,0 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.154 2024/07/09 12:27:27 beck Exp $ */
-/*
- * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
- * Copyright (c) 2018-2019, 2024 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <sys/socket.h>
-
-#include <arpa/inet.h>
-#include <netinet/in.h>
-
-#include <ctype.h>
-
-#include <openssl/ocsp.h>
-#include <openssl/opensslconf.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-
-#define TLSEXT_TYPE_alpn TLSEXT_TYPE_application_layer_protocol_negotiation
-#define TLSEXT_MAX_SUPPORTED_GROUPS 64
-
-/*
- * Supported Application-Layer Protocol Negotiation - RFC 7301
- */
-
-static int
-tlsext_alpn_client_needs(SSL *s, uint16_t msg_type)
-{
-        /* ALPN protos have been specified and this is the initial handshake */
-        return s->alpn_client_proto_list != NULL &&
-            s->s3->hs.finished_len == 0;
-}
-
-static int
-tlsext_alpn_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB protolist;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &protolist))
-                return 0;
-
-        if (!CBB_add_bytes(&protolist, s->alpn_client_proto_list,
-            s->alpn_client_proto_list_len))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-tlsext_alpn_check_format(CBS *cbs)
-{
-        CBS proto_name_list;
-
-        if (CBS_len(cbs) == 0)
-                return 0;
-
-        CBS_dup(cbs, &proto_name_list);
-        while (CBS_len(&proto_name_list) > 0) {
-                CBS proto_name;
-
-                if (!CBS_get_u8_length_prefixed(&proto_name_list, &proto_name))
-                        return 0;
-                if (CBS_len(&proto_name) == 0)
-                        return 0;
-        }
-
-        return 1;
-}
-
-static int
-tlsext_alpn_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS alpn, selected_cbs;
-        const unsigned char *selected;
-        unsigned char selected_len;
-        int r;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &alpn))
-                return 0;
-        if (!tlsext_alpn_check_format(&alpn))
-                return 0;
-
-        if (s->ctx->alpn_select_cb == NULL)
-                return 1;
-
-        /*
-         * XXX - A few things should be considered here:
-         * 1. Ensure that the same protocol is selected on session resumption.
-         * 2. Should the callback be called even if no ALPN extension was sent?
-         * 3. TLSv1.2 and earlier: ensure that SNI has already been processed.
-         */
-        r = s->ctx->alpn_select_cb(s, &selected, &selected_len,
-            CBS_data(&alpn), CBS_len(&alpn), s->ctx->alpn_select_cb_arg);
-
-        if (r == SSL_TLSEXT_ERR_OK) {
-                CBS_init(&selected_cbs, selected, selected_len);
-
-                if (!CBS_stow(&selected_cbs, &s->s3->alpn_selected,
-                    &s->s3->alpn_selected_len)) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-
-                return 1;
-        }
-
-        /* On SSL_TLSEXT_ERR_NOACK behave as if no callback was present. */
-        if (r == SSL_TLSEXT_ERR_NOACK)
-                return 1;
-
-        *alert = SSL_AD_NO_APPLICATION_PROTOCOL;
-        SSLerror(s, SSL_R_NO_APPLICATION_PROTOCOL);
-
-        return 0;
-}
-
-static int
-tlsext_alpn_server_needs(SSL *s, uint16_t msg_type)
-{
-        return s->s3->alpn_selected != NULL;
-}
-
-static int
-tlsext_alpn_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB list, selected;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &list))
-                return 0;
-
-        if (!CBB_add_u8_length_prefixed(&list, &selected))
-                return 0;
-
-        if (!CBB_add_bytes(&selected, s->s3->alpn_selected,
-            s->s3->alpn_selected_len))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_alpn_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS list, proto;
-
-        if (s->alpn_client_proto_list == NULL) {
-                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-        }
-
-        if (!CBS_get_u16_length_prefixed(cbs, &list))
-                return 0;
-
-        if (!CBS_get_u8_length_prefixed(&list, &proto))
-                return 0;
-
-        if (CBS_len(&list) != 0)
-                return 0;
-        if (CBS_len(&proto) == 0)
-                return 0;
-
-        if (!CBS_stow(&proto, &s->s3->alpn_selected, &s->s3->alpn_selected_len))
-                return 0;
-
-        return 1;
-}
-
-/*
- * Supported Groups - RFC 7919 section 2
- */
-static int
-tlsext_supportedgroups_client_needs(SSL *s, uint16_t msg_type)
-{
-        return ssl_has_ecc_ciphers(s) ||
-            (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
-}
-
-static int
-tlsext_supportedgroups_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        const uint16_t *groups;
-        size_t groups_len;
-        CBB grouplist;
-        int i;
-
-        tls1_get_group_list(s, 0, &groups, &groups_len);
-        if (groups_len == 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return 0;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cbb, &grouplist))
-                return 0;
-
-        for (i = 0; i < groups_len; i++) {
-                if (!ssl_security_supported_group(s, groups[i]))
-                        continue;
-                if (!CBB_add_u16(&grouplist, groups[i]))
-                        return 0;
-        }
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_supportedgroups_server_process(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert)
-{
-        uint16_t *groups = NULL;
-        size_t groups_len;
-        CBS grouplist;
-        int i, j;
-        int ret = 0;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &grouplist))
-                goto err;
-
-        groups_len = CBS_len(&grouplist);
-        if (groups_len == 0 || groups_len % 2 != 0)
-                goto err;
-        groups_len /= 2;
-
-        if (groups_len > TLSEXT_MAX_SUPPORTED_GROUPS)
-                goto err;
-
-        if (s->hit)
-                goto done;
-
-        if (s->s3->hs.tls13.hrr) {
-                if (s->session->tlsext_supportedgroups == NULL) {
-                        *alert = SSL_AD_HANDSHAKE_FAILURE;
-                        return 0;
-                }
-
-                /*
-                 * The ClientHello extension hashing ensures that the client
-                 * did not change its list of supported groups.
-                 */
-
-                goto done;
-        }
-
-        if (s->session->tlsext_supportedgroups != NULL)
-                goto err; /* XXX internal error? */
-
-        if ((groups = reallocarray(NULL, groups_len, sizeof(uint16_t))) == NULL) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                goto err;
-        }
-
-        for (i = 0; i < groups_len; i++) {
-                if (!CBS_get_u16(&grouplist, &groups[i]))
-                        goto err;
-                /*
-                 * Do not allow duplicate groups to be sent. This is not
-                 * currently specified in RFC 8446 or earlier, but there is no
-                 * legitimate justification for this to occur in TLS 1.2 or TLS
-                 * 1.3.
-                 */
-                for (j = 0; j < i; j++) {
-                        if (groups[i] == groups[j]) {
-                                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                                goto err;
-                        }
-                }
-        }
-
-        if (CBS_len(&grouplist) != 0)
-                goto err;
-
-        s->session->tlsext_supportedgroups = groups;
-        s->session->tlsext_supportedgroups_length = groups_len;
-        groups = NULL;
-
-
- done:
-        ret = 1;
-
- err:
-        free(groups);
-
-        return ret;
-}
-
-/* This extension is never used by the server. */
-static int
-tlsext_supportedgroups_server_needs(SSL *s, uint16_t msg_type)
-{
-        return 0;
-}
-
-static int
-tlsext_supportedgroups_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return 0;
-}
-
-static int
-tlsext_supportedgroups_client_process(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert)
-{
-        /*
-         * This extension is only allowed in TLSv1.3 encrypted extensions.
-         * It is not permitted in a ServerHello in any version of TLS.
-         */
-        if (msg_type != SSL_TLSEXT_MSG_EE)
-                return 0;
-
-        /*
-         * RFC 8446, section 4.2.7: TLSv1.3 servers can send this extension but
-         * clients must not act on it during the handshake. This allows servers
-         * to advertise their preferences for subsequent handshakes. We ignore
-         * this complication.
-         */
-        if (!CBS_skip(cbs, CBS_len(cbs))) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-
-        return 1;
-}
-
-/*
- * Supported Point Formats Extension - RFC 4492 section 5.1.2
- */
-static int
-tlsext_ecpf_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB ecpf;
-        size_t formats_len;
-        const uint8_t *formats;
-
-        tls1_get_formatlist(s, 0, &formats, &formats_len);
-
-        if (formats_len == 0) {
-                SSLerror(s, ERR_R_INTERNAL_ERROR);
-                return 0;
-        }
-
-        if (!CBB_add_u8_length_prefixed(cbb, &ecpf))
-                return 0;
-        if (!CBB_add_bytes(&ecpf, formats, formats_len))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_ecpf_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS ecpf;
-
-        if (!CBS_get_u8_length_prefixed(cbs, &ecpf))
-                return 0;
-        if (CBS_len(&ecpf) == 0)
-                return 0;
-
-        /* Must contain uncompressed (0) - RFC 8422, section 5.1.2. */
-        if (!CBS_contains_zero_byte(&ecpf)) {
-                SSLerror(s, SSL_R_TLS_INVALID_ECPOINTFORMAT_LIST);
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-
-        if (!s->hit) {
-                if (!CBS_stow(&ecpf, &(s->session->tlsext_ecpointformatlist),
-                    &(s->session->tlsext_ecpointformatlist_length))) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-        }
-
-        return 1;
-}
-
-static int
-tlsext_ecpf_client_needs(SSL *s, uint16_t msg_type)
-{
-        return ssl_has_ecc_ciphers(s);
-}
-
-static int
-tlsext_ecpf_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return tlsext_ecpf_build(s, msg_type, cbb);
-}
-
-static int
-tlsext_ecpf_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        return tlsext_ecpf_process(s, msg_type, cbs, alert);
-}
-
-static int
-tlsext_ecpf_server_needs(SSL *s, uint16_t msg_type)
-{
-        return ssl_using_ecc_cipher(s);
-}
-
-static int
-tlsext_ecpf_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return tlsext_ecpf_build(s, msg_type, cbb);
-}
-
-static int
-tlsext_ecpf_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        return tlsext_ecpf_process(s, msg_type, cbs, alert);
-}
-
-/*
- * Renegotiation Indication - RFC 5746.
- */
-static int
-tlsext_ri_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->renegotiate);
-}
-
-static int
-tlsext_ri_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB reneg;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &reneg))
-                return 0;
-        if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_ri_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS reneg;
-
-        if (!CBS_get_u8_length_prefixed(cbs, &reneg)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
-                return 0;
-        }
-
-        if (!CBS_mem_equal(&reneg, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
-                *alert = SSL_AD_HANDSHAKE_FAILURE;
-                return 0;
-        }
-
-        s->s3->renegotiate_seen = 1;
-        s->s3->send_connection_binding = 1;
-
-        return 1;
-}
-
-static int
-tlsext_ri_server_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.negotiated_tls_version < TLS1_3_VERSION &&
-            s->s3->send_connection_binding);
-}
-
-static int
-tlsext_ri_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB reneg;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &reneg))
-                return 0;
-        if (!CBB_add_bytes(&reneg, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len))
-                return 0;
-        if (!CBB_add_bytes(&reneg, s->s3->previous_server_finished,
-            s->s3->previous_server_finished_len))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_ri_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS reneg, prev_client, prev_server;
-
-        /*
-         * Ensure that the previous client and server values are both not
-         * present, or that they are both present.
-         */
-        if ((s->s3->previous_client_finished_len == 0 &&
-            s->s3->previous_server_finished_len != 0) ||
-            (s->s3->previous_client_finished_len != 0 &&
-            s->s3->previous_server_finished_len == 0)) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-
-        if (!CBS_get_u8_length_prefixed(cbs, &reneg)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
-                return 0;
-        }
-        if (!CBS_get_bytes(&reneg, &prev_client,
-            s->s3->previous_client_finished_len)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
-                return 0;
-        }
-        if (!CBS_get_bytes(&reneg, &prev_server,
-            s->s3->previous_server_finished_len)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
-                return 0;
-        }
-        if (CBS_len(&reneg) != 0) {
-                SSLerror(s, SSL_R_RENEGOTIATION_ENCODING_ERR);
-                return 0;
-        }
-
-        if (!CBS_mem_equal(&prev_client, s->s3->previous_client_finished,
-            s->s3->previous_client_finished_len)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
-                *alert = SSL_AD_HANDSHAKE_FAILURE;
-                return 0;
-        }
-        if (!CBS_mem_equal(&prev_server, s->s3->previous_server_finished,
-            s->s3->previous_server_finished_len)) {
-                SSLerror(s, SSL_R_RENEGOTIATION_MISMATCH);
-                *alert = SSL_AD_HANDSHAKE_FAILURE;
-                return 0;
-        }
-
-        s->s3->renegotiate_seen = 1;
-        s->s3->send_connection_binding = 1;
-
-        return 1;
-}
-
-/*
- * Signature Algorithms - RFC 5246 section 7.4.1.4.1.
- */
-static int
-tlsext_sigalgs_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.our_max_tls_version >= TLS1_2_VERSION);
-}
-
-static int
-tlsext_sigalgs_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        uint16_t tls_version = s->s3->hs.negotiated_tls_version;
-        CBB sigalgs;
-
-        if (msg_type == SSL_TLSEXT_MSG_CH)
-                tls_version = s->s3->hs.our_min_tls_version;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
-                return 0;
-        if (!ssl_sigalgs_build(tls_version, &sigalgs, SSL_get_security_level(s)))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_sigalgs_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS sigalgs;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
-                return 0;
-        if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
-                return 0;
-        if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_sigalgs_server_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
-}
-
-static int
-tlsext_sigalgs_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB sigalgs;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &sigalgs))
-                return 0;
-        if (!ssl_sigalgs_build(s->s3->hs.negotiated_tls_version, &sigalgs,
-            SSL_get_security_level(s)))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_sigalgs_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS sigalgs;
-
-        if (ssl_effective_tls_version(s) < TLS1_3_VERSION)
-                return 0;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &sigalgs))
-                return 0;
-        if (CBS_len(&sigalgs) % 2 != 0 || CBS_len(&sigalgs) > 64)
-                return 0;
-        if (!CBS_stow(&sigalgs, &s->s3->hs.sigalgs, &s->s3->hs.sigalgs_len))
-                return 0;
-
-        return 1;
-}
-
-/*
- * Server Name Indication - RFC 6066, section 3.
- */
-static int
-tlsext_sni_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->tlsext_hostname != NULL);
-}
-
-static int
-tlsext_sni_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB server_name_list, host_name;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &server_name_list))
-                return 0;
-        if (!CBB_add_u8(&server_name_list, TLSEXT_NAMETYPE_host_name))
-                return 0;
-        if (!CBB_add_u16_length_prefixed(&server_name_list, &host_name))
-                return 0;
-        if (!CBB_add_bytes(&host_name, (const uint8_t *)s->tlsext_hostname,
-            strlen(s->tlsext_hostname)))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_sni_is_ip_literal(CBS *cbs, int *is_ip)
-{
-        union {
-                struct in_addr ip4;
-                struct in6_addr ip6;
-        } addrbuf;
-        char *hostname = NULL;
-
-        *is_ip = 0;
-
-        if (!CBS_strdup(cbs, &hostname))
-                return 0;
-
-        if (inet_pton(AF_INET, hostname, &addrbuf) == 1 ||
-            inet_pton(AF_INET6, hostname, &addrbuf) == 1)
-                *is_ip = 1;
-
-        free(hostname);
-
-        return 1;
-}
-
-/*
- * Validate that the CBS contains only a hostname consisting of RFC 5890
- * compliant A-labels (see RFC 6066 section 3). Not a complete check
- * since we don't parse punycode to verify its validity but limits to
- * correct structure and character set.
- */
-int
-tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip)
-{
-        uint8_t prev, c = 0;
-        int component = 0;
-        CBS hostname;
-
-        *is_ip = 0;
-
-        CBS_dup(cbs, &hostname);
-
-        if (CBS_len(&hostname) > TLSEXT_MAXLEN_host_name)
-                return 0;
-
-        /* An IP literal is invalid as a host name (RFC 6066 section 3). */
-        if (!tlsext_sni_is_ip_literal(&hostname, is_ip))
-                return 0;
-        if (*is_ip)
-                return 0;
-
-        while (CBS_len(&hostname) > 0) {
-                prev = c;
-                if (!CBS_get_u8(&hostname, &c))
-                        return 0;
-                /* Everything has to be ASCII, with no NUL byte. */
-                if (!isascii(c) || c == '\0')
-                        return 0;
-                /* It must be alphanumeric, a '-', or a '.' */
-                if (!isalnum(c) && c != '-' && c != '.')
-                        return 0;
-                /* '-' and '.' must not start a component or be at the end. */
-                if (component == 0 || CBS_len(&hostname) == 0) {
-                        if (c == '-' || c == '.')
-                                return 0;
-                }
-                if (c == '.') {
-                        /* Components can not end with a dash. */
-                        if (prev == '-')
-                                return 0;
-                        /* Start new component */
-                        component = 0;
-                        continue;
-                }
-                /* Components must be 63 chars or less. */
-                if (++component > 63)
-                        return 0;
-        }
-
-        return 1;
-}
-
-static int
-tlsext_sni_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS server_name_list, host_name;
-        uint8_t name_type;
-        int is_ip;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &server_name_list))
-                goto err;
-
-        if (!CBS_get_u8(&server_name_list, &name_type))
-                goto err;
-
-        /*
-         * RFC 6066 section 3, only one type (host_name) is specified.
-         * We do not tolerate unknown types, neither does BoringSSL.
-         * other implementations appear more tolerant.
-         */
-        if (name_type != TLSEXT_NAMETYPE_host_name) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        /*
-         * RFC 6066 section 3 specifies a host name must be at least 1 byte
-         * so 0 length is a decode error.
-         */
-        if (!CBS_get_u16_length_prefixed(&server_name_list, &host_name))
-                goto err;
-        if (CBS_len(&host_name) < 1)
-                goto err;
-
-        if (!tlsext_sni_is_valid_hostname(&host_name, &is_ip)) {
-                /*
-                 * Various pieces of software have been known to set the SNI
-                 * host name to an IP address, even though that violates the
-                 * RFC. If this is the case, pretend the SNI extension does
-                 * not exist.
-                 */
-                if (is_ip)
-                        goto done;
-
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        if (s->hit || s->s3->hs.tls13.hrr) {
-                if (s->session->tlsext_hostname == NULL) {
-                        *alert = SSL_AD_UNRECOGNIZED_NAME;
-                        goto err;
-                }
-                if (!CBS_mem_equal(&host_name, s->session->tlsext_hostname,
-                    strlen(s->session->tlsext_hostname))) {
-                        *alert = SSL_AD_UNRECOGNIZED_NAME;
-                        goto err;
-                }
-        } else {
-                if (s->session->tlsext_hostname != NULL)
-                        goto err;
-                if (!CBS_strdup(&host_name, &s->session->tlsext_hostname)) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        goto err;
-                }
-        }
-
- done:
-        /*
-         * RFC 6066 section 3 forbids multiple host names with the same type,
-         * therefore we allow only one entry.
-         */
-        if (CBS_len(&server_name_list) != 0) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        return 1;
-
- err:
-        return 0;
-}
-
-static int
-tlsext_sni_server_needs(SSL *s, uint16_t msg_type)
-{
-        if (s->hit)
-                return 0;
-
-        return (s->session->tlsext_hostname != NULL);
-}
-
-static int
-tlsext_sni_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return 1;
-}
-
-static int
-tlsext_sni_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        if (s->tlsext_hostname == NULL || CBS_len(cbs) != 0) {
-                *alert = SSL_AD_UNRECOGNIZED_NAME;
-                return 0;
-        }
-
-        if (s->hit) {
-                if (s->session->tlsext_hostname == NULL) {
-                        *alert = SSL_AD_UNRECOGNIZED_NAME;
-                        return 0;
-                }
-                if (strcmp(s->tlsext_hostname,
-                    s->session->tlsext_hostname) != 0) {
-                        *alert = SSL_AD_UNRECOGNIZED_NAME;
-                        return 0;
-                }
-        } else {
-                if (s->session->tlsext_hostname != NULL)
-                        return 0;
-                if ((s->session->tlsext_hostname =
-                    strdup(s->tlsext_hostname)) == NULL) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-        }
-
-        return 1;
-}
-
-/*
- * Certificate Status Request - RFC 6066 section 8.
- */
-
-static int
-tlsext_ocsp_client_needs(SSL *s, uint16_t msg_type)
-{
-        if (msg_type != SSL_TLSEXT_MSG_CH)
-                return 0;
-
-        return (s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp);
-}
-
-static int
-tlsext_ocsp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB respid_list, respid, exts;
-        unsigned char *ext_data;
-        size_t ext_len;
-        int i;
-
-        if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
-                return 0;
-        if (!CBB_add_u16_length_prefixed(cbb, &respid_list))
-                return 0;
-        for (i = 0; i < sk_OCSP_RESPID_num(s->tlsext_ocsp_ids); i++) {
-                unsigned char *respid_data;
-                OCSP_RESPID *id;
-                size_t id_len;
-
-                if ((id = sk_OCSP_RESPID_value(s->tlsext_ocsp_ids,
-                    i)) ==  NULL)
-                        return 0;
-                if ((id_len = i2d_OCSP_RESPID(id, NULL)) == -1)
-                        return 0;
-                if (!CBB_add_u16_length_prefixed(&respid_list, &respid))
-                        return 0;
-                if (!CBB_add_space(&respid, &respid_data, id_len))
-                        return 0;
-                if ((i2d_OCSP_RESPID(id, &respid_data)) != id_len)
-                        return 0;
-        }
-        if (!CBB_add_u16_length_prefixed(cbb, &exts))
-                return 0;
-        if ((ext_len = i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts,
-            NULL)) == -1)
-                return 0;
-        if (!CBB_add_space(&exts, &ext_data, ext_len))
-                return 0;
-        if ((i2d_X509_EXTENSIONS(s->tlsext_ocsp_exts, &ext_data) !=
-            ext_len))
-                return 0;
-        if (!CBB_flush(cbb))
-                return 0;
-        return 1;
-}
-
-static int
-tlsext_ocsp_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        int alert_desc = SSL_AD_DECODE_ERROR;
-        CBS respid_list, respid, exts;
-        const unsigned char *p;
-        uint8_t status_type;
-        int ret = 0;
-
-        if (msg_type != SSL_TLSEXT_MSG_CH)
-                goto err;
-
-        if (!CBS_get_u8(cbs, &status_type))
-                goto err;
-        if (status_type != TLSEXT_STATUSTYPE_ocsp) {
-                /* ignore unknown status types */
-                s->tlsext_status_type = -1;
-
-                if (!CBS_skip(cbs, CBS_len(cbs))) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-                return 1;
-        }
-        s->tlsext_status_type = status_type;
-        if (!CBS_get_u16_length_prefixed(cbs, &respid_list))
-                goto err;
-
-        /* XXX */
-        sk_OCSP_RESPID_pop_free(s->tlsext_ocsp_ids, OCSP_RESPID_free);
-        s->tlsext_ocsp_ids = NULL;
-        if (CBS_len(&respid_list) > 0) {
-                s->tlsext_ocsp_ids = sk_OCSP_RESPID_new_null();
-                if (s->tlsext_ocsp_ids == NULL) {
-                        alert_desc = SSL_AD_INTERNAL_ERROR;
-                        goto err;
-                }
-        }
-
-        while (CBS_len(&respid_list) > 0) {
-                OCSP_RESPID *id;
-
-                if (!CBS_get_u16_length_prefixed(&respid_list, &respid))
-                        goto err;
-                p = CBS_data(&respid);
-                if ((id = d2i_OCSP_RESPID(NULL, &p, CBS_len(&respid))) == NULL)
-                        goto err;
-                if (!sk_OCSP_RESPID_push(s->tlsext_ocsp_ids, id)) {
-                        alert_desc = SSL_AD_INTERNAL_ERROR;
-                        OCSP_RESPID_free(id);
-                        goto err;
-                }
-        }
-
-        /* Read in request_extensions */
-        if (!CBS_get_u16_length_prefixed(cbs, &exts))
-                goto err;
-        if (CBS_len(&exts) > 0) {
-                sk_X509_EXTENSION_pop_free(s->tlsext_ocsp_exts,
-                    X509_EXTENSION_free);
-                p = CBS_data(&exts);
-                if ((s->tlsext_ocsp_exts = d2i_X509_EXTENSIONS(NULL,
-                    &p, CBS_len(&exts))) == NULL)
-                        goto err;
-        }
-
-        ret = 1;
- err:
-        if (ret == 0)
-                *alert = alert_desc;
-        return ret;
-}
-
-static int
-tlsext_ocsp_server_needs(SSL *s, uint16_t msg_type)
-{
-        if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
-            s->tlsext_status_type == TLSEXT_STATUSTYPE_ocsp &&
-            s->ctx->tlsext_status_cb != NULL) {
-                s->tlsext_status_expected = 0;
-                if (s->ctx->tlsext_status_cb(s,
-                    s->ctx->tlsext_status_arg) == SSL_TLSEXT_ERR_OK &&
-                    s->tlsext_ocsp_resp_len > 0)
-                        s->tlsext_status_expected = 1;
-        }
-        return s->tlsext_status_expected;
-}
-
-static int
-tlsext_ocsp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB ocsp_response;
-
-        if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION) {
-                if (!CBB_add_u8(cbb, TLSEXT_STATUSTYPE_ocsp))
-                        return 0;
-                if (!CBB_add_u24_length_prefixed(cbb, &ocsp_response))
-                        return 0;
-                if (!CBB_add_bytes(&ocsp_response,
-                    s->tlsext_ocsp_resp,
-                    s->tlsext_ocsp_resp_len))
-                        return 0;
-                if (!CBB_flush(cbb))
-                        return 0;
-        }
-        return 1;
-}
-
-static int
-tlsext_ocsp_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        uint8_t status_type;
-        CBS response;
-
-        if (ssl_effective_tls_version(s) >= TLS1_3_VERSION) {
-                if (msg_type == SSL_TLSEXT_MSG_CR) {
-                        /*
-                         * RFC 8446, 4.4.2.1 - the server may request an OCSP
-                         * response with an empty status_request.
-                         */
-                        if (CBS_len(cbs) == 0)
-                                return 1;
-
-                        SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                        return 0;
-                }
-                if (!CBS_get_u8(cbs, &status_type)) {
-                        SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                        return 0;
-                }
-                if (status_type != TLSEXT_STATUSTYPE_ocsp) {
-                        SSLerror(s, SSL_R_UNSUPPORTED_STATUS_TYPE);
-                        return 0;
-                }
-                if (!CBS_get_u24_length_prefixed(cbs, &response)) {
-                        SSLerror(s, SSL_R_LENGTH_MISMATCH);
-                        return 0;
-                }
-                if (CBS_len(&response) > 65536) {
-                        SSLerror(s, SSL_R_DATA_LENGTH_TOO_LONG);
-                        return 0;
-                }
-                if (!CBS_stow(&response, &s->tlsext_ocsp_resp,
-                    &s->tlsext_ocsp_resp_len)) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-        } else {
-                if (s->tlsext_status_type == -1) {
-                        *alert = SSL_AD_UNSUPPORTED_EXTENSION;
-                        return 0;
-                }
-                /* Set flag to expect CertificateStatus message */
-                s->tlsext_status_expected = 1;
-        }
-        return 1;
-}
-
-/*
- * SessionTicket extension - RFC 5077 section 3.2
- */
-static int
-tlsext_sessionticket_client_needs(SSL *s, uint16_t msg_type)
-{
-        /*
-         * Send session ticket extension when enabled and not overridden.
-         *
-         * When renegotiating, send an empty session ticket to indicate support.
-         */
-        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0)
-                return 0;
-
-        if (!ssl_security_tickets(s))
-                return 0;
-
-        if (s->new_session)
-                return 1;
-
-        if (s->tlsext_session_ticket != NULL &&
-            s->tlsext_session_ticket->data == NULL)
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_sessionticket_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        /*
-         * Signal that we support session tickets by sending an empty
-         * extension when renegotiating or no session found.
-         */
-        if (s->new_session || s->session == NULL)
-                return 1;
-
-        if (s->session->tlsext_tick != NULL) {
-                /* Attempt to resume with an existing session ticket */
-                if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
-                    s->session->tlsext_ticklen))
-                        return 0;
-
-        } else if (s->tlsext_session_ticket != NULL) {
-                /*
-                 * Attempt to resume with a custom provided session ticket set
-                 * by SSL_set_session_ticket_ext().
-                 */
-                if (s->tlsext_session_ticket->length > 0) {
-                        size_t ticklen = s->tlsext_session_ticket->length;
-
-                        if ((s->session->tlsext_tick = malloc(ticklen)) == NULL)
-                                return 0;
-                        memcpy(s->session->tlsext_tick,
-                            s->tlsext_session_ticket->data,
-                            ticklen);
-                        s->session->tlsext_ticklen = ticklen;
-
-                        if (!CBB_add_bytes(cbb, s->session->tlsext_tick,
-                            s->session->tlsext_ticklen))
-                                return 0;
-                }
-        }
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_sessionticket_server_process(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert)
-{
-        if (s->tls_session_ticket_ext_cb) {
-                if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs),
-                    (int)CBS_len(cbs),
-                    s->tls_session_ticket_ext_cb_arg)) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-        }
-
-        /* We need to signal that this was processed fully */
-        if (!CBS_skip(cbs, CBS_len(cbs))) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-
-        return 1;
-}
-
-static int
-tlsext_sessionticket_server_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->tlsext_ticket_expected &&
-            !(SSL_get_options(s) & SSL_OP_NO_TICKET) &&
-            ssl_security_tickets(s));
-}
-
-static int
-tlsext_sessionticket_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        /* Empty ticket */
-        return 1;
-}
-
-static int
-tlsext_sessionticket_client_process(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert)
-{
-        if (s->tls_session_ticket_ext_cb) {
-                if (!s->tls_session_ticket_ext_cb(s, CBS_data(cbs),
-                    (int)CBS_len(cbs),
-                    s->tls_session_ticket_ext_cb_arg)) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-        }
-
-        if ((SSL_get_options(s) & SSL_OP_NO_TICKET) != 0 || CBS_len(cbs) > 0) {
-                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-        }
-
-        s->tlsext_ticket_expected = 1;
-
-        return 1;
-}
-
-/*
- * DTLS extension for SRTP key establishment - RFC 5764
- */
-
-#ifndef OPENSSL_NO_SRTP
-
-static int
-tlsext_srtp_client_needs(SSL *s, uint16_t msg_type)
-{
-        return SSL_is_dtls(s) && SSL_get_srtp_profiles(s) != NULL;
-}
-
-static int
-tlsext_srtp_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB profiles, mki;
-        int ct, i;
-        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL;
-        const SRTP_PROTECTION_PROFILE *prof;
-
-        if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {
-                SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
-                return 0;
-        }
-
-        if ((ct = sk_SRTP_PROTECTION_PROFILE_num(clnt)) < 1) {
-                SSLerror(s, SSL_R_EMPTY_SRTP_PROTECTION_PROFILE_LIST);
-                return 0;
-        }
-
-        if (!CBB_add_u16_length_prefixed(cbb, &profiles))
-                return 0;
-
-        for (i = 0; i < ct; i++) {
-                if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i)) == NULL)
-                        return 0;
-                if (!CBB_add_u16(&profiles, prof->id))
-                        return 0;
-        }
-
-        if (!CBB_add_u8_length_prefixed(cbb, &mki))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_srtp_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        const SRTP_PROTECTION_PROFILE *cprof, *sprof;
-        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt = NULL, *srvr;
-        int i, j;
-        int ret;
-        uint16_t id;
-        CBS profiles, mki;
-
-        ret = 0;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &profiles))
-                goto err;
-        if (CBS_len(&profiles) == 0 || CBS_len(&profiles) % 2 != 0)
-                goto err;
-
-        if ((clnt = sk_SRTP_PROTECTION_PROFILE_new_null()) == NULL)
-                goto err;
-
-        while (CBS_len(&profiles) > 0) {
-                if (!CBS_get_u16(&profiles, &id))
-                        goto err;
-
-                if (!srtp_find_profile_by_num(id, &cprof)) {
-                        if (!sk_SRTP_PROTECTION_PROFILE_push(clnt, cprof))
-                                goto err;
-                }
-        }
-
-        if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) {
-                SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
-                goto done;
-        }
-
-        /*
-         * Per RFC 5764 section 4.1.1
-         *
-         * Find the server preferred profile using the client's list.
-         *
-         * The server MUST send a profile if it sends the use_srtp
-         * extension.  If one is not found, it should fall back to the
-         * negotiated DTLS cipher suite or return a DTLS alert.
-         */
-        if ((srvr = SSL_get_srtp_profiles(s)) == NULL)
-                goto err;
-        for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(srvr); i++) {
-                if ((sprof = sk_SRTP_PROTECTION_PROFILE_value(srvr, i)) == NULL)
-                        goto err;
-
-                for (j = 0; j < sk_SRTP_PROTECTION_PROFILE_num(clnt); j++) {
-                        if ((cprof = sk_SRTP_PROTECTION_PROFILE_value(clnt, j))
-                            == NULL)
-                                goto err;
-
-                        if (cprof->id == sprof->id) {
-                                s->srtp_profile = sprof;
-                                ret = 1;
-                                goto done;
-                        }
-                }
-        }
-
-        /* If we didn't find anything, fall back to the negotiated */
-        ret = 1;
-        goto done;
-
- err:
-        SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-
- done:
-        sk_SRTP_PROTECTION_PROFILE_free(clnt);
-        return ret;
-}
-
-static int
-tlsext_srtp_server_needs(SSL *s, uint16_t msg_type)
-{
-        return SSL_is_dtls(s) && SSL_get_selected_srtp_profile(s) != NULL;
-}
-
-static int
-tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        SRTP_PROTECTION_PROFILE *profile;
-        CBB srtp, mki;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &srtp))
-                return 0;
-
-        if ((profile = SSL_get_selected_srtp_profile(s)) == NULL)
-                return 0;
-
-        if (!CBB_add_u16(&srtp, profile->id))
-                return 0;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &mki))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_srtp_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        STACK_OF(SRTP_PROTECTION_PROFILE) *clnt;
-        const SRTP_PROTECTION_PROFILE *prof;
-        int i;
-        uint16_t id;
-        CBS profile_ids, mki;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &profile_ids)) {
-                SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-                return 0;
-        }
-
-        if (!CBS_get_u16(&profile_ids, &id) || CBS_len(&profile_ids) != 0) {
-                SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-                return 0;
-        }
-
-        if (!CBS_get_u8_length_prefixed(cbs, &mki) || CBS_len(&mki) != 0) {
-                SSLerror(s, SSL_R_BAD_SRTP_MKI_VALUE);
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-
-        if ((clnt = SSL_get_srtp_profiles(s)) == NULL) {
-                SSLerror(s, SSL_R_NO_SRTP_PROFILES);
-                return 0;
-        }
-
-        for (i = 0; i < sk_SRTP_PROTECTION_PROFILE_num(clnt); i++) {
-                if ((prof = sk_SRTP_PROTECTION_PROFILE_value(clnt, i))
-                    == NULL) {
-                        SSLerror(s, SSL_R_NO_SRTP_PROFILES);
-                        return 0;
-                }
-
-                if (prof->id == id) {
-                        s->srtp_profile = prof;
-                        return 1;
-                }
-        }
-
-        SSLerror(s, SSL_R_BAD_SRTP_PROTECTION_PROFILE_LIST);
-
-        return 0;
-}
-
-#endif /* OPENSSL_NO_SRTP */
-
-/*
- * TLSv1.3 Key Share - RFC 8446 section 4.2.8.
- */
-static int
-tlsext_keyshare_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
-}
-
-static int
-tlsext_keyshare_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB client_shares, key_exchange;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &client_shares))
-                return 0;
-
-        if (!CBB_add_u16(&client_shares,
-            tls_key_share_group(s->s3->hs.key_share)))
-                return 0;
-        if (!CBB_add_u16_length_prefixed(&client_shares, &key_exchange))
-                return 0;
-        if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_keyshare_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        const uint16_t *client_groups = NULL, *server_groups = NULL;
-        size_t client_groups_len = 0, server_groups_len = 0;
-        size_t i, j, client_groups_index;
-        int preferred_group_found = 0;
-        int decode_error;
-        uint16_t client_preferred_group = 0;
-        uint16_t group;
-        CBS client_shares, key_exchange;
-
-        /*
-         * RFC 8446 section 4.2.8:
-         *
-         * Each KeyShareEntry value MUST correspond to a group offered in the
-         * "supported_groups" extension and MUST appear in the same order.
-         * However, the values MAY be a non-contiguous subset of the
-         * "supported_groups".
-         */
-
-        if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups)) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-        if (!tlsext_extension_processed(s, TLSEXT_TYPE_supported_groups)) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-
-        if (s->s3->hs.tls13.hrr) {
-                if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
-                        return 0;
-
-                /* Unpack client share. */
-                if (!CBS_get_u16(&client_shares, &group))
-                        return 0;
-                if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange))
-                        return 0;
-
-                /* There should only be one share. */
-                if (CBS_len(&client_shares) != 0)
-                        return 0;
-
-                if (group != s->s3->hs.tls13.server_group) {
-                        *alert = SSL_AD_ILLEGAL_PARAMETER;
-                        return 0;
-                }
-
-                if (s->s3->hs.key_share != NULL) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-
-                /* Decode and store the selected key share. */
-                if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-                if (!tls_key_share_peer_public(s->s3->hs.key_share,
-                    &key_exchange, &decode_error, NULL)) {
-                        if (!decode_error)
-                                *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-
-                return 1;
-        }
-
-        /*
-         * XXX similar to tls1_get_supported_group, but client pref
-         * only - consider deduping later.
-         */
-        /*
-         * We are now assured of at least one client group.
-         * Get the client and server group preference orders.
-         */
-        tls1_get_group_list(s, 0, &server_groups, &server_groups_len);
-        tls1_get_group_list(s, 1, &client_groups, &client_groups_len);
-
-        /*
-         * Find the group that is most preferred by the client that
-         * we also support.
-         */
-        for (i = 0; i < client_groups_len && !preferred_group_found; i++) {
-                if (!ssl_security_supported_group(s, client_groups[i]))
-                        continue;
-                for (j = 0; j < server_groups_len; j++) {
-                        if (server_groups[j] == client_groups[i]) {
-                                client_preferred_group = client_groups[i];
-                                preferred_group_found = 1;
-                                break;
-                        }
-                }
-        }
-
-        if (!CBS_get_u16_length_prefixed(cbs, &client_shares))
-                return 0;
-
-        client_groups_index = 0;
-        while (CBS_len(&client_shares) > 0) {
-                int client_sent_group;
-
-                /* Unpack client share. */
-                if (!CBS_get_u16(&client_shares, &group))
-                        return 0;
-                if (!CBS_get_u16_length_prefixed(&client_shares, &key_exchange))
-                        return 0;
-
-                /* Ignore this client share if we're using earlier than TLSv1.3 */
-                if (s->s3->hs.our_max_tls_version < TLS1_3_VERSION)
-                        continue;
-
-                /*
-                 * Ensure the client share group was sent in supported groups,
-                 * and was sent in the same order as supported groups. The
-                 * supported groups has already been checked for duplicates.
-                 */
-                client_sent_group = 0;
-                while (client_groups_index < client_groups_len) {
-                        if (group == client_groups[client_groups_index++]) {
-                                client_sent_group = 1;
-                                break;
-                        }
-                }
-                if (!client_sent_group) {
-                        *alert = SSL_AD_ILLEGAL_PARAMETER;
-                        return 0;
-                }
-
-                /* Ignore this client share if we have already selected a key share */
-                if (s->s3->hs.key_share != NULL)
-                        continue;
-
-                /*
-                 * Ignore this client share if it is not for the most client
-                 * preferred supported group. This avoids a potential downgrade
-                 * situation where the client sends a client share for something
-                 * less preferred, and we choose to to use it instead of
-                 * requesting the more preferred group.
-                 */
-                if (!preferred_group_found || group != client_preferred_group)
-                        continue;
-
-                /* Decode and store the selected key share. */
-                if ((s->s3->hs.key_share = tls_key_share_new(group)) == NULL) {
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-                if (!tls_key_share_peer_public(s->s3->hs.key_share,
-                    &key_exchange, &decode_error, NULL)) {
-                        if (!decode_error)
-                                *alert = SSL_AD_INTERNAL_ERROR;
-                        return 0;
-                }
-        }
-
-        return 1;
-}
-
-static int
-tlsext_keyshare_server_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION &&
-            tlsext_extension_seen(s, TLSEXT_TYPE_key_share));
-}
-
-static int
-tlsext_keyshare_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB key_exchange;
-
-        /* In the case of a HRR, we only send the server selected group. */
-        if (s->s3->hs.tls13.hrr) {
-                if (s->s3->hs.tls13.server_group == 0)
-                        return 0;
-                return CBB_add_u16(cbb, s->s3->hs.tls13.server_group);
-        }
-
-        if (s->s3->hs.key_share == NULL)
-                return 0;
-
-        if (!CBB_add_u16(cbb, tls_key_share_group(s->s3->hs.key_share)))
-                return 0;
-        if (!CBB_add_u16_length_prefixed(cbb, &key_exchange))
-                return 0;
-        if (!tls_key_share_public(s->s3->hs.key_share, &key_exchange))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_keyshare_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS key_exchange;
-        int decode_error;
-        uint16_t group;
-
-        /* Unpack server share. */
-        if (!CBS_get_u16(cbs, &group))
-                return 0;
-
-        if (CBS_len(cbs) == 0) {
-                /* HRR does not include an actual key share, only the group. */
-                if (msg_type != SSL_TLSEXT_MSG_HRR)
-                        return 0;
-
-                s->s3->hs.tls13.server_group = group;
-                return 1;
-        }
-
-        if (!CBS_get_u16_length_prefixed(cbs, &key_exchange))
-                return 0;
-
-        if (s->s3->hs.key_share == NULL) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-        if (tls_key_share_group(s->s3->hs.key_share) != group) {
-                *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-        if (!tls_key_share_peer_public(s->s3->hs.key_share,
-            &key_exchange, &decode_error, NULL)) {
-                if (!decode_error)
-                        *alert = SSL_AD_INTERNAL_ERROR;
-                return 0;
-        }
-
-        return 1;
-}
-
-/*
- * Supported Versions - RFC 8446 section 4.2.1.
- */
-static int
-tlsext_versions_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
-}
-
-static int
-tlsext_versions_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        uint16_t max, min;
-        uint16_t version;
-        CBB versions;
-
-        max = s->s3->hs.our_max_tls_version;
-        min = s->s3->hs.our_min_tls_version;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &versions))
-                return 0;
-
-        /* XXX - fix, but contiguous for now... */
-        for (version = max; version >= min; version--) {
-                if (!CBB_add_u16(&versions, version))
-                        return 0;
-        }
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_versions_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS versions;
-        uint16_t version;
-        uint16_t max, min;
-        uint16_t matched_version = 0;
-
-        max = s->s3->hs.our_max_tls_version;
-        min = s->s3->hs.our_min_tls_version;
-
-        if (!CBS_get_u8_length_prefixed(cbs, &versions))
-                return 0;
-
-        while (CBS_len(&versions) > 0) {
-                if (!CBS_get_u16(&versions, &version))
-                        return 0;
-                /*
-                 * XXX What is below implements client preference, and
-                 * ignores any server preference entirely.
-                 */
-                if (matched_version == 0 && version >= min && version <= max)
-                        matched_version = version;
-        }
-
-        if (matched_version > 0)  {
-                /* XXX - this should be stored for later processing. */
-                s->version = matched_version;
-                return 1;
-        }
-
-        *alert = SSL_AD_PROTOCOL_VERSION;
-        return 0;
-}
-
-static int
-tlsext_versions_server_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION);
-}
-
-static int
-tlsext_versions_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return CBB_add_u16(cbb, TLS1_3_VERSION);
-}
-
-static int
-tlsext_versions_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        uint16_t selected_version;
-
-        if (!CBS_get_u16(cbs, &selected_version))
-                return 0;
-
-        /* XXX - need to fix for DTLS 1.3 */
-        if (selected_version < TLS1_3_VERSION) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-
-        /* XXX test between min and max once initialization code goes in */
-        s->s3->hs.tls13.server_version = selected_version;
-
-        return 1;
-}
-
-
-/*
- * Cookie - RFC 8446 section 4.2.2.
- */
-
-static int
-tlsext_cookie_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
-            s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
-}
-
-static int
-tlsext_cookie_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB cookie;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &cookie))
-                return 0;
-
-        if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie,
-            s->s3->hs.tls13.cookie_len))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_cookie_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS cookie;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &cookie))
-                return 0;
-
-        if (CBS_len(&cookie) != s->s3->hs.tls13.cookie_len)
-                return 0;
-
-        /*
-         * Check provided cookie value against what server previously
-         * sent - client *MUST* send the same cookie with new CR after
-         * a cookie is sent by the server with an HRR.
-         */
-        if (!CBS_mem_equal(&cookie, s->s3->hs.tls13.cookie,
-            s->s3->hs.tls13.cookie_len)) {
-                /* XXX special cookie mismatch alert? */
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-
-        return 1;
-}
-
-static int
-tlsext_cookie_server_needs(SSL *s, uint16_t msg_type)
-{
-        /*
-         * Server needs to set cookie value in tls13 handshake
-         * in order to send one, should only be sent with HRR.
-         */
-        return (s->s3->hs.our_max_tls_version >= TLS1_3_VERSION &&
-            s->s3->hs.tls13.cookie_len > 0 && s->s3->hs.tls13.cookie != NULL);
-}
-
-static int
-tlsext_cookie_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB cookie;
-
-        /* XXX deduplicate with client code */
-
-        if (!CBB_add_u16_length_prefixed(cbb, &cookie))
-                return 0;
-
-        if (!CBB_add_bytes(&cookie, s->s3->hs.tls13.cookie,
-            s->s3->hs.tls13.cookie_len))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_cookie_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        CBS cookie;
-
-        /*
-         * XXX This currently assumes we will not get a second
-         * HRR from a server with a cookie to process after accepting
-         * one from the server in the same handshake
-         */
-        if (s->s3->hs.tls13.cookie != NULL ||
-            s->s3->hs.tls13.cookie_len != 0) {
-                *alert = SSL_AD_ILLEGAL_PARAMETER;
-                return 0;
-        }
-
-        if (!CBS_get_u16_length_prefixed(cbs, &cookie))
-                return 0;
-
-        if (!CBS_stow(&cookie, &s->s3->hs.tls13.cookie,
-            &s->s3->hs.tls13.cookie_len))
-                return 0;
-
-        return 1;
-}
-
-/*
- * Pre-Shared Key Exchange Modes - RFC 8446, 4.2.9.
- */
-
-static int
-tlsext_psk_kex_modes_client_needs(SSL *s, uint16_t msg_type)
-{
-        return (s->s3->hs.tls13.use_psk_dhe_ke &&
-            s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
-}
-
-static int
-tlsext_psk_kex_modes_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        CBB ke_modes;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &ke_modes))
-                return 0;
-
-        /* Only indicate support for PSK with DHE key establishment. */
-        if (!CBB_add_u8(&ke_modes, TLS13_PSK_DHE_KE))
-                return 0;
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_psk_kex_modes_server_process(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert)
-{
-        CBS ke_modes;
-        uint8_t ke_mode;
-
-        if (!CBS_get_u8_length_prefixed(cbs, &ke_modes))
-                return 0;
-
-        while (CBS_len(&ke_modes) > 0) {
-                if (!CBS_get_u8(&ke_modes, &ke_mode))
-                        return 0;
-
-                if (ke_mode == TLS13_PSK_DHE_KE)
-                        s->s3->hs.tls13.use_psk_dhe_ke = 1;
-        }
-
-        return 1;
-}
-
-static int
-tlsext_psk_kex_modes_server_needs(SSL *s, uint16_t msg_type)
-{
-        /* Servers MUST NOT send this extension. */
-        return 0;
-}
-
-static int
-tlsext_psk_kex_modes_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return 0;
-}
-
-static int
-tlsext_psk_kex_modes_client_process(SSL *s, uint16_t msg_type, CBS *cbs,
-    int *alert)
-{
-        return 0;
-}
-
-/*
- * Pre-Shared Key Extension - RFC 8446, 4.2.11
- */
-
-static int
-tlsext_psk_client_needs(SSL *s, uint16_t msg_type)
-{
-        return 0;
-}
-
-static int
-tlsext_psk_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return 0;
-}
-
-static int
-tlsext_psk_client_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        return CBS_skip(cbs, CBS_len(cbs));
-}
-
-static int
-tlsext_psk_server_needs(SSL *s, uint16_t msg_type)
-{
-        return 0;
-}
-
-static int
-tlsext_psk_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return 0;
-}
-
-static int
-tlsext_psk_server_process(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        return CBS_skip(cbs, CBS_len(cbs));
-}
-
-/*
- * QUIC transport parameters extension - RFC 9001 section 8.2.
- */
-
-static int
-tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
-{
-        return SSL_is_quic(s) && s->quic_transport_params_len > 0;
-}
-
-static int
-tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
-    CBB *cbb)
-{
-        if (!CBB_add_bytes(cbb, s->quic_transport_params,
-            s->quic_transport_params_len))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_quic_transport_parameters_client_process(SSL *s, uint16_t msg_type,
-    CBS *cbs, int *alert)
-{
-        if (!SSL_is_quic(s)) {
-                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-        }
-
-        if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
-            &s->s3->peer_quic_transport_params_len))
-                return 0;
-        if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
-{
-        return SSL_is_quic(s) && s->quic_transport_params_len > 0;
-}
-
-static int
-tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
-    CBB *cbb)
-{
-        if (!CBB_add_bytes(cbb, s->quic_transport_params,
-            s->quic_transport_params_len))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_quic_transport_parameters_server_process(SSL *s, uint16_t msg_type,
-    CBS *cbs, int *alert)
-{
-        if (!SSL_is_quic(s)) {
-                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
-                return 0;
-        }
-
-        if (!CBS_stow(cbs, &s->s3->peer_quic_transport_params,
-            &s->s3->peer_quic_transport_params_len))
-                return 0;
-        if (!CBS_skip(cbs, s->s3->peer_quic_transport_params_len))
-                return 0;
-
-        return 1;
-}
-
-struct tls_extension_funcs {
-        int (*needs)(SSL *s, uint16_t msg_type);
-        int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
-        int (*process)(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-};
-
-struct tls_extension {
-        uint16_t type;
-        uint16_t messages;
-        struct tls_extension_funcs client;
-        struct tls_extension_funcs server;
-};
-
-/*
- * TLS extensions (in processing order).
- */
-static const struct tls_extension tls_extensions[] = {
-        {
-                .type = TLSEXT_TYPE_supported_versions,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH |
-                    SSL_TLSEXT_MSG_HRR,
-                .client = {
-                        .needs = tlsext_versions_client_needs,
-                        .build = tlsext_versions_client_build,
-                        .process = tlsext_versions_client_process,
-                },
-                .server = {
-                        .needs = tlsext_versions_server_needs,
-                        .build = tlsext_versions_server_build,
-                        .process = tlsext_versions_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_supported_groups,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
-                .client = {
-                        .needs = tlsext_supportedgroups_client_needs,
-                        .build = tlsext_supportedgroups_client_build,
-                        .process = tlsext_supportedgroups_client_process,
-                },
-                .server = {
-                        .needs = tlsext_supportedgroups_server_needs,
-                        .build = tlsext_supportedgroups_server_build,
-                        .process = tlsext_supportedgroups_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_key_share,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH |
-                    SSL_TLSEXT_MSG_HRR,
-                .client = {
-                        .needs = tlsext_keyshare_client_needs,
-                        .build = tlsext_keyshare_client_build,
-                        .process = tlsext_keyshare_client_process,
-                },
-                .server = {
-                        .needs = tlsext_keyshare_server_needs,
-                        .build = tlsext_keyshare_server_build,
-                        .process = tlsext_keyshare_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_server_name,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
-                .client = {
-                        .needs = tlsext_sni_client_needs,
-                        .build = tlsext_sni_client_build,
-                        .process = tlsext_sni_client_process,
-                },
-                .server = {
-                        .needs = tlsext_sni_server_needs,
-                        .build = tlsext_sni_server_build,
-                        .process = tlsext_sni_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_renegotiate,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
-                .client = {
-                        .needs = tlsext_ri_client_needs,
-                        .build = tlsext_ri_client_build,
-                        .process = tlsext_ri_client_process,
-                },
-                .server = {
-                        .needs = tlsext_ri_server_needs,
-                        .build = tlsext_ri_server_build,
-                        .process = tlsext_ri_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_status_request,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR |
-                    SSL_TLSEXT_MSG_CT,
-                .client = {
-                        .needs = tlsext_ocsp_client_needs,
-                        .build = tlsext_ocsp_client_build,
-                        .process = tlsext_ocsp_client_process,
-                },
-                .server = {
-                        .needs = tlsext_ocsp_server_needs,
-                        .build = tlsext_ocsp_server_build,
-                        .process = tlsext_ocsp_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_ec_point_formats,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
-                .client = {
-                        .needs = tlsext_ecpf_client_needs,
-                        .build = tlsext_ecpf_client_build,
-                        .process = tlsext_ecpf_client_process,
-                },
-                .server = {
-                        .needs = tlsext_ecpf_server_needs,
-                        .build = tlsext_ecpf_server_build,
-                        .process = tlsext_ecpf_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_session_ticket,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
-                .client = {
-                        .needs = tlsext_sessionticket_client_needs,
-                        .build = tlsext_sessionticket_client_build,
-                        .process = tlsext_sessionticket_client_process,
-                },
-                .server = {
-                        .needs = tlsext_sessionticket_server_needs,
-                        .build = tlsext_sessionticket_server_build,
-                        .process = tlsext_sessionticket_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_signature_algorithms,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_CR,
-                .client = {
-                        .needs = tlsext_sigalgs_client_needs,
-                        .build = tlsext_sigalgs_client_build,
-                        .process = tlsext_sigalgs_client_process,
-                },
-                .server = {
-                        .needs = tlsext_sigalgs_server_needs,
-                        .build = tlsext_sigalgs_server_build,
-                        .process = tlsext_sigalgs_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_alpn,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
-                .client = {
-                        .needs = tlsext_alpn_client_needs,
-                        .build = tlsext_alpn_client_build,
-                        .process = tlsext_alpn_client_process,
-                },
-                .server = {
-                        .needs = tlsext_alpn_server_needs,
-                        .build = tlsext_alpn_server_build,
-                        .process = tlsext_alpn_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_cookie,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_HRR,
-                .client = {
-                        .needs = tlsext_cookie_client_needs,
-                        .build = tlsext_cookie_client_build,
-                        .process = tlsext_cookie_client_process,
-                },
-                .server = {
-                        .needs = tlsext_cookie_server_needs,
-                        .build = tlsext_cookie_server_build,
-                        .process = tlsext_cookie_server_process,
-                },
-        },
-#ifndef OPENSSL_NO_SRTP
-        {
-                .type = TLSEXT_TYPE_use_srtp,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH /* XXX */ |
-                    SSL_TLSEXT_MSG_EE,
-                .client = {
-                        .needs = tlsext_srtp_client_needs,
-                        .build = tlsext_srtp_client_build,
-                        .process = tlsext_srtp_client_process,
-                },
-                .server = {
-                        .needs = tlsext_srtp_server_needs,
-                        .build = tlsext_srtp_server_build,
-                        .process = tlsext_srtp_server_process,
-                },
-        },
-#endif /* OPENSSL_NO_SRTP */
-        {
-                .type = TLSEXT_TYPE_quic_transport_parameters,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,
-                .client = {
-                        .needs = tlsext_quic_transport_parameters_client_needs,
-                        .build = tlsext_quic_transport_parameters_client_build,
-                        .process = tlsext_quic_transport_parameters_client_process,
-                },
-                .server = {
-                        .needs = tlsext_quic_transport_parameters_server_needs,
-                        .build = tlsext_quic_transport_parameters_server_build,
-                        .process = tlsext_quic_transport_parameters_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_psk_key_exchange_modes,
-                .messages = SSL_TLSEXT_MSG_CH,
-                .client = {
-                        .needs = tlsext_psk_kex_modes_client_needs,
-                        .build = tlsext_psk_kex_modes_client_build,
-                        .process = tlsext_psk_kex_modes_client_process,
-                },
-                .server = {
-                        .needs = tlsext_psk_kex_modes_server_needs,
-                        .build = tlsext_psk_kex_modes_server_build,
-                        .process = tlsext_psk_kex_modes_server_process,
-                },
-        },
-        {
-                .type = TLSEXT_TYPE_pre_shared_key,
-                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
-                .client = {
-                        .needs = tlsext_psk_client_needs,
-                        .build = tlsext_psk_client_build,
-                        .process = tlsext_psk_client_process,
-                },
-                .server = {
-                        .needs = tlsext_psk_server_needs,
-                        .build = tlsext_psk_server_build,
-                        .process = tlsext_psk_server_process,
-                },
-        },
-};
-
-#define N_TLS_EXTENSIONS (sizeof(tls_extensions) / sizeof(*tls_extensions))
-
-/* Ensure that extensions fit in a uint32_t bitmask. */
-CTASSERT(N_TLS_EXTENSIONS <= (sizeof(uint32_t) * 8));
-
-struct tlsext_data {
-        CBS extensions[N_TLS_EXTENSIONS];
-};
-
-static struct tlsext_data *
-tlsext_data_new(void)
-{
-        return calloc(1, sizeof(struct tlsext_data));
-}
-
-static void
-tlsext_data_free(struct tlsext_data *td)
-{
-        freezero(td, sizeof(*td));
-}
-
-uint16_t
-tls_extension_type(const struct tls_extension *extension)
-{
-        return extension->type;
-}
-
-const struct tls_extension *
-tls_extension_find(uint16_t type, size_t *tls_extensions_idx)
-{
-        size_t i;
-
-        for (i = 0; i < N_TLS_EXTENSIONS; i++) {
-                if (tls_extensions[i].type == type) {
-                        if (tls_extensions_idx != NULL)
-                                *tls_extensions_idx = i;
-                        return &tls_extensions[i];
-                }
-        }
-
-        return NULL;
-}
-
-int
-tlsext_extension_seen(SSL *s, uint16_t type)
-{
-        size_t idx;
-
-        if (tls_extension_find(type, &idx) == NULL)
-                return 0;
-        return ((s->s3->hs.extensions_seen & (1 << idx)) != 0);
-}
-
-int
-tlsext_extension_processed(SSL *s, uint16_t type)
-{
-        size_t idx;
-
-        if (tls_extension_find(type, &idx) == NULL)
-                return 0;
-        return ((s->s3->hs.extensions_processed & (1 << idx)) != 0);
-}
-
-const struct tls_extension_funcs *
-tlsext_funcs(const struct tls_extension *tlsext, int is_server)
-{
-        if (is_server)
-                return &tlsext->server;
-
-        return &tlsext->client;
-}
-
-int
-tlsext_randomize_build_order(SSL *s)
-{
-        const struct tls_extension *psk_ext;
-        size_t idx, new_idx;
-        size_t alpn_idx = 0, sni_idx = 0;
-
-        free(s->tlsext_build_order);
-        s->tlsext_build_order_len = 0;
-
-        if ((s->tlsext_build_order = calloc(sizeof(*s->tlsext_build_order),
-            N_TLS_EXTENSIONS)) == NULL)
-                return 0;
-        s->tlsext_build_order_len = N_TLS_EXTENSIONS;
-
-        /* RFC 8446, section 4.2 - PSK MUST be the last extension in the CH. */
-        if ((psk_ext = tls_extension_find(TLSEXT_TYPE_pre_shared_key,
-            NULL)) == NULL)
-                return 0;
-        s->tlsext_build_order[N_TLS_EXTENSIONS - 1] = psk_ext;
-
-        /* Fisher-Yates shuffle with PSK fixed. */
-        for (idx = 0; idx < N_TLS_EXTENSIONS - 1; idx++) {
-                new_idx = arc4random_uniform(idx + 1);
-                s->tlsext_build_order[idx] = s->tlsext_build_order[new_idx];
-                s->tlsext_build_order[new_idx] = &tls_extensions[idx];
-        }
-
-        /*
-         * XXX - Apache2 special until year 2025: ensure that SNI precedes ALPN
-         * for clients so that virtual host setups work correctly.
-         */
-
-        if (s->server)
-                return 1;
-
-        for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) {
-                if (s->tlsext_build_order[idx]->type == TLSEXT_TYPE_alpn)
-                        alpn_idx = idx;
-                if (s->tlsext_build_order[idx]->type == TLSEXT_TYPE_server_name)
-                        sni_idx = idx;
-        }
-        if (alpn_idx < sni_idx) {
-                const struct tls_extension *tmp;
-
-                tmp = s->tlsext_build_order[alpn_idx];
-                s->tlsext_build_order[alpn_idx] = s->tlsext_build_order[sni_idx];
-                s->tlsext_build_order[sni_idx] = tmp;
-        }
-
-        return 1;
-}
-
-int
-tlsext_linearize_build_order(SSL *s)
-{
-        size_t idx;
-
-        free(s->tlsext_build_order);
-        s->tlsext_build_order_len = 0;
-
-        if ((s->tlsext_build_order = calloc(sizeof(*s->tlsext_build_order),
-            N_TLS_EXTENSIONS)) == NULL)
-                return 0;
-        s->tlsext_build_order_len = N_TLS_EXTENSIONS;
-
-        for (idx = 0; idx < N_TLS_EXTENSIONS; idx++)
-                s->tlsext_build_order[idx] = &tls_extensions[idx];
-
-        return 1;
-}
-
-static int
-tlsext_build(SSL *s, int is_server, uint16_t msg_type, CBB *cbb)
-{
-        const struct tls_extension_funcs *ext;
-        const struct tls_extension *tlsext;
-        CBB extensions, extension_data;
-        int extensions_present = 0;
-        uint16_t tls_version;
-        size_t i;
-
-        tls_version = ssl_effective_tls_version(s);
-
-        if (!CBB_add_u16_length_prefixed(cbb, &extensions))
-                return 0;
-
-        for (i = 0; i < N_TLS_EXTENSIONS; i++) {
-                tlsext = s->tlsext_build_order[i];
-                ext = tlsext_funcs(tlsext, is_server);
-
-                /* RFC 8446 Section 4.2 */
-                if (tls_version >= TLS1_3_VERSION &&
-                    !(tlsext->messages & msg_type))
-                        continue;
-
-                if (!ext->needs(s, msg_type))
-                        continue;
-
-                if (!CBB_add_u16(&extensions, tlsext->type))
-                        return 0;
-                if (!CBB_add_u16_length_prefixed(&extensions, &extension_data))
-                        return 0;
-
-                if (!ext->build(s, msg_type, &extension_data))
-                        return 0;
-
-                extensions_present = 1;
-        }
-
-        if (!extensions_present &&
-            (msg_type & (SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH)) != 0)
-                CBB_discard_child(cbb);
-
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-tlsext_clienthello_hash_extension(SSL *s, uint16_t type, CBS *cbs)
-{
-        /*
-         * RFC 8446 4.1.2. For subsequent CH, early data will be removed,
-         * cookie may be added, padding may be removed.
-         */
-        struct tls13_ctx *ctx = s->tls13;
-
-        if (type == TLSEXT_TYPE_early_data || type == TLSEXT_TYPE_cookie ||
-            type == TLSEXT_TYPE_padding)
-                return 1;
-        if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&type,
-            sizeof(type)))
-                return 0;
-        /*
-         * key_share data may be changed, and pre_shared_key data may
-         * be changed.
-         */
-        if (type == TLSEXT_TYPE_pre_shared_key || type == TLSEXT_TYPE_key_share)
-                return 1;
-        if (!tls13_clienthello_hash_update(ctx, cbs))
-                return 0;
-
-        return 1;
-}
-
-static int
-tlsext_parse(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type,
-    CBS *cbs, int *alert)
-{
-        const struct tls_extension *tlsext;
-        CBS extensions, extension_data;
-        uint16_t type;
-        size_t idx;
-        uint16_t tls_version;
-        int alert_desc;
-
-        tls_version = ssl_effective_tls_version(s);
-
-        s->s3->hs.extensions_seen = 0;
-
-        /* An empty extensions block is valid. */
-        if (CBS_len(cbs) == 0)
-                return 1;
-
-        alert_desc = SSL_AD_DECODE_ERROR;
-
-        if (!CBS_get_u16_length_prefixed(cbs, &extensions))
-                goto err;
-
-        while (CBS_len(&extensions) > 0) {
-                if (!CBS_get_u16(&extensions, &type))
-                        goto err;
-                if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
-                        goto err;
-
-                if (s->tlsext_debug_cb != NULL)
-                        s->tlsext_debug_cb(s, !is_server, type,
-                            (unsigned char *)CBS_data(&extension_data),
-                            CBS_len(&extension_data),
-                            s->tlsext_debug_arg);
-
-                /* Unknown extensions are ignored. */
-                if ((tlsext = tls_extension_find(type, &idx)) == NULL)
-                        continue;
-
-                if (tls_version >= TLS1_3_VERSION && is_server &&
-                    msg_type == SSL_TLSEXT_MSG_CH) {
-                        if (!tlsext_clienthello_hash_extension(s, type,
-                            &extension_data))
-                                goto err;
-                }
-
-                /* RFC 8446 Section 4.2 */
-                if (tls_version >= TLS1_3_VERSION &&
-                    !(tlsext->messages & msg_type)) {
-                        alert_desc = SSL_AD_ILLEGAL_PARAMETER;
-                        goto err;
-                }
-
-                /* Check for duplicate known extensions. */
-                if ((s->s3->hs.extensions_seen & (1 << idx)) != 0)
-                        goto err;
-                s->s3->hs.extensions_seen |= (1 << idx);
-
-                CBS_dup(&extension_data, &td->extensions[idx]);
-        }
-
-        return 1;
-
- err:
-        *alert = alert_desc;
-
-        return 0;
-}
-
-static int
-tlsext_process(SSL *s, struct tlsext_data *td, int is_server, uint16_t msg_type,
-    int *alert)
-{
-        const struct tls_extension_funcs *ext;
-        const struct tls_extension *tlsext;
-        int alert_desc;
-        size_t idx;
-
-        alert_desc = SSL_AD_DECODE_ERROR;
-
-        s->s3->hs.extensions_processed = 0;
-
-        /* Run processing for present TLS extensions, in a defined order. */
-        for (idx = 0; idx < N_TLS_EXTENSIONS; idx++) {
-                tlsext = &tls_extensions[idx];
-                if ((s->s3->hs.extensions_seen & (1 << idx)) == 0)
-                        continue;
-                ext = tlsext_funcs(tlsext, is_server);
-                if (ext->process == NULL)
-                        continue;
-                if (!ext->process(s, msg_type, &td->extensions[idx], &alert_desc))
-                        goto err;
-
-                if (CBS_len(&td->extensions[idx]) != 0)
-                        goto err;
-
-                s->s3->hs.extensions_processed |= (1 << idx);
-        }
-
-        return 1;
-
- err:
-        *alert = alert_desc;
-
-        return 0;
-}
-
-static void
-tlsext_server_reset_state(SSL *s)
-{
-        s->tlsext_status_type = -1;
-        s->s3->renegotiate_seen = 0;
-        free(s->s3->alpn_selected);
-        s->s3->alpn_selected = NULL;
-        s->s3->alpn_selected_len = 0;
-        s->srtp_profile = NULL;
-}
-
-int
-tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return tlsext_build(s, 1, msg_type, cbb);
-}
-
-int
-tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        struct tlsext_data *td;
-        int ret = 0;
-
-        if ((td = tlsext_data_new()) == NULL)
-                goto err;
-
-        /* XXX - this should be done by the caller... */
-        if (msg_type == SSL_TLSEXT_MSG_CH)
-                tlsext_server_reset_state(s);
-
-        if (!tlsext_parse(s, td, 1, msg_type, cbs, alert))
-                goto err;
-        if (!tlsext_process(s, td, 1, msg_type, alert))
-                goto err;
-
-        ret = 1;
-
- err:
-        tlsext_data_free(td);
-
-        return ret;
-}
-
-static void
-tlsext_client_reset_state(SSL *s)
-{
-        s->s3->renegotiate_seen = 0;
-        free(s->s3->alpn_selected);
-        s->s3->alpn_selected = NULL;
-        s->s3->alpn_selected_len = 0;
-}
-
-int
-tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb)
-{
-        return tlsext_build(s, 0, msg_type, cbb);
-}
-
-int
-tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
-{
-        struct tlsext_data *td;
-        int ret = 0;
-
-        if ((td = tlsext_data_new()) == NULL)
-                goto err;
-
-        /* XXX - this should be done by the caller... */
-        if (msg_type == SSL_TLSEXT_MSG_SH)
-                tlsext_client_reset_state(s);
-
-        if (!tlsext_parse(s, td, 0, msg_type, cbs, alert))
-                goto err;
-        if (!tlsext_process(s, td, 0, msg_type, alert))
-                goto err;
-
-        ret = 1;
-
- err:
-        tlsext_data_free(td);
-
-        return ret;
-}
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
deleted file mode 100644
index 4fd2ec05a0..0000000000
--- a/src/lib/libssl/ssl_tlsext.h
+++ /dev/null
@@ -1,49 +0,0 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.34 2024/03/26 03:44:11 beck Exp $ */
-/*
- * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
- * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_SSL_TLSEXT_H
-#define HEADER_SSL_TLSEXT_H
-
-/* TLSv1.3 - RFC 8446 Section 4.2. */
-#define SSL_TLSEXT_MSG_CH       0x0001  /* ClientHello */
-#define SSL_TLSEXT_MSG_SH       0x0002  /* ServerHello */
-#define SSL_TLSEXT_MSG_EE       0x0004  /* EncryptedExtension */
-#define SSL_TLSEXT_MSG_CT       0x0008  /* Certificate */
-#define SSL_TLSEXT_MSG_CR       0x0010  /* CertificateRequest */
-#define SSL_TLSEXT_MSG_NST      0x0020  /* NewSessionTicket */
-#define SSL_TLSEXT_MSG_HRR      0x0040  /* HelloRetryRequest */
-
-__BEGIN_HIDDEN_DECLS
-
-int tlsext_alpn_check_format(CBS *cbs);
-int tlsext_sni_is_valid_hostname(CBS *cbs, int *is_ip);
-
-int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
-int tlsext_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
-
-int tlsext_extension_seen(SSL *s, uint16_t);
-int tlsext_extension_processed(SSL *s, uint16_t);
-int tlsext_randomize_build_order(SSL *s);
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/ssl_transcript.c b/src/lib/libssl/ssl_transcript.c
deleted file mode 100644
index 22cd6c3cfa..0000000000
--- a/src/lib/libssl/ssl_transcript.c
+++ /dev/null
@@ -1,197 +0,0 @@
-/* $OpenBSD: ssl_transcript.c,v 1.9 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <openssl/ssl.h>
-
-#include "ssl_local.h"
-#include "tls_internal.h"
-
-int
-tls1_transcript_hash_init(SSL *s)
-{
-        const unsigned char *data;
-        const EVP_MD *md;
-        size_t len;
-
-        tls1_transcript_hash_free(s);
-
-        if (!ssl_get_handshake_evp_md(s, &md)) {
-                SSLerrorx(ERR_R_INTERNAL_ERROR);
-                goto err;
-        }
-
-        if ((s->s3->handshake_hash = EVP_MD_CTX_new()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!EVP_DigestInit_ex(s->s3->handshake_hash, md, NULL)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-
-        if (!tls1_transcript_data(s, &data, &len)) {
-                SSLerror(s, SSL_R_BAD_HANDSHAKE_LENGTH);
-                goto err;
-        }
-        if (!tls1_transcript_hash_update(s, data, len)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-
-        return 1;
-
- err:
-        tls1_transcript_hash_free(s);
-
-        return 0;
-}
-
-int
-tls1_transcript_hash_update(SSL *s, const unsigned char *buf, size_t len)
-{
-        if (s->s3->handshake_hash == NULL)
-                return 1;
-
-        return EVP_DigestUpdate(s->s3->handshake_hash, buf, len);
-}
-
-int
-tls1_transcript_hash_value(SSL *s, unsigned char *out, size_t len,
-    size_t *outlen)
-{
-        EVP_MD_CTX *mdctx = NULL;
-        unsigned int mdlen;
-        int ret = 0;
-
-        if (s->s3->handshake_hash == NULL)
-                goto err;
-
-        if (EVP_MD_CTX_size(s->s3->handshake_hash) > len)
-                goto err;
-
-        if ((mdctx = EVP_MD_CTX_new()) == NULL) {
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                goto err;
-        }
-        if (!EVP_MD_CTX_copy_ex(mdctx, s->s3->handshake_hash)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (!EVP_DigestFinal_ex(mdctx, out, &mdlen)) {
-                SSLerror(s, ERR_R_EVP_LIB);
-                goto err;
-        }
-        if (outlen != NULL)
-                *outlen = mdlen;
-
-        ret = 1;
-
- err:
-        EVP_MD_CTX_free(mdctx);
-
-        return (ret);
-}
-
-void
-tls1_transcript_hash_free(SSL *s)
-{
-        EVP_MD_CTX_free(s->s3->handshake_hash);
-        s->s3->handshake_hash = NULL;
-}
-
-int
-tls1_transcript_init(SSL *s)
-{
-        if (s->s3->handshake_transcript != NULL)
-                return 0;
-
-        if ((s->s3->handshake_transcript = tls_buffer_new(0)) == NULL)
-                return 0;
-
-        tls1_transcript_reset(s);
-
-        return 1;
-}
-
-void
-tls1_transcript_free(SSL *s)
-{
-        tls_buffer_free(s->s3->handshake_transcript);
-        s->s3->handshake_transcript = NULL;
-}
-
-void
-tls1_transcript_reset(SSL *s)
-{
-        tls_buffer_clear(s->s3->handshake_transcript);
-
-        tls1_transcript_unfreeze(s);
-}
-
-int
-tls1_transcript_append(SSL *s, const unsigned char *buf, size_t len)
-{
-        if (s->s3->handshake_transcript == NULL)
-                return 1;
-
-        if (s->s3->flags & TLS1_FLAGS_FREEZE_TRANSCRIPT)
-                return 1;
-
-        return tls_buffer_append(s->s3->handshake_transcript, buf, len);
-}
-
-int
-tls1_transcript_data(SSL *s, const unsigned char **data, size_t *len)
-{
-        CBS cbs;
-
-        if (s->s3->handshake_transcript == NULL)
-                return 0;
-
-        if (!tls_buffer_data(s->s3->handshake_transcript, &cbs))
-                return 0;
-
-        /* XXX - change to caller providing a CBS argument. */
-        *data = CBS_data(&cbs);
-        *len = CBS_len(&cbs);
-
-        return 1;
-}
-
-void
-tls1_transcript_freeze(SSL *s)
-{
-        s->s3->flags |= TLS1_FLAGS_FREEZE_TRANSCRIPT;
-}
-
-void
-tls1_transcript_unfreeze(SSL *s)
-{
-        s->s3->flags &= ~TLS1_FLAGS_FREEZE_TRANSCRIPT;
-}
-
-int
-tls1_transcript_record(SSL *s, const unsigned char *buf, size_t len)
-{
-        if (!tls1_transcript_hash_update(s, buf, len))
-                return 0;
-
-        if (!tls1_transcript_append(s, buf, len))
-                return 0;
-
-        return 1;
-}
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c
deleted file mode 100644
index 4ed76c95ab..0000000000
--- a/src/lib/libssl/ssl_txt.c
+++ /dev/null
@@ -1,202 +0,0 @@
-/* $OpenBSD: ssl_txt.c,v 1.39 2024/07/22 14:47:15 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <stdio.h>
-
-#include <openssl/buffer.h>
-
-#include "ssl_local.h"
-
-int
-SSL_SESSION_print_fp(FILE *fp, const SSL_SESSION *x)
-{
-        BIO *b;
-        int ret;
-
-        if ((b = BIO_new(BIO_s_file())) == NULL) {
-                SSLerrorx(ERR_R_BUF_LIB);
-                return 0;
-        }
-        BIO_set_fp(b, fp, BIO_NOCLOSE);
-        ret = SSL_SESSION_print(b, x);
-        BIO_free(b);
-        return ret;
-}
-LSSL_ALIAS(SSL_SESSION_print_fp);
-
-int
-SSL_SESSION_print(BIO *bp, const SSL_SESSION *x)
-{
-        const SSL_CIPHER *cipher;
-        size_t i;
-        int ret = 0;
-
-        if (x == NULL)
-                goto err;
-
-        if (BIO_puts(bp, "SSL-Session:\n") <= 0)
-                goto err;
-
-        if (BIO_printf(bp, "    Protocol  : %s\n",
-            ssl_version_string(x->ssl_version)) <= 0)
-                goto err;
-
-        if ((cipher = ssl3_get_cipher_by_value(x->cipher_value)) == NULL) {
-                if (BIO_printf(bp, "    Cipher    : %04X\n",
-                    x->cipher_value) <= 0)
-                        goto err;
-        } else {
-                const char *cipher_name = "unknown";
-
-                if (cipher->name != NULL)
-                        cipher_name = cipher->name;
-
-                if (BIO_printf(bp, "    Cipher    : %s\n", cipher_name) <= 0)
-                        goto err;
-        }
-
-        if (BIO_puts(bp, "    Session-ID: ") <= 0)
-                goto err;
-
-        for (i = 0; i < x->session_id_length; i++) {
-                if (BIO_printf(bp, "%02X", x->session_id[i]) <= 0)
-                        goto err;
-        }
-
-        if (BIO_puts(bp, "\n    Session-ID-ctx: ") <= 0)
-                goto err;
-
-        for (i = 0; i < x->sid_ctx_length; i++) {
-                if (BIO_printf(bp, "%02X", x->sid_ctx[i]) <= 0)
-                        goto err;
-        }
-
-        if (BIO_puts(bp, "\n    Master-Key: ") <= 0)
-                goto err;
-
-        for (i = 0; i < x->master_key_length; i++) {
-                if (BIO_printf(bp, "%02X", x->master_key[i]) <= 0)
-                        goto err;
-        }
-
-        if (x->tlsext_tick_lifetime_hint > 0) {
-                if (BIO_printf(bp,
-                    "\n    TLS session ticket lifetime hint: %u (seconds)",
-                    x->tlsext_tick_lifetime_hint) <= 0)
-                        goto err;
-        }
-
-        if (x->tlsext_tick != NULL) {
-                if (BIO_puts(bp, "\n    TLS session ticket:\n") <= 0)
-                        goto err;
-                if (BIO_dump_indent(bp, x->tlsext_tick, x->tlsext_ticklen,
-                    4) <= 0)
-                        goto err;
-        }
-
-        if (x->time != 0) {
-                if (BIO_printf(bp, "\n    Start Time: %lld",
-                    (long long)x->time) <= 0)
-                        goto err;
-        }
-
-        if (x->timeout != 0) {
-                if (BIO_printf(bp, "\n    Timeout   : %ld (sec)",
-                    x->timeout) <= 0)
-                        goto err;
-        }
-
-        if (BIO_puts(bp, "\n") <= 0)
-                goto err;
-
-        if (BIO_printf(bp, "    Verify return code: %ld (%s)\n",
-            x->verify_result,
-            X509_verify_cert_error_string(x->verify_result)) <= 0)
-                goto err;
-
-        ret = 1;
- err:
-        return ret;
-}
-LSSL_ALIAS(SSL_SESSION_print);
diff --git a/src/lib/libssl/ssl_versions.c b/src/lib/libssl/ssl_versions.c
deleted file mode 100644
index 8273546062..0000000000
--- a/src/lib/libssl/ssl_versions.c
+++ /dev/null
@@ -1,373 +0,0 @@
-/* $OpenBSD: ssl_versions.c,v 1.27 2023/07/02 17:21:32 beck Exp $ */
-/*
- * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "ssl_local.h"
-
-static uint16_t
-ssl_dtls_to_tls_version(uint16_t dtls_ver)
-{
-        if (dtls_ver == DTLS1_VERSION)
-                return TLS1_1_VERSION;
-        if (dtls_ver == DTLS1_2_VERSION)
-                return TLS1_2_VERSION;
-        return 0;
-}
-
-static uint16_t
-ssl_tls_to_dtls_version(uint16_t tls_ver)
-{
-        if (tls_ver == TLS1_1_VERSION)
-                return DTLS1_VERSION;
-        if (tls_ver == TLS1_2_VERSION)
-                return DTLS1_2_VERSION;
-        return 0;
-}
-
-static int
-ssl_clamp_tls_version_range(uint16_t *min_ver, uint16_t *max_ver,
-    uint16_t clamp_min, uint16_t clamp_max)
-{
-        if (clamp_min > clamp_max || *min_ver > *max_ver)
-                return 0;
-        if (clamp_max < *min_ver || clamp_min > *max_ver)
-                return 0;
-
-        if (*min_ver < clamp_min)
-                *min_ver = clamp_min;
-        if (*max_ver > clamp_max)
-                *max_ver = clamp_max;
-
-        return 1;
-}
-
-int
-ssl_version_set_min(const SSL_METHOD *meth, uint16_t proto_ver,
-    uint16_t max_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver)
-{
-        uint16_t min_proto, min_version, max_version;
-
-        if (proto_ver == 0) {
-                *out_tls_ver = meth->min_tls_version;
-                *out_proto_ver = 0;
-                return 1;
-        }
-
-        min_version = proto_ver;
-        max_version = max_tls_ver;
-
-        if (meth->dtls) {
-                if ((min_version = ssl_dtls_to_tls_version(proto_ver)) == 0)
-                        return 0;
-        }
-
-        if (!ssl_clamp_tls_version_range(&min_version, &max_version,
-            meth->min_tls_version, meth->max_tls_version))
-                return 0;
-
-        min_proto = min_version;
-        if (meth->dtls) {
-                if ((min_proto = ssl_tls_to_dtls_version(min_version)) == 0)
-                        return 0;
-        }
-        *out_tls_ver = min_version;
-        *out_proto_ver = min_proto;
-
-        return 1;
-}
-
-int
-ssl_version_set_max(const SSL_METHOD *meth, uint16_t proto_ver,
-    uint16_t min_tls_ver, uint16_t *out_tls_ver, uint16_t *out_proto_ver)
-{
-        uint16_t max_proto, min_version, max_version;
-
-        if (proto_ver == 0) {
-                *out_tls_ver = meth->max_tls_version;
-                *out_proto_ver = 0;
-                return 1;
-        }
-
-        min_version = min_tls_ver;
-        max_version = proto_ver;
-
-        if (meth->dtls) {
-                if ((max_version = ssl_dtls_to_tls_version(proto_ver)) == 0)
-                        return 0;
-        }
-
-        if (!ssl_clamp_tls_version_range(&min_version, &max_version,
-            meth->min_tls_version, meth->max_tls_version))
-                return 0;
-
-        max_proto = max_version;
-        if (meth->dtls) {
-                if ((max_proto = ssl_tls_to_dtls_version(max_version)) == 0)
-                        return 0;
-        }
-        *out_tls_ver = max_version;
-        *out_proto_ver = max_proto;
-
-        return 1;
-}
-
-int
-ssl_enabled_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
-{
-        uint16_t min_version, max_version;
-        unsigned long options;
-
-        /*
-         * The enabled versions have to be a contiguous range, which means we
-         * cannot enable and disable single versions at our whim, even though
-         * this is what the OpenSSL flags allow. The historical way this has
-         * been handled is by making a flag mean that all higher versions
-         * are disabled, if any version lower than the flag is enabled.
