Delete the manual page EVP_PKEY_asn1_new(3).

All the functions documented in this page were deleted from the API
by tb@ in evp.h rev. 1.126 on March 2 this year.

14 files changed, 30 insertions, 566 deletions

diff --git a/src/lib/libcrypto/man/ASN1_item_sign.3 b/src/lib/libcrypto/man/ASN1_item_sign.3
index b47fd1d04d..8c09fe77ff 100644
--- a/src/lib/libcrypto/man/ASN1_item_sign.3
+++ b/src/lib/libcrypto/man/ASN1_item_sign.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ASN1_item_sign.3,v 1.2 2021/12/18 17:47:44 schwarze Exp $
+.\" $OpenBSD: ASN1_item_sign.3,v 1.3 2024/12/06 12:51:13 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt ASN1_ITEM_SIGN 3
 .Os
 .Sh NAME
@@ -91,12 +91,6 @@ Unless
 is
 .Dv NULL ,
 the same data is copied into it.
-.\" The following is not yet supported by LibreSSL
-.\" because we do not provide EVP_PKEY_asn1_set_item(3).
-.\" except that user-defined key types set up with
-.\" .Xr EVP_PKEY_asn1_new 3
-.\" may optionally provide information about a second algorithm in
-.\" .Fa algor2 .
 .Sh RETURN VALUES
 These functions return the length of the signature in bytes
 or 0 if memory allocation, encoding, or signing fails.
@@ -113,8 +107,6 @@ is not fully initialized.
 .Xr EVP_Digest 3 ,
 .Xr EVP_DigestSign 3 ,
 .Xr EVP_MD_CTX_new 3 ,
-.\" We do not provide EVP_PKEY_asn1_set_item(3).
-.\" .Xr EVP_PKEY_asn1_new 3 ,
 .Xr EVP_PKEY_new 3 ,
 .Xr OBJ_find_sigid_by_algs 3 ,
 .Xr X509_ALGOR_new 3
diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
index 6e6c25e253..f7810789b6 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.9 2024/07/21 08:36:43 tb Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.10 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 21 2024 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_PKEY_ASN1_GET_COUNT 3
 .Os
 .Sh NAME
@@ -185,16 +185,10 @@ object and will never be returned from
 or
 .Fn EVP_PKEY_asn1_find_str .
 .It Dv ASN1_PKEY_DYNAMIC
-This
+This flag is unused.
+It could formerly be used to mark an
 .Fa ameth
-object is marked as dynamically allocated.
-If this flag is set,
-.Xr EVP_PKEY_asn1_free 3
-can free
-.Fa ameth ;
-otherwise,
-.Xr EVP_PKEY_asn1_free 3
-has no effect on it.
+object as dynamically allocated.
 .It Dv ASN1_PKEY_SIGPARAM_NULL
 If the signing
 .Fa ctx
@@ -240,7 +234,6 @@ if no match is found.
 .Fn EVP_PKEY_asn1_get0_info
 returns 1 on success or 0 on failure.
 .Sh SEE ALSO
-.Xr EVP_PKEY_asn1_new 3 ,
 .Xr EVP_PKEY_base_id 3 ,
 .Xr EVP_PKEY_new 3
 .Sh HISTORY
diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3
deleted file mode 100644
index e7a987861e..0000000000
--- a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3
+++ /dev/null
@@ -1,502 +0,0 @@
-.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.12 2024/12/05 15:06:27 schwarze Exp $
-.\" selective merge up to:
-.\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800
-.\"
-.\" This file is a derived work.
-.\" The changes are covered by the following Copyright and license:
-.\"
-.\" Copyright (c) 2023 Ingo Schwarze <schwarze@openbsd.org>
-.\"
-.\" Permission to use, copy, modify, and distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\"
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" The original file was written by Richard Levitte <levitte@openssl.org>
-.\" and Paul Yang <yang.yang@baishancloud.com>.
