41 files changed, 0 insertions, 6330 deletions

diff --git a/src/lib/libcrypto/crypto/Makefile b/src/lib/libcrypto/crypto/Makefile
deleted file mode 100644
index d662aecc24..0000000000
--- a/src/lib/libcrypto/crypto/Makefile
+++ /dev/null
@@ -1,430 +0,0 @@
-# $OpenBSD: Makefile,v 1.67 2015/10/19 16:32:37 beck Exp $
-
-LIB=    crypto
-
-SSL_SRC=        ${.CURDIR}/../../libssl/src
-LCRYPTO_SRC=    ${SSL_SRC}/crypto
-
-CFLAGS+= -Wall -Wundef -Werror
-
-.include <bsd.own.mk>           # for 'NOPIC' definition
-.if !defined(NOPIC)
-CFLAGS+= -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_FUNOPEN
-.endif
-
-.if ${MACHINE_ARCH} == "sparc"
-PICFLAG=-fPIC
-.endif
-
-CFLAGS+= -DLIBRESSL_INTERNAL
-CFLAGS+= -DTERMIOS
-# Hardware engines
-CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this?
-
-CFLAGS+= -I${SSL_SRC}
-CFLAGS+= -I${LCRYPTO_SRC}
-CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp
-
-# crypto/
-SRCS+= cryptlib.c malloc-wrapper.c mem_dbg.c cversion.c ex_data.c cpt_err.c
-SRCS+= o_time.c o_str.c o_init.c
-SRCS+= mem_clr.c
-
-# aes/
-SRCS+= aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c
-SRCS+= aes_ctr.c aes_ige.c aes_wrap.c
-
-# asn1/
-SRCS+= a_object.c a_bitstr.c a_time.c a_int.c a_octet.c
-SRCS+= a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c
-SRCS+= a_enum.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c
-SRCS+= x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c
-SRCS+= x_long.c x_name.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c
-SRCS+= x_nx509.c d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c
-SRCS+= t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c
-SRCS+= tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c
-SRCS+= tasn_prn.c ameth_lib.c
-SRCS+= f_int.c f_string.c n_pkey.c
-SRCS+= f_enum.c x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c
-SRCS+= asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c
-SRCS+= evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c
-SRCS+= a_set.c
-SRCS+= a_time_tm.c
-
-# bf/
-SRCS+= bf_skey.c bf_ecb.c bf_cfb64.c bf_ofb64.c
-
-# bio/
-SRCS+= bio_lib.c bio_cb.c bio_err.c
-SRCS+= bss_mem.c bss_null.c bss_fd.c
-SRCS+= bss_file.c bss_sock.c bss_conn.c
-SRCS+= bf_null.c bf_buff.c b_print.c b_dump.c
-SRCS+= b_posix.c b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c
-SRCS+= bss_dgram.c
-
-# bn/
-SRCS+= bn_add.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c bn_mod.c
-SRCS+= bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c
-SRCS+= bn_kron.c bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c
-SRCS+= bn_recp.c bn_mont.c bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c
-SRCS+= bn_depr.c bn_const.c bn_x931p.c
-
-# buffer/
-SRCS+= buffer.c buf_err.c buf_str.c
-
-# camellia/
-SRCS+= cmll_cfb.c cmll_ctr.c cmll_ecb.c cmll_ofb.c
-
-# cast/
-SRCS+= c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c
-
-# chacha/
-SRCS+= chacha.c
-
-# cmac/
-SRCS+= cmac.c cm_ameth.c cm_pmeth.c
-
-# cms/
-#SRCS+= cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c
-#SRCS+= cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c
-#SRCS+= cms_pwri.c
-
-# comp/
-SRCS+= comp_lib.c comp_err.c c_rle.c c_zlib.c
-
-# conf/
-SRCS+= conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c
-SRCS+= conf_mall.c conf_sap.c
-
-# des/
-SRCS+= cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c
-SRCS+= ecb3_enc.c ecb_enc.c  enc_read.c enc_writ.c
-SRCS+= fcrypt.c ofb64enc.c ofb_enc.c  pcbc_enc.c
-SRCS+= qud_cksm.c rand_key.c set_key.c xcbc_enc.c
-SRCS+= str2key.c  cfb64ede.c ofb64ede.c ede_cbcm_enc.c
-
-# dh/
-SRCS+= dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c dh_depr.c
-SRCS+= dh_ameth.c dh_pmeth.c dh_prn.c
-
-# dsa/
-SRCS+= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c
-SRCS+= dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c dsa_prn.c
-
-# dso/
-SRCS+= dso_dlfcn.c dso_err.c dso_lib.c dso_null.c
-SRCS+= dso_openssl.c
-
-# ec/
-SRCS+= ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c
-SRCS+= ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c
-SRCS+= ec2_smpl.c ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c
-SRCS+= ecp_nistp224.c ecp_nistp256.c ecp_nistp521.c ecp_nistputil.c
-SRCS+= ecp_oct.c ec2_oct.c ec_oct.c
-
-# ecdh/
-SRCS+= ech_lib.c ech_key.c ech_err.c
-
-# ecdsa/
-SRCS+= ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c ecs_err.c
-
-# engine/
-SRCS+= eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c
-SRCS+= eng_table.c eng_pkey.c eng_fat.c eng_all.c
-SRCS+= tb_rsa.c tb_dsa.c tb_ecdsa.c tb_dh.c tb_ecdh.c tb_rand.c tb_store.c
-SRCS+= tb_cipher.c tb_digest.c tb_pkmeth.c tb_asnmth.c
-SRCS+= eng_openssl.c eng_cnf.c eng_dyn.c
-# XXX unnecessary? handled in EVP now...
-# SRCS+= eng_aesni.c # local addition
-
-# err/
-SRCS+= err.c err_all.c err_prn.c
-
-# evp/
-SRCS+= encode.c digest.c evp_enc.c evp_key.c
-SRCS+= e_des.c e_bf.c e_idea.c e_des3.c e_camellia.c
-SRCS+= e_rc4.c e_aes.c names.c
-SRCS+= e_xcbc_d.c e_rc2.c e_cast.c
-SRCS+= m_null.c m_md4.c m_md5.c m_sha1.c m_wp.c
-SRCS+= m_dss.c m_dss1.c m_ripemd.c m_ecdsa.c
-SRCS+= p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c p_dec.c
-SRCS+= bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c
-SRCS+= c_all.c evp_lib.c
-SRCS+= evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
-SRCS+= e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c
-SRCS+= e_aes_cbc_hmac_sha1.c e_rc4_hmac_md5.c
-SRCS+= e_chacha.c evp_aead.c e_chacha20poly1305.c
-SRCS+= e_gost2814789.c m_gost2814789.c m_gostr341194.c m_streebog.c
-
-# gost/
-SRCS+= gost2814789.c gost89_keywrap.c gost89_params.c gost89imit_ameth.c
-SRCS+= gost89imit_pmeth.c gost_asn1.c gost_err.c gostr341001.c
-SRCS+= gostr341001_ameth.c gostr341001_key.c gostr341001_params.c
-SRCS+= gostr341001_pmeth.c gostr341194.c streebog.c
-
-# hmac/
-SRCS+= hmac.c hm_ameth.c hm_pmeth.c
-
-# idea/
-SRCS+= i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c
-
-# krb5/
-SRCS+= krb5_asn.c
-
-# lhash/
-SRCS+= lhash.c lh_stats.c
-
-# md4/
-SRCS+= md4_dgst.c md4_one.c
-
-# md5/
-SRCS+= md5_dgst.c md5_one.c
-
-# modes/
-SRCS+= cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c ccm128.c xts128.c
-
-# objects/
-SRCS+= o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c
-
-# ocsp/
-SRCS+= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c
-SRCS+= ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c
-
-# pem/
-SRCS+= pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-SRCS+= pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c
-
-# pkcs12/
-SRCS+= p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c p12_decr.c
-SRCS+= p12_init.c p12_key.c p12_kiss.c p12_mutl.c
-SRCS+= p12_utl.c p12_npas.c pk12err.c p12_p8d.c p12_p8e.c
-
-# pkcs7/
-SRCS+= pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c pk7_attr.c
-SRCS+= pk7_mime.c bio_pk7.c
-
-# poly1305/
-SRCS+= poly1305.c
-
-# rand/
-SRCS+= randfile.c rand_lib.c rand_err.c
-
-# rc2/
-SRCS+= rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c
-
-# ripemd/
-SRCS+= rmd_dgst.c rmd_one.c
-
-# rsa/
-SRCS+= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
-SRCS+= rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c
-SRCS+= rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c
-SRCS+= rsa_pmeth.c rsa_crpt.c
-
-# sha/
-SRCS+= sha1dgst.c sha1_one.c sha256.c sha512.c
-
-# stack/
-SRCS+= stack.c
-
-# ts/
-SRCS+= ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c ts_rsp_print.c
-SRCS+= ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c ts_conf.c
-SRCS+= ts_asn1.c
-
-# txt_db/
-SRCS+=txt_db.c
-
-# ui/
-SRCS+= ui_err.c ui_lib.c ui_openssl.c ui_util.c
-
-# whrlpool/
-SRCS+= wp_dgst.c
-
-# x509/
-SRCS+= x509_def.c x509_d2.c x509_r2x.c x509_cmp.c
-SRCS+= x509_obj.c x509_req.c x509spki.c x509_vfy.c
-SRCS+= x509_set.c x509cset.c x509rset.c x509_err.c
-SRCS+= x509name.c x509_v3.c x509_ext.c x509_att.c
-SRCS+= x509type.c x509_lu.c x_all.c x509_txt.c
-SRCS+= x509_trs.c by_file.c by_dir.c by_mem.c x509_vpm.c
-
-# x509v3/
-SRCS+= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
-SRCS+= v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c
-SRCS+= v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
-SRCS+= v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c
-SRCS+= pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
-
-.PATH:  ${.CURDIR}/arch/${MACHINE_CPU} \
-        ${LCRYPTO_SRC} \
-        ${LCRYPTO_SRC}/aes \
-        ${LCRYPTO_SRC}/asn1 \
-        ${LCRYPTO_SRC}/bf \
-        ${LCRYPTO_SRC}/bio \
-        ${LCRYPTO_SRC}/bn \
-        ${LCRYPTO_SRC}/bn/asm \
-        ${LCRYPTO_SRC}/buffer \
-        ${LCRYPTO_SRC}/camellia \
-        ${LCRYPTO_SRC}/cast \
-        ${LCRYPTO_SRC}/chacha \
-        ${LCRYPTO_SRC}/cmac \
-        ${LCRYPTO_SRC}/cms \
-        ${LCRYPTO_SRC}/comp \
-        ${LCRYPTO_SRC}/conf \
-        ${LCRYPTO_SRC}/des \
-        ${LCRYPTO_SRC}/dh \
-        ${LCRYPTO_SRC}/dsa \
-        ${LCRYPTO_SRC}/dso \
-        ${LCRYPTO_SRC}/ec \
-        ${LCRYPTO_SRC}/ecdh \
-        ${LCRYPTO_SRC}/ecdsa \
-        ${LCRYPTO_SRC}/engine \
-        ${LCRYPTO_SRC}/err \
-        ${LCRYPTO_SRC}/evp \
-        ${LCRYPTO_SRC}/gost \
-        ${LCRYPTO_SRC}/hmac \
-        ${LCRYPTO_SRC}/idea \
-        ${LCRYPTO_SRC}/krb5 \
-        ${LCRYPTO_SRC}/lhash \
-        ${LCRYPTO_SRC}/md4 \
-        ${LCRYPTO_SRC}/md5 \
-        ${LCRYPTO_SRC}/modes \
-        ${LCRYPTO_SRC}/objects \
-        ${LCRYPTO_SRC}/ocsp \
-        ${LCRYPTO_SRC}/pem \
-        ${LCRYPTO_SRC}/perlasm \
-        ${LCRYPTO_SRC}/pkcs12 \
-        ${LCRYPTO_SRC}/pkcs7 \
-        ${LCRYPTO_SRC}/poly1305 \
-        ${LCRYPTO_SRC}/rand \
-        ${LCRYPTO_SRC}/rc2 \
-        ${LCRYPTO_SRC}/rc4 \
-        ${LCRYPTO_SRC}/ripemd \
-        ${LCRYPTO_SRC}/rsa \
-        ${LCRYPTO_SRC}/sha \
-        ${LCRYPTO_SRC}/stack \
-        ${LCRYPTO_SRC}/threads \
-        ${LCRYPTO_SRC}/ts \
-        ${LCRYPTO_SRC}/txt_db \
-        ${LCRYPTO_SRC}/ui \
-        ${LCRYPTO_SRC}/whrlpool \
-        ${LCRYPTO_SRC}/x509 \
-        ${LCRYPTO_SRC}/x509v3
-
-HDRS=\
-        crypto/aes/aes.h \
-        crypto/asn1/asn1.h \
-        crypto/asn1/asn1_mac.h \
-        crypto/asn1/asn1t.h \
-        crypto/bf/blowfish.h \
-        crypto/bio/bio.h \
-        crypto/bn/bn.h \
-        crypto/buffer/buffer.h \
-        crypto/camellia/camellia.h \
-        crypto/cast/cast.h \
-        crypto/chacha/chacha.h \
-        crypto/cmac/cmac.h \
-        crypto/cms/cms.h \
-        crypto/comp/comp.h \
-        crypto/conf/conf.h \
-        crypto/conf/conf_api.h \
-        crypto/crypto.h \
-        crypto/des/des.h \
-        crypto/dh/dh.h \
-        crypto/dsa/dsa.h \
-        crypto/dso/dso.h \
-        crypto/ec/ec.h \
-        crypto/ecdh/ecdh.h \
-        crypto/ecdsa/ecdsa.h \
-        crypto/engine/engine.h \
-        crypto/err/err.h \
-        crypto/evp/evp.h \
-        crypto/gost/gost.h \
-        crypto/hmac/hmac.h \
-        crypto/idea/idea.h \
-        crypto/krb5/krb5_asn.h \
-        crypto/lhash/lhash.h \
-        crypto/md4/md4.h \
-        crypto/md5/md5.h \
-        crypto/modes/modes.h \
-        crypto/objects/objects.h \
-        crypto/ocsp/ocsp.h \
-        crypto/opensslfeatures.h \
-        crypto/opensslv.h \
-        crypto/ossl_typ.h \
-        crypto/pem/pem.h \
-        crypto/pem/pem2.h \
-        crypto/pkcs12/pkcs12.h \
-        crypto/pkcs7/pkcs7.h \
-        crypto/poly1305/poly1305.h \
-        crypto/rand/rand.h \
-        crypto/rc2/rc2.h \
-        crypto/rc4/rc4.h \
-        crypto/ripemd/ripemd.h \
-        crypto/rsa/rsa.h \
-        crypto/sha/sha.h \
-        crypto/stack/safestack.h \
-        crypto/stack/stack.h \
-        crypto/ts/ts.h \
-        crypto/txt_db/txt_db.h \
-        crypto/ui/ui.h \
-        crypto/ui/ui_compat.h \
-        crypto/whrlpool/whrlpool.h \
-        crypto/x509/x509.h \
-        crypto/x509/x509_vfy.h \
-        crypto/x509v3/x509v3.h
-
-HDRS_GEN=\
-        ${.CURDIR}/arch/${MACHINE_CPU}/opensslconf.h \
-        ${.OBJDIR}/obj_mac.h
-
-includes: obj_mac.h
-        @test -d ${DESTDIR}/usr/include/openssl || \
-            mkdir ${DESTDIR}/usr/include/openssl
-        @cd ${SSL_SRC}; \
-        for i in $(HDRS); do \
-            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
-            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
-                ${DESTDIR}/usr/include/openssl"; \
-            echo $$j; \
-            eval "$$j"; \
-        done; \
-        for i in $(HDRS_GEN); do \
-            j="cmp -s $$i ${DESTDIR}/usr/include/openssl/`basename $$i` || \
-            ${INSTALL} ${INSTALL_COPY} -o ${BINOWN} -g ${BINGRP} -m 444 $$i\
-                ${DESTDIR}/usr/include/openssl"; \
-            echo $$j; \
-            eval "$$j"; \
-        done;
-
-# generated
-CFLAGS+= -I${.OBJDIR}
-
-GENERATED=obj_mac.h obj_dat.h
-CLEANFILES=${GENERATED} obj_mac.num.tmp
-SSL_OBJECTS=${SSL_SRC}/crypto/objects
-
-obj_mac.h: ${SSL_OBJECTS}/objects.h ${SSL_OBJECTS}/obj_mac.num ${SSL_OBJECTS}/objects.txt
-        cat ${SSL_OBJECTS}/obj_mac.num > obj_mac.num.tmp
-        /usr/bin/perl ${SSL_OBJECTS}/objects.pl ${SSL_OBJECTS}/objects.txt obj_mac.num.tmp obj_mac.h
-
-obj_dat.h: obj_mac.h
-        /usr/bin/perl ${SSL_OBJECTS}/obj_dat.pl obj_mac.h obj_dat.h
-
-.if exists (${.CURDIR}/arch/${MACHINE_CPU}/Makefile.inc)
-.include "${.CURDIR}/arch/${MACHINE_CPU}/Makefile.inc"
-.else
-CFLAGS+=-DOPENSSL_NO_ASM
-SRCS+= aes_core.c aes_cbc.c
-SRCS+= bf_enc.c
-SRCS+= bn_asm.c
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-SRCS+= des_enc.c fcrypt_b.c
-SRCS+= rc4_enc.c rc4_skey.c
-SRCS+= wp_block.c
-.endif
-
-all beforedepend: ${GENERATED}
-
-.include <bsd.lib.mk>
diff --git a/src/lib/libcrypto/crypto/arc4random_aix.h b/src/lib/libcrypto/crypto/arc4random_aix.h
deleted file mode 100644
index 3142a1f278..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_aix.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*      $OpenBSD: arc4random_aix.h,v 1.2 2016/06/30 12:19:51 bcook Exp $        */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_freebsd.h b/src/lib/libcrypto/crypto/arc4random_freebsd.h
deleted file mode 100644
index 3faa5e4d31..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_freebsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*      $OpenBSD: arc4random_freebsd.h,v 1.4 2016/06/30 12:19:51 bcook Exp $    */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-/*
- * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
- * a program does not link to -lthr. Callbacks registered with pthread_atfork()
- * appear to fail silently. So, it is not always possible to detect a PID
- * wraparound.