-         */
-
-        min_version = 0;
-        max_version = TLS1_3_VERSION;
-        options = s->options;
-
-        if (SSL_is_dtls(s)) {
-                options = 0;
-                if (s->options & SSL_OP_NO_DTLSv1)
-                        options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1;
-                if (s->options & SSL_OP_NO_DTLSv1_2)
-                        options |= SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_2;
-        }
-
-        if ((options & SSL_OP_NO_TLSv1_2) == 0)
-                min_version = TLS1_2_VERSION;
-        else if ((options & SSL_OP_NO_TLSv1_3) == 0)
-                min_version = TLS1_3_VERSION;
-
-        if ((options & SSL_OP_NO_TLSv1_3) && min_version < TLS1_3_VERSION)
-                max_version = TLS1_2_VERSION;
-        if ((options & SSL_OP_NO_TLSv1_2) && min_version < TLS1_2_VERSION)
-                max_version = 0;
-
-        /* Everything has been disabled... */
-        if (min_version == 0 || max_version == 0)
-                return 0;
-
-        /* Limit to configured version range. */
-        if (!ssl_clamp_tls_version_range(&min_version, &max_version,
-            s->min_tls_version, s->max_tls_version))
-                return 0;
-
-        /* QUIC requires a minimum of TLSv1.3. */
-        if (SSL_is_quic(s)) {
-                if (max_version < TLS1_3_VERSION)
-                        return 0;
-                if (min_version < TLS1_3_VERSION)
-                        min_version = TLS1_3_VERSION;
-        }
-
-        if (min_ver != NULL)
-                *min_ver = min_version;
-        if (max_ver != NULL)
-                *max_ver = max_version;
-
-        return 1;
-}
-
-int
-ssl_supported_tls_version_range(SSL *s, uint16_t *min_ver, uint16_t *max_ver)
-{
-        uint16_t min_version, max_version;
-
-        if (!ssl_enabled_tls_version_range(s, &min_version, &max_version))
-                return 0;
-
-        /* Limit to the versions supported by this method. */
-        if (!ssl_clamp_tls_version_range(&min_version, &max_version,
-            s->method->min_tls_version, s->method->max_tls_version))
-                return 0;
-
-        if (min_ver != NULL)
-                *min_ver = min_version;
-        if (max_ver != NULL)
-                *max_ver = max_version;
-
-        return 1;
-}
-
-uint16_t
-ssl_tls_version(uint16_t version)
-{
-        if (version == TLS1_VERSION || version == TLS1_1_VERSION ||
-            version == TLS1_2_VERSION || version == TLS1_3_VERSION)
-                return version;
-
-        if (version == DTLS1_VERSION)
-                return TLS1_1_VERSION;
-        if (version == DTLS1_2_VERSION)
-                return TLS1_2_VERSION;
-
-        return 0;
-}
-
-uint16_t
-ssl_effective_tls_version(SSL *s)
-{
-        if (s->s3->hs.negotiated_tls_version > 0)
-                return s->s3->hs.negotiated_tls_version;
-
-        return s->s3->hs.our_max_tls_version;
-}
-
-int
-ssl_max_supported_version(SSL *s, uint16_t *max_ver)
-{
-        uint16_t max_version;
-
-        *max_ver = 0;
-
-        if (!ssl_supported_tls_version_range(s, NULL, &max_version))
-                return 0;
-
-        if (SSL_is_dtls(s)) {
-                if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0)
-                        return 0;
-        }
-
-        *max_ver = max_version;
-
-        return 1;
-}
-
-int
-ssl_max_legacy_version(SSL *s, uint16_t *max_ver)
-{
-        uint16_t max_version;
-
-        if ((max_version = s->s3->hs.our_max_tls_version) > TLS1_2_VERSION)
-                max_version = TLS1_2_VERSION;
-
-        if (SSL_is_dtls(s)) {
-                if ((max_version = ssl_tls_to_dtls_version(max_version)) == 0)
-                        return 0;
-        }
-
-        *max_ver = max_version;
-
-        return 1;
-}
-
-int
-ssl_max_shared_version(SSL *s, uint16_t peer_ver, uint16_t *max_ver)
-{
-        uint16_t min_version, max_version, peer_tls_version, shared_version;
-
-        *max_ver = 0;
-        peer_tls_version = peer_ver;
-
-        if (SSL_is_dtls(s)) {
-                if ((peer_ver >> 8) != DTLS1_VERSION_MAJOR)
-                        return 0;
-
-                /*
-                 * Convert the peer version to a TLS version - DTLS versions are
-                 * the 1's complement of TLS version numbers (but not the actual
-                 * protocol version numbers, that would be too sensible). Not to
-                 * mention that DTLSv1.0 is really equivalent to DTLSv1.1.
-                 */
-                peer_tls_version = ssl_dtls_to_tls_version(peer_ver);
-
-                /*
-                 * This may be a version that we do not know about, if it is
-                 * newer than DTLS1_2_VERSION (yes, less than is correct due
-                 * to the "clever" versioning scheme), use TLS1_2_VERSION.
-                 */
-                if (peer_tls_version == 0) {
-                        if (peer_ver < DTLS1_2_VERSION)
-                                peer_tls_version = TLS1_2_VERSION;
-                }
-        }
-
-        if (peer_tls_version >= TLS1_3_VERSION)
-                shared_version = TLS1_3_VERSION;
-        else if (peer_tls_version >= TLS1_2_VERSION)
-                shared_version = TLS1_2_VERSION;
-        else if (peer_tls_version >= TLS1_1_VERSION)
-                shared_version = TLS1_1_VERSION;
-        else if (peer_tls_version >= TLS1_VERSION)
-                shared_version = TLS1_VERSION;
-        else
-                return 0;
-
-        if (!ssl_supported_tls_version_range(s, &min_version, &max_version))
-                return 0;
-
-        if (shared_version < min_version)
-                return 0;
-
-        if (shared_version > max_version)
-                shared_version = max_version;
-
-        if (SSL_is_dtls(s)) {
-                /*
-                 * The resulting shared version will by definition be something
-                 * that we know about. Switch back from TLS to DTLS.
-                 */
-                shared_version = ssl_tls_to_dtls_version(shared_version);
-                if (shared_version == 0)
-                        return 0;
-        }
-
-        if (!ssl_security_version(s, shared_version))
-                return 0;
-
-        *max_ver = shared_version;
-
-        return 1;
-}
-
-int
-ssl_check_version_from_server(SSL *s, uint16_t server_version)
-{
-        uint16_t min_tls_version, max_tls_version, server_tls_version;
-
-        /* Ensure that the version selected by the server is valid. */
-
-        server_tls_version = server_version;
-        if (SSL_is_dtls(s)) {
-                server_tls_version = ssl_dtls_to_tls_version(server_version);
-                if (server_tls_version == 0)
-                        return 0;
-        }
-
-        if (!ssl_supported_tls_version_range(s, &min_tls_version,
-            &max_tls_version))
-                return 0;
-
-        if (server_tls_version < min_tls_version ||
-            server_tls_version > max_tls_version)
-                return 0;
-
-        return ssl_security_version(s, server_tls_version);
-}
-
-int
-ssl_legacy_stack_version(SSL *s, uint16_t version)
-{
-        if (SSL_is_dtls(s))
-                return version == DTLS1_VERSION || version == DTLS1_2_VERSION;
-
-        return version == TLS1_VERSION || version == TLS1_1_VERSION ||
-            version == TLS1_2_VERSION;
-}
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c
deleted file mode 100644
index 64e1dd5b63..0000000000
--- a/src/lib/libssl/t1_enc.c
+++ /dev/null
@@ -1,417 +0,0 @@
-/* $OpenBSD: t1_enc.c,v 1.158 2024/07/20 04:04:23 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#include <limits.h>
-#include <stdio.h>
-
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/md5.h>
-#include <openssl/opensslconf.h>
-
-#include "dtls_local.h"
-#include "ssl_local.h"
-
-void
-tls1_cleanup_key_block(SSL *s)
-{
-        tls12_key_block_free(s->s3->hs.tls12.key_block);
-        s->s3->hs.tls12.key_block = NULL;
-}
-
-/*
- * TLS P_hash() data expansion function - see RFC 5246, section 5.
- */
-static int
-tls1_P_hash(const EVP_MD *md, const unsigned char *secret, size_t secret_len,
-    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
-    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
-    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len)
-{
-        unsigned char A1[EVP_MAX_MD_SIZE], hmac[EVP_MAX_MD_SIZE];
-        size_t A1_len, hmac_len;
-        EVP_MD_CTX *ctx = NULL;
-        EVP_PKEY *mac_key = NULL;
-        int ret = 0;
-        int chunk;
-        size_t i;
-
-        chunk = EVP_MD_size(md);
-        OPENSSL_assert(chunk >= 0);
-
-        if ((ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, secret, secret_len);
-        if (mac_key == NULL)
-                goto err;
-        if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key))
-                goto err;
-        if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len))
-                goto err;
-        if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len))
-                goto err;
-        if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len))
-                goto err;
-        if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len))
-                goto err;
-        if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len))
-                goto err;
-        if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
-                goto err;
-
-        for (;;) {
-                if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key))
-                        goto err;
-                if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
-                        goto err;
-                if (seed1 && !EVP_DigestSignUpdate(ctx, seed1, seed1_len))
-                        goto err;
-                if (seed2 && !EVP_DigestSignUpdate(ctx, seed2, seed2_len))
-                        goto err;
-                if (seed3 && !EVP_DigestSignUpdate(ctx, seed3, seed3_len))
-                        goto err;
-                if (seed4 && !EVP_DigestSignUpdate(ctx, seed4, seed4_len))
-                        goto err;
-                if (seed5 && !EVP_DigestSignUpdate(ctx, seed5, seed5_len))
-                        goto err;
-                if (!EVP_DigestSignFinal(ctx, hmac, &hmac_len))
-                        goto err;
-
-                if (hmac_len > out_len)
-                        hmac_len = out_len;
-
-                for (i = 0; i < hmac_len; i++)
-                        out[i] ^= hmac[i];
-
-                out += hmac_len;
-                out_len -= hmac_len;
-
-                if (out_len == 0)
-                        break;
-
-                if (!EVP_DigestSignInit(ctx, NULL, md, NULL, mac_key))
-                        goto err;
-                if (!EVP_DigestSignUpdate(ctx, A1, A1_len))
-                        goto err;
-                if (!EVP_DigestSignFinal(ctx, A1, &A1_len))
-                        goto err;
-        }
-        ret = 1;
-
- err:
-        EVP_PKEY_free(mac_key);
-        EVP_MD_CTX_free(ctx);
-
-        explicit_bzero(A1, sizeof(A1));
-        explicit_bzero(hmac, sizeof(hmac));
-
-        return ret;
-}
-
-int
-tls1_PRF(SSL *s, const unsigned char *secret, size_t secret_len,
-    const void *seed1, size_t seed1_len, const void *seed2, size_t seed2_len,
-    const void *seed3, size_t seed3_len, const void *seed4, size_t seed4_len,
-    const void *seed5, size_t seed5_len, unsigned char *out, size_t out_len)
-{
-        const EVP_MD *md;
-        size_t half_len;
-
-        memset(out, 0, out_len);
-
-        if (!ssl_get_handshake_evp_md(s, &md))
-                return (0);
-
-        if (EVP_MD_type(md) == NID_md5_sha1) {
-                /*
-                 * Partition secret between MD5 and SHA1, then XOR result.
-                 * If the secret length is odd, a one byte overlap is used.
-                 */
-                half_len = secret_len - (secret_len / 2);
-                if (!tls1_P_hash(EVP_md5(), secret, half_len, seed1, seed1_len,
-                    seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
-                    seed5, seed5_len, out, out_len))
-                        return (0);
-
-                secret += secret_len - half_len;
-                if (!tls1_P_hash(EVP_sha1(), secret, half_len, seed1, seed1_len,
-                    seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
-                    seed5, seed5_len, out, out_len))
-                        return (0);
-
-                return (1);
-        }
-
-        if (!tls1_P_hash(md, secret, secret_len, seed1, seed1_len,
-            seed2, seed2_len, seed3, seed3_len, seed4, seed4_len,
-            seed5, seed5_len, out, out_len))
-                return (0);
-
-        return (1);
-}
-
-int
-tls1_generate_key_block(SSL *s, uint8_t *key_block, size_t key_block_len)
-{
-        return tls1_PRF(s,
-            s->session->master_key, s->session->master_key_length,
-            TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
-            s->s3->server_random, SSL3_RANDOM_SIZE,
-            s->s3->client_random, SSL3_RANDOM_SIZE,
-            NULL, 0, NULL, 0, key_block, key_block_len);
-}
-
-static int
-tls1_change_cipher_state(SSL *s, int is_write)
-{
-        CBS mac_key, key, iv;
-
-        /* Use client write keys on client write and server read. */
-        if ((!s->server && is_write) || (s->server && !is_write)) {
-                tls12_key_block_client_write(s->s3->hs.tls12.key_block,
-                    &mac_key, &key, &iv);
-        } else {
-                tls12_key_block_server_write(s->s3->hs.tls12.key_block,
-                    &mac_key, &key, &iv);
-        }
-
-        if (!is_write) {
-                if (!tls12_record_layer_change_read_cipher_state(s->rl,
-                    &mac_key, &key, &iv))
-                        goto err;
-                if (SSL_is_dtls(s))
-                        dtls1_reset_read_seq_numbers(s);
-        } else {
-                if (!tls12_record_layer_change_write_cipher_state(s->rl,
-                    &mac_key, &key, &iv))
-                        goto err;
-        }
-        return (1);
-
- err:
-        return (0);
-}
-
-int
-tls1_change_read_cipher_state(SSL *s)
-{
-        return tls1_change_cipher_state(s, 0);
-}
-
-int
-tls1_change_write_cipher_state(SSL *s)
-{
-        return tls1_change_cipher_state(s, 1);
-}
-
-int
-tls1_setup_key_block(SSL *s)
-{
-        struct tls12_key_block *key_block;
-        int mac_type = NID_undef, mac_secret_size = 0;
-        const EVP_CIPHER *cipher = NULL;
-        const EVP_AEAD *aead = NULL;
-        const EVP_MD *handshake_hash = NULL;
-        const EVP_MD *mac_hash = NULL;
-        int ret = 0;
-
-        /*
-         * XXX - callers should be changed so that they only call this
-         * function once.
-         */
-        if (s->s3->hs.tls12.key_block != NULL)
-                return (1);
-
-        if (s->s3->hs.cipher == NULL)
-                return (0);
-
-        if ((s->s3->hs.cipher->algorithm_mac & SSL_AEAD) != 0) {
-                if (!ssl_cipher_get_evp_aead(s, &aead)) {
-                        SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-                        return (0);
-                }
-        } else {
-                /* XXX - mac_type and mac_secret_size are now unused. */
-                if (!ssl_cipher_get_evp(s, &cipher, &mac_hash,
-                    &mac_type, &mac_secret_size)) {
-                        SSLerror(s, SSL_R_CIPHER_OR_HASH_UNAVAILABLE);
-                        return (0);
-                }
-        }
-
-        if (!ssl_get_handshake_evp_md(s, &handshake_hash))
-                return (0);
-
-        tls12_record_layer_set_aead(s->rl, aead);
-        tls12_record_layer_set_cipher_hash(s->rl, cipher,
-            handshake_hash, mac_hash);
-
-        if ((key_block = tls12_key_block_new()) == NULL)
-                goto err;
-        if (!tls12_key_block_generate(key_block, s, aead, cipher, mac_hash))
-                goto err;
-
-        s->s3->hs.tls12.key_block = key_block;
-        key_block = NULL;
-
-        if (!(s->options & SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS) &&
-            s->method->version <= TLS1_VERSION) {
-                /*
-                 * Enable vulnerability countermeasure for CBC ciphers with
-                 * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt)
-                 */
-                s->s3->need_empty_fragments = 1;
-
-                if (s->s3->hs.cipher != NULL) {
-                        if (s->s3->hs.cipher->algorithm_enc == SSL_eNULL)
-                                s->s3->need_empty_fragments = 0;
-
-#ifndef OPENSSL_NO_RC4
-                        if (s->s3->hs.cipher->algorithm_enc == SSL_RC4)
-                                s->s3->need_empty_fragments = 0;
-#endif
-                }
-        }
-
-        ret = 1;
-
- err:
-        tls12_key_block_free(key_block);
-
-        return (ret);
-}
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c
deleted file mode 100644
index b200f78098..0000000000
--- a/src/lib/libssl/t1_lib.c
+++ /dev/null
@@ -1,1119 +0,0 @@
-/* $OpenBSD: t1_lib.c,v 1.204 2025/01/18 14:17:05 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-
-static int tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert,
-    SSL_SESSION **psess);
-
-int
-tls1_new(SSL *s)
-{
-        if (!ssl3_new(s))
-                return 0;
-        s->method->ssl_clear(s);
-        return 1;
-}
-
-void
-tls1_free(SSL *s)
-{
-        if (s == NULL)
-                return;
-
-        free(s->tlsext_session_ticket);
-        ssl3_free(s);
-}
-
-void
-tls1_clear(SSL *s)
-{
-        ssl3_clear(s);
-        s->version = s->method->version;
-}
-
-struct supported_group {
-        int nid;
-        int bits;
-};
-
-/*
- * Supported groups (formerly known as named curves)
- * https://www.iana.org/assignments/tls-parameters/#tls-parameters-8
- */
-static const struct supported_group nid_list[] = {
-        [1] = {
-                .nid = NID_sect163k1,
-                .bits = 80,
-        },
-        [2] = {
-                .nid = NID_sect163r1,
-                .bits = 80,
-        },
-        [3] = {
-                .nid = NID_sect163r2,
-                .bits = 80,
-        },
-        [4] = {
-                .nid = NID_sect193r1,
-                .bits = 80,
-        },
-        [5] = {
-                .nid = NID_sect193r2,
-                .bits = 80,
-        },
-        [6] = {
-                .nid = NID_sect233k1,
-                .bits = 112,
-        },
-        [7] = {
-                .nid = NID_sect233r1,
-                .bits = 112,
-        },
-        [8] = {
-                .nid = NID_sect239k1,
-                .bits = 112,
-        },
-        [9] = {
-                .nid = NID_sect283k1,
-                .bits = 128,
-        },
-        [10] = {
-                .nid = NID_sect283r1,
-                .bits = 128,
-        },
-        [11] = {
-                .nid = NID_sect409k1,
-                .bits = 192,
-        },
-        [12] = {
-                .nid = NID_sect409r1,
-                .bits = 192,
-        },
-        [13] = {
-                .nid = NID_sect571k1,
-                .bits = 256,
-        },
-        [14] = {
-                .nid = NID_sect571r1,
-                .bits = 256,
-        },
-        [15] = {
-                .nid = NID_secp160k1,
-                .bits = 80,
-        },
-        [16] = {
-                .nid = NID_secp160r1,
-                .bits = 80,
-        },
-        [17] = {
-                .nid = NID_secp160r2,
-                .bits = 80,
-        },
-        [18] = {
-                .nid = NID_secp192k1,
-                .bits = 80,
-        },
-        [19] = {
-                .nid = NID_X9_62_prime192v1,    /* aka secp192r1 */
-                .bits = 80,
-        },
-        [20] = {
-                .nid = NID_secp224k1,
-                .bits = 112,
-        },
-        [21] = {
-                .nid = NID_secp224r1,
-                .bits = 112,
-        },
-        [22] = {
-                .nid = NID_secp256k1,
-                .bits = 128,
-        },
-        [23] = {
-                .nid = NID_X9_62_prime256v1,    /* aka secp256r1 */
-                .bits = 128,
-        },
-        [24] = {
-                .nid = NID_secp384r1,
-                .bits = 192,
-        },
-        [25] = {
-                .nid = NID_secp521r1,
-                .bits = 256,
-        },
-        [26] = {
-                .nid = NID_brainpoolP256r1,
-                .bits = 128,
-        },
-        [27] = {
-                .nid = NID_brainpoolP384r1,
-                .bits = 192,
-        },
-        [28] = {
-                .nid = NID_brainpoolP512r1,
-                .bits = 256,
-        },
-        [29] = {
-                .nid = NID_X25519,
-                .bits = 128,
-        },
-};
-
-#define NID_LIST_LEN (sizeof(nid_list) / sizeof(nid_list[0]))
-
-#if 0
-static const uint8_t ecformats_list[] = {
-        TLSEXT_ECPOINTFORMAT_uncompressed,
-        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime,
-        TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2
-};
-#endif
-
-static const uint8_t ecformats_default[] = {
-        TLSEXT_ECPOINTFORMAT_uncompressed,
-};
-
-#if 0
-static const uint16_t ecgroups_list[] = {
-        29,                     /* X25519 (29) */
-        14,                     /* sect571r1 (14) */
-        13,                     /* sect571k1 (13) */
-        25,                     /* secp521r1 (25) */
-        28,                     /* brainpoolP512r1 (28) */
-        11,                     /* sect409k1 (11) */
-        12,                     /* sect409r1 (12) */
-        27,                     /* brainpoolP384r1 (27) */
-        24,                     /* secp384r1 (24) */
-        9,                      /* sect283k1 (9) */
-        10,                     /* sect283r1 (10) */
-        26,                     /* brainpoolP256r1 (26) */
-        22,                     /* secp256k1 (22) */
-        23,                     /* secp256r1 (23) */
-        8,                      /* sect239k1 (8) */
-        6,                      /* sect233k1 (6) */
-        7,                      /* sect233r1 (7) */
-        20,                     /* secp224k1 (20) */
-        21,                     /* secp224r1 (21) */
-        4,                      /* sect193r1 (4) */
-        5,                      /* sect193r2 (5) */
-        18,                     /* secp192k1 (18) */
-        19,                     /* secp192r1 (19) */
-        1,                      /* sect163k1 (1) */
-        2,                      /* sect163r1 (2) */
-        3,                      /* sect163r2 (3) */
-        15,                     /* secp160k1 (15) */
-        16,                     /* secp160r1 (16) */
-        17,                     /* secp160r2 (17) */
-};
-#endif
-
-static const uint16_t ecgroups_client_default[] = {
-        29,                     /* X25519 (29) */
-        23,                     /* secp256r1 (23) */
-        24,                     /* secp384r1 (24) */
-        25,                     /* secp521r1 (25) */
-};
-
-static const uint16_t ecgroups_server_default[] = {
-        29,                     /* X25519 (29) */
-        23,                     /* secp256r1 (23) */
-        24,                     /* secp384r1 (24) */
-};
-
-int
-tls1_ec_group_id2nid(uint16_t group_id, int *out_nid)
-{
-        int nid;
-
-        if (group_id >= NID_LIST_LEN)
-                return 0;
-
-        if ((nid = nid_list[group_id].nid) == 0)
-                return 0;
-
-        *out_nid = nid;
-
-        return 1;
-}
-
-int
-tls1_ec_group_id2bits(uint16_t group_id, int *out_bits)
-{
-        int bits;
-
-        if (group_id >= NID_LIST_LEN)
-                return 0;
-
-        if ((bits = nid_list[group_id].bits) == 0)
-                return 0;
-
-        *out_bits = bits;
-
-        return 1;
-}
-
-int
-tls1_ec_nid2group_id(int nid, uint16_t *out_group_id)
-{
-        uint16_t group_id;
-
-        if (nid == 0)
-                return 0;
-
-        for (group_id = 0; group_id < NID_LIST_LEN; group_id++) {
-                if (nid_list[group_id].nid == nid) {
-                        *out_group_id = group_id;
-                        return 1;
-                }
-        }
-
-        return 0;
-}
-
-/*
- * Return the appropriate format list. If client_formats is non-zero, return
- * the client/session formats. Otherwise return the custom format list if one
- * exists, or the default formats if a custom list has not been specified.
- */
-void
-tls1_get_formatlist(const SSL *s, int client_formats, const uint8_t **pformats,
-    size_t *pformatslen)
-{
-        if (client_formats != 0) {
-                *pformats = s->session->tlsext_ecpointformatlist;
-                *pformatslen = s->session->tlsext_ecpointformatlist_length;
-                return;
-        }
-
-        *pformats = s->tlsext_ecpointformatlist;
-        *pformatslen = s->tlsext_ecpointformatlist_length;
-        if (*pformats == NULL) {
-                *pformats = ecformats_default;
-                *pformatslen = sizeof(ecformats_default);
-        }
-}
-
-/*
- * Return the appropriate group list. If client_groups is non-zero, return
- * the client/session groups. Otherwise return the custom group list if one
- * exists, or the default groups if a custom list has not been specified.
- */
-void
-tls1_get_group_list(const SSL *s, int client_groups, const uint16_t **pgroups,
-    size_t *pgroupslen)
-{
-        if (client_groups != 0) {
-                *pgroups = s->session->tlsext_supportedgroups;
-                *pgroupslen = s->session->tlsext_supportedgroups_length;
-                return;
-        }
-
-        *pgroups = s->tlsext_supportedgroups;
-        *pgroupslen = s->tlsext_supportedgroups_length;
-        if (*pgroups != NULL)
-                return;
-
-        if (!s->server) {
-                *pgroups = ecgroups_client_default;
-                *pgroupslen = sizeof(ecgroups_client_default) / 2;
-        } else {
-                *pgroups = ecgroups_server_default;
-                *pgroupslen = sizeof(ecgroups_server_default) / 2;
-        }
-}
-
-static int
-tls1_get_group_lists(const SSL *ssl, const uint16_t **pref, size_t *preflen,
-    const uint16_t **supp, size_t *supplen)
-{
-        unsigned long server_pref;
-
-        /* Cannot do anything on the client side. */
-        if (!ssl->server)
-                return 0;
-
-        server_pref = (ssl->options & SSL_OP_CIPHER_SERVER_PREFERENCE);
-        tls1_get_group_list(ssl, (server_pref == 0), pref, preflen);
-        tls1_get_group_list(ssl, (server_pref != 0), supp, supplen);
-
-        return 1;
-}
-
-static int
-tls1_group_id_present(uint16_t group_id, const uint16_t *list, size_t list_len)
-{
-        size_t i;
-
-        for (i = 0; i < list_len; i++) {
-                if (group_id == list[i])
-                        return 1;
-        }
-
-        return 0;
-}
-
-int
-tls1_count_shared_groups(const SSL *ssl, size_t *out_count)
-{
-        size_t count, preflen, supplen, i;
-        const uint16_t *pref, *supp;
-
-        if (!tls1_get_group_lists(ssl, &pref, &preflen, &supp, &supplen))
-                return 0;
-
-        count = 0;
-        for (i = 0; i < preflen; i++) {
-                if (!tls1_group_id_present(pref[i], supp, supplen))
-                        continue;
-
-                if (!ssl_security_shared_group(ssl, pref[i]))
-                        continue;
-
-                count++;
-        }
-
-        *out_count = count;
-
-        return 1;
-}
-
-static int
-tls1_group_by_index(const SSL *ssl, size_t n, int *out_nid,
-    int (*ssl_security_fn)(const SSL *, uint16_t))
-{
-        size_t count, preflen, supplen, i;
-        const uint16_t *pref, *supp;
-
-        if (!tls1_get_group_lists(ssl, &pref, &preflen, &supp, &supplen))
-                return 0;
-
-        count = 0;
-        for (i = 0; i < preflen; i++) {
-                if (!tls1_group_id_present(pref[i], supp, supplen))
-                        continue;
-
-                if (!ssl_security_fn(ssl, pref[i]))
-                        continue;
-
-                if (count++ == n)
-                        return tls1_ec_group_id2nid(pref[i], out_nid);
-        }
-
-        return 0;
-}
-
-int
-tls1_get_shared_group_by_index(const SSL *ssl, size_t index, int *out_nid)
-{
-        return tls1_group_by_index(ssl, index, out_nid,
-            ssl_security_shared_group);
-}
-
-int
-tls1_get_supported_group(const SSL *ssl, int *out_nid)
-{
-        return tls1_group_by_index(ssl, 0, out_nid,
-            ssl_security_supported_group);
-}
-
-int
-tls1_set_groups(uint16_t **out_group_ids, size_t *out_group_ids_len,
-    const int *groups, size_t ngroups)
-{
-        uint16_t *group_ids;
-        size_t i;
-
-        if ((group_ids = calloc(ngroups, sizeof(uint16_t))) == NULL)
-                return 0;
-
-        for (i = 0; i < ngroups; i++) {
-                if (!tls1_ec_nid2group_id(groups[i], &group_ids[i])) {
-                        free(group_ids);
-                        return 0;
-                }
-        }
-
-        free(*out_group_ids);
-        *out_group_ids = group_ids;
-        *out_group_ids_len = ngroups;
-
-        return 1;
-}
-
-int
-tls1_set_group_list(uint16_t **out_group_ids, size_t *out_group_ids_len,
-    const char *groups)
-{
-        uint16_t *new_group_ids, *group_ids = NULL;
-        size_t ngroups = 0;
-        char *gs, *p, *q;
-        int nid;
-
-        if ((gs = strdup(groups)) == NULL)
-                return 0;
-
-        q = gs;
-        while ((p = strsep(&q, ":")) != NULL) {
-                nid = OBJ_sn2nid(p);
-                if (nid == NID_undef)
-                        nid = OBJ_ln2nid(p);
-                if (nid == NID_undef)
-                        nid = EC_curve_nist2nid(p);
-                if (nid == NID_undef)
-                        goto err;
-
-                if ((new_group_ids = reallocarray(group_ids, ngroups + 1,
-                    sizeof(uint16_t))) == NULL)
-                        goto err;
-                group_ids = new_group_ids;
-
-                if (!tls1_ec_nid2group_id(nid, &group_ids[ngroups]))
-                        goto err;
-
-                ngroups++;
-        }
-
-        free(gs);
-        free(*out_group_ids);
-        *out_group_ids = group_ids;
-        *out_group_ids_len = ngroups;
-
-        return 1;
-
- err:
-        free(gs);
-        free(group_ids);
-
-        return 0;
-}
-
-/* Check that a group is one of our preferences. */
-int
-tls1_check_group(SSL *s, uint16_t group_id)
-{
-        const uint16_t *groups;
-        size_t groupslen, i;
-
-        tls1_get_group_list(s, 0, &groups, &groupslen);
-
-        for (i = 0; i < groupslen; i++) {
-                if (!ssl_security_supported_group(s, groups[i]))
-                        continue;
-                if (groups[i] == group_id)
-                        return 1;
-        }
-        return 0;
-}
-
-/* For an EC key set TLS ID and required compression based on parameters. */
-static int
-tls1_set_ec_id(uint16_t *group_id, uint8_t *comp_id, EC_KEY *ec)
-{
-        const EC_GROUP *group;
-        int nid;
-
-        if ((group = EC_KEY_get0_group(ec)) == NULL)
-                return 0;
-
-        /* Determine group ID. */
-        nid = EC_GROUP_get_curve_name(group);
-        if (!tls1_ec_nid2group_id(nid, group_id))
-                return 0;
-
-        /* Specify the compression identifier. */
-        if (EC_KEY_get0_public_key(ec) == NULL)
-                return 0;
-        *comp_id = TLSEXT_ECPOINTFORMAT_uncompressed;
-        if (EC_KEY_get_conv_form(ec) == POINT_CONVERSION_COMPRESSED) {
-                *comp_id = TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime;
-        }
-
-        return 1;
-}
-
-/* Check that an EC key is compatible with extensions. */
-static int
-tls1_check_ec_key(SSL *s, const uint16_t group_id, const uint8_t comp_id)
-{
-        size_t groupslen, formatslen, i;
-        const uint16_t *groups;
-        const uint8_t *formats;
-
-        /*
-         * Check point formats extension if present, otherwise everything
-         * is supported (see RFC4492).
-         */
-        tls1_get_formatlist(s, 1, &formats, &formatslen);
-        if (formats != NULL) {
-                for (i = 0; i < formatslen; i++) {
-                        if (formats[i] == comp_id)
-                                break;
-                }
-                if (i == formatslen)
-                        return 0;
-        }
-
-        /*
-         * Check group list if present, otherwise everything is supported.
-         */
-        tls1_get_group_list(s, 1, &groups, &groupslen);
-        if (groups != NULL) {
-                for (i = 0; i < groupslen; i++) {
-                        if (groups[i] == group_id)
-                                break;
-                }
-                if (i == groupslen)
-                        return 0;
-        }
-
-        return 1;
-}
-
-/* Check EC server key is compatible with client extensions. */
-int
-tls1_check_ec_server_key(SSL *s)
-{
-        SSL_CERT_PKEY *cpk = s->cert->pkeys + SSL_PKEY_ECC;
-        uint16_t group_id;
-        uint8_t comp_id;
-        EC_KEY *eckey;
-        EVP_PKEY *pkey;
-
-        if (cpk->x509 == NULL || cpk->privatekey == NULL)
-                return 0;
-        if ((pkey = X509_get0_pubkey(cpk->x509)) == NULL)
-                return 0;
-        if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL)
-                return 0;
-        if (!tls1_set_ec_id(&group_id, &comp_id, eckey))
-                return 0;
-
-        return tls1_check_ec_key(s, group_id, comp_id);
-}
-
-int
-ssl_check_clienthello_tlsext_early(SSL *s)
-{
-        int ret = SSL_TLSEXT_ERR_NOACK;
-        int al = SSL_AD_UNRECOGNIZED_NAME;
-
-        /* The handling of the ECPointFormats extension is done elsewhere, namely in
-         * ssl3_choose_cipher in s3_lib.c.
-         */
-        /* The handling of the EllipticCurves extension is done elsewhere, namely in
-         * ssl3_choose_cipher in s3_lib.c.
-         */
-
-        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-                ret = s->ctx->tlsext_servername_callback(s, &al,
-                    s->ctx->tlsext_servername_arg);
-        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
-                ret = s->initial_ctx->tlsext_servername_callback(s, &al,
-                    s->initial_ctx->tlsext_servername_arg);
-
-        switch (ret) {
-        case SSL_TLSEXT_ERR_ALERT_FATAL:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                return -1;
-        case SSL_TLSEXT_ERR_ALERT_WARNING:
-                ssl3_send_alert(s, SSL3_AL_WARNING, al);
-                return 1;
-        case SSL_TLSEXT_ERR_NOACK:
-        default:
-                return 1;
-        }
-}
-
-int
-ssl_check_clienthello_tlsext_late(SSL *s)
-{
-        int ret = SSL_TLSEXT_ERR_OK;
-        int al = 0;     /* XXX gcc3 */
-
-        /* If status request then ask callback what to do.
-         * Note: this must be called after servername callbacks in case
-         * the certificate has changed, and must be called after the cipher
-         * has been chosen because this may influence which certificate is sent
-         */
-        if ((s->tlsext_status_type != -1) &&
-            s->ctx && s->ctx->tlsext_status_cb) {
-                int r;
-                SSL_CERT_PKEY *certpkey;
-                certpkey = ssl_get_server_send_pkey(s);
-                /* If no certificate can't return certificate status */
-                if (certpkey == NULL) {
-                        s->tlsext_status_expected = 0;
-                        return 1;
-                }
-                /* Set current certificate to one we will use so
-                 * SSL_get_certificate et al can pick it up.
-                 */
-                s->cert->key = certpkey;
-                r = s->ctx->tlsext_status_cb(s,
-                    s->ctx->tlsext_status_arg);
-                switch (r) {
-                        /* We don't want to send a status request response */
-                case SSL_TLSEXT_ERR_NOACK:
-                        s->tlsext_status_expected = 0;
-                        break;
-                        /* status request response should be sent */
-                case SSL_TLSEXT_ERR_OK:
-                        if (s->tlsext_ocsp_resp)
-                                s->tlsext_status_expected = 1;
-                        else
-                                s->tlsext_status_expected = 0;
-                        break;
-                        /* something bad happened */
-                case SSL_TLSEXT_ERR_ALERT_FATAL:
-                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                        al = SSL_AD_INTERNAL_ERROR;
-                        goto err;
-                }
-        } else
-                s->tlsext_status_expected = 0;
-
- err:
-        switch (ret) {
-        case SSL_TLSEXT_ERR_ALERT_FATAL:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                return -1;
-        case SSL_TLSEXT_ERR_ALERT_WARNING:
-                ssl3_send_alert(s, SSL3_AL_WARNING, al);
-                return 1;
-        default:
-                return 1;
-        }
-}
-
-int
-ssl_check_serverhello_tlsext(SSL *s)
-{
-        int ret = SSL_TLSEXT_ERR_NOACK;
-        int al = SSL_AD_UNRECOGNIZED_NAME;
-
-        ret = SSL_TLSEXT_ERR_OK;
-
-        if (s->ctx != NULL && s->ctx->tlsext_servername_callback != 0)
-                ret = s->ctx->tlsext_servername_callback(s, &al,
-                    s->ctx->tlsext_servername_arg);
-        else if (s->initial_ctx != NULL && s->initial_ctx->tlsext_servername_callback != 0)
-                ret = s->initial_ctx->tlsext_servername_callback(s, &al,
-                    s->initial_ctx->tlsext_servername_arg);
-
-        /* If we've requested certificate status and we wont get one
-         * tell the callback
-         */
-        if ((s->tlsext_status_type != -1) && !(s->tlsext_status_expected) &&
-            s->ctx && s->ctx->tlsext_status_cb) {
-                int r;
-
-                free(s->tlsext_ocsp_resp);
-                s->tlsext_ocsp_resp = NULL;
-                s->tlsext_ocsp_resp_len = 0;
-
-                r = s->ctx->tlsext_status_cb(s,
-                    s->ctx->tlsext_status_arg);
-                if (r == 0) {
-                        al = SSL_AD_BAD_CERTIFICATE_STATUS_RESPONSE;
-                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                }
-                if (r < 0) {
-                        al = SSL_AD_INTERNAL_ERROR;
-                        ret = SSL_TLSEXT_ERR_ALERT_FATAL;
-                }
-        }
-
-        switch (ret) {
-        case SSL_TLSEXT_ERR_ALERT_FATAL:
-                ssl3_send_alert(s, SSL3_AL_FATAL, al);
-                return -1;
-        case SSL_TLSEXT_ERR_ALERT_WARNING:
-                ssl3_send_alert(s, SSL3_AL_WARNING, al);
-                return 1;
-        case SSL_TLSEXT_ERR_NOACK:
-        default:
-                return 1;
-        }
-}
-
-/* Since the server cache lookup is done early on in the processing of the
- * ClientHello, and other operations depend on the result, we need to handle
- * any TLS session ticket extension at the same time.
- *
- *   ext_block: a CBS for the ClientHello extensions block.
- *   ret: (output) on return, if a ticket was decrypted, then this is set to
- *       point to the resulting session.
- *
- * If s->tls_session_secret_cb is set then we are expecting a pre-shared key
- * ciphersuite, in which case we have no use for session tickets and one will
- * never be decrypted, nor will s->tlsext_ticket_expected be set to 1.
- *
- * Returns:
- *    TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
- *    TLS1_TICKET_NONE: no ticket was found (or was ignored, based on settings).
- *    TLS1_TICKET_EMPTY: a zero length extension was found, indicating that the
- *       client supports session tickets but doesn't currently have one to offer.
- *    TLS1_TICKET_NOT_DECRYPTED: either s->tls_session_secret_cb was
- *       set, or a ticket was offered but couldn't be decrypted because of a
- *       non-fatal error.
- *    TLS1_TICKET_DECRYPTED: a ticket was successfully decrypted and *ret was set.
- *
- * Side effects:
- *   Sets s->tlsext_ticket_expected to 1 if the server will have to issue
- *   a new session ticket to the client because the client indicated support
- *   (and s->tls_session_secret_cb is NULL) but the client either doesn't have
- *   a session ticket or we couldn't use the one it gave us, or if
- *   s->ctx->tlsext_ticket_key_cb asked to renew the client's ticket.
- *   Otherwise, s->tlsext_ticket_expected is set to 0.
- */
-int
-tls1_process_ticket(SSL *s, CBS *ext_block, int *alert, SSL_SESSION **ret)
-{
-        CBS extensions, ext_data;
-        uint16_t ext_type = 0;
-
-        s->tlsext_ticket_expected = 0;
-        *ret = NULL;
-
-        /*
-         * If tickets disabled behave as if no ticket present to permit stateful
-         * resumption.
-         */
-        if (SSL_get_options(s) & SSL_OP_NO_TICKET)
-                return TLS1_TICKET_NONE;
-
-        /*
-         * An empty extensions block is valid, but obviously does not contain
-         * a session ticket.
-         */
-        if (CBS_len(ext_block) == 0)
-                return TLS1_TICKET_NONE;
-
-        if (!CBS_get_u16_length_prefixed(ext_block, &extensions)) {
-                *alert = SSL_AD_DECODE_ERROR;
-                return TLS1_TICKET_FATAL_ERROR;
-        }
-
-        while (CBS_len(&extensions) > 0) {
-                if (!CBS_get_u16(&extensions, &ext_type) ||
-                    !CBS_get_u16_length_prefixed(&extensions, &ext_data)) {
-                        *alert = SSL_AD_DECODE_ERROR;
-                        return TLS1_TICKET_FATAL_ERROR;
-                }
-
-                if (ext_type == TLSEXT_TYPE_session_ticket)
-                        break;
-        }
-
-        if (ext_type != TLSEXT_TYPE_session_ticket)
-                return TLS1_TICKET_NONE;
-
-        if (CBS_len(&ext_data) == 0) {
-                /*
-                 * The client will accept a ticket but does not currently
-                 * have one.
-                 */
-                s->tlsext_ticket_expected = 1;
-                return TLS1_TICKET_EMPTY;
-        }
-
-        if (s->tls_session_secret_cb != NULL) {
-                /*
-                 * Indicate that the ticket could not be decrypted rather than
-                 * generating the session from ticket now, trigger abbreviated
-                 * handshake based on external mechanism to calculate the master
-                 * secret later.
-                 */
-                return TLS1_TICKET_NOT_DECRYPTED;
-        }
-
-        return tls_decrypt_ticket(s, &ext_data, alert, ret);
-}
-
-/* tls_decrypt_ticket attempts to decrypt a session ticket.
- *
- *   ticket: a CBS containing the body of the session ticket extension.
- *   psess: (output) on return, if a ticket was decrypted, then this is set to
- *       point to the resulting session.
- *
- * Returns:
- *    TLS1_TICKET_FATAL_ERROR: error from parsing or decrypting the ticket.
- *    TLS1_TICKET_NOT_DECRYPTED: the ticket couldn't be decrypted.
- *    TLS1_TICKET_DECRYPTED: a ticket was decrypted and *psess was set.
- */
-static int
-tls_decrypt_ticket(SSL *s, CBS *ticket, int *alert, SSL_SESSION **psess)
-{
-        CBS ticket_name, ticket_iv, ticket_encdata, ticket_hmac;
-        SSL_SESSION *sess = NULL;
-        unsigned char *sdec = NULL;
-        size_t sdec_len = 0;
-        const unsigned char *p;
-        unsigned char hmac[EVP_MAX_MD_SIZE];
-        HMAC_CTX *hctx = NULL;
-        EVP_CIPHER_CTX *cctx = NULL;
-        SSL_CTX *tctx = s->initial_ctx;
-        int slen, hlen, iv_len;
-        int alert_desc = SSL_AD_INTERNAL_ERROR;
-        int ret = TLS1_TICKET_FATAL_ERROR;
-
-        *psess = NULL;
-
-        if (!CBS_get_bytes(ticket, &ticket_name, 16))
-                goto derr;
-
-        /*
-         * Initialize session ticket encryption and HMAC contexts.
-         */
-        if ((cctx = EVP_CIPHER_CTX_new()) == NULL)
-                goto err;
-        if ((hctx = HMAC_CTX_new()) == NULL)
-                goto err;
-
-        if (tctx->tlsext_ticket_key_cb != NULL) {
-                int rv;
-
-                /*
-                 * The API guarantees EVP_MAX_IV_LENGTH bytes of space for
-                 * the iv to tlsext_ticket_key_cb().  Since the total space
-                 * required for a session cookie is never less than this,
-                 * this check isn't too strict.  The exact check comes later.
-                 */
-                if (CBS_len(ticket) < EVP_MAX_IV_LENGTH)
-                        goto derr;
-
-                if ((rv = tctx->tlsext_ticket_key_cb(s,
-                    (unsigned char *)CBS_data(&ticket_name),
-                    (unsigned char *)CBS_data(ticket), cctx, hctx, 0)) < 0)
-                        goto err;
-                if (rv == 0)
-                        goto derr;
-                if (rv == 2) {
-                        /* Renew ticket. */
-                        s->tlsext_ticket_expected = 1;
-                }
-
-                if ((iv_len = EVP_CIPHER_CTX_iv_length(cctx)) < 0)
-                        goto err;
-                /*
-                 * Now that the cipher context is initialised, we can extract
-                 * the IV since its length is known.
-                 */
-                if (!CBS_get_bytes(ticket, &ticket_iv, iv_len))
-                        goto derr;
-        } else {
-                /* Check that the key name matches. */
-                if (!CBS_mem_equal(&ticket_name,
-                    tctx->tlsext_tick_key_name,
-                    sizeof(tctx->tlsext_tick_key_name)))
-                        goto derr;
-                if ((iv_len = EVP_CIPHER_iv_length(EVP_aes_128_cbc())) < 0)
-                        goto err;
-                if (!CBS_get_bytes(ticket, &ticket_iv, iv_len))
-                        goto derr;
-                if (!EVP_DecryptInit_ex(cctx, EVP_aes_128_cbc(), NULL,
-                    tctx->tlsext_tick_aes_key, CBS_data(&ticket_iv)))
-                        goto err;
-                if (!HMAC_Init_ex(hctx, tctx->tlsext_tick_hmac_key,
-                    sizeof(tctx->tlsext_tick_hmac_key), EVP_sha256(),
-                    NULL))
-                        goto err;
-        }
-
-        /*
-         * Attempt to process session ticket.
-         */
-
-        if ((hlen = HMAC_size(hctx)) < 0)
-                goto err;
-
-        if (hlen > CBS_len(ticket))
-                goto derr;
-        if (!CBS_get_bytes(ticket, &ticket_encdata, CBS_len(ticket) - hlen))
-                goto derr;
-        if (!CBS_get_bytes(ticket, &ticket_hmac, hlen))
-                goto derr;
-        if (CBS_len(ticket) != 0) {
-                alert_desc = SSL_AD_DECODE_ERROR;
-                goto err;
-        }
-
-        /* Check HMAC of encrypted ticket. */
-        if (HMAC_Update(hctx, CBS_data(&ticket_name),
-            CBS_len(&ticket_name)) <= 0)
-                goto err;
-        if (HMAC_Update(hctx, CBS_data(&ticket_iv),
-            CBS_len(&ticket_iv)) <= 0)
-                goto err;
-        if (HMAC_Update(hctx, CBS_data(&ticket_encdata),
-            CBS_len(&ticket_encdata)) <= 0)
-                goto err;
-        if (HMAC_Final(hctx, hmac, &hlen) <= 0)
-                goto err;
-
-        if (!CBS_mem_equal(&ticket_hmac, hmac, hlen))
-                goto derr;
-
-        /* Attempt to decrypt session data. */
-        sdec_len = CBS_len(&ticket_encdata);
-        if ((sdec = calloc(1, sdec_len)) == NULL)
-                goto err;
-        if (EVP_DecryptUpdate(cctx, sdec, &slen, CBS_data(&ticket_encdata),
-            CBS_len(&ticket_encdata)) <= 0)
-                goto derr;
-        if (EVP_DecryptFinal_ex(cctx, sdec + slen, &hlen) <= 0)
-                goto derr;
-
-        slen += hlen;
-
-        /*
-         * For session parse failures, indicate that we need to send a new
-         * ticket.
-         */
-        p = sdec;
-        if ((sess = d2i_SSL_SESSION(NULL, &p, slen)) == NULL)
-                goto derr;
-        *psess = sess;
-        sess = NULL;
-
-        ret = TLS1_TICKET_DECRYPTED;
-        goto done;
-
- derr:
-        ERR_clear_error();
-        s->tlsext_ticket_expected = 1;
-        ret = TLS1_TICKET_NOT_DECRYPTED;
-        goto done;
-
- err:
-        *alert = alert_desc;
-        ret = TLS1_TICKET_FATAL_ERROR;
-        goto done;
-
- done:
-        freezero(sdec, sdec_len);
-        EVP_CIPHER_CTX_free(cctx);
-        HMAC_CTX_free(hctx);
-        SSL_SESSION_free(sess);
-
-        return ret;
-}
diff --git a/src/lib/libssl/test/CAss.cnf b/src/lib/libssl/test/CAss.cnf
deleted file mode 100644
index 336e82fd52..0000000000
--- a/src/lib/libssl/test/CAss.cnf
+++ /dev/null
@@ -1,76 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 2048
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = sha1
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-commonName                      = Common Name (eg, YOUR name)
-commonName_value                = Dodgy CA
-
-####################################################################
-[ ca ]
-default_ca      = CA_default            # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir             = ./demoCA              # Where everything is kept
-certs           = $dir/certs            # Where the issued certs are kept
-crl_dir         = $dir/crl              # Where the issued crl are kept
-database        = $dir/index.txt        # database index file.
-#unique_subject = no                    # Set to 'no' to allow creation of
-                                        # several certificates with same subject.
-new_certs_dir   = $dir/newcerts         # default place for new certs.
-
-certificate     = $dir/cacert.pem       # The CA certificate
-serial          = $dir/serial           # The current serial number
-crl             = $dir/crl.pem          # The current CRL
-private_key     = $dir/private/cakey.pem# The private key
-RANDFILE        = $dir/private/.rand    # private random number file
-
-x509_extensions = v3_ca                 # The extensions to add to the cert
-
-name_opt        = ca_default            # Subject Name options
-cert_opt        = ca_default            # Certificate field options
-
-default_days    = 365                   # how long to certify for
-default_crl_days= 30                    # how long before next CRL
-default_md      = md5                   # which md to use.
-preserve        = no                    # keep passed DN ordering
-
-policy          = policy_anything
-
-[ policy_anything ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-
-
-[ v3_ca ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = CA:true,pathlen:1
-keyUsage = cRLSign, keyCertSign
-issuerAltName=issuer:copy
diff --git a/src/lib/libssl/test/CAssdh.cnf b/src/lib/libssl/test/CAssdh.cnf
deleted file mode 100644
index 4e0a908679..0000000000
--- a/src/lib/libssl/test/CAssdh.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DH certs - CA
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_rsa_key               = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = CU
-countryName_value             = CU
-
-organizationName              = Organization Name (eg, company)
-organizationName_value                = La Junta de la Revolucion
-
-commonName                    = Common Name (eg, YOUR name)
-commonName_value              = Junta
-
diff --git a/src/lib/libssl/test/CAssdsa.cnf b/src/lib/libssl/test/CAssdsa.cnf
deleted file mode 100644
index a6b4d1810c..0000000000
--- a/src/lib/libssl/test/CAssdsa.cnf
+++ /dev/null
@@ -1,23 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DSA certs - CA
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_rsa_key               = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName              = Organization Name (eg, company)
-organizationName_value                = Hermanos Locos
-
-commonName                    = Common Name (eg, YOUR name)
-commonName_value              = Hermanos Locos CA
diff --git a/src/lib/libssl/test/CAssrsa.cnf b/src/lib/libssl/test/CAssrsa.cnf
deleted file mode 100644
index eb24a6dfc0..0000000000
--- a/src/lib/libssl/test/CAssrsa.cnf
+++ /dev/null
@@ -1,24 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# create RSA certs - CA
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_key           = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName              = Organization Name (eg, company)
-organizationName_value                = Hermanos Locos
-
-commonName                    = Common Name (eg, YOUR name)
-commonName_value              = Hermanos Locos CA
-
diff --git a/src/lib/libssl/test/CAtsa.cnf b/src/lib/libssl/test/CAtsa.cnf
deleted file mode 100644
index b497b50452..0000000000
--- a/src/lib/libssl/test/CAtsa.cnf
+++ /dev/null
@@ -1,163 +0,0 @@
-
-#
-# This config is used by the Time Stamp Authority tests.
-#
-
-RANDFILE                = ./.rnd
-
-# Extra OBJECT IDENTIFIER info:
-oid_section             = new_oids
-
-TSDNSECT                = ts_cert_dn
-INDEX                   = 1
-
-[ new_oids ]
-
-# Policies used by the TSA tests.
-tsa_policy1 = 1.2.3.4.1
-tsa_policy2 = 1.2.3.4.5.6
-tsa_policy3 = 1.2.3.4.5.7
-
-#----------------------------------------------------------------------
-[ ca ]
-default_ca      = CA_default            # The default ca section
-
-[ CA_default ]
-
-dir             = ./demoCA
-certs           = $dir/certs            # Where the issued certs are kept
-database        = $dir/index.txt        # database index file.
-new_certs_dir   = $dir/newcerts         # default place for new certs.
-
-certificate     = $dir/cacert.pem       # The CA certificate
-serial          = $dir/serial           # The current serial number
-private_key     = $dir/private/cakey.pem# The private key
-RANDFILE        = $dir/private/.rand    # private random number file
-
-default_days    = 365                   # how long to certify for
-default_md      = sha1                  # which md to use.
-preserve        = no                    # keep passed DN ordering
-
-policy          = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName             = supplied
-stateOrProvinceName     = supplied
-organizationName        = supplied
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-#----------------------------------------------------------------------
-[ req ]
-default_bits            = 1024
-default_md              = sha1
-distinguished_name      = $ENV::TSDNSECT
-encrypt_rsa_key         = no
-prompt                  = no
-# attributes            = req_attributes
-x509_extensions = v3_ca # The extensions to add to the self signed cert
-
-string_mask = nombstr
-
-[ ts_ca_dn ]
-countryName                     = HU
-stateOrProvinceName             = Budapest
-localityName                    = Budapest
-organizationName                = Gov-CA Ltd.
-commonName                      = ca1
-
-[ ts_cert_dn ]
-countryName                     = HU
-stateOrProvinceName             = Budapest
-localityName                    = Buda
-organizationName                = Hun-TSA Ltd.
-commonName                      = tsa$ENV::INDEX
-
-[ tsa_cert ]
-
-# TSA server cert is not a CA cert.
-basicConstraints=CA:FALSE
-
-# The following key usage flags are needed for TSA server certificates.
-keyUsage = nonRepudiation, digitalSignature
-extendedKeyUsage = critical,timeStamping
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-[ non_tsa_cert ]
-
-# This is not a CA cert and not a TSA cert, either (timeStamping usage missing)
-basicConstraints=CA:FALSE
-
-# The following key usage flags are needed for TSA server certificates.
-keyUsage = nonRepudiation, digitalSignature
-# timeStamping is not supported by this certificate
-# extendedKeyUsage = critical,timeStamping
-
-# PKIX recommendations harmless if included in all certificates.
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-
-[ v3_req ]
-
-# Extensions to add to a certificate request
-basicConstraints = CA:FALSE
-keyUsage = nonRepudiation, digitalSignature
-
-[ v3_ca ]
-
-# Extensions for a typical CA
-
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid:always,issuer:always
-basicConstraints = critical,CA:true
-keyUsage = cRLSign, keyCertSign
-
-#----------------------------------------------------------------------
-[ tsa ]
-
-default_tsa = tsa_config1       # the default TSA section
-
-[ tsa_config1 ]
-
-# These are used by the TSA reply generation only.
-dir             = .                     # TSA root directory
-serial          = $dir/tsa_serial       # The current serial number (mandatory)
-signer_cert     = $dir/tsa_cert1.pem    # The TSA signing certificate
-                                        # (optional)
-certs           = $dir/tsaca.pem        # Certificate chain to include in reply
-                                        # (optional)
-signer_key      = $dir/tsa_key1.pem     # The TSA private key (optional)
-
-default_policy  = tsa_policy1           # Policy if request did not specify it
-                                        # (optional)
-other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
-digests         = md5, sha1             # Acceptable message digests (mandatory)
-accuracy        = secs:1, millisecs:500, microsecs:100  # (optional)
-ordering                = yes   # Is ordering defined for timestamps?
-                                # (optional, default: no)
-tsa_name                = yes   # Must the TSA name be included in the reply?
-                                # (optional, default: no)
-ess_cert_id_chain       = yes   # Must the ESS cert id chain be included?
-                                # (optional, default: no)
-
-[ tsa_config2 ]
-
-# This configuration uses a certificate which doesn't have timeStamping usage.
-# These are used by the TSA reply generation only.
-dir             = .                     # TSA root directory
-serial          = $dir/tsa_serial       # The current serial number (mandatory)
-signer_cert     = $dir/tsa_cert2.pem    # The TSA signing certificate
-                                        # (optional)
-certs           = $dir/demoCA/cacert.pem# Certificate chain to include in reply
-                                        # (optional)
-signer_key      = $dir/tsa_key2.pem     # The TSA private key (optional)
-
-default_policy  = tsa_policy1           # Policy if request did not specify it
-                                        # (optional)
-other_policies  = tsa_policy2, tsa_policy3      # acceptable policies (optional)
-digests         = md5, sha1             # Acceptable message digests (mandatory)
diff --git a/src/lib/libssl/test/P1ss.cnf b/src/lib/libssl/test/P1ss.cnf
deleted file mode 100644
index 326cce2ba8..0000000000
--- a/src/lib/libssl/test/P1ss.cnf
+++ /dev/null
@@ -1,37 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 1024
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = md2
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName                    = Common Name (eg, YOUR name)
-0.commonName_value              = Brother 1
-
-1.commonName                    = Common Name (eg, YOUR name)
-1.commonName_value              = Brother 2
-
-2.commonName                    = Common Name (eg, YOUR name)
-2.commonName_value              = Proxy 1
-
-[ v3_proxy ]
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-proxyCertInfo=critical,language:id-ppl-anyLanguage,pathlen:1,policy:text:AB
diff --git a/src/lib/libssl/test/P2ss.cnf b/src/lib/libssl/test/P2ss.cnf
deleted file mode 100644
index 8b502321b8..0000000000
--- a/src/lib/libssl/test/P2ss.cnf
+++ /dev/null
@@ -1,45 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 1024
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = md2
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName                    = Common Name (eg, YOUR name)
-0.commonName_value              = Brother 1
-
-1.commonName                    = Common Name (eg, YOUR name)
-1.commonName_value              = Brother 2
-
-2.commonName                    = Common Name (eg, YOUR name)
-2.commonName_value              = Proxy 1
-
-3.commonName                    = Common Name (eg, YOUR name)
-3.commonName_value              = Proxy 2
-
-[ v3_proxy ]
-basicConstraints=CA:FALSE
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-proxyCertInfo=critical,@proxy_ext
-
-[ proxy_ext ]
-language=id-ppl-anyLanguage
-pathlen=0
-policy=text:BC
diff --git a/src/lib/libssl/test/Sssdsa.cnf b/src/lib/libssl/test/Sssdsa.cnf
deleted file mode 100644
index 8e170a28ef..0000000000
--- a/src/lib/libssl/test/Sssdsa.cnf
+++ /dev/null
@@ -1,27 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# hacked by iang to do DSA certs - Server
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_rsa_key               = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Tortilleras S.A.
-
-0.commonName                  = Common Name (eg, YOUR name)
-0.commonName_value            = Torti
-
-1.commonName                  = Common Name (eg, YOUR name)
-1.commonName_value            = Gordita
-
diff --git a/src/lib/libssl/test/Sssrsa.cnf b/src/lib/libssl/test/Sssrsa.cnf
deleted file mode 100644
index 8c79a03fca..0000000000
--- a/src/lib/libssl/test/Sssrsa.cnf
+++ /dev/null
@@ -1,26 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-# create RSA certs - Server
-
-RANDFILE              = ./.rnd
-
-####################################################################
-[ req ]
-distinguished_name    = req_distinguished_name
-encrypt_key           = no
-
-[ req_distinguished_name ]
-countryName                   = Country Name (2 letter code)
-countryName_default           = ES
-countryName_value             = ES
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Tortilleras S.A.
-
-0.commonName                  = Common Name (eg, YOUR name)
-0.commonName_value            = Torti
-
-1.commonName                  = Common Name (eg, YOUR name)
-1.commonName_value            = Gordita
diff --git a/src/lib/libssl/test/Uss.cnf b/src/lib/libssl/test/Uss.cnf
deleted file mode 100644
index 58ac0ca54d..0000000000
--- a/src/lib/libssl/test/Uss.cnf
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ req ]
-default_bits            = 2048
-default_keyfile         = keySS.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-default_md              = sha256
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-organizationName                = Organization Name (eg, company)
-organizationName_value          = Dodgy Brothers
-
-0.commonName                    = Common Name (eg, YOUR name)
-0.commonName_value              = Brother 1
-
-1.commonName                    = Common Name (eg, YOUR name)
-1.commonName_value              = Brother 2
-
-[ v3_ee ]
-subjectKeyIdentifier=hash
-authorityKeyIdentifier=keyid,issuer:always
-basicConstraints = CA:false
-keyUsage = nonRepudiation, digitalSignature, keyEncipherment
-issuerAltName=issuer:copy
-
diff --git a/src/lib/libssl/test/VMSca-response.1 b/src/lib/libssl/test/VMSca-response.1
deleted file mode 100644
index 8b13789179..0000000000
--- a/src/lib/libssl/test/VMSca-response.1
+++ /dev/null
@@ -1 +0,0 @@
-
diff --git a/src/lib/libssl/test/VMSca-response.2 b/src/lib/libssl/test/VMSca-response.2
deleted file mode 100644
index 9b48ee4cf9..0000000000
--- a/src/lib/libssl/test/VMSca-response.2
+++ /dev/null
@@ -1,2 +0,0 @@
-y
-y
diff --git a/src/lib/libssl/test/bctest b/src/lib/libssl/test/bctest
deleted file mode 100644
index bdb3218f7a..0000000000
--- a/src/lib/libssl/test/bctest
+++ /dev/null
@@ -1,111 +0,0 @@
-#!/bin/sh
-
-# This script is used by test/Makefile.ssl to check whether a sane 'bc'
-# is installed.
-# ('make test_bn' should not try to run 'bc' if it does not exist or if
-# it is a broken 'bc' version that is known to cause trouble.)
-#
-# If 'bc' works, we also test if it knows the 'print' command.
-#
-# In any case, output an appropriate command line for running (or not
-# running) bc.
-
-
-IFS=:
-try_without_dir=true
-# First we try "bc", then "$dir/bc" for each item in $PATH.
-for dir in dummy:$PATH; do
-    if [ "$try_without_dir" = true ]; then
-      # first iteration
-      bc=bc
-      try_without_dir=false
-    else
-      # second and later iterations
-      bc="$dir/bc"
-      if [ ! -f "$bc" ]; then  # '-x' is not available on Ultrix
-        bc=''
-      fi
-    fi
-
-    if [ ! "$bc" = '' ]; then
-        failure=none
-
-
-        # Test for SunOS 5.[78] bc bug
-        "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
-a=AD88C418F31B3FC712D0425001D522B3AE9134FF3A98C13C1FCC1682211195406C1A6C66C6A\
-CEEC1A0EC16950233F77F1C2F2363D56DD71A36C57E0B2511FC4BA8F22D261FE2E9356D99AF57\
-10F3817C0E05BF79C423C3F66FDF321BE8D3F18F625D91B670931C1EF25F28E489BDA1C5422D1\
-C3F6F7A1AD21585746ECC4F10A14A778AF56F08898E965E9909E965E0CB6F85B514150C644759\
-3BE731877B16EA07B552088FF2EA728AC5E0FF3A23EB939304519AB8B60F2C33D6BA0945B66F0\
-4FC3CADF855448B24A9D7640BCF473E
-b=DCE91E7D120B983EA9A104B5A96D634DD644C37657B1C7860B45E6838999B3DCE5A555583C6\
-9209E41F413422954175A06E67FFEF6746DD652F0F48AEFECC3D8CAC13523BDAAD3F5AF4212BD\
-8B3CD64126E1A82E190228020C05B91C8B141F1110086FC2A4C6ED631EBA129D04BB9A19FC53D\
-3ED0E2017D60A68775B75481449
-(a/b)*b + (a%b) - a
-EOF
-        if [ 0 != "`cat tmp.bctest`" ]; then
-            failure=SunOStest
-        fi
-
-
-        if [ "$failure" = none ]; then
-            # Test for SCO bc bug.
-            "$bc" >tmp.bctest <<\EOF
-obase=16
-ibase=16
--FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4AEC6F15AC177F176F2274D2\
-9DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7F5ADFACEE54573F5D256A06\
-11B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99FB9812A0E4A5773D8B254117\
-1239157EC6E3D8D50199 * -FFDD63BA1A4648F0D804F8A1C66C53F0D2110590E8A3907EC73B4\
-AEC6F15AC177F176F2274D29DC8022EA0D7DD3ABE9746D2D46DD3EA5B5F6F69DF12877E0AC5E7\
-F5ADFACEE54573F5D256A0611B5D2BC24947724E22AE4EC3FB0C39D9B4694A01AFE5E43B4D99F\
-B9812A0E4A5773D8B2541171239157EC6E3D8D50199 - FFBACC221682DA464B6D7F123482522\
-02EDAEDCA38C3B69E9B7BBCD6165A9CD8716C4903417F23C09A85B851961F92C217258CEEB866\
-85EFCC5DD131853A02C07A873B8E2AF2E40C6D5ED598CD0E8F35AD49F3C3A17FDB7653E4E2DC4\
-A8D23CC34686EE4AD01F7407A7CD74429AC6D36DBF0CB6A3E302D0E5BDFCD048A3B90C1BE5AA8\
-E16C3D5884F9136B43FF7BB443764153D4AEC176C681B078F4CC53D6EB6AB76285537DDEE7C18\
-8C72441B52EDBDDBC77E02D34E513F2AABF92F44109CAFE8242BD0ECBAC5604A94B02EA44D43C\
-04E9476E6FBC48043916BFA1485C6093603600273C9C33F13114D78064AE42F3DC466C7DA543D\
-89C8D71
-AD534AFBED2FA39EE9F40E20FCF9E2C861024DB98DDCBA1CD118C49CA55EEBC20D6BA51B2271C\
-928B693D6A73F67FEB1B4571448588B46194617D25D910C6A9A130CC963155CF34079CB218A44\
-8A1F57E276D92A33386DDCA3D241DB78C8974ABD71DD05B0FA555709C9910D745185E6FE108E3\
-37F1907D0C56F8BFBF52B9704 % -E557905B56B13441574CAFCE2BD257A750B1A8B2C88D0E36\
-E18EF7C38DAC80D3948E17ED63AFF3B3467866E3B89D09A81B3D16B52F6A3C7134D3C6F5123E9\
-F617E3145BBFBE9AFD0D6E437EA4FF6F04BC67C4F1458B4F0F47B64 - 1C2BBBB19B74E86FD32\
-9E8DB6A8C3B1B9986D57ED5419C2E855F7D5469E35E76334BB42F4C43E3F3A31B9697C171DAC4\
-D97935A7E1A14AD209D6CF811F55C6DB83AA9E6DFECFCD6669DED7171EE22A40C6181615CAF3F\
-5296964
-EOF
-            if [ "0
-0" != "`cat tmp.bctest`" ]; then
-                failure=SCOtest
-            fi
-        fi
-
-
-        if [ "$failure" = none ]; then
-            # bc works; now check if it knows the 'print' command.
-            if [ "OK" = "`echo 'print \"OK\"' | $bc 2>/dev/null`" ]
-            then
-                echo "$bc"
-            else
-                echo "sed 's/print.*//' | $bc"
-            fi
-            exit 0
-        fi
-
-        echo "$bc does not work properly ('$failure' failed).  Looking for another bc ..." >&2
-    fi
-done
-
-echo "No working bc found.  Consider installing GNU bc." >&2
-if [ "$1" = ignore ]; then
-  echo "cat >/dev/null"
-  exit 0
-fi
-exit 1
diff --git a/src/lib/libssl/test/cms-examples.pl b/src/lib/libssl/test/cms-examples.pl
deleted file mode 100644
index 2e95b48ba4..0000000000
--- a/src/lib/libssl/test/cms-examples.pl
+++ /dev/null
@@ -1,409 +0,0 @@
-# test/cms-examples.pl
-# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-# project.
-#
-# ====================================================================
-# Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-#    software must display the following acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-#
-# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission. For written permission, please contact
-#    licensing@OpenSSL.org.
-#
-# 5. Products derived from this software may not be called "OpenSSL"
-#    nor may "OpenSSL" appear in their names without prior written
-#    permission of the OpenSSL Project.
-#
-# 6. Redistributions of any form whatsoever must retain the following
-#    acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-#
-# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-
-# Perl script to run tests against S/MIME examples in RFC4134
-# Assumes RFC is in current directory and called "rfc4134.txt"
-
-use MIME::Base64;
-
-my $badttest = 0;
-my $verbose  = 1;
-
-my $cmscmd;
-my $exdir  = "./";
-my $exfile = "./rfc4134.txt";
-
-if (-f "../apps/openssl")
-        {
-        $cmscmd = "../util/shlib_wrap.sh ../apps/openssl cms";
-        }
-elsif (-f "..\\out32dll\\openssl.exe")
-        {
-        $cmscmd = "..\\out32dll\\openssl.exe cms";
-        }
-elsif (-f "..\\out32\\openssl.exe")
-        {
-        $cmscmd = "..\\out32\\openssl.exe cms";
-        }
-
-my @test_list = (
-    [ "3.1.bin"  => "dataout" ],
-    [ "3.2.bin"  => "encode, dataout" ],
-    [ "4.1.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.2.bin"  => "encode, verifyder, cont, rsa" ],
-    [ "4.3.bin"  => "encode, verifyder, cont_extern, dss" ],
-    [ "4.4.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.5.bin"  => "verifyder, cont, rsa" ],
-    [ "4.6.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.7.bin"  => "encode, verifyder, cont, dss" ],
-    [ "4.8.eml"  => "verifymime, dss" ],
-    [ "4.9.eml"  => "verifymime, dss" ],
-    [ "4.10.bin" => "encode, verifyder, cont, dss" ],
-    [ "4.11.bin" => "encode, certsout" ],
-    [ "5.1.bin"  => "encode, envelopeder, cont" ],
-    [ "5.2.bin"  => "encode, envelopeder, cont" ],
-    [ "5.3.eml"  => "envelopemime, cont" ],
-    [ "6.0.bin"  => "encode, digest, cont" ],
-    [ "7.1.bin"  => "encode, encrypted, cont" ],
-    [ "7.2.bin"  => "encode, encrypted, cont" ]
-);
-
-# Extract examples from RFC4134 text.
-# Base64 decode all examples, certificates and
-# private keys are converted to PEM format.
