10 files changed, 1303 insertions, 530 deletions

diff --git a/src/lib/libcrypto/man/ENGINE_add.3 b/src/lib/libcrypto/man/ENGINE_add.3
new file mode 100644
index 0000000000..faecb8a2ab
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_add.3
@@ -0,0 +1,143 @@
+.\" $OpenBSD: ENGINE_add.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to: OpenSSL 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_ADD 3
+.Os
+.Sh NAME
+.Nm ENGINE_add ,
+.Nm ENGINE_remove ,
+.Nm ENGINE_get_first ,
+.Nm ENGINE_get_last ,
+.Nm ENGINE_get_next ,
+.Nm ENGINE_get_prev ,
+.Nm ENGINE_by_id
+.Nd maintain a global list of ENGINE objects
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Ft int
+.Fo ENGINE_add
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_remove
+.Fa "ENGINE *e"
+.Fc
+.Ft ENGINE *
+.Fn ENGINE_get_first void
+.Ft ENGINE *
+.Fn ENGINE_get_last void
+.Ft ENGINE *
+.Fo ENGINE_get_next
+.Fa "ENGINE *e"
+.Fc
+.Ft ENGINE *
+.Fo ENGINE_get_prev
+.Fa "ENGINE *e"
+.Fc
+.Ft ENGINE *
+.Fo ENGINE_by_id
+.Fa "const char *id"
+.Fc
+.Sh DESCRIPTION
+The crypto library maintains a global list of
+.Vt ENGINE
+objects.
+.Pp
+.Fn ENGINE_add
+appends
+.Fa e
+to the end of the list
+and increments its structural reference count by 1.
+The name and identifier of
+.Fa e
+have to be set with
+.Xr ENGINE_set_name 3
+and
+.Xr ENGINE_set_id 3
+before calling this function.
+.Fn ENGINE_add
+fails if the list already contains an
+.Vt ENGINE
+with the same identifier.
+.Pp
+.Fn ENGINE_remove
+removes
+.Fa e
+from the list.
+If successful, it calls
+.Xr ENGINE_free 3
+on
+.Fa e .
+.Pp
+.Fn ENGINE_get_first
+and
+.Fn ENGINE_get_last
+provide access to the first and last
+.Vt ENGINE
+object on the list, respectively.
+Unless the list is empty, they increment the structural reference
+count of the retrieved object by 1.
+.Pp
+.Fn ENGINE_get_next
+and
+.Fn ENGINE_get_prev
+support iteration of the list.
+They always call
+.Xr ENGINE_free 3
+on
+.Fa e .
+Unless the end of the list is reached, they increment the structural
+reference count of the retrieved object by 1.
+.Pp
+.Fn ENGINE_by_id
+searches the list for an
+.Vt ENGINE
+object with a matching
+.Fa id .
+If found, it increments  the structural reference count of the
+retrieved object by 1.
+.Sh RETURN VALUES
+.Fn ENGINE_add
+and
+.Fn ENGINE_remove
+return 1 on success or 0 on error.
+.Pp
+.Fn ENGINE_get_first
+and
+.Fn ENGINE_get_last
+return an
+.Vt ENGINE
+object or
+.Dv NULL
+if the list is empty.
+.Pp
+.Fn ENGINE_get_next
+and
+.Fn ENGINE_get_prev
+return an
+.Vt ENGINE
+object or
+.Dv NULL
+when the end of the list is reached.
+.Pp
+.Fn ENGINE_by_id
+returns an
+.Vt ENGINE
+object or
+.Dv NULL
+if no matching object is found.
diff --git a/src/lib/libcrypto/man/ENGINE_ctrl.3 b/src/lib/libcrypto/man/ENGINE_ctrl.3
new file mode 100644
index 0000000000..1672f2976e
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_ctrl.3
@@ -0,0 +1,428 @@
+.\" $OpenBSD: ENGINE_ctrl.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to:
+.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_CTRL 3
+.Os
+.Sh NAME
+.Nm ENGINE_ctrl ,
+.Nm ENGINE_cmd_is_executable ,
+.Nm ENGINE_ctrl_cmd ,
+.Nm ENGINE_ctrl_cmd_string ,
+.Nm ENGINE_set_ctrl_function ,
+.Nm ENGINE_get_ctrl_function ,
+.Nm ENGINE_set_cmd_defns ,
+.Nm ENGINE_get_cmd_defns
+.Nd control commands for ENGINE objects
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Fo ENGINE_ctrl
+.Fa "ENGINE *e"
+.Fa "int cmd"
+.Fa "long i"
+.Fa "void *p"
+.Fa "void (*f)(void)"
+.Fc
+.Ft int
+.Fo ENGINE_cmd_is_executable
+.Fa "ENGINE *e"
+.Fa "int cmd"
+.Fc
+.Ft int
+.Fo ENGINE_ctrl_cmd
+.Fa "ENGINE *e"
+.Fa "const char *cmd_name"
+.Fa "long i"
+.Fa "void *p"
+.Fa "void (*f)(void)"
+.Fa "int cmd_optional"
+.Fc
+.Ft int
+.Fo ENGINE_ctrl_cmd_string
+.Fa "ENGINE *e"
+.Fa "const char *cmd_name"
+.Fa "const char *arg"
+.Fa "int cmd_optional"
+.Fc
+.Ft typedef int
+.Fo (*ENGINE_CTRL_FUNC_PTR)
+.Fa "ENGINE *e"
+.Fa "int cmd"
+.Fa "long i"
+.Fa "void *p"
+.Fa "void (*f)(void)"
+.Fc
+.Ft int
+.Fo ENGINE_set_ctrl_function
+.Fa "ENGINE *e"
+.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f"
+.Fc
+.Ft ENGINE_CTRL_FUNC_PTR
+.Fo ENGINE_get_ctrl_function
+.Fa "const ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_cmd_defns
+.Fa "ENGINE *e"
+.Fa "const ENGINE_CMD_DEFN *defns"
+.Fc
+.Ft const ENGINE_CMD_DEFN *
+.Fo ENGINE_get_cmd_defns
+.Fa "const ENGINE *e"
+.Fc
+.Sh DESCRIPTION
+.Fn ENGINE_ctrl
+calls the built-in or user-defined
+.Fa cmd
+for the engine
+.Fa e ,
+passing the arguments
+.Fa i
+and
+.Fa p .
+.Pp
+Most built-in commands operate on user-defined commands installed with
+.Fn ENGINE_set_cmd_defns ,
+either using the
+.Fa p
+argument to indicate the user-defined command with the command name
+.Fa cmd_name
+or using the
+.Fa i
+argument to indicate the user-defined command with the command number
+.Fa cmd_num .
+The
+.Fa cmd
+arguments to call the built-in commands are as follows:
+.Bl -tag -width Ds
+.It Dv ENGINE_CTRL_GET_CMD_FLAGS
+Return the
+.Fa cmd_flags
+of the user-defined command with the number
+.Fa i ,
+or a number less than or equal to 0 if an error occurs or
+the command number does not exist.
+A return value of 0 indicates failure if
+.Fa e
+is
+.Dv NULL
+or has a reference count of 0, or success if
+.Fa e
+is valid.
+.It Dv ENGINE_CTRL_GET_CMD_FROM_NAME
+Return the positive command number
+of the user-defined command with the name
+.Fa p ,
+or a number less than or equal to 0 if an error occurs or no
+matching name is found.
