17 files changed, 604 insertions, 331 deletions
diff --git a/src/regress/lib/libssl/asn1/asn1test.c b/src/regress/lib/libssl/asn1/asn1test.c
index a81c502655..ad2301eace 100644
--- a/src/regress/lib/libssl/asn1/asn1test.c
+++ b/src/regress/lib/libssl/asn1/asn1test.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: asn1test.c,v 1.13 2024/07/22 14:50:45 jsing Exp $     */
+/*      $OpenBSD: asn1test.c,v 1.14 2025/10/24 11:45:08 tb Exp $        */
 /*
 * Copyright (c) 2014, 2016 Joel Sing <jsing@openbsd.org>
 *
@@ -371,7 +371,7 @@ session_cmp(SSL_SESSION *s1, SSL_SESSION *s2)
 static int
 do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
 {
-        SSL_SESSION *sp = NULL;
+        SSL_SESSION *sp = NULL, *sp_copy = NULL;
        unsigned char *ap, *asn1 = NULL;
        const unsigned char *pp;
        int i, len, rv = 1;
@@ -440,11 +440,31 @@ do_ssl_asn1_test(int test_no, struct ssl_asn1_test *sat)
                goto failed;
        }
+        if ((sp_copy = SSL_SESSION_dup(sp)) == NULL) {
+                fprintf(stderr, "FAIL: test %d - session dup failed\n", test_no);
+                goto failed;
+        }
+        if (session_cmp(sp, sp_copy) != 0) {
+                fprintf(stderr, "FAIL: test %d - sp and sp_dup differ\n", test_no);
+                goto failed;
+        }
+        /*
+         * session_cmp() checks that the certs compare as equal. Part of the
+         * documented API contract is that the certs are equal as pointers.
+         */
+        if (SSL_SESSION_get0_peer(sp) != SSL_SESSION_get0_peer(sp_copy)) {
+                fprintf(stderr, "FAIL: test %d - peer certs differ\n", test_no);
+                goto failed;
+        }
        rv = 0;
 failed:
        ERR_print_errors_fp(stderr);
        SSL_SESSION_free(sp);
+        SSL_SESSION_free(sp_copy);
        free(asn1);
        return (rv);
diff --git a/src/regress/lib/libssl/client/clienttest.c b/src/regress/lib/libssl/client/clienttest.c
index 7e96944fce..f9258105f8 100644
--- a/src/regress/lib/libssl/client/clienttest.c
+++ b/src/regress/lib/libssl/client/clienttest.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: clienttest.c,v 1.45 2024/08/31 12:47:24 jsing Exp $ */
+/*      $OpenBSD: clienttest.c,v 1.46 2025/12/04 21:16:17 beck Exp $ */
 /*
 * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
 *
@@ -36,8 +36,8 @@
 #define TLS13_RANDOM_OFFSET (TLS13_HM_OFFSET + 2)
 #define TLS13_SESSION_OFFSET (TLS13_HM_OFFSET + 34)
 #define TLS13_CIPHER_OFFSET (TLS13_HM_OFFSET + 69)
-#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 198)
+#define TLS13_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 200)
-#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 112)
+#define TLS13_ONLY_KEY_SHARE_OFFSET (TLS13_HM_OFFSET + 114)
 #define TLS1_3_VERSION_ONLY (TLS1_3_VERSION | 0x10000)
@@ -265,8 +265,8 @@ static const uint8_t cipher_list_tls13_chacha[] = {
 };
 static const uint8_t client_hello_tls13[] = {
-        0x16, 0x03, 0x03, 0x01, 0x10, 0x01, 0x00, 0x01,
+        0x16, 0x03, 0x03, 0x05, 0xd6, 0x01, 0x00, 0x05,
-        0x0c, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xd2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -286,20 +286,173 @@ static const uint8_t client_hello_tls13[] = {
        0x00, 0x45, 0x00, 0x9c, 0x00, 0x3c, 0x00, 0x2f,
        0x00, 0xba, 0x00, 0x41, 0xc0, 0x11, 0xc0, 0x07,
        0x00, 0x05, 0xc0, 0x12, 0xc0, 0x08, 0x00, 0x16,
-        0x00, 0x0a, 0x01, 0x00, 0x00, 0x67, 0x00, 0x2b,
+        0x00, 0x0a, 0x01, 0x00, 0x05, 0x2d, 0x00, 0x2b,
        0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03, 0x00,
-        0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x1d, 0x00,
+        0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x11, 0xec, 0x00,
-        0x17, 0x00, 0x18, 0x00, 0x19, 0x00, 0x33, 0x00,
+        0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
-        0x26, 0x00, 0x24, 0x00, 0x1d, 0x00, 0x20, 0x00,
+        0x33, 0x04, 0xea, 0x04, 0xe8, 0x11, 0xec, 0x04,
+        0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x0d, 0x00, 0x18, 0x00, 0x16, 0x08,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x03, 0x02, 0x01, 0x02, 0x03,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00,
+        0x02, 0x01, 0x00, 0x00, 0x23, 0x00, 0x00, 0x00,
+        0x0d, 0x00, 0x18, 0x00, 0x16, 0x08, 0x06, 0x06,
+        0x01, 0x06, 0x03, 0x08, 0x05, 0x05, 0x01, 0x05,
+        0x03, 0x08, 0x04, 0x04, 0x01, 0x04, 0x03, 0x02,
+        0x01, 0x02, 0x03,
 };
 static const uint8_t cipher_list_tls13_only_aes[] = {
@@ -311,8 +464,8 @@ static const uint8_t cipher_list_tls13_only_chacha[] = {
 };
 static const uint8_t client_hello_tls13_only[] = {
-        0x16, 0x03, 0x03, 0x00, 0xb6, 0x01, 0x00, 0x00,
+        0x16, 0x03, 0x03, 0x05, 0x7c, 0x01, 0x00, 0x05,
-        0xb2, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x78, 0x03, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -322,19 +475,172 @@ static const uint8_t client_hello_tls13_only[] = {
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x08, 0x13, 0x03,
        0x13, 0x02, 0x13, 0x01, 0x00, 0xff, 0x01, 0x00,
-        0x00, 0x61, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03,
+        0x05, 0x27, 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03,
-        0x04, 0x00, 0x0a, 0x00, 0x0a, 0x00, 0x08, 0x00,
+        0x04, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x11,
-        0x1d, 0x00, 0x17, 0x00, 0x18, 0x00, 0x19, 0x00,
+        0xec, 0x00, 0x1d, 0x00, 0x17, 0x00, 0x18, 0x00,
-        0x33, 0x00, 0x26, 0x00, 0x24, 0x00, 0x1d, 0x00,
+        0x19, 0x00, 0x33, 0x04, 0xea, 0x04, 0xe8, 0x11,
-        0x20, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0xec, 0x04, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x23, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x14, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x12, 0x08, 0x06, 0x06, 0x01, 0x06, 0x03, 0x08,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x05, 0x05, 0x01, 0x05, 0x03, 0x08, 0x04, 0x04,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x01, 0x04, 0x03,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00,
