Consolidate all of the SSL method structs/functions into a single file.

Discussed with tb@

8 files changed, 672 insertions, 871 deletions

diff --git a/lib/libssl/Makefile b/lib/libssl/Makefile
index 6a397a7df71..e912562a75d 100644
--- a/lib/libssl/Makefile
+++ b/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.39 2018/03/17 16:20:01 beck Exp $
+# $OpenBSD: Makefile,v 1.40 2018/11/05 05:45:15 jsing Exp $
 
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -26,13 +26,13 @@ SYMBOL_LIST=	${.CURDIR}/Symbols.list
 
 SRCS= \
 	ssl_srvr.c ssl_clnt.c s3_lib.c ssl_pkt.c ssl_both.c \
-	t1_meth.c t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c t1_hash.c \
-	d1_meth.c d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
+	t1_lib.c t1_enc.c t1_hash.c \
+	d1_srvr.c d1_clnt.c d1_lib.c d1_pkt.c \
 	d1_both.c d1_enc.c d1_srtp.c \
 	ssl_lib.c ssl_cert.c ssl_sess.c \
 	ssl_ciph.c ssl_stat.c ssl_rsa.c \
 	ssl_asn1.c ssl_txt.c ssl_algs.c \
-	bio_ssl.c ssl_err.c \
+	bio_ssl.c ssl_err.c ssl_methods.c \
 	ssl_packet.c ssl_tlsext.c ssl_versions.c pqueue.c ssl_init.c
 SRCS+=	s3_cbc.c
 SRCS+=	bs_ber.c bs_cbb.c bs_cbs.c
diff --git a/lib/libssl/d1_clnt.c b/lib/libssl/d1_clnt.c
index 8f60f4a8c48..ee21a1bebc3 100644
--- a/lib/libssl/d1_clnt.c
+++ b/lib/libssl/d1_clnt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_clnt.c,v 1.81 2018/08/30 16:56:16 jsing Exp $ */
+/* $OpenBSD: d1_clnt.c,v 1.82 2018/11/05 05:45:15 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -127,49 +127,6 @@
 
 #include "bytestring.h"
 
-static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = dtls1_get_client_method,
-	.get_timeout = dtls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = dtls1_get_message,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &DTLSv1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_client_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_client_method_internal_data,
-};
-
-const SSL_METHOD *
-DTLSv1_client_method(void)
-{
-	return &DTLSv1_client_method_data;
-}
-
-const SSL_METHOD *
-dtls1_get_client_method(int ver)
-{
-	if (ver == DTLS1_VERSION)
-		return (DTLSv1_client_method());
-	return (NULL);
-}
-
 int
 dtls1_get_hello_verify(SSL *s)
 {
diff --git a/lib/libssl/d1_meth.c b/lib/libssl/d1_meth.c
deleted file mode 100644
index e157dc4d930..00000000000
--- a/lib/libssl/d1_meth.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* $OpenBSD: d1_meth.c,v 1.17 2018/08/30 16:56:16 jsing Exp $ */
-/*
- * DTLS implementation written by Nagendra Modadugu
- * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
- */
-/* ====================================================================
- * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-
-#include <openssl/objects.h>
-
-#include "ssl_locl.h"
-
-static const SSL_METHOD *dtls1_get_method(int ver);
-
-static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = dtls1_get_method,
-	.get_timeout = dtls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = dtls1_get_message,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &DTLSv1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_method_internal_data,
-};
-
-const SSL_METHOD *
-DTLSv1_method(void)
-{
-	return &DTLSv1_method_data;
-}
-
-static const SSL_METHOD *
-dtls1_get_method(int ver)
-{
-	if (ver == DTLS1_VERSION)
-		return (DTLSv1_method());
-	return (NULL);
-}
diff --git a/lib/libssl/d1_srvr.c b/lib/libssl/d1_srvr.c
index c0ee0d00aa8..1a1ee5429e4 100644
--- a/lib/libssl/d1_srvr.c
+++ b/lib/libssl/d1_srvr.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: d1_srvr.c,v 1.94 2018/08/30 16:56:16 jsing Exp $ */
+/* $OpenBSD: d1_srvr.c,v 1.95 2018/11/05 05:45:15 jsing Exp $ */
 /*
  * DTLS implementation written by Nagendra Modadugu
  * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.
