Ignore ENGINE at the API boundary

This removes the remaining ENGINE members from various internal structs
and functions. Any ENGINE passed into a public API is now completely
ignored functions returning an ENGINE always return NULL.

ok jsing

19 files changed, 61 insertions, 84 deletions

diff --git a/src/lib/libcrypto/asn1/ameth_lib.c b/src/lib/libcrypto/asn1/ameth_lib.c
index 42f2f6fd52..aa4bb87667 100644
--- a/src/lib/libcrypto/asn1/ameth_lib.c
+++ b/src/lib/libcrypto/asn1/ameth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ameth_lib.c,v 1.33 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: ameth_lib.c,v 1.34 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -158,6 +158,9 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
 {
         const EVP_PKEY_ASN1_METHOD *mp;
 
+        if (pe != NULL)
+                *pe = NULL;
+
         for (;;) {
                 if ((mp = pkey_asn1_find(type)) == NULL)
                         break;
@@ -165,9 +168,7 @@ EVP_PKEY_asn1_find(ENGINE **pe, int type)
                         break;
                 type = mp->pkey_base_id;
         }
-        if (pe) {
-                *pe = NULL;
-        }
+
         return mp;
 }
 
@@ -179,9 +180,8 @@ EVP_PKEY_asn1_find_str(ENGINE **pe, const char *str, int len)
 
         if (len == -1)
                 len = strlen(str);
-        if (pe) {
+        if (pe != NULL)
                 *pe = NULL;
-        }
         for (i = EVP_PKEY_asn1_get_count() - 1; i >= 0; i--) {
                 ameth = EVP_PKEY_asn1_get0(i);
                 if (ameth->pkey_flags & ASN1_PKEY_ALIAS)
diff --git a/src/lib/libcrypto/cmac/cm_pmeth.c b/src/lib/libcrypto/cmac/cm_pmeth.c
index d47cfb7b73..fa2d53e53d 100644
--- a/src/lib/libcrypto/cmac/cm_pmeth.c
+++ b/src/lib/libcrypto/cmac/cm_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cm_pmeth.c,v 1.10 2022/11/26 16:08:51 tb Exp $ */
+/* $OpenBSD: cm_pmeth.c,v 1.11 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2010.
  */
@@ -143,7 +143,7 @@ pkey_cmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
                 break;
 
         case EVP_PKEY_CTRL_CIPHER:
-                if (!CMAC_Init(cmctx, NULL, 0, p2, ctx->engine))
+                if (!CMAC_Init(cmctx, NULL, 0, p2, NULL))
                         return 0;
                 break;
 
diff --git a/src/lib/libcrypto/cmac/cmac.c b/src/lib/libcrypto/cmac/cmac.c
index f5b5f5e320..f653219b8f 100644
--- a/src/lib/libcrypto/cmac/cmac.c
+++ b/src/lib/libcrypto/cmac/cmac.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: cmac.c,v 1.15 2023/11/29 18:11:10 tb Exp $ */
+/* $OpenBSD: cmac.c,v 1.16 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project.
  */
@@ -178,7 +178,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
         int bl;
 
         /* All zeros means restart */
-        if (key == NULL && cipher == NULL && impl == NULL && keylen == 0) {
+        if (key == NULL && cipher == NULL && keylen == 0) {
                 /* Not initialised */
                 if (ctx->nlast_block == -1)
                         return 0;
@@ -191,7 +191,7 @@ CMAC_Init(CMAC_CTX *ctx, const void *key, size_t keylen,
 
         /* Initialise context. */
         if (cipher != NULL) {
-                if (!EVP_EncryptInit_ex(&ctx->cctx, cipher, impl, NULL, NULL))
+                if (!EVP_EncryptInit_ex(&ctx->cctx, cipher, NULL, NULL, NULL))
                         return 0;
         }
 
