13 files changed, 1998 insertions, 1242 deletions

diff --git a/src/lib/libcrypto/man/EC_GROUP_check.3 b/src/lib/libcrypto/man/EC_GROUP_check.3
new file mode 100644
index 0000000000..e000be212b
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_GROUP_check.3
@@ -0,0 +1,157 @@
+.\" $OpenBSD: EC_GROUP_check.3,v 1.1 2025/04/25 19:57:12 tb Exp $
+.\"
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 25 2025 $
+.Dt EC_GROUP_CHECK 3
+.Os
+.Sh NAME
+.Nm EC_GROUP_check_discriminant ,
+.Nm EC_GROUP_check
+.Nd partially check validity of
+.Vt EC_GROUP
+objects
+.Sh SYNOPSIS
+.In openssl/bn.h
+.In openssl/ec.h
+.Pp
+Deprecated:
+.Pp
+.Ft "int"
+.Fo EC_GROUP_check_discriminant
+.Fa "const EC_GROUP *group"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft "int"
+.Fo EC_GROUP_check
+.Fa "const EC_GROUP *group"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+These functions are deprecated.
+Only standardized curves built into the library should be used, see
+.Xr EC_GROUP_new_by_curve_name 3 .
+For builtin curves far more thorough checks than the minimal checks
+performed by these functions have been performed.
+.Pp
+These functions have an optional
+.Fa ctx
+argument which is used to avoid the cost of repeated allocation of
+auxiliary
+.Vt BIGNUM
+objects.
+.Pp
+.Fn EC_GROUP_check_discriminant
+can be called after
+.Xr EC_GROUP_new_curve_GFp 3
+to verify that
+.Fa group Ns 's
+parameters have non-zero discriminant 4a^3 + 27b^2 modulo p.
+Assuming that
+.Fa p
+is a prime number larger than three
+this implies that the Weierstrass equation defines an elliptic curve.
+.Pp
+.Fn EC_GROUP_check
+partially verifies that
+.Fa group
+represents an an elliptic curve and that
+.Fa generator
+is a point on the curve whose order divides
+.Fa order .
+It checks with
+.Fn EC_GROUP_check_discriminant
+that the discriminant is non-zero
+and then verifies that that
+.Fa order
+is non-zero and that the product
+.Fa generator No * Fa order
+is the point at infinity.
+This implies that
+.Fa order
+is an integer multiple of the
+.Fa generator Ns 's
+.Fa order .
+The verification that
+.Fa p
+is a prime
+and that
+.Fa order
+is the
+.Fa generator Ns 's
+order are skipped because they are too expensive.
+.Sh RETURN VALUES
+.Fn EC_GROUP_check_discriminant
+returns 1 on success and 0 on failure.
+Failure modes include that the discriminant is zero modulo
+.Fa p
+and memory allocation failure.
+.Pp
+.Fn EC_GROUP_check
+returns 1 on success and 0 on failure.
+.Sh ERRORS
+Diagnostics for
+.Fn EC_GROUP_check
+that can be retrieved with
+.Xr ERR_get_error 3 ,
+.Xr ERR_GET_REASON 3 ,
+and
+.Xr ERR_reason_error_string 3
+include:
+.Bl -tag -width Ds
+.It Dv EC_R_DISCRIMINANT_IS_ZERO Qq "discriminant is zero"
+.Fn EC_GROUP_check_discriminant
+failed because the discriminant is zero or for some other reason.
+.It Dv EC_R_UNDEFINED_GENERATOR Qq "undefined generator"
+no generator is set on
+.Fa group ,
+for example because a call to
+.Xr EC_GROUP_set_generator 3
+is missing.
+.It Dv EC_R_POINT_IS_NOT_ON_CURVE Qq "point is not on curve"
+a generator is set, but it is not a point on the curve represented by
+.Fa group .
+.It Dv EC_R_UNDEFINED_ORDER Qq "undefined order"
+the
+.Fa order
+set on
+.Fa group
+is zero.
+.It Dv EC_R_INVALID_GROUP_ORDER Qq "invalid group order"
+.Fa generator No * Fa order
+is not the point at infinity.