+        0x00, 0x00, 0x0d, 0x00, 0x14, 0x00, 0x12, 0x08,
+        0x06, 0x06, 0x01, 0x06, 0x03, 0x08, 0x05, 0x05,
+        0x01, 0x05, 0x03, 0x08, 0x04, 0x04, 0x01, 0x04,
+        0x03,
 };
 struct client_hello_test {
@@ -702,7 +1008,7 @@ client_hello_test(int testno, const struct client_hello_test *cht)
                        memset(&wbuf[cht->session_start + 1], 0, session_len);
        }
        if (cht->key_share_start > 0)
-                memset(&wbuf[cht->key_share_start], 0, 32);
+                memset(&wbuf[cht->key_share_start], 0, 1252);
        if (memcmp(client_hello, wbuf, client_hello_len) != 0) {
                fprintf(stderr, "FAIL: ClientHello differs:\n");
diff --git a/src/regress/lib/libssl/interop/Makefile b/src/regress/lib/libssl/interop/Makefile
index bdc67f627a..e1e9633d37 100644
--- a/src/regress/lib/libssl/interop/Makefile
+++ b/src/regress/lib/libssl/interop/Makefile
@@ -1,6 +1,6 @@
-# $OpenBSD: Makefile,v 1.21 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.23 2025/07/25 16:33:15 tb Exp $
-SUBDIR =        libressl openssl33 openssl34
+SUBDIR =        libressl openssl35
 # the above binaries must have been built before we can continue
 SUBDIR +=       netcat
diff --git a/src/regress/lib/libssl/interop/botan/Makefile b/src/regress/lib/libssl/interop/botan/Makefile
index 85877d4290..56bcdaf4bd 100644
--- a/src/regress/lib/libssl/interop/botan/Makefile
+++ b/src/regress/lib/libssl/interop/botan/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 .include <bsd.own.mk>
@@ -20,11 +20,8 @@ CXX = /usr/local/bin/eg++
 .endif
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
+.if exists(/usr/local/bin/eopenssl35)
-LIBRARIES +=            openssl33
+LIBRARIES +=            openssl35
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
 .endif
 PROGS =         client
diff --git a/src/regress/lib/libssl/interop/cert/Makefile b/src/regress/lib/libssl/interop/cert/Makefile
index 74c63c86a8..9698c56acd 100644
--- a/src/regress/lib/libssl/interop/cert/Makefile
+++ b/src/regress/lib/libssl/interop/cert/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.14 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.16 2025/07/25 16:33:15 tb Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 3.x.  Create client and server certificates
@@ -7,11 +7,8 @@
 # and check the result of certificate verification.
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
+.if exists(/usr/local/bin/eopenssl35)
-LIBRARIES +=            openssl33
+LIBRARIES +=            openssl35
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
 .endif
 .for cca in noca ca fakeca
diff --git a/src/regress/lib/libssl/interop/cipher/Makefile b/src/regress/lib/libssl/interop/cipher/Makefile
index fa7e25f9ee..5bdc9089fe 100644
--- a/src/regress/lib/libssl/interop/cipher/Makefile
+++ b/src/regress/lib/libssl/interop/cipher/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.17 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.19 2025/07/25 16:33:15 tb Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or 3.0.  Create lists of supported ciphers
@@ -7,11 +7,8 @@
 # have used correct cipher by grepping in their session print out.
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
+.if exists(/usr/local/bin/eopenssl35)
-LIBRARIES +=            openssl33
+LIBRARIES +=            openssl35
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
 .endif
 CLEANFILES =    *.tmp *.ciphers ciphers.mk
@@ -41,8 +38,7 @@ client-${clib}-server-${slib}.ciphers: \
        uniq -d <$@.tmp >$@
        # we are only interested in ciphers supported by libressl
        sort $@ client-libressl.ciphers >$@.tmp
-. if "${clib}" == "openssl33" || "${slib}" == "openssl33" || \
+. if "${clib}" == "openssl35" || "${slib}" == "openssl35"
-        "${clib}" == "openssl34" || "${slib}" == "openssl34"
        # OpenSSL's SSL_CTX_set_cipher_list doesn't accept TLSv1.3 ciphers
        sed -i '/^TLS_/d' $@.tmp
 . endif
@@ -70,8 +66,7 @@ regress: ciphers.mk
 .endif
 LEVEL_libressl =
-LEVEL_openssl33 = ,@SECLEVEL=0
+LEVEL_openssl35 = ,@SECLEVEL=0
-LEVEL_openssl34 = ,@SECLEVEL=0
 .for clib in ${LIBRARIES}
 .for slib in ${LIBRARIES}
@@ -132,7 +127,7 @@ check-cipher-${cipher}-client-${clib}-server-${slib}: \
 . endif
 . if "${clib}" == "libressl"
        # libressl client may prefer chacha-poly if aes-ni is not supported
-.  if "${slib}" == "openssl33" || "${slib}" == "openssl34"
+.  if "${slib}" == "openssl35"
        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
 .  else
        egrep -q ' Cipher *: TLS_(AES_256_GCM_SHA384|CHACHA20_POLY1305_SHA256)$$' ${@:S/^check/server/}.out
diff --git a/src/regress/lib/libssl/interop/netcat/Makefile b/src/regress/lib/libssl/interop/netcat/Makefile
index 3b8e3f95be..cff6b7ea76 100644
--- a/src/regress/lib/libssl/interop/netcat/Makefile
+++ b/src/regress/lib/libssl/interop/netcat/Makefile
@@ -1,11 +1,8 @@
-# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
+.if exists(/usr/local/bin/eopenssl35)
-LIBRARIES +=            openssl33
+LIBRARIES +=            openssl35
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
 .endif
 # run netcat server and connect with test client
diff --git a/src/regress/lib/libssl/interop/openssl33/Makefile b/src/regress/lib/libssl/interop/openssl33/Makefile
deleted file mode 100644
index eff61704d0..0000000000
--- a/src/regress/lib/libssl/interop/openssl33/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
-.if ! exists(/usr/local/bin/eopenssl33)
-regress:
-        # install openssl-3.3 from ports for interop tests
-        @echo 'Run "pkg_add openssl--%3.3" to run tests against OpenSSL 3.3'
-        @echo SKIPPED
-.else
-PROGS =                 client server
-CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =              -I /usr/local/include/eopenssl33
-LDFLAGS =               -L /usr/local/lib/eopenssl33
-LDADD =                 -lssl -lcrypto
-DPADD =                 /usr/local/lib/eopenssl33/libssl.a \