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c
index 90ce7625c6..d8698859f0 100644
--- a/src/lib/libcrypto/dh/dh_lib.c
+++ b/src/lib/libcrypto/dh/dh_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_lib.c,v 1.42 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: dh_lib.c,v 1.43 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -230,7 +230,7 @@ LCRYPTO_ALIAS(DH_security_bits);
 ENGINE *
 DH_get0_engine(DH *dh)
 {
-        return dh->engine;
+        return NULL;
 }
 LCRYPTO_ALIAS(DH_get0_engine);
 
diff --git a/src/lib/libcrypto/dh/dh_local.h b/src/lib/libcrypto/dh/dh_local.h
index 928f2c0c8b..22e2256906 100644
--- a/src/lib/libcrypto/dh/dh_local.h
+++ b/src/lib/libcrypto/dh/dh_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_local.h,v 1.3 2022/01/14 08:25:44 tb Exp $ */
+/* $OpenBSD: dh_local.h,v 1.4 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -100,7 +100,6 @@ struct dh_st {
         int references;
         CRYPTO_EX_DATA ex_data;
         const DH_METHOD *meth;
-        ENGINE *engine;
 };
 
 /*
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c
index 5c01c20255..65eb65288d 100644
--- a/src/lib/libcrypto/dsa/dsa_lib.c
+++ b/src/lib/libcrypto/dsa/dsa_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_lib.c,v 1.45 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: dsa_lib.c,v 1.46 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -397,7 +397,7 @@ LCRYPTO_ALIAS(DSA_set_flags);
 ENGINE *
 DSA_get0_engine(DSA *d)
 {
-        return d->engine;
+        return NULL;
 }
 LCRYPTO_ALIAS(DSA_get0_engine);
 
diff --git a/src/lib/libcrypto/dsa/dsa_local.h b/src/lib/libcrypto/dsa/dsa_local.h
index a413db9747..3e688b8ce6 100644
--- a/src/lib/libcrypto/dsa/dsa_local.h
+++ b/src/lib/libcrypto/dsa/dsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_local.h,v 1.2 2023/03/04 20:54:52 tb Exp $ */
+/* $OpenBSD: dsa_local.h,v 1.3 2023/11/29 21:35:57 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 2007 The OpenSSL Project.  All rights reserved.
  *
@@ -106,8 +106,6 @@ struct dsa_st {
         int references;
         CRYPTO_EX_DATA ex_data;
         const DSA_METHOD *meth;
-        /* functional reference if 'meth' is ENGINE-provided */
-        ENGINE *engine;
 } /* DSA */;
 
 int dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits,
diff --git a/src/lib/libcrypto/ec/ec_key.c b/src/lib/libcrypto/ec/ec_key.c
index 2716db6dd0..dd976898ad 100644
--- a/src/lib/libcrypto/ec/ec_key.c
+++ b/src/lib/libcrypto/ec/ec_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_key.c,v 1.38 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: ec_key.c,v 1.39 2023/11/29 21:35:57 tb Exp $ */
 /*
  * Written by Nils Larsch for the OpenSSL project.
  */
@@ -191,7 +191,7 @@ EC_KEY_dup(const EC_KEY *ec_key)
 {
         EC_KEY *ret;
 
-        if ((ret = EC_KEY_new_method(ec_key->engine)) == NULL)
+        if ((ret = EC_KEY_new_method(NULL)) == NULL)
                 return NULL;
         if (EC_KEY_copy(ret, ec_key) == NULL) {
                 EC_KEY_free(ret);
diff --git a/src/lib/libcrypto/ec/ec_local.h b/src/lib/libcrypto/ec/ec_local.h
index 3252eeb1c8..6ea78eaac4 100644
--- a/src/lib/libcrypto/ec/ec_local.h
+++ b/src/lib/libcrypto/ec/ec_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_local.h,v 1.26 2023/07/28 15:50:33 tb Exp $ */
+/* $OpenBSD: ec_local.h,v 1.27 2023/11/29 21:35:57 tb Exp $ */
 /*
  * Originally written by Bodo Moeller for the OpenSSL project.
  */
@@ -223,7 +223,6 @@ struct ec_group_st {
 
 struct ec_key_st {
         const EC_KEY_METHOD *meth;
-        ENGINE  *engine;
 
         int version;
 
