From e41d777a25720255dec2af01ec95c98d14fccf9a Mon Sep 17 00:00:00 2001
From: June McEnroe <june@causal.agency>
Date: Wed, 11 Oct 2023 18:19:08 -0400
Subject: Import LibreSSL 3.8.0

---
 LIBTLS_VERSION  |  2 +-
 Makefile.am     |  2 +-
 VERSION         |  2 +-
 man/Makefile.am | 90 ++++++++++++---------------------------------------------
 tls.c           | 39 ++++++++++++++++---------
 tls_bio_cb.c    |  3 +-
 tls_client.c    |  3 +-
 tls_config.c    |  3 +-
 tls_conninfo.c  |  3 +-
 tls_internal.h  |  3 +-
 tls_ocsp.c      |  4 ++-
 tls_server.c    |  4 ++-
 tls_signer.c    |  6 +---
 tls_util.c      |  3 +-
 tls_verify.c    | 30 ++++++++++---------
 15 files changed, 83 insertions(+), 114 deletions(-)

diff --git a/LIBTLS_VERSION b/LIBTLS_VERSION
index bc4eb71..6e2f32a 100644
--- a/LIBTLS_VERSION
+++ b/LIBTLS_VERSION
@@ -1 +1 @@
-26:2:0
+27:0:0
diff --git a/Makefile.am b/Makefile.am
index 9b62b22..d5725c3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -16,7 +16,7 @@ EXTRA_libtls_la_DEPENDENCIES = libtls_la_objects.mk
 
 libtls_la_objects.mk: Makefile
 	@echo "libtls_la_objects= $(libtls_la_OBJECTS)" \
-	  | sed 's/  */ $$\(abs_top_builddir\)\/tls\//g' \
+	  | sed -e 's/ *$$//' -e 's/  */ $$\(abs_top_builddir\)\/tls\//g' \
 	  > libtls_la_objects.mk
 
 libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
diff --git a/VERSION b/VERSION
index 517c2b6..6641052 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-3.7.3
+3.8.0
 
