diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi
index 08040f9dc..c17754316 100644
--- a/distrib/sets/lists/base/mi
+++ b/distrib/sets/lists/base/mi
@@ -297,6 +297,7 @@
 ./etc/rpki/apnic.constraints
 ./etc/rpki/apnic.tal
 ./etc/rpki/arin.constraints
+./etc/rpki/arin.tal
 ./etc/rpki/lacnic.constraints
 ./etc/rpki/lacnic.tal
 ./etc/rpki/ripe.constraints
diff --git a/etc/Makefile b/etc/Makefile
index b2d862ff4..8cc6727dc 100644
--- a/etc/Makefile
+++ b/etc/Makefile
@@ -1,4 +1,4 @@
-#	$OpenBSD: Makefile,v 1.490 2024/06/30 17:30:54 deraadt Exp $
+#	$OpenBSD: Makefile,v 1.491 2025/01/17 00:20:15 job Exp $
 
 .include <bsd.own.mk>
 
@@ -156,8 +156,8 @@ distribution-etc-root-var: distrib-dirs
 		    ${DESTDIR}/etc/ppp
 	cd rpki; \
 		${INSTALL} -c -o root -g wheel -m 644 \
-		    afrinic.tal apnic.tal lacnic.tal ripe.tal \
-		    arin.constraints afrinic.constraints apnic.constraints \
+		    afrinic.tal apnic.tal arin.tal lacnic.tal ripe.tal \
+		    afrinic.constraints apnic.constraints arin.constraints \
 		    lacnic.constraints ripe.constraints \
 		    ${DESTDIR}/etc/rpki
 	cd examples; \
diff --git a/etc/rpki/arin.tal b/etc/rpki/arin.tal
new file mode 100644
index 000000000..eebfa8033
--- /dev/null
+++ b/etc/rpki/arin.tal
@@ -0,0 +1,20 @@
+# THIS TRUST ANCHOR LOCATOR IS PROVIDED BY THE AMERICAN REGISTRY FOR
+# INTERNET NUMBERS (ARIN) "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
+# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL ARIN BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS PUBLIC KEY, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+https://rrdp.arin.net/arin-rpki-ta.cer
+rsync://rpki.arin.net/repository/arin-rpki-ta.cer
+
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3lZPjbHvMRV5sDDqfLc/685th5Fn
+reHMJjg8pEZUbG8Y8TQxSBsDebbsDpl3Ov3Cj1WtdrJ3CIfQODCPrrJdOBSrMATeUbPC+JlN
+f2SRP3UB+VJFgtTj0RN8cEYIuhBW5t6AxQbHhdNQH+A1F/OJdw0q9da2U29Lx85nfFxvnC1E
+pK9CbLJS4m37+RlpNbT1cba+b+loXpx0Qcb1C4UpJCGDy7uNf5w6/+l7RpATAHqqsX4qCtww
+DYlbHzp2xk9owF3mkCxzl0HwncO+sEHHeaL3OjtwdIGrRGeHi2Mpt+mvWHhtQqVG+51MHTyg
++nIjWFKKGx1Q9+KDx4wJStwveQIDAQAB
diff --git a/lib/libcrypto/asn1/asn_mime.c b/lib/libcrypto/asn1/asn_mime.c
index 261067366..3995fc547 100644
--- a/lib/libcrypto/asn1/asn_mime.c
+++ b/lib/libcrypto/asn1/asn_mime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: asn_mime.c,v 1.34 2024/03/29 04:35:42 tb Exp $ */
+/* $OpenBSD: asn_mime.c,v 1.35 2025/01/17 05:02:18 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -379,7 +379,8 @@ asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
 	ASN1_STREAM_ARG sarg;
 	int rv = 1;
 
-	/* If data is not deteched or resigning then the output BIO is
+	/*
+	 * If data is not detached or resigning then the output BIO is
 	 * already set up to finalise when it is written through.
 	 */
 	if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
diff --git a/lib/libcrypto/dh/dh_ameth.c b/lib/libcrypto/dh/dh_ameth.c
index 13141761d..289307bfd 100644
--- a/lib/libcrypto/dh/dh_ameth.c
+++ b/lib/libcrypto/dh/dh_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_ameth.c,v 1.41 2024/08/29 16:58:19 tb Exp $ */
+/* $OpenBSD: dh_ameth.c,v 1.42 2025/01/17 05:04:25 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -185,7 +185,7 @@ dh_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
 /*
  * PKCS#8 DH is defined in PKCS#11 of all places. It is similar to DH in
  * that the AlgorithmIdentifier contains the parameters, the private key
- * is explcitly included and the pubkey must be recalculated.
+ * is explicitly included and the pubkey must be recalculated.
  */
 
 static int
diff --git a/lib/libcrypto/ec/ecp_methods.c b/lib/libcrypto/ec/ecp_methods.c
index 3809bf992..718bd4565 100644
--- a/lib/libcrypto/ec/ecp_methods.c
+++ b/lib/libcrypto/ec/ecp_methods.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ecp_methods.c,v 1.36 2025/01/11 21:20:39 tb Exp $ */
+/* $OpenBSD: ecp_methods.c,v 1.39 2025/01/17 11:11:27 tb Exp $ */
 /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
  * for the OpenSSL project.
  * Includes code written by Bodo Moeller for the OpenSSL project.
@@ -84,6 +84,19 @@
  * representation (i.e. 'encoding' means multiplying by some factor R).
  */
 
+static inline int
+ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
+    BN_CTX *ctx)
+{
+	return group->meth->field_mul(group, r, a, b, ctx);
+}
+
+static inline int
+ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+	return group->meth->field_sqr(group, r, a, ctx);
+}
+
 static int
 ec_decode_scalar(const EC_GROUP *group, BIGNUM *bn, const BIGNUM *x, BN_CTX *ctx)
 {
@@ -169,19 +182,12 @@ ec_group_get_curve(const EC_GROUP *group, BIGNUM *p, BIGNUM *a, BIGNUM *b,
 static int
 ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
 {
-	int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
 	BIGNUM *rh, *tmp, *Z4, *Z6;
 	int ret = -1;
 
 	if (EC_POINT_is_at_infinity(group, point))
 		return 1;
 
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = group->p;
-
 	BN_CTX_start(ctx);
 
 	if ((rh = BN_CTX_get(ctx)) == NULL)
@@ -201,56 +207,56 @@ ec_point_is_on_curve(const EC_GROUP *group, const EC_POINT *point, BN_CTX *ctx)
 	 */
 
 	/* rh := X^2 */
-	if (!field_sqr(group, rh, point->X, ctx))
+	if (!ec_field_sqr(group, rh, point->X, ctx))
 		goto err;
 
 	if (!point->Z_is_one) {
-		if (!field_sqr(group, tmp, point->Z, ctx))
+		if (!ec_field_sqr(group, tmp, point->Z, ctx))
 			goto err;
-		if (!field_sqr(group, Z4, tmp, ctx))
+		if (!ec_field_sqr(group, Z4, tmp, ctx))
 			goto err;
-		if (!field_mul(group, Z6, Z4, tmp, ctx))
+		if (!ec_field_mul(group, Z6, Z4, tmp, ctx))
 			goto err;
 
 		/* rh := (rh + a*Z^4)*X */
 		if (group->a_is_minus3) {
-			if (!BN_mod_lshift1_quick(tmp, Z4, p))
+			if (!BN_mod_lshift1_quick(tmp, Z4, group->p))
 				goto err;
-			if (!BN_mod_add_quick(tmp, tmp, Z4, p))
+			if (!BN_mod_add_quick(tmp, tmp, Z4, group->p))
 				goto err;
-			if (!BN_mod_sub_quick(rh, rh, tmp, p))
+			if (!BN_mod_sub_quick(rh, rh, tmp, group->p))
 				goto err;
-			if (!field_mul(group, rh, rh, point->X, ctx))
+			if (!ec_field_mul(group, rh, rh, point->X, ctx))
 				goto err;
 		} else {
-			if (!field_mul(group, tmp, Z4, group->a, ctx))
+			if (!ec_field_mul(group, tmp, Z4, group->a, ctx))
 				goto err;
-			if (!BN_mod_add_quick(rh, rh, tmp, p))
+			if (!BN_mod_add_quick(rh, rh, tmp, group->p))
 				goto err;
-			if (!field_mul(group, rh, rh, point->X, ctx))
+			if (!ec_field_mul(group, rh, rh, point->X, ctx))
 				goto err;
 		}
 
