33 files changed, 9 insertions, 4967 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 9067c5673e..d44a18846f 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.145 2023/07/28 09:46:36 tb Exp $
+# $OpenBSD: Makefile,v 1.146 2023/07/28 09:53:55 tb Exp $
 LIB=    crypto
 LIBREBUILD=y
@@ -28,9 +28,6 @@ CFLAGS+= -DLIBRESSL_NAMESPACE -DLIBRESSL_CRYPTO_NAMESPACE
 CFLAGS+= -DHAVE_FUNOPEN
 .endif
-# Hardware engines
-CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this?
 CFLAGS+= -I${LCRYPTO_SRC}
 CFLAGS+= -I${LCRYPTO_SRC}/arch/${MACHINE_CPU}
 CFLAGS+= -I${LCRYPTO_SRC}/asn1
@@ -346,28 +343,6 @@ SRCS+= ecdsa.c
 # engine/
 SRCS+= engine_stubs.c
-SRCS+= eng_all.c
-SRCS+= eng_cnf.c
-SRCS+= eng_ctrl.c
-SRCS+= eng_dyn.c
-SRCS+= eng_err.c
-SRCS+= eng_fat.c
-SRCS+= eng_init.c
-SRCS+= eng_lib.c
-SRCS+= eng_list.c
-SRCS+= eng_openssl.c
-SRCS+= eng_pkey.c
-SRCS+= eng_table.c
-SRCS+= tb_asnmth.c
-SRCS+= tb_cipher.c
-SRCS+= tb_dh.c
-SRCS+= tb_digest.c
-SRCS+= tb_dsa.c
-SRCS+= tb_eckey.c
-SRCS+= tb_pkmeth.c
-SRCS+= tb_rand.c
-SRCS+= tb_rsa.c
-SRCS+= tb_store.c
 # err/
 SRCS+= err.c
diff --git a/src/lib/libcrypto/Symbols.list b/src/lib/libcrypto/Symbols.list
index 8b35d5ca44..d0484a5d4c 100644
--- a/src/lib/libcrypto/Symbols.list
+++ b/src/lib/libcrypto/Symbols.list
@@ -1129,136 +1129,25 @@ ED25519_verify
 EDIPARTYNAME_free
 EDIPARTYNAME_it
 EDIPARTYNAME_new
-ENGINE_add
-ENGINE_add_conf_module
 ENGINE_by_id
 ENGINE_cleanup
-ENGINE_cmd_is_executable
-ENGINE_ctrl
 ENGINE_ctrl_cmd
 ENGINE_ctrl_cmd_string
 ENGINE_finish
 ENGINE_free
-ENGINE_get_DH
-ENGINE_get_DSA
-ENGINE_get_EC
-ENGINE_get_RAND
-ENGINE_get_RSA
-ENGINE_get_STORE
-ENGINE_get_cipher
-ENGINE_get_cipher_engine
-ENGINE_get_ciphers
-ENGINE_get_cmd_defns
-ENGINE_get_ctrl_function
-ENGINE_get_default_DH
-ENGINE_get_default_DSA
-ENGINE_get_default_EC
-ENGINE_get_default_RAND
 ENGINE_get_default_RSA
-ENGINE_get_destroy_function
-ENGINE_get_digest
-ENGINE_get_digest_engine
-ENGINE_get_digests
-ENGINE_get_ex_data
-ENGINE_get_ex_new_index
-ENGINE_get_finish_function
-ENGINE_get_first
-ENGINE_get_flags
 ENGINE_get_id
-ENGINE_get_init_function
-ENGINE_get_last
-ENGINE_get_load_privkey_function
-ENGINE_get_load_pubkey_function
 ENGINE_get_name
-ENGINE_get_next
-ENGINE_get_pkey_asn1_meth
-ENGINE_get_pkey_asn1_meth_engine
-ENGINE_get_pkey_asn1_meth_str
-ENGINE_get_pkey_asn1_meths
-ENGINE_get_pkey_meth
-ENGINE_get_pkey_meth_engine
-ENGINE_get_pkey_meths
-ENGINE_get_prev
-ENGINE_get_ssl_client_cert_function
-ENGINE_get_static_state
-ENGINE_get_table_flags
 ENGINE_init
 ENGINE_load_builtin_engines
 ENGINE_load_dynamic
 ENGINE_load_openssl
 ENGINE_load_private_key
 ENGINE_load_public_key
-ENGINE_load_ssl_client_cert
 ENGINE_new
-ENGINE_pkey_asn1_find_str
-ENGINE_register_DH
-ENGINE_register_DSA
-ENGINE_register_EC
-ENGINE_register_RAND
-ENGINE_register_RSA
-ENGINE_register_STORE
-ENGINE_register_all_DH
-ENGINE_register_all_DSA
-ENGINE_register_all_EC
-ENGINE_register_all_RAND
-ENGINE_register_all_RSA
-ENGINE_register_all_STORE
-ENGINE_register_all_ciphers
 ENGINE_register_all_complete
-ENGINE_register_all_digests
-ENGINE_register_all_pkey_asn1_meths
-ENGINE_register_all_pkey_meths
-ENGINE_register_ciphers
-ENGINE_register_complete
-ENGINE_register_digests
-ENGINE_register_pkey_asn1_meths
-ENGINE_register_pkey_meths
-ENGINE_remove
-ENGINE_set_DH
-ENGINE_set_DSA
-ENGINE_set_EC
-ENGINE_set_RAND
-ENGINE_set_RSA
-ENGINE_set_STORE
-ENGINE_set_ciphers
-ENGINE_set_cmd_defns
-ENGINE_set_ctrl_function
 ENGINE_set_default
-ENGINE_set_default_DH
-ENGINE_set_default_DSA
-ENGINE_set_default_EC
-ENGINE_set_default_RAND
 ENGINE_set_default_RSA
-ENGINE_set_default_ciphers
-ENGINE_set_default_digests
-ENGINE_set_default_pkey_asn1_meths
-ENGINE_set_default_pkey_meths
-ENGINE_set_default_string
-ENGINE_set_destroy_function
-ENGINE_set_digests
-ENGINE_set_ex_data
-ENGINE_set_finish_function
-ENGINE_set_flags
-ENGINE_set_id
-ENGINE_set_init_function
-ENGINE_set_load_privkey_function
-ENGINE_set_load_pubkey_function
-ENGINE_set_load_ssl_client_cert_function
-ENGINE_set_name
-ENGINE_set_pkey_asn1_meths
-ENGINE_set_pkey_meths
-ENGINE_set_table_flags
-ENGINE_unregister_DH
-ENGINE_unregister_DSA
-ENGINE_unregister_EC
-ENGINE_unregister_RAND
-ENGINE_unregister_RSA
-ENGINE_unregister_STORE
-ENGINE_unregister_ciphers
-ENGINE_unregister_digests
-ENGINE_unregister_pkey_asn1_meths
-ENGINE_unregister_pkey_meths
-ENGINE_up_ref
 ERR_add_error_data
 ERR_add_error_vdata
 ERR_asprintf_error_data
@@ -1286,7 +1175,6 @@ ERR_load_CRYPTO_strings
 ERR_load_DH_strings
 ERR_load_DSA_strings
 ERR_load_EC_strings
-ERR_load_ENGINE_strings
 ERR_load_ERR_strings
 ERR_load_EVP_strings
 ERR_load_GOST_strings
@@ -2387,7 +2275,6 @@ RAND_load_file
 RAND_poll
 RAND_pseudo_bytes
 RAND_seed
-RAND_set_rand_engine
 RAND_set_rand_method
 RAND_status
 RAND_write_file
@@ -2606,9 +2493,7 @@ TS_CONF_load_key
 TS_CONF_set_accuracy
 TS_CONF_set_certs
 TS_CONF_set_clock_precision_digits
-TS_CONF_set_crypto_device
 TS_CONF_set_def_policy
-TS_CONF_set_default_engine
 TS_CONF_set_digests
 TS_CONF_set_ess_cert_id_chain
 TS_CONF_set_ordering
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index adaac43146..b8ca3539ec 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -1417,7 +1417,6 @@ _libre_ERR_get_implementation
 _libre_ERR_set_implementation
 _libre_RAND_set_rand_method
 _libre_RAND_get_rand_method
-_libre_RAND_set_rand_engine
 _libre_RAND_SSLeay
 _libre_ERR_load_RAND_strings
 _libre_ECDSA_SIG_new
@@ -1616,8 +1615,6 @@ _libre_TS_CONF_load_certs
 _libre_TS_CONF_load_key
 _libre_TS_CONF_get_tsa_section
 _libre_TS_CONF_set_serial
-_libre_TS_CONF_set_crypto_device
-_libre_TS_CONF_set_default_engine
 _libre_TS_CONF_set_signer_cert
 _libre_TS_CONF_set_certs
 _libre_TS_CONF_set_signer_key
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README
deleted file mode 100644
index bc4a9041ff..0000000000
--- a/src/lib/libcrypto/engine/README
+++ /dev/null
@@ -1,211 +0,0 @@
-Notes: 2001-09-24
-----------------
-This "description" (if one chooses to call it that) needed some major updating
-so here goes. This update addresses a change being made at the same time to
-OpenSSL, and it pretty much completely restructures the underlying mechanics of
-the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals
-for masochists" document *and* a rather extensive commit log message. (I'd get
-lynched for sticking all this in CHANGES or the commit mails :-).
-ENGINE_TABLE underlies this restructuring, as described in the internal header
-"eng_int.h", implemented in eng_table.c, and used in each of the "class" files;
-tb_rsa.c, tb_dsa.c, etc.
-However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so
-I'll mention a bit about that first. EVP_CIPHER (and most of this applies
-equally to EVP_MD for digests) is both a "method" and a algorithm/mode
-identifier that, in the current API, "lingers". These cipher description +
-implementation structures can be defined or obtained directly by applications,
-or can be loaded "en masse" into EVP storage so that they can be catalogued and
-searched in various ways, ie. two ways of encrypting with the "des_cbc"
-algorithm/mode pair are;
-(i) directly;
-     const EVP_CIPHER *cipher = EVP_des_cbc();
-     EVP_EncryptInit(&ctx, cipher, key, iv);
-     [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...]
-(ii) indirectly; 
-     OpenSSL_add_all_ciphers();
-     cipher = EVP_get_cipherbyname("des_cbc");
-     EVP_EncryptInit(&ctx, cipher, key, iv);
-     [ ... etc ... ]
-The latter is more generally used because it also allows ciphers/digests to be
-looked up based on other identifiers which can be useful for automatic cipher
-selection, eg. in SSL/TLS, or by user-controllable configuration.
-The important point about this is that EVP_CIPHER definitions and structures are
-passed around with impunity and there is no safe way, without requiring massive
-rewrites of many applications, to assume that EVP_CIPHERs can be reference
-counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it
-comes from can "safely" be destroyed. Unless of course the way of getting to
-such ciphers is via entirely distinct API calls that didn't exist before.
-However existing API usage cannot be made to understand when an EVP_CIPHER
-pointer, that has been passed to the caller, is no longer being used.
-The other problem with the existing API w.r.t. to hooking EVP_CIPHER support
-into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register
-ciphers simultaneously registers cipher *types* and cipher *implementations* -
-they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with
-hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The
-solution is necessarily that ENGINE-provided ciphers simply are not registered,
-stored, or exposed to the caller in the same manner as existing ciphers. This is
-especially necessary considering the fact ENGINE uses reference counts to allow
-for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to
-callers in the current API, support no such controls.
-Another sticking point for integrating cipher support into ENGINE is linkage.
-Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby
-they are available *because* they're part of a giant ENGINE called "openssl".
-Ie. all implementations *have* to come from an ENGINE, but we get round that by
-having a giant ENGINE with all the software support encapsulated. This creates
-linker hassles if nothing else - linking a 1-line application that calls 2 basic
-RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of
-ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we
-continue with this approach for EVP_CIPHER support (even if it *was* possible)
-we would lose our ability to link selectively by selectively loading certain
-implementations of certain functionality. Touching any part of any kind of
-crypto would result in massive static linkage of everything else. So the
-solution is to change the way ENGINE feeds existing "classes", ie. how the
-hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking
-for EVP_CIPHER, and EVP_MD.
-The way this is now being done is by mostly reverting back to how things used to
-work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this
-was previously replaced by an "ENGINE" pointer and all RSA code that required
-the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to
-temporarily get and use the ENGINE's RSA implementation. Apart from being more
-efficient, switching back to each RSA having an RSA_METHOD pointer also allows
-us to conceivably operate with *no* ENGINE. As we'll see, this removes any need
-for a fallback ENGINE that encapsulates default implementations - we can simply
-have our RSA structure pointing its RSA_METHOD pointer to the software
-implementation and have its ENGINE pointer set to NULL.
-A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases
-turn out to be degenerate forms of the same thing. The EVP storage of ciphers,
-and the existing EVP API functions that return "software" implementations and
-descriptions remain untouched. However, the storage takes more meaning in terms
-of "cipher description" and less meaning in terms of "implementation". When an
-EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to
-begin en/decryption, the hooking to ENGINE comes into play. What happens is that
-cipher-specific ENGINE code is asked for an ENGINE pointer (a functional
-reference) for any ENGINE that is registered to perform the algo/mode that the
-provided EVP_CIPHER structure represents. Under normal circumstances, that
-ENGINE code will return NULL because no ENGINEs will have had any cipher
-implementations *registered*. As such, a NULL ENGINE pointer is stored in the
-EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the
-context and so is used as the implementation. Pretty much how things work now
-except we'd have a redundant ENGINE pointer set to NULL and doing nothing.
-Conversely, if an ENGINE *has* been registered to perform the algorithm/mode
-combination represented by the provided EVP_CIPHER, then a functional reference
-to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation.
-That functional reference will be stored in the context (and released on
-cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER
-definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the
-application will actually be replaced by an EVP_CIPHER from the registered
-ENGINE - it will support the same algorithm/mode as the original but will be a
-completely different implementation. Because this EVP_CIPHER isn't stored in the
-EVP storage, nor is it returned to applications from traditional API functions,
-there is no associated problem with it not having reference counts. And of
-course, when one of these "private" cipher implementations is hooked into
-EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional
-reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is
-safe.
-The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but
-in essence it is simply an instantiation of "ENGINE_TABLE" code for use by
-EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for
-use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of
-ENGINE_TABLE essentially provide linker-separation of the classes so that even
-if ENGINEs implement *all* possible algorithms, an application using only
-EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core
-ENGINE code that is independent of class, and of course the ENGINE
-implementation that the application loaded. It will *not* however link any
-class-specific ENGINE code for digests, RSA, etc nor will it bleed over into
-other APIs, such as the RSA/DSA/etc library code.
-ENGINE_TABLE is a little more complicated than may seem necessary but this is
-mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load
-DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and*
-to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for
-example tb_cipher.c, implements a hash-table keyed by integer "nid" values.
-These nids provide the uniquenness of an algorithm/mode - and each nid will hash
-to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of
-pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some
-caching tricks such that requests on that 'nid' will be cached and all future
-requests will return immediately (well, at least with minimal operation) unless
-a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is
-that an application could have support for 10 ENGINEs statically linked
-in, and the machine in question may not have any of the hardware those 10
-ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we
-want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise
-each of those 10 ENGINEs. Instead, the first such request will try to do that
-and will either return (and cache) a NULL ENGINE pointer or will return a
-functional reference to the first that successfully initialised. In the latter
-case it will also cache an extra functional reference to the ENGINE as a
-"default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable
-that is unset only if un/registration takes place on that pile. Ie. if
-implementations of "des_cbc" are added or removed. This behaviour can be
-tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to
-ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will
-try to initialise from the "pile" will be those that are already initialised
-(ie. it's simply an increment of the functional reference count, and no real
-"initialisation" will take place).
-RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the
-difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are
-actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is
-not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are
-necessarily interoperable and don't have different flavours, only different
-implementations. In other words, the ENGINE_TABLE for RSA will either be empty,
-or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile
-represents ENGINEs that implement the single "type" of RSA there is.