+.It Dv ENGINE_CTRL_GET_DESC_FROM_CMD
+Copy the description of the user-defined command with the number
+.Fa i
+into the buffer
+.Fa p
+and NUL-terminate it.
+It is the reponsability of the caller to make sure that the buffer
+.Fa p
+is large enough, either by calling
+.Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+first or using knowledge about the array passed to
+.Fn ENGINE_set_cmd_defns .
+The return value is the number of bytes written
+.Em including
+the terminating NUL byte, or a number less than or equal to 0
+if an error occurs.
+.It Dv ENGINE_CTRL_GET_DESC_LEN_FROM_CMD
+Return the length in bytes
+.Em excluding
+the terminating NUL byte
+of the description of the user-defined command with the number
+.Fa i ,
+or a number less than or equal to 0 if an error occurs.
+A return value of 0 indicates failure if
+.Fa e
+is
+.Dv NULL
+or has a reference count of 0, or success if
+.Fa e
+is valid.
+.It Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE
+Return the positive command number
+of the first user-defined command installed with
+.Fn ENGINE_set_cmd_defns
+or a number less than or equal to 0 if an error occurs or no
+user-defined command has been installed.
+.It Dv ENGINE_CTRL_GET_NAME_FROM_CMD
+Copy the name of the user-defined command with the number
+.Fa i
+into the buffer
+.Fa p
+and NUL-terminate it.
+It is the reponsability of the caller to make sure that the buffer
+.Fa p
+is large enough, either by calling
+.Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+first or using knowledge about the array passed to
+.Fn ENGINE_set_cmd_defns .
+The return value is the number of bytes written
+.Em including
+the terminating NUL byte, or a number less than or equal to 0
+if an error occurs.
+.It Dv ENGINE_CTRL_GET_NAME_LEN_FROM_CMD
+Return the length in bytes
+.Em excluding
+the terminating NULL byte
+of the name of the user-defined command with the number
+.Fa i ,
+or a number less than or equal to 0 if an error occurs.
+A return value of 0 indicates failure if
+.Fa e
+is
+.Dv NULL
+or has a reference count of 0, or success if
+.Fa e
+is valid.
+.It Dv ENGINE_CTRL_GET_NEXT_CMD_TYPE
+Return the positive command number of the next user-defined command
+after the user-defined command with the number
+.Fa i ,
+or a number less than or equal to 0 if an error occurs or if
+.Fa i
+is the last user-defined command.
+Together with
+.Dv ENGINE_CTRL_GET_FIRST_CMD_TYPE ,
+this can be used to iterate the user-defined commands installed with
+.Fn ENGINE_set_cmd_defns .
+.It Dv ENGINE_CTRL_HAS_CTRL_FUNCTION
+Return 1 if
+.Fa e
+has its own
+.Fa ctrl_f
+installed with
+.Fn ENGINE_set_ctrl_function
+or 0 otherwise.
+.El
+.Pp
+.Fn ENGINE_ctrl_cmd
+translates the
+.Fa cmd_name
+of a user-defined command to a
+.Fa cmd
+number and calls
+.Fn ENGINE_ctrl
+on it.
+If
+.Fa cmd_optional
+is non-zero, lack of a
+.Fa ctrl_f
+in
+.Fa e
+and translation failure with
+.Dv ENGINE_CTRL_GET_CMD_FROM_NAME
+are considered success, and the command has no effect.
+Otherwise, these problems cause
+.Fn ENGINE_ctrl_cmd
+to fail.
+.Pp
+.Fn ENGINE_ctrl_cmd_string
+translates the
+.Fa cmd_name
+of a user-defined command to a
+.Fa cmd
+number.
+If that command has the
+.Dv ENGINE_CMD_FLAG_NO_INPUT
+flag set,
+.Fa arg
+must be
+.Dv NULL
+and
+.Fn ENGINE_ctrl
+is called with
+.Fa i
+set to 0 and
+.Fa p
+set to
+.Dv NULL .
+Otherwise,
+.Fa arg
+must not be
+.Dv NULL .
+If the command accepts string input,
+.Fa i
+is set to 0 and
+.Fa arg
+is passed as the
+.Fa p
+argument to
+.Fn ENGINE_ctrl .
+Otherwise,
+.Fa arg
+is converted with
+.Xr strtol 3
+and passed as the
+.Fa i
+argument to
+.Fn ENGINE_ctrl ,
+setting
+.Fa p
+to
+.Dv NULL .
+.Pp
+.Fn ENGINE_set_ctrl_function
+installs
+.Fa ctrl_f
+as the engine-specific control function for
+.Fa e .
+Future calls to
+.Fn ENGINE_ctrl
+will call that function, passing on their arguments unchanged, if the
+.Fa cmd
+is not built-in to the library or if the
+.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
+flag is set in
+.Fa e .
+Let the
+.Fa ctrl_f
+return positive values on success or negative values on failure.
+Avoid return values of 0 because they cause dangerous ambiguity.
+In particular,
+.Fn ENGINE_ctrl_cmd
+and
+.Fn ENGINE_ctrl_cmd_string
+cannot be used with user-defined commands
+that may return 0 on success.
+.Pp
+.Fn ENGINE_set_cmd_defns
+install an array of command definitions in
+.Fa e .
+.Pp
+The structure
+.Vt ENGINE_CMD_DEFN
+has the following fields:
+.Bl -tag -width Ds
+.It Fa "unsigned int cmd_num"
+A positive, unique, monotonically increasing command number.
+Avoid using numbers below
+.Dv ENGINE_CMD_BASE .
+.It Fa "const char *cmd_name"
+The unique name of the command.
+.It Fa "const char *cmd_desc"
+A short description of the command.
+.It Fa "unsigned int cmd_flags"
+The bitwise OR of zero or more of the following flags:
+.Bl -tag -width Ds
+.It Dv ENGINE_CMD_FLAG_NUMERIC
+The command uses
+.Fa i .
+.It Dv ENGINE_CMD_FLAG_STRING
+The command uses
+.Fa p .
+.It Dv ENGINE_CMD_FLAG_NO_INPUT
+The command neither uses
+.Fa i
+nor
+.Fa p .
+.It Dv ENGINE_CMD_FLAG_INTERNAL
+This flag has no effect and is only provided for compatibility.
+.El
+.El
+.Pp
+The last element of
+.Fa defns
+does not specify a command, but must have a
+.Fa cmd_num
+of 0 and a
+.Fa cmd_name
+of
+.Dv NULL
+to indicate the end of the array.
+.Sh RETURN VALUES
+For
+.Fn ENGINE_ctrl ,
+positive return values indicate success and negative return values
+indicate failure.
+The meaning of a zero return value depends on the particular
+.Fa cmd
+and may indicate both success and failure, which is pathetic.
+.Pp
+Regardless of the
+.Fa cmd ,
+.Fn ENGINE_ctrl
+returns 0 if
+.Fa e
+is
+.Dv NULL
+or has a reference count of 0.
+This is quite unfortunate for commands like
+.Dv ENGINE_CTRL_GET_CMD_FLAGS
+where 0 may indicate success, so make sure
+.Fa e
+is valid before issuing a control command.
+.Pp
+For built-in commands except
+.Dv ENGINE_CTRL_HAS_CTRL_FUNCTION ,
+.Fn ENGINE_ctrl
+returns \-1 if
+.Dv ENGINE_FLAGS_MANUAL_CMD_CTRL
+is set but no
+.Fa ctrl_f
+has been installed with
+.Fn ENGINE_set_ctrl_function .
