5 files changed, 0 insertions, 892 deletions
diff --git a/src/lib/libcrypto/hmac/hm_ameth.c b/src/lib/libcrypto/hmac/hm_ameth.c
deleted file mode 100644
index 8bb1dc786f..0000000000
--- a/src/lib/libcrypto/hmac/hm_ameth.c
+++ /dev/null
@@ -1,171 +0,0 @@
-/* $OpenBSD: hm_ameth.c,v 1.20 2024/01/04 17:01:26 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <limits.h>
-#include <stdio.h>
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include "asn1_local.h"
-#include "bytestring.h"
-#include "evp_local.h"
-#include "hmac_local.h"
-static int
-hmac_pkey_public_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
-{
-        /* The ameth pub_cmp must return 1 on match, 0 on mismatch. */
-        return ASN1_OCTET_STRING_cmp(a->pkey.ptr, b->pkey.ptr) == 0;
-}
-static int
-hmac_size(const EVP_PKEY *pkey)
-{
-        return EVP_MAX_MD_SIZE;
-}
-static void
-hmac_key_free(EVP_PKEY *pkey)
-{
-        ASN1_OCTET_STRING *os;
-        if ((os = pkey->pkey.ptr) == NULL)
-                return;
-        if (os->data != NULL)
-                explicit_bzero(os->data, os->length);
-        ASN1_OCTET_STRING_free(os);
-}
-static int
-hmac_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
-{
-        switch (op) {
-        case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
-                *(int *)arg2 = NID_sha1;
-                return 1;
-        default:
-                return -2;
-        }
-}
-static int
-hmac_set_priv_key(EVP_PKEY *pkey, const unsigned char *priv, size_t len)
-{
-        ASN1_OCTET_STRING *os = NULL;
-        if (pkey->pkey.ptr != NULL)
-                goto err;
-        if (len > INT_MAX)
-                goto err;
-        if ((os = ASN1_OCTET_STRING_new()) == NULL)
-                goto err;
-        if (!ASN1_OCTET_STRING_set(os, priv, len))
-                goto err;
-        pkey->pkey.ptr = os;
-        return 1;
- err:
-        ASN1_OCTET_STRING_free(os);
-        return 0;
-}
-static int
-hmac_get_priv_key(const EVP_PKEY *pkey, unsigned char *priv, size_t *len)
-{
-        ASN1_OCTET_STRING *os;
-        CBS cbs;
-        if ((os = pkey->pkey.ptr) == NULL)
-                return 0;
-        if (priv == NULL) {
-                *len = os->length;
-                return 1;
-        }
-        CBS_init(&cbs, os->data, os->length);
-        return CBS_write_bytes(&cbs, priv, *len, len);
-}
-const EVP_PKEY_ASN1_METHOD hmac_asn1_meth = {
-        .base_method = &hmac_asn1_meth,
-        .pkey_id = EVP_PKEY_HMAC,
-        .pem_str = "HMAC",
-        .info = "OpenSSL HMAC method",
-        .pub_cmp = hmac_pkey_public_cmp,
-        .pkey_size = hmac_size,
-        .pkey_free = hmac_key_free,
-        .pkey_ctrl = hmac_pkey_ctrl,
-        .set_priv_key = hmac_set_priv_key,
-        .get_priv_key = hmac_get_priv_key,
-};
diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c
deleted file mode 100644
index 05eb1bf85d..0000000000
--- a/src/lib/libcrypto/hmac/hm_pmeth.c
+++ /dev/null
@@ -1,261 +0,0 @@
-/* $OpenBSD: hm_pmeth.c,v 1.17 2023/12/28 22:00:56 tb Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2007.