-Cleanup - the registration and unregistration may pose questions about how
-cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the
-application or EVP_CIPHER code releases its last reference to an ENGINE, the
-ENGINE_PILE code may still have references and thus those ENGINEs will stay
-hooked in forever). The way this is handled is via "unregistration". With these
-new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that
-is an algorithm-agnostic process. Even if initialised, it will not have
-registered any of its implementations (to do so would link all class "table"
-code despite the fact the application may use only ciphers, for example). This
-is deliberately a distinct step. Moreover, registration and unregistration has
-nothing to do with whether an ENGINE is *functional* or not (ie. you can even
-register an ENGINE and its implementations without it being operational, you may
-not even have the drivers to make it operate). What actually happens with
-respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***"
-functions. These functions are internal-only and each part of ENGINE code that
-could require cleanup will, upon performing its first allocation, register a
-callback with the "engine_cleanup" code. The other part of this that makes it
-tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their
-initialised state. So if RSA code asks for an ENGINE and no ENGINE has
-registered an implementation, the code will simply return NULL and the tb_rsa.c
-state will be unchanged. Thus, no cleanup is required unless registration takes
-place. ENGINE_cleanup() will simply iterate across a list of registered cleanup
-callbacks calling each in turn, and will then internally delete its own storage
-(a STACK). When a cleanup callback is next registered (eg. if the cleanup() is
-part of a graceful restart and the application wants to cleanup all state then
-start again), the internal STACK storage will be freshly allocated. This is much
-the same as the situation in the ENGINE_TABLE instantiations ... NULL is the
-initialised state, so only modification operations (not queries) will cause that
-code to have to register a cleanup.
-What else? The bignum callbacks and associated ENGINE functions have been
-removed for two obvious reasons; (i) there was no way to generalise them to the
-mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM
-method, and (ii) because of (i), there was no meaningful way for library or
-application code to automatically hook and use ENGINE supplied bignum functions
-anyway. Also, ENGINE_cpy() has been removed (although an internal-only version
-exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good
-one and now certainly doesn't make sense in any generalised way. Some of the
-RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE
-changes have now, as a consequence, been reverted back. This is because the
-hooking of ENGINE is now automatic (and passive, it can interally use a NULL
-ENGINE pointer to simply ignore ENGINE from then on).
-Hell, that should be enough for now ... comments welcome: geoff@openssl.org
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c
deleted file mode 100644
index 403ca6865d..0000000000
--- a/src/lib/libcrypto/engine/eng_all.c
+++ /dev/null
@@ -1,88 +0,0 @@
-/* $OpenBSD: eng_all.c,v 1.30 2018/03/17 16:20:01 beck Exp $ */
-/* Written by Richard Levitte <richard@levitte.org> for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <pthread.h>
-#include <openssl/opensslconf.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-void
-ENGINE_load_builtin_engines_internal(void)
-{
-#ifndef OPENSSL_NO_STATIC_ENGINE
-#ifndef OPENSSL_NO_HW
-#ifndef OPENSSL_NO_HW_PADLOCK
-        ENGINE_load_padlock();
-#endif
-#endif
-#endif
-        ENGINE_register_all_complete();
-}
-void
-ENGINE_load_builtin_engines(void)
-{
-        static pthread_once_t once = PTHREAD_ONCE_INIT;
-        /* Prayer and clean living lets you ignore errors, OpenSSL style */
-        (void) OPENSSL_init_crypto(0, NULL);
-        (void) pthread_once(&once, ENGINE_load_builtin_engines_internal);
-}
diff --git a/src/lib/libcrypto/engine/eng_cnf.c b/src/lib/libcrypto/engine/eng_cnf.c
deleted file mode 100644
index 24358af8cd..0000000000
--- a/src/lib/libcrypto/engine/eng_cnf.c
+++ /dev/null
@@ -1,252 +0,0 @@
-/* $OpenBSD: eng_cnf.c,v 1.15 2018/04/14 07:18:37 tb Exp $ */
-/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-#include <openssl/conf.h>
-/* #define ENGINE_CONF_DEBUG */
-/* ENGINE config module */
-static char *
-skip_dot(char *name)
-{
-        char *p;
-        p = strchr(name, '.');
-        if (p)
-                return p + 1;
-        return name;
-}
-static STACK_OF(ENGINE) *initialized_engines = NULL;
-static int
-int_engine_init(ENGINE *e)
-{
-        if (!ENGINE_init(e))
-                return 0;
-        if (!initialized_engines)
-                initialized_engines = sk_ENGINE_new_null();
-        if (!initialized_engines || !sk_ENGINE_push(initialized_engines, e)) {
-                ENGINE_finish(e);
-                return 0;
-        }
-        return 1;
-}
-static int
-int_engine_configure(char *name, char *value, const CONF *cnf)
-{
-        int i;
-        int ret = 0;
-        long do_init = -1;
-        STACK_OF(CONF_VALUE) *ecmds;
-        CONF_VALUE *ecmd = NULL;
-        char *ctrlname, *ctrlvalue;
-        ENGINE *e = NULL;
-        int soft = 0;
-        name = skip_dot(name);
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "Configuring engine %s\n", name);
-#endif
-        /* Value is a section containing ENGINE commands */
-        ecmds = NCONF_get_section(cnf, value);
-        if (!ecmds) {
-                ENGINEerror(ENGINE_R_ENGINE_SECTION_ERROR);
-                return 0;
-        }
-        for (i = 0; i < sk_CONF_VALUE_num(ecmds); i++) {
-                ecmd = sk_CONF_VALUE_value(ecmds, i);
-                ctrlname = skip_dot(ecmd->name);
-                ctrlvalue = ecmd->value;
-#ifdef ENGINE_CONF_DEBUG
-                fprintf(stderr, "ENGINE conf: doing ctrl(%s,%s)\n",
-                    ctrlname, ctrlvalue);
-#endif
-                /* First handle some special pseudo ctrls */
-                /* Override engine name to use */
-                if (!strcmp(ctrlname, "engine_id"))
-                        name = ctrlvalue;
-                else if (!strcmp(ctrlname, "soft_load"))
-                        soft = 1;
-                /* Load a dynamic ENGINE */
-                else if (!strcmp(ctrlname, "dynamic_path")) {
-                        e = ENGINE_by_id("dynamic");
-                        if (!e)
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "SO_PATH", ctrlvalue, 0))
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "LIST_ADD", "2", 0))
-                                goto err;
-                        if (!ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
-                                goto err;
-                }
-                /* ... add other pseudos here ... */
-                else {
-                        /* At this point we need an ENGINE structural reference
-                         * if we don't already have one.
-                         */
-                        if (!e) {
-                                e = ENGINE_by_id(name);
-                                if (!e && soft) {
-                                        ERR_clear_error();
-                                        return 1;
-                                }
-                                if (!e)
-                                        goto err;
-                        }
-                        /* Allow "EMPTY" to mean no value: this allows a valid
-                         * "value" to be passed to ctrls of type NO_INPUT
-                         */
-                        if (!strcmp(ctrlvalue, "EMPTY"))
-                                ctrlvalue = NULL;
-                        if (!strcmp(ctrlname, "init")) {
-                                if (!NCONF_get_number_e(cnf, value, "init",
-                                    &do_init))
-                                        goto err;
-                                if (do_init == 1) {
-                                        if (!int_engine_init(e))
-                                                goto err;
-                                } else if (do_init != 0) {
-                                        ENGINEerror(ENGINE_R_INVALID_INIT_VALUE);
-                                        goto err;
-                                }
-                        }
-                        else if (!strcmp(ctrlname, "default_algorithms")) {
-                                if (!ENGINE_set_default_string(e, ctrlvalue))
-                                        goto err;
-                        } else if (!ENGINE_ctrl_cmd_string(e,
-                                ctrlname, ctrlvalue, 0))
-                                goto err;
-                }
-        }
-        if (e && (do_init == -1) && !int_engine_init(e)) {
-                ecmd = NULL;
-                goto err;
-        }
-        ret = 1;
-err:
-        if (ret != 1) {
-                ENGINEerror(ENGINE_R_ENGINE_CONFIGURATION_ERROR);
-                if (ecmd)
-                        ERR_asprintf_error_data(
-                            "section=%s, name=%s, value=%s",
-                            ecmd->section, ecmd->name, ecmd->value);
-        }
-        ENGINE_free(e);
-        return ret;
-}
-static int
-int_engine_module_init(CONF_IMODULE *md, const CONF *cnf)
-{
-        STACK_OF(CONF_VALUE) *elist;
-        CONF_VALUE *cval;
-        int i;
-#ifdef ENGINE_CONF_DEBUG
-        fprintf(stderr, "Called engine module: name %s, value %s\n",
-            CONF_imodule_get_name(md), CONF_imodule_get_value(md));
-#endif
-        /* Value is a section containing ENGINEs to configure */
-        elist = NCONF_get_section(cnf, CONF_imodule_get_value(md));
-        if (!elist) {
-                ENGINEerror(ENGINE_R_ENGINES_SECTION_ERROR);
-                return 0;
-        }
-        for (i = 0; i < sk_CONF_VALUE_num(elist); i++) {
-                cval = sk_CONF_VALUE_value(elist, i);
-                if (!int_engine_configure(cval->name, cval->value, cnf))
-                        return 0;
-        }
-        return 1;
-}
-static void
-int_engine_module_finish(CONF_IMODULE *md)
-{
-        ENGINE *e;
-        while ((e = sk_ENGINE_pop(initialized_engines)))
-                ENGINE_finish(e);
-        sk_ENGINE_free(initialized_engines);
-        initialized_engines = NULL;
-}
-void
-ENGINE_add_conf_module(void)
-{
-        CONF_module_add("engines", int_engine_module_init,
-            int_engine_module_finish);
-}
diff --git a/src/lib/libcrypto/engine/eng_ctrl.c b/src/lib/libcrypto/engine/eng_ctrl.c
deleted file mode 100644
index 1a3c25fbae..0000000000
--- a/src/lib/libcrypto/engine/eng_ctrl.c
+++ /dev/null
@@ -1,379 +0,0 @@
-/* $OpenBSD: eng_ctrl.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-/* When querying a ENGINE-specific control command's 'description', this string
- * is used if the ENGINE_CMD_DEFN has cmd_desc set to NULL. */
-static const char *int_no_description = "";
-/* These internal functions handle 'CMD'-related control commands when the
- * ENGINE in question has asked us to take care of it (ie. the ENGINE did not
- * set the ENGINE_FLAGS_MANUAL_CMD_CTRL flag. */
-static int
-int_ctrl_cmd_is_null(const ENGINE_CMD_DEFN *defn)
-{
-        if ((defn->cmd_num == 0) || (defn->cmd_name == NULL))
-                return 1;
-        return 0;
-}
-static int
-int_ctrl_cmd_by_name(const ENGINE_CMD_DEFN *defn, const char *s)
-{
-        int idx = 0;
-        while (!int_ctrl_cmd_is_null(defn) &&
-            (strcmp(defn->cmd_name, s) != 0)) {
-                idx++;
-                defn++;
-        }
-        if (int_ctrl_cmd_is_null(defn))
-                /* The given name wasn't found */
-                return -1;
-        return idx;
-}
-static int
-int_ctrl_cmd_by_num(const ENGINE_CMD_DEFN *defn, unsigned int num)
-{
-        int idx = 0;
-        /* NB: It is stipulated that 'cmd_defn' lists are ordered by cmd_num. So
-         * our searches don't need to take any longer than necessary. */
-        while (!int_ctrl_cmd_is_null(defn) && (defn->cmd_num < num)) {
-                idx++;
-                defn++;
-        }
-        if (defn->cmd_num == num)
-                return idx;
-        /* The given cmd_num wasn't found */
-        return -1;
-}
-static int
-int_ctrl_helper(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
-        int idx;
-        int ret;
-        char *s = (char *)p;
-        /* Take care of the easy one first (eg. it requires no searches) */
-        if (cmd == ENGINE_CTRL_GET_FIRST_CMD_TYPE) {
-                if ((e->cmd_defns == NULL) ||
-                    int_ctrl_cmd_is_null(e->cmd_defns))
-                        return 0;
-                return e->cmd_defns->cmd_num;
-        }
-        /* One or two commands require that "p" be a valid string buffer */
-        if ((cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) ||
-            (cmd == ENGINE_CTRL_GET_NAME_FROM_CMD) ||
-            (cmd == ENGINE_CTRL_GET_DESC_FROM_CMD)) {
-                if (s == NULL) {
-                        ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                        return -1;
-                }
-        }
-        /* Now handle cmd_name -> cmd_num conversion */
-        if (cmd == ENGINE_CTRL_GET_CMD_FROM_NAME) {
-                if ((e->cmd_defns == NULL) ||
-                    ((idx = int_ctrl_cmd_by_name(e->cmd_defns, s)) < 0)) {
-                        ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
-                        return -1;
-                }
-                return e->cmd_defns[idx].cmd_num;
-        }
-        /* For the rest of the commands, the 'long' argument must specify a
-         * valie command number - so we need to conduct a search. */
-        if ((e->cmd_defns == NULL) ||
-            ((idx = int_ctrl_cmd_by_num(e->cmd_defns, (unsigned int)i)) < 0)) {
-                ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
-                return -1;
-        }
-        /* Now the logic splits depending on command type */
-        switch (cmd) {
-        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-                idx++;
-                if (int_ctrl_cmd_is_null(e->cmd_defns + idx))
-                        /* end-of-list */
-                        return 0;
-                else
-                        return e->cmd_defns[idx].cmd_num;
-        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-                return strlen(e->cmd_defns[idx].cmd_name);
-        case ENGINE_CTRL_GET_NAME_FROM_CMD:
-                ret = snprintf(s, strlen(e->cmd_defns[idx].cmd_name) + 1,
-                    "%s", e->cmd_defns[idx].cmd_name);
-                if (ret >= (strlen(e->cmd_defns[idx].cmd_name) + 1))
-                        ret = -1;
-                return ret;
-        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-                if (e->cmd_defns[idx].cmd_desc)
-                        return strlen(e->cmd_defns[idx].cmd_desc);
-                return strlen(int_no_description);
-        case ENGINE_CTRL_GET_DESC_FROM_CMD:
-                if (e->cmd_defns[idx].cmd_desc) {
-                        ret = snprintf(s,
-                            strlen(e->cmd_defns[idx].cmd_desc) + 1,
-                            "%s", e->cmd_defns[idx].cmd_desc);
-                        if (ret >= strlen(e->cmd_defns[idx].cmd_desc) + 1)
-                                ret = -1;
-                        return ret;
-                }