-.\" Copyright (c) 2017 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: December 5 2024 $
-.Dt EVP_PKEY_ASN1_NEW 3
-.Os
-.Sh NAME
-.\" .Nm EVP_PKEY_asn1_add0 and
-.\" .Nm EVP_PKEY_asn1_add_alias are intentionally undocumented
-.\" because they will be removed in the next major bump
-.Nm EVP_PKEY_asn1_new ,
-.Nm EVP_PKEY_asn1_copy ,
-.Nm EVP_PKEY_asn1_free ,
-.Nm EVP_PKEY_asn1_set_public ,
-.Nm EVP_PKEY_asn1_set_private ,
-.Nm EVP_PKEY_asn1_set_param ,
-.Nm EVP_PKEY_asn1_set_free ,
-.Nm EVP_PKEY_asn1_set_ctrl ,
-.Nm EVP_PKEY_asn1_set_check ,
-.Nm EVP_PKEY_asn1_set_public_check ,
-.Nm EVP_PKEY_asn1_set_param_check ,
-.Nm EVP_PKEY_asn1_set_security_bits
-.Nd manipulating and registering an EVP_PKEY_ASN1_METHOD structure
-.Sh SYNOPSIS
-.In openssl/evp.h
-.Ft EVP_PKEY_ASN1_METHOD *
-.Fo EVP_PKEY_asn1_new
-.Fa "int id"
-.Fa "int flags"
-.Fa "const char *pem_str"
-.Fa "const char *info"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_copy
-.Fa "EVP_PKEY_ASN1_METHOD *dst"
-.Fa "const EVP_PKEY_ASN1_METHOD *src"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_free
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_public
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*pub_decode)(EVP_PKEY *pk, X509_PUBKEY *pub)"
-.Fa "int (*pub_encode)(X509_PUBKEY *pub, const EVP_PKEY *pk)"
-.Fa "int (*pub_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)"
-.Fa "int (*pub_print)(BIO *out, const EVP_PKEY *pkey, int indent,\
- ASN1_PCTX *pctx)"
-.Fa "int (*pkey_size)(const EVP_PKEY *pk)"
-.Fa "int (*pkey_bits)(const EVP_PKEY *pk)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_private
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*priv_decode)(EVP_PKEY *pk, const PKCS8_PRIV_KEY_INFO *p8inf)"
-.Fa "int (*priv_encode)(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pk)"
-.Fa "int (*priv_print)(BIO *out, const EVP_PKEY *pkey, int indent,\
- ASN1_PCTX *pctx)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_param
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*param_decode)(EVP_PKEY *pkey, const unsigned char **pder,\
- int derlen)"
-.Fa "int (*param_encode)(const EVP_PKEY *pkey, unsigned char **pder)"
-.Fa "int (*param_missing)(const EVP_PKEY *pk)"
-.Fa "int (*param_copy)(EVP_PKEY *to, const EVP_PKEY *from)"
-.Fa "int (*param_cmp)(const EVP_PKEY *a, const EVP_PKEY *b)"
-.Fa "int (*param_print)(BIO *out, const EVP_PKEY *pkey, int indent,\
- ASN1_PCTX *pctx)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_free
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "void (*pkey_free)(EVP_PKEY *pkey)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_ctrl
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*pkey_ctrl)(EVP_PKEY *pkey, int op, long arg1, void *arg2)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_check
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*pkey_check)(const EVP_PKEY *pk)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_public_check
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*pkey_public_check)(const EVP_PKEY *pk)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_param_check
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*pkey_param_check)(const EVP_PKEY *pk)"
-.Fc
-.Ft void
-.Fo EVP_PKEY_asn1_set_security_bits
-.Fa "EVP_PKEY_ASN1_METHOD *ameth"
-.Fa "int (*pkey_security_bits)(const EVP_PKEY *pkey)"
-.Fc
-.Sh DESCRIPTION
-.Vt EVP_PKEY_ASN1_METHOD
-is a structure which holds a set of ASN.1 conversion, printing and
-information methods for a specific public key algorithm.
-.Pp
-The built-in
-.Vt EVP_PKEY_ASN1_METHOD
-objects are stored in a table containing the standard
-methods for different algorithms.