diff --git a/man/Makefile.am b/man/Makefile.am
index 4c56008..902ed5a 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -175,7 +175,6 @@ dist_man3_MANS += BIO_get_ex_new_index.3
 dist_man3_MANS += BIO_meth_new.3
 dist_man3_MANS += BIO_new.3
 dist_man3_MANS += BIO_new_CMS.3
-dist_man3_MANS += BIO_new_NDEF.3
 dist_man3_MANS += BIO_printf.3
 dist_man3_MANS += BIO_push.3
 dist_man3_MANS += BIO_read.3
@@ -193,21 +192,17 @@ dist_man3_MANS += BIO_should_retry.3
 dist_man3_MANS += BN_BLINDING_new.3
 dist_man3_MANS += BN_CTX_new.3
 dist_man3_MANS += BN_CTX_start.3
-dist_man3_MANS += BN_GF2m_add.3
 dist_man3_MANS += BN_add.3
 dist_man3_MANS += BN_add_word.3
 dist_man3_MANS += BN_bn2bin.3
 dist_man3_MANS += BN_cmp.3
 dist_man3_MANS += BN_copy.3
 dist_man3_MANS += BN_generate_prime.3
-dist_man3_MANS += BN_get0_nist_prime_521.3
 dist_man3_MANS += BN_kronecker.3
 dist_man3_MANS += BN_mod_inverse.3
 dist_man3_MANS += BN_mod_mul_montgomery.3
-dist_man3_MANS += BN_mod_mul_reciprocal.3
 dist_man3_MANS += BN_mod_sqrt.3
 dist_man3_MANS += BN_new.3
-dist_man3_MANS += BN_nist_mod_521.3
 dist_man3_MANS += BN_num_bytes.3
 dist_man3_MANS += BN_rand.3
 dist_man3_MANS += BN_set_bit.3
@@ -367,7 +362,6 @@ dist_man3_MANS += PEM_X509_INFO_read.3
 dist_man3_MANS += PEM_bytes_read_bio.3
 dist_man3_MANS += PEM_read.3
 dist_man3_MANS += PEM_read_bio_PrivateKey.3
-dist_man3_MANS += PEM_write_bio_ASN1_stream.3
 dist_man3_MANS += PEM_write_bio_CMS_stream.3
 dist_man3_MANS += PEM_write_bio_PKCS7_stream.3
 dist_man3_MANS += PKCS12_SAFEBAG_new.3
@@ -393,7 +387,6 @@ dist_man3_MANS += PKCS8_PRIV_KEY_INFO_new.3
 dist_man3_MANS += PKCS8_pkey_set0.3
 dist_man3_MANS += PKEY_USAGE_PERIOD_new.3
 dist_man3_MANS += POLICYINFO_new.3
-dist_man3_MANS += PROXY_POLICY_new.3
 dist_man3_MANS += RAND_add.3
 dist_man3_MANS += RAND_bytes.3
 dist_man3_MANS += RAND_load_file.3
@@ -428,7 +421,6 @@ dist_man3_MANS += SMIME_write_ASN1.3
 dist_man3_MANS += SMIME_write_CMS.3
 dist_man3_MANS += SMIME_write_PKCS7.3
 dist_man3_MANS += STACK_OF.3
-dist_man3_MANS += SXNET_new.3
 dist_man3_MANS += TS_REQ_new.3
 dist_man3_MANS += UI_UTIL_read_pw.3
 dist_man3_MANS += UI_create_method.3
@@ -506,9 +498,6 @@ dist_man3_MANS += X509_keyid_set1.3
 dist_man3_MANS += X509_load_cert_file.3
 dist_man3_MANS += X509_new.3
 dist_man3_MANS += X509_ocspid_print.3
-dist_man3_MANS += X509_policy_check.3
-dist_man3_MANS += X509_policy_tree_get0_policies.3
-dist_man3_MANS += X509_policy_tree_level_count.3
 dist_man3_MANS += X509_print_ex.3
 dist_man3_MANS += X509_sign.3
 dist_man3_MANS += X509_signature_dump.3
@@ -540,7 +529,6 @@ dist_man3_MANS += d2i_PKCS8PrivateKey_bio.3
 dist_man3_MANS += d2i_PKCS8_PRIV_KEY_INFO.3
 dist_man3_MANS += d2i_PKEY_USAGE_PERIOD.3
 dist_man3_MANS += d2i_POLICYINFO.3
-dist_man3_MANS += d2i_PROXY_POLICY.3
 dist_man3_MANS += d2i_PrivateKey.3
 dist_man3_MANS += d2i_RSAPublicKey.3
 dist_man3_MANS += d2i_TS_REQ.3
@@ -556,11 +544,11 @@ dist_man3_MANS += des_read_pw.3
 dist_man3_MANS += evp.3
 dist_man3_MANS += get_rfc3526_prime_8192.3
 dist_man3_MANS += i2a_ASN1_STRING.3
-dist_man3_MANS += i2d_ASN1_bio_stream.3
 dist_man3_MANS += i2d_CMS_bio_stream.3
 dist_man3_MANS += i2d_PKCS7_bio_stream.3
 dist_man3_MANS += lh_new.3
 dist_man3_MANS += lh_stats.3
+dist_man3_MANS += s2i_ASN1_INTEGER.3
 dist_man3_MANS += x509_verify.3
 dist_man3_MANS += tls_accept_socket.3
 dist_man3_MANS += tls_client.3
@@ -701,7 +689,6 @@ install-data-hook:
 	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
 	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
 	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
-	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_ndef_i2d.3"
 	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
 	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
 	ln -sf "ASN1_item_d2i.3" "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
@@ -753,6 +740,7 @@ install-data-hook:
 	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
 	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
 	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
+	ln -sf "BIO_ctrl.3" "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
 	ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_fp.3"
 	ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_indent.3"
 	ln -sf "BIO_dump.3" "$(DESTDIR)$(mandir)/man3/BIO_dump_indent_fp.3"
@@ -773,6 +761,7 @@ install-data-hook:
 	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
 	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
 	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
+	ln -sf "BIO_f_md.3" "$(DESTDIR)$(mandir)/man3/BIO_set_md_ctx.3"
 	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
 	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
 	ln -sf "BIO_f_ssl.3" "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
@@ -941,15 +930,12 @@ install-data-hook:
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
-	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
-	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
 	ln -sf "BN_BLINDING_new.3" "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
 	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
-	ln -sf "BN_CTX_new.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
 	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
 	ln -sf "BN_CTX_start.3" "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
 	ln -sf "BN_GF2m_add.3" "$(DESTDIR)$(mandir)/man3/BN_GF2m_arr2poly.3"
@@ -1025,9 +1011,7 @@ install-data-hook:
 	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
 	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
 	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
-	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
 	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
-	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
 	ln -sf "BN_generate_prime.3" "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
 	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
 	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
@@ -1035,7 +1019,6 @@ install-data-hook:
 	ln -sf "BN_get0_nist_prime_521.3" "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
 	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
 	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
-	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
 	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
 	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
 	ln -sf "BN_mod_mul_montgomery.3" "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set_locked.3"
@@ -1050,7 +1033,6 @@ install-data-hook:
 	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear.3"
 	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
 	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_free.3"
-	ln -sf "BN_new.3" "$(DESTDIR)$(mandir)/man3/BN_init.3"
 	ln -sf "BN_nist_mod_521.3" "$(DESTDIR)$(mandir)/man3/BN_nist_mod_192.3"
 	ln -sf "BN_nist_mod_521.3" "$(DESTDIR)$(mandir)/man3/BN_nist_mod_224.3"
 	ln -sf "BN_nist_mod_521.3" "$(DESTDIR)$(mandir)/man3/BN_nist_mod_256.3"
@@ -1074,7 +1056,6 @@ install-data-hook:
 	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_one.3"
 	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
 	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
-	ln -sf "BN_zero.3" "$(DESTDIR)$(mandir)/man3/BN_zero_ex.3"
 	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
 	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
 	ln -sf "BUF_MEM_new.3" "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
@@ -1270,12 +1251,7 @@ install-data-hook:
 	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
 	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
 	ln -sf "ECDSA_SIG_new.3" "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
-	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
 	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
-	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
-	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
-	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
-	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
 	ln -sf "EC_GFp_simple_method.3" "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
 	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
 	ln -sf "EC_GROUP_copy.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
@@ -1303,13 +1279,10 @@ install-data-hook:
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve.3"
-	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
-	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve.3"
-	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
 	ln -sf "EC_GROUP_new.3" "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
 	ln -sf "EC_KEY_METHOD_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_free.3"
@@ -1341,8 +1314,6 @@ install-data-hook:
 	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
 	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