-                        /usr/local/lib/eopenssl33/libcrypto.a
-LD_LIBRARY_PATH =       /usr/local/lib/eopenssl33
-REGRESS_TARGETS =       run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-.for p in ${PROGS}
-run-ldd-$p: ldd-$p.out
-        # check that $p is linked with OpenSSL 3.3
-        grep -q /usr/local/lib/eopenssl33/libcrypto.so ldd-$p.out
-        grep -q /usr/local/lib/eopenssl33/libssl.so ldd-$p.out
-        # check that $p is not linked with LibreSSL
-        ! grep -v libc.so ldd-$p.out | grep /usr/lib/
-run-version-$p: $p-self.out
-        # check that runtime version is OpenSSL 3.3
-        grep 'SSLEAY_VERSION: OpenSSL 3.3' $p-self.out
-run-protocol-$p: $p-self.out
-        # check that OpenSSL 3.3 protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $p-self.out
-.endfor
-.endif # exists(/usr/local/bin/eopenssl33)
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl34/Makefile b/src/regress/lib/libssl/interop/openssl34/Makefile
deleted file mode 100644
index 72246bb621..0000000000
--- a/src/regress/lib/libssl/interop/openssl34/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile,v 1.1 2025/01/15 10:54:17 tb Exp $
-.if ! exists(/usr/local/bin/eopenssl34)
-regress:
-        # install openssl-3.4 from ports for interop tests
-        @echo 'Run "pkg_add openssl--%3.4" to run tests against OpenSSL 3.4'
-        @echo SKIPPED
-.else
-PROGS =                 client server
-CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
-CPPFLAGS =              -I /usr/local/include/eopenssl34
-LDFLAGS =               -L /usr/local/lib/eopenssl34
-LDADD =                 -lssl -lcrypto
-DPADD =                 /usr/local/lib/eopenssl34/libssl.a \
-                        /usr/local/lib/eopenssl34/libcrypto.a
-LD_LIBRARY_PATH =       /usr/local/lib/eopenssl34
-REGRESS_TARGETS =       run-self-client-server
-.for p in ${PROGS}
-REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
-.endfor
-.for p in ${PROGS}
-run-ldd-$p: ldd-$p.out
-        # check that $p is linked with OpenSSL 3.4
-        grep -q /usr/local/lib/eopenssl34/libcrypto.so ldd-$p.out
-        grep -q /usr/local/lib/eopenssl34/libssl.so ldd-$p.out
-        # check that $p is not linked with LibreSSL
-        ! grep -v libc.so ldd-$p.out | grep /usr/lib/
-run-version-$p: $p-self.out
-        # check that runtime version is OpenSSL 3.4
-        grep 'SSLEAY_VERSION: OpenSSL 3.4' $p-self.out
-run-protocol-$p: $p-self.out
-        # check that OpenSSL 3.4 protocol version is TLS 1.3
-        grep 'Protocol *: TLSv1.3' $p-self.out
-.endfor
-.endif # exists(/usr/local/bin/eopenssl34)
-.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/openssl35/Makefile b/src/regress/lib/libssl/interop/openssl35/Makefile
new file mode 100644
index 0000000000..e11ad5dd20
--- /dev/null
+++ b/src/regress/lib/libssl/interop/openssl35/Makefile
@@ -0,0 +1,44 @@
+# $OpenBSD: Makefile,v 1.1 2025/07/09 17:48:02 tb Exp $
+.if ! exists(/usr/local/bin/eopenssl35)
+regress:
+        # install openssl-3.5 from ports for interop tests
+        @echo 'Run "pkg_add openssl--%3.5" to run tests against OpenSSL 3.5'
+        @echo SKIPPED
+.else
+PROGS =                 client server
+CFLAGS +=               -DOPENSSL_SUPPRESS_DEPRECATED
+CPPFLAGS =              -I /usr/local/include/eopenssl35
+LDFLAGS =               -L /usr/local/lib/eopenssl35
+LDADD =                 -lssl -lcrypto
+DPADD =                 /usr/local/lib/eopenssl35/libssl.a \
+                        /usr/local/lib/eopenssl35/libcrypto.a
+LD_LIBRARY_PATH =       /usr/local/lib/eopenssl35
+REGRESS_TARGETS =       run-self-client-server
+.for p in ${PROGS}
+REGRESS_TARGETS +=      run-ldd-$p run-version-$p run-protocol-$p
+.endfor
+.for p in ${PROGS}
+run-ldd-$p: ldd-$p.out
+        # check that $p is linked with OpenSSL 3.5
+        grep -q /usr/local/lib/eopenssl35/libcrypto.so ldd-$p.out
+        grep -q /usr/local/lib/eopenssl35/libssl.so ldd-$p.out
+        # check that $p is not linked with LibreSSL
+        ! grep -v -e libc.so -e libpthread.so ldd-$p.out | grep /usr/lib/
+run-version-$p: $p-self.out
+        # check that runtime version is OpenSSL 3.5
+        grep 'SSLEAY_VERSION: OpenSSL 3.5' $p-self.out
+run-protocol-$p: $p-self.out
+        # check that OpenSSL 3.5 protocol version is TLS 1.3
+        grep 'Protocol *: TLSv1.3' $p-self.out
+.endfor
+.endif # exists(/usr/local/bin/eopenssl35)
+.include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/interop/session/Makefile b/src/regress/lib/libssl/interop/session/Makefile
index e9a353f99e..fff66b169b 100644
--- a/src/regress/lib/libssl/interop/session/Makefile
+++ b/src/regress/lib/libssl/interop/session/Makefile
@@ -1,11 +1,8 @@
-# $OpenBSD: Makefile,v 1.12 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.14 2025/07/25 16:33:15 tb Exp $
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
+.if exists(/usr/local/bin/eopenssl35)
-#LIBRARIES +=           openssl33
+#LIBRARIES +=           openssl35
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-#LIBRARIES +=           openssl34
 .endif
 run-session-client-libressl-server-libressl:
diff --git a/src/regress/lib/libssl/interop/version/Makefile b/src/regress/lib/libssl/interop/version/Makefile
index 605fba252f..5ee7d4c4f3 100644
--- a/src/regress/lib/libssl/interop/version/Makefile
+++ b/src/regress/lib/libssl/interop/version/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.10 2025/01/15 10:54:17 tb Exp $
+# $OpenBSD: Makefile,v 1.12 2025/07/25 16:33:15 tb Exp $
 # Connect a client to a server.  Both can be current libressl, or
 # openssl 1.1 or openssl 3.0.  Pin client or server to a fixed TLS
@@ -7,11 +7,8 @@
 # print out.
 LIBRARIES =             libressl
-.if exists(/usr/local/bin/eopenssl33)
+.if exists(/usr/local/bin/eopenssl35)
-LIBRARIES +=            openssl33
+LIBRARIES +=            openssl35
-.endif
-.if exists(/usr/local/bin/eopenssl34)
-LIBRARIES +=            openssl34
 .endif
 VERSIONS =      any TLS1_2 TLS1_3
@@ -29,8 +26,7 @@ FAIL_${cver}_${sver} = !
