From f78255458f4a66dd2701d6d107e3e97eda99cad7 Mon Sep 17 00:00:00 2001
From: tb <tb@openbsd.org>
Date: Sun, 21 Jul 2024 08:36:43 +0000
Subject: [PATCH] Unify description of the obsolete ENGINE parameter

This uses the same language in most manuals mentioning the obsolete
ENGINE parameters. Make it clear that it is always ignored and that
NULL should be passed. Always call it engine instead of a mix of e
pe, impl, eng.
---
 lib/libcrypto/man/DH_get0_pqg.3             | 15 ++-----
 lib/libcrypto/man/DSA_get0_pqg.3            | 15 ++-----
 lib/libcrypto/man/EC_KEY_METHOD_new.3       | 20 ++++-----
 lib/libcrypto/man/EVP_AEAD_CTX_init.3       | 10 ++---
 lib/libcrypto/man/EVP_DigestInit.3          | 49 +++++++++------------
 lib/libcrypto/man/EVP_DigestSignInit.3      | 14 +++---
 lib/libcrypto/man/EVP_DigestVerifyInit.3    | 14 +++---
 lib/libcrypto/man/EVP_EncryptInit.3         | 12 ++---
 lib/libcrypto/man/EVP_PKEY_CTX_new.3        | 35 +++++++--------
 lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 | 24 +++++-----
 lib/libcrypto/man/EVP_PKEY_new.3            | 23 +++++-----
 lib/libcrypto/man/EVP_SignInit.3            | 14 +++---
 lib/libcrypto/man/EVP_VerifyInit.3          | 16 ++++---
 lib/libcrypto/man/HMAC.3                    | 11 +++--
 14 files changed, 130 insertions(+), 142 deletions(-)

diff --git a/lib/libcrypto/man/DH_get0_pqg.3 b/lib/libcrypto/man/DH_get0_pqg.3
index 340d50757b2..eb012980f95 100644
--- a/lib/libcrypto/man/DH_get0_pqg.3
+++ b/lib/libcrypto/man/DH_get0_pqg.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: DH_get0_pqg.3,v 1.7 2023/03/06 13:25:46 tb Exp $
+.\" $OpenBSD: DH_get0_pqg.3,v 1.8 2024/07/21 08:36:43 tb Exp $
 .\" selective merge up to: OpenSSL 83cf7abf May 29 13:07:08 2018 +0100
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 6 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt DH_GET0_PQG 3
 .Os
 .Sh NAME
@@ -307,15 +307,8 @@ or 0 if none of the given
 are set.
 .Pp
 .Fn DH_get0_engine
-returns a pointer to the
-.Vt ENGINE
-used by the
-.Vt DH
-object
-.Fa dh ,
-or
-.Dv NULL
-if no engine was set for this object.
+always returns
+.Dv NULL .
 .Sh SEE ALSO
 .Xr DH_generate_key 3 ,
 .Xr DH_generate_parameters 3 ,
diff --git a/lib/libcrypto/man/DSA_get0_pqg.3 b/lib/libcrypto/man/DSA_get0_pqg.3
index 8639b0115b7..b82affba66e 100644
--- a/lib/libcrypto/man/DSA_get0_pqg.3
+++ b/lib/libcrypto/man/DSA_get0_pqg.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: DSA_get0_pqg.3,v 1.10 2023/12/29 22:37:47 tb Exp $
+.\" $OpenBSD: DSA_get0_pqg.3,v 1.11 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL e90fc053 Jul 15 09:39:45 2017 -0400
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 29 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt DSA_GET0_PQG 3
 .Os
 .Sh NAME
@@ -283,15 +283,8 @@ or 0 if none of the given
 are set.
 .Pp
 .Fn DSA_get0_engine
-returns a pointer to the
-.Vt ENGINE
-used by the
-.Vt DSA
-object
-Fa d ,
-or
-.Dv NULL
-if no engine was set for this object.
+always returns
+.Dv NULL .
 .Sh SEE ALSO
 .Xr DSA_do_sign 3 ,
 .Xr DSA_dup_DH 3 ,
diff --git a/lib/libcrypto/man/EC_KEY_METHOD_new.3 b/lib/libcrypto/man/EC_KEY_METHOD_new.3
index 489bd3ac664..79c16ef0144 100644
--- a/lib/libcrypto/man/EC_KEY_METHOD_new.3
+++ b/lib/libcrypto/man/EC_KEY_METHOD_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.3 2023/08/29 10:07:42 tb Exp $
+.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.4 2024/07/21 08:36:43 tb Exp $
 .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: August 29 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EC_KEY_METHOD_NEW 3
 .Os
 .Sh NAME
@@ -262,17 +262,15 @@ is
 .Fn EC_KEY_new_method
 creates and initializes a new
 .Vt EC_KEY
-object using the given
-.Fa engine ,
-or the using the
+object using the
 .Vt EC_KEY_METHOD
 set with
-.Fn EC_KEY_set_default_method
-if
-.Fa engine
-is
-.Dv NULL ,
-or using the default EC_KEY implementation by default.