 	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
-	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
-	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
 	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
 	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
 	ln -sf "EC_KEY_new.3" "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
@@ -1374,7 +1345,6 @@ install-data-hook:
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates.3"
-	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
@@ -1384,10 +1354,8 @@ install-data-hook:
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates.3"
-	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates.3"
-	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
 	ln -sf "EC_POINT_new.3" "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
 	ln -sf "ENGINE_add.3" "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
@@ -1578,6 +1546,8 @@ install-data-hook:
 	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
 	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
 	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512_224.3"
+	ln -sf "EVP_DigestInit.3" "$(DESTDIR)$(mandir)/man3/EVP_sha512_256.3"
 	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSign.3"
 	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
 	ln -sf "EVP_DigestSignInit.3" "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
@@ -2072,7 +2042,6 @@ install-data-hook:
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
-	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
@@ -2093,7 +2062,6 @@ install-data-hook:
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
-	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
@@ -2113,7 +2081,6 @@ install-data-hook:
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
-	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
@@ -2137,7 +2104,6 @@ install-data-hook:
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
-	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
 	ln -sf "PEM_read_bio_PrivateKey.3" "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
@@ -2874,12 +2840,10 @@ install-data-hook:
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_crl.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_issuer.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_parent_ctx.3"
-	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_policy_tree.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_chain.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
-	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_explicit_policy.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_num_untrusted.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_verified_chain.3"
 	ln -sf "X509_STORE_CTX_get_error.3" "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_current_cert.3"
@@ -3327,7 +3291,6 @@ install-data-hook:
 	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
 	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
 	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
-	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
 	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
 	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
 	ln -sf "d2i_PKCS7.3" "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
@@ -3508,6 +3471,11 @@ install-data-hook:
 	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
 	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
 	ln -sf "lh_stats.3" "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
+	ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED.3"
+	ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED_TABLE.3"
+	ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_INTEGER.3"
+	ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/i2s_ASN1_OCTET_STRING.3"
+	ln -sf "s2i_ASN1_INTEGER.3" "$(DESTDIR)$(mandir)/man3/s2i_ASN1_OCTET_STRING.3"
 	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
 	ln -sf "tls_accept_socket.3" "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
 	ln -sf "tls_client.3" "$(DESTDIR)$(mandir)/man3/tls_configure.3"
@@ -3721,7 +3689,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_bio.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_i2d_fp.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_ndef_i2d.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/ASN1_item_print.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ASN1_TYPE.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ASN1_TYPE.3"
@@ -3773,6 +3740,7 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_info_callback.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_tell.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_wpending.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/bio_info_cb.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_fp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_indent.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_dump_indent_fp.3"
@@ -3793,6 +3761,7 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_md_ctx.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_md.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_set_md_ctx.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_do_handshake.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_num_renegotiates.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BIO_get_ssl.3"
@@ -3961,15 +3930,12 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_create_param.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_free.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_flags.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_get_thread_id.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_invert_ex.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_flags.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_set_thread_id.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_thread_id.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_BLINDING_update.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_free.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_init.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_end.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_CTX_get.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GF2m_arr2poly.3"
@@ -4045,9 +4011,7 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_GENCB_set_old.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_generate_prime_ex.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_ex.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_is_prime_fasttest_ex.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_192.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_224.3"
@@ -4055,7 +4019,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_get0_nist_prime_384.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_copy.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_free.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_init.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_new.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_MONT_CTX_set_locked.3"
@@ -4070,7 +4033,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_clear_free.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_free.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_init.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_nist_mod_192.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_nist_mod_224.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_nist_mod_256.3"
@@ -4094,7 +4056,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_one.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_set_word.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BN_value_one.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/BN_zero_ex.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_free.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/BUF_MEM_grow_clean.3"
@@ -4290,12 +4251,7 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/ECDSA_verify.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/d2i_ECDSA_SIG.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_ECDSA_SIG.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GF2m_simple_method.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_mont_method.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nist_method.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp224_method.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp256_method.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GFp_nistp521_method.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_METHOD_get_field_type.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_check_discriminant.3"