@@ -125,49 +125,6 @@
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 
-static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
-	.version = DTLS1_VERSION,
-	.min_version = DTLS1_VERSION,
-	.max_version = DTLS1_VERSION,
-	.ssl_new = dtls1_new,
-	.ssl_clear = dtls1_clear,
-	.ssl_free = dtls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.get_ssl_method = dtls1_get_server_method,
-	.get_timeout = dtls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = dtls1_get_message,
-	.ssl_read_bytes = dtls1_read_bytes,
-	.ssl_write_bytes = dtls1_write_app_data_bytes,
-	.ssl3_enc = &DTLSv1_enc_data,
-};
-
-static const SSL_METHOD DTLSv1_server_method_data = {
-	.ssl_dispatch_alert = dtls1_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = dtls1_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &DTLSv1_server_method_internal_data,
-};
-
-const SSL_METHOD *
-DTLSv1_server_method(void)
-{
-	return &DTLSv1_server_method_data;
-}
-
-const SSL_METHOD *
-dtls1_get_server_method(int ver)
-{
-	if (ver == DTLS1_VERSION)
-		return (DTLSv1_server_method());
-	return (NULL);
-}
-
 int
 dtls1_send_hello_verify_request(SSL *s)
 {
diff --git a/lib/libssl/ssl_methods.c b/lib/libssl/ssl_methods.c
new file mode 100644
index 00000000000..3e9f18bc40e
--- /dev/null
+++ b/lib/libssl/ssl_methods.c
@@ -0,0 +1,666 @@
+/* $OpenBSD: ssl_methods.c,v 1.1 2018/11/05 05:45:15 jsing Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include "ssl_locl.h"
+
+static const SSL_METHOD_INTERNAL DTLSv1_client_method_internal_data = {
+	.version = DTLS1_VERSION,
+	.min_version = DTLS1_VERSION,
+	.max_version = DTLS1_VERSION,
+	.ssl_new = dtls1_new,
+	.ssl_clear = dtls1_clear,
+	.ssl_free = dtls1_free,
+	.ssl_accept = ssl_undefined_function,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = dtls1_get_client_method,
+	.get_timeout = dtls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = dtls1_get_message,
+	.ssl_read_bytes = dtls1_read_bytes,
+	.ssl_write_bytes = dtls1_write_app_data_bytes,
+	.ssl3_enc = &DTLSv1_enc_data,
+};
+
+static const SSL_METHOD DTLSv1_client_method_data = {
+	.ssl_dispatch_alert = dtls1_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = dtls1_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &DTLSv1_client_method_internal_data,
+};
+
+const SSL_METHOD *
+DTLSv1_client_method(void)
+{
+	return &DTLSv1_client_method_data;
+}
+
+const SSL_METHOD *
+dtls1_get_client_method(int ver)
+{
+	if (ver == DTLS1_VERSION)
+		return (DTLSv1_client_method());
+	return (NULL);
+}
+
+static const SSL_METHOD *dtls1_get_method(int ver);
+
+static const SSL_METHOD_INTERNAL DTLSv1_method_internal_data = {
+	.version = DTLS1_VERSION,
+	.min_version = DTLS1_VERSION,
+	.max_version = DTLS1_VERSION,
+	.ssl_new = dtls1_new,
+	.ssl_clear = dtls1_clear,
+	.ssl_free = dtls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = dtls1_get_method,
+	.get_timeout = dtls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = dtls1_get_message,
+	.ssl_read_bytes = dtls1_read_bytes,
+	.ssl_write_bytes = dtls1_write_app_data_bytes,
+	.ssl3_enc = &DTLSv1_enc_data,
+};
+
+static const SSL_METHOD DTLSv1_method_data = {
+	.ssl_dispatch_alert = dtls1_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = dtls1_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &DTLSv1_method_internal_data,
+};
+
+const SSL_METHOD *
+DTLSv1_method(void)
+{
+	return &DTLSv1_method_data;
+}
+
+static const SSL_METHOD *
+dtls1_get_method(int ver)
+{
+	if (ver == DTLS1_VERSION)
+		return (DTLSv1_method());
+	return (NULL);
+}
+
+static const SSL_METHOD_INTERNAL DTLSv1_server_method_internal_data = {
+	.version = DTLS1_VERSION,
+	.min_version = DTLS1_VERSION,
+	.max_version = DTLS1_VERSION,
+	.ssl_new = dtls1_new,
+	.ssl_clear = dtls1_clear,
+	.ssl_free = dtls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl_undefined_function,
+	.get_ssl_method = dtls1_get_server_method,
+	.get_timeout = dtls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = dtls1_get_message,
+	.ssl_read_bytes = dtls1_read_bytes,
+	.ssl_write_bytes = dtls1_write_app_data_bytes,
+	.ssl3_enc = &DTLSv1_enc_data,
+};
+
+static const SSL_METHOD DTLSv1_server_method_data = {
+	.ssl_dispatch_alert = dtls1_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = dtls1_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &DTLSv1_server_method_internal_data,