+.El
+.Sh SEE ALSO
+.Xr BN_CTX_new 3 ,
+.Xr BN_is_zero 3 ,
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3
+.Sh HISTORY
+.Fn EC_GROUP_check
+and
+.Fn EC_GROUP_check_discriminant
+first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
diff --git a/src/lib/libcrypto/man/EC_GROUP_copy.3 b/src/lib/libcrypto/man/EC_GROUP_copy.3
deleted file mode 100644
index 2e5e798236..0000000000
--- a/src/lib/libcrypto/man/EC_GROUP_copy.3
+++ /dev/null
@@ -1,492 +0,0 @@
-.\" $OpenBSD: EC_GROUP_copy.3,v 1.16 2025/03/08 16:40:59 tb Exp $
-.\" full merge up to: OpenSSL d900a015 Oct 8 14:40:42 2015 +0200
-.\" selective merge up to: OpenSSL 24c23e1f Aug 22 10:51:25 2019 +0530
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>,
-.\" Dr. Stephen Henson <steve@openssl.org>,
-.\" and Jayaram X Matta <jayaramx.matta@intel.com>.
-.\" Copyright (c) 2013, 2015, 2019 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 8 2025 $
-.Dt EC_GROUP_COPY 3
-.Os
-.Sh NAME
-.Nm EC_GROUP_copy ,
-.Nm EC_GROUP_dup ,
-.Nm EC_GROUP_set_generator ,
-.Nm EC_GROUP_get0_generator ,
-.Nm EC_GROUP_get_order ,
-.Nm EC_GROUP_order_bits ,
-.Nm EC_GROUP_get_cofactor ,
-.Nm EC_GROUP_set_curve_name ,
-.Nm EC_GROUP_get_curve_name ,
-.Nm EC_GROUP_set_asn1_flag ,
-.Nm EC_GROUP_get_asn1_flag ,
-.Nm EC_GROUP_set_point_conversion_form ,
-.Nm EC_GROUP_get_point_conversion_form ,
-.Nm EC_GROUP_get0_seed ,
-.Nm EC_GROUP_get_seed_len ,
-.Nm EC_GROUP_set_seed ,
-.Nm EC_GROUP_get_degree ,
-.Nm EC_GROUP_check ,
-.Nm EC_GROUP_check_discriminant ,
-.Nm EC_GROUP_cmp ,
-.Nm EC_GROUP_get_basis_type
-.Nd manipulate EC_GROUP objects
-.Sh SYNOPSIS
-.In openssl/ec.h
-.In openssl/bn.h
-.Ft int
-.Fo EC_GROUP_copy
-.Fa "EC_GROUP *dst"
-.Fa "const EC_GROUP *src"
-.Fc
-.Ft EC_GROUP *
-.Fo EC_GROUP_dup
-.Fa "const EC_GROUP *src"
-.Fc
-.Ft int
-.Fo EC_GROUP_set_generator
-.Fa "EC_GROUP *group"
-.Fa "const EC_POINT *generator"
-.Fa "const BIGNUM *order"
-.Fa "const BIGNUM *cofactor"
-.Fc
-.Ft const EC_POINT *
-.Fo EC_GROUP_get0_generator
-.Fa "const EC_GROUP *group"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_order
-.Fa "const EC_GROUP *group"
-.Fa "BIGNUM *order"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_order_bits
-.Fa "const EC_GROUP *group"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_cofactor
-.Fa "const EC_GROUP *group"
-.Fa "BIGNUM *cofactor"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft void
-.Fo EC_GROUP_set_curve_name
-.Fa "EC_GROUP *group"
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_curve_name
-.Fa "const EC_GROUP *group"
-.Fc
-.Ft void
-.Fo EC_GROUP_set_asn1_flag
-.Fa "EC_GROUP *group"
-.Fa "int flag"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_asn1_flag
-.Fa "const EC_GROUP *group"
-.Fc
-.Ft void
-.Fo EC_GROUP_set_point_conversion_form
-.Fa "EC_GROUP *group"
-.Fa "point_conversion_form_t form"
-.Fc
-.Ft point_conversion_form_t
-.Fo EC_GROUP_get_point_conversion_form
-.Fa "const EC_GROUP *"
-.Fc
-.Ft unsigned char *
-.Fo EC_GROUP_get0_seed
-.Fa "const EC_GROUP *x"
-.Fc
-.Ft size_t
-.Fo EC_GROUP_get_seed_len
-.Fa "const EC_GROUP *"
-.Fc
-.Ft size_t
-.Fo EC_GROUP_set_seed
-.Fa "EC_GROUP *"
-.Fa "const unsigned char *"
-.Fa "size_t len"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_degree
-.Fa "const EC_GROUP *group"
-.Fc
-.Ft int
-.Fo EC_GROUP_check
-.Fa "const EC_GROUP *group"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_check_discriminant
-.Fa "const EC_GROUP *group"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_cmp
-.Fa "const EC_GROUP *a"
-.Fa "const EC_GROUP *b"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_basis_type
-.Fa "const EC_GROUP *"
-.Fc
-.Sh DESCRIPTION
-These functions operate on
-.Vt EC_GROUP
-objects created by the functions described in
-.Xr EC_GROUP_new 3 .