@@ -4323,13 +4279,10 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_clear_free.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_free.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GF2m.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_get_curve_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_by_curve_name.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GF2m.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_new_curve_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GF2m.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_GROUP_set_curve_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_get_builtin_curves.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_METHOD_free.3"
@@ -4361,8 +4314,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_conv_form.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_enc_flags.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_flags.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_get_key_method_data.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_insert_key_method_data.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_new_by_curve_name.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_precompute_mult.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_KEY_print.3"
@@ -4394,7 +4345,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_free.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_Jprojective_coordinates_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GF2m.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_get_affine_coordinates_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_hex2point.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_method_of.3"
@@ -4404,10 +4354,8 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_point2oct.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_Jprojective_coordinates_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GF2m.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_affine_coordinates_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GF2m.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_compressed_coordinates_GFp.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EC_POINT_set_to_infinity.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/ENGINE_by_id.3"
@@ -4598,6 +4546,8 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha256.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha384.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512_224.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_sha512_256.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSign.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignFinal.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/EVP_DigestSignUpdate.3"
@@ -5092,7 +5042,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPKParameters.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_ECPrivateKey.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_EC_PUBKEY.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_NETSCAPE_CERT_SEQUENCE.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS7.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_PKCS8_PRIV_KEY_INFO.3"
@@ -5113,7 +5062,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPKParameters.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_ECPrivateKey.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_EC_PUBKEY.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_NETSCAPE_CERT_SEQUENCE.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS7.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_read_bio_PKCS8_PRIV_KEY_INFO.3"
@@ -5133,7 +5081,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPKParameters.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_ECPrivateKey.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_EC_PUBKEY.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_NETSCAPE_CERT_SEQUENCE.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS7.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_PKCS8PrivateKey.3"
@@ -5157,7 +5104,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPKParameters.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_ECPrivateKey.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_EC_PUBKEY.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_NETSCAPE_CERT_SEQUENCE.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS7.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/PEM_write_bio_PKCS8PrivateKey.3"
@@ -5894,12 +5840,10 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_crl.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_current_issuer.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_parent_ctx.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get0_policy_tree.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get1_chain.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_chain.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_current_cert.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_error_depth.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_explicit_policy.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_get_num_untrusted.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set0_verified_chain.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/X509_STORE_CTX_set_current_cert.3"
@@ -6347,7 +6291,6 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENC_CONTENT.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ENVELOPE.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_ISSUER_AND_SERIAL.3"
-	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_NDEF.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_RECIP_INFO.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNED.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/i2d_PKCS7_SIGNER_INFO.3"
@@ -6528,6 +6471,11 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/lh_node_usage_stats_bio.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/lh_stats_bio.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_ENUMERATED_TABLE.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_INTEGER.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/i2s_ASN1_OCTET_STRING.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/s2i_ASN1_OCTET_STRING.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_cbs.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_accept_fds.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_configure.3"
diff --git a/tls.c b/tls.c
index ff33ebe..989339d 100644
--- a/tls.c
+++ b/tls.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls.c,v 1.94 2022/02/08 19:13:50 tb Exp $ */
+/* $OpenBSD: tls.c,v 1.96 2023/05/25 07:46:21 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -21,6 +21,7 @@
 #include <limits.h>
 #include <pthread.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 
 #include <openssl/bio.h>
@@ -409,12 +410,18 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
 			tls_set_errorx(ctx, "RSA key setup failure");
 			goto err;
 		}
-		if (ctx->config->sign_cb == NULL)
-			break;
-		if ((rsa_method = tls_signer_rsa_method()) == NULL ||
-		    RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
-		    RSA_set_method(rsa, rsa_method) == 0) {
-			tls_set_errorx(ctx, "failed to setup RSA key");
+		if (ctx->config->sign_cb != NULL) {
+			rsa_method = tls_signer_rsa_method();
+			if (rsa_method == NULL ||
+			    RSA_set_ex_data(rsa, 1, ctx->config) == 0 ||
+			    RSA_set_method(rsa, rsa_method) == 0) {
+				tls_set_errorx(ctx, "failed to setup RSA key");
+				goto err;
+			}
+		}
+		/* Reset the key to work around caching in OpenSSL 3. */
+		if (EVP_PKEY_set1_RSA(pkey, rsa) == 0) {
+			tls_set_errorx(ctx, "failed to set RSA key");
 			goto err;
 		}
 		break;
@@ -424,12 +431,18 @@ tls_keypair_setup_pkey(struct tls *ctx, struct tls_keypair *keypair, EVP_PKEY *p
 			tls_set_errorx(ctx, "EC key setup failure");
 			goto err;
 		}
-		if (ctx->config->sign_cb == NULL)
-			break;
-		if ((ecdsa_method = tls_signer_ecdsa_method()) == NULL ||
-		    ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
-		    ECDSA_set_method(eckey, ecdsa_method) == 0) {
-			tls_set_errorx(ctx, "failed to setup EC key");
+		if (ctx->config->sign_cb != NULL) {
+			ecdsa_method = tls_signer_ecdsa_method();
+			if (ecdsa_method == NULL ||
+			    ECDSA_set_ex_data(eckey, 1, ctx->config) == 0 ||
+			    ECDSA_set_method(eckey, ecdsa_method) == 0) {
+				tls_set_errorx(ctx, "failed to setup EC key");
+				goto err;
+			}
+		}
+		/* Reset the key to work around caching in OpenSSL 3. */
+		if (EVP_PKEY_set1_EC_KEY(pkey, eckey) == 0) {
+			tls_set_errorx(ctx, "failed to set EC key");
 			goto err;
 		}
 		break;
diff --git a/tls_bio_cb.c b/tls_bio_cb.c
index dad9d23..8a1edfd 100644
--- a/tls_bio_cb.c
+++ b/tls_bio_cb.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_bio_cb.c,v 1.20 2022/01/10 23:39:48 tb Exp $ */
+/* $OpenBSD: tls_bio_cb.c,v 1.21 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2016 Tobias Pape <tobias@netshed.de>
  *
@@ -17,6 +17,7 @@
 