-                ret = snprintf(s, strlen(int_no_description) + 1, "%s",
-                    int_no_description);
-                if (ret >= strlen(int_no_description) + 1)
-                        ret = -1;
-                return ret;
-        case ENGINE_CTRL_GET_CMD_FLAGS:
-                return e->cmd_defns[idx].cmd_flags;
-        }
-        /* Shouldn't really be here ... */
-        ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-        return -1;
-}
-int
-ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)(void))
-{
-        int ctrl_exists, ref_exists;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ref_exists = ((e->struct_ref > 0) ? 1 : 0);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        ctrl_exists = ((e->ctrl == NULL) ? 0 : 1);
-        if (!ref_exists) {
-                ENGINEerror(ENGINE_R_NO_REFERENCE);
-                return 0;
-        }
-        /* Intercept any "root-level" commands before trying to hand them on to
-         * ctrl() handlers. */
-        switch (cmd) {
-        case ENGINE_CTRL_HAS_CTRL_FUNCTION:
-                return ctrl_exists;
-        case ENGINE_CTRL_GET_FIRST_CMD_TYPE:
-        case ENGINE_CTRL_GET_NEXT_CMD_TYPE:
-        case ENGINE_CTRL_GET_CMD_FROM_NAME:
-        case ENGINE_CTRL_GET_NAME_LEN_FROM_CMD:
-        case ENGINE_CTRL_GET_NAME_FROM_CMD:
-        case ENGINE_CTRL_GET_DESC_LEN_FROM_CMD:
-        case ENGINE_CTRL_GET_DESC_FROM_CMD:
-        case ENGINE_CTRL_GET_CMD_FLAGS:
-                if (ctrl_exists && !(e->flags & ENGINE_FLAGS_MANUAL_CMD_CTRL))
-                        return int_ctrl_helper(e, cmd, i, p, f);
-                if (!ctrl_exists) {
-                        ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
-                        /* For these cmd-related functions, failure is indicated
-                         * by a -1 return value (because 0 is used as a valid
-                         * return in some places). */
-                        return -1;
-                }
-        default:
-                break;
-        }
-        /* Anything else requires a ctrl() handler to exist. */
-        if (!ctrl_exists) {
-                ENGINEerror(ENGINE_R_NO_CONTROL_FUNCTION);
-                return 0;
-        }
-        return e->ctrl(e, cmd, i, p, f);
-}
-int
-ENGINE_cmd_is_executable(ENGINE *e, int cmd)
-{
-        int flags;
-        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, cmd,
-            NULL, NULL)) < 0) {
-                ENGINEerror(ENGINE_R_INVALID_CMD_NUMBER);
-                return 0;
-        }
-        if (!(flags & ENGINE_CMD_FLAG_NO_INPUT) &&
-            !(flags & ENGINE_CMD_FLAG_NUMERIC) &&
-            !(flags & ENGINE_CMD_FLAG_STRING))
-                return 0;
-        return 1;
-}
-int
-ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, long i, void *p,
-    void (*f)(void), int cmd_optional)
-{
-        int num;
-        if ((e == NULL) || (cmd_name == NULL)) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        if ((e->ctrl == NULL) ||
-            ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME,
-            0, (void *)cmd_name, NULL)) <= 0)) {
-                /* If the command didn't *have* to be supported, we fake
-                 * success. This allows certain settings to be specified for
-                 * multiple ENGINEs and only require a change of ENGINE id
-                 * (without having to selectively apply settings). Eg. changing
-                 * from a hardware device back to the regular software ENGINE
-                 * without editing the config file, etc. */
-                if (cmd_optional) {
-                        ERR_clear_error();
-                        return 1;
-                }
-                ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
-                return 0;
-        }
-        /* Force the result of the control command to 0 or 1, for the reasons
-         * mentioned before. */
-        if (ENGINE_ctrl(e, num, i, p, f) > 0)
-                return 1;
-        return 0;
-}
-int
-ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg,
-    int cmd_optional)
-{
-        int num, flags;
-        long l;
-        char *ptr;
-        if ((e == NULL) || (cmd_name == NULL)) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        if ((e->ctrl == NULL) ||
-            ((num = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FROM_NAME, 0,
-            (void *)cmd_name, NULL)) <= 0)) {
-                /* If the command didn't *have* to be supported, we fake
-                 * success. This allows certain settings to be specified for
-                 * multiple ENGINEs and only require a change of ENGINE id
-                 * (without having to selectively apply settings). Eg. changing
-                 * from a hardware device back to the regular software ENGINE
-                 * without editing the config file, etc. */
-                if (cmd_optional) {
-                        ERR_clear_error();
-                        return 1;
-                }
-                ENGINEerror(ENGINE_R_INVALID_CMD_NAME);
-                return 0;
-        }
-        if (!ENGINE_cmd_is_executable(e, num)) {
-                ENGINEerror(ENGINE_R_CMD_NOT_EXECUTABLE);
-                return 0;
-        }
-        if ((flags = ENGINE_ctrl(e, ENGINE_CTRL_GET_CMD_FLAGS, num,
-            NULL, NULL)) < 0) {
-                /* Shouldn't happen, given that ENGINE_cmd_is_executable()
-                 * returned success. */
-                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-                return 0;
-        }
-        /* If the command takes no input, there must be no input. And vice
-         * versa. */
-        if (flags & ENGINE_CMD_FLAG_NO_INPUT) {
-                if (arg != NULL) {
-                        ENGINEerror(ENGINE_R_COMMAND_TAKES_NO_INPUT);
-                        return 0;
-                }
-                /* We deliberately force the result of ENGINE_ctrl() to 0 or 1
-                 * rather than returning it as "return data". This is to ensure
-                 * usage of these commands is consistent across applications and
-                 * that certain applications don't understand it one way, and
-                 * others another. */
-                if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
-                        return 1;
-                return 0;
-        }
-        /* So, we require input */
-        if (arg == NULL) {
-                ENGINEerror(ENGINE_R_COMMAND_TAKES_INPUT);
-                return 0;
-        }
-        /* If it takes string input, that's easy */
-        if (flags & ENGINE_CMD_FLAG_STRING) {
-                /* Same explanation as above */
-                if (ENGINE_ctrl(e, num, 0, (void *)arg, NULL) > 0)
-                        return 1;
-                return 0;
-        }
-        /* If it doesn't take numeric either, then it is unsupported for use in
-         * a config-setting situation, which is what this function is for. This
-         * should never happen though, because ENGINE_cmd_is_executable() was
-         * used. */
-        if (!(flags & ENGINE_CMD_FLAG_NUMERIC)) {
-                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-                return 0;
-        }
-        l = strtol(arg, &ptr, 10);
-        if ((arg == ptr) || (*ptr != '\0')) {
-                ENGINEerror(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER);
-                return 0;
-        }
-        /* Force the result of the control command to 0 or 1, for the reasons
-         * mentioned before. */
-        if (ENGINE_ctrl(e, num, l, NULL, NULL) > 0)
-                return 1;
-        return 0;
-}
diff --git a/src/lib/libcrypto/engine/eng_dyn.c b/src/lib/libcrypto/engine/eng_dyn.c
deleted file mode 100644
index 400ce72681..0000000000
--- a/src/lib/libcrypto/engine/eng_dyn.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/* $OpenBSD: eng_dyn.c,v 1.14 2015/06/19 06:05:11 bcook Exp $ */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/engine.h>
-void
-ENGINE_load_dynamic(void)
-{
-}
diff --git a/src/lib/libcrypto/engine/eng_err.c b/src/lib/libcrypto/engine/eng_err.c
deleted file mode 100644
index 5f86a41540..0000000000
--- a/src/lib/libcrypto/engine/eng_err.c
+++ /dev/null
@@ -1,129 +0,0 @@
-/* $OpenBSD: eng_err.c,v 1.12 2022/07/12 14:42:49 kn Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2010 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/opensslconf.h>
-#include <openssl/err.h>
-#include <openssl/engine.h>
-#ifndef OPENSSL_NO_ERR
-#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ENGINE,func,0)
-#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ENGINE,0,reason)
-static ERR_STRING_DATA ENGINE_str_functs[] = {
-        {ERR_FUNC(0xfff), "CRYPTO_internal"},
-        {0, NULL}
-};
-static ERR_STRING_DATA ENGINE_str_reasons[] = {
-        {ERR_REASON(ENGINE_R_ALREADY_LOADED)     , "already loaded"},
-        {ERR_REASON(ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER), "argument is not a number"},
-        {ERR_REASON(ENGINE_R_CMD_NOT_EXECUTABLE) , "cmd not executable"},
-        {ERR_REASON(ENGINE_R_COMMAND_TAKES_INPUT), "command takes input"},
-        {ERR_REASON(ENGINE_R_COMMAND_TAKES_NO_INPUT), "command takes no input"},
-        {ERR_REASON(ENGINE_R_CONFLICTING_ENGINE_ID), "conflicting engine id"},
-        {ERR_REASON(ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED), "ctrl command not implemented"},
-        {ERR_REASON(ENGINE_R_DH_NOT_IMPLEMENTED) , "dh not implemented"},
-        {ERR_REASON(ENGINE_R_DSA_NOT_IMPLEMENTED), "dsa not implemented"},
-        {ERR_REASON(ENGINE_R_DSO_FAILURE)        , "DSO failure"},
-        {ERR_REASON(ENGINE_R_DSO_NOT_FOUND)      , "dso not found"},
-        {ERR_REASON(ENGINE_R_ENGINES_SECTION_ERROR), "engines section error"},
-        {ERR_REASON(ENGINE_R_ENGINE_CONFIGURATION_ERROR), "engine configuration error"},
-        {ERR_REASON(ENGINE_R_ENGINE_IS_NOT_IN_LIST), "engine is not in the list"},
-        {ERR_REASON(ENGINE_R_ENGINE_SECTION_ERROR), "engine section error"},
-        {ERR_REASON(ENGINE_R_FAILED_LOADING_PRIVATE_KEY), "failed loading private key"},
-        {ERR_REASON(ENGINE_R_FAILED_LOADING_PUBLIC_KEY), "failed loading public key"},
-        {ERR_REASON(ENGINE_R_FINISH_FAILED)      , "finish failed"},
-        {ERR_REASON(ENGINE_R_GET_HANDLE_FAILED)  , "could not obtain hardware handle"},
-        {ERR_REASON(ENGINE_R_ID_OR_NAME_MISSING) , "'id' or 'name' missing"},
-        {ERR_REASON(ENGINE_R_INIT_FAILED)        , "init failed"},
-        {ERR_REASON(ENGINE_R_INTERNAL_LIST_ERROR), "internal list error"},
-        {ERR_REASON(ENGINE_R_INVALID_ARGUMENT)   , "invalid argument"},
-        {ERR_REASON(ENGINE_R_INVALID_CMD_NAME)   , "invalid cmd name"},
-        {ERR_REASON(ENGINE_R_INVALID_CMD_NUMBER) , "invalid cmd number"},
-        {ERR_REASON(ENGINE_R_INVALID_INIT_VALUE) , "invalid init value"},
-        {ERR_REASON(ENGINE_R_INVALID_STRING)     , "invalid string"},
-        {ERR_REASON(ENGINE_R_NOT_INITIALISED)    , "not initialised"},
-        {ERR_REASON(ENGINE_R_NOT_LOADED)         , "not loaded"},
-        {ERR_REASON(ENGINE_R_NO_CONTROL_FUNCTION), "no control function"},
-        {ERR_REASON(ENGINE_R_NO_INDEX)           , "no index"},
-        {ERR_REASON(ENGINE_R_NO_LOAD_FUNCTION)   , "no load function"},
-        {ERR_REASON(ENGINE_R_NO_REFERENCE)       , "no reference"},
-        {ERR_REASON(ENGINE_R_NO_SUCH_ENGINE)     , "no such engine"},
-        {ERR_REASON(ENGINE_R_NO_UNLOAD_FUNCTION) , "no unload function"},
-        {ERR_REASON(ENGINE_R_PROVIDE_PARAMETERS) , "provide parameters"},
-        {ERR_REASON(ENGINE_R_RSA_NOT_IMPLEMENTED), "rsa not implemented"},
-        {ERR_REASON(ENGINE_R_UNIMPLEMENTED_CIPHER), "unimplemented cipher"},
-        {ERR_REASON(ENGINE_R_UNIMPLEMENTED_DIGEST), "unimplemented digest"},
-        {ERR_REASON(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD), "unimplemented public key method"},
-        {ERR_REASON(ENGINE_R_VERSION_INCOMPATIBILITY), "version incompatibility"},
-        {0, NULL}
-};
-#endif
-void
-ERR_load_ENGINE_strings(void)
-{
-#ifndef OPENSSL_NO_ERR
-        if (ERR_func_error_string(ENGINE_str_functs[0].error) == NULL) {
-                ERR_load_strings(0, ENGINE_str_functs);
-                ERR_load_strings(0, ENGINE_str_reasons);
-        }
-#endif
-}
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c
deleted file mode 100644
index f0b57722ff..0000000000
--- a/src/lib/libcrypto/engine/eng_fat.c
+++ /dev/null
@@ -1,182 +0,0 @@
-/* $OpenBSD: eng_fat.c,v 1.19 2023/07/28 09:22:26 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-#include <openssl/conf.h>
-int
-ENGINE_set_default(ENGINE *e, unsigned int flags)
-{
-        if ((flags & ENGINE_METHOD_CIPHERS) && !ENGINE_set_default_ciphers(e))
-                return 0;
-        if ((flags & ENGINE_METHOD_DIGESTS) && !ENGINE_set_default_digests(e))
-                return 0;
-#ifndef OPENSSL_NO_RSA
-        if ((flags & ENGINE_METHOD_RSA) && !ENGINE_set_default_RSA(e))
-                return 0;
-#endif
-#ifndef OPENSSL_NO_DSA
-        if ((flags & ENGINE_METHOD_DSA) && !ENGINE_set_default_DSA(e))
-                return 0;
-#endif
-#ifndef OPENSSL_NO_DH
-        if ((flags & ENGINE_METHOD_DH) && !ENGINE_set_default_DH(e))
-                return 0;
-#endif
-#ifndef OPENSSL_NO_EC
-        if ((flags & ENGINE_METHOD_EC) && !ENGINE_set_default_EC(e))
-                return 0;
-#endif
-        if ((flags & ENGINE_METHOD_RAND) && !ENGINE_set_default_RAND(e))
-                return 0;
-        if ((flags & ENGINE_METHOD_PKEY_METHS) &&
-            !ENGINE_set_default_pkey_meths(e))
-                return 0;
-        if ((flags & ENGINE_METHOD_PKEY_ASN1_METHS) &&
-            !ENGINE_set_default_pkey_asn1_meths(e))
-                return 0;
-        return 1;
-}
-/* Set default algorithms using a string */
-static int
-int_def_cb(const char *alg, int len, void *arg)
-{
-        unsigned int *pflags = arg;
-        if (!strncmp(alg, "ALL", len))
-                *pflags |= ENGINE_METHOD_ALL;
-        else if (!strncmp(alg, "RSA", len))
-                *pflags |= ENGINE_METHOD_RSA;
-        else if (!strncmp(alg, "DSA", len))
-                *pflags |= ENGINE_METHOD_DSA;
-        else if (!strncmp(alg, "DH", len))
-                *pflags |= ENGINE_METHOD_DH;
-        else if (strncmp(alg, "EC", len) == 0)
-                *pflags |= ENGINE_METHOD_EC;
-        else if (!strncmp(alg, "RAND", len))
-                *pflags |= ENGINE_METHOD_RAND;
-        else if (!strncmp(alg, "CIPHERS", len))
-                *pflags |= ENGINE_METHOD_CIPHERS;
-        else if (!strncmp(alg, "DIGESTS", len))
-                *pflags |= ENGINE_METHOD_DIGESTS;
-        else if (!strncmp(alg, "PKEY", len))
-                *pflags |= ENGINE_METHOD_PKEY_METHS |
-                    ENGINE_METHOD_PKEY_ASN1_METHS;
-        else if (!strncmp(alg, "PKEY_CRYPTO", len))
-                *pflags |= ENGINE_METHOD_PKEY_METHS;
-        else if (!strncmp(alg, "PKEY_ASN1", len))
-                *pflags |= ENGINE_METHOD_PKEY_ASN1_METHS;
-        else
-                return 0;
-        return 1;
-}
-int
-ENGINE_set_default_string(ENGINE *e, const char *def_list)
-{
-        unsigned int flags = 0;
-        if (!CONF_parse_list(def_list, ',', 1, int_def_cb, &flags)) {
-                ENGINEerror(ENGINE_R_INVALID_STRING);
-                ERR_asprintf_error_data("str=%s",def_list);
-                return 0;
-        }
-        return ENGINE_set_default(e, flags);
-}
-int
-ENGINE_register_complete(ENGINE *e)
-{
-        ENGINE_register_ciphers(e);
-        ENGINE_register_digests(e);
-#ifndef OPENSSL_NO_RSA
