sync with OpenBSD -current

lib/libcrypto/man/DH_get0_pqg.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: DH_get0_pqg.3,v 1.7 2023/03/06 13:25:46 tb Exp $
+.\" $OpenBSD: DH_get0_pqg.3,v 1.8 2024/07/21 08:36:43 tb Exp $
 .\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 6 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt DH_GET0_PQG 3
 .Os
 .Sh NAME
@@ -307,15 +307,8 @@ or 0 if none of the given
 are set.
 .Pp
 .Fn DH_get0_engine
-returns a pointer to the
-.Vt ENGINE
-used by the
-.Vt DH
-object
-.Fa dh ,
-or
-.Dv NULL
-if no engine was set for this object.
+always returns
+.Dv NULL .
 .Sh SEE ALSO
 .Xr DH_generate_key 3 ,
 .Xr DH_generate_parameters 3 ,

lib/libcrypto/man/DSA_get0_pqg.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: DSA_get0_pqg.3,v 1.10 2023/12/29 22:37:47 tb Exp $
+.\" $OpenBSD: DSA_get0_pqg.3,v 1.11 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 29 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt DSA_GET0_PQG 3
 .Os
 .Sh NAME
@@ -283,15 +283,8 @@ or 0 if none of the given
 are set.
 .Pp
 .Fn DSA_get0_engine
-returns a pointer to the
-.Vt ENGINE
-used by the
-.Vt DSA
-object
-Fa d ,
-or
-.Dv NULL
-if no engine was set for this object.
+always returns
+.Dv NULL .
 .Sh SEE ALSO
 .Xr DSA_do_sign 3 ,
 .Xr DSA_dup_DH 3 ,

lib/libcrypto/man/EC_KEY_METHOD_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.3 2023/08/29 10:07:42 tb Exp $
+.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.4 2024/07/21 08:36:43 tb Exp $
 .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 29 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EC_KEY_METHOD_NEW 3
 .Os
 .Sh NAME
@@ -262,17 +262,15 @@ is
 .Fn EC_KEY_new_method
 creates and initializes a new
 .Vt EC_KEY
-object using the given
-.Fa engine ,
-or the using the
+object using the
 .Vt EC_KEY_METHOD
 set with
-.Fn EC_KEY_set_default_method
-if
-.Fa engine
-is
-.Dv NULL ,
-or using the default EC_KEY implementation by default.
+.Fn EC_KEY_set_default_method .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EC_KEY_set_method
 dissociates the

lib/libcrypto/man/EVP_AEAD_CTX_init.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.15 2023/09/12 13:58:06 schwarze Exp $
+.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.16 2024/07/21 08:36:43 tb Exp $
 .\"
 .\" Copyright (c) 2014, Google Inc.
 .\" Parts of the text were written by Adam Langley and David Benjamin.
@@ -17,7 +17,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 12 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_AEAD_CTX_INIT 3
 .Os
 .Sh NAME
@@ -51,7 +51,7 @@
 .Fa "const unsigned char *key"
 .Fa "size_t key_len"
 .Fa "size_t tag_len"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft void
 .Fo EVP_AEAD_CTX_cleanup
@@ -142,11 +142,11 @@ initializes the context
 for the given AEAD algorithm
 .Fa aead .
 The
-.Fa impl
+.Fa engine
 argument must be
 .Dv NULL
 for the default implementation;
-other values are currently not supported.
+other values are not supported.
 Authentication tags may be truncated by passing a tag length.
 A
 .Fa tag_len