+.Pp
+For commands that are not built in,
+.Fn ENGINE_ctrl
+returns 0 if no
+.Fa ctrl_f
+has been installed with
+.Fn ENGINE_set_ctrl_function .
+.Pp
+.Fn ENGINE_cmd_is_executable
+returns 1 if the user-defined
+.Fa cmd
+is executable and has at least one of the flags
+.Dv ENGINE_CMD_FLAG_NUMERIC ,
+.Dv ENGINE_CMD_FLAG_STRING ,
+and
+.Dv ENGINE_CMD_FLAG_NO_INPUT
+set, or 0 otherwise.
+.Pp
+.Fn ENGINE_ctrl_cmd
+and
+.Fn ENGINE_ctrl_cmd_string
+return 1 on success or 0 on error.
+.Pp
+.Fn ENGINE_set_ctrl_function
+and
+.Fn ENGINE_set_cmd_defns
+always return 1.
+.Pp
+.Fn ENGINE_get_ctrl_function
+returns a pointer to the function
+.Fa ctrl_f
+installed with
+.Fn ENGINE_set_ctrl_function ,
+or
+.Dv NULL
+if none has been installed.
+.Pp
+.Fn ENGINE_get_cmd_defns
+returns the array of command definitions installed in
+.Fa e
+or
+.Dv NULL
+if none is installed.
diff --git a/src/lib/libcrypto/man/ENGINE_get_default_RSA.3 b/src/lib/libcrypto/man/ENGINE_get_default_RSA.3
new file mode 100644
index 0000000000..876ccac775
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_get_default_RSA.3
@@ -0,0 +1,133 @@
+.\" $OpenBSD: ENGINE_get_default_RSA.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to:
+.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_GET_DEFAULT_RSA 3
+.Os
+.Sh NAME
+.Nm ENGINE_get_default_RSA ,
+.Nm ENGINE_get_default_DSA ,
+.Nm ENGINE_get_default_ECDH ,
+.Nm ENGINE_get_default_ECDSA ,
+.Nm ENGINE_get_default_DH ,
+.Nm ENGINE_get_default_RAND ,
+.Nm ENGINE_get_cipher_engine ,
+.Nm ENGINE_get_digest_engine ,
+.Nm ENGINE_set_table_flags ,
+.Nm ENGINE_get_table_flags
+.Nd retrieve the default ENGINE for an algorithm
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Ft ENGINE *
+.Fn ENGINE_get_default_RSA void
+.Ft ENGINE *
+.Fn ENGINE_get_default_DSA void
+.Ft ENGINE *
+.Fn ENGINE_get_default_ECDH void
+.Ft ENGINE *
+.Fn ENGINE_get_default_ECDSA void
+.Ft ENGINE *
+.Fn ENGINE_get_default_DH void
+.Ft ENGINE *
+.Fn ENGINE_get_default_RAND void
+.Ft ENGINE *
+.Fo ENGINE_get_cipher_engine
+.Fa "int nid"
+.Fc
+.Ft ENGINE *
+.Fo ENGINE_get_digest_engine
+.Fa "int nid"
+.Fc
+.Ft void
+.Fo ENGINE_set_table_flags
+.Fa "unsigned int flags"
+.Fc
+.Ft unsigned int
+.Fn ENGINE_get_table_flags void
+.Sh DESCRIPTION
+These functions retrieve the current default
+.Vt ENGINE
+implementing the respective algorithm.
+.Pp
+If a default engine was previously selected,
+.Xr ENGINE_init 3
+is called on it again and it is used.
+Otherwise, these functions inspect the engines registered
+with the functions documented in
+.Xr ENGINE_register_RSA 3
+in the order of the table for the respective algorithm.
+If an inspected engine is already successfully initialized,
+.Xr ENGINE_init 3
+is called on it again and it is used as the new default.
+Otherwise, unless the global flag
+.Dv ENGINE_TABLE_FLAG_NOINIT
+is set,
+.Xr ENGINE_init 3
+is tried on it.
+If it succeeds, that engine is used as the new default.
+If it fails or if
+.Dv ENGINE_TABLE_FLAG_NOINIT
+is set, inspection continues with the next engine.
+.Pp
+The global flag can be set by calling
+.Fn ENGINE_set_table_flags
+with an argument of
+.Dv ENGINE_TABLE_FLAG_NOINIT
+or cleared by calling it with an argument of 0.
+By default, the flag is not set.
+.Pp
+While all the other functions operate on exactly one algorithm,
+.Fn ENGINE_get_cipher_engine
+and
+.Fn ENGINE_get_digest_engine
+are special in so far as they can handle multiple algorithms,
+identified by the given
+.Fa nid .
+The default engine is remembered separately for each algorithm.
+.Pp
+Application programs rarely need to call these functions because
+they are called automatically when needed, in particular from
+.Xr RSA_new 3 ,
+.Xr DSA_new 3 ,
+.Fn ECDH_set_method ,
+.Fn ECDH_compute_key ,
+.Xr ECDSA_set_method 3 ,
+.Xr ECDSA_do_sign_ex 3 ,
+.Xr ECDSA_do_verify 3 ,
+.Xr DH_new 3 ,
+.Xr EVP_CipherInit_ex 3 ,
+and
+.Xr EVP_DigestInit_ex 3 .
+.Sh RETURN VALUES
+These functions return a functional reference to an
+.Vt ENGINE
+object or
+.Dv NULL
+on failure, in particular when no engine implementing the algorithm
+is available, when
+.Xr ENGINE_init 3
+fails for all implementations,
+or when insufficient memory is available.
+Even when these functions fail, the application may still be able
+to use the algorithm in question because the built-in implementation
+is used in that case, if one is available.
+.Pp
+.Fn ENGINE_get_table_flags
+returns
+.Dv ENGINE_TABLE_FLAG_NOINIT
+if the global flag is set or 0 otherwise.
diff --git a/src/lib/libcrypto/man/ENGINE_init.3 b/src/lib/libcrypto/man/ENGINE_init.3
new file mode 100644
index 0000000000..d94c6a8b66
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_init.3
@@ -0,0 +1,122 @@
+.\" $OpenBSD: ENGINE_init.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_INIT 3
+.Os
+.Sh NAME
+.Nm ENGINE_init ,
+.Nm ENGINE_finish ,
+.Nm ENGINE_set_init_function ,
+.Nm ENGINE_set_finish_function ,
+.Nm ENGINE_get_init_function ,
+.Nm ENGINE_get_finish_function
+.Nd initialize ENGINE objects
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Ft int
+.Fo ENGINE_init
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_finish
+.Fa "ENGINE *e"
+.Fc
+.Ft typedef int
+.Fo (*ENGINE_GEN_INT_FUNC_PTR)
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_init_function
+.Fa "ENGINE *e"
+.Fa "ENGINE_GEN_INT_FUNC_PTR init_f"
+.Fc
+.Ft int
+.Fo ENGINE_set_finish_function
+.Fa "ENGINE *e"
+.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f"
+.Fc
+.Ft ENGINE_GEN_INT_FUNC_PTR
+.Fo ENGINE_get_init_function
+.Fa "const ENGINE *e"
+.Fc
+.Ft ENGINE_GEN_INT_FUNC_PTR
+.Fo ENGINE_get_finish_function
+.Fa "const ENGINE *e"
+.Fc
+.Sh DESCRIPTION
+.Fn ENGINE_init
+initializes
+.Fa e
+by calling the
+.Fa init_f
+previously installed with
+.Fn ENGINE_set_init_function ,
+if any.