 .for slib in ${LIBRARIES}
 .if ("${cver}" != TLS1_3 && "${sver}" != TLS1_3) && \
-    ((("${clib}" != openssl33 && "${slib}" != openssl33)) || \
+    ((("${clib}" != openssl35 && "${slib}" != openssl35)) || \
-    (("${clib}" != openssl34 && "${slib}" != openssl34)) || \
    (("${cver}" != any && "${sver}" != any) && \
    ("${cver}" != TLS1 && "${sver}" != TLS1) && \
    ("${cver}" != TLS1_1 && "${sver}" != TLS1_1)))
diff --git a/src/regress/lib/libssl/openssl-ruby/Makefile b/src/regress/lib/libssl/openssl-ruby/Makefile
index af8083f662..19d2f2fc40 100644
--- a/src/regress/lib/libssl/openssl-ruby/Makefile
+++ b/src/regress/lib/libssl/openssl-ruby/Makefile
@@ -1,10 +1,10 @@
-#       $OpenBSD: Makefile,v 1.14 2024/08/31 11:14:58 tb Exp $
+#       $OpenBSD: Makefile,v 1.17 2025/06/27 03:32:08 tb Exp $
 OPENSSL_RUBY_TESTS =    /usr/local/share/openssl-ruby-tests
-.if exists(/usr/local/bin/ruby32)
+.if exists(/usr/local/bin/ruby33)
-RUBY_BINREV =           32
-.else
 RUBY_BINREV =           33
+.else
+RUBY_BINREV =           34
 .endif
 RUBY =                  ruby${RUBY_BINREV}
@@ -71,6 +71,21 @@ ${_t}: ${_BUILD_COOKIE}
                -n ${_t}
 .endfor
+# These tests can be a pain to run. To run a small set of individual
+# ssl tests, set the test names separated by spaces in the environment
+# variable RUBY_SSL_TEST_TARGETS - then you can type "make <test_name>"
+# to run a single ruby ssl test.
+.for _t in ${RUBY_SSL_TEST_TARGETS}
+REGRESS_TARGETS += ${_t}
+REGRESS_EXPECTED_FAILURES += ${_t}
+${_t}: ${_BUILD_COOKIE}
+        cd ${BUILDDIR} && \
+            ${RUBY} -I. -I${OPENSSL_RUBY_TESTS}/test/openssl \
+                -I${OPENSSL_RUBY_TESTS}/lib \
+                ${OPENSSL_RUBY_TESTS}/test/openssl/test_ssl.rb \
+                -n ${_t}
+.endfor
 CLEANFILES +=           ${_BUILD_COOKIE} ${_TEST_COOKIE} ${_BUILDDIR_COOKIE}
 . if make(clean) || make(cleandir)
diff --git a/src/regress/lib/libssl/tlsext/tlsexttest.c b/src/regress/lib/libssl/tlsext/tlsexttest.c
index 68584998ce..4c3701a63d 100644
--- a/src/regress/lib/libssl/tlsext/tlsexttest.c
+++ b/src/regress/lib/libssl/tlsext/tlsexttest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tlsexttest.c,v 1.94 2025/05/03 08:37:28 tb Exp $ */
+/* $OpenBSD: tlsexttest.c,v 1.95 2025/12/04 21:03:42 beck Exp $ */
 /*
 * Copyright (c) 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -3665,7 +3665,7 @@ test_tlsext_keyshare_client(void)
        if ((ssl->s3->hs.key_share =
            tls_key_share_new_nid(NID_X25519)) == NULL)
                errx(1, "failed to create key share");
-        if (!tls_key_share_generate(ssl->s3->hs.key_share))
+        if (!tls_key_share_client_generate(ssl->s3->hs.key_share))
                errx(1, "failed to generate key share");
        ssl->s3->hs.our_max_tls_version = TLS1_2_VERSION;
@@ -3890,14 +3890,14 @@ test_tlsext_keyshare_server(void)
                goto done;
        }
-        if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
+        if (!tls_key_share_server_generate(ssl->s3->hs.key_share)) {
                FAIL("failed to generate key share");
                goto done;
        }
        CBS_init(&cbs, bogokey, sizeof(bogokey));
-        if (!tls_key_share_peer_public(ssl->s3->hs.key_share, &cbs,
+        if (!tls_key_share_server_peer_public(ssl->s3->hs.key_share, &cbs,
            &decode_error, NULL)) {
                FAIL("failed to load peer public key\n");
                goto done;
@@ -3926,7 +3926,7 @@ test_tlsext_keyshare_server(void)
                FAIL("failed to create key share");
                goto done;
        }
-        if (!tls_key_share_generate(ssl->s3->hs.key_share)) {
+        if (!tls_key_share_server_generate(ssl->s3->hs.key_share)) {
                FAIL("failed to generate key share");
                goto done;
        }
diff --git a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
index 91aedad165..ff678ec9a8 100644
--- a/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
+++ b/src/regress/lib/libssl/tlsfuzzer/tlsfuzzer.py
@@ -1,4 +1,4 @@
-#   $OpenBSD: tlsfuzzer.py,v 1.56 2024/09/18 19:12:37 tb Exp $
+#   $OpenBSD: tlsfuzzer.py,v 1.57 2025/06/15 09:44:57 tb Exp $
 #
 # Copyright (c) 2020 Theo Buehler <tb@openbsd.org>
 #
@@ -72,7 +72,7 @@ def substitute_alert(want, got):
    return f"Expected alert description \"{want}\" " \
        + f"does not match received \"{got}\""
-# test-tls13-finished.py has 70 failing tests that expect a "decode_error"
+# test_tls13_finished.py has 70 failing tests that expect a "decode_error"
 # instead of the "decrypt_error" sent by tls13_server_finished_recv().
 # Both alerts appear to be reasonable in this context, so work around this
 # in the test instead of the library.
@@ -164,46 +164,46 @@ def generate_test_tls13_finished_args():