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c
index 9a2a304250..ee0c68e707 100644
--- a/src/lib/libcrypto/evp/digest.c
+++ b/src/lib/libcrypto/evp/digest.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: digest.c,v 1.39 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: digest.c,v 1.40 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -271,7 +271,7 @@ EVP_Digest(const void *data, size_t count,
 
         EVP_MD_CTX_init(&ctx);
         EVP_MD_CTX_set_flags(&ctx, EVP_MD_CTX_FLAG_ONESHOT);
-        ret = EVP_DigestInit_ex(&ctx, type, impl) &&
+        ret = EVP_DigestInit_ex(&ctx, type, NULL) &&
             EVP_DigestUpdate(&ctx, data, count) &&
             EVP_DigestFinal_ex(&ctx, md, size);
         EVP_MD_CTX_cleanup(&ctx);
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c
index 172d8b4019..0867070a76 100644
--- a/src/lib/libcrypto/evp/evp_enc.c
+++ b/src/lib/libcrypto/evp/evp_enc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_enc.c,v 1.55 2023/11/19 15:46:09 tb Exp $ */
+/* $OpenBSD: evp_enc.c,v 1.56 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -93,7 +93,7 @@ EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
         if (cipher) {
                 /* Ensure a context left lying around from last time is cleared
                  * (the previous check attempted to avoid this if the same
-                 * ENGINE and EVP_CIPHER could be used). */
+                 * EVP_CIPHER could be used). */
                 if (ctx->cipher) {
                         unsigned long flags = ctx->flags;
                         EVP_CIPHER_CTX_cleanup(ctx);
@@ -236,7 +236,7 @@ int
 EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
     const unsigned char *key, const unsigned char *iv)
 {
-        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1);
+        return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 1);
 }
 
 int
@@ -250,7 +250,7 @@ int
 EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl,
     const unsigned char *key, const unsigned char *iv)
 {
-        return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0);
+        return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0);
 }
 
 int
diff --git a/src/lib/libcrypto/evp/evp_local.h b/src/lib/libcrypto/evp/evp_local.h
index 015fbb50a9..5df1733cbc 100644
--- a/src/lib/libcrypto/evp/evp_local.h
+++ b/src/lib/libcrypto/evp/evp_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: evp_local.h,v 1.5 2023/09/28 11:29:10 tb Exp $ */
+/* $OpenBSD: evp_local.h,v 1.6 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -97,7 +97,6 @@ struct evp_pkey_st {
         int save_type;
         int references;
         const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *engine;
         union   {
                 void *ptr;
 #ifndef OPENSSL_NO_RSA
@@ -140,7 +139,6 @@ struct evp_md_st {
 
 struct evp_md_ctx_st {
         const EVP_MD *digest;
-        ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */
         unsigned long flags;
         void *md_data;
         /* Public key context for sign/verify */
@@ -169,7 +167,6 @@ struct evp_cipher_st {
 
 struct evp_cipher_ctx_st {
         const EVP_CIPHER *cipher;
-        ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */
         int encrypt;            /* encrypt or decrypt */
         int buf_len;            /* number we have left */
 
@@ -205,8 +202,6 @@ struct evp_Encode_Ctx_st {
 struct evp_pkey_ctx_st {
         /* Method associated with this operation */
         const EVP_PKEY_METHOD *pmeth;
-        /* Engine that implements this method or NULL if builtin */
-        ENGINE *engine;
         /* Key: may be NULL */
         EVP_PKEY *pkey;
         /* Peer key for key agreement, may be NULL */
diff --git a/src/lib/libcrypto/evp/m_sigver.c b/src/lib/libcrypto/evp/m_sigver.c
index 47c01f784a..3ce7f7e2a6 100644
--- a/src/lib/libcrypto/evp/m_sigver.c
+++ b/src/lib/libcrypto/evp/m_sigver.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: m_sigver.c,v 1.13 2023/07/07 19:37:53 beck Exp $ */
+/* $OpenBSD: m_sigver.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -74,10 +74,10 @@ update_oneshot_only(EVP_MD_CTX *ctx, const void *data, size_t datalen)
 