lib/libcrypto/man/EVP_DigestInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.33 2024/03/19 17:34:05 tb Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.34 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -70,7 +70,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 19 2024 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -132,7 +132,7 @@
 .Fo EVP_DigestInit_ex
 .Fa "EVP_MD_CTX *ctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_DigestUpdate
@@ -153,7 +153,7 @@
 .Fa "unsigned char *md"
 .Fa "unsigned int *s"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_MD_CTX_copy_ex
@@ -249,21 +249,16 @@ respectively.
 sets up the digest context
 .Fa ctx
 to use a digest
-.Fa type
-from
-.Vt ENGINE
-.Fa impl .
+.Fa type .
 The
 .Fa type
 will typically be supplied by a function such as
 .Fn EVP_sha512 .
-If
-.Fa impl
-is
-.Dv NULL ,
-then the default implementation of digest
-.Fa type
-is used.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_DigestUpdate
 hashes
@@ -306,9 +301,6 @@ bytes of data at
 .Fa d
 using the digest
 .Fa type
-from
-.Vt ENGINE
-.Fa impl
 in a one-shot operation and place the digest value into
 .Fa md ,
 and, unless
@@ -323,6 +315,11 @@ This wrapper uses a temporary digest context and passes its arguments to
 and
 .Fn EVP_DigestFinal_ex
 internally.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_MD_CTX_copy_ex
 can be used to copy the message digest state from
@@ -335,8 +332,7 @@ differ in the last few bytes.
 .Fn EVP_DigestInit
 is a deprecated function behaving like
 .Fn EVP_DigestInit_ex
-except that it always uses the default digest implementation
-and that it requires
+except that it requires
 .Fn EVP_MD_CTX_reset
 before it can be used on a context that was already used.
 .Pp
@@ -399,11 +395,11 @@ in preference to the low-level interfaces.
 This is because the code then becomes transparent to the digest used and
 much more flexible.
 .Pp
-For most applications the
-.Fa impl
-parameter to
-.Fn EVP_DigestInit_ex
-will be set to NULL to use the default digest implementation.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 The functions
 .Fn EVP_DigestInit ,
@@ -418,8 +414,7 @@ New applications should use
 and
 .Fn EVP_MD_CTX_copy_ex
 because they can efficiently reuse a digest context instead of
-initializing and cleaning it up on each call and allow non-default
-implementations of digests to be specified.
+initializing and cleaning it up on each call.
 .Pp
 If digest contexts are not cleaned up after use, memory leaks will occur.
 .Sh RETURN VALUES

lib/libcrypto/man/EVP_DigestSignInit.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_DigestSignInit.3,v 1.12 2022/01/15 09:08:51 tb Exp $
+.\"	$OpenBSD: EVP_DigestSignInit.3,v 1.13 2024/07/21 08:36:43 tb Exp $
 .\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_DIGESTSIGNINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fa "EVP_MD_CTX *ctx"
 .Fa "EVP_PKEY_CTX **pctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "EVP_PKEY *pkey"
 .Fc
 .Ft int
@@ -97,11 +97,13 @@ sets up the signing context
 .Fa ctx
 to use the digest
 .Fa type
-from
-.Vt ENGINE
-.Fa e
 and private key
 .Fa pkey .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Fa ctx
 must be initialized with
 .Xr EVP_MD_CTX_init 3

lib/libcrypto/man/EVP_DigestVerifyInit.3

@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_DigestVerifyInit.3,v 1.14 2022/01/15 09:08:51 tb Exp $
+.\"	$OpenBSD: EVP_DigestVerifyInit.3,v 1.15 2024/07/21 08:36:43 tb Exp $
 .\"	OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_DIGESTVERIFYINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fa "EVP_MD_CTX *ctx"
 .Fa "EVP_PKEY_CTX **pctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "EVP_PKEY *pkey"
 .Fc
 .Ft int
@@ -97,9 +97,6 @@ sets up verification context
 .Fa ctx
 to use digest
 .Fa type
-from
-.Vt ENGINE
-.Fa e
 and public key
 .Fa pkey .
 .Fa ctx
@@ -124,6 +121,11 @@ value returned must not be freed directly by the application.
 It will be freed automatically when the
 .Vt EVP_MD_CTX
 is freed.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_DigestVerifyUpdate
 hashes

lib/libcrypto/man/EVP_EncryptInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.51 2023/12/26 22:13:00 schwarze Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.52 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 26 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -142,7 +142,7 @@
 .Fo EVP_EncryptInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *key"
 .Fa "const unsigned char *iv"
 .Fc
@@ -164,7 +164,7 @@
 .Fo EVP_DecryptInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *key"
 .Fa "const unsigned char *iv"
 .Fc
@@ -186,7 +186,7 @@
 .Fo EVP_CipherInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *key"
 .Fa "const unsigned char *iv"
 .Fa "int enc"
@@ -361,7 +361,7 @@ is the IV to use (if necessary).
 The actual number of bytes used for the
 key and IV depends on the cipher.
 The
-.Fa ENGINE *impl
+.Fa ENGINE *engine
 argument is always ignored and passing
 .Dv NULL
 is recommended.