 #include <fcntl.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 
 #include <openssl/bio.h>
diff --git a/tls_client.c b/tls_client.c
index 1629697..deb24eb 100644
--- a/tls_client.c
+++ b/tls_client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_client.c,v 1.48 2021/10/21 08:38:11 tb Exp $ */
+/* $OpenBSD: tls_client.c,v 1.49 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -25,6 +25,7 @@
 #include <limits.h>
 #include <netdb.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 
 #include <openssl/err.h>
diff --git a/tls_config.c b/tls_config.c
index 15e218b..3efd0dd 100644
--- a/tls_config.c
+++ b/tls_config.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_config.c,v 1.65 2022/01/25 21:51:24 eric Exp $ */
+/* $OpenBSD: tls_config.c,v 1.66 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -22,6 +22,7 @@
 #include <fcntl.h>
 #include <pthread.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 
 #include <tls.h>
diff --git a/tls_conninfo.c b/tls_conninfo.c
index 4d9ae29..b2aadab 100644
--- a/tls_conninfo.c
+++ b/tls_conninfo.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_conninfo.c,v 1.22 2021/01/05 15:57:38 tb Exp $ */
+/* $OpenBSD: tls_conninfo.c,v 1.23 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2015 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
@@ -17,6 +17,7 @@
  */
 