 		/* rh := rh + b*Z^6 */
-		if (!field_mul(group, tmp, group->b, Z6, ctx))
+		if (!ec_field_mul(group, tmp, group->b, Z6, ctx))
 			goto err;
-		if (!BN_mod_add_quick(rh, rh, tmp, p))
+		if (!BN_mod_add_quick(rh, rh, tmp, group->p))
 			goto err;
 	} else {
 		/* point->Z_is_one */
 
 		/* rh := (rh + a)*X */
-		if (!BN_mod_add_quick(rh, rh, group->a, p))
+		if (!BN_mod_add_quick(rh, rh, group->a, group->p))
 			goto err;
-		if (!field_mul(group, rh, rh, point->X, ctx))
+		if (!ec_field_mul(group, rh, rh, point->X, ctx))
 			goto err;
 		/* rh := rh + b */
-		if (!BN_mod_add_quick(rh, rh, group->b, p))
+		if (!BN_mod_add_quick(rh, rh, group->b, group->p))
 			goto err;
 	}
 
 	/* 'lh' := Y^2 */
-	if (!field_sqr(group, tmp, point->Y, ctx))
+	if (!ec_field_sqr(group, tmp, point->Y, ctx))
 		goto err;
 
 	ret = (0 == BN_ucmp(tmp, rh));
@@ -269,8 +275,6 @@ static int
 ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
     BN_CTX *ctx)
 {
-	int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
 	BIGNUM *tmp1, *tmp2, *Za23, *Zb23;
 	const BIGNUM *tmp1_, *tmp2_;
 	int ret = -1;
@@ -283,9 +287,6 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
 	if (a->Z_is_one && b->Z_is_one)
 		return BN_cmp(a->X, b->X) != 0 || BN_cmp(a->Y, b->Y) != 0;
 
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-
 	BN_CTX_start(ctx);
 
 	if ((tmp1 = BN_CTX_get(ctx)) == NULL)
@@ -303,17 +304,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
 	 */
 
 	if (!b->Z_is_one) {
-		if (!field_sqr(group, Zb23, b->Z, ctx))
+		if (!ec_field_sqr(group, Zb23, b->Z, ctx))
 			goto end;
-		if (!field_mul(group, tmp1, a->X, Zb23, ctx))
+		if (!ec_field_mul(group, tmp1, a->X, Zb23, ctx))
 			goto end;
 		tmp1_ = tmp1;
 	} else
 		tmp1_ = a->X;
 	if (!a->Z_is_one) {
-		if (!field_sqr(group, Za23, a->Z, ctx))
+		if (!ec_field_sqr(group, Za23, a->Z, ctx))
 			goto end;
-		if (!field_mul(group, tmp2, b->X, Za23, ctx))
+		if (!ec_field_mul(group, tmp2, b->X, Za23, ctx))
 			goto end;
 		tmp2_ = tmp2;
 	} else
@@ -325,17 +326,17 @@ ec_point_cmp(const EC_GROUP *group, const EC_POINT *a, const EC_POINT *b,
 		goto end;
 	}
 	if (!b->Z_is_one) {
-		if (!field_mul(group, Zb23, Zb23, b->Z, ctx))
+		if (!ec_field_mul(group, Zb23, Zb23, b->Z, ctx))
 			goto end;
-		if (!field_mul(group, tmp1, a->Y, Zb23, ctx))
+		if (!ec_field_mul(group, tmp1, a->Y, Zb23, ctx))
 			goto end;
 		/* tmp1_ = tmp1 */
 	} else
 		tmp1_ = a->Y;
 	if (!a->Z_is_one) {
-		if (!field_mul(group, Za23, Za23, a->Z, ctx))
+		if (!ec_field_mul(group, Za23, Za23, a->Z, ctx))
 			goto end;
-		if (!field_mul(group, tmp2, b->Y, Za23, ctx))
+		if (!ec_field_mul(group, tmp2, b->Y, Za23, ctx))
 			goto end;
 		/* tmp2_ = tmp2 */
 	} else
@@ -422,7 +423,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
 	}
 	if (group->meth->field_encode == NULL) {
 		/* field_sqr works on standard representation */
-		if (!group->meth->field_sqr(group, Z_2, Z_1, ctx))
+		if (!ec_field_sqr(group, Z_2, Z_1, ctx))
 			goto err;
 	} else {
 		if (!BN_mod_sqr(Z_2, Z_1, group->p, ctx))
@@ -434,13 +435,13 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
 		 * in the Montgomery case, field_mul will cancel out
 		 * Montgomery factor in X:
 		 */
-		if (!group->meth->field_mul(group, x, point->X, Z_2, ctx))
+		if (!ec_field_mul(group, x, point->X, Z_2, ctx))
 			goto err;
 	}
 	if (y != NULL) {
 		if (group->meth->field_encode == NULL) {
 			/* field_mul works on standard representation */
-			if (!group->meth->field_mul(group, Z_3, Z_2, Z_1, ctx))
+			if (!ec_field_mul(group, Z_3, Z_2, Z_1, ctx))
 				goto err;
 		} else {
 			if (!BN_mod_mul(Z_3, Z_2, Z_1, group->p, ctx))
@@ -451,7 +452,7 @@ ec_point_get_affine_coordinates(const EC_GROUP *group, const EC_POINT *point,
 		 * in the Montgomery case, field_mul will cancel out
 		 * Montgomery factor in Y:
 		 */
-		if (!group->meth->field_mul(group, y, point->Y, Z_3, ctx))
+		if (!ec_field_mul(group, y, point->Y, Z_3, ctx))
 			goto err;
 	}
 
@@ -510,7 +511,7 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT **points,
 
 	for (i = 1; i < num; i++) {
 		if (!BN_is_zero(points[i]->Z)) {
-			if (!group->meth->field_mul(group, prod_Z[i],
+			if (!ec_field_mul(group, prod_Z[i],
 			    prod_Z[i - 1], points[i]->Z, ctx))
 				goto err;
 		} else {
@@ -549,10 +550,10 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT **points,
 			continue;
 
 		/* Set tmp_Z to the inverse of points[i]->Z. */
-		if (!group->meth->field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
+		if (!ec_field_mul(group, tmp_Z, prod_Z[i - 1], tmp, ctx))
 			goto err;
 		/* Adjust tmp to satisfy loop invariant. */
-		if (!group->meth->field_mul(group, tmp, tmp, points[i]->Z, ctx))
+		if (!ec_field_mul(group, tmp, tmp, points[i]->Z, ctx))
 			goto err;
 		/* Replace points[i]->Z by its inverse. */
 		if (!bn_copy(points[i]->Z, tmp_Z))
@@ -574,14 +575,14 @@ ec_points_make_affine(const EC_GROUP *group, size_t num, EC_POINT **points,
 
 		/* turn  (X, Y, 1/Z)  into  (X/Z^2, Y/Z^3, 1) */
 
-		if (!group->meth->field_sqr(group, tmp, p->Z, ctx))
+		if (!ec_field_sqr(group, tmp, p->Z, ctx))
 			goto err;
-		if (!group->meth->field_mul(group, p->X, p->X, tmp, ctx))
+		if (!ec_field_mul(group, p->X, p->X, tmp, ctx))
 			goto err;
 
-		if (!group->meth->field_mul(group, tmp, tmp, p->Z, ctx))
+		if (!ec_field_mul(group, tmp, tmp, p->Z, ctx))
 			goto err;
-		if (!group->meth->field_mul(group, p->Y, p->Y, tmp, ctx))
+		if (!ec_field_mul(group, p->Y, p->Y, tmp, ctx))
 			goto err;
 
 		if (!bn_copy(p->Z, one))
@@ -602,10 +603,7 @@ static int
 ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
     BN_CTX *ctx)
 {
-	int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
 	BIGNUM *n0, *n1, *n2, *n3, *n4, *n5, *n6;
-	const BIGNUM *p;
 	int ret = 0;
 
 	if (a == b)
@@ -615,10 +613,6 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
 	if (EC_POINT_is_at_infinity(group, b))
 		return EC_POINT_copy(r, a);
 