lib/libcrypto/man/EVP_PKEY_CTX_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.13 2023/09/09 14:39:09 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.14 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_CTX_NEW 3
 .Os
 .Sh NAME
@@ -79,12 +79,12 @@
 .Ft EVP_PKEY_CTX *
 .Fo EVP_PKEY_CTX_new
 .Fa "EVP_PKEY *pkey"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fc
 .Ft EVP_PKEY_CTX *
 .Fo EVP_PKEY_CTX_new_id
 .Fa "int id"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fc
 .Ft EVP_PKEY_CTX *
 .Fo EVP_PKEY_CTX_dup
@@ -99,26 +99,23 @@ The
 .Fn EVP_PKEY_CTX_new
 function allocates a public key algorithm context using the algorithm
 specified in
-.Fa pkey
-and using
-.Fa e
-unless it is
-.Dv NULL .
-If
-.Fa pkey
-is associated with an engine, that engine is used and
-.Fa e
-is ignored.
+.Fa pkey .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 The
 .Fn EVP_PKEY_CTX_new_id
 function allocates a public key algorithm context using the algorithm
 specified by
-.Fa id
-and using
-.Fa e
-unless it is
-.Dv NULL .
+.Fa id .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 It is normally used when no
 .Vt EVP_PKEY
 structure is associated with the operations, for example during

lib/libcrypto/man/EVP_PKEY_asn1_get_count.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.8 2023/12/21 21:32:01 tb Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.9 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 21 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_ASN1_GET_COUNT 3
 .Os
 .Sh NAME
@@ -90,12 +90,12 @@
 .Fc
 .Ft const EVP_PKEY_ASN1_METHOD *
 .Fo EVP_PKEY_asn1_find
-.Fa "ENGINE **pe"
+.Fa "ENGINE **engine"
 .Fa "int type"
 .Fc
 .Ft const EVP_PKEY_ASN1_METHOD *
 .Fo EVP_PKEY_asn1_find_str
-.Fa "ENGINE **pe"
+.Fa "ENGINE **engine"
 .Fa "const char *str"
 .Fa "int len"
 .Fc
@@ -130,14 +130,12 @@ and
 .Xr EVP_PKEY_id 3
 may return.
 If
-.Fa pe
+.Fa engine
 is not
 .Dv NULL ,
-it first looks for an engine implementing a method for the NID
-.Fa type .
-If one is found,
-.Pf * Fa pe
-is set to that engine and the method from that engine is returned instead.
+.Pf * Fa engine
+is set to
+.Dv NULL .
 .Pp
 .Fn EVP_PKEY_asn1_find_str
 looks up the method with the PEM type string given by the first
@@ -157,10 +155,12 @@ manual page.
 Just like
 .Fn EVP_PKEY_asn1_find ,
 if
-.Fa pe
+.Fa engine
 is not
 .Dv NULL ,
-methods from engines are preferred.
+.Pf * Fa engine
+is set to
+.Dv NULL .
 .Pp
 .Fn EVP_PKEY_asn1_get0_info
 retrieves the public key ID as returned by

lib/libcrypto/man/EVP_PKEY_decrypt.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.8 2022/03/31 17:27:17 naddy Exp $
+.\" $OpenBSD: EVP_PKEY_decrypt.3,v 1.9 2024/07/21 08:10:17 tb Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 31 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_DECRYPT 3
 .Os
 .Sh NAME
@@ -130,16 +130,15 @@ Decrypt data using OAEP (for RSA keys):
 #include <openssl/rsa.h>
 
 EVP_PKEY_CTX *ctx;
-ENGINE *eng;
 unsigned char *out, *in;
 size_t outlen, inlen;
 EVP_PKEY *key;
 
 /*
- * Assumes that key, eng, in, and inlen are already set up
+ * Assumes that key, in, and inlen are already set up
  * and that key is an RSA private key.
  */
-ctx = EVP_PKEY_CTX_new(key, eng);
+ctx = EVP_PKEY_CTX_new(key, NULL);
 if (!ctx)
 	/* Error occurred */
 if (EVP_PKEY_decrypt_init(ctx) <= 0)

lib/libcrypto/man/EVP_PKEY_derive.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_derive.3,v 1.10 2024/03/05 19:21:31 tb Exp $
+.\" $OpenBSD: EVP_PKEY_derive.3,v 1.11 2024/07/21 08:25:33 tb Exp $
 .\" full merge up to: OpenSSL 48e5119a Jan 19 10:49:22 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_DERIVE 3
 .Os
 .Sh NAME
@@ -209,13 +209,12 @@ Derive shared secret (for example DH or EC keys):
 #include <openssl/rsa.h>
 
 EVP_PKEY_CTX *ctx;
-ENGINE *eng;
 unsigned char *skey;
 size_t skeylen;
 EVP_PKEY *pkey, *peerkey;
 