+In case of success, it also increments both the structural
+and the functional reference count by 1.
+If no
+.Fa init_f
+was installed,
+.Fn ENGINE_init
+always succeeds.
+Calling
+.Fn ENGINE_init
+again after it already succeeded always succeeds, but has no effect
+except that it increments both the structural and the functional
+reference count by 1.
+.Pp
+.Fn ENGINE_finish
+decrements the functional reference count by 1.
+When it reaches 0, it calls the
+.Fa finish_f
+previously installed with
+.Fn ENGINE_set_finish_function ,
+if any.
+If no
+.Fa finish_f
+was installed,
+.Fn ENGINE_finish
+always succeeds.
+Unless
+.Fa finish_f
+fails,
+.Fn ENGINE_finish
+also calls
+.Xr ENGINE_free 3 .
+.Pp
+.Fn ENGINE_init
+is internally called by the functions documented in the
+.Xr ENGINE_get_default_RSA 3
+manual page.
+.Sh RETURN VALUES
+.Fn ENGINE_init
+and
+.Fn ENGINE_finish
+return 1 on success or 0 on error.
+.Pp
+.Fn ENGINE_set_init_function
+and
+.Fn ENGINE_set_finish_function
+always return 1.
+.Pp
+.Fn ENGINE_get_init_function
+and
+.Fn ENGINE_get_finish_function
+return a function pointer to the respective callback, or
+.Dv NULL
+if none is installed.
+.Sh SEE ALSO
+.Xr ENGINE_get_default_RSA 3
diff --git a/src/lib/libcrypto/man/ENGINE_register_RSA.3 b/src/lib/libcrypto/man/ENGINE_register_RSA.3
new file mode 100644
index 0000000000..95735e814d
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_register_RSA.3
@@ -0,0 +1,115 @@
+.\" $OpenBSD: ENGINE_register_RSA.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to:
+.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_REGISTER_RSA 3
+.Os
+.Sh NAME
+.Nm ENGINE_register_RSA ,
+.Nm ENGINE_register_DSA ,
+.Nm ENGINE_register_ECDH ,
+.Nm ENGINE_register_ECDSA ,
+.Nm ENGINE_register_DH ,
+.Nm ENGINE_register_RAND ,
+.Nm ENGINE_register_STORE ,
+.Nm ENGINE_register_ciphers ,
+.Nm ENGINE_register_digests ,
+.Nm ENGINE_register_complete
+.Nd register an ENGINE as implementing an algorithm
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Ft int
+.Fo ENGINE_register_RSA
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_DSA
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_ECDH
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_ECDSA
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_DH
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_RAND
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_STORE
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_ciphers
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_digests
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_register_complete
+.Fa "ENGINE *e"
+.Fc
+.Sh DESCRIPTION
+In addition to the global table described in
+.Xr ENGINE_add 3 ,
+the crypto library maintains several tables containing references to
+.Vt ENGINE
+objects implementing one specific cryptographic algorithm.
+.Pp
+The functions listed in the present manual page append
+.Fa e
+to the end of the table for the respective algorithm.
+.Pp
+If
+.Fa e
+does not contain a method for the requested algorithm,
+these functions succeed without having any effect.
+.Pp
+If
+.Fa e
+is already registered for the given algorithm,
+they move it to the end of the respective table.
+.Pp
+.Fn ENGINE_register_ciphers
+and
+.Fn ENGINE_register_digests
+are special in so far as an engine may implement
+more than one cipher or more than one digest.
+In that case,
+.Fa e
+is registered for all the ciphers or digests it implements.
+.Pp
+.Fn ENGINE_register_complete
+registers
+.Fa e
+for all algorithms it implements by calling all the other functions.
+.Sh RETURN VALUES
+These functions return 1 on success or 0 on error.
+They only fail if insufficient memory is available.
+.Sh BUGS
+.Fn ENGINE_register_complete
+ignores all errors, even memory allocation failure, and always returns 1.
diff --git a/src/lib/libcrypto/man/ENGINE_register_all_RSA.3 b/src/lib/libcrypto/man/ENGINE_register_all_RSA.3
new file mode 100644
index 0000000000..f92a12b2f9
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_register_all_RSA.3
@@ -0,0 +1,73 @@
+.\" $OpenBSD: ENGINE_register_all_RSA.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to:
+.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_REGISTER_ALL_RSA 3
+.Os
+.Sh NAME
+.Nm ENGINE_register_all_RSA ,
+.Nm ENGINE_register_all_DSA ,
+.Nm ENGINE_register_all_ECDH ,
+.Nm ENGINE_register_all_ECDSA ,
+.Nm ENGINE_register_all_DH ,
+.Nm ENGINE_register_all_RAND ,
+.Nm ENGINE_register_all_STORE ,
+.Nm ENGINE_register_all_ciphers ,
+.Nm ENGINE_register_all_digests ,
+.Nm ENGINE_register_all_complete
+.Nd register all engines as implementing an algorithm
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Ft void
+.Fn ENGINE_register_all_RSA void
+.Ft void
+.Fn ENGINE_register_all_DSA void
+.Ft void
+.Fn ENGINE_register_all_ECDH void
+.Ft void
+.Fn ENGINE_register_all_ECDSA void
+.Ft void
+.Fn ENGINE_register_all_DH void
+.Ft void
+.Fn ENGINE_register_all_RAND void
+.Ft void
+.Fn ENGINE_register_all_STORE void
+.Ft void
+.Fn ENGINE_register_all_ciphers void
+.Ft void
+.Fn ENGINE_register_all_digests void
+.Ft int
+.Fn ENGINE_register_all_complete void
+.Sh DESCRIPTION
+These functions loop over all the
+.Vt ENGINE
+objects contained in the global table described in the
+.Xr ENGINE_add 3
+manual page.
+They register each object for the respective algorithm
+by calling the corresponding function described in
+.Xr ENGINE_register_RSA 3 .
+.Pp
+.Fn ENGINE_register_all_complete
+calls
+.Fn ENGINE_register_complete
+in this way, except that it skips those
+.Vt ENGINE
+objects that have the
+.Dv ENGINE_FLAGS_NO_REGISTER_ALL
+flag set.
diff --git a/src/lib/libcrypto/man/ENGINE_set_default.3 b/src/lib/libcrypto/man/ENGINE_set_default.3
new file mode 100644
index 0000000000..653582b39d
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_set_default.3
@@ -0,0 +1,156 @@
+.\" $OpenBSD: ENGINE_set_default.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to:
+.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE 3
+.Os
+.Sh NAME
+.Nm ENGINE_set_default ,
+.Nm ENGINE_set_default_string ,
+.Nm ENGINE_set_default_RSA ,
+.Nm ENGINE_set_default_DSA ,
+.Nm ENGINE_set_default_ECDH ,
+.Nm ENGINE_set_default_ECDSA ,
+.Nm ENGINE_set_default_DH ,
+.Nm ENGINE_set_default_RAND ,
+.Nm ENGINE_set_default_ciphers ,
+.Nm ENGINE_set_default_digests
+.Nd register an ENGINE as the default for an algorithm
+.Sh SYNOPSIS
+.Ft int
+.Fo ENGINE_set_default_RSA
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_DSA
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_ECDH
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_ECDSA
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_DH
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_RAND
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_ciphers
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_digests
+.Fa "ENGINE *e"
+.Fc
+.Ft int
+.Fo ENGINE_set_default
+.Fa "ENGINE *e"
+.Fa "unsigned int flags"
+.Fc
+.Ft int
+.Fo ENGINE_set_default_string
+.Fa "ENGINE *e"
+.Fa "const char *list"
+.Fc
+.Sh DESCRIPTION
+These functions register
+.Fa e
+as implementing the respective algorithm
+like the functions described in the
+.Xr ENGINE_register_RSA 3
+manual page do it.
