4 files changed, 14 insertions, 78 deletions

diff --git a/src/lib/libcrypto/man/EVP_PKCS82PKEY.3 b/src/lib/libcrypto/man/EVP_PKCS82PKEY.3
index 5fed846fe6..0f66673886 100644
--- a/src/lib/libcrypto/man/EVP_PKCS82PKEY.3
+++ b/src/lib/libcrypto/man/EVP_PKCS82PKEY.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.1 2021/10/25 13:48:12 schwarze Exp $
+.\" $OpenBSD: EVP_PKCS82PKEY.3,v 1.2 2023/12/21 21:32:01 tb Exp $
 .\"
 .\" Copyright (c) 2021 Ingo Schwarze <schwarze@openbsd.org>
 .\"
@@ -14,7 +14,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: October 25 2021 $
+.Dd $Mdocdate: December 21 2023 $
 .Dt EVP_PKCS82PKEY 3
 .Os
 .Sh NAME
@@ -40,8 +40,6 @@ structure representing the private key contained in
 .Fa pkey .
 .Pp
 Supported algorithms include DH, DSA, EC, GOST2001, and RSA.
-Application programs can add additional algorithms using
-.Xr EVP_PKEY_asn1_add0 3 .
 .Sh RETURN VALUES
 These functions return a newly allocated object or
 .Dv NULL
@@ -51,7 +49,6 @@ or
 .Fa pkey
 is unsupported or if memory allocation, decoding, or encoding fails.
 .Sh SEE ALSO
-.Xr EVP_PKEY_asn1_add0 3 ,
 .Xr EVP_PKEY_base_id 3 ,
 .Xr EVP_PKEY_new 3 ,
 .Xr PKCS8_pkey_set0 3 ,
diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
index 9f272a2426..85a6471aeb 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_asn1_get_count.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.7 2023/09/13 13:55:50 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_get_count.3,v 1.8 2023/12/21 21:32:01 tb Exp $
 .\" full merge up to: OpenSSL 72a7a702 Feb 26 14:05:09 2019 +0000
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 13 2023 $
+.Dd $Mdocdate: December 21 2023 $
 .Dt EVP_PKEY_ASN1_GET_COUNT 3
 .Os
 .Sh NAME
@@ -111,7 +111,6 @@
 .Sh DESCRIPTION
 .Fn EVP_PKEY_asn1_get_count
 returns the number of public key ASN.1 methods available.
-It includes standard methods and any methods added by the application.
 .Pp
 .Fn EVP_PKEY_asn1_get0
 returns the public key ASN.1 method
@@ -185,8 +184,6 @@ object and will never be returned from
 .Fn EVP_PKEY_asn1_find
 or
 .Fn EVP_PKEY_asn1_find_str .
-It is either an alias built into the library, or it was created with
-.Xr EVP_PKEY_asn1_add_alias 3 .
 .It Dv ASN1_PKEY_DYNAMIC
 This
 .Fa ameth
@@ -218,18 +215,6 @@ objects with
 In particular, this is used for
 .Dv EVP_PKEY_RSA .
 .El
-.Pp
-.Fn EVP_PKEY_asn1_get_count ,
-.Fn EVP_PKEY_asn1_get0 ,
-.Fn EVP_PKEY_asn1_find
-and
-.Fn EVP_PKEY_asn1_find_str
-are not thread safe, but as long as all
-.Vt EVP_PKEY_ASN1_METHOD
-objects are added before the application gets threaded, using them is
-safe.
-See
-.Xr EVP_PKEY_asn1_add0 3 .
 .Sh RETURN VALUES
 .Fn EVP_PKEY_asn1_get_count
 returns the number of available public key methods.
diff --git a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3 b/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3
index 82a109c57d..cd6a716907 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_asn1_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.10 2023/09/13 14:18:21 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_asn1_new.3,v 1.11 2023/12/21 21:32:01 tb Exp $
 .\" selective merge up to:
 .\" OpenSSL man3/EVP_PKEY_ASN1_METHOD b0004708 Nov 1 00:45:24 2017 +0800
 .\"
@@ -67,15 +67,16 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: September 13 2023 $
+.Dd $Mdocdate: December 21 2023 $
 .Dt EVP_PKEY_ASN1_NEW 3
 .Os
 .Sh NAME
+.\" .Nm EVP_PKEY_asn1_add0 and
+.\" .Nm EVP_PKEY_asn1_add_alias are intentionally undocumented
+.\" because they will be removed in the next major bump
 .Nm EVP_PKEY_asn1_new ,
 .Nm EVP_PKEY_asn1_copy ,
 .Nm EVP_PKEY_asn1_free ,
-.Nm EVP_PKEY_asn1_add0 ,
-.Nm EVP_PKEY_asn1_add_alias ,
 .Nm EVP_PKEY_asn1_set_public ,
 .Nm EVP_PKEY_asn1_set_private ,
 .Nm EVP_PKEY_asn1_set_param ,
@@ -104,15 +105,6 @@
 .Fo EVP_PKEY_asn1_free
 .Fa "EVP_PKEY_ASN1_METHOD *ameth"
 .Fc
-.Ft int
-.Fo EVP_PKEY_asn1_add0
-.Fa "const EVP_PKEY_ASN1_METHOD *ameth"
-.Fc
-.Ft int
-.Fo EVP_PKEY_asn1_add_alias
-.Fa "int to"
-.Fa "int from"
-.Fc
 .Ft void
 .Fo EVP_PKEY_asn1_set_public
 .Fa "EVP_PKEY_ASN1_METHOD *ameth"
@@ -179,13 +171,10 @@
 is a structure which holds a set of ASN.1 conversion, printing and
 information methods for a specific public key algorithm.