- */
-/* ====================================================================
- * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/evp.h>
-#include <openssl/hmac.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "evp_local.h"
-#include "hmac_local.h"
-/* HMAC pkey context structure */
-typedef struct {
-        const EVP_MD *md;       /* MD for HMAC use */
-        ASN1_OCTET_STRING ktmp; /* Temp storage for key */
-        HMAC_CTX ctx;
-} HMAC_PKEY_CTX;
-static int
-pkey_hmac_init(EVP_PKEY_CTX *ctx)
-{
-        HMAC_PKEY_CTX *hctx;
-        if ((hctx = calloc(1, sizeof(HMAC_PKEY_CTX))) == NULL)
-                return 0;
-        hctx->ktmp.type = V_ASN1_OCTET_STRING;
-        HMAC_CTX_init(&hctx->ctx);
-        ctx->data = hctx;
-        ctx->keygen_info_count = 0;
-        return 1;
-}
-static int
-pkey_hmac_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
-{
-        HMAC_PKEY_CTX *sctx, *dctx;
-        if (!pkey_hmac_init(dst))
-                return 0;
-        sctx = src->data;
-        dctx = dst->data;
-        dctx->md = sctx->md;
-        HMAC_CTX_init(&dctx->ctx);
-        if (!HMAC_CTX_copy(&dctx->ctx, &sctx->ctx))
-                return 0;
-        if (sctx->ktmp.data) {
-                if (!ASN1_OCTET_STRING_set(&dctx->ktmp, sctx->ktmp.data,
-                    sctx->ktmp.length))
-                        return 0;
-        }
-        return 1;
-}
-static void
-pkey_hmac_cleanup(EVP_PKEY_CTX *ctx)
-{
-        HMAC_PKEY_CTX *hctx;
-        if ((hctx = ctx->data) == NULL)
-                return;
-        HMAC_CTX_cleanup(&hctx->ctx);
-        freezero(hctx->ktmp.data, hctx->ktmp.length);
-        free(hctx);
-}
-static int
-pkey_hmac_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
-{
-        ASN1_OCTET_STRING *hkey = NULL;
-        HMAC_PKEY_CTX *hctx = ctx->data;
-        int ret = 0;
-        if (hctx->ktmp.data == NULL)
-                goto err;
-        if ((hkey = ASN1_OCTET_STRING_dup(&hctx->ktmp)) == NULL)
-                goto err;
-        if (!EVP_PKEY_assign(pkey, EVP_PKEY_HMAC, hkey))
-                goto err;
-        hkey = NULL;
-        ret = 1;
- err:
-        ASN1_OCTET_STRING_free(hkey);
-        return ret;
-}
-static int
-int_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-        HMAC_PKEY_CTX *hctx = ctx->pctx->data;
-        if (!HMAC_Update(&hctx->ctx, data, count))
-                return 0;
-        return 1;
-}
-static int
-hmac_signctx_init(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx)
-{
-        HMAC_PKEY_CTX *hctx = ctx->data;
-        HMAC_CTX_set_flags(&hctx->ctx, mctx->flags & ~EVP_MD_CTX_FLAG_NO_INIT);
-        EVP_MD_CTX_set_flags(mctx, EVP_MD_CTX_FLAG_NO_INIT);
-        mctx->update = int_update;
-        return 1;
-}
-static int
-hmac_signctx(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
-    EVP_MD_CTX *mctx)
-{
-        unsigned int hlen;
-        HMAC_PKEY_CTX *hctx = ctx->data;
-        int l = EVP_MD_CTX_size(mctx);
-        if (l < 0)
-                return 0;
-        *siglen = l;
-        if (!sig)
-                return 1;
-        if (!HMAC_Final(&hctx->ctx, sig, &hlen))
-                return 0;
-        *siglen = (size_t)hlen;
-        return 1;
-}
-static int
-pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
-{
-        HMAC_PKEY_CTX *hctx = ctx->data;
-        ASN1_OCTET_STRING *key;
-        switch (type) {
-        case EVP_PKEY_CTRL_SET_MAC_KEY:
-                if ((!p2 && p1 > 0) || (p1 < -1))