 static int
 do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
-    ENGINE *e, EVP_PKEY *pkey, int ver)
+    EVP_PKEY *pkey, int ver)
 {
         if (ctx->pctx == NULL)
-                ctx->pctx = EVP_PKEY_CTX_new(pkey, e);
+                ctx->pctx = EVP_PKEY_CTX_new(pkey, NULL);
         if (ctx->pctx == NULL)
                 return 0;
 
@@ -122,7 +122,7 @@ do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
                 *pctx = ctx->pctx;
         if (ctx->pctx->pmeth->flags & EVP_PKEY_FLAG_SIGCTX_CUSTOM)
                 return 1;
-        if (!EVP_DigestInit_ex(ctx, type, e))
+        if (!EVP_DigestInit_ex(ctx, type, NULL))
                 return 0;
         return 1;
 }
@@ -131,14 +131,14 @@ int
 EVP_DigestSignInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
     ENGINE *e, EVP_PKEY *pkey)
 {
-        return do_sigver_init(ctx, pctx, type, e, pkey, 0);
+        return do_sigver_init(ctx, pctx, type, pkey, 0);
 }
 
 int
 EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type,
     ENGINE *e, EVP_PKEY *pkey)
 {
-        return do_sigver_init(ctx, pctx, type, e, pkey, 1);
+        return do_sigver_init(ctx, pctx, type, pkey, 1);
 }
 
 int
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c
index eaeb456cbb..4591c05234 100644
--- a/src/lib/libcrypto/evp/p_lib.c
+++ b/src/lib/libcrypto/evp/p_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: p_lib.c,v 1.38 2023/11/19 15:46:10 tb Exp $ */
+/* $OpenBSD: p_lib.c,v 1.39 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -206,7 +206,6 @@ EVP_PKEY_new(void)
         ret->save_type = EVP_PKEY_NONE;
         ret->references = 1;
         ret->ameth = NULL;
-        ret->engine = NULL;
         ret->pkey.ptr = NULL;
         ret->attributes = NULL;
         ret->save_parameters = 1;
@@ -220,18 +219,14 @@ EVP_PKEY_up_ref(EVP_PKEY *pkey)
         return ((refs > 1) ? 1 : 0);
 }
 
-/* Setup a public key ASN1 method and ENGINE from a NID or a string.
+/* Setup a public key ASN1 method from a NID or a string.
  * If pkey is NULL just return 1 or 0 if the algorithm exists.
  */
 
 static int
-pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
+pkey_set_type(EVP_PKEY *pkey, int type, const char *str, int len)
 {
         const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE **eptr = NULL;
-
-        if (e == NULL)
-                eptr = &e;
 
         if (pkey) {
                 if (pkey->pkey.ptr)
@@ -242,17 +237,16 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
                 if ((type == pkey->save_type) && pkey->ameth)
                         return 1;
         }
-        if (str)
-                ameth = EVP_PKEY_asn1_find_str(eptr, str, len);
+        if (str != NULL)
+                ameth = EVP_PKEY_asn1_find_str(NULL, str, len);
         else
-                ameth = EVP_PKEY_asn1_find(eptr, type);
+                ameth = EVP_PKEY_asn1_find(NULL, type);
         if (!ameth) {
                 EVPerror(EVP_R_UNSUPPORTED_ALGORITHM);
                 return 0;
         }
         if (pkey) {
                 pkey->ameth = ameth;
-                pkey->engine = e;
 
                 pkey->type = pkey->ameth->pkey_id;
                 pkey->save_type = type;
@@ -263,7 +257,7 @@ pkey_set_type(EVP_PKEY *pkey, ENGINE *e, int type, const char *str, int len)
 int
 EVP_PKEY_set_type(EVP_PKEY *pkey, int type)
 {
-        return pkey_set_type(pkey, NULL, type, NULL, -1);
+        return pkey_set_type(pkey, type, NULL, -1);
 }
 