-
-my ( $filename, $data );
-
-my @cleanup = ( "cms.out", "cms.err", "tmp.der", "tmp.txt" );
-
-$data = "";
-
-open( IN, $exfile ) || die "Can't Open RFC examples file $exfile";
-
-while (<IN>) {
-    next unless (/^\|/);
-    s/^\|//;
-    next if (/^\*/);
-    if (/^>(.*)$/) {
-        $filename = $1;
-        next;
-    }
-    if (/^</) {
-        $filename = "$exdir/$filename";
-        if ( $filename =~ /\.bin$/ || $filename =~ /\.eml$/ ) {
-            $data = decode_base64($data);
-            open OUT, ">$filename";
-            binmode OUT;
-            print OUT $data;
-            close OUT;
-            push @cleanup, $filename;
-        }
-        elsif ( $filename =~ /\.cer$/ ) {
-            write_pem( $filename, "CERTIFICATE", $data );
-        }
-        elsif ( $filename =~ /\.pri$/ ) {
-            write_pem( $filename, "PRIVATE KEY", $data );
-        }
-        $data     = "";
-        $filename = "";
-    }
-    else {
-        $data .= $_;
-    }
-
-}
-
-my $secretkey =
-  "73:7c:79:1f:25:ea:d0:e0:46:29:25:43:52:f7:dc:62:91:e5:cb:26:91:7a:da:32";
-
-foreach (@test_list) {
-    my ( $file, $tlist ) = @$_;
-    print "Example file $file:\n";
-    if ( $tlist =~ /encode/ ) {
-        run_reencode_test( $exdir, $file );
-    }
-    if ( $tlist =~ /certsout/ ) {
-        run_certsout_test( $exdir, $file );
-    }
-    if ( $tlist =~ /dataout/ ) {
-        run_dataout_test( $exdir, $file );
-    }
-    if ( $tlist =~ /verify/ ) {
-        run_verify_test( $exdir, $tlist, $file );
-    }
-    if ( $tlist =~ /digest/ ) {
-        run_digest_test( $exdir, $tlist, $file );
-    }
-    if ( $tlist =~ /encrypted/ ) {
-        run_encrypted_test( $exdir, $tlist, $file, $secretkey );
-    }
-    if ( $tlist =~ /envelope/ ) {
-        run_envelope_test( $exdir, $tlist, $file );
-    }
-
-}
-
-foreach (@cleanup) {
-    unlink $_;
-}
-
-if ($badtest) {
-    print "\n$badtest TESTS FAILED!!\n";
-}
-else {
-    print "\n***All tests successful***\n";
-}
-
-sub write_pem {
-    my ( $filename, $str, $data ) = @_;
-
-    $filename =~ s/\.[^.]*$/.pem/;
-
-    push @cleanup, $filename;
-
-    open OUT, ">$filename";
-
-    print OUT "-----BEGIN $str-----\n";
-    print OUT $data;
-    print OUT "-----END $str-----\n";
-
-    close OUT;
-}
-
-sub run_reencode_test {
-    my ( $cmsdir, $tfile ) = @_;
-    unlink "tmp.der";
-
-    system( "$cmscmd -cmsout -inform DER -outform DER"
-          . " -in $cmsdir/$tfile -out tmp.der" );
-
-    if ($?) {
-        print "\tReencode command FAILED!!\n";
-        $badtest++;
-    }
-    elsif ( !cmp_files( "$cmsdir/$tfile", "tmp.der" ) ) {
-        print "\tReencode FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tReencode passed\n" if $verbose;
-    }
-}
-
-sub run_certsout_test {
-    my ( $cmsdir, $tfile ) = @_;
-    unlink "tmp.der";
-    unlink "tmp.pem";
-
-    system( "$cmscmd -cmsout -inform DER -certsout tmp.pem"
-          . " -in $cmsdir/$tfile -out tmp.der" );
-
-    if ($?) {
-        print "\tCertificate output command FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tCertificate output passed\n" if $verbose;
-    }
-}
-
-sub run_dataout_test {
-    my ( $cmsdir, $tfile ) = @_;
-    unlink "tmp.txt";
-
-    system(
-        "$cmscmd -data_out -inform DER" . " -in $cmsdir/$tfile -out tmp.txt" );
-
-    if ($?) {
-        print "\tDataout command FAILED!!\n";
-        $badtest++;
-    }
-    elsif ( !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) ) {
-        print "\tDataout compare FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tDataout passed\n" if $verbose;
-    }
-}
-
-sub run_verify_test {
-    my ( $cmsdir, $tlist, $tfile ) = @_;
-    unlink "tmp.txt";
-
-    $form   = "DER"                     if $tlist =~ /verifyder/;
-    $form   = "SMIME"                   if $tlist =~ /verifymime/;
-    $cafile = "$cmsdir/CarlDSSSelf.pem" if $tlist =~ /dss/;
-    $cafile = "$cmsdir/CarlRSASelf.pem" if $tlist =~ /rsa/;
-
-    $cmd =
-        "$cmscmd -verify -inform $form"
-      . " -CAfile $cafile"
-      . " -in $cmsdir/$tfile -out tmp.txt";
-
-    $cmd .= " -content $cmsdir/ExContent.bin" if $tlist =~ /cont_extern/;
-
-    system("$cmd 2>cms.err 1>cms.out");
-
-    if ($?) {
-        print "\tVerify command FAILED!!\n";
-        $badtest++;
-    }
-    elsif ( $tlist =~ /cont/
-        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
-    {
-        print "\tVerify content compare FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tVerify passed\n" if $verbose;
-    }
-}
-
-sub run_envelope_test {
-    my ( $cmsdir, $tlist, $tfile ) = @_;
-    unlink "tmp.txt";
-
-    $form = "DER"   if $tlist =~ /envelopeder/;
-    $form = "SMIME" if $tlist =~ /envelopemime/;
-
-    $cmd =
-        "$cmscmd -decrypt -inform $form"
-      . " -recip $cmsdir/BobRSASignByCarl.pem"
-      . " -inkey $cmsdir/BobPrivRSAEncrypt.pem"
-      . " -in $cmsdir/$tfile -out tmp.txt";
-
-    system("$cmd 2>cms.err 1>cms.out");
-
-    if ($?) {
-        print "\tDecrypt command FAILED!!\n";
-        $badtest++;
-    }
-    elsif ( $tlist =~ /cont/
-        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
-    {
-        print "\tDecrypt content compare FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tDecrypt passed\n" if $verbose;
-    }
-}
-
-sub run_digest_test {
-    my ( $cmsdir, $tlist, $tfile ) = @_;
-    unlink "tmp.txt";
-
-    my $cmd =
-      "$cmscmd -digest_verify -inform DER" . " -in $cmsdir/$tfile -out tmp.txt";
-
-    system("$cmd 2>cms.err 1>cms.out");
-
-    if ($?) {
-        print "\tDigest verify command FAILED!!\n";
-        $badtest++;
-    }
-    elsif ( $tlist =~ /cont/
-        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
-    {
-        print "\tDigest verify content compare FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tDigest verify passed\n" if $verbose;
-    }
-}
-
-sub run_encrypted_test {
-    my ( $cmsdir, $tlist, $tfile, $key ) = @_;
-    unlink "tmp.txt";
-
-    system( "$cmscmd -EncryptedData_decrypt -inform DER"
-          . " -secretkey $key"
-          . " -in $cmsdir/$tfile -out tmp.txt" );
-
-    if ($?) {
-        print "\tEncrypted Data command FAILED!!\n";
-        $badtest++;
-    }
-    elsif ( $tlist =~ /cont/
-        && !cmp_files( "$cmsdir/ExContent.bin", "tmp.txt" ) )
-    {
-        print "\tEncrypted Data content compare FAILED!!\n";
-        $badtest++;
-    }
-    else {
-        print "\tEncryptedData verify passed\n" if $verbose;
-    }
-}
-
-sub cmp_files {
-    my ( $f1, $f2 ) = @_;
-    my ( $fp1, $fp2 );
-
-    my ( $rd1, $rd2 );
-
-    if ( !open( $fp1, "<$f1" ) ) {
-        print STDERR "Can't Open file $f1\n";
-        return 0;
-    }
-
-    if ( !open( $fp2, "<$f2" ) ) {
-        print STDERR "Can't Open file $f2\n";
-        return 0;
-    }
-
-    binmode $fp1;
-    binmode $fp2;
-
-    my $ret = 0;
-
-    for ( ; ; ) {
-        $n1 = sysread $fp1, $rd1, 4096;
-        $n2 = sysread $fp2, $rd2, 4096;
-        last if ( $n1 != $n2 );
-        last if ( $rd1 ne $rd2 );
-
-        if ( $n1 == 0 ) {
-            $ret = 1;
-            last;
-        }
-
-    }
-
-    close $fp1;
-    close $fp2;
-
-    return $ret;
-
-}
-
diff --git a/src/lib/libssl/test/cms-test.pl b/src/lib/libssl/test/cms-test.pl
deleted file mode 100644
index dfef799be2..0000000000
--- a/src/lib/libssl/test/cms-test.pl
+++ /dev/null
@@ -1,459 +0,0 @@
-# test/cms-test.pl
-# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-# project.
-#
-# ====================================================================
-# Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-#    software must display the following acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-#
-# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission. For written permission, please contact
-#    licensing@OpenSSL.org.
-#
-# 5. Products derived from this software may not be called "OpenSSL"
-#    nor may "OpenSSL" appear in their names without prior written
-#    permission of the OpenSSL Project.
-#
-# 6. Redistributions of any form whatsoever must retain the following
-#    acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-#
-# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-
-# CMS, PKCS7 consistency test script. Run extensive tests on
-# OpenSSL PKCS#7 and CMS implementations.
-
-my $ossl_path;
-my $redir = " 2> cms.err > cms.out";
-# Make VMS work
-if ( $^O eq "VMS" && -f "OSSLX:openssl.exe" ) {
-    $ossl_path = "pipe mcr OSSLX:openssl";
-}
-# Make MSYS work
-elsif ( $^O eq "MSWin32" && -f "../apps/openssl.exe" ) {
-    $ossl_path = "cmd /c ..\\apps\\openssl";
-}
-elsif ( -f "../apps/openssl$ENV{EXE_EXT}" ) {
-    $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
-}
-elsif ( -f "..\\out32dll\\openssl.exe" ) {
-    $ossl_path = "..\\out32dll\\openssl.exe";
-}
-elsif ( -f "..\\out32\\openssl.exe" ) {
-    $ossl_path = "..\\out32\\openssl.exe";
-}
-else {
-    die "Can't find OpenSSL executable";
-}
-
-my $pk7cmd   = "$ossl_path smime ";
-my $cmscmd   = "$ossl_path cms ";
-my $smdir    = "smime-certs";
-my $halt_err = 1;
-
-my $badcmd = 0;
-my $ossl8 = `$ossl_path version -v` =~ /0\.9\.8/;
-
-my @smime_pkcs7_tests = (
-
-    [
-        "signed content DER format, RSA key",
-        "-sign -in smcont.txt -outform \"DER\" -nodetach"
-          . " -certfile $smdir/smroot.pem"
-          . " -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed detached content DER format, RSA key",
-        "-sign -in smcont.txt -outform \"DER\""
-          . " -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
-    ],
-
-    [
-        "signed content test streaming BER format, RSA",
-        "-sign -in smcont.txt -outform \"DER\" -nodetach"
-          . " -stream -signer $smdir/smrsa1.pem -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed content DER format, DSA key",
-        "-sign -in smcont.txt -outform \"DER\" -nodetach"
-          . " -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed detached content DER format, DSA key",
-        "-sign -in smcont.txt -outform \"DER\""
-          . " -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
-    ],
-
-    [
-        "signed detached content DER format, add RSA signer",
-        "-resign -inform \"DER\" -in test.cms -outform \"DER\""
-          . " -signer $smdir/smrsa1.pem -out test2.cms",
-        "-verify -in test2.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt -content smcont.txt"
-    ],
-
-    [
-        "signed content test streaming BER format, DSA key",
-        "-sign -in smcont.txt -outform \"DER\" -nodetach"
-          . " -stream -signer $smdir/smdsa1.pem -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed content test streaming BER format, 2 DSA and 2 RSA keys",
-        "-sign -in smcont.txt -outform \"DER\" -nodetach"
-          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
-          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
-          . " -stream -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-"signed content test streaming BER format, 2 DSA and 2 RSA keys, no attributes",
-        "-sign -in smcont.txt -outform \"DER\" -noattr -nodetach"
-          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
-          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
-          . " -stream -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed content test streaming S/MIME format, 2 DSA and 2 RSA keys",
-        "-sign -in smcont.txt -nodetach"
-          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
-          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
-          . " -stream -out test.cms",
-        "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-"signed content test streaming multipart S/MIME format, 2 DSA and 2 RSA keys",
-        "-sign -in smcont.txt"
-          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
-          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
-          . " -stream -out test.cms",
-        "-verify -in test.cms " . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "enveloped content test streaming S/MIME format, 3 recipients",
-        "-encrypt -in smcont.txt"
-          . " -stream -out test.cms"
-          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
-        "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
-    ],
-
-    [
-"enveloped content test streaming S/MIME format, 3 recipients, 3rd used",
-        "-encrypt -in smcont.txt"
-          . " -stream -out test.cms"
-          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
-        "-decrypt -recip $smdir/smrsa3.pem -in test.cms -out smtst.txt"
-    ],
-
-    [
-"enveloped content test streaming S/MIME format, 3 recipients, key only used",
-        "-encrypt -in smcont.txt"
-          . " -stream -out test.cms"
-          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
-        "-decrypt -inkey $smdir/smrsa3.pem -in test.cms -out smtst.txt"
-    ],
-
-    [
-"enveloped content test streaming S/MIME format, AES-256 cipher, 3 recipients",
-        "-encrypt -in smcont.txt"
-          . " -aes256 -stream -out test.cms"
-          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
-        "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
-    ],
-
-);
-
-my @smime_cms_tests = (
-
-    [
-        "signed content test streaming BER format, 2 DSA and 2 RSA keys, keyid",
-        "-sign -in smcont.txt -outform \"DER\" -nodetach -keyid"
-          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
-          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
-          . " -stream -out test.cms",
-        "-verify -in test.cms -inform \"DER\" "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed content test streaming PEM format, 2 DSA and 2 RSA keys",
-        "-sign -in smcont.txt -outform PEM -nodetach"
-          . " -signer $smdir/smrsa1.pem -signer $smdir/smrsa2.pem"
-          . " -signer $smdir/smdsa1.pem -signer $smdir/smdsa2.pem"
-          . " -stream -out test.cms",
-        "-verify -in test.cms -inform PEM "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed content MIME format, RSA key, signed receipt request",
-        "-sign -in smcont.txt -signer $smdir/smrsa1.pem -nodetach"
-          . " -receipt_request_to test\@openssl.org -receipt_request_all"
-          . " -out test.cms",
-        "-verify -in test.cms "
-          . " \"-CAfile\" $smdir/smroot.pem -out smtst.txt"
-    ],
-
-    [
-        "signed receipt MIME format, RSA key",
-        "-sign_receipt -in test.cms"
-          . " -signer $smdir/smrsa2.pem"
-          . " -out test2.cms",
-        "-verify_receipt test2.cms -in test.cms"
-          . " \"-CAfile\" $smdir/smroot.pem"
-    ],
-
-    [
-        "enveloped content test streaming S/MIME format, 3 recipients, keyid",
-        "-encrypt -in smcont.txt"
-          . " -stream -out test.cms -keyid"
-          . " $smdir/smrsa1.pem $smdir/smrsa2.pem $smdir/smrsa3.pem ",
-        "-decrypt -recip $smdir/smrsa1.pem -in test.cms -out smtst.txt"
-    ],
-
-    [
-        "enveloped content test streaming PEM format, KEK",
-        "-encrypt -in smcont.txt -outform PEM -aes128"
-          . " -stream -out test.cms "
-          . " -secretkey 000102030405060708090A0B0C0D0E0F "
-          . " -secretkeyid C0FEE0",
-        "-decrypt -in test.cms -out smtst.txt -inform PEM"
-          . " -secretkey 000102030405060708090A0B0C0D0E0F "
-          . " -secretkeyid C0FEE0"
-    ],
-
-    [
-        "enveloped content test streaming PEM format, KEK, key only",
-        "-encrypt -in smcont.txt -outform PEM -aes128"
-          . " -stream -out test.cms "
-          . " -secretkey 000102030405060708090A0B0C0D0E0F "
-          . " -secretkeyid C0FEE0",
-        "-decrypt -in test.cms -out smtst.txt -inform PEM"
-          . " -secretkey 000102030405060708090A0B0C0D0E0F "
-    ],
-
-    [
-        "data content test streaming PEM format",
-        "-data_create -in smcont.txt -outform PEM -nodetach"
-          . " -stream -out test.cms",
-        "-data_out -in test.cms -inform PEM -out smtst.txt"
-    ],
-
-    [
-        "encrypted content test streaming PEM format, 128 bit RC2 key",
-        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
-          . " -rc2 -secretkey 000102030405060708090A0B0C0D0E0F"
-          . " -stream -out test.cms",
-        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
-          . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
-    ],
-
-    [
-        "encrypted content test streaming PEM format, 40 bit RC2 key",
-        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
-          . " -rc2 -secretkey 0001020304"
-          . " -stream -out test.cms",
-        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
-          . " -secretkey 0001020304 -out smtst.txt"
-    ],
-
-    [
-        "encrypted content test streaming PEM format, triple DES key",
-        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
-          . " -des3 -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
-          . " -stream -out test.cms",
-        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
-          . " -secretkey 000102030405060708090A0B0C0D0E0F1011121314151617"
-          . " -out smtst.txt"
-    ],
-
-    [
-        "encrypted content test streaming PEM format, 128 bit AES key",
-        "\"-EncryptedData_encrypt\" -in smcont.txt -outform PEM"
-          . " -aes128 -secretkey 000102030405060708090A0B0C0D0E0F"
-          . " -stream -out test.cms",
-        "\"-EncryptedData_decrypt\" -in test.cms -inform PEM "
-          . " -secretkey 000102030405060708090A0B0C0D0E0F -out smtst.txt"
-    ],
-
-);
-
-my @smime_cms_comp_tests = (
-
-    [
-        "compressed content test streaming PEM format",
-        "-compress -in smcont.txt -outform PEM -nodetach"
-          . " -stream -out test.cms",
-        "-uncompress -in test.cms -inform PEM -out smtst.txt"
-    ]
-
-);
-
-print "CMS => PKCS#7 compatibility tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $pk7cmd );
-
-print "CMS <= PKCS#7 compatibility tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $pk7cmd, $cmscmd );
-
-print "CMS <=> CMS consistency tests\n";
-
-run_smime_tests( \$badcmd, \@smime_pkcs7_tests, $cmscmd, $cmscmd );
-run_smime_tests( \$badcmd, \@smime_cms_tests,   $cmscmd, $cmscmd );
-
-if ( `$ossl_path version -f` =~ /ZLIB/ ) {
-    run_smime_tests( \$badcmd, \@smime_cms_comp_tests, $cmscmd, $cmscmd );
-}
-else {
-    print "Zlib not supported: compression tests skipped\n";
-}
-
-print "Running modified tests for OpenSSL 0.9.8 cms backport\n" if($ossl8);
-
-if ($badcmd) {
-    print "$badcmd TESTS FAILED!!\n";
-}
-else {
-    print "ALL TESTS SUCCESSFUL.\n";
-}
-
-unlink "test.cms";
-unlink "test2.cms";
-unlink "smtst.txt";
-unlink "cms.out";
-unlink "cms.err";
-
-sub run_smime_tests {
-    my ( $rv, $aref, $scmd, $vcmd ) = @_;
-
-    foreach $smtst (@$aref) {
-        my ( $tnam, $rscmd, $rvcmd ) = @$smtst;
-        if ($ossl8)
-                {
-                # Skip smime resign: 0.9.8 smime doesn't support -resign        
-                next if ($scmd =~ /smime/ && $rscmd =~ /-resign/);
-                # Disable streaming: option not supported in 0.9.8
-                $tnam =~ s/streaming//; 
-                $rscmd =~ s/-stream//;  
-                $rvcmd =~ s/-stream//;
-                }
-        system("$scmd$rscmd$redir");
-        if ($?) {
-            print "$tnam: generation error\n";
-            $$rv++;
-            exit 1 if $halt_err;
-            next;
-        }
-        system("$vcmd$rvcmd$redir");
-        if ($?) {
-            print "$tnam: verify error\n";
-            $$rv++;
-            exit 1 if $halt_err;
-            next;
-        }
-        if (!cmp_files("smtst.txt", "smcont.txt")) {
-            print "$tnam: content verify error\n";
-            $$rv++;
-            exit 1 if $halt_err;
-            next;
-        }
-        print "$tnam: OK\n";
-    }
-}
-
-sub cmp_files {
-    use FileHandle;
-    my ( $f1, $f2 ) = @_;
-    my $fp1 = FileHandle->new();
-    my $fp2 = FileHandle->new();
-
-    my ( $rd1, $rd2 );
-
-    if ( !open( $fp1, "<$f1" ) ) {
-        print STDERR "Can't Open file $f1\n";
-        return 0;
-    }
-
-    if ( !open( $fp2, "<$f2" ) ) {
-        print STDERR "Can't Open file $f2\n";
-        return 0;
-    }
-
-    binmode $fp1;
-    binmode $fp2;
-
-    my $ret = 0;
-
-    for ( ; ; ) {
-        $n1 = sysread $fp1, $rd1, 4096;
-        $n2 = sysread $fp2, $rd2, 4096;
-        last if ( $n1 != $n2 );
-        last if ( $rd1 ne $rd2 );
-
-        if ( $n1 == 0 ) {
-            $ret = 1;
-            last;
-        }
-
-    }
-
-    close $fp1;
-    close $fp2;
-
-    return $ret;
-
-}
-
diff --git a/src/lib/libssl/test/pkcs7-1.pem b/src/lib/libssl/test/pkcs7-1.pem
deleted file mode 100644
index c47b27af88..0000000000
--- a/src/lib/libssl/test/pkcs7-1.pem
+++ /dev/null
@@ -1,15 +0,0 @@
------BEGIN PKCS7-----
-MIICUAYJKoZIhvcNAQcCoIICQTCCAj0CAQExDjAMBggqhkiG9w0CAgUAMCgGCSqG
-SIb3DQEHAaAbBBlFdmVyeW9uZSBnZXRzIEZyaWRheSBvZmYuoIIBXjCCAVowggEE
-AgQUAAApMA0GCSqGSIb3DQEBAgUAMCwxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRF
-eGFtcGxlIE9yZ2FuaXphdGlvbjAeFw05MjA5MDkyMjE4MDZaFw05NDA5MDkyMjE4
-MDVaMEIxCzAJBgNVBAYTAlVTMR0wGwYDVQQKExRFeGFtcGxlIE9yZ2FuaXphdGlv
-bjEUMBIGA1UEAxMLVGVzdCBVc2VyIDEwWzANBgkqhkiG9w0BAQEFAANKADBHAkAK
-ZnkdxpiBaN56t3QZu3+wwAHGJxAnAHUUKULhmo2MUdBTs+N4Kh3l3Fr06+mUaBcB
-FKHf5nzcmpr1XWVWILurAgMBAAEwDQYJKoZIhvcNAQECBQADQQBFGqHhqncgSl/N
-9XYGnQL3MsJvNnsNV4puZPOakR9Hld8JlDQFEaDR30ogsmp3TMrvdfxpLlTCoZN8
-BxEmnZsWMYGbMIGYAgEBMDQwLDELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1w
-bGUgT3JnYW5pemF0aW9uAgQUAAApMAwGCCqGSIb3DQICBQAwDQYJKoZIhvcNAQEB
-BQAEQAX6aoEvx9+L9PJUJQngPoRuEbnGIL4gCe+0QO+8xmkhaZSsBPNBtX0FIC1C
-j7Kie1x339mxW/w9VZNTUDQQweHh
------END PKCS7-----
diff --git a/src/lib/libssl/test/pkcs7.pem b/src/lib/libssl/test/pkcs7.pem
deleted file mode 100644
index d55c60b94e..0000000000
--- a/src/lib/libssl/test/pkcs7.pem
+++ /dev/null
@@ -1,54 +0,0 @@
-     MIAGCSqGSIb3DQEHAqCAMIACAQExADCABgkqhkiG9w0BBwEAAKCAMIIE+DCCBGGg
-     AwIBAgIQaGSF/JpbS1C223+yrc+N1DANBgkqhkiG9w0BAQQFADBiMREwDwYDVQQH
-     EwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1Zl
-     cmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwHhcNOTYw
-     ODEyMDAwMDAwWhcNOTYwODE3MjM1OTU5WjCCASAxETAPBgNVBAcTCEludGVybmV0
-     MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xh
-     c3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjE3MDUGA1UECxMuRGlnaXRh
-     bCBJRCBDbGFzcyAxIC0gU01JTUUgVmVyaVNpZ24sIEluYy4gVEVTVDFGMEQGA1UE
-     CxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUyBJbmNvcnAuIGJ5IFJl
-     Zi4sTElBQi5MVEQoYyk5NjEZMBcGA1UEAxMQQWxleGFuZHJlIERlYWNvbjEgMB4G
-     CSqGSIb3DQEJARYRYWxleEB2ZXJpc2lnbi5jb20wWzANBgkqhkiG9w0BAQEFAANK
-     ADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDORl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0
-     l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMBAAGjggIyMIICLjAJBgNVHRMEAjAAMIIC
-     HwYDVR0DBIICFjCCAhIwggIOMIICCgYLYIZIAYb4RQEHAQEwggH5FoIBp1RoaXMg
-     Y2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVzIGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1
-     c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0bywgdGhlIFZlcmlTaWduIENlcnRpZmlj
-     YXRpb24gUHJhY3RpY2UgU3RhdGVtZW50IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0
-     dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9DUFM7IGJ5IEUtbWFpbCBhdCBDUFMtcmVx
-     dWVzdHNAdmVyaXNpZ24uY29tOyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMu
-     LCAyNTkzIENvYXN0IEF2ZS4sIE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBU
-     ZWwuICsxICg0MTUpIDk2MS04ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2ln
-     biwgSW5jLiAgQWxsIFJpZ2h0cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVT
-     IERJU0NMQUlNRUQgYW5kIExJQUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcB
-     AQGhDgYMYIZIAYb4RQEHAQECMCwwKhYoaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
-     L3JlcG9zaXRvcnkvQ1BTIDANBgkqhkiG9w0BAQQFAAOBgQAimWMGQwwwxk+b3KAL
-     HlSWXtU7LWHe29CEG8XeVNTvrqs6SBqT7OoENOkGxpfdpVgZ3Qw2SKjxDvbvpfSF
-     slsqcxWSgB/hWuaVuZCkvTw/dYGGOxkTJGxvDCfl1PZjX4dKbatslsi9Z9HpGWT7
-     ttItRwKqcBKgmCJvKi1pGWED0zCCAnkwggHioAMCAQICEDURpVKQb+fQKaRAGdQR
-     /D4wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlT
-     aWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRp
-     ZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk3MDYyNzIzNTk1
-     OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu
-     MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJz
-     Y3JpYmVyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2FKbPTdAFDdjKI9Bv
-     qrQpkmOOLPhvltcunXZLEbE2jVfJw/0cxrr+Hgi6M8qV6r7jW80GqLd5HUQq7XPy
-     sVKDaBBwZJHXPmv5912dFEObbpdFmIFH0S3L3bty10w/cariQPJUObwW7s987Lrb
-     P2wqsxaxhhKdrpM01bjV0Pc+qQIDAQABozMwMTAPBgNVHRMECDAGAQH/AgEBMAsG
-     A1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADgYEA
-     KeXHoBmnbxRCgk0jM9e9mDppdxpsipIna/J8DOHEUuD4nONAr4+xOg73SBl026n7
-     Bk55A2wvAMGo7+kKTZ+rHaFDDcmq4O+rzFri2RIOeGAncj1IcGptAQhvXoIhFMG4
-     Jlzg1KlHZHqy7D3jex78zcSU7kKOu8f5tAX1jC3+sToAAKGAMIIBJzCBkTANBgkq
-     hkiG9w0BAQIFADBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNp
-     Z24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk
-     dWFsIFN1YnNjcmliZXIXDTk2MDcwMTE3MzA0MFoXDTk3MDcwMTAwMDAwMFowDQYJ
-     KoZIhvcNAQECBQADgYEAGLuQ6PX8A7AiqBEtWzYtl6lZNSDI0bR5YUo+D2Jzkw30
-     dxQnJSbKXEc6XYuzAW5HvrzATXu5c19WWPT4cRDwmjH71i9QcDysWwf/wE0qGTiW
-     I3tQT0I5VGh7jIJD07nlBw3R4Xl8dH9kr85JsWinqDH5YKpIo9o8knY5n7+qjOow
-     ggEkMIGOMA0GCSqGSIb3DQEBAgUAMF8xCzAJBgNVBAYTAlVTMRcwFQYDVQQKEw5W
-     ZXJpU2lnbiwgSW5jLjE3MDUGA1UECxMuQ2xhc3MgMSBQdWJsaWMgUHJpbWFyeSBD
-     ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eRcNOTYwNzE2MjMxMTI5WhcNOTYwODE1MDAw
-     MDAwWjANBgkqhkiG9w0BAQIFAAOBgQAXsLE4vnsY6sY67QrmWec7iaU2ehzxanEK
-     /9wKHZNuhlNzk+qGZZw2evxfUe2OaRbYpl8zuZvhK9BHD3ad14OSe9/zx5hOPgP/
-     DQXt6R4R8Q/1JheBrolrgbavjvI2wKS8/Psp2prBrkF4T48+AKRmS8Zzh1guxgvP
-     b+xSu/jH0gAAMYAAAAAAAAAAAA==
diff --git a/src/lib/libssl/test/pkits-test.pl b/src/lib/libssl/test/pkits-test.pl
deleted file mode 100644
index f10da008c0..0000000000
--- a/src/lib/libssl/test/pkits-test.pl
+++ /dev/null
@@ -1,949 +0,0 @@
-# test/pkits-test.pl
-# Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-# project.
-#
-# ====================================================================
-# Copyright (c) 2008 The OpenSSL Project.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-#
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-#
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in
-#    the documentation and/or other materials provided with the
-#    distribution.
-#
-# 3. All advertising materials mentioning features or use of this
-#    software must display the following acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-#
-# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-#    endorse or promote products derived from this software without
-#    prior written permission. For written permission, please contact
-#    licensing@OpenSSL.org.
-#
-# 5. Products derived from this software may not be called "OpenSSL"
-#    nor may "OpenSSL" appear in their names without prior written
-#    permission of the OpenSSL Project.
-#
-# 6. Redistributions of any form whatsoever must retain the following
-#    acknowledgment:
-#    "This product includes software developed by the OpenSSL Project
-#    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-#
-# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-# OF THE POSSIBILITY OF SUCH DAMAGE.
-# ====================================================================
-
-# Perl utility to run PKITS tests for RFC3280 compliance. 
-
-my $ossl_path;
-
-if ( -f "../apps/openssl" ) {
-    $ossl_path = "../util/shlib_wrap.sh ../apps/openssl";
-}
-elsif ( -f "..\\out32dll\\openssl.exe" ) {
-    $ossl_path = "..\\out32dll\\openssl.exe";
-}
-elsif ( -f "..\\out32\\openssl.exe" ) {
-    $ossl_path = "..\\out32\\openssl.exe";
-}
-else {
-    die "Can't find OpenSSL executable";
-}
-
-my $pkitsdir = "pkits/smime";
-my $pkitsta = "pkits/certs/TrustAnchorRootCertificate.crt";
-
-die "Can't find PKITS test data" if !-d $pkitsdir;
-
-my $nist1 = "2.16.840.1.101.3.2.1.48.1";
-my $nist2 = "2.16.840.1.101.3.2.1.48.2";
-my $nist3 = "2.16.840.1.101.3.2.1.48.3";
-my $nist4 = "2.16.840.1.101.3.2.1.48.4";
-my $nist5 = "2.16.840.1.101.3.2.1.48.5";
-my $nist6 = "2.16.840.1.101.3.2.1.48.6";
-
-my $apolicy = "X509v3 Any Policy";
-
-# This table contains the chapter headings of the accompanying PKITS
-# document. They provide useful informational output and their names
-# can be converted into the filename to test.
-
-my @testlists = (
-    [ "4.1", "Signature Verification" ],
-    [ "4.1.1", "Valid Signatures Test1",                        0 ],
-    [ "4.1.2", "Invalid CA Signature Test2",                    7 ],
-    [ "4.1.3", "Invalid EE Signature Test3",                    7 ],
-    [ "4.1.4", "Valid DSA Signatures Test4",                    0 ],
-    [ "4.1.5", "Valid DSA Parameter Inheritance Test5",         0 ],
-    [ "4.1.6", "Invalid DSA Signature Test6",                   7 ],
-    [ "4.2",   "Validity Periods" ],
-    [ "4.2.1", "Invalid CA notBefore Date Test1",               9 ],
-    [ "4.2.2", "Invalid EE notBefore Date Test2",               9 ],
-    [ "4.2.3", "Valid pre2000 UTC notBefore Date Test3",        0 ],
-    [ "4.2.4", "Valid GeneralizedTime notBefore Date Test4",    0 ],
-    [ "4.2.5", "Invalid CA notAfter Date Test5",                10 ],
-    [ "4.2.6", "Invalid EE notAfter Date Test6",                10 ],
-    [ "4.2.7", "Invalid pre2000 UTC EE notAfter Date Test7",    10 ],
-    [ "4.2.8", "Valid GeneralizedTime notAfter Date Test8",     0 ],
-    [ "4.3",   "Verifying Name Chaining" ],
-    [ "4.3.1", "Invalid Name Chaining EE Test1",                20 ],
-    [ "4.3.2", "Invalid Name Chaining Order Test2",             20 ],
-    [ "4.3.3", "Valid Name Chaining Whitespace Test3",          0 ],
-    [ "4.3.4", "Valid Name Chaining Whitespace Test4",          0 ],
-    [ "4.3.5", "Valid Name Chaining Capitalization Test5",      0 ],
-    [ "4.3.6", "Valid Name Chaining UIDs Test6",                0 ],
-    [ "4.3.7", "Valid RFC3280 Mandatory Attribute Types Test7", 0 ],
-    [ "4.3.8", "Valid RFC3280 Optional Attribute Types Test8",  0 ],
-    [ "4.3.9", "Valid UTF8String Encoded Names Test9",          0 ],
-    [ "4.3.10", "Valid Rollover from PrintableString to UTF8String Test10", 0 ],
-    [ "4.3.11", "Valid UTF8String Case Insensitive Match Test11",           0 ],
-    [ "4.4",    "Basic Certificate Revocation Tests" ],
-    [ "4.4.1",  "Missing CRL Test1",                                        3 ],
-    [ "4.4.2", "Invalid Revoked CA Test2",          23 ],
-    [ "4.4.3", "Invalid Revoked EE Test3",          23 ],
-    [ "4.4.4", "Invalid Bad CRL Signature Test4",   8 ],
-    [ "4.4.5", "Invalid Bad CRL Issuer Name Test5", 3 ],
-    [ "4.4.6", "Invalid Wrong CRL Test6",           3 ],
-    [ "4.4.7", "Valid Two CRLs Test7",              0 ],
-
-    # The test document suggests these should return certificate revoked...
-    # Subsequent discussion has concluded they should not due to unhandled
-    # critical CRL extensions.
-    [ "4.4.8", "Invalid Unknown CRL Entry Extension Test8", 36 ],
-    [ "4.4.9", "Invalid Unknown CRL Extension Test9",       36 ],
-
-    [ "4.4.10", "Invalid Unknown CRL Extension Test10",             36 ],
-    [ "4.4.11", "Invalid Old CRL nextUpdate Test11",                12 ],
-    [ "4.4.12", "Invalid pre2000 CRL nextUpdate Test12",            12 ],
-    [ "4.4.13", "Valid GeneralizedTime CRL nextUpdate Test13",      0 ],
-    [ "4.4.14", "Valid Negative Serial Number Test14",              0 ],
-    [ "4.4.15", "Invalid Negative Serial Number Test15",            23 ],
-    [ "4.4.16", "Valid Long Serial Number Test16",                  0 ],
-    [ "4.4.17", "Valid Long Serial Number Test17",                  0 ],
-    [ "4.4.18", "Invalid Long Serial Number Test18",                23 ],
-    [ "4.4.19", "Valid Separate Certificate and CRL Keys Test19",   0 ],
-    [ "4.4.20", "Invalid Separate Certificate and CRL Keys Test20", 23 ],
-
-    # CRL path is revoked so get a CRL path validation error
-    [ "4.4.21", "Invalid Separate Certificate and CRL Keys Test21",      54 ],
-    [ "4.5",    "Verifying Paths with Self-Issued Certificates" ],
-    [ "4.5.1",  "Valid Basic Self-Issued Old With New Test1",            0 ],
-    [ "4.5.2",  "Invalid Basic Self-Issued Old With New Test2",          23 ],
-    [ "4.5.3",  "Valid Basic Self-Issued New With Old Test3",            0 ],
-    [ "4.5.4",  "Valid Basic Self-Issued New With Old Test4",            0 ],
-    [ "4.5.5",  "Invalid Basic Self-Issued New With Old Test5",          23 ],
-    [ "4.5.6",  "Valid Basic Self-Issued CRL Signing Key Test6",         0 ],
-    [ "4.5.7",  "Invalid Basic Self-Issued CRL Signing Key Test7",       23 ],
-    [ "4.5.8",  "Invalid Basic Self-Issued CRL Signing Key Test8",       20 ],
-    [ "4.6",    "Verifying Basic Constraints" ],
-    [ "4.6.1",  "Invalid Missing basicConstraints Test1",                24 ],
-    [ "4.6.2",  "Invalid cA False Test2",                                24 ],
-    [ "4.6.3",  "Invalid cA False Test3",                                24 ],
-    [ "4.6.4",  "Valid basicConstraints Not Critical Test4",             0 ],
-    [ "4.6.5",  "Invalid pathLenConstraint Test5",                       25 ],
-    [ "4.6.6",  "Invalid pathLenConstraint Test6",                       25 ],
-    [ "4.6.7",  "Valid pathLenConstraint Test7",                         0 ],
-    [ "4.6.8",  "Valid pathLenConstraint Test8",                         0 ],
-    [ "4.6.9",  "Invalid pathLenConstraint Test9",                       25 ],
-    [ "4.6.10", "Invalid pathLenConstraint Test10",                      25 ],
-    [ "4.6.11", "Invalid pathLenConstraint Test11",                      25 ],
-    [ "4.6.12", "Invalid pathLenConstraint Test12",                      25 ],
-    [ "4.6.13", "Valid pathLenConstraint Test13",                        0 ],
-    [ "4.6.14", "Valid pathLenConstraint Test14",                        0 ],
-    [ "4.6.15", "Valid Self-Issued pathLenConstraint Test15",            0 ],
-    [ "4.6.16", "Invalid Self-Issued pathLenConstraint Test16",          25 ],
-    [ "4.6.17", "Valid Self-Issued pathLenConstraint Test17",            0 ],
-    [ "4.7",    "Key Usage" ],
-    [ "4.7.1",  "Invalid keyUsage Critical keyCertSign False Test1",     20 ],
-    [ "4.7.2",  "Invalid keyUsage Not Critical keyCertSign False Test2", 20 ],
-    [ "4.7.3",  "Valid keyUsage Not Critical Test3",                     0 ],
-    [ "4.7.4",  "Invalid keyUsage Critical cRLSign False Test4",         35 ],
-    [ "4.7.5",  "Invalid keyUsage Not Critical cRLSign False Test5",     35 ],
-
-    # Certificate policy tests need special handling. They can have several
-    # sub tests and we need to check the outputs are correct.
-
-    [ "4.8", "Certificate Policies" ],
-    [
-        "4.8.1.1",
-        "All Certificates Same Policy Test1",
-        "-policy anyPolicy -explicit_policy",
-        "True", $nist1, $nist1, 0
-    ],
-    [
-        "4.8.1.2",
-        "All Certificates Same Policy Test1",
-        "-policy $nist1 -explicit_policy",
-        "True", $nist1, $nist1, 0
-    ],
-    [
-        "4.8.1.3",
-        "All Certificates Same Policy Test1",
-        "-policy $nist2 -explicit_policy",
-        "True", $nist1, "<empty>", 43
-    ],
-    [
-        "4.8.1.4",
-        "All Certificates Same Policy Test1",
-        "-policy $nist1 -policy $nist2 -explicit_policy",
-        "True", $nist1, $nist1, 0
-    ],
-    [
-        "4.8.2.1",
-        "All Certificates No Policies Test2",
-        "-policy anyPolicy",
-        "False", "<empty>", "<empty>", 0
-    ],
-    [
-        "4.8.2.2",
-        "All Certificates No Policies Test2",
-        "-policy anyPolicy -explicit_policy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.3.1",
-        "Different Policies Test3",
-        "-policy anyPolicy",
-        "False", "<empty>", "<empty>", 0
-    ],
-    [
-        "4.8.3.2",
-        "Different Policies Test3",
-        "-policy anyPolicy -explicit_policy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.3.3",
-        "Different Policies Test3",
-        "-policy $nist1 -policy $nist2 -explicit_policy",
-        "True", "<empty>", "<empty>", 43
-    ],
-
-    [
-        "4.8.4",
-        "Different Policies Test4",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.5",
-        "Different Policies Test5",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.6.1",
-        "Overlapping Policies Test6",
-        "-policy anyPolicy",
-        "True", $nist1, $nist1, 0
-    ],
-    [
-        "4.8.6.2",
-        "Overlapping Policies Test6",
-        "-policy $nist1",
-        "True", $nist1, $nist1, 0
-    ],
-    [
-        "4.8.6.3",
-        "Overlapping Policies Test6",
-        "-policy $nist2",
-        "True", $nist1, "<empty>", 43
-    ],
-    [
-        "4.8.7",
-        "Different Policies Test7",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.8",
-        "Different Policies Test8",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.9",
-        "Different Policies Test9",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.10.1",
-        "All Certificates Same Policies Test10",
-        "-policy $nist1",
-        "True", "$nist1:$nist2", "$nist1", 0
-    ],
-    [
-        "4.8.10.2",
-        "All Certificates Same Policies Test10",
-        "-policy $nist2",
-        "True", "$nist1:$nist2", "$nist2", 0
-    ],
-    [
-        "4.8.10.3",
-        "All Certificates Same Policies Test10",
-        "-policy anyPolicy",
-        "True", "$nist1:$nist2", "$nist1:$nist2", 0
-    ],
-    [
-        "4.8.11.1",
-        "All Certificates AnyPolicy Test11",
-        "-policy anyPolicy",
-        "True", "$apolicy", "$apolicy", 0
-    ],
-    [
-        "4.8.11.2",
-        "All Certificates AnyPolicy Test11",
-        "-policy $nist1",
-        "True", "$apolicy", "$nist1", 0
-    ],
-    [
-        "4.8.12",
-        "Different Policies Test12",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.8.13.1",
-        "All Certificates Same Policies Test13",
-        "-policy $nist1",
-        "True", "$nist1:$nist2:$nist3", "$nist1", 0
-    ],
-    [
-        "4.8.13.2",
-        "All Certificates Same Policies Test13",
-        "-policy $nist2",
-        "True", "$nist1:$nist2:$nist3", "$nist2", 0
-    ],
-    [
-        "4.8.13.3",
-        "All Certificates Same Policies Test13",
-        "-policy $nist3",
-        "True", "$nist1:$nist2:$nist3", "$nist3", 0
-    ],
-    [
-        "4.8.14.1",       "AnyPolicy Test14",
-        "-policy $nist1", "True",
-        "$nist1",         "$nist1",
-        0
-    ],
-    [
-        "4.8.14.2",       "AnyPolicy Test14",
-        "-policy $nist2", "True",
-        "$nist1",         "<empty>",
-        43
-    ],
-    [
-        "4.8.15",
-        "User Notice Qualifier Test15",
-        "-policy anyPolicy",
-        "False", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.8.16",
-        "User Notice Qualifier Test16",
-        "-policy anyPolicy",
-        "False", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.8.17",
-        "User Notice Qualifier Test17",
-        "-policy anyPolicy",
-        "False", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.8.18.1",
-        "User Notice Qualifier Test18",
-        "-policy $nist1",
-        "True", "$nist1:$nist2", "$nist1", 0
-    ],
-    [
-        "4.8.18.2",
-        "User Notice Qualifier Test18",
-        "-policy $nist2",
-        "True", "$nist1:$nist2", "$nist2", 0
-    ],
-    [
-        "4.8.19",
-        "User Notice Qualifier Test19",
-        "-policy anyPolicy",
-        "False", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.8.20",
-        "CPS Pointer Qualifier Test20",
-        "-policy anyPolicy -explicit_policy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [ "4.9", "Require Explicit Policy" ],
-    [
-        "4.9.1",
-        "Valid RequireExplicitPolicy Test1",
-        "-policy anyPolicy",
-        "False", "<empty>", "<empty>", 0
-    ],
-    [
-        "4.9.2",
-        "Valid RequireExplicitPolicy Test2",
-        "-policy anyPolicy",
-        "False", "<empty>", "<empty>", 0
-    ],
-    [
-        "4.9.3",
-        "Invalid RequireExplicitPolicy Test3",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.9.4",
-        "Valid RequireExplicitPolicy Test4",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.9.5",
-        "Invalid RequireExplicitPolicy Test5",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.9.6",
-        "Valid Self-Issued requireExplicitPolicy Test6",
-        "-policy anyPolicy",
-        "False", "<empty>", "<empty>", 0
-    ],
-    [
-        "4.9.7",
-        "Invalid Self-Issued requireExplicitPolicy Test7",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.9.8",
-        "Invalid Self-Issued requireExplicitPolicy Test8",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [ "4.10", "Policy Mappings" ],
-    [
-        "4.10.1.1",
-        "Valid Policy Mapping Test1",
-        "-policy $nist1",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.10.1.2",
-        "Valid Policy Mapping Test1",
-        "-policy $nist2",
-        "True", "$nist1", "<empty>", 43
-    ],
-    [
-        "4.10.1.3",
-        "Valid Policy Mapping Test1",
-        "-policy anyPolicy -inhibit_map",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.10.2.1",
-        "Invalid Policy Mapping Test2",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.10.2.2",
-        "Invalid Policy Mapping Test2",
-        "-policy anyPolicy -inhibit_map",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.10.3.1",
-        "Valid Policy Mapping Test3",
-        "-policy $nist1",
-        "True", "$nist2", "<empty>", 43
-    ],
-    [
-        "4.10.3.2",
-        "Valid Policy Mapping Test3",
-        "-policy $nist2",
-        "True", "$nist2", "$nist2", 0
-    ],
-    [
-        "4.10.4",
-        "Invalid Policy Mapping Test4",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.10.5.1",
-        "Valid Policy Mapping Test5",
-        "-policy $nist1",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.10.5.2",
-        "Valid Policy Mapping Test5",
-        "-policy $nist6",
-        "True", "$nist1", "<empty>", 43
-    ],
-    [
-        "4.10.6.1",
-        "Valid Policy Mapping Test6",
-        "-policy $nist1",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.10.6.2",
-        "Valid Policy Mapping Test6",
-        "-policy $nist6",
-        "True", "$nist1", "<empty>", 43
-    ],
-    [ "4.10.7", "Invalid Mapping From anyPolicy Test7", 42 ],
-    [ "4.10.8", "Invalid Mapping To anyPolicy Test8",   42 ],
-    [
-        "4.10.9",
-        "Valid Policy Mapping Test9",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.10.10",
-        "Invalid Policy Mapping Test10",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.10.11",
-        "Valid Policy Mapping Test11",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-
-    # TODO: check notice display
-    [
-        "4.10.12.1",
-        "Valid Policy Mapping Test12",
-        "-policy $nist1",
-        "True", "$nist1:$nist2", "$nist1", 0
-    ],
-
-    # TODO: check notice display
-    [
-        "4.10.12.2",
-        "Valid Policy Mapping Test12",
-        "-policy $nist2",
-        "True", "$nist1:$nist2", "$nist2", 0
-    ],
-    [
-        "4.10.13",
-        "Valid Policy Mapping Test13",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-
-    # TODO: check notice display
-    [
-        "4.10.14",
-        "Valid Policy Mapping Test14",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [ "4.11", "Inhibit Policy Mapping" ],
-    [
-        "4.11.1",
-        "Invalid inhibitPolicyMapping Test1",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.2",
-        "Valid inhibitPolicyMapping Test2",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.11.3",
-        "Invalid inhibitPolicyMapping Test3",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.4",
-        "Valid inhibitPolicyMapping Test4",
-        "-policy anyPolicy",
-        "True", "$nist2", "$nist2", 0
-    ],
-    [
-        "4.11.5",
-        "Invalid inhibitPolicyMapping Test5",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.6",
-        "Invalid inhibitPolicyMapping Test6",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.7",
-        "Valid Self-Issued inhibitPolicyMapping Test7",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.11.8",
-        "Invalid Self-Issued inhibitPolicyMapping Test8",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.9",
-        "Invalid Self-Issued inhibitPolicyMapping Test9",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.10",
-        "Invalid Self-Issued inhibitPolicyMapping Test10",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.11.11",
-        "Invalid Self-Issued inhibitPolicyMapping Test11",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [ "4.12", "Inhibit Any Policy" ],
-    [
-        "4.12.1",
-        "Invalid inhibitAnyPolicy Test1",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.12.2",
-        "Valid inhibitAnyPolicy Test2",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.12.3.1",
-        "inhibitAnyPolicy Test3",
-        "-policy anyPolicy",
-        "True", "$nist1", "$nist1", 0
-    ],
-    [
-        "4.12.3.2",
-        "inhibitAnyPolicy Test3",
-        "-policy anyPolicy -inhibit_any",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.12.4",
-        "Invalid inhibitAnyPolicy Test4",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.12.5",
-        "Invalid inhibitAnyPolicy Test5",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [
-        "4.12.6",
-        "Invalid inhibitAnyPolicy Test6",
-        "-policy anyPolicy",
-        "True", "<empty>", "<empty>", 43
-    ],
-    [ "4.12.7",  "Valid Self-Issued inhibitAnyPolicy Test7",      0 ],
-    [ "4.12.8",  "Invalid Self-Issued inhibitAnyPolicy Test8",    43 ],
-    [ "4.12.9",  "Valid Self-Issued inhibitAnyPolicy Test9",      0 ],
-    [ "4.12.10", "Invalid Self-Issued inhibitAnyPolicy Test10",   43 ],
-    [ "4.13",    "Name Constraints" ],
-    [ "4.13.1",  "Valid DN nameConstraints Test1",                0 ],
-    [ "4.13.2",  "Invalid DN nameConstraints Test2",              47 ],
-    [ "4.13.3",  "Invalid DN nameConstraints Test3",              47 ],
-    [ "4.13.4",  "Valid DN nameConstraints Test4",                0 ],
-    [ "4.13.5",  "Valid DN nameConstraints Test5",                0 ],
-    [ "4.13.6",  "Valid DN nameConstraints Test6",                0 ],
-    [ "4.13.7",  "Invalid DN nameConstraints Test7",              48 ],
-    [ "4.13.8",  "Invalid DN nameConstraints Test8",              48 ],
-    [ "4.13.9",  "Invalid DN nameConstraints Test9",              48 ],
-    [ "4.13.10", "Invalid DN nameConstraints Test10",             48 ],
-    [ "4.13.11", "Valid DN nameConstraints Test11",               0 ],
-    [ "4.13.12", "Invalid DN nameConstraints Test12",             47 ],
-    [ "4.13.13", "Invalid DN nameConstraints Test13",             47 ],
-    [ "4.13.14", "Valid DN nameConstraints Test14",               0 ],
-    [ "4.13.15", "Invalid DN nameConstraints Test15",             48 ],
-    [ "4.13.16", "Invalid DN nameConstraints Test16",             48 ],
-    [ "4.13.17", "Invalid DN nameConstraints Test17",             48 ],
-    [ "4.13.18", "Valid DN nameConstraints Test18",               0 ],
-    [ "4.13.19", "Valid Self-Issued DN nameConstraints Test19",   0 ],
-    [ "4.13.20", "Invalid Self-Issued DN nameConstraints Test20", 47 ],
-    [ "4.13.21", "Valid RFC822 nameConstraints Test21",           0 ],
-    [ "4.13.22", "Invalid RFC822 nameConstraints Test22",         47 ],
-    [ "4.13.23", "Valid RFC822 nameConstraints Test23",           0 ],
-    [ "4.13.24", "Invalid RFC822 nameConstraints Test24",         47 ],
-    [ "4.13.25", "Valid RFC822 nameConstraints Test25",           0 ],
-    [ "4.13.26", "Invalid RFC822 nameConstraints Test26",         48 ],
-    [ "4.13.27", "Valid DN and RFC822 nameConstraints Test27",    0 ],
-    [ "4.13.28", "Invalid DN and RFC822 nameConstraints Test28",  47 ],
-    [ "4.13.29", "Invalid DN and RFC822 nameConstraints Test29",  47 ],
-    [ "4.13.30", "Valid DNS nameConstraints Test30",              0 ],
-    [ "4.13.31", "Invalid DNS nameConstraints Test31",            47 ],
-    [ "4.13.32", "Valid DNS nameConstraints Test32",              0 ],
-    [ "4.13.33", "Invalid DNS nameConstraints Test33",            48 ],
-    [ "4.13.34", "Valid URI nameConstraints Test34",              0 ],
-    [ "4.13.35", "Invalid URI nameConstraints Test35",            47 ],
-    [ "4.13.36", "Valid URI nameConstraints Test36",              0 ],
-    [ "4.13.37", "Invalid URI nameConstraints Test37",            48 ],
-    [ "4.13.38", "Invalid DNS nameConstraints Test38",            47 ],
-    [ "4.14",    "Distribution Points" ],
-    [ "4.14.1",  "Valid distributionPoint Test1",                 0 ],
-    [ "4.14.2",  "Invalid distributionPoint Test2",               23 ],
-    [ "4.14.3",  "Invalid distributionPoint Test3",               44 ],
-    [ "4.14.4",  "Valid distributionPoint Test4",                 0 ],
-    [ "4.14.5",  "Valid distributionPoint Test5",                 0 ],
-    [ "4.14.6",  "Invalid distributionPoint Test6",               23 ],
-    [ "4.14.7",  "Valid distributionPoint Test7",                 0 ],
-    [ "4.14.8",  "Invalid distributionPoint Test8",               44 ],
-    [ "4.14.9",  "Invalid distributionPoint Test9",               44 ],
-    [ "4.14.10", "Valid No issuingDistributionPoint Test10",      0 ],
-    [ "4.14.11", "Invalid onlyContainsUserCerts CRL Test11",      44 ],
-    [ "4.14.12", "Invalid onlyContainsCACerts CRL Test12",        44 ],
-    [ "4.14.13", "Valid onlyContainsCACerts CRL Test13",          0 ],
-    [ "4.14.14", "Invalid onlyContainsAttributeCerts Test14",     44 ],
-    [ "4.14.15", "Invalid onlySomeReasons Test15",                23 ],
-    [ "4.14.16", "Invalid onlySomeReasons Test16",                23 ],
-    [ "4.14.17", "Invalid onlySomeReasons Test17",                3 ],
-    [ "4.14.18", "Valid onlySomeReasons Test18",                  0 ],
-    [ "4.14.19", "Valid onlySomeReasons Test19",                  0 ],
-    [ "4.14.20", "Invalid onlySomeReasons Test20",                23 ],
-    [ "4.14.21", "Invalid onlySomeReasons Test21",                23 ],
-    [ "4.14.22", "Valid IDP with indirectCRL Test22",             0 ],
-    [ "4.14.23", "Invalid IDP with indirectCRL Test23",           23 ],
-    [ "4.14.24", "Valid IDP with indirectCRL Test24",             0 ],
-    [ "4.14.25", "Valid IDP with indirectCRL Test25",             0 ],
-    [ "4.14.26", "Invalid IDP with indirectCRL Test26",           44 ],
-    [ "4.14.27", "Invalid cRLIssuer Test27",                      3 ],
-    [ "4.14.28", "Valid cRLIssuer Test28",                        0 ],
-    [ "4.14.29", "Valid cRLIssuer Test29",                        0 ],
-
-    # Although this test is valid it has a circular dependency. As a result
-    # an attempt is made to recursively check a CRL path and rejected due to
-    # a CRL path validation error. PKITS notes suggest this test does not
-    # need to be run due to this issue.
-    [ "4.14.30", "Valid cRLIssuer Test30",                                 54 ],
-    [ "4.14.31", "Invalid cRLIssuer Test31",                               23 ],
-    [ "4.14.32", "Invalid cRLIssuer Test32",                               23 ],
-    [ "4.14.33", "Valid cRLIssuer Test33",                                 0 ],
-    [ "4.14.34", "Invalid cRLIssuer Test34",                               23 ],
-    [ "4.14.35", "Invalid cRLIssuer Test35",                               44 ],
-    [ "4.15",    "Delta-CRLs" ],
-    [ "4.15.1",  "Invalid deltaCRLIndicator No Base Test1",                3 ],
-    [ "4.15.2",  "Valid delta-CRL Test2",                                  0 ],
-    [ "4.15.3",  "Invalid delta-CRL Test3",                                23 ],
-    [ "4.15.4",  "Invalid delta-CRL Test4",                                23 ],
-    [ "4.15.5",  "Valid delta-CRL Test5",                                  0 ],
-    [ "4.15.6",  "Invalid delta-CRL Test6",                                23 ],
-    [ "4.15.7",  "Valid delta-CRL Test7",                                  0 ],
-    [ "4.15.8",  "Valid delta-CRL Test8",                                  0 ],
-    [ "4.15.9",  "Invalid delta-CRL Test9",                                23 ],
-    [ "4.15.10", "Invalid delta-CRL Test10",                               12 ],
-    [ "4.16",    "Private Certificate Extensions" ],
-    [ "4.16.1",  "Valid Unknown Not Critical Certificate Extension Test1", 0 ],
-    [ "4.16.2",  "Invalid Unknown Critical Certificate Extension Test2",   34 ],
-);
-
-
-my $verbose = 1;
-
-my $numtest = 0;
-my $numfail = 0;
-
-my $ossl = "ossl/apps/openssl";
-
-my $ossl_cmd = "$ossl_path cms -verify -verify_retcode ";
-$ossl_cmd .= "-CAfile pkitsta.pem -crl_check_all -x509_strict ";
-
-# Check for expiry of trust anchor
-system "$ossl_path x509 -inform DER -in $pkitsta -checkend 0";
-if ($? == 256)
-        {
-        print STDERR "WARNING: using older expired data\n";
-        $ossl_cmd .= "-attime 1291940972 ";
-        }
-
-$ossl_cmd .= "-policy_check -extended_crl -use_deltas -out /dev/null 2>&1 ";
-
-system "$ossl_path x509 -inform DER -in $pkitsta -out pkitsta.pem";
-
-die "Can't create trust anchor file" if $?;
-
-print "Running PKITS tests:\n" if $verbose;
-
-foreach (@testlists) {
-    my $argnum = @$_;
-    if ( $argnum == 2 ) {
-        my ( $tnum, $title ) = @$_;
-        print "$tnum $title\n" if $verbose;
-    }
-    elsif ( $argnum == 3 ) {
-        my ( $tnum, $title, $exp_ret ) = @$_;
-        my $filename = $title;
-        $exp_ret += 32 if $exp_ret;
-        $filename =~ tr/ -//d;
-        $filename = "Signed${filename}.eml";
-        if ( !-f "$pkitsdir/$filename" ) {
-            print "\"$filename\" not found\n";
-        }
-        else {
-            my $ret;
-            my $test_fail = 0;
-            my $errmsg    = "";
-            my $cmd       = $ossl_cmd;
-            $cmd .= "-in $pkitsdir/$filename -policy anyPolicy";
-            my $cmdout = `$cmd`;
-            $ret = $? >> 8;
-            if ( $? & 0xff ) {
-                $errmsg .= "Abnormal OpenSSL termination\n";
-                $test_fail = 1;
-            }
-            if ( $exp_ret != $ret ) {
-                $errmsg .= "Return code:$ret, ";
-                $errmsg .= "expected $exp_ret\n";
-                $test_fail = 1;
-            }
-            if ($test_fail) {
-                print "$tnum $title : Failed!\n";
-                print "Filename: $pkitsdir/$filename\n";
-                print $errmsg;
-                print "Command output:\n$cmdout\n";
-                $numfail++;
-            }
-            $numtest++;
-        }
-    }
-    elsif ( $argnum == 7 ) {
-        my ( $tnum, $title, $exargs, $exp_epol, $exp_aset, $exp_uset, $exp_ret )
-          = @$_;
-        my $filename = $title;
-        $exp_ret += 32 if $exp_ret;
-        $filename =~ tr/ -//d;
-        $filename = "Signed${filename}.eml";
-        if ( !-f "$pkitsdir/$filename" ) {
-            print "\"$filename\" not found\n";
-        }
-        else {
-            my $ret;
-            my $cmdout    = "";
-            my $errmsg    = "";
-            my $epol      = "";
-            my $aset      = "";
-            my $uset      = "";
-            my $pol       = -1;
-            my $test_fail = 0;
-            my $cmd       = $ossl_cmd;
-            $cmd .= "-in $pkitsdir/$filename $exargs -policy_print";
-            @oparr = `$cmd`;
-            $ret   = $? >> 8;
-
-            if ( $? & 0xff ) {
-                $errmsg .= "Abnormal OpenSSL termination\n";
-                $test_fail = 1;
-            }
-            foreach (@oparr) {
-                my $test_failed = 0;
-                $cmdout .= $_;
-                if (/^Require explicit Policy: (.*)$/) {
-                    $epol = $1;
-                }
-                if (/^Authority Policies/) {
-                    if (/empty/) {
-                        $aset = "<empty>";
-                    }
-                    else {
-                        $pol = 1;
-                    }
-                }
-                $test_fail = 1 if (/leak/i);
-                if (/^User Policies/) {
-                    if (/empty/) {
-                        $uset = "<empty>";
-                    }
-                    else {
-                        $pol = 2;
-                    }
-                }
-                if (/\s+Policy: (.*)$/) {
-                    if ( $pol == 1 ) {
-                        $aset .= ":" if $aset ne "";
-                        $aset .= $1;
-                    }
-                    elsif ( $pol == 2 ) {
-                        $uset .= ":" if $uset ne "";
-                        $uset .= $1;
-                    }
-                }
-            }
-
-            if ( $epol ne $exp_epol ) {
-                $errmsg .= "Explicit policy:$epol, ";
-                $errmsg .= "expected $exp_epol\n";
-                $test_fail = 1;
-            }
-            if ( $aset ne $exp_aset ) {
-                $errmsg .= "Authority policy set :$aset, ";
-                $errmsg .= "expected $exp_aset\n";
-                $test_fail = 1;
-            }
-            if ( $uset ne $exp_uset ) {
-                $errmsg .= "User policy set :$uset, ";
-                $errmsg .= "expected $exp_uset\n";
-                $test_fail = 1;
-            }
-
-            if ( $exp_ret != $ret ) {
-                print "Return code:$ret, expected $exp_ret\n";
-                $test_fail = 1;
-            }
-
-            if ($test_fail) {
-                print "$tnum $title : Failed!\n";
-                print "Filename: $pkitsdir/$filename\n";
-                print "Command output:\n$cmdout\n";
-                $numfail++;
-            }
-            $numtest++;
-        }
-    }
-}
-
-if ($numfail) {
-    print "$numfail tests failed out of $numtest\n";
-}
-else {
-    print "All Tests Successful.\n";
-}
-
-unlink "pkitsta.pem";
-
diff --git a/src/lib/libssl/test/smcont.txt b/src/lib/libssl/test/smcont.txt
deleted file mode 100644
index e837c0b75b..0000000000
--- a/src/lib/libssl/test/smcont.txt
+++ /dev/null
@@ -1 +0,0 @@
-Some test content for OpenSSL CMS
\ No newline at end of file
diff --git a/src/lib/libssl/test/smime-certs/smdsa1.pem b/src/lib/libssl/test/smime-certs/smdsa1.pem
deleted file mode 100644
index d5677dbfbe..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa1.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBuwIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
-SJCBQw5zAoGATQlPPF+OeU8nu3rsdXGDiZdJzOkuCce3KQfTABA9C+Dk4CVcvBdd
-YRLGpnykumkNTO1sTO+4/Gphsuje1ujK9td4UEhdYqylCe5QjEMrszDlJtelDQF9
-C0yhdjKGTP0kxofLhsGckcuQvcKEKffT2pDDKJIy4vWQO0UyJl1vjLcCFG2uiGGx
-9fMUZq1v0ePD4Wo0Xkxo
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsWMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBEU0EgIzEwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
-CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
-mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
-jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
-CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
-kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
-xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBN
-CU88X455Tye7eux1cYOJl0nM6S4Jx7cpB9MAED0L4OTgJVy8F11hEsamfKS6aQ1M
-7WxM77j8amGy6N7W6Mr213hQSF1irKUJ7lCMQyuzMOUm16UNAX0LTKF2MoZM/STG
-h8uGwZyRy5C9woQp99PakMMokjLi9ZA7RTImXW+Mt6OBgzCBgDAdBgNVHQ4EFgQU
-4Qfbhpi5yqXaXuCLXj427mR25MkwHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
-aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
-c21pbWVkc2ExQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBAFrdUzKK1pWO
-kd02S423KUBc4GWWyiGlVoEO7WxVhHLJ8sm67X7OtJOwe0UGt+Nc5qLtyJYSirw8
-phjiTdNpQCTJ8+Kc56tWkJ6H7NAI4vTJtPL5BM/EmeYrVSU9JI9xhqpyKw9IBD+n
-hRJ79W9FaiJRvaAOX+TkyTukJrxAWRyv
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa2.pem b/src/lib/libssl/test/smime-certs/smdsa2.pem
deleted file mode 100644
index ef86c115d7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa2.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
-SJCBQw5zAoGBAIPmO8BtJ+Yac58trrPwq9b/6VW3jQTWzTLWSH84/QQdqQa+Pz3v
-It/+hHM0daNF5uls8ICsPL1aLXmRx0pHvIyb0aAzYae4T4Jv/COPDMTdKbA1uitJ
-VbkGZrm+LIrs7I9lOkb4T0vI6kL/XdOCXY1469zsqCgJ/O2ibn6mq0nWAhR716o2
-Nf8SimTZYB0/CKje6M5ufA==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDpTCCAw6gAwIBAgIJAMtotfHYdEsXMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBEU0EgIzIwggG4MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
-CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
-mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
-jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
-CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
-kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
-xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhQACgYEA
-g+Y7wG0n5hpzny2us/Cr1v/pVbeNBNbNMtZIfzj9BB2pBr4/Pe8i3/6EczR1o0Xm
-6WzwgKw8vVoteZHHSke8jJvRoDNhp7hPgm/8I48MxN0psDW6K0lVuQZmub4siuzs
-j2U6RvhPS8jqQv9d04JdjXjr3OyoKAn87aJufqarSdajgYMwgYAwHQYDVR0OBBYE
-FHsAGNfVltSYUq4hC+YVYwsYtA+dMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcXdsab
-rWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgbAMCAGA1UdEQQZMBeB
-FXNtaW1lZHNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQCx9BtCbaYF
-FXjLClkuKXbESaDZA1biPgY25i00FsUzARuhCpqD2v+0tu5c33ZzIhL6xlvBRU5l
-6Atw/xpZhae+hdBEtxPJoGekLLrHOau7Md3XwDjV4lFgcEJkWZoaSOOIK+4D5jF0
-jZWtHjnwEzuLYlo7ScHSsbcQfjH0M1TP5A==
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsa3.pem b/src/lib/libssl/test/smime-certs/smdsa3.pem
deleted file mode 100644
index eeb848dabc..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsa3.pem
+++ /dev/null
@@ -1,34 +0,0 @@
------BEGIN DSA PRIVATE KEY-----
-MIIBvAIBAAKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3
-OjSGLh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqt
-GcoAgsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2J
-jt+dqk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qt
-wjqvWp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK
-+FMOGnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4Z
-SJCBQw5zAoGAYzOpPmh8Je1IDauEXhgaLz14wqYUHHcrj2VWVJ6fRm8GhdQFJSI7
-GUk08pgKZSKic2lNqxuzW7/vFxKQ/nvzfytY16b+2i+BR4Q6yvMzCebE1hHVg0Ju
-TwfUMwoFEOhYP6ZwHSUiQl9IBMH9TNJCMwYMxfY+VOrURFsjGTRUgpwCFQCIGt5g
-Y+XZd0Sv69CatDIRYWvaIA==
------END DSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIIDpDCCAw2gAwIBAgIJAMtotfHYdEsYMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBEU0EgIzMwggG3MIIBLAYHKoZIzjgEATCCAR8CgYEAxSX7
-CDziGsDDuW4sPgKGFITVcUXgTi0KLFN0L+AfJK2nNATa9zo0hi4dcGcR6oZQBNEJ
-mrE2iqI7pNtJzVnhZ3M0s+rw5dCFSRIUvFWKK+ZLfYC6rRnKAILH+IEQyLrSckA2
-jZ9yFWPPbl1FSKHsb0Hi0AwQoEDwuTvKyXagcLcCFQCtiY7fnapNO3kFBOfZKGFB
-CsjaKwKBgQCOCBKbrH/BteJAh5kbZx1zNrRuRFiQ5lukLcI6r1qdRilMeVhctbVV
-kfZ5eay9A4vpDXRDaPkpCo+4d7g7pRjiOk9JkGG1dodSCvhTDhpzqr2fHjUxNp+D
-xk6OabmetywZvkGK0LKzYlGOL2pCxUNqxCv0i8HbAxSuGUiQgUMOcwOBhAACgYBj
-M6k+aHwl7UgNq4ReGBovPXjCphQcdyuPZVZUnp9GbwaF1AUlIjsZSTTymAplIqJz
-aU2rG7Nbv+8XEpD+e/N/K1jXpv7aL4FHhDrK8zMJ5sTWEdWDQm5PB9QzCgUQ6Fg/
-pnAdJSJCX0gEwf1M0kIzBgzF9j5U6tREWyMZNFSCnKOBgzCBgDAdBgNVHQ4EFgQU
-VhpVXqQ/EzUMdxLvP7o9EhJ8h70wHwYDVR0jBBgwFoAUE89Lp7uJLrM4Vxd2xput
-aFvl7RcwDAYDVR0TAQH/BAIwADAOBgNVHQ8BAf8EBAMCBsAwIAYDVR0RBBkwF4EV
-c21pbWVkc2EzQG9wZW5zc2wub3JnMA0GCSqGSIb3DQEBBQUAA4GBACM9e75EQa8m
-k/AZkH/tROqf3yeqijULl9x8FjFatqoY+29OM6oMGM425IqSkKd2ipz7OxO0SShu
-rE0O3edS7DvYBwvhWPviRaYBMyZ4iFJVup+fOzoYK/j/bASxS3BHQBwb2r4rhe25
-OlTyyFEk7DJyW18YFOG97S1P52oQ5f5x
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smdsap.pem b/src/lib/libssl/test/smime-certs/smdsap.pem
deleted file mode 100644
index 249706c8c7..0000000000
--- a/src/lib/libssl/test/smime-certs/smdsap.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN DSA PARAMETERS-----
-MIIBHwKBgQDFJfsIPOIawMO5biw+AoYUhNVxReBOLQosU3Qv4B8krac0BNr3OjSG
-Lh1wZxHqhlAE0QmasTaKojuk20nNWeFnczSz6vDl0IVJEhS8VYor5kt9gLqtGcoA
-gsf4gRDIutJyQDaNn3IVY89uXUVIoexvQeLQDBCgQPC5O8rJdqBwtwIVAK2Jjt+d
-qk07eQUE59koYUEKyNorAoGBAI4IEpusf8G14kCHmRtnHXM2tG5EWJDmW6Qtwjqv
-Wp1GKUx5WFy1tVWR9nl5rL0Di+kNdENo+SkKj7h3uDulGOI6T0mQYbV2h1IK+FMO
-GnOqvZ8eNTE2n4PGTo5puZ63LBm+QYrQsrNiUY4vakLFQ2rEK/SLwdsDFK4ZSJCB
-Qw5z
------END DSA PARAMETERS-----
diff --git a/src/lib/libssl/test/smime-certs/smroot.pem b/src/lib/libssl/test/smime-certs/smroot.pem
deleted file mode 100644
index a59eb2684c..0000000000
--- a/src/lib/libssl/test/smime-certs/smroot.pem
+++ /dev/null
@@ -1,30 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQDBV1Z/Q5gPF7lojc8pKUdyz5+Jf2B3vs4he6egekugWnoJduki
-9Lnae/JchB/soIX0co3nLc11NuFFlnAWJNMDJr08l5AHAJLYNHevF5l/f9oDQwvZ
-speKh1xpIAJNqCTzVeQ/ZLx6/GccIXV/xDuKIiovqJTPgR5WPkYKaw++lQIDAQAB
-AoGALXnUj5SflJU4+B2652ydMKUjWl0KnL/VjkyejgGV/j6py8Ybaixz9q8Gv7oY
-JDlRqMC1HfZJCFQDQrHy5VJ+CywA/H9WrqKo/Ch9U4tJAZtkig1Cmay/BAYixVu0
-xBeim10aKF6hxHH4Chg9We+OCuzWBWJhqveNjuDedL/i7JUCQQDlejovcwBUCbhJ
-U12qKOwlaboolWbl7yF3XdckTJZg7+1UqQHZH5jYZlLZyZxiaC92SNV0SyTLJZnS
-Jh5CO+VDAkEA16/pPcuVtMMz/R6SSPpRSIAa1stLs0mFSs3NpR4pdm0n42mu05pO
-1tJEt3a1g7zkreQBf53+Dwb+lA841EkjRwJBAIFmt0DifKDnCkBu/jZh9SfzwsH3
-3Zpzik+hXxxdA7+ODCrdUul449vDd5zQD5t+XKU61QNLDGhxv5e9XvrCg7kCQH/a
-3ldsVF0oDaxxL+QkxoREtCQ5tLEd1u7F2q6Tl56FDE0pe6Ih6bQ8RtG+g9EI60IN
-U7oTrOO5kLWx5E0q4ccCQAZVgoenn9MhRU1agKOCuM6LT2DxReTu4XztJzynej+8
-0J93n3ebanB1MlRpn1XJwhQ7gAC8ImaQKLJK5jdJzFc=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICaTCCAdKgAwIBAgIJAP6VN47boiXRMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDdaFw0xNjA1MTExMzUzMDdaMEQx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRU
-ZXN0IFMvTUlNRSBSU0EgUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
-wVdWf0OYDxe5aI3PKSlHcs+fiX9gd77OIXunoHpLoFp6CXbpIvS52nvyXIQf7KCF
-9HKN5y3NdTbhRZZwFiTTAya9PJeQBwCS2DR3rxeZf3/aA0ML2bKXiodcaSACTagk
-81XkP2S8evxnHCF1f8Q7iiIqL6iUz4EeVj5GCmsPvpUCAwEAAaNjMGEwHQYDVR0O
-BBYEFBPPS6e7iS6zOFcXdsabrWhb5e0XMB8GA1UdIwQYMBaAFBPPS6e7iS6zOFcX
-dsabrWhb5e0XMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqG
-SIb3DQEBBQUAA4GBAIECprq5viDvnDbkyOaiSr9ubMUmWqvycfAJMdPZRKcOZczS
-l+L9R9lF3JSqbt3knOe9u6bGDBOTY2285PdCCuHRVMk2Af1f6El1fqAlRUwNqipp
-r68sWFuRqrcRNtk6QQvXfkOhrqQBuDa7te/OVQLa2lGN9Dr2mQsD8ijctatG
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa1.pem b/src/lib/libssl/test/smime-certs/smrsa1.pem
deleted file mode 100644
index 2cf3148e33..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa1.pem
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXgIBAAKBgQC6A978j4pmPgUtUQqF+bjh6vdhwGOGZSD7xXgFTMjm88twfv+E
-ixkq2KXSDjD0ZXoQbdOaSbvGRQrIJpG2NGiKAFdYNrP025kCCdh5wF/aEI7KLEm7
-JlHwXpQsuj4wkMgmkFjL3Ty4Z55aNH+2pPQIa0k+ENJXm2gDuhqgBmduAwIDAQAB
-AoGBAJMuYu51aO2THyeHGwt81uOytcCbqGP7eoib62ZOJhxPRGYjpmuqX+R9/V5i
-KiwGavm63JYUx0WO9YP+uIZxm1BUATzkgkS74u5LP6ajhkZh6/Bck1oIYYkbVOXl
-JVrdENuH6U7nupznsyYgONByo+ykFPVUGmutgiaC7NMVo/MxAkEA6KLejWXdCIEn
-xr7hGph9NlvY9xuRIMexRV/WrddcFfCdjI1PciIupgrIkR65M9yr7atm1iU6/aRf
-KOr8rLZsSQJBAMyyXN71NsDNx4BP6rtJ/LJMP0BylznWkA7zWfGCbAYn9VhZVlSY
-Eu9Gyr7quD1ix7G3kInKVYOEEOpockBLz+sCQQCedyMmKjcQLfpMVYW8uhbAynvW
-h36qV5yXZxszO7nMcCTBsxhk5IfmLv5EbCs3+p9avCDGyoGOeUMg+kC33WORAkAg
-oUIarH4o5+SoeJTTfCzTA0KF9H5U0vYt2+73h7HOnWoHxl3zqDZEfEVvf50U8/0f
-QELDJETTbScBJtsnkq43AkEA38etvoZ2i4FJvvo7R/9gWBHVEcrGzcsCBYrNnIR1
-SZLRwHEGaiOK1wxMsWzqp7PJwL9z/M8A8DyOFBx3GPOniA==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIJAMtotfHYdEsTMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBSU0EgIzEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALoD3vyPimY+BS1RCoX5uOHq92HAY4ZlIPvFeAVMyObzy3B+/4SLGSrYpdIOMPRl
-ehBt05pJu8ZFCsgmkbY0aIoAV1g2s/TbmQIJ2HnAX9oQjsosSbsmUfBelCy6PjCQ
-yCaQWMvdPLhnnlo0f7ak9AhrST4Q0lebaAO6GqAGZ24DAgMBAAGjgYMwgYAwHQYD
-VR0OBBYEFE2vMvKz5jrC7Lbdg68XwZ95iL/QMB8GA1UdIwQYMBaAFBPPS6e7iS6z
-OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
-EQQZMBeBFXNtaW1lcnNhMUBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQAi
-O3GOkUl646oLnOimc36i9wxZ1tejsqs8vMjJ0Pym6Uq9FE2JoGzJ6OhB1GOsEVmj
-9cQ5UNQcRYL3cqOFtl6f4Dpu/lhzfbaqgmLjv29G1mS0uuTZrixhlyCXjwcbOkNC
-I/+wvHHENYIK5+T/79M9LaZ2Qk4F9MNE1VMljdz9Qw==
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa2.pem b/src/lib/libssl/test/smime-certs/smrsa2.pem
deleted file mode 100644
index d41f69c82f..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa2.pem
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQCwBfryW4Vu5U9wNIDKspJO/N9YF4CcTlrCUyzVlKgb+8urHlSe
-59i5verR9IOCCXkemjOzZ/3nALTGqYZlnEvHp0Rjk+KdKXnKBIB+SRPpeu3LcXMT
-WPgsThPa0UQxedNKG0g6aG+kLhsDlFBCoxd09jJtSpb9jmroJOq0ZYEHLwIDAQAB
-AoGAKa/w4677Je1W5+r3SYoLDnvi5TkDs4D3C6ipKJgBTEdQz+DqB4w/DpZE4551
-+rkFn1LDxcxuHGRVa+tAMhZW97fwq9YUbjVZEyOz79qrX+BMyl/NbHkf1lIKDo3q
-dWalzQvop7nbzeLC+VmmviwZfLQUbA61AQl3jm4dswT4XykCQQDloDadEv/28NTx
-bvvywvyGuvJkCkEIycm4JrIInvwsd76h/chZ3oymrqzc7hkEtK6kThqlS5y+WXl6
-QzPruTKTAkEAxD2ro/VUoN+scIVaLmn0RBmZ67+9Pdn6pNSfjlK3s0T0EM6/iUWS
-M06l6L9wFS3/ceu1tIifsh9BeqOGTa+udQJARIFnybTBaIqw/NZ/lA1YCVn8tpvY
-iyaoZ6gjtS65TQrsdKeh/i3HCHNUXxUpoZ3F/H7QtD+6o49ODou+EbVOwQJAVmex
-A2gp8wuJKaINqxIL81AybZLnCCzKJ3lXJ5tUNyLNM/lUbGStktm2Q1zHRQwTxV07
-jFn7trn8YrtNjzcjYQJAUKIJRt38A8Jw3HoPT+D0WS2IgxjVL0eYGsZX1lyeammG
-6rfnQ3u5uP7mEK2EH2o8mDUpAE0gclWBU9UkKxJsGA==
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIJAMtotfHYdEsUMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDhaFw0xNjA1MTAxMzUzMDhaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBSU0EgIzIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALAF+vJbhW7lT3A0gMqykk7831gXgJxOWsJTLNWUqBv7y6seVJ7n2Lm96tH0g4IJ
-eR6aM7Nn/ecAtMaphmWcS8enRGOT4p0pecoEgH5JE+l67ctxcxNY+CxOE9rRRDF5
-00obSDpob6QuGwOUUEKjF3T2Mm1Klv2Oaugk6rRlgQcvAgMBAAGjgYMwgYAwHQYD
-VR0OBBYEFIL/u+mEvaw7RuKLRuElfVkxSQjYMB8GA1UdIwQYMBaAFBPPS6e7iS6z
-OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
-EQQZMBeBFXNtaW1lcnNhMkBvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQC2
-rXR5bm/9RtOMQPleNpd3y6uUX3oy+0CafK5Yl3PMnItjjnKJ0l1/DbLbDj2twehe
-ewaB8CROcBCA3AMLSmGvPKgUCFMGtWam3328M4fBHzon5ka7qDXzM+imkAly/Yx2
-YNdR/aNOug+5sXygHmTSKqiCpQjOIClzXoPVVeEVHw==
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/smime-certs/smrsa3.pem b/src/lib/libssl/test/smime-certs/smrsa3.pem
deleted file mode 100644
index c8cbe55151..0000000000
--- a/src/lib/libssl/test/smime-certs/smrsa3.pem
+++ /dev/null
@@ -1,31 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICXAIBAAKBgQC6syTZtZNe1hRScFc4PUVyVLsr7+C1HDIZnOHmwFoLayX6RHwy
-ep/TkdwiPHnemVLuwvpSjLMLZkXy/J764kSHJrNeVl3UvmCVCOm40hAtK1+F39pM
-h8phkbPPD7i+hwq4/Vs79o46nzwbVKmzgoZBJhZ+codujUSYM3LjJ4aq+wIDAQAB
-AoGAE1Zixrnr3bLGwBMqtYSDIOhtyos59whImCaLr17U9MHQWS+mvYO98if1aQZi
-iQ/QazJ+wvYXxWJ+dEB+JvYwqrGeuAU6He/rAb4OShG4FPVU2D19gzRnaButWMeT
-/1lgXV08hegGBL7RQNaN7b0viFYMcKnSghleMP0/q+Y/oaECQQDkXEwDYJW13X9p
-ijS20ykWdY5lLknjkHRhhOYux0rlhOqsyMZjoUmwI2m0qj9yrIysKhrk4MZaM/uC
-hy0xp3hdAkEA0Uv/UY0Kwsgc+W6YxeypECtg1qCE6FBib8n4iFy/6VcWqhvE5xrs
-OdhKv9/p6aLjLneGd1sU+F8eS9LGyKIbNwJBAJPgbNzXA7uUZriqZb5qeTXxBDfj
-RLfXSHYKAKEULxz3+JvRHB9SR4yHMiFrCdExiZrHXUkPgYLSHLGG5a4824UCQD6T
-9XvhquUARkGCAuWy0/3Eqoihp/t6BWSdQ9Upviu7YUhtUxsyXo0REZB7F4pGrJx5
-GlhXgFaewgUzuUHFzlMCQCzJMMWslWpoLntnR6sMhBMhBFHSw+Y5CbxBmFrdtSkd
-VdtNO1VuDCTxjjW7W3Khj7LX4KZ1ye/5jfAgnnnXisc=
------END RSA PRIVATE KEY-----
------BEGIN CERTIFICATE-----
-MIICizCCAfSgAwIBAgIJAMtotfHYdEsVMA0GCSqGSIb3DQEBBQUAMEQxCzAJBgNV
-BAYTAlVLMRYwFAYDVQQKEw1PcGVuU1NMIEdyb3VwMR0wGwYDVQQDExRUZXN0IFMv
-TUlNRSBSU0EgUm9vdDAeFw0wODAyMjIxMzUzMDlaFw0xNjA1MTAxMzUzMDlaMEUx
-CzAJBgNVBAYTAlVLMRYwFAYDVQQKDA1PcGVuU1NMIEdyb3VwMR4wHAYDVQQDDBVU
-ZXN0IFMvTUlNRSBFRSBSU0EgIzMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
-ALqzJNm1k17WFFJwVzg9RXJUuyvv4LUcMhmc4ebAWgtrJfpEfDJ6n9OR3CI8ed6Z
-Uu7C+lKMswtmRfL8nvriRIcms15WXdS+YJUI6bjSEC0rX4Xf2kyHymGRs88PuL6H
-Crj9Wzv2jjqfPBtUqbOChkEmFn5yh26NRJgzcuMnhqr7AgMBAAGjgYMwgYAwHQYD
-VR0OBBYEFDsSFjNtYZzd0tTHafNS7tneQQj6MB8GA1UdIwQYMBaAFBPPS6e7iS6z
-OFcXdsabrWhb5e0XMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgXgMCAGA1Ud
-EQQZMBeBFXNtaW1lcnNhM0BvcGVuc3NsLm9yZzANBgkqhkiG9w0BAQUFAAOBgQBE
-tUDB+1Dqigu4p1xtdq7JRK6S+gfA7RWmhz0j2scb2zhpS12h37JLHsidGeKAzZYq
-jUjOrH/j3xcV5AnuJoqImJaN23nzzxtR4qGGX2mrq6EtObzdEGgCUaizsGM+0slJ
-PYxcy8KeY/63B1BpYhj2RjGkL6HrvuAaxVORa3acoA==
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl
deleted file mode 100644
index 055269eab8..0000000000
--- a/src/lib/libssl/test/tcrl
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl crl'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testcrl.pem
-fi
-
-echo testing crl conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/test.cnf b/src/lib/libssl/test/test.cnf
deleted file mode 100644
index 10834442a1..0000000000
--- a/src/lib/libssl/test/test.cnf
+++ /dev/null
@@ -1,88 +0,0 @@
-#
-# SSLeay example configuration file.
