diff -ru ssh-orig/ssh-pkcs11-client.c ssh/ssh-pkcs11-client.c
--- ssh-orig/ssh-pkcs11-client.c	Mon Jan 21 23:53:35 2019
+++ ssh/ssh-pkcs11-client.c	Wed Oct  9 12:24:47 2019
@@ -155,6 +155,7 @@
 	return (ret);
 }
 
+#if 0
 static ECDSA_SIG *
 ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
     const BIGNUM *rp, EC_KEY *ec)
@@ -211,9 +212,12 @@
 	sshbuf_free(msg);
 	return (ret);
 }
+#endif
 
 static RSA_METHOD	*helper_rsa;
+#if 0
 static EC_KEY_METHOD	*helper_ecdsa;
+#endif
 
 /* redirect private key crypto operations to the ssh-pkcs11-helper */
 static void
@@ -221,8 +225,10 @@
 {
 	if (k->type == KEY_RSA)
 		RSA_set_method(k->rsa, helper_rsa);
+#if 0
 	else if (k->type == KEY_ECDSA)
 		EC_KEY_set_method(k->ecdsa, helper_ecdsa);
+#endif
 	else
 		fatal("%s: unknown key type", __func__);
 }
@@ -230,9 +236,10 @@
 static int
 pkcs11_start_helper_methods(void)
 {
-	if (helper_ecdsa != NULL)
+	if (helper_rsa != NULL)
 		return (0);
 
+#if 0
 	int (*orig_sign)(int, const unsigned char *, int, unsigned char *,
 	    unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL;
 	if (helper_ecdsa != NULL)
@@ -242,7 +249,7 @@
 		return (-1);
 	EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL);
 	EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign);
-
+#endif
 	if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
 		fatal("%s: RSA_meth_dup failed", __func__);
 	if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
diff -ru ssh-orig/ssh-pkcs11.c ssh/ssh-pkcs11.c
--- ssh-orig/ssh-pkcs11.c	Tue Oct  1 20:22:53 2019
+++ ssh/ssh-pkcs11.c	Wed Oct  9 12:24:47 2019
@@ -68,7 +68,7 @@
 
 int pkcs11_interactive = 0;
 
-#ifdef HAVE_DLOPEN
+#if 0
 static void
 ossl_error(const char *msg)
 {
@@ -183,8 +183,10 @@
 #ifdef HAVE_DLOPEN
 static RSA_METHOD *rsa_method;
 static int rsa_idx = 0;
+#if 0
 static EC_KEY_METHOD *ec_key_method;
 static int ec_key_idx = 0;
+#endif
 
 /* release a wrapped object */
 static void
@@ -483,6 +485,7 @@
 	return (0);
 }
 
+#if 0
 /* openssl callback doing the actual signing operation */
 static ECDSA_SIG *
 ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv,
@@ -572,6 +575,13 @@
 }
 
 static int
+pkcs11_ecdsa_start_wrapper(void)
+{
+	/* not implemented */
+	return -1;
+}
+
+static int
 pkcs11_ecdsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
     CK_ATTRIBUTE *keyid_attrib, EC_KEY *ec)
 {
@@ -594,6 +604,7 @@
 
 	return (0);
 }
+#endif
 
 /* remove trailing spaces */
 static void
@@ -668,6 +679,7 @@
 	return (0);
 }
 
+#if 0
 static struct sshkey *
 pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
     CK_OBJECT_HANDLE *obj)
@@ -790,6 +802,7 @@
 
 	return (key);
 }
+#endif
 
 static struct sshkey *
 pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx,
@@ -894,7 +907,9 @@
 	EC_KEY			*ec = NULL;
 	struct sshkey		*key = NULL;
 	int			 i;
+#if 0
 	int			 nid;
+#endif
 	const u_char		 *cp;
 
 	memset(&cert_attr, 0, sizeof(cert_attr));
@@ -976,6 +991,7 @@
 		key->type = KEY_RSA;
 		key->flags |= SSHKEY_FLAG_EXT;
 		rsa = NULL;	/* now owned by key */
+#if 0
 	} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
 		if (EVP_PKEY_get0_EC_KEY(evp) == NULL) {
 			error("invalid x509; no ec key");
@@ -1006,6 +1022,7 @@
 		key->type = KEY_ECDSA;
 		key->flags |= SSHKEY_FLAG_EXT;
 		ec = NULL;	/* now owned by key */
+#endif
 	} else
 		error("unknown certificate key type");
 
@@ -1190,9 +1207,11 @@
 		case CKK_RSA:
 			key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj);
 			break;
+#if 0
 		case CKK_ECDSA:
 			key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj);
 			break;
+#endif
 		default:
 			/* XXX print key type? */
 			key = NULL;