 EVP_PKEY *
@@ -275,7 +269,7 @@ EVP_PKEY_new_raw_private_key(int type, ENGINE *engine,
         if ((ret = EVP_PKEY_new()) == NULL)
                 goto err;
 
-        if (!pkey_set_type(ret, engine, type, NULL, -1))
+        if (!pkey_set_type(ret, type, NULL, -1))
                 goto err;
 
         if (ret->ameth->set_priv_key == NULL) {
@@ -304,7 +298,7 @@ EVP_PKEY_new_raw_public_key(int type, ENGINE *engine,
         if ((ret = EVP_PKEY_new()) == NULL)
                 goto err;
 
-        if (!pkey_set_type(ret, engine, type, NULL, -1))
+        if (!pkey_set_type(ret, type, NULL, -1))
                 goto err;
 
         if (ret->ameth->set_pub_key == NULL) {
@@ -368,10 +362,10 @@ EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
         if ((cmctx = CMAC_CTX_new()) == NULL)
                 goto err;
 
-        if (!pkey_set_type(ret, e, EVP_PKEY_CMAC, NULL, -1))
+        if (!pkey_set_type(ret, EVP_PKEY_CMAC, NULL, -1))
                 goto err;
 
-        if (!CMAC_Init(cmctx, priv, len, cipher, e)) {
+        if (!CMAC_Init(cmctx, priv, len, cipher, NULL)) {
                 EVPerror(EVP_R_KEY_SETUP_FAILED);
                 goto err;
         }
@@ -389,7 +383,7 @@ EVP_PKEY_new_CMAC_key(ENGINE *e, const unsigned char *priv, size_t len,
 int
 EVP_PKEY_set_type_str(EVP_PKEY *pkey, const char *str, int len)
 {
-        return pkey_set_type(pkey, NULL, EVP_PKEY_NONE, str, len);
+        return pkey_set_type(pkey, EVP_PKEY_NONE, str, len);
 }
 
 int
@@ -563,15 +557,12 @@ EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key)
 int
 EVP_PKEY_type(int type)
 {
-        int ret;
         const EVP_PKEY_ASN1_METHOD *ameth;
-        ENGINE *e;
-        ameth = EVP_PKEY_asn1_find(&e, type);
-        if (ameth)
-                ret = ameth->pkey_id;
-        else
-                ret = NID_undef;
-        return ret;
+
+        if ((ameth = EVP_PKEY_asn1_find(NULL, type)) != NULL)
+                return ameth->pkey_id;
+
+        return NID_undef;
 }
 
 int
diff --git a/src/lib/libcrypto/evp/pmeth_gn.c b/src/lib/libcrypto/evp/pmeth_gn.c
index b4c0395d97..c91076b8db 100644
--- a/src/lib/libcrypto/evp/pmeth_gn.c
+++ b/src/lib/libcrypto/evp/pmeth_gn.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_gn.c,v 1.13 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: pmeth_gn.c,v 1.14 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -208,7 +208,7 @@ EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen)
         EVP_PKEY_CTX *mac_ctx = NULL;
         EVP_PKEY *mac_key = NULL;
 
-        mac_ctx = EVP_PKEY_CTX_new_id(type, e);
+        mac_ctx = EVP_PKEY_CTX_new_id(type, NULL);
         if (!mac_ctx)
                 return NULL;
         if (EVP_PKEY_keygen_init(mac_ctx) <= 0)
diff --git a/src/lib/libcrypto/evp/pmeth_lib.c b/src/lib/libcrypto/evp/pmeth_lib.c
index 7ebf273415..cf27862488 100644
--- a/src/lib/libcrypto/evp/pmeth_lib.c
+++ b/src/lib/libcrypto/evp/pmeth_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pmeth_lib.c,v 1.34 2023/11/19 15:43:52 tb Exp $ */
+/* $OpenBSD: pmeth_lib.c,v 1.35 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2006.
  */
@@ -147,7 +147,7 @@ EVP_PKEY_meth_find(int type)
 }
 