-.Ss Methods
-The methods are the underlying implementations of a particular public
-key algorithm present by the
-.Vt EVP_PKEY
-object.
-.Bd -unfilled
-.Ft int Fn (*pub_decode) "EVP_PKEY *pk" "X509_PUBKEY *pub"
-.Ft int Fn (*pub_encode) "X509_PUBKEY *pub" "const EVP_PKEY *pk"
-.Ed
-.Pp
-Decode and encode
-.Vt X509_PUBKEY
-ASN.1 parameters to and from
-.Fa pk .
-These methods must return 0 on error and 1 on success.
-They are called by
-.Xr X509_PUBKEY_get 3
-and
-.Xr X509_PUBKEY_set 3 .
-.Bd -unfilled
-.Ft int Fn (*pub_cmp) "const EVP_PKEY *a" "const EVP_PKEY *b"
-.Ed
-.Pp
-Compare two public keys.
-This method must return 1 when the keys are equal and 0 otherwise.
-It is called by
-.Xr EVP_PKEY_cmp 3 .
-.Bd -filled
-.Ft int Fo (*pub_print)
-.Fa "BIO *out"
-.Fa "const EVP_PKEY *pkey"
-.Fa "int indent"
-.Fa "ASN1_PCTX *pctx"
-.Fc
-.Ed
-.Pp
-Print a public key in humanly readable text to
-.Fa out ,
-indented
-.Fa indent
-spaces.
-This method must return 0 on error and 1 on success.
-It is called by
-.Xr EVP_PKEY_print_public 3 .
-.Bd -unfilled
-.Ft int Fn (*priv_decode) "EVP_PKEY *pk" "const PKCS8_PRIV_KEY_INFO *p8inf"
-.Ft int Fn (*priv_encode) "PKCS8_PRIV_KEY_INFO *p8" "const EVP_PKEY *pk"
-.Ed
-.Pp
-Decode and encode
-.Vt PKCS8_PRIV_KEY_INFO
-form private key to and from
-.Fa pk .
-These methods must return 0 on error, 1 on success.
-They are called by
-.Xr EVP_PKCS82PKEY 3
-and
-.Xr EVP_PKEY2PKCS8 3 .
-.Bd -filled
-.Ft int Fo (*priv_print)
-.Fa "BIO *out"
-.Fa "const EVP_PKEY *pkey"
-.Fa "int indent"
-.Fa "ASN1_PCTX *pctx"
-.Fc
-.Ed
-.Pp
-Print a private key in humanly readable text to
-.Fa out ,
-indented
-.Fa indent
-spaces.
-This method must return 0 on error and 1 on success.
-It is called by
-.Xr EVP_PKEY_print_private 3 .
-.Bd -unfilled
-.Ft int Fn (*pkey_size) "const EVP_PKEY *pk"
-.Ed
-.Pp
-Returns the key size in bytes.
-This method is called by
-.Xr EVP_PKEY_size 3 .
-.Bd -unfilled
-.Ft int Fn (*pkey_bits) "const EVP_PKEY *pk"
-.Ed
-.Pp
-Returns the key size in bits.
-This method is called by
-.Xr EVP_PKEY_bits 3 .
-.Bd -filled
-.Ft int Fo (*param_decode)
-.Fa "EVP_PKEY *pkey"
-.Fa "const unsigned char **pder"
-.Fa "int derlen"
-.Fc
-.br
-.Ft int Fo (*param_encode)
-.Fa "const EVP_PKEY *pkey"
-.Fa "unsigned char **pder"
-.Fc
-.Ed
-.Pp
-Decode and encode DER formatted parameters to and from
-.Fa pk .
-These methods must return 0 on error and 1 on success.
-They are called by
-.Fn PEM_read_bio_Parameters .
-.Bd -unfilled
-.Ft int Fn (*param_missing) "const EVP_PKEY *pk"
-.Ed
-.Pp
-Return 0 if a key parameter is missing or 1 otherwise.
-This method is called by
-.Xr EVP_PKEY_missing_parameters 3 .