-        ENGINE_register_RSA(e);
-#endif
-#ifndef OPENSSL_NO_DSA
-        ENGINE_register_DSA(e);
-#endif
-#ifndef OPENSSL_NO_DH
-        ENGINE_register_DH(e);
-#endif
-#ifndef OPENSSL_NO_EC
-        ENGINE_register_EC(e);
-#endif
-        ENGINE_register_RAND(e);
-        ENGINE_register_pkey_meths(e);
-        return 1;
-}
-int
-ENGINE_register_all_complete(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                if (!(e->flags & ENGINE_FLAGS_NO_REGISTER_ALL))
-                        ENGINE_register_complete(e);
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c
deleted file mode 100644
index 793adba8be..0000000000
--- a/src/lib/libcrypto/engine/eng_init.c
+++ /dev/null
@@ -1,147 +0,0 @@
-/* $OpenBSD: eng_init.c,v 1.9 2018/04/14 07:09:21 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/err.h>
-#include "eng_int.h"
-/* Initialise a engine type for use (or up its functional reference count
- * if it's already in use). This version is only used internally. */
-int
-engine_unlocked_init(ENGINE *e)
-{
-        int to_return = 1;
-        if ((e->funct_ref == 0) && e->init)
-                /* This is the first functional reference and the engine
-                 * requires initialisation so we do it now. */
-                to_return = e->init(e);
-        if (to_return) {
-                /* OK, we return a functional reference which is also a
-                 * structural reference. */
-                e->struct_ref++;
-                e->funct_ref++;
-                engine_ref_debug(e, 0, 1)
-                engine_ref_debug(e, 1, 1)
-        }
-        return to_return;
-}
-/* Free a functional reference to a engine type. This version is only used
- * internally. */
-int
-engine_unlocked_finish(ENGINE *e, int unlock_for_handlers)
-{
-        int to_return = 1;
-        /* Reduce the functional reference count here so if it's the terminating
-         * case, we can release the lock safely and call the finish() handler
-         * without risk of a race. We get a race if we leave the count until
-         * after and something else is calling "finish" at the same time -
-         * there's a chance that both threads will together take the count from
-         * 2 to 0 without either calling finish(). */
-        e->funct_ref--;
-        engine_ref_debug(e, 1, -1);
-        if ((e->funct_ref == 0) && e->finish) {
-                if (unlock_for_handlers)
-                        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                to_return = e->finish(e);
-                if (unlock_for_handlers)
-                        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-                if (!to_return)
-                        return 0;
-        }
-        /* Release the structural reference too */
-        if (!engine_free_util(e, 0)) {
-                ENGINEerror(ENGINE_R_FINISH_FAILED);
-                return 0;
-        }
-        return to_return;
-}
-/* The API (locked) version of "init" */
-int
-ENGINE_init(ENGINE *e)
-{
-        int ret;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = engine_unlocked_init(e);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-}
-/* The API (locked) version of "finish" */
-int
-ENGINE_finish(ENGINE *e)
-{
-        int to_return = 1;
-        if (e == NULL)
-                return 1;
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        to_return = engine_unlocked_finish(e, 1);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (!to_return) {
-                ENGINEerror(ENGINE_R_FINISH_FAILED);
-                return 0;
-        }
-        return to_return;
-}
diff --git a/src/lib/libcrypto/engine/eng_int.h b/src/lib/libcrypto/engine/eng_int.h
deleted file mode 100644
index 2b0ba22aaf..0000000000
--- a/src/lib/libcrypto/engine/eng_int.h
+++ /dev/null
@@ -1,201 +0,0 @@
-/* $OpenBSD: eng_int.h,v 1.12 2023/07/28 09:22:26 tb Exp $ */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#ifndef HEADER_ENGINE_INT_H
-#define HEADER_ENGINE_INT_H
-/* Take public definitions from engine.h */
-#include <openssl/engine.h>
-__BEGIN_HIDDEN_DECLS
-/* If we compile with this symbol defined, then both reference counts in the
- * ENGINE structure will be monitored with a line of output on stderr for each
- * change. This prints the engine's pointer address (truncated to unsigned int),
- * "struct" or "funct" to indicate the reference type, the before and after
- * reference count, and the file:line-number pair. The "engine_ref_debug"
- * statements must come *after* the change. */
-#ifdef ENGINE_REF_COUNT_DEBUG
-#define engine_ref_debug(e, isfunct, diff) \
-        fprintf(stderr, "engine: %08x %s from %d to %d (%s:%d)\n", \
-                (unsigned int)(e), (isfunct ? "funct" : "struct"), \
-                ((isfunct) ? ((e)->funct_ref - (diff)) : ((e)->struct_ref - (diff))), \
-                ((isfunct) ? (e)->funct_ref : (e)->struct_ref), \
-                (__FILE__), (__LINE__));
-#else
-#define engine_ref_debug(e, isfunct, diff)
-#endif
-/* Any code that will need cleanup operations should use these functions to
- * register callbacks. ENGINE_cleanup() will call all registered callbacks in
- * order. NB: both the "add" functions assume CRYPTO_LOCK_ENGINE to already be
- * held (in "write" mode). */
-typedef void (ENGINE_CLEANUP_CB)(void);
-typedef struct st_engine_cleanup_item {
-        ENGINE_CLEANUP_CB *cb;
-} ENGINE_CLEANUP_ITEM;
-DECLARE_STACK_OF(ENGINE_CLEANUP_ITEM)
-void engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb);
-void engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb);
-/* We need stacks of ENGINEs for use in eng_table.c */
-DECLARE_STACK_OF(ENGINE)
-/* If this symbol is defined then engine_table_select(), the function that is
- * used by RSA, DSA (etc) code to select registered ENGINEs, cache defaults and
- * functional references (etc), will display debugging summaries to stderr. */
-/* #define ENGINE_TABLE_DEBUG */
-/* This represents an implementation table. Dependent code should instantiate it
- * as a (ENGINE_TABLE *) pointer value set initially to NULL. */
-typedef struct st_engine_table ENGINE_TABLE;
-int engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-    ENGINE *e, const int *nids, int num_nids, int setdefault);
-void engine_table_unregister(ENGINE_TABLE **table, ENGINE *e);
-void engine_table_cleanup(ENGINE_TABLE **table);
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *engine_table_select(ENGINE_TABLE **table, int nid);
-#else
-ENGINE *engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f,
-    int l);
-#define engine_table_select(t,n) engine_table_select_tmp(t,n,__FILE__,__LINE__)
-#endif
-typedef void (engine_table_doall_cb)(int nid, STACK_OF(ENGINE) *sk,
-    ENGINE *def, void *arg);
-void engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb,
-    void *arg);
-/* Internal versions of API functions that have control over locking. These are
- * used between C files when functionality needs to be shared but the caller may
- * already be controlling of the CRYPTO_LOCK_ENGINE lock. */
-int engine_unlocked_init(ENGINE *e);
-int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers);
-int engine_free_util(ENGINE *e, int locked);
-/* This function will reset all "set"able values in an ENGINE to NULL. This
- * won't touch reference counts or ex_data, but is equivalent to calling all the
- * ENGINE_set_***() functions with a NULL value. */
-void engine_set_all_null(ENGINE *e);
-/* NB: Bitwise OR-able values for the "flags" variable in ENGINE are now exposed
- * in engine.h. */
-/* Free up dynamically allocated public key methods associated with ENGINE */
-void engine_pkey_meths_free(ENGINE *e);
-void engine_pkey_asn1_meths_free(ENGINE *e);
-/* This is a structure for storing implementations of various crypto
- * algorithms and functions. */
-struct engine_st {
-        const char *id;
-        const char *name;
-        const RSA_METHOD *rsa_meth;
-        const DSA_METHOD *dsa_meth;
-        const DH_METHOD *dh_meth;
-        const EC_KEY_METHOD *ec_meth;
-        const RAND_METHOD *rand_meth;
-        const STORE_METHOD *store_meth;
-        /* Cipher handling is via this callback */
-        ENGINE_CIPHERS_PTR ciphers;
-        /* Digest handling is via this callback */
-        ENGINE_DIGESTS_PTR digests;
-        /* Public key handling via this callback */
-        ENGINE_PKEY_METHS_PTR pkey_meths;
-        /* ASN1 public key handling via this callback */
-        ENGINE_PKEY_ASN1_METHS_PTR pkey_asn1_meths;
-        ENGINE_GEN_INT_FUNC_PTR destroy;
-        ENGINE_GEN_INT_FUNC_PTR init;
-        ENGINE_GEN_INT_FUNC_PTR finish;
-        ENGINE_CTRL_FUNC_PTR ctrl;
-        ENGINE_LOAD_KEY_PTR load_privkey;
-        ENGINE_LOAD_KEY_PTR load_pubkey;
-        ENGINE_SSL_CLIENT_CERT_PTR load_ssl_client_cert;
-        const ENGINE_CMD_DEFN *cmd_defns;
-        int flags;
-        /* reference count on the structure itself */
-        int struct_ref;
-        /* reference count on usability of the engine type. NB: This
-         * controls the loading and initialisation of any functionlity
-         * required by this engine, whereas the previous count is
-         * simply to cope with (de)allocation of this structure. Hence,
-         * running_ref <= struct_ref at all times. */
-        int funct_ref;
-        /* A place to store per-ENGINE data */
-        CRYPTO_EX_DATA ex_data;
-        /* Used to maintain the linked-list of engines. */
-        struct engine_st *prev;
-        struct engine_st *next;
-};
-__END_HIDDEN_DECLS
-#endif /* HEADER_ENGINE_INT_H */
diff --git a/src/lib/libcrypto/engine/eng_lib.c b/src/lib/libcrypto/engine/eng_lib.c
deleted file mode 100644
index 1aedcb18c6..0000000000
--- a/src/lib/libcrypto/engine/eng_lib.c
+++ /dev/null
@@ -1,365 +0,0 @@
-/* $OpenBSD: eng_lib.c,v 1.14 2018/04/14 07:18:37 tb Exp $ */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/err.h>
-#include <openssl/rand.h>
-#include "eng_int.h"
-/* The "new"/"free" stuff first */
-ENGINE *
-ENGINE_new(void)
-{
-        ENGINE *ret;
-        if (!OPENSSL_init_crypto(0, NULL))
-                return NULL;
-        ret = malloc(sizeof(ENGINE));
-        if (ret == NULL) {
-                ENGINEerror(ERR_R_MALLOC_FAILURE);
-                return NULL;
-        }
-        memset(ret, 0, sizeof(ENGINE));
-        ret->struct_ref = 1;
-        engine_ref_debug(ret, 0, 1)
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_ENGINE, ret, &ret->ex_data);
-        return ret;
-}
-/* Placed here (close proximity to ENGINE_new) so that modifications to the
- * elements of the ENGINE structure are more likely to be caught and changed
- * here. */
-void
-engine_set_all_null(ENGINE *e)
-{
-        e->id = NULL;
-        e->name = NULL;
-        e->rsa_meth = NULL;
-        e->dsa_meth = NULL;
-        e->dh_meth = NULL;
-        e->rand_meth = NULL;
-        e->store_meth = NULL;
-        e->ciphers = NULL;
-        e->digests = NULL;
-        e->destroy = NULL;
-        e->init = NULL;
-        e->finish = NULL;
-        e->ctrl = NULL;
-        e->load_privkey = NULL;
-        e->load_pubkey = NULL;
-        e->cmd_defns = NULL;
-        e->flags = 0;
-}
-int
-engine_free_util(ENGINE *e, int locked)
-{
-        int i;
-        if (e == NULL)
-                return 1;
-        if (locked)
-                i = CRYPTO_add(&e->struct_ref, -1, CRYPTO_LOCK_ENGINE);
-        else
-                i = --e->struct_ref;
-        engine_ref_debug(e, 0, -1)
-        if (i > 0)
-                return 1;
-        /* Free up any dynamically allocated public key methods */
-        engine_pkey_meths_free(e);
-        engine_pkey_asn1_meths_free(e);
-        /* Give the ENGINE a chance to do any structural cleanup corresponding
-         * to allocation it did in its constructor (eg. unload error strings) */
-        if (e->destroy)
-                e->destroy(e);
-        CRYPTO_free_ex_data(CRYPTO_EX_INDEX_ENGINE, e, &e->ex_data);
-        free(e);
-        return 1;
-}
-int
-ENGINE_free(ENGINE *e)
-{
-        return engine_free_util(e, 1);
-}
-/* Cleanup stuff */
-/* ENGINE_cleanup() is coded such that anything that does work that will need
- * cleanup can register a "cleanup" callback here. That way we don't get linker
- * bloat by referring to all *possible* cleanups, but any linker bloat into code
- * "X" will cause X's cleanup function to end up here. */
-static STACK_OF(ENGINE_CLEANUP_ITEM) *cleanup_stack = NULL;
-static int
-int_cleanup_check(int create)
-{
-        if (cleanup_stack)
-                return 1;
-        if (!create)
-                return 0;
-        cleanup_stack = sk_ENGINE_CLEANUP_ITEM_new_null();
-        return (cleanup_stack ? 1 : 0);
-}
-static ENGINE_CLEANUP_ITEM *
-int_cleanup_item(ENGINE_CLEANUP_CB *cb)
-{
-        ENGINE_CLEANUP_ITEM *item = malloc(sizeof(ENGINE_CLEANUP_ITEM));
-        if (!item)
-                return NULL;
-        item->cb = cb;
-        return item;
-}
-void
-engine_cleanup_add_first(ENGINE_CLEANUP_CB *cb)
-{
-        ENGINE_CLEANUP_ITEM *item;
-        if (!int_cleanup_check(1))
-                return;
-        item = int_cleanup_item(cb);
-        if (item)
-                sk_ENGINE_CLEANUP_ITEM_insert(cleanup_stack, item, 0);
-}
-void
-engine_cleanup_add_last(ENGINE_CLEANUP_CB *cb)
-{
-        ENGINE_CLEANUP_ITEM *item;
-        if (!int_cleanup_check(1))
-                return;
-        item = int_cleanup_item(cb);
-        if (item)
-                sk_ENGINE_CLEANUP_ITEM_push(cleanup_stack, item);
-}
-/* The API function that performs all cleanup */
-static void
-engine_cleanup_cb_free(ENGINE_CLEANUP_ITEM *item)
-{
-        (*(item->cb))();
-        free(item);
-}
-void
-ENGINE_cleanup(void)
-{
-        if (int_cleanup_check(0)) {
-                sk_ENGINE_CLEANUP_ITEM_pop_free(cleanup_stack,
-                    engine_cleanup_cb_free);
-                cleanup_stack = NULL;
-        }
-        /* FIXME: This should be handled (somehow) through RAND, eg. by it
-         * registering a cleanup callback. */
-        RAND_set_rand_method(NULL);
-}
-/* Now the "ex_data" support */
-int
-ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
-    CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
-{
-        return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_ENGINE, argl, argp,
-            new_func, dup_func, free_func);
-}
-int
-ENGINE_set_ex_data(ENGINE *e, int idx, void *arg)
-{
-        return (CRYPTO_set_ex_data(&e->ex_data, idx, arg));
-}
-void *
-ENGINE_get_ex_data(const ENGINE *e, int idx)
-{
-        return (CRYPTO_get_ex_data(&e->ex_data, idx));
-}
-/* Functions to get/set an ENGINE's elements - mainly to avoid exposing the
- * ENGINE structure itself. */
-int
-ENGINE_set_id(ENGINE *e, const char *id)
-{
-        if (id == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        e->id = id;
-        return 1;
-}
-int
-ENGINE_set_name(ENGINE *e, const char *name)
-{
-        if (name == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        e->name = name;
-        return 1;
-}
-int
-ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f)
-{
-        e->destroy = destroy_f;
-        return 1;
-}
-int
-ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f)
-{
-        e->init = init_f;
-        return 1;
-}
-int
-ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f)
-{
-        e->finish = finish_f;
-        return 1;
-}
-int
-ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f)
-{
-        e->ctrl = ctrl_f;
-        return 1;
-}
-int
-ENGINE_set_flags(ENGINE *e, int flags)
-{
-        e->flags = flags;
-        return 1;
-}
-int
-ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns)
-{
-        e->cmd_defns = defns;
-        return 1;
-}
-const char *