-.Pp
-.Fn EC_GROUP_copy
-copies the curve
-.Fa src
-into
-.Fa dst .
-Both
-.Fa src
-and
-.Fa dst
-must use the same
-.Vt EC_METHOD .
-.Pp
-.Fn EC_GROUP_dup
-creates a new
-.Vt EC_GROUP
-object and copies the content from
-.Fa src
-to the newly created
-.Vt EC_GROUP
-object.
-.Pp
-.Fn EC_GROUP_set_generator
-sets curve parameters that must be agreed by all participants using
-the curve.
-These parameters include the
-.Fa generator ,
-the
-.Fa order
-and the
-.Fa cofactor .
-The
-.Fa generator
-is a well defined point on the curve chosen for cryptographic
-operations.
-Integers used for point multiplications will be between 0 and
-.Fa order No - 1 .
-The
-.Fa order
-multiplied by the
-.Fa cofactor
-gives the number of points on the curve.
-.Pp
-.Fn EC_GROUP_get0_generator
-returns the generator for the identified
-.Fa group .
-.Pp
-.Fn EC_GROUP_get_order
-retrieves the order of the
-.Fa group
-and copies its value into
-.Fa order .
-It fails if the order of the
-.Fa group
-is not set or set to zero.
-.Pp
-.Fn EC_GROUP_get_cofactor
-retrieves the cofactor of the
-.Fa group
-and copies its value into
-.Fa cofactor .
-It fails if the cofactor of the
-.Fa group
-is not set or set to zero.
-.Pp
-The functions
-.Fn EC_GROUP_set_curve_name
-and
-.Fn EC_GROUP_get_curve_name
-set and get the NID for the curve, respectively (see
-.Xr EC_GROUP_new 3 ) .
-If a curve does not have a NID associated with it, then
-.Fn EC_GROUP_get_curve_name
-will return
-.Dv NID_undef .
-.Pp
-The asn1_flag value is used to determine whether the curve encoding
-uses explicit parameters or a named curve using an ASN.1 OID:
-many applications only support the latter form.
-If asn1_flag is the default value
-.Dv OPENSSL_EC_NAMED_CURVE ,
-then the named curve form is used and the parameters must have a
-corresponding named curve NID set.
-If asn1_flags is
-.Dv OPENSSL_EC_EXPLICIT_CURVE ,
-the parameters are explicitly encoded.
-The functions
-.Fn EC_GROUP_get_asn1_flag
-and
-.Fn EC_GROUP_set_asn1_flag
-get and set the status of the asn1_flag for the curve.
-.Pp
-The point_conversion_form for a curve controls how
-.Vt EC_POINT
-data is encoded as ASN.1 as defined in X9.62 (ECDSA).
-.Vt point_conversion_form_t
-is an enum defined as follows:
-.Bd -literal
-typedef enum {
-        /** the point is encoded as z||x, where the octet z specifies
-         *   which solution of the quadratic equation y is  */
-        POINT_CONVERSION_COMPRESSED = 2,
-        /** the point is encoded as z||x||y, where z is the octet 0x04  */
-        POINT_CONVERSION_UNCOMPRESSED = 4,
-        /** the point is encoded as z||x||y, where the octet z specifies
-         *  which solution of the quadratic equation y is  */
-        POINT_CONVERSION_HYBRID = 6
-} point_conversion_form_t;
-.Ed
-.Pp
-For
-.Dv POINT_CONVERSION_UNCOMPRESSED
-the point is encoded as an octet signifying the UNCOMPRESSED form
-has been used followed by the octets for x, followed by the octets
-for y.
-.Pp
-For any given x coordinate for a point on a curve it is possible to
-derive two possible y values.
-For
-.Dv POINT_CONVERSION_COMPRESSED
-the point is encoded as an octet signifying that the COMPRESSED
-form has been used AND which of the two possible solutions for y
-has been used, followed by the octets for x.
-.Pp
-For
-.Dv POINT_CONVERSION_HYBRID
-the point is encoded as an octet signifying the HYBRID form has
-been used AND which of the two possible solutions for y has been
-used, followed by the octets for x, followed by the octets for y.
-.Pp
-The functions
-.Fn EC_GROUP_set_point_conversion_form
-and
-.Fn EC_GROUP_get_point_conversion_form
-set and get the point_conversion_form for the curve, respectively.
-.Pp
-ANSI X9.62 (ECDSA standard) defines a method of generating the curve
-parameter b from a random number.