- */
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_hpux.h b/src/lib/libcrypto/crypto/arc4random_hpux.h
deleted file mode 100644
index 2a3fe8c611..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_hpux.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*      $OpenBSD: arc4random_hpux.h,v 1.3 2016/06/30 12:19:51 bcook Exp $       */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_linux.h b/src/lib/libcrypto/crypto/arc4random_linux.h
deleted file mode 100644
index 879f966391..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_linux.h
+++ /dev/null
@@ -1,88 +0,0 @@
-/*      $OpenBSD: arc4random_linux.h,v 1.11 2016/06/30 12:19:51 bcook Exp $     */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#ifdef __GLIBC__
-extern void *__dso_handle;
-extern int __register_atfork(void (*)(void), void(*)(void), void (*)(void), void *);
-#define _ARC4_ATFORK(f) __register_atfork(NULL, NULL, (f), __dso_handle)
-#else
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-#endif
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        /* XXX unusual calls to clone() can bypass checks */
-        if (_rs_pid == 0 || _rs_pid == 1 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_netbsd.h b/src/lib/libcrypto/crypto/arc4random_netbsd.h
deleted file mode 100644
index 611997d54d..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_netbsd.h
+++ /dev/null
@@ -1,87 +0,0 @@
-/*      $OpenBSD: arc4random_netbsd.h,v 1.3 2016/06/30 12:19:51 bcook Exp $     */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-/*
- * Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10) if
- * a program does not link to -lthr. Callbacks registered with pthread_atfork()
- * appear to fail silently. So, it is not always possible to detect a PID
- * wraparound.
- */
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_osx.h b/src/lib/libcrypto/crypto/arc4random_osx.h
deleted file mode 100644
index 818ae6bbf4..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_osx.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*      $OpenBSD: arc4random_osx.h,v 1.11 2016/06/30 12:19:51 bcook Exp $       */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_solaris.h b/src/lib/libcrypto/crypto/arc4random_solaris.h
deleted file mode 100644
index b1084cda08..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_solaris.h
+++ /dev/null
@@ -1,81 +0,0 @@
-/*      $OpenBSD: arc4random_solaris.h,v 1.10 2016/06/30 12:19:51 bcook Exp $   */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <sys/mman.h>
-
-#include <pthread.h>
-#include <signal.h>
-
-static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
-#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
-#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
-
-#define _ARC4_ATFORK(f) pthread_atfork(NULL, NULL, (f))
-
-static inline void
-_getentropy_fail(void)
-{
-        raise(SIGKILL);
-}
-
-static volatile sig_atomic_t _rs_forked;
-
-static inline void
-_rs_forkhandler(void)
-{
-        _rs_forked = 1;
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-        static pid_t _rs_pid = 0;
-        pid_t pid = getpid();
-
-        if (_rs_pid == 0 || _rs_pid != pid || _rs_forked) {
-                _rs_pid = pid;
-                _rs_forked = 0;
-                if (rs)
-                        memset(rs, 0, sizeof(*rs));
-        }
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        if ((*rsp = mmap(NULL, sizeof(**rsp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED)
-                return (-1);
-
-        if ((*rsxp = mmap(NULL, sizeof(**rsxp), PROT_READ|PROT_WRITE,
-            MAP_ANON|MAP_PRIVATE, -1, 0)) == MAP_FAILED) {
-                munmap(*rsp, sizeof(**rsp));
-                *rsp = NULL;
-                return (-1);
-        }
-
-        _ARC4_ATFORK(_rs_forkhandler);
-        return (0);
-}
diff --git a/src/lib/libcrypto/crypto/arc4random_win.h b/src/lib/libcrypto/crypto/arc4random_win.h
deleted file mode 100644
index deec8a1efe..0000000000
--- a/src/lib/libcrypto/crypto/arc4random_win.h
+++ /dev/null
@@ -1,78 +0,0 @@
-/*      $OpenBSD: arc4random_win.h,v 1.6 2016/06/30 12:17:29 bcook Exp $        */
-
-/*
- * Copyright (c) 1996, David Mazieres <dm@uun.org>
- * Copyright (c) 2008, Damien Miller <djm@openbsd.org>
- * Copyright (c) 2013, Markus Friedl <markus@openbsd.org>
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Stub functions for portability.
- */
-
-#include <windows.h>
-
-static volatile HANDLE arc4random_mtx = NULL;
-
-/*
- * Initialize the mutex on the first lock attempt. On collision, each thread
- * will attempt to allocate a mutex and compare-and-swap it into place as the
- * global mutex. On failure to swap in the global mutex, the mutex is closed.
- */
-#define _ARC4_LOCK() { \
-        if (!arc4random_mtx) { \
-                HANDLE p = CreateMutex(NULL, FALSE, NULL); \
-                if (InterlockedCompareExchangePointer((void **)&arc4random_mtx, (void *)p, NULL)) \
-                        CloseHandle(p); \
-        } \
-        WaitForSingleObject(arc4random_mtx, INFINITE); \
-} \
-
-#define _ARC4_UNLOCK() ReleaseMutex(arc4random_mtx)
-
-static inline void
-_getentropy_fail(void)
-{
-        TerminateProcess(GetCurrentProcess(), 0);
-}
-
-static inline int
-_rs_allocate(struct _rs **rsp, struct _rsx **rsxp)
-{
-        *rsp = VirtualAlloc(NULL, sizeof(**rsp),
-            MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
-        if (*rsp == NULL)
-                return (-1);
-
-        *rsxp = VirtualAlloc(NULL, sizeof(**rsxp),
-            MEM_RESERVE | MEM_COMMIT, PAGE_READWRITE);
-        if (*rsxp == NULL) {
-                VirtualFree(*rsp, 0, MEM_RELEASE);
-                *rsp = NULL;
-                return (-1);
-        }
-        return (0);
-}
-
-static inline void
-_rs_forkhandler(void)
-{
-}
-
-static inline void
-_rs_forkdetect(void)
-{
-}
diff --git a/src/lib/libcrypto/crypto/arch/alpha/Makefile.inc b/src/lib/libcrypto/crypto/arch/alpha/Makefile.inc
deleted file mode 100644
index 82fa9fc1f4..0000000000
--- a/src/lib/libcrypto/crypto/arch/alpha/Makefile.inc
+++ /dev/null
@@ -1,43 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.3 2014/11/17 20:31:21 miod Exp $
-
-# alpha-specific libcrypto build rules
-
-# aes
-SRCS+= aes_core.c aes_cbc.c 
-# bf
-SRCS+= bf_enc.c
-# bn
-SRCS+= bn_asm.c
-SSLASM+= bn alpha-mont
-CFLAGS+= -DOPENSSL_BN_ASM_MONT
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# modes
-CFLAGS+= -DGHASH_ASM
-SSLASM+= modes ghash-alpha
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# sha
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha1-alpha
-# whrlpool
-SRCS+= wp_block.c
-
-.for dir f in ${SSLASM}
-SRCS+=  ${f}.S
-GENERATED+=${f}.S
-${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/${dir}/asm/${f}.pl > ${.TARGET}
-.endfor
-
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=  alphacpuid.S
-GENERATED+=alphacpuid.S
-alphacpuid.S: ${LCRYPTO_SRC}/alphacpuid.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/alphacpuid.pl > ${.TARGET}
diff --git a/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h b/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
deleted file mode 100644
index a74c6df644..0000000000
--- a/src/lib/libcrypto/crypto/arch/alpha/opensslconf.h
+++ /dev/null
@@ -1,155 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#define DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/amd64/Makefile.inc b/src/lib/libcrypto/crypto/arch/amd64/Makefile.inc
deleted file mode 100644
index 081ed3c252..0000000000
--- a/src/lib/libcrypto/crypto/arch/amd64/Makefile.inc
+++ /dev/null
@@ -1,75 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.5 2015/09/11 14:48:06 miod Exp $
-
-# amd64-specific libcrypto build rules
-
-# aes
-CFLAGS+= -DAES_ASM
-SSLASM+= aes aes-x86_64
-CFLAGS+= -DBSAES_ASM
-SSLASM+= aes bsaes-x86_64
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86_64
-SSLASM+= aes aesni-x86_64
-SSLASM+= aes aesni-sha1-x86_64
-# bf
-SRCS+= bf_enc.c
-# bn
-CFLAGS+= -DOPENSSL_IA32_SSE2
-CFLAGS+= -DRSA_ASM
-SSLASM+= bn modexp512-x86_64
-CFLAGS+= -DOPENSSL_BN_ASM_MONT
-SSLASM+= bn x86_64-mont
-CFLAGS+= -DOPENSSL_BN_ASM_MONT5
-SSLASM+= bn x86_64-mont5
-CFLAGS+= -DOPENSSL_BN_ASM_GF2m
-SSLASM+= bn x86_64-gf2m
-# camellia
-SRCS+=  cmll_misc.c
-SSLASM+= camellia cmll-x86_64
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# md5
-CFLAGS+= -DMD5_ASM
-SSLASM+= md5 md5-x86_64
-# modes
-CFLAGS+= -DGHASH_ASM
-SSLASM+= modes ghash-x86_64
-# rc4
-CFLAGS+= -DRC4_MD5_ASM
-SSLASM+= rc4 rc4-x86_64
-SSLASM+= rc4 rc4-md5-x86_64
-# ripemd
-# sha
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha1-x86_64
-CFLAGS+= -DSHA256_ASM
-SRCS+= sha256-x86_64.S
-GENERATED+= sha256-x86_64.S
-sha256-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl
-        cd ${LCRYPTO_SRC}/sha/asm ; \
-                /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET}
-CFLAGS+= -DSHA512_ASM
-SRCS+= sha512-x86_64.S
-GENERATED+= sha512-x86_64.S
-sha512-x86_64.S: ${LCRYPTO_SRC}/sha/asm/sha512-x86_64.pl
-        cd ${LCRYPTO_SRC}/sha/asm ; \
-                /usr/bin/perl ./sha512-x86_64.pl ${.OBJDIR}/${.TARGET}
-# whrlpool
-CFLAGS+= -DWHIRLPOOL_ASM
-SSLASM+= whrlpool wp-x86_64
-
-.for dir f in ${SSLASM}
-SRCS+=  ${f}.S
-GENERATED+=${f}.S
-${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl
-        (cd ${LCRYPTO_SRC}/${dir} ; \
-                /usr/bin/perl ./asm/${f}.pl openbsd) > ${.TARGET}
-.endfor
-
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=  x86_64cpuid.S x86_64-gcc.c
-GENERATED+=x86_64cpuid.S
-
-x86_64cpuid.S: ${LCRYPTO_SRC}/x86_64cpuid.pl
-        (cd ${LCRYPTO_SRC}/${dir} ; \
-                /usr/bin/perl ./x86_64cpuid.pl) > ${.TARGET}
diff --git a/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h b/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
deleted file mode 100644
index cbd5d53ca4..0000000000
--- a/src/lib/libcrypto/crypto/arch/amd64/opensslconf.h
+++ /dev/null
@@ -1,152 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/arm/Makefile.inc b/src/lib/libcrypto/crypto/arch/arm/Makefile.inc
deleted file mode 100644
index 22145a79cc..0000000000
--- a/src/lib/libcrypto/crypto/arch/arm/Makefile.inc
+++ /dev/null
@@ -1,47 +0,0 @@
-# $oPenBSD: Makefile.inc,v 1.2 2014/05/02 18:21:39 miod Exp $
-
-# arm-specific libcrypto build rules
-
-# aes
-SRCS+= aes_cbc.c 
-CFLAGS+= -DAES_ASM
-SSLASM+= aes aes-armv4
-# bf
-SRCS+= bf_enc.c
-# bn
-SRCS+= bn_asm.c
-CFLAGS+= -DOPENSSL_BN_ASM_MONT
-SSLASM+= bn armv4-mont
-CFLAGS+= -DOPENSSL_BN_ASM_GF2m
-SSLASM+= bn armv4-gf2m
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# modes
-CFLAGS+= -DGHASH_ASM
-SSLASM+= modes ghash-armv4
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# sha
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha1-armv4-large
-CFLAGS+= -DSHA256_ASM
-SSLASM+= sha sha256-armv4
-CFLAGS+= -DSHA512_ASM
-SSLASM+= sha sha512-armv4
-# whrlpool
-SRCS+= wp_block.c
-
-.for dir f in ${SSLASM}
-SRCS+=  ${f}.S
-GENERATED+=${f}.S
-${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/${dir}/asm/${f}.pl void ${.TARGET} > ${.TARGET}
-.endfor
-
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=  armv4cpuid.S armcap.c
diff --git a/src/lib/libcrypto/crypto/arch/arm/opensslconf.h b/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/arm/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/hppa/Makefile.inc b/src/lib/libcrypto/crypto/arch/hppa/Makefile.inc
deleted file mode 100644
index 0e18de2074..0000000000
--- a/src/lib/libcrypto/crypto/arch/hppa/Makefile.inc
+++ /dev/null
@@ -1,51 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.9 2015/03/18 05:26:10 miod Exp $
-
-# hppa-specific libcrypto build rules
-
-# aes
-SRCS+= aes_core.c aes_cbc.c 
-CFLAGS+= -DAES_ASM
-SSLASM+= aes aes-parisc aes-parisc
-# bf
-SRCS+= bf_enc.c
-# bn
-SRCS+= bn_asm.c
-SSLASM+= bn parisc-mont parisc-mont
-CFLAGS+= -DOPENSSL_BN_ASM_MONT -DBN_DIV2W
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# modes
-CFLAGS+= -DGHASH_ASM
-SSLASM+= modes ghash-parisc ghash-parisc
-# rc4
-.if 0   # about 35% slower than C code
-SSLASM+= rc4 rc4-parisc rc4-parisc
-.else
-SRCS+= rc4_enc.c rc4_skey.c
-.endif
-## rc5
-#SRCS+= rc5_enc.c 
-# sha
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha1-parisc sha1-parisc
-CFLAGS+= -DSHA256_ASM
-SSLASM+= sha sha512-parisc sha256-parisc
-# whrlpool
-SRCS+= wp_block.c
-
-.for dir src dst in ${SSLASM}
-SRCS+=  ${dst}.S
-GENERATED+=${dst}.S
-${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/${dir}/asm/${src}.pl 32 ${.TARGET} > ${.TARGET}
-.endfor
-
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=  pariscid.S
-GENERATED+=pariscid.S
-pariscid.S: ${LCRYPTO_SRC}/pariscid.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/pariscid.pl 32 > ${.TARGET}