-                        return 0;
-                if (!ASN1_OCTET_STRING_set(&hctx->ktmp, p2, p1))
-                        return 0;
-                break;
-        case EVP_PKEY_CTRL_MD:
-                hctx->md = p2;
-                break;
-        case EVP_PKEY_CTRL_DIGESTINIT:
-                key = ctx->pkey->pkey.ptr;
-                if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
-                    NULL))
-                        return 0;
-                break;
-        default:
-                return -2;
-        }
-        return 1;
-}
-static int
-pkey_hmac_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
-{
-        if (!value)
-                return 0;
-        if (!strcmp(type, "key")) {
-                void *p = (void *)value;
-                return pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, -1, p);
-        }
-        if (!strcmp(type, "hexkey")) {
-                unsigned char *key;
-                int r;
-                long keylen;
-                key = string_to_hex(value, &keylen);
-                if (!key)
-                        return 0;
-                r = pkey_hmac_ctrl(ctx, EVP_PKEY_CTRL_SET_MAC_KEY, keylen, key);
-                free(key);
-                return r;
-        }
-        return -2;
-}
-const EVP_PKEY_METHOD hmac_pkey_meth = {
-        .pkey_id = EVP_PKEY_HMAC,
-        .init = pkey_hmac_init,
-        .copy = pkey_hmac_copy,
-        .cleanup = pkey_hmac_cleanup,
-        .keygen = pkey_hmac_keygen,
-        .signctx_init = hmac_signctx_init,
-        .signctx = hmac_signctx,
-        .ctrl = pkey_hmac_ctrl,
-        .ctrl_str = pkey_hmac_ctrl_str
-};
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c
deleted file mode 100644
index dc1614d3ce..0000000000
--- a/src/lib/libcrypto/hmac/hmac.c
+++ /dev/null
@@ -1,276 +0,0 @@
-/* $OpenBSD: hmac.c,v 1.36 2024/08/31 10:42:21 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/hmac.h>
-#include "evp_local.h"
-#include "hmac_local.h"
-int
-HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
-    ENGINE *impl)
-{
-        int i, j, reset = 0;
-        unsigned char pad[HMAC_MAX_MD_CBLOCK];
-        /* If we are changing MD then we must have a key */
-        if (md != NULL && md != ctx->md && (key == NULL || len < 0))
-                return 0;
-        if (md != NULL) {
-                reset = 1;
-                ctx->md = md;
-        } else if (ctx->md != NULL)
-                md = ctx->md;
-        else
-                return 0;
-        if (key != NULL) {
-                reset = 1;
-                j = EVP_MD_block_size(md);
-                if ((size_t)j > sizeof(ctx->key)) {
-                        EVPerror(EVP_R_BAD_BLOCK_LENGTH);
-                        goto err;
-                }
-                if (j < len) {
-                        if (!EVP_DigestInit_ex(&ctx->md_ctx, md, impl))
-                                goto err;
-                        if (!EVP_DigestUpdate(&ctx->md_ctx, key, len))
-                                goto err;
-                        if (!EVP_DigestFinal_ex(&(ctx->md_ctx), ctx->key,
-                            &ctx->key_length))
-                                goto err;
-                } else {
-                        if (len < 0 || (size_t)len > sizeof(ctx->key)) {
-                                EVPerror(EVP_R_BAD_KEY_LENGTH);
-                                goto err;
-                        }