    return args
 tls13_tests = TestGroup("TLSv1.3 tests", [
-    Test("test-tls13-ccs.py"),
+    Test("test_tls13_ccs.py"),
-    Test("test-tls13-conversation.py"),
+    Test("test_tls13_conversation.py"),
-    Test("test-tls13-count-tickets.py"),
+    Test("test_tls13_count_tickets.py"),
-    Test("test-tls13-empty-alert.py"),
+    Test("test_tls13_empty_alert.py"),
-    Test("test-tls13-finished.py", generate_test_tls13_finished_args()),
+    Test("test_tls13_finished.py", generate_test_tls13_finished_args()),
-    Test("test-tls13-finished-plaintext.py"),
+    Test("test_tls13_finished_plaintext.py"),
-    Test("test-tls13-hrr.py"),
+    Test("test_tls13_hrr.py"),
-    Test("test-tls13-keyshare-omitted.py"),
+    Test("test_tls13_keyshare_omitted.py"),
-    Test("test-tls13-legacy-version.py"),
+    Test("test_tls13_legacy_version.py"),
-    Test("test-tls13-nociphers.py"),
+    Test("test_tls13_nociphers.py"),
-    Test("test-tls13-record-padding.py"),
+    Test("test_tls13_record_padding.py"),
    # Exclude QUIC transport parameters
-    Test("test-tls13-shuffled-extentions.py", [ "--exc", "57" ]),
+    Test("test_tls13_shuffled_extentions.py", [ "--exc", "57" ]),
-    Test("test-tls13-zero-content-type.py"),
+    Test("test_tls13_zero_content_type.py"),
    # The skipped tests fail due to a bug in BIO_gets() which masks the retry
    # signalled from an SSL_read() failure. Testing with httpd(8) shows we're
    # handling these corner cases correctly since tls13_record_layer.c -r1.47.
-    Test("test-tls13-zero-length-data.py", [
+    Test("test_tls13_zero_length_data.py", [
        "-e", "zero-length app data",
        "-e", "zero-length app data with large padding",
        "-e", "zero-length app data with padding",
    ]),
    # We don't currently handle NSTs
-    Test("test-tls13-connection-abort.py", ["-e", "After NewSessionTicket"]),
+    Test("test_tls13_connection_abort.py", ["-e", "After NewSessionTicket"]),
 ])
 # Tests that take a lot of time (> ~30s on an x280)
 tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
    # XXX: Investigate the occasional message
    # "Got shared secret with 1 most significant bytes equal to zero."
-    Test("test-tls13-dhe-shared-secret-padding.py", tls13_unsupported_ciphers),
+    Test("test_tls13_dhe_shared_secret_padding.py", tls13_unsupported_ciphers),
-    Test("test-tls13-invalid-ciphers.py"),
+    Test("test_tls13_invalid_ciphers.py"),
-    Test("test-tls13-serverhello-random.py", tls13_unsupported_ciphers),
+    Test("test_tls13_serverhello_random.py", tls13_unsupported_ciphers),
    # Mark two tests cases as xfail for now. The tests expect an arguably
    # correct decode_error while we send a decrypt_error (like fizz/boring).
-    Test("test-tls13-record-layer-limits.py", [
+    Test("test_tls13_record_layer_limits.py", [
        "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_AES_128_GCM_SHA256",
        "-X", substitute_alert("decode_error", "decrypt_error"),
        "-x", "max size payload (2**14) of Finished msg, with 16348 bytes of left padding, cipher TLS_CHACHA20_POLY1305_SHA256",
@@ -212,22 +212,22 @@ tls13_slow_tests = TestGroup("slow TLSv1.3 tests", [
    # We don't accept an empty ECPF extension since it must advertise the
    # uncompressed point format. Exclude this extension type from the test.
    Test(
-        "test-tls13-large-number-of-extensions.py",
+        "test_tls13_large_number_of_extensions.py",
        tls13_args = ["--exc", "11"],
    ),
 ])
 tls13_extra_cert_tests = TestGroup("TLSv1.3 certificate tests", [
    # need to set up client certs to run these
-    Test("test-tls13-certificate-request.py"),
+    Test("test_tls13_certificate_request.py"),
-    Test("test-tls13-certificate-verify.py"),
+    Test("test_tls13_certificate_verify.py"),
-    Test("test-tls13-ecdsa-in-certificate-verify.py"),
+    Test("test_tls13_ecdsa_in_certificate_verify.py"),
-    Test("test-tls13-eddsa-in-certificate-verify.py"),
+    Test("test_tls13_eddsa_in_certificate_verify.py"),
    # Test expects the server to have installed three certificates:
    # with P-256, P-384 and P-521 curve. Also SHA1+ECDSA is verified
    # to not work.
-    Test("test-tls13-ecdsa-support.py"),
+    Test("test_tls13_ecdsa_support.py"),
 ])
 tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
@@ -235,7 +235,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
    # With X25519, we accept weak peer public keys and fail when we actually
    # compute the keyshare.  Other tests seem to indicate that we could be
    # stricter about what keyshares we accept.
-    Test("test-tls13-crfg-curves.py", [
+    Test("test_tls13_crfg_curves.py", [
        '-e', 'all zero x448 key share',
        '-e', 'empty x448 key share',
        '-e', 'sanity x448 with compression ansiX962_compressed_char2',
@@ -245,7 +245,7 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
        '-e', 'too small x448 key share',
        '-e', 'x448 key share of "1"',
    ]),
-    Test("test-tls13-ecdhe-curves.py", [
+    Test("test_tls13_ecdhe_curves.py", [
        '-e', 'sanity - x448',
        '-e', 'x448 - key share from other curve',
        '-e', 'x448 - point at infinity',
@@ -258,21 +258,21 @@ tls13_failing_tests = TestGroup("failing TLSv1.3 tests", [
    # We have the logic corresponding to NSS's fix for CVE-2020-25648
    # https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
    # so should not be affected by this issue.
-    Test("test-tls13-multiple-ccs-messages.py"),
+    Test("test_tls13_multiple_ccs_messages.py"),
    # https://github.com/openssl/openssl/issues/8369
-    Test("test-tls13-obsolete-curves.py"),
+    Test("test_tls13_obsolete_curves.py"),
    # 3 failing rsa_pss_pss tests
-    Test("test-tls13-rsa-signatures.py"),
+    Test("test_tls13_rsa_signatures.py"),
    # The failing tests all expect an ri extension.  What's up with that?
-    Test("test-tls13-version-negotiation.py"),
+    Test("test_tls13_version_negotiation.py"),
 ])
 tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
    # Other test failures bugs in keyshare/tlsext negotiation?
-    Test("test-tls13-unrecognised-groups.py"),    # unexpected closure
+    Test("test_tls13_unrecognised_groups.py"),    # unexpected closure
    # 5 occasional failures:
    #   'app data split, conversation with KeyUpdate msg'
@@ -280,43 +280,43 @@ tls13_slow_failing_tests = TestGroup("slow, failing TLSv1.3 tests", [
    #   'multiple KeyUpdate messages'
    #   'post-handshake KeyUpdate msg with update_not_request'
    #   'post-handshake KeyUpdate msg with update_request'
-    Test("test-tls13-keyupdate.py"),
+    Test("test_tls13_keyupdate.py"),
-    Test("test-tls13-symetric-ciphers.py"),       # unexpected message from peer
+    Test("test_tls13_symetric_ciphers.py"),       # unexpected message from peer
    # 6 tests fail: 'rsa_pkcs1_{md5,sha{1,224,256,384,512}} signature'
    # We send server hello, but the test expects handshake_failure
-    Test("test-tls13-pkcs-signature.py"),
+    Test("test_tls13_pkcs_signature.py"),
    # 8 tests fail: 'tls13 signature rsa_pss_{pss,rsae}_sha{256,384,512}
-    Test("test-tls13-rsapss-signatures.py"),
+    Test("test_tls13_rsapss_signatures.py"),
 ])
 tls13_unsupported_tests = TestGroup("TLSv1.3 tests for unsupported features", [
    # Tests for features we don't support
-    Test("test-tls13-0rtt-garbage.py"),
+    Test("test_tls13_0rtt_garbage.py"),
-    Test("test-tls13-ffdhe-groups.py"),
+    Test("test_tls13_ffdhe_groups.py"),
-    Test("test-tls13-ffdhe-sanity.py"),
+    Test("test_tls13_ffdhe_sanity.py"),
-    Test("test-tls13-psk_dhe_ke.py"),
+    Test("test_tls13_psk_dhe_ke.py"),
-    Test("test-tls13-psk_ke.py"),
+    Test("test_tls13_psk_ke.py"),
    # need server to react to HTTP GET for /keyupdate
-    Test("test-tls13-keyupdate-from-server.py"),
+    Test("test_tls13_keyupdate_from_server.py"),
    # needs an echo server
-    Test("test-tls13-lengths.py"),
+    Test("test_tls13_lengths.py"),
    # Weird test: tests servers that don't support 1.3
-    Test("test-tls13-non-support.py"),
+    Test("test_tls13_non_support.py"),
    # broken test script
    # UnboundLocalError: local variable 'cert' referenced before assignment
-    Test("test-tls13-post-handshake-auth.py"),
+    Test("test_tls13_post_handshake_auth.py"),
    # ExpectNewSessionTicket
-    Test("test-tls13-session-resumption.py"),
+    Test("test_tls13_session_resumption.py"),
    # Server must be configured to support only rsa_pss_rsae_sha512
-    Test("test-tls13-signature-algorithms.py"),
+    Test("test_tls13_signature_algorithms.py"),
 ])