diff --git a/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h b/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/hppa/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/i386/Makefile.inc b/src/lib/libcrypto/crypto/arch/i386/Makefile.inc
deleted file mode 100644
index f4e1f36b1c..0000000000
--- a/src/lib/libcrypto/crypto/arch/i386/Makefile.inc
+++ /dev/null
@@ -1,66 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.4 2014/11/17 20:31:22 miod Exp $
-
-# i386-specific libcrypto build rules
-
-# aes
-CFLAGS+= -DAES_ASM
-SSLASM+= aes aes-586
-CFLAGS+= -DVPAES_ASM
-SSLASM+= aes vpaes-x86
-SSLASM+= aes aesni-x86
-# bf
-SRCS+= bf_cbc.c 
-SSLASM+= bf bf-586
-# bn
-CFLAGS+= -DOPENSSL_IA32_SSE2
-CFLAGS+= -DOPENSSL_BN_ASM_PART_WORDS
-SSLASM+= bn bn-586
-SSLASM+= bn co-586
-CFLAGS+= -DOPENSSL_BN_ASM_MONT
-SSLASM+= bn x86-mont
-CFLAGS+= -DOPENSSL_BN_ASM_GF2m
-SSLASM+= bn x86-gf2m
-# camellia
-SSLASM+= camellia cmll-x86
-# des
-SRCS+= fcrypt_b.c
-SSLASM+= des des-586
-# md5
-CFLAGS+= -DMD5_ASM
-SSLASM+= md5 md5-586
-# modes
-CFLAGS+= -DGHASH_ASM
-SSLASM+= modes ghash-x86
-# rc4
-SSLASM+= rc4 rc4-586
-# ripemd
-CFLAGS+= -DRMD160_ASM
-SSLASM+= ripemd rmd-586
-# sha
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha1-586
-CFLAGS+= -DSHA256_ASM
-SSLASM+= sha sha256-586
-CFLAGS+= -DSHA512_ASM
-SSLASM+= sha sha512-586
-# whrlpool
-SRCS+= wp_block.c
-CFLAGS+= -DWHIRLPOOL_ASM
-SSLASM+= whrlpool wp-mmx
-
-.for dir f in ${SSLASM}
-SRCS+=  ${f}.S
-GENERATED+=${f}.S
-${f}.S: ${LCRYPTO_SRC}/${dir}/asm/${f}.pl ${LCRYPTO_SRC}/perlasm/x86gas.pl
-        /usr/bin/perl -I${LCRYPTO_SRC}/perlasm -I${LCRYPTO_SRC}/${dir}/asm \
-                ${LCRYPTO_SRC}/${dir}/asm/${f}.pl \
-                    openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET}
-.endfor
-
-CFLAGS+= -DOPENSSL_CPUID_OBJ
-SRCS+=  x86cpuid.S
-GENERATED+=x86cpuid.S
-
-x86cpuid.S: ${LCRYPTO_SRC}/x86cpuid.pl ${LCRYPTO_SRC}/perlasm/x86gas.pl
-        /usr/bin/perl -I${LCRYPTO_SRC}/perlasm ${LCRYPTO_SRC}/x86cpuid.pl \
-                openbsd-elf ${CFLAGS} 386 ${PICFLAG} > ${.TARGET}
diff --git a/src/lib/libcrypto/crypto/arch/i386/opensslconf.h b/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
deleted file mode 100644
index 37137ff102..0000000000
--- a/src/lib/libcrypto/crypto/arch/i386/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned long
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#define DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h b/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/m88k/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/mips64/Makefile.inc b/src/lib/libcrypto/crypto/arch/mips64/Makefile.inc
deleted file mode 100644
index b6fc8971e7..0000000000
--- a/src/lib/libcrypto/crypto/arch/mips64/Makefile.inc
+++ /dev/null
@@ -1,44 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.4 2014/12/07 15:45:44 miod Exp $
-
-# mips64-specific libcrypto build rules
-
-# aes
-SRCS+= aes_cbc.c 
-CFLAGS+= -DAES_ASM
-SSLASM+= aes aes-mips aes-mips
-# bf
-SRCS+= bf_enc.c
-# bn
-.if ${MACHINE} == "sgi" # because of R4000 support
-SRCS+= bn_asm.c
-.else
-SSLASM+= bn mips bn-mips
-CFLAGS+= -DBN_DIV3W
-.endif
-SSLASM+= bn mips-mont mips-mont
-CFLAGS+= -DOPENSSL_BN_ASM_MONT
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# sha
-SSLASM+= sha sha1-mips sha1-mips
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha512-mips sha256-mips
-CFLAGS+= -DSHA256_ASM
-SSLASM+= sha sha512-mips sha512-mips
-CFLAGS+= -DSHA512_ASM
-# whrlpool
-SRCS+= wp_block.c
-
-.for dir src dst in ${SSLASM}
-SRCS+=  ${dst}.S
-GENERATED+=${dst}.S
-${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl
-        /usr/bin/env CC=${CC} /usr/bin/perl \
-                ${LCRYPTO_SRC}/${dir}/asm/${src}.pl 64 ${.TARGET} > ${.TARGET}
-.endfor
diff --git a/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h b/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
deleted file mode 100644
index ef7a679d94..0000000000
--- a/src/lib/libcrypto/crypto/arch/mips64/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#define DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/powerpc/Makefile.inc b/src/lib/libcrypto/crypto/arch/powerpc/Makefile.inc
deleted file mode 100644
index 46790859b5..0000000000
--- a/src/lib/libcrypto/crypto/arch/powerpc/Makefile.inc
+++ /dev/null
@@ -1,46 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.2 2014/11/17 20:31:22 miod Exp $
-
-# powerpc-specific libcrypto build rules
-
-# aes
-SRCS+= aes_core.c aes_cbc.c 
-# slower than C code
-#CFLAGS+= -DAES_ASM
-#SSLASM+= aes aes-ppc aes-ppc
-# bf
-SRCS+= bf_enc.c
-# bn
-SSLASM+= bn ppc bn-ppc
-SSLASM+= bn ppc-mont ppc-mont           # bn_mul_mont_int
-#SSLASM+= bn ppc64-mont ppc64-mont      # bn_mul_mont_fpu64
-CFLAGS+= -DOPENSSL_BN_ASM_MONT
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# sha
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha1-ppc sha1-ppc
-CFLAGS+= -DSHA256_ASM
-SSLASM+= sha sha512-ppc sha256-ppc
-# whrlpool
-SRCS+= wp_block.c
-
-.for dir src dst in ${SSLASM}
-SRCS+=  ${dst}.S
-GENERATED+=${dst}.S
-${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/${dir}/asm/${src}.pl linux32 ${.TARGET} > ${.TARGET}
-.endfor
-
-#CFLAGS+= -DOPENSSL_CPUID_OBJ           # it's commented out in ppccap.c
-SRCS+=  ppccpuid.S ppccap.c
-GENERATED+=ppccpuid.S
-ppccpuid.S: ${LCRYPTO_SRC}/ppccpuid.pl
-        /usr/bin/perl \
-                ${LCRYPTO_SRC}/ppccpuid.pl linux32 > ${.TARGET}
diff --git a/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h b/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/powerpc/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/sh/opensslconf.h b/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/sh/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/sparc/Makefile.inc b/src/lib/libcrypto/crypto/arch/sparc/Makefile.inc
deleted file mode 100644
index ba9954c85e..0000000000
--- a/src/lib/libcrypto/crypto/arch/sparc/Makefile.inc
+++ /dev/null
@@ -1,29 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.2 2014/11/17 20:31:22 miod Exp $
-
-# sparc-specific libcrypto build rules
-
-# aes
-SRCS+= aes_core.c aes_cbc.c 
-# bf
-SRCS+= bf_enc.c
-# bn
-.if 0 # uses `umul' and `udiv' instructions
-SRCS+= sparcv8.S
-.PATH: ${LCRYPTO_SRC}/bn/asm
-.else
-SRCS+= bn_asm.c
-.endif
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= fcrypt_b.c
-SRCS+= des_enc-sparc.S
-GENERATED+= des_enc-sparc.S
-des_enc-sparc.S: ${LCRYPTO_SRC}/des/asm/des_enc.m4
-        m4 ${LCRYPTO_SRC}/des/asm/des_enc.m4 > ${.TARGET}
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# whrlpool
-SRCS+= wp_block.c
diff --git a/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h b/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/sparc/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/sparc64/Makefile.inc b/src/lib/libcrypto/crypto/arch/sparc64/Makefile.inc
deleted file mode 100644
index e3f217dbb8..0000000000
--- a/src/lib/libcrypto/crypto/arch/sparc64/Makefile.inc
+++ /dev/null
@@ -1,48 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.2 2014/11/17 20:31:22 miod Exp $
-
-# sparc64-specific libcrypto build rules
-
-# aes
-SRCS+= aes_core.c aes_cbc.c 
-CFLAGS+= -DAES_ASM
-SSLASM+= aes aes-sparcv9 aes-sparcv9
-# bf
-SRCS+= bf_enc.c
-# bn
-SRCS+= bn_asm.c
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= fcrypt_b.c
-SRCS+= des_enc-sparc.S
-GENERATED+= des_enc-sparc.S
-des_enc-sparc.S: ${LCRYPTO_SRC}/des/asm/des_enc.m4
-        m4 ${LCRYPTO_SRC}/des/asm/des_enc.m4 > ${.TARGET}
-# modes
-CFLAGS+= -DGHASH_ASM
-SSLASM+= modes ghash-sparcv9 ghash-sparcv9
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# sha
-SSLASM+= sha sha1-sparcv9 sha1-sparcv9
-CFLAGS+= -DSHA1_ASM
-SSLASM+= sha sha512-sparcv9 sha256-sparcv9
-CFLAGS+= -DSHA256_ASM
-SSLASM+= sha sha512-sparcv9 sha512-sparcv9
-CFLAGS+= -DSHA512_ASM
-# whrlpool
-SRCS+= wp_block.c
-
-.for dir src dst in ${SSLASM}
-SRCS+=  ${dst}.S
-GENERATED+=${dst}.S
-${dst}.S: ${LCRYPTO_SRC}/${dir}/asm/${src}.pl
-        /usr/bin/env CC=${CC} /usr/bin/perl \
-                ${LCRYPTO_SRC}/${dir}/asm/${src}.pl ${.TARGET} -m64 > ${.TARGET}
-.endfor
-
-# not until Montgomery code enabled
-#CFLAGS+= -DOPENSSL_CPUID_OBJ
-#SRCS+= sparccpuid.S sparcv9cap.c
diff --git a/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h b/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
deleted file mode 100644
index ef7a679d94..0000000000
--- a/src/lib/libcrypto/crypto/arch/sparc64/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#define RC4_CHUNK unsigned long
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#undef BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#define SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#undef THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#undef RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#define BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#define DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#define DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#undef DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/arch/vax/Makefile.inc b/src/lib/libcrypto/crypto/arch/vax/Makefile.inc
deleted file mode 100644
index f7764cf44a..0000000000
--- a/src/lib/libcrypto/crypto/arch/vax/Makefile.inc
+++ /dev/null
@@ -1,21 +0,0 @@
-# $OpenBSD: Makefile.inc,v 1.2 2014/11/17 20:31:22 miod Exp $
-
-# vax-specific libcrypto build rules
-
-# aes
-CFLAGS+=-DOPENSSL_NO_ASM
-SRCS+= aes_core.c aes_cbc.c 
-# bf
-SRCS+= bf_enc.c
-# bn
-SRCS+= bn_asm_vax.S
-# camellia
-SRCS+= camellia.c cmll_cbc.c cmll_misc.c
-# des
-SRCS+= des_enc.c fcrypt_b.c
-# rc4
-SRCS+= rc4_enc.c rc4_skey.c
-## rc5
-#SRCS+= rc5_enc.c 
-# whrlpool
-SRCS+= wp_block.c
diff --git a/src/lib/libcrypto/crypto/arch/vax/bn_asm_vax.S b/src/lib/libcrypto/crypto/arch/vax/bn_asm_vax.S
deleted file mode 100644
index 2969ae9dac..0000000000
--- a/src/lib/libcrypto/crypto/arch/vax/bn_asm_vax.S
+++ /dev/null
@@ -1,436 +0,0 @@
-#       $OpenBSD: bn_asm_vax.S,v 1.1 2014/04/11 22:51:53 miod Exp $
-#       $NetBSD: bn_asm_vax.S,v 1.1 2003/11/03 10:22:28 ragge Exp $
-
-#include <machine/asm.h>
-
-# w.j.m. 15-jan-1999
-#
-# it's magic ...
-#
-# ULONG bn_mul_add_words(ULONG r[],ULONG a[],int n,ULONG w) {
-#       ULONG c = 0;
-#       int i;
-#       for(i = 0; i < n; i++) <c,r[i]> := r[i] + c + a[i] * w ;
-#       return c;
-# }
-
-ENTRY(bn_mul_add_words,R6)
-        movl    4(%ap),%r2              # *r
-        movl    8(%ap),%r3              # *a
-        movl    12(%ap),%r4             # n
-        movl    16(%ap),%r5             # w
-        clrl    %r6                     # return value ("carry")
-
-0:      emul    %r5,(%r3),(%r2),%r0     # w * a[0] + r[0] -> r0
-
-        # fixup for "negative" r[]
-        tstl    (%r2)
-        bgeq    1f
-        incl    %r1                     # add 1 to highword
-
-1:      # add saved carry to result
-        addl2   %r6,%r0
-        adwc    $0,%r1
-
-        # combined fixup for "negative" w, a[]
-        tstl    %r5             # if w is negative...
-        bgeq    1f
-        addl2   (%r3),%r1       # ...add a[0] again to highword
-1:      tstl    (%r3)           # if a[0] is negative...
-        bgeq    1f
-        addl2   %r5,%r1         # ...add w again to highword
-1:
-        movl    %r0,(%r2)+      # save low word in dest & advance *r
-        addl2   $4,%r3          # advance *a
-        movl    %r1,%r6         # high word in r6 for return value
-
-        sobgtr  %r4,0b          # loop?
-
-        movl    %r6,%r0
-        ret
-
-#       .title  vax_bn_mul_words  unsigned multiply & add, 32*32+32=>64
-#;
-#; w.j.m. 15-jan-1999
-#;
-#; it's magic ...
-#;
-#; ULONG bn_mul_words(ULONG r[],ULONG a[],int n,ULONG w) {
-#;      ULONG c = 0;
-#;      int i;
-#;      for(i = 0; i < num; i++) <c,r[i]> := a[i] * w + c ;
-#;      return(c);
-#; }
-#
-
-ENTRY(bn_mul_words,R6)
-        movl    4(%ap),%r2              # *r
-        movl    8(%ap),%r3              # *a
-        movl    12(%ap),%r4             # n
-        movl    16(%ap),%r5             # w
-        clrl    %r6                     # carry
-
-0:      emul    %r5,(%r3),%r6,%r0       # w * a[0] + carry -> r0
-
-        # fixup for "negative" carry
-        tstl    %r6
-        bgeq    1f
-        incl    %r1
-
-1:      # combined fixup for "negative" w, a[]
-        tstl    %r5
-        bgeq    1f
-        addl2   (%r3),%r1
-1:      tstl    (%r3)
-        bgeq    1f
-        addl2   %r5,%r1
-
-1:      movl    %r0,(%r2)+
-        addl2   $4,%r3
-        movl    %r1,%r6
-
-        sobgtr  %r4,0b
-
-        movl    %r6,%r0
-        ret
-
-
-
-#       .title  vax_bn_sqr_words  unsigned square, 32*32=>64
-#;
-#; w.j.m. 15-jan-1999
-#;
-#; it's magic ...