-# This is mostly being used for generation of certificate requests.
-#
-
-RANDFILE                = ./.rnd
-
-####################################################################
-[ ca ]
-default_ca      = CA_default            # The default ca section
-
-####################################################################
-[ CA_default ]
-
-dir             = ./demoCA              # Where everything is kept
-certs           = $dir/certs            # Where the issued certs are kept
-crl_dir         = $dir/crl              # Where the issued crl are kept
-database        = $dir/index.txt        # database index file.
-new_certs_dir   = $dir/new_certs        # default place for new certs.
-
-certificate     = $dir/CAcert.pem       # The CA certificate
-serial          = $dir/serial           # The current serial number
-crl             = $dir/crl.pem          # The current CRL
-private_key     = $dir/private/CAkey.pem# The private key
-RANDFILE        = $dir/private/.rand    # private random number file
-
-default_days    = 365                   # how long to certify for
-default_crl_days= 30                    # how long before next CRL
-default_md      = md5                   # which md to use.
-
-# A few difference way of specifying how similar the request should look
-# For type CA, the listed attributes must be the same, and the optional
-# and supplied fields are just that :-)
-policy          = policy_match
-
-# For the CA policy
-[ policy_match ]
-countryName             = match
-stateOrProvinceName     = match
-organizationName        = match
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-# For the 'anything' policy
-# At this point in time, you must list all acceptable 'object'
-# types.
-[ policy_anything ]
-countryName             = optional
-stateOrProvinceName     = optional
-localityName            = optional
-organizationName        = optional
-organizationalUnitName  = optional
-commonName              = supplied
-emailAddress            = optional
-
-####################################################################
-[ req ]
-default_bits            = 1024
-default_keyfile         = testkey.pem
-distinguished_name      = req_distinguished_name
-encrypt_rsa_key         = no
-
-[ req_distinguished_name ]
-countryName                     = Country Name (2 letter code)
-countryName_default             = AU
-countryName_value               = AU
-
-stateOrProvinceName             = State or Province Name (full name)
-stateOrProvinceName_default     = Queensland
-stateOrProvinceName_value       =
-
-localityName                    = Locality Name (eg, city)
-localityName_value              = Brisbane
-
-organizationName                = Organization Name (eg, company)
-organizationName_default        = 
-organizationName_value          = CryptSoft Pty Ltd
-
-organizationalUnitName          = Organizational Unit Name (eg, section)
-organizationalUnitName_default  =
-organizationalUnitName_value    = .
-
-commonName                      = Common Name (eg, YOUR name)
-commonName_value                = Eric Young
-
-emailAddress                    = Email Address
-emailAddress_value              = eay@mincom.oz.au
diff --git a/src/lib/libssl/test/test_aesni b/src/lib/libssl/test/test_aesni
deleted file mode 100644
index e8fb63ee2b..0000000000
--- a/src/lib/libssl/test/test_aesni
+++ /dev/null
@@ -1,69 +0,0 @@
-#!/bin/sh
-
-PROG=$1
-
-if [ -x $PROG ]; then
-    if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
-        :
-    else
-        echo "$PROG is not OpenSSL executable"
-        exit 1
-    fi
-else
-    echo "$PROG is not executable"
-    exit 1;
-fi
-
-if $PROG engine aesni | grep -v no-aesni; then
-
-    HASH=`cat $PROG | $PROG dgst -hex`
-
-    AES_ALGS="  aes-128-ecb aes-192-ecb aes-256-ecb \
-                aes-128-cbc aes-192-cbc aes-256-cbc \
-                aes-128-cfb aes-192-cfb aes-256-cfb \
-                aes-128-ofb aes-192-ofb aes-256-ofb"
-    BUFSIZE="16 32 48 64 80 96 128 144 999"
-
-    nerr=0
-
-    for alg in $AES_ALGS; do
-        echo $alg
-        for bufsize in $BUFSIZE; do
-            TEST=`(     cat $PROG | \
-                $PROG enc -e -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
-                $PROG enc -d -k "$HASH" -$alg | \
-                $PROG dgst -hex ) 2>/dev/null`
-            if [ "$TEST" != "$HASH" ]; then
-                echo "-$alg/$bufsize encrypt test failed"
-                nerr=`expr $nerr + 1`
-            fi
-        done
-        for bufsize in $BUFSIZE; do 
-            TEST=`(     cat $PROG | \
-                $PROG enc -e -k "$HASH" -$alg | \
-                $PROG enc -d -k "$HASH" -$alg -bufsize $bufsize -engine aesni | \
-                $PROG dgst -hex ) 2>/dev/null`
-            if [ "$TEST" != "$HASH" ]; then
-                echo "-$alg/$bufsize decrypt test failed"
-                nerr=`expr $nerr + 1`
-            fi
-        done
-        TEST=`( cat $PROG | \
-                $PROG enc -e -k "$HASH" -$alg -engine aesni | \
-                $PROG enc -d -k "$HASH" -$alg -engine aesni | \
-                $PROG dgst -hex ) 2>/dev/null`
-        if [ "$TEST" != "$HASH" ]; then
-                echo "-$alg en/decrypt test failed"
-                nerr=`expr $nerr + 1`
-        fi
-    done
-
-    if [ $nerr -gt 0 ]; then
-        echo "AESNI engine test failed."
-        exit 1;
-    fi
-else
-    echo "AESNI engine is not available"
-fi
-
-exit 0
diff --git a/src/lib/libssl/test/test_padlock b/src/lib/libssl/test/test_padlock
deleted file mode 100755
index 5c0f21043c..0000000000
--- a/src/lib/libssl/test/test_padlock
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/sh
-
-PROG=$1
-
-if [ -x $PROG ]; then
-    if expr "x`$PROG version`" : "xOpenSSL" > /dev/null; then
-        :
-    else
-        echo "$PROG is not OpenSSL executable"
-        exit 1
-    fi
-else
-    echo "$PROG is not executable"
-    exit 1;
-fi
-
-if $PROG engine padlock | grep -v no-ACE; then
-
-    HASH=`cat $PROG | $PROG dgst -hex`
-
-    ACE_ALGS="  aes-128-ecb aes-192-ecb aes-256-ecb \
-                aes-128-cbc aes-192-cbc aes-256-cbc \
-                aes-128-cfb aes-192-cfb aes-256-cfb \
-                aes-128-ofb aes-192-ofb aes-256-ofb"
-
-    nerr=0
-
-    for alg in $ACE_ALGS; do
-        echo $alg
-        TEST=`( cat $PROG | \
-                $PROG enc -e -k "$HASH" -$alg -bufsize 999 -engine padlock | \
-                $PROG enc -d -k "$HASH" -$alg | \
-                $PROG dgst -hex ) 2>/dev/null`
-        if [ "$TEST" != "$HASH" ]; then
-                echo "-$alg encrypt test failed"
-                nerr=`expr $nerr + 1`
-        fi
-        TEST=`( cat $PROG | \
-                $PROG enc -e -k "$HASH" -$alg | \
-                $PROG enc -d -k "$HASH" -$alg -bufsize 999 -engine padlock | \
-                $PROG dgst -hex ) 2>/dev/null`
-        if [ "$TEST" != "$HASH" ]; then
-                echo "-$alg decrypt test failed"
-                nerr=`expr $nerr + 1`
-        fi
-        TEST=`( cat $PROG | \
-                $PROG enc -e -k "$HASH" -$alg -engine padlock | \
-                $PROG enc -d -k "$HASH" -$alg -engine padlock | \
-                $PROG dgst -hex ) 2>/dev/null`
-        if [ "$TEST" != "$HASH" ]; then
-                echo "-$alg en/decrypt test failed"
-                nerr=`expr $nerr + 1`
-        fi
-    done
-
-    if [ $nerr -gt 0 ]; then
-        echo "PadLock ACE test failed."
-        exit 1;
-    fi
-else
-    echo "PadLock ACE is not available"
-fi
-
-exit 0
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca
deleted file mode 100644
index b109cfe271..0000000000
--- a/src/lib/libssl/test/testca
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/bin/sh
-
-SH="/bin/sh"
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH="../apps\;$PATH"
-else
-    PATH="../apps:$PATH"
-fi
-export SH PATH
-
-SSLEAY_CONFIG="-config CAss.cnf"
-export SSLEAY_CONFIG
-
-OPENSSL="`pwd`/../util/opensslwrap.sh"
-export OPENSSL
-
-/bin/rm -fr demoCA
-$SH ../apps/CA.sh -newca <<EOF
-EOF
-
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-SSLEAY_CONFIG="-config Uss.cnf"
-export SSLEAY_CONFIG
-$SH ../apps/CA.sh -newreq
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-
-SSLEAY_CONFIG="-config ../apps/openssl.cnf"
-export SSLEAY_CONFIG
-$SH ../apps/CA.sh -sign  <<EOF
-y
-y
-EOF
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-
-$SH ../apps/CA.sh -verify newcert.pem
-if [ $? != 0 ]; then
-        exit 1;
-fi
-
-/bin/rm -fr demoCA newcert.pem newreq.pem
-#usage: CA -newcert|-newreq|-newca|-sign|-verify
-
diff --git a/src/lib/libssl/test/testcrl.pem b/src/lib/libssl/test/testcrl.pem
deleted file mode 100644
index 0989788354..0000000000
--- a/src/lib/libssl/test/testcrl.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN X509 CRL-----
-MIICjTCCAfowDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxIDAeBgNVBAoT
-F1JTQSBEYXRhIFNlY3VyaXR5LCBJbmMuMS4wLAYDVQQLEyVTZWN1cmUgU2VydmVy
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NTA1MDIwMjEyMjZaFw05NTA2MDEw
-MDAxNDlaMIIBaDAWAgUCQQAABBcNOTUwMjAxMTcyNDI2WjAWAgUCQQAACRcNOTUw
-MjEwMDIxNjM5WjAWAgUCQQAADxcNOTUwMjI0MDAxMjQ5WjAWAgUCQQAADBcNOTUw
-MjI1MDA0NjQ0WjAWAgUCQQAAGxcNOTUwMzEzMTg0MDQ5WjAWAgUCQQAAFhcNOTUw
-MzE1MTkxNjU0WjAWAgUCQQAAGhcNOTUwMzE1MTk0MDQxWjAWAgUCQQAAHxcNOTUw
-MzI0MTk0NDMzWjAWAgUCcgAABRcNOTUwMzI5MjAwNzExWjAWAgUCcgAAERcNOTUw
-MzMwMDIzNDI2WjAWAgUCQQAAIBcNOTUwNDA3MDExMzIxWjAWAgUCcgAAHhcNOTUw
-NDA4MDAwMjU5WjAWAgUCcgAAQRcNOTUwNDI4MTcxNzI0WjAWAgUCcgAAOBcNOTUw
-NDI4MTcyNzIxWjAWAgUCcgAATBcNOTUwNTAyMDIxMjI2WjANBgkqhkiG9w0BAQIF
-AAN+AHqOEJXSDejYy0UwxxrH/9+N2z5xu/if0J6qQmK92W0hW158wpJg+ovV3+wQ
-wvIEPRL2rocL0tKfAsVq1IawSJzSNgxG0lrcla3MrJBnZ4GaZDu4FutZh72MR3Gt
-JaAL3iTJHJD55kK2D/VoyY1djlsPuNh6AEgdVwFAyp0v
------END X509 CRL-----
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc
deleted file mode 100644
index f5ce7c0c45..0000000000
--- a/src/lib/libssl/test/testenc
+++ /dev/null
@@ -1,54 +0,0 @@
-#!/bin/sh
-
-testsrc=Makefile
-test=./p
-cmd="../util/shlib_wrap.sh ../apps/openssl"
-
-cat $testsrc >$test;
-
-echo cat
-$cmd enc < $test > $test.cipher
-$cmd enc < $test.cipher >$test.clear
-cmp $test $test.clear
-if [ $? != 0 ]
-then
-        exit 1
-else
-        /bin/rm $test.cipher $test.clear
-fi
-echo base64
-$cmd enc -a -e < $test > $test.cipher
-$cmd enc -a -d < $test.cipher >$test.clear
-cmp $test $test.clear
-if [ $? != 0 ]
-then
-        exit 1
-else
-        /bin/rm $test.cipher $test.clear
-fi
-
-for i in `$cmd list-cipher-commands`
-do
-        echo $i
-        $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher
-        $cmd $i -bufsize 157 -d -k test < $test.$i.cipher >$test.$i.clear
-        cmp $test $test.$i.clear
-        if [ $? != 0 ]
-        then
-                exit 1
-        else
-                /bin/rm $test.$i.cipher $test.$i.clear
-        fi
-
-        echo $i base64
-        $cmd $i -bufsize 113 -a -e -k test < $test > $test.$i.cipher
-        $cmd $i -bufsize 157 -a -d -k test < $test.$i.cipher >$test.$i.clear
-        cmp $test $test.$i.clear
-        if [ $? != 0 ]
-        then
-                exit 1
-        else
-                /bin/rm $test.$i.cipher $test.$i.clear
-        fi
-done
-rm -f $test
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen
deleted file mode 100644
index 524c0d134c..0000000000
--- a/src/lib/libssl/test/testgen
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-
-T=testcert
-KEY=512
-CA=../certs/testca.pem
-
-/bin/rm -f $T.1 $T.2 $T.key
-
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH=../apps\;$PATH;
-else
-    PATH=../apps:$PATH;
-fi
-export PATH
-
-echo "generating certificate request"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  req_new='-newkey dsa:../apps/dsa512.pem'
-else
-  req_new='-new'
-  echo "There should be a 2 sequences of .'s and some +'s."
-  echo "There should not be more that at most 80 per line"
-fi
-
-echo "This could take some time."
-
-rm -f testkey.pem testreq.pem
-
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
-if [ $? != 0 ]; then
-echo problems creating request
-exit 1
-fi
-
-../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
-if [ $? != 0 ]; then
-echo signature on req is wrong
-exit 1
-fi
-
-exit 0
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem
deleted file mode 100644
index e5b7866c31..0000000000
--- a/src/lib/libssl/test/testp7.pem
+++ /dev/null
@@ -1,46 +0,0 @@
------BEGIN PKCS7-----
-MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE
-cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw
-DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV
-BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw
-HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50
-ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln
-biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E
-aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy
-aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M
-VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq
-UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC
-AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR
-BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0
-ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0
-IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l
-bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t
-L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t
-OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s
-IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04
-ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0
-cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ
-QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC
-MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu
-AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr
-cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC
-AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
-QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu
-dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp
-Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3
-DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES
-TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE
-AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD
-2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU
-47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT
-MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD
-QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB
-AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl
-ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE
-BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW
-ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3
-MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW
-sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9
-XfZsaiiIgotQHjEA
------END PKCS7-----
diff --git a/src/lib/libssl/test/testreq2.pem b/src/lib/libssl/test/testreq2.pem
deleted file mode 100644
index c3cdcffcbc..0000000000
--- a/src/lib/libssl/test/testreq2.pem
+++ /dev/null
@@ -1,7 +0,0 @@
------BEGIN CERTIFICATE REQUEST-----
-MIHaMIGFAgEAMA4xDDAKBgNVBAMTA2NuNDBcMA0GCSqGSIb3DQEBAQUAA0sAMEgC
-QQCQsnkyUGDY2R3mYoeTprFJKgWuJ3f1jUjlIuW5+wfAUoeMt35c4vcFZ2mIBpEG
-DtzkNQN1kr2O9ldm9zYnYhyhAgMBAAGgEjAQBgorBgEEAYI3AgEOMQIwADANBgkq
-hkiG9w0BAQQFAANBAAb2szZgVIxg3vK6kYLjGSBISyuzcXJ6IvuPW6M+yzi1Qgoi
-gQhazHTJp91T8ItZEzUJGZSZl2e5iXlnffWB+/U=
------END CERTIFICATE REQUEST-----
diff --git a/src/lib/libssl/test/testrsa.pem b/src/lib/libssl/test/testrsa.pem
deleted file mode 100644
index aad21067a8..0000000000
--- a/src/lib/libssl/test/testrsa.pem
+++ /dev/null
@@ -1,9 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIBPAIBAAJBAKrbeqkuRk8VcRmWFmtP+LviMB3+6dizWW3DwaffznyHGAFwUJ/I
-Tv0XtbsCyl3QoyKGhrOAy3RvPK5M38iuXT0CAwEAAQJAZ3cnzaHXM/bxGaR5CR1R
-rD1qFBAVfoQFiOH9uPJgMaoAuoQEisPHVcZDKcOv4wEg6/TInAIXBnEigtqvRzuy
-oQIhAPcgZzUq3yVooAaoov8UbXPxqHlwo6GBMqnv20xzkf6ZAiEAsP4BnIaQTM8S
-mvcpHZwQJdmdHHkGKAs37Dfxi67HbkUCIQCeZGliHXFa071Fp06ZeWlR2ADonTZz
-rJBhdTe0v5pCeQIhAIZfkiGgGBX4cIuuckzEm43g9WMUjxP/0GlK39vIyihxAiEA
-mymehFRT0MvqW5xAKAx7Pgkt8HVKwVhc2LwGKHE0DZM=
------END RSA PRIVATE KEY-----
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem
deleted file mode 100644
index 7ffd008f66..0000000000
--- a/src/lib/libssl/test/testsid.pem
+++ /dev/null
@@ -1,12 +0,0 @@
------BEGIN SSL SESSION PARAMETERS-----
-MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV
-bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw
-ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz
-YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG
-A1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEZMBcGA1UEChMQTWluY29tIFB0eS4gTHRk
-LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G
-CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD
-TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI
-hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L
-CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0
------END SSL SESSION PARAMETERS-----
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss
deleted file mode 100644
index 1a426857d3..0000000000
--- a/src/lib/libssl/test/testss
+++ /dev/null
@@ -1,163 +0,0 @@
-#!/bin/sh
-
-digest='-sha1'
-reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
-x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
-verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
-dummycnf="../apps/openssl.cnf"
-
-CAkey="keyCA.ss"
-CAcert="certCA.ss"
-CAreq="reqCA.ss"
-CAconf="CAss.cnf"
-CAreq2="req2CA.ss"      # temp
-
-Uconf="Uss.cnf"
-Ukey="keyU.ss"
-Ureq="reqU.ss"
-Ucert="certU.ss"
-
-P1conf="P1ss.cnf"
-P1key="keyP1.ss"
-P1req="reqP1.ss"
-P1cert="certP1.ss"
-P1intermediate="tmp_intP1.ss"
-
-P2conf="P2ss.cnf"
-P2key="keyP2.ss"
-P2req="reqP2.ss"
-P2cert="certP2.ss"
-P2intermediate="tmp_intP2.ss"
-
-echo
-echo "make a certificate request using 'req'"
-
-echo "string to make the random number generator think it has entropy" >> ./.rnd
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  req_new='-newkey dsa:../apps/dsa512.pem'
-else
-  req_new='-new'
-fi
-
-$reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate a certificate request"
-        exit 1
-fi
-echo
-echo "convert the certificate request into a self signed certificate using 'x509'"
-$x509cmd -CAcreateserial -in $CAreq -days 30 -req -out $CAcert -signkey $CAkey -extfile $CAconf -extensions v3_ca >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to self sign a certificate request"
-        exit 1
-fi
-
-echo
-echo "convert a certificate into a certificate request using 'x509'"
-$x509cmd -in $CAcert -x509toreq -signkey $CAkey -out $CAreq2 >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' convert a certificate to a certificate request"
-        exit 1
-fi
-
-$reqcmd -config $dummycnf -verify -in $CAreq -noout
-if [ $? != 0 ]; then
-        echo first generated request is invalid
-        exit 1
-fi
-
-$reqcmd -config $dummycnf -verify -in $CAreq2 -noout
-if [ $? != 0 ]; then
-        echo second generated request is invalid
-        exit 1
-fi
-
-$verifycmd -CAfile $CAcert $CAcert
-if [ $? != 0 ]; then
-        echo first generated cert is invalid
-        exit 1
-fi
-
-echo
-echo "make a user certificate request using 'req'"
-$reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate a user certificate request"
-        exit 1
-fi
-
-echo
-echo "sign user certificate request with the just created CA via 'x509'"
-$x509cmd -CAcreateserial -in $Ureq -days 30 -req -out $Ucert -CA $CAcert -CAkey $CAkey -extfile $Uconf -extensions v3_ee >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a user certificate request"
-        exit 1
-fi
-
-$verifycmd -CAfile $CAcert $Ucert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $Ucert
-
-echo
-echo "make a proxy certificate request using 'req'"
-$reqcmd -config $P1conf -out $P1req -keyout $P1key $req_new >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate a proxy certificate request"
-        exit 1
-fi
-
-echo
-echo "sign proxy certificate request with the just created user certificate via 'x509'"
-$x509cmd -CAcreateserial -in $P1req -days 30 -req -out $P1cert -CA $Ucert -CAkey $Ukey -extfile $P1conf -extensions v3_proxy >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a proxy certificate request"
-        exit 1
-fi
-
-cat $Ucert > $P1intermediate
-$verifycmd -CAfile $CAcert -untrusted $P1intermediate $P1cert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P1cert
-
-echo
-echo "make another proxy certificate request using 'req'"
-$reqcmd -config $P2conf -out $P2req -keyout $P2key $req_new >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'req' to generate another proxy certificate request"
-        exit 1
-fi
-
-echo
-echo "sign second proxy certificate request with the first proxy certificate via 'x509'"
-$x509cmd -CAcreateserial -in $P2req -days 30 -req -out $P2cert -CA $P1cert -CAkey $P1key -extfile $P2conf -extensions v3_proxy >err.ss
-if [ $? != 0 ]; then
-        echo "error using 'x509' to sign a second proxy certificate request"
-        exit 1
-fi
-
-cat $Ucert $P1cert > $P2intermediate
-$verifycmd -CAfile $CAcert -untrusted $P2intermediate $P2cert
-echo
-echo "Certificate details"
-$x509cmd -subject -issuer -startdate -enddate -noout -in $P2cert
-
-echo
-echo The generated CA certificate is $CAcert
-echo The generated CA private key is $CAkey
-
-echo The generated user certificate is $Ucert
-echo The generated user private key is $Ukey
-
-echo The first generated proxy certificate is $P1cert
-echo The first generated proxy private key is $P1key
-
-echo The second generated proxy certificate is $P2cert
-echo The second generated proxy private key is $P2key
-
-/bin/rm err.ss
-#/bin/rm $P1intermediate
-#/bin/rm $P2intermediate
-exit 0
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl
deleted file mode 100644
index 4e8542b556..0000000000
--- a/src/lib/libssl/test/testssl
+++ /dev/null
@@ -1,178 +0,0 @@
-#!/bin/sh
-
-if [ "$1" = "" ]; then
-  key=../apps/server.pem
-else
-  key="$1"
-fi
-if [ "$2" = "" ]; then
-  cert=../apps/server.pem
-else
-  cert="$2"
-fi
-ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
-
-if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
-  dsa_cert=YES
-else
-  dsa_cert=NO
-fi
-
-if [ "$3" = "" ]; then
-  CA="-CApath ../certs"
-else
-  CA="-CAfile $3"
-fi
-
-if [ "$4" = "" ]; then
-  extra=""
-else
-  extra="$4"
-fi
-
-#############################################################################
-
-echo test sslv2
-$ssltest -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication
-$ssltest -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2 with client authentication
-  $ssltest -ssl2 -client_auth $CA $extra || exit 1
-
-  echo test sslv2 with both client and server authentication
-  $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3
-$ssltest -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication
-$ssltest -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication
-$ssltest -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication
-$ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3
-$ssltest $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication
-$ssltest -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication
-$ssltest -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2 via BIO pair
-$ssltest -bio_pair -ssl2 $extra || exit 1
-
-echo test sslv2 with server authentication via BIO pair
-$ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo test sslv2 with client authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1
-
-  echo test sslv2 with both client and server authentication via BIO pair
-  $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1
-fi
-
-echo test sslv3 via BIO pair
-$ssltest -bio_pair -ssl3 $extra || exit 1
-
-echo test sslv3 with server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1
-
-echo test sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1
-
-echo test sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 via BIO pair
-$ssltest $extra || exit 1
-
-if [ $dsa_cert = NO ]; then
-  echo 'test sslv2/sslv3 w/o (EC)DHE via BIO pair'
-  $ssltest -bio_pair -no_dhe -no_ecdhe $extra || exit 1
-fi
-
-echo test sslv2/sslv3 with 1024bit DHE via BIO pair
-$ssltest -bio_pair -dhe1024dsa -v $extra || exit 1
-
-echo test sslv2/sslv3 with server authentication
-$ssltest -bio_pair -server_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with client authentication via BIO pair
-$ssltest -bio_pair -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair
-$ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1
-
-echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
-$ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
-
-echo "Testing ciphersuites"
-for protocol in TLSv1.2 SSLv3; do
-  echo "Testing ciphersuites for $protocol"
-  for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
-    echo "Testing $cipher"
-    prot=""
-    if [ $protocol = "SSLv3" ] ; then
-      prot="-ssl3"
-    fi
-    $ssltest -cipher $cipher $prot
-    if [ $? -ne 0 ] ; then
-          echo "Failed $cipher"
-          exit 1
-    fi
-  done
-done
-
-#############################################################################
-
-if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
-  echo skipping anonymous DH tests
-else
-  echo test tls1 with 1024bit anonymous DH, multiple handshakes
-  $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
-fi
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  echo skipping RSA tests
-else
-  echo 'test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes'
-  ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -no_ecdhe -num 10 -f -time $extra || exit 1
-
-  if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
-    echo skipping RSA+DHE tests
-  else
-    echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
-    ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
-  fi
-fi
-
-echo test tls1 with PSK
-$ssltest -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-echo test tls1 with PSK via BIO pair
-$ssltest -bio_pair -tls1 -cipher PSK -psk abc123 $extra || exit 1
-
-if ../util/shlib_wrap.sh ../apps/openssl no-srp; then
-  echo skipping SRP tests
-else
-  echo test tls1 with SRP
-  $ssltest -tls1 -cipher SRP -srpuser test -srppass abc123
-
-  echo test tls1 with SRP via BIO pair
-  $ssltest -bio_pair -tls1 -cipher SRP -srpuser test -srppass abc123
-fi
-
-exit 0
diff --git a/src/lib/libssl/test/testsslproxy b/src/lib/libssl/test/testsslproxy
deleted file mode 100644
index 58bbda8ab7..0000000000
--- a/src/lib/libssl/test/testsslproxy
+++ /dev/null
@@ -1,10 +0,0 @@
-#! /bin/sh
-
-echo 'Testing a lot of proxy conditions.'
-echo 'Some of them may turn out being invalid, which is fine.'
-for auth in A B C BC; do
-    for cond in A B C 'A|B&!C'; do
-        sh ./testssl $1 $2 $3 "-proxy -proxy_auth $auth -proxy_cond $cond"
-        if [ $? = 3 ]; then exit 1; fi
-    done
-done
diff --git a/src/lib/libssl/test/testtsa b/src/lib/libssl/test/testtsa
deleted file mode 100644
index bb653b5f73..0000000000
--- a/src/lib/libssl/test/testtsa
+++ /dev/null
@@ -1,238 +0,0 @@
-#!/bin/sh
-
-#
-# A few very basic tests for the 'ts' time stamping authority command.
-#
-
-SH="/bin/sh"
-if test "$OSTYPE" = msdosdjgpp; then
-    PATH="../apps\;$PATH"
-else
-    PATH="../apps:$PATH"
-fi
-export SH PATH
-
-OPENSSL_CONF="../CAtsa.cnf"
-export OPENSSL_CONF
-# Because that's what ../apps/CA.sh really looks at
-SSLEAY_CONFIG="-config $OPENSSL_CONF"
-export SSLEAY_CONFIG
-
-OPENSSL="`pwd`/../util/opensslwrap.sh"
-export OPENSSL
-
-error () {
-
-    echo "TSA test failed!" >&2
-    exit 1
-}
-
-setup_dir () {
-
-    rm -rf tsa 2>/dev/null
-    mkdir tsa
-    cd ./tsa
-}
-
-clean_up_dir () {
-
-    cd ..
-    rm -rf tsa
-}
-
-create_ca () {
-
-    echo "Creating a new CA for the TSA tests..."
-    TSDNSECT=ts_ca_dn
-    export TSDNSECT   
-    ../../util/shlib_wrap.sh ../../apps/openssl req -new -x509 -nodes \
-        -out tsaca.pem -keyout tsacakey.pem
-    test $? != 0 && error
-}
-
-create_tsa_cert () {
-
-    INDEX=$1
-    export INDEX
-    EXT=$2
-    TSDNSECT=ts_cert_dn
-    export TSDNSECT   
-
-    ../../util/shlib_wrap.sh ../../apps/openssl req -new \
-        -out tsa_req${INDEX}.pem -keyout tsa_key${INDEX}.pem
-    test $? != 0 && error
-echo Using extension $EXT
-    ../../util/shlib_wrap.sh ../../apps/openssl x509 -req \
-        -in tsa_req${INDEX}.pem -out tsa_cert${INDEX}.pem \
-        -CA tsaca.pem -CAkey tsacakey.pem -CAcreateserial \
-        -extfile $OPENSSL_CONF -extensions $EXT
-    test $? != 0 && error
-}
-
-print_request () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -in $1 -text
-}
-
-create_time_stamp_request1 () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy1 -cert -out req1.tsq
-    test $? != 0 && error
-}
-
-create_time_stamp_request2 () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../testtsa -policy tsa_policy2 -no_nonce \
-        -out req2.tsq
-    test $? != 0 && error
-}
-
-create_time_stamp_request3 () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -query -data ../CAtsa.cnf -no_nonce -out req3.tsq
-    test $? != 0 && error
-}
-
-print_response () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $1 -text
-    test $? != 0 && error
-}
-
-create_time_stamp_response () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -section $3 -queryfile $1 -out $2
-    test $? != 0 && error
-}
-
-time_stamp_response_token_test () {
-
-    RESPONSE2=$2.copy.tsr
-    TOKEN_DER=$2.token.der
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $TOKEN_DER -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -out $RESPONSE2
-    test $? != 0 && error
-    cmp $RESPONSE2 $2
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -text -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $TOKEN_DER -token_in -text -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -queryfile $1 -text -token_out
-    test $? != 0 && error
-}
-
-verify_time_stamp_response () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-        -untrusted tsa_cert1.pem
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2 -CAfile tsaca.pem \
-        -untrusted tsa_cert1.pem
-    test $? != 0 && error
-}
-
-verify_time_stamp_token () {
-
-    # create the token from the response first
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -reply -in $2 -out $2.token -token_out
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2.token -token_in \
-        -CAfile tsaca.pem -untrusted tsa_cert1.pem
-    test $? != 0 && error
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -data $3 -in $2.token -token_in \
-        -CAfile tsaca.pem -untrusted tsa_cert1.pem
-    test $? != 0 && error
-}
-
-verify_time_stamp_response_fail () {
-
-    ../../util/shlib_wrap.sh ../../apps/openssl ts -verify -queryfile $1 -in $2 -CAfile tsaca.pem \
-        -untrusted tsa_cert1.pem
-    # Checks if the verification failed, as it should have.
-    test $? = 0 && error
-    echo Ok
-}
-
-# main functions
-
-echo "Setting up TSA test directory..."
-setup_dir
-
-echo "Creating CA for TSA tests..."
-create_ca
-
-echo "Creating tsa_cert1.pem TSA server cert..."
-create_tsa_cert 1 tsa_cert
-
-echo "Creating tsa_cert2.pem non-TSA server cert..."
-create_tsa_cert 2 non_tsa_cert
-
-echo "Creating req1.req time stamp request for file testtsa..."
-create_time_stamp_request1
-
-echo "Printing req1.req..."
-print_request req1.tsq
-
-echo "Generating valid response for req1.req..."
-create_time_stamp_response req1.tsq resp1.tsr tsa_config1
-
-echo "Printing response..."
-print_response resp1.tsr
-
-echo "Verifying valid response..."
-verify_time_stamp_response req1.tsq resp1.tsr ../testtsa
-
-echo "Verifying valid token..."
-verify_time_stamp_token req1.tsq resp1.tsr ../testtsa
-
-# The tests below are commented out, because invalid signer certificates
-# can no longer be specified in the config file.
-
-# echo "Generating _invalid_ response for req1.req..."
-# create_time_stamp_response req1.tsq resp1_bad.tsr tsa_config2
-
-# echo "Printing response..."
-# print_response resp1_bad.tsr
-
-# echo "Verifying invalid response, it should fail..."
-# verify_time_stamp_response_fail req1.tsq resp1_bad.tsr
-
-echo "Creating req2.req time stamp request for file testtsa..."
-create_time_stamp_request2
-
-echo "Printing req2.req..."
-print_request req2.tsq
-
-echo "Generating valid response for req2.req..."
-create_time_stamp_response req2.tsq resp2.tsr tsa_config1
-
-echo "Checking '-token_in' and '-token_out' options with '-reply'..."
-time_stamp_response_token_test req2.tsq resp2.tsr
-
-echo "Printing response..."
-print_response resp2.tsr
-
-echo "Verifying valid response..."
-verify_time_stamp_response req2.tsq resp2.tsr ../testtsa
-
-echo "Verifying response against wrong request, it should fail..."
-verify_time_stamp_response_fail req1.tsq resp2.tsr
-
-echo "Verifying response against wrong request, it should fail..."
-verify_time_stamp_response_fail req2.tsq resp1.tsr
-
-echo "Creating req3.req time stamp request for file CAtsa.cnf..."
-create_time_stamp_request3
-
-echo "Printing req3.req..."
-print_request req3.tsq
-
-echo "Verifying response against wrong request, it should fail..."
-verify_time_stamp_response_fail req3.tsq resp1.tsr
-
-echo "Cleaning up..."
-clean_up_dir
-
-exit 0
diff --git a/src/lib/libssl/test/testx509.pem b/src/lib/libssl/test/testx509.pem
deleted file mode 100644
index 8a85d14964..0000000000
--- a/src/lib/libssl/test/testx509.pem
+++ /dev/null
@@ -1,10 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIBWzCCAQYCARgwDQYJKoZIhvcNAQEEBQAwODELMAkGA1UEBhMCQVUxDDAKBgNV
-BAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3JzYSB0ZXN0IENBMB4XDTk1MDYxOTIz
-MzMxMloXDTk1MDcxNzIzMzMxMlowOjELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FM
-RDEdMBsGA1UEAxMUU1NMZWF5L3JzYSB0ZXN0IGNlcnQwXDANBgkqhkiG9w0BAQEF
-AANLADBIAkEAqtt6qS5GTxVxGZYWa0/4u+IwHf7p2LNZbcPBp9/OfIcYAXBQn8hO
-/Re1uwLKXdCjIoaGs4DLdG88rkzfyK5dPQIDAQABMAwGCCqGSIb3DQIFBQADQQAE
-Wc7EcF8po2/ZO6kNCwK/ICH6DobgLekA5lSLr5EvuioZniZp5lFzAw4+YzPQ7XKJ
-zl9HYIMxATFyqSiD9jsx
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/times b/src/lib/libssl/test/times
deleted file mode 100644
index 6b66eb342e..0000000000
--- a/src/lib/libssl/test/times
+++ /dev/null
@@ -1,113 +0,0 @@
-
-More number for the questions about SSL overheads....
-
-The following numbers were generated on a Pentium pro 200, running Linux.
-They give an indication of the SSL protocol and encryption overheads.
-
-The program that generated them is an unreleased version of ssl/ssltest.c
-which is the SSLeay ssl protocol testing program.  It is a single process that
-talks both sides of the SSL protocol via a non-blocking memory buffer
-interface.
-
-How do I read this?  The protocol and cipher are reasonable obvious.
-The next number is the number of connections being made.  The next is the
-number of bytes exchanged between the client and server side of the protocol.
-This is the number of bytes that the client sends to the server, and then
-the server sends back.  Because this is all happening in one process,
-the data is being encrypted, decrypted, encrypted and then decrypted again.
-It is a round trip of that many bytes.  Because the one process performs
-both the client and server sides of the protocol and it sends this many bytes
-each direction, multiply this number by 4 to generate the number
-of bytes encrypted/decrypted/MACed.  The first time value is how many seconds
-elapsed doing a full SSL handshake, the second is the cost of one
-full handshake and the rest being session-id reuse.
-
-SSLv2 RC4-MD5      1000 x      1   12.83s   0.70s
-SSLv3 NULL-MD5     1000 x      1   14.35s   1.47s
-SSLv3 RC4-MD5      1000 x      1   14.46s   1.56s
-SSLv3 RC4-MD5      1000 x      1   51.93s   1.62s 1024bit RSA
-SSLv3 RC4-SHA      1000 x      1   14.61s   1.83s
-SSLv3 DES-CBC-SHA  1000 x      1   14.70s   1.89s
-SSLv3 DES-CBC3-SHA 1000 x      1   15.16s   2.16s
-
-SSLv2 RC4-MD5      1000 x   1024   13.72s   1.27s
-SSLv3 NULL-MD5     1000 x   1024   14.79s   1.92s
-SSLv3 RC4-MD5      1000 x   1024   52.58s   2.29s 1024bit RSA
-SSLv3 RC4-SHA      1000 x   1024   15.39s   2.67s
-SSLv3 DES-CBC-SHA  1000 x   1024   16.45s   3.55s
-SSLv3 DES-CBC3-SHA 1000 x   1024   18.21s   5.38s
-
-SSLv2 RC4-MD5      1000 x  10240   18.97s   6.52s
-SSLv3 NULL-MD5     1000 x  10240   17.79s   5.11s
-SSLv3 RC4-MD5      1000 x  10240   20.25s   7.90s
-SSLv3 RC4-MD5      1000 x  10240   58.26s   8.08s 1024bit RSA
-SSLv3 RC4-SHA      1000 x  10240   22.96s  11.44s
-SSLv3 DES-CBC-SHA  1000 x  10240   30.65s  18.41s
-SSLv3 DES-CBC3-SHA 1000 x  10240   47.04s  34.53s
-
-SSLv2 RC4-MD5      1000 x 102400   70.22s  57.74s
-SSLv3 NULL-MD5     1000 x 102400   43.73s  31.03s
-SSLv3 RC4-MD5      1000 x 102400   71.32s  58.83s
-SSLv3 RC4-MD5      1000 x 102400  109.66s  59.20s 1024bit RSA
-SSLv3 RC4-SHA      1000 x 102400   95.88s  82.21s
-SSLv3 DES-CBC-SHA  1000 x 102400  173.22s 160.55s
-SSLv3 DES-CBC3-SHA 1000 x 102400  336.61s 323.82s
-
-What does this all mean?  Well for a server, with no session-id reuse, with
-a transfer size of 10240 bytes, using RC4-MD5 and a 512bit server key,
-a Pentium pro 200 running Linux can handle the SSLv3 protocol overheads of
-about 49 connections a second.  Reality will be quite different :-).
-
-Remember the first number is 1000 full ssl handshakes, the second is
-1 full and 999 with session-id reuse.  The RSA overheads for each exchange
-would be one public and one private operation, but the protocol/MAC/cipher
-cost would be quite similar in both the client and server.
-
-eric (adding numbers to speculation)
-
---- Appendix ---
-- The time measured is user time but these number a very rough.
-- Remember this is the cost of both client and server sides of the protocol.
-- The TCP/kernel overhead of connection establishment is normally the
-  killer in SSL.  Often delays in the TCP protocol will make session-id
-  reuse look slower that new sessions, but this would not be the case on
-  a loaded server.
-- The TCP round trip latencies, while slowing individual connections,
-  would have minimal impact on throughput.
-- Instead of sending one 102400 byte buffer, one 8k buffer is sent until
-- the required number of bytes are processed.
-- The SSLv3 connections were actually SSLv2 compatible SSLv3 headers.
-- A 512bit server key was being used except where noted.
-- No server key verification was being performed on the client side of the
-  protocol.  This would slow things down very little.
-- The library being used is SSLeay 0.8.x.
-- The normal measuring system was commands of the form
-  time ./ssltest -num 1000 -bytes 102400 -cipher DES-CBC-SHA -reuse
-  This modified version of ssltest should be in the next public release of
-  SSLeay.
-
-The general cipher performance number for this platform are
-
-SSLeay 0.8.2a 04-Sep-1997
-built on Fri Sep  5 17:37:05 EST 1997
-options:bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) idea(int) blowfish(ptr2)
-C flags:gcc -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized 
-The 'numbers' are in 1000s of bytes per second processed.
-type              8 bytes     64 bytes    256 bytes   1024 bytes   8192 bytes
-md2               131.02k      368.41k      500.57k      549.21k      566.09k
-mdc2              535.60k      589.10k      595.88k      595.97k      594.54k
-md5              1801.53k     9674.77k    17484.03k    21849.43k    23592.96k
-sha              1261.63k     5533.25k     9285.63k    11187.88k    11913.90k
-sha1             1103.13k     4782.53k     7933.78k     9472.34k    10070.70k
-rc4             10722.53k    14443.93k    15215.79k    15299.24k    15219.59k
-des cbc          3286.57k     3827.73k     3913.39k     3931.82k     3926.70k
-des ede3         1443.50k     1549.08k     1561.17k     1566.38k     1564.67k
-idea cbc         2203.64k     2508.16k     2538.33k     2543.62k     2547.71k
-rc2 cbc          1430.94k     1511.59k     1524.82k     1527.13k     1523.33k
-blowfish cbc     4716.07k     5965.82k     6190.17k     6243.67k     6234.11k
-                  sign    verify
-rsa  512 bits   0.0100s   0.0011s
-rsa 1024 bits   0.0451s   0.0012s
-rsa 2048 bits   0.2605s   0.0086s
-rsa 4096 bits   1.6883s   0.0302s
-
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7
deleted file mode 100644
index 3e435ffbf9..0000000000
--- a/src/lib/libssl/test/tpkcs7
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testp7.pem
-fi
-
-echo testing pkcs7 conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d
deleted file mode 100644
index 64fc28e88f..0000000000
--- a/src/lib/libssl/test/tpkcs7d
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=pkcs7-1.pem
-fi
-
-echo "testing pkcs7 conversions (2)"
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq
deleted file mode 100644
index 77f37dcf3a..0000000000
--- a/src/lib/libssl/test/treq
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testreq.pem
-fi
-
-if $cmd -in $t -inform p -noout -text 2>&1 | fgrep -i 'Unknown Public Key'; then
-  echo "skipping req conversion test for $t"
-  exit 0
-fi
-
-echo testing req conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -verify -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -verify -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa
deleted file mode 100644
index 249ac1ddcc..0000000000
--- a/src/lib/libssl/test/trsa
+++ /dev/null
@@ -1,83 +0,0 @@
-#!/bin/sh
-
-if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
-  echo skipping rsa conversion test
-  exit 0
-fi
-
-cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testrsa.pem
-fi
-
-echo testing rsa conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid
deleted file mode 100644
index 6adbd531ce..0000000000
--- a/src/lib/libssl/test/tsid
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testsid.pem
-fi
-
-echo testing session-id conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in fff.p -inform p -outform t >f.t
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> d"
-#$cmd -in f.t -inform t -outform d >ff.d2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-#echo "d -> t"
-#$cmd -in f.d -inform d -outform t >ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#echo "t -> t"
-#$cmd -in f.t -inform t -outform t >ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#echo "p -> t"
-#$cmd -in f.p -inform p -outform t >ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#echo "t -> p"
-#$cmd -in f.t -inform t -outform p >ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp fff.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-#cmp f.t ff.t1
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t2
-#if [ $? != 0 ]; then exit 1; fi
-#cmp f.t ff.t3
-#if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-#cmp f.p ff.p2
-#if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509
deleted file mode 100644
index 4a15b98d17..0000000000
--- a/src/lib/libssl/test/tx509
+++ /dev/null
@@ -1,78 +0,0 @@
-#!/bin/sh
-
-cmd='../util/shlib_wrap.sh ../apps/openssl x509'
-
-if [ "$1"x != "x" ]; then
-        t=$1
-else
-        t=testx509.pem
-fi
-
-echo testing X509 conversions
-cp $t fff.p
-
-echo "p -> d"
-$cmd -in fff.p -inform p -outform d >f.d
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> n"
-$cmd -in fff.p -inform p -outform n >f.n
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in fff.p -inform p -outform p >f.p
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> d"
-$cmd -in f.d -inform d -outform d >ff.d1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> d"
-$cmd -in f.n -inform n -outform d >ff.d2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> d"
-$cmd -in f.p -inform p -outform d >ff.d3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> n"
-$cmd -in f.d -inform d -outform n >ff.n1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> n"
-$cmd -in f.n -inform n -outform n >ff.n2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> n"
-$cmd -in f.p -inform p -outform n >ff.n3
-if [ $? != 0 ]; then exit 1; fi
-
-echo "d -> p"
-$cmd -in f.d -inform d -outform p >ff.p1
-if [ $? != 0 ]; then exit 1; fi
-echo "n -> p"
-$cmd -in f.n -inform n -outform p >ff.p2
-if [ $? != 0 ]; then exit 1; fi
-echo "p -> p"
-$cmd -in f.p -inform p -outform p >ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp fff.p f.p
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p2
-if [ $? != 0 ]; then exit 1; fi
-cmp fff.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.n ff.n1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.n ff.n2
-if [ $? != 0 ]; then exit 1; fi
-cmp f.n ff.n3
-if [ $? != 0 ]; then exit 1; fi
-
-cmp f.p ff.p1
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p2
-if [ $? != 0 ]; then exit 1; fi
-cmp f.p ff.p3
-if [ $? != 0 ]; then exit 1; fi
-
-/bin/rm -f f.* ff.* fff.*
-exit 0
diff --git a/src/lib/libssl/test/v3-cert1.pem b/src/lib/libssl/test/v3-cert1.pem
deleted file mode 100644
index 0da253d5c3..0000000000
--- a/src/lib/libssl/test/v3-cert1.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICjTCCAfigAwIBAgIEMaYgRzALBgkqhkiG9w0BAQQwRTELMAkGA1UEBhMCVVMx
-NjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFuZCBTcGFjZSBBZG1pbmlz
-dHJhdGlvbjAmFxE5NjA1MjgxMzQ5MDUrMDgwMBcROTgwNTI4MTM0OTA1KzA4MDAw
-ZzELMAkGA1UEBhMCVVMxNjA0BgNVBAoTLU5hdGlvbmFsIEFlcm9uYXV0aWNzIGFu
-ZCBTcGFjZSBBZG1pbmlzdHJhdGlvbjEgMAkGA1UEBRMCMTYwEwYDVQQDEwxTdGV2
-ZSBTY2hvY2gwWDALBgkqhkiG9w0BAQEDSQAwRgJBALrAwyYdgxmzNP/ts0Uyf6Bp
-miJYktU/w4NG67ULaN4B5CnEz7k57s9o3YY3LecETgQ5iQHmkwlYDTL2fTgVfw0C
-AQOjgaswgagwZAYDVR0ZAQH/BFowWDBWMFQxCzAJBgNVBAYTAlVTMTYwNAYDVQQK
-Ey1OYXRpb25hbCBBZXJvbmF1dGljcyBhbmQgU3BhY2UgQWRtaW5pc3RyYXRpb24x
-DTALBgNVBAMTBENSTDEwFwYDVR0BAQH/BA0wC4AJODMyOTcwODEwMBgGA1UdAgQR
-MA8ECTgzMjk3MDgyM4ACBSAwDQYDVR0KBAYwBAMCBkAwCwYJKoZIhvcNAQEEA4GB
-AH2y1VCEw/A4zaXzSYZJTTUi3uawbbFiS2yxHvgf28+8Js0OHXk1H1w2d6qOHH21
-X82tZXd/0JtG0g1T9usFFBDvYK8O0ebgz/P5ELJnBL2+atObEuJy1ZZ0pBDWINR3
-WkDNLCGiTkCKp0F5EWIrVDwh54NNevkCQRZita+z4IBO
------END CERTIFICATE-----
diff --git a/src/lib/libssl/test/v3-cert2.pem b/src/lib/libssl/test/v3-cert2.pem
deleted file mode 100644
index de0723ff8d..0000000000
--- a/src/lib/libssl/test/v3-cert2.pem
+++ /dev/null
@@ -1,16 +0,0 @@
------BEGIN CERTIFICATE-----
-MIICiTCCAfKgAwIBAgIEMeZfHzANBgkqhkiG9w0BAQQFADB9MQswCQYDVQQGEwJD
-YTEPMA0GA1UEBxMGTmVwZWFuMR4wHAYDVQQLExVObyBMaWFiaWxpdHkgQWNjZXB0
-ZWQxHzAdBgNVBAoTFkZvciBEZW1vIFB1cnBvc2VzIE9ubHkxHDAaBgNVBAMTE0Vu
-dHJ1c3QgRGVtbyBXZWIgQ0EwHhcNOTYwNzEyMTQyMDE1WhcNOTYxMDEyMTQyMDE1
-WjB0MSQwIgYJKoZIhvcNAQkBExVjb29rZUBpc3NsLmF0bC5ocC5jb20xCzAJBgNV
-BAYTAlVTMScwJQYDVQQLEx5IZXdsZXR0IFBhY2thcmQgQ29tcGFueSAoSVNTTCkx
-FjAUBgNVBAMTDVBhdWwgQS4gQ29va2UwXDANBgkqhkiG9w0BAQEFAANLADBIAkEA
-6ceSq9a9AU6g+zBwaL/yVmW1/9EE8s5you1mgjHnj0wAILuoB3L6rm6jmFRy7QZT
-G43IhVZdDua4e+5/n1ZslwIDAQABo2MwYTARBglghkgBhvhCAQEEBAMCB4AwTAYJ
-YIZIAYb4QgENBD8WPVRoaXMgY2VydGlmaWNhdGUgaXMgb25seSBpbnRlbmRlZCBm
-b3IgZGVtb25zdHJhdGlvbiBwdXJwb3Nlcy4wDQYJKoZIhvcNAQEEBQADgYEAi8qc
-F3zfFqy1sV8NhjwLVwOKuSfhR/Z8mbIEUeSTlnH3QbYt3HWZQ+vXI8mvtZoBc2Fz
-lexKeIkAZXCesqGbs6z6nCt16P6tmdfbZF3I3AWzLquPcOXjPf4HgstkyvVBn0Ap
-jAFN418KF/Cx4qyHB4cjdvLrRjjQLnb2+ibo7QU=
------END CERTIFICATE-----
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
deleted file mode 100644
index d018fced5c..0000000000
--- a/src/lib/libssl/tls1.h
+++ /dev/null
@@ -1,764 +0,0 @@
-/* $OpenBSD: tls1.h,v 1.60 2024/10/23 01:57:19 jsg Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-/* ====================================================================
- * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- *
- * Portions of the attached software ("Contribution") are developed by
- * SUN MICROSYSTEMS, INC., and are contributed to the OpenSSL project.
- *
- * The Contribution is licensed pursuant to the OpenSSL open source
- * license provided above.
- *
- * ECC cipher suite support in OpenSSL originally written by
- * Vipul Gupta and Sumit Gupta of Sun Microsystems Laboratories.
- *
- */
-/* ====================================================================
- * Copyright 2005 Nokia. All rights reserved.
- *
- * The portions of the attached software ("Contribution") is developed by
- * Nokia Corporation and is licensed pursuant to the OpenSSL open source
- * license.
- *
- * The Contribution, originally written by Mika Kousa and Pasi Eronen of
- * Nokia Corporation, consists of the "PSK" (Pre-Shared Key) ciphersuites
- * support (see RFC 4279) to OpenSSL.
- *
- * No patent licenses or other rights except those expressly stated in
- * the OpenSSL open source license shall be deemed granted or received
- * expressly, by implication, estoppel, or otherwise.
- *
- * No assurances are provided by Nokia that the Contribution does not
- * infringe the patent or other intellectual property rights of any third
- * party or that the license provides you with all the necessary rights
- * to make use of the Contribution.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. IN
- * ADDITION TO THE DISCLAIMERS INCLUDED IN THE LICENSE, NOKIA
- * SPECIFICALLY DISCLAIMS ANY LIABILITY FOR CLAIMS BROUGHT BY YOU OR ANY
- * OTHER ENTITY BASED ON INFRINGEMENT OF INTELLECTUAL PROPERTY RIGHTS OR
- * OTHERWISE.
- */
-
-#ifndef HEADER_TLS1_H
-#define HEADER_TLS1_H
-
-#include <openssl/opensslconf.h>
-
-#include <openssl/buffer.h>
-
-#ifdef  __cplusplus
-extern "C" {
-#endif
-
-#define OPENSSL_TLS_SECURITY_LEVEL 1
-
-#define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES    0
-
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define TLS1_3_VERSION                  0x0304
-#endif
-
-#define TLS1_2_VERSION                  0x0303
-#define TLS1_2_VERSION_MAJOR            0x03
-#define TLS1_2_VERSION_MINOR            0x03
-
-#define TLS1_1_VERSION                  0x0302
-#define TLS1_1_VERSION_MAJOR            0x03
-#define TLS1_1_VERSION_MINOR            0x02
-
-#define TLS1_VERSION                    0x0301
-#define TLS1_VERSION_MAJOR              0x03
-#define TLS1_VERSION_MINOR              0x01
-
-#ifndef LIBRESSL_INTERNAL
-#define TLS1_AD_DECRYPTION_FAILED               21
-#define TLS1_AD_RECORD_OVERFLOW                 22
-#define TLS1_AD_UNKNOWN_CA                      48      /* fatal */
-#define TLS1_AD_ACCESS_DENIED                   49      /* fatal */
-#define TLS1_AD_DECODE_ERROR                    50      /* fatal */
-#define TLS1_AD_DECRYPT_ERROR                   51
-#define TLS1_AD_EXPORT_RESTRICTION              60      /* fatal */
-#define TLS1_AD_PROTOCOL_VERSION                70      /* fatal */
-#define TLS1_AD_INSUFFICIENT_SECURITY           71      /* fatal */
-#define TLS1_AD_INTERNAL_ERROR                  80      /* fatal */
-/* Code 86 from RFC 7507. */
-#define TLS1_AD_INAPPROPRIATE_FALLBACK          86      /* fatal */
-#define TLS1_AD_USER_CANCELLED                  90
-#define TLS1_AD_NO_RENEGOTIATION                100
-/* Codes 110-114 from RFC 3546. */
-#define TLS1_AD_UNSUPPORTED_EXTENSION           110
-#define TLS1_AD_CERTIFICATE_UNOBTAINABLE        111
-#define TLS1_AD_UNRECOGNIZED_NAME               112
-#define TLS1_AD_BAD_CERTIFICATE_STATUS_RESPONSE 113
-#define TLS1_AD_BAD_CERTIFICATE_HASH_VALUE      114
-/* Code 115 from RFC 4279. */
-#define TLS1_AD_UNKNOWN_PSK_IDENTITY            115     /* fatal */
-#endif
-
-/*
- * TLS ExtensionType values.
- *
- * https://www.iana.org/assignments/tls-extensiontype-values/
- */
-
-/* ExtensionType values from RFC 3546, RFC 4366 and RFC 6066. */
-#define TLSEXT_TYPE_server_name                 0
-#define TLSEXT_TYPE_max_fragment_length         1
-#define TLSEXT_TYPE_client_certificate_url      2
-#define TLSEXT_TYPE_trusted_ca_keys             3
-#define TLSEXT_TYPE_truncated_hmac              4
-#define TLSEXT_TYPE_status_request              5
-
-/* ExtensionType values from RFC 4681. */
-#define TLSEXT_TYPE_user_mapping                6
-
-/* ExtensionType values from RFC 5878. */
-#define TLSEXT_TYPE_client_authz                7
-#define TLSEXT_TYPE_server_authz                8
-
-/* ExtensionType values from RFC 6091. */
-#define TLSEXT_TYPE_cert_type           9
-
-/* ExtensionType values from RFC 7919. */
-#define TLSEXT_TYPE_supported_groups            10
-
-/* ExtensionType values from RFC 4492. */
-#ifndef LIBRESSL_INTERNAL
-#define TLSEXT_TYPE_elliptic_curves             TLSEXT_TYPE_supported_groups
-#endif
-#define TLSEXT_TYPE_ec_point_formats            11
-
-/* ExtensionType value from RFC 5054. */
-#define TLSEXT_TYPE_srp                         12
-
-/* ExtensionType value from RFC 5246/RFC 8446. */
-#define TLSEXT_TYPE_signature_algorithms        13
-
-/* ExtensionType value from RFC 5764. */
-#define TLSEXT_TYPE_use_srtp    14
-
-/* ExtensionType value from RFC 5620. */
-#define TLSEXT_TYPE_heartbeat   15
-
-/* ExtensionType value from RFC 7301. */
-#define TLSEXT_TYPE_application_layer_protocol_negotiation 16
-
-/* ExtensionType value from RFC 7685. */
-#define TLSEXT_TYPE_padding     21
-
-/* ExtensionType value from RFC 4507. */
-#define TLSEXT_TYPE_session_ticket              35
-
-/* ExtensionType values from RFC 8446 section 4.2 */
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define TLSEXT_TYPE_pre_shared_key              41
-#define TLSEXT_TYPE_early_data                  42
-#define TLSEXT_TYPE_supported_versions          43
-#define TLSEXT_TYPE_cookie                      44
-#define TLSEXT_TYPE_psk_key_exchange_modes      45
-#define TLSEXT_TYPE_certificate_authorities     47
-#define TLSEXT_TYPE_oid_filters                 48
-#define TLSEXT_TYPE_post_handshake_auth         49
-#define TLSEXT_TYPE_signature_algorithms_cert   50
-#define TLSEXT_TYPE_key_share                   51
-#endif
-
-/* ExtensionType value from RFC 9001 section 8.2 */
-#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL)
-#define TLSEXT_TYPE_quic_transport_parameters   57
-#endif
-
-/*
- * TLS 1.3 extension names from OpenSSL, where they decided to use a different
- * name from that given in RFC 8446.
- */
-#if defined(LIBRESSL_HAS_TLS1_3)
-#define TLSEXT_TYPE_psk                         TLSEXT_TYPE_pre_shared_key
-#define TLSEXT_TYPE_psk_kex_modes               TLSEXT_TYPE_psk_key_exchange_modes
-#endif
-
-/* Temporary extension type */
-#define TLSEXT_TYPE_renegotiate                 0xff01
-
-/* NameType value from RFC 3546. */
-#define TLSEXT_NAMETYPE_host_name 0
-/* status request value from RFC 3546 */
-#define TLSEXT_STATUSTYPE_ocsp 1
-
-/* ECPointFormat values from RFC 4492. */
-#define TLSEXT_ECPOINTFORMAT_first                      0
-#define TLSEXT_ECPOINTFORMAT_uncompressed               0
-#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_prime  1
-#define TLSEXT_ECPOINTFORMAT_ansiX962_compressed_char2  2
-#define TLSEXT_ECPOINTFORMAT_last                       2
-
-#define TLSEXT_MAXLEN_host_name 255
-
-const char *SSL_get_servername(const SSL *s, const int type);
-int SSL_get_servername_type(const SSL *s);
-/* SSL_export_keying_material exports a value derived from the master secret,
- * as specified in RFC 5705. It writes |olen| bytes to |out| given a label and
- * optional context. (Since a zero length context is allowed, the |use_context|
- * flag controls whether a context is included.)
- *
- * It returns 1 on success and zero otherwise.
- */
-int SSL_export_keying_material(SSL *s, unsigned char *out, size_t olen,
-    const char *label, size_t llen, const unsigned char *p, size_t plen,
-    int use_context);
-
-int SSL_get_signature_type_nid(const SSL *ssl, int *nid);
-int SSL_get_peer_signature_type_nid(const SSL *ssl, int *nid);
-
-#define SSL_set_tlsext_host_name(s,name) \
-SSL_ctrl(s,SSL_CTRL_SET_TLSEXT_HOSTNAME,TLSEXT_NAMETYPE_host_name,(char *)name)
-
-#define SSL_set_tlsext_debug_callback(ssl, cb) \
-SSL_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_CB,(void (*)(void))cb)
-
-#define SSL_set_tlsext_debug_arg(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_DEBUG_ARG,0, (void *)arg)
-
-#define SSL_get_tlsext_status_type(ssl) \
-SSL_ctrl(ssl, SSL_CTRL_GET_TLSEXT_STATUS_REQ_TYPE, 0, NULL)
-
-#define SSL_set_tlsext_status_type(ssl, type) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_TYPE,type, NULL)
-
-#define SSL_get_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_exts(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_EXTS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ids(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_IDS,0, (void *)arg)
-
-#define SSL_get_tlsext_status_ocsp_resp(ssl, arg) \
-SSL_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_OCSP_RESP,0, (void *)arg)
-
-#define SSL_set_tlsext_status_ocsp_resp(ssl, arg, arglen) \
-SSL_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_OCSP_RESP,arglen, (void *)arg)
-
-#define SSL_CTX_set_tlsext_servername_callback(ctx, cb) \
-SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_CB,(void (*)(void))cb)
-
-#define SSL_TLSEXT_ERR_OK 0
-#define SSL_TLSEXT_ERR_ALERT_WARNING 1
-#define SSL_TLSEXT_ERR_ALERT_FATAL 2
-#define SSL_TLSEXT_ERR_NOACK 3
-
-#define SSL_CTX_set_tlsext_servername_arg(ctx, arg) \
-SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TLSEXT_SERVERNAME_ARG,0, (void *)arg)
-
-#define SSL_CTX_get_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_GET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-#define SSL_CTX_set_tlsext_ticket_keys(ctx, keys, keylen) \
-        SSL_CTX_ctrl((ctx),SSL_CTRL_SET_TLSEXT_TICKET_KEYS,(keylen),(keys))
-
-#define SSL_CTX_get_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-#define SSL_CTX_set_tlsext_status_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB,(void (*)(void))cb)
-
-#define SSL_CTX_get_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_GET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg)
-#define SSL_CTX_set_tlsext_status_arg(ssl, arg) \
-SSL_CTX_ctrl(ssl,SSL_CTRL_SET_TLSEXT_STATUS_REQ_CB_ARG,0,(void *)arg)
-
-#define SSL_CTX_set_tlsext_ticket_key_cb(ssl, cb) \
-SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
-
-/* PSK ciphersuites from RFC 4279. */
-#define TLS1_CK_PSK_WITH_RC4_128_SHA                    0x0300008A
-#define TLS1_CK_PSK_WITH_3DES_EDE_CBC_SHA               0x0300008B
-#define TLS1_CK_PSK_WITH_AES_128_CBC_SHA                0x0300008C
-#define TLS1_CK_PSK_WITH_AES_256_CBC_SHA                0x0300008D
-
-/* Additional TLS ciphersuites from expired Internet Draft
- * draft-ietf-tls-56-bit-ciphersuites-01.txt
- * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see
- * s3_lib.c).  We actually treat them like SSL 3.0 ciphers, which we probably
- * shouldn't.  Note that the first two are actually not in the IDs. */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5          0x03000060 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5      0x03000061 /* not in ID */
-#define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA         0x03000062
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA     0x03000063
-#define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA          0x03000064
-#define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA      0x03000065
-#define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA                0x03000066
-
-/* AES ciphersuites from RFC 3268. */
-
-#define TLS1_CK_RSA_WITH_AES_128_SHA                    0x0300002F
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA                 0x03000030
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA                 0x03000031
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA                0x03000032
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA                0x03000033
-#define TLS1_CK_ADH_WITH_AES_128_SHA                    0x03000034
-
-#define TLS1_CK_RSA_WITH_AES_256_SHA                    0x03000035
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA                 0x03000036
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA                 0x03000037
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA                0x03000038
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA                0x03000039
-#define TLS1_CK_ADH_WITH_AES_256_SHA                    0x0300003A
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_RSA_WITH_NULL_SHA256                    0x0300003B
-#define TLS1_CK_RSA_WITH_AES_128_SHA256                 0x0300003C
-#define TLS1_CK_RSA_WITH_AES_256_SHA256                 0x0300003D
-#define TLS1_CK_DH_DSS_WITH_AES_128_SHA256              0x0300003E
-#define TLS1_CK_DH_RSA_WITH_AES_128_SHA256              0x0300003F
-#define TLS1_CK_DHE_DSS_WITH_AES_128_SHA256             0x03000040
-
-/* Camellia ciphersuites from RFC 4132. */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA           0x03000041
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA        0x03000042
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA        0x03000043
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA       0x03000044
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA       0x03000045
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA           0x03000046
-
-/* TLS v1.2 ciphersuites */
-#define TLS1_CK_DHE_RSA_WITH_AES_128_SHA256             0x03000067
-#define TLS1_CK_DH_DSS_WITH_AES_256_SHA256              0x03000068
-#define TLS1_CK_DH_RSA_WITH_AES_256_SHA256              0x03000069
-#define TLS1_CK_DHE_DSS_WITH_AES_256_SHA256             0x0300006A
-#define TLS1_CK_DHE_RSA_WITH_AES_256_SHA256             0x0300006B
-#define TLS1_CK_ADH_WITH_AES_128_SHA256                 0x0300006C
-#define TLS1_CK_ADH_WITH_AES_256_SHA256                 0x0300006D
-
-/* Camellia ciphersuites from RFC 4132. */
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA           0x03000084
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA        0x03000085
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA        0x03000086
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA       0x03000087
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA       0x03000088
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA           0x03000089
-
-/* SEED ciphersuites from RFC 4162. */
-#define TLS1_CK_RSA_WITH_SEED_SHA                       0x03000096
-#define TLS1_CK_DH_DSS_WITH_SEED_SHA                    0x03000097
-#define TLS1_CK_DH_RSA_WITH_SEED_SHA                    0x03000098
-#define TLS1_CK_DHE_DSS_WITH_SEED_SHA                   0x03000099
-#define TLS1_CK_DHE_RSA_WITH_SEED_SHA                   0x0300009A
-#define TLS1_CK_ADH_WITH_SEED_SHA                       0x0300009B
-
-/* TLS v1.2 GCM ciphersuites from RFC 5288. */
-#define TLS1_CK_RSA_WITH_AES_128_GCM_SHA256             0x0300009C
-#define TLS1_CK_RSA_WITH_AES_256_GCM_SHA384             0x0300009D
-#define TLS1_CK_DHE_RSA_WITH_AES_128_GCM_SHA256         0x0300009E
-#define TLS1_CK_DHE_RSA_WITH_AES_256_GCM_SHA384         0x0300009F
-#define TLS1_CK_DH_RSA_WITH_AES_128_GCM_SHA256          0x030000A0
-#define TLS1_CK_DH_RSA_WITH_AES_256_GCM_SHA384          0x030000A1
-#define TLS1_CK_DHE_DSS_WITH_AES_128_GCM_SHA256         0x030000A2
-#define TLS1_CK_DHE_DSS_WITH_AES_256_GCM_SHA384         0x030000A3
-#define TLS1_CK_DH_DSS_WITH_AES_128_GCM_SHA256          0x030000A4
-#define TLS1_CK_DH_DSS_WITH_AES_256_GCM_SHA384          0x030000A5
-#define TLS1_CK_ADH_WITH_AES_128_GCM_SHA256             0x030000A6
-#define TLS1_CK_ADH_WITH_AES_256_GCM_SHA384             0x030000A7
-
-/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
-#define TLS1_CK_RSA_WITH_CAMELLIA_128_CBC_SHA256        0x030000BA
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256     0x030000BB
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256     0x030000BC
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256    0x030000BD
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256    0x030000BE
-#define TLS1_CK_ADH_WITH_CAMELLIA_128_CBC_SHA256        0x030000BF
-
-#define TLS1_CK_RSA_WITH_CAMELLIA_256_CBC_SHA256        0x030000C0
-#define TLS1_CK_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256     0x030000C1
-#define TLS1_CK_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256     0x030000C2
-#define TLS1_CK_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256    0x030000C3
-#define TLS1_CK_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256    0x030000C4
-#define TLS1_CK_ADH_WITH_CAMELLIA_256_CBC_SHA256        0x030000C5
-
-/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define TLS1_3_CK_AES_128_GCM_SHA256                    0x03001301
-#define TLS1_3_CK_AES_256_GCM_SHA384                    0x03001302
-#define TLS1_3_CK_CHACHA20_POLY1305_SHA256              0x03001303
-#define TLS1_3_CK_AES_128_CCM_SHA256                    0x03001304
-#define TLS1_3_CK_AES_128_CCM_8_SHA256                  0x03001305
-#endif
-
-/* ECC ciphersuites from RFC 4492. */
-#define TLS1_CK_ECDH_ECDSA_WITH_NULL_SHA                0x0300C001
-#define TLS1_CK_ECDH_ECDSA_WITH_RC4_128_SHA             0x0300C002
-#define TLS1_CK_ECDH_ECDSA_WITH_DES_192_CBC3_SHA        0x0300C003
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_CBC_SHA         0x0300C004
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_CBC_SHA         0x0300C005
-
-#define TLS1_CK_ECDHE_ECDSA_WITH_NULL_SHA               0x0300C006
-#define TLS1_CK_ECDHE_ECDSA_WITH_RC4_128_SHA            0x0300C007
-#define TLS1_CK_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA       0x0300C008
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_CBC_SHA        0x0300C009
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_CBC_SHA        0x0300C00A
-
-#define TLS1_CK_ECDH_RSA_WITH_NULL_SHA                  0x0300C00B
-#define TLS1_CK_ECDH_RSA_WITH_RC4_128_SHA               0x0300C00C
-#define TLS1_CK_ECDH_RSA_WITH_DES_192_CBC3_SHA          0x0300C00D
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_CBC_SHA           0x0300C00E
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_CBC_SHA           0x0300C00F
-
-#define TLS1_CK_ECDHE_RSA_WITH_NULL_SHA                 0x0300C010
-#define TLS1_CK_ECDHE_RSA_WITH_RC4_128_SHA              0x0300C011
-#define TLS1_CK_ECDHE_RSA_WITH_DES_192_CBC3_SHA         0x0300C012
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_CBC_SHA          0x0300C013
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_CBC_SHA          0x0300C014
-
-#define TLS1_CK_ECDH_anon_WITH_NULL_SHA                 0x0300C015
-#define TLS1_CK_ECDH_anon_WITH_RC4_128_SHA              0x0300C016
-#define TLS1_CK_ECDH_anon_WITH_DES_192_CBC3_SHA         0x0300C017
-#define TLS1_CK_ECDH_anon_WITH_AES_128_CBC_SHA          0x0300C018
-#define TLS1_CK_ECDH_anon_WITH_AES_256_CBC_SHA          0x0300C019
-
-/* SRP ciphersuites from RFC 5054. */
-#define TLS1_CK_SRP_SHA_WITH_3DES_EDE_CBC_SHA           0x0300C01A
-#define TLS1_CK_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA       0x0300C01B
-#define TLS1_CK_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA       0x0300C01C
-#define TLS1_CK_SRP_SHA_WITH_AES_128_CBC_SHA            0x0300C01D
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_128_CBC_SHA        0x0300C01E
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_128_CBC_SHA        0x0300C01F
-#define TLS1_CK_SRP_SHA_WITH_AES_256_CBC_SHA            0x0300C020
-#define TLS1_CK_SRP_SHA_RSA_WITH_AES_256_CBC_SHA        0x0300C021
-#define TLS1_CK_SRP_SHA_DSS_WITH_AES_256_CBC_SHA        0x0300C022
-
-/* ECDH HMAC based ciphersuites from RFC 5289. */
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_SHA256         0x0300C023
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_SHA384         0x0300C024
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_SHA256          0x0300C025
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_SHA384          0x0300C026
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_SHA256           0x0300C027
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_SHA384           0x0300C028
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_SHA256            0x0300C029
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_SHA384            0x0300C02A
-
-/* ECDH GCM based ciphersuites from RFC 5289. */
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256     0x0300C02B
-#define TLS1_CK_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384     0x0300C02C
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_128_GCM_SHA256      0x0300C02D
-#define TLS1_CK_ECDH_ECDSA_WITH_AES_256_GCM_SHA384      0x0300C02E
-#define TLS1_CK_ECDHE_RSA_WITH_AES_128_GCM_SHA256       0x0300C02F
-#define TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384       0x0300C030
-#define TLS1_CK_ECDH_RSA_WITH_AES_128_GCM_SHA256        0x0300C031
-#define TLS1_CK_ECDH_RSA_WITH_AES_256_GCM_SHA384        0x0300C032
-
-/* ChaCha20-Poly1305 based ciphersuites. */
-#define TLS1_CK_ECDHE_RSA_CHACHA20_POLY1305             0x0300CCA8
-#define TLS1_CK_ECDHE_ECDSA_CHACHA20_POLY1305           0x0300CCA9
-#define TLS1_CK_DHE_RSA_CHACHA20_POLY1305               0x0300CCAA
-
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5         "EXP1024-RC4-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5     "EXP1024-RC2-CBC-MD5"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA        "EXP1024-DES-CBC-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA    "EXP1024-DHE-DSS-DES-CBC-SHA"
-#define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA         "EXP1024-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA     "EXP1024-DHE-DSS-RC4-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA               "DHE-DSS-RC4-SHA"
-
-/* AES ciphersuites from RFC 3268. */
-#define TLS1_TXT_RSA_WITH_AES_128_SHA                   "AES128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA                "DH-DSS-AES128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA                "DH-RSA-AES128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA               "DHE-DSS-AES128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA               "DHE-RSA-AES128-SHA"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA                   "ADH-AES128-SHA"
-
-#define TLS1_TXT_RSA_WITH_AES_256_SHA                   "AES256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA                "DH-DSS-AES256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA                "DH-RSA-AES256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA               "DHE-DSS-AES256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA               "DHE-RSA-AES256-SHA"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA                   "ADH-AES256-SHA"
-
-/* ECC ciphersuites from draft-ietf-tls-ecc-01.txt (Mar 15, 2001) */
-#define TLS1_TXT_ECDH_ECDSA_WITH_NULL_SHA               "ECDH-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA            "ECDH-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA       "ECDH-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA        "ECDH-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA        "ECDH-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_ECDSA_WITH_NULL_SHA              "ECDHE-ECDSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA           "ECDHE-ECDSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA      "ECDHE-ECDSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA       "ECDHE-ECDSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA       "ECDHE-ECDSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_RSA_WITH_NULL_SHA                 "ECDH-RSA-NULL-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA              "ECDH-RSA-RC4-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA         "ECDH-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA          "ECDH-RSA-AES128-SHA"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA          "ECDH-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDHE_RSA_WITH_NULL_SHA                "ECDHE-RSA-NULL-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA             "ECDHE-RSA-RC4-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA        "ECDHE-RSA-DES-CBC3-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA         "ECDHE-RSA-AES128-SHA"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA         "ECDHE-RSA-AES256-SHA"
-
-#define TLS1_TXT_ECDH_anon_WITH_NULL_SHA                "AECDH-NULL-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_RC4_128_SHA             "AECDH-RC4-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_DES_192_CBC3_SHA        "AECDH-DES-CBC3-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_128_CBC_SHA         "AECDH-AES128-SHA"
-#define TLS1_TXT_ECDH_anon_WITH_AES_256_CBC_SHA         "AECDH-AES256-SHA"
-
-/* PSK ciphersuites from RFC 4279. */
-#define TLS1_TXT_PSK_WITH_RC4_128_SHA                   "PSK-RC4-SHA"
-#define TLS1_TXT_PSK_WITH_3DES_EDE_CBC_SHA              "PSK-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA               "PSK-AES128-CBC-SHA"
-#define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA               "PSK-AES256-CBC-SHA"
-
-/* SRP ciphersuite from RFC 5054. */
-#define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA          "SRP-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA      "SRP-RSA-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_3DES_EDE_CBC_SHA      "SRP-DSS-3DES-EDE-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_128_CBC_SHA           "SRP-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_128_CBC_SHA       "SRP-RSA-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_128_CBC_SHA       "SRP-DSS-AES-128-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_WITH_AES_256_CBC_SHA           "SRP-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_RSA_WITH_AES_256_CBC_SHA       "SRP-RSA-AES-256-CBC-SHA"
-#define TLS1_TXT_SRP_SHA_DSS_WITH_AES_256_CBC_SHA       "SRP-DSS-AES-256-CBC-SHA"
-
-/* Camellia ciphersuites from RFC 4132. */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA          "CAMELLIA128-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA       "DH-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA       "DH-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA      "DHE-DSS-CAMELLIA128-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA      "DHE-RSA-CAMELLIA128-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA          "ADH-CAMELLIA128-SHA"
-
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA          "CAMELLIA256-SHA"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA       "DH-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA       "DH-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA      "DHE-DSS-CAMELLIA256-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA      "DHE-RSA-CAMELLIA256-SHA"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA          "ADH-CAMELLIA256-SHA"
-
-/* TLS 1.2 Camellia SHA-256 ciphersuites from RFC5932 */
-#define TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA256       "CAMELLIA128-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_128_CBC_SHA256    "DH-DSS-CAMELLIA128-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_128_CBC_SHA256    "DH-RSA-CAMELLIA128-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA256   "DHE-DSS-CAMELLIA128-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256   "DHE-RSA-CAMELLIA128-SHA256"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_128_CBC_SHA256       "ADH-CAMELLIA128-SHA256"
-
-#define TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA256       "CAMELLIA256-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_CAMELLIA_256_CBC_SHA256    "DH-DSS-CAMELLIA256-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_CAMELLIA_256_CBC_SHA256    "DH-RSA-CAMELLIA256-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA256   "DHE-DSS-CAMELLIA256-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256   "DHE-RSA-CAMELLIA256-SHA256"
-#define TLS1_TXT_ADH_WITH_CAMELLIA_256_CBC_SHA256       "ADH-CAMELLIA256-SHA256"
-
-/* SEED ciphersuites from RFC 4162. */
-#define TLS1_TXT_RSA_WITH_SEED_SHA                      "SEED-SHA"
-#define TLS1_TXT_DH_DSS_WITH_SEED_SHA                   "DH-DSS-SEED-SHA"
-#define TLS1_TXT_DH_RSA_WITH_SEED_SHA                   "DH-RSA-SEED-SHA"
-#define TLS1_TXT_DHE_DSS_WITH_SEED_SHA                  "DHE-DSS-SEED-SHA"
-#define TLS1_TXT_DHE_RSA_WITH_SEED_SHA                  "DHE-RSA-SEED-SHA"
-#define TLS1_TXT_ADH_WITH_SEED_SHA                      "ADH-SEED-SHA"
-
-/* TLS v1.2 ciphersuites. */
-#define TLS1_TXT_RSA_WITH_NULL_SHA256                   "NULL-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_128_SHA256                "AES128-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_SHA256                "AES256-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_SHA256             "DH-DSS-AES128-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_SHA256             "DH-RSA-AES128-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA256            "DHE-DSS-AES128-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA256            "DHE-RSA-AES128-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_SHA256             "DH-DSS-AES256-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_SHA256             "DH-RSA-AES256-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA256            "DHE-DSS-AES256-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA256            "DHE-RSA-AES256-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_128_SHA256                "ADH-AES128-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_SHA256                "ADH-AES256-SHA256"
-
-/* TLS v1.2 GCM ciphersuites from RFC 5288. */
-#define TLS1_TXT_RSA_WITH_AES_128_GCM_SHA256            "AES128-GCM-SHA256"
-#define TLS1_TXT_RSA_WITH_AES_256_GCM_SHA384            "AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_RSA_WITH_AES_128_GCM_SHA256        "DHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_RSA_WITH_AES_256_GCM_SHA384        "DHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_RSA_WITH_AES_128_GCM_SHA256         "DH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_RSA_WITH_AES_256_GCM_SHA384         "DH-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_DHE_DSS_WITH_AES_128_GCM_SHA256        "DHE-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DHE_DSS_WITH_AES_256_GCM_SHA384        "DHE-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_DH_DSS_WITH_AES_128_GCM_SHA256         "DH-DSS-AES128-GCM-SHA256"
-#define TLS1_TXT_DH_DSS_WITH_AES_256_GCM_SHA384         "DH-DSS-AES256-GCM-SHA384"
-#define TLS1_TXT_ADH_WITH_AES_128_GCM_SHA256            "ADH-AES128-GCM-SHA256"
-#define TLS1_TXT_ADH_WITH_AES_256_GCM_SHA384            "ADH-AES256-GCM-SHA384"
-
-/* ECDH HMAC based ciphersuites from RFC 5289. */
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_SHA256    "ECDHE-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_SHA384    "ECDHE-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_SHA256     "ECDH-ECDSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_SHA384     "ECDH-ECDSA-AES256-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_SHA256      "ECDHE-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_SHA384      "ECDHE-RSA-AES256-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_SHA256       "ECDH-RSA-AES128-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_SHA384       "ECDH-RSA-AES256-SHA384"
-
-/* ECDH GCM based ciphersuites from RFC 5289. */
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256    "ECDHE-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384    "ECDHE-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_128_GCM_SHA256     "ECDH-ECDSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_ECDSA_WITH_AES_256_GCM_SHA384     "ECDH-ECDSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256      "ECDHE-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384      "ECDHE-RSA-AES256-GCM-SHA384"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_128_GCM_SHA256       "ECDH-RSA-AES128-GCM-SHA256"
-#define TLS1_TXT_ECDH_RSA_WITH_AES_256_GCM_SHA384       "ECDH-RSA-AES256-GCM-SHA384"
-
-/* ChaCha20-Poly1305 based ciphersuites. */
-#define TLS1_TXT_ECDHE_RSA_WITH_CHACHA20_POLY1305       "ECDHE-RSA-CHACHA20-POLY1305"
-#define TLS1_TXT_ECDHE_ECDSA_WITH_CHACHA20_POLY1305     "ECDHE-ECDSA-CHACHA20-POLY1305"
-#define TLS1_TXT_DHE_RSA_WITH_CHACHA20_POLY1305         "DHE-RSA-CHACHA20-POLY1305"
-
-/* TLS 1.3 cipher suites from RFC 8446 appendix B.4. */
-#if defined(LIBRESSL_HAS_TLS1_3) || defined(LIBRESSL_INTERNAL)
-#define TLS1_3_TXT_AES_128_GCM_SHA256                   "AEAD-AES128-GCM-SHA256"
-#define TLS1_3_TXT_AES_256_GCM_SHA384                   "AEAD-AES256-GCM-SHA384"
-#define TLS1_3_TXT_CHACHA20_POLY1305_SHA256             "AEAD-CHACHA20-POLY1305-SHA256"
-#define TLS1_3_TXT_AES_128_CCM_SHA256                   "AEAD-AES128-CCM-SHA256"
-#define TLS1_3_TXT_AES_128_CCM_8_SHA256                 "AEAD-AES128-CCM-8-SHA256"
-
-#define TLS1_3_RFC_AES_128_GCM_SHA256                   "TLS_AES_128_GCM_SHA256"
-#define TLS1_3_RFC_AES_256_GCM_SHA384                   "TLS_AES_256_GCM_SHA384"
-#define TLS1_3_RFC_CHACHA20_POLY1305_SHA256             "TLS_CHACHA20_POLY1305_SHA256"
-#define TLS1_3_RFC_AES_128_CCM_SHA256                   "TLS_AES_128_CCM_SHA256"
-#define TLS1_3_RFC_AES_128_CCM_8_SHA256                 "TLS_AES_128_CCM_8_SHA256"
-#endif
-
-#define TLS1_FINISH_MAC_LENGTH          12
-
-#define TLS_MD_MAX_CONST_SIZE                   20
-#define TLS_MD_CLIENT_FINISH_CONST              "client finished"
-#define TLS_MD_CLIENT_FINISH_CONST_SIZE         15
-#define TLS_MD_SERVER_FINISH_CONST              "server finished"
-#define TLS_MD_SERVER_FINISH_CONST_SIZE         15
-#define TLS_MD_KEY_EXPANSION_CONST              "key expansion"
-#define TLS_MD_KEY_EXPANSION_CONST_SIZE         13
-#define TLS_MD_CLIENT_WRITE_KEY_CONST           "client write key"
-#define TLS_MD_CLIENT_WRITE_KEY_CONST_SIZE      16
-#define TLS_MD_SERVER_WRITE_KEY_CONST           "server write key"
-#define TLS_MD_SERVER_WRITE_KEY_CONST_SIZE      16
-#define TLS_MD_IV_BLOCK_CONST                   "IV block"
-#define TLS_MD_IV_BLOCK_CONST_SIZE              8
-#define TLS_MD_MASTER_SECRET_CONST              "master secret"
-#define TLS_MD_MASTER_SECRET_CONST_SIZE         13
-
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libssl/tls12_internal.h b/src/lib/libssl/tls12_internal.h
deleted file mode 100644
index d416b2e3f1..0000000000
--- a/src/lib/libssl/tls12_internal.h
+++ /dev/null
@@ -1,29 +0,0 @@
-/* $OpenBSD: tls12_internal.h,v 1.1 2022/11/07 11:58:45 jsing Exp $ */
-/*
- * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_TLS12_INTERNAL_H
-#define HEADER_TLS12_INTERNAL_H
-
-__BEGIN_HIDDEN_DECLS
-
-int tls12_exporter(SSL *s, const uint8_t *label, size_t label_len,
-    const uint8_t *context_value, size_t context_value_len, int use_context,
-    uint8_t *out, size_t out_len);
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/tls12_key_schedule.c b/src/lib/libssl/tls12_key_schedule.c
deleted file mode 100644
index 1ac003329e..0000000000
--- a/src/lib/libssl/tls12_key_schedule.c
+++ /dev/null
@@ -1,291 +0,0 @@
-/* $OpenBSD: tls12_key_schedule.c,v 1.4 2024/02/03 15:58:34 beck Exp $ */
-/*
- * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-
-#include <openssl/evp.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "tls12_internal.h"
-
-struct tls12_key_block {
-        CBS client_write_mac_key;
-        CBS server_write_mac_key;
-        CBS client_write_key;
-        CBS server_write_key;
-        CBS client_write_iv;
-        CBS server_write_iv;
-
-        uint8_t *key_block;
-        size_t key_block_len;
-};
-
-struct tls12_key_block *
-tls12_key_block_new(void)
-{
-        return calloc(1, sizeof(struct tls12_key_block));
-}
-
-static void
-tls12_key_block_clear(struct tls12_key_block *kb)
-{
-        CBS_init(&kb->client_write_mac_key, NULL, 0);
-        CBS_init(&kb->server_write_mac_key, NULL, 0);
-        CBS_init(&kb->client_write_key, NULL, 0);
-        CBS_init(&kb->server_write_key, NULL, 0);
-        CBS_init(&kb->client_write_iv, NULL, 0);
-        CBS_init(&kb->server_write_iv, NULL, 0);
-
-        freezero(kb->key_block, kb->key_block_len);
-        kb->key_block = NULL;
-        kb->key_block_len = 0;
-}
-
-void
-tls12_key_block_free(struct tls12_key_block *kb)
-{
-        if (kb == NULL)
-                return;
-
-        tls12_key_block_clear(kb);
-
-        freezero(kb, sizeof(struct tls12_key_block));
-}
-
-void
-tls12_key_block_client_write(struct tls12_key_block *kb, CBS *mac_key,
-    CBS *key, CBS *iv)
-{
-        CBS_dup(&kb->client_write_mac_key, mac_key);
-        CBS_dup(&kb->client_write_key, key);
-        CBS_dup(&kb->client_write_iv, iv);
-}
-
-void
-tls12_key_block_server_write(struct tls12_key_block *kb, CBS *mac_key,
-    CBS *key, CBS *iv)
-{
-        CBS_dup(&kb->server_write_mac_key, mac_key);
-        CBS_dup(&kb->server_write_key, key);
-        CBS_dup(&kb->server_write_iv, iv);
-}
-
-int
-tls12_key_block_generate(struct tls12_key_block *kb, SSL *s,
-    const EVP_AEAD *aead, const EVP_CIPHER *cipher, const EVP_MD *mac_hash)
-{
-        size_t mac_key_len = 0, key_len = 0, iv_len = 0;
-        uint8_t *key_block = NULL;
-        size_t key_block_len = 0;
-        CBS cbs;
-
-        /*
-         * Generate a TLSv1.2 key block and partition into individual secrets,
-         * as per RFC 5246 section 6.3.