-ENGINE_get_id(const ENGINE *e)
-{
-        return e->id;
-}
-const char *
-ENGINE_get_name(const ENGINE *e)
-{
-        return e->name;
-}
-ENGINE_GEN_INT_FUNC_PTR
-ENGINE_get_destroy_function(const ENGINE *e)
-{
-        return e->destroy;
-}
-ENGINE_GEN_INT_FUNC_PTR
-ENGINE_get_init_function(const ENGINE *e)
-{
-        return e->init;
-}
-ENGINE_GEN_INT_FUNC_PTR
-ENGINE_get_finish_function(const ENGINE *e)
-{
-        return e->finish;
-}
-ENGINE_CTRL_FUNC_PTR
-ENGINE_get_ctrl_function(const ENGINE *e)
-{
-        return e->ctrl;
-}
-int
-ENGINE_get_flags(const ENGINE *e)
-{
-        return e->flags;
-}
-const ENGINE_CMD_DEFN *
-ENGINE_get_cmd_defns(const ENGINE *e)
-{
-        return e->cmd_defns;
-}
-/* eng_lib.o is pretty much linked into anything that touches ENGINE already, so
- * put the "static_state" hack here. */
-static int internal_static_hack = 0;
-void *
-ENGINE_get_static_state(void)
-{
-        return &internal_static_hack;
-}
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c
deleted file mode 100644
index eaa0d228f9..0000000000
--- a/src/lib/libcrypto/engine/eng_list.c
+++ /dev/null
@@ -1,381 +0,0 @@
-/* $OpenBSD: eng_list.c,v 1.27 2023/07/28 09:22:26 tb Exp $ */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#include <string.h>
-#include <unistd.h>
-#include <openssl/opensslconf.h>
-#include <openssl/err.h>
-#include "cryptlib.h"
-#include "eng_int.h"
-/* The linked-list of pointers to engine types. engine_list_head
- * incorporates an implicit structural reference but engine_list_tail
- * does not - the latter is a computational niceity and only points
- * to something that is already pointed to by its predecessor in the
- * list (or engine_list_head itself). In the same way, the use of the
- * "prev" pointer in each ENGINE is to save excessive list iteration,
- * it doesn't correspond to an extra structural reference. Hence,
- * engine_list_head, and each non-null "next" pointer account for
- * the list itself assuming exactly 1 structural reference on each
- * list member. */
-static ENGINE *engine_list_head = NULL;
-static ENGINE *engine_list_tail = NULL;
-/* This cleanup function is only needed internally. If it should be called, we
- * register it with the "ENGINE_cleanup()" stack to be called during cleanup. */
-static void
-engine_list_cleanup(void)
-{
-        ENGINE *iterator = engine_list_head;
-        while (iterator != NULL && ENGINE_remove(iterator))
-                iterator = engine_list_head;
-}
-/* These static functions starting with a lower case "engine_" always
- * take place when CRYPTO_LOCK_ENGINE has been locked up. */
-static int
-engine_list_add(ENGINE *e)
-{
-        int conflict = 0;
-        ENGINE *iterator = NULL;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        iterator = engine_list_head;
-        while (iterator && !conflict) {
-                conflict = (strcmp(iterator->id, e->id) == 0);
-                iterator = iterator->next;
-        }
-        if (conflict) {
-                ENGINEerror(ENGINE_R_CONFLICTING_ENGINE_ID);
-                return 0;
-        }
-        if (engine_list_head == NULL) {
-                /* We are adding to an empty list. */
-                if (engine_list_tail) {
-                        ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-                        return 0;
-                }
-                engine_list_head = e;
-                e->prev = NULL;
-                /* The first time the list allocates, we should register the
-                 * cleanup. */
-                engine_cleanup_add_last(engine_list_cleanup);
-        } else {
-                /* We are adding to the tail of an existing list. */
-                if ((engine_list_tail == NULL) ||
-                    (engine_list_tail->next != NULL)) {
-                        ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-                        return 0;
-                }
-                engine_list_tail->next = e;
-                e->prev = engine_list_tail;
-        }
-        /* Having the engine in the list assumes a structural
-         * reference. */
-        e->struct_ref++;
-        engine_ref_debug(e, 0, 1)
-        /* However it came to be, e is the last item in the list. */
-        engine_list_tail = e;
-        e->next = NULL;
-        return 1;
-}
-static int
-engine_list_remove(ENGINE *e)
-{
-        ENGINE *iterator;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        /* We need to check that e is in our linked list! */
-        iterator = engine_list_head;
-        while (iterator && (iterator != e))
-                iterator = iterator->next;
-        if (iterator == NULL) {
-                ENGINEerror(ENGINE_R_ENGINE_IS_NOT_IN_LIST);
-                return 0;
-        }
-        /* un-link e from the chain. */
-        if (e->next)
-                e->next->prev = e->prev;
-        if (e->prev)
-                e->prev->next = e->next;
-        /* Correct our head/tail if necessary. */
-        if (engine_list_head == e)
-                engine_list_head = e->next;
-        if (engine_list_tail == e)
-                engine_list_tail = e->prev;
-        engine_free_util(e, 0);
-        return 1;
-}
-/* Get the first/last "ENGINE" type available. */
-ENGINE *
-ENGINE_get_first(void)
-{
-        ENGINE *ret;
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = engine_list_head;
-        if (ret) {
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-}
-ENGINE *
-ENGINE_get_last(void)
-{
-        ENGINE *ret;
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = engine_list_tail;
-        if (ret) {
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-}
-/* Iterate to the next/previous "ENGINE" type (NULL = end of the list). */
-ENGINE *
-ENGINE_get_next(ENGINE *e)
-{
-        ENGINE *ret = NULL;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = e->next;
-        if (ret) {
-                /* Return a valid structural reference to the next ENGINE */
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* Release the structural reference to the previous ENGINE */
-        ENGINE_free(e);
-        return ret;
-}
-ENGINE *
-ENGINE_get_prev(ENGINE *e)
-{
-        ENGINE *ret = NULL;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        ret = e->prev;
-        if (ret) {
-                /* Return a valid structural reference to the next ENGINE */
-                ret->struct_ref++;
-                engine_ref_debug(ret, 0, 1)
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* Release the structural reference to the previous ENGINE */
-        ENGINE_free(e);
-        return ret;
-}
-/* Add another "ENGINE" type into the list. */
-int
-ENGINE_add(ENGINE *e)
-{
-        int to_return = 1;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        if ((e->id == NULL) || (e->name == NULL)) {
-                ENGINEerror(ENGINE_R_ID_OR_NAME_MISSING);
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (!engine_list_add(e)) {
-                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-                to_return = 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return to_return;
-}
-/* Remove an existing "ENGINE" type from the array. */
-int
-ENGINE_remove(ENGINE *e)
-{
-        int to_return = 1;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (!engine_list_remove(e)) {
-                ENGINEerror(ENGINE_R_INTERNAL_LIST_ERROR);
-                to_return = 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return to_return;
-}
-static void
-engine_cpy(ENGINE *dest, const ENGINE *src)
-{
-        dest->id = src->id;
-        dest->name = src->name;
-#ifndef OPENSSL_NO_RSA
-        dest->rsa_meth = src->rsa_meth;
-#endif
-#ifndef OPENSSL_NO_DSA
-        dest->dsa_meth = src->dsa_meth;
-#endif
-#ifndef OPENSSL_NO_DH
-        dest->dh_meth = src->dh_meth;
-#endif
-#ifndef OPENSSL_NO_EC
-        dest->ec_meth = src->ec_meth;
-#endif
-        dest->rand_meth = src->rand_meth;
-        dest->store_meth = src->store_meth;
-        dest->ciphers = src->ciphers;
-        dest->digests = src->digests;
-        dest->pkey_meths = src->pkey_meths;
-        dest->destroy = src->destroy;
-        dest->init = src->init;
-        dest->finish = src->finish;
-        dest->ctrl = src->ctrl;
-        dest->load_privkey = src->load_privkey;
-        dest->load_pubkey = src->load_pubkey;
-        dest->cmd_defns = src->cmd_defns;
-        dest->flags = src->flags;
-}
-ENGINE *
-ENGINE_by_id(const char *id)
-{
-        ENGINE *iterator;
-        if (id == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return NULL;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        iterator = engine_list_head;
-        while (iterator && (strcmp(id, iterator->id) != 0))
-                iterator = iterator->next;
-        if (iterator) {
-                /* We need to return a structural reference. If this is an
-                 * ENGINE type that returns copies, make a duplicate - otherwise
-                 * increment the existing ENGINE's reference count. */
-                if (iterator->flags & ENGINE_FLAGS_BY_ID_COPY) {
-                        ENGINE *cp = ENGINE_new();
-                        if (!cp)
-                                iterator = NULL;
-                        else {
-                                engine_cpy(cp, iterator);
-                                iterator = cp;
-                        }
-                } else {
-                        iterator->struct_ref++;
-                        engine_ref_debug(iterator, 0, 1)
-                }
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (iterator == NULL) {
-                ENGINEerror(ENGINE_R_NO_SUCH_ENGINE);
-                ERR_asprintf_error_data("id=%s", id);
-        }
-        return iterator;
-}
-int
-ENGINE_up_ref(ENGINE *e)
-{
-        int refs;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        refs = CRYPTO_add(&e->struct_ref, 1, CRYPTO_LOCK_ENGINE);
-        return refs > 1 ? 1 : 0;
-}
diff --git a/src/lib/libcrypto/engine/eng_openssl.c b/src/lib/libcrypto/engine/eng_openssl.c
deleted file mode 100644
index 6162b715f0..0000000000
--- a/src/lib/libcrypto/engine/eng_openssl.c
+++ /dev/null
@@ -1,400 +0,0 @@
-/* $OpenBSD: eng_openssl.c,v 1.19 2023/07/28 09:22:26 tb Exp $ */
-/* Written by Geoff Thorpe (geoff@geoffthorpe.net) for the OpenSSL
- * project 2000.
- */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-/* ====================================================================
- * Copyright 2002 Sun Microsystems, Inc. ALL RIGHTS RESERVED.
- * ECDH support in OpenSSL originally developed by
- * SUN MICROSYSTEMS, INC., and contributed to the OpenSSL project.
- */
-#include <stdio.h>
-#include <string.h>
-#include <openssl/opensslconf.h>
-#include <openssl/crypto.h>
-#include <openssl/engine.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/pem.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_DH
-#include <openssl/dh.h>
-#endif
-#ifndef OPENSSL_NO_DSA
-#include <openssl/dsa.h>
-#endif
-#ifndef OPENSSL_NO_RSA
-#include <openssl/rsa.h>
-#endif
-#include "evp_local.h"
-/* This testing gunk is implemented (and explained) lower down. It also assumes
- * the application explicitly calls "ENGINE_load_openssl()" because this is no
- * longer automatic in ENGINE_load_builtin_engines(). */
-#define TEST_ENG_OPENSSL_RC4
-#define TEST_ENG_OPENSSL_PKEY
-/* #define TEST_ENG_OPENSSL_RC4_OTHERS */
-#define TEST_ENG_OPENSSL_RC4_P_INIT
-/* #define TEST_ENG_OPENSSL_RC4_P_CIPHER */
-#define TEST_ENG_OPENSSL_SHA
-/* #define TEST_ENG_OPENSSL_SHA_OTHERS */
-/* #define TEST_ENG_OPENSSL_SHA_P_INIT */
-/* #define TEST_ENG_OPENSSL_SHA_P_UPDATE */
-/* #define TEST_ENG_OPENSSL_SHA_P_FINAL */
-/* Now check what of those algorithms are actually enabled */
-#ifdef OPENSSL_NO_RC4
-#undef TEST_ENG_OPENSSL_RC4
-#undef TEST_ENG_OPENSSL_RC4_OTHERS
-#undef TEST_ENG_OPENSSL_RC4_P_INIT
-#undef TEST_ENG_OPENSSL_RC4_P_CIPHER
-#endif
-#if defined(OPENSSL_NO_SHA) || defined(OPENSSL_NO_SHA1)
-#undef TEST_ENG_OPENSSL_SHA
-#undef TEST_ENG_OPENSSL_SHA_OTHERS
-#undef TEST_ENG_OPENSSL_SHA_P_INIT
-#undef TEST_ENG_OPENSSL_SHA_P_UPDATE
-#undef TEST_ENG_OPENSSL_SHA_P_FINAL
-#endif
-#ifdef TEST_ENG_OPENSSL_RC4
-static int openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher,
-    const int **nids, int nid);
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-static int openssl_digests(ENGINE *e, const EVP_MD **digest,
-    const int **nids, int nid);
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *openssl_load_privkey(ENGINE *eng, const char *key_id,
-    UI_METHOD *ui_method, void *callback_data);
-#endif
-/* The constants used when creating the ENGINE */
-static const char *engine_openssl_id = "openssl";
-static const char *engine_openssl_name = "Software engine support";
-/* This internal function is used by ENGINE_openssl() and possibly by the
- * "dynamic" ENGINE support too */
-static int
-bind_helper(ENGINE *e)
-{
-        if (!ENGINE_set_id(e, engine_openssl_id) ||
-            !ENGINE_set_name(e, engine_openssl_name)
-#ifndef TEST_ENG_OPENSSL_NO_ALGORITHMS
-#ifndef OPENSSL_NO_RSA
-            || !ENGINE_set_RSA(e, RSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DSA
-            || !ENGINE_set_DSA(e, DSA_get_default_method())
-#endif
-#ifndef OPENSSL_NO_DH
-            || !ENGINE_set_DH(e, DH_get_default_method())
-#endif
-            || !ENGINE_set_RAND(e, RAND_SSLeay())
-#ifdef TEST_ENG_OPENSSL_RC4
-            || !ENGINE_set_ciphers(e, openssl_ciphers)
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-            || !ENGINE_set_digests(e, openssl_digests)
-#endif
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
-            || !ENGINE_set_load_privkey_function(e, openssl_load_privkey)
-#endif
-                )
-                return 0;
-        /* If we add errors to this ENGINE, ensure the error handling is setup here */
-        /* openssl_load_error_strings(); */
-        return 1;
-}
-static ENGINE *
-engine_openssl(void)
-{
-        ENGINE *ret = ENGINE_new();
-        if (ret == NULL)
-                return NULL;
-        if (!bind_helper(ret)) {
-                ENGINE_free(ret);
-                return NULL;
-        }
-        return ret;
-}
-void
-ENGINE_load_openssl(void)
-{
-        ENGINE *toadd = engine_openssl();
-        if (toadd == NULL)
-                return;
-        (void) ENGINE_add(toadd);
-        /* If the "add" worked, it gets a structural reference. So either way,
-         * we release our just-created reference. */
-        ENGINE_free(toadd);
-        ERR_clear_error();
-}
-/* This stuff is needed if this ENGINE is being compiled into a self-contained
- * shared-library. */
-#ifdef ENGINE_DYNAMIC_SUPPORT
-static int
-bind_fn(ENGINE *e, const char *id)
-{
-        if (id && (strcmp(id, engine_openssl_id) != 0))
-                return 0;
-        if (!bind_helper(e))
-                return 0;
-        return 1;
-}
-IMPLEMENT_DYNAMIC_CHECK_FN()
-IMPLEMENT_DYNAMIC_BIND_FN(bind_fn)
-#endif /* ENGINE_DYNAMIC_SUPPORT */
-#ifdef TEST_ENG_OPENSSL_RC4
-/* This section of code compiles an "alternative implementation" of two modes of
- * RC4 into this ENGINE. The result is that EVP_CIPHER operation for "rc4"
- * should under normal circumstances go via this support rather than the default
- * EVP support. There are other symbols to tweak the testing;
- *    TEST_ENC_OPENSSL_RC4_OTHERS - print a one line message to stderr each time
- *        we're asked for a cipher we don't support (should not happen).
- *    TEST_ENG_OPENSSL_RC4_P_INIT - print a one line message to stderr each time
- *        the "init_key" handler is called.
- *    TEST_ENG_OPENSSL_RC4_P_CIPHER - ditto for the "cipher" handler.