+In addition, they call
+.Xr ENGINE_init 3
+on
+.Fa e
+and select
+.Fa e
+as the default implementation of the respective algorithm to be
+returned by the functions described in
+.Xr ENGINE_get_default_RSA 3
+in the future.
+If another engine was previously selected
+as the default implementation of the respective algorithm,
+.Xr ENGINE_finish 3
+is called on that previous engine.
+.Pp
+If
+.Fa e
+implements more than one cipher or digest,
+.Fn ENGINE_set_default_ciphers
+and
+.Fn ENGINE_set_default_digests
+register and select it for all these ciphers and digests, respectively.
+.Pp
+.Fn ENGINE_set_default
+registers
+.Fa e
+as the default implementation of all algorithms specified by the
+.Fa flags
+by calling the appropriate ones among the other functions.
+Algorithms can be selected by combining any number of the
+following constants with bitwise OR:
+.Dv ENGINE_METHOD_ALL ,
+.Dv ENGINE_METHOD_RSA ,
+.Dv ENGINE_METHOD_DSA ,
+.Dv ENGINE_METHOD_ECDH ,
+.Dv ENGINE_METHOD_ECDSA ,
+.Dv ENGINE_METHOD_DH ,
+.Dv ENGINE_METHOD_RAND ,
+.Dv ENGINE_METHOD_CIPHERS ,
+.Dv ENGINE_METHOD_DIGESTS ,
+.Dv ENGINE_METHOD_PKEY_METHS ,
+and
+.Dv ENGINE_METHOD_PKEY_ASN1_METHS .
+.Pp
+.Fn ENGINE_set_default_string
+is similar except that it selects the algorithms according to the string
+.Fa def_list ,
+which contains an arbitrary number of comma-separated keywords from
+the following list: ALL, RSA, DSA, ECDH, ECDSA, DH, RAND, CIPHERS,
+DIGESTS, PKEY_CRYPTO, PKEY_ASN1, and PKEY.
+PKEY_CRYPTO corresponds to
+.Dv ENGINE_METHOD_PKEY_METHS ,
+PKEY_ASN1 to
+.Dv ENGINE_METHOD_PKEY_ASN1_METHS ,
+and PKEY selects both.
+.Sh RETURN VALUES
+These functions return 1 on success or 0 on error.
+They fail if
+.Xr ENGINE_init 3
+fails or if insufficient memory is available.
+.Sh CAVEATS
+Failure of
+.Xr ENGINE_finish 3
+is ignored.
+.Sh BUGS
+Even when
+.Fn ENGINE_set_default
+or
+.Fn ENGINE_set_default_string
+fail, they typically still register
+.Fa e
+for some algorithms, but usually not for all it could be registered
+for by calling the individual functions.
diff --git a/src/lib/libcrypto/man/ENGINE_unregister_RSA.3 b/src/lib/libcrypto/man/ENGINE_unregister_RSA.3
new file mode 100644
index 0000000000..c596554e86
--- /dev/null
+++ b/src/lib/libcrypto/man/ENGINE_unregister_RSA.3
@@ -0,0 +1,96 @@
+.\" $OpenBSD: ENGINE_unregister_RSA.3,v 1.1 2018/04/15 01:43:45 schwarze Exp $
+.\" content checked up to:
+.\" OpenSSL ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
+.\"
+.\" Copyright (c) 2018 Ingo Schwarze <schwarze@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 15 2018 $
+.Dt ENGINE_UNREGISTER_RSA 3
+.Os
+.Sh NAME
+.Nm ENGINE_unregister_RSA ,
+.Nm ENGINE_unregister_DSA ,
+.Nm ENGINE_unregister_ECDH ,
+.Nm ENGINE_unregister_ECDSA ,
+.Nm ENGINE_unregister_DH ,
+.Nm ENGINE_unregister_RAND ,
+.Nm ENGINE_unregister_STORE ,
+.Nm ENGINE_unregister_ciphers ,
+.Nm ENGINE_unregister_digests
+.Nd revoke the registration of an ENGINE object
+.Sh SYNOPSIS
+.In openssl/engine.h
+.Ft void
+.Fo ENGINE_unregister_RSA
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_DSA
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_ECDH
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_ECDSA
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_DH
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_RAND
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_STORE
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_ciphers
+.Fa "ENGINE *e"
+.Fc
+.Ft void
+.Fo ENGINE_unregister_digests
+.Fa "ENGINE *e"
+.Fc
+.Sh DESCRIPTION
+These functions remove
+.Fa e
+from the list of
+.Vt ENGINE
+objects that were previously registered for the respective algorithm
+with the functions described in
+.Xr ENGINE_register_RSA 3 .
+.Pp
+If
+.Fa e
+is currently used as the default engine for the algorithm
+as described in the
+.Fn ENGINE_set_default 3
+and
+.Fn ENGINE_get_default_RSA 3
+manual pages,
+.Xr ENGINE_finish
+is also called.
+.Pp
+.Fn ENGINE_unregister_ciphers
+and
+.Fn ENGINE_unregister_digests
+unregister
+.Fa e
+for all ciphers or digests, respectively.