+};
+
+const SSL_METHOD *
+DTLSv1_server_method(void)
+{
+	return &DTLSv1_server_method_data;
+}
+
+const SSL_METHOD *
+dtls1_get_server_method(int ver)
+{
+	if (ver == DTLS1_VERSION)
+		return (DTLSv1_server_method());
+	return (NULL);
+}
+
+static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
+	.version = TLS1_2_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_2_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl_undefined_function,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl_undefined_function,
+	.ssl_renegotiate_check = ssl_ok,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLS_client_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_client_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
+	.version = TLS1_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl_undefined_function,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_client_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_client_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
+	.version = TLS1_1_VERSION,
+	.min_version = TLS1_1_VERSION,
+	.max_version = TLS1_1_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl_undefined_function,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_client_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_client_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
+	.version = TLS1_2_VERSION,
+	.min_version = TLS1_2_VERSION,
+	.max_version = TLS1_2_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl_undefined_function,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_client_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_client_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_client_method_internal_data,
+};
+
+const SSL_METHOD *
+tls1_get_client_method(int ver)
+{
+	if (ver == TLS1_2_VERSION)
+		return (TLSv1_2_client_method());
+	if (ver == TLS1_1_VERSION)
+		return (TLSv1_1_client_method());
+	if (ver == TLS1_VERSION)
+		return (TLSv1_client_method());
+	return (NULL);
+}
+
+const SSL_METHOD *
+SSLv23_client_method(void)
+{
+	return (TLS_client_method());
+}
+
+const SSL_METHOD *
+TLS_client_method(void)
+{
+	return (&TLS_client_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_client_method(void)
+{
+	return (&TLSv1_client_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_1_client_method(void)
+{
+	return (&TLSv1_1_client_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_2_client_method(void)
+{
+	return (&TLSv1_2_client_method_data);
+}
+
+static const SSL_METHOD *tls1_get_method(int ver);
+
+static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
+	.version = TLS1_2_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_2_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl_undefined_function,
+	.ssl_renegotiate_check = ssl_ok,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLS_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
+	.version = TLS1_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
+	.version = TLS1_1_VERSION,
+	.min_version = TLS1_1_VERSION,
+	.max_version = TLS1_1_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
+	.version = TLS1_2_VERSION,
+	.min_version = TLS1_2_VERSION,
+	.max_version = TLS1_2_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl3_connect,
+	.get_ssl_method = tls1_get_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_method_internal_data,
+};
+
+static const SSL_METHOD *
+tls1_get_method(int ver)
+{
+	if (ver == TLS1_2_VERSION)
+		return (TLSv1_2_method());
+	if (ver == TLS1_1_VERSION)
+		return (TLSv1_1_method());
+	if (ver == TLS1_VERSION)
+		return (TLSv1_method());
+	return (NULL);
+}
+
+const SSL_METHOD *
+SSLv23_method(void)
+{
+	return (TLS_method());
+}
+
+const SSL_METHOD *
+TLS_method(void)
+{
+	return &TLS_method_data;
+}
+
+const SSL_METHOD *
+TLSv1_method(void)
+{
+	return (&TLSv1_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_1_method(void)
+{
+	return (&TLSv1_1_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_2_method(void)
+{
+	return (&TLSv1_2_method_data);
+}
+
+static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
+	.version = TLS1_2_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_2_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl_undefined_function,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl_undefined_function,