-                        memcpy(ctx->key, key, len);
-                        ctx->key_length = len;
-                }
-                if (ctx->key_length != HMAC_MAX_MD_CBLOCK)
-                        memset(&ctx->key[ctx->key_length], 0,
-                            HMAC_MAX_MD_CBLOCK - ctx->key_length);
-        }
-        if (reset) {
-                for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
-                        pad[i] = 0x36 ^ ctx->key[i];
-                if (!EVP_DigestInit_ex(&ctx->i_ctx, md, impl))
-                        goto err;
-                if (!EVP_DigestUpdate(&ctx->i_ctx, pad, EVP_MD_block_size(md)))
-                        goto err;
-                for (i = 0; i < HMAC_MAX_MD_CBLOCK; i++)
-                        pad[i] = 0x5c ^ ctx->key[i];
-                if (!EVP_DigestInit_ex(&ctx->o_ctx, md, impl))
-                        goto err;
-                if (!EVP_DigestUpdate(&ctx->o_ctx, pad, EVP_MD_block_size(md)))
-                        goto err;
-        }
-        if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->i_ctx))
-                goto err;
-        return 1;
-err:
-        return 0;
-}
-LCRYPTO_ALIAS(HMAC_Init_ex);
-int
-HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
-{
-        if (ctx->md == NULL)
-                return 0;
-        return EVP_DigestUpdate(&ctx->md_ctx, data, len);
-}
-LCRYPTO_ALIAS(HMAC_Update);
-int
-HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len)
-{
-        unsigned int i;
-        unsigned char buf[EVP_MAX_MD_SIZE];
-        if (ctx->md == NULL)
-                goto err;
-        if (!EVP_DigestFinal_ex(&ctx->md_ctx, buf, &i))
-                goto err;
-        if (!EVP_MD_CTX_copy_ex(&ctx->md_ctx, &ctx->o_ctx))
-                goto err;
-        if (!EVP_DigestUpdate(&ctx->md_ctx, buf, i))
-                goto err;
-        if (!EVP_DigestFinal_ex(&ctx->md_ctx, md, len))
-                goto err;
-        return 1;
-err:
-        return 0;
-}
-LCRYPTO_ALIAS(HMAC_Final);
-HMAC_CTX *
-HMAC_CTX_new(void)
-{
-        return calloc(1, sizeof(HMAC_CTX));
-}
-LCRYPTO_ALIAS(HMAC_CTX_new);
-void
-HMAC_CTX_free(HMAC_CTX *ctx)
-{
-        if (ctx == NULL)
-                return;
-        HMAC_CTX_cleanup(ctx);
-        free(ctx);
-}
-LCRYPTO_ALIAS(HMAC_CTX_free);
-int
-HMAC_CTX_reset(HMAC_CTX *ctx)
-{
-        HMAC_CTX_cleanup(ctx);
-        HMAC_CTX_init(ctx);
-        return 1;
-}
-LCRYPTO_ALIAS(HMAC_CTX_reset);
-void
-HMAC_CTX_init(HMAC_CTX *ctx)
-{
-        EVP_MD_CTX_legacy_clear(&ctx->i_ctx);
-        EVP_MD_CTX_legacy_clear(&ctx->o_ctx);
-        EVP_MD_CTX_legacy_clear(&ctx->md_ctx);
-        ctx->md = NULL;
-}
-int
-HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx)
-{
-        if (!EVP_MD_CTX_copy(&dctx->i_ctx, &sctx->i_ctx))
-                goto err;
-        if (!EVP_MD_CTX_copy(&dctx->o_ctx, &sctx->o_ctx))
-                goto err;
-        if (!EVP_MD_CTX_copy(&dctx->md_ctx, &sctx->md_ctx))
-                goto err;
-        memcpy(dctx->key, sctx->key, HMAC_MAX_MD_CBLOCK);
-        dctx->key_length = sctx->key_length;
-        dctx->md = sctx->md;
-        return 1;
-err:
-        return 0;
-}
-LCRYPTO_ALIAS(HMAC_CTX_copy);
-void
-HMAC_CTX_cleanup(HMAC_CTX *ctx)
-{
-        EVP_MD_CTX_cleanup(&ctx->i_ctx);
-        EVP_MD_CTX_cleanup(&ctx->o_ctx);
-        EVP_MD_CTX_cleanup(&ctx->md_ctx);
-        explicit_bzero(ctx, sizeof(*ctx));
-}
-void
-HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags)
-{