 tls12_exclude_legacy_protocols = [
@@ -345,52 +345,52 @@ tls12_exclude_legacy_protocols = [
 tls12_tests = TestGroup("TLSv1.2 tests", [
    # Tests that pass as they are.
-    Test("test-aes-gcm-nonces.py"),
+    Test("test_aes_gcm_nonces.py"),
-    Test("test-connection-abort.py"),
+    Test("test_connection_abort.py"),
-    Test("test-conversation.py"),
+    Test("test_conversation.py"),
-    Test("test-cve-2016-2107.py"),
+    Test("test_cve_2016_2107.py"),
-    Test("test-cve-2016-6309.py"),
+    Test("test_cve_2016_6309.py"),
-    Test("test-dhe-rsa-key-exchange.py"),
+    Test("test_dhe_rsa_key_exchange.py"),
-    Test("test-early-application-data.py"),
+    Test("test_early_application_data.py"),
-    Test("test-empty-extensions.py"),
+    Test("test_empty_extensions.py"),
-    Test("test-extensions.py"),
+    Test("test_extensions.py"),
-    Test("test-fuzzed-MAC.py"),
+    Test("test_fuzzed_MAC.py"),
-    Test("test-fuzzed-ciphertext.py"),
+    Test("test_fuzzed_ciphertext.py"),
-    Test("test-fuzzed-finished.py"),
+    Test("test_fuzzed_finished.py"),
-    Test("test-fuzzed-padding.py"),
+    Test("test_fuzzed_padding.py"),
-    Test("test-fuzzed-plaintext.py"), # fails once in a while
+    Test("test_fuzzed_plaintext.py"), # fails once in a while
-    Test("test-hello-request-by-client.py"),
+    Test("test_hello_request_by_client.py"),
-    Test("test-invalid-cipher-suites.py"),
+    Test("test_invalid_cipher_suites.py"),
-    Test("test-invalid-content-type.py"),
+    Test("test_invalid_content_type.py"),
-    Test("test-invalid-session-id.py"),
+    Test("test_invalid_session_id.py"),
-    Test("test-invalid-version.py"),
+    Test("test_invalid_version.py"),
-    Test("test-large-number-of-extensions.py"),
+    Test("test_large_number_of_extensions.py"),
-    Test("test-lucky13.py"),
+    Test("test_lucky13.py"),
-    Test("test-message-skipping.py"),
+    Test("test_message_skipping.py"),
-    Test("test-no-heartbeat.py"),
+    Test("test_no_heartbeat.py"),
-    Test("test-record-layer-fragmentation.py"),
+    Test("test_record_layer_fragmentation.py"),
-    Test("test-sslv2-connection.py"),
+    Test("test_sslv2_connection.py"),
-    Test("test-truncating-of-finished.py"),
+    Test("test_truncating_of_finished.py"),
-    Test("test-truncating-of-kRSA-client-key-exchange.py"),
+    Test("test_truncating_of_kRSA_client_key_exchange.py"),
-    Test("test-unsupported-curve-fallback.py"),
+    Test("test_unsupported_curve_fallback.py"),
-    Test("test-version-numbers.py"),
+    Test("test_version_numbers.py"),
-    Test("test-zero-length-data.py"),
+    Test("test_zero_length_data.py"),
    # Tests that need tweaking for unsupported features and ciphers.
    Test(
-        "test-atypical-padding.py", [
+        "test_atypical_padding.py", [
            "-e", "sanity - encrypt then MAC",
            "-e", "2^14 bytes of AppData with 256 bytes of padding (SHA1 + Encrypt then MAC)",
        ]
    ),
    Test(
-        "test-ccs.py", [
+        "test_ccs.py", [
            "-x", "two bytes long CCS",
            "-X", substitute_alert("unexpected_message", "decode_error"),
        ]
    ),
    Test(
-        "test-dhe-rsa-key-exchange-signatures.py", [
+        "test_dhe_rsa_key_exchange_signatures.py", [
            "-e", "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA sha224 signature",
            "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 sha224 signature",
            "-e", "TLS_DHE_RSA_WITH_AES_128_CBC_SHA sha224 signature",
@@ -398,14 +398,14 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
            "-e", "TLS_DHE_RSA_WITH_AES_256_CBC_SHA sha224 signature",
        ]
    ),
-    Test("test-dhe-rsa-key-exchange-with-bad-messages.py", [
+    Test("test_dhe_rsa_key_exchange_with_bad_messages.py", [
        "-x", "invalid dh_Yc value - missing",
        "-X", substitute_alert("decode_error", "illegal_parameter"),
    ]),
-    Test("test-dhe-key-share-random.py", tls12_exclude_legacy_protocols),
+    Test("test_dhe_key_share_random.py", tls12_exclude_legacy_protocols),
-    Test("test-export-ciphers-rejected.py", ["--min-ver", "TLSv1.2"]),
+    Test("test_export_ciphers_rejected.py", ["--min-ver", "TLSv1.2"]),
    Test(
-        "test-downgrade-protection.py",
+        "test_downgrade_protection.py",
        tls12_args = ["--server-max-protocol", "TLSv1.2"],
        tls13_args = [
            "--server-max-protocol", "TLSv1.3",
@@ -414,7 +414,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
        ]
    ),
    Test(
-        "test-fallback-scsv.py",
+        "test_fallback_scsv.py",
        tls13_args = [
            "--tls-1.3",
            "-e", "FALLBACK - hello TLSv1.1 - pos 0",
@@ -428,7 +428,7 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
        ]