-#;
-#; void bn_sqr_words(ULONG r[],ULONG a[],int n) {
-#;      int i;
-#;      for(i = 0; i < n; i++) <r[2*i+1],r[2*i]> := a[i] * a[i] ;
-#; }
-#
-
-ENTRY(bn_sqr_words,0)
-        movl    4(%ap),%r2              # r
-        movl    8(%ap),%r3              # a
-        movl    12(%ap),%r4             # n
-
-0:      movl    (%r3)+,%r5              # r5 = a[] & advance
-
-        emul    %r5,%r5,$0,%r0          # a[0] * a[0] + 0 -> r0
-
-        # fixup for "negative" a[]
-        tstl    %r5
-        bgeq    1f
-        addl2   %r5,%r1
-        addl2   %r5,%r1
-
-1:      movq    %r0,(%r2)+              # store 64-bit result
-
-        sobgtr  %r4,0b                  # loop
-
-        ret
-
-
-#       .title  vax_bn_div_words  unsigned divide
-#;
-#; Richard Levitte 20-Nov-2000
-#;
-#; ULONG bn_div_words(ULONG h, ULONG l, ULONG d)
-#; {
-#;      return ((ULONG)((((ULLONG)h)<<32)|l) / (ULLONG)d);
-#; }
-#;
-#; Using EDIV would be very easy, if it didn't do signed calculations.
-#; Any time any of the input numbers are signed, there are problems,
-#; usually with integer overflow, at which point it returns useless
-#; data (the quotient gets the value of l, and the remainder becomes 0).
-#;
-#; If it was just for the dividend, it would be very easy, just divide
-#; it by 2 (unsigned), do the division, multiply the resulting quotient
-#; and remainder by 2, add the bit that was dropped when dividing by 2
-#; to the remainder, and do some adjustment so the remainder doesn't
-#; end up larger than the divisor.  For some cases when the divisor is
-#; negative (from EDIV's point of view, i.e. when the highest bit is set),
-#; dividing the dividend by 2 isn't enough, and since some operations
-#; might generate integer overflows even when the dividend is divided by
-#; 4 (when the high part of the shifted down dividend ends up being exactly
-#; half of the divisor, the result is the quotient 0x80000000, which is
-#; negative...) it needs to be divided by 8.  Furthermore, the divisor needs
-#; to be divided by 2 (unsigned) as well, to avoid more problems with the sign.
-#; In this case, a little extra fiddling with the remainder is required.
-#;
-#; So, the simplest way to handle this is always to divide the dividend
-#; by 8, and to divide the divisor by 2 if it's highest bit is set.
-#; After EDIV has been used, the quotient gets multiplied by 8 if the
-#; original divisor was positive, otherwise 4.  The remainder, oddly
-#; enough, is *always* multiplied by 8.
-#; NOTE: in the case mentioned above, where the high part of the shifted
-#; down dividend ends up being exactly half the shifted down divisor, we
-#; end up with a 33 bit quotient.  That's no problem however, it usually
-#; means we have ended up with a too large remainder as well, and the
-#; problem is fixed by the last part of the algorithm (next paragraph).
-#;
-#; The routine ends with comparing the resulting remainder with the
-#; original divisor and if the remainder is larger, subtract the
-#; original divisor from it, and increase the quotient by 1.  This is
-#; done until the remainder is smaller than the divisor.
-#;
-#; The complete algorithm looks like this:
-#;
-#; d'    = d
-#; l'    = l & 7
-#; [h,l] = [h,l] >> 3
-#; [q,r] = floor([h,l] / d)     # This is the EDIV operation
-#; if (q < 0) q = -q            # I doubt this is necessary any more
-#;
-#; r'    = r >> 29
-#; if (d' >= 0)
-#;   q'  = q >> 29
-#;   q   = q << 3
-#; else
-#;   q'  = q >> 30
-#;   q   = q << 2
-#; r     = (r << 3) + l'
-#;
-#; if (d' < 0)
-#;   {
-#;     [r',r] = [r',r] - q
-#;     while ([r',r] < 0)
-#;       {
-#;         [r',r] = [r',r] + d
-#;         [q',q] = [q',q] - 1
-#;       }
-#;   }
-#;
-#; while ([r',r] >= d')
-#;   {
-#;     [r',r] = [r',r] - d'
-#;     [q',q] = [q',q] + 1
-#;   }
-#;
-#; return q
-#
-#;r2 = l, q
-#;r3 = h, r
-#;r4 = d
-#;r5 = l'
-#;r6 = r'
-#;r7 = d'
-#;r8 = q'
-#
-
-ENTRY(bn_div_words,R6|R7|R8)
-        movl    4(%ap),%r3              # h
-        movl    8(%ap),%r2              # l
-        movl    12(%ap),%r4             # d
-
-        bicl3   $-8,%r2,%r5             # l' = l & 7
-        bicl3   $7,%r2,%r2
-
-        bicl3   $-8,%r3,%r6
-        bicl3   $7,%r3,%r3
-
-        addl2   %r6,%r2
-
-        rotl    $-3,%r2,%r2             # l = l >> 3
-        rotl    $-3,%r3,%r3             # h = h >> 3
-
-        movl    %r4,%r7                 # d' = d
-
-        clrl    %r6                     # r' = 0
-        clrl    %r8                     # q' = 0
-
-        tstl    %r4
-        beql    0f                      # Uh-oh, the divisor is 0...
-        bgtr    1f
-        rotl    $-1,%r4,%r4     # If d is negative, shift it right.
-        bicl2   $0x80000000,%r4 # Since d is then a large number, the
-                                # lowest bit is insignificant
-                                # (contradict that, and I'll fix the problem!)
-1:
-        ediv    %r4,%r2,%r2,%r3         # Do the actual division
-
-        tstl    %r2
-        bgeq    1f
-        mnegl   %r2,%r2         # if q < 0, negate it
-1:
-        tstl    %r7
-        blss    1f
-        rotl    $3,%r2,%r2      #   q = q << 3
-        bicl3   $-8,%r2,%r8     #   q' gets the high bits from q
-        bicl3   $7,%r2,%r2
-        brb     2f
-
-1:                              # else
-        rotl    $2,%r2,%r2      #   q = q << 2
-        bicl3   $-4,%r2,%r8     #   q' gets the high bits from q
-        bicl3   $3,%r2,%r2
-2:
-        rotl    $3,%r3,%r3      # r = r << 3
-        bicl3   $-8,%r3,%r6     # r' gets the high bits from r
-        bicl3   $7,%r3,%r3
-        addl2   %r5,%r3         # r = r + l'
-
-        tstl    %r7
-        bgeq    5f
-        bitl    $1,%r7
-        beql    5f              # if d' < 0 && d' & 1
-        subl2   %r2,%r3         #   [r',r] = [r',r] - [q',q]
-        sbwc    %r8,%r6
-3:
-        bgeq    5f              #   while r < 0
-        decl    %r2             #     [q',q] = [q',q] - 1
-        sbwc    $0,%r8
-        addl2   %r7,%r3         #     [r',r] = [r',r] + d'
-        adwc    $0,%r6
-        brb     3b
-
-# The return points are placed in the middle to keep a short distance from
-# all the branch points
-1:
-#       movl    %r3,%r1
-        movl    %r2,%r0
-        ret
-0:
-        movl    $-1,%r0
-        ret
-5:
-        tstl    %r6
-        bneq    6f
-        cmpl    %r3,%r7
-        blssu   1b              # while [r',r] >= d'
-6:
-        subl2   %r7,%r3         #   [r',r] = [r',r] - d'
-        sbwc    $0,%r6
-        incl    %r2             #   [q',q] = [q',q] + 1
-        adwc    $0,%r8
-        brb     5b
-
-
-
-#       .title  vax_bn_add_words  unsigned add of two arrays
-#;
-#; Richard Levitte 20-Nov-2000
-#;
-#; ULONG bn_add_words(ULONG r[], ULONG a[], ULONG b[], int n) {
-#;      ULONG c = 0;
-#;      int i;
-#;      for (i = 0; i < n; i++) <c,r[i]> = a[i] + b[i] + c;
-#;      return(c);
-#; }
-#
-
-ENTRY(bn_add_words,0)
-        movl    4(%ap),%r2      # r
-        movl    8(%ap),%r3      # a
-        movl    12(%ap),%r4     # b
-        movl    16(%ap),%r5     # n
-        clrl    %r0
-
-        tstl    %r5
-        bleq    1f
-
-0:      movl    (%r3)+,%r1      # carry untouched
-        adwc    (%r4)+,%r1      # carry used and touched
-        movl    %r1,(%r2)+      # carry untouched
-        sobgtr  %r5,0b          # carry untouched
-
-        adwc    $0,%r0
-1:      ret
-
-#;
-#; Richard Levitte 20-Nov-2000
-#;
-#; ULONG bn_sub_words(ULONG r[], ULONG a[], ULONG b[], int n) {
-#;      ULONG c = 0;
-#;      int i;
-#;      for (i = 0; i < n; i++) <c,r[i]> = a[i] - b[i] - c;
-#;      return(c);
-#; }
-#
-
-ENTRY(bn_sub_words,R6)
-        movl    4(%ap),%r2      # r
-        movl    8(%ap),%r3      # a
-        movl    12(%ap),%r4     # b
-        movl    16(%ap),%r5     # n
-        clrl    %r0
-
-        tstl    %r5
-        bleq    1f
-
-0:      movl    (%r3)+,%r6      # carry untouched
-        sbwc    (%r4)+,%r6      # carry used and touched
-        movl    %r6,(%r2)+      # carry untouched
-        sobgtr  %r5,0b          # carry untouched
-
-1:      adwc    $0,%r0
-        ret
-
-#
-#       Ragge 20-Sep-2003
-#
-#       Multiply a vector of 4/8 longword by another.
-#       Uses two loops and 16/64 emuls.
-#
-
-ENTRY(bn_mul_comba4,R6|R7|R8|R9)
-        movl    $4,%r9          # 4*4
-        brb     6f
-
-ENTRY(bn_mul_comba8,R6|R7|R8|R9)
-        movl    $8,%r9          # 8*8
-
-6:      movl    8(%ap),%r3      # a[]
-        movl    12(%ap),%r7     # b[]
-        brb     5f
-
-ENTRY(bn_sqr_comba4,R6|R7|R8|R9)
-        movl    $4,%r9          # 4*4
-        brb 0f
-
-ENTRY(bn_sqr_comba8,R6|R7|R8|R9)
-        movl    $8,%r9          # 8*8
-
-0:
-        movl    8(%ap),%r3      # a[]
-        movl    %r3,%r7         # a[]
-
-5:      movl    4(%ap),%r5      # r[]
-        movl    %r9,%r8
-
-        clrq    (%r5)           # clear destinatino, for add.
-        clrq    8(%r5)
-        clrq    16(%r5)         # these only needed for comba8
-        clrq    24(%r5)
-
-2:      clrl    %r4             # carry
-        movl    %r9,%r6         # inner loop count
-        movl    (%r7)+,%r2      # value to multiply with
-
-1:      emul    %r2,(%r3),%r4,%r0
-        tstl    %r4
-        bgeq    3f
-        incl    %r1
-3:      tstl    %r2
-        bgeq    3f
-        addl2   (%r3),%r1
-3:      tstl    (%r3)
-        bgeq    3f
-        addl2   %r2,%r1
-
-3:      addl2   %r0,(%r5)+      # add to destination
-        adwc    $0,%r1          # remember carry
-        movl    %r1,%r4         # add carry in next emul
-        addl2   $4,%r3
-        sobgtr  %r6,1b
-
-        movl    %r4,(%r5)       # save highest add result
-
-        ashl    $2,%r9,%r4
-        subl2   %r4,%r3
-        subl2   $4,%r4
-        subl2   %r4,%r5
-
-        sobgtr  %r8,2b
-
-        ret
diff --git a/src/lib/libcrypto/crypto/arch/vax/opensslconf.h b/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
deleted file mode 100644
index e3795ce73a..0000000000
--- a/src/lib/libcrypto/crypto/arch/vax/opensslconf.h
+++ /dev/null
@@ -1,157 +0,0 @@
-#include <openssl/opensslfeatures.h>
-/* crypto/opensslconf.h.in */
-
-/* Generate 80386 code? */
-#undef I386_ONLY
-
-#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
-#define OPENSSLDIR "/etc/ssl"
-#endif
-
-#undef OPENSSL_UNISTD
-#define OPENSSL_UNISTD <unistd.h>
-
-#undef OPENSSL_EXPORT_VAR_AS_FUNCTION
-
-#if defined(HEADER_IDEA_H) && !defined(IDEA_INT)
-#define IDEA_INT unsigned int
-#endif
-
-#if defined(HEADER_MD2_H) && !defined(MD2_INT)
-#define MD2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC2_H) && !defined(RC2_INT)
-/* I need to put in a mod for the alpha - eay */
-#define RC2_INT unsigned int
-#endif
-
-#if defined(HEADER_RC4_H)
-#if !defined(RC4_INT)
-/* using int types make the structure larger but make the code faster
- * on most boxes I have tested - up to %20 faster. */
-/*
- * I don't know what does "most" mean, but declaring "int" is a must on:
- * - Intel P6 because partial register stalls are very expensive;
- * - elder Alpha because it lacks byte load/store instructions;
- */
-#define RC4_INT unsigned int
-#endif
-#if !defined(RC4_CHUNK)
-/*
- * This enables code handling data aligned at natural CPU word
- * boundary. See crypto/rc4/rc4_enc.c for further details.
- */
-#undef RC4_CHUNK
-#endif
-#endif
-
-#if (defined(HEADER_NEW_DES_H) || defined(HEADER_DES_H)) && !defined(DES_LONG)
-/* If this is set to 'unsigned int' on a DEC Alpha, this gives about a
- * %20 speed up (longs are 8 bytes, int's are 4). */
-#ifndef DES_LONG
-#define DES_LONG unsigned int
-#endif
-#endif
-
-#if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H)
-#define CONFIG_HEADER_BN_H
-#define BN_LLONG
-
-/* Should we define BN_DIV2W here? */
-
-/* Only one for the following should be defined */
-/* The prime number generation stuff may not work when
- * EIGHT_BIT but I don't care since I've only used this mode
- * for debuging the bignum libraries */
-#undef SIXTY_FOUR_BIT_LONG
-#undef SIXTY_FOUR_BIT
-#define THIRTY_TWO_BIT
-#undef SIXTEEN_BIT
-#undef EIGHT_BIT
-#endif
-
-#if defined(HEADER_RC4_LOCL_H) && !defined(CONFIG_HEADER_RC4_LOCL_H)
-#define CONFIG_HEADER_RC4_LOCL_H
-/* if this is defined data[i] is used instead of *data, this is a %20
- * speedup on x86 */
-#define RC4_INDEX
-#endif
-
-#if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H)
-#define CONFIG_HEADER_BF_LOCL_H
-#undef BF_PTR
-#endif /* HEADER_BF_LOCL_H */
-
-#if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H)
-#define CONFIG_HEADER_DES_LOCL_H
-#ifndef DES_DEFAULT_OPTIONS
-/* the following is tweaked from a config script, that is why it is a
- * protected undef/define */
-#ifndef DES_PTR
-#undef DES_PTR
-#endif
-
-/* This helps C compiler generate the correct code for multiple functional
- * units.  It reduces register dependancies at the expense of 2 more
- * registers */
-#ifndef DES_RISC1
-#undef DES_RISC1
-#endif
-
-#ifndef DES_RISC2
-#undef DES_RISC2
-#endif
-
-#if defined(DES_RISC1) && defined(DES_RISC2)
-YOU SHOULD NOT HAVE BOTH DES_RISC1 AND DES_RISC2 DEFINED!!!!!
-#endif
-
-/* Unroll the inner loop, this sometimes helps, sometimes hinders.