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = group->p;
-
 	BN_CTX_start(ctx);
 
 	if ((n0 = BN_CTX_get(ctx)) == NULL)
@@ -651,15 +645,15 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
 		/* n1 = X_a */
 		/* n2 = Y_a */
 	} else {
-		if (!field_sqr(group, n0, b->Z, ctx))
+		if (!ec_field_sqr(group, n0, b->Z, ctx))
 			goto end;
-		if (!field_mul(group, n1, a->X, n0, ctx))
+		if (!ec_field_mul(group, n1, a->X, n0, ctx))
 			goto end;
 		/* n1 = X_a * Z_b^2 */
 
-		if (!field_mul(group, n0, n0, b->Z, ctx))
+		if (!ec_field_mul(group, n0, n0, b->Z, ctx))
 			goto end;
-		if (!field_mul(group, n2, a->Y, n0, ctx))
+		if (!ec_field_mul(group, n2, a->Y, n0, ctx))
 			goto end;
 		/* n2 = Y_a * Z_b^3 */
 	}
@@ -673,23 +667,23 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
 		/* n3 = X_b */
 		/* n4 = Y_b */
 	} else {
-		if (!field_sqr(group, n0, a->Z, ctx))
+		if (!ec_field_sqr(group, n0, a->Z, ctx))
 			goto end;
-		if (!field_mul(group, n3, b->X, n0, ctx))
+		if (!ec_field_mul(group, n3, b->X, n0, ctx))
 			goto end;
 		/* n3 = X_b * Z_a^2 */
 
-		if (!field_mul(group, n0, n0, a->Z, ctx))
+		if (!ec_field_mul(group, n0, n0, a->Z, ctx))
 			goto end;
-		if (!field_mul(group, n4, b->Y, n0, ctx))
+		if (!ec_field_mul(group, n4, b->Y, n0, ctx))
 			goto end;
 		/* n4 = Y_b * Z_a^3 */
 	}
 
 	/* n5, n6 */
-	if (!BN_mod_sub_quick(n5, n1, n3, p))
+	if (!BN_mod_sub_quick(n5, n1, n3, group->p))
 		goto end;
-	if (!BN_mod_sub_quick(n6, n2, n4, p))
+	if (!BN_mod_sub_quick(n6, n2, n4, group->p))
 		goto end;
 	/* n5 = n1 - n3 */
 	/* n6 = n2 - n4 */
@@ -710,9 +704,9 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
 		}
 	}
 	/* 'n7', 'n8' */
-	if (!BN_mod_add_quick(n1, n1, n3, p))
+	if (!BN_mod_add_quick(n1, n1, n3, group->p))
 		goto end;
-	if (!BN_mod_add_quick(n2, n2, n4, p))
+	if (!BN_mod_add_quick(n2, n2, n4, group->p))
 		goto end;
 	/* 'n7' = n1 + n3 */
 	/* 'n8' = n2 + n4 */
@@ -729,44 +723,44 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
 			if (!bn_copy(n0, a->Z))
 				goto end;
 		} else {
-			if (!field_mul(group, n0, a->Z, b->Z, ctx))
+			if (!ec_field_mul(group, n0, a->Z, b->Z, ctx))
 				goto end;
 		}
-		if (!field_mul(group, r->Z, n0, n5, ctx))
+		if (!ec_field_mul(group, r->Z, n0, n5, ctx))
 			goto end;
 	}
 	r->Z_is_one = 0;
 	/* Z_r = Z_a * Z_b * n5 */
 
 	/* X_r */
-	if (!field_sqr(group, n0, n6, ctx))
+	if (!ec_field_sqr(group, n0, n6, ctx))
 		goto end;
-	if (!field_sqr(group, n4, n5, ctx))
+	if (!ec_field_sqr(group, n4, n5, ctx))
 		goto end;
-	if (!field_mul(group, n3, n1, n4, ctx))
+	if (!ec_field_mul(group, n3, n1, n4, ctx))
 		goto end;
-	if (!BN_mod_sub_quick(r->X, n0, n3, p))
+	if (!BN_mod_sub_quick(r->X, n0, n3, group->p))
 		goto end;
 	/* X_r = n6^2 - n5^2 * 'n7' */
 
 	/* 'n9' */
-	if (!BN_mod_lshift1_quick(n0, r->X, p))
+	if (!BN_mod_lshift1_quick(n0, r->X, group->p))
 		goto end;
-	if (!BN_mod_sub_quick(n0, n3, n0, p))
+	if (!BN_mod_sub_quick(n0, n3, n0, group->p))
 		goto end;
 	/* n9 = n5^2 * 'n7' - 2 * X_r */
 
 	/* Y_r */
-	if (!field_mul(group, n0, n0, n6, ctx))
+	if (!ec_field_mul(group, n0, n0, n6, ctx))
 		goto end;
-	if (!field_mul(group, n5, n4, n5, ctx))
+	if (!ec_field_mul(group, n5, n4, n5, ctx))
 		goto end;	/* now n5 is n5^3 */
-	if (!field_mul(group, n1, n2, n5, ctx))
+	if (!ec_field_mul(group, n1, n2, n5, ctx))
 		goto end;
-	if (!BN_mod_sub_quick(n0, n0, n1, p))
+	if (!BN_mod_sub_quick(n0, n0, n1, group->p))
 		goto end;
 	if (BN_is_odd(n0))
-		if (!BN_add(n0, n0, p))
+		if (!BN_add(n0, n0, group->p))
 			goto end;
 	/* now  0 <= n0 < 2*p,  and n0 is even */
 	if (!BN_rshift1(r->Y, n0))
@@ -784,19 +778,12 @@ ec_add(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, const EC_POINT *b,
 static int
 ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
 {
-	int (*field_mul) (const EC_GROUP *, BIGNUM *, const BIGNUM *, const BIGNUM *, BN_CTX *);
-	int (*field_sqr) (const EC_GROUP *, BIGNUM *, const BIGNUM *, BN_CTX *);
-	const BIGNUM *p;
 	BIGNUM *n0, *n1, *n2, *n3;
 	int ret = 0;
 
 	if (EC_POINT_is_at_infinity(group, a))
 		return EC_POINT_set_to_infinity(group, r);
 
-	field_mul = group->meth->field_mul;
-	field_sqr = group->meth->field_sqr;
-	p = group->p;
-
 	BN_CTX_start(ctx);
 
 	if ((n0 = BN_CTX_get(ctx)) == NULL)
@@ -816,46 +803,46 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
 
 	/* n1 */
 	if (a->Z_is_one) {
-		if (!field_sqr(group, n0, a->X, ctx))
+		if (!ec_field_sqr(group, n0, a->X, ctx))
 			goto err;
-		if (!BN_mod_lshift1_quick(n1, n0, p))
+		if (!BN_mod_lshift1_quick(n1, n0, group->p))
 			goto err;
-		if (!BN_mod_add_quick(n0, n0, n1, p))
+		if (!BN_mod_add_quick(n0, n0, n1, group->p))
 			goto err;
-		if (!BN_mod_add_quick(n1, n0, group->a, p))
+		if (!BN_mod_add_quick(n1, n0, group->a, group->p))
 			goto err;
 		/* n1 = 3 * X_a^2 + a_curve */
 	} else if (group->a_is_minus3) {
-		if (!field_sqr(group, n1, a->Z, ctx))
+		if (!ec_field_sqr(group, n1, a->Z, ctx))
 			goto err;
-		if (!BN_mod_add_quick(n0, a->X, n1, p))
+		if (!BN_mod_add_quick(n0, a->X, n1, group->p))
 			goto err;
-		if (!BN_mod_sub_quick(n2, a->X, n1, p))
+		if (!BN_mod_sub_quick(n2, a->X, n1, group->p))
 			goto err;
-		if (!field_mul(group, n1, n0, n2, ctx))
+		if (!ec_field_mul(group, n1, n0, n2, ctx))
 			goto err;
-		if (!BN_mod_lshift1_quick(n0, n1, p))
+		if (!BN_mod_lshift1_quick(n0, n1, group->p))
 			goto err;
-		if (!BN_mod_add_quick(n1, n0, n1, p))
+		if (!BN_mod_add_quick(n1, n0, n1, group->p))
 			goto err;
 		/*
 		 * n1 = 3 * (X_a + Z_a^2) * (X_a - Z_a^2) = 3 * X_a^2 - 3 *
 		 * Z_a^4
 		 */
 	} else {
-		if (!field_sqr(group, n0, a->X, ctx))
+		if (!ec_field_sqr(group, n0, a->X, ctx))
 			goto err;
-		if (!BN_mod_lshift1_quick(n1, n0, p))
+		if (!BN_mod_lshift1_quick(n1, n0, group->p))
 			goto err;
-		if (!BN_mod_add_quick(n0, n0, n1, p))
+		if (!BN_mod_add_quick(n0, n0, n1, group->p))
 			goto err;
-		if (!field_sqr(group, n1, a->Z, ctx))
+		if (!ec_field_sqr(group, n1, a->Z, ctx))
 			goto err;
-		if (!field_sqr(group, n1, n1, ctx))
+		if (!ec_field_sqr(group, n1, n1, ctx))
 			goto err;
-		if (!field_mul(group, n1, n1, group->a, ctx))
+		if (!ec_field_mul(group, n1, n1, group->a, ctx))
 			goto err;
-		if (!BN_mod_add_quick(n1, n1, n0, p))
+		if (!BN_mod_add_quick(n1, n1, n0, group->p))
 			goto err;
 		/* n1 = 3 * X_a^2 + a_curve * Z_a^4 */
 	}
@@ -865,45 +852,45 @@ ec_dbl(const EC_GROUP *group, EC_POINT *r, const EC_POINT *a, BN_CTX *ctx)
 		if (!bn_copy(n0, a->Y))
 			goto err;
 	} else {
-		if (!field_mul(group, n0, a->Y, a->Z, ctx))
+		if (!ec_field_mul(group, n0, a->Y, a->Z, ctx))
 			goto err;
 	}
-	if (!BN_mod_lshift1_quick(r->Z, n0, p))
+	if (!BN_mod_lshift1_quick(r->Z, n0, group->p))
 		goto err;
 	r->Z_is_one = 0;
 	/* Z_r = 2 * Y_a * Z_a */
 