+	.ssl_renegotiate_check = ssl_ok,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLS_server_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLS_server_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
+	.version = TLS1_VERSION,
+	.min_version = TLS1_VERSION,
+	.max_version = TLS1_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl_undefined_function,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_server_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_server_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
+	.version = TLS1_1_VERSION,
+	.min_version = TLS1_1_VERSION,
+	.max_version = TLS1_1_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl_undefined_function,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_1_enc_data,
+};
+
+static const SSL_METHOD TLSv1_1_server_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_1_server_method_internal_data,
+};
+
+static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
+	.version = TLS1_2_VERSION,
+	.min_version = TLS1_2_VERSION,
+	.max_version = TLS1_2_VERSION,
+	.ssl_new = tls1_new,
+	.ssl_clear = tls1_clear,
+	.ssl_free = tls1_free,
+	.ssl_accept = ssl3_accept,
+	.ssl_connect = ssl_undefined_function,
+	.get_ssl_method = tls1_get_server_method,
+	.get_timeout = tls1_default_timeout,
+	.ssl_version = ssl_undefined_void_function,
+	.ssl_renegotiate = ssl3_renegotiate,
+	.ssl_renegotiate_check = ssl3_renegotiate_check,
+	.ssl_get_message = ssl3_get_message,
+	.ssl_read_bytes = ssl3_read_bytes,
+	.ssl_write_bytes = ssl3_write_bytes,
+	.ssl3_enc = &TLSv1_2_enc_data,
+};
+
+static const SSL_METHOD TLSv1_2_server_method_data = {
+	.ssl_dispatch_alert = ssl3_dispatch_alert,
+	.num_ciphers = ssl3_num_ciphers,
+	.get_cipher = ssl3_get_cipher,
+	.get_cipher_by_char = ssl3_get_cipher_by_char,
+	.put_cipher_by_char = ssl3_put_cipher_by_char,
+	.internal = &TLSv1_2_server_method_internal_data,
+};
+
+const SSL_METHOD *
+tls1_get_server_method(int ver)
+{
+	if (ver == TLS1_2_VERSION)
+		return (TLSv1_2_server_method());
+	if (ver == TLS1_1_VERSION)
+		return (TLSv1_1_server_method());
+	if (ver == TLS1_VERSION)
+		return (TLSv1_server_method());
+	return (NULL);
+}
+
+const SSL_METHOD *
+SSLv23_server_method(void)
+{
+	return (TLS_server_method());
+}
+
+const SSL_METHOD *
+TLS_server_method(void)
+{
+	return (&TLS_server_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_server_method(void)
+{
+	return (&TLSv1_server_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_1_server_method(void)
+{
+	return (&TLSv1_1_server_method_data);
+}
+
+const SSL_METHOD *
+TLSv1_2_server_method(void)
+{
+	return (&TLSv1_2_server_method_data);
+}
diff --git a/lib/libssl/t1_clnt.c b/lib/libssl/t1_clnt.c
deleted file mode 100644
index 4e3b208743a..00000000000
--- a/lib/libssl/t1_clnt.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/* $OpenBSD: t1_clnt.c,v 1.26 2018/08/30 16:56:16 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include "ssl_locl.h"
-
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-
-static const SSL_METHOD_INTERNAL TLS_client_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_client_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_client_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_client_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_client_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl_undefined_function,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_client_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_client_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_client_method_internal_data,
-};
-
-const SSL_METHOD *
-tls1_get_client_method(int ver)
-{
-	if (ver == TLS1_2_VERSION)
-		return (TLSv1_2_client_method());
-	if (ver == TLS1_1_VERSION)
-		return (TLSv1_1_client_method());
-	if (ver == TLS1_VERSION)
-		return (TLSv1_client_method());
-	return (NULL);
-}
-
-const SSL_METHOD *
-SSLv23_client_method(void)
-{
-	return (TLS_client_method());
-}
-
-const SSL_METHOD *
-TLS_client_method(void)
-{
-	return (&TLS_client_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_client_method(void)
-{
-	return (&TLSv1_client_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_1_client_method(void)
-{
-	return (&TLSv1_1_client_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_2_client_method(void)