-.Bd -unfilled
-.Ft int Fn (*param_copy) "EVP_PKEY *to" "const EVP_PKEY *from"
-.Ed
-.Pp
-Copy key parameters from
-.Fa from
-to
-.Fa to .
-This method must return 0 on error and 1 on success.
-It is called by
-.Xr EVP_PKEY_copy_parameters 3 .
-.Bd -unfilled
-.Ft int Fn (*param_cmp) "const EVP_PKEY *a" "const EVP_PKEY *b"
-.Ed
-.Pp
-Compare the parameters of the keys
-.Fa a
-and
-.Fa b .
-This method must return 1 when the keys are equal, 0 when not equal, and a
-negative number on error.
-It is called by
-.Xr EVP_PKEY_cmp_parameters 3 .
-.Bd -filled
-.Ft int Fo (*param_print)
-.Fa "BIO *out"
-.Fa "const EVP_PKEY *pkey"
-.Fa "int indent"
-.Fa "ASN1_PCTX *pctx"
-.Fc
-.Ed
-.Pp
-Print the private key parameters in humanly readable text to
-.Fa out ,
-indented
-.Fa indent
-spaces.
-This method must return 0 on error and 1 on success.
-It is called by
-.Xr EVP_PKEY_print_params 3 .
-.Bd -unfilled
-.Ft void Fn (*pkey_free) "EVP_PKEY *pkey"
-.Ed
-.Pp
-Free the internals of
-.Fa pkey .
-This method is called by
-.Xr EVP_PKEY_free 3 ,
-.Xr EVP_PKEY_set_type 3 ,
-.Xr EVP_PKEY_set_type_str 3 ,
-and
-.Xr EVP_PKEY_assign 3 .
-.Bd -filled
-.Ft int Fo (*pkey_ctrl)
-.Fa "EVP_PKEY *pkey"
-.Fa "int op"
-.Fa "long arg1"
-.Fa "void *arg2"
-.Fc
-.Ed
-.Pp
-Add extra algorithm specific control.
-.Pp
-If the
-.Fa op
-argument is
-.Dv ASN1_PKEY_CTRL_DEFAULT_MD_NID ,
-the
-.Fa pkey_ctrl
-method is supposed to write the message digest NID
-for public key signature operations with the given
-.Fa pkey
-to
-.Pf * Fa arg2
-as documented in the
-.Xr EVP_PKEY_get_default_digest_nid 3
-manual page.
-.Pp
-The
-.Fa pkey_ctrl
-method is also called by
-.Fn PKCS7_SIGNER_INFO_set ,
-.Fn PKCS7_RECIP_INFO_set ,
-and other functions.
-.\" TODO:
-.\" ASN1_PKEY_CTRL_PKCS7_ENCRYPT in pk7_lib.c rsa_ameth.c
-.\" ASN1_PKEY_CTRL_PKCS7_SIGN in pk7_lib.c dsa_ameth.c ec_ameth.c rsa_ameth.c
-.Bd -unfilled
-.Ft int Fn (*pkey_check) "const EVP_PKEY *pk"
-.Ft int Fn (*pkey_public_check) "const EVP_PKEY *pk"
-.Ft int Fn (*pkey_param_check) "const EVP_PKEY *pk"
-.Ed
-.Pp
-Check the validity of
-.Fa pk
-for key-pair, public component, and parameters, respectively.
-These methods must return 0 for an invalid key or 1 for a valid key.
-They are called by
-.Xr EVP_PKEY_check 3 ,
-.Xr EVP_PKEY_public_check 3 ,
-and
-.Xr EVP_PKEY_param_check 3 ,
-respectively.
-.Bd -unfilled
-.Ft int Fn (*pkey_security_bits) "const EVP_PKEY *pkey"
-.Ed
-.Pp
-Return the security strength measured in bits of
-.Fa pkey .
-It is called by
-.Xr EVP_PKEY_security_bits 3 .