 	/* n2 */
-	if (!field_sqr(group, n3, a->Y, ctx))
+	if (!ec_field_sqr(group, n3, a->Y, ctx))
 		goto err;
-	if (!field_mul(group, n2, a->X, n3, ctx))
+	if (!ec_field_mul(group, n2, a->X, n3, ctx))
 		goto err;
-	if (!BN_mod_lshift_quick(n2, n2, 2, p))
+	if (!BN_mod_lshift_quick(n2, n2, 2, group->p))
 		goto err;
 	/* n2 = 4 * X_a * Y_a^2 */
 
 	/* X_r */
-	if (!BN_mod_lshift1_quick(n0, n2, p))
+	if (!BN_mod_lshift1_quick(n0, n2, group->p))
 		goto err;
-	if (!field_sqr(group, r->X, n1, ctx))
+	if (!ec_field_sqr(group, r->X, n1, ctx))
 		goto err;
-	if (!BN_mod_sub_quick(r->X, r->X, n0, p))
+	if (!BN_mod_sub_quick(r->X, r->X, n0, group->p))
 		goto err;
 	/* X_r = n1^2 - 2 * n2 */
 
 	/* n3 */
-	if (!field_sqr(group, n0, n3, ctx))
+	if (!ec_field_sqr(group, n0, n3, ctx))
 		goto err;
-	if (!BN_mod_lshift_quick(n3, n0, 3, p))
+	if (!BN_mod_lshift_quick(n3, n0, 3, group->p))
 		goto err;
 	/* n3 = 8 * Y_a^4 */
 
 	/* Y_r */
-	if (!BN_mod_sub_quick(n0, n2, r->X, p))
+	if (!BN_mod_sub_quick(n0, n2, r->X, group->p))
 		goto err;
-	if (!field_mul(group, n0, n1, n0, ctx))
+	if (!ec_field_mul(group, n0, n1, n0, ctx))
 		goto err;
-	if (!BN_mod_sub_quick(r->Y, n0, n3, p))
+	if (!BN_mod_sub_quick(r->Y, n0, n3, group->p))
 		goto err;
 	/* Y_r = n1 * (n2 - X_r) - n3 */
 
@@ -925,19 +912,6 @@ ec_invert(const EC_GROUP *group, EC_POINT *point, BN_CTX *ctx)
 	return BN_usub(point->Y, group->p, point->Y);
 }
 
-static int
-ec_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, const BIGNUM *b,
-    BN_CTX *ctx)
-{
-	return BN_mod_mul(r, a, b, group->p, ctx);
-}
-
-static int
-ec_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
-{
-	return BN_mod_sqr(r, a, group->p, ctx);
-}
-
 /*
  * Apply randomization of EC point Jacobian projective coordinates:
  *
@@ -967,23 +941,23 @@ ec_blind_coordinates(const EC_GROUP *group, EC_POINT *p, BN_CTX *ctx)
 		goto err;
 
 	/* Z = lambda * Z */
-	if (!group->meth->field_mul(group, p->Z, lambda, p->Z, ctx))
+	if (!ec_field_mul(group, p->Z, lambda, p->Z, ctx))
 		goto err;
 
 	/* tmp = lambda^2 */
-	if (!group->meth->field_sqr(group, tmp, lambda, ctx))
+	if (!ec_field_sqr(group, tmp, lambda, ctx))
 		goto err;
 
 	/* X = lambda^2 * X */
-	if (!group->meth->field_mul(group, p->X, tmp, p->X, ctx))
+	if (!ec_field_mul(group, p->X, tmp, p->X, ctx))
 		goto err;
 
 	/* tmp = lambda^3 */
-	if (!group->meth->field_mul(group, tmp, tmp, lambda, ctx))
+	if (!ec_field_mul(group, tmp, tmp, lambda, ctx))
 		goto err;
 
 	/* Y = lambda^3 * Y */
-	if (!group->meth->field_mul(group, p->Y, tmp, p->Y, ctx))
+	if (!ec_field_mul(group, p->Y, tmp, p->Y, ctx))
 		goto err;
 
 	/* Disable optimized arithmetics after replacing Z by lambda * Z. */
@@ -1241,6 +1215,19 @@ ec_mul_double_nonct(const EC_GROUP *group, EC_POINT *r, const BIGNUM *g_scalar,
 	return ec_wnaf_mul(group, r, g_scalar, point, p_scalar, ctx);
 }
 
+static int
+ec_simple_field_mul(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a,
+    const BIGNUM *b, BN_CTX *ctx)
+{
+	return BN_mod_mul(r, a, b, group->p, ctx);
+}
+
+static int
+ec_simple_field_sqr(const EC_GROUP *group, BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
+{
+	return BN_mod_sqr(r, a, group->p, ctx);
+}
+
 static int
 ec_mont_group_set_curve(EC_GROUP *group, const BIGNUM *p, const BIGNUM *a,
     const BIGNUM *b, BN_CTX *ctx)
@@ -1333,8 +1320,8 @@ static const EC_METHOD ec_GFp_simple_method = {
 	.mul_generator_ct = ec_mul_generator_ct,
 	.mul_single_ct = ec_mul_single_ct,
 	.mul_double_nonct = ec_mul_double_nonct,
-	.field_mul = ec_field_mul,
-	.field_sqr = ec_field_sqr,
+	.field_mul = ec_simple_field_mul,
+	.field_sqr = ec_simple_field_sqr,
 };
 
 const EC_METHOD *
diff --git a/lib/libcrypto/rsa/rsa_pmeth.c b/lib/libcrypto/rsa/rsa_pmeth.c
index a1bdeb3b3..453570cf7 100644
--- a/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.41 2024/08/26 22:01:28 op Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.43 2025/01/17 15:39:19 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -637,19 +637,17 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
 		RSAerror(RSA_R_VALUE_MISSING);
 		return 0;
 	}
-	if (!strcmp(type, "rsa_padding_mode")) {
+	if (strcmp(type, "rsa_padding_mode") == 0) {
 		int pm;
-		if (!strcmp(value, "pkcs1"))
+		if (strcmp(value, "pkcs1") == 0)
 			pm = RSA_PKCS1_PADDING;
-		else if (!strcmp(value, "none"))
+		else if (strcmp(value, "none") == 0)
 			pm = RSA_NO_PADDING;
-		else if (!strcmp(value, "oeap"))
+		else if (strcmp(value, "oaep") == 0 || strcmp(value, "oeap") == 0)
 			pm = RSA_PKCS1_OAEP_PADDING;
-		else if (!strcmp(value, "oaep"))
-			pm = RSA_PKCS1_OAEP_PADDING;
-		else if (!strcmp(value, "x931"))
+		else if (strcmp(value, "x931") == 0)
 			pm = RSA_X931_PADDING;
-		else if (!strcmp(value, "pss"))
+		else if (strcmp(value, "pss") == 0)
 			pm = RSA_PKCS1_PSS_PADDING;
 		else {
 			RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
@@ -661,14 +659,19 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
 	if (strcmp(type, "rsa_pss_saltlen") == 0) {
 		int saltlen;
 