 static EVP_PKEY_CTX *
-evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
+evp_pkey_ctx_new(EVP_PKEY *pkey, int id)
 {
         EVP_PKEY_CTX *pkey_ctx = NULL;
         const EVP_PKEY_METHOD *pmeth;
@@ -167,8 +167,6 @@ evp_pkey_ctx_new(EVP_PKEY *pkey, ENGINE *engine, int id)
                 EVPerror(ERR_R_MALLOC_FAILURE);
                 goto err;
         }
-        pkey_ctx->engine = engine;
-        engine = NULL;
         pkey_ctx->pmeth = pmeth;
         pkey_ctx->operation = EVP_PKEY_OP_UNDEFINED;
         if ((pkey_ctx->pkey = pkey) != NULL)
@@ -234,13 +232,13 @@ EVP_PKEY_meth_free(EVP_PKEY_METHOD *pmeth)
 EVP_PKEY_CTX *
 EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *engine)
 {
-        return evp_pkey_ctx_new(pkey, engine, -1);
+        return evp_pkey_ctx_new(pkey, -1);
 }
 
 EVP_PKEY_CTX *
 EVP_PKEY_CTX_new_id(int id, ENGINE *engine)
 {
-        return evp_pkey_ctx_new(NULL, engine, id);
+        return evp_pkey_ctx_new(NULL, id);
 }
 
 EVP_PKEY_CTX *
diff --git a/src/lib/libcrypto/hmac/hm_pmeth.c b/src/lib/libcrypto/hmac/hm_pmeth.c
index bb043d1a23..5ec86aa095 100644
--- a/src/lib/libcrypto/hmac/hm_pmeth.c
+++ b/src/lib/libcrypto/hmac/hm_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hm_pmeth.c,v 1.15 2022/11/26 16:08:53 tb Exp $ */
+/* $OpenBSD: hm_pmeth.c,v 1.16 2023/11/29 21:35:57 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2007.
  */
@@ -204,7 +204,7 @@ pkey_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
         case EVP_PKEY_CTRL_DIGESTINIT:
                 key = ctx->pkey->pkey.ptr;
                 if (!HMAC_Init_ex(&hctx->ctx, key->data, key->length, hctx->md,
-                    ctx->engine))
+                    NULL))
                         return 0;
                 break;
 
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c
index db0e75518b..d4e6599a77 100644
--- a/src/lib/libcrypto/pem/pem_lib.c
+++ b/src/lib/libcrypto/pem/pem_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pem_lib.c,v 1.54 2023/11/19 15:46:10 tb Exp $ */
+/* $OpenBSD: pem_lib.c,v 1.55 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -220,8 +220,7 @@ check_pem(const char *nm, const char *name)
                 const EVP_PKEY_ASN1_METHOD *ameth;
                 slen = pem_check_suffix(nm, "PARAMETERS");
                 if (slen > 0) {
-                        ENGINE *e;
-                        ameth = EVP_PKEY_asn1_find_str(&e, nm, slen);
+                        ameth = EVP_PKEY_asn1_find_str(NULL, nm, slen);
                         if (ameth) {
                                 int r;
                                 if (ameth->param_decode)
diff --git a/src/lib/libcrypto/rsa/rsa_local.h b/src/lib/libcrypto/rsa/rsa_local.h
index 51ed925908..f2639d59b1 100644
--- a/src/lib/libcrypto/rsa/rsa_local.h
+++ b/src/lib/libcrypto/rsa/rsa_local.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_local.h,v 1.6 2023/08/09 12:09:06 tb Exp $ */
+/* $OpenBSD: rsa_local.h,v 1.7 2023/11/29 21:35:57 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -108,8 +108,6 @@ struct rsa_st {
         long version;
         const RSA_METHOD *meth;
 
-        /* functional reference if 'meth' is ENGINE-provided */
-        ENGINE *engine;
         BIGNUM *n;
         BIGNUM *e;
         BIGNUM *d;