 .Pp
-There are two places where the
+The built-in
 .Vt EVP_PKEY_ASN1_METHOD
-objects are stored: one is a built-in array representing the standard
-methods for different algorithms, and the other one is a stack of
-user-defined application-specific methods, which can be manipulated by
-using
-.Fn EVP_PKEY_asn1_add0 .
+objects are stored in a table containing the standard
+methods for different algorithms.
 .Ss Methods
 The methods are the underlying implementations of a particular public
 key algorithm present by the
@@ -467,28 +456,6 @@ is
 .Dv NULL
 of not marked as dynamically allocated, no action occurs.
 .Pp
-.Fn EVP_PKEY_asn1_add0
-adds
-.Fa ameth
-to the user defined stack of methods unless another
-.Vt EVP_PKEY_ASN1_METHOD
-with the same NID is already there.
-This function is not thread safe, it is recommended to only use this when
-initializing the application.
-.Pp
-.Fn EVP_PKEY_asn1_add_alias
-creates an alias with the NID
-.Fa to
-for the
-.Vt EVP_PKEY_ASN1_METHOD
-with NID
-.Fa from
-unless another
-.Vt EVP_PKEY_ASN1_METHOD
-with the same NID is already added.
-This function is not thread safe, it's recommended to only use this when
-initializing the application.
-.Pp
 .Fn EVP_PKEY_asn1_set_public ,
 .Fn EVP_PKEY_asn1_set_private ,
 .Fn EVP_PKEY_asn1_set_param ,
@@ -509,11 +476,6 @@ returns a pointer to the new
 object or
 .Dv NULL
 if memory allocation fails.
-.Pp
-.Fn EVP_PKEY_asn1_add0
-and
-.Fn EVP_PKEY_asn1_add_alias
-return 0 on error or 1 on success.
 .Sh SEE ALSO
 .Xr EVP_PKEY_asn1_get_count 3 ,
 .Xr EVP_PKEY_new 3 ,
@@ -522,8 +484,6 @@ return 0 on error or 1 on success.
 .Fn EVP_PKEY_asn1_new ,
 .Fn EVP_PKEY_asn1_copy ,
 .Fn EVP_PKEY_asn1_free ,
-.Fn EVP_PKEY_asn1_add0 ,
-.Fn EVP_PKEY_asn1_add_alias ,
 .Fn EVP_PKEY_asn1_set_public ,
 .Fn EVP_PKEY_asn1_set_private ,
 .Fn EVP_PKEY_asn1_set_param ,
diff --git a/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3 b/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
index 4a382e1150..4825b6056e 100644
--- a/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
+++ b/src/lib/libcrypto/man/EVP_PKEY_set1_RSA.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.20 2023/08/27 13:08:15 schwarze Exp $
+.\" $OpenBSD: EVP_PKEY_set1_RSA.3,v 1.21 2023/12/21 21:32:01 tb Exp $
 .\" full merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
 .\" This file is a derived work.
@@ -65,7 +65,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: August 27 2023 $
+.Dd $Mdocdate: December 21 2023 $
 .Dt EVP_PKEY_SET1_RSA 3
 .Os
 .Sh NAME
@@ -314,9 +314,6 @@ according to the following table:
 .It Dv EVP_PKEY_RSA_PSS  Ta = Dv NID_rsassaPss            Ta RSA-PSS
 .El
 .Pp
-Application programs can support additional key types by calling
-.Xr EVP_PKEY_asn1_add0 3 .
-.Pp
 .Fn EVP_PKEY_id
 returns the actual OID associated with
 .Fa pkey .
@@ -334,9 +331,6 @@ The following deprecated aliases are still supported:
 .It Dv EVP_PKEY_RSA2        Ta = Dv NID_rsa                       Ta RSA
 .El
 .Pp
-Application programs can support additional alternative OIDs by calling
-.Xr EVP_PKEY_asn1_add_alias 3 .
-.Pp
 Most applications wishing to know a key type will simply call
 .Fn EVP_PKEY_base_id
 and will not care about the actual type,