+.Fn EC_KEY_set_default_method .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EC_KEY_set_method
 dissociates the
diff --git a/lib/libcrypto/man/EVP_AEAD_CTX_init.3 b/lib/libcrypto/man/EVP_AEAD_CTX_init.3
index 01692c93e62..8b3b8adb0f5 100644
--- a/lib/libcrypto/man/EVP_AEAD_CTX_init.3
+++ b/lib/libcrypto/man/EVP_AEAD_CTX_init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.15 2023/09/12 13:58:06 schwarze Exp $
+.\" $OpenBSD: EVP_AEAD_CTX_init.3,v 1.16 2024/07/21 08:36:43 tb Exp $
 .\"
 .\" Copyright (c) 2014, Google Inc.
 .\" Parts of the text were written by Adam Langley and David Benjamin.
@@ -17,7 +17,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: September 12 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_AEAD_CTX_INIT 3
 .Os
 .Sh NAME
@@ -51,7 +51,7 @@
 .Fa "const unsigned char *key"
 .Fa "size_t key_len"
 .Fa "size_t tag_len"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft void
 .Fo EVP_AEAD_CTX_cleanup
@@ -142,11 +142,11 @@ initializes the context
 for the given AEAD algorithm
 .Fa aead .
 The
-.Fa impl
+.Fa engine
 argument must be
 .Dv NULL
 for the default implementation;
-other values are currently not supported.
+other values are not supported.
 Authentication tags may be truncated by passing a tag length.
 A
 .Fa tag_len
diff --git a/lib/libcrypto/man/EVP_DigestInit.3 b/lib/libcrypto/man/EVP_DigestInit.3
index bb7a847d4f2..c825725009f 100644
--- a/lib/libcrypto/man/EVP_DigestInit.3
+++ b/lib/libcrypto/man/EVP_DigestInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_DigestInit.3,v 1.33 2024/03/19 17:34:05 tb Exp $
+.\" $OpenBSD: EVP_DigestInit.3,v 1.34 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 7f572e95 Dec 2 13:57:04 2015 +0000
 .\" selective merge up to: OpenSSL 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
@@ -70,7 +70,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 19 2024 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_DIGESTINIT 3
 .Os
 .Sh NAME
@@ -132,7 +132,7 @@
 .Fo EVP_DigestInit_ex
 .Fa "EVP_MD_CTX *ctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_DigestUpdate
@@ -153,7 +153,7 @@
 .Fa "unsigned char *md"
 .Fa "unsigned int *s"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_MD_CTX_copy_ex
@@ -249,21 +249,16 @@ respectively.
 sets up the digest context
 .Fa ctx
 to use a digest
-.Fa type
-from
-.Vt ENGINE
-.Fa impl .
+.Fa type .
 The
 .Fa type
 will typically be supplied by a function such as
 .Fn EVP_sha512 .
-If
-.Fa impl
-is
-.Dv NULL ,
-then the default implementation of digest
-.Fa type
-is used.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_DigestUpdate
 hashes
@@ -306,9 +301,6 @@ bytes of data at
 .Fa d
 using the digest
 .Fa type
-from
-.Vt ENGINE
-.Fa impl
 in a one-shot operation and place the digest value into
 .Fa md ,
 and, unless
@@ -323,6 +315,11 @@ This wrapper uses a temporary digest context and passes its arguments to
 and
 .Fn EVP_DigestFinal_ex
 internally.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_MD_CTX_copy_ex
 can be used to copy the message digest state from
@@ -335,8 +332,7 @@ differ in the last few bytes.
 .Fn EVP_DigestInit
 is a deprecated function behaving like
 .Fn EVP_DigestInit_ex
-except that it always uses the default digest implementation
-and that it requires
+except that it requires
 .Fn EVP_MD_CTX_reset
 before it can be used on a context that was already used.
 .Pp
@@ -399,11 +395,11 @@ in preference to the low-level interfaces.
 This is because the code then becomes transparent to the digest used and
 much more flexible.