-.Ss Functions
-.Fn EVP_PKEY_asn1_new
-creates and returns a new
-.Vt EVP_PKEY_ASN1_METHOD
-object, marks it as dynamically allocated, and associates the given
-.Fa id ,
-.Fa flags ,
-.Fa pem_str
-and
-.Fa info .
-.Fa id
-is a NID,
-.Fa pem_str
-is the PEM type string,
-.Fa info
-is a descriptive string.
-If
-.Dv ASN1_PKEY_SIGPARAM_NULL
-is set in
-.Fa flags ,
-the signature algorithm parameters are given the type
-.Dv V_ASN1_NULL
-by default, otherwise they will be given the type
-.Dv V_ASN1_UNDEF
-(i.e. the parameter is omitted).
-See
-.Xr X509_ALGOR_set0 3
-for more information.
-.Pp
-.Fn EVP_PKEY_asn1_copy
-copies all function pointers from
-.Fa src
-to
-.Fa dst .
-The data in
-.Fa dst
-that can be set with
-.Fn EVP_PKEY_asn1_new
-\(em NIDs, flags, and strings \(em
-remains unchanged.
-This function is not thread safe, it is recommended to only use this when
-initializing the application.
-.Pp
-.Fn EVP_PKEY_asn1_free
-frees the dynamically allocated
-.Fa ameth
-including all memory it refers to.
-If
-.Fa ameth
-is
-.Dv NULL
-of not marked as dynamically allocated, no action occurs.
-.Pp
-.Fn EVP_PKEY_asn1_set_public ,
-.Fn EVP_PKEY_asn1_set_private ,
-.Fn EVP_PKEY_asn1_set_param ,
-.Fn EVP_PKEY_asn1_set_free ,
-.Fn EVP_PKEY_asn1_set_ctrl ,
-.Fn EVP_PKEY_asn1_set_check ,
-.Fn EVP_PKEY_asn1_set_public_check ,
-.Fn EVP_PKEY_asn1_set_param_check ,
-and
-.Fn EVP_PKEY_asn1_set_security_bits
-set the diverse methods of the given
-.Vt EVP_PKEY_ASN1_METHOD
-object.
-.Sh RETURN VALUES
-.Fn EVP_PKEY_asn1_new
-returns a pointer to the new
-.Vt EVP_PKEY_ASN1_METHOD
-object or
-.Dv NULL
-if memory allocation fails.
-.Sh SEE ALSO
-.Xr EVP_PKEY_asn1_get_count 3 ,
-.Xr EVP_PKEY_new 3 ,
-.Xr X509_PUBKEY_new 3
-.Sh HISTORY
-.Fn EVP_PKEY_asn1_new ,
-.Fn EVP_PKEY_asn1_copy ,
-.Fn EVP_PKEY_asn1_free ,
-.Fn EVP_PKEY_asn1_set_public ,
-.Fn EVP_PKEY_asn1_set_private ,
-.Fn EVP_PKEY_asn1_set_param ,
-.Fn EVP_PKEY_asn1_set_free ,
-and
-.Fn EVP_PKEY_asn1_set_ctrl
-first appeared in OpenSSL 1.0.0 and have been available since
-.Ox 4.9 .
-.Pp
-.Fn EVP_PKEY_asn1_set_check ,
-.Fn EVP_PKEY_asn1_set_public_check ,
-and
-.Fn EVP_PKEY_asn1_set_param_check
-first appeared in OpenSSL 1.1.1 and have been available since
-.Ox 7.1 .
-.Pp
-.Fn EVP_PKEY_asn1_set_security_bits
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 7.2 .
diff --git a/src/lib/libcrypto/man/EVP_PKEY_cmp.3 b/src/lib/libcrypto/man/EVP_PKEY_cmp.3
index 2e42a9946f..c12843854d 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_cmp.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_cmp.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.14 2024/03/05 19:21:31 tb Exp $
+.\" $OpenBSD: EVP_PKEY_cmp.3,v 1.15 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL 05ea606a May 20 20:52:46 2016 -0400
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
@@ -67,7 +67,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_PKEY_CMP 3
 .Os
 .Sh NAME
@@ -160,7 +160,6 @@ and
 return 1 if the keys match, 0 if they don't match, -1 if the key types
 are different and -2 if the operation is not supported.