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 0405a06663..a83ae5d3ed 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.138 2018/03/18 13:06:36 schwarze Exp $
+# $OpenBSD: Makefile,v 1.139 2018/04/15 01:43:45 schwarze Exp $
 
 .include <bsd.own.mk>
 
@@ -97,6 +97,14 @@ MAN=	\
         EC_KEY_new.3 \
         EC_POINT_add.3 \
         EC_POINT_new.3 \
+        ENGINE_add.3 \
+        ENGINE_ctrl.3 \
+        ENGINE_get_default_RSA.3 \
+        ENGINE_init.3 \
+        ENGINE_register_RSA.3 \
+        ENGINE_register_all_RSA.3 \
+        ENGINE_set_default.3 \
+        ENGINE_unregister_RSA.3 \
         ERR.3 \
         ERR_GET_LIB.3 \
         ERR_asprintf_error_data.3 \
diff --git a/src/lib/libcrypto/man/engine.3 b/src/lib/libcrypto/man/engine.3
index d93f06f024..fac4fa13e1 100644
--- a/src/lib/libcrypto/man/engine.3
+++ b/src/lib/libcrypto/man/engine.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: engine.3,v 1.14 2018/04/14 11:38:32 schwarze Exp $
+.\" $OpenBSD: engine.3,v 1.15 2018/04/15 01:43:45 schwarze Exp $
 .\" full merge up to: OpenSSL crypto/engine e6390aca Jul 21 10:06:03 2015 -0400
 .\" selective merge up to: man3/ENGINE_add 1f13ad31 Dec 25 17:50:39 2017 +0800
 .\"
@@ -51,77 +51,14 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: April 14 2018 $
+.Dd $Mdocdate: April 15 2018 $
 .Dt ENGINE 3
 .Os
 .Sh NAME
-.Nm ENGINE_get_first ,
-.Nm ENGINE_get_last ,
-.Nm ENGINE_get_next ,
-.Nm ENGINE_get_prev ,
-.Nm ENGINE_add ,
-.Nm ENGINE_remove ,
-.Nm ENGINE_by_id ,
-.Nm ENGINE_init ,
-.Nm ENGINE_finish ,
 .Nm ENGINE_load_openssl ,
 .Nm ENGINE_load_dynamic ,
-.Nm ENGINE_load_cryptodev ,
 .Nm ENGINE_load_builtin_engines ,
 .Nm ENGINE_cleanup ,
-.Nm ENGINE_get_default_RSA ,
-.Nm ENGINE_get_default_DSA ,
-.Nm ENGINE_get_default_ECDH ,
-.Nm ENGINE_get_default_ECDSA ,
-.Nm ENGINE_get_default_DH ,
-.Nm ENGINE_get_default_RAND ,
-.Nm ENGINE_get_cipher_engine ,
-.Nm ENGINE_get_digest_engine ,
-.Nm ENGINE_set_default_RSA ,
-.Nm ENGINE_set_default_DSA ,
-.Nm ENGINE_set_default_ECDH ,
-.Nm ENGINE_set_default_ECDSA ,
-.Nm ENGINE_set_default_DH ,
-.Nm ENGINE_set_default_RAND ,
-.Nm ENGINE_set_default_ciphers ,
-.Nm ENGINE_set_default_digests ,
-.Nm ENGINE_set_default_string ,
-.Nm ENGINE_set_default ,
-.Nm ENGINE_get_table_flags ,
-.Nm ENGINE_set_table_flags ,
-.Nm ENGINE_register_RSA ,
-.Nm ENGINE_unregister_RSA ,
-.Nm ENGINE_register_all_RSA ,
-.Nm ENGINE_register_DSA ,
-.Nm ENGINE_unregister_DSA ,
-.Nm ENGINE_register_all_DSA ,
-.Nm ENGINE_register_ECDH ,
-.Nm ENGINE_unregister_ECDH ,
-.Nm ENGINE_register_all_ECDH ,
-.Nm ENGINE_register_ECDSA ,
-.Nm ENGINE_unregister_ECDSA ,
-.Nm ENGINE_register_all_ECDSA ,
-.Nm ENGINE_register_DH ,
-.Nm ENGINE_unregister_DH ,
-.Nm ENGINE_register_all_DH ,
-.Nm ENGINE_register_RAND ,
-.Nm ENGINE_unregister_RAND ,
-.Nm ENGINE_register_all_RAND ,
-.Nm ENGINE_register_STORE ,
-.Nm ENGINE_unregister_STORE ,
-.Nm ENGINE_register_all_STORE ,
-.Nm ENGINE_register_ciphers ,
-.Nm ENGINE_unregister_ciphers ,
-.Nm ENGINE_register_all_ciphers ,
-.Nm ENGINE_register_digests ,
-.Nm ENGINE_unregister_digests ,
-.Nm ENGINE_register_all_digests ,
-.Nm ENGINE_register_complete ,
-.Nm ENGINE_register_all_complete ,
-.Nm ENGINE_ctrl ,
-.Nm ENGINE_cmd_is_executable ,
-.Nm ENGINE_ctrl_cmd ,
-.Nm ENGINE_ctrl_cmd_string ,
 .Nm ENGINE_new ,
 .Nm ENGINE_free ,
 .Nm ENGINE_up_ref ,
@@ -135,15 +72,11 @@
 .Nm ENGINE_set_RAND ,
 .Nm ENGINE_set_STORE ,
 .Nm ENGINE_set_destroy_function ,
-.Nm ENGINE_set_init_function ,
-.Nm ENGINE_set_finish_function ,
-.Nm ENGINE_set_ctrl_function ,
 .Nm ENGINE_set_load_privkey_function ,
 .Nm ENGINE_set_load_pubkey_function ,
 .Nm ENGINE_set_ciphers ,
 .Nm ENGINE_set_digests ,
 .Nm ENGINE_set_flags ,
-.Nm ENGINE_set_cmd_defns ,
 .Nm ENGINE_get_id ,
 .Nm ENGINE_get_name ,
 .Nm ENGINE_get_RSA ,
@@ -154,9 +87,6 @@
 .Nm ENGINE_get_RAND ,
 .Nm ENGINE_get_STORE ,
 .Nm ENGINE_get_destroy_function ,
-.Nm ENGINE_get_init_function ,
-.Nm ENGINE_get_finish_function ,
-.Nm ENGINE_get_ctrl_function ,
 .Nm ENGINE_get_load_privkey_function ,
 .Nm ENGINE_get_load_pubkey_function ,
 .Nm ENGINE_get_ciphers ,
@@ -164,248 +94,20 @@
 .Nm ENGINE_get_cipher ,
 .Nm ENGINE_get_digest ,
 .Nm ENGINE_get_flags ,
-.Nm ENGINE_get_cmd_defns ,
 .Nm ENGINE_load_private_key ,
 .Nm ENGINE_load_public_key
 .Nd ENGINE cryptographic module support
 .Sh SYNOPSIS
 .In openssl/engine.h
-.Ft ENGINE *
-.Fn ENGINE_get_first void
-.Ft ENGINE *
-.Fn ENGINE_get_last void
-.Ft ENGINE *
-.Fo ENGINE_get_next
-.Fa "ENGINE *e"
-.Fc
-.Ft ENGINE *
-.Fo ENGINE_get_prev
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_add
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_remove
-.Fa "ENGINE *e"
-.Fc
-.Ft ENGINE *
-.Fo ENGINE_by_id
-.Fa "const char *id"
-.Fc
-.Ft int
-.Fo ENGINE_init
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_finish
-.Fa "ENGINE *e"
-.Fc
 .Ft void
 .Fn ENGINE_load_openssl void
 .Ft void
 .Fn ENGINE_load_dynamic void
 .Ft void
-.Fn ENGINE_load_cryptodev void
-.Ft void
 .Fn ENGINE_load_builtin_engines void
 .Ft void
 .Fn ENGINE_cleanup void
 .Ft ENGINE *
-.Fn ENGINE_get_default_RSA void
-.Ft ENGINE *
-.Fn ENGINE_get_default_DSA void
-.Ft ENGINE *
-.Fn ENGINE_get_default_ECDH void
-.Ft ENGINE *
-.Fn ENGINE_get_default_ECDSA void
-.Ft ENGINE *
-.Fn ENGINE_get_default_DH void
-.Ft ENGINE *
-.Fn ENGINE_get_default_RAND void
-.Ft ENGINE *
-.Fo ENGINE_get_cipher_engine
-.Fa "int nid"
-.Fc
-.Ft ENGINE *
-.Fo ENGINE_get_digest_engine
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_RSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_DSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_ECDH
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_ECDSA
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_DH
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_RAND
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_ciphers