-         */
-
-        tls12_key_block_clear(kb);
-
-        /* Must have AEAD or cipher/MAC pair. */
-        if (aead == NULL && (cipher == NULL || mac_hash == NULL))
-                goto err;
-
-        if (aead != NULL) {
-                key_len = EVP_AEAD_key_length(aead);
-
-                /* AEAD fixed nonce length. */
-                if (aead == EVP_aead_aes_128_gcm() ||
-                    aead == EVP_aead_aes_256_gcm())
-                        iv_len = 4;
-                else if (aead == EVP_aead_chacha20_poly1305())
-                        iv_len = 12;
-                else
-                        goto err;
-        } else if (cipher != NULL && mac_hash != NULL) {
-                /*
-                 * A negative integer return value will be detected via the
-                 * EVP_MAX_* checks against the size_t variables below.
-                 */
-                mac_key_len = EVP_MD_size(mac_hash);
-                key_len = EVP_CIPHER_key_length(cipher);
-                iv_len = EVP_CIPHER_iv_length(cipher);
-        }
-
-        if (mac_key_len > EVP_MAX_MD_SIZE)
-                goto err;
-        if (key_len > EVP_MAX_KEY_LENGTH)
-                goto err;
-        if (iv_len > EVP_MAX_IV_LENGTH)
-                goto err;
-
-        key_block_len = 2 * mac_key_len + 2 * key_len + 2 * iv_len;
-        if ((key_block = calloc(1, key_block_len)) == NULL)
-                goto err;
-
-        if (!tls1_generate_key_block(s, key_block, key_block_len))
-                goto err;
-
-        kb->key_block = key_block;
-        kb->key_block_len = key_block_len;
-        key_block = NULL;
-        key_block_len = 0;
-
-        /* Partition key block into individual secrets. */
-        CBS_init(&cbs, kb->key_block, kb->key_block_len);
-        if (!CBS_get_bytes(&cbs, &kb->client_write_mac_key, mac_key_len))
-                goto err;
-        if (!CBS_get_bytes(&cbs, &kb->server_write_mac_key, mac_key_len))
-                goto err;
-        if (!CBS_get_bytes(&cbs, &kb->client_write_key, key_len))
-                goto err;
-        if (!CBS_get_bytes(&cbs, &kb->server_write_key, key_len))
-                goto err;
-        if (!CBS_get_bytes(&cbs, &kb->client_write_iv, iv_len))
-                goto err;
-        if (!CBS_get_bytes(&cbs, &kb->server_write_iv, iv_len))
-                goto err;
-        if (CBS_len(&cbs) != 0)
-                goto err;
-
-        return 1;
-
- err:
-        tls12_key_block_clear(kb);
-        freezero(key_block, key_block_len);
-
-        return 0;
-}
-
-struct tls12_reserved_label {
-        const char *label;
-        size_t label_len;
-};
-
-/*
- * RFC 5705 section 6.
- */
-static const struct tls12_reserved_label tls12_reserved_labels[] = {
-        {
-                .label = TLS_MD_CLIENT_FINISH_CONST,
-                .label_len = TLS_MD_CLIENT_FINISH_CONST_SIZE,
-        },
-        {
-                .label = TLS_MD_SERVER_FINISH_CONST,
-                .label_len = TLS_MD_SERVER_FINISH_CONST_SIZE,
-        },
-        {
-                .label = TLS_MD_MASTER_SECRET_CONST,
-                .label_len = TLS_MD_MASTER_SECRET_CONST_SIZE,
-        },
-        {
-                .label = TLS_MD_KEY_EXPANSION_CONST,
-                .label_len = TLS_MD_KEY_EXPANSION_CONST_SIZE,
-        },
-        {
-                .label = NULL,
-                .label_len = 0,
-        },
-};
-
-int
-tls12_exporter(SSL *s, const uint8_t *label, size_t label_len,
-    const uint8_t *context_value, size_t context_value_len, int use_context,
-    uint8_t *out, size_t out_len)
-{
-        uint8_t *data = NULL;
-        size_t data_len = 0;
-        CBB cbb, context;
-        CBS seed;
-        size_t i;
-        int ret = 0;
-
-        /*
-         * RFC 5705 - Key Material Exporters for TLS.
-         */
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (!SSL_is_init_finished(s)) {
-                SSLerror(s, SSL_R_BAD_STATE);
-                goto err;
-        }
-
-        if (s->s3->hs.negotiated_tls_version >= TLS1_3_VERSION)
-                goto err;
-
-        /*
-         * Due to exceptional design choices, we need to build a concatenation
-         * of the label and the seed value, before checking for reserved
-         * labels. This prevents a reserved label from being split across the
-         * label and the seed (that includes the client random), which are
-         * concatenated by the PRF.
-         */
-        if (!CBB_init(&cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&cbb, label, label_len))
-                goto err;
-        if (!CBB_add_bytes(&cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!CBB_add_bytes(&cbb, s->s3->server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (use_context) {
-                if (!CBB_add_u16_length_prefixed(&cbb, &context))
-                        goto err;
-                if (context_value_len > 0) {
-                        if (!CBB_add_bytes(&context, context_value,
-                            context_value_len))
-                                goto err;
-                }
-        }
-        if (!CBB_finish(&cbb, &data, &data_len))
-                goto err;
-
-        /*
-         * Ensure that the block (label + seed) does not start with a reserved
-         * label - in an ideal world we would ensure that the label has an
-         * explicitly permitted prefix instead, but of course this also got
-         * messed up by the standards.
-         */
-        for (i = 0; tls12_reserved_labels[i].label != NULL; i++) {
-                /* XXX - consider adding/using CBS_has_prefix(). */
-                if (tls12_reserved_labels[i].label_len > data_len)
-                        goto err;
-                if (memcmp(data, tls12_reserved_labels[i].label,
-                    tls12_reserved_labels[i].label_len) == 0) {
-                        SSLerror(s, SSL_R_TLS_ILLEGAL_EXPORTER_LABEL);
-                        goto err;
-                }
-        }
-
-        CBS_init(&seed, data, data_len);
-        if (!CBS_skip(&seed, label_len))
-                goto err;
-
-        if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length,
-            label, label_len, CBS_data(&seed), CBS_len(&seed), NULL, 0, NULL, 0,
-            NULL, 0, out, out_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(data, data_len);
-        CBB_cleanup(&cbb);
-
-        return ret;
-}
diff --git a/src/lib/libssl/tls12_lib.c b/src/lib/libssl/tls12_lib.c
deleted file mode 100644
index 96b3abcd2a..0000000000
--- a/src/lib/libssl/tls12_lib.c
+++ /dev/null
@@ -1,118 +0,0 @@
-/*      $OpenBSD: tls12_lib.c,v 1.6 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "ssl_local.h"
-
-static int
-tls12_finished_verify_data(SSL *s, const char *finished_label,
-    size_t finished_label_len, uint8_t *verify_data, size_t verify_data_len,
-    size_t *out_len)
-{
-        uint8_t transcript_hash[EVP_MAX_MD_SIZE];
-        size_t transcript_hash_len;
-
-        *out_len = 0;
-
-        if (s->session->master_key_length == 0)
-                return 0;
-
-        if (verify_data_len < TLS1_FINISH_MAC_LENGTH)
-                return 0;
-
-        if (!tls1_transcript_hash_value(s, transcript_hash,
-            sizeof(transcript_hash), &transcript_hash_len))
-                return 0;
-
-        if (!tls1_PRF(s, s->session->master_key, s->session->master_key_length,
-            finished_label, finished_label_len, transcript_hash,
-            transcript_hash_len, NULL, 0, NULL, 0, NULL, 0, verify_data,
-            TLS1_FINISH_MAC_LENGTH))
-                return 0;
-
-        *out_len = TLS1_FINISH_MAC_LENGTH;
-
-        return 1;
-}
-
-static int
-tls12_client_finished_verify_data(SSL *s, uint8_t *verify_data,
-    size_t verify_data_len, size_t *out_len)
-{
-        return tls12_finished_verify_data(s, TLS_MD_CLIENT_FINISH_CONST,
-            TLS_MD_CLIENT_FINISH_CONST_SIZE, verify_data, verify_data_len,
-            out_len);
-}
-
-static int
-tls12_server_finished_verify_data(SSL *s, uint8_t *verify_data,
-    size_t verify_data_len, size_t *out_len)
-{
-        return tls12_finished_verify_data(s, TLS_MD_SERVER_FINISH_CONST,
-            TLS_MD_SERVER_FINISH_CONST_SIZE, verify_data, verify_data_len,
-            out_len);
-}
-
-int
-tls12_derive_finished(SSL *s)
-{
-        if (!s->server) {
-                return tls12_client_finished_verify_data(s,
-                    s->s3->hs.finished, sizeof(s->s3->hs.finished),
-                    &s->s3->hs.finished_len);
-        } else {
-                return tls12_server_finished_verify_data(s,
-                    s->s3->hs.finished, sizeof(s->s3->hs.finished),
-                    &s->s3->hs.finished_len);
-        }
-}
-
-int
-tls12_derive_peer_finished(SSL *s)
-{
-        if (s->server) {
-                return tls12_client_finished_verify_data(s,
-                    s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished),
-                    &s->s3->hs.peer_finished_len);
-        } else {
-                return tls12_server_finished_verify_data(s,
-                    s->s3->hs.peer_finished, sizeof(s->s3->hs.peer_finished),
-                    &s->s3->hs.peer_finished_len);
-        }
-}
-
-int
-tls12_derive_master_secret(SSL *s, uint8_t *premaster_secret,
-    size_t premaster_secret_len)
-{
-        s->session->master_key_length = 0;
-
-        if (premaster_secret_len == 0)
-                return 0;
-
-        CTASSERT(sizeof(s->session->master_key) == SSL_MAX_MASTER_KEY_LENGTH);
-
-        if (!tls1_PRF(s, premaster_secret, premaster_secret_len,
-            TLS_MD_MASTER_SECRET_CONST, TLS_MD_MASTER_SECRET_CONST_SIZE,
-            s->s3->client_random, SSL3_RANDOM_SIZE, NULL, 0,
-            s->s3->server_random, SSL3_RANDOM_SIZE, NULL, 0,
-            s->session->master_key, sizeof(s->session->master_key)))
-                return 0;
-
-        s->session->master_key_length = SSL_MAX_MASTER_KEY_LENGTH;
-
-        return 1;
-}
diff --git a/src/lib/libssl/tls12_record_layer.c b/src/lib/libssl/tls12_record_layer.c
deleted file mode 100644
index 9786d7d0bd..0000000000
--- a/src/lib/libssl/tls12_record_layer.c
+++ /dev/null
@@ -1,1309 +0,0 @@
-/* $OpenBSD: tls12_record_layer.c,v 1.42 2024/02/03 15:58:34 beck Exp $ */
-/*
- * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <limits.h>
-#include <stdlib.h>
-
-#include <openssl/evp.h>
-
-#include "ssl_local.h"
-
-#define TLS12_RECORD_SEQ_NUM_LEN        8
-#define TLS12_AEAD_FIXED_NONCE_MAX_LEN  12
-
-struct tls12_record_protection {
-        uint16_t epoch;
-        uint8_t seq_num[TLS12_RECORD_SEQ_NUM_LEN];
-
-        EVP_AEAD_CTX *aead_ctx;
-
-        uint8_t *aead_nonce;
-        size_t aead_nonce_len;
-
-        uint8_t *aead_fixed_nonce;
-        size_t aead_fixed_nonce_len;
-
-        size_t aead_variable_nonce_len;
-        size_t aead_tag_len;
-
-        int aead_xor_nonces;
-        int aead_variable_nonce_in_record;
-
-        EVP_CIPHER_CTX *cipher_ctx;
-        EVP_MD_CTX *hash_ctx;
-
-        int stream_mac;
-
-        uint8_t *mac_key;
-        size_t mac_key_len;
-};
-
-static struct tls12_record_protection *
-tls12_record_protection_new(void)
-{
-        return calloc(1, sizeof(struct tls12_record_protection));
-}
-
-static void
-tls12_record_protection_clear(struct tls12_record_protection *rp)
-{
-        EVP_AEAD_CTX_free(rp->aead_ctx);
-
-        freezero(rp->aead_nonce, rp->aead_nonce_len);
-        freezero(rp->aead_fixed_nonce, rp->aead_fixed_nonce_len);
-
-        EVP_CIPHER_CTX_free(rp->cipher_ctx);
-        EVP_MD_CTX_free(rp->hash_ctx);
-
-        freezero(rp->mac_key, rp->mac_key_len);
-
-        memset(rp, 0, sizeof(*rp));
-}
-
-static void
-tls12_record_protection_free(struct tls12_record_protection *rp)
-{
-        if (rp == NULL)
-                return;
-
-        tls12_record_protection_clear(rp);
-
-        freezero(rp, sizeof(struct tls12_record_protection));
-}
-
-static int
-tls12_record_protection_engaged(struct tls12_record_protection *rp)
-{
-        return rp->aead_ctx != NULL || rp->cipher_ctx != NULL;
-}
-
-static int
-tls12_record_protection_unused(struct tls12_record_protection *rp)
-{
-        return rp->aead_ctx == NULL && rp->cipher_ctx == NULL &&
-            rp->hash_ctx == NULL && rp->mac_key == NULL;
-}
-
-static int
-tls12_record_protection_eiv_len(struct tls12_record_protection *rp,
-    size_t *out_eiv_len)
-{
-        int eiv_len;
-
-        *out_eiv_len = 0;
-
-        if (rp->cipher_ctx == NULL)
-                return 0;
-
-        eiv_len = 0;
-        if (EVP_CIPHER_CTX_mode(rp->cipher_ctx) == EVP_CIPH_CBC_MODE)
-                eiv_len = EVP_CIPHER_CTX_iv_length(rp->cipher_ctx);
-        if (eiv_len < 0 || eiv_len > EVP_MAX_IV_LENGTH)
-                return 0;
-
-        *out_eiv_len = eiv_len;
-
-        return 1;
-}
-
-static int
-tls12_record_protection_block_size(struct tls12_record_protection *rp,
-    size_t *out_block_size)
-{
-        int block_size;
-
-        *out_block_size = 0;
-
-        if (rp->cipher_ctx == NULL)
-                return 0;
-
-        block_size = EVP_CIPHER_CTX_block_size(rp->cipher_ctx);
-        if (block_size < 0 || block_size > EVP_MAX_BLOCK_LENGTH)
-                return 0;
-
-        *out_block_size = block_size;
-
-        return 1;
-}
-
-static int
-tls12_record_protection_mac_len(struct tls12_record_protection *rp,
-    size_t *out_mac_len)
-{
-        int mac_len;
-
-        *out_mac_len = 0;
-
-        if (rp->hash_ctx == NULL)
-                return 0;
-
-        mac_len = EVP_MD_CTX_size(rp->hash_ctx);
-        if (mac_len <= 0 || mac_len > EVP_MAX_MD_SIZE)
-                return 0;
-
-        *out_mac_len = mac_len;
-
-        return 1;
-}
-
-struct tls12_record_layer {
-        uint16_t version;
-        uint16_t initial_epoch;
-        int dtls;
-
-        uint8_t alert_desc;
-
-        const EVP_AEAD *aead;
-        const EVP_CIPHER *cipher;
-        const EVP_MD *handshake_hash;
-        const EVP_MD *mac_hash;
-
-        /* Pointers to active record protection (memory is not owned). */
-        struct tls12_record_protection *read;
-        struct tls12_record_protection *write;
-
-        struct tls12_record_protection *read_current;
-        struct tls12_record_protection *write_current;
-        struct tls12_record_protection *write_previous;
-};
-
-struct tls12_record_layer *
-tls12_record_layer_new(void)
-{
-        struct tls12_record_layer *rl;
-
-        if ((rl = calloc(1, sizeof(struct tls12_record_layer))) == NULL)
-                goto err;
-        if ((rl->read_current = tls12_record_protection_new()) == NULL)
-                goto err;
-        if ((rl->write_current = tls12_record_protection_new()) == NULL)
-                goto err;
-
-        rl->read = rl->read_current;
-        rl->write = rl->write_current;
-
-        return rl;
-
- err:
-        tls12_record_layer_free(rl);
-
-        return NULL;
-}
-
-void
-tls12_record_layer_free(struct tls12_record_layer *rl)
-{
-        if (rl == NULL)
-                return;
-
-        tls12_record_protection_free(rl->read_current);
-        tls12_record_protection_free(rl->write_current);
-        tls12_record_protection_free(rl->write_previous);
-
-        freezero(rl, sizeof(struct tls12_record_layer));
-}
-
-void
-tls12_record_layer_alert(struct tls12_record_layer *rl, uint8_t *alert_desc)
-{
-        *alert_desc = rl->alert_desc;
-}
-
-int
-tls12_record_layer_write_overhead(struct tls12_record_layer *rl,
-    size_t *overhead)
-{
-        size_t block_size, eiv_len, mac_len;
-
-        *overhead = 0;
-
-        if (rl->write->aead_ctx != NULL) {
-                *overhead = rl->write->aead_tag_len;
-        } else if (rl->write->cipher_ctx != NULL) {
-                eiv_len = 0;
-                if (rl->version != TLS1_VERSION) {
-                        if (!tls12_record_protection_eiv_len(rl->write, &eiv_len))
-                                return 0;
-                }
-                if (!tls12_record_protection_block_size(rl->write, &block_size))
-                        return 0;
-                if (!tls12_record_protection_mac_len(rl->write, &mac_len))
-                        return 0;
-
-                *overhead = eiv_len + block_size + mac_len;
-        }
-
-        return 1;
-}
-
-int
-tls12_record_layer_read_protected(struct tls12_record_layer *rl)
-{
-        return tls12_record_protection_engaged(rl->read);
-}
-
-int
-tls12_record_layer_write_protected(struct tls12_record_layer *rl)
-{
-        return tls12_record_protection_engaged(rl->write);
-}
-
-void
-tls12_record_layer_set_aead(struct tls12_record_layer *rl, const EVP_AEAD *aead)
-{
-        rl->aead = aead;
-}
-
-void
-tls12_record_layer_set_cipher_hash(struct tls12_record_layer *rl,
-    const EVP_CIPHER *cipher, const EVP_MD *handshake_hash,
-    const EVP_MD *mac_hash)
-{
-        rl->cipher = cipher;
-        rl->handshake_hash = handshake_hash;
-        rl->mac_hash = mac_hash;
-}
-
-void
-tls12_record_layer_set_version(struct tls12_record_layer *rl, uint16_t version)
-{
-        rl->version = version;
-        rl->dtls = ((version >> 8) == DTLS1_VERSION_MAJOR);
-}
-
-void
-tls12_record_layer_set_initial_epoch(struct tls12_record_layer *rl,
-    uint16_t epoch)
-{
-        rl->initial_epoch = epoch;
-}
-
-uint16_t
-tls12_record_layer_read_epoch(struct tls12_record_layer *rl)
-{
-        return rl->read->epoch;
-}
-
-uint16_t
-tls12_record_layer_write_epoch(struct tls12_record_layer *rl)
-{
-        return rl->write->epoch;
-}
-
-int
-tls12_record_layer_use_write_epoch(struct tls12_record_layer *rl, uint16_t epoch)
-{
-        if (rl->write->epoch == epoch)
-                return 1;
-
-        if (rl->write_current->epoch == epoch) {
-                rl->write = rl->write_current;
-                return 1;
-        }
-
-        if (rl->write_previous != NULL && rl->write_previous->epoch == epoch) {
-                rl->write = rl->write_previous;
-                return 1;
-        }
-
-        return 0;
-}
-
-void
-tls12_record_layer_write_epoch_done(struct tls12_record_layer *rl, uint16_t epoch)
-{
-        if (rl->write_previous == NULL || rl->write_previous->epoch != epoch)
-                return;
-
-        rl->write = rl->write_current;
-
-        tls12_record_protection_free(rl->write_previous);
-        rl->write_previous = NULL;
-}
-
-void
-tls12_record_layer_clear_read_state(struct tls12_record_layer *rl)
-{
-        tls12_record_protection_clear(rl->read);
-        rl->read->epoch = rl->initial_epoch;
-}
-
-void
-tls12_record_layer_clear_write_state(struct tls12_record_layer *rl)
-{
-        tls12_record_protection_clear(rl->write);
-        rl->write->epoch = rl->initial_epoch;
-
-        tls12_record_protection_free(rl->write_previous);
-        rl->write_previous = NULL;
-}
-
-void
-tls12_record_layer_reflect_seq_num(struct tls12_record_layer *rl)
-{
-        memcpy(rl->write->seq_num, rl->read->seq_num,
-            sizeof(rl->write->seq_num));
-}
-
-static const uint8_t tls12_max_seq_num[TLS12_RECORD_SEQ_NUM_LEN] = {
-        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-};
-
-int
-tls12_record_layer_inc_seq_num(struct tls12_record_layer *rl, uint8_t *seq_num)
-{
-        CBS max_seq_num;
-        int i;
-
-        /*
-         * RFC 5246 section 6.1 and RFC 6347 section 4.1 - both TLS and DTLS
-         * sequence numbers must not wrap. Note that for DTLS the first two
-         * bytes are used as an "epoch" and not part of the sequence number.
-         */
-        CBS_init(&max_seq_num, seq_num, TLS12_RECORD_SEQ_NUM_LEN);
-        if (rl->dtls) {
-                if (!CBS_skip(&max_seq_num, 2))
-                        return 0;
-        }
-        if (CBS_mem_equal(&max_seq_num, tls12_max_seq_num,
-            CBS_len(&max_seq_num)))
-                return 0;
-
-        for (i = TLS12_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) {
-                if (++seq_num[i] != 0)
-                        break;
-        }
-
-        return 1;
-}
-
-static int
-tls12_record_layer_set_mac_key(struct tls12_record_protection *rp,
-    const uint8_t *mac_key, size_t mac_key_len)
-{
-        freezero(rp->mac_key, rp->mac_key_len);
-        rp->mac_key = NULL;
-        rp->mac_key_len = 0;
-
-        if (mac_key == NULL || mac_key_len == 0)
-                return 1;
-
-        if ((rp->mac_key = calloc(1, mac_key_len)) == NULL)
-                return 0;
-
-        memcpy(rp->mac_key, mac_key, mac_key_len);
-        rp->mac_key_len = mac_key_len;
-
-        return 1;
-}
-
-static int
-tls12_record_layer_ccs_aead(struct tls12_record_layer *rl,
-    struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key,
-    CBS *iv)
-{
-        if (!tls12_record_protection_unused(rp))
-                return 0;
-
-        if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL)
-                return 0;
-
-        /* AES GCM cipher suites use variable nonce in record. */
-        if (rl->aead == EVP_aead_aes_128_gcm() ||
-            rl->aead == EVP_aead_aes_256_gcm())
-                rp->aead_variable_nonce_in_record = 1;
-
-        /* ChaCha20 Poly1305 XORs the fixed and variable nonces. */
-        if (rl->aead == EVP_aead_chacha20_poly1305())
-                rp->aead_xor_nonces = 1;
-
-        if (!CBS_stow(iv, &rp->aead_fixed_nonce, &rp->aead_fixed_nonce_len))
-                return 0;
-
-        rp->aead_nonce = calloc(1, EVP_AEAD_nonce_length(rl->aead));
-        if (rp->aead_nonce == NULL)
-                return 0;
-
-        rp->aead_nonce_len = EVP_AEAD_nonce_length(rl->aead);
-        rp->aead_tag_len = EVP_AEAD_max_overhead(rl->aead);
-        rp->aead_variable_nonce_len = TLS12_RECORD_SEQ_NUM_LEN;
-
-        if (rp->aead_xor_nonces) {
-                /* Fixed nonce length must match, variable must not exceed. */
-                if (rp->aead_fixed_nonce_len != rp->aead_nonce_len)
-                        return 0;
-                if (rp->aead_variable_nonce_len > rp->aead_nonce_len)
-                        return 0;
-        } else {
-                /* Concatenated nonce length must equal AEAD nonce length. */
-                if (rp->aead_fixed_nonce_len +
-                    rp->aead_variable_nonce_len != rp->aead_nonce_len)
-                        return 0;
-        }
-
-        if (!EVP_AEAD_CTX_init(rp->aead_ctx, rl->aead, CBS_data(key),
-            CBS_len(key), EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
-                return 0;
-
-        return 1;
-}
-
-static int
-tls12_record_layer_ccs_cipher(struct tls12_record_layer *rl,
-    struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key,
-    CBS *iv)
-{
-        EVP_PKEY *mac_pkey = NULL;
-        int mac_type;
-        int ret = 0;
-
-        if (!tls12_record_protection_unused(rp))
-                goto err;
-
-        mac_type = EVP_PKEY_HMAC;
-        rp->stream_mac = 0;
-
-        if (CBS_len(iv) > INT_MAX || CBS_len(key) > INT_MAX)
-                goto err;
-        if (EVP_CIPHER_iv_length(rl->cipher) != CBS_len(iv))
-                goto err;
-        if (EVP_CIPHER_key_length(rl->cipher) != CBS_len(key))
-                goto err;
-        if (CBS_len(mac_key) > INT_MAX)
-                goto err;
-        if (EVP_MD_size(rl->mac_hash) != CBS_len(mac_key))
-                goto err;
-        if ((rp->cipher_ctx = EVP_CIPHER_CTX_new()) == NULL)
-                goto err;
-        if ((rp->hash_ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-
-        if (!tls12_record_layer_set_mac_key(rp, CBS_data(mac_key),
-            CBS_len(mac_key)))
-                goto err;
-
-        if ((mac_pkey = EVP_PKEY_new_mac_key(mac_type, NULL, CBS_data(mac_key),
-            CBS_len(mac_key))) == NULL)
-                goto err;
-
-        if (!EVP_CipherInit_ex(rp->cipher_ctx, rl->cipher, NULL, CBS_data(key),
-            CBS_data(iv), is_write))
-                goto err;
-
-        if (EVP_DigestSignInit(rp->hash_ctx, NULL, rl->mac_hash, NULL,
-            mac_pkey) <= 0)
-                goto err;
-
-        ret = 1;
-
- err:
-        EVP_PKEY_free(mac_pkey);
-
-        return ret;
-}
-
-static int
-tls12_record_layer_change_cipher_state(struct tls12_record_layer *rl,
-    struct tls12_record_protection *rp, int is_write, CBS *mac_key, CBS *key,
-    CBS *iv)
-{
-        if (rl->aead != NULL)
-                return tls12_record_layer_ccs_aead(rl, rp, is_write, mac_key,
-                    key, iv);
-
-        return tls12_record_layer_ccs_cipher(rl, rp, is_write, mac_key,
-            key, iv);
-}
-
-int
-tls12_record_layer_change_read_cipher_state(struct tls12_record_layer *rl,
-    CBS *mac_key, CBS *key, CBS *iv)
-{
-        struct tls12_record_protection *read_new = NULL;
-        int ret = 0;
-
-        if ((read_new = tls12_record_protection_new()) == NULL)
-                goto err;
-
-        /* Read sequence number gets reset to zero. */
-
-        /* DTLS epoch is incremented and is permitted to wrap. */
-        if (rl->dtls)
-                read_new->epoch = rl->read_current->epoch + 1;
-
-        if (!tls12_record_layer_change_cipher_state(rl, read_new, 0,
-            mac_key, key, iv))
-                goto err;
-
-        tls12_record_protection_free(rl->read_current);
-        rl->read = rl->read_current = read_new;
-        read_new = NULL;
-
-        ret = 1;
-
- err:
-        tls12_record_protection_free(read_new);
-
-        return ret;
-}
-
-int
-tls12_record_layer_change_write_cipher_state(struct tls12_record_layer *rl,
-    CBS *mac_key, CBS *key, CBS *iv)
-{
-        struct tls12_record_protection *write_new;
-        int ret = 0;
-
-        if ((write_new = tls12_record_protection_new()) == NULL)
-                goto err;
-
-        /* Write sequence number gets reset to zero. */
-
-        /* DTLS epoch is incremented and is permitted to wrap. */
-        if (rl->dtls)
-                write_new->epoch = rl->write_current->epoch + 1;
-
-        if (!tls12_record_layer_change_cipher_state(rl, write_new, 1,
-            mac_key, key, iv))
-                goto err;
-
-        if (rl->dtls) {
-                tls12_record_protection_free(rl->write_previous);
-                rl->write_previous = rl->write_current;
-                rl->write_current = NULL;
-        }
-        tls12_record_protection_free(rl->write_current);
-        rl->write = rl->write_current = write_new;
-        write_new = NULL;
-
-        ret = 1;
-
- err:
-        tls12_record_protection_free(write_new);
-
-        return ret;
-}
-
-static int
-tls12_record_layer_build_seq_num(struct tls12_record_layer *rl, CBB *cbb,
-    uint16_t epoch, uint8_t *seq_num, size_t seq_num_len)
-{
-        CBS seq;
-
-        CBS_init(&seq, seq_num, seq_num_len);
-
-        if (rl->dtls) {
-                if (!CBB_add_u16(cbb, epoch))
-                        return 0;
-                if (!CBS_skip(&seq, 2))
-                        return 0;
-        }
-
-        return CBB_add_bytes(cbb, CBS_data(&seq), CBS_len(&seq));
-}
-
-static int
-tls12_record_layer_pseudo_header(struct tls12_record_layer *rl,
-    uint8_t content_type, uint16_t record_len, CBS *seq_num, uint8_t **out,
-    size_t *out_len)
-{
-        CBB cbb;
-
-        *out = NULL;
-        *out_len = 0;
-
-        /* Build the pseudo-header used for MAC/AEAD. */
-        if (!CBB_init(&cbb, 13))
-                goto err;
-
-        if (!CBB_add_bytes(&cbb, CBS_data(seq_num), CBS_len(seq_num)))
-                goto err;
-        if (!CBB_add_u8(&cbb, content_type))
-                goto err;
-        if (!CBB_add_u16(&cbb, rl->version))
-                goto err;
-        if (!CBB_add_u16(&cbb, record_len))
-                goto err;
-
-        if (!CBB_finish(&cbb, out, out_len))
-                goto err;
-
-        return 1;
-
- err:
-        CBB_cleanup(&cbb);
-
-        return 0;
-}
-
-static int
-tls12_record_layer_mac(struct tls12_record_layer *rl, CBB *cbb,
-    EVP_MD_CTX *hash_ctx, int stream_mac, CBS *seq_num, uint8_t content_type,
-    const uint8_t *content, size_t content_len, size_t *out_len)
-{
-        EVP_MD_CTX *mac_ctx = NULL;
-        uint8_t *header = NULL;
-        size_t header_len = 0;
-        size_t mac_len;
-        uint8_t *mac;
-        int ret = 0;
-
-        if ((mac_ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_MD_CTX_copy(mac_ctx, hash_ctx))
-                goto err;
-
-        if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
-            seq_num, &header, &header_len))
-                goto err;
-
-        if (EVP_DigestSignUpdate(mac_ctx, header, header_len) <= 0)
-                goto err;
-        if (EVP_DigestSignUpdate(mac_ctx, content, content_len) <= 0)
-                goto err;
-        if (EVP_DigestSignFinal(mac_ctx, NULL, &mac_len) <= 0)
-                goto err;
-        if (!CBB_add_space(cbb, &mac, mac_len))
-                goto err;
-        if (EVP_DigestSignFinal(mac_ctx, mac, &mac_len) <= 0)
-                goto err;
-        if (mac_len == 0)
-                goto err;
-
-        if (stream_mac) {
-                if (!EVP_MD_CTX_copy(hash_ctx, mac_ctx))
-                        goto err;
-        }
-
-        *out_len = mac_len;
-        ret = 1;
-
- err:
-        EVP_MD_CTX_free(mac_ctx);
-        freezero(header, header_len);
-
-        return ret;
-}
-
-static int
-tls12_record_layer_read_mac_cbc(struct tls12_record_layer *rl, CBB *cbb,
-    uint8_t content_type, CBS *seq_num, const uint8_t *content,
-    size_t content_len, size_t mac_len, size_t padding_len)
-{
-        uint8_t *header = NULL;
-        size_t header_len = 0;
-        uint8_t *mac = NULL;
-        size_t out_mac_len = 0;
-        int ret = 0;
-
-        /*
-         * Must be constant time to avoid leaking details about CBC padding.
-         */
-
-        if (!ssl3_cbc_record_digest_supported(rl->read->hash_ctx))
-                goto err;
-
-        if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
-            seq_num, &header, &header_len))
-                goto err;
-
-        if (!CBB_add_space(cbb, &mac, mac_len))
-                goto err;
-        if (!ssl3_cbc_digest_record(rl->read->hash_ctx, mac, &out_mac_len, header,
-            content, content_len + mac_len, content_len + mac_len + padding_len,
-            rl->read->mac_key, rl->read->mac_key_len))
-                goto err;
-        if (mac_len != out_mac_len)
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(header, header_len);
-
-        return ret;
-}
-
-static int
-tls12_record_layer_read_mac(struct tls12_record_layer *rl, CBB *cbb,
-    uint8_t content_type, CBS *seq_num, const uint8_t *content,
-    size_t content_len)
-{
-        EVP_CIPHER_CTX *enc = rl->read->cipher_ctx;
-        size_t out_len;
-
-        if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE)
-                return 0;
-
-        return tls12_record_layer_mac(rl, cbb, rl->read->hash_ctx,
-            rl->read->stream_mac, seq_num, content_type, content, content_len,
-            &out_len);
-}
-
-static int
-tls12_record_layer_write_mac(struct tls12_record_layer *rl, CBB *cbb,
-    uint8_t content_type, CBS *seq_num, const uint8_t *content,
-    size_t content_len, size_t *out_len)
-{
-        return tls12_record_layer_mac(rl, cbb, rl->write->hash_ctx,
-            rl->write->stream_mac, seq_num, content_type, content, content_len,
-            out_len);
-}
-
-static int
-tls12_record_layer_aead_concat_nonce(struct tls12_record_layer *rl,
-    struct tls12_record_protection *rp, CBS *seq_num)
-{
-        CBB cbb;
-
-        if (rp->aead_variable_nonce_len > CBS_len(seq_num))
-                return 0;
-
-        /* Fixed nonce and variable nonce (sequence number) are concatenated. */
-        if (!CBB_init_fixed(&cbb, rp->aead_nonce, rp->aead_nonce_len))
-                goto err;
-        if (!CBB_add_bytes(&cbb, rp->aead_fixed_nonce,
-            rp->aead_fixed_nonce_len))
-                goto err;
-        if (!CBB_add_bytes(&cbb, CBS_data(seq_num),
-            rp->aead_variable_nonce_len))
-                goto err;
-        if (!CBB_finish(&cbb, NULL, NULL))
-                goto err;
-
-        return 1;
-
- err:
-        CBB_cleanup(&cbb);
-
-        return 0;
-}
-
-static int
-tls12_record_layer_aead_xored_nonce(struct tls12_record_layer *rl,
-    struct tls12_record_protection *rp, CBS *seq_num)
-{
-        uint8_t *pad;
-        CBB cbb;
-        int i;
-
-        if (rp->aead_variable_nonce_len > CBS_len(seq_num))
-                return 0;
-        if (rp->aead_fixed_nonce_len < rp->aead_variable_nonce_len)
-                return 0;
-        if (rp->aead_fixed_nonce_len != rp->aead_nonce_len)
-                return 0;
-
-        /*
-         * Variable nonce (sequence number) is right padded, before the fixed
-         * nonce is XOR'd in.
-         */
-        if (!CBB_init_fixed(&cbb, rp->aead_nonce, rp->aead_nonce_len))
-                goto err;
-        if (!CBB_add_space(&cbb, &pad,
-            rp->aead_fixed_nonce_len - rp->aead_variable_nonce_len))
-                goto err;
-        if (!CBB_add_bytes(&cbb, CBS_data(seq_num),
-            rp->aead_variable_nonce_len))
-                goto err;
-        if (!CBB_finish(&cbb, NULL, NULL))
-                goto err;
-
-        for (i = 0; i < rp->aead_fixed_nonce_len; i++)
-                rp->aead_nonce[i] ^= rp->aead_fixed_nonce[i];
-
-        return 1;
-
- err:
-        CBB_cleanup(&cbb);
-
-        return 0;
-}
-
-static int
-tls12_record_layer_open_record_plaintext(struct tls12_record_layer *rl,
-    uint8_t content_type, CBS *fragment, struct tls_content *out)
-{
-        if (tls12_record_protection_engaged(rl->read))
-                return 0;
-
-        return tls_content_dup_data(out, content_type, CBS_data(fragment),
-            CBS_len(fragment));
-}
-
-static int
-tls12_record_layer_open_record_protected_aead(struct tls12_record_layer *rl,
-    uint8_t content_type, CBS *seq_num, CBS *fragment, struct tls_content *out)
-{
-        struct tls12_record_protection *rp = rl->read;
-        uint8_t *header = NULL;
-        size_t header_len = 0;
-        uint8_t *content = NULL;
-        size_t content_len = 0;
-        size_t out_len = 0;
-        CBS var_nonce;
-        int ret = 0;
-
-        if (rp->aead_xor_nonces) {
-                if (!tls12_record_layer_aead_xored_nonce(rl, rp, seq_num))
-                        goto err;
-        } else if (rp->aead_variable_nonce_in_record) {
-                if (!CBS_get_bytes(fragment, &var_nonce,
-                    rp->aead_variable_nonce_len))
-                        goto err;
-                if (!tls12_record_layer_aead_concat_nonce(rl, rp, &var_nonce))
-                        goto err;
-        } else {
-                if (!tls12_record_layer_aead_concat_nonce(rl, rp, seq_num))
-                        goto err;
-        }
-
-        /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */
-        if (CBS_len(fragment) < rp->aead_tag_len) {
-                rl->alert_desc = SSL_AD_BAD_RECORD_MAC;
-                goto err;
-        }
-        if (CBS_len(fragment) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
-                rl->alert_desc = SSL_AD_RECORD_OVERFLOW;
-                goto err;
-        }
-
-        content_len = CBS_len(fragment) - rp->aead_tag_len;
-        if ((content = calloc(1, CBS_len(fragment))) == NULL) {
-                content_len = 0;
-                goto err;
-        }
-
-        if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
-            seq_num, &header, &header_len))
-                goto err;
-
-        if (!EVP_AEAD_CTX_open(rp->aead_ctx, content, &out_len, content_len,
-            rp->aead_nonce, rp->aead_nonce_len, CBS_data(fragment),
-            CBS_len(fragment), header, header_len)) {
-                rl->alert_desc = SSL_AD_BAD_RECORD_MAC;
-                goto err;
-        }
-
-        if (out_len > SSL3_RT_MAX_PLAIN_LENGTH) {
-                rl->alert_desc = SSL_AD_RECORD_OVERFLOW;
-                goto err;
-        }
-
-        if (out_len != content_len)
-                goto err;
-
-        tls_content_set_data(out, content_type, content, content_len);
-        content = NULL;
-        content_len = 0;
-
-        ret = 1;
-
- err:
-        freezero(header, header_len);
-        freezero(content, content_len);
-
-        return ret;
-}
-
-static int
-tls12_record_layer_open_record_protected_cipher(struct tls12_record_layer *rl,
-    uint8_t content_type, CBS *seq_num, CBS *fragment, struct tls_content *out)
-{
-        EVP_CIPHER_CTX *enc = rl->read->cipher_ctx;
-        SSL3_RECORD_INTERNAL rrec;
-        size_t block_size, eiv_len;
-        uint8_t *mac = NULL;
-        size_t mac_len = 0;
-        uint8_t *out_mac = NULL;
-        size_t out_mac_len = 0;
-        uint8_t *content = NULL;
-        size_t content_len = 0;
-        size_t min_len;
-        CBB cbb_mac;
-        int ret = 0;
-
-        memset(&cbb_mac, 0, sizeof(cbb_mac));
-        memset(&rrec, 0, sizeof(rrec));
-
-        if (!tls12_record_protection_block_size(rl->read, &block_size))
-                goto err;
-
-        /* Determine explicit IV length. */
-        eiv_len = 0;
-        if (rl->version != TLS1_VERSION) {
-                if (!tls12_record_protection_eiv_len(rl->read, &eiv_len))
-                        goto err;
-        }
-
-        mac_len = 0;
-        if (rl->read->hash_ctx != NULL) {
-                if (!tls12_record_protection_mac_len(rl->read, &mac_len))
-                        goto err;
-        }
-
-        /* CBC has at least one padding byte. */
-        min_len = eiv_len + mac_len;
-        if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE)
-                min_len += 1;
-
-        if (CBS_len(fragment) < min_len) {
-                rl->alert_desc = SSL_AD_BAD_RECORD_MAC;
-                goto err;
-        }
-        if (CBS_len(fragment) > SSL3_RT_MAX_ENCRYPTED_LENGTH) {
-                rl->alert_desc = SSL_AD_RECORD_OVERFLOW;
-                goto err;
-        }
-        if (CBS_len(fragment) % block_size != 0) {
-                rl->alert_desc = SSL_AD_BAD_RECORD_MAC;
-                goto err;
-        }
-
-        if ((content = calloc(1, CBS_len(fragment))) == NULL)
-                goto err;
-        content_len = CBS_len(fragment);
-
-        if (!EVP_Cipher(enc, content, CBS_data(fragment), CBS_len(fragment)))
-                goto err;
-
-        rrec.data = content;
-        rrec.input = content;
-        rrec.length = content_len;
-
-        /*
-         * We now have to remove padding, extract MAC, calculate MAC
-         * and compare MAC in constant time.
-         */
-        if (block_size > 1)
-                ssl3_cbc_remove_padding(&rrec, eiv_len, mac_len);
-
-        if ((mac = calloc(1, mac_len)) == NULL)
-                goto err;
-
-        if (!CBB_init(&cbb_mac, EVP_MAX_MD_SIZE))
-                goto err;
-        if (EVP_CIPHER_CTX_mode(enc) == EVP_CIPH_CBC_MODE) {
-                ssl3_cbc_copy_mac(mac, &rrec, mac_len, rrec.length +
-                    rrec.padding_length);
-                rrec.length -= mac_len;
-                if (!tls12_record_layer_read_mac_cbc(rl, &cbb_mac, content_type,
-                    seq_num, rrec.input, rrec.length, mac_len,
-                    rrec.padding_length))
-                        goto err;
-        } else {
-                rrec.length -= mac_len;
-                memcpy(mac, rrec.data + rrec.length, mac_len);
-                if (!tls12_record_layer_read_mac(rl, &cbb_mac, content_type,
-                    seq_num, rrec.input, rrec.length))
-                        goto err;
-        }
-        if (!CBB_finish(&cbb_mac, &out_mac, &out_mac_len))
-                goto err;
-        if (mac_len != out_mac_len)
-                goto err;
-
-        if (timingsafe_memcmp(mac, out_mac, mac_len) != 0) {
-                rl->alert_desc = SSL_AD_BAD_RECORD_MAC;
-                goto err;
-        }
-
-        if (rrec.length > SSL3_RT_MAX_COMPRESSED_LENGTH + mac_len) {
-                rl->alert_desc = SSL_AD_BAD_RECORD_MAC;
-                goto err;
-        }
-        if (rrec.length > SSL3_RT_MAX_PLAIN_LENGTH) {
-                rl->alert_desc = SSL_AD_RECORD_OVERFLOW;
-                goto err;
-        }
-
-        tls_content_set_data(out, content_type, content, content_len);
-        content = NULL;
-        content_len = 0;
-
-        /* Actual content is after EIV, minus padding and MAC. */
-        if (!tls_content_set_bounds(out, eiv_len, rrec.length))
-                goto err;
-
-        ret = 1;
-
- err:
-        CBB_cleanup(&cbb_mac);
-        freezero(mac, mac_len);
-        freezero(out_mac, out_mac_len);
-        freezero(content, content_len);
-
-        return ret;
-}
-
-int
-tls12_record_layer_open_record(struct tls12_record_layer *rl, uint8_t *buf,
-    size_t buf_len, struct tls_content *out)
-{
-        CBS cbs, fragment, seq_num;
-        uint16_t version;
-        uint8_t content_type;
-
-        CBS_init(&cbs, buf, buf_len);
-        CBS_init(&seq_num, rl->read->seq_num, sizeof(rl->read->seq_num));
-
-        if (!CBS_get_u8(&cbs, &content_type))
-                return 0;
-        if (!CBS_get_u16(&cbs, &version))
-                return 0;
-        if (rl->dtls) {
-                /*
-                 * The DTLS sequence number is split into a 16 bit epoch and
-                 * 48 bit sequence number, however for the purposes of record
-                 * processing it is treated the same as a TLS 64 bit sequence
-                 * number. DTLS also uses explicit read sequence numbers, which
-                 * we need to extract from the DTLS record header.
-                 */
-                if (!CBS_get_bytes(&cbs, &seq_num, SSL3_SEQUENCE_SIZE))
-                        return 0;
-                if (!CBS_write_bytes(&seq_num, rl->read->seq_num,
-                    sizeof(rl->read->seq_num), NULL))
-                        return 0;
-        }
-        if (!CBS_get_u16_length_prefixed(&cbs, &fragment))
-                return 0;
-
-        if (rl->read->aead_ctx != NULL) {
-                if (!tls12_record_layer_open_record_protected_aead(rl,
-                    content_type, &seq_num, &fragment, out))
-                        return 0;
-        } else if (rl->read->cipher_ctx != NULL) {
-                if (!tls12_record_layer_open_record_protected_cipher(rl,
-                    content_type, &seq_num, &fragment, out))
-                        return 0;
-        } else {
-                if (!tls12_record_layer_open_record_plaintext(rl,
-                    content_type, &fragment, out))
-                        return 0;
-        }
-
-        if (!rl->dtls) {
-                if (!tls12_record_layer_inc_seq_num(rl, rl->read->seq_num))
-                        return 0;
-        }
-
-        return 1;
-}
-
-static int
-tls12_record_layer_seal_record_plaintext(struct tls12_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len, CBB *out)
-{
-        if (tls12_record_protection_engaged(rl->write))
-                return 0;
-
-        return CBB_add_bytes(out, content, content_len);
-}
-
-static int
-tls12_record_layer_seal_record_protected_aead(struct tls12_record_layer *rl,
-    uint8_t content_type, CBS *seq_num, const uint8_t *content,
-    size_t content_len, CBB *out)
-{
-        struct tls12_record_protection *rp = rl->write;
-        uint8_t *header = NULL;
-        size_t header_len = 0;
-        size_t enc_record_len, out_len;
-        uint8_t *enc_data;
-        int ret = 0;
-
-        if (rp->aead_xor_nonces) {
-                if (!tls12_record_layer_aead_xored_nonce(rl, rp, seq_num))
-                        goto err;
-        } else {
-                if (!tls12_record_layer_aead_concat_nonce(rl, rp, seq_num))
-                        goto err;
-        }
-
-        if (rp->aead_variable_nonce_in_record) {
-                if (rp->aead_variable_nonce_len > CBS_len(seq_num))
-                        goto err;
-                if (!CBB_add_bytes(out, CBS_data(seq_num),
-                    rp->aead_variable_nonce_len))
-                        goto err;
-        }
-
-        if (!tls12_record_layer_pseudo_header(rl, content_type, content_len,
-            seq_num, &header, &header_len))
-                goto err;
-
-        /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */
-        enc_record_len = content_len + rp->aead_tag_len;
-        if (enc_record_len > SSL3_RT_MAX_ENCRYPTED_LENGTH)
-                goto err;
-        if (!CBB_add_space(out, &enc_data, enc_record_len))
-                goto err;
-
-        if (!EVP_AEAD_CTX_seal(rp->aead_ctx, enc_data, &out_len, enc_record_len,
-            rp->aead_nonce, rp->aead_nonce_len, content, content_len, header,
-            header_len))
-                goto err;
-
-        if (out_len != enc_record_len)
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(header, header_len);
-
-        return ret;
-}
-
-static int
-tls12_record_layer_seal_record_protected_cipher(struct tls12_record_layer *rl,
-    uint8_t content_type, CBS *seq_num, const uint8_t *content,
-    size_t content_len, CBB *out)
-{
-        EVP_CIPHER_CTX *enc = rl->write->cipher_ctx;
-        size_t block_size, eiv_len, mac_len, pad_len;
-        uint8_t *enc_data, *eiv, *pad, pad_val;
-        uint8_t *plain = NULL;
-        size_t plain_len = 0;
-        int ret = 0;
-        CBB cbb;
-
-        if (!CBB_init(&cbb, SSL3_RT_MAX_PLAIN_LENGTH))
-                goto err;
-
-        /* Add explicit IV if necessary. */
-        eiv_len = 0;
-        if (rl->version != TLS1_VERSION) {
-                if (!tls12_record_protection_eiv_len(rl->write, &eiv_len))
-                        goto err;
-        }
-        if (eiv_len > 0) {
-                if (!CBB_add_space(&cbb, &eiv, eiv_len))
-                        goto err;
-                arc4random_buf(eiv, eiv_len);
-        }
-
-        if (!CBB_add_bytes(&cbb, content, content_len))
-                goto err;
-
-        mac_len = 0;
-        if (rl->write->hash_ctx != NULL) {
-                if (!tls12_record_layer_write_mac(rl, &cbb, content_type,
-                    seq_num, content, content_len, &mac_len))
-                        goto err;
-        }
-
-        plain_len = eiv_len + content_len + mac_len;
-
-        /* Add padding to block size, if necessary. */
-        if (!tls12_record_protection_block_size(rl->write, &block_size))
-                goto err;
-        if (block_size > 1) {
-                pad_len = block_size - (plain_len % block_size);
-                pad_val = pad_len - 1;
-
-                if (pad_len > 255)
-                        goto err;
-                if (!CBB_add_space(&cbb, &pad, pad_len))
-                        goto err;
-                memset(pad, pad_val, pad_len);
-        }
-
-        if (!CBB_finish(&cbb, &plain, &plain_len))
-                goto err;
-
-        if (plain_len % block_size != 0)
-                goto err;
-        if (plain_len > SSL3_RT_MAX_ENCRYPTED_LENGTH)
-                goto err;
-
-        if (!CBB_add_space(out, &enc_data, plain_len))
-                goto err;
-        if (!EVP_Cipher(enc, enc_data, plain, plain_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        CBB_cleanup(&cbb);
-        freezero(plain, plain_len);
-
-        return ret;
-}
-
-int
-tls12_record_layer_seal_record(struct tls12_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len, CBB *cbb)
-{
-        uint8_t *seq_num_data = NULL;
-        size_t seq_num_len = 0;
-        CBB fragment, seq_num_cbb;
-        CBS seq_num;
-        int ret = 0;
-
-        /*
-         * Construct the effective sequence number - this is used in both
-         * the DTLS header and for MAC calculations.
-         */
-        if (!CBB_init(&seq_num_cbb, SSL3_SEQUENCE_SIZE))
-                goto err;
-        if (!tls12_record_layer_build_seq_num(rl, &seq_num_cbb, rl->write->epoch,
-            rl->write->seq_num, sizeof(rl->write->seq_num)))
-                goto err;
-        if (!CBB_finish(&seq_num_cbb, &seq_num_data, &seq_num_len))
-                goto err;
-        CBS_init(&seq_num, seq_num_data, seq_num_len);
-
-        if (!CBB_add_u8(cbb, content_type))
-                goto err;
-        if (!CBB_add_u16(cbb, rl->version))
-                goto err;
-        if (rl->dtls) {
-                if (!CBB_add_bytes(cbb, CBS_data(&seq_num), CBS_len(&seq_num)))
-                        goto err;
-        }
-        if (!CBB_add_u16_length_prefixed(cbb, &fragment))
-                goto err;
-
-        if (rl->write->aead_ctx != NULL) {
-                if (!tls12_record_layer_seal_record_protected_aead(rl,
-                    content_type, &seq_num, content, content_len, &fragment))
-                        goto err;
-        } else if (rl->write->cipher_ctx != NULL) {
-                if (!tls12_record_layer_seal_record_protected_cipher(rl,
-                    content_type, &seq_num, content, content_len, &fragment))
-                        goto err;
-        } else {
-                if (!tls12_record_layer_seal_record_plaintext(rl,
-                    content_type, content, content_len, &fragment))
-                        goto err;
-        }
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        if (!tls12_record_layer_inc_seq_num(rl, rl->write->seq_num))
-                goto err;
-
-        ret = 1;
-
- err:
-        CBB_cleanup(&seq_num_cbb);
-        free(seq_num_data);
-
-        return ret;
-}
diff --git a/src/lib/libssl/tls13_client.c b/src/lib/libssl/tls13_client.c
deleted file mode 100644
index 901b38f860..0000000000
--- a/src/lib/libssl/tls13_client.c
+++ /dev/null
@@ -1,1060 +0,0 @@
-/* $OpenBSD: tls13_client.c,v 1.104 2024/07/22 14:47:15 jsing Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <openssl/ssl3.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-#include "tls13_handshake.h"
-#include "tls13_internal.h"
-
-int
-tls13_client_init(struct tls13_ctx *ctx)
-{
-        const uint16_t *groups;
-        size_t groups_len;
-        SSL *s = ctx->ssl;
-
-        if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version,
-            &ctx->hs->our_max_tls_version)) {
-                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
-                return 0;
-        }
-        s->version = ctx->hs->our_max_tls_version;
-
-        tls13_record_layer_set_retry_after_phh(ctx->rl,
-            (s->mode & SSL_MODE_AUTO_RETRY) != 0);
-
-        if (!ssl_get_new_session(s, 0)) /* XXX */
-                return 0;
-
-        if (!tls1_transcript_init(s))
-                return 0;
-
-        /* Generate a key share using our preferred group. */
-        tls1_get_group_list(s, 0, &groups, &groups_len);
-        if (groups_len < 1)
-                return 0;
-        if ((ctx->hs->key_share = tls_key_share_new(groups[0])) == NULL)
-                return 0;
-        if (!tls_key_share_generate(ctx->hs->key_share))
-                return 0;
-
-        arc4random_buf(s->s3->client_random, SSL3_RANDOM_SIZE);
-
-        /*
-         * The legacy session identifier should either be set to an
-         * unpredictable 32-byte value or zero length... a non-zero length
-         * legacy session identifier triggers compatibility mode (see RFC 8446
-         * Appendix D.4). In the pre-TLSv1.3 case a zero length value is used.
-         */
-        if (ctx->middlebox_compat &&
-            ctx->hs->our_max_tls_version >= TLS1_3_VERSION) {
-                arc4random_buf(ctx->hs->tls13.legacy_session_id,
-                    sizeof(ctx->hs->tls13.legacy_session_id));
-                ctx->hs->tls13.legacy_session_id_len =
-                    sizeof(ctx->hs->tls13.legacy_session_id);
-        }
-
-        return 1;
-}
-
-int
-tls13_client_connect(struct tls13_ctx *ctx)
-{
-        if (ctx->mode != TLS13_HS_CLIENT)
-                return TLS13_IO_FAILURE;
-
-        return tls13_handshake_perform(ctx);
-}
-
-static int
-tls13_client_hello_build(struct tls13_ctx *ctx, CBB *cbb)
-{
-        CBB cipher_suites, compression_methods, session_id;
-        uint16_t client_version;
-        SSL *s = ctx->ssl;
-
-        /* Legacy client version is capped at TLS 1.2. */
-        if (!ssl_max_legacy_version(s, &client_version))
-                goto err;
-
-        if (!CBB_add_u16(cbb, client_version))
-                goto err;
-        if (!CBB_add_bytes(cbb, s->s3->client_random, SSL3_RANDOM_SIZE))
-                goto err;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &session_id))
-                goto err;
-        if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id,
-            ctx->hs->tls13.legacy_session_id_len))
-                goto err;
-
-        if (!CBB_add_u16_length_prefixed(cbb, &cipher_suites))
-                goto err;
-        if (!ssl_cipher_list_to_bytes(s, SSL_get_ciphers(s), &cipher_suites)) {
-                SSLerror(s, SSL_R_NO_CIPHERS_AVAILABLE);
-                goto err;
-        }
-
-        if (!CBB_add_u8_length_prefixed(cbb, &compression_methods))
-                goto err;
-        if (!CBB_add_u8(&compression_methods, 0))
-                goto err;
-
-        if (!tlsext_client_build(s, SSL_TLSEXT_MSG_CH, cbb))
-                goto err;
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        return 1;
-
- err:
-        return 0;
-}
-
-int
-tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        if (ctx->hs->our_min_tls_version < TLS1_2_VERSION)
-                tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
-
-        /* We may receive a pre-TLSv1.3 alert in response to the client hello. */
-        tls13_record_layer_allow_legacy_alerts(ctx->rl, 1);
-
-        if (!tls13_client_hello_build(ctx, cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-tls13_client_hello_sent(struct tls13_ctx *ctx)
-{
-        tls1_transcript_freeze(ctx->ssl);
-
-        if (ctx->middlebox_compat) {
-                tls13_record_layer_allow_ccs(ctx->rl, 1);
-                ctx->send_dummy_ccs = 1;
-        }
-
-        return 1;
-}
-
-static int
-tls13_server_hello_is_legacy(CBS *cbs)
-{
-        CBS extensions_block, extensions, extension_data;
-        uint16_t selected_version = 0;
-        uint16_t type;
-
-        CBS_dup(cbs, &extensions_block);
-
-        if (!CBS_get_u16_length_prefixed(&extensions_block, &extensions))
-                return 1;
-
-        while (CBS_len(&extensions) > 0) {
-                if (!CBS_get_u16(&extensions, &type))
-                        return 1;
-                if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
-                        return 1;
-
-                if (type != TLSEXT_TYPE_supported_versions)
-                        continue;
-                if (!CBS_get_u16(&extension_data, &selected_version))
-                        return 1;
-                if (CBS_len(&extension_data) != 0)
-                        return 1;
-        }
-
-        return (selected_version < TLS1_3_VERSION);
-}
-
-static int
-tls13_server_hello_is_retry(CBS *cbs)
-{
-        CBS server_hello, server_random;
-        uint16_t legacy_version;
-
-        CBS_dup(cbs, &server_hello);
-
-        if (!CBS_get_u16(&server_hello, &legacy_version))
-                return 0;
-        if (!CBS_get_bytes(&server_hello, &server_random, SSL3_RANDOM_SIZE))
-                return 0;
-
-        /* See if this is a HelloRetryRequest. */
-        return CBS_mem_equal(&server_random, tls13_hello_retry_request_hash,
-            sizeof(tls13_hello_retry_request_hash));
-}
-
-static int
-tls13_server_hello_process(struct tls13_ctx *ctx, CBS *cbs)
-{
-        CBS server_random, session_id;
-        uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH;
-        uint16_t cipher_suite, legacy_version;
-        uint8_t compression_method;
-        const SSL_CIPHER *cipher;
-        int alert_desc;
-        SSL *s = ctx->ssl;
-
-        if (!CBS_get_u16(cbs, &legacy_version))
-                goto err;
-        if (!CBS_get_bytes(cbs, &server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!CBS_get_u8_length_prefixed(cbs, &session_id))
-                goto err;
-        if (!CBS_get_u16(cbs, &cipher_suite))
-                goto err;
-        if (!CBS_get_u8(cbs, &compression_method))
-                goto err;
-
-        if (tls13_server_hello_is_legacy(cbs)) {
-                if (ctx->hs->our_max_tls_version >= TLS1_3_VERSION) {
-                        /*
-                         * RFC 8446 section 4.1.3: we must not downgrade if
-                         * the server random value contains the TLS 1.2 or 1.1
-                         * magical value.
-                         */
-                        if (!CBS_skip(&server_random, CBS_len(&server_random) -
-                            sizeof(tls13_downgrade_12)))
-                                goto err;
-                        if (CBS_mem_equal(&server_random, tls13_downgrade_12,
-                            sizeof(tls13_downgrade_12)) ||
-                            CBS_mem_equal(&server_random, tls13_downgrade_11,
-                            sizeof(tls13_downgrade_11))) {
-                                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                                goto err;
-                        }
-                }
-
-                if (!CBS_skip(cbs, CBS_len(cbs)))
-                        goto err;
-
-                ctx->hs->tls13.use_legacy = 1;
-                return 1;
-        }
-
-        /* From here on in we know we are doing TLSv1.3. */
-        tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION);
-        tls13_record_layer_allow_legacy_alerts(ctx->rl, 0);
-
-        /* See if this is a HelloRetryRequest. */
-        /* XXX - see if we can avoid doing this twice. */
-        if (CBS_mem_equal(&server_random, tls13_hello_retry_request_hash,
-            sizeof(tls13_hello_retry_request_hash))) {
-                tlsext_msg_type = SSL_TLSEXT_MSG_HRR;
-                ctx->hs->tls13.hrr = 1;
-        }
-
-        if (!tlsext_client_parse(s, tlsext_msg_type, cbs, &alert_desc)) {
-                ctx->alert = alert_desc;
-                goto err;
-        }
-
-        /*
-         * The supported versions extension indicated 0x0304 or greater.
-         * Ensure that it was 0x0304 and that legacy version is set to 0x0303
-         * (RFC 8446 section 4.2.1).
-         */
-        if (ctx->hs->tls13.server_version != TLS1_3_VERSION ||
-            legacy_version != TLS1_2_VERSION) {
-                ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
-                goto err;
-        }
-        ctx->hs->negotiated_tls_version = ctx->hs->tls13.server_version;
-        ctx->hs->peer_legacy_version = legacy_version;
-
-        /* The session_id must match. */
-        if (!CBS_mem_equal(&session_id, ctx->hs->tls13.legacy_session_id,
-            ctx->hs->tls13.legacy_session_id_len)) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        /*
-         * Ensure that the cipher suite is one that we offered in the client
-         * hello and that it is a TLSv1.3 cipher suite.
-         */
-        cipher = ssl3_get_cipher_by_value(cipher_suite);
-        if (cipher == NULL || !ssl_cipher_in_list(SSL_get_ciphers(s), cipher)) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-        if (cipher->algorithm_ssl != SSL_TLSV1_3) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-        if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR) && !ctx->hs->tls13.hrr) {
-                /*
-                 * A ServerHello following a HelloRetryRequest MUST use the same
-                 * cipher suite (RFC 8446 section 4.1.4).
-                 */
-                if (ctx->hs->cipher != cipher) {
-                        ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                        goto err;
-                }
-        }
-        ctx->hs->cipher = cipher;
-
-        if (compression_method != 0) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        return 1;
-
- err:
-        if (ctx->alert == 0)
-                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-
-        return 0;
-}
-
-static int
-tls13_client_engage_record_protection(struct tls13_ctx *ctx)
-{
-        struct tls13_secrets *secrets;
-        struct tls13_secret context;
-        unsigned char buf[EVP_MAX_MD_SIZE];
-        uint8_t *shared_key = NULL;
-        size_t shared_key_len = 0;
-        size_t hash_len;
-        SSL *s = ctx->ssl;
-        int ret = 0;
-
-        /* Derive the shared key and engage record protection. */
-
-        if (!tls_key_share_derive(ctx->hs->key_share, &shared_key,
-            &shared_key_len))
-                goto err;
-
-        s->session->cipher_value = ctx->hs->cipher->value;
-        s->session->ssl_version = ctx->hs->tls13.server_version;
-
-        if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL)
-                goto err;
-        if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL)
-                goto err;
-
-        if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL)
-                goto err;
-        ctx->hs->tls13.secrets = secrets;
-
-        /* XXX - pass in hash. */
-        if (!tls1_transcript_hash_init(s))
-                goto err;
-        tls1_transcript_free(s);
-        if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
-                goto err;
-        context.data = buf;
-        context.len = hash_len;
-
-        /* Early secrets. */
-        if (!tls13_derive_early_secrets(secrets, secrets->zeros.data,
-            secrets->zeros.len, &context))
-                goto err;
-
-        /* Handshake secrets. */
-        if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key,
-            shared_key_len, &context))
-                goto err;
-
-        tls13_record_layer_set_aead(ctx->rl, ctx->aead);
-        tls13_record_layer_set_hash(ctx->rl, ctx->hash);
-
-        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->server_handshake_traffic, ssl_encryption_handshake))
-                goto err;
-        if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
-            &secrets->client_handshake_traffic, ssl_encryption_handshake))
-                goto err;
-
-        ret = 1;
-
- err:
-        freezero(shared_key, shared_key_len);
-
-        return ret;
-}
-
-int
-tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        /*
-         * The state machine has no way of knowing if we're going to receive a
-         * HelloRetryRequest or a ServerHello. As such, we have to handle
-         * this case here and hand off to the appropriate function.
-         */
-        if (!tls13_server_hello_is_retry(cbs)) {
-                ctx->handshake_stage.hs_type |= WITHOUT_HRR;
-                return tls13_server_hello_recv(ctx, cbs);
-        }
-
-        if (!tls13_server_hello_process(ctx, cbs))
-                return 0;
-
-        /*
-         * This may have been a TLSv1.2 or earlier ServerHello that just
-         * happened to have matching server random...