-This provides advantages in that a parameter obtained in this way is
-highly unlikely to be susceptible to special purpose attacks, or have
-any trapdoors in it.
-If the seed is present for a curve then the b parameter was generated in
-a verifiable fashion using that seed.
-The OpenSSL EC library does not use this seed value but does enable you
-to inspect it using
-.Fn EC_GROUP_get0_seed .
-This returns a pointer to a memory block containing the seed that was
-used.
-The length of the memory block can be obtained using
-.Fn EC_GROUP_get_seed_len .
-A number of the builtin curves within the library provide seed values
-that can be obtained.
-It is also possible to set a custom seed using
-.Fn EC_GROUP_set_seed
-and passing a pointer to a memory block, along with the length of
-the seed.
-Again, the EC library will not use this seed value, although it will be
-preserved in any ASN.1 based communications.
-.Pp
-.Fn EC_GROUP_get_degree
-gets the degree of the field.
-For Fp fields this will be the number of bits in p.
-For F2^m fields this will be the value m.
-.Pp
-The function
-.Fn EC_GROUP_check_discriminant
-calculates the discriminant for the curve and verifies that it is
-valid.
-For a curve defined over Fp the discriminant is given by the formula
-4*a^3 + 27*b^2 whilst for F2^m curves the discriminant is simply b.
-In either case for the curve to be valid the discriminant must be
-non-zero.
-.Pp
-The function
-.Fn EC_GROUP_check
-performs a number of checks on a curve to verify that it is valid.
-Checks performed include verifying that the discriminant is non-zero;
-that a generator has been defined; that the generator is on the curve
-and has the correct order.
-.Pp
-.Fn EC_GROUP_cmp
-compares
-.Fa a
-and
-.Fa b
-to determine whether they represent the same curve or not.
-.Pp
-.Fn EC_GROUP_get_basis_type
-always returns 0 and is only provided for compatibility.
-.Sh RETURN VALUES
-The following functions return 1 on success or 0 on error:
-.Fn EC_GROUP_copy ,
-.Fn EC_GROUP_set_generator ,
-.Fn EC_GROUP_check ,
-and
-.Fn EC_GROUP_check_discriminant .
-.Pp
-.Fn EC_GROUP_dup
-returns a pointer to the duplicated curve or
-.Dv NULL
-on error.
-.Pp
-.Fn EC_GROUP_get0_generator
-returns the generator for the given curve or
-.Dv NULL
-on error.
-.Pp
-.Fn EC_GROUP_get_order
-returns 0 if the order is not set or set to zero for the
-.Fa group
-or if copying into
-.Fa order
-fails, or 1 otherwise.
-.Pp
-.Fn EC_GROUP_order_bits
-returns the number of bits in the group order.
-.Pp
-.Fn EC_GROUP_get_cofactor
-returns 0 if the cofactor is not set or set to zero for the
-.Fa group
-or if copying into
-.Fa cofactor
-fails, or 1 otherwise.
-.Pp
-.Fn EC_GROUP_get_curve_name
-returns the curve name (NID) for the
-.Fa group
-or
-.Dv NID_undef
-if no curve name is associated.
-.Pp
-.Fn EC_GROUP_get_asn1_flag
-returns the ASN.1 flag for the specified
-.Fa group .
-.Pp
-.Fn EC_GROUP_get_point_conversion_form
-returns the point_conversion_form for the
-.Fa group .
-.Pp
-.Fn EC_GROUP_get_degree
-returns the degree for the
-.Fa group
-or 0 if the operation is not supported
-by the underlying group implementation.
-.Pp
-.Fn EC_GROUP_get0_seed
-returns a pointer to the seed that was used to generate the parameter
-b, or
-.Dv NULL
-if the seed is not specified.
-.Fn EC_GROUP_get_seed_len
-returns the length of the seed or 0 if the seed is not specified.
-.Pp
-.Fn EC_GROUP_set_seed
-returns the length of the seed that has been set.
-If the supplied seed is
-.Dv NULL
-or the supplied seed length is 0, the return value will be 1.
-On error 0 is returned.
-.Pp
-.Fn EC_GROUP_cmp
-returns 0 if the curves are equal, 1 if they are not equal,
-or -1 on error.
-.Pp
-.Fn EC_GROUP_get_basis_type
-always returns 0.