 .Sh SEE ALSO
-.Xr EVP_PKEY_asn1_set_public 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
 .Xr EVP_PKEY_keygen 3 ,
 .Xr EVP_PKEY_new 3 ,
diff --git a/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3 b/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
index f0c40f3d1f..e9ff7c4609 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_get_default_digest_nid.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.9 2024/04/18 16:33:33 tb Exp $
+.\" $OpenBSD: EVP_PKEY_get_default_digest_nid.3,v 1.10 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL df75c2bf Dec 9 01:02:36 2018 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 18 2024 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_PKEY_GET_DEFAULT_DIGEST_NID 3
 .Os
 .Sh NAME
@@ -116,7 +116,6 @@ It returns 0 or a negative value for failure.
 In particular, a return value of -2 indicates the operation is not
 supported by the public key algorithm.
 .Sh SEE ALSO
-.Xr EVP_PKEY_asn1_set_ctrl 3 ,
 .Xr EVP_PKEY_CTX_ctrl 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
 .Xr EVP_PKEY_new 3 ,
diff --git a/src/lib/libcrypto/man/EVP_PKEY_new.3 b/src/lib/libcrypto/man/EVP_PKEY_new.3
index 0705c8432a..4090db990b 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_new.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_new.3,v 1.22 2024/11/29 12:05:06 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_new.3,v 1.23 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL 4dcfdfce May 27 11:50:05 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -66,7 +66,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 29 2024 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_PKEY_NEW 3
 .Os
 .Sh NAME
@@ -311,7 +311,6 @@ with
 .Xr d2i_PrivateKey 3 ,
 .Xr evp 3 ,
 .Xr EVP_PKCS82PKEY 3 ,
-.Xr EVP_PKEY_asn1_new 3 ,
 .Xr EVP_PKEY_check 3 ,
 .Xr EVP_PKEY_cmp 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
diff --git a/src/lib/libcrypto/man/EVP_PKEY_print_private.3 b/src/lib/libcrypto/man/EVP_PKEY_print_private.3
index c1e6899818..a4b51a4bbb 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_print_private.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_print_private.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EVP_PKEY_print_private.3,v 1.7 2019/06/06 01:06:58 schwarze Exp $
+.\"     $OpenBSD: EVP_PKEY_print_private.3,v 1.8 2024/12/06 12:51:13 schwarze Exp $
 .\"     OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: June 6 2019 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_PKEY_PRINT_PRIVATE 3
 .Os
 .Sh NAME
@@ -120,7 +120,6 @@ failure.
 In particular, a return value of -2 indicates the operation is not
 supported by the public key algorithm.
 .Sh SEE ALSO
-.Xr EVP_PKEY_asn1_set_public 3 ,
 .Xr EVP_PKEY_CTX_new 3 ,
 .Xr EVP_PKEY_keygen 3 ,
 .Xr EVP_PKEY_new 3
diff --git a/src/lib/libcrypto/man/EVP_PKEY_size.3 b/src/lib/libcrypto/man/EVP_PKEY_size.3
index f49678d0a9..cd25eec9c2 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_size.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_size.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_size.3,v 1.3 2024/03/05 19:21:31 tb Exp $
+.\" $OpenBSD: EVP_PKEY_size.3,v 1.4 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL eed9d03b Jan 8 11:04:15 2020 +0100
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 5 2024 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_PKEY_SIZE 3
 .Os
 .Sh NAME
@@ -134,7 +134,6 @@ For those functions, it isn't strictly necessary to call
 to find out the buffer size, but it may still be useful in cases
 where it's desirable to know the upper limit in advance.
 .Pp
-By default,
 .Fn EVP_PKEY_size
 is supported for the following algorithms:
 .Bl -column ED25519 "EVP_MAX_BLOCK_LENGTH = 32"
@@ -156,15 +155,12 @@ the situation is special: while the key size is
 .Fn EVP_PKEY_size
 returns 64 because the signature is longer than the keys.