-         */
-        if (ctx->hs->tls13.use_legacy)
-                return tls13_use_legacy_client(ctx);
-
-        if (!ctx->hs->tls13.hrr)
-                return 0;
-
-        if (!tls13_synthetic_handshake_message(ctx))
-                return 0;
-        if (!tls13_handshake_msg_record(ctx))
-                return 0;
-
-        ctx->hs->tls13.hrr = 0;
-
-        return 1;
-}
-
-int
-tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        /*
-         * Ensure that the server supported group is one that we listed in our
-         * supported groups and is not the same as the key share we previously
-         * offered.
-         */
-        if (!tls1_check_group(ctx->ssl, ctx->hs->tls13.server_group))
-                return 0; /* XXX alert */
-        if (ctx->hs->tls13.server_group == tls_key_share_group(ctx->hs->key_share))
-                return 0; /* XXX alert */
-
-        /* Switch to new key share. */
-        tls_key_share_free(ctx->hs->key_share);
-        if ((ctx->hs->key_share =
-            tls_key_share_new(ctx->hs->tls13.server_group)) == NULL)
-                return 0;
-        if (!tls_key_share_generate(ctx->hs->key_share))
-                return 0;
-
-        if (!tls13_client_hello_build(ctx, cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        SSL *s = ctx->ssl;
-
-        /*
-         * We may have received a legacy (pre-TLSv1.3) ServerHello or a TLSv1.3
-         * ServerHello. HelloRetryRequests have already been handled.
-         */
-        if (!tls13_server_hello_process(ctx, cbs))
-                return 0;
-
-        if (ctx->handshake_stage.hs_type & WITHOUT_HRR) {
-                tls1_transcript_unfreeze(s);
-                if (!tls13_handshake_msg_record(ctx))
-                        return 0;
-        }
-
-        if (ctx->hs->tls13.use_legacy) {
-                if (!(ctx->handshake_stage.hs_type & WITHOUT_HRR))
-                        return 0;
-                return tls13_use_legacy_client(ctx);
-        }
-
-        if (ctx->hs->tls13.hrr) {
-                /* The server has sent two HelloRetryRequests. */
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                return 0;
-        }
-
-        if (!tls13_client_engage_record_protection(ctx))
-                return 0;
-
-        ctx->handshake_stage.hs_type |= NEGOTIATED;
-
-        return 1;
-}
-
-int
-tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        int alert_desc;
-
-        if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_EE, cbs, &alert_desc)) {
-                ctx->alert = alert_desc;
-                return 0;
-        }
-
-        return 1;
-}
-
-int
-tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        CBS cert_request_context;
-        int alert_desc;
-
-        /*
-         * Thanks to poor state design in the RFC, this function can be called
-         * when we actually have a certificate message instead of a certificate
-         * request... in that case we call the certificate handler after
-         * switching state, to avoid advancing state.
-         */
-        if (tls13_handshake_msg_type(ctx->hs_msg) == TLS13_MT_CERTIFICATE) {
-                ctx->handshake_stage.hs_type |= WITHOUT_CR;
-                return tls13_server_certificate_recv(ctx, cbs);
-        }
-
-        if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
-                goto err;
-        if (CBS_len(&cert_request_context) != 0)
-                goto err;
-
-        if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CR, cbs, &alert_desc)) {
-                ctx->alert = alert_desc;
-                goto err;
-        }
-
-        return 1;
-
- err:
-        if (ctx->alert == 0)
-                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-
-        return 0;
-}
-
-int
-tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        CBS cert_request_context, cert_list, cert_data;
-        struct stack_st_X509 *certs = NULL;
-        SSL *s = ctx->ssl;
-        X509 *cert = NULL;
-        const uint8_t *p;
-        int alert_desc;
-        int ret = 0;
-
-        if ((certs = sk_X509_new_null()) == NULL)
-                goto err;
-
-        if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
-                goto err;
-        if (CBS_len(&cert_request_context) != 0)
-                goto err;
-        if (!CBS_get_u24_length_prefixed(cbs, &cert_list))
-                goto err;
-
-        while (CBS_len(&cert_list) > 0) {
-                if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
-                        goto err;
-
-                if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_CT,
-                    &cert_list, &alert_desc)) {
-                        ctx->alert = alert_desc;
-                        goto err;
-                }
-
-                p = CBS_data(&cert_data);
-                if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
-                        goto err;
-                if (p != CBS_data(&cert_data) + CBS_len(&cert_data))
-                        goto err;
-
-                if (!sk_X509_push(certs, cert))
-                        goto err;
-
-                cert = NULL;
-        }
-
-        /* A server must always provide a non-empty certificate list. */
-        if (sk_X509_num(certs) < 1) {
-                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-                tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0,
-                    "peer failed to provide a certificate", NULL);
-                goto err;
-        }
-
-        /*
-         * At this stage we still have no proof of possession. As such, it would
-         * be preferable to keep the chain and verify once we have successfully
-         * processed the CertificateVerify message.
-         */
-        if (ssl_verify_cert_chain(s, certs) <= 0 &&
-            s->verify_mode != SSL_VERIFY_NONE) {
-                ctx->alert = ssl_verify_alarm_type(s->verify_result);
-                tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0,
-                    "failed to verify peer certificate", NULL);
-                goto err;
-        }
-        s->session->verify_result = s->verify_result;
-        ERR_clear_error();
-
-        if (!tls_process_peer_certs(s, certs))
-                goto err;
-
-        if (ctx->ocsp_status_recv_cb != NULL &&
-            !ctx->ocsp_status_recv_cb(ctx))
-                goto err;
-
-        ret = 1;
-
- err:
-        sk_X509_pop_free(certs, X509_free);
-        X509_free(cert);
-
-        return ret;
-}
-
-int
-tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        const struct ssl_sigalg *sigalg;
-        uint16_t signature_scheme;
-        uint8_t *sig_content = NULL;
-        size_t sig_content_len;
-        EVP_MD_CTX *mdctx = NULL;
-        EVP_PKEY_CTX *pctx;
-        EVP_PKEY *pkey;
-        X509 *cert;
-        CBS signature;
-        CBB cbb;
-        int ret = 0;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (!CBS_get_u16(cbs, &signature_scheme))
-                goto err;
-        if (!CBS_get_u16_length_prefixed(cbs, &signature))
-                goto err;
-
-        if (!CBB_init(&cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad,
-            sizeof(tls13_cert_verify_pad)))
-                goto err;
-        if (!CBB_add_bytes(&cbb, tls13_cert_server_verify_context,
-            strlen(tls13_cert_server_verify_context)))
-                goto err;
-        if (!CBB_add_u8(&cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash,
-            ctx->hs->tls13.transcript_hash_len))
-                goto err;
-        if (!CBB_finish(&cbb, &sig_content, &sig_content_len))
-                goto err;
-
-        if ((cert = ctx->ssl->session->peer_cert) == NULL)
-                goto err;
-        if ((pkey = X509_get0_pubkey(cert)) == NULL)
-                goto err;
-        if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey,
-            signature_scheme)) == NULL)
-                goto err;
-        ctx->hs->peer_sigalg = sigalg;
-
-        if (CBS_len(&signature) > EVP_PKEY_size(pkey))
-                goto err;
-
-        if ((mdctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestVerifyInit(mdctx, &pctx, sigalg->md(), NULL, pkey))
-                goto err;
-        if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
-                if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
-                        goto err;
-                if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
-                        goto err;
-        }
-        if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
-            sig_content, sig_content_len) <= 0) {
-                ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
-                goto err;
-        }
-
-        ret = 1;
-
- err:
-        if (!ret && ctx->alert == 0)
-                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-        CBB_cleanup(&cbb);
-        EVP_MD_CTX_free(mdctx);
-        free(sig_content);
-
-        return ret;
-}
-
-int
-tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret context = { .data = "", .len = 0 };
-        struct tls13_secret finished_key;
-        uint8_t transcript_hash[EVP_MAX_MD_SIZE];
-        size_t transcript_hash_len;
-        uint8_t *verify_data = NULL;
-        size_t verify_data_len;
-        uint8_t key[EVP_MAX_MD_SIZE];
-        HMAC_CTX *hmac_ctx = NULL;
-        unsigned int hlen;
-        int ret = 0;
-
-        /*
-         * Verify server finished.
-         */
-        finished_key.data = key;
-        finished_key.len = EVP_MD_size(ctx->hash);
-
-        if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
-            &secrets->server_handshake_traffic, "finished",
-            &context))
-                goto err;
-
-        if ((hmac_ctx = HMAC_CTX_new()) == NULL)
-                goto err;
-        if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len,
-            ctx->hash, NULL))
-                goto err;
-        if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash,
-            ctx->hs->tls13.transcript_hash_len))
-                goto err;
-        verify_data_len = HMAC_size(hmac_ctx);
-        if ((verify_data = calloc(1, verify_data_len)) == NULL)
-                goto err;
-        if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
-                goto err;
-        if (hlen != verify_data_len)
-                goto err;
-
-        if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
-                ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
-                goto err;
-        }
-
-        if (!CBS_write_bytes(cbs, ctx->hs->peer_finished,
-            sizeof(ctx->hs->peer_finished),
-            &ctx->hs->peer_finished_len))
-                goto err;
-
-        if (!CBS_skip(cbs, verify_data_len))
-                goto err;
-
-        /*
-         * Derive application traffic keys.
-         */
-        if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash,
-            sizeof(transcript_hash), &transcript_hash_len))
-                goto err;
-
-        context.data = transcript_hash;
-        context.len = transcript_hash_len;
-
-        if (!tls13_derive_application_secrets(secrets, &context))
-                goto err;
-
-        /*
-         * Any records following the server finished message must be encrypted
-         * using the server application traffic keys.
-         */
-        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->server_application_traffic, ssl_encryption_application))
-                goto err;
-
-        tls13_record_layer_allow_ccs(ctx->rl, 0);
-
-        ret = 1;
-
- err:
-        HMAC_CTX_free(hmac_ctx);
-        free(verify_data);
-
-        return ret;
-}
-
-static int
-tls13_client_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk,
-    int *ok, const struct ssl_sigalg **out_sigalg)
-{
-        const struct ssl_sigalg *sigalg;
-        SSL *s = ctx->ssl;
-
-        *ok = 0;
-        *out_sigalg = NULL;
-
-        if (cpk->x509 == NULL || cpk->privatekey == NULL)
-                goto done;
-
-        if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL)
-                goto done;
-
-        *ok = 1;
-        *out_sigalg = sigalg;
-
- done:
-        return 1;
-}
-
-static int
-tls13_client_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk,
-    const struct ssl_sigalg **out_sigalg)
-{
-        SSL *s = ctx->ssl;
-        const struct ssl_sigalg *sigalg;
-        SSL_CERT_PKEY *cpk;
-        int cert_ok;
-
-        *out_cpk = NULL;
-        *out_sigalg = NULL;
-
-        /*
-         * XXX - RFC 8446, 4.4.2.3: the server can communicate preferences
-         * with the certificate_authorities (4.2.4) and oid_filters (4.2.5)
-         * extensions. We should honor the former and must apply the latter.
-         */
-
-        cpk = &s->cert->pkeys[SSL_PKEY_ECC];
-        if (!tls13_client_check_certificate(ctx, cpk, &cert_ok, &sigalg))
-                return 0;
-        if (cert_ok)
-                goto done;
-
-        cpk = &s->cert->pkeys[SSL_PKEY_RSA];
-        if (!tls13_client_check_certificate(ctx, cpk, &cert_ok, &sigalg))
-                return 0;
-        if (cert_ok)
-                goto done;
-
-        cpk = NULL;
-        sigalg = NULL;
-
- done:
-        *out_cpk = cpk;
-        *out_sigalg = sigalg;
-
-        return 1;
-}
-
-int
-tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        SSL *s = ctx->ssl;
-        CBB cert_request_context, cert_list;
-        const struct ssl_sigalg *sigalg;
-        STACK_OF(X509) *chain;
-        SSL_CERT_PKEY *cpk;
-        X509 *cert;
-        int i, ret = 0;
-
-        if (!tls13_client_select_certificate(ctx, &cpk, &sigalg))
-                goto err;
-
-        ctx->hs->tls13.cpk = cpk;
-        ctx->hs->our_sigalg = sigalg;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))
-                goto err;
-        if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
-                goto err;
-
-        /* No certificate selected. */
-        if (cpk == NULL)
-                goto done;
-
-        if ((chain = cpk->chain) == NULL)
-               chain = s->ctx->extra_certs;
-
-        if (!tls13_cert_add(ctx, &cert_list, cpk->x509, tlsext_client_build))
-                goto err;
-
-        for (i = 0; i < sk_X509_num(chain); i++) {
-                cert = sk_X509_value(chain, i);
-                if (!tls13_cert_add(ctx, &cert_list, cert, tlsext_client_build))
-                        goto err;
-        }
-
-        ctx->handshake_stage.hs_type |= WITH_CCV;
- done:
-        if (!CBB_flush(cbb))
-                goto err;
-
-        ret = 1;
-
- err:
-        return ret;
-}
-
-int
-tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        const struct ssl_sigalg *sigalg;
-        uint8_t *sig = NULL, *sig_content = NULL;
-        size_t sig_len, sig_content_len;
-        EVP_MD_CTX *mdctx = NULL;
-        EVP_PKEY_CTX *pctx;
-        EVP_PKEY *pkey;
-        const SSL_CERT_PKEY *cpk;
-        CBB sig_cbb;
-        int ret = 0;
-
-        memset(&sig_cbb, 0, sizeof(sig_cbb));
-
-        if ((cpk = ctx->hs->tls13.cpk) == NULL)
-                goto err;
-        if ((sigalg = ctx->hs->our_sigalg) == NULL)
-                goto err;
-        pkey = cpk->privatekey;
-
-        if (!CBB_init(&sig_cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad,
-            sizeof(tls13_cert_verify_pad)))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, tls13_cert_client_verify_context,
-            strlen(tls13_cert_client_verify_context)))
-                goto err;
-        if (!CBB_add_u8(&sig_cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash,
-            ctx->hs->tls13.transcript_hash_len))
-                goto err;
-        if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len))
-                goto err;
-
-        if ((mdctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestSignInit(mdctx, &pctx, sigalg->md(), NULL, pkey))
-                goto err;
-        if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
-                if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
-                        goto err;
-                if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
-                        goto err;
-        }
-        if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
-                goto err;
-        if ((sig = calloc(1, sig_len)) == NULL)
-                goto err;
-        if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
-                goto err;
-
-        if (!CBB_add_u16(cbb, sigalg->value))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cbb, &sig_cbb))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, sig, sig_len))
-                goto err;
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        ret = 1;
-
- err:
-        if (!ret && ctx->alert == 0)
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-
-        CBB_cleanup(&sig_cbb);
-        EVP_MD_CTX_free(mdctx);
-        free(sig_content);
-        free(sig);
-
-        return ret;
-}
-
-int
-tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        return 0;
-}
-
-int
-tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret context = { .data = "", .len = 0 };
-        struct tls13_secret finished_key = { .data = NULL, .len = 0 };
-        uint8_t transcript_hash[EVP_MAX_MD_SIZE];
-        size_t transcript_hash_len;
-        uint8_t *verify_data;
-        size_t verify_data_len;
-        unsigned int hlen;
-        HMAC_CTX *hmac_ctx = NULL;
-        CBS cbs;
-        int ret = 0;
-
-        if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash)))
-                goto err;
-
-        if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
-            &secrets->client_handshake_traffic, "finished",
-            &context))
-                goto err;
-
-        if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash,
-            sizeof(transcript_hash), &transcript_hash_len))
-                goto err;
-
-        if ((hmac_ctx = HMAC_CTX_new()) == NULL)
-                goto err;
-        if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len,
-            ctx->hash, NULL))
-                goto err;
-        if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
-                goto err;
-
-        verify_data_len = HMAC_size(hmac_ctx);
-        if (!CBB_add_space(cbb, &verify_data, verify_data_len))
-                goto err;
-        if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
-                goto err;
-        if (hlen != verify_data_len)
-                goto err;
-
-        CBS_init(&cbs, verify_data, verify_data_len);
-        if (!CBS_write_bytes(&cbs, ctx->hs->finished,
-            sizeof(ctx->hs->finished), &ctx->hs->finished_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        tls13_secret_cleanup(&finished_key);
-        HMAC_CTX_free(hmac_ctx);
-
-        return ret;
-}
-
-int
-tls13_client_finished_sent(struct tls13_ctx *ctx)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-
-        /*
-         * Any records following the client finished message must be encrypted
-         * using the client application traffic keys.
-         */
-        return tls13_record_layer_set_write_traffic_key(ctx->rl,
-            &secrets->client_application_traffic, ssl_encryption_application);
-}
diff --git a/src/lib/libssl/tls13_error.c b/src/lib/libssl/tls13_error.c
deleted file mode 100644
index 295b6c4fab..0000000000
--- a/src/lib/libssl/tls13_error.c
+++ /dev/null
@@ -1,99 +0,0 @@
-/* $OpenBSD: tls13_error.c,v 1.1 2020/01/20 13:10:37 jsing Exp $ */
-/*
- * Copyright (c) 2014,2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <errno.h>
-
-#include "tls13_internal.h"
-
-void
-tls13_error_clear(struct tls13_error *error)
-{
-        error->code = 0;
-        error->subcode = 0;
-        error->errnum = 0;
-        error->file = NULL;
-        error->line = 0;
-        free(error->msg);
-        error->msg = NULL;
-}
-
-static int
-tls13_error_vset(struct tls13_error *error, int code, int subcode, int errnum,
-    const char *file, int line, const char *fmt, va_list ap)
-{
-        char *errmsg = NULL;
-        int rv = -1;
-
-        tls13_error_clear(error);
-
-        error->code = code;
-        error->subcode = subcode;
-        error->errnum = errnum;
-        error->file = file;
-        error->line = line;
-
-        if (vasprintf(&errmsg, fmt, ap) == -1) {
-                errmsg = NULL;
-                goto err;
-        }
-
-        if (errnum == -1) {
-                error->msg = errmsg;
-                return 0;
-        }
-
-        if (asprintf(&error->msg, "%s: %s", errmsg, strerror(errnum)) == -1) {
-                error->msg = NULL;
-                goto err;
-        }
-        rv = 0;
-
- err:
-        free(errmsg);
-
-        return rv;
-}
-
-int
-tls13_error_set(struct tls13_error *error, int code, int subcode,
-    const char *file, int line, const char *fmt, ...)
-{
-        va_list ap;
-        int errnum, rv;
-
-        errnum = errno;
-
-        va_start(ap, fmt);
-        rv = tls13_error_vset(error, code, subcode, errnum, file, line, fmt, ap);
-        va_end(ap);
-
-        return (rv);
-}
-
-int
-tls13_error_setx(struct tls13_error *error, int code, int subcode,
-    const char *file, int line, const char *fmt, ...)
-{
-        va_list ap;
-        int rv;
-
-        va_start(ap, fmt);
-        rv = tls13_error_vset(error, code, subcode, -1, file, line, fmt, ap);
-        va_end(ap);
-
-        return (rv);
-}
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
deleted file mode 100644
index 0dc2333708..0000000000
--- a/src/lib/libssl/tls13_handshake.c
+++ /dev/null
@@ -1,723 +0,0 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.73 2024/02/03 19:57:14 tb Exp $ */
-/*
- * Copyright (c) 2018-2021 Theo Buehler <tb@openbsd.org>
- * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stddef.h>
-
-#include "ssl_local.h"
-#include "tls13_handshake.h"
-#include "tls13_internal.h"
-
-/* Based on RFC 8446 and inspired by s2n's TLS 1.2 state machine. */
-
-struct tls13_handshake_action {
-        uint8_t handshake_type;
-        uint8_t sender;
-        uint8_t handshake_complete;
-        uint8_t send_preserve_transcript_hash;
-        uint8_t recv_preserve_transcript_hash;
-
-        int (*send)(struct tls13_ctx *ctx, CBB *cbb);
-        int (*sent)(struct tls13_ctx *ctx);
-        int (*recv)(struct tls13_ctx *ctx, CBS *cbs);
-};
-
-static enum tls13_message_type
-    tls13_handshake_active_state(struct tls13_ctx *ctx);
-
-static const struct tls13_handshake_action *
-    tls13_handshake_active_action(struct tls13_ctx *ctx);
-static int tls13_handshake_advance_state_machine(struct tls13_ctx *ctx);
-
-static int tls13_handshake_send_action(struct tls13_ctx *ctx,
-    const struct tls13_handshake_action *action);
-static int tls13_handshake_recv_action(struct tls13_ctx *ctx,
-    const struct tls13_handshake_action *action);
-
-static int tls13_handshake_set_legacy_state(struct tls13_ctx *ctx);
-static int tls13_handshake_legacy_info_callback(struct tls13_ctx *ctx);
-
-static const struct tls13_handshake_action state_machine[] = {
-        [CLIENT_HELLO] = {
-                .handshake_type = TLS13_MT_CLIENT_HELLO,
-                .sender = TLS13_HS_CLIENT,
-                .send = tls13_client_hello_send,
-                .sent = tls13_client_hello_sent,
-                .recv = tls13_client_hello_recv,
-        },
-        [CLIENT_HELLO_RETRY] = {
-                .handshake_type = TLS13_MT_CLIENT_HELLO,
-                .sender = TLS13_HS_CLIENT,
-                .send = tls13_client_hello_retry_send,
-                .recv = tls13_client_hello_retry_recv,
-        },
-        [CLIENT_END_OF_EARLY_DATA] = {
-                .handshake_type = TLS13_MT_END_OF_EARLY_DATA,
-                .sender = TLS13_HS_CLIENT,
-                .send = tls13_client_end_of_early_data_send,
-                .recv = tls13_client_end_of_early_data_recv,
-        },
-        [CLIENT_CERTIFICATE] = {
-                .handshake_type = TLS13_MT_CERTIFICATE,
-                .sender = TLS13_HS_CLIENT,
-                .send_preserve_transcript_hash = 1,
-                .send = tls13_client_certificate_send,
-                .recv = tls13_client_certificate_recv,
-        },
-        [CLIENT_CERTIFICATE_VERIFY] = {
-                .handshake_type = TLS13_MT_CERTIFICATE_VERIFY,
-                .sender = TLS13_HS_CLIENT,
-                .recv_preserve_transcript_hash = 1,
-                .send = tls13_client_certificate_verify_send,
-                .recv = tls13_client_certificate_verify_recv,
-        },
-        [CLIENT_FINISHED] = {
-                .handshake_type = TLS13_MT_FINISHED,
-                .sender = TLS13_HS_CLIENT,
-                .recv_preserve_transcript_hash = 1,
-                .send = tls13_client_finished_send,
-                .sent = tls13_client_finished_sent,
-                .recv = tls13_client_finished_recv,
-        },
-        [SERVER_HELLO] = {
-                .handshake_type = TLS13_MT_SERVER_HELLO,
-                .sender = TLS13_HS_SERVER,
-                .send = tls13_server_hello_send,
-                .sent = tls13_server_hello_sent,
-                .recv = tls13_server_hello_recv,
-        },
-        [SERVER_HELLO_RETRY_REQUEST] = {
-                .handshake_type = TLS13_MT_SERVER_HELLO,
-                .sender = TLS13_HS_SERVER,
-                .send = tls13_server_hello_retry_request_send,
-                .recv = tls13_server_hello_retry_request_recv,
-                .sent = tls13_server_hello_retry_request_sent,
-        },
-        [SERVER_ENCRYPTED_EXTENSIONS] = {
-                .handshake_type = TLS13_MT_ENCRYPTED_EXTENSIONS,
-                .sender = TLS13_HS_SERVER,
-                .send = tls13_server_encrypted_extensions_send,
-                .recv = tls13_server_encrypted_extensions_recv,
-        },
-        [SERVER_CERTIFICATE] = {
-                .handshake_type = TLS13_MT_CERTIFICATE,
-                .sender = TLS13_HS_SERVER,
-                .send_preserve_transcript_hash = 1,
-                .send = tls13_server_certificate_send,
-                .recv = tls13_server_certificate_recv,
-        },
-        [SERVER_CERTIFICATE_REQUEST] = {
-                .handshake_type = TLS13_MT_CERTIFICATE_REQUEST,
-                .sender = TLS13_HS_SERVER,
-                .send = tls13_server_certificate_request_send,
-                .recv = tls13_server_certificate_request_recv,
-        },
-        [SERVER_CERTIFICATE_VERIFY] = {
-                .handshake_type = TLS13_MT_CERTIFICATE_VERIFY,
-                .sender = TLS13_HS_SERVER,
-                .recv_preserve_transcript_hash = 1,
-                .send = tls13_server_certificate_verify_send,
-                .recv = tls13_server_certificate_verify_recv,
-        },
-        [SERVER_FINISHED] = {
-                .handshake_type = TLS13_MT_FINISHED,
-                .sender = TLS13_HS_SERVER,
-                .recv_preserve_transcript_hash = 1,
-                .send_preserve_transcript_hash = 1,
-                .send = tls13_server_finished_send,
-                .sent = tls13_server_finished_sent,
-                .recv = tls13_server_finished_recv,
-        },
-        [APPLICATION_DATA] = {
-                .handshake_complete = 1,
-        },
-};
-
-const enum tls13_message_type handshakes[][TLS13_NUM_MESSAGE_TYPES] = {
-        [INITIAL] = {
-                CLIENT_HELLO,
-                SERVER_HELLO_RETRY_REQUEST,
-                CLIENT_HELLO_RETRY,
-                SERVER_HELLO,
-        },
-        [NEGOTIATED] = {
-                CLIENT_HELLO,
-                SERVER_HELLO_RETRY_REQUEST,
-                CLIENT_HELLO_RETRY,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_CERTIFICATE_REQUEST,
-                SERVER_CERTIFICATE,
-                SERVER_CERTIFICATE_VERIFY,
-                SERVER_FINISHED,
-                CLIENT_CERTIFICATE,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITHOUT_HRR] = {
-                CLIENT_HELLO,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_CERTIFICATE_REQUEST,
-                SERVER_CERTIFICATE,
-                SERVER_CERTIFICATE_VERIFY,
-                SERVER_FINISHED,
-                CLIENT_CERTIFICATE,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITHOUT_CR] = {
-                CLIENT_HELLO,
-                SERVER_HELLO_RETRY_REQUEST,
-                CLIENT_HELLO_RETRY,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_CERTIFICATE,
-                SERVER_CERTIFICATE_VERIFY,
-                SERVER_FINISHED,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITHOUT_HRR | WITHOUT_CR] = {
-                CLIENT_HELLO,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_CERTIFICATE,
-                SERVER_CERTIFICATE_VERIFY,
-                SERVER_FINISHED,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITH_PSK] = {
-                CLIENT_HELLO,
-                SERVER_HELLO_RETRY_REQUEST,
-                CLIENT_HELLO_RETRY,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_FINISHED,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITHOUT_HRR | WITH_PSK] = {
-                CLIENT_HELLO,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_FINISHED,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITH_CCV] = {
-                CLIENT_HELLO,
-                SERVER_HELLO_RETRY_REQUEST,
-                CLIENT_HELLO_RETRY,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_CERTIFICATE_REQUEST,
-                SERVER_CERTIFICATE,
-                SERVER_CERTIFICATE_VERIFY,
-                SERVER_FINISHED,
-                CLIENT_CERTIFICATE,
-                CLIENT_CERTIFICATE_VERIFY,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-        [NEGOTIATED | WITHOUT_HRR | WITH_CCV] = {
-                CLIENT_HELLO,
-                SERVER_HELLO,
-                SERVER_ENCRYPTED_EXTENSIONS,
-                SERVER_CERTIFICATE_REQUEST,
-                SERVER_CERTIFICATE,
-                SERVER_CERTIFICATE_VERIFY,
-                SERVER_FINISHED,
-                CLIENT_CERTIFICATE,
-                CLIENT_CERTIFICATE_VERIFY,
-                CLIENT_FINISHED,
-                APPLICATION_DATA,
-        },
-};
-
-const size_t handshake_count = sizeof(handshakes) / sizeof(handshakes[0]);
-
-#ifndef TLS13_DEBUG
-#define DEBUGF(...)
-#else
-#define DEBUGF(...) fprintf(stderr, __VA_ARGS__)
-
-static const char *
-tls13_handshake_mode_name(uint8_t mode)
-{
-        switch (mode) {
-        case TLS13_HS_CLIENT:
-                return "Client";
-        case TLS13_HS_SERVER:
-                return "Server";
-        }
-        return "Unknown";
-}
-
-static const char *
-tls13_handshake_message_name(uint8_t msg_type)
-{
-        switch (msg_type) {
-        case TLS13_MT_CLIENT_HELLO:
-                return "ClientHello";
-        case TLS13_MT_SERVER_HELLO:
-                return "ServerHello";
-        case TLS13_MT_NEW_SESSION_TICKET:
-                return "NewSessionTicket";
-        case TLS13_MT_END_OF_EARLY_DATA:
-                return "EndOfEarlyData";
-        case TLS13_MT_ENCRYPTED_EXTENSIONS:
-                return "EncryptedExtensions";
-        case TLS13_MT_CERTIFICATE:
-                return "Certificate";
-        case TLS13_MT_CERTIFICATE_REQUEST:
-                return "CertificateRequest";
-        case TLS13_MT_CERTIFICATE_VERIFY:
-                return "CertificateVerify";
-        case TLS13_MT_FINISHED:
-                return "Finished";
-        }
-        return "Unknown";
-}
-#endif
-
-static enum tls13_message_type
-tls13_handshake_active_state(struct tls13_ctx *ctx)
-{
-        struct tls13_handshake_stage hs = ctx->handshake_stage;
-
-        if (hs.hs_type >= handshake_count)
-                return INVALID;
-        if (hs.message_number >= TLS13_NUM_MESSAGE_TYPES)
-                return INVALID;
-
-        return handshakes[hs.hs_type][hs.message_number];
-}
-
-static const struct tls13_handshake_action *
-tls13_handshake_active_action(struct tls13_ctx *ctx)
-{
-        enum tls13_message_type mt = tls13_handshake_active_state(ctx);
-
-        if (mt == INVALID)
-                return NULL;
-
-        return &state_machine[mt];
-}
-
-static int
-tls13_handshake_advance_state_machine(struct tls13_ctx *ctx)
-{
-        if (++ctx->handshake_stage.message_number >= TLS13_NUM_MESSAGE_TYPES)
-                return 0;
-
-        return 1;
-}
-
-static int
-tls13_handshake_end_of_flight(struct tls13_ctx *ctx,
-    const struct tls13_handshake_action *previous)
-{
-        const struct tls13_handshake_action *current;
-
-        if ((current = tls13_handshake_active_action(ctx)) == NULL)
-                return 1;
-
-        return current->sender != previous->sender;
-}
-
-int
-tls13_handshake_msg_record(struct tls13_ctx *ctx)
-{
-        CBS cbs;
-
-        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
-        return tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs));
-}
-
-int
-tls13_handshake_perform(struct tls13_ctx *ctx)
-{
-        const struct tls13_handshake_action *action;
-        int sending;
-        int ret;
-
-        if (!ctx->handshake_started) {
-                /*
-                 * Set legacy state to connect/accept and call info callback
-                 * to signal that the handshake started.
-                 */
-                if (!tls13_handshake_set_legacy_state(ctx))
-                        return TLS13_IO_FAILURE;
-                if (!tls13_handshake_legacy_info_callback(ctx))
-                        return TLS13_IO_FAILURE;
-
-                ctx->handshake_started = 1;
-
-                /* Set legacy state for initial ClientHello read or write. */
-                if (!tls13_handshake_set_legacy_state(ctx))
-                        return TLS13_IO_FAILURE;
-        }
-
-        for (;;) {
-                if ((action = tls13_handshake_active_action(ctx)) == NULL)
-                        return TLS13_IO_FAILURE;
-
-                if (ctx->need_flush) {
-                        if ((ret = tls13_record_layer_flush(ctx->rl)) !=
-                            TLS13_IO_SUCCESS)
-                                return ret;
-                        ctx->need_flush = 0;
-                }
-
-                if (action->handshake_complete) {
-                        ctx->handshake_completed = 1;
-                        tls13_record_layer_handshake_completed(ctx->rl);
-
-                        if (!tls13_handshake_set_legacy_state(ctx))
-                                return TLS13_IO_FAILURE;
-                        if (!tls13_handshake_legacy_info_callback(ctx))
-                                return TLS13_IO_FAILURE;
-
-                        return TLS13_IO_SUCCESS;
-                }
-
-                sending = action->sender == ctx->mode;
-
-                DEBUGF("%s %s %s\n", tls13_handshake_mode_name(ctx->mode),
-                    sending ? "sending" : "receiving",
-                    tls13_handshake_message_name(action->handshake_type));
-
-                if (ctx->alert != 0)
-                        return tls13_send_alert(ctx->rl, ctx->alert);
-
-                if (sending)
-                        ret = tls13_handshake_send_action(ctx, action);
-                else
-                        ret = tls13_handshake_recv_action(ctx, action);
-
-                if (ctx->alert != 0)
-                        return tls13_send_alert(ctx->rl, ctx->alert);
-
-                if (ret <= 0) {
-                        DEBUGF("%s %s returned %d\n",
-                            tls13_handshake_mode_name(ctx->mode),
-                            (action->sender == ctx->mode) ? "send" : "recv",
-                            ret);
-                        return ret;
-                }
-
-                if (!tls13_handshake_legacy_info_callback(ctx))
-                        return TLS13_IO_FAILURE;
-
-                if (!tls13_handshake_advance_state_machine(ctx))
-                        return TLS13_IO_FAILURE;
-
-                if (sending)
-                        ctx->need_flush = tls13_handshake_end_of_flight(ctx,
-                            action);
-
-                if (!tls13_handshake_set_legacy_state(ctx))
-                        return TLS13_IO_FAILURE;
-        }
-}
-
-static int
-tls13_handshake_send_action(struct tls13_ctx *ctx,
-    const struct tls13_handshake_action *action)
-{
-        ssize_t ret;
-        CBB cbb;
-
-        if (ctx->send_dummy_ccs) {
-                if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS)
-                        return ret;
-                ctx->send_dummy_ccs = 0;
-                if (ctx->send_dummy_ccs_after) {
-                        ctx->send_dummy_ccs_after = 0;
-                        return TLS13_IO_SUCCESS;
-                }
-        }
-
-        /* If we have no handshake message, we need to build one. */
-        if (ctx->hs_msg == NULL) {
-                if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
-                        return TLS13_IO_FAILURE;
-                if (!tls13_handshake_msg_start(ctx->hs_msg, &cbb,
-                    action->handshake_type))
-                        return TLS13_IO_FAILURE;
-                if (!action->send(ctx, &cbb))
-                        return TLS13_IO_FAILURE;
-                if (!tls13_handshake_msg_finish(ctx->hs_msg))
-                        return TLS13_IO_FAILURE;
-        }
-
-        if ((ret = tls13_handshake_msg_send(ctx->hs_msg, ctx->rl)) <= 0)
-                return ret;
-
-        if (!tls13_handshake_msg_record(ctx))
-                return TLS13_IO_FAILURE;
-
-        if (action->send_preserve_transcript_hash) {
-                if (!tls1_transcript_hash_value(ctx->ssl,
-                    ctx->hs->tls13.transcript_hash,
-                    sizeof(ctx->hs->tls13.transcript_hash),
-                    &ctx->hs->tls13.transcript_hash_len))
-                        return TLS13_IO_FAILURE;
-        }
-
-        if (ctx->handshake_message_sent_cb != NULL)
-                ctx->handshake_message_sent_cb(ctx);
-
-        tls13_handshake_msg_free(ctx->hs_msg);
-        ctx->hs_msg = NULL;
-
-        if (action->sent != NULL && !action->sent(ctx))
-                return TLS13_IO_FAILURE;
-
-        if (ctx->send_dummy_ccs_after) {
-                ctx->send_dummy_ccs = 1;
-                if ((ret = tls13_send_dummy_ccs(ctx->rl)) != TLS13_IO_SUCCESS)
-                        return ret;
-                ctx->send_dummy_ccs = 0;
-                ctx->send_dummy_ccs_after = 0;
-        }
-
-        return TLS13_IO_SUCCESS;
-}
-
-static int
-tls13_handshake_recv_action(struct tls13_ctx *ctx,
-    const struct tls13_handshake_action *action)
-{
-        uint8_t msg_type;
-        ssize_t ret;
-        CBS cbs;
-
-        if (ctx->hs_msg == NULL) {
-                if ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL)
-                        return TLS13_IO_FAILURE;
-        }
-
-        if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) <= 0)
-                return ret;
-
-        if (action->recv_preserve_transcript_hash) {
-                if (!tls1_transcript_hash_value(ctx->ssl,
-                    ctx->hs->tls13.transcript_hash,
-                    sizeof(ctx->hs->tls13.transcript_hash),
-                    &ctx->hs->tls13.transcript_hash_len))
-                        return TLS13_IO_FAILURE;
-        }
-
-        if (!tls13_handshake_msg_record(ctx))
-                return TLS13_IO_FAILURE;
-
-        if (ctx->handshake_message_recv_cb != NULL)
-                ctx->handshake_message_recv_cb(ctx);
-
-        /*
-         * In TLSv1.3 there is no way to know if you're going to receive a
-         * certificate request message or not, hence we have to special case it
-         * here. The receive handler also knows how to deal with this situation.
-         */
-        msg_type = tls13_handshake_msg_type(ctx->hs_msg);
-        if (msg_type != action->handshake_type &&
-            (msg_type != TLS13_MT_CERTIFICATE ||
-             action->handshake_type != TLS13_MT_CERTIFICATE_REQUEST))
-                return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-
-        if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
-                return TLS13_IO_FAILURE;
-
-        ret = TLS13_IO_FAILURE;
-        if (!action->recv(ctx, &cbs))
-                goto err;
-
-        if (CBS_len(&cbs) != 0) {
-                tls13_set_errorx(ctx, TLS13_ERR_TRAILING_DATA, 0,
-                    "trailing data in handshake message", NULL);
-                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-                goto err;
-        }
-
-        ret = TLS13_IO_SUCCESS;
-        if (ctx->ssl->method->version < TLS1_3_VERSION)
-                ret = TLS13_IO_USE_LEGACY;
-
- err:
-        tls13_handshake_msg_free(ctx->hs_msg);
-        ctx->hs_msg = NULL;
-
-        return ret;
-}
-
-struct tls13_handshake_legacy_state {
-        int recv;
-        int send;
-};
-
-static const struct tls13_handshake_legacy_state legacy_states[] = {
-        [CLIENT_HELLO] = {
-                .recv = SSL3_ST_SR_CLNT_HELLO_A,
-                .send = SSL3_ST_CW_CLNT_HELLO_A,
-        },
-        [SERVER_HELLO_RETRY_REQUEST] = {
-                .recv = SSL3_ST_CR_SRVR_HELLO_A,
-                .send = SSL3_ST_SW_SRVR_HELLO_A,
-        },
-        [CLIENT_HELLO_RETRY] = {
-                .recv = SSL3_ST_SR_CLNT_HELLO_A,
-                .send = SSL3_ST_CW_CLNT_HELLO_A,
-        },
-        [SERVER_HELLO] = {
-                .recv = SSL3_ST_CR_SRVR_HELLO_A,
-                .send = SSL3_ST_SW_SRVR_HELLO_A,
-        },
-        [SERVER_ENCRYPTED_EXTENSIONS] = {
-                .send = 0,
-                .recv = 0,
-        },
-        [SERVER_CERTIFICATE_REQUEST] = {
-                .recv = SSL3_ST_CR_CERT_REQ_A,
-                .send = SSL3_ST_SW_CERT_REQ_A,
-        },
-        [SERVER_CERTIFICATE] = {
-                .recv = SSL3_ST_CR_CERT_A,
-                .send = SSL3_ST_SW_CERT_A,
-        },
-        [SERVER_CERTIFICATE_VERIFY] = {
-                .send = 0,
-                .recv = 0,
-        },
-        [SERVER_FINISHED] = {
-                .recv = SSL3_ST_CR_FINISHED_A,
-                .send = SSL3_ST_SW_FINISHED_A,
-        },
-        [CLIENT_END_OF_EARLY_DATA] = {
-                .send = 0,
-                .recv = 0,
-        },
-        [CLIENT_CERTIFICATE] = {
-                .recv = SSL3_ST_SR_CERT_VRFY_A,
-                .send = SSL3_ST_CW_CERT_VRFY_B,
-        },
-        [CLIENT_CERTIFICATE_VERIFY] = {
-                .send = 0,
-                .recv = 0,
-        },
-        [CLIENT_FINISHED] = {
-                .recv = SSL3_ST_SR_FINISHED_A,
-                .send = SSL3_ST_CW_FINISHED_A,
-        },
-        [APPLICATION_DATA] = {
-                .recv = 0,
-                .send = 0,
-        },
-};
-
-CTASSERT(sizeof(state_machine) / sizeof(state_machine[0]) ==
-    sizeof(legacy_states) / sizeof(legacy_states[0]));
-
-static int
-tls13_handshake_legacy_state(struct tls13_ctx *ctx, int *out_state)
-{
-        const struct tls13_handshake_action *action;
-        enum tls13_message_type mt;
-
-        *out_state = 0;
-
-        if (!ctx->handshake_started) {
-                if (ctx->mode == TLS13_HS_CLIENT)
-                        *out_state = SSL_ST_CONNECT;
-                else
-                        *out_state = SSL_ST_ACCEPT;
-
-                return 1;
-        }
-
-        if (ctx->handshake_completed) {
-                *out_state = SSL_ST_OK;
-                return 1;
-        }
-
-        if ((mt = tls13_handshake_active_state(ctx)) == INVALID)
-                return 0;
-
-        if ((action = tls13_handshake_active_action(ctx)) == NULL)
-                return 0;
-
-        if (action->sender == ctx->mode)
-                *out_state = legacy_states[mt].send;
-        else
-                *out_state = legacy_states[mt].recv;
-
-        return 1;
-}
-
-static int
-tls13_handshake_info_position(struct tls13_ctx *ctx)
-{
-        if (!ctx->handshake_started)
-                return TLS13_INFO_HANDSHAKE_STARTED;
-
-        if (ctx->handshake_completed)
-                return TLS13_INFO_HANDSHAKE_COMPLETED;
-
-        if (ctx->mode == TLS13_HS_CLIENT)
-                return TLS13_INFO_CONNECT_LOOP;
-        else
-                return TLS13_INFO_ACCEPT_LOOP;
-}
-
-static int
-tls13_handshake_legacy_info_callback(struct tls13_ctx *ctx)
-{
-        int state, where;
-
-        if (!tls13_handshake_legacy_state(ctx, &state))
-                return 0;
-
-        /* Do nothing if there's no corresponding legacy state. */
-        if (state == 0)
-                return 1;
-
-        if (ctx->info_cb != NULL) {
-                where = tls13_handshake_info_position(ctx);
-                ctx->info_cb(ctx, where, 1);
-        }
-
-        return 1;
-}
-
-static int
-tls13_handshake_set_legacy_state(struct tls13_ctx *ctx)
-{
-        int state;
-
-        if (!tls13_handshake_legacy_state(ctx, &state))
-                return 0;
-
-        /* Do nothing if there's no corresponding legacy state. */
-        if (state == 0)
-                return 1;
-
-        ctx->hs->state = state;
-
-        return 1;
-}
diff --git a/src/lib/libssl/tls13_handshake.h b/src/lib/libssl/tls13_handshake.h
deleted file mode 100644
index 8a08b9fd5b..0000000000
--- a/src/lib/libssl/tls13_handshake.h
+++ /dev/null
@@ -1,54 +0,0 @@
-/* $OpenBSD: tls13_handshake.h,v 1.5 2020/04/22 17:05:07 jsing Exp $ */
-/*
- * Copyright (c) 2019 Theo Buehler <tb@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_TLS13_HANDSHAKE_H
-#define HEADER_TLS13_HANDSHAKE_H
-
-#include <stddef.h>     /* for NULL */
-
-__BEGIN_HIDDEN_DECLS
-
-#define INITIAL                 0x00
-#define NEGOTIATED              0x01
-#define WITHOUT_HRR             0x02
-#define WITHOUT_CR              0x04
-#define WITH_PSK                0x08
-#define WITH_CCV                0x10
-#define WITH_0RTT               0x20
-
-enum tls13_message_type {
-        INVALID,
-        CLIENT_HELLO,
-        SERVER_HELLO_RETRY_REQUEST,
-        CLIENT_HELLO_RETRY,
-        SERVER_HELLO,
-        SERVER_ENCRYPTED_EXTENSIONS,
-        SERVER_CERTIFICATE_REQUEST,
-        SERVER_CERTIFICATE,
-        SERVER_CERTIFICATE_VERIFY,
-        SERVER_FINISHED,
-        CLIENT_END_OF_EARLY_DATA,
-        CLIENT_CERTIFICATE,
-        CLIENT_CERTIFICATE_VERIFY,
-        CLIENT_FINISHED,
-        APPLICATION_DATA,
-        TLS13_NUM_MESSAGE_TYPES,
-};
-
-__END_HIDDEN_DECLS
-
-#endif /* !HEADER_TLS13_HANDSHAKE_H */
diff --git a/src/lib/libssl/tls13_handshake_msg.c b/src/lib/libssl/tls13_handshake_msg.c
deleted file mode 100644
index c7f4d7b7ec..0000000000
--- a/src/lib/libssl/tls13_handshake_msg.c
+++ /dev/null
@@ -1,188 +0,0 @@
-/* $OpenBSD: tls13_handshake_msg.c,v 1.7 2024/02/04 20:50:23 tb Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "bytestring.h"
-#include "tls13_internal.h"
-
-#define TLS13_HANDSHAKE_MSG_HEADER_LEN  4
-#define TLS13_HANDSHAKE_MSG_INITIAL_LEN 256
-#define TLS13_HANDSHAKE_MSG_MAX_LEN     (256 * 1024)
-
-struct tls13_handshake_msg {
-        uint8_t msg_type;
-        uint32_t msg_len;
-        uint8_t *data;
-        size_t data_len;
-
-        struct tls_buffer *buf;
-        CBS cbs;
-        CBB cbb;
-};
-
-struct tls13_handshake_msg *
-tls13_handshake_msg_new(void)
-{
-        struct tls13_handshake_msg *msg = NULL;
-
-        if ((msg = calloc(1, sizeof(struct tls13_handshake_msg))) == NULL)
-                goto err;
-        if ((msg->buf = tls_buffer_new(0)) == NULL)
-                goto err;
-
-        return msg;
-
- err:
-        tls13_handshake_msg_free(msg);
-
-        return NULL;
-}
-
-void
-tls13_handshake_msg_free(struct tls13_handshake_msg *msg)
-{
-        if (msg == NULL)
-                return;
-
-        tls_buffer_free(msg->buf);
-
-        CBB_cleanup(&msg->cbb);
-
-        freezero(msg->data, msg->data_len);
-        freezero(msg, sizeof(struct tls13_handshake_msg));
-}
-
-void
-tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs)
-{
-        CBS_init(cbs, msg->data, msg->data_len);
-}
-
-uint8_t
-tls13_handshake_msg_type(struct tls13_handshake_msg *msg)
-{
-        return msg->msg_type;
-}
-
-int
-tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs)
-{
-        tls13_handshake_msg_data(msg, cbs);
-
-        return CBS_skip(cbs, TLS13_HANDSHAKE_MSG_HEADER_LEN);
-}
-
-int
-tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
-    uint8_t msg_type)
-{
-        if (!CBB_init(&msg->cbb, TLS13_HANDSHAKE_MSG_INITIAL_LEN))
-                return 0;
-        if (!CBB_add_u8(&msg->cbb, msg_type))
-                return 0;
-        if (!CBB_add_u24_length_prefixed(&msg->cbb, body))
-                return 0;
-
-        return 1;
-}
-
-int
-tls13_handshake_msg_finish(struct tls13_handshake_msg *msg)
-{
-        if (!CBB_finish(&msg->cbb, &msg->data, &msg->data_len))
-                return 0;
-
-        CBS_init(&msg->cbs, msg->data, msg->data_len);
-
-        return 1;
-}
-
-static ssize_t
-tls13_handshake_msg_read_cb(void *buf, size_t n, void *cb_arg)
-{
-        struct tls13_record_layer *rl = cb_arg;
-
-        return tls13_read_handshake_data(rl, buf, n);
-}
-
-int
-tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
-    struct tls13_record_layer *rl)
-{
-        uint8_t msg_type;
-        uint32_t msg_len;
-        CBS cbs;
-        int ret;
-
-        if (msg->data != NULL)
-                return TLS13_IO_FAILURE;
-
-        if (msg->msg_type == 0) {
-                if ((ret = tls_buffer_extend(msg->buf,
-                    TLS13_HANDSHAKE_MSG_HEADER_LEN,
-                    tls13_handshake_msg_read_cb, rl)) <= 0)
-                        return ret;
-
-                if (!tls_buffer_data(msg->buf, &cbs))
-                        return TLS13_IO_FAILURE;
-
-                if (!CBS_get_u8(&cbs, &msg_type))
-                        return TLS13_IO_FAILURE;
-                if (!CBS_get_u24(&cbs, &msg_len))
-                        return TLS13_IO_FAILURE;
-
-                /* XXX - do we want to make this variable on message type? */
-                if (msg_len > TLS13_HANDSHAKE_MSG_MAX_LEN)
-                        return TLS13_IO_FAILURE;
-
-                msg->msg_type = msg_type;
-                msg->msg_len = msg_len;
-        }
-
-        if ((ret = tls_buffer_extend(msg->buf,
-            TLS13_HANDSHAKE_MSG_HEADER_LEN + msg->msg_len,
-            tls13_handshake_msg_read_cb, rl)) <= 0)
-                return ret;
-
-        if (!tls_buffer_finish(msg->buf, &msg->data, &msg->data_len))
-                return TLS13_IO_FAILURE;
-
-        return TLS13_IO_SUCCESS;
-}
-
-int
-tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
-    struct tls13_record_layer *rl)
-{
-        ssize_t ret;
-
-        if (msg->data == NULL)
-                return TLS13_IO_FAILURE;
-
-        if (CBS_len(&msg->cbs) == 0)
-                return TLS13_IO_FAILURE;
-
-        while (CBS_len(&msg->cbs) > 0) {
-                if ((ret = tls13_write_handshake_data(rl, CBS_data(&msg->cbs),
-                    CBS_len(&msg->cbs))) <= 0)
-                        return ret;
-
-                if (!CBS_skip(&msg->cbs, ret))
-                        return TLS13_IO_FAILURE;
-        }
-
-        return TLS13_IO_SUCCESS;
-}
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
deleted file mode 100644
index 7a7f8abc63..0000000000
--- a/src/lib/libssl/tls13_internal.h
+++ /dev/null
@@ -1,447 +0,0 @@
-/* $OpenBSD: tls13_internal.h,v 1.105 2025/03/09 15:12:18 tb Exp $ */
-/*
- * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_TLS13_INTERNAL_H
-#define HEADER_TLS13_INTERNAL_H
-
-#include <openssl/evp.h>
-#include <openssl/ssl.h>
-
-#include "bytestring.h"
-#include "tls_internal.h"
-
-__BEGIN_HIDDEN_DECLS
-
-#define TLS13_HS_CLIENT                 1
-#define TLS13_HS_SERVER                 2
-
-#define TLS13_IO_SUCCESS                 1
-#define TLS13_IO_EOF                     0
-#define TLS13_IO_FAILURE                -1
-#define TLS13_IO_ALERT                  -2
-#define TLS13_IO_WANT_POLLIN            -3
-#define TLS13_IO_WANT_POLLOUT           -4
-#define TLS13_IO_WANT_RETRY             -5 /* Retry the previous call immediately. */
-#define TLS13_IO_USE_LEGACY             -6
-#define TLS13_IO_RECORD_VERSION         -7
-#define TLS13_IO_RECORD_OVERFLOW        -8
-
-#define TLS13_ERR_VERIFY_FAILED         16
-#define TLS13_ERR_HRR_FAILED            17
-#define TLS13_ERR_TRAILING_DATA         18
-#define TLS13_ERR_NO_SHARED_CIPHER      19
-#define TLS13_ERR_NO_CERTIFICATE        20
-#define TLS13_ERR_NO_PEER_CERTIFICATE   21
-
-#define TLS13_ALERT_LEVEL_WARNING                       1
-#define TLS13_ALERT_LEVEL_FATAL                         2
-
-#define TLS13_ALERT_CLOSE_NOTIFY                        0
-#define TLS13_ALERT_UNEXPECTED_MESSAGE                  10
-#define TLS13_ALERT_BAD_RECORD_MAC                      20
-#define TLS13_ALERT_RECORD_OVERFLOW                     22
-#define TLS13_ALERT_HANDSHAKE_FAILURE                   40
-#define TLS13_ALERT_BAD_CERTIFICATE                     42
-#define TLS13_ALERT_UNSUPPORTED_CERTIFICATE             43
-#define TLS13_ALERT_CERTIFICATE_REVOKED                 44
-#define TLS13_ALERT_CERTIFICATE_EXPIRED                 45
-#define TLS13_ALERT_CERTIFICATE_UNKNOWN                 46
-#define TLS13_ALERT_ILLEGAL_PARAMETER                   47
-#define TLS13_ALERT_UNKNOWN_CA                          48
-#define TLS13_ALERT_ACCESS_DENIED                       49
-#define TLS13_ALERT_DECODE_ERROR                        50
-#define TLS13_ALERT_DECRYPT_ERROR                       51
-#define TLS13_ALERT_PROTOCOL_VERSION                    70
-#define TLS13_ALERT_INSUFFICIENT_SECURITY               71
-#define TLS13_ALERT_INTERNAL_ERROR                      80
-#define TLS13_ALERT_INAPPROPRIATE_FALLBACK              86
-#define TLS13_ALERT_USER_CANCELED                       90
-#define TLS13_ALERT_MISSING_EXTENSION                   109
-#define TLS13_ALERT_UNSUPPORTED_EXTENSION               110
-#define TLS13_ALERT_UNRECOGNIZED_NAME                   112
-#define TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE     113
-#define TLS13_ALERT_UNKNOWN_PSK_IDENTITY                115
-#define TLS13_ALERT_CERTIFICATE_REQUIRED                116
-#define TLS13_ALERT_NO_APPLICATION_PROTOCOL             120
-
-#define TLS13_INFO_HANDSHAKE_STARTED                    SSL_CB_HANDSHAKE_START
-#define TLS13_INFO_HANDSHAKE_COMPLETED                  SSL_CB_HANDSHAKE_DONE
-#define TLS13_INFO_ACCEPT_LOOP                          SSL_CB_ACCEPT_LOOP
-#define TLS13_INFO_CONNECT_LOOP                         SSL_CB_CONNECT_LOOP
-#define TLS13_INFO_ACCEPT_EXIT                          SSL_CB_ACCEPT_EXIT
-#define TLS13_INFO_CONNECT_EXIT                         SSL_CB_CONNECT_EXIT
-
-typedef void (*tls13_alert_cb)(uint8_t _alert_level, uint8_t _alert_desc,
-    void *_cb_arg);
-typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg);
-typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
-typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
-typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret);
-typedef int (*tls13_ocsp_status_cb)(void *_cb_arg);
-
-/*
- * PSK support.
- */
-
-/*
- * Known PskKeyExchangeMode values.
- * https://www.iana.org/assignments/tls-parameters/#tls-pskkeyexchangemode
- */
-#define TLS13_PSK_KE                                    0
-#define TLS13_PSK_DHE_KE                                1
-
-/*
- * Secrets.
- */
-struct tls13_secret {
-        uint8_t *data;
-        size_t len;
-};
-
-/* RFC 8446 Section 7.1  Page 92 */
-struct tls13_secrets {
-        const EVP_MD *digest;
-        int resumption;
-        int init_done;
-        int early_done;
-        int handshake_done;
-        int schedule_done;
-        int insecure; /* Set by tests */
-        struct tls13_secret zeros;
-        struct tls13_secret empty_hash;
-        struct tls13_secret extracted_early;
-        struct tls13_secret binder_key;
-        struct tls13_secret client_early_traffic;
-        struct tls13_secret early_exporter_master;
-        struct tls13_secret derived_early;
-        struct tls13_secret extracted_handshake;
-        struct tls13_secret client_handshake_traffic;
-        struct tls13_secret server_handshake_traffic;
-        struct tls13_secret derived_handshake;
-        struct tls13_secret extracted_master;
-        struct tls13_secret client_application_traffic;
-        struct tls13_secret server_application_traffic;
-        struct tls13_secret exporter_master;
-        struct tls13_secret resumption_master;
-};
-
-int tls13_secret_init(struct tls13_secret *secret, size_t len);
-void tls13_secret_cleanup(struct tls13_secret *secret);
-struct tls13_secrets *tls13_secrets_create(const EVP_MD *digest,
-    int resumption);
-void tls13_secrets_destroy(struct tls13_secrets *secrets);
-
-int tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
-    const struct tls13_secret *secret, const char *label,
-    const struct tls13_secret *context);
-int tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
-    const EVP_MD *digest, const struct tls13_secret *secret,
-    const uint8_t *label, size_t label_len, const struct tls13_secret *context);
-
-int tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
-    const struct tls13_secret *secret, const char *label,
-    const struct tls13_secret *context);
-int tls13_derive_secret_with_label_length(struct tls13_secret *out,
-    const EVP_MD *digest, const struct tls13_secret *secret,
-    const uint8_t *label, size_t label_len, const struct tls13_secret *context);
-
-int tls13_derive_early_secrets(struct tls13_secrets *secrets, uint8_t *psk,
-    size_t psk_len, const struct tls13_secret *context);
-int tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
-    const uint8_t *ecdhe, size_t ecdhe_len, const struct tls13_secret *context);
-int tls13_derive_application_secrets(struct tls13_secrets *secrets,
-    const struct tls13_secret *context);
-int tls13_update_client_traffic_secret(struct tls13_secrets *secrets);
-int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
-
-/*
- * Record Layer.
- */
-struct tls13_record_layer;
-
-struct tls13_record_layer_callbacks {
-        /* Wire callbacks. */
-        tls_read_cb wire_read;
-        tls_write_cb wire_write;
-        tls_flush_cb wire_flush;
-
-        /* Interceptors. */
-        tls_handshake_read_cb handshake_read;
-        tls_handshake_write_cb handshake_write;
-        tls_traffic_key_cb set_read_traffic_key;
-        tls_traffic_key_cb set_write_traffic_key;
-        tls_alert_send_cb alert_send;
-
-        /* Notification callbacks. */
-        tls13_alert_cb alert_recv;
-        tls13_alert_cb alert_sent;
-        tls13_phh_recv_cb phh_recv;
-        tls13_phh_sent_cb phh_sent;
-};
-
-struct tls13_record_layer *tls13_record_layer_new(
-    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg);
-void tls13_record_layer_free(struct tls13_record_layer *rl);
-void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
-    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg);
-void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
-void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
-void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs);
-void tls13_record_layer_set_aead(struct tls13_record_layer *rl,
-    const EVP_AEAD *aead);
-void tls13_record_layer_set_hash(struct tls13_record_layer *rl,
-    const EVP_MD *hash);
-void tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
-    uint16_t version);
-void tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry);
-void tls13_record_layer_alert_sent(struct tls13_record_layer *rl,
-    uint8_t alert_level, uint8_t alert_desc);
-void tls13_record_layer_handshake_completed(struct tls13_record_layer *rl);
-int tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *read_key, enum ssl_encryption_level_t read_level);
-int tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *write_key, enum ssl_encryption_level_t write_level);
-ssize_t tls13_record_layer_send_pending(struct tls13_record_layer *rl);
-ssize_t tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs);
-ssize_t tls13_record_layer_flush(struct tls13_record_layer *rl);
-
-ssize_t tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
-ssize_t tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
-    size_t n);
-ssize_t tls13_pending_application_data(struct tls13_record_layer *rl);
-ssize_t tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
-ssize_t tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n);
-ssize_t tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
-    size_t n);
-
-ssize_t tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc);
-ssize_t tls13_send_dummy_ccs(struct tls13_record_layer *rl);
-
-/*
- * Handshake Messages.
- */
-struct tls13_handshake_msg;
-
-struct tls13_handshake_msg *tls13_handshake_msg_new(void);
-void tls13_handshake_msg_free(struct tls13_handshake_msg *msg);
-void tls13_handshake_msg_data(struct tls13_handshake_msg *msg, CBS *cbs);
-uint8_t tls13_handshake_msg_type(struct tls13_handshake_msg *msg);
-int tls13_handshake_msg_content(struct tls13_handshake_msg *msg, CBS *cbs);
-int tls13_handshake_msg_start(struct tls13_handshake_msg *msg, CBB *body,
-    uint8_t msg_type);
-int tls13_handshake_msg_finish(struct tls13_handshake_msg *msg);
-int tls13_handshake_msg_recv(struct tls13_handshake_msg *msg,
-    struct tls13_record_layer *rl);
-int tls13_handshake_msg_send(struct tls13_handshake_msg *msg,
-    struct tls13_record_layer *rl);
-
-struct tls13_handshake_stage {
-        uint8_t hs_type;
-        uint8_t message_number;
-};
-
-struct ssl_handshake_tls13_st;
-
-struct tls13_error {
-        int code;
-        int subcode;
-        int errnum;
-        const char *file;
-        int line;
-        char *msg;
-};
-
-struct tls13_ctx {
-        struct tls13_error error;
-
-        SSL *ssl;
-        struct ssl_handshake_st *hs;
-        uint8_t mode;
-        struct tls13_handshake_stage handshake_stage;
-        int handshake_started;
-        int handshake_completed;
-        int need_flush;
-        int middlebox_compat;
-        int send_dummy_ccs;
-        int send_dummy_ccs_after;
-
-        int close_notify_sent;
-        int close_notify_recv;
-
-        const EVP_AEAD *aead;
-        const EVP_MD *hash;
-
-        struct tls13_record_layer *rl;
-        struct tls13_handshake_msg *hs_msg;
-        uint8_t key_update_request;
-        uint8_t alert;
-        int phh_count;
-        time_t phh_last_seen;
-
-        tls13_alert_cb alert_sent_cb;
-        tls13_alert_cb alert_recv_cb;
-        tls13_handshake_message_cb handshake_message_sent_cb;
-        tls13_handshake_message_cb handshake_message_recv_cb;
-        tls13_info_cb info_cb;
-        tls13_ocsp_status_cb ocsp_status_recv_cb;
-};
-#ifndef TLS13_PHH_LIMIT_TIME
-#define TLS13_PHH_LIMIT_TIME 3600
-#endif
-#ifndef TLS13_PHH_LIMIT
-#define TLS13_PHH_LIMIT 100
-#endif
-
-struct tls13_ctx *tls13_ctx_new(int mode, SSL *ssl);
-void tls13_ctx_free(struct tls13_ctx *ctx);
-
-const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
-const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
-
-void tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg);
-void tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg);
-ssize_t tls13_phh_received_cb(void *cb_arg);
-void tls13_phh_done_cb(void *cb_arg);
-
-int tls13_quic_init(struct tls13_ctx *ctx);
-
-/*
- * Legacy interfaces.
- */
-int tls13_use_legacy_client(struct tls13_ctx *ctx);
-int tls13_use_legacy_server(struct tls13_ctx *ctx);
-int tls13_legacy_accept(SSL *ssl);
-int tls13_legacy_connect(SSL *ssl);
-ssize_t tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg);
-ssize_t tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg);
-ssize_t tls13_legacy_wire_flush_cb(void *arg);
-int tls13_legacy_pending(const SSL *ssl);
-int tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len,
-    int peek);
-int tls13_legacy_write_bytes(SSL *ssl, int type, const void *buf, int len);
-int tls13_legacy_shutdown(SSL *ssl);
-int tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert);
-
-/*
- * Message Types - RFC 8446, Section B.3.
- *
- * Values listed as "_RESERVED" were used in previous versions of TLS and are
- * listed here for completeness.  TLS 1.3 implementations MUST NOT send them but
- * might receive them from older TLS implementations.
- */
-#define TLS13_MT_HELLO_REQUEST_RESERVED         0
-#define TLS13_MT_CLIENT_HELLO                   1
-#define TLS13_MT_SERVER_HELLO                   2
-#define TLS13_MT_HELLO_VERIFY_REQUEST_RESERVED  3
-#define TLS13_MT_NEW_SESSION_TICKET             4
-#define TLS13_MT_END_OF_EARLY_DATA              5
-#define TLS13_MT_HELLO_RETRY_REQUEST_RESERVED   6
-#define TLS13_MT_ENCRYPTED_EXTENSIONS           8
-#define TLS13_MT_CERTIFICATE                    11
-#define TLS13_MT_SERVER_KEY_EXCHANGE_RESERVED   12
-#define TLS13_MT_CERTIFICATE_REQUEST            13
-#define TLS13_MT_SERVER_HELLO_DONE_RESERVED     14
-#define TLS13_MT_CERTIFICATE_VERIFY             15
-#define TLS13_MT_CLIENT_KEY_EXCHANGE_RESERVED   16
-#define TLS13_MT_FINISHED                       20
-#define TLS13_MT_CERTIFICATE_URL_RESERVED       21
-#define TLS13_MT_CERTIFICATE_STATUS_RESERVED    22
-#define TLS13_MT_SUPPLEMENTAL_DATA_RESERVED     23
-#define TLS13_MT_KEY_UPDATE                     24
-#define TLS13_MT_MESSAGE_HASH                   254
-
-int tls13_handshake_msg_record(struct tls13_ctx *ctx);
-int tls13_handshake_perform(struct tls13_ctx *ctx);
-
-int tls13_client_init(struct tls13_ctx *ctx);
-int tls13_server_init(struct tls13_ctx *ctx);
-int tls13_client_connect(struct tls13_ctx *ctx);
-int tls13_server_accept(struct tls13_ctx *ctx);
-
-int tls13_client_hello_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_hello_sent(struct tls13_ctx *ctx);
-int tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_hello_retry_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_end_of_early_data_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_client_finished_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_client_finished_sent(struct tls13_ctx *ctx);
-int tls13_server_hello_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_hello_sent(struct tls13_ctx *ctx);
-int tls13_server_hello_retry_request_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx);
-int tls13_server_encrypted_extensions_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_request_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_finished_recv(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb);
-int tls13_server_finished_sent(struct tls13_ctx *ctx);
-
-void tls13_error_clear(struct tls13_error *error);
-int tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
-    int(*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb));
-
-int tls13_synthetic_handshake_message(struct tls13_ctx *ctx);
-int tls13_clienthello_hash_init(struct tls13_ctx *ctx);
-void tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs);
-int tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data,
-    size_t len);
-int tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs);
-int tls13_clienthello_hash_finalize(struct tls13_ctx *ctx);
-int tls13_clienthello_hash_validate(struct tls13_ctx *ctx);
-
-int tls13_error_set(struct tls13_error *error, int code, int subcode,
-    const char *file, int line, const char *fmt, ...);
-int tls13_error_setx(struct tls13_error *error, int code, int subcode,
-    const char *file, int line, const char *fmt, ...);
-
-#define tls13_set_error(ctx, code, subcode, fmt, ...) \
-        tls13_error_set(&(ctx)->error, (code), (subcode), OPENSSL_FILE, OPENSSL_LINE, \
-            (fmt), __VA_ARGS__)
-#define tls13_set_errorx(ctx, code, subcode, fmt, ...) \
-        tls13_error_setx(&(ctx)->error, (code), (subcode), OPENSSL_FILE, OPENSSL_LINE, \
-            (fmt), __VA_ARGS__)
-
-int tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
-    const uint8_t *context_value, size_t context_value_len, uint8_t *out,
-    size_t out_len);
-
-extern const uint8_t tls13_downgrade_12[8];
-extern const uint8_t tls13_downgrade_11[8];
-extern const uint8_t tls13_hello_retry_request_hash[32];
-extern const uint8_t tls13_cert_verify_pad[64];
-extern const uint8_t tls13_cert_client_verify_context[];
-extern const uint8_t tls13_cert_server_verify_context[];
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c
deleted file mode 100644
index 05bcf0f006..0000000000
--- a/src/lib/libssl/tls13_key_schedule.c
+++ /dev/null
@@ -1,458 +0,0 @@
-/* $OpenBSD: tls13_key_schedule.c,v 1.18 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
- * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
- * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
- * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <string.h>
-#include <stdlib.h>
-
-#include <openssl/hkdf.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "tls13_internal.h"
-
-int
-tls13_secret_init(struct tls13_secret *secret, size_t len)
-{
-        if (secret->data != NULL)
-                return 0;
-
-        if ((secret->data = calloc(1, len)) == NULL)
-                return 0;
-        secret->len = len;
-
-        return 1;
-}
-
-void
-tls13_secret_cleanup(struct tls13_secret *secret)
-{
-        freezero(secret->data, secret->len);
-        secret->data = NULL;
-        secret->len = 0;
-}
-
-/*
- * Allocate a set of secrets for a key schedule using
- * a size of hash_length from RFC 8446 section 7.1.
- */
-struct tls13_secrets *
-tls13_secrets_create(const EVP_MD *digest, int resumption)
-{
-        struct tls13_secrets *secrets = NULL;
-        EVP_MD_CTX *mdctx = NULL;
-        unsigned int mdlen;
-        size_t hash_length;
-
-        hash_length = EVP_MD_size(digest);
-
-        if ((secrets = calloc(1, sizeof(struct tls13_secrets))) == NULL)
-                goto err;
-
-        if (!tls13_secret_init(&secrets->zeros, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->empty_hash, hash_length))
-                goto err;
-
-        if (!tls13_secret_init(&secrets->extracted_early, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->binder_key, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->client_early_traffic, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->early_exporter_master, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->derived_early, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->extracted_handshake, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->client_handshake_traffic, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->server_handshake_traffic, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->derived_handshake, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->extracted_master, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->client_application_traffic, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->server_application_traffic, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->exporter_master, hash_length))
-                goto err;
-        if (!tls13_secret_init(&secrets->resumption_master, hash_length))
-                goto err;
-
-        /*
-         * Calculate the hash of a zero-length string - this is needed during
-         * the "derived" step for key extraction.
-         */
-        if ((mdctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestInit_ex(mdctx, digest, NULL))
-                goto err;
-        if (!EVP_DigestUpdate(mdctx, secrets->zeros.data, 0))
-                goto err;
-        if (!EVP_DigestFinal_ex(mdctx, secrets->empty_hash.data, &mdlen))
-                goto err;
-        EVP_MD_CTX_free(mdctx);
-        mdctx = NULL;
-
-        if (secrets->empty_hash.len != mdlen)
-                goto err;
-
-        secrets->digest = digest;
-        secrets->resumption = resumption;
-        secrets->init_done = 1;
-
-        return secrets;
-
- err:
-        tls13_secrets_destroy(secrets);
-        EVP_MD_CTX_free(mdctx);
-
-        return NULL;
-}
-
-void
-tls13_secrets_destroy(struct tls13_secrets *secrets)
-{
-        if (secrets == NULL)
-                return;
-
-        /* you can never be too sure :) */
-        tls13_secret_cleanup(&secrets->zeros);
-        tls13_secret_cleanup(&secrets->empty_hash);
-
-        tls13_secret_cleanup(&secrets->extracted_early);
-        tls13_secret_cleanup(&secrets->binder_key);
-        tls13_secret_cleanup(&secrets->client_early_traffic);
-        tls13_secret_cleanup(&secrets->early_exporter_master);
-        tls13_secret_cleanup(&secrets->derived_early);
-        tls13_secret_cleanup(&secrets->extracted_handshake);
-        tls13_secret_cleanup(&secrets->client_handshake_traffic);
-        tls13_secret_cleanup(&secrets->server_handshake_traffic);
-        tls13_secret_cleanup(&secrets->derived_handshake);
-        tls13_secret_cleanup(&secrets->extracted_master);
-        tls13_secret_cleanup(&secrets->client_application_traffic);
-        tls13_secret_cleanup(&secrets->server_application_traffic);
-        tls13_secret_cleanup(&secrets->exporter_master);
-        tls13_secret_cleanup(&secrets->resumption_master);
-
-        freezero(secrets, sizeof(struct tls13_secrets));
-}
-
-int
-tls13_hkdf_expand_label(struct tls13_secret *out, const EVP_MD *digest,
-    const struct tls13_secret *secret, const char *label,
-    const struct tls13_secret *context)
-{
-        return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
-            strlen(label), context);
-}
-
-int
-tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
-    const EVP_MD *digest, const struct tls13_secret *secret,
-    const uint8_t *label, size_t label_len, const struct tls13_secret *context)
-{
-        const char tls13_plabel[] = "tls13 ";
-        uint8_t *hkdf_label = NULL;
-        size_t hkdf_label_len;
-        CBB cbb, child;
-        int ret;
-
-        if (!CBB_init(&cbb, 256))
-                goto err;
-
-        if (out->data == NULL || out->len == 0)
-                goto err;
-
-        if (!CBB_add_u16(&cbb, out->len))
-                goto err;
-        if (!CBB_add_u8_length_prefixed(&cbb, &child))
-                goto err;
-        if (!CBB_add_bytes(&child, tls13_plabel, strlen(tls13_plabel)))
-                goto err;
-        if (!CBB_add_bytes(&child, label, label_len))
-                goto err;
-        if (!CBB_add_u8_length_prefixed(&cbb, &child))
-                goto err;
-        if (!CBB_add_bytes(&child, context->data, context->len))
-                goto err;
-        if (!CBB_finish(&cbb, &hkdf_label, &hkdf_label_len))
-                goto err;
-
-        ret = HKDF_expand(out->data, out->len, digest, secret->data,
-            secret->len, hkdf_label, hkdf_label_len);
-
-        free(hkdf_label);
-        return(ret);
- err:
-        CBB_cleanup(&cbb);
-        return(0);
-}
-
-int
-tls13_derive_secret(struct tls13_secret *out, const EVP_MD *digest,
-    const struct tls13_secret *secret, const char *label,
-    const struct tls13_secret *context)
-{
-        return tls13_hkdf_expand_label(out, digest, secret, label, context);
-}
-
-int
-tls13_derive_secret_with_label_length(struct tls13_secret *out,
-    const EVP_MD *digest, const struct tls13_secret *secret, const uint8_t *label,
-    size_t label_len, const struct tls13_secret *context)
-{
-        return tls13_hkdf_expand_label_with_length(out, digest, secret, label,
-            label_len, context);
-}
-
-int
-tls13_derive_early_secrets(struct tls13_secrets *secrets,
-    uint8_t *psk, size_t psk_len, const struct tls13_secret *context)
-{
-        if (!secrets->init_done || secrets->early_done)
-                return 0;
-
-        if (!HKDF_extract(secrets->extracted_early.data,
-            &secrets->extracted_early.len, secrets->digest, psk, psk_len,
-            secrets->zeros.data, secrets->zeros.len))
-                return 0;
-
-        if (secrets->extracted_early.len != secrets->zeros.len)
-                return 0;
-
-        if (!tls13_derive_secret(&secrets->binder_key, secrets->digest,
-            &secrets->extracted_early,
-            secrets->resumption ? "res binder" : "ext binder",
-            &secrets->empty_hash))
-                return 0;
-        if (!tls13_derive_secret(&secrets->client_early_traffic,
-            secrets->digest, &secrets->extracted_early, "c e traffic",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->early_exporter_master,
-            secrets->digest, &secrets->extracted_early, "e exp master",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->derived_early,
-            secrets->digest, &secrets->extracted_early, "derived",
-            &secrets->empty_hash))
-                return 0;
-
-        /* RFC 8446 recommends */
-        if (!secrets->insecure)
-                explicit_bzero(secrets->extracted_early.data,
-                    secrets->extracted_early.len);
-        secrets->early_done = 1;
-        return 1;
-}
-
-int
-tls13_derive_handshake_secrets(struct tls13_secrets *secrets,
-    const uint8_t *ecdhe, size_t ecdhe_len,
-    const struct tls13_secret *context)
-{
-        if (!secrets->init_done || !secrets->early_done ||
-            secrets->handshake_done)
-                return 0;
-
-        if (!HKDF_extract(secrets->extracted_handshake.data,
-            &secrets->extracted_handshake.len, secrets->digest,
-            ecdhe, ecdhe_len, secrets->derived_early.data,
-            secrets->derived_early.len))
-                return 0;
-
-        if (secrets->extracted_handshake.len != secrets->zeros.len)
-                return 0;
-
-        /* XXX */
-        if (!secrets->insecure)
-                explicit_bzero(secrets->derived_early.data,
-                    secrets->derived_early.len);
-
-        if (!tls13_derive_secret(&secrets->client_handshake_traffic,
-            secrets->digest, &secrets->extracted_handshake, "c hs traffic",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->server_handshake_traffic,
-            secrets->digest, &secrets->extracted_handshake, "s hs traffic",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->derived_handshake,
-            secrets->digest, &secrets->extracted_handshake, "derived",
-            &secrets->empty_hash))
-                return 0;
-
-        /* RFC 8446 recommends */
-        if (!secrets->insecure)
-                explicit_bzero(secrets->extracted_handshake.data,
-                    secrets->extracted_handshake.len);
-
-        secrets->handshake_done = 1;
-
-        return 1;
-}
-
-int
-tls13_derive_application_secrets(struct tls13_secrets *secrets,
-    const struct tls13_secret *context)
-{
-        if (!secrets->init_done || !secrets->early_done ||
-            !secrets->handshake_done || secrets->schedule_done)
-                return 0;
-
-        if (!HKDF_extract(secrets->extracted_master.data,
-            &secrets->extracted_master.len, secrets->digest,
-            secrets->zeros.data, secrets->zeros.len,
-            secrets->derived_handshake.data, secrets->derived_handshake.len))
-                return 0;
-
-        if (secrets->extracted_master.len != secrets->zeros.len)
-                return 0;
-
-        /* XXX */
-        if (!secrets->insecure)
-                explicit_bzero(secrets->derived_handshake.data,
-                    secrets->derived_handshake.len);
-
-        if (!tls13_derive_secret(&secrets->client_application_traffic,
-            secrets->digest, &secrets->extracted_master, "c ap traffic",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->server_application_traffic,
-            secrets->digest, &secrets->extracted_master, "s ap traffic",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->exporter_master,
-            secrets->digest, &secrets->extracted_master, "exp master",
-            context))
-                return 0;
-        if (!tls13_derive_secret(&secrets->resumption_master,
-            secrets->digest, &secrets->extracted_master, "res master",
-            context))
-                return 0;
-
-        /* RFC 8446 recommends */
-        if (!secrets->insecure)
-                explicit_bzero(secrets->extracted_master.data,
-                    secrets->extracted_master.len);
-
-        secrets->schedule_done = 1;
-
-        return 1;
-}
-
-int
-tls13_update_client_traffic_secret(struct tls13_secrets *secrets)
-{
-        struct tls13_secret context = { .data = "", .len = 0 };
-
-        if (!secrets->init_done || !secrets->early_done ||
-            !secrets->handshake_done || !secrets->schedule_done)
-                return 0;
-
-        return tls13_hkdf_expand_label(&secrets->client_application_traffic,
-            secrets->digest, &secrets->client_application_traffic,
-            "traffic upd", &context);
-}
-
-int
-tls13_update_server_traffic_secret(struct tls13_secrets *secrets)
-{
-        struct tls13_secret context = { .data = "", .len = 0 };
-
-        if (!secrets->init_done || !secrets->early_done ||
-            !secrets->handshake_done || !secrets->schedule_done)
-                return 0;
-
-        return tls13_hkdf_expand_label(&secrets->server_application_traffic,
-            secrets->digest, &secrets->server_application_traffic,
-            "traffic upd", &context);
-}
-
-int
-tls13_exporter(struct tls13_ctx *ctx, const uint8_t *label, size_t label_len,
-    const uint8_t *context_value, size_t context_value_len, uint8_t *out,
-    size_t out_len)
-{
-        struct tls13_secret context, export_out, export_secret;
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        EVP_MD_CTX *md_ctx = NULL;
-        unsigned int md_out_len;
-        int md_len;
-        int ret = 0;
-
-        /*
-         * RFC 8446 Section 7.5.