-/* Assumes that pkey, eng, and peerkey have already been set up. */
-ctx = EVP_PKEY_CTX_new(pkey, eng);
+/* Assumes that pkey and peerkey have already been set up. */
+ctx = EVP_PKEY_CTX_new(pkey, NULL);
 if (!ctx)
 	/* Error occurred */
 if (EVP_PKEY_derive_init(ctx) <= 0)

lib/libcrypto/man/EVP_PKEY_keygen.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.13 2023/09/10 04:05:26 jsg Exp $
+.\" $OpenBSD: EVP_PKEY_keygen.3,v 1.14 2024/07/21 08:02:17 tb Exp $
 .\" full merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 10 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_KEYGEN 3
 .Os
 .Sh NAME
@@ -286,11 +286,10 @@ Generate a key from a set of parameters:
 #include <openssl/rsa.h>
 
 EVP_PKEY_CTX *ctx;
-ENGINE *eng;
 EVP_PKEY *pkey = NULL, *param;
 
-/* Assumes that param and eng are already set up. */
-ctx = EVP_PKEY_CTX_new(param, eng);
+/* Assumes that param is already set up. */
+ctx = EVP_PKEY_CTX_new(param, NULL);
 if (!ctx)
 	/* Error occurred */
 if (EVP_PKEY_keygen_init(ctx) <= 0)

lib/libcrypto/man/EVP_PKEY_new.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_new.3,v 1.18 2022/12/14 22:37:07 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_new.3,v 1.19 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 14 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_NEW 3
 .Os
 .Sh NAME
@@ -95,20 +95,20 @@
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_raw_private_key
 .Fa "int type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpriv"
 .Fa "size_t rawlen"
 .Fc
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_raw_public_key
 .Fa "int type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpub"
 .Fa "size_t rawlen"
 .Fc
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_CMAC_key
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpriv"
 .Fa "size_t rawlen"
 .Fa "const EVP_CIPHER *cipher"
@@ -116,7 +116,7 @@
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_mac_key
 .Fa "int type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpriv"
 .Fa "int rawlen"
 .Fc
@@ -165,12 +165,6 @@ pointer, no action occurs.
 .Fn EVP_PKEY_new_raw_private_key
 allocates a new
 .Vt EVP_PKEY .
-If
-.Fa e
-is
-.Pf non- Dv NULL ,
-the new structure is associated with the engine
-.Fa e .
 The NID of a public key algorithm that supports raw private keys, i.e.\&
 .Dv EVP_PKEY_HMAC ,
 .Dv EVP_PKEY_X25519 ,
@@ -184,6 +178,11 @@ bytes of raw private key data of that type in
 .Fa rawpriv .
 The public key data is automatically derived from the given private
 key data, if appropriate for the algorithm type.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_PKEY_new_raw_public_key
 works in the same way as

lib/libcrypto/man/EVP_SignInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.19 2024/07/21 09:24:07 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fo EVP_SignInit_ex
 .Fa "EVP_MD_CTX *ctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_SignUpdate
@@ -93,14 +93,16 @@ signatures.
 sets up a signing context
 .Fa ctx
 to use the digest
-.Fa type
-from
-.Vt ENGINE
-.Fa impl .
+.Fa type .
 .Fa ctx
 must be initialized with
 .Xr EVP_MD_CTX_init 3
 before calling this function.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_SignUpdate
 hashes

lib/libcrypto/man/EVP_VerifyInit.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
+.\" $OpenBSD: EVP_VerifyInit.3,v 1.12 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_VERIFYINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fo EVP_VerifyInit_ex
 .Fa "EVP_MD_CTX *ctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_VerifyUpdate
@@ -93,14 +93,16 @@ digital signatures.
 sets up a verification context
 .Fa ctx
 to use the digest
-.Fa type
-from
-.Vt ENGINE
-.Fa impl .
+.Fa type .
 .Fa ctx
 must be initialized by calling
 .Xr EVP_MD_CTX_init 3
 before calling this function.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_VerifyUpdate
 hashes

lib/libcrypto/man/HMAC.3

@@ -1,4 +1,4 @@
-.\" $OpenBSD: HMAC.3,v 1.21 2024/05/26 09:54:16 tb Exp $
+.\" $OpenBSD: HMAC.3,v 1.22 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400
 .\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 26 2024 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt HMAC 3
 .Os
 .Sh NAME
@@ -97,7 +97,7 @@
 .Fa "const void *key"
 .Fa "int key_len"
 .Fa "const EVP_MD *md"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo HMAC_Init
@@ -223,6 +223,11 @@ nor the same as the previous digest used by
 .Fa ctx ,
 then an error is returned because reuse of an existing key with a
 different digest is not supported.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn HMAC_Init
 is a deprecated wrapper around