 .Pp
-The application program can support additional algorithms by calling
-.Xr EVP_PKEY_asn1_set_public 3 .
-.Pp
 .Fn EVP_PKEY_bits
 returns the cryptographic length of the cryptosystem to which the key in
 .Fa pkey
 belongs, in bits.
 The definition of cryptographic length is specific to the key cryptosystem.
-By default, the following algorithms are supported:
+The following algorithms are supported:
 .Bl -column ED25519 "the public domain parameter p" DSA_bits(3)
 .It        Ta cryptographic length = Ta same result as from:
 .It        Ta significant bits in ... Ta
@@ -176,14 +172,11 @@ By default, the following algorithms are supported:
 .It X25519 Ta 253 Ta \(em
 .El
 .Pp
-The application program can support additional algorithms by calling
-.Xr EVP_PKEY_asn1_set_public 3 .
-.Pp
 .Fn EVP_PKEY_security_bits
 returns the security strength measured in bits of the given
 .Fa pkey
 as defined in NIST SP800-57.
-By default, the following algorithms are supported:
+The following algorithms are supported:
 .Bl -column ED25519 DSA_security_bits(3)
 .It        Ta same result as from:
 .It DH     Ta Xr DH_security_bits 3
@@ -196,9 +189,6 @@ By default, the following algorithms are supported:
 .Pp
 For EC keys, if the result is greater than 80, it is rounded down
 to 256, 192, 128, 112, or 80.
-.Pp
-The application program can support additional algorithms by calling
-.Xr EVP_PKEY_asn1_set_security_bits 3 .
 .Sh RETURN VALUES
 .Fn EVP_PKEY_size
 and
diff --git a/src/lib/libcrypto/man/EVP_SignInit.3 b/src/lib/libcrypto/man/EVP_SignInit.3
index 9a6c743876..8158b21dbf 100644
--- a/src/lib/libcrypto/man/EVP_SignInit.3
+++ b/src/lib/libcrypto/man/EVP_SignInit.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_SignInit.3,v 1.20 2024/11/08 22:23:35 schwarze Exp $
+.\" $OpenBSD: EVP_SignInit.3,v 1.21 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL 6328d367 Jul 4 21:58:30 2020 +0200
 .\"
 .\" This file was written by Dr. Stephen Henson <steve@openssl.org>.
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: November 8 2024 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt EVP_SIGNINIT 3
 .Os
 .Sh NAME
@@ -179,7 +179,6 @@ The error codes can be obtained by
 .Sh SEE ALSO
 .Xr evp 3 ,
 .Xr EVP_DigestInit 3 ,
-.Xr EVP_PKEY_asn1_set_public 3 ,
 .Xr EVP_PKEY_size 3 ,
 .Xr EVP_VerifyInit 3
 .Sh HISTORY
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 5d791d183e..da93f14a43 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.296 2024/11/12 20:15:24 schwarze Exp $
+# $OpenBSD: Makefile,v 1.297 2024/12/06 12:51:13 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -178,7 +178,6 @@ MAN=	\
         EVP_PKEY_CTX_set_hkdf_md.3 \
         EVP_PKEY_CTX_set_tls1_prf_md.3 \
         EVP_PKEY_asn1_get_count.3 \
-        EVP_PKEY_asn1_new.3 \
         EVP_PKEY_check.3 \
         EVP_PKEY_cmp.3 \
         EVP_PKEY_decrypt.3 \
diff --git a/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3 b/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3
index 2eb9aef054..822968f58d 100644
--- a/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3
+++ b/src/lib/libcrypto/man/PKCS8_PRIV_KEY_INFO_new.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.6 2021/10/25 13:48:12 schwarze Exp $
+.\"     $OpenBSD: PKCS8_PRIV_KEY_INFO_new.3,v 1.7 2024/12/06 12:51:13 schwarze Exp $
 .\"
 .\" Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 25 2021 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt PKCS8_PRIV_KEY_INFO_NEW 3
 .Os
 .Sh NAME
@@ -51,7 +51,6 @@ if an error occurs.