-		if (!strcmp(value, "digest"))
+		if (strcmp(value, "digest") == 0)
 			saltlen = RSA_PSS_SALTLEN_DIGEST;
-		else if (!strcmp(value, "max"))
+		else if (strcmp(value, "max") == 0)
 			saltlen = RSA_PSS_SALTLEN_MAX;
-		else if (!strcmp(value, "auto"))
+		else if (strcmp(value, "auto") == 0)
 			saltlen = RSA_PSS_SALTLEN_AUTO;
 		else {
-			saltlen = strtonum(value, 0, INT_MAX, &errstr);
+			/*
+			 * Accept the special values -1, -2, -3 since that's
+			 * what atoi() historically did. Lower values are later
+			 * rejected in EVP_PKEY_CTRL_RSA_PSS_SALTLEN anyway.
+			 */
+			saltlen = strtonum(value, -3, INT_MAX, &errstr);
 			if (errstr != NULL) {
 				RSAerror(RSA_R_INVALID_PSS_SALTLEN);
 				return -2;
@@ -718,7 +721,12 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
 		if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
 			int saltlen;
 
-			saltlen = strtonum(value, 0, INT_MAX, &errstr);
+			/*
+			 * Accept the special values -1, -2, -3 since that's
+			 * what atoi() historically did. Lower values are later
+			 * rejected in EVP_PKEY_CTRL_RSA_PSS_SALTLEN anyway.
+			 */
+			saltlen = strtonum(value, -3, INT_MAX, &errstr);
 			if (errstr != NULL) {
 				RSAerror(RSA_R_INVALID_PSS_SALTLEN);
 				return -2;
diff --git a/lib/libssl/ssl_local.h b/lib/libssl/ssl_local.h
index 4cbc13f8a..35d9ebae9 100644
--- a/lib/libssl/ssl_local.h
+++ b/lib/libssl/ssl_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_local.h,v 1.23 2024/07/23 14:40:54 jsing Exp $ */
+/* $OpenBSD: ssl_local.h,v 1.24 2025/01/17 22:39:42 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -155,7 +155,6 @@
 
 #include <openssl/bio.h>
 #include <openssl/buffer.h>
-#include <openssl/dsa.h>
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/ssl.h>
diff --git a/regress/sys/netinet6/rip6cksum/Makefile b/regress/sys/netinet6/rip6cksum/Makefile
index d4bbb0b2a..ae4b032ad 100644
--- a/regress/sys/netinet6/rip6cksum/Makefile
+++ b/regress/sys/netinet6/rip6cksum/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.6 2020/12/30 21:40:33 kn Exp $
+# $OpenBSD: Makefile,v 1.7 2025/01/17 07:57:22 anton Exp $
 
 # The following ports must be installed:
 #
@@ -117,4 +117,21 @@ run-ckoff-2-long:
 	${SUDO} ./rip6cksum -c 2 -r 5 -s 5 -w -- \
 	    ${PYTHON}sendrecv.py -c 2 -s 5
 
+# XXX expected failures caused by the upgrade to scapy 2.4.5.
+REGRESS_EXPECTED_FAILURES+=run-bad-cksum
+REGRESS_EXPECTED_FAILURES+=run-ckoff-0
+REGRESS_EXPECTED_FAILURES+=run-ckoff-0-empty
+REGRESS_EXPECTED_FAILURES+=run-ckoff-0-exact
+REGRESS_EXPECTED_FAILURES+=run-ckoff-0-long
+REGRESS_EXPECTED_FAILURES+=run-ckoff-0-short
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2-empty
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2-exact
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2-long
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2-short-1
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2-short-2
+REGRESS_EXPECTED_FAILURES+=run-ckoff-2-short-3
+REGRESS_EXPECTED_FAILURES+=run-disable-cksum
+REGRESS_EXPECTED_FAILURES+=run-no-cksum
+
 .include <bsd.regress.mk>
diff --git a/share/man/man5/python-module.5 b/share/man/man5/python-module.5
index 505d3e492..f971854e6 100644
--- a/share/man/man5/python-module.5
+++ b/share/man/man5/python-module.5
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: python-module.5,v 1.14 2024/10/28 19:48:37 kirill Exp $
+.\"	$OpenBSD: python-module.5,v 1.15 2025/01/17 08:52:01 sthen Exp $
 .\"
 .\" Copyright (c) 2008 Marc Espie
 .\"
@@ -24,7 +24,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 28 2024 $
+.Dd $Mdocdate: January 17 2025 $
 .Dt PYTHON-MODULE 5
 .Os
 .Sh NAME
@@ -37,18 +37,10 @@ in the
 .Xr ports 7
 tree.
 .Pp
-By default, the module sets
+By default, the module builds ports using Python 3.
+For legacy ports using Python 2,
 .Ev MODPY_VERSION
-to the appropriate python version
-.Po
-depending on the existence/presence of a
-.Sq python3
-.Ev FLAVOR
-.Pc ,
-but
-.Ev MODPY_VERSION
-may be set manually to ${MODPY_DEFAULT_VERSION_2}
-for legacy ports.
+may be set manually to ${MODPY_DEFAULT_VERSION_2}.
 .Pp
 The module then sets
 .Ev MODPY_BIN ,
@@ -57,7 +49,6 @@ The module then sets
 .Ev MODPY_SITEPKG ,
 .Ev MODPY_SETUP ,
 .Ev MODPY_TEST_DIR ,
-.Ev MODPY_TEST_LINK_SO ,
 .Ev MODPY_TEST_LOCALE ,
 .Ev MODPY_WANTLIB ,
 .Ev MODPY_LIB_DEPENDS ,
@@ -102,10 +93,6 @@ and changes to the directory specified in
 by default ${WRKSRC}
 .Pc
 before running tests.
-In addition, it can link all .so files in ${WRKSRC} if
-.Ev MODPY_TEST_LINK_SO
-is set to Yes, which is required if you are using tests
-which use Python code that loads .so files via relative imports.
 .Pp
 Most modern Python software can be packaged using a PEP 517 build
 frontend (in the
@@ -119,7 +106,7 @@ If the port provides a
 file, check the "build-backend" line in the [build-system] section.
 .Nm
 currently supports flit, flit_core, hatchling, hatch-vcs, jupyter_packaging,
-maturin, pdm, poetry-core, setuptools and setuptools_scm.
+maturin, pdm, poetry-core, setuptools, setuptools-rust, and setuptools_scm.
 If no
 .Pa pyproject.toml
 is provided then it probably uses setuptools.
@@ -129,15 +116,15 @@ adds the backend to
 .Ev MODPY_BUILD_DEPENDS ,
 and sets
 .Ev MODPY_PYTEST .
-In cases where a less common backend is used, or where the build backend is
+In cases where an uncommon backend is used, or where the build backend is
 distributed with the software itself,
 .Ev MODPY_PYBUILD
 can be set to
 .Sq other
-to use the PEP 517 mechanism without adding a dependency
+to use the PEP 517 build mechanism without adding a dependency
 for a backend.
 .Pp
-Older ports using setuptools still set
+Python 2 and some older Python 3 ports using setuptools still set
 .Ev MODPY_SETUPTOOLS
 to Yes, which appends to
 .Ev MODPY_BUILD_DEPENDS
@@ -156,6 +143,8 @@ and
 These ports can often be converted to
 .Ev MODPY_PYBUILD
 with some small changes to the port.
+.Ev MODPY_SETUPTOOLS
+should not be used for new ports.
 .Pp
 Ports which use the pytest module should set
 .Ev MODPY_PYTEST
@@ -178,8 +167,17 @@ if present, is passed on the command line.
 This allows setting py.test flags to increase verbosity,
 show test durations, enable colours, etc.
 .Pp
+If
+.Ev MODPY_TEST_LINK_SO
+is set to Yes, symbolic links to all .so files in the build directory
+will be created before running tests.
+These are created in
+.Ev MODPY_TEST_LINK_SRC ,
+which defaults to ${WRKSRC}.
+This is required when tests load .so files via relative imports.
+.Pp
 All ports that generate egg-info or dist-info files should set
-.Ev MODPY_EGG_VERSION
+.Ev MODPY_DISTV
 to the version string used by the
 .Fn setup
 function in the port's
@@ -229,25 +227,10 @@ the subdirectory can be overridden with
 .Ss Packing-list generation
 Python 2.x places .pyc files in the same directory as the associated .py file.
 Python 3.x places these in a separate __pycache__ directory and uses an
-additional suffix.
+additional suffix that includes the Python version.
 In some cases, an ABI tag is also used for names of compiled extensions.
-The python module defines variables to allow a single
+The python module defines variables so that a
 .Pa PLIST
-to be
-used for both versions:
-generate or update the
-.Pa PLIST
-using the python3
-.Ev FLAVOR ,
-then edit it to prefix any lines creating
-.Ev MODPY_PYCACHE
-directories with
-.Ev MODPY_COMMENT .
-As python2 and python3 packages should permit being installed together,
-it may be necessary to suffix names of common binaries or directories,
-or split common files into a subpackage.
-If updating the PLIST without using the python3 flavor,
-take care not to remove ${MODPY_PYCACHE}, ${MODPY_PYC_MAGIC_TAG}, or
-${MODPY_ABI_TAG} variables from the PLIST.
+is likely to still work with a newer Python version without changes.
 .Sh SEE ALSO
 .Xr port-modules 5
diff --git a/sys/dev/pv/if_vio.c b/sys/dev/pv/if_vio.c
index eeebcd2cc..1adf34d1c 100644
--- a/sys/dev/pv/if_vio.c
+++ b/sys/dev/pv/if_vio.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_vio.c,v 1.66 2025/01/14 14:32:32 sf Exp $	*/
+/*	$OpenBSD: if_vio.c,v 1.67 2025/01/17 08:58:38 jan Exp $	*/
 