- */
-#include <openssl/rc4.h>
-#define TEST_RC4_KEY_SIZE               16
-static int test_cipher_nids[] = {NID_rc4, NID_rc4_40};
-static int test_cipher_nids_number = 2;
-typedef struct {
-        unsigned char key[TEST_RC4_KEY_SIZE];
-        RC4_KEY ks;
-} TEST_RC4_KEY;
-#define test(ctx) ((TEST_RC4_KEY *)(ctx)->cipher_data)
-static int
-test_rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key,
-    const unsigned char *iv, int enc)
-{
-#ifdef TEST_ENG_OPENSSL_RC4_P_INIT
-        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_init_key() called\n");
-#endif
-        memcpy(&test(ctx)->key[0], key, EVP_CIPHER_CTX_key_length(ctx));
-        RC4_set_key(&test(ctx)->ks, EVP_CIPHER_CTX_key_length(ctx),
-            test(ctx)->key);
-        return 1;
-}
-static int
-test_rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out,
-    const unsigned char *in, size_t inl)
-{
-#ifdef TEST_ENG_OPENSSL_RC4_P_CIPHER
-        fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) test_cipher() called\n");
-#endif
-        RC4(&test(ctx)->ks, inl, in, out);
-        return 1;
-}
-static const EVP_CIPHER test_r4_cipher = {
-        NID_rc4,
-        1, TEST_RC4_KEY_SIZE, 0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        test_rc4_init_key,
-        test_rc4_cipher,
-        NULL,
-        sizeof(TEST_RC4_KEY),
-        NULL,
-        NULL,
-        NULL,
-        NULL
-};
-static const EVP_CIPHER test_r4_40_cipher = {
-        NID_rc4_40,
-        1,5 /* 40 bit */,0,
-        EVP_CIPH_VARIABLE_LENGTH,
-        test_rc4_init_key,
-        test_rc4_cipher,
-        NULL,
-        sizeof(TEST_RC4_KEY),
-        NULL,
-        NULL,
-        NULL,
-        NULL
-};
-static int
-openssl_ciphers(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid)
-{
-        if (!cipher) {
-                /* We are returning a list of supported nids */
-                *nids = test_cipher_nids;
-                return test_cipher_nids_number;
-        }
-        /* We are being asked for a specific cipher */
-        if (nid == NID_rc4)
-                *cipher = &test_r4_cipher;
-        else if (nid == NID_rc4_40)
-                *cipher = &test_r4_40_cipher;
-        else {
-#ifdef TEST_ENG_OPENSSL_RC4_OTHERS
-                fprintf(stderr, "(TEST_ENG_OPENSSL_RC4) returning NULL for "
-                    "nid %d\n", nid);
-#endif
-                *cipher = NULL;
-                return 0;
-        }
-        return 1;
-}
-#endif
-#ifdef TEST_ENG_OPENSSL_SHA
-/* Much the same sort of comment as for TEST_ENG_OPENSSL_RC4 */
-#include <openssl/sha.h>
-static int test_digest_nids[] = {NID_sha1};
-static int test_digest_nids_number = 1;
-static int
-test_sha1_init(EVP_MD_CTX *ctx)
-{
-#ifdef TEST_ENG_OPENSSL_SHA_P_INIT
-        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_init() called\n");
-#endif
-        return SHA1_Init(ctx->md_data);
-}
-static int
-test_sha1_update(EVP_MD_CTX *ctx, const void *data, size_t count)
-{
-#ifdef TEST_ENG_OPENSSL_SHA_P_UPDATE
-        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_update() called\n");
-#endif
-        return SHA1_Update(ctx->md_data, data, count);
-}
-static int
-test_sha1_final(EVP_MD_CTX *ctx, unsigned char *md)
-{
-#ifdef TEST_ENG_OPENSSL_SHA_P_FINAL
-        fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) test_sha1_final() called\n");
-#endif
-        return SHA1_Final(md, ctx->md_data);
-}
-static const EVP_MD test_sha_md = {
-        .type = NID_sha1,
-        .pkey_type = NID_sha1WithRSAEncryption,
-        .md_size = SHA_DIGEST_LENGTH,
-        .flags = 0,
-        .init = test_sha1_init,
-        .update = test_sha1_update,
-        .final = test_sha1_final,
-        .copy = NULL,
-        .cleanup = NULL,
-        .block_size = SHA_CBLOCK,
-        .ctx_size = sizeof(EVP_MD *) + sizeof(SHA_CTX),
-};
-static int
-openssl_digests(ENGINE *e, const EVP_MD **digest, const int **nids, int nid)
-{
-        if (!digest) {
-                /* We are returning a list of supported nids */
-                *nids = test_digest_nids;
-                return test_digest_nids_number;
-        }
-        /* We are being asked for a specific digest */
-        if (nid == NID_sha1)
-                *digest = &test_sha_md;
-        else {
-#ifdef TEST_ENG_OPENSSL_SHA_OTHERS
-                fprintf(stderr, "(TEST_ENG_OPENSSL_SHA) returning NULL for "
-                    "nid %d\n", nid);
-#endif
-                *digest = NULL;
-                return 0;
-        }
-        return 1;
-}
-#endif
-#ifdef TEST_ENG_OPENSSL_PKEY
-static EVP_PKEY *
-openssl_load_privkey(ENGINE *eng, const char *key_id, UI_METHOD *ui_method,
-    void *callback_data)
-{
-        BIO *in;
-        EVP_PKEY *key;
-        fprintf(stderr, "(TEST_ENG_OPENSSL_PKEY)Loading Private key %s\n",
-            key_id);
-        in = BIO_new_file(key_id, "r");
-        if (!in)
-                return NULL;
-        key = PEM_read_bio_PrivateKey(in, NULL, 0, NULL);
-        BIO_free(in);
-        return key;
-}
-#endif
diff --git a/src/lib/libcrypto/engine/eng_pkey.c b/src/lib/libcrypto/engine/eng_pkey.c
deleted file mode 100644
index a0320e973f..0000000000
--- a/src/lib/libcrypto/engine/eng_pkey.c
+++ /dev/null
@@ -1,184 +0,0 @@
-/* $OpenBSD: eng_pkey.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 1999-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/err.h>
-#include "eng_int.h"
-/* Basic get/set stuff */
-int
-ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f)
-{
-        e->load_privkey = loadpriv_f;
-        return 1;
-}
-int
-ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f)
-{
-        e->load_pubkey = loadpub_f;
-        return 1;
-}
-int
-ENGINE_set_load_ssl_client_cert_function(ENGINE *e,
-    ENGINE_SSL_CLIENT_CERT_PTR loadssl_f)
-{
-        e->load_ssl_client_cert = loadssl_f;
-        return 1;
-}
-ENGINE_LOAD_KEY_PTR
-ENGINE_get_load_privkey_function(const ENGINE *e)
-{
-        return e->load_privkey;
-}
-ENGINE_LOAD_KEY_PTR
-ENGINE_get_load_pubkey_function(const ENGINE *e)
-{
-        return e->load_pubkey;
-}
-ENGINE_SSL_CLIENT_CERT_PTR
-ENGINE_get_ssl_client_cert_function(const ENGINE *e)
-{
-        return e->load_ssl_client_cert;
-}
-/* API functions to load public/private keys */
-EVP_PKEY *
-ENGINE_load_private_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
-    void *callback_data)
-{
-        EVP_PKEY *pkey;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (e->funct_ref == 0) {
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerror(ENGINE_R_NOT_INITIALISED);
-                return 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (!e->load_privkey) {
-                ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
-                return 0;
-        }
-        pkey = e->load_privkey(e, key_id, ui_method, callback_data);
-        if (!pkey) {
-                ENGINEerror(ENGINE_R_FAILED_LOADING_PRIVATE_KEY);
-                return 0;
-        }
-        return pkey;
-}
-EVP_PKEY *
-ENGINE_load_public_key(ENGINE *e, const char *key_id, UI_METHOD *ui_method,
-    void *callback_data)
-{
-        EVP_PKEY *pkey;
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (e->funct_ref == 0) {
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerror(ENGINE_R_NOT_INITIALISED);
-                return 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (!e->load_pubkey) {
-                ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
-                return 0;
-        }
-        pkey = e->load_pubkey(e, key_id, ui_method, callback_data);
-        if (!pkey) {
-                ENGINEerror(ENGINE_R_FAILED_LOADING_PUBLIC_KEY);
-                return 0;
-        }
-        return pkey;
-}
-int
-ENGINE_load_ssl_client_cert(ENGINE *e, SSL *s, STACK_OF(X509_NAME) *ca_dn,
-    X509 **pcert, EVP_PKEY **ppkey, STACK_OF(X509) **pother,
-    UI_METHOD *ui_method, void *callback_data)
-{
-        if (e == NULL) {
-                ENGINEerror(ERR_R_PASSED_NULL_PARAMETER);
-                return 0;
-        }
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (e->funct_ref == 0) {
-                CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-                ENGINEerror(ENGINE_R_NOT_INITIALISED);
-                return 0;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        if (!e->load_ssl_client_cert) {
-                ENGINEerror(ENGINE_R_NO_LOAD_FUNCTION);
-                return 0;
-        }
-        return e->load_ssl_client_cert(e, s, ca_dn, pcert, ppkey, pother,
-            ui_method, callback_data);
-}
diff --git a/src/lib/libcrypto/engine/eng_table.c b/src/lib/libcrypto/engine/eng_table.c
deleted file mode 100644
index 0e7ea3b698..0000000000
--- a/src/lib/libcrypto/engine/eng_table.c
+++ /dev/null
@@ -1,354 +0,0 @@
-/* $OpenBSD: eng_table.c,v 1.10 2022/12/26 07:18:52 jmc Exp $ */
-/* ====================================================================
- * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/lhash.h>
-#include "eng_int.h"
-/* The type of the items in the table */
-typedef struct st_engine_pile {
-        /* The 'nid' of this algorithm/mode */
-        int nid;
-        /* ENGINEs that implement this algorithm/mode. */
-        STACK_OF(ENGINE) *sk;
-        /* The default ENGINE to perform this algorithm/mode. */
-        ENGINE *funct;
-        /* Zero if 'sk' is newer than the cached 'funct', non-zero otherwise */
-        int uptodate;
-} ENGINE_PILE;
-DECLARE_LHASH_OF(ENGINE_PILE);
-/* The type exposed in eng_int.h */
-struct st_engine_table {
-        LHASH_OF(ENGINE_PILE) piles;
-}; /* ENGINE_TABLE */
-typedef struct st_engine_pile_doall {
-        engine_table_doall_cb *cb;
-        void *arg;
-} ENGINE_PILE_DOALL;
-/* Global flags (ENGINE_TABLE_FLAG_***). */
-static unsigned int table_flags = 0;
-/* API function manipulating 'table_flags' */
-unsigned int
-ENGINE_get_table_flags(void)
-{
-        return table_flags;
-}
-void
-ENGINE_set_table_flags(unsigned int flags)
-{
-        table_flags = flags;
-}
-/* Internal functions for the "piles" hash table */
-static unsigned long
-engine_pile_hash(const ENGINE_PILE *c)
-{
-        return c->nid;
-}
-static int
-engine_pile_cmp(const ENGINE_PILE *a, const ENGINE_PILE *b)
-{
-        return a->nid - b->nid;
-}
-static IMPLEMENT_LHASH_HASH_FN(engine_pile, ENGINE_PILE)
-static IMPLEMENT_LHASH_COMP_FN(engine_pile, ENGINE_PILE)
-static int
-int_table_check(ENGINE_TABLE **t, int create)
-{
-        LHASH_OF(ENGINE_PILE) *lh;
-        if (*t)
-                return 1;
-        if (!create)
-                return 0;
-        if ((lh = lh_ENGINE_PILE_new()) == NULL)
-                return 0;
-        *t = (ENGINE_TABLE *)lh;
-        return 1;
-}
-/* Privately exposed (via eng_int.h) functions for adding and/or removing
- * ENGINEs from the implementation table */
-int
-engine_table_register(ENGINE_TABLE **table, ENGINE_CLEANUP_CB *cleanup,
-    ENGINE *e, const int *nids, int num_nids, int setdefault)
-{
-        int ret = 0, added = 0;
-        ENGINE_PILE tmplate, *fnd;
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (!(*table))
-                added = 1;
-        if (!int_table_check(table, 1))
-                goto end;
-        if (added)
-                /* The cleanup callback needs to be added */
-                engine_cleanup_add_first(cleanup);
-        while (num_nids--) {
-                tmplate.nid = *nids;
-                fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
-                if (!fnd) {
-                        fnd = malloc(sizeof(ENGINE_PILE));
-                        if (!fnd)
-                                goto end;
-                        fnd->uptodate = 1;
-                        fnd->nid = *nids;
-                        fnd->sk = sk_ENGINE_new_null();
-                        if (!fnd->sk) {
-                                free(fnd);
-                                goto end;
-                        }
-                        fnd->funct = NULL;
-                        (void)lh_ENGINE_PILE_insert(&(*table)->piles, fnd);
-                }
-                /* A registration shouldn't add duplicate entries */
-                (void)sk_ENGINE_delete_ptr(fnd->sk, e);
-                /* if 'setdefault', this ENGINE goes to the head of the list */
-                if (!sk_ENGINE_push(fnd->sk, e))
-                        goto end;
-                /* "touch" this ENGINE_PILE */
-                fnd->uptodate = 0;
-                if (setdefault) {
-                        if (!engine_unlocked_init(e)) {
-                                ENGINEerror(ENGINE_R_INIT_FAILED);
-                                goto end;
-                        }
-                        if (fnd->funct)
-                                engine_unlocked_finish(fnd->funct, 0);
-                        fnd->funct = e;
-                        fnd->uptodate = 1;
-                }
-                nids++;
-        }
-        ret = 1;
-end:
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return ret;
-}
-static void
-int_unregister_cb_doall_arg(ENGINE_PILE *pile, ENGINE *e)
-{
-        int n;
-        /* Iterate the 'c->sk' stack removing any occurrence of 'e' */
-        while ((n = sk_ENGINE_find(pile->sk, e)) >= 0) {
-                (void)sk_ENGINE_delete(pile->sk, n);
-                pile->uptodate = 0;
-        }
-        if (pile->funct == e) {
-                engine_unlocked_finish(e, 0);
-                pile->funct = NULL;
-        }
-}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_unregister_cb, ENGINE_PILE, ENGINE)
-void
-engine_table_unregister(ENGINE_TABLE **table, ENGINE *e)
-{
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (int_table_check(table, 0))
-                lh_ENGINE_PILE_doall_arg(&(*table)->piles,
-                    LHASH_DOALL_ARG_FN(int_unregister_cb), ENGINE, e);
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-}
-static void
-int_cleanup_cb_doall(ENGINE_PILE *p)
-{
-        sk_ENGINE_free(p->sk);
-        if (p->funct)
-                engine_unlocked_finish(p->funct, 0);
-        free(p);
-}
-static IMPLEMENT_LHASH_DOALL_FN(int_cleanup_cb, ENGINE_PILE)
-void
-engine_table_cleanup(ENGINE_TABLE **table)
-{
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        if (*table) {
-                lh_ENGINE_PILE_doall(&(*table)->piles,
-                    LHASH_DOALL_FN(int_cleanup_cb));
-                lh_ENGINE_PILE_free(&(*table)->piles);
-                *table = NULL;
-        }
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-}
-/* return a functional reference for a given 'nid' */
-#ifndef ENGINE_TABLE_DEBUG
-ENGINE *
-engine_table_select(ENGINE_TABLE **table, int nid)
-#else
-ENGINE *
-engine_table_select_tmp(ENGINE_TABLE **table, int nid, const char *f, int l)
-#endif
-{
-        ENGINE *ret = NULL;
-        ENGINE_PILE tmplate, *fnd = NULL;
-        int initres, loop = 0;
-        if (!(*table)) {
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, nothing "
-                    "registered!\n", f, l, nid);
-#endif
-                return NULL;
-        }
-        ERR_set_mark();
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        /* Check again inside the lock otherwise we could race against cleanup
-         * operations. But don't worry about a fprintf(stderr). */
-        if (!int_table_check(table, 0))
-                goto end;
-        tmplate.nid = nid;
-        fnd = lh_ENGINE_PILE_retrieve(&(*table)->piles, &tmplate);
-        if (!fnd)
-                goto end;
-        if (fnd->funct && engine_unlocked_init(fnd->funct)) {
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-                    "ENGINE '%s' cached\n", f, l, nid, fnd->funct->id);
-#endif
-                ret = fnd->funct;
-                goto end;
-        }
-        if (fnd->uptodate) {
-                ret = fnd->funct;
-                goto end;
-        }
-trynext:
-        ret = sk_ENGINE_value(fnd->sk, loop++);
-        if (!ret) {
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, no "
-                    "registered implementations would initialise\n", f, l, nid);
-#endif
-                goto end;
-        }
-        /* Try to initialise the ENGINE? */
-        if ((ret->funct_ref > 0) || !(table_flags & ENGINE_TABLE_FLAG_NOINIT))
-                initres = engine_unlocked_init(ret);
-        else
-                initres = 0;
-        if (initres) {
-                /* Update 'funct' */
-                if ((fnd->funct != ret) && engine_unlocked_init(ret)) {
-                        /* If there was a previous default we release it. */
-                        if (fnd->funct)
-                                engine_unlocked_finish(fnd->funct, 0);
-                        fnd->funct = ret;
-#ifdef ENGINE_TABLE_DEBUG
-                        fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, "
-                            "setting default to '%s'\n", f, l, nid, ret->id);
-#endif