-{
-	return (&TLSv1_2_client_method_data);
-}
diff --git a/lib/libssl/t1_meth.c b/lib/libssl/t1_meth.c
deleted file mode 100644
index 5ce8c9135b7..00000000000
--- a/lib/libssl/t1_meth.c
+++ /dev/null
@@ -1,223 +0,0 @@
-/* $OpenBSD: t1_meth.c,v 1.25 2018/08/30 16:56:16 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include <openssl/objects.h>
-
-#include "ssl_locl.h"
-
-static const SSL_METHOD *tls1_get_method(int ver);
-
-static const SSL_METHOD_INTERNAL TLS_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl3_connect,
-	.get_ssl_method = tls1_get_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_method_internal_data,
-};
-
-static const SSL_METHOD *
-tls1_get_method(int ver)
-{
-	if (ver == TLS1_2_VERSION)
-		return (TLSv1_2_method());
-	if (ver == TLS1_1_VERSION)
-		return (TLSv1_1_method());
-	if (ver == TLS1_VERSION)
-		return (TLSv1_method());
-	return (NULL);
-}
-
-const SSL_METHOD *
-SSLv23_method(void)
-{
-	return (TLS_method());
-}
-
-const SSL_METHOD *
-TLS_method(void)
-{
-	return &TLS_method_data;
-}
-
-const SSL_METHOD *
-TLSv1_method(void)
-{
-	return (&TLSv1_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_1_method(void)
-{
-	return (&TLSv1_1_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_2_method(void)
-{
-	return (&TLSv1_2_method_data);
-}
diff --git a/lib/libssl/t1_srvr.c b/lib/libssl/t1_srvr.c
deleted file mode 100644
index 02c5cf46aeb..00000000000
--- a/lib/libssl/t1_srvr.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/* $OpenBSD: t1_srvr.c,v 1.27 2018/08/30 16:56:16 jsing Exp $ */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-
-#include "ssl_locl.h"
-
-#include <openssl/buffer.h>
-#include <openssl/evp.h>
-#include <openssl/objects.h>
-#include <openssl/x509.h>
-
-static const SSL_METHOD_INTERNAL TLS_server_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl_undefined_function,
-	.ssl_renegotiate_check = ssl_ok,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLS_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLS_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_server_method_internal_data = {
-	.version = TLS1_VERSION,
-	.min_version = TLS1_VERSION,
-	.max_version = TLS1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_1_server_method_internal_data = {
-	.version = TLS1_1_VERSION,
-	.min_version = TLS1_1_VERSION,
-	.max_version = TLS1_1_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_1_enc_data,
-};
-
-static const SSL_METHOD TLSv1_1_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_1_server_method_internal_data,
-};
-
-static const SSL_METHOD_INTERNAL TLSv1_2_server_method_internal_data = {
-	.version = TLS1_2_VERSION,
-	.min_version = TLS1_2_VERSION,
-	.max_version = TLS1_2_VERSION,
-	.ssl_new = tls1_new,
-	.ssl_clear = tls1_clear,
-	.ssl_free = tls1_free,
-	.ssl_accept = ssl3_accept,
-	.ssl_connect = ssl_undefined_function,
-	.get_ssl_method = tls1_get_server_method,
-	.get_timeout = tls1_default_timeout,
-	.ssl_version = ssl_undefined_void_function,
-	.ssl_renegotiate = ssl3_renegotiate,
-	.ssl_renegotiate_check = ssl3_renegotiate_check,
-	.ssl_get_message = ssl3_get_message,
-	.ssl_read_bytes = ssl3_read_bytes,
-	.ssl_write_bytes = ssl3_write_bytes,
-	.ssl3_enc = &TLSv1_2_enc_data,
-};
-
-static const SSL_METHOD TLSv1_2_server_method_data = {
-	.ssl_dispatch_alert = ssl3_dispatch_alert,
-	.num_ciphers = ssl3_num_ciphers,
-	.get_cipher = ssl3_get_cipher,
-	.get_cipher_by_char = ssl3_get_cipher_by_char,
-	.put_cipher_by_char = ssl3_put_cipher_by_char,
-	.internal = &TLSv1_2_server_method_internal_data,
-};
-
-const SSL_METHOD *
-tls1_get_server_method(int ver)
-{
-	if (ver == TLS1_2_VERSION)
-		return (TLSv1_2_server_method());
-	if (ver == TLS1_1_VERSION)
-		return (TLSv1_1_server_method());
-	if (ver == TLS1_VERSION)
-		return (TLSv1_server_method());
-	return (NULL);
-}
-
-const SSL_METHOD *
-SSLv23_server_method(void)
-{
-	return (TLS_server_method());
-}
-
-const SSL_METHOD *
-TLS_server_method(void)
-{
-	return (&TLS_server_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_server_method(void)
-{
-	return (&TLSv1_server_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_1_server_method(void)
-{
-	return (&TLSv1_1_server_method_data);
-}
-
-const SSL_METHOD *
-TLSv1_2_server_method(void)
-{
-	return (&TLSv1_2_server_method_data);
-}