-        EVP_MD_CTX_set_flags(&ctx->i_ctx, flags);
-        EVP_MD_CTX_set_flags(&ctx->o_ctx, flags);
-        EVP_MD_CTX_set_flags(&ctx->md_ctx, flags);
-}
-LCRYPTO_ALIAS(HMAC_CTX_set_flags);
-const EVP_MD *
-HMAC_CTX_get_md(const HMAC_CTX *ctx)
-{
-        return ctx->md;
-}
-LCRYPTO_ALIAS(HMAC_CTX_get_md);
-unsigned char *
-HMAC(const EVP_MD *evp_md, const void *key, int key_len, const unsigned char *d,
-    size_t n, unsigned char *md, unsigned int *md_len)
-{
-        HMAC_CTX c;
-        const unsigned char dummy_key[1] = { 0 };
-        if (key == NULL) {
-                key = dummy_key;
-                key_len = 0;
-        }
-        HMAC_CTX_init(&c);
-        if (!HMAC_Init_ex(&c, key, key_len, evp_md, NULL))
-                goto err;
-        if (!HMAC_Update(&c, d, n))
-                goto err;
-        if (!HMAC_Final(&c, md, md_len))
-                goto err;
-        HMAC_CTX_cleanup(&c);
-        return md;
-err:
-        HMAC_CTX_cleanup(&c);
-        return NULL;
-}
-LCRYPTO_ALIAS(HMAC);
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h
deleted file mode 100644
index 2216fd9258..0000000000
--- a/src/lib/libcrypto/hmac/hmac.h
+++ /dev/null
@@ -1,101 +0,0 @@
-/* $OpenBSD: hmac.h,v 1.21 2025/01/25 17:59:44 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_H
-#define HEADER_HMAC_H
-#include <openssl/opensslconf.h>
-#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__OpenBSD__)
-#define __bounded__(x, y, z)
-#endif
-#include <openssl/evp.h>
-#define HMAC_MAX_MD_CBLOCK      144     /* largest known is SHA3-224 */
-#ifdef  __cplusplus
-extern "C" {
-#endif
-#define HMAC_size(e)    (EVP_MD_size(HMAC_CTX_get_md((e))))
-HMAC_CTX *HMAC_CTX_new(void);
-void HMAC_CTX_free(HMAC_CTX *ctx);
-int HMAC_CTX_reset(HMAC_CTX *ctx);
-int HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, const EVP_MD *md,
-    ENGINE *impl)
-    __attribute__ ((__bounded__(__buffer__, 2, 3)));
-int HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, size_t len)
-    __attribute__ ((__bounded__(__buffer__, 2, 3)));
-int HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len);
-unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len,
-    const unsigned char *d, size_t n, unsigned char *md, unsigned int *md_len)
-    __attribute__ ((__bounded__(__buffer__, 2, 3)))
-    __attribute__ ((__bounded__(__buffer__, 4, 5)))
-    __attribute__((__nonnull__ (6)));
-int HMAC_CTX_copy(HMAC_CTX *dctx, HMAC_CTX *sctx);
-void HMAC_CTX_set_flags(HMAC_CTX *ctx, unsigned long flags);
-const EVP_MD *HMAC_CTX_get_md(const HMAC_CTX *ctx);
-#ifdef  __cplusplus
-}
-#endif
-#endif
diff --git a/src/lib/libcrypto/hmac/hmac_local.h b/src/lib/libcrypto/hmac/hmac_local.h
deleted file mode 100644
index e06cd6a6c7..0000000000
--- a/src/lib/libcrypto/hmac/hmac_local.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/* $OpenBSD: hmac_local.h,v 1.4 2022/11/26 16:08:53 tb Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#ifndef HEADER_HMAC_LOCAL_H
-#define HEADER_HMAC_LOCAL_H
-#include <openssl/opensslconf.h>
-#include <openssl/evp.h>
-#include "evp_local.h"
-__BEGIN_HIDDEN_DECLS
-struct hmac_ctx_st {
-        const EVP_MD *md;
-        EVP_MD_CTX md_ctx;
-        EVP_MD_CTX i_ctx;
-        EVP_MD_CTX o_ctx;
-        unsigned int key_length;
-        unsigned char key[HMAC_MAX_MD_CBLOCK];
-} /* HMAC_CTX */;
-void HMAC_CTX_init(HMAC_CTX *ctx);
-void HMAC_CTX_cleanup(HMAC_CTX *ctx);
-__END_HIDDEN_DECLS
-#endif /* !HEADER_HMAC_LOCAL_H */