 .Pp
-For most applications the
-.Fa impl
-parameter to
-.Fn EVP_DigestInit_ex
-will be set to NULL to use the default digest implementation.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 The functions
 .Fn EVP_DigestInit ,
@@ -418,8 +414,7 @@ New applications should use
 and
 .Fn EVP_MD_CTX_copy_ex
 because they can efficiently reuse a digest context instead of
-initializing and cleaning it up on each call and allow non-default
-implementations of digests to be specified.
+initializing and cleaning it up on each call.
 .Pp
 If digest contexts are not cleaned up after use, memory leaks will occur.
 .Sh RETURN VALUES
diff --git a/lib/libcrypto/man/EVP_DigestSignInit.3 b/lib/libcrypto/man/EVP_DigestSignInit.3
index de6e57c2cd4..92b656a106a 100644
--- a/lib/libcrypto/man/EVP_DigestSignInit.3
+++ b/lib/libcrypto/man/EVP_DigestSignInit.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_DigestSignInit.3,v 1.12 2022/01/15 09:08:51 tb Exp $
+.\"	$OpenBSD: EVP_DigestSignInit.3,v 1.13 2024/07/21 08:36:43 tb Exp $
 .\"	OpenSSL 9b86974e Aug 17 15:21:33 2015 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_DIGESTSIGNINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fa "EVP_MD_CTX *ctx"
 .Fa "EVP_PKEY_CTX **pctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "EVP_PKEY *pkey"
 .Fc
 .Ft int
@@ -97,11 +97,13 @@ sets up the signing context
 .Fa ctx
 to use the digest
 .Fa type
-from
-.Vt ENGINE
-.Fa e
 and private key
 .Fa pkey .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Fa ctx
 must be initialized with
 .Xr EVP_MD_CTX_init 3
diff --git a/lib/libcrypto/man/EVP_DigestVerifyInit.3 b/lib/libcrypto/man/EVP_DigestVerifyInit.3
index 0eb31434678..b3286bf201e 100644
--- a/lib/libcrypto/man/EVP_DigestVerifyInit.3
+++ b/lib/libcrypto/man/EVP_DigestVerifyInit.3
@@ -1,4 +1,4 @@
-.\"	$OpenBSD: EVP_DigestVerifyInit.3,v 1.14 2022/01/15 09:08:51 tb Exp $
+.\"	$OpenBSD: EVP_DigestVerifyInit.3,v 1.15 2024/07/21 08:36:43 tb Exp $
 .\"	OpenSSL fb552ac6 Sep 30 23:43:01 2009 +0000
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: January 15 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_DIGESTVERIFYINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fa "EVP_MD_CTX *ctx"
 .Fa "EVP_PKEY_CTX **pctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "EVP_PKEY *pkey"
 .Fc
 .Ft int
@@ -97,9 +97,6 @@ sets up verification context
 .Fa ctx
 to use digest
 .Fa type
-from
-.Vt ENGINE
-.Fa e
 and public key
 .Fa pkey .
 .Fa ctx
@@ -124,6 +121,11 @@ value returned must not be freed directly by the application.
 It will be freed automatically when the
 .Vt EVP_MD_CTX
 is freed.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_DigestVerifyUpdate
 hashes
diff --git a/lib/libcrypto/man/EVP_EncryptInit.3 b/lib/libcrypto/man/EVP_EncryptInit.3
index e8d22d8677f..a0adfbab09c 100644
--- a/lib/libcrypto/man/EVP_EncryptInit.3
+++ b/lib/libcrypto/man/EVP_EncryptInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_EncryptInit.3,v 1.51 2023/12/26 22:13:00 schwarze Exp $
+.\" $OpenBSD: EVP_EncryptInit.3,v 1.52 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 5211e094 Nov 11 14:39:11 2014 -0800
 .\"   EVP_bf_cbc.pod EVP_cast5_cbc.pod EVP_idea_cbc.pod EVP_rc2_cbc.pod
 .\"   7c6d372a Nov 20 13:20:01 2018 +0000
@@ -69,7 +69,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 26 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_ENCRYPTINIT 3
 .Os
 .Sh NAME
@@ -142,7 +142,7 @@
 .Fo EVP_EncryptInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *key"
 .Fa "const unsigned char *iv"
 .Fc
@@ -164,7 +164,7 @@
 .Fo EVP_DecryptInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *key"
 .Fa "const unsigned char *iv"
 .Fc
@@ -186,7 +186,7 @@
 .Fo EVP_CipherInit_ex
 .Fa "EVP_CIPHER_CTX *ctx"
 .Fa "const EVP_CIPHER *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *key"
 .Fa "const unsigned char *iv"
 .Fa "int enc"
@@ -361,7 +361,7 @@ is the IV to use (if necessary).
