Fix a brainfart that happened to me in 2020:

It is impossible to use EVP_DigestInit_ex(3) for CMAC.
Besides, EVP_PKEY_CTX_new_id(3) does not produce an EVP_MD_CTX object.

Instead, mention the easiest way to actually get the job done
using EVP_PKEY_new_CMAC_key(3) and EVP_DigestSignInit(3).

OK tb@

1 files changed, 7 insertions, 9 deletions

diff --git a/src/lib/libcrypto/man/CMAC_Init.3 b/src/lib/libcrypto/man/CMAC_Init.3
index 29818be354..fd32ca085a 100644
--- a/src/lib/libcrypto/man/CMAC_Init.3
+++ b/src/lib/libcrypto/man/CMAC_Init.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: CMAC_Init.3,v 1.8 2024/11/08 16:05:09 schwarze Exp $
+.\" $OpenBSD: CMAC_Init.3,v 1.9 2024/11/12 00:42:28 schwarze Exp $
 .\"
 .\" Copyright (c) 2020 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: November 8 2024 $
+.Dd $Mdocdate: November 12 2024 $
 .Dt CMAC_INIT 3
 .Os
 .Sh NAME
@@ -69,13 +69,11 @@ arbitrary block cipher using a symmetric key.
 The present manual page describes low-level functions implementing CMAC.
 Instead of using these functions directly,
 application programs normally call
-.Xr EVP_PKEY_CTX_new_id 3
-with an argument of
-.Dv EVP_PKEY_CMAC
+.Xr EVP_PKEY_new_CMAC_key 3
 and then pass the resulting
-.Vt EVP_MD_CTX
+.Vt EVP_PKEY
 object to
-.Xr EVP_DigestInit_ex 3 .
+.Xr EVP_DigestSignInit 3 .
 .Pp
 The CMAC API is object-oriented.
 Calculating a message authentication code requires a
@@ -254,9 +252,9 @@ functions are used internally, entries may still get pushed onto
 the error stack in some cases of failure.
 .Sh SEE ALSO
 .Xr EVP_aes_128_cbc 3 ,
-.Xr EVP_DigestInit 3 ,
+.Xr EVP_DigestSignInit 3 ,
 .Xr EVP_EncryptInit 3 ,
-.Xr EVP_PKEY_CTX_new_id 3 ,
+.Xr EVP_PKEY_new_CMAC_key 3 ,
 .Xr HMAC 3
 .Sh STANDARDS
 .Rs