 /*
  * Copyright (c) 2012 Stefan Fritsch, Alexander Fiveg.
@@ -517,7 +517,11 @@ vio_alloc_mem(struct vio_softc *sc, int tx_max_segments)
 	}
 	KASSERT(offset == allocsize);
 
-	txsize = ifp->if_hardmtu + sc->sc_hdr_size + ETHER_HDR_LEN;
+	if (virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO4) ||
+	    virtio_has_feature(vsc, VIRTIO_NET_F_HOST_TSO6))
+		txsize = MAXMCLBYTES + sc->sc_hdr_size + ETHER_HDR_LEN;
+	else
+		txsize = ifp->if_hardmtu + sc->sc_hdr_size + ETHER_HDR_LEN;
 
 	for (qidx = 0; qidx < sc->sc_nqueues; qidx++) {
 		struct vio_queue *vioq = &sc->sc_q[qidx];
diff --git a/sys/dev/usb/uvideo.c b/sys/dev/usb/uvideo.c
index 8f73f718b..cdef823eb 100644
--- a/sys/dev/usb/uvideo.c
+++ b/sys/dev/usb/uvideo.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvideo.c,v 1.235 2025/01/15 20:34:50 kirill Exp $ */
+/*	$OpenBSD: uvideo.c,v 1.236 2025/01/16 22:58:19 kirill Exp $ */
 
 /*
  * Copyright (c) 2008 Robert Nagy <robert@openbsd.org>
@@ -392,7 +392,25 @@ const struct uvideo_map_fmts {
 	{ UVIDEO_FORMAT_GUID_I420, V4L2_PIX_FMT_YUV420 },
 	{ UVIDEO_FORMAT_GUID_Y800, V4L2_PIX_FMT_GREY },
 	{ UVIDEO_FORMAT_GUID_Y8, V4L2_PIX_FMT_GREY },
+	{ UVIDEO_FORMAT_GUID_D3DFMT_L8, V4L2_PIX_FMT_GREY },
 	{ UVIDEO_FORMAT_GUID_KSMEDIA_L8_IR, V4L2_PIX_FMT_GREY },
+	{ UVIDEO_FORMAT_GUID_BY8, V4L2_PIX_FMT_SBGGR8 },
+	{ UVIDEO_FORMAT_GUID_BA81, V4L2_PIX_FMT_SBGGR8 },
+	{ UVIDEO_FORMAT_GUID_GBRG, V4L2_PIX_FMT_SGBRG8 },
+	{ UVIDEO_FORMAT_GUID_GRBG, V4L2_PIX_FMT_SGRBG8 },
+	{ UVIDEO_FORMAT_GUID_RGGB, V4L2_PIX_FMT_SRGGB8 },
+	{ UVIDEO_FORMAT_GUID_RGBP, V4L2_PIX_FMT_RGB565 },
+	{ UVIDEO_FORMAT_GUID_D3DFMT_R5G6B5, V4L2_PIX_FMT_RGB565 },
+	{ UVIDEO_FORMAT_GUID_BGR3, V4L2_PIX_FMT_BGR24 },
+	{ UVIDEO_FORMAT_GUID_BGR4, V4L2_PIX_FMT_XBGR32 },
+	{ UVIDEO_FORMAT_GUID_H265, V4L2_PIX_FMT_HEVC },
+	{ UVIDEO_FORMAT_GUID_RW10, V4L2_PIX_FMT_SRGGB10P },
+	{ UVIDEO_FORMAT_GUID_BG16, V4L2_PIX_FMT_SBGGR16 },
+	{ UVIDEO_FORMAT_GUID_GB16, V4L2_PIX_FMT_SGBRG16 },
+	{ UVIDEO_FORMAT_GUID_RG16, V4L2_PIX_FMT_SRGGB16 },
+	{ UVIDEO_FORMAT_GUID_GR16, V4L2_PIX_FMT_SGRBG16 },
+	{ UVIDEO_FORMAT_GUID_INVZ, V4L2_PIX_FMT_Z16 },
+	{ UVIDEO_FORMAT_GUID_INVI, V4L2_PIX_FMT_Y10 },
 };
 
 int
diff --git a/sys/dev/usb/uvideo.h b/sys/dev/usb/uvideo.h
index 3c89e3814..b2a96e9fb 100644
--- a/sys/dev/usb/uvideo.h
+++ b/sys/dev/usb/uvideo.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: uvideo.h,v 1.62 2025/01/13 15:32:36 kirill Exp $ */
+/*	$OpenBSD: uvideo.h,v 1.63 2025/01/16 22:58:19 kirill Exp $ */
 
 /*
  * Copyright (c) 2007 Robert Nagy <robert@openbsd.org>
@@ -297,29 +297,101 @@ struct usb_video_probe_commit {
  */
 /* Table 2-1: Compression Formats */
 #define	UVIDEO_FORMAT_GUID_YUY2	{			\
-    'Y',  'U',  'Y',  '2',  '\0', 0x00, 0x10, 0x00,	\
+    'Y',  'U',  'Y',  '2',  0x00, 0x00, 0x10, 0x00,	\
     0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
 
 #define	UVIDEO_FORMAT_GUID_YV12	{			\
-    'Y',  'V',  '1',  '2',  '\0', 0x00, 0x10, 0x00,	\
+    'Y',  'V',  '1',  '2',  0x00, 0x00, 0x10, 0x00,	\
     0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
 
 #define	UVIDEO_FORMAT_GUID_I420	{			\
-    'I',  '4',  '2',  '0',  '\0', 0x00, 0x10, 0x00,	\
+    'I',  '4',  '2',  '0',  0x00, 0x00, 0x10, 0x00,	\
     0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
 
 #define	UVIDEO_FORMAT_GUID_Y800	{			\
-    'Y',  '8',  '0',  '0',  '\0', 0x00, 0x10, 0x00,	\
+    'Y',  '8',  '0',  '0',  0x00, 0x00, 0x10, 0x00,	\
     0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
 
 #define	UVIDEO_FORMAT_GUID_Y8	{			\
-    'Y',  '8',  ' ',  ' ',  '\0', 0x00, 0x10, 0x00,	\
+    'Y',  '8',  ' ',  ' ',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_D3DFMT_L8	{		\
+    0x32, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10, 0x00,	\
     0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
 
 #define	UVIDEO_FORMAT_GUID_KSMEDIA_L8_IR	{	\
     0x32, 0x00, 0x00, 0x00, 0x02, 0x00, 0x10, 0x00,	\
     0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
 