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_digests
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fo ENGINE_set_default_string
-.Fa "ENGINE *e"
-.Fa "const char *list"
-.Fc
-.Ft int
-.Fo ENGINE_set_default
-.Fa "ENGINE *e"
-.Fa "unsigned int flags"
-.Fc
-.Ft unsigned int
-.Fn ENGINE_get_table_flags void
-.Ft void
-.Fo ENGINE_set_table_flags
-.Fa "unsigned int flags"
-.Fc
-.Ft int
-.Fo ENGINE_register_RSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_RSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_RSA void
-.Ft int
-.Fo ENGINE_register_DSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_DSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_DSA void
-.Ft int
-.Fo ENGINE_register_ECDH
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_ECDH
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_ECDH void
-.Ft int
-.Fo ENGINE_register_ECDSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_ECDSA
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_ECDSA void
-.Ft int
-.Fo ENGINE_register_DH
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_DH
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_DH void
-.Ft int
-.Fo ENGINE_register_RAND
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_RAND
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_RAND void
-.Ft int
-.Fo ENGINE_register_STORE
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_STORE
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_STORE void
-.Ft int
-.Fo ENGINE_register_ciphers
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_ciphers
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_ciphers void
-.Ft int
-.Fo ENGINE_register_digests
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fo ENGINE_unregister_digests
-.Fa "ENGINE *e"
-.Fc
-.Ft void
-.Fn ENGINE_register_all_digests void
-.Ft int
-.Fo ENGINE_register_complete
-.Fa "ENGINE *e"
-.Fc
-.Ft int
-.Fn ENGINE_register_all_complete void
-.Ft int
-.Fo ENGINE_ctrl
-.Fa "ENGINE *e"
-.Fa "int cmd"
-.Fa "long i"
-.Fa "void *p"
-.Fa "void (*f)(void)"
-.Fc
-.Ft int
-.Fo ENGINE_cmd_is_executable
-.Fa "ENGINE *e"
-.Fa "int cmd"
-.Fc
-.Ft int
-.Fo ENGINE_ctrl_cmd
-.Fa "ENGINE *e"
-.Fa "const char *cmd_name"
-.Fa "long i"
-.Fa "void *p"
-.Fa "void (*f)(void)"
-.Fa "int cmd_optional"
-.Fc
-.Ft int
-.Fo ENGINE_ctrl_cmd_string
-.Fa "ENGINE *e"
-.Fa "const char *cmd_name"
-.Fa "const char *arg"
-.Fa "int cmd_optional"
-.Fc
-.Ft ENGINE *
 .Fn ENGINE_new void
 .Ft int
 .Fo ENGINE_free
@@ -466,21 +168,6 @@
 .Fa "ENGINE_GEN_INT_FUNC_PTR destroy_f"
 .Fc
 .Ft int
-.Fo ENGINE_set_init_function
-.Fa "ENGINE *e"
-.Fa "ENGINE_GEN_INT_FUNC_PTR init_f"
-.Fc
-.Ft int
-.Fo ENGINE_set_finish_function
-.Fa "ENGINE *e"
-.Fa "ENGINE_GEN_INT_FUNC_PTR finish_f"
-.Fc
-.Ft int
-.Fo ENGINE_set_ctrl_function
-.Fa "ENGINE *e"
-.Fa "ENGINE_CTRL_FUNC_PTR ctrl_f"
-.Fc
-.Ft int
 .Fo ENGINE_set_load_privkey_function
 .Fa "ENGINE *e"
 .Fa "ENGINE_LOAD_KEY_PTR loadpriv_f"
@@ -505,11 +192,6 @@
 .Fa "ENGINE *e"
 .Fa "int flags"
 .Fc
-.Ft int
-.Fo ENGINE_set_cmd_defns
-.Fa "ENGINE *e"
-.Fa "const ENGINE_CMD_DEFN *defns"
-.Fc
 .Ft const char *
 .Fo ENGINE_get_id
 .Fa "const ENGINE *e"
@@ -550,18 +232,6 @@
 .Fo ENGINE_get_destroy_function
 .Fa "const ENGINE *e"
 .Fc
-.Ft ENGINE_GEN_INT_FUNC_PTR
-.Fo ENGINE_get_init_function
-.Fa "const ENGINE *e"
-.Fc
-.Ft ENGINE_GEN_INT_FUNC_PTR
-.Fo ENGINE_get_finish_function
-.Fa "const ENGINE *e"
-.Fc
-.Ft ENGINE_CTRL_FUNC_PTR
-.Fo ENGINE_get_ctrl_function
-.Fa "const ENGINE *e"
-.Fc
 .Ft ENGINE_LOAD_KEY_PTR
 .Fo ENGINE_get_load_privkey_function
 .Fa "const ENGINE *e"
@@ -592,10 +262,6 @@
 .Fo ENGINE_get_flags
 .Fa "const ENGINE *e"
 .Fc
-.Ft const ENGINE_CMD_DEFN *
-.Fo ENGINE_get_cmd_defns
-.Fa "const ENGINE *e"
-.Fc
 .Ft EVP_PKEY *
 .Fo ENGINE_load_private_key
 .Fa "ENGINE *e"
@@ -712,20 +378,23 @@ and its functional reference count to 0.
 Many functions increment the structural reference count by 1
 when successful.
 Some of them, including
-.Fn ENGINE_by_id ,
-.Fn ENGINE_get_first ,
-.Fn ENGINE_get_last ,
-.Fn ENGINE_get_next ,
+.Xr ENGINE_by_id 3 ,
+.Xr ENGINE_get_first 3 ,
+.Xr ENGINE_get_last 3 ,
+.Xr ENGINE_get_next 3 ,
 and
-.Fn ENGINE_get_prev ,
+.Xr ENGINE_get_prev 3 ,
 do so because they return a structural reference to the user.
 Other functions, including
-.Fn ENGINE_add ,
-.Fn ENGINE_init ,
-.Fn ENGINE_get_default_* ,
-.Fn ENGINE_get_*_engine ,
+.Xr ENGINE_add 3 ,
+.Xr ENGINE_init 3 ,
+.Xr ENGINE_get_cipher_engine 3 ,
+.Xr ENGINE_get_digest_engine 3 ,
+and the
+.Xr ENGINE_get_default_RSA 3
 and
-.Fn ENGINE_set_default_* ,
+.Xr ENGINE_set_default 3
+families of functions
 do so because they store a structural refence internally.
 .Fn ENGINE_up_ref
 explicitly increment the structural reference count by 1.
@@ -747,144 +416,17 @@ pointer, no action occurs.
 Many functions internally call the equivalent of
 .Fn ENGINE_free .
 Some of them, including
-.Fn ENGINE_get_next
+.Xr ENGINE_get_next 3
 and
-.Fn ENGINE_get_prev ,
+.Xr ENGINE_get_prev 3 ,
 thus invalidate the structural reference passed in by the user.
 Other functions, including
-.Fn ENGINE_finish ,
-.Fn ENGINE_remove ,
-.Fn ENGINE_get_default_* ,
-.Fn ENGINE_get_*_engine ,
-and
-.Fn ENGINE_set_default_* ,
+.Xr ENGINE_finish 3 ,
+.Xr ENGINE_remove 3 ,
+and the
+.Xr ENGINE_set_default 3
+family of functions
 do so when an internally stored structural reference is no longer needed.
-.Pp
-.Em Functional references
-.Pp
-As mentioned, functional references exist when the cryptographic
-functionality of an
-.Vt ENGINE
-is required to be available.
-A functional reference can be obtained in one of two ways; from an
-existing structural reference to the required
-.Vt ENGINE ,
-or by asking OpenSSL for the default operational
-.Vt ENGINE
-for a given cryptographic purpose.
-.Pp
-To obtain a functional reference from an existing structural reference,
-call the
-.Fn ENGINE_init
-function.