    ),
-    Test("test-invalid-compression-methods.py", [
+    Test("test_invalid_compression_methods.py", [
        "-x", "invalid compression methods",
        "-X", substitute_alert("illegal_parameter", "decode_error"),
        "-x", "only deflate compression method",
@@ -437,134 +437,134 @@ tls12_tests = TestGroup("TLSv1.2 tests", [
    # Skip extended_master_secret test. Since we don't support this
    # extension, we don't notice that it was dropped.
-    Test("test-renegotiation-changed-clienthello.py", [
+    Test("test_renegotiation_changed_clienthello.py", [
        "-e", "drop extended_master_secret in renegotiation",
    ]),
-    Test("test-sessionID-resumption.py", [
+    Test("test_sessionID_resumption.py", [
        "-x", "Client Hello too long session ID",
        "-X", substitute_alert("decode_error", "illegal_parameter"),
    ]),
    # Without --sig-algs-drop-ok, two tests fail since we do not currently
    # implement the signature_algorithms_cert extension (although we MUST).
-    Test("test-sig-algs-renegotiation-resumption.py", ["--sig-algs-drop-ok"]),
+    Test("test_sig_algs_renegotiation_resumption.py", ["--sig-algs-drop-ok"]),
-    Test("test-serverhello-random.py", args = tls12_exclude_legacy_protocols),
+    Test("test_serverhello_random.py", args = tls12_exclude_legacy_protocols),
-    Test("test-chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
+    Test("test_chacha20.py", [ "-e", "Chacha20 in TLS1.1" ]),
 ])
 tls12_slow_tests = TestGroup("slow TLSv1.2 tests", [
-    Test("test-cve-2016-7054.py"),
+    Test("test_cve_2016_7054.py"),
-    Test("test-dhe-no-shared-secret-padding.py", tls12_exclude_legacy_protocols),
+    Test("test_dhe_no_shared_secret_padding.py", tls12_exclude_legacy_protocols),
-    Test("test-ecdhe-padded-shared-secret.py", tls12_exclude_legacy_protocols),
+    Test("test_ecdhe_padded_shared_secret.py", tls12_exclude_legacy_protocols),
-    Test("test-ecdhe-rsa-key-share-random.py", tls12_exclude_legacy_protocols),
+    Test("test_ecdhe_rsa_key_share_random.py", tls12_exclude_legacy_protocols),
    # Start at extension number 58 to avoid QUIC transport parameters (57)
-    Test("test-large-hello.py", [ "-m", "58" ]),
+    Test("test_large_hello.py", [ "-m", "58" ]),
 ])
 tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
    # no shared cipher
-    Test("test-aesccm.py"),
+    Test("test_aesccm.py"),
    # need server to set up alpn
-    Test("test-alpn-negotiation.py"),
+    Test("test_alpn_negotiation.py"),
    # Failing on TLS_RSA_WITH_AES_128_CBC_SHA because server does not support it.
-    Test("test-bleichenbacher-timing-pregenerate.py"),
+    Test("test_bleichenbacher_timing_pregenerate.py"),
    # many tests fail due to unexpected server_name extension
-    Test("test-bleichenbacher-workaround.py"),
+    Test("test_bleichenbacher_workaround.py"),
    # need client key and cert plus extra server setup
-    Test("test-certificate-malformed.py"),
+    Test("test_certificate_malformed.py"),
-    Test("test-certificate-request.py"),
+    Test("test_certificate_request.py"),
-    Test("test-certificate-verify-malformed-sig.py"),
+    Test("test_certificate_verify_malformed_sig.py"),
-    Test("test-certificate-verify-malformed.py"),
+    Test("test_certificate_verify_malformed.py"),
-    Test("test-certificate-verify.py"),
+    Test("test_certificate_verify.py"),
-    Test("test-ecdsa-in-certificate-verify.py"),
+    Test("test_ecdsa_in_certificate_verify.py"),
-    Test("test-eddsa-in-certificate-verify.py"),
+    Test("test_eddsa_in_certificate_verify.py"),
-    Test("test-renegotiation-disabled-client-cert.py"),
+    Test("test_renegotiation_disabled_client_cert.py"),
-    Test("test-rsa-pss-sigs-on-certificate-verify.py"),
+    Test("test_rsa_pss_sigs_on_certificate_verify.py"),
-    Test("test-rsa-sigs-on-certificate-verify.py"),
+    Test("test_rsa_sigs_on_certificate_verify.py"),
    # test doesn't expect session ticket
-    Test("test-client-compatibility.py"),
+    Test("test_client_compatibility.py"),
    # abrupt closure
-    Test("test-client-hello-max-size.py"),
+    Test("test_client_hello_max_size.py"),
    # unknown signature algorithms
-    Test("test-clienthello-md5.py"),
+    Test("test_clienthello_md5.py"),
    # Tests expect an illegal_parameter or a decode_error alert.  Should be
    # added to ssl3_get_client_key_exchange on kex function failure.
-    Test("test-ecdhe-rsa-key-exchange-with-bad-messages.py"),
+    Test("test_ecdhe_rsa_key_exchange_with_bad_messages.py"),
    # We send a handshake_failure due to no shared ciphers while the
    # test expects to succeed.
-    Test("test-ecdhe-rsa-key-exchange.py"),
+    Test("test_ecdhe_rsa_key_exchange.py"),
    # no shared cipher
-    Test("test-ecdsa-sig-flexibility.py"),
+    Test("test_ecdsa_sig_flexibility.py"),
    # Tests expect SH but we send unexpected_message or handshake_failure
    #   'Application data inside Client Hello'
    #   'Application data inside Client Key Exchange'
    #   'Application data inside Finished'
-    Test("test-interleaved-application-data-and-fragmented-handshakes-in-renegotiation.py"),
+    Test("test_interleaved_application_data_and_fragmented_handshakes_in_renegotiation.py"),