 #include <stdio.h>
+#include <string.h>
 
 #include <openssl/x509.h>
 
diff --git a/tls_internal.h b/tls_internal.h
index ca1d96f..f4c23f6 100644
--- a/tls_internal.h
+++ b/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.80 2022/03/24 15:56:34 tb Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.81 2023/04/09 18:26:26 tb Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
@@ -302,7 +302,6 @@ ECDSA_METHOD *tls_signer_ecdsa_method(void);
 
 #define TLS_PADDING_NONE			0
 #define TLS_PADDING_RSA_PKCS1			1
-#define TLS_PADDING_RSA_X9_31			2
 
 int tls_config_set_sign_cb(struct tls_config *_config, tls_sign_cb _cb,
     void *_cb_arg);
diff --git a/tls_ocsp.c b/tls_ocsp.c
index 83585fa..acf6935 100644
--- a/tls_ocsp.c
+++ b/tls_ocsp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls_ocsp.c,v 1.22 2021/10/31 16:39:32 tb Exp $ */
+/*	$OpenBSD: tls_ocsp.c,v 1.23 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2015 Marko Kreen <markokr@gmail.com>
  * Copyright (c) 2016 Bob Beck <beck@openbsd.org>
@@ -21,6 +21,8 @@
 #include <arpa/inet.h>
 #include <netinet/in.h>
 
+#include <string.h>
+
 #include <openssl/err.h>
 #include <openssl/ocsp.h>
 #include <openssl/x509.h>
diff --git a/tls_server.c b/tls_server.c
index 72f797b..5f93c7a 100644
--- a/tls_server.c
+++ b/tls_server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_server.c,v 1.48 2022/01/19 11:10:55 inoguchi Exp $ */
+/* $OpenBSD: tls_server.c,v 1.49 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  *
@@ -19,6 +19,8 @@
 
 #include <arpa/inet.h>
 
+#include <string.h>
+
 #include <openssl/ec.h>
 #include <openssl/err.h>
 #include <openssl/ssl.h>
diff --git a/tls_signer.c b/tls_signer.c
index 1f11096..f6005d3 100644
--- a/tls_signer.c
+++ b/tls_signer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_signer.c,v 1.4 2022/02/01 17:18:38 jsing Exp $ */
+/* $OpenBSD: tls_signer.c,v 1.5 2023/04/09 18:26:26 tb Exp $ */
 /*
  * Copyright (c) 2021 Eric Faurot <eric@openbsd.org>
  *
@@ -193,8 +193,6 @@ tls_sign_rsa(struct tls_signer *signer, struct tls_signer_key *skey,
 		rsa_padding = RSA_NO_PADDING;
 	} else if (padding_type == TLS_PADDING_RSA_PKCS1) {
 		rsa_padding = RSA_PKCS1_PADDING;
-	} else if (padding_type == TLS_PADDING_RSA_X9_31) {
-		rsa_padding = RSA_X931_PADDING;
 	} else {
 		tls_error_setx(&signer->error, "invalid RSA padding type (%d)",
 		    padding_type);
@@ -331,8 +329,6 @@ tls_rsa_priv_enc(int from_len, const unsigned char *from, unsigned char *to,
 		padding_type = TLS_PADDING_NONE;
 	} else if (rsa_padding == RSA_PKCS1_PADDING) {
 		padding_type = TLS_PADDING_RSA_PKCS1;
-	} else if (rsa_padding == RSA_X931_PADDING) {
-		padding_type = TLS_PADDING_RSA_X9_31;
 	} else {
 		goto err;
 	}
diff --git a/tls_util.c b/tls_util.c
index d8103a5..b276d2c 100644
--- a/tls_util.c
+++ b/tls_util.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_util.c,v 1.15 2021/08/16 13:54:38 tb Exp $ */
+/* $OpenBSD: tls_util.c,v 1.16 2023/05/14 07:26:25 op Exp $ */
 /*
  * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2014 Ted Unangst <tedu@openbsd.org>
@@ -20,6 +20,7 @@
 #include <sys/stat.h>
 