+#define	UVIDEO_FORMAT_GUID_BY8	{			\
+    'B',  'Y',  '8',  ' ',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_BA81	{			\
+    'B',  'A',  '8',  '1',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_GBRG	{			\
+    'G',  'B',  'R',  'G',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_GRBG	{			\
+    'G',  'R',  'B',  'G',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_RGGB	{			\
+    'R',  'G',  'G',  'B',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_RGBP	{			\
+    'R',  'G',  'B',  'P',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_D3DFMT_R5G6B5	{	\
+    0x7b, 0xeb, 0x36, 0xe4, 0x4f, 0x52, 0xce, 0x11,	\
+    0x9f, 0x53, 0x00, 0x20, 0xaf, 0x0b, 0xa7, 0x70 }
+
+#define	UVIDEO_FORMAT_GUID_BGR3	{			\
+    0x7d, 0xeb, 0x36, 0xe4, 0x4f, 0x52, 0xce, 0x11,	\
+    0x9f, 0x53, 0x00, 0x20, 0xaf, 0x0b, 0xa7, 0x70 }
+
+#define	UVIDEO_FORMAT_GUID_BGR4	{			\
+    0x7e, 0xeb, 0x36, 0xe4, 0x4f, 0x52, 0xce, 0x11,	\
+    0x9f, 0x53, 0x00, 0x20, 0xaf, 0x0b, 0xa7, 0x70 }
+
+#define	UVIDEO_FORMAT_GUID_H265	{			\
+    'H',  '2',  '6',  '5',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_RW10	{			\
+    'R',  'W',  '1',  '0',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_BG16	{			\
+    'B',  'G',  '1',  '6',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_GB16	{			\
+    'G',  'B',  '1',  '6',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_RG16	{			\
+    'R',  'G',  '1',  '6',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_GR16	{			\
+    'G',  'R',  '1',  '6',  0x00, 0x00, 0x10, 0x00,	\
+    0x80, 0x00, 0x00, 0xaa, 0x00, 0x38, 0x9b, 0x71 }
+
+#define	UVIDEO_FORMAT_GUID_INVZ	{			\
+    'I',  'N',  'V',  'Z',  0x90, 0x2d, 0x58, 0x4a,	\
+    0x92, 0x0b, 0x77, 0x3f, 0x1f, 0x2c, 0x55, 0x6b }
+
+#define	UVIDEO_FORMAT_GUID_INVI	{			\
+    'I',  'N',  'V',  'I',  0xdb, 0x57, 0x49, 0x5e,	\
+    0x8e, 0x3f, 0xf4, 0x79, 0x53, 0x2b, 0x94, 0x6f }
+
 /*
  * USB Video Payload MJPEG
  */
diff --git a/usr.bin/ssh/auth2.c b/usr.bin/ssh/auth2.c
index 86ee78742..5bdca61ae 100644
--- a/usr.bin/ssh/auth2.c
+++ b/usr.bin/ssh/auth2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2.c,v 1.169 2024/05/17 00:30:23 djm Exp $ */
+/* $OpenBSD: auth2.c,v 1.170 2025/01/17 00:09:41 dtucker Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -228,7 +228,7 @@ user_specific_delay(const char *user)
 	/* 0-4.2 ms of delay */
 	delay = (double)PEEK_U32(hash) / 1000 / 1000 / 1000 / 1000;
 	freezero(hash, len);
-	debug3_f("user specific delay %0.3lfms", delay/1000);
+	debug3_f("user specific delay %0.3lfms", delay*1000);
 	return MIN_FAIL_DELAY_SECONDS + delay;
 }
 
diff --git a/usr.bin/tmux/server-client.c b/usr.bin/tmux/server-client.c
index 4c59f5ba4..4e8bc7d33 100644
--- a/usr.bin/tmux/server-client.c
+++ b/usr.bin/tmux/server-client.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: server-client.c,v 1.423 2024/12/06 09:06:56 nicm Exp $ */
+/* $OpenBSD: server-client.c,v 1.424 2025/01/17 15:53:01 nicm Exp $ */
 
 /*
  * Copyright (c) 2009 Nicholas Marriott <nicholas.marriott@gmail.com>
@@ -159,7 +159,8 @@ server_client_clear_overlay(struct client *c)
 	c->overlay_data = NULL;
 
 	c->tty.flags &= ~(TTY_FREEZE|TTY_NOCURSOR);
-	window_update_focus(c->session->curw->window);
+	if (c->session != NULL)
+		window_update_focus(c->session->curw->window);
 	server_redraw_client(c);
 }
 