- * Very mucy CPU dependant */
-#ifndef DES_UNROLL
-#define DES_UNROLL
-#endif
-
-/* These default values were supplied by
- * Peter Gutman <pgut001@cs.auckland.ac.nz>
- * They are only used if nothing else has been defined */
-#if !defined(DES_PTR) && !defined(DES_RISC1) && !defined(DES_RISC2) && !defined(DES_UNROLL)
-/* Special defines which change the way the code is built depending on the
-   CPU and OS.  For SGI machines you can use _MIPS_SZLONG (32 or 64) to find
-   even newer MIPS CPU's, but at the moment one size fits all for
-   optimization options.  Older Sparc's work better with only UNROLL, but
-   there's no way to tell at compile time what it is you're running on */
- 
-#if defined( sun )              /* Newer Sparc's */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#elif defined( __ultrix )       /* Older MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined( __osf1__ )       /* Alpha */
-#  define DES_PTR
-#  define DES_RISC2
-#elif defined ( _AIX )          /* RS6000 */
-  /* Unknown */
-#elif defined( __hpux )         /* HP-PA */
-  /* Unknown */
-#elif defined( __aux )          /* 68K */
-  /* Unknown */
-#elif defined( __dgux )         /* 88K (but P6 in latest boxes) */
-#  define DES_UNROLL
-#elif defined( __sgi )          /* Newer MIPS */
-#  define DES_PTR
-#  define DES_RISC2
-#  define DES_UNROLL
-#elif defined(i386) || defined(__i386__)        /* x86 boxes, should be gcc */
-#  define DES_PTR
-#  define DES_RISC1
-#  define DES_UNROLL
-#endif /* Systems-specific speed defines */
-#endif
-
-#endif /* DES_DEFAULT_OPTIONS */
-#endif /* HEADER_DES_LOCL_H */
diff --git a/src/lib/libcrypto/crypto/getentropy_aix.c b/src/lib/libcrypto/crypto/getentropy_aix.c
deleted file mode 100644
index ff48ae7071..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_aix.c
+++ /dev/null
@@ -1,425 +0,0 @@
-/*      $OpenBSD: getentropy_aix.c,v 1.5 2016/08/07 03:27:21 tb Exp $   */
-
-/*
- * Copyright (c) 2015 Michael Felt <aixtools@gmail.com>
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-/*
- * -lperfstat is needed for the psuedo entropy data
- */
-
-#include <sys/mman.h>
-#include <sys/procfs.h>
-#include <sys/protosw.h>
-#include <sys/resource.h>
-#include <sys/socket.h>
-#include <sys/stat.h>
-#include <sys/statvfs.h>
-#include <sys/timers.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <stdio.h>
-#include <string.h>
-#include <termios.h>
-
-#include <openssl/sha.h>
-
-#include <libperfstat.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
-        do { \
-                if ((a)) \
-                        HD(errno); \
-                else \
-                        HD(b); \
-        } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int     getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len, const char *path,
-    int devfscheck);
-static int getentropy_fallback(void *buf, size_t len);
-
-int
-getentropy(void *buf, size_t len)
-{
-        int ret = -1;
-
-        if (len > 256) {
-                errno = EIO;
-                return (-1);
-        }
-
-        /*
-         * Try to get entropy with /dev/urandom
-         */
-        ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
-        if (ret != -1)
-                return (ret);
-
-        /*
-         * Entropy collection via /dev/urandom has failed.
-         *
-         * No other API exists for collecting entropy, and we have
-         * no failsafe way to get it on AIX that is not sensitive
-         * to resource exhaustion.
-         *
-         * We have very few options:
-         *     - Even syslog_r is unsafe to call at this low level, so
-         *       there is no way to alert the user or program.
-         *     - Cannot call abort() because some systems have unsafe
-         *       corefiles.
-         *     - Could raise(SIGKILL) resulting in silent program termination.
-         *     - Return EIO, to hint that arc4random's stir function
-         *       should raise(SIGKILL)
-         *     - Do the best under the circumstances....
-         *
-         * This code path exists to bring light to the issue that AIX
-         * does not provide a failsafe API for entropy collection.
-         *
-         * We hope this demonstrates that AIX should consider
-         * providing a new failsafe API which works in a chroot or
-         * when file descriptors are exhausted.
-         */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
-        raise(SIGKILL);
-#endif
-        ret = getentropy_fallback(buf, len);
-        if (ret != -1)
-                return (ret);
-
-        errno = EIO;
-        return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
-        char    any_set = 0;
-        size_t  i;
-
-        for (i = 0; i < len; ++i)
-                any_set |= buf[i];
-        if (any_set == 0)
-                return (-1);
-        return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
-{
-        struct stat st;
-        size_t i;
-        int fd, flags;
-        int save_errno = errno;
-
-start:
-
-        flags = O_RDONLY;
-#ifdef O_NOFOLLOW
-        flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
-        flags |= O_CLOEXEC;
-#endif
-        fd = open(path, flags, 0);
-        if (fd == -1) {
-                if (errno == EINTR)
-                        goto start;
-                goto nodevrandom;
-        }
-#ifndef O_CLOEXEC
-        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
-        /* Lightly verify that the device node looks sane */
-        if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
-                close(fd);
-                goto nodevrandom;
-        }
-        for (i = 0; i < len; ) {
-                size_t wanted = len - i;
-                ssize_t ret = read(fd, (char *)buf + i, wanted);
-
-                if (ret == -1) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                continue;
-                        close(fd);
-                        goto nodevrandom;
-                }
-                i += ret;
-        }
-        close(fd);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-nodevrandom:
-        errno = EIO;
-        return (-1);
-}
-
-static const int cl[] = {
-        CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
-        CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
-        CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
-        CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
-        CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
-        CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
-        CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
-        CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
-        uint8_t results[SHA512_DIGEST_LENGTH];
-        int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
-        static int cnt;
-        struct timespec ts;
-        struct timeval tv;
-        perfstat_cpu_total_t cpustats;
-#ifdef _AIX61
-        perfstat_cpu_total_wpar_t cpustats_wpar;
-#endif
-        perfstat_partition_total_t lparstats;
-        perfstat_disk_total_t diskinfo;
-        perfstat_netinterface_total_t netinfo;
-        struct rusage ru;
-        sigset_t sigset;
-        struct stat st;
-        SHA512_CTX ctx;
-        static pid_t lastpid;
-        pid_t pid;
-        size_t i, ii, m;
-        char *p;
-
-        pid = getpid();
-        if (lastpid == pid) {
-                faster = 1;
-                repeat = 2;
-        } else {
-                faster = 0;
-                lastpid = pid;
-                repeat = REPEAT;
-        }
-        for (i = 0; i < len; ) {
-                int j;
-                SHA512_Init(&ctx);
-                for (j = 0; j < repeat; j++) {
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HX(perfstat_cpu_total(NULL, &cpustats,
-                            sizeof(cpustats), 1) == -1, cpustats);
-
-#ifdef _AIX61
-                        HX(perfstat_cpu_total_wpar(NULL, &cpustats_wpar,
-                            sizeof(cpustats_wpar), 1) == -1, cpustats_wpar);
-#endif
-
-                        HX(perfstat_partition_total(NULL, &lparstats,
-                            sizeof(lparstats), 1) == -1, lparstats);
-
-                        HX(perfstat_disk_total(NULL, &diskinfo,
-                            sizeof(diskinfo), 1) == -1, diskinfo);
-
-                        HX(perfstat_netinterface_total(NULL, &netinfo,
-                            sizeof(netinfo), 1) == -1, netinfo);
-
-                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
-                                HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
-                        HX((pid = getpid()) == -1, pid);
-                        HX((pid = getsid(pid)) == -1, pid);
-                        HX((pid = getppid()) == -1, pid);
-                        HX((pid = getpgid(0)) == -1, pid);
-                        HX((e = getpriority(0, 0)) == -1, e);
-
-                        if (!faster) {
-                                ts.tv_sec = 0;
-                                ts.tv_nsec = 1;
-                                (void) nanosleep(&ts, NULL);
-                        }
-
-                        HX(sigpending(&sigset) == -1, sigset);
-                        HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
-                            sigset);
-
-                        HF(getentropy); /* an addr in this library */
-                        HF(printf);             /* an addr in libc */
-                        p = (char *)&p;
-                        HD(p);          /* an addr on stack */
-                        p = (char *)&errno;
-                        HD(p);          /* the addr of errno */
-
-                        if (i == 0) {
-                                struct sockaddr_storage ss;
-                                struct statvfs stvfs;
-                                struct termios tios;
-                                socklen_t ssl;
-                                off_t off;
-
-                                /*
-                                 * Prime-sized mappings encourage fragmentation;
-                                 * thus exposing some address entropy.
-                                 */
-                                struct mm {
-                                        size_t  npg;
-                                        void    *p;
-                                } mm[] =         {
-                                        { 17, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 11, MAP_FAILED }, { 2, MAP_FAILED },
-                                        { 5, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 7, MAP_FAILED }, { 1, MAP_FAILED },
-                                        { 57, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 131, MAP_FAILED }, { 1, MAP_FAILED },
-                                };
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        HX(mm[m].p = mmap(NULL,
-                                            mm[m].npg * pgs,
-                                            PROT_READ|PROT_WRITE,
-                                            MAP_PRIVATE|MAP_ANON, -1,
-                                            (off_t)0), mm[m].p);
-                                        if (mm[m].p != MAP_FAILED) {
-                                                size_t mo;
-
-                                                /* Touch some memory... */
-                                                p = mm[m].p;
-                                                mo = cnt %
-                                                    (mm[m].npg * pgs - 1);
-                                                p[mo] = 1;
-                                                cnt += (int)((long)(mm[m].p)
-                                                    / pgs);
-                                        }
-
-                                        /* Check cnts and times... */
-                                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
-                                            ii++) {
-                                                HX((e = clock_gettime(cl[ii],
-                                                    &ts)) == -1, ts);
-                                                if (e != -1)
-                                                        cnt += (int)ts.tv_nsec;
-                                        }
-
-                                        HX((e = getrusage(RUSAGE_SELF,
-                                            &ru)) == -1, ru);
-                                        if (e != -1) {
-                                                cnt += (int)ru.ru_utime.tv_sec;
-                                                cnt += (int)ru.ru_utime.tv_usec;
-                                        }
-                                }
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        if (mm[m].p != MAP_FAILED)
-                                                munmap(mm[m].p, mm[m].npg * pgs);
-                                        mm[m].p = MAP_FAILED;
-                                }
-
-                                HX(stat(".", &st) == -1, st);
-                                HX(statvfs(".", &stvfs) == -1, stvfs);
-
-                                HX(stat("/", &st) == -1, st);
-                                HX(statvfs("/", &stvfs) == -1, stvfs);
-
-                                HX((e = fstat(0, &st)) == -1, st);
-                                if (e == -1) {
-                                        if (S_ISREG(st.st_mode) ||
-                                            S_ISFIFO(st.st_mode) ||
-                                            S_ISSOCK(st.st_mode)) {
-                                                HX(fstatvfs(0, &stvfs) == -1,
-                                                    stvfs);
-                                                HX((off = lseek(0, (off_t)0,
-                                                    SEEK_CUR)) < 0, off);
-                                        }
-                                        if (S_ISCHR(st.st_mode)) {
-                                                HX(tcgetattr(0, &tios) == -1,
-                                                    tios);
-                                        } else if (S_ISSOCK(st.st_mode)) {
-                                                memset(&ss, 0, sizeof ss);
-                                                ssl = sizeof(ss);
-                                                HX(getpeername(0,
-                                                    (void *)&ss, &ssl) == -1,
-                                                    ss);
-                                        }
-                                }
-
-                                HX((e = getrusage(RUSAGE_CHILDREN,
-                                    &ru)) == -1, ru);
-                                if (e != -1) {
-                                        cnt += (int)ru.ru_utime.tv_sec;
-                                        cnt += (int)ru.ru_utime.tv_usec;
-                                }
-                        } else {
-                                /* Subsequent hashes absorb previous result */
-                                HD(results);
-                        }
-
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HD(cnt);
-                }
-                SHA512_Final(results, &ctx);
-                memcpy((char *)buf + i, results, min(sizeof(results), len - i));
-                i += min(sizeof(results), len - i);
-        }
-        explicit_bzero(&ctx, sizeof ctx);
-        explicit_bzero(results, sizeof results);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_freebsd.c b/src/lib/libcrypto/crypto/getentropy_freebsd.c
deleted file mode 100644
index 30cd68e97d..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_freebsd.c
+++ /dev/null
@@ -1,62 +0,0 @@
-/*      $OpenBSD: getentropy_freebsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $       */
-
-/*
- * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
- * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/sysctl.h>
-
-#include <errno.h>
-#include <stddef.h>
-
-/*
- * Derived from lib/libc/gen/arc4random.c from FreeBSD.
- */
-static size_t
-getentropy_sysctl(u_char *buf, size_t size)
-{
-        int mib[2];
-        size_t len, done;
-
-        mib[0] = CTL_KERN;
-        mib[1] = KERN_ARND;
-        done = 0;
-
-        do {
-                len = size;
-                if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
-                        return (done);
-                done += len;
-                buf += len;
-                size -= len;
-        } while (size > 0);
-
-        return (done);
-}
-
-int
-getentropy(void *buf, size_t len)
-{
-        if (len <= 256 && getentropy_sysctl(buf, len) == len)
-                return (0);
-
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_hpux.c b/src/lib/libcrypto/crypto/getentropy_hpux.c
deleted file mode 100644
index 3ae6a6aa42..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_hpux.c
+++ /dev/null
@@ -1,419 +0,0 @@
-/*      $OpenBSD: getentropy_hpux.c,v 1.5 2016/08/07 03:27:21 tb Exp $  */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-#include <openssl/sha.h>
-
-#include <sys/vfs.h>
-
-#include <sys/pstat.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
-        do { \
-                if ((a)) \
-                        HD(errno); \
-                else \
-                        HD(b); \
-        } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int     getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len, const char *path,
-    int devfscheck);
-static int getentropy_fallback(void *buf, size_t len);
-
-int
-getentropy(void *buf, size_t len)
-{
-        int ret = -1;
-
-        if (len > 256) {
-                errno = EIO;
-                return (-1);
-        }
-
-        /*
-         * Try to get entropy with /dev/urandom
-         */
-        ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
-        if (ret != -1)
-                return (ret);
-
-        /*
-         * Entropy collection via /dev/urandom has failed.
-         *
-         * No other API exists for collecting entropy, and we have
-         * no failsafe way to get it on hpux that is not sensitive
-         * to resource exhaustion.
-         *
-         * We have very few options:
-         *     - Even syslog_r is unsafe to call at this low level, so
-         *       there is no way to alert the user or program.
-         *     - Cannot call abort() because some systems have unsafe
-         *       corefiles.
-         *     - Could raise(SIGKILL) resulting in silent program termination.
-         *     - Return EIO, to hint that arc4random's stir function
-         *       should raise(SIGKILL)
-         *     - Do the best under the circumstances....
-         *
-         * This code path exists to bring light to the issue that hpux 
-         * does not provide a failsafe API for entropy collection.
-         *
-         * We hope this demonstrates that hpux should consider
-         * providing a new failsafe API which works in a chroot or
-         * when file descriptors are exhausted.