-This returns zero if the
-.Vt ENGINE
-was not already operational and couldn't be successfully initialised
-(e.g. lack of system drivers, no special hardware attached),
-otherwise it will return non-zero to indicate that the
-.Vt ENGINE
-is now operational and will have allocated a new
-.Sy functional
-reference to the
-.Vt ENGINE .
-All functional references are released by calling
-.Fn ENGINE_finish ,
-which removes the implicit structural reference as well.
-.Pp
-The second way to get a functional reference is by asking OpenSSL for a
-default implementation for a given task, e.g.
-by
-.Fn ENGINE_get_default_RSA ,
-.Fn ENGINE_get_default_cipher_engine ,
-etc.
-These are discussed in the next section, though they are not usually
-required by application programmers as they are used automatically when
-creating and using the relevant algorithm-specific types in OpenSSL,
-such as RSA, DSA, EVP_CIPHER_CTX, etc.
-.Ss Default implementations
-For each supported abstraction, the
-.Nm engine
-code maintains an internal table of state to control which
-implementations are available for a given abstraction and which
-should be used by default.
-These implementations are registered in the tables and indexed by an
-.Fa nid
-value, because abstractions like
-.Vt EVP_CIPHER
-and
-.Vt EVP_DIGEST
-support many distinct algorithms and modes, and
-.Vt ENGINE Ns s
-can support arbitrarily many of them.
-In the case of other abstractions like RSA, DSA, etc., there is
-only one "algorithm" so all implementations implicitly register
-using the same
-.Fa nid
-index.
-.Pp
-When a default
-.Vt ENGINE
-is requested for a given abstraction/algorithm/mode, (e.g. when
-calling
-.Fn RSA_new_method NULL ) ,
-a "get_default" call will be made to the
-.Nm engine
-subsystem to process the corresponding state table and return
-a functional reference to an initialised
-.Vt ENGINE
-whose implementation should be used.
-If no
-.Vt ENGINE
-should (or can) be used, it will return
-.Dv NULL
-and the caller will operate with a
-.Dv NULL
-.Vt ENGINE
-handle.
-This usually equates to using the conventional software implementation.
-In the latter case, OpenSSL will from then on behave the way it used to
-before the
-.Nm engine
-API existed.
-.Pp
-Each state table has a flag to note whether it has processed this
-"get_default" query since the table was last modified, because to
-process this question it must iterate across all the registered
-.Vt ENGINE Ns s
-in the table trying to initialise each of them in turn, in case one of
-them is operational.
-If it returns a functional reference to an
-.Vt ENGINE ,
-it will also cache another reference to speed up processing future
-queries (without needing to iterate across the table).
-Likewise, it will cache a
-.Dv NULL
-response if no
-.Vt ENGINE
-was available so that future queries won't repeat the same iteration
-unless the state table changes.
-This behaviour can also be changed; if the
-.Dv ENGINE_TABLE_FLAG_NOINIT
-flag is set (using
-.Fn ENGINE_set_table_flags ) ,
-no attempted initialisations will take place, instead the only way for
-the state table to return a
-.Pf non- Dv NULL
-.Vt ENGINE
-to the "get_default" query will be if one is expressly set in the table.
-For example,
-.Fn ENGINE_set_default_RSA
-does the same job as
-.Fn ENGINE_register_RSA
-except that it also sets the state table's cached response for the
-"get_default" query.
-In the case of abstractions like
-.Vt EVP_CIPHER ,
-where implementations are indexed by
-.Fa nid ,
-these flags and cached-responses are distinct for each
-.Fa nid
-value.
 .Ss Application requirements
 This section will explain the basic things an application programmer
 should support to make the most useful elements of the
@@ -1029,7 +571,7 @@ For example, the next time OpenSSL tries to set up an RSA key, any bundled
 that implement
 .Vt RSA_METHOD
 will be passed to
-.Fn ENGINE_init
+.Xr ENGINE_init 3
 and if any of those succeed, that
 .Vt ENGINE
 will be set as the default for RSA use from then on.
@@ -1074,11 +616,11 @@ This class of commands typically needs to be passed to an
 .Vt ENGINE
 .Sy before
 attempting to initialise it, i.e. before calling
-.Fn ENGINE_init .
+.Xr ENGINE_init 3 .
 The other class of commands consist of settings or operations that tweak
 certain behaviour or cause certain operations to take place, and these
 commands may work either before or after
-.Fn ENGINE_init ,
+.Xr ENGINE_init 3 ,
 or in some cases both.
 .Vt ENGINE
 implementations should provide indications of this in the descriptions
@@ -1295,55 +837,22 @@ to see if they implement "FOO_GET_VENDOR_LOGO_GIF" - and
 could therefore decide whether or not to support this "foo"-specific
 extension).
 .Sh RETURN VALUES
-.Fn ENGINE_get_first ,
-.Fn ENGINE_get_last ,
-.Fn ENGINE_get_next ,
-.Fn ENGINE_get_prev ,
-.Fn ENGINE_by_id ,
 .Fn ENGINE_get_cipher_engine ,
 .Fn ENGINE_get_digest_engine ,
-.Fn ENGINE_new ,
-and all
-.Fn ENGINE_get_default_*
-functions return a valid
+and
+.Fn ENGINE_new
+return a valid
 .Vt ENGINE
 structure or
 .Dv NULL
 if an error occurred.
 .Pp
-.Fn ENGINE_add ,
-.Fn ENGINE_remove ,
-.Fn ENGINE_init ,
-.Fn ENGINE_finish ,
-.Fn ENGINE_ctrl_cmd ,
-.Fn ENGINE_ctrl_cmd_string ,
 .Fn ENGINE_free ,
 .Fn ENGINE_up_ref ,
 and all
 .Fn ENGINE_set_*
-and
-.Fn ENGINE_register_*
 functions return 1 on success or 0 on error.
 .Pp
-.Fn ENGINE_get_table_flags
-returns an unsigned integer value representing the global table
-flags which are used to control the registration behaviour of
-.Vt ENGINE
-implementations.
-.Pp
-For
-.Fn ENGINE_ctrl ,
-positive return values indicate success and negative return values
-indicate failure.
-The meaning of a zero return value depends on the particular
-.Fa cmd
-and may indicate both success and failure, which is pathetic.
-.Pp
-.Fn ENGINE_cmd_is_executable
-returns 1 if
-.Fa cmd
-is executable or 0 otherwise.
-.Pp
 .Fn ENGINE_get_id
 and
 .Fn ENGINE_get_name
@@ -1361,9 +870,6 @@ and
 return a method structure for the respective algorithm.
 .Pp
 .Fn ENGINE_get_destroy_function ,
-.Fn ENGINE_get_init_function ,
-.Fn ENGINE_get_finish_function ,
-.Fn ENGINE_get_ctrl_function ,
 .Fn ENGINE_get_load_privkey_function ,
 .Fn ENGINE_get_load_pubkey_function ,
 .Fn ENGINE_get_ciphers ,
@@ -1390,13 +896,6 @@ returns an integer representing the flags
 which are used to control various behaviours of an
 .Vt ENGINE .
 .Pp
-.Fn ENGINE_get_cmd_defns
-returns an
-.Vt ENGINE_CMD_DEFN
-structure or
-.Dv NULL
-if none is set.
-.Pp
 .Fn ENGINE_load_private_key
 and
 .Fn ENGINE_load_public_key