diff --git a/usr.sbin/bgpd/bgpd.8 b/usr.sbin/bgpd/bgpd.8
index 82cf5a6f3..230e872ff 100644
--- a/usr.sbin/bgpd/bgpd.8
+++ b/usr.sbin/bgpd/bgpd.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: bgpd.8,v 1.83 2025/01/13 13:50:34 claudio Exp $
+.\" $OpenBSD: bgpd.8,v 1.84 2025/01/17 12:38:14 claudio Exp $
 .\"
 .\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 13 2025 $
+.Dd $Mdocdate: January 17 2025 $
 .Dt BGPD 8
 .Os
 .Sh NAME
@@ -228,378 +228,246 @@ has been started.
 .Xr bgplgsh 8
 .Sh STANDARDS
 .Rs
-.%A R. Chandra
-.%A P. Traina
-.%A "T. Li"
 .%D August 1996
 .%R RFC 1997
 .%T BGP Communities Attribute
 .Re
 .Pp
 .Rs
-.%A A. Heffernan
 .%D August 1998
 .%R RFC 2385
 .%T Protection of BGP Sessions via the TCP MD5 Signature Option
 .Re
 .Pp
 .Rs
-.%A P. Marques
-.%A F. Dupont
 .%D March 1999
 .%R RFC 2545
 .%T Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
 .Re
 .Pp
 .Rs
-.%A E. Chen
 .%D September 2000
 .%R RFC 2918
 .%T Route Refresh Capability for BGP-4
 .Re
 .Pp
 .Rs
-.%A G. Huston
 .%D April 2004
 .%R RFC 3765
 .%T NOPEER Community for Border Gateway Protocol (BGP) Route Scope Control
 .Re
 .Pp
 .Rs
-.%A Y. Rekhter
-.%A "T. Li"
-.%A S. Hares
 .%D January 2006
 .%R RFC 4271
 .%T A Border Gateway Protocol 4 (BGP-4)
 .Re
 .Pp
 .Rs
-.%A S. Sangli
-.%A D. Tappan
-.%A Y. Rekhter
 .%D February 2006
 .%R RFC 4360
 .%T BGP Extended Communities Attribute
 .Re
 .Pp
 .Rs
-.%A E. Rosen
-.%A Y. Rekhter
 .%D February 2006
 .%R RFC 4364
 .%T BGP/MPLS IP Virtual Private Networks (VPNs)
 .Re
 .Pp
 .Rs
-.%A T. Bates
-.%A E. Chen
-.%A R. Chandra
 .%D April 2006
 .%R RFC 4456
 .%T "BGP Route Reflection: An Alternative to Full Mesh Internal BGP (IBGP)"
 .Re
 .Pp
 .Rs
-.%A E. Chen
-.%A V. Gillet
 .%D April 2006
 .%R RFC 4486
 .%T Subcodes for BGP Cease Notification Message
 .Re
 .Pp
 .Rs
-.%A S. Sangli
-.%A E. Chen
-.%A R. Fernando
-.%A J. Scudder
-.%A Y. Rekhter
 .%D January 2007
 .%R RFC 4724
 .%T Graceful Restart Mechanism for BGP
 .Re
 .Pp
 .Rs
-.%A T. Bates
-.%A R. Chandra
-.%A D. Katz
-.%A Y. Rekhter
 .%D January 2007
 .%R RFC 4760
 .%T Multiprotocol Extensions for BGP-4
 .Re
 .Pp
 .Rs
-.%A V. Gill
-.%A J. Heasley
-.%A D. Meyer
-.%A P. Savola
-.%A C. Pignataro
 .%D October 2007
 .%R RFC 5082
 .%T The Generalized TTL Security Mechanism (GTSM)
 .Re
 .Pp
 .Rs
-.%A J. Scudder
-.%A R. Chandra
 .%D February 2009
 .%R RFC 5492
 .%T Capabilities Advertisement with BGP-4
 .Re
 .Pp
 .Rs
-.%A Y. Rekhter
-.%A S. Sangli
-.%A D. Tappan
 .%D October 2009
 .%R RFC 5668
 .%T 4-Octet AS Specific BGP Extended Community
 .Re
 .Pp
 .Rs
-.%A E. Chen
-.%A J. Yuan
 .%D June 2011
 .%R RFC 6286
 .%T Autonomous-System-Wide Unique BGP Identifier for BGP-4
 .Re
 .Pp
 .Rs
-.%A J. Dong
-.%A M. Chen
-.%A A. Suryanarayana
 .%D May 2012
 .%R RFC 6608
 .%T Subcodes for BGP Finite State Machine Error
 .Re
 .Pp
 .Rs
-.%A Q. Vohra
-.%A E. Chen
 .%D Dec 2012
 .%R RFC 6793
 .%T BGP Support for Four-Octet Autonomous System (AS) Number Space
 .Re
 .Pp
 .Rs
-.%A E. Chen
-.%A J. Scudder
-.%A P. Mohapatra
-.%A K. Patel
 .%D August 2015
 .%R RFC 7606
 .%T Revised Error Handling for BGP UPDATE Messages
 .Re
 .Pp
 .Rs
-.%A L. Blunk
-.%A M. Karir
-.%A C. Labovitz
 .%D October 2011
 .%R RFC 6396
 .%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format
 .Re
 .Pp
 .Rs
-.%A J. Dong
-.%A M. Chen
-.%A A. Suryanarayana
 .%D May 2012
 .%R RFC 6608
 .%T Subcodes for BGP Finite State Machine Error
 .Re
 .Pp
 .Rs
-.%A K. Patel
-.%A E. Chen
-.%A B. Venkatachalapathy
 .%D July 2014
 .%R RFC 7313
 .%T Enhanced Route Refresh Capability for BGP-4
 .Re
 .Pp
 .Rs
-.%A W. Kumari
-.%A R. Bush
-.%A H. Schiller
-.%A K. Patel
 .%D August 2015
 .%R RFC 7607
 .%T Codification of AS 0 Processing
 .Re
 .Pp
 .Rs
-.%A D. Walton
-.%A A. Retana
-.%A E. Chen
-.%A J. Scudder
 .%D July 2016
 .%R RFC 7911
 .%T Advertisement of Multiple Paths in BGP
 .Re
 .Pp
 .Rs
-.%A E. Jasinska
-.%A N. Hilliard
-.%A R. Raszuk
-.%A N. Bakker
 .%D September 2016
 .%R RFC 7947
 .%T Internet Exchange BGP Route Server
 .Re
 .Pp
 .Rs
-.%A C. Petrie
-.%A T. King
 .%D May 2017
 .%R RFC 8050
 .%T Multi-Threaded Routing Toolkit (MRT) Routing Information Export Format with BGP Additional Path Extensions
 .Re
 .Pp
 .Rs
-.%A J. Heitz
-.%A J. Snijders
-.%A K. Patel
-.%A I. Bagdonas
-.%A N. Hilliard
 .%D February 2017
 .%R RFC 8092
 .%T BGP Large Communities Attribute
 .Re
 .Pp
 .Rs
-.%A P. Mohapatra
-.%A K. Patel
-.%A J. Scudder
-.%A D. Ward
-.%A R. Bush
 .%D March 2017
 .%R RFC 8097
 .%T BGP Prefix Origin Validation State Extended Community
 .Re
 .Pp
 .Rs
-.%A J. Snijders
-.%A J. Heitz
-.%A J. Scudder
 .%D July 2017
 .%R RFC 8203
 .%T BGP Administrative Shutdown Communication
 .Re
 .Pp
 .Rs
-.%A R. Bush
-.%A R. Austein
 .%D September 2017
 .%R RFC 8210
 .%T The Resource Public Key Infrastructure (RPKI) to Router Protocol, Version 1
 .Re
 .Pp
 .Rs
-.%A J. Mauch
-.%A J. Snijders
-.%A G. Hankins
 .%D July 2017
 .%R RFC 8212
 .%T Default External BGP (EBGP) Route Propagation Behavior without Policies
 .Re
 .Pp
 .Rs
-.%A P. Francois
-.%A B. Decraene
-.%A C. Pelsser
-.%A K. Patel
-.%A C. Filsfils
 .%D March 2018
 .%R RFC 8326
 .%T Graceful BGP Session Shutdown
 .Re
 .Pp
 .Rs
-.%A K. Patel
-.%A R. Fernando
-.%A J. Scudder
-.%A J. Haas
 .%D March 2019
 .%R RFC 8538
 .%T Notification Message Support for BGP Graceful Restart
 .Re
 .Pp
 .Rs
-.%A R. Bush
-.%A K. Patel
-.%A D. Ward
 .%D October 2019
 .%R RFC 8654
 .%T Extended Message Support for BGP
 .Re
 .Pp
 .Rs
-.%A S. Litkowski
-.%A S. Agrawal
-.%A K. Ananthamurthy
-.%A K. Patel
 .%D November 2020
 .%R RFC 8950
 .%T Advertising IPv4 Network Layer Reachability Information (NLRI) with an IPv6 Next Hop
 .Re
 .Pp
 .Rs
-.%A C. Loibl
-.%A S. Hares
-.%A R. Raszuk
-.%A D. McPherson
-.%A M. Bacher
 .%D December 2020
 .%R RFC 8955
 .%T Dissemination of Flow Specification Rules
 .Re
 .Pp
 .Rs
-.%A C. Loibl
-.%A R. Raszuk
-.%A S. Hares
 .%D December 2020
 .%R RFC 8956
 .%T Dissemination of Flow Specification Rules for IPv6
 .Re
 .Pp
 .Rs
-.%A E. Chen
-.%A J. Scudder
 .%D July 2021
 .%R RFC 9072
 .%T Extended Optional Parameters Length for BGP OPEN Message
 .Re
 .Pp
 .Rs
-.%A A. Azimov
-.%A E. Bogomazov
-.%A R. Bush
-.%A K. Patel
-.%A K. Sriram
 .%D May 2022
 .%R RFC 9234
 .%T Route Leak Prevention and Detection Using Roles in UPDATE and OPEN Messages
 .Re
 .Pp
 .Rs
-.%A J. Snijders
-.%A B. Cartwright-Cox
-.%A Y. Qu
 .%D November 2024
 .%R RFC 9687
 .%T Border Gateway Protocol 4 (BGP-4) Send Hold Timer
 .Re
 .Pp
 .Rs
-.%A A. Azimov
-.%A E. Bogomazov
-.%A R. Bush
-.%A K. Patel
-.%A J. Snijders
-.%A K. Sriram
 .%D October 2022
 .%R draft-ietf-sidrops-aspa-verification
 .%T BGP AS_PATH Verification Based on Resource Public Key Infrastructure (RPKI) Autonomous System Provider Authorization (ASPA) Objects
diff --git a/usr.sbin/rpki-client/rpki-client.8 b/usr.sbin/rpki-client/rpki-client.8
index 026f0001e..73bbf6a53 100644
--- a/usr.sbin/rpki-client/rpki-client.8
+++ b/usr.sbin/rpki-client/rpki-client.8
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: rpki-client.8,v 1.119 2025/01/03 10:32:21 job Exp $
+.\"	$OpenBSD: rpki-client.8,v 1.120 2025/01/17 00:20:15 job Exp $
 .\"
 .\" Copyright (c) 2019 Kristaps Dzonsons <kristaps@bsd.lv>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: January 3 2025 $
+.Dd $Mdocdate: January 17 2025 $
 .Dt RPKI-CLIENT 8
 .Os
 .Sh NAME
@@ -303,6 +303,7 @@ URL of HTTP proxy to use.
 default TAL files used unless
 .Fl t Ar tal
 is specified.
+The TAL files of the five Regional Internet Registries are included.
 .It Pa /etc/rpki/*.constraints
 files containing registry-specific constraints to restrict what IP addresses
 and AS identifiers may or may not appear in EE certificates subordinate to the
@@ -316,11 +317,6 @@ cached repository data.
 .It Pa /var/db/rpki-client/openbgpd
 default roa-set output file.
 .El
-.Pp
-All the top-level TAL are included, except the ARIN TAL which is not
-made available with terms compatible with open source.
-That public key is treated as a proprietary object in a lengthy legal
-agreement regarding ARIN service restrictions.
 .Sh EXIT STATUS
 .Ex -std
 .Sh SEE ALSO