 The actual number of bytes used for the
 key and IV depends on the cipher.
 The
-.Fa ENGINE *impl
+.Fa ENGINE *engine
 argument is always ignored and passing
 .Dv NULL
 is recommended.
diff --git a/lib/libcrypto/man/EVP_PKEY_CTX_new.3 b/lib/libcrypto/man/EVP_PKEY_CTX_new.3
index 7a72ac18fac..cc0f5f16dcd 100644
--- a/lib/libcrypto/man/EVP_PKEY_CTX_new.3
+++ b/lib/libcrypto/man/EVP_PKEY_CTX_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.13 2023/09/09 14:39:09 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_CTX_new.3,v 1.14 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 9 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_CTX_NEW 3
 .Os
 .Sh NAME
@@ -79,12 +79,12 @@
 .Ft EVP_PKEY_CTX *
 .Fo EVP_PKEY_CTX_new
 .Fa "EVP_PKEY *pkey"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fc
 .Ft EVP_PKEY_CTX *
 .Fo EVP_PKEY_CTX_new_id
 .Fa "int id"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fc
 .Ft EVP_PKEY_CTX *
 .Fo EVP_PKEY_CTX_dup
@@ -99,26 +99,23 @@ The
 .Fn EVP_PKEY_CTX_new
 function allocates a public key algorithm context using the algorithm
 specified in
-.Fa pkey
-and using
-.Fa e
-unless it is
-.Dv NULL .
-If
-.Fa pkey
-is associated with an engine, that engine is used and
-.Fa e
-is ignored.
+.Fa pkey .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 The
 .Fn EVP_PKEY_CTX_new_id
 function allocates a public key algorithm context using the algorithm
 specified by
-.Fa id
-and using
-.Fa e
-unless it is
-.Dv NULL .
+.Fa id .
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 It is normally used when no
 .Vt EVP_PKEY
 structure is associated with the operations, for example during
diff --git a/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
index 85a6471aeb9..6e6c25e2533 100644
--- a/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
+++ b/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.8 2023/12/21 21:32:01 tb Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.9 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 21 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_ASN1_GET_COUNT 3
 .Os
 .Sh NAME
@@ -90,12 +90,12 @@
 .Fc
 .Ft const EVP_PKEY_ASN1_METHOD *
 .Fo EVP_PKEY_asn1_find
-.Fa "ENGINE **pe"
+.Fa "ENGINE **engine"
 .Fa "int type"
 .Fc
 .Ft const EVP_PKEY_ASN1_METHOD *
 .Fo EVP_PKEY_asn1_find_str
-.Fa "ENGINE **pe"
+.Fa "ENGINE **engine"
 .Fa "const char *str"
 .Fa "int len"
 .Fc
@@ -130,14 +130,12 @@ and
 .Xr EVP_PKEY_id 3
 may return.
 If
-.Fa pe
+.Fa engine
 is not
 .Dv NULL ,
-it first looks for an engine implementing a method for the NID
-.Fa type .
-If one is found,
-.Pf * Fa pe
-is set to that engine and the method from that engine is returned instead.
+.Pf * Fa engine
+is set to
+.Dv NULL .
 .Pp
 .Fn EVP_PKEY_asn1_find_str
 looks up the method with the PEM type string given by the first
@@ -157,10 +155,12 @@ manual page.
 Just like
 .Fn EVP_PKEY_asn1_find ,
 if
-.Fa pe
+.Fa engine
 is not
 .Dv NULL ,
-methods from engines are preferred.
+.Pf * Fa engine
+is set to
+.Dv NULL .
 .Pp
 .Fn EVP_PKEY_asn1_get0_info
 retrieves the public key ID as returned by
diff --git a/lib/libcrypto/man/EVP_PKEY_new.3 b/lib/libcrypto/man/EVP_PKEY_new.3
index 3b9611990a5..36f3886856e 100644
--- a/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/lib/libcrypto/man/EVP_PKEY_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_new.3,v 1.18 2022/12/14 22:37:07 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_new.3,v 1.19 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: December 14 2022 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_PKEY_NEW 3
 .Os
 .Sh NAME
@@ -95,20 +95,20 @@
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_raw_private_key
 .Fa "int type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpriv"
 .Fa "size_t rawlen"
 .Fc
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_raw_public_key
 .Fa "int type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpub"
 .Fa "size_t rawlen"
 .Fc
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_CMAC_key
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpriv"
 .Fa "size_t rawlen"
 .Fa "const EVP_CIPHER *cipher"
@@ -116,7 +116,7 @@
 .Ft EVP_PKEY *
 .Fo EVP_PKEY_new_mac_key
 .Fa "int type"
-.Fa "ENGINE *e"
+.Fa "ENGINE *engine"
 .Fa "const unsigned char *rawpriv"
 .Fa "int rawlen"
 .Fc
@@ -165,12 +165,6 @@ pointer, no action occurs.