 .Xr d2i_PKCS8_PRIV_KEY_INFO 3 ,
 .Xr d2i_PKCS8PrivateKey_bio 3 ,
 .Xr EVP_PKCS82PKEY 3 ,
-.Xr EVP_PKEY_asn1_set_private 3 ,
 .Xr PEM_read_PKCS8_PRIV_KEY_INFO 3 ,
 .Xr PKCS12_parse 3 ,
 .Xr PKCS8_pkey_set0 3 ,
diff --git a/src/lib/libcrypto/man/X509_PUBKEY_new.3 b/src/lib/libcrypto/man/X509_PUBKEY_new.3
index 648b028d5d..df1c50bda2 100644
--- a/src/lib/libcrypto/man/X509_PUBKEY_new.3
+++ b/src/lib/libcrypto/man/X509_PUBKEY_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_PUBKEY_new.3,v 1.17 2021/10/26 10:01:23 schwarze Exp $
+.\" $OpenBSD: X509_PUBKEY_new.3,v 1.18 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: October 26 2021 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt X509_PUBKEY_NEW 3
 .Os
 .Sh NAME
@@ -354,7 +354,6 @@ or does not contain a public key,
 these functions fail but no error is pushed onto the stack.
 .Sh SEE ALSO
 .Xr d2i_X509 3 ,
-.Xr EVP_PKEY_asn1_set_public 3 ,
 .Xr X509_ALGOR_new 3 ,
 .Xr X509_get_pubkey 3 ,
 .Xr X509_new 3
diff --git a/src/lib/libcrypto/man/X509_signature_dump.3 b/src/lib/libcrypto/man/X509_signature_dump.3
index bc41cc8b61..3333a615bf 100644
--- a/src/lib/libcrypto/man/X509_signature_dump.3
+++ b/src/lib/libcrypto/man/X509_signature_dump.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509_signature_dump.3,v 1.2 2021/12/18 17:47:45 schwarze Exp $
+.\" $OpenBSD: X509_signature_dump.3,v 1.3 2024/12/06 12:51:13 schwarze Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: December 18 2021 $
+.Dd $Mdocdate: December 6 2024 $
 .Dt X509_SIGNATURE_DUMP 3
 .Os
 .Sh NAME
@@ -71,7 +71,7 @@ They fail and return as soon as any write operation fails.
 .Xr ASN1_STRING_new 3 ,
 .Xr ASN1_STRING_print_ex 3 ,
 .Xr BIO_new 3 ,
-.Xr EVP_PKEY_asn1_new 3 ,
+.Xr EVP_PKEY_asn1_find 3 ,
 .Xr OBJ_find_sigid_algs 3 ,
 .Xr X509_ALGOR_new 3 ,
 .Xr X509_get0_signature 3
diff --git a/src/lib/libcrypto/man/evp.3 b/src/lib/libcrypto/man/evp.3
index 6ccf9898d1..0168d95875 100644
--- a/src/lib/libcrypto/man/evp.3
+++ b/src/lib/libcrypto/man/evp.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: evp.3,v 1.33 2024/12/06 11:56:21 schwarze Exp $
+.\" $OpenBSD: evp.3,v 1.34 2024/12/06 12:51:13 schwarze Exp $
 .\" full merge up to: OpenSSL man7/evp 24a535ea Sep 22 13:14:20 2020 +0100
 .\"
 .\" This file was written by Ulf Moeller <ulf@openssl.org>,
@@ -204,7 +204,6 @@ family of functions provides base64 encoding and decoding.
 .Xr EVP_OpenInit 3 ,
 .Xr EVP_PKCS82PKEY 3 ,
 .Xr EVP_PKEY_asn1_get_count 3 ,
-.Xr EVP_PKEY_asn1_new 3 ,
 .Xr EVP_PKEY_check 3 ,
 .Xr EVP_PKEY_cmp 3 ,
 .Xr EVP_PKEY_CTX_ctrl 3 ,