-         */
-
-        memset(&context, 0, sizeof(context));
-        memset(&export_secret, 0, sizeof(export_secret));
-
-        export_out.data = out;
-        export_out.len = out_len;
-
-        if (!ctx->handshake_completed)
-                return 0;
-
-        md_len = EVP_MD_size(secrets->digest);
-        if (md_len <= 0 || md_len > EVP_MAX_MD_SIZE)
-                goto err;
-
-        if (!tls13_secret_init(&export_secret, md_len))
-                goto err;
-        if (!tls13_secret_init(&context, md_len))
-                goto err;
-
-        /* In TLSv1.3 no context is equivalent to an empty context. */
-        if (context_value == NULL) {
-                context_value = "";
-                context_value_len = 0;
-        }
-
-        if ((md_ctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestInit_ex(md_ctx, secrets->digest, NULL))
-                goto err;
-        if (!EVP_DigestUpdate(md_ctx, context_value, context_value_len))
-                goto err;
-        if (!EVP_DigestFinal_ex(md_ctx, context.data, &md_out_len))
-                goto err;
-        if (md_len != md_out_len)
-                goto err;
-
-        if (!tls13_derive_secret_with_label_length(&export_secret,
-            secrets->digest, &secrets->exporter_master, label, label_len,
-            &secrets->empty_hash))
-                goto err;
-
-        if (!tls13_hkdf_expand_label(&export_out, secrets->digest,
-            &export_secret, "exporter", &context))
-                goto err;
-
-        ret = 1;
-
- err:
-        EVP_MD_CTX_free(md_ctx);
-        tls13_secret_cleanup(&context);
-        tls13_secret_cleanup(&export_secret);
-
-        return ret;
-}
diff --git a/src/lib/libssl/tls13_legacy.c b/src/lib/libssl/tls13_legacy.c
deleted file mode 100644
index 6c33eccc61..0000000000
--- a/src/lib/libssl/tls13_legacy.c
+++ /dev/null
@@ -1,563 +0,0 @@
-/*      $OpenBSD: tls13_legacy.c,v 1.44 2024/01/30 14:50:50 jsing Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <limits.h>
-
-#include "ssl_local.h"
-#include "tls13_internal.h"
-
-static ssize_t
-tls13_legacy_wire_read(SSL *ssl, uint8_t *buf, size_t len)
-{
-        int n;
-
-        if (ssl->rbio == NULL) {
-                SSLerror(ssl, SSL_R_BIO_NOT_SET);
-                return TLS13_IO_FAILURE;
-        }
-
-        ssl->rwstate = SSL_READING;
-        errno = 0;
-
-        if ((n = BIO_read(ssl->rbio, buf, len)) <= 0) {
-                if (BIO_should_read(ssl->rbio))
-                        return TLS13_IO_WANT_POLLIN;
-                if (n == 0)
-                        return TLS13_IO_EOF;
-
-                if (ERR_peek_error() == 0 && errno != 0)
-                        SYSerror(errno);
-
-                return TLS13_IO_FAILURE;
-        }
-
-        if (n == len)
-                ssl->rwstate = SSL_NOTHING;
-
-        return n;
-}
-
-ssize_t
-tls13_legacy_wire_read_cb(void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-
-        return tls13_legacy_wire_read(ctx->ssl, buf, n);
-}
-
-static ssize_t
-tls13_legacy_wire_write(SSL *ssl, const uint8_t *buf, size_t len)
-{
-        int n;
-
-        if (ssl->wbio == NULL) {
-                SSLerror(ssl, SSL_R_BIO_NOT_SET);
-                return TLS13_IO_FAILURE;
-        }
-
-        ssl->rwstate = SSL_WRITING;
-        errno = 0;
-
-        if ((n = BIO_write(ssl->wbio, buf, len)) <= 0) {
-                if (BIO_should_write(ssl->wbio))
-                        return TLS13_IO_WANT_POLLOUT;
-
-                if (ERR_peek_error() == 0 && errno != 0)
-                        SYSerror(errno);
-
-                return TLS13_IO_FAILURE;
-        }
-
-        if (n == len)
-                ssl->rwstate = SSL_NOTHING;
-
-        return n;
-}
-
-ssize_t
-tls13_legacy_wire_write_cb(const void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-
-        return tls13_legacy_wire_write(ctx->ssl, buf, n);
-}
-
-static ssize_t
-tls13_legacy_wire_flush(SSL *ssl)
-{
-        if (BIO_flush(ssl->wbio) <= 0) {
-                if (BIO_should_write(ssl->wbio))
-                        return TLS13_IO_WANT_POLLOUT;
-
-                if (ERR_peek_error() == 0 && errno != 0)
-                        SYSerror(errno);
-
-                return TLS13_IO_FAILURE;
-        }
-
-        return TLS13_IO_SUCCESS;
-}
-
-ssize_t
-tls13_legacy_wire_flush_cb(void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-
-        return tls13_legacy_wire_flush(ctx->ssl);
-}
-
-static void
-tls13_legacy_error(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        int reason = SSL_R_UNKNOWN;
-
-        /* If we received a fatal alert we already put an error on the stack. */
-        if (ssl->s3->fatal_alert != 0)
-                return;
-
-        switch (ctx->error.code) {
-        case TLS13_ERR_VERIFY_FAILED:
-                reason = SSL_R_CERTIFICATE_VERIFY_FAILED;
-                break;
-        case TLS13_ERR_HRR_FAILED:
-                reason = SSL_R_NO_CIPHERS_AVAILABLE;
-                break;
-        case TLS13_ERR_TRAILING_DATA:
-                reason = SSL_R_EXTRA_DATA_IN_MESSAGE;
-                break;
-        case TLS13_ERR_NO_SHARED_CIPHER:
-                reason = SSL_R_NO_SHARED_CIPHER;
-                break;
-        case TLS13_ERR_NO_CERTIFICATE:
-                reason = SSL_R_MISSING_RSA_CERTIFICATE; /* XXX */
-                break;
-        case TLS13_ERR_NO_PEER_CERTIFICATE:
-                reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE;
-                break;
-        }
-
-        /* Something (probably libcrypto) already pushed an error on the stack. */
-        if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0)
-                return;
-
-        ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file,
-            ctx->error.line);
-}
-
-static int
-tls13_legacy_return_code(SSL *ssl, ssize_t ret)
-{
-        if (ret > INT_MAX) {
-                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        /* A successful read, write or other operation. */
-        if (ret > 0)
-                return ret;
-
-        ssl->rwstate = SSL_NOTHING;
-
-        switch (ret) {
-        case TLS13_IO_EOF:
-                return 0;
-
-        case TLS13_IO_FAILURE:
-                tls13_legacy_error(ssl);
-                return -1;
-
-        case TLS13_IO_ALERT:
-                tls13_legacy_error(ssl);
-                return -1;
-
-        case TLS13_IO_WANT_POLLIN:
-                BIO_set_retry_read(ssl->rbio);
-                ssl->rwstate = SSL_READING;
-                return -1;
-
-        case TLS13_IO_WANT_POLLOUT:
-                BIO_set_retry_write(ssl->wbio);
-                ssl->rwstate = SSL_WRITING;
-                return -1;
-
-        case TLS13_IO_WANT_RETRY:
-                SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-                return -1;
-        }
-
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-        return -1;
-}
-
-int
-tls13_legacy_pending(const SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        ssize_t ret;
-
-        if (ctx == NULL)
-                return 0;
-
-        ret = tls13_pending_application_data(ctx->rl);
-        if (ret < 0 || ret > INT_MAX)
-                return 0;
-
-        return ret;
-}
-
-int
-tls13_legacy_read_bytes(SSL *ssl, int type, unsigned char *buf, int len, int peek)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        ssize_t ret;
-
-        if (ctx == NULL || !ctx->handshake_completed) {
-                if ((ret = ssl->handshake_func(ssl)) <= 0)
-                        return ret;
-                if (len == 0)
-                        return 0;
-                return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLIN);
-        }
-
-        tls13_record_layer_set_retry_after_phh(ctx->rl,
-            (ctx->ssl->mode & SSL_MODE_AUTO_RETRY) != 0);
-
-        if (type != SSL3_RT_APPLICATION_DATA) {
-                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-        }
-        if (len < 0) {
-                SSLerror(ssl, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-
-        if (peek)
-                ret = tls13_peek_application_data(ctx->rl, buf, len);
-        else
-                ret = tls13_read_application_data(ctx->rl, buf, len);
-
-        return tls13_legacy_return_code(ssl, ret);
-}
-
-int
-tls13_legacy_write_bytes(SSL *ssl, int type, const void *vbuf, int len)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        const uint8_t *buf = vbuf;
-        size_t n, sent;
-        ssize_t ret;
-
-        if (ctx == NULL || !ctx->handshake_completed) {
-                if ((ret = ssl->handshake_func(ssl)) <= 0)
-                        return ret;
-                if (len == 0)
-                        return 0;
-                return tls13_legacy_return_code(ssl, TLS13_IO_WANT_POLLOUT);
-        }
-
-        if (type != SSL3_RT_APPLICATION_DATA) {
-                SSLerror(ssl, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
-                return -1;
-        }
-        if (len < 0) {
-                SSLerror(ssl, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-
-        /*
-         * The TLSv1.3 record layer write behaviour is the same as
-         * SSL_MODE_ENABLE_PARTIAL_WRITE.
-         */
-        if (ssl->mode & SSL_MODE_ENABLE_PARTIAL_WRITE) {
-                ret = tls13_write_application_data(ctx->rl, buf, len);
-                return tls13_legacy_return_code(ssl, ret);
-        }
-
-        /*
-         * In the non-SSL_MODE_ENABLE_PARTIAL_WRITE case we have to loop until
-         * we have written out all of the requested data.
-         */
-        sent = ssl->s3->wnum;
-        if (len < sent) {
-                SSLerror(ssl, SSL_R_BAD_LENGTH);
-                return -1;
-        }
-        n = len - sent;
-        for (;;) {
-                if (n == 0) {
-                        ssl->s3->wnum = 0;
-                        return sent;
-                }
-                if ((ret = tls13_write_application_data(ctx->rl,
-                    &buf[sent], n)) <= 0) {
-                        ssl->s3->wnum = sent;
-                        return tls13_legacy_return_code(ssl, ret);
-                }
-                sent += ret;
-                n -= ret;
-        }
-}
-
-static int
-tls13_use_legacy_stack(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-        CBB cbb, fragment;
-        CBS cbs;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (!ssl3_setup_init_buffer(s))
-                goto err;
-        if (!ssl3_setup_buffers(s))
-                goto err;
-        if (!ssl_init_wbio_buffer(s, 1))
-                goto err;
-
-        /* Stash any unprocessed data from the last record. */
-        tls13_record_layer_rcontent(ctx->rl, &cbs);
-        if (CBS_len(&cbs) > 0) {
-                if (!CBB_init_fixed(&cbb, s->s3->rbuf.buf,
-                    s->s3->rbuf.len))
-                        goto err;
-                if (!CBB_add_u8(&cbb, SSL3_RT_HANDSHAKE))
-                        goto err;
-                if (!CBB_add_u16(&cbb, TLS1_2_VERSION))
-                        goto err;
-                if (!CBB_add_u16_length_prefixed(&cbb, &fragment))
-                        goto err;
-                if (!CBB_add_bytes(&fragment, CBS_data(&cbs), CBS_len(&cbs)))
-                        goto err;
-                if (!CBB_finish(&cbb, NULL, NULL))
-                        goto err;
-
-                s->s3->rbuf.offset = SSL3_RT_HEADER_LENGTH;
-                s->s3->rbuf.left = CBS_len(&cbs);
-                s->s3->rrec.type = SSL3_RT_HANDSHAKE;
-                s->s3->rrec.length = CBS_len(&cbs);
-                s->rstate = SSL_ST_READ_BODY;
-                s->packet = s->s3->rbuf.buf;
-                s->packet_length = SSL3_RT_HEADER_LENGTH;
-                s->mac_packet = 1;
-        }
-
-        /* Stash the current handshake message. */
-        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
-        if (!BUF_MEM_grow_clean(s->init_buf, CBS_len(&cbs)))
-                goto err;
-        if (!CBS_write_bytes(&cbs, s->init_buf->data,
-            s->init_buf->length, NULL))
-                goto err;
-
-        s->s3->hs.tls12.reuse_message = 1;
-        s->s3->hs.tls12.message_type = tls13_handshake_msg_type(ctx->hs_msg);
-        s->s3->hs.tls12.message_size = CBS_len(&cbs) - SSL3_HM_HEADER_LENGTH;
-
-        /*
-         * Only switch the method after initialization is complete
-         * as we start part way into the legacy state machine.
-         */
-        s->method = tls_legacy_method();
-
-        return 1;
-
- err:
-        CBB_cleanup(&cbb);
-
-        return 0;
-}
-
-int
-tls13_use_legacy_client(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-
-        if (!tls13_use_legacy_stack(ctx))
-                return 0;
-
-        s->handshake_func = s->method->ssl_connect;
-        s->version = s->method->max_tls_version;
-
-        return 1;
-}
-
-int
-tls13_use_legacy_server(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-
-        if (!tls13_use_legacy_stack(ctx))
-                return 0;
-
-        s->handshake_func = s->method->ssl_accept;
-        s->version = s->method->max_tls_version;
-        s->server = 1;
-
-        return 1;
-}
-
-int
-tls13_legacy_accept(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        int ret;
-
-        if (ctx == NULL) {
-                if ((ctx = tls13_ctx_new(TLS13_HS_SERVER, ssl)) == NULL) {
-                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-                if (!tls13_server_init(ctx)) {
-                        if (ERR_peek_error() == 0)
-                                SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-        }
-
-        ERR_clear_error();
-
-        ret = tls13_server_accept(ctx);
-        if (ret == TLS13_IO_USE_LEGACY)
-                return ssl->method->ssl_accept(ssl);
-
-        ret = tls13_legacy_return_code(ssl, ret);
-
-        if (ctx->info_cb != NULL)
-                ctx->info_cb(ctx, TLS13_INFO_ACCEPT_EXIT, ret);
-
-        return ret;
-}
-
-int
-tls13_legacy_connect(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        int ret;
-
-        if (ctx == NULL) {
-                if ((ctx = tls13_ctx_new(TLS13_HS_CLIENT, ssl)) == NULL) {
-                        SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-                if (!tls13_client_init(ctx)) {
-                        if (ERR_peek_error() == 0)
-                                SSLerror(ssl, ERR_R_INTERNAL_ERROR); /* XXX */
-                        return -1;
-                }
-        }
-
-        ERR_clear_error();
-
-        ret = tls13_client_connect(ctx);
-        if (ret == TLS13_IO_USE_LEGACY)
-                return ssl->method->ssl_connect(ssl);
-
-        ret = tls13_legacy_return_code(ssl, ret);
-
-        if (ctx->info_cb != NULL)
-                ctx->info_cb(ctx, TLS13_INFO_CONNECT_EXIT, ret);
-
-        return ret;
-}
-
-int
-tls13_legacy_shutdown(SSL *ssl)
-{
-        struct tls13_ctx *ctx = ssl->tls13;
-        uint8_t buf[512]; /* XXX */
-        ssize_t ret;
-
-        /*
-         * We need to return 0 at the point that we have completed sending a
-         * close-notify. We return 1 when we have sent and received close-notify
-         * alerts. All other cases, including EOF, return -1 and set internal
-         * state appropriately. Note that all of this insanity can also be
-         * externally controlled by manipulating the shutdown flags.
-         */
-        if (ctx == NULL || ssl->quiet_shutdown) {
-                ssl->shutdown = SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN;
-                return 1;
-        }
-
-        if ((ssl->shutdown & SSL_SENT_SHUTDOWN) == 0) {
-                ssl->shutdown |= SSL_SENT_SHUTDOWN;
-                ret = tls13_send_alert(ctx->rl, TLS13_ALERT_CLOSE_NOTIFY);
-                if (ret == TLS13_IO_EOF)
-                        return -1;
-                if (ret != TLS13_IO_SUCCESS)
-                        return tls13_legacy_return_code(ssl, ret);
-                goto done;
-        }
-
-        ret = tls13_record_layer_send_pending(ctx->rl);
-        if (ret == TLS13_IO_EOF)
-                return -1;
-        if (ret != TLS13_IO_SUCCESS)
-                return tls13_legacy_return_code(ssl, ret);
-
-        if ((ssl->shutdown & SSL_RECEIVED_SHUTDOWN) == 0) {
-                /*
-                 * If there is no application data pending, attempt to read more
-                 * data in order to receive a close-notify. This should trigger
-                 * a record to be read from the wire, which may be application
-                 * handshake or alert data. Only one attempt is made with no
-                 * error handling, in order to match previous semantics.
-                 */
-                if (tls13_pending_application_data(ctx->rl) == 0) {
-                        (void)tls13_read_application_data(ctx->rl, buf, sizeof(buf));
-                        if (!ctx->close_notify_recv)
-                                return -1;
-                }
-        }
-
- done:
-        if (ssl->shutdown == (SSL_SENT_SHUTDOWN | SSL_RECEIVED_SHUTDOWN))
-                return 1;
-
-        return 0;
-}
-
-int
-tls13_legacy_servername_process(struct tls13_ctx *ctx, uint8_t *alert)
-{
-        int legacy_alert = SSL_AD_UNRECOGNIZED_NAME;
-        int ret = SSL_TLSEXT_ERR_NOACK;
-        SSL_CTX *ssl_ctx = ctx->ssl->ctx;
-        SSL *s = ctx->ssl;
-
-        if (ssl_ctx->tlsext_servername_callback == NULL)
-                ssl_ctx = s->initial_ctx;
-        if (ssl_ctx->tlsext_servername_callback == NULL)
-                return 1;
-
-        ret = ssl_ctx->tlsext_servername_callback(s, &legacy_alert,
-            ssl_ctx->tlsext_servername_arg);
-
-        /*
-         * Ignore SSL_TLSEXT_ERR_ALERT_WARNING returns to match OpenSSL's
-         * behavior: the only warning alerts in TLSv1.3 are close_notify and
-         * user_canceled, neither of which should be returned by the callback.
-         */
-        if (ret == SSL_TLSEXT_ERR_ALERT_FATAL) {
-                if (legacy_alert >= 0 && legacy_alert <= 255)
-                        *alert = legacy_alert;
-                return 0;
-        }
-
-        return 1;
-}
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
deleted file mode 100644
index 331a3ad1a7..0000000000
--- a/src/lib/libssl/tls13_lib.c
+++ /dev/null
@@ -1,737 +0,0 @@
-/*      $OpenBSD: tls13_lib.c,v 1.77 2024/01/27 14:23:51 jsing Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stddef.h>
-
-#include <openssl/evp.h>
-
-#include "ssl_local.h"
-#include "ssl_tlsext.h"
-#include "tls13_internal.h"
-
-/*
- * RFC 8446, section 4.6.1. Servers must not indicate a lifetime longer than
- * 7 days and clients must not cache tickets for longer than 7 days.
- */
-
-#define TLS13_MAX_TICKET_LIFETIME       (7 * 24 * 3600)
-
-/*
- * Downgrade sentinels - RFC 8446 section 4.1.3, magic values which must be set
- * by the server in server random if it is willing to downgrade but supports
- * TLSv1.3
- */
-const uint8_t tls13_downgrade_12[8] = {
-        0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x01,
-};
-const uint8_t tls13_downgrade_11[8] = {
-        0x44, 0x4f, 0x57, 0x4e, 0x47, 0x52, 0x44, 0x00,
-};
-
-/*
- * HelloRetryRequest hash - RFC 8446 section 4.1.3.
- */
-const uint8_t tls13_hello_retry_request_hash[32] = {
-        0xcf, 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11,
-        0xbe, 0x1d, 0x8c, 0x02, 0x1e, 0x65, 0xb8, 0x91,
-        0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e,
-        0x07, 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c,
-};
-
-/*
- * Certificate Verify padding - RFC 8446 section 4.4.3.
- */
-const uint8_t tls13_cert_verify_pad[64] = {
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-        0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20,
-};
-
-const uint8_t tls13_cert_client_verify_context[] =
-    "TLS 1.3, client CertificateVerify";
-const uint8_t tls13_cert_server_verify_context[] =
-    "TLS 1.3, server CertificateVerify";
-
-const EVP_AEAD *
-tls13_cipher_aead(const SSL_CIPHER *cipher)
-{
-        if (cipher == NULL)
-                return NULL;
-        if (cipher->algorithm_ssl != SSL_TLSV1_3)
-                return NULL;
-
-        switch (cipher->algorithm_enc) {
-        case SSL_AES128GCM:
-                return EVP_aead_aes_128_gcm();
-        case SSL_AES256GCM:
-                return EVP_aead_aes_256_gcm();
-        case SSL_CHACHA20POLY1305:
-                return EVP_aead_chacha20_poly1305();
-        }
-
-        return NULL;
-}
-
-const EVP_MD *
-tls13_cipher_hash(const SSL_CIPHER *cipher)
-{
-        if (cipher == NULL)
-                return NULL;
-        if (cipher->algorithm_ssl != SSL_TLSV1_3)
-                return NULL;
-
-        switch (cipher->algorithm2) {
-        case SSL_HANDSHAKE_MAC_SHA256:
-                return EVP_sha256();
-        case SSL_HANDSHAKE_MAC_SHA384:
-                return EVP_sha384();
-        }
-
-        return NULL;
-}
-
-static void
-tls13_legacy_alert_cb(int sent, uint8_t alert_level, uint8_t alert_desc,
-    void *arg)
-{
-        uint8_t alert[] = {alert_level, alert_desc};
-        struct tls13_ctx *ctx = arg;
-        SSL *s = ctx->ssl;
-        CBS cbs;
-
-        if (s->msg_callback == NULL)
-                return;
-
-        CBS_init(&cbs, alert, sizeof(alert));
-        ssl_msg_callback_cbs(s, sent, SSL3_RT_ALERT, &cbs);
-}
-
-static void
-tls13_legacy_alert_recv_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
-{
-        tls13_legacy_alert_cb(0, alert_level, alert_desc, arg);
-}
-
-static void
-tls13_legacy_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
-{
-        tls13_legacy_alert_cb(1, alert_level, alert_desc, arg);
-}
-
-void
-tls13_alert_received_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-
-        if (ctx->alert_recv_cb != NULL)
-                ctx->alert_recv_cb(alert_level, alert_desc, arg);
-
-        if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
-                ctx->close_notify_recv = 1;
-                ctx->ssl->shutdown |= SSL_RECEIVED_SHUTDOWN;
-                ctx->ssl->s3->warn_alert = alert_desc;
-                return;
-        }
-
-        if (alert_desc == TLS13_ALERT_USER_CANCELED) {
-                /*
-                 * We treat this as advisory, since a close_notify alert
-                 * SHOULD follow this alert (RFC 8446 section 6.1).
-                 */
-                return;
-        }
-
-        /* All other alerts are treated as fatal in TLSv1.3. */
-        ctx->ssl->s3->fatal_alert = alert_desc;
-
-        SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
-        ERR_asprintf_error_data("SSL alert number %d", alert_desc);
-
-        SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session);
-}
-
-void
-tls13_alert_sent_cb(uint8_t alert_level, uint8_t alert_desc, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-
-        if (ctx->alert_sent_cb != NULL)
-                ctx->alert_sent_cb(alert_level, alert_desc, arg);
-
-        if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
-                ctx->close_notify_sent = 1;
-                return;
-        }
-
-        if (alert_desc == TLS13_ALERT_USER_CANCELED) {
-                return;
-        }
-
-        /* All other alerts are treated as fatal in TLSv1.3. */
-        if (ctx->error.code == 0)
-                SSLerror(ctx->ssl, SSL_AD_REASON_OFFSET + alert_desc);
-}
-
-static void
-tls13_legacy_handshake_message_recv_cb(void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *s = ctx->ssl;
-        CBS cbs;
-
-        if (s->msg_callback == NULL)
-                return;
-
-        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
-        ssl_msg_callback_cbs(s, 0, SSL3_RT_HANDSHAKE, &cbs);
-}
-
-static void
-tls13_legacy_handshake_message_sent_cb(void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *s = ctx->ssl;
-        CBS cbs;
-
-        if (s->msg_callback == NULL)
-                return;
-
-        tls13_handshake_msg_data(ctx->hs_msg, &cbs);
-        ssl_msg_callback_cbs(s, 1, SSL3_RT_HANDSHAKE, &cbs);
-}
-
-static void
-tls13_legacy_info_cb(void *arg, int state, int ret)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *s = ctx->ssl;
-
-        ssl_info_callback(s, state, ret);
-}
-
-static int
-tls13_legacy_ocsp_status_recv_cb(void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *s = ctx->ssl;
-        int ret;
-
-        if (s->ctx->tlsext_status_cb == NULL)
-                return 1;
-
-        ret = s->ctx->tlsext_status_cb(s,
-            s->ctx->tlsext_status_arg);
-        if (ret < 0) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                SSLerror(s, ERR_R_MALLOC_FAILURE);
-                return 0;
-        }
-        if (ret == 0) {
-                ctx->alert = TLS13_ALERT_BAD_CERTIFICATE_STATUS_RESPONSE;
-                SSLerror(s, SSL_R_INVALID_STATUS_RESPONSE);
-                return 0;
-        }
-
-        return 1;
-}
-
-static int
-tls13_phh_update_read_traffic_secret(struct tls13_ctx *ctx)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret *secret;
-
-        if (ctx->mode == TLS13_HS_CLIENT) {
-                secret = &secrets->server_application_traffic;
-                if (!tls13_update_server_traffic_secret(secrets))
-                        return 0;
-        } else {
-                secret = &secrets->client_application_traffic;
-                if (!tls13_update_client_traffic_secret(secrets))
-                        return 0;
-        }
-
-        return tls13_record_layer_set_read_traffic_key(ctx->rl,
-            secret, ssl_encryption_application);
-}
-
-static int
-tls13_phh_update_write_traffic_secret(struct tls13_ctx *ctx)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret *secret;
-
-        if (ctx->mode == TLS13_HS_CLIENT) {
-                secret = &secrets->client_application_traffic;
-                if (!tls13_update_client_traffic_secret(secrets))
-                        return 0;
-        } else {
-                secret = &secrets->server_application_traffic;
-                if (!tls13_update_server_traffic_secret(secrets))
-                        return 0;
-        }
-
-        return tls13_record_layer_set_write_traffic_key(ctx->rl,
-            secret, ssl_encryption_application);
-}
-
-/*
- * XXX arbitrarily chosen limit of 100 post handshake handshake
- * messages in an hour - to avoid a hostile peer from constantly
- * requesting certificates or key renegotiaitons, etc.
- */
-static int
-tls13_phh_limit_check(struct tls13_ctx *ctx)
-{
-        time_t now = time(NULL);
-
-        if (ctx->phh_last_seen > now - TLS13_PHH_LIMIT_TIME) {
-                if (ctx->phh_count > TLS13_PHH_LIMIT)
-                        return 0;
-        } else
-                ctx->phh_count = 0;
-        ctx->phh_count++;
-        ctx->phh_last_seen = now;
-        return 1;
-}
-
-static ssize_t
-tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        struct tls13_handshake_msg *hs_msg = NULL;
-        CBB cbb_hs;
-        CBS cbs_hs;
-        uint8_t alert = TLS13_ALERT_INTERNAL_ERROR;
-        uint8_t key_update_request;
-        ssize_t ret;
-
-        if (!CBS_get_u8(cbs, &key_update_request)) {
-                alert = TLS13_ALERT_DECODE_ERROR;
-                goto err;
-        }
-        if (CBS_len(cbs) != 0) {
-                alert = TLS13_ALERT_DECODE_ERROR;
-                goto err;
-        }
-        if (key_update_request > 1) {
-                alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        if (!tls13_phh_update_read_traffic_secret(ctx))
-                goto err;
-
-        if (key_update_request == 0)
-                return TLS13_IO_SUCCESS;
-
-        /* Our peer requested that we update our write traffic keys. */
-        if ((hs_msg = tls13_handshake_msg_new()) == NULL)
-                goto err;
-        if (!tls13_handshake_msg_start(hs_msg, &cbb_hs, TLS13_MT_KEY_UPDATE))
-                goto err;
-        if (!CBB_add_u8(&cbb_hs, 0))
-                goto err;
-        if (!tls13_handshake_msg_finish(hs_msg))
-                goto err;
-
-        ctx->key_update_request = 1;
-        tls13_handshake_msg_data(hs_msg, &cbs_hs);
-        ret = tls13_record_layer_phh(ctx->rl, &cbs_hs);
-
-        tls13_handshake_msg_free(hs_msg);
-        hs_msg = NULL;
-
-        return ret;
-
- err:
-        tls13_handshake_msg_free(hs_msg);
-
-        return tls13_send_alert(ctx->rl, alert);
-}
-
-/* RFC 8446 section 4.6.1 */
-static ssize_t
-tls13_new_session_ticket_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret nonce;
-        uint32_t ticket_lifetime, ticket_age_add;
-        CBS ticket_nonce, ticket;
-        SSL_SESSION *sess = NULL;
-        int alert, session_id_length;
-        ssize_t ret = 0;
-
-        memset(&nonce, 0, sizeof(nonce));
-
-        if (ctx->mode != TLS13_HS_CLIENT) {
-                alert = TLS13_ALERT_UNEXPECTED_MESSAGE;
-                goto err;
-        }
-
-        alert = TLS13_ALERT_DECODE_ERROR;
-
-        if (!CBS_get_u32(cbs, &ticket_lifetime))
-                goto err;
-        if (!CBS_get_u32(cbs, &ticket_age_add))
-                goto err;
-        if (!CBS_get_u8_length_prefixed(cbs, &ticket_nonce))
-                goto err;
-        if (!CBS_get_u16_length_prefixed(cbs, &ticket))
-                goto err;
-        /* Extensions can only contain early_data, which we currently ignore. */
-        if (!tlsext_client_parse(ctx->ssl, SSL_TLSEXT_MSG_NST, cbs, &alert))
-                goto err;
-
-        if (CBS_len(cbs) != 0)
-                goto err;
-
-        /* Zero indicates that the ticket should be discarded immediately. */
-        if (ticket_lifetime == 0) {
-                ret = TLS13_IO_SUCCESS;
-                goto done;
-        }
-
-        /* Servers MUST NOT use any value larger than 7 days. */
-        if (ticket_lifetime > TLS13_MAX_TICKET_LIFETIME) {
-                alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        alert = TLS13_ALERT_INTERNAL_ERROR;
-
-        /*
-         * Create new session instead of modifying the current session.
-         * The current session could already be in the session cache.
-         */
-        if ((sess = ssl_session_dup(ctx->ssl->session, 0)) == NULL)
-                goto err;
-
-        sess->time = time(NULL);
-
-        sess->tlsext_tick_lifetime_hint = ticket_lifetime;
-        sess->tlsext_tick_age_add = ticket_age_add;
-
-        if (!CBS_stow(&ticket, &sess->tlsext_tick, &sess->tlsext_ticklen))
-                goto err;
-
-        /* XXX - ensure this doesn't overflow session_id if hash is changed. */
-        if (!EVP_Digest(CBS_data(&ticket), CBS_len(&ticket),
-            sess->session_id, &session_id_length, EVP_sha256(), NULL))
-                goto err;
-        sess->session_id_length = session_id_length;
-
-        if (!CBS_stow(&ticket_nonce, &nonce.data, &nonce.len))
-                goto err;
-
-        if (!tls13_secret_init(&sess->resumption_master_secret, 256))
-                goto err;
-
-        if (!tls13_derive_secret(&sess->resumption_master_secret,
-            secrets->digest, &secrets->resumption_master, "resumption",
-            &nonce))
-                goto err;
-
-        SSL_SESSION_free(ctx->ssl->session);
-        ctx->ssl->session = sess;
-        sess = NULL;
-
-        ssl_update_cache(ctx->ssl, SSL_SESS_CACHE_CLIENT);
-
-        ret = TLS13_IO_SUCCESS;
-        goto done;
-
- err:
-        ret = tls13_send_alert(ctx->rl, alert);
-
- done:
-        tls13_secret_cleanup(&nonce);
-        SSL_SESSION_free(sess);
-
-        return ret;
-}
-
-ssize_t
-tls13_phh_received_cb(void *cb_arg)
-{
-        ssize_t ret = TLS13_IO_FAILURE;
-        struct tls13_ctx *ctx = cb_arg;
-        CBS cbs;
-
-        if (!tls13_phh_limit_check(ctx))
-                return tls13_send_alert(ctx->rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-
-        if ((ctx->hs_msg == NULL) &&
-            ((ctx->hs_msg = tls13_handshake_msg_new()) == NULL))
-                return TLS13_IO_FAILURE;
-
-        if ((ret = tls13_handshake_msg_recv(ctx->hs_msg, ctx->rl)) !=
-            TLS13_IO_SUCCESS)
-                return ret;
-
-        if (!tls13_handshake_msg_content(ctx->hs_msg, &cbs))
-                return TLS13_IO_FAILURE;
-
-        switch(tls13_handshake_msg_type(ctx->hs_msg)) {
-        case TLS13_MT_KEY_UPDATE:
-                ret = tls13_key_update_recv(ctx, &cbs);
-                break;
-        case TLS13_MT_NEW_SESSION_TICKET:
-                ret = tls13_new_session_ticket_recv(ctx, &cbs);
-                break;
-        case TLS13_MT_CERTIFICATE_REQUEST:
-                /* XXX add support if we choose to advertise this */
-                /* FALLTHROUGH */
-        default:
-                ret = TLS13_IO_FAILURE; /* XXX send alert */
-                break;
-        }
-
-        tls13_handshake_msg_free(ctx->hs_msg);
-        ctx->hs_msg = NULL;
-        return ret;
-}
-
-void
-tls13_phh_done_cb(void *cb_arg)
-{
-        struct tls13_ctx *ctx = cb_arg;
-
-        if (ctx->key_update_request) {
-                tls13_phh_update_write_traffic_secret(ctx);
-                ctx->key_update_request = 0;
-        }
-}
-
-static const struct tls13_record_layer_callbacks tls13_rl_callbacks = {
-        .wire_read = tls13_legacy_wire_read_cb,
-        .wire_write = tls13_legacy_wire_write_cb,
-        .wire_flush = tls13_legacy_wire_flush_cb,
-
-        .alert_recv = tls13_alert_received_cb,
-        .alert_sent = tls13_alert_sent_cb,
-        .phh_recv = tls13_phh_received_cb,
-        .phh_sent = tls13_phh_done_cb,
-};
-
-struct tls13_ctx *
-tls13_ctx_new(int mode, SSL *ssl)
-{
-        struct tls13_ctx *ctx = NULL;
-
-        if ((ctx = calloc(sizeof(struct tls13_ctx), 1)) == NULL)
-                goto err;
-
-        ctx->hs = &ssl->s3->hs;
-        ctx->mode = mode;
-        ctx->ssl = ssl;
-
-        if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
-                goto err;
-
-        ctx->alert_sent_cb = tls13_legacy_alert_sent_cb;
-        ctx->alert_recv_cb = tls13_legacy_alert_recv_cb;
-        ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
-        ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
-        ctx->info_cb = tls13_legacy_info_cb;
-        ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
-
-        ctx->middlebox_compat = 1;
-
-        ssl->tls13 = ctx;
-
-        if (SSL_is_quic(ssl)) {
-                if (!tls13_quic_init(ctx))
-                        goto err;
-        }
-
-        return ctx;
-
- err:
-        tls13_ctx_free(ctx);
-
-        return NULL;
-}
-
-void
-tls13_ctx_free(struct tls13_ctx *ctx)
-{
-        if (ctx == NULL)
-                return;
-
-        tls13_error_clear(&ctx->error);
-        tls13_record_layer_free(ctx->rl);
-        tls13_handshake_msg_free(ctx->hs_msg);
-
-        freezero(ctx, sizeof(struct tls13_ctx));
-}
-
-int
-tls13_cert_add(struct tls13_ctx *ctx, CBB *cbb, X509 *cert,
-    int (*build_extensions)(SSL *s, uint16_t msg_type, CBB *cbb))
-{
-        CBB cert_data, cert_exts;
-        uint8_t *data;
-        int cert_len;
-
-        if ((cert_len = i2d_X509(cert, NULL)) < 0)
-                return 0;
-
-        if (!CBB_add_u24_length_prefixed(cbb, &cert_data))
-                return 0;
-        if (!CBB_add_space(&cert_data, &data, cert_len))
-                return 0;
-        if (i2d_X509(cert, &data) != cert_len)
-                return 0;
-        if (build_extensions != NULL) {
-                if (!build_extensions(ctx->ssl, SSL_TLSEXT_MSG_CT, cbb))
-                        return 0;
-        } else {
-                if (!CBB_add_u16_length_prefixed(cbb, &cert_exts))
-                        return 0;
-        }
-        if (!CBB_flush(cbb))
-                return 0;
-
-        return 1;
-}
-
-int
-tls13_synthetic_handshake_message(struct tls13_ctx *ctx)
-{
-        struct tls13_handshake_msg *hm = NULL;
-        unsigned char buf[EVP_MAX_MD_SIZE];
-        size_t hash_len;
-        CBB cbb;
-        CBS cbs;
-        SSL *s = ctx->ssl;
-        int ret = 0;
-
-        /*
-         * Replace ClientHello with synthetic handshake message - see
-         * RFC 8446 section 4.4.1.
-         */
-        if (!tls1_transcript_hash_init(s))
-                goto err;
-        if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
-                goto err;
-
-        if ((hm = tls13_handshake_msg_new()) == NULL)
-                goto err;
-        if (!tls13_handshake_msg_start(hm, &cbb, TLS13_MT_MESSAGE_HASH))
-                goto err;
-        if (!CBB_add_bytes(&cbb, buf, hash_len))
-                goto err;
-        if (!tls13_handshake_msg_finish(hm))
-                goto err;
-
-        tls13_handshake_msg_data(hm, &cbs);
-
-        tls1_transcript_reset(ctx->ssl);
-        if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
-                goto err;
-
-        ret = 1;
-
- err:
-        tls13_handshake_msg_free(hm);
-
-        return ret;
-}
-
-int
-tls13_clienthello_hash_init(struct tls13_ctx *ctx)
-{
-        if (ctx->hs->tls13.clienthello_md_ctx != NULL)
-                return 0;
-        if ((ctx->hs->tls13.clienthello_md_ctx = EVP_MD_CTX_new()) == NULL)
-                return 0;
-        if (!EVP_DigestInit_ex(ctx->hs->tls13.clienthello_md_ctx,
-            EVP_sha256(), NULL))
-                return 0;
-
-        if ((ctx->hs->tls13.clienthello_hash == NULL) &&
-            (ctx->hs->tls13.clienthello_hash = calloc(1, EVP_MAX_MD_SIZE)) ==
-            NULL)
-                return 0;
-
-        return 1;
-}
-
-void
-tls13_clienthello_hash_clear(struct ssl_handshake_tls13_st *hs) /* XXX */
-{
-        EVP_MD_CTX_free(hs->clienthello_md_ctx);
-        hs->clienthello_md_ctx = NULL;
-        freezero(hs->clienthello_hash, EVP_MAX_MD_SIZE);
-        hs->clienthello_hash = NULL;
-}
-
-int
-tls13_clienthello_hash_update_bytes(struct tls13_ctx *ctx, void *data,
-    size_t len)
-{
-        return EVP_DigestUpdate(ctx->hs->tls13.clienthello_md_ctx, data, len);
-}
-
-int
-tls13_clienthello_hash_update(struct tls13_ctx *ctx, CBS *cbs)
-{
-        return tls13_clienthello_hash_update_bytes(ctx, (void *)CBS_data(cbs),
-            CBS_len(cbs));
-}
-
-int
-tls13_clienthello_hash_finalize(struct tls13_ctx *ctx)
-{
-        if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx,
-            ctx->hs->tls13.clienthello_hash,
-            &ctx->hs->tls13.clienthello_hash_len))
-                return 0;
-        EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx);
-        ctx->hs->tls13.clienthello_md_ctx = NULL;
-        return 1;
-}
-
-int
-tls13_clienthello_hash_validate(struct tls13_ctx *ctx)
-{
-        unsigned char new_ch_hash[EVP_MAX_MD_SIZE];
-        unsigned int new_ch_hash_len;
-
-        if (ctx->hs->tls13.clienthello_hash == NULL)
-                return 0;
-
-        if (!EVP_DigestFinal_ex(ctx->hs->tls13.clienthello_md_ctx,
-            new_ch_hash, &new_ch_hash_len))
-                return 0;
-        EVP_MD_CTX_free(ctx->hs->tls13.clienthello_md_ctx);
-        ctx->hs->tls13.clienthello_md_ctx = NULL;
-
-        if (ctx->hs->tls13.clienthello_hash_len != new_ch_hash_len)
-                return 0;
-        if (memcmp(ctx->hs->tls13.clienthello_hash, new_ch_hash,
-            new_ch_hash_len) != 0)
-                return 0;
-
-        return 1;
-}
diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c
deleted file mode 100644
index 656af6fe6b..0000000000
--- a/src/lib/libssl/tls13_quic.c
+++ /dev/null
@@ -1,191 +0,0 @@
-/*      $OpenBSD: tls13_quic.c,v 1.8 2024/09/09 03:55:55 tb Exp $ */
-/*
- * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "ssl_local.h"
-#include "tls13_internal.h"
-
-static ssize_t
-tls13_quic_wire_read_cb(void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-
-        SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
-        return TLS13_IO_FAILURE;
-}
-
-static ssize_t
-tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-
-        SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
-        return TLS13_IO_FAILURE;
-}
-
-static ssize_t
-tls13_quic_wire_flush_cb(void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-
-        if (!ssl->quic_method->flush_flight(ssl)) {
-                SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
-                return TLS13_IO_FAILURE;
-        }
-
-        return TLS13_IO_SUCCESS;
-}
-
-static ssize_t
-tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-
-        if (ctx->hs->tls13.quic_read_buffer == NULL)
-                return TLS13_IO_WANT_POLLIN;
-
-        return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n);
-}
-
-static ssize_t
-tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-
-        if (!ssl->quic_method->add_handshake_data(ssl,
-            ctx->hs->tls13.quic_write_level, buf, n)) {
-                SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
-                return TLS13_IO_FAILURE;
-        }
-
-        return n;
-}
-
-static int
-tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
-    enum ssl_encryption_level_t read_level, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-
-        ctx->hs->tls13.quic_read_level = read_level;
-
-        /* Handle both the new (BoringSSL) and old (quictls) APIs. */
-
-        if (ssl->quic_method->set_read_secret != NULL)
-                return ssl->quic_method->set_read_secret(ssl,
-                    ctx->hs->tls13.quic_read_level, ctx->hs->cipher,
-                    read_key->data, read_key->len);
-
-        if (ssl->quic_method->set_encryption_secrets != NULL)
-                return ssl->quic_method->set_encryption_secrets(ssl,
-                    ctx->hs->tls13.quic_read_level, read_key->data, NULL,
-                    read_key->len);
-
-        return 0;
-}
-
-static int
-tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
-    enum ssl_encryption_level_t write_level, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-
-        ctx->hs->tls13.quic_write_level = write_level;
-
-        /* Handle both the new (BoringSSL) and old (quictls) APIs. */
-
-        if (ssl->quic_method->set_write_secret != NULL)
-                return ssl->quic_method->set_write_secret(ssl,
-                    ctx->hs->tls13.quic_write_level, ctx->hs->cipher,
-                    write_key->data, write_key->len);
-
-        if (ssl->quic_method->set_encryption_secrets != NULL)
-                return ssl->quic_method->set_encryption_secrets(ssl,
-                    ctx->hs->tls13.quic_write_level, NULL, write_key->data,
-                    write_key->len);
-
-        return 0;
-}
-
-static int
-tls13_quic_alert_send_cb(int alert_desc, void *arg)
-{
-        struct tls13_ctx *ctx = arg;
-        SSL *ssl = ctx->ssl;
-        uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;
-        int ret = TLS13_IO_ALERT;
-
-        if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level,
-            alert_desc)) {
-                SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
-                return TLS13_IO_FAILURE;
-        }
-
-        if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY ||
-            alert_desc == TLS13_ALERT_USER_CANCELED) {
-                alert_level = TLS13_ALERT_LEVEL_WARNING;
-                ret = TLS13_IO_SUCCESS;
-        }
-
-        tls13_record_layer_alert_sent(ctx->rl, alert_level, alert_desc);
-
-        return ret;
-}
-
-static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
-        .wire_read = tls13_quic_wire_read_cb,
-        .wire_write = tls13_quic_wire_write_cb,
-        .wire_flush = tls13_quic_wire_flush_cb,
-
-        .handshake_read = tls13_quic_handshake_read_cb,
-        .handshake_write = tls13_quic_handshake_write_cb,
-        .set_read_traffic_key = tls13_quic_set_read_traffic_key,
-        .set_write_traffic_key = tls13_quic_set_write_traffic_key,
-        .alert_send = tls13_quic_alert_send_cb,
-
-        .alert_recv = tls13_alert_received_cb,
-        .alert_sent = tls13_alert_sent_cb,
-        .phh_recv = tls13_phh_received_cb,
-        .phh_sent = tls13_phh_done_cb,
-};
-
-int
-tls13_quic_init(struct tls13_ctx *ctx)
-{
-        BIO *bio;
-
-        tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
-
-        ctx->middlebox_compat = 0;
-
-        /*
-         * QUIC does not use BIOs, however we currently expect a BIO to exist
-         * for status handling.
-         */
-        if ((bio = BIO_new(BIO_s_null())) == NULL)
-                return 0;
-
-        SSL_set_bio(ctx->ssl, bio, bio);
-        bio = NULL;
-
-        return 1;
-}
diff --git a/src/lib/libssl/tls13_record.c b/src/lib/libssl/tls13_record.c
deleted file mode 100644
index dbc835c546..0000000000
--- a/src/lib/libssl/tls13_record.c
+++ /dev/null
@@ -1,186 +0,0 @@
-/* $OpenBSD: tls13_record.c,v 1.10 2022/07/22 19:33:53 jsing Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "tls13_internal.h"
-#include "tls13_record.h"
-
-struct tls13_record {
-        uint16_t version;
-        uint8_t content_type;
-        size_t rec_len;
-        uint8_t *data;
-        size_t data_len;
-        CBS cbs;
-
-        struct tls_buffer *buf;
-};
-
-struct tls13_record *
-tls13_record_new(void)
-{
-        struct tls13_record *rec = NULL;
-
-        if ((rec = calloc(1, sizeof(struct tls13_record))) == NULL)
-                goto err;
-        if ((rec->buf = tls_buffer_new(TLS13_RECORD_MAX_LEN)) == NULL)
-                goto err;
-
-        return rec;
-
- err:
-        tls13_record_free(rec);
-
-        return NULL;
-}
-
-void
-tls13_record_free(struct tls13_record *rec)
-{
-        if (rec == NULL)
-                return;
-
-        tls_buffer_free(rec->buf);
-
-        freezero(rec->data, rec->data_len);
-        freezero(rec, sizeof(struct tls13_record));
-}
-
-uint16_t
-tls13_record_version(struct tls13_record *rec)
-{
-        return rec->version;
-}
-
-uint8_t
-tls13_record_content_type(struct tls13_record *rec)
-{
-        return rec->content_type;
-}
-
-int
-tls13_record_header(struct tls13_record *rec, CBS *cbs)
-{
-        if (rec->data_len < TLS13_RECORD_HEADER_LEN)
-                return 0;
-
-        CBS_init(cbs, rec->data, TLS13_RECORD_HEADER_LEN);
-
-        return 1;
-}
-
-int
-tls13_record_content(struct tls13_record *rec, CBS *cbs)
-{
-        CBS content;
-
-        tls13_record_data(rec, &content);
-
-        if (!CBS_skip(&content, TLS13_RECORD_HEADER_LEN))
-                return 0;
-
-        CBS_dup(&content, cbs);
-
-        return 1;
-}
-
-void
-tls13_record_data(struct tls13_record *rec, CBS *cbs)
-{
-        CBS_init(cbs, rec->data, rec->data_len);
-}
-
-int
-tls13_record_set_data(struct tls13_record *rec, uint8_t *data, size_t data_len)
-{
-        if (data_len > TLS13_RECORD_MAX_LEN)
-                return 0;
-
-        freezero(rec->data, rec->data_len);
-        rec->data = data;
-        rec->data_len = data_len;
-        CBS_init(&rec->cbs, rec->data, rec->data_len);
-
-        return 1;
-}
-
-ssize_t
-tls13_record_recv(struct tls13_record *rec, tls_read_cb wire_read,
-    void *wire_arg)
-{
-        uint16_t rec_len, rec_version;
-        uint8_t content_type;
-        ssize_t ret;
-        CBS cbs;
-
-        if (rec->data != NULL)
-                return TLS13_IO_FAILURE;
-
-        if (rec->content_type == 0) {
-                if ((ret = tls_buffer_extend(rec->buf,
-                    TLS13_RECORD_HEADER_LEN, wire_read, wire_arg)) <= 0)
-                        return ret;
-
-                if (!tls_buffer_data(rec->buf, &cbs))
-                        return TLS13_IO_FAILURE;
-
-                if (!CBS_get_u8(&cbs, &content_type))
-                        return TLS13_IO_FAILURE;
-                if (!CBS_get_u16(&cbs, &rec_version))
-                        return TLS13_IO_FAILURE;
-                if (!CBS_get_u16(&cbs, &rec_len))
-                        return TLS13_IO_FAILURE;
-
-                if ((rec_version >> 8) != SSL3_VERSION_MAJOR)
-                        return TLS13_IO_RECORD_VERSION;
-                if (rec_len > TLS13_RECORD_MAX_CIPHERTEXT_LEN)
-                        return TLS13_IO_RECORD_OVERFLOW;
-
-                rec->content_type = content_type;
-                rec->version = rec_version;
-                rec->rec_len = rec_len;
-        }
-
-        if ((ret = tls_buffer_extend(rec->buf,
-            TLS13_RECORD_HEADER_LEN + rec->rec_len, wire_read, wire_arg)) <= 0)
-                return ret;
-
-        if (!tls_buffer_finish(rec->buf, &rec->data, &rec->data_len))
-                return TLS13_IO_FAILURE;
-
-        return rec->data_len;
-}
-
-ssize_t
-tls13_record_send(struct tls13_record *rec, tls_write_cb wire_write,
-    void *wire_arg)
-{
-        ssize_t ret;
-
-        if (rec->data == NULL)
-                return TLS13_IO_FAILURE;
-
-        while (CBS_len(&rec->cbs) > 0) {
-                if ((ret = wire_write(CBS_data(&rec->cbs),
-                    CBS_len(&rec->cbs), wire_arg)) <= 0)
-                        return ret;
-
-                if (!CBS_skip(&rec->cbs, ret))
-                        return TLS13_IO_FAILURE;
-        }
-
-        return rec->data_len;
-}
diff --git a/src/lib/libssl/tls13_record.h b/src/lib/libssl/tls13_record.h
deleted file mode 100644
index 18e4fa1aba..0000000000
--- a/src/lib/libssl/tls13_record.h
+++ /dev/null
@@ -1,66 +0,0 @@
-/* $OpenBSD: tls13_record.h,v 1.5 2021/10/23 13:12:14 jsing Exp $ */
-/*
- * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_TLS13_RECORD_H
-#define HEADER_TLS13_RECORD_H
-
-#include "bytestring.h"
-
-__BEGIN_HIDDEN_DECLS
-
-/*
- * TLSv1.3 Record Protocol - RFC 8446 section 5.
- *
- * The maximum plaintext is 2^14, however for inner plaintext an additional
- * byte is allowed for the content type. A maximum AEAD overhead of 255-bytes
- * is permitted, along with a 5-byte header, giving a maximum size of
- * 5 + 2^14 + 1 + 255 = 16,645-bytes.
- */
-#define TLS13_RECORD_HEADER_LEN                 5
-#define TLS13_RECORD_MAX_AEAD_OVERHEAD          255
-#define TLS13_RECORD_MAX_PLAINTEXT_LEN          16384
-#define TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN \
-        (TLS13_RECORD_MAX_PLAINTEXT_LEN + 1)
-#define TLS13_RECORD_MAX_CIPHERTEXT_LEN \
-        (TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN + TLS13_RECORD_MAX_AEAD_OVERHEAD)
-#define TLS13_RECORD_MAX_LEN \
-        (TLS13_RECORD_HEADER_LEN + TLS13_RECORD_MAX_CIPHERTEXT_LEN)
-
-/*
- * TLSv1.3 Per-Record Nonces and Sequence Numbers - RFC 8446 section 5.3.
- */
-#define TLS13_RECORD_SEQ_NUM_LEN 8
-
-struct tls13_record;
-
-struct tls13_record *tls13_record_new(void);
-void tls13_record_free(struct tls13_record *_rec);
-uint16_t tls13_record_version(struct tls13_record *_rec);
-uint8_t tls13_record_content_type(struct tls13_record *_rec);
-int tls13_record_header(struct tls13_record *_rec, CBS *_cbs);
-int tls13_record_content(struct tls13_record *_rec, CBS *_cbs);
-void tls13_record_data(struct tls13_record *_rec, CBS *_cbs);
-int tls13_record_set_data(struct tls13_record *_rec, uint8_t *_data,
-    size_t _data_len);
-ssize_t tls13_record_recv(struct tls13_record *_rec, tls_read_cb _wire_read,
-    void *_wire_arg);
-ssize_t tls13_record_send(struct tls13_record *_rec, tls_write_cb _wire_write,
-    void *_wire_arg);
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
deleted file mode 100644
index f5604adbeb..0000000000
--- a/src/lib/libssl/tls13_record_layer.c
+++ /dev/null
@@ -1,1229 +0,0 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.74 2024/09/09 03:32:29 tb Exp $ */
-/*
- * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "tls13_internal.h"
-#include "tls13_record.h"
-#include "tls_content.h"
-
-static ssize_t tls13_record_layer_write_chunk(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *buf, size_t n);
-static ssize_t tls13_record_layer_write_record(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len);
-
-struct tls13_record_protection {
-        EVP_AEAD_CTX *aead_ctx;
-        struct tls13_secret iv;
-        struct tls13_secret nonce;
-        uint8_t seq_num[TLS13_RECORD_SEQ_NUM_LEN];
-};
-
-struct tls13_record_protection *
-tls13_record_protection_new(void)
-{
-        return calloc(1, sizeof(struct tls13_record_protection));
-}
-
-void
-tls13_record_protection_clear(struct tls13_record_protection *rp)
-{
-        EVP_AEAD_CTX_free(rp->aead_ctx);
-
-        tls13_secret_cleanup(&rp->iv);
-        tls13_secret_cleanup(&rp->nonce);
-
-        memset(rp, 0, sizeof(*rp));
-}
-
-void
-tls13_record_protection_free(struct tls13_record_protection *rp)
-{
-        if (rp == NULL)
-                return;
-
-        tls13_record_protection_clear(rp);
-
-        freezero(rp, sizeof(struct tls13_record_protection));
-}
-
-struct tls13_record_layer {
-        uint16_t legacy_version;
-
-        int ccs_allowed;
-        int ccs_seen;
-        int ccs_sent;
-        int handshake_completed;
-        int legacy_alerts_allowed;
-        int phh;
-        int phh_retry;
-
-        /*
-         * Read and/or write channels are closed due to an alert being
-         * sent or received. In the case of an error alert both channels
-         * are closed, whereas in the case of a close notify only one
-         * channel is closed.
-         */
-        int read_closed;
-        int write_closed;
-
-        struct tls13_record *rrec;
-
-        struct tls13_record *wrec;
-        uint8_t wrec_content_type;
-        size_t wrec_appdata_len;
-        size_t wrec_content_len;
-
-        /* Alert to be sent on return from current read handler. */
-        uint8_t alert;
-
-        /* Pending alert messages. */
-        uint8_t *alert_data;
-        size_t alert_len;
-        uint8_t alert_level;
-        uint8_t alert_desc;
-
-        /* Pending post-handshake handshake messages (RFC 8446, section 4.6). */
-        CBS phh_cbs;
-        uint8_t *phh_data;
-        size_t phh_len;
-
-        /* Content from opened records. */
-        struct tls_content *rcontent;
-
-        /* Record protection. */
-        const EVP_MD *hash;
-        const EVP_AEAD *aead;
-        struct tls13_record_protection *read;
-        struct tls13_record_protection *write;
-
-        /* Callbacks. */
-        struct tls13_record_layer_callbacks cb;
-        void *cb_arg;
-};
-
-static void
-tls13_record_layer_rrec_free(struct tls13_record_layer *rl)
-{
-        tls13_record_free(rl->rrec);
-        rl->rrec = NULL;
-}
-
-static void
-tls13_record_layer_wrec_free(struct tls13_record_layer *rl)
-{
-        tls13_record_free(rl->wrec);
-        rl->wrec = NULL;
-}
-
-struct tls13_record_layer *
-tls13_record_layer_new(const struct tls13_record_layer_callbacks *callbacks,
-    void *cb_arg)
-{
-        struct tls13_record_layer *rl;
-
-        if ((rl = calloc(1, sizeof(struct tls13_record_layer))) == NULL)
-                goto err;
-
-        if ((rl->rcontent = tls_content_new()) == NULL)
-                goto err;
-
-        if ((rl->read = tls13_record_protection_new()) == NULL)
-                goto err;
-        if ((rl->write = tls13_record_protection_new()) == NULL)
-                goto err;
-
-        rl->legacy_version = TLS1_2_VERSION;
-
-        tls13_record_layer_set_callbacks(rl, callbacks, cb_arg);
-
-        return rl;
-
- err:
-        tls13_record_layer_free(rl);
-
-        return NULL;
-}
-
-void
-tls13_record_layer_free(struct tls13_record_layer *rl)
-{
-        if (rl == NULL)
-                return;
-
-        tls13_record_layer_rrec_free(rl);
-        tls13_record_layer_wrec_free(rl);
-
-        freezero(rl->alert_data, rl->alert_len);
-        freezero(rl->phh_data, rl->phh_len);
-
-        tls_content_free(rl->rcontent);
-
-        tls13_record_protection_free(rl->read);
-        tls13_record_protection_free(rl->write);
-
-        freezero(rl, sizeof(struct tls13_record_layer));
-}
-
-void
-tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
-    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg)
-{
-        rl->cb = *callbacks;
-        rl->cb_arg = cb_arg;
-}
-
-void
-tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs)
-{
-        CBS_dup(tls_content_cbs(rl->rcontent), cbs);
-}
-
-static const uint8_t tls13_max_seq_num[TLS13_RECORD_SEQ_NUM_LEN] = {
-        0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
-};
-
-int
-tls13_record_layer_inc_seq_num(uint8_t *seq_num)
-{
-        int i;
-
-        /* RFC 8446 section 5.3 - sequence numbers must not wrap. */
-        if (memcmp(seq_num, tls13_max_seq_num, TLS13_RECORD_SEQ_NUM_LEN) == 0)
-                return 0;
-
-        for (i = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--) {
-                if (++seq_num[i] != 0)
-                        break;
-        }
-
-        return 1;
-}
-
-static int
-tls13_record_layer_update_nonce(struct tls13_secret *nonce,
-    struct tls13_secret *iv, uint8_t *seq_num)
-{
-        ssize_t i, j;
-
-        if (nonce->len != iv->len)
-                return 0;
-
-        /*
-         * RFC 8446 section 5.3 - sequence number is zero padded and XOR'd
-         * with the IV to produce a per-record nonce. The IV will also be
-         * at least 8-bytes in length.
-         */
-        for (i = nonce->len - 1, j = TLS13_RECORD_SEQ_NUM_LEN - 1; i >= 0; i--, j--)
-                nonce->data[i] = iv->data[i] ^ (j >= 0 ? seq_num[j] : 0);
-
-        return 1;
-}
-
-void
-tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow)
-{
-        rl->ccs_allowed = allow;
-}
-
-void
-tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow)
-{
-        rl->legacy_alerts_allowed = allow;
-}
-
-void
-tls13_record_layer_set_aead(struct tls13_record_layer *rl,
-    const EVP_AEAD *aead)
-{
-        rl->aead = aead;
-}
-
-void
-tls13_record_layer_set_hash(struct tls13_record_layer *rl,
-    const EVP_MD *hash)
-{
-        rl->hash = hash;
-}
-
-void
-tls13_record_layer_set_legacy_version(struct tls13_record_layer *rl,
-    uint16_t version)
-{
-        rl->legacy_version = version;
-}
-
-void
-tls13_record_layer_handshake_completed(struct tls13_record_layer *rl)
-{
-        rl->handshake_completed = 1;
-}
-
-void
-tls13_record_layer_set_retry_after_phh(struct tls13_record_layer *rl, int retry)
-{
-        rl->phh_retry = retry;
-}
-
-static ssize_t
-tls13_record_layer_process_alert(struct tls13_record_layer *rl)
-{
-        uint8_t alert_level, alert_desc;
-        ssize_t ret = TLS13_IO_FAILURE;
-
-        /*
-         * RFC 8446 - sections 5.1 and 6.
-         *
-         * A TLSv1.3 alert record can only contain a single alert - this means
-         * that processing the alert must consume all of the record. The alert
-         * will result in one of three things - continuation (user_cancelled),
-         * read channel closure (close_notify) or termination (all others).
-         */
-        if (tls_content_type(rl->rcontent) != SSL3_RT_ALERT)
-                return TLS13_IO_FAILURE;
-
-        if (!CBS_get_u8(tls_content_cbs(rl->rcontent), &alert_level))
-                return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
-        if (!CBS_get_u8(tls_content_cbs(rl->rcontent), &alert_desc))
-                return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
-
-        if (tls_content_remaining(rl->rcontent) != 0)
-                return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
-
-        tls_content_clear(rl->rcontent);
-
-        /*
-         * Alert level is ignored for closure alerts (RFC 8446 section 6.1),
-         * however for error alerts (RFC 8446 section 6.2), the alert level
-         * must be specified as fatal.
-         */
-        if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
-                rl->read_closed = 1;
-                ret = TLS13_IO_EOF;
-        } else if (alert_desc == TLS13_ALERT_USER_CANCELED) {
-                /* Ignored at the record layer. */
-                ret = TLS13_IO_WANT_RETRY;
-        } else if (alert_level == TLS13_ALERT_LEVEL_FATAL) {
-                rl->read_closed = 1;
-                rl->write_closed = 1;
-                ret = TLS13_IO_ALERT;
-        } else if (rl->legacy_alerts_allowed &&
-            alert_level == TLS13_ALERT_LEVEL_WARNING) {
-                /* Ignored and not passed to the callback. */
-                return TLS13_IO_WANT_RETRY;
-        } else {
-                return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);
-        }
-
-        rl->cb.alert_recv(alert_level, alert_desc, rl->cb_arg);
-
-        return ret;
-}
-
-void
-tls13_record_layer_alert_sent(struct tls13_record_layer *rl,
-    uint8_t alert_level, uint8_t alert_desc)
-{
-        rl->cb.alert_sent(alert_level, alert_desc, rl->cb_arg);
-}
-
-static ssize_t
-tls13_record_layer_send_alert(struct tls13_record_layer *rl)
-{
-        ssize_t ret;
-
-        /* This has to fit into a single record, per RFC 8446 section 5.1. */
-        if ((ret = tls13_record_layer_write_record(rl, SSL3_RT_ALERT,
-            rl->alert_data, rl->alert_len)) != rl->alert_len) {
-                if (ret == TLS13_IO_EOF)
-                        ret = TLS13_IO_ALERT;
-                return ret;
-        }
-
-        freezero(rl->alert_data, rl->alert_len);
-        rl->alert_data = NULL;
-        rl->alert_len = 0;
-
-        if (rl->alert_desc == TLS13_ALERT_CLOSE_NOTIFY) {
-                rl->write_closed = 1;
-                ret = TLS13_IO_SUCCESS;
-        } else if (rl->alert_desc == TLS13_ALERT_USER_CANCELED) {
-                /* Ignored at the record layer. */
-                ret = TLS13_IO_SUCCESS;
-        } else {
-                rl->read_closed = 1;
-                rl->write_closed = 1;
-                ret = TLS13_IO_ALERT;
-        }
-
-        tls13_record_layer_alert_sent(rl, rl->alert_level, rl->alert_desc);
-
-        return ret;
-}
-
-static ssize_t
-tls13_record_layer_send_phh(struct tls13_record_layer *rl)
-{
-        ssize_t ret;
-
-        /* Push out pending post-handshake handshake messages. */
-        if ((ret = tls13_record_layer_write_chunk(rl, SSL3_RT_HANDSHAKE,
-            CBS_data(&rl->phh_cbs), CBS_len(&rl->phh_cbs))) <= 0)
-                return ret;
-        if (!CBS_skip(&rl->phh_cbs, ret))
-                return TLS13_IO_FAILURE;
-        if (CBS_len(&rl->phh_cbs) != 0)
-                return TLS13_IO_WANT_RETRY;
-
-        freezero(rl->phh_data, rl->phh_len);
-        rl->phh_data = NULL;
-        rl->phh_len = 0;
-
-        CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len);
-
-        rl->cb.phh_sent(rl->cb_arg);
-
-        return TLS13_IO_SUCCESS;
-}
-
-ssize_t
-tls13_record_layer_send_pending(struct tls13_record_layer *rl)
-{
-        /*
-         * If an alert is pending, then it needs to be sent. However,
-         * if we're already part of the way through sending post-handshake
-         * handshake messages, then we need to finish that first...
-         */
-
-        if (rl->phh_data != NULL && CBS_len(&rl->phh_cbs) != rl->phh_len)
-                return tls13_record_layer_send_phh(rl);
-
-        if (rl->alert_data != NULL)
-                return tls13_record_layer_send_alert(rl);
-
-        if (rl->phh_data != NULL)
-                return tls13_record_layer_send_phh(rl);
-
-        return TLS13_IO_SUCCESS;
-}
-
-static ssize_t
-tls13_record_layer_enqueue_alert(struct tls13_record_layer *rl,
-    uint8_t alert_level, uint8_t alert_desc)
-{
-        CBB cbb;
-
-        if (rl->alert_data != NULL)
-                return TLS13_IO_FAILURE;
-
-        if (!CBB_init(&cbb, 0))
-                goto err;
-
-        if (!CBB_add_u8(&cbb, alert_level))
-                goto err;
-        if (!CBB_add_u8(&cbb, alert_desc))
-                goto err;
-        if (!CBB_finish(&cbb, &rl->alert_data, &rl->alert_len))
-                goto err;
-
-        rl->alert_level = alert_level;
-        rl->alert_desc = alert_desc;
-
-        return tls13_record_layer_send_pending(rl);
-
- err:
-        CBB_cleanup(&cbb);
-
-        return TLS13_IO_FAILURE;
-}
-
-ssize_t
-tls13_record_layer_phh(struct tls13_record_layer *rl, CBS *cbs)
-{
-        if (rl->phh_data != NULL)
-                return TLS13_IO_FAILURE;
-
-        if (!CBS_stow(cbs, &rl->phh_data, &rl->phh_len))
-                return TLS13_IO_FAILURE;
-
-        CBS_init(&rl->phh_cbs, rl->phh_data, rl->phh_len);
-
-        return tls13_record_layer_send_pending(rl);
-}
-
-static int
-tls13_record_layer_set_traffic_key(const EVP_AEAD *aead, const EVP_MD *hash,
-    struct tls13_record_protection *rp, struct tls13_secret *traffic_key)
-{
-        struct tls13_secret context = { .data = "", .len = 0 };
-        struct tls13_secret key = { .data = NULL, .len = 0 };
-        int ret = 0;
-
-        tls13_record_protection_clear(rp);
-
-        if ((rp->aead_ctx = EVP_AEAD_CTX_new()) == NULL)
-                return 0;
-
-        if (!tls13_secret_init(&rp->iv, EVP_AEAD_nonce_length(aead)))
-                goto err;
-        if (!tls13_secret_init(&rp->nonce, EVP_AEAD_nonce_length(aead)))
-                goto err;
-        if (!tls13_secret_init(&key, EVP_AEAD_key_length(aead)))
-                goto err;
-
-        if (!tls13_hkdf_expand_label(&rp->iv, hash, traffic_key, "iv", &context))
-                goto err;
-        if (!tls13_hkdf_expand_label(&key, hash, traffic_key, "key", &context))
-                goto err;
-
-        if (!EVP_AEAD_CTX_init(rp->aead_ctx, aead, key.data, key.len,
-            EVP_AEAD_DEFAULT_TAG_LENGTH, NULL))
-                goto err;
-
-        ret = 1;
-
- err:
-        tls13_secret_cleanup(&key);
-
-        return ret;
-}
-
-int
-tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *read_key, enum ssl_encryption_level_t read_level)
-{
-        if (rl->cb.set_read_traffic_key != NULL)
-                return rl->cb.set_read_traffic_key(read_key, read_level,
-                    rl->cb_arg);
-
-        return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
-            rl->read, read_key);
-}
-
-int
-tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
-    struct tls13_secret *write_key, enum ssl_encryption_level_t write_level)
-{
-        if (rl->cb.set_write_traffic_key != NULL)
-                return rl->cb.set_write_traffic_key(write_key, write_level,
-                    rl->cb_arg);
-
-        return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
-            rl->write, write_key);
-}
-
-static int
-tls13_record_layer_open_record_plaintext(struct tls13_record_layer *rl)
-{
-        CBS cbs;
-
-        if (rl->aead != NULL)
-                return 0;
-
-        /*
-         * We're still operating in plaintext mode, so just copy the
-         * content from the record to the plaintext buffer.
-         */
-        if (!tls13_record_content(rl->rrec, &cbs))
-                return 0;
-
-        if (CBS_len(&cbs) > TLS13_RECORD_MAX_PLAINTEXT_LEN) {
-                rl->alert = TLS13_ALERT_RECORD_OVERFLOW;
-                return 0;
-        }
-
-        if (!tls_content_dup_data(rl->rcontent,
-            tls13_record_content_type(rl->rrec), CBS_data(&cbs), CBS_len(&cbs)))
-                return 0;
-
-        return 1;
-}
-
-static int
-tls13_record_layer_open_record_protected(struct tls13_record_layer *rl)
-{
-        CBS header, enc_record, inner;
-        uint8_t *content = NULL;
-        size_t content_len = 0;
-        uint8_t content_type;
-        size_t out_len;
-
-        if (rl->aead == NULL)
-                goto err;
-
-        if (!tls13_record_header(rl->rrec, &header))
-                goto err;
-        if (!tls13_record_content(rl->rrec, &enc_record))
-                goto err;
-
-        /* XXX - minus tag len? */
-        if ((content = calloc(1, CBS_len(&enc_record))) == NULL)
-                goto err;
-        content_len = CBS_len(&enc_record);
-
-        if (!tls13_record_layer_update_nonce(&rl->read->nonce, &rl->read->iv,
-            rl->read->seq_num))
-                goto err;
-
-        if (!EVP_AEAD_CTX_open(rl->read->aead_ctx,
-            content, &out_len, content_len,
-            rl->read->nonce.data, rl->read->nonce.len,
-            CBS_data(&enc_record), CBS_len(&enc_record),
-            CBS_data(&header), CBS_len(&header)))
-                goto err;
-
-        if (out_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN) {
-                rl->alert = TLS13_ALERT_RECORD_OVERFLOW;
-                goto err;
-        }
-
-        if (!tls13_record_layer_inc_seq_num(rl->read->seq_num))
-                goto err;
-
-        /*
-         * The real content type is hidden at the end of the record content and
-         * it may be followed by padding that consists of one or more zeroes.
-         * Time to hunt for that elusive content type!
-         */
-        CBS_init(&inner, content, out_len);
-        content_type = 0;
-        while (CBS_get_last_u8(&inner, &content_type)) {
-                if (content_type != 0)
-                        break;
-        }
-        if (content_type == 0) {
-                /* Unexpected message per RFC 8446 section 5.4. */
-                rl->alert = TLS13_ALERT_UNEXPECTED_MESSAGE;
-                goto err;
-        }
-        if (CBS_len(&inner) > TLS13_RECORD_MAX_PLAINTEXT_LEN) {
-                rl->alert = TLS13_ALERT_RECORD_OVERFLOW;
-                goto err;
-        }
-
-        tls_content_set_data(rl->rcontent, content_type, CBS_data(&inner),
-            CBS_len(&inner));
-
-        return 1;
-
- err:
-        freezero(content, content_len);
-
-        return 0;
-}
-
-static int
-tls13_record_layer_open_record(struct tls13_record_layer *rl)
-{
-        if (rl->handshake_completed && rl->aead == NULL)
-                return 0;
-
-        if (rl->aead == NULL)
-                return tls13_record_layer_open_record_plaintext(rl);
-
-        return tls13_record_layer_open_record_protected(rl);
-}
-
-static int
-tls13_record_layer_seal_record_plaintext(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len)
-{
-        uint8_t *data = NULL;
-        size_t data_len = 0;
-        CBB cbb, body;
-
-        /*
-         * Allow dummy CCS messages to be sent in plaintext even when
-         * record protection has been engaged, as long as the handshake
-         * has not yet completed.
-         */
-        if (rl->handshake_completed)
-                return 0;
-        if (rl->aead != NULL && content_type != SSL3_RT_CHANGE_CIPHER_SPEC)
-                return 0;
-
-        /*
-         * We're still operating in plaintext mode, so just copy the
-         * content into the record.
-         */
-        if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + content_len))
-                goto err;
-
-        if (!CBB_add_u8(&cbb, content_type))
-                goto err;
-        if (!CBB_add_u16(&cbb, rl->legacy_version))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(&cbb, &body))
-                goto err;
-        if (!CBB_add_bytes(&body, content, content_len))
-                goto err;
-
-        if (!CBB_finish(&cbb, &data, &data_len))
-                goto err;
-
-        if (!tls13_record_set_data(rl->wrec, data, data_len))
-                goto err;
-
-        rl->wrec_content_len = content_len;
-        rl->wrec_content_type = content_type;
-
-        return 1;
-
- err:
-        CBB_cleanup(&cbb);
-        freezero(data, data_len);
-
-        return 0;
-}
-
-static int
-tls13_record_layer_seal_record_protected(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len)
-{
-        uint8_t *data = NULL, *header = NULL, *inner = NULL;
-        size_t data_len = 0, header_len = 0, inner_len = 0;
-        uint8_t *enc_record;
-        size_t enc_record_len;
-        ssize_t ret = 0;
-        size_t out_len;
-        CBB cbb;
-
-        if (rl->aead == NULL)
-                return 0;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        /* Build inner plaintext. */
-        if (!CBB_init(&cbb, content_len + 1))
-                goto err;
-        if (!CBB_add_bytes(&cbb, content, content_len))
-                goto err;
-        if (!CBB_add_u8(&cbb, content_type))
-                goto err;
-        /* XXX - padding? */
-        if (!CBB_finish(&cbb, &inner, &inner_len))
-                goto err;
-
-        if (inner_len > TLS13_RECORD_MAX_INNER_PLAINTEXT_LEN)
-                goto err;
-
-        /* XXX EVP_AEAD_max_tag_len vs EVP_AEAD_CTX_tag_len. */
-        enc_record_len = inner_len + EVP_AEAD_max_tag_len(rl->aead);
-        if (enc_record_len > TLS13_RECORD_MAX_CIPHERTEXT_LEN)
-                goto err;
-
-        /* Build the record header. */
-        if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN))
-                goto err;
-        if (!CBB_add_u8(&cbb, SSL3_RT_APPLICATION_DATA))
-                goto err;
-        if (!CBB_add_u16(&cbb, TLS1_2_VERSION))
-                goto err;
-        if (!CBB_add_u16(&cbb, enc_record_len))
-                goto err;
-        if (!CBB_finish(&cbb, &header, &header_len))
-                goto err;
-
-        /* Build the actual record. */
-        if (!CBB_init(&cbb, TLS13_RECORD_HEADER_LEN + enc_record_len))
-                goto err;
-        if (!CBB_add_bytes(&cbb, header, header_len))
-                goto err;
-        if (!CBB_add_space(&cbb, &enc_record, enc_record_len))
-                goto err;
-        if (!CBB_finish(&cbb, &data, &data_len))
-                goto err;
-
-        if (!tls13_record_layer_update_nonce(&rl->write->nonce,
-            &rl->write->iv, rl->write->seq_num))
-                goto err;
-
-        /*
-         * XXX - consider a EVP_AEAD_CTX_seal_iov() that takes an iovec...
-         * this would avoid a copy since the inner would be passed as two
-         * separate pieces.
-         */
-        if (!EVP_AEAD_CTX_seal(rl->write->aead_ctx,
-            enc_record, &out_len, enc_record_len,
-            rl->write->nonce.data, rl->write->nonce.len,
-            inner, inner_len, header, header_len))
-                goto err;
-
-        if (out_len != enc_record_len)
-                goto err;
-
-        if (!tls13_record_layer_inc_seq_num(rl->write->seq_num))
-                goto err;
-
-        if (!tls13_record_set_data(rl->wrec, data, data_len))
-                goto err;
-
-        rl->wrec_content_len = content_len;
-        rl->wrec_content_type = content_type;
-
-        data = NULL;
-        data_len = 0;
-
-        ret = 1;
-
- err:
-        CBB_cleanup(&cbb);
-
-        freezero(data, data_len);
-        freezero(header, header_len);
-        freezero(inner, inner_len);
-
-        return ret;
-}
-
-static int
-tls13_record_layer_seal_record(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len)
-{
-        if (rl->handshake_completed && rl->aead == NULL)
-                return 0;
-
-        tls13_record_layer_wrec_free(rl);
-
-        if ((rl->wrec = tls13_record_new()) == NULL)
-                return 0;
-
-        if (rl->aead == NULL || content_type == SSL3_RT_CHANGE_CIPHER_SPEC)
-                return tls13_record_layer_seal_record_plaintext(rl,
-                    content_type, content, content_len);
-
-        return tls13_record_layer_seal_record_protected(rl, content_type,
-            content, content_len);
-}
-
-static ssize_t
-tls13_record_layer_read_record(struct tls13_record_layer *rl)
-{
-        uint8_t content_type, ccs;
-        ssize_t ret;
-        CBS cbs;
-
-        if (rl->rrec == NULL) {
-                if ((rl->rrec = tls13_record_new()) == NULL)
-                        goto err;
-        }
-
-        if ((ret = tls13_record_recv(rl->rrec, rl->cb.wire_read, rl->cb_arg)) <= 0) {
-                switch (ret) {
-                case TLS13_IO_RECORD_VERSION:
-                        return tls13_send_alert(rl, TLS13_ALERT_PROTOCOL_VERSION);
-                case TLS13_IO_RECORD_OVERFLOW:
-                        return tls13_send_alert(rl, TLS13_ALERT_RECORD_OVERFLOW);
-                }
-                return ret;
-        }
-
-        content_type = tls13_record_content_type(rl->rrec);
-
-        /*
-         * In response to a client hello we may receive an alert in a
-         * record with a legacy version. Otherwise enforce that the
-         * legacy record version is 0x0303 per RFC 8446, section 5.1.