 .Fn EVP_PKEY_new_raw_private_key
 allocates a new
 .Vt EVP_PKEY .
-If
-.Fa e
-is
-.Pf non- Dv NULL ,
-the new structure is associated with the engine
-.Fa e .
 The NID of a public key algorithm that supports raw private keys, i.e.\&
 .Dv EVP_PKEY_HMAC ,
 .Dv EVP_PKEY_X25519 ,
@@ -184,6 +178,11 @@ bytes of raw private key data of that type in
 .Fa rawpriv .
 The public key data is automatically derived from the given private
 key data, if appropriate for the algorithm type.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_PKEY_new_raw_public_key
 works in the same way as
diff --git a/lib/libcrypto/man/EVP_SignInit.3 b/lib/libcrypto/man/EVP_SignInit.3
index dc042910bbe..b8ead765b12 100644
--- a/lib/libcrypto/man/EVP_SignInit.3
+++ b/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.17 2023/11/16 20:27:43 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.18 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fo EVP_SignInit_ex
 .Fa "EVP_MD_CTX *ctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_SignUpdate
@@ -94,13 +94,15 @@ sets up a signing context
 .Fa ctx
 to use the digest
 .Fa type
-from
-.Vt ENGINE
-.Fa impl .
 .Fa ctx
 must be initialized with
 .Xr EVP_MD_CTX_init 3
 before calling this function.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_SignUpdate
 hashes
diff --git a/lib/libcrypto/man/EVP_VerifyInit.3 b/lib/libcrypto/man/EVP_VerifyInit.3
index 90a774e5145..dfebe8f2bfb 100644
--- a/lib/libcrypto/man/EVP_VerifyInit.3
+++ b/lib/libcrypto/man/EVP_VerifyInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_VerifyInit.3,v 1.11 2023/11/16 20:27:43 schwarze Exp $
+.\" $OpenBSD: EVP_VerifyInit.3,v 1.12 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\" selective merge up to: OpenSSL 79b49fb0 Mar 20 10:03:10 2018 +1000
 .\"
@@ -50,7 +50,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 16 2023 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt EVP_VERIFYINIT 3
 .Os
 .Sh NAME
@@ -65,7 +65,7 @@
 .Fo EVP_VerifyInit_ex
 .Fa "EVP_MD_CTX *ctx"
 .Fa "const EVP_MD *type"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo EVP_VerifyUpdate
@@ -93,14 +93,16 @@ digital signatures.
 sets up a verification context
 .Fa ctx
 to use the digest
-.Fa type
-from
-.Vt ENGINE
-.Fa impl .
+.Fa type .
 .Fa ctx
 must be initialized by calling
 .Xr EVP_MD_CTX_init 3
 before calling this function.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn EVP_VerifyUpdate
 hashes
diff --git a/lib/libcrypto/man/HMAC.3 b/lib/libcrypto/man/HMAC.3
index fa853bb4a14..dc32a111bed 100644
--- a/lib/libcrypto/man/HMAC.3
+++ b/lib/libcrypto/man/HMAC.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: HMAC.3,v 1.21 2024/05/26 09:54:16 tb Exp $
+.\" $OpenBSD: HMAC.3,v 1.22 2024/07/21 08:36:43 tb Exp $
 .\" full merge up to: OpenSSL crypto/hmac a528d4f0 Oct 27 13:40:11 2015 -0400
 .\" selective merge up to: OpenSSL man3/HMAC b3696a55 Sep 2 09:35:50 2017 -0400
 .\"
@@ -52,7 +52,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: May 26 2024 $
+.Dd $Mdocdate: July 21 2024 $
 .Dt HMAC 3
 .Os
 .Sh NAME
@@ -97,7 +97,7 @@
 .Fa "const void *key"
 .Fa "int key_len"
 .Fa "const EVP_MD *md"
-.Fa "ENGINE *impl"
+.Fa "ENGINE *engine"
 .Fc
 .Ft int
 .Fo HMAC_Init
@@ -223,6 +223,11 @@ nor the same as the previous digest used by
 .Fa ctx ,
 then an error is returned because reuse of an existing key with a
 different digest is not supported.
+The
+.Fa ENGINE *engine
+argument is always ignored and passing
+.Dv NULL
+is recommended.
 .Pp
 .Fn HMAC_Init
 is a deprecated wrapper around
-- 
2.20.1