-         */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
-        raise(SIGKILL);
-#endif
-        ret = getentropy_fallback(buf, len);
-        if (ret != -1)
-                return (ret);
-
-        errno = EIO;
-        return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
-        char    any_set = 0;
-        size_t  i;
-
-        for (i = 0; i < len; ++i)
-                any_set |= buf[i];
-        if (any_set == 0)
-                return (-1);
-        return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
-{
-        struct stat st;
-        size_t i;
-        int fd, flags;
-        int save_errno = errno;
-
-start:
-
-        flags = O_RDONLY;
-#ifdef O_NOFOLLOW
-        flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
-        flags |= O_CLOEXEC;
-#endif
-        fd = open(path, flags, 0);
-        if (fd == -1) {
-                if (errno == EINTR)
-                        goto start;
-                goto nodevrandom;
-        }
-#ifndef O_CLOEXEC
-        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
-        /* Lightly verify that the device node looks sane */
-        if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
-                close(fd);
-                goto nodevrandom;
-        }
-        for (i = 0; i < len; ) {
-                size_t wanted = len - i;
-                ssize_t ret = read(fd, (char *)buf + i, wanted);
-
-                if (ret == -1) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                continue;
-                        close(fd);
-                        goto nodevrandom;
-                }
-                i += ret;
-        }
-        close(fd);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-nodevrandom:
-        errno = EIO;
-        return (-1);
-}
-
-static const int cl[] = {
-        CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
-        CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
-        CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
-        CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
-        CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
-        CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
-        CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
-        CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
-        uint8_t results[SHA512_DIGEST_LENGTH];
-        int save_errno = errno, e, pgs = sysconf(_SC_PAGESIZE), faster = 0, repeat;
-        static int cnt;
-        struct timespec ts;
-        struct timeval tv;
-        struct pst_vminfo pvi;
-        struct pst_vm_status pvs;
-        struct pst_dynamic pdy;
-        struct rusage ru;
-        sigset_t sigset;
-        struct stat st;
-        SHA512_CTX ctx;
-        static pid_t lastpid;
-        pid_t pid;
-        size_t i, ii, m;
-        char *p;
-
-        pid = getpid();
-        if (lastpid == pid) {
-                faster = 1;
-                repeat = 2;
-        } else {
-                faster = 0;
-                lastpid = pid;
-                repeat = REPEAT;
-        }
-        for (i = 0; i < len; ) {
-                int j;
-                SHA512_Init(&ctx);
-                for (j = 0; j < repeat; j++) {
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HX(pstat_getvminfo(&pvi, sizeof(pvi), 1, 0) != 1, pvi);
-                        HX(pstat_getprocvm(&pvs, sizeof(pvs), 0, 0) != 1, pvs);
-
-                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
-                                HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
-                        HX((pid = getpid()) == -1, pid);
-                        HX((pid = getsid(pid)) == -1, pid);
-                        HX((pid = getppid()) == -1, pid);
-                        HX((pid = getpgid(0)) == -1, pid);
-                        HX((e = getpriority(0, 0)) == -1, e);
-
-                        if(pstat_getdynamic(&pdy, sizeof(pdy), 1, 0) != 1) {
-                                HD(errno);
-                        } else {
-                                HD(pdy.psd_avg_1_min);
-                                HD(pdy.psd_avg_5_min);
-                                HD(pdy.psd_avg_15_min);
-                        }
-
-                        if (!faster) {
-                                ts.tv_sec = 0;
-                                ts.tv_nsec = 1;
-                                (void) nanosleep(&ts, NULL);
-                        }
-
-                        HX(sigpending(&sigset) == -1, sigset);
-                        HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
-                            sigset);
-
-                        HF(getentropy); /* an addr in this library */
-                        HF(printf);             /* an addr in libc */
-                        p = (char *)&p;
-                        HD(p);          /* an addr on stack */
-                        p = (char *)&errno;
-                        HD(p);          /* the addr of errno */
-
-                        if (i == 0) {
-                                struct sockaddr_storage ss;
-                                struct statvfs stvfs;
-                                struct termios tios;
-                                socklen_t ssl;
-                                off_t off;
-
-                                /*
-                                 * Prime-sized mappings encourage fragmentation;
-                                 * thus exposing some address entropy.
-                                 */
-                                struct mm {
-                                        size_t  npg;
-                                        void    *p;
-                                } mm[] =         {
-                                        { 17, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 11, MAP_FAILED }, { 2, MAP_FAILED },
-                                        { 5, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 7, MAP_FAILED }, { 1, MAP_FAILED },
-                                        { 57, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 131, MAP_FAILED }, { 1, MAP_FAILED },
-                                };
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        HX(mm[m].p = mmap(NULL,
-                                            mm[m].npg * pgs,
-                                            PROT_READ|PROT_WRITE,
-                                            MAP_PRIVATE|MAP_ANON, -1,
-                                            (off_t)0), mm[m].p);
-                                        if (mm[m].p != MAP_FAILED) {
-                                                size_t mo;
-
-                                                /* Touch some memory... */
-                                                p = mm[m].p;
-                                                mo = cnt %
-                                                    (mm[m].npg * pgs - 1);
-                                                p[mo] = 1;
-                                                cnt += (int)((long)(mm[m].p)
-                                                    / pgs);
-                                        }
-
-                                        /* Check cnts and times... */
-                                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
-                                            ii++) {
-                                                HX((e = clock_gettime(cl[ii],
-                                                    &ts)) == -1, ts);
-                                                if (e != -1)
-                                                        cnt += (int)ts.tv_nsec;
-                                        }
-
-                                        HX((e = getrusage(RUSAGE_SELF,
-                                            &ru)) == -1, ru);
-                                        if (e != -1) {
-                                                cnt += (int)ru.ru_utime.tv_sec;
-                                                cnt += (int)ru.ru_utime.tv_usec;
-                                        }
-                                }
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        if (mm[m].p != MAP_FAILED)
-                                                munmap(mm[m].p, mm[m].npg * pgs);
-                                        mm[m].p = MAP_FAILED;
-                                }
-
-                                HX(stat(".", &st) == -1, st);
-                                HX(statvfs(".", &stvfs) == -1, stvfs);
-
-                                HX(stat("/", &st) == -1, st);
-                                HX(statvfs("/", &stvfs) == -1, stvfs);
-
-                                HX((e = fstat(0, &st)) == -1, st);
-                                if (e == -1) {
-                                        if (S_ISREG(st.st_mode) ||
-                                            S_ISFIFO(st.st_mode) ||
-                                            S_ISSOCK(st.st_mode)) {
-                                                HX(fstatvfs(0, &stvfs) == -1,
-                                                    stvfs);
-                                                HX((off = lseek(0, (off_t)0,
-                                                    SEEK_CUR)) < 0, off);
-                                        }
-                                        if (S_ISCHR(st.st_mode)) {
-                                                HX(tcgetattr(0, &tios) == -1,
-                                                    tios);
-                                        } else if (S_ISSOCK(st.st_mode)) {
-                                                memset(&ss, 0, sizeof ss);
-                                                ssl = sizeof(ss);
-                                                HX(getpeername(0,
-                                                    (void *)&ss, &ssl) == -1,
-                                                    ss);
-                                        }
-                                }
-
-                                HX((e = getrusage(RUSAGE_CHILDREN,
-                                    &ru)) == -1, ru);
-                                if (e != -1) {
-                                        cnt += (int)ru.ru_utime.tv_sec;
-                                        cnt += (int)ru.ru_utime.tv_usec;
-                                }
-                        } else {
-                                /* Subsequent hashes absorb previous result */
-                                HD(results);
-                        }
-
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HD(cnt);
-                }
-                SHA512_Final(results, &ctx);
-                memcpy((char *)buf + i, results, min(sizeof(results), len - i));
-                i += min(sizeof(results), len - i);
-        }
-        explicit_bzero(&ctx, sizeof ctx);
-        explicit_bzero(results, sizeof results);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_linux.c b/src/lib/libcrypto/crypto/getentropy_linux.c
deleted file mode 100644
index ac97658efe..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_linux.c
+++ /dev/null
@@ -1,547 +0,0 @@
-/*      $OpenBSD: getentropy_linux.c,v 1.43 2016/08/07 03:27:21 tb Exp $        */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#define _POSIX_C_SOURCE 199309L
-#define _GNU_SOURCE     1
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#ifdef SYS__sysctl
-#include <linux/sysctl.h>
-#endif
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <link.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-#include <openssl/sha.h>
-
-#include <linux/types.h>
-#include <linux/random.h>
-#ifdef HAVE_GETAUXVAL
-#include <sys/auxv.h>
-#endif
-#include <sys/vfs.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
-        do { \
-                if ((a)) \
-                        HD(errno); \
-                else \
-                        HD(b); \
-        } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int     getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-#ifdef SYS_getrandom
-static int getentropy_getrandom(void *buf, size_t len);
-#endif
-static int getentropy_urandom(void *buf, size_t len);
-#ifdef SYS__sysctl
-static int getentropy_sysctl(void *buf, size_t len);
-#endif
-static int getentropy_fallback(void *buf, size_t len);
-static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
-
-int
-getentropy(void *buf, size_t len)
-{
-        int ret = -1;
-
-        if (len > 256) {
-                errno = EIO;
-                return (-1);
-        }
-
-#ifdef SYS_getrandom
-        /*
-         * Try descriptor-less getrandom()
-         */
-        ret = getentropy_getrandom(buf, len);
-        if (ret != -1)
-                return (ret);
-        if (errno != ENOSYS)
-                return (-1);
-#endif
-
-        /*
-         * Try to get entropy with /dev/urandom
-         *
-         * This can fail if the process is inside a chroot or if file
-         * descriptors are exhausted.
-         */
-        ret = getentropy_urandom(buf, len);
-        if (ret != -1)
-                return (ret);
-
-#ifdef SYS__sysctl
-        /*
-         * Try to use sysctl CTL_KERN, KERN_RANDOM, RANDOM_UUID.
-         * sysctl is a failsafe API, so it guarantees a result.  This
-         * should work inside a chroot, or when file descriptors are
-         * exhausted.
-         *
-         * However this can fail if the Linux kernel removes support
-         * for sysctl.  Starting in 2007, there have been efforts to
-         * deprecate the sysctl API/ABI, and push callers towards use
-         * of the chroot-unavailable fd-using /proc mechanism --
-         * essentially the same problems as /dev/urandom.
-         *
-         * Numerous setbacks have been encountered in their deprecation
-         * schedule, so as of June 2014 the kernel ABI still exists on
-         * most Linux architectures. The sysctl() stub in libc is missing
-         * on some systems.  There are also reports that some kernels
-         * spew messages to the console.
-         */
-        ret = getentropy_sysctl(buf, len);
-        if (ret != -1)
-                return (ret);
-#endif /* SYS__sysctl */
-
-        /*
-         * Entropy collection via /dev/urandom and sysctl have failed.
-         *
-         * No other API exists for collecting entropy.  See the large
-         * comment block above.
-         *
-         * We have very few options:
-         *     - Even syslog_r is unsafe to call at this low level, so
-         *       there is no way to alert the user or program.
-         *     - Cannot call abort() because some systems have unsafe
-         *       corefiles.
-         *     - Could raise(SIGKILL) resulting in silent program termination.
-         *     - Return EIO, to hint that arc4random's stir function
-         *       should raise(SIGKILL)
-         *     - Do the best under the circumstances....
-         *
-         * This code path exists to bring light to the issue that Linux
-         * does not provide a failsafe API for entropy collection.
-         *
-         * We hope this demonstrates that Linux should either retain their
-         * sysctl ABI, or consider providing a new failsafe API which
-         * works in a chroot or when file descriptors are exhausted.
-         */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
-        raise(SIGKILL);
-#endif
-        ret = getentropy_fallback(buf, len);
-        if (ret != -1)
-                return (ret);
-
-        errno = EIO;
-        return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
-        char    any_set = 0;
-        size_t  i;
-
-        for (i = 0; i < len; ++i)
-                any_set |= buf[i];
-        if (any_set == 0)
-                return (-1);
-        return (0);
-}
-
-#ifdef SYS_getrandom
-static int
-getentropy_getrandom(void *buf, size_t len)
-{
-        int pre_errno = errno;
-        int ret;
-        if (len > 256)
-                return (-1);
-        do {
-                ret = syscall(SYS_getrandom, buf, len, 0);
-        } while (ret == -1 && errno == EINTR);
-
-        if (ret != len)
-                return (-1);
-        errno = pre_errno;
-        return (0);
-}
-#endif
-
-static int
-getentropy_urandom(void *buf, size_t len)
-{
-        struct stat st;
-        size_t i;
-        int fd, cnt, flags;
-        int save_errno = errno;
-
-start:
-
-        flags = O_RDONLY;
-#ifdef O_NOFOLLOW
-        flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
-        flags |= O_CLOEXEC;
-#endif
-        fd = open("/dev/urandom", flags, 0);
-        if (fd == -1) {
-                if (errno == EINTR)
-                        goto start;
-                goto nodevrandom;
-        }
-#ifndef O_CLOEXEC
-        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
-        /* Lightly verify that the device node looks sane */
-        if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
-                close(fd);
-                goto nodevrandom;
-        }
-        if (ioctl(fd, RNDGETENTCNT, &cnt) == -1) {
-                close(fd);
-                goto nodevrandom;
-        }
-        for (i = 0; i < len; ) {
-                size_t wanted = len - i;
-                ssize_t ret = read(fd, (char *)buf + i, wanted);
-
-                if (ret == -1) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                continue;
-                        close(fd);
-                        goto nodevrandom;
-                }
-                i += ret;
-        }
-        close(fd);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-nodevrandom:
-        errno = EIO;
-        return (-1);
-}
-
-#ifdef SYS__sysctl
-static int
-getentropy_sysctl(void *buf, size_t len)
-{
-        static int mib[] = { CTL_KERN, KERN_RANDOM, RANDOM_UUID };
-        size_t i;
-        int save_errno = errno;
-
-        for (i = 0; i < len; ) {
-                size_t chunk = min(len - i, 16);
-
-                /* SYS__sysctl because some systems already removed sysctl() */
-                struct __sysctl_args args = {
-                        .name = mib,
-                        .nlen = 3,
-                        .oldval = (char *)buf + i,
-                        .oldlenp = &chunk,
-                };
-                if (syscall(SYS__sysctl, &args) != 0)
-                        goto sysctlfailed;
-                i += chunk;
-        }
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);                     /* satisfied */
-        }
-sysctlfailed:
-        errno = EIO;
-        return (-1);
-}
-#endif /* SYS__sysctl */
-
-static const int cl[] = {
-        CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
-        CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
-        CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
-        CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
-        CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
-        CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
-        CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
-        CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
-{
-        SHA512_CTX *ctx = data;
-
-        SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
-        return (0);
-}
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
-        uint8_t results[SHA512_DIGEST_LENGTH];
-        int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
-        static int cnt;
-        struct timespec ts;
-        struct timeval tv;
-        struct rusage ru;
-        sigset_t sigset;
-        struct stat st;
-        SHA512_CTX ctx;
-        static pid_t lastpid;
-        pid_t pid;
-        size_t i, ii, m;
-        char *p;
-
-        pid = getpid();
-        if (lastpid == pid) {
-                faster = 1;
-                repeat = 2;
-        } else {
-                faster = 0;
-                lastpid = pid;
-                repeat = REPEAT;
-        }
-        for (i = 0; i < len; ) {
-                int j;
-                SHA512_Init(&ctx);
-                for (j = 0; j < repeat; j++) {
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        dl_iterate_phdr(getentropy_phdr, &ctx);
-
-                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
-                                HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
-                        HX((pid = getpid()) == -1, pid);
-                        HX((pid = getsid(pid)) == -1, pid);
-                        HX((pid = getppid()) == -1, pid);
-                        HX((pid = getpgid(0)) == -1, pid);
-                        HX((e = getpriority(0, 0)) == -1, e);
-
-                        if (!faster) {
-                                ts.tv_sec = 0;
-                                ts.tv_nsec = 1;
-                                (void) nanosleep(&ts, NULL);
-                        }
-
-                        HX(sigpending(&sigset) == -1, sigset);
-                        HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
-                            sigset);
-
-                        HF(getentropy); /* an addr in this library */
-                        HF(printf);             /* an addr in libc */
-                        p = (char *)&p;
-                        HD(p);          /* an addr on stack */
-                        p = (char *)&errno;
-                        HD(p);          /* the addr of errno */
-
-                        if (i == 0) {
-                                struct sockaddr_storage ss;
-                                struct statvfs stvfs;
-                                struct termios tios;
-                                struct statfs stfs;
-                                socklen_t ssl;
-                                off_t off;
-
-                                /*
-                                 * Prime-sized mappings encourage fragmentation;
-                                 * thus exposing some address entropy.