    # Tests expect SH but we send handshake_failure
    #   'Application data before Change Cipher Spec'
    #   'Application data before Client Key Exchange'
    #   'Application data before Finished'
-    Test("test-interleaved-application-data-in-renegotiation.py"),
+    Test("test_interleaved_application_data_in_renegotiation.py"),
    # broken test script
    # TypeError: '<' not supported between instances of 'int' and 'NoneType'
-    Test("test-invalid-client-hello-w-record-overflow.py"),
+    Test("test_invalid_client_hello_w_record_overflow.py"),
    # Lots of failures. abrupt closure
-    Test("test-invalid-client-hello.py"),
+    Test("test_invalid_client_hello.py"),
    # abrupt closure
    # 'encrypted premaster set to all zero (n)' n in 256 384 512
-    Test("test-invalid-rsa-key-exchange-messages.py"),
+    Test("test_invalid_rsa_key_exchange_messages.py"),
    # test expects illegal_parameter, we send unrecognized_name (which seems
    # correct according to rfc 6066?)
-    Test("test-invalid-server-name-extension-resumption.py"),
+    Test("test_invalid_server_name_extension_resumption.py"),
    # let through some server names without sending an alert
    # again illegal_parameter vs unrecognized_name
-    Test("test-invalid-server-name-extension.py"),
+    Test("test_invalid_server_name_extension.py"),
    # 4 failures:
    #   'insecure (legacy) renegotiation with GET after 2nd handshake'
    #   'insecure (legacy) renegotiation with incomplete GET'
    #   'secure renegotiation with GET after 2nd handshake'
    #   'secure renegotiation with incomplete GET'
-    Test("test-legacy-renegotiation.py"),
+    Test("test_legacy_renegotiation.py"),
    # 1 failure (timeout): we don't send the unexpected_message alert
    # 'duplicate change cipher spec after Finished'
-    Test("test-message-duplication.py"),
+    Test("test_message_duplication.py"),
    # server should send status_request
-    Test("test-ocsp-stapling.py"),
+    Test("test_ocsp_stapling.py"),
    # unexpected closure
-    Test("test-openssl-3712.py"),
+    Test("test_openssl_3712.py"),
    # failed: 3 (expect an alert, we send AD)
    # 'try insecure (legacy) renegotiation with incomplete GET'
    # 'try secure renegotiation with GET after 2nd CH'
    # 'try secure renegotiation with incomplete GET'
-    Test("test-renegotiation-disabled.py"),
+    Test("test_renegotiation_disabled.py"),
    # 'resumption of safe session with NULL cipher'
    # 'resumption with cipher from old CH but not selected by server'
-    Test("test-resumption-with-wrong-ciphers.py"),
+    Test("test_resumption_with_wrong_ciphers.py"),
    # 'session resumption with empty session_id'
    # 'session resumption with random session_id'
    # 'session resumption with renegotiation'
    # AssertionError: Server did not send extension(s): session_ticket
-    Test("test-session-ticket-resumption.py"),
+    Test("test_session_ticket_resumption.py"),
    # 5 failures:
    #   'empty sigalgs'
@@ -572,7 +572,7 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
    #   'rsa_pss_pss_sha256 only'
    #   'rsa_pss_pss_sha384 only'
    #   'rsa_pss_pss_sha512 only'
-    Test("test-sig-algs.py"),
+    Test("test_sig_algs.py"),
    # 13 failures:
    #   'duplicated n non-rsa schemes' for n in 202 2342 8119 23741 32744
@@ -581,51 +581,51 @@ tls12_failing_tests = TestGroup("failing TLSv1.2 tests", [
    #   'tolerance 32758 methods with sig_alg_cert'
    #   'tolerance max 32744 number of methods with sig_alg_cert'
    #   'tolerance max (32760) number of methods'
-    Test("test-signature-algorithms.py"),
+    Test("test_signature_algorithms.py"),
    # times out
-    Test("test-ssl-death-alert.py"),
+    Test("test_ssl_death_alert.py"),
    # 17 pass, 13 fail. padding and truncation
-    Test("test-truncating-of-client-hello.py"),
+    Test("test_truncating_of_client_hello.py"),
    # x448 tests need disabling plus x25519 corner cases need sorting out
-    Test("test-x25519.py"),
+    Test("test_x25519.py"),
    # Needs TLS 1.0 or 1.1
-    Test("test-TLSv1_2-rejected-without-TLSv1_2.py"),
+    Test("test_TLSv1_2_rejected_without_TLSv1_2.py"),
 ])
 tls12_unsupported_tests = TestGroup("TLSv1.2 for unsupported features", [
    # protocol_version
-    Test("test-SSLv3-padding.py"),
+    Test("test_SSLv3_padding.py"),
    # we don't do RSA key exchanges
-    Test("test-bleichenbacher-timing.py"),
+    Test("test_bleichenbacher_timing.py"),
    # no encrypt-then-mac
-    Test("test-encrypt-then-mac-renegotiation.py"),
+    Test("test_encrypt_then_mac_renegotiation.py"),
-    Test("test-encrypt-then-mac.py"),
+    Test("test_encrypt_then_mac.py"),
    # no EME support
-    Test("test-extended-master-secret-extension-with-client-cert.py"),
+    Test("test_extended_master_secret_extension_with_client_cert.py"),
-    Test("test-extended-master-secret-extension.py"),
+    Test("test_extended_master_secret_extension.py"),
    # no ffdhe
-    Test("test-ffdhe-expected-params.py"),
+    Test("test_ffdhe_expected_params.py"),
-    Test("test-ffdhe-negotiation.py"),
+    Test("test_ffdhe_negotiation.py"),
    # record_size_limit/max_fragment_length extension (RFC 8449)
-    Test("test-record-size-limit.py"),
+    Test("test_record_size_limit.py"),
    # expects the server to send the heartbeat extension
-    Test("test-heartbeat.py"),
+    Test("test_heartbeat.py"),
    # needs an echo server
-    Test("test-lengths.py"),
+    Test("test_lengths.py"),
 ])
 # These tests take a ton of time to fail against an 1.3 server,
 # so don't run them against 1.3 pending further investigation.
 legacy_tests = TestGroup("Legacy protocol tests", [
-    Test("test-sslv2-force-cipher-3des.py"),
+    Test("test_sslv2_force_cipher_3des.py"),
-    Test("test-sslv2-force-cipher-non3des.py"),
+    Test("test_sslv2_force_cipher_non3des.py"),
-    Test("test-sslv2-force-cipher.py"),
+    Test("test_sslv2_force_cipher.py"),
-    Test("test-sslv2-force-export-cipher.py"),
+    Test("test_sslv2_force_export_cipher.py"),
-    Test("test-sslv2hello-protocol.py"),
+    Test("test_sslv2hello_protocol.py"),
 ])
 all_groups = [
diff --git a/src/regress/lib/libssl/unit/Makefile b/src/regress/lib/libssl/unit/Makefile
index 6a925069ca..edc0d910c4 100644
--- a/src/regress/lib/libssl/unit/Makefile
+++ b/src/regress/lib/libssl/unit/Makefile
@@ -1,4 +1,4 @@
-#       $OpenBSD: Makefile,v 1.16 2023/05/24 09:15:14 tb Exp $
+#       $OpenBSD: Makefile,v 1.17 2025/10/24 11:44:08 tb Exp $
 PROGS += cipher_list
 PROGS += ssl_get_shared_ciphers
@@ -16,6 +16,4 @@ CFLAGS+=	-DLIBRESSL_INTERNAL -Wall -Wundef -Werror
 CFLAGS+=        -DCERTSDIR=\"${.CURDIR}/../certs\"
 CFLAGS+=        -I${.CURDIR}/../../../../lib/libssl
-LDADD_ssl_verify_param = ${LIBSSL} ${CRYPTO_INT}
 .include <bsd.regress.mk>
diff --git a/src/regress/lib/libssl/unit/ssl_verify_param.c b/src/regress/lib/libssl/unit/ssl_verify_param.c
index cdb52c56a8..05af9be2be 100644
--- a/src/regress/lib/libssl/unit/ssl_verify_param.c
+++ b/src/regress/lib/libssl/unit/ssl_verify_param.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: ssl_verify_param.c,v 1.1 2023/05/24 08:54:59 tb Exp $ */
+/*      $OpenBSD: ssl_verify_param.c,v 1.3 2025/10/24 11:43:34 tb Exp $ */
 /*
 * Copyright (c) 2023 Theo Buehler <tb@openbsd.org>
@@ -20,10 +20,9 @@
 #include <stdio.h>
 #include <openssl/ssl.h>
+#include <openssl/x509_vfy.h>
 #include <openssl/x509v3.h>
-unsigned int X509_VERIFY_PARAM_get_hostflags(X509_VERIFY_PARAM *param);
 static int
 ssl_verify_param_flags_inherited(void)
 {