-                }
-#ifdef ENGINE_TABLE_DEBUG
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, using "
-                    "newly initialised '%s'\n", f, l, nid, ret->id);
-#endif
-                goto end;
-        }
-        goto trynext;
-end:
-        /* If it failed, it is unlikely to succeed again until some future
-         * registrations have taken place. In all cases, we cache. */
-        if (fnd)
-                fnd->uptodate = 1;
-#ifdef ENGINE_TABLE_DEBUG
-        if (ret)
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-                    "ENGINE '%s'\n", f, l, nid, ret->id);
-        else
-                fprintf(stderr, "engine_table_dbg: %s:%d, nid=%d, caching "
-                    "'no matching ENGINE'\n", f, l, nid);
-#endif
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        /* Whatever happened, any failed init()s are not failures in this
-         * context, so clear our error state. */
-        ERR_pop_to_mark();
-        return ret;
-}
-/* Table enumeration */
-static void
-int_cb_doall_arg(ENGINE_PILE *pile, ENGINE_PILE_DOALL *dall)
-{
-        dall->cb(pile->nid, pile->sk, pile->funct, dall->arg);
-}
-static IMPLEMENT_LHASH_DOALL_ARG_FN(int_cb, ENGINE_PILE, ENGINE_PILE_DOALL)
-void
-engine_table_doall(ENGINE_TABLE *table, engine_table_doall_cb *cb, void *arg)
-{
-        ENGINE_PILE_DOALL dall;
-        dall.cb = cb;
-        dall.arg = arg;
-        lh_ENGINE_PILE_doall_arg(&table->piles, LHASH_DOALL_ARG_FN(int_cb),
-            ENGINE_PILE_DOALL, &dall);
-}
diff --git a/src/lib/libcrypto/engine/tb_asnmth.c b/src/lib/libcrypto/engine/tb_asnmth.c
deleted file mode 100644
index 913230f696..0000000000
--- a/src/lib/libcrypto/engine/tb_asnmth.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* $OpenBSD: tb_asnmth.c,v 1.7 2022/11/26 16:08:52 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <string.h>
-#include <openssl/err.h>
-#include "eng_int.h"
-#include "asn1_local.h"
-#include <openssl/evp.h>
-/* If this symbol is defined then ENGINE_get_pkey_asn1_meth_engine(), the
- * function that is used by EVP to hook in pkey_asn1_meth code and cache
- * defaults (etc), will display brief debugging summaries to stderr with the
- * 'nid'. */
-/* #define ENGINE_PKEY_ASN1_METH_DEBUG */
-static ENGINE_TABLE *pkey_asn1_meth_table = NULL;
-void
-ENGINE_unregister_pkey_asn1_meths(ENGINE *e)
-{
-        engine_table_unregister(&pkey_asn1_meth_table, e);
-}
-static void
-engine_unregister_all_pkey_asn1_meths(void)
-{
-        engine_table_cleanup(&pkey_asn1_meth_table);
-}
-int
-ENGINE_register_pkey_asn1_meths(ENGINE *e)
-{
-        if (e->pkey_asn1_meths) {
-                const int *nids;
-                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&pkey_asn1_meth_table,
-                            engine_unregister_all_pkey_asn1_meths, e, nids,
-                            num_nids, 0);
-        }
-        return 1;
-}
-void
-ENGINE_register_all_pkey_asn1_meths(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_pkey_asn1_meths(e);
-}
-int
-ENGINE_set_default_pkey_asn1_meths(ENGINE *e)
-{
-        if (e->pkey_asn1_meths) {
-                const int *nids;
-                int num_nids = e->pkey_asn1_meths(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&pkey_asn1_meth_table,
-                            engine_unregister_all_pkey_asn1_meths, e, nids,
-                            num_nids, 1);
-        }
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_asn1_meth 'nid' */
-ENGINE *
-ENGINE_get_pkey_asn1_meth_engine(int nid)
-{
-        return engine_table_select(&pkey_asn1_meth_table, nid);
-}
-/* Obtains a pkey_asn1_meth implementation from an ENGINE functional reference */
-const EVP_PKEY_ASN1_METHOD *
-ENGINE_get_pkey_asn1_meth(ENGINE *e, int nid)
-{
-        EVP_PKEY_ASN1_METHOD *ret;
-        ENGINE_PKEY_ASN1_METHS_PTR fn = ENGINE_get_pkey_asn1_meths(e);
-        if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
-                return NULL;
-        }
-        return ret;
-}
-/* Gets the pkey_asn1_meth callback from an ENGINE structure */
-ENGINE_PKEY_ASN1_METHS_PTR
-ENGINE_get_pkey_asn1_meths(const ENGINE *e)
-{
-        return e->pkey_asn1_meths;
-}
-/* Sets the pkey_asn1_meth callback in an ENGINE structure */
-int
-ENGINE_set_pkey_asn1_meths(ENGINE *e, ENGINE_PKEY_ASN1_METHS_PTR f)
-{
-        e->pkey_asn1_meths = f;
-        return 1;
-}
-/* Internal function to free up EVP_PKEY_ASN1_METHOD structures before an
- * ENGINE is destroyed
- */
-void
-engine_pkey_asn1_meths_free(ENGINE *e)
-{
-        int i;
-        EVP_PKEY_ASN1_METHOD *pkm;
-        if (e->pkey_asn1_meths) {
-                const int *pknids;
-                int npknids;
-                npknids = e->pkey_asn1_meths(e, NULL, &pknids, 0);
-                for (i = 0; i < npknids; i++) {
-                        if (e->pkey_asn1_meths(e, &pkm, NULL, pknids[i])) {
-                                EVP_PKEY_asn1_free(pkm);
-                        }
-                }
-        }
-}
-/* Find a method based on a string. This does a linear search through
- * all implemented algorithms. This is OK in practice because only
- * a small number of algorithms are likely to be implemented in an engine
- * and it is not used for speed critical operations.
- */
-const EVP_PKEY_ASN1_METHOD *
-ENGINE_get_pkey_asn1_meth_str(ENGINE *e, const char *str, int len)
-{
-        int i, nidcount;
-        const int *nids;
-        EVP_PKEY_ASN1_METHOD *ameth;
-        if (!e->pkey_asn1_meths)
-                return NULL;
-        if (len == -1)
-                len = strlen(str);
-        nidcount = e->pkey_asn1_meths(e, NULL, &nids, 0);
-        for (i = 0; i < nidcount; i++) {
-                e->pkey_asn1_meths(e, &ameth, NULL, nids[i]);
-                if (((int)strlen(ameth->pem_str) == len) &&
-                    !strncasecmp(ameth->pem_str, str, len))
-                        return ameth;
-        }
-        return NULL;
-}
-typedef struct {
-        ENGINE *e;
-        const EVP_PKEY_ASN1_METHOD *ameth;
-        const char *str;
-        int len;
-} ENGINE_FIND_STR;
-static void
-look_str_cb(int nid, STACK_OF(ENGINE) *sk, ENGINE *def, void *arg)
-{
-        ENGINE_FIND_STR *lk = arg;
-        int i;
-        if (lk->ameth)
-                return;
-        for (i = 0; i < sk_ENGINE_num(sk); i++) {
-                ENGINE *e = sk_ENGINE_value(sk, i);
-                EVP_PKEY_ASN1_METHOD *ameth;
-                e->pkey_asn1_meths(e, &ameth, NULL, nid);
-                if (((int)strlen(ameth->pem_str) == lk->len) &&
-                    !strncasecmp(ameth->pem_str, lk->str, lk->len)) {
-                        lk->e = e;
-                        lk->ameth = ameth;
-                        return;
-                }
-        }
-}
-const EVP_PKEY_ASN1_METHOD *
-ENGINE_pkey_asn1_find_str(ENGINE **pe, const char *str, int len)
-{
-        ENGINE_FIND_STR fstr;
-        fstr.e = NULL;
-        fstr.ameth = NULL;
-        fstr.str = str;
-        fstr.len = len;
-        CRYPTO_w_lock(CRYPTO_LOCK_ENGINE);
-        engine_table_doall(pkey_asn1_meth_table, look_str_cb, &fstr);
-        /* If found obtain a structural reference to engine */
-        if (fstr.e) {
-                fstr.e->struct_ref++;
-                engine_ref_debug(fstr.e, 0, 1)
-        }
-        *pe = fstr.e;
-        CRYPTO_w_unlock(CRYPTO_LOCK_ENGINE);
-        return fstr.ameth;
-}
diff --git a/src/lib/libcrypto/engine/tb_cipher.c b/src/lib/libcrypto/engine/tb_cipher.c
deleted file mode 100644
index ed87ff199e..0000000000
--- a/src/lib/libcrypto/engine/tb_cipher.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* $OpenBSD: tb_cipher.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/err.h>
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_cipher_engine(), the function that
- * is used by EVP to hook in cipher code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_CIPHER_DEBUG */
-static ENGINE_TABLE *cipher_table = NULL;
-void
-ENGINE_unregister_ciphers(ENGINE *e)
-{
-        engine_table_unregister(&cipher_table, e);
-}
-static void
-engine_unregister_all_ciphers(void)
-{
-        engine_table_cleanup(&cipher_table);
-}
-int
-ENGINE_register_ciphers(ENGINE *e)
-{
-        if (e->ciphers) {
-                const int *nids;
-                int num_nids = e->ciphers(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&cipher_table,
-                            engine_unregister_all_ciphers, e, nids,
-                            num_nids, 0);
-        }
-        return 1;
-}
-void
-ENGINE_register_all_ciphers(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_ciphers(e);
-}
-int
-ENGINE_set_default_ciphers(ENGINE *e)
-{
-        if (e->ciphers) {
-                const int *nids;
-                int num_nids = e->ciphers(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&cipher_table,
-                            engine_unregister_all_ciphers, e, nids,
-                            num_nids, 1);
-        }
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given cipher 'nid' */
-ENGINE *
-ENGINE_get_cipher_engine(int nid)
-{
-        return engine_table_select(&cipher_table, nid);
-}
-/* Obtains a cipher implementation from an ENGINE functional reference */
-const EVP_CIPHER *
-ENGINE_get_cipher(ENGINE *e, int nid)
-{
-        const EVP_CIPHER *ret;
-        ENGINE_CIPHERS_PTR fn = ENGINE_get_ciphers(e);
-        if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerror(ENGINE_R_UNIMPLEMENTED_CIPHER);
-                return NULL;
-        }
-        return ret;
-}
-/* Gets the cipher callback from an ENGINE structure */
-ENGINE_CIPHERS_PTR
-ENGINE_get_ciphers(const ENGINE *e)
-{
-        return e->ciphers;
-}
-/* Sets the cipher callback in an ENGINE structure */
-int
-ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f)
-{
-        e->ciphers = f;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_dh.c b/src/lib/libcrypto/engine/tb_dh.c
deleted file mode 100644
index 4f200424e5..0000000000
--- a/src/lib/libcrypto/engine/tb_dh.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $OpenBSD: tb_dh.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_DH(), the function that is
- * used by DH to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DH_DEBUG */
-static ENGINE_TABLE *dh_table = NULL;
-static const int dummy_nid = 1;
-void
-ENGINE_unregister_DH(ENGINE *e)
-{
-        engine_table_unregister(&dh_table, e);
-}
-static void
-engine_unregister_all_DH(void)
-{
-        engine_table_cleanup(&dh_table);
-}
-int
-ENGINE_register_DH(ENGINE *e)
-{
-        if (e->dh_meth)
-                return engine_table_register(&dh_table,
-                    engine_unregister_all_DH, e, &dummy_nid, 1, 0);
-        return 1;
-}
-void
-ENGINE_register_all_DH(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_DH(e);
-}
-int
-ENGINE_set_default_DH(ENGINE *e)
-{
-        if (e->dh_meth)
-                return engine_table_register(&dh_table,
-                    engine_unregister_all_DH, e, &dummy_nid, 1, 1);
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *
-ENGINE_get_default_DH(void)
-{
-        return engine_table_select(&dh_table, dummy_nid);
-}
-/* Obtains an DH implementation from an ENGINE functional reference */
-const DH_METHOD *
-ENGINE_get_DH(const ENGINE *e)
-{
-        return e->dh_meth;
-}
-/* Sets an DH implementation in an ENGINE structure */
-int
-ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth)
-{
-        e->dh_meth = dh_meth;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_digest.c b/src/lib/libcrypto/engine/tb_digest.c
deleted file mode 100644
index f1a2e8a6b3..0000000000
--- a/src/lib/libcrypto/engine/tb_digest.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/* $OpenBSD: tb_digest.c,v 1.8 2017/01/29 17:49:23 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/err.h>
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_digest_engine(), the function that
- * is used by EVP to hook in digest code and cache defaults (etc), will display
- * brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DIGEST_DEBUG */
-static ENGINE_TABLE *digest_table = NULL;
-void
-ENGINE_unregister_digests(ENGINE *e)
-{
-        engine_table_unregister(&digest_table, e);
-}
-static void
-engine_unregister_all_digests(void)
-{
-        engine_table_cleanup(&digest_table);
-}
-int
-ENGINE_register_digests(ENGINE *e)
-{
-        if (e->digests) {
-                const int *nids;
-                int num_nids = e->digests(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&digest_table,
-                            engine_unregister_all_digests, e, nids,
-                            num_nids, 0);
-        }
-        return 1;
-}
-void
-ENGINE_register_all_digests(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_digests(e);
-}
-int
-ENGINE_set_default_digests(ENGINE *e)
-{
-        if (e->digests) {
-                const int *nids;
-                int num_nids = e->digests(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&digest_table,
-                            engine_unregister_all_digests, e, nids,
-                            num_nids, 1);
-        }
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given digest 'nid' */
-ENGINE *
-ENGINE_get_digest_engine(int nid)
-{
-        return engine_table_select(&digest_table, nid);
-}
-/* Obtains a digest implementation from an ENGINE functional reference */
-const EVP_MD *
-ENGINE_get_digest(ENGINE *e, int nid)
-{
-        const EVP_MD *ret;
-        ENGINE_DIGESTS_PTR fn = ENGINE_get_digests(e);
-        if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerror(ENGINE_R_UNIMPLEMENTED_DIGEST);
-                return NULL;
-        }
-        return ret;
-}
-/* Gets the digest callback from an ENGINE structure */
-ENGINE_DIGESTS_PTR
-ENGINE_get_digests(const ENGINE *e)
-{
-        return e->digests;
-}
-/* Sets the digest callback in an ENGINE structure */
-int
-ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f)
-{
-        e->digests = f;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_dsa.c b/src/lib/libcrypto/engine/tb_dsa.c
deleted file mode 100644
index 23e9236107..0000000000
--- a/src/lib/libcrypto/engine/tb_dsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $OpenBSD: tb_dsa.c,v 1.7 2014/06/12 15:49:29 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_DSA(), the function that is
- * used by DSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_DSA_DEBUG */
-static ENGINE_TABLE *dsa_table = NULL;
-static const int dummy_nid = 1;
-void
-ENGINE_unregister_DSA(ENGINE *e)
-{
-        engine_table_unregister(&dsa_table, e);
-}
-static void
-engine_unregister_all_DSA(void)
-{
-        engine_table_cleanup(&dsa_table);
-}
-int
-ENGINE_register_DSA(ENGINE *e)
-{
-        if (e->dsa_meth)
-                return engine_table_register(&dsa_table,
-                    engine_unregister_all_DSA, e, &dummy_nid, 1, 0);
-        return 1;
-}
-void
-ENGINE_register_all_DSA(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_DSA(e);
-}
-int
-ENGINE_set_default_DSA(ENGINE *e)
-{
-        if (e->dsa_meth)
-                return engine_table_register(&dsa_table,
-                    engine_unregister_all_DSA, e, &dummy_nid, 1, 1);
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *
-ENGINE_get_default_DSA(void)
-{
-        return engine_table_select(&dsa_table, dummy_nid);
-}
-/* Obtains an DSA implementation from an ENGINE functional reference */
-const DSA_METHOD *
-ENGINE_get_DSA(const ENGINE *e)
-{
-        return e->dsa_meth;
-}
-/* Sets an DSA implementation in an ENGINE structure */
-int
-ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth)
-{
-        e->dsa_meth = dsa_meth;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_eckey.c b/src/lib/libcrypto/engine/tb_eckey.c
deleted file mode 100644
index 464156aefa..0000000000
--- a/src/lib/libcrypto/engine/tb_eckey.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/*      $OpenBSD: tb_eckey.c,v 1.2 2019/01/19 01:18:56 tb Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "eng_int.h"
-static ENGINE_TABLE *ec_table = NULL;
-static const int dummy_nid = 1;
-void
-ENGINE_unregister_EC(ENGINE *e)
-{
-        engine_table_unregister(&ec_table, e);
-}
-static void
-engine_unregister_all_EC(void)
-{
-        engine_table_cleanup(&ec_table);
-}
-int
-ENGINE_register_EC(ENGINE *e)
-{
-        if (e->ec_meth)
-                return engine_table_register(&ec_table,
-                    engine_unregister_all_EC, e, &dummy_nid, 1, 0);
-        return 1;
-}
-void
-ENGINE_register_all_EC(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e != NULL; e = ENGINE_get_next(e))
-                ENGINE_register_EC(e);
-}
-int
-ENGINE_set_default_EC(ENGINE *e)
-{
-        if (e->ec_meth != NULL)
-                return engine_table_register(&ec_table,
-                    engine_unregister_all_EC, e, &dummy_nid, 1, 1);
-        return 1;
-}
-/*
- * Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references).