-                                 */
-                                struct mm {
-                                        size_t  npg;
-                                        void    *p;
-                                } mm[] =         {
-                                        { 17, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 11, MAP_FAILED }, { 2, MAP_FAILED },
-                                        { 5, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 7, MAP_FAILED }, { 1, MAP_FAILED },
-                                        { 57, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 131, MAP_FAILED }, { 1, MAP_FAILED },
-                                };
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        HX(mm[m].p = mmap(NULL,
-                                            mm[m].npg * pgs,
-                                            PROT_READ|PROT_WRITE,
-                                            MAP_PRIVATE|MAP_ANON, -1,
-                                            (off_t)0), mm[m].p);
-                                        if (mm[m].p != MAP_FAILED) {
-                                                size_t mo;
-
-                                                /* Touch some memory... */
-                                                p = mm[m].p;
-                                                mo = cnt %
-                                                    (mm[m].npg * pgs - 1);
-                                                p[mo] = 1;
-                                                cnt += (int)((long)(mm[m].p)
-                                                    / pgs);
-                                        }
-
-                                        /* Check cnts and times... */
-                                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
-                                            ii++) {
-                                                HX((e = clock_gettime(cl[ii],
-                                                    &ts)) == -1, ts);
-                                                if (e != -1)
-                                                        cnt += (int)ts.tv_nsec;
-                                        }
-
-                                        HX((e = getrusage(RUSAGE_SELF,
-                                            &ru)) == -1, ru);
-                                        if (e != -1) {
-                                                cnt += (int)ru.ru_utime.tv_sec;
-                                                cnt += (int)ru.ru_utime.tv_usec;
-                                        }
-                                }
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        if (mm[m].p != MAP_FAILED)
-                                                munmap(mm[m].p, mm[m].npg * pgs);
-                                        mm[m].p = MAP_FAILED;
-                                }
-
-                                HX(stat(".", &st) == -1, st);
-                                HX(statvfs(".", &stvfs) == -1, stvfs);
-                                HX(statfs(".", &stfs) == -1, stfs);
-
-                                HX(stat("/", &st) == -1, st);
-                                HX(statvfs("/", &stvfs) == -1, stvfs);
-                                HX(statfs("/", &stfs) == -1, stfs);
-
-                                HX((e = fstat(0, &st)) == -1, st);
-                                if (e == -1) {
-                                        if (S_ISREG(st.st_mode) ||
-                                            S_ISFIFO(st.st_mode) ||
-                                            S_ISSOCK(st.st_mode)) {
-                                                HX(fstatvfs(0, &stvfs) == -1,
-                                                    stvfs);
-                                                HX(fstatfs(0, &stfs) == -1,
-                                                    stfs);
-                                                HX((off = lseek(0, (off_t)0,
-                                                    SEEK_CUR)) < 0, off);
-                                        }
-                                        if (S_ISCHR(st.st_mode)) {
-                                                HX(tcgetattr(0, &tios) == -1,
-                                                    tios);
-                                        } else if (S_ISSOCK(st.st_mode)) {
-                                                memset(&ss, 0, sizeof ss);
-                                                ssl = sizeof(ss);
-                                                HX(getpeername(0,
-                                                    (void *)&ss, &ssl) == -1,
-                                                    ss);
-                                        }
-                                }
-
-                                HX((e = getrusage(RUSAGE_CHILDREN,
-                                    &ru)) == -1, ru);
-                                if (e != -1) {
-                                        cnt += (int)ru.ru_utime.tv_sec;
-                                        cnt += (int)ru.ru_utime.tv_usec;
-                                }
-                        } else {
-                                /* Subsequent hashes absorb previous result */
-                                HD(results);
-                        }
-
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HD(cnt);
-                }
-#ifdef HAVE_GETAUXVAL
-#ifdef AT_RANDOM
-                /* Not as random as you think but we take what we are given */
-                p = (char *) getauxval(AT_RANDOM);
-                if (p)
-                        HR(p, 16);
-#endif
-#ifdef AT_SYSINFO_EHDR
-                p = (char *) getauxval(AT_SYSINFO_EHDR);
-                if (p)
-                        HR(p, pgs);
-#endif
-#ifdef AT_BASE
-                p = (char *) getauxval(AT_BASE);
-                if (p)
-                        HD(p);
-#endif
-#endif
-
-                SHA512_Final(results, &ctx);
-                memcpy((char *)buf + i, results, min(sizeof(results), len - i));
-                i += min(sizeof(results), len - i);
-        }
-        explicit_bzero(&ctx, sizeof ctx);
-        explicit_bzero(results, sizeof results);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_netbsd.c b/src/lib/libcrypto/crypto/getentropy_netbsd.c
deleted file mode 100644
index 45d68c9fda..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_netbsd.c
+++ /dev/null
@@ -1,64 +0,0 @@
-/*      $OpenBSD: getentropy_netbsd.c,v 1.3 2016/08/07 03:27:21 tb Exp $        */
-
-/*
- * Copyright (c) 2014 Pawel Jakub Dawidek <pjd@FreeBSD.org>
- * Copyright (c) 2014 Brent Cook <bcook@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/sysctl.h>
-
-#include <errno.h>
-#include <stddef.h>
-
-/*
- * Derived from lib/libc/gen/arc4random.c from FreeBSD.
- */
-static size_t
-getentropy_sysctl(u_char *buf, size_t size)
-{
-        int mib[2];
-        size_t len, done;
-
-        mib[0] = CTL_KERN;
-        mib[1] = KERN_ARND;
-        done = 0;
-
-        do {
-                len = size;
-                if (sysctl(mib, 2, buf, &len, NULL, 0) == -1)
-                        return (done);
-                done += len;
-                buf += len;
-                size -= len;
-        } while (size > 0);
-
-        return (done);
-}
-
-int
-getentropy(void *buf, size_t len)
-{
-        if (len <= 256 &&
-            getentropy_sysctl(buf, len) == len) {
-                return (0);
-        }
-
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_osx.c b/src/lib/libcrypto/crypto/getentropy_osx.c
deleted file mode 100644
index c5bbb7e338..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_osx.c
+++ /dev/null
@@ -1,429 +0,0 @@
-/*      $OpenBSD: getentropy_osx.c,v 1.10 2016/08/07 03:27:21 tb Exp $  */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#include <sys/sysctl.h>
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-#include <mach/mach_time.h>
-#include <mach/mach_host.h>
-#include <mach/host_info.h>
-#include <sys/socketvar.h>
-#include <sys/vmmeter.h>
-#include <netinet/in.h>
-#include <netinet/tcp.h>
-#include <netinet/udp.h>
-#include <netinet/ip_var.h>
-#include <netinet/tcp_var.h>
-#include <netinet/udp_var.h>
-#include <CommonCrypto/CommonDigest.h>
-#define SHA512_Update(a, b, c)  (CC_SHA512_Update((a), (b), (c)))
-#define SHA512_Init(xxx) (CC_SHA512_Init((xxx)))
-#define SHA512_Final(xxx, yyy) (CC_SHA512_Final((xxx), (yyy)))
-#define SHA512_CTX CC_SHA512_CTX
-#define SHA512_DIGEST_LENGTH CC_SHA512_DIGEST_LENGTH
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
-        do { \
-                if ((a)) \
-                        HD(errno); \
-                else \
-                        HD(b); \
-        } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int     getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len);
-static int getentropy_fallback(void *buf, size_t len);
-
-int
-getentropy(void *buf, size_t len)
-{
-        int ret = -1;
-
-        if (len > 256) {
-                errno = EIO;
-                return (-1);
-        }
-
-        /*
-         * Try to get entropy with /dev/urandom
-         *
-         * This can fail if the process is inside a chroot or if file
-         * descriptors are exhausted.
-         */
-        ret = getentropy_urandom(buf, len);
-        if (ret != -1)
-                return (ret);
-
-        /*
-         * Entropy collection via /dev/urandom and sysctl have failed.
-         *
-         * No other API exists for collecting entropy, and we have
-         * no failsafe way to get it on OSX that is not sensitive
-         * to resource exhaustion.
-         *
-         * We have very few options:
-         *     - Even syslog_r is unsafe to call at this low level, so
-         *       there is no way to alert the user or program.
-         *     - Cannot call abort() because some systems have unsafe
-         *       corefiles.
-         *     - Could raise(SIGKILL) resulting in silent program termination.
-         *     - Return EIO, to hint that arc4random's stir function
-         *       should raise(SIGKILL)
-         *     - Do the best under the circumstances....
-         *
-         * This code path exists to bring light to the issue that OSX
-         * does not provide a failsafe API for entropy collection.
-         *
-         * We hope this demonstrates that OSX should consider
-         * providing a new failsafe API which works in a chroot or
-         * when file descriptors are exhausted.
-         */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
-        raise(SIGKILL);
-#endif
-        ret = getentropy_fallback(buf, len);
-        if (ret != -1)
-                return (ret);
-
-        errno = EIO;
-        return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
-        char    any_set = 0;
-        size_t  i;
-
-        for (i = 0; i < len; ++i)
-                any_set |= buf[i];
-        if (any_set == 0)
-                return (-1);
-        return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len)
-{
-        struct stat st;
-        size_t i;
-        int fd, flags;
-        int save_errno = errno;
-
-start:
-
-        flags = O_RDONLY;
-#ifdef O_NOFOLLOW
-        flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
-        flags |= O_CLOEXEC;
-#endif
-        fd = open("/dev/urandom", flags, 0);
-        if (fd == -1) {
-                if (errno == EINTR)
-                        goto start;
-                goto nodevrandom;
-        }
-#ifndef O_CLOEXEC
-        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
-        /* Lightly verify that the device node looks sane */
-        if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode)) {
-                close(fd);
-                goto nodevrandom;
-        }
-        for (i = 0; i < len; ) {
-                size_t wanted = len - i;
-                ssize_t ret = read(fd, (char *)buf + i, wanted);
-
-                if (ret == -1) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                continue;
-                        close(fd);
-                        goto nodevrandom;
-                }
-                i += ret;
-        }
-        close(fd);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-nodevrandom:
-        errno = EIO;
-        return (-1);
-}
-
-static int tcpmib[] = { CTL_NET, AF_INET, IPPROTO_TCP, TCPCTL_STATS };
-static int udpmib[] = { CTL_NET, AF_INET, IPPROTO_UDP, UDPCTL_STATS };
-static int ipmib[] = { CTL_NET, AF_INET, IPPROTO_IP, IPCTL_STATS };
-static int kmib[] = { CTL_KERN, KERN_USRSTACK };
-static int hwmib[] = { CTL_HW, HW_USERMEM };
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
-        uint8_t results[SHA512_DIGEST_LENGTH];
-        int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
-        static int cnt;
-        struct timespec ts;
-        struct timeval tv;
-        struct rusage ru;
-        sigset_t sigset;
-        struct stat st;
-        SHA512_CTX ctx;
-        static pid_t lastpid;
-        pid_t pid;
-        size_t i, ii, m;
-        char *p;
-        struct tcpstat tcpstat;
-        struct udpstat udpstat;
-        struct ipstat ipstat;
-        u_int64_t mach_time;
-        unsigned int idata;
-        void *addr;
-
-        pid = getpid();
-        if (lastpid == pid) {
-                faster = 1;
-                repeat = 2;
-        } else {
-                faster = 0;
-                lastpid = pid;
-                repeat = REPEAT;
-        }
-        for (i = 0; i < len; ) {
-                int j;
-                SHA512_Init(&ctx);
-                for (j = 0; j < repeat; j++) {
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        mach_time = mach_absolute_time();
-                        HD(mach_time);
-
-                        ii = sizeof(addr);
-                        HX(sysctl(kmib, sizeof(kmib) / sizeof(kmib[0]),
-                            &addr, &ii, NULL, 0) == -1, addr);
-
-                        ii = sizeof(idata);
-                        HX(sysctl(hwmib, sizeof(hwmib) / sizeof(hwmib[0]),
-                            &idata, &ii, NULL, 0) == -1, idata);
-
-                        ii = sizeof(tcpstat);
-                        HX(sysctl(tcpmib, sizeof(tcpmib) / sizeof(tcpmib[0]),
-                            &tcpstat, &ii, NULL, 0) == -1, tcpstat);
-
-                        ii = sizeof(udpstat);
-                        HX(sysctl(udpmib, sizeof(udpmib) / sizeof(udpmib[0]),
-                            &udpstat, &ii, NULL, 0) == -1, udpstat);
-
-                        ii = sizeof(ipstat);
-                        HX(sysctl(ipmib, sizeof(ipmib) / sizeof(ipmib[0]),
-                            &ipstat, &ii, NULL, 0) == -1, ipstat);
-
-                        HX((pid = getpid()) == -1, pid);
-                        HX((pid = getsid(pid)) == -1, pid);
-                        HX((pid = getppid()) == -1, pid);
-                        HX((pid = getpgid(0)) == -1, pid);
-                        HX((e = getpriority(0, 0)) == -1, e);
-
-                        if (!faster) {
-                                ts.tv_sec = 0;
-                                ts.tv_nsec = 1;
-                                (void) nanosleep(&ts, NULL);
-                        }
-
-                        HX(sigpending(&sigset) == -1, sigset);
-                        HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
-                            sigset);
-
-                        HF(getentropy); /* an addr in this library */
-                        HF(printf);             /* an addr in libc */
-                        p = (char *)&p;
-                        HD(p);          /* an addr on stack */
-                        p = (char *)&errno;
-                        HD(p);          /* the addr of errno */
-
-                        if (i == 0) {
-                                struct sockaddr_storage ss;
-                                struct statvfs stvfs;
-                                struct termios tios;
-                                struct statfs stfs;
-                                socklen_t ssl;
-                                off_t off;
-
-                                /*
-                                 * Prime-sized mappings encourage fragmentation;
-                                 * thus exposing some address entropy.
-                                 */
-                                struct mm {
-                                        size_t  npg;
-                                        void    *p;
-                                } mm[] =         {
-                                        { 17, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 11, MAP_FAILED }, { 2, MAP_FAILED },
-                                        { 5, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 7, MAP_FAILED }, { 1, MAP_FAILED },
-                                        { 57, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 131, MAP_FAILED }, { 1, MAP_FAILED },
-                                };
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        HX(mm[m].p = mmap(NULL,
-                                            mm[m].npg * pgs,
-                                            PROT_READ|PROT_WRITE,
-                                            MAP_PRIVATE|MAP_ANON, -1,
-                                            (off_t)0), mm[m].p);
-                                        if (mm[m].p != MAP_FAILED) {
-                                                size_t mo;
-
-                                                /* Touch some memory... */
-                                                p = mm[m].p;
-                                                mo = cnt %
-                                                    (mm[m].npg * pgs - 1);
-                                                p[mo] = 1;
-                                                cnt += (int)((long)(mm[m].p)
-                                                    / pgs);
-                                        }
-
-                                        /* Check cnts and times... */
-                                        mach_time = mach_absolute_time();
-                                        HD(mach_time);
-                                        cnt += (int)mach_time;
-
-                                        HX((e = getrusage(RUSAGE_SELF,
-                                            &ru)) == -1, ru);
-                                        if (e != -1) {
-                                                cnt += (int)ru.ru_utime.tv_sec;
-                                                cnt += (int)ru.ru_utime.tv_usec;
-                                        }
-                                }
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        if (mm[m].p != MAP_FAILED)
-                                                munmap(mm[m].p, mm[m].npg * pgs);
-                                        mm[m].p = MAP_FAILED;
-                                }
-
-                                HX(stat(".", &st) == -1, st);
-                                HX(statvfs(".", &stvfs) == -1, stvfs);
-                                HX(statfs(".", &stfs) == -1, stfs);
-
-                                HX(stat("/", &st) == -1, st);
-                                HX(statvfs("/", &stvfs) == -1, stvfs);
-                                HX(statfs("/", &stfs) == -1, stfs);
-
-                                HX((e = fstat(0, &st)) == -1, st);
-                                if (e == -1) {
-                                        if (S_ISREG(st.st_mode) ||
-                                            S_ISFIFO(st.st_mode) ||
-                                            S_ISSOCK(st.st_mode)) {
-                                                HX(fstatvfs(0, &stvfs) == -1,
-                                                    stvfs);
-                                                HX(fstatfs(0, &stfs) == -1,
-                                                    stfs);
-                                                HX((off = lseek(0, (off_t)0,
-                                                    SEEK_CUR)) < 0, off);
-                                        }
-                                        if (S_ISCHR(st.st_mode)) {
-                                                HX(tcgetattr(0, &tios) == -1,
-                                                    tios);
-                                        } else if (S_ISSOCK(st.st_mode)) {
-                                                memset(&ss, 0, sizeof ss);
-                                                ssl = sizeof(ss);
-                                                HX(getpeername(0,
-                                                    (void *)&ss, &ssl) == -1,
-                                                    ss);
-                                        }
-                                }
-
-                                HX((e = getrusage(RUSAGE_CHILDREN,
-                                    &ru)) == -1, ru);
-                                if (e != -1) {
-                                        cnt += (int)ru.ru_utime.tv_sec;
-                                        cnt += (int)ru.ru_utime.tv_usec;
-                                }
-                        } else {
-                                /* Subsequent hashes absorb previous result */
-                                HD(results);
-                        }
-
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HD(cnt);
-                }
-
-                SHA512_Final(results, &ctx);
-                memcpy((char *)buf + i, results, min(sizeof(results), len - i));
-                i += min(sizeof(results), len - i);
-        }
-        explicit_bzero(&ctx, sizeof ctx);
-        explicit_bzero(results, sizeof results);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_solaris.c b/src/lib/libcrypto/crypto/getentropy_solaris.c
deleted file mode 100644
index f0fcdcf28b..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_solaris.c
+++ /dev/null
@@ -1,445 +0,0 @@
-/*      $OpenBSD: getentropy_solaris.c,v 1.12 2016/08/07 03:27:21 tb Exp $      */
-
-/*
- * Copyright (c) 2014 Theo de Raadt <deraadt@openbsd.org>
- * Copyright (c) 2014 Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <sys/types.h>
-#include <sys/param.h>
-#include <sys/ioctl.h>
-#include <sys/resource.h>
-#include <sys/syscall.h>
-#include <sys/statvfs.h>
-#include <sys/socket.h>
-#include <sys/mount.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <sys/time.h>
-#include <stdlib.h>
-#include <stdint.h>
-#include <stdio.h>
-#include <link.h>
-#include <termios.h>
-#include <fcntl.h>
-#include <signal.h>
-#include <string.h>
-#include <errno.h>
-#include <unistd.h>
-#include <time.h>
-#include <sys/sha2.h>
-#define SHA512_Init SHA512Init
-#define SHA512_Update SHA512Update
-#define SHA512_Final SHA512Final
-
-#include <sys/vfs.h>
-#include <sys/statfs.h>
-#include <sys/loadavg.h>
-
-#define REPEAT 5
-#define min(a, b) (((a) < (b)) ? (a) : (b))
-
-#define HX(a, b) \
-        do { \
-                if ((a)) \
-                        HD(errno); \
-                else \
-                        HD(b); \
-        } while (0)
-
-#define HR(x, l) (SHA512_Update(&ctx, (char *)(x), (l)))
-#define HD(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (x)))
-#define HF(x)    (SHA512_Update(&ctx, (char *)&(x), sizeof (void*)))
-
-int     getentropy(void *buf, size_t len);
-
-static int gotdata(char *buf, size_t len);
-static int getentropy_urandom(void *buf, size_t len, const char *path,
-    int devfscheck);
-static int getentropy_fallback(void *buf, size_t len);
-static int getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data);
-
-int
-getentropy(void *buf, size_t len)
-{
-        int ret = -1;
-
-        if (len > 256) {
-                errno = EIO;
-                return (-1);
-        }
-
-        /*
-         * Try to get entropy with /dev/urandom
-         *
-         * Solaris provides /dev/urandom as a symbolic link to
-         * /devices/pseudo/random@0:urandom which is provided by
-         * a devfs filesystem.  Best practice is to use O_NOFOLLOW,
-         * so we must try the unpublished name directly.