-         */
-        if (rl->legacy_version == TLS1_2_VERSION &&
-            tls13_record_version(rl->rrec) != TLS1_2_VERSION &&
-            (content_type != SSL3_RT_ALERT || !rl->legacy_alerts_allowed))
-                return tls13_send_alert(rl, TLS13_ALERT_PROTOCOL_VERSION);
-
-        /*
-         * Bag of hacks ahead... after the first ClientHello message has been
-         * sent or received and before the peer's Finished message has been
-         * received, we may receive an unencrypted ChangeCipherSpec record
-         * (see RFC 8446 section 5 and appendix D.4). This record must be
-         * ignored.
-         */
-        if (content_type == SSL3_RT_CHANGE_CIPHER_SPEC) {
-                if (!rl->ccs_allowed || rl->ccs_seen >= 2)
-                        return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-                if (!tls13_record_content(rl->rrec, &cbs))
-                        return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
-                if (!CBS_get_u8(&cbs, &ccs))
-                        return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
-                if (ccs != 1)
-                        return tls13_send_alert(rl, TLS13_ALERT_ILLEGAL_PARAMETER);
-                if (CBS_len(&cbs) != 0)
-                        return tls13_send_alert(rl, TLS13_ALERT_DECODE_ERROR);
-                rl->ccs_seen++;
-                tls13_record_layer_rrec_free(rl);
-                return TLS13_IO_WANT_RETRY;
-        }
-
-        /*
-         * Once record protection is engaged, we should only receive
-         * protected application data messages (aside from the
-         * dummy ChangeCipherSpec messages, handled above).
-         */
-        if (rl->aead != NULL && content_type != SSL3_RT_APPLICATION_DATA)
-                return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-
-        if (!tls13_record_layer_open_record(rl))
-                goto err;
-
-        tls13_record_layer_rrec_free(rl);
-
-        /*
-         * On receiving a handshake or alert record with empty inner plaintext,
-         * we must terminate the connection with an unexpected_message alert.
-         * See RFC 8446 section 5.4.
-         */
-        if (tls_content_remaining(rl->rcontent) == 0 &&
-            (tls_content_type(rl->rcontent) == SSL3_RT_ALERT ||
-             tls_content_type(rl->rcontent) == SSL3_RT_HANDSHAKE))
-                return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-
-        switch (tls_content_type(rl->rcontent)) {
-        case SSL3_RT_ALERT:
-                return tls13_record_layer_process_alert(rl);
-
-        case SSL3_RT_HANDSHAKE:
-                break;
-
-        case SSL3_RT_APPLICATION_DATA:
-                if (!rl->handshake_completed)
-                        return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-                break;
-
-        default:
-                return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-        }
-
-        return TLS13_IO_SUCCESS;
-
- err:
-        return TLS13_IO_FAILURE;
-}
-
-static ssize_t
-tls13_record_layer_pending(struct tls13_record_layer *rl, uint8_t content_type)
-{
-        if (tls_content_type(rl->rcontent) != content_type)
-                return 0;
-
-        return tls_content_remaining(rl->rcontent);
-}
-
-static ssize_t
-tls13_record_layer_recv_phh(struct tls13_record_layer *rl)
-{
-        ssize_t ret = TLS13_IO_FAILURE;
-
-        rl->phh = 1;
-
-        /*
-         * The post handshake handshake receive callback is allowed to return:
-         *
-         * TLS13_IO_WANT_POLLIN  need more handshake data.
-         * TLS13_IO_WANT_POLLOUT got whole handshake message, response enqueued.
-         * TLS13_IO_SUCCESS      got the whole handshake, nothing more to do.
-         * TLS13_IO_FAILURE      something broke.
-         */
-        if (rl->cb.phh_recv != NULL)
-                ret = rl->cb.phh_recv(rl->cb_arg);
-
-        tls_content_clear(rl->rcontent);
-
-        /* Leave post handshake handshake mode unless we need more data. */
-        if (ret != TLS13_IO_WANT_POLLIN)
-                rl->phh = 0;
-
-        if (ret == TLS13_IO_SUCCESS) {
-                if (rl->phh_retry)
-                        return TLS13_IO_WANT_RETRY;
-
-                return TLS13_IO_WANT_POLLIN;
-        }
-
-        return ret;
-}
-
-static ssize_t
-tls13_record_layer_read_internal(struct tls13_record_layer *rl,
-    uint8_t content_type, uint8_t *buf, size_t n, int peek)
-{
-        ssize_t ret;
-
-        if ((ret = tls13_record_layer_send_pending(rl)) != TLS13_IO_SUCCESS)
-                return ret;
-
-        if (rl->read_closed)
-                return TLS13_IO_EOF;
-
-        /* If necessary, pull up the next record. */
-        if (tls_content_remaining(rl->rcontent) == 0) {
-                if ((ret = tls13_record_layer_read_record(rl)) <= 0)
-                        return ret;
-
-                /*
-                 * We may have read a valid 0-byte application data record,
-                 * in which case we need to read the next record.
-                 */
-                if (tls_content_remaining(rl->rcontent) == 0)
-                        return TLS13_IO_WANT_POLLIN;
-        }
-
-        /*
-         * If we are in post handshake handshake mode, we must not see
-         * any record type that isn't a handshake until we are done.
-         */
-        if (rl->phh && tls_content_type(rl->rcontent) != SSL3_RT_HANDSHAKE)
-                return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-
-        /*
-         * Handshake content can appear as post-handshake messages (yup,
-         * the RFC reused the same content type...), which means we can
-         * be trying to read application data and need to handle a
-         * post-handshake handshake message instead...
-         */
-        if (tls_content_type(rl->rcontent) != content_type) {
-                if (tls_content_type(rl->rcontent) == SSL3_RT_HANDSHAKE) {
-                        if (rl->handshake_completed)
-                                return tls13_record_layer_recv_phh(rl);
-                }
-                return tls13_send_alert(rl, TLS13_ALERT_UNEXPECTED_MESSAGE);
-        }
-
-        if (peek)
-                return tls_content_peek(rl->rcontent, buf, n);
-
-        return tls_content_read(rl->rcontent, buf, n);
-}
-
-static ssize_t
-tls13_record_layer_peek(struct tls13_record_layer *rl, uint8_t content_type,
-    uint8_t *buf, size_t n)
-{
-        ssize_t ret;
-
-        do {
-                ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 1);
-        } while (ret == TLS13_IO_WANT_RETRY);
-
-        if (rl->alert != 0)
-                return tls13_send_alert(rl, rl->alert);
-
-        return ret;
-}
-
-static ssize_t
-tls13_record_layer_read(struct tls13_record_layer *rl, uint8_t content_type,
-    uint8_t *buf, size_t n)
-{
-        ssize_t ret;
-
-        do {
-                ret = tls13_record_layer_read_internal(rl, content_type, buf, n, 0);
-        } while (ret == TLS13_IO_WANT_RETRY);
-
-        if (rl->alert != 0)
-                return tls13_send_alert(rl, rl->alert);
-
-        return ret;
-}
-
-static ssize_t
-tls13_record_layer_write_record(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *content, size_t content_len)
-{
-        ssize_t ret;
-
-        if (rl->write_closed)
-                return TLS13_IO_EOF;
-
-        /*
-         * If we pushed out application data while handling other messages,
-         * we need to return content length on the next call.
-         */
-        if (content_type == SSL3_RT_APPLICATION_DATA &&
-            rl->wrec_appdata_len != 0) {
-                ret = rl->wrec_appdata_len;
-                rl->wrec_appdata_len = 0;
-                return ret;
-        }
-
-        /* See if there is an existing record and attempt to push it out... */
-        if (rl->wrec != NULL) {
-                if ((ret = tls13_record_send(rl->wrec, rl->cb.wire_write,
-                    rl->cb_arg)) <= 0)
-                        return ret;
-                tls13_record_layer_wrec_free(rl);
-
-                if (rl->wrec_content_type == content_type) {
-                        ret = rl->wrec_content_len;
-                        rl->wrec_content_len = 0;
-                        rl->wrec_content_type = 0;
-                        return ret;
-                }
-
-                /*
-                 * The only partial record type should be application data.
-                 * All other cases are handled to completion.
-                 */
-                if (rl->wrec_content_type != SSL3_RT_APPLICATION_DATA)
-                        return TLS13_IO_FAILURE;
-                rl->wrec_appdata_len = rl->wrec_content_len;
-        }
-
-        if (content_len > TLS13_RECORD_MAX_PLAINTEXT_LEN)
-                goto err;
-
-        if (!tls13_record_layer_seal_record(rl, content_type, content, content_len))
-                goto err;
-
-        if ((ret = tls13_record_send(rl->wrec, rl->cb.wire_write, rl->cb_arg)) <= 0)
-                return ret;
-
-        tls13_record_layer_wrec_free(rl);
-
-        return content_len;
-
- err:
-        return TLS13_IO_FAILURE;
-}
-
-static ssize_t
-tls13_record_layer_write_chunk(struct tls13_record_layer *rl,
-    uint8_t content_type, const uint8_t *buf, size_t n)
-{
-        if (n > TLS13_RECORD_MAX_PLAINTEXT_LEN)
-                n = TLS13_RECORD_MAX_PLAINTEXT_LEN;
-
-        return tls13_record_layer_write_record(rl, content_type, buf, n);
-}
-
-static ssize_t
-tls13_record_layer_write(struct tls13_record_layer *rl, uint8_t content_type,
-    const uint8_t *buf, size_t n)
-{
-        ssize_t ret;
-
-        do {
-                ret = tls13_record_layer_send_pending(rl);
-        } while (ret == TLS13_IO_WANT_RETRY);
-        if (ret != TLS13_IO_SUCCESS)
-                return ret;
-
-        do {
-                ret = tls13_record_layer_write_chunk(rl, content_type, buf, n);
-        } while (ret == TLS13_IO_WANT_RETRY);
-
-        return ret;
-}
-
-ssize_t
-tls13_record_layer_flush(struct tls13_record_layer *rl)
-{
-        return rl->cb.wire_flush(rl->cb_arg);
-}
-
-static const uint8_t tls13_dummy_ccs[] = { 0x01 };
-
-ssize_t
-tls13_send_dummy_ccs(struct tls13_record_layer *rl)
-{
-        ssize_t ret;
-
-        if (rl->ccs_sent)
-                return TLS13_IO_FAILURE;
-
-        if ((ret = tls13_record_layer_write(rl, SSL3_RT_CHANGE_CIPHER_SPEC,
-            tls13_dummy_ccs, sizeof(tls13_dummy_ccs))) <= 0)
-                return ret;
-
-        rl->ccs_sent = 1;
-
-        return TLS13_IO_SUCCESS;
-}
-
-ssize_t
-tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
-{
-        if (rl->cb.handshake_read != NULL)
-                return rl->cb.handshake_read(buf, n, rl->cb_arg);
-
-        return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n);
-}
-
-ssize_t
-tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
-    size_t n)
-{
-        if (rl->cb.handshake_write != NULL)
-                return rl->cb.handshake_write(buf, n, rl->cb_arg);
-
-        return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n);
-}
-
-ssize_t
-tls13_pending_application_data(struct tls13_record_layer *rl)
-{
-        if (!rl->handshake_completed)
-                return 0;
-
-        return tls13_record_layer_pending(rl, SSL3_RT_APPLICATION_DATA);
-}
-
-ssize_t
-tls13_peek_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
-{
-        if (!rl->handshake_completed)
-                return TLS13_IO_FAILURE;
-
-        return tls13_record_layer_peek(rl, SSL3_RT_APPLICATION_DATA, buf, n);
-}
-
-ssize_t
-tls13_read_application_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
-{
-        if (!rl->handshake_completed)
-                return TLS13_IO_FAILURE;
-
-        return tls13_record_layer_read(rl, SSL3_RT_APPLICATION_DATA, buf, n);
-}
-
-ssize_t
-tls13_write_application_data(struct tls13_record_layer *rl, const uint8_t *buf,
-    size_t n)
-{
-        if (!rl->handshake_completed)
-                return TLS13_IO_FAILURE;
-
-        return tls13_record_layer_write(rl, SSL3_RT_APPLICATION_DATA, buf, n);
-}
-
-ssize_t
-tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
-{
-        uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;
-        ssize_t ret;
-
-        if (rl->cb.alert_send != NULL)
-                return rl->cb.alert_send(alert_desc, rl->cb_arg);
-
-        if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY ||
-            alert_desc == TLS13_ALERT_USER_CANCELED)
-                alert_level = TLS13_ALERT_LEVEL_WARNING;
-
-        do {
-                ret = tls13_record_layer_enqueue_alert(rl, alert_level,
-                    alert_desc);
-        } while (ret == TLS13_IO_WANT_RETRY);
-
-        return ret;
-}
diff --git a/src/lib/libssl/tls13_server.c b/src/lib/libssl/tls13_server.c
deleted file mode 100644
index 63b7d92093..0000000000
--- a/src/lib/libssl/tls13_server.c
+++ /dev/null
@@ -1,1095 +0,0 @@
-/* $OpenBSD: tls13_server.c,v 1.109 2024/07/22 14:47:15 jsing Exp $ */
-/*
- * Copyright (c) 2019, 2020 Joel Sing <jsing@openbsd.org>
- * Copyright (c) 2020 Bob Beck <beck@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <openssl/x509v3.h>
-
-#include "ssl_local.h"
-#include "ssl_sigalgs.h"
-#include "ssl_tlsext.h"
-#include "tls13_handshake.h"
-#include "tls13_internal.h"
-
-int
-tls13_server_init(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-
-        if (!ssl_supported_tls_version_range(s, &ctx->hs->our_min_tls_version,
-            &ctx->hs->our_max_tls_version)) {
-                SSLerror(s, SSL_R_NO_PROTOCOLS_AVAILABLE);
-                return 0;
-        }
-        s->version = ctx->hs->our_max_tls_version;
-
-        tls13_record_layer_set_retry_after_phh(ctx->rl,
-            (s->mode & SSL_MODE_AUTO_RETRY) != 0);
-
-        if (!ssl_get_new_session(s, 0)) /* XXX */
-                return 0;
-
-        tls13_record_layer_set_legacy_version(ctx->rl, TLS1_VERSION);
-
-        if (!tls1_transcript_init(s))
-                return 0;
-
-        arc4random_buf(s->s3->server_random, SSL3_RANDOM_SIZE);
-
-        return 1;
-}
-
-int
-tls13_server_accept(struct tls13_ctx *ctx)
-{
-        if (ctx->mode != TLS13_HS_SERVER)
-                return TLS13_IO_FAILURE;
-
-        return tls13_handshake_perform(ctx);
-}
-
-static int
-tls13_client_hello_is_legacy(CBS *cbs)
-{
-        CBS extensions_block, extensions, extension_data, versions;
-        uint16_t version, max_version = 0;
-        uint16_t type;
-
-        CBS_dup(cbs, &extensions_block);
-
-        if (!CBS_get_u16_length_prefixed(&extensions_block, &extensions))
-                return 1;
-
-        while (CBS_len(&extensions) > 0) {
-                if (!CBS_get_u16(&extensions, &type))
-                        return 1;
-                if (!CBS_get_u16_length_prefixed(&extensions, &extension_data))
-                        return 1;
-
-                if (type != TLSEXT_TYPE_supported_versions)
-                        continue;
-                if (!CBS_get_u8_length_prefixed(&extension_data, &versions))
-                        return 1;
-                while (CBS_len(&versions) > 0) {
-                        if (!CBS_get_u16(&versions, &version))
-                                return 1;
-                        if (version >= max_version)
-                                max_version = version;
-                }
-                if (CBS_len(&extension_data) != 0)
-                        return 1;
-        }
-
-        return (max_version < TLS1_3_VERSION);
-}
-
-int
-tls13_client_hello_required_extensions(struct tls13_ctx *ctx)
-{
-        SSL *s = ctx->ssl;
-
-        /*
-         * RFC 8446, section 9.2. If the ClientHello has supported_versions
-         * containing TLSv1.3, presence or absence of some extensions requires
-         * presence or absence of others.
-         */
-
-        /*
-         * RFC 8446 section 4.2.9 - if we received a pre_shared_key, then we
-         * also need psk_key_exchange_modes. Otherwise, section 9.2 specifies
-         * that we need both signature_algorithms and supported_groups.
-         */
-        if (tlsext_extension_seen(s, TLSEXT_TYPE_pre_shared_key)) {
-                if (!tlsext_extension_seen(s,
-                    TLSEXT_TYPE_psk_key_exchange_modes))
-                        return 0;
-        } else {
-                if (!tlsext_extension_seen(s, TLSEXT_TYPE_signature_algorithms))
-                        return 0;
-                if (!tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups))
-                        return 0;
-        }
-
-        /*
-         * supported_groups and key_share must either both be present or
-         * both be absent.
-         */
-        if (tlsext_extension_seen(s, TLSEXT_TYPE_supported_groups) !=
-            tlsext_extension_seen(s, TLSEXT_TYPE_key_share))
-                return 0;
-
-        /*
-         * XXX - Require server_name from client? If so, we SHOULD enforce
-         * this here - RFC 8446, 9.2.
-         */
-
-        return 1;
-}
-
-static const uint8_t tls13_compression_null_only[] = { 0 };
-
-static int
-tls13_client_hello_process(struct tls13_ctx *ctx, CBS *cbs)
-{
-        CBS cipher_suites, client_random, compression_methods, session_id;
-        STACK_OF(SSL_CIPHER) *ciphers = NULL;
-        const SSL_CIPHER *cipher;
-        uint16_t legacy_version;
-        int alert_desc;
-        SSL *s = ctx->ssl;
-        int ret = 0;
-
-        if (!CBS_get_u16(cbs, &legacy_version))
-                goto err;
-        if (!CBS_get_bytes(cbs, &client_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!CBS_get_u8_length_prefixed(cbs, &session_id))
-                goto err;
-        if (!CBS_get_u16_length_prefixed(cbs, &cipher_suites))
-                goto err;
-        if (!CBS_get_u8_length_prefixed(cbs, &compression_methods))
-                goto err;
-
-        if (tls13_client_hello_is_legacy(cbs) || s->version < TLS1_3_VERSION) {
-                if (!CBS_skip(cbs, CBS_len(cbs)))
-                        goto err;
-                return tls13_use_legacy_server(ctx);
-        }
-        ctx->hs->negotiated_tls_version = TLS1_3_VERSION;
-        ctx->hs->peer_legacy_version = legacy_version;
-
-        /* Ensure we send subsequent alerts with the correct record version. */
-        tls13_record_layer_set_legacy_version(ctx->rl, TLS1_2_VERSION);
-
-        /*
-         * Ensure that the client has not requested middlebox compatibility mode
-         * if it is prohibited from doing so.
-         */
-        if (!ctx->middlebox_compat && CBS_len(&session_id) != 0) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        /* Add decoded values to the current ClientHello hash */
-        if (!tls13_clienthello_hash_init(ctx)) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-        if (!tls13_clienthello_hash_update_bytes(ctx, (void *)&legacy_version,
-            sizeof(legacy_version))) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-        if (!tls13_clienthello_hash_update(ctx, &client_random)) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-        if (!tls13_clienthello_hash_update(ctx, &session_id)) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-        if (!tls13_clienthello_hash_update(ctx, &cipher_suites)) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-        if (!tls13_clienthello_hash_update(ctx, &compression_methods)) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-
-        if (!tlsext_server_parse(s, SSL_TLSEXT_MSG_CH, cbs, &alert_desc)) {
-                ctx->alert = alert_desc;
-                goto err;
-        }
-
-        /* Finalize first ClientHello hash, or validate against it */
-        if (!ctx->hs->tls13.hrr) {
-                if (!tls13_clienthello_hash_finalize(ctx)) {
-                        ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                        goto err;
-                }
-        } else {
-                if (!tls13_clienthello_hash_validate(ctx)) {
-                        ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                        goto err;
-                }
-                tls13_clienthello_hash_clear(&ctx->hs->tls13);
-        }
-
-        if (!tls13_client_hello_required_extensions(ctx)) {
-                ctx->alert = TLS13_ALERT_MISSING_EXTENSION;
-                goto err;
-        }
-
-        /*
-         * If we got this far we have a supported versions extension that offers
-         * TLS 1.3 or later. This requires the legacy version be set to 0x0303.
-         */
-        if (legacy_version != TLS1_2_VERSION) {
-                ctx->alert = TLS13_ALERT_PROTOCOL_VERSION;
-                goto err;
-        }
-
-        /*
-         * The legacy session identifier must either be zero length or a 32 byte
-         * value (in which case the client is requesting middlebox compatibility
-         * mode), as per RFC 8446 section 4.1.2. If it is valid, store the value
-         * so that we can echo it back to the client.
-         */
-        if (CBS_len(&session_id) != 0 &&
-            CBS_len(&session_id) != sizeof(ctx->hs->tls13.legacy_session_id)) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-        if (!CBS_write_bytes(&session_id, ctx->hs->tls13.legacy_session_id,
-            sizeof(ctx->hs->tls13.legacy_session_id),
-            &ctx->hs->tls13.legacy_session_id_len)) {
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-                goto err;
-        }
-
-        /* Parse cipher suites list and select preferred cipher. */
-        if ((ciphers = ssl_bytes_to_cipher_list(s, &cipher_suites)) == NULL) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-        cipher = ssl3_choose_cipher(s, ciphers, SSL_get_ciphers(s));
-        if (cipher == NULL) {
-                tls13_set_errorx(ctx, TLS13_ERR_NO_SHARED_CIPHER, 0,
-                    "no shared cipher found", NULL);
-                ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;
-                goto err;
-        }
-        ctx->hs->cipher = cipher;
-
-        sk_SSL_CIPHER_free(s->s3->hs.client_ciphers);
-        s->s3->hs.client_ciphers = ciphers;
-        ciphers = NULL;
-
-        /* Ensure only the NULL compression method is advertised. */
-        if (!CBS_mem_equal(&compression_methods, tls13_compression_null_only,
-            sizeof(tls13_compression_null_only))) {
-                ctx->alert = TLS13_ALERT_ILLEGAL_PARAMETER;
-                goto err;
-        }
-
-        ret = 1;
-
- err:
-        sk_SSL_CIPHER_free(ciphers);
-
-        return ret;
-}
-
-int
-tls13_client_hello_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        SSL *s = ctx->ssl;
-
-        if (!tls13_client_hello_process(ctx, cbs))
-                goto err;
-
-        /* See if we switched back to the legacy client method. */
-        if (s->method->version < TLS1_3_VERSION)
-                return 1;
-
-        /*
-         * If a matching key share was provided, we do not need to send a
-         * HelloRetryRequest.
-         */
-        /*
-         * XXX - ideally NEGOTIATED would only be added after record protection
-         * has been enabled. This would probably mean using either an
-         * INITIAL | WITHOUT_HRR state, or another intermediate state.
-         */
-        if (ctx->hs->key_share != NULL)
-                ctx->handshake_stage.hs_type |= NEGOTIATED | WITHOUT_HRR;
-
-        tls13_record_layer_allow_ccs(ctx->rl, 1);
-
-        return 1;
-
- err:
-        return 0;
-}
-
-static int
-tls13_server_hello_build(struct tls13_ctx *ctx, CBB *cbb, int hrr)
-{
-        uint16_t tlsext_msg_type = SSL_TLSEXT_MSG_SH;
-        const uint8_t *server_random;
-        CBB session_id;
-        SSL *s = ctx->ssl;
-        uint16_t cipher;
-
-        cipher = SSL_CIPHER_get_value(ctx->hs->cipher);
-        server_random = s->s3->server_random;
-
-        if (hrr) {
-                server_random = tls13_hello_retry_request_hash;
-                tlsext_msg_type = SSL_TLSEXT_MSG_HRR;
-        }
-
-        if (!CBB_add_u16(cbb, TLS1_2_VERSION))
-                goto err;
-        if (!CBB_add_bytes(cbb, server_random, SSL3_RANDOM_SIZE))
-                goto err;
-        if (!CBB_add_u8_length_prefixed(cbb, &session_id))
-                goto err;
-        if (!CBB_add_bytes(&session_id, ctx->hs->tls13.legacy_session_id,
-            ctx->hs->tls13.legacy_session_id_len))
-                goto err;
-        if (!CBB_add_u16(cbb, cipher))
-                goto err;
-        if (!CBB_add_u8(cbb, 0))
-                goto err;
-        if (!tlsext_server_build(s, tlsext_msg_type, cbb))
-                goto err;
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        return 1;
- err:
-        return 0;
-}
-
-static int
-tls13_server_engage_record_protection(struct tls13_ctx *ctx)
-{
-        struct tls13_secrets *secrets;
-        struct tls13_secret context;
-        unsigned char buf[EVP_MAX_MD_SIZE];
-        uint8_t *shared_key = NULL;
-        size_t shared_key_len = 0;
-        size_t hash_len;
-        SSL *s = ctx->ssl;
-        int ret = 0;
-
-        if (!tls_key_share_derive(ctx->hs->key_share, &shared_key,
-            &shared_key_len))
-                goto err;
-
-        s->session->cipher_value = ctx->hs->cipher->value;
-
-        if ((ctx->aead = tls13_cipher_aead(ctx->hs->cipher)) == NULL)
-                goto err;
-        if ((ctx->hash = tls13_cipher_hash(ctx->hs->cipher)) == NULL)
-                goto err;
-
-        if ((secrets = tls13_secrets_create(ctx->hash, 0)) == NULL)
-                goto err;
-        ctx->hs->tls13.secrets = secrets;
-
-        /* XXX - pass in hash. */
-        if (!tls1_transcript_hash_init(s))
-                goto err;
-        tls1_transcript_free(s);
-        if (!tls1_transcript_hash_value(s, buf, sizeof(buf), &hash_len))
-                goto err;
-        context.data = buf;
-        context.len = hash_len;
-
-        /* Early secrets. */
-        if (!tls13_derive_early_secrets(secrets, secrets->zeros.data,
-            secrets->zeros.len, &context))
-                goto err;
-
-        /* Handshake secrets. */
-        if (!tls13_derive_handshake_secrets(ctx->hs->tls13.secrets, shared_key,
-            shared_key_len, &context))
-                goto err;
-
-        tls13_record_layer_set_aead(ctx->rl, ctx->aead);
-        tls13_record_layer_set_hash(ctx->rl, ctx->hash);
-
-        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->client_handshake_traffic, ssl_encryption_handshake))
-                goto err;
-        if (!tls13_record_layer_set_write_traffic_key(ctx->rl,
-            &secrets->server_handshake_traffic, ssl_encryption_handshake))
-                goto err;
-
-        ctx->handshake_stage.hs_type |= NEGOTIATED;
-        if (!(SSL_get_verify_mode(s) & SSL_VERIFY_PEER))
-                ctx->handshake_stage.hs_type |= WITHOUT_CR;
-
-        ret = 1;
-
- err:
-        freezero(shared_key, shared_key_len);
-        return ret;
-}
-
-int
-tls13_server_hello_retry_request_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        int nid;
-
-        ctx->hs->tls13.hrr = 1;
-
-        if (!tls13_synthetic_handshake_message(ctx))
-                return 0;
-
-        if (ctx->hs->key_share != NULL)
-                return 0;
-        if (!tls1_get_supported_group(ctx->ssl, &nid))
-                return 0;
-        if (!tls1_ec_nid2group_id(nid, &ctx->hs->tls13.server_group))
-                return 0;
-
-        if (!tls13_server_hello_build(ctx, cbb, 1))
-                return 0;
-
-        return 1;
-}
-
-int
-tls13_server_hello_retry_request_sent(struct tls13_ctx *ctx)
-{
-        /*
-         * If the client has requested middlebox compatibility mode,
-         * we MUST send a dummy CCS following our first handshake message.
-         * See RFC 8446 Appendix D.4.
-         */
-        if (ctx->hs->tls13.legacy_session_id_len > 0)
-                ctx->send_dummy_ccs_after = 1;
-
-        return 1;
-}
-
-int
-tls13_client_hello_retry_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        SSL *s = ctx->ssl;
-
-        if (!tls13_client_hello_process(ctx, cbs))
-                return 0;
-
-        /* XXX - need further checks. */
-        if (s->method->version < TLS1_3_VERSION)
-                return 0;
-
-        ctx->hs->tls13.hrr = 0;
-
-        return 1;
-}
-
-static int
-tls13_servername_process(struct tls13_ctx *ctx)
-{
-        uint8_t alert = TLS13_ALERT_INTERNAL_ERROR;
-
-        if (!tls13_legacy_servername_process(ctx, &alert)) {
-                ctx->alert = alert;
-                return 0;
-        }
-
-        return 1;
-}
-
-int
-tls13_server_hello_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        if (ctx->hs->key_share == NULL)
-                return 0;
-        if (!tls_key_share_generate(ctx->hs->key_share))
-                return 0;
-        if (!tls13_servername_process(ctx))
-                return 0;
-
-        ctx->hs->tls13.server_group = 0;
-
-        if (!tls13_server_hello_build(ctx, cbb, 0))
-                return 0;
-
-        return 1;
-}
-
-int
-tls13_server_hello_sent(struct tls13_ctx *ctx)
-{
-        /*
-         * If the client has requested middlebox compatibility mode,
-         * we MUST send a dummy CCS following our first handshake message.
-         * See RFC 8446 Appendix D.4.
-         */
-        if ((ctx->handshake_stage.hs_type & WITHOUT_HRR) &&
-            ctx->hs->tls13.legacy_session_id_len > 0)
-                ctx->send_dummy_ccs_after = 1;
-
-        return tls13_server_engage_record_protection(ctx);
-}
-
-int
-tls13_server_encrypted_extensions_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_EE, cbb))
-                goto err;
-
-        return 1;
- err:
-        return 0;
-}
-
-int
-tls13_server_certificate_request_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        CBB certificate_request_context;
-
-        if (!CBB_add_u8_length_prefixed(cbb, &certificate_request_context))
-                goto err;
-        if (!tlsext_server_build(ctx->ssl, SSL_TLSEXT_MSG_CR, cbb))
-                goto err;
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        return 1;
- err:
-        return 0;
-}
-
-static int
-tls13_server_check_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY *cpk,
-    int *ok, const struct ssl_sigalg **out_sigalg)
-{
-        const struct ssl_sigalg *sigalg;
-        SSL *s = ctx->ssl;
-
-        *ok = 0;
-        *out_sigalg = NULL;
-
-        if (cpk->x509 == NULL || cpk->privatekey == NULL)
-                goto done;
-
-        /*
-         * The digitalSignature bit MUST be set if the Key Usage extension is
-         * present as per RFC 8446 section 4.4.2.2.
-         */
-        if (!(X509_get_key_usage(cpk->x509) & X509v3_KU_DIGITAL_SIGNATURE))
-                goto done;
-
-        if ((sigalg = ssl_sigalg_select(s, cpk->privatekey)) == NULL)
-                goto done;
-
-        *ok = 1;
-        *out_sigalg = sigalg;
-
- done:
-        return 1;
-}
-
-static int
-tls13_server_select_certificate(struct tls13_ctx *ctx, SSL_CERT_PKEY **out_cpk,
-    const struct ssl_sigalg **out_sigalg)
-{
-        SSL *s = ctx->ssl;
-        const struct ssl_sigalg *sigalg;
-        SSL_CERT_PKEY *cpk;
-        int cert_ok;
-
-        *out_cpk = NULL;
-        *out_sigalg = NULL;
-
-        cpk = &s->cert->pkeys[SSL_PKEY_ECC];
-        if (!tls13_server_check_certificate(ctx, cpk, &cert_ok, &sigalg))
-                return 0;
-        if (cert_ok)
-                goto done;
-
-        cpk = &s->cert->pkeys[SSL_PKEY_RSA];
-        if (!tls13_server_check_certificate(ctx, cpk, &cert_ok, &sigalg))
-                return 0;
-        if (cert_ok)
-                goto done;
-
-        cpk = NULL;
-        sigalg = NULL;
-
- done:
-        *out_cpk = cpk;
-        *out_sigalg = sigalg;
-
-        return 1;
-}
-
-int
-tls13_server_certificate_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        SSL *s = ctx->ssl;
-        CBB cert_request_context, cert_list;
-        const struct ssl_sigalg *sigalg;
-        X509_STORE_CTX *xsc = NULL;
-        STACK_OF(X509) *chain;
-        SSL_CERT_PKEY *cpk;
-        X509 *cert;
-        int i, ret = 0;
-
-        if (!tls13_server_select_certificate(ctx, &cpk, &sigalg))
-                goto err;
-
-        if (cpk == NULL) {
-                /* A server must always provide a certificate. */
-                ctx->alert = TLS13_ALERT_HANDSHAKE_FAILURE;
-                tls13_set_errorx(ctx, TLS13_ERR_NO_CERTIFICATE, 0,
-                    "no server certificate", NULL);
-                goto err;
-        }
-
-        ctx->hs->tls13.cpk = cpk;
-        ctx->hs->our_sigalg = sigalg;
-
-        if ((chain = cpk->chain) == NULL)
-                chain = s->ctx->extra_certs;
-
-        if (chain == NULL && !(s->mode & SSL_MODE_NO_AUTO_CHAIN)) {
-                if ((xsc = X509_STORE_CTX_new()) == NULL)
-                        goto err;
-                if (!X509_STORE_CTX_init(xsc, s->ctx->cert_store, cpk->x509, NULL))
-                        goto err;
-                X509_VERIFY_PARAM_set_flags(X509_STORE_CTX_get0_param(xsc),
-                    X509_V_FLAG_LEGACY_VERIFY);
-                X509_verify_cert(xsc);
-                ERR_clear_error();
-                chain = X509_STORE_CTX_get0_chain(xsc);
-        }
-
-        if (!CBB_add_u8_length_prefixed(cbb, &cert_request_context))
-                goto err;
-        if (!CBB_add_u24_length_prefixed(cbb, &cert_list))
-                goto err;
-
-        if (!tls13_cert_add(ctx, &cert_list, cpk->x509, tlsext_server_build))
-                goto err;
-
-        for (i = 0; i < sk_X509_num(chain); i++) {
-                cert = sk_X509_value(chain, i);
-
-                /*
-                 * In the case of auto chain, the leaf certificate will be at
-                 * the top of the chain - skip over it as we've already added
-                 * it earlier.
-                 */
-                if (i == 0 && cert == cpk->x509)
-                        continue;
-
-                /*
-                 * XXX we don't send extensions with chain certs to avoid sending
-                 * a leaf ocsp staple with the chain certs.  This needs to get
-                 * fixed.
-                 */
-                if (!tls13_cert_add(ctx, &cert_list, cert, NULL))
-                        goto err;
-        }
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        ret = 1;
-
- err:
-        X509_STORE_CTX_free(xsc);
-
-        return ret;
-}
-
-int
-tls13_server_certificate_verify_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        const struct ssl_sigalg *sigalg;
-        uint8_t *sig = NULL, *sig_content = NULL;
-        size_t sig_len, sig_content_len;
-        EVP_MD_CTX *mdctx = NULL;
-        EVP_PKEY_CTX *pctx;
-        EVP_PKEY *pkey;
-        const SSL_CERT_PKEY *cpk;
-        CBB sig_cbb;
-        int ret = 0;
-
-        memset(&sig_cbb, 0, sizeof(sig_cbb));
-
-        if ((cpk = ctx->hs->tls13.cpk) == NULL)
-                goto err;
-        if ((sigalg = ctx->hs->our_sigalg) == NULL)
-                goto err;
-        pkey = cpk->privatekey;
-
-        if (!CBB_init(&sig_cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, tls13_cert_verify_pad,
-            sizeof(tls13_cert_verify_pad)))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, tls13_cert_server_verify_context,
-            strlen(tls13_cert_server_verify_context)))
-                goto err;
-        if (!CBB_add_u8(&sig_cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, ctx->hs->tls13.transcript_hash,
-            ctx->hs->tls13.transcript_hash_len))
-                goto err;
-        if (!CBB_finish(&sig_cbb, &sig_content, &sig_content_len))
-                goto err;
-
-        if ((mdctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestSignInit(mdctx, &pctx, sigalg->md(), NULL, pkey))
-                goto err;
-        if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
-                if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
-                        goto err;
-                if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
-                        goto err;
-        }
-        if (!EVP_DigestSign(mdctx, NULL, &sig_len, sig_content, sig_content_len))
-                goto err;
-        if ((sig = calloc(1, sig_len)) == NULL)
-                goto err;
-        if (!EVP_DigestSign(mdctx, sig, &sig_len, sig_content, sig_content_len))
-                goto err;
-
-        if (!CBB_add_u16(cbb, sigalg->value))
-                goto err;
-        if (!CBB_add_u16_length_prefixed(cbb, &sig_cbb))
-                goto err;
-        if (!CBB_add_bytes(&sig_cbb, sig, sig_len))
-                goto err;
-
-        if (!CBB_flush(cbb))
-                goto err;
-
-        ret = 1;
-
- err:
-        if (!ret && ctx->alert == 0)
-                ctx->alert = TLS13_ALERT_INTERNAL_ERROR;
-
-        CBB_cleanup(&sig_cbb);
-        EVP_MD_CTX_free(mdctx);
-        free(sig_content);
-        free(sig);
-
-        return ret;
-}
-
-int
-tls13_server_finished_send(struct tls13_ctx *ctx, CBB *cbb)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret context = { .data = "", .len = 0 };
-        struct tls13_secret finished_key = { .data = NULL, .len = 0 } ;
-        uint8_t transcript_hash[EVP_MAX_MD_SIZE];
-        size_t transcript_hash_len;
-        uint8_t *verify_data;
-        size_t verify_data_len;
-        unsigned int hlen;
-        HMAC_CTX *hmac_ctx = NULL;
-        CBS cbs;
-        int ret = 0;
-
-        if (!tls13_secret_init(&finished_key, EVP_MD_size(ctx->hash)))
-                goto err;
-
-        if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
-            &secrets->server_handshake_traffic, "finished",
-            &context))
-                goto err;
-
-        if (!tls1_transcript_hash_value(ctx->ssl, transcript_hash,
-            sizeof(transcript_hash), &transcript_hash_len))
-                goto err;
-
-        if ((hmac_ctx = HMAC_CTX_new()) == NULL)
-                goto err;
-        if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len,
-            ctx->hash, NULL))
-                goto err;
-        if (!HMAC_Update(hmac_ctx, transcript_hash, transcript_hash_len))
-                goto err;
-
-        verify_data_len = HMAC_size(hmac_ctx);
-        if (!CBB_add_space(cbb, &verify_data, verify_data_len))
-                goto err;
-        if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
-                goto err;
-        if (hlen != verify_data_len)
-                goto err;
-
-        CBS_init(&cbs, verify_data, verify_data_len);
-        if (!CBS_write_bytes(&cbs, ctx->hs->finished,
-            sizeof(ctx->hs->finished), &ctx->hs->finished_len))
-                goto err;
-
-        ret = 1;
-
- err:
-        tls13_secret_cleanup(&finished_key);
-        HMAC_CTX_free(hmac_ctx);
-
-        return ret;
-}
-
-int
-tls13_server_finished_sent(struct tls13_ctx *ctx)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret context = { .data = "", .len = 0 };
-
-        /*
-         * Derive application traffic keys.
-         */
-        context.data = ctx->hs->tls13.transcript_hash;
-        context.len = ctx->hs->tls13.transcript_hash_len;
-
-        if (!tls13_derive_application_secrets(secrets, &context))
-                return 0;
-
-        /*
-         * Any records following the server finished message must be encrypted
-         * using the server application traffic keys.
-         */
-        return tls13_record_layer_set_write_traffic_key(ctx->rl,
-            &secrets->server_application_traffic, ssl_encryption_application);
-}
-
-int
-tls13_client_certificate_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        CBS cert_request_context, cert_list, cert_data, cert_exts;
-        struct stack_st_X509 *certs = NULL;
-        SSL *s = ctx->ssl;
-        X509 *cert = NULL;
-        const uint8_t *p;
-        int ret = 0;
-
-        if (!CBS_get_u8_length_prefixed(cbs, &cert_request_context))
-                goto err;
-        if (CBS_len(&cert_request_context) != 0)
-                goto err;
-        if (!CBS_get_u24_length_prefixed(cbs, &cert_list))
-                goto err;
-        if (CBS_len(&cert_list) == 0) {
-                if (!(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT))
-                        return 1;
-                ctx->alert = TLS13_ALERT_CERTIFICATE_REQUIRED;
-                tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0,
-                    "peer did not provide a certificate", NULL);
-                goto err;
-        }
-
-        if ((certs = sk_X509_new_null()) == NULL)
-                goto err;
-        while (CBS_len(&cert_list) > 0) {
-                if (!CBS_get_u24_length_prefixed(&cert_list, &cert_data))
-                        goto err;
-                if (!CBS_get_u16_length_prefixed(&cert_list, &cert_exts))
-                        goto err;
-
-                p = CBS_data(&cert_data);
-                if ((cert = d2i_X509(NULL, &p, CBS_len(&cert_data))) == NULL)
-                        goto err;
-                if (p != CBS_data(&cert_data) + CBS_len(&cert_data))
-                        goto err;
-
-                if (!sk_X509_push(certs, cert))
-                        goto err;
-
-                cert = NULL;
-        }
-
-        /*
-         * At this stage we still have no proof of possession. As such, it would
-         * be preferable to keep the chain and verify once we have successfully
-         * processed the CertificateVerify message.
-         */
-        if (ssl_verify_cert_chain(s, certs) <= 0) {
-                ctx->alert = ssl_verify_alarm_type(s->verify_result);
-                tls13_set_errorx(ctx, TLS13_ERR_VERIFY_FAILED, 0,
-                    "failed to verify peer certificate", NULL);
-                goto err;
-        }
-        s->session->verify_result = s->verify_result;
-        ERR_clear_error();
-
-        if (!tls_process_peer_certs(s, certs))
-                goto err;
-
-        ctx->handshake_stage.hs_type |= WITH_CCV;
-        ret = 1;
-
- err:
-        sk_X509_pop_free(certs, X509_free);
-        X509_free(cert);
-
-        return ret;
-}
-
-int
-tls13_client_certificate_verify_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        const struct ssl_sigalg *sigalg;
-        uint16_t signature_scheme;
-        uint8_t *sig_content = NULL;
-        size_t sig_content_len;
-        EVP_MD_CTX *mdctx = NULL;
-        EVP_PKEY_CTX *pctx;
-        EVP_PKEY *pkey;
-        X509 *cert;
-        CBS signature;
-        CBB cbb;
-        int ret = 0;
-
-        memset(&cbb, 0, sizeof(cbb));
-
-        if (!CBS_get_u16(cbs, &signature_scheme))
-                goto err;
-        if (!CBS_get_u16_length_prefixed(cbs, &signature))
-                goto err;
-
-        if (!CBB_init(&cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&cbb, tls13_cert_verify_pad,
-            sizeof(tls13_cert_verify_pad)))
-                goto err;
-        if (!CBB_add_bytes(&cbb, tls13_cert_client_verify_context,
-            strlen(tls13_cert_client_verify_context)))
-                goto err;
-        if (!CBB_add_u8(&cbb, 0))
-                goto err;
-        if (!CBB_add_bytes(&cbb, ctx->hs->tls13.transcript_hash,
-            ctx->hs->tls13.transcript_hash_len))
-                goto err;
-        if (!CBB_finish(&cbb, &sig_content, &sig_content_len))
-                goto err;
-
-        if ((cert = ctx->ssl->session->peer_cert) == NULL)
-                goto err;
-        if ((pkey = X509_get0_pubkey(cert)) == NULL)
-                goto err;
-        if ((sigalg = ssl_sigalg_for_peer(ctx->ssl, pkey,
-            signature_scheme)) == NULL)
-                goto err;
-        ctx->hs->peer_sigalg = sigalg;
-
-        if (CBS_len(&signature) > EVP_PKEY_size(pkey))
-                goto err;
-
-        if ((mdctx = EVP_MD_CTX_new()) == NULL)
-                goto err;
-        if (!EVP_DigestVerifyInit(mdctx, &pctx, sigalg->md(), NULL, pkey))
-                goto err;
-        if (sigalg->flags & SIGALG_FLAG_RSA_PSS) {
-                if (!EVP_PKEY_CTX_set_rsa_padding(pctx, RSA_PKCS1_PSS_PADDING))
-                        goto err;
-                if (!EVP_PKEY_CTX_set_rsa_pss_saltlen(pctx, -1))
-                        goto err;
-        }
-        if (EVP_DigestVerify(mdctx, CBS_data(&signature), CBS_len(&signature),
-            sig_content, sig_content_len) <= 0) {
-                ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
-                goto err;
-        }
-
-        ret = 1;
-
- err:
-        if (!ret && ctx->alert == 0)
-                ctx->alert = TLS13_ALERT_DECODE_ERROR;
-
-        CBB_cleanup(&cbb);
-        EVP_MD_CTX_free(mdctx);
-        free(sig_content);
-
-        return ret;
-}
-
-int
-tls13_client_end_of_early_data_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        return 0;
-}
-
-int
-tls13_client_finished_recv(struct tls13_ctx *ctx, CBS *cbs)
-{
-        struct tls13_secrets *secrets = ctx->hs->tls13.secrets;
-        struct tls13_secret context = { .data = "", .len = 0 };
-        struct tls13_secret finished_key;
-        uint8_t *verify_data = NULL;
-        size_t verify_data_len;
-        uint8_t key[EVP_MAX_MD_SIZE];
-        HMAC_CTX *hmac_ctx = NULL;
-        unsigned int hlen;
-        int ret = 0;
-
-        /*
-         * Verify client finished.
-         */
-        finished_key.data = key;
-        finished_key.len = EVP_MD_size(ctx->hash);
-
-        if (!tls13_hkdf_expand_label(&finished_key, ctx->hash,
-            &secrets->client_handshake_traffic, "finished",
-            &context))
-                goto err;
-
-        if ((hmac_ctx = HMAC_CTX_new()) == NULL)
-                goto err;
-        if (!HMAC_Init_ex(hmac_ctx, finished_key.data, finished_key.len,
-            ctx->hash, NULL))
-                goto err;
-        if (!HMAC_Update(hmac_ctx, ctx->hs->tls13.transcript_hash,
-            ctx->hs->tls13.transcript_hash_len))
-                goto err;
-        verify_data_len = HMAC_size(hmac_ctx);
-        if ((verify_data = calloc(1, verify_data_len)) == NULL)
-                goto err;
-        if (!HMAC_Final(hmac_ctx, verify_data, &hlen))
-                goto err;
-        if (hlen != verify_data_len)
-                goto err;
-
-        if (!CBS_mem_equal(cbs, verify_data, verify_data_len)) {
-                ctx->alert = TLS13_ALERT_DECRYPT_ERROR;
-                goto err;
-        }
-
-        if (!CBS_write_bytes(cbs, ctx->hs->peer_finished,
-            sizeof(ctx->hs->peer_finished),
-            &ctx->hs->peer_finished_len))
-                goto err;
-
-        if (!CBS_skip(cbs, verify_data_len))
-                goto err;
-
-        /*
-         * Any records following the client finished message must be encrypted
-         * using the client application traffic keys.
-         */
-        if (!tls13_record_layer_set_read_traffic_key(ctx->rl,
-            &secrets->client_application_traffic, ssl_encryption_application))
-                goto err;
-
-        tls13_record_layer_allow_ccs(ctx->rl, 0);
-
-        ret = 1;
-
- err:
-        HMAC_CTX_free(hmac_ctx);
-        free(verify_data);
-
-        return ret;
-}
diff --git a/src/lib/libssl/tls_buffer.c b/src/lib/libssl/tls_buffer.c
deleted file mode 100644
index 517d66d685..0000000000
--- a/src/lib/libssl/tls_buffer.c
+++ /dev/null
@@ -1,257 +0,0 @@
-/* $OpenBSD: tls_buffer.c,v 1.4 2022/11/10 18:06:37 jsing Exp $ */
-/*
- * Copyright (c) 2018, 2019, 2022 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "bytestring.h"
-#include "tls_internal.h"
-
-#define TLS_BUFFER_CAPACITY_LIMIT       (1024 * 1024)
-
-struct tls_buffer {
-        size_t capacity;
-        size_t capacity_limit;
-        uint8_t *data;
-        size_t len;
-        size_t offset;
-};
-
-static int tls_buffer_resize(struct tls_buffer *buf, size_t capacity);
-
-struct tls_buffer *
-tls_buffer_new(size_t init_size)
-{
-        struct tls_buffer *buf = NULL;
-
-        if ((buf = calloc(1, sizeof(struct tls_buffer))) == NULL)
-                goto err;
-
-        buf->capacity_limit = TLS_BUFFER_CAPACITY_LIMIT;
-
-        if (!tls_buffer_resize(buf, init_size))
-                goto err;
-
-        return buf;
-
- err:
-        tls_buffer_free(buf);
-
-        return NULL;
-}
-
-void
-tls_buffer_clear(struct tls_buffer *buf)
-{
-        freezero(buf->data, buf->capacity);
-
-        buf->data = NULL;
-        buf->capacity = 0;
-        buf->len = 0;
-        buf->offset = 0;
-}
-
-void
-tls_buffer_free(struct tls_buffer *buf)
-{
-        if (buf == NULL)
-                return;
-
-        tls_buffer_clear(buf);
-
-        freezero(buf, sizeof(struct tls_buffer));
-}
-
-static int
-tls_buffer_grow(struct tls_buffer *buf, size_t capacity)
-{
-        if (buf->capacity >= capacity)
-                return 1;
-
-        return tls_buffer_resize(buf, capacity);
-}
-
-static int
-tls_buffer_resize(struct tls_buffer *buf, size_t capacity)
-{
-        uint8_t *data;
-
-        /*
-         * XXX - Consider maintaining a minimum size and growing more
-         * intelligently (rather than exactly).
-         */
-        if (buf->capacity == capacity)
-                return 1;
-
-        if (capacity > buf->capacity_limit)
-                return 0;
-
-        if ((data = recallocarray(buf->data, buf->capacity, capacity, 1)) == NULL)
-                return 0;
-
-        buf->data = data;
-        buf->capacity = capacity;
-
-        /* Ensure that len and offset are valid if capacity decreased. */
-        if (buf->len > buf->capacity)
-                buf->len = buf->capacity;
-        if (buf->offset > buf->len)
-                buf->offset = buf->len;
-
-        return 1;
-}
-
-void
-tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit)
-{
-        /*
-         * XXX - do we want to force a resize if this limit is less than current
-         * capacity... and what do we do with existing data? Force a clear?
-         */
-        buf->capacity_limit = limit;
-}
-
-ssize_t
-tls_buffer_extend(struct tls_buffer *buf, size_t len,
-    tls_read_cb read_cb, void *cb_arg)
-{
-        ssize_t ret;
-
-        if (len == buf->len)
-                return buf->len;
-
-        if (len < buf->len)
-                return TLS_IO_FAILURE;
-
-        if (!tls_buffer_resize(buf, len))
-                return TLS_IO_FAILURE;
-
-        for (;;) {
-                if ((ret = read_cb(&buf->data[buf->len],
-                    buf->capacity - buf->len, cb_arg)) <= 0)
-                        return ret;
-
-                if (ret > buf->capacity - buf->len)
-                        return TLS_IO_FAILURE;
-
-                buf->len += ret;
-
-                if (buf->len == buf->capacity)
-                        return buf->len;
-        }
-}
-
-size_t
-tls_buffer_remaining(struct tls_buffer *buf)
-{
-        if (buf->offset > buf->len)
-                return 0;
-
-        return buf->len - buf->offset;
-}
-
-ssize_t
-tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n)
-{
-        if (buf->offset > buf->len)
-                return TLS_IO_FAILURE;
-
-        if (buf->offset == buf->len)
-                return TLS_IO_WANT_POLLIN;
-
-        if (n > buf->len - buf->offset)
-                n = buf->len - buf->offset;
-
-        memcpy(rbuf, &buf->data[buf->offset], n);
-
-        buf->offset += n;
-
-        return n;
-}
-
-ssize_t
-tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n)
-{
-        if (buf->offset > buf->len)
-                return TLS_IO_FAILURE;
-
-        /*
-         * To avoid continually growing the buffer, pull data up to the
-         * start of the buffer. If all data has been read then we can simply
-         * reset, otherwise wait until we're going to save at least 4KB of
-         * memory to reduce overhead.
-         */
-        if (buf->offset == buf->len) {
-                buf->len = 0;
-                buf->offset = 0;
-        }
-        if (buf->offset >= 4096) {
-                memmove(buf->data, &buf->data[buf->offset],
-                    buf->len - buf->offset);
-                buf->len -= buf->offset;
-                buf->offset = 0;
-        }
-
-        if (buf->len > SIZE_MAX - n)
-                return TLS_IO_FAILURE;
-        if (!tls_buffer_grow(buf, buf->len + n))
-                return TLS_IO_FAILURE;
-
-        memcpy(&buf->data[buf->len], wbuf, n);
-
-        buf->len += n;
-
-        return n;
-}
-
-int
-tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n)
-{
-        return tls_buffer_write(buf, wbuf, n) == n;
-}
-
-int
-tls_buffer_data(struct tls_buffer *buf, CBS *out_cbs)
-{
-        CBS cbs;
-
-        CBS_init(&cbs, buf->data, buf->len);
-
-        if (!CBS_skip(&cbs, buf->offset))
-                return 0;
-
-        CBS_dup(&cbs, out_cbs);
-
-        return 1;
-}
-
-int
-tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len)
-{
-        if (out == NULL || out_len == NULL)
-                return 0;
-
-        *out = buf->data;
-        *out_len = buf->len;
-
-        buf->data = NULL;
-        buf->capacity = 0;
-        buf->len = 0;
-        buf->offset = 0;
-
-        return 1;
-}
diff --git a/src/lib/libssl/tls_content.c b/src/lib/libssl/tls_content.c
deleted file mode 100644
index 726de0fdc4..0000000000
--- a/src/lib/libssl/tls_content.c
+++ /dev/null
@@ -1,164 +0,0 @@
-/* $OpenBSD: tls_content.c,v 1.2 2022/11/11 17:15:27 jsing Exp $ */
-/*
- * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-#include <string.h>
-
-#include "tls_content.h"
-
-/* Content from a TLS record. */
-struct tls_content {
-        uint8_t type;
-        uint16_t epoch;
-
-        const uint8_t *data;
-        size_t data_len;
-        CBS cbs;
-};
-
-struct tls_content *
-tls_content_new(void)
-{
-        return calloc(1, sizeof(struct tls_content));
-}
-
-void
-tls_content_clear(struct tls_content *content)
-{
-        freezero((void *)content->data, content->data_len);
-        memset(content, 0, sizeof(*content));
-}
-
-void
-tls_content_free(struct tls_content *content)
-{
-        if (content == NULL)
-                return;
-
-        tls_content_clear(content);
-
-        freezero(content, sizeof(struct tls_content));
-}
-
-CBS *
-tls_content_cbs(struct tls_content *content)
-{
-        return &content->cbs;
-}
-
-int
-tls_content_equal(struct tls_content *content, const uint8_t *buf, size_t n)
-{
-        return CBS_mem_equal(&content->cbs, buf, n);
-}
-
-size_t
-tls_content_remaining(struct tls_content *content)
-{
-        return CBS_len(&content->cbs);
-}
-
-uint8_t
-tls_content_type(struct tls_content *content)
-{
-        return content->type;
-}
-
-int
-tls_content_dup_data(struct tls_content *content, uint8_t type,
-    const uint8_t *data, size_t data_len)
-{
-        uint8_t *dup;
-
-        if ((dup = calloc(1, data_len)) == NULL)
-                return 0;
-        memcpy(dup, data, data_len);
-
-        tls_content_set_data(content, type, dup, data_len);
-
-        return 1;
-}
-
-uint16_t
-tls_content_epoch(struct tls_content *content)
-{
-        return content->epoch;
-}
-
-void
-tls_content_set_epoch(struct tls_content *content, uint16_t epoch)
-{
-        content->epoch = epoch;
-}
-
-void
-tls_content_set_data(struct tls_content *content, uint8_t type,
-    const uint8_t *data, size_t data_len)
-{
-        tls_content_clear(content);
-
-        content->type = type;
-        content->data = data;
-        content->data_len = data_len;
-
-        CBS_init(&content->cbs, content->data, content->data_len);
-}
-
-int
-tls_content_set_bounds(struct tls_content *content, size_t offset, size_t len)
-{
-        size_t content_len;
-
-        content_len = offset + len;
-        if (content_len < len)
-                return 0;
-        if (content_len > content->data_len)
-                return 0;
-
-        CBS_init(&content->cbs, content->data, content_len);
-        return CBS_skip(&content->cbs, offset);
-}
-
-static ssize_t
-tls_content_read_internal(struct tls_content *content, uint8_t *buf, size_t n,
-    int peek)
-{
-        if (n > CBS_len(&content->cbs))
-                n = CBS_len(&content->cbs);
-
-        /* XXX - CBS_memcpy? CBS_copy_bytes? */
-        memcpy(buf, CBS_data(&content->cbs), n);
-
-        if (!peek) {
-                if (!CBS_skip(&content->cbs, n))
-                        return -1;
-        }
-
-        return n;
-}
-
-ssize_t
-tls_content_peek(struct tls_content *content, uint8_t *buf, size_t n)
-{
-        return tls_content_read_internal(content, buf, n, 1);
-}
-
-ssize_t
-tls_content_read(struct tls_content *content, uint8_t *buf, size_t n)
-{
-        return tls_content_read_internal(content, buf, n, 0);
-}
diff --git a/src/lib/libssl/tls_content.h b/src/lib/libssl/tls_content.h
deleted file mode 100644
index b807248f60..0000000000
--- a/src/lib/libssl/tls_content.h
+++ /dev/null
@@ -1,50 +0,0 @@
-/* $OpenBSD: tls_content.h,v 1.2 2022/11/11 17:15:27 jsing Exp $ */
-/*
- * Copyright (c) 2020 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_TLS_CONTENT_H
-#define HEADER_TLS_CONTENT_H
-
-#include "bytestring.h"
-
-__BEGIN_HIDDEN_DECLS
-
-struct tls_content;
-
-struct tls_content *tls_content_new(void);
-void tls_content_clear(struct tls_content *content);
-void tls_content_free(struct tls_content *content);
-
-CBS *tls_content_cbs(struct tls_content *content);
-int tls_content_equal(struct tls_content *content, const uint8_t *buf, size_t n);
-size_t tls_content_remaining(struct tls_content *content);
-uint8_t tls_content_type(struct tls_content *content);
-uint16_t tls_content_epoch(struct tls_content *content);
-
-int tls_content_dup_data(struct tls_content *content, uint8_t type,
-    const uint8_t *data, size_t data_len);
-void tls_content_set_data(struct tls_content *content, uint8_t type,
-    const uint8_t *data, size_t data_len);
-int tls_content_set_bounds(struct tls_content *content, size_t offset,
-    size_t len);
-void tls_content_set_epoch(struct tls_content *content, uint16_t epoch);
-
-ssize_t tls_content_peek(struct tls_content *content, uint8_t *buf, size_t n);
-ssize_t tls_content_read(struct tls_content *content, uint8_t *buf, size_t n);
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h
deleted file mode 100644
index 84edde8474..0000000000
--- a/src/lib/libssl/tls_internal.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/* $OpenBSD: tls_internal.h,v 1.10 2022/11/10 18:06:37 jsing Exp $ */
-/*
- * Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef HEADER_TLS_INTERNAL_H
-#define HEADER_TLS_INTERNAL_H
-
-#include <openssl/dh.h>
-#include <openssl/evp.h>
-
-#include "bytestring.h"
-
-__BEGIN_HIDDEN_DECLS
-
-#define TLS_IO_SUCCESS                   1
-#define TLS_IO_EOF                       0
-#define TLS_IO_FAILURE                  -1
-#define TLS_IO_ALERT                    -2
-#define TLS_IO_WANT_POLLIN              -3
-#define TLS_IO_WANT_POLLOUT             -4
-#define TLS_IO_WANT_RETRY               -5 /* Retry the previous call immediately. */
-
-enum ssl_encryption_level_t;
-
-struct tls13_secret;
-
-/*
- * Callbacks.
- */
-typedef ssize_t (*tls_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
-typedef ssize_t (*tls_write_cb)(const void *_buf, size_t _buflen,
-    void *_cb_arg);
-typedef ssize_t (*tls_flush_cb)(void *_cb_arg);
-
-typedef ssize_t (*tls_handshake_read_cb)(void *_buf, size_t _buflen,
-    void *_cb_arg);
-typedef ssize_t (*tls_handshake_write_cb)(const void *_buf, size_t _buflen,
-    void *_cb_arg);
-typedef int (*tls_traffic_key_cb)(struct tls13_secret *key,
-    enum ssl_encryption_level_t level, void *_cb_arg);
-typedef int (*tls_alert_send_cb)(int _alert_desc, void *_cb_arg);
-
-/*
- * Buffers.
- */
-struct tls_buffer;
-
-struct tls_buffer *tls_buffer_new(size_t init_size);
-void tls_buffer_clear(struct tls_buffer *buf);
-void tls_buffer_free(struct tls_buffer *buf);
-void tls_buffer_set_capacity_limit(struct tls_buffer *buf, size_t limit);
-ssize_t tls_buffer_extend(struct tls_buffer *buf, size_t len,
-    tls_read_cb read_cb, void *cb_arg);
-size_t tls_buffer_remaining(struct tls_buffer *buf);
-ssize_t tls_buffer_read(struct tls_buffer *buf, uint8_t *rbuf, size_t n);
-ssize_t tls_buffer_write(struct tls_buffer *buf, const uint8_t *wbuf, size_t n);
-int tls_buffer_append(struct tls_buffer *buf, const uint8_t *wbuf, size_t n);
-int tls_buffer_data(struct tls_buffer *buf, CBS *cbs);
-int tls_buffer_finish(struct tls_buffer *buf, uint8_t **out, size_t *out_len);
-
-/*
- * Key shares.
- */
-struct tls_key_share;
-
-struct tls_key_share *tls_key_share_new(uint16_t group_id);
-struct tls_key_share *tls_key_share_new_nid(int nid);
-void tls_key_share_free(struct tls_key_share *ks);
-
-uint16_t tls_key_share_group(struct tls_key_share *ks);
-int tls_key_share_nid(struct tls_key_share *ks);
-void tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits);
-int tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params);
-int tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey);
-int tls_key_share_generate(struct tls_key_share *ks);
-int tls_key_share_params(struct tls_key_share *ks, CBB *cbb);
-int tls_key_share_public(struct tls_key_share *ks, CBB *cbb);
-int tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_params);
-int tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_key);
-int tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
-    size_t *shared_key_len);
-int tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks);
-
-__END_HIDDEN_DECLS
-
-#endif
diff --git a/src/lib/libssl/tls_key_share.c b/src/lib/libssl/tls_key_share.c
deleted file mode 100644
index cf7b1da262..0000000000
--- a/src/lib/libssl/tls_key_share.c
+++ /dev/null
@@ -1,484 +0,0 @@
-/* $OpenBSD: tls_key_share.c,v 1.8 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2020, 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <stdlib.h>
-
-#include <openssl/curve25519.h>
-#include <openssl/dh.h>
-#include <openssl/ec.h>
-#include <openssl/evp.h>
-
-#include "bytestring.h"
-#include "ssl_local.h"
-#include "tls_internal.h"
-
-struct tls_key_share {
-        int nid;
-        uint16_t group_id;
-        size_t key_bits;
-
-        DH *dhe;
-        DH *dhe_peer;
-
-        EC_KEY *ecdhe;
-        EC_KEY *ecdhe_peer;
-
-        uint8_t *x25519_public;
-        uint8_t *x25519_private;
-        uint8_t *x25519_peer_public;
-};
-
-static struct tls_key_share *
-tls_key_share_new_internal(int nid, uint16_t group_id)
-{
-        struct tls_key_share *ks;
-
-        if ((ks = calloc(1, sizeof(struct tls_key_share))) == NULL)
-                return NULL;
-
-        ks->group_id = group_id;
-        ks->nid = nid;
-
-        return ks;
-}
-
-struct tls_key_share *
-tls_key_share_new(uint16_t group_id)
-{
-        int nid;
-
-        if (!tls1_ec_group_id2nid(group_id, &nid))
-                return NULL;
-
-        return tls_key_share_new_internal(nid, group_id);
-}
-
-struct tls_key_share *
-tls_key_share_new_nid(int nid)
-{
-        uint16_t group_id = 0;
-
-        if (nid != NID_dhKeyAgreement) {
-                if (!tls1_ec_nid2group_id(nid, &group_id))
-                        return NULL;
-        }
-
-        return tls_key_share_new_internal(nid, group_id);
-}
-
-void
-tls_key_share_free(struct tls_key_share *ks)
-{
-        if (ks == NULL)
-                return;
-
-        DH_free(ks->dhe);
-        DH_free(ks->dhe_peer);
-
-        EC_KEY_free(ks->ecdhe);
-        EC_KEY_free(ks->ecdhe_peer);
-
-        freezero(ks->x25519_public, X25519_KEY_LENGTH);
-        freezero(ks->x25519_private, X25519_KEY_LENGTH);
-        freezero(ks->x25519_peer_public, X25519_KEY_LENGTH);
-
-        freezero(ks, sizeof(*ks));
-}
-
-uint16_t
-tls_key_share_group(struct tls_key_share *ks)
-{
-        return ks->group_id;
-}
-
-int
-tls_key_share_nid(struct tls_key_share *ks)
-{
-        return ks->nid;
-}
-
-void
-tls_key_share_set_key_bits(struct tls_key_share *ks, size_t key_bits)
-{
-        ks->key_bits = key_bits;
-}
-
-int
-tls_key_share_set_dh_params(struct tls_key_share *ks, DH *dh_params)
-{
-        if (ks->nid != NID_dhKeyAgreement)
-                return 0;
-        if (ks->dhe != NULL || ks->dhe_peer != NULL)
-                return 0;
-
-        if ((ks->dhe = DHparams_dup(dh_params)) == NULL)
-                return 0;
-        if ((ks->dhe_peer = DHparams_dup(dh_params)) == NULL)
-                return 0;
-
-        return 1;
-}
-
-int
-tls_key_share_peer_pkey(struct tls_key_share *ks, EVP_PKEY *pkey)
-{
-        if (ks->nid == NID_dhKeyAgreement && ks->dhe_peer != NULL)
-                return EVP_PKEY_set1_DH(pkey, ks->dhe_peer);
-
-        if (ks->nid == NID_X25519 && ks->x25519_peer_public != NULL)
-                return ssl_kex_dummy_ecdhe_x25519(pkey);
-
-        if (ks->ecdhe_peer != NULL)
-                return EVP_PKEY_set1_EC_KEY(pkey, ks->ecdhe_peer);
-
-        return 0;
-}
-
-static int
-tls_key_share_generate_dhe(struct tls_key_share *ks)
-{
-        /*
-         * If auto params are not being used then we must already have DH
-         * parameters set.
-         */
-        if (ks->key_bits == 0) {
-                if (ks->dhe == NULL)
-                        return 0;
-
-                return ssl_kex_generate_dhe(ks->dhe, ks->dhe);
-        }
-
-        if (ks->dhe != NULL || ks->dhe_peer != NULL)
-                return 0;
-
-        if ((ks->dhe = DH_new()) == NULL)
-                return 0;
-        if (!ssl_kex_generate_dhe_params_auto(ks->dhe, ks->key_bits))
-                return 0;
-        if ((ks->dhe_peer = DHparams_dup(ks->dhe)) == NULL)
-                return 0;
-
-        return 1;
-}
-
-static int
-tls_key_share_generate_ecdhe_ecp(struct tls_key_share *ks)
-{
-        EC_KEY *ecdhe = NULL;
-        int ret = 0;
-
-        if (ks->ecdhe != NULL)
-                goto err;
-
-        if ((ecdhe = EC_KEY_new()) == NULL)
-                goto err;
-        if (!ssl_kex_generate_ecdhe_ecp(ecdhe, ks->nid))
-                goto err;
-
-        ks->ecdhe = ecdhe;
-        ecdhe = NULL;
-
-        ret = 1;
-
- err:
-        EC_KEY_free(ecdhe);
-
-        return ret;
-}
-
-static int
-tls_key_share_generate_x25519(struct tls_key_share *ks)
-{
-        uint8_t *public = NULL, *private = NULL;
-        int ret = 0;
-
-        if (ks->x25519_public != NULL || ks->x25519_private != NULL)
-                goto err;
-
-        if ((public = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if ((private = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-
-        X25519_keypair(public, private);
-
-        ks->x25519_public = public;
-        ks->x25519_private = private;
-        public = NULL;
-        private = NULL;
-
-        ret = 1;
-
- err:
-        freezero(public, X25519_KEY_LENGTH);
-        freezero(private, X25519_KEY_LENGTH);
-
-        return ret;
-}
-
-int
-tls_key_share_generate(struct tls_key_share *ks)
-{
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_generate_dhe(ks);
-
-        if (ks->nid == NID_X25519)
-                return tls_key_share_generate_x25519(ks);
-
-        return tls_key_share_generate_ecdhe_ecp(ks);
-}
-
-static int
-tls_key_share_params_dhe(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->dhe == NULL)
-                return 0;
-
-        return ssl_kex_params_dhe(ks->dhe, cbb);
-}
-
-int
-tls_key_share_params(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_params_dhe(ks, cbb);
-
-        return 0;
-}
-
-static int
-tls_key_share_public_dhe(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->dhe == NULL)
-                return 0;
-
-        return ssl_kex_public_dhe(ks->dhe, cbb);
-}
-
-static int
-tls_key_share_public_ecdhe_ecp(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->ecdhe == NULL)
-                return 0;
-
-        return ssl_kex_public_ecdhe_ecp(ks->ecdhe, cbb);
-}
-
-static int
-tls_key_share_public_x25519(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->x25519_public == NULL)
-                return 0;
-
-        return CBB_add_bytes(cbb, ks->x25519_public, X25519_KEY_LENGTH);
-}
-
-int
-tls_key_share_public(struct tls_key_share *ks, CBB *cbb)
-{
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_public_dhe(ks, cbb);
-
-        if (ks->nid == NID_X25519)
-                return tls_key_share_public_x25519(ks, cbb);
-
-        return tls_key_share_public_ecdhe_ecp(ks, cbb);
-}
-
-static int
-tls_key_share_peer_params_dhe(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_params)
-{
-        if (ks->dhe != NULL || ks->dhe_peer != NULL)
-                return 0;
-
-        if ((ks->dhe_peer = DH_new()) == NULL)
-                return 0;
-        if (!ssl_kex_peer_params_dhe(ks->dhe_peer, cbs, decode_error,
-            invalid_params))
-                return 0;
-        if ((ks->dhe = DHparams_dup(ks->dhe_peer)) == NULL)
-                return 0;
-
-        return 1;
-}
-
-int
-tls_key_share_peer_params(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_params)
-{
-        if (ks->nid != NID_dhKeyAgreement)
-                return 0;
-
-        return tls_key_share_peer_params_dhe(ks, cbs, decode_error,
-             invalid_params);
-}
-
-static int
-tls_key_share_peer_public_dhe(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error, int *invalid_key)
-{
-        if (ks->dhe_peer == NULL)
-                return 0;
-
-        return ssl_kex_peer_public_dhe(ks->dhe_peer, cbs, decode_error,
-            invalid_key);
-}
-
-static int
-tls_key_share_peer_public_ecdhe_ecp(struct tls_key_share *ks, CBS *cbs)
-{
-        EC_KEY *ecdhe = NULL;
-        int ret = 0;
-
-        if (ks->ecdhe_peer != NULL)
-                goto err;
-
-        if ((ecdhe = EC_KEY_new()) == NULL)
-                goto err;
-        if (!ssl_kex_peer_public_ecdhe_ecp(ecdhe, ks->nid, cbs))
-                goto err;
-
-        ks->ecdhe_peer = ecdhe;
-        ecdhe = NULL;
-
-        ret = 1;
-
- err:
-        EC_KEY_free(ecdhe);
-
-        return ret;
-}
-
-static int
-tls_key_share_peer_public_x25519(struct tls_key_share *ks, CBS *cbs,
-    int *decode_error)
-{
-        size_t out_len;
-
-        *decode_error = 0;
-
-        if (ks->x25519_peer_public != NULL)
-                return 0;
-
-        if (CBS_len(cbs) != X25519_KEY_LENGTH) {
-                *decode_error = 1;
-                return 0;
-        }
-
-        return CBS_stow(cbs, &ks->x25519_peer_public, &out_len);
-}
-
-int
-tls_key_share_peer_public(struct tls_key_share *ks, CBS *cbs, int *decode_error,
-    int *invalid_key)
-{
-        *decode_error = 0;
-
-        if (invalid_key != NULL)
-                *invalid_key = 0;
-
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_peer_public_dhe(ks, cbs, decode_error,
-                    invalid_key);
-
-        if (ks->nid == NID_X25519)
-                return tls_key_share_peer_public_x25519(ks, cbs, decode_error);
-
-        return tls_key_share_peer_public_ecdhe_ecp(ks, cbs);
-}
-
-static int
-tls_key_share_derive_dhe(struct tls_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        if (ks->dhe == NULL || ks->dhe_peer == NULL)
-                return 0;
-
-        return ssl_kex_derive_dhe(ks->dhe, ks->dhe_peer, shared_key,
-            shared_key_len);
-}
-
-static int
-tls_key_share_derive_ecdhe_ecp(struct tls_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        if (ks->ecdhe == NULL || ks->ecdhe_peer == NULL)
-                return 0;
-
-        return ssl_kex_derive_ecdhe_ecp(ks->ecdhe, ks->ecdhe_peer,
-            shared_key, shared_key_len);
-}
-
-static int
-tls_key_share_derive_x25519(struct tls_key_share *ks,
-    uint8_t **shared_key, size_t *shared_key_len)
-{
-        uint8_t *sk = NULL;
-        int ret = 0;
-
-        if (ks->x25519_private == NULL || ks->x25519_peer_public == NULL)
-                goto err;
-
-        if ((sk = calloc(1, X25519_KEY_LENGTH)) == NULL)
-                goto err;
-        if (!X25519(sk, ks->x25519_private, ks->x25519_peer_public))
-                goto err;
-
-        *shared_key = sk;
-        *shared_key_len = X25519_KEY_LENGTH;
-        sk = NULL;
-
-        ret = 1;
-
- err:
-        freezero(sk, X25519_KEY_LENGTH);
-
-        return ret;
-}
-
-int
-tls_key_share_derive(struct tls_key_share *ks, uint8_t **shared_key,
-    size_t *shared_key_len)
-{
-        if (*shared_key != NULL)
-                return 0;
-
-        *shared_key_len = 0;
-
-        if (ks->nid == NID_dhKeyAgreement)
-                return tls_key_share_derive_dhe(ks, shared_key,
-                    shared_key_len);
-
-        if (ks->nid == NID_X25519)
-                return tls_key_share_derive_x25519(ks, shared_key,
-                    shared_key_len);
-
-        return tls_key_share_derive_ecdhe_ecp(ks, shared_key,
-            shared_key_len);
-}
-
-int
-tls_key_share_peer_security(const SSL *ssl, struct tls_key_share *ks)
-{
-        switch (ks->nid) {
-        case NID_dhKeyAgreement:
-                return ssl_security_dh(ssl, ks->dhe_peer);
-        default:
-                return 0;
-        }
-}
diff --git a/src/lib/libssl/tls_lib.c b/src/lib/libssl/tls_lib.c
deleted file mode 100644
index db734c34e4..0000000000
--- a/src/lib/libssl/tls_lib.c
+++ /dev/null
@@ -1,68 +0,0 @@
-/* $OpenBSD: tls_lib.c,v 1.3 2022/11/26 16:08:56 tb Exp $ */
-/*
- * Copyright (c) 2019, 2021 Joel Sing <jsing@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "ssl_local.h"
-
-int
-tls_process_peer_certs(SSL *s, STACK_OF(X509) *peer_certs)
-{
-        STACK_OF(X509) *peer_certs_no_leaf;
-        X509 *peer_cert = NULL;
-        EVP_PKEY *pkey;
-        int cert_type;
-        int ret = 0;
-
-        if (sk_X509_num(peer_certs) < 1)
-                goto err;
-        peer_cert = sk_X509_value(peer_certs, 0);
-        X509_up_ref(peer_cert);
-
-        if ((pkey = X509_get0_pubkey(peer_cert)) == NULL) {
-                SSLerror(s, SSL_R_NO_PUBLICKEY);
-                goto err;
-        }
-        if (EVP_PKEY_missing_parameters(pkey)) {
-                SSLerror(s, SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS);
-                goto err;
-        }
-        if ((cert_type = ssl_cert_type(pkey)) < 0) {
-                SSLerror(s, SSL_R_UNKNOWN_CERTIFICATE_TYPE);
-                goto err;
-        }
-
-        s->session->peer_cert_type = cert_type;
-
-        X509_free(s->session->peer_cert);
-        s->session->peer_cert = peer_cert;
-        peer_cert = NULL;
-
-        sk_X509_pop_free(s->s3->hs.peer_certs, X509_free);
-        if ((s->s3->hs.peer_certs = X509_chain_up_ref(peer_certs)) == NULL)
-                goto err;
-
-        if ((peer_certs_no_leaf = X509_chain_up_ref(peer_certs)) == NULL)
-                goto err;
-        X509_free(sk_X509_shift(peer_certs_no_leaf));
-        sk_X509_pop_free(s->s3->hs.peer_certs_no_leaf, X509_free);
-        s->s3->hs.peer_certs_no_leaf = peer_certs_no_leaf;
-
-        ret = 1;
- err:
-        X509_free(peer_cert);
-
-        return ret;
-}