- */
-ENGINE *
-ENGINE_get_default_EC(void)
-{
-        return engine_table_select(&ec_table, dummy_nid);
-}
-/* Obtains an EC_KEY implementation from an ENGINE functional reference */
-const EC_KEY_METHOD *
-ENGINE_get_EC(const ENGINE *e)
-{
-        return e->ec_meth;
-}
-/* Sets an EC_KEY implementation in an ENGINE structure */
-int
-ENGINE_set_EC(ENGINE *e, const EC_KEY_METHOD *ec_meth)
-{
-        e->ec_meth = ec_meth;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_pkmeth.c b/src/lib/libcrypto/engine/tb_pkmeth.c
deleted file mode 100644
index 05566a3464..0000000000
--- a/src/lib/libcrypto/engine/tb_pkmeth.c
+++ /dev/null
@@ -1,175 +0,0 @@
-/* $OpenBSD: tb_pkmeth.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <openssl/err.h>
-#include "eng_int.h"
-#include <openssl/evp.h>
-/* If this symbol is defined then ENGINE_get_pkey_meth_engine(), the function
- * that is used by EVP to hook in pkey_meth code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_PKEY_METH_DEBUG */
-static ENGINE_TABLE *pkey_meth_table = NULL;
-void
-ENGINE_unregister_pkey_meths(ENGINE *e)
-{
-        engine_table_unregister(&pkey_meth_table, e);
-}
-static void
-engine_unregister_all_pkey_meths(void)
-{
-        engine_table_cleanup(&pkey_meth_table);
-}
-int
-ENGINE_register_pkey_meths(ENGINE *e)
-{
-        if (e->pkey_meths) {
-                const int *nids;
-                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&pkey_meth_table,
-                            engine_unregister_all_pkey_meths, e, nids,
-                            num_nids, 0);
-        }
-        return 1;
-}
-void
-ENGINE_register_all_pkey_meths(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_pkey_meths(e);
-}
-int
-ENGINE_set_default_pkey_meths(ENGINE *e)
-{
-        if (e->pkey_meths) {
-                const int *nids;
-                int num_nids = e->pkey_meths(e, NULL, &nids, 0);
-                if (num_nids > 0)
-                        return engine_table_register(&pkey_meth_table,
-                            engine_unregister_all_pkey_meths, e, nids,
-                            num_nids, 1);
-        }
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references) for a given pkey_meth 'nid' */
-ENGINE *
-ENGINE_get_pkey_meth_engine(int nid)
-{
-        return engine_table_select(&pkey_meth_table, nid);
-}
-/* Obtains a pkey_meth implementation from an ENGINE functional reference */
-const EVP_PKEY_METHOD *
-ENGINE_get_pkey_meth(ENGINE *e, int nid)
-{
-        EVP_PKEY_METHOD *ret;
-        ENGINE_PKEY_METHS_PTR fn = ENGINE_get_pkey_meths(e);
-        if (!fn || !fn(e, &ret, NULL, nid)) {
-                ENGINEerror(ENGINE_R_UNIMPLEMENTED_PUBLIC_KEY_METHOD);
-                return NULL;
-        }
-        return ret;
-}
-/* Gets the pkey_meth callback from an ENGINE structure */
-ENGINE_PKEY_METHS_PTR
-ENGINE_get_pkey_meths(const ENGINE *e)
-{
-        return e->pkey_meths;
-}
-/* Sets the pkey_meth callback in an ENGINE structure */
-int
-ENGINE_set_pkey_meths(ENGINE *e, ENGINE_PKEY_METHS_PTR f)
-{
-        e->pkey_meths = f;
-        return 1;
-}
-/* Internal function to free up EVP_PKEY_METHOD structures before an
- * ENGINE is destroyed
- */
-void
-engine_pkey_meths_free(ENGINE *e)
-{
-        int i;
-        EVP_PKEY_METHOD *pkm;
-        if (e->pkey_meths) {
-                const int *pknids;
-                int npknids;
-                npknids = e->pkey_meths(e, NULL, &pknids, 0);
-                for (i = 0; i < npknids; i++) {
-                        if (e->pkey_meths(e, &pkm, NULL, pknids[i])) {
-                                EVP_PKEY_meth_free(pkm);
-                        }
-                }
-        }
-}
diff --git a/src/lib/libcrypto/engine/tb_rand.c b/src/lib/libcrypto/engine/tb_rand.c
deleted file mode 100644
index cc61da747c..0000000000
--- a/src/lib/libcrypto/engine/tb_rand.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $OpenBSD: tb_rand.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_RAND(), the function that is
- * used by RAND to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RAND_DEBUG */
-static ENGINE_TABLE *rand_table = NULL;
-static const int dummy_nid = 1;
-void
-ENGINE_unregister_RAND(ENGINE *e)
-{
-        engine_table_unregister(&rand_table, e);
-}
-static void
-engine_unregister_all_RAND(void)
-{
-        engine_table_cleanup(&rand_table);
-}
-int
-ENGINE_register_RAND(ENGINE *e)
-{
-        if (e->rand_meth)
-                return engine_table_register(&rand_table,
-                    engine_unregister_all_RAND, e, &dummy_nid, 1, 0);
-        return 1;
-}
-void
-ENGINE_register_all_RAND(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_RAND(e);
-}
-int
-ENGINE_set_default_RAND(ENGINE *e)
-{
-        if (e->rand_meth)
-                return engine_table_register(&rand_table,
-                    engine_unregister_all_RAND, e, &dummy_nid, 1, 1);
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *
-ENGINE_get_default_RAND(void)
-{
-        return engine_table_select(&rand_table, dummy_nid);
-}
-/* Obtains an RAND implementation from an ENGINE functional reference */
-const RAND_METHOD *
-ENGINE_get_RAND(const ENGINE *e)
-{
-        return e->rand_meth;
-}
-/* Sets an RAND implementation in an ENGINE structure */
-int
-ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth)
-{
-        e->rand_meth = rand_meth;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_rsa.c b/src/lib/libcrypto/engine/tb_rsa.c
deleted file mode 100644
index 52ee8889a0..0000000000
--- a/src/lib/libcrypto/engine/tb_rsa.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* $OpenBSD: tb_rsa.c,v 1.6 2014/06/12 15:49:29 deraadt Exp $ */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_RSA(), the function that is
- * used by RSA to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_RSA_DEBUG */
-static ENGINE_TABLE *rsa_table = NULL;
-static const int dummy_nid = 1;
-void
-ENGINE_unregister_RSA(ENGINE *e)
-{
-        engine_table_unregister(&rsa_table, e);
-}
-static void
-engine_unregister_all_RSA(void)
-{
-        engine_table_cleanup(&rsa_table);
-}
-int
-ENGINE_register_RSA(ENGINE *e)
-{
-        if (e->rsa_meth)
-                return engine_table_register(&rsa_table,
-                    engine_unregister_all_RSA, e, &dummy_nid, 1, 0);
-        return 1;
-}
-void
-ENGINE_register_all_RSA(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_RSA(e);
-}
-int
-ENGINE_set_default_RSA(ENGINE *e)
-{
-        if (e->rsa_meth)
-                return engine_table_register(&rsa_table,
-                    engine_unregister_all_RSA, e, &dummy_nid, 1, 1);
-        return 1;
-}
-/* Exposed API function to get a functional reference from the implementation
- * table (ie. try to get a functional reference from the tabled structural
- * references). */
-ENGINE *
-ENGINE_get_default_RSA(void)
-{
-        return engine_table_select(&rsa_table, dummy_nid);
-}
-/* Obtains an RSA implementation from an ENGINE functional reference */
-const RSA_METHOD *
-ENGINE_get_RSA(const ENGINE *e)
-{
-        return e->rsa_meth;
-}
-/* Sets an RSA implementation in an ENGINE structure */
-int
-ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth)
-{
-        e->rsa_meth = rsa_meth;
-        return 1;
-}
diff --git a/src/lib/libcrypto/engine/tb_store.c b/src/lib/libcrypto/engine/tb_store.c
deleted file mode 100644
index e9ad11ab01..0000000000
--- a/src/lib/libcrypto/engine/tb_store.c
+++ /dev/null
@@ -1,109 +0,0 @@
-/* $OpenBSD: tb_store.c,v 1.5 2015/02/07 13:19:15 doug Exp $ */
-/* ====================================================================
- * Copyright (c) 2003 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include "eng_int.h"
-/* If this symbol is defined then ENGINE_get_default_STORE(), the function that is
- * used by STORE to hook in implementation code and cache defaults (etc), will
- * display brief debugging summaries to stderr with the 'nid'. */
-/* #define ENGINE_STORE_DEBUG */
-static ENGINE_TABLE *store_table = NULL;
-static const int dummy_nid = 1;
-void
-ENGINE_unregister_STORE(ENGINE *e)
-{
-        engine_table_unregister(&store_table, e);
-}
-static void
-engine_unregister_all_STORE(void)
-{
-        engine_table_cleanup(&store_table);
-}
-int
-ENGINE_register_STORE(ENGINE *e)
-{
-        if (e->store_meth)
-                return engine_table_register(&store_table,
-                    engine_unregister_all_STORE, e, &dummy_nid, 1, 0);
-        return 1;
-}
-void
-ENGINE_register_all_STORE(void)
-{
-        ENGINE *e;
-        for (e = ENGINE_get_first(); e; e = ENGINE_get_next(e))
-                ENGINE_register_STORE(e);
-}
-/* Obtains an STORE implementation from an ENGINE functional reference */
-const STORE_METHOD *
-ENGINE_get_STORE(const ENGINE *e)
-{
-        return e->store_meth;
-}
-/* Sets an STORE implementation in an ENGINE structure */
-int
-ENGINE_set_STORE(ENGINE *e, const STORE_METHOD *store_meth)
-{
-        e->store_meth = store_meth;
-        return 1;
-}
diff --git a/src/lib/libcrypto/hidden/openssl/rand.h b/src/lib/libcrypto/hidden/openssl/rand.h
index d94a1bfd5c..978d10f70b 100644
--- a/src/lib/libcrypto/hidden/openssl/rand.h
+++ b/src/lib/libcrypto/hidden/openssl/rand.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: rand.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: rand.h,v 1.3 2023/07/28 09:53:55 tb Exp $ */
 /*
 * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
 *
@@ -27,7 +27,6 @@
 LCRYPTO_USED(RAND_set_rand_method);
 LCRYPTO_USED(RAND_get_rand_method);
-LCRYPTO_USED(RAND_set_rand_engine);
 LCRYPTO_USED(RAND_SSLeay);
 LCRYPTO_USED(ERR_load_RAND_strings);
diff --git a/src/lib/libcrypto/hidden/openssl/ts.h b/src/lib/libcrypto/hidden/openssl/ts.h
index 638f72f2f1..0acad21373 100644
--- a/src/lib/libcrypto/hidden/openssl/ts.h
+++ b/src/lib/libcrypto/hidden/openssl/ts.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.2 2023/07/07 19:37:54 beck Exp $ */
+/* $OpenBSD: ts.h,v 1.3 2023/07/28 09:53:55 tb Exp $ */
 /*
 * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
 *
@@ -201,8 +201,6 @@ LCRYPTO_USED(TS_CONF_load_certs);
 LCRYPTO_USED(TS_CONF_load_key);
 LCRYPTO_USED(TS_CONF_get_tsa_section);
 LCRYPTO_USED(TS_CONF_set_serial);
-LCRYPTO_USED(TS_CONF_set_crypto_device);
-LCRYPTO_USED(TS_CONF_set_default_engine);
 LCRYPTO_USED(TS_CONF_set_signer_cert);
 LCRYPTO_USED(TS_CONF_set_certs);
 LCRYPTO_USED(TS_CONF_set_signer_key);
diff --git a/src/lib/libcrypto/opensslfeatures.h b/src/lib/libcrypto/opensslfeatures.h
index 7b8d40e688..02d5228953 100644
--- a/src/lib/libcrypto/opensslfeatures.h
+++ b/src/lib/libcrypto/opensslfeatures.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: opensslfeatures.h,v 1.40 2023/07/28 09:46:36 tb Exp $ */
+/* $OpenBSD: opensslfeatures.h,v 1.41 2023/07/28 09:53:55 tb Exp $ */
 /*
 * Feature flags for LibreSSL... so you can actually tell when things
 * are enabled, rather than not being able to tell when things are
@@ -63,7 +63,7 @@
 /* #define OPENSSL_NO_EC */
 #define OPENSSL_NO_EC_NISTP_64_GCC_128
 #define OPENSSL_NO_EGD
-/* #define OPENSSL_NO_ENGINE */
+#define OPENSSL_NO_ENGINE
 /* #define OPENSSL_NO_ERR */
 /* #define OPENSSL_NO_FUZZ_AFL */
 /* #define OPENSSL_NO_FUZZ_LIBFUZZER */
diff --git a/src/lib/libcrypto/ts/ts.h b/src/lib/libcrypto/ts/ts.h
index 6021a309f7..0d5de6223c 100644
--- a/src/lib/libcrypto/ts/ts.h
+++ b/src/lib/libcrypto/ts/ts.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts.h,v 1.21 2023/04/25 17:52:54 tb Exp $ */
+/* $OpenBSD: ts.h,v 1.22 2023/07/28 09:53:55 tb Exp $ */
 /* Written by Zoltan Glozik (zglozik@opentsa.org) for the OpenSSL
 * project 2002, 2003, 2004.
 */
@@ -542,9 +542,11 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
 const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
 int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
    TS_RESP_CTX *ctx);
+#ifndef OPENSSL_NO_ENGINE
 int TS_CONF_set_crypto_device(CONF *conf, const char *section,
    const char *device);
 int TS_CONF_set_default_engine(const char *name);
+#endif
 int TS_CONF_set_signer_cert(CONF *conf, const char *section,
    const char *cert, TS_RESP_CTX *ctx);
 int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
diff --git a/src/lib/libssl/Symbols.list b/src/lib/libssl/Symbols.list
index 2b9ec25e14..9f261bb97a 100644
--- a/src/lib/libssl/Symbols.list
+++ b/src/lib/libssl/Symbols.list
@@ -95,7 +95,6 @@ SSL_CTX_set_cipher_list
 SSL_CTX_set_ciphersuites
 SSL_CTX_set_client_CA_list
 SSL_CTX_set_client_cert_cb
-SSL_CTX_set_client_cert_engine
 SSL_CTX_set_cookie_generate_cb
 SSL_CTX_set_cookie_verify_cb
 SSL_CTX_set_default_passwd_cb
diff --git a/src/lib/libssl/hidden/openssl/ssl.h b/src/lib/libssl/hidden/openssl/ssl.h
index acc99fe138..e4ec6d6251 100644
--- a/src/lib/libssl/hidden/openssl/ssl.h
+++ b/src/lib/libssl/hidden/openssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.3 2023/07/08 16:40:14 beck Exp $ */
+/* $OpenBSD: ssl.h,v 1.4 2023/07/28 09:53:55 tb Exp $ */
 /*
 * Copyright (c) 2023 Bob Beck <beck@openbsd.org>
 *
@@ -44,7 +44,6 @@ LSSL_USED(SSL_CTX_set_info_callback);
 LSSL_USED(SSL_CTX_get_info_callback);
 LSSL_USED(SSL_CTX_set_client_cert_cb);
 LSSL_USED(SSL_CTX_get_client_cert_cb);
-LSSL_USED(SSL_CTX_set_client_cert_engine);
 LSSL_USED(SSL_CTX_set_cookie_generate_cb);
 LSSL_USED(SSL_CTX_set_cookie_verify_cb);
 LSSL_USED(SSL_CTX_set_next_protos_advertised_cb);