-         *
-         * This can fail if the process is inside a chroot which lacks
-         * the devfs mount, or if file descriptors are exhausted.
-         */
-        ret = getentropy_urandom(buf, len,
-            "/devices/pseudo/random@0:urandom", 1);
-        if (ret != -1)
-                return (ret);
-
-        /*
-         * Unfortunately, chroot spaces on Solaris are sometimes setup
-         * with direct device node of the well-known /dev/urandom name
-         * (perhaps to avoid dragging all of devfs into the space).
-         *
-         * This can fail if the process is inside a chroot or if file
-         * descriptors are exhausted.
-         */
-        ret = getentropy_urandom(buf, len, "/dev/urandom", 0);
-        if (ret != -1)
-                return (ret);
-
-        /*
-         * Entropy collection via /dev/urandom has failed.
-         *
-         * No other API exists for collecting entropy, and we have
-         * no failsafe way to get it on Solaris that is not sensitive
-         * to resource exhaustion.
-         *
-         * We have very few options:
-         *     - Even syslog_r is unsafe to call at this low level, so
-         *       there is no way to alert the user or program.
-         *     - Cannot call abort() because some systems have unsafe
-         *       corefiles.
-         *     - Could raise(SIGKILL) resulting in silent program termination.
-         *     - Return EIO, to hint that arc4random's stir function
-         *       should raise(SIGKILL)
-         *     - Do the best under the circumstances....
-         *
-         * This code path exists to bring light to the issue that Solaris
-         * does not provide a failsafe API for entropy collection.
-         *
-         * We hope this demonstrates that Solaris should consider
-         * providing a new failsafe API which works in a chroot or
-         * when file descriptors are exhausted.
-         */
-#undef FAIL_INSTEAD_OF_TRYING_FALLBACK
-#ifdef FAIL_INSTEAD_OF_TRYING_FALLBACK
-        raise(SIGKILL);
-#endif
-        ret = getentropy_fallback(buf, len);
-        if (ret != -1)
-                return (ret);
-
-        errno = EIO;
-        return (ret);
-}
-
-/*
- * Basic sanity checking; wish we could do better.
- */
-static int
-gotdata(char *buf, size_t len)
-{
-        char    any_set = 0;
-        size_t  i;
-
-        for (i = 0; i < len; ++i)
-                any_set |= buf[i];
-        if (any_set == 0)
-                return (-1);
-        return (0);
-}
-
-static int
-getentropy_urandom(void *buf, size_t len, const char *path, int devfscheck)
-{
-        struct stat st;
-        size_t i;
-        int fd, flags;
-        int save_errno = errno;
-
-start:
-
-        flags = O_RDONLY;
-#ifdef O_NOFOLLOW
-        flags |= O_NOFOLLOW;
-#endif
-#ifdef O_CLOEXEC
-        flags |= O_CLOEXEC;
-#endif
-        fd = open(path, flags, 0);
-        if (fd == -1) {
-                if (errno == EINTR)
-                        goto start;
-                goto nodevrandom;
-        }
-#ifndef O_CLOEXEC
-        fcntl(fd, F_SETFD, fcntl(fd, F_GETFD) | FD_CLOEXEC);
-#endif
-
-        /* Lightly verify that the device node looks sane */
-        if (fstat(fd, &st) == -1 || !S_ISCHR(st.st_mode) ||
-            (devfscheck && (strcmp(st.st_fstype, "devfs") != 0))) {
-                close(fd);
-                goto nodevrandom;
-        }
-        for (i = 0; i < len; ) {
-                size_t wanted = len - i;
-                ssize_t ret = read(fd, (char *)buf + i, wanted);
-
-                if (ret == -1) {
-                        if (errno == EAGAIN || errno == EINTR)
-                                continue;
-                        close(fd);
-                        goto nodevrandom;
-                }
-                i += ret;
-        }
-        close(fd);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-nodevrandom:
-        errno = EIO;
-        return (-1);
-}
-
-static const int cl[] = {
-        CLOCK_REALTIME,
-#ifdef CLOCK_MONOTONIC
-        CLOCK_MONOTONIC,
-#endif
-#ifdef CLOCK_MONOTONIC_RAW
-        CLOCK_MONOTONIC_RAW,
-#endif
-#ifdef CLOCK_TAI
-        CLOCK_TAI,
-#endif
-#ifdef CLOCK_VIRTUAL
-        CLOCK_VIRTUAL,
-#endif
-#ifdef CLOCK_UPTIME
-        CLOCK_UPTIME,
-#endif
-#ifdef CLOCK_PROCESS_CPUTIME_ID
-        CLOCK_PROCESS_CPUTIME_ID,
-#endif
-#ifdef CLOCK_THREAD_CPUTIME_ID
-        CLOCK_THREAD_CPUTIME_ID,
-#endif
-};
-
-static int
-getentropy_phdr(struct dl_phdr_info *info, size_t size, void *data)
-{
-        SHA512_CTX *ctx = data;
-
-        SHA512_Update(ctx, &info->dlpi_addr, sizeof (info->dlpi_addr));
-        return (0);
-}
-
-static int
-getentropy_fallback(void *buf, size_t len)
-{
-        uint8_t results[SHA512_DIGEST_LENGTH];
-        int save_errno = errno, e, pgs = getpagesize(), faster = 0, repeat;
-        static int cnt;
-        struct timespec ts;
-        struct timeval tv;
-        double loadavg[3];
-        struct rusage ru;
-        sigset_t sigset;
-        struct stat st;
-        SHA512_CTX ctx;
-        static pid_t lastpid;
-        pid_t pid;
-        size_t i, ii, m;
-        char *p;
-
-        pid = getpid();
-        if (lastpid == pid) {
-                faster = 1;
-                repeat = 2;
-        } else {
-                faster = 0;
-                lastpid = pid;
-                repeat = REPEAT;
-        }
-        for (i = 0; i < len; ) {
-                int j;
-                SHA512_Init(&ctx);
-                for (j = 0; j < repeat; j++) {
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        dl_iterate_phdr(getentropy_phdr, &ctx);
-
-                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]); ii++)
-                                HX(clock_gettime(cl[ii], &ts) == -1, ts);
-
-                        HX((pid = getpid()) == -1, pid);
-                        HX((pid = getsid(pid)) == -1, pid);
-                        HX((pid = getppid()) == -1, pid);
-                        HX((pid = getpgid(0)) == -1, pid);
-                        HX((e = getpriority(0, 0)) == -1, e);
-                        HX((getloadavg(loadavg, 3) == -1), loadavg);
-
-                        if (!faster) {
-                                ts.tv_sec = 0;
-                                ts.tv_nsec = 1;
-                                (void) nanosleep(&ts, NULL);
-                        }
-
-                        HX(sigpending(&sigset) == -1, sigset);
-                        HX(sigprocmask(SIG_BLOCK, NULL, &sigset) == -1,
-                            sigset);
-
-                        HF(getentropy); /* an addr in this library */
-                        HF(printf);             /* an addr in libc */
-                        p = (char *)&p;
-                        HD(p);          /* an addr on stack */
-                        p = (char *)&errno;
-                        HD(p);          /* the addr of errno */
-
-                        if (i == 0) {
-                                struct sockaddr_storage ss;
-                                struct statvfs stvfs;
-                                struct termios tios;
-                                socklen_t ssl;
-                                off_t off;
-
-                                /*
-                                 * Prime-sized mappings encourage fragmentation;
-                                 * thus exposing some address entropy.
-                                 */
-                                struct mm {
-                                        size_t  npg;
-                                        void    *p;
-                                } mm[] =         {
-                                        { 17, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 11, MAP_FAILED }, { 2, MAP_FAILED },
-                                        { 5, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 7, MAP_FAILED }, { 1, MAP_FAILED },
-                                        { 57, MAP_FAILED }, { 3, MAP_FAILED },
-                                        { 131, MAP_FAILED }, { 1, MAP_FAILED },
-                                };
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        HX(mm[m].p = mmap(NULL,
-                                            mm[m].npg * pgs,
-                                            PROT_READ|PROT_WRITE,
-                                            MAP_PRIVATE|MAP_ANON, -1,
-                                            (off_t)0), mm[m].p);
-                                        if (mm[m].p != MAP_FAILED) {
-                                                size_t mo;
-
-                                                /* Touch some memory... */
-                                                p = mm[m].p;
-                                                mo = cnt %
-                                                    (mm[m].npg * pgs - 1);
-                                                p[mo] = 1;
-                                                cnt += (int)((long)(mm[m].p)
-                                                    / pgs);
-                                        }
-
-                                        /* Check cnts and times... */
-                                        for (ii = 0; ii < sizeof(cl)/sizeof(cl[0]);
-                                            ii++) {
-                                                HX((e = clock_gettime(cl[ii],
-                                                    &ts)) == -1, ts);
-                                                if (e != -1)
-                                                        cnt += (int)ts.tv_nsec;
-                                        }
-
-                                        HX((e = getrusage(RUSAGE_SELF,
-                                            &ru)) == -1, ru);
-                                        if (e != -1) {
-                                                cnt += (int)ru.ru_utime.tv_sec;
-                                                cnt += (int)ru.ru_utime.tv_usec;
-                                        }
-                                }
-
-                                for (m = 0; m < sizeof mm/sizeof(mm[0]); m++) {
-                                        if (mm[m].p != MAP_FAILED)
-                                                munmap(mm[m].p, mm[m].npg * pgs);
-                                        mm[m].p = MAP_FAILED;
-                                }
-
-                                HX(stat(".", &st) == -1, st);
-                                HX(statvfs(".", &stvfs) == -1, stvfs);
-
-                                HX(stat("/", &st) == -1, st);
-                                HX(statvfs("/", &stvfs) == -1, stvfs);
-
-                                HX((e = fstat(0, &st)) == -1, st);
-                                if (e == -1) {
-                                        if (S_ISREG(st.st_mode) ||
-                                            S_ISFIFO(st.st_mode) ||
-                                            S_ISSOCK(st.st_mode)) {
-                                                HX(fstatvfs(0, &stvfs) == -1,
-                                                    stvfs);
-                                                HX((off = lseek(0, (off_t)0,
-                                                    SEEK_CUR)) < 0, off);
-                                        }
-                                        if (S_ISCHR(st.st_mode)) {
-                                                HX(tcgetattr(0, &tios) == -1,
-                                                    tios);
-                                        } else if (S_ISSOCK(st.st_mode)) {
-                                                memset(&ss, 0, sizeof ss);
-                                                ssl = sizeof(ss);
-                                                HX(getpeername(0,
-                                                    (void *)&ss, &ssl) == -1,
-                                                    ss);
-                                        }
-                                }
-
-                                HX((e = getrusage(RUSAGE_CHILDREN,
-                                    &ru)) == -1, ru);
-                                if (e != -1) {
-                                        cnt += (int)ru.ru_utime.tv_sec;
-                                        cnt += (int)ru.ru_utime.tv_usec;
-                                }
-                        } else {
-                                /* Subsequent hashes absorb previous result */
-                                HD(results);
-                        }
-
-                        HX((e = gettimeofday(&tv, NULL)) == -1, tv);
-                        if (e != -1) {
-                                cnt += (int)tv.tv_sec;
-                                cnt += (int)tv.tv_usec;
-                        }
-
-                        HD(cnt);
-                }
-                SHA512_Final(results, &ctx);
-                memcpy((char *)buf + i, results, min(sizeof(results), len - i));
-                i += min(sizeof(results), len - i);
-        }
-        explicit_bzero(&ctx, sizeof ctx);
-        explicit_bzero(results, sizeof results);
-        if (gotdata(buf, len) == 0) {
-                errno = save_errno;
-                return (0);             /* satisfied */
-        }
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/getentropy_win.c b/src/lib/libcrypto/crypto/getentropy_win.c
deleted file mode 100644
index 2abeb27bc6..0000000000
--- a/src/lib/libcrypto/crypto/getentropy_win.c
+++ /dev/null
@@ -1,59 +0,0 @@
-/*      $OpenBSD: getentropy_win.c,v 1.5 2016/08/07 03:27:21 tb Exp $   */
-
-/*
- * Copyright (c) 2014, Theo de Raadt <deraadt@openbsd.org> 
- * Copyright (c) 2014, Bob Beck <beck@obtuse.com>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * Emulation of getentropy(2) as documented at:
- * http://man.openbsd.org/getentropy.2
- */
-
-#include <windows.h>
-#include <errno.h>
-#include <stdint.h>
-#include <sys/types.h>
-#include <wincrypt.h>
-#include <process.h>
-
-int     getentropy(void *buf, size_t len);
-
-/*
- * On Windows, CryptGenRandom is supposed to be a well-seeded
- * cryptographically strong random number generator.
- */
-int
-getentropy(void *buf, size_t len)
-{
-        HCRYPTPROV provider;
-
-        if (len > 256) {
-                errno = EIO;
-                return (-1);
-        }
-
-        if (CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL,
-            CRYPT_VERIFYCONTEXT) == 0)
-                goto fail;
-        if (CryptGenRandom(provider, len, buf) == 0) {
-                CryptReleaseContext(provider, 0);
-                goto fail;
-        }
-        CryptReleaseContext(provider, 0);
-        return (0);
-
-fail:
-        errno = EIO;
-        return (-1);
-}
diff --git a/src/lib/libcrypto/crypto/shlib_version b/src/lib/libcrypto/crypto/shlib_version
deleted file mode 100644
index b9d357140a..0000000000
--- a/src/lib/libcrypto/crypto/shlib_version
+++ /dev/null
@@ -1,3 +0,0 @@
-# Don't forget to give libssl and libtls the same type of bump!
-major=38
-minor=0