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 #include <fcntl.h>
 
diff --git a/tls_verify.c b/tls_verify.c
index acbe163..0cb86f6 100644
--- a/tls_verify.c
+++ b/tls_verify.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_verify.c,v 1.20 2018/02/05 00:52:24 jsing Exp $ */
+/* $OpenBSD: tls_verify.c,v 1.23 2023/05/11 07:35:27 tb Exp $ */
 /*
  * Copyright (c) 2014 Jeremie Courreges-Anglas <jca@openbsd.org>
  *
@@ -115,7 +115,7 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 
 	count = sk_GENERAL_NAME_num(altname_stack);
 	for (i = 0; i < count; i++) {
-		GENERAL_NAME	*altname;
+		GENERAL_NAME *altname;
 
 		altname = sk_GENERAL_NAME_value(altname_stack, i);
 
@@ -126,12 +126,12 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 			continue;
 
 		if (type == GEN_DNS) {
-			unsigned char	*data;
-			int		 format, len;
+			const unsigned char *data;
+			int format, len;
 
 			format = ASN1_STRING_type(altname->d.dNSName);
 			if (format == V_ASN1_IA5STRING) {
-				data = ASN1_STRING_data(altname->d.dNSName);
+				data = ASN1_STRING_get0_data(altname->d.dNSName);
 				len = ASN1_STRING_length(altname->d.dNSName);
 
 				if (len < 0 || (size_t)len != strlen(data)) {
@@ -171,11 +171,11 @@ tls_check_subject_altname(struct tls *ctx, X509 *cert, const char *name,
 			}
 
 		} else if (type == GEN_IPADD) {
-			unsigned char	*data;
-			int		 datalen;
+			const unsigned char *data;
+			int datalen;
 
 			datalen = ASN1_STRING_length(altname->d.iPAddress);
-			data = ASN1_STRING_data(altname->d.iPAddress);
+			data = ASN1_STRING_get0_data(altname->d.iPAddress);
 
 			if (datalen < 0) {
 				tls_set_errorx(ctx,
@@ -209,7 +209,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 	char *common_name = NULL;
 	union tls_addr addrbuf;
 	int common_name_len;
-	int rv = 0;
+	int rv = -1;
 
 	*cn_match = 0;
 
@@ -223,8 +223,10 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		goto done;
 
 	common_name = calloc(common_name_len + 1, 1);
-	if (common_name == NULL)
-		goto done;
+	if (common_name == NULL) {
+		tls_set_error(ctx, "out of memory");
+		goto err;
+	}
 
 	X509_NAME_get_text_by_NID(subject_name, NID_commonName, common_name,
 	    common_name_len + 1);
@@ -235,8 +237,7 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		tls_set_errorx(ctx, "error verifying name '%s': "
 		    "NUL byte in Common Name field, "
 		    "probably a malicious certificate", name);
-		rv = -1;
-		goto done;
+		goto err;
 	}
 
 	/*
@@ -254,6 +255,9 @@ tls_check_common_name(struct tls *ctx, X509 *cert, const char *name,
 		*cn_match = 1;
 
  done:
+	rv = 0;
+
+ err:
 	free(common_name);
 	return rv;
 }
-- 
cgit 1.4.1