-.Sh SEE ALSO
-.Xr d2i_ECPKParameters 3 ,
-.Xr EC_GROUP_new 3 ,
-.Xr EC_KEY_new 3 ,
-.Xr EC_POINT_add 3 ,
-.Xr EC_POINT_new 3
-.Sh HISTORY
-.Fn EC_GROUP_copy ,
-.Fn EC_GROUP_set_generator ,
-.Fn EC_GROUP_get0_generator ,
-.Fn EC_GROUP_get_order ,
-and
-.Fn EC_GROUP_get_cofactor
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn EC_GROUP_dup ,
-.Fn EC_GROUP_set_curve_name ,
-.Fn EC_GROUP_get_curve_name ,
-.Fn EC_GROUP_set_asn1_flag ,
-.Fn EC_GROUP_get_asn1_flag ,
-.Fn EC_GROUP_set_point_conversion_form ,
-.Fn EC_GROUP_get_point_conversion_form ,
-.Fn EC_GROUP_get0_seed ,
-.Fn EC_GROUP_get_seed_len ,
-.Fn EC_GROUP_set_seed ,
-.Fn EC_GROUP_get_degree ,
-.Fn EC_GROUP_check ,
-.Fn EC_GROUP_check_discriminant ,
-.Fn EC_GROUP_cmp ,
-and
-.Fn EC_GROUP_get_basis_type
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Pp
-.Fn EC_GROUP_order_bits
-first appeared in OpenSSL 1.1.0 and has been available since
-.Ox 7.0 .
diff --git a/src/lib/libcrypto/man/EC_GROUP_get_curve_name.3 b/src/lib/libcrypto/man/EC_GROUP_get_curve_name.3
new file mode 100644
index 0000000000..9a131fddfe
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_GROUP_get_curve_name.3
@@ -0,0 +1,264 @@
+.\" $OpenBSD: EC_GROUP_get_curve_name.3,v 1.1 2025/04/25 19:57:12 tb Exp $
+.\"
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 25 2025 $
+.Dt EC_GROUP_GET_CURVE_NAME 3
+.Os
+.Sh NAME
+.Nm EC_GROUP_get_curve_name ,
+.Nm EC_GROUP_set_curve_name ,
+.Nm EC_GROUP_get_asn1_flag ,
+.Nm EC_GROUP_set_asn1_flag ,
+.Nm EC_GROUP_get0_seed ,
+.Nm EC_GROUP_get_seed_len ,
+.Nm EC_GROUP_set_seed ,
+.Nm EC_GROUP_get_point_conversion_form ,
+.Nm EC_GROUP_set_point_conversion_form ,
+.Nm EC_GROUP_get_basis_type
+.Nd configure and inspect details of the ASN.1 encoding of
+.Vt EC_GROUP
+and related objects
+.Sh SYNOPSIS
+.In openssl/ec.h
+.Ft int
+.Fo EC_GROUP_get_curve_name
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft void
+.Fo EC_GROUP_set_curve_name
+.Fa "EC_GROUP *group"
+.Fa "int nid"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_asn1_flag
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft void
+.Fo EC_GROUP_set_asn1_flag
+.Fa "EC_GROUP *group"
+.Fa "int flag"
+.Fc
+.Ft "unsigned char *"
+.Fo EC_GROUP_get0_seed
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft size_t
+.Fo EC_GROUP_get_seed_len
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft size_t
+.Fo EC_GROUP_set_seed
+.Fa "EC_GROUP *group"
+.Fa "const unsigned char *seed"
+.Fa "size_t len"
+.Fc
+.Bd -literal
+typedef enum {
+        POINT_CONVERSION_COMPRESSED = 2,
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+.Ed
+.Ft point_conversion_form_t
+.Fo EC_GROUP_get_point_conversion_form
+.Fa "const EC_GROUP *group"
+.Fc
+.Fo void
+.Ft EC_GROUP_set_point_conversion_form
+.Fa "EC_GROUP *group"
+.Fa "point_conversion_form_t form"
+.Fc
+.Pp
+Deprecated:
+.Ft int
+.Fo EC_GROUP_get_basis_type
+.Fa "const EC_GROUP *group"
+.Fc
+.Sh DESCRIPTION
+The functions in this manual affect or allow the inspection of
+the details of the ASN.1 encoding produced by the
+.Xr i2d_ECPKParameters 3
+family of functions.
+Modern applications use named curves and uncompressed point encoding,
+which are the default for
+.Xr EC_GROUP_new_by_curve_name 3 .
+.Pp
+In this library, Elliptic curve parameters are either encoded as a
+.Em named curve ,
+using an ASN.1 Object Identifier (OID) to refer to
+standardized parameters that need to be built into the library,
+or using
+.Em explicit curve parameters
+where the field, the curve equation, the base point's coordinates
+and other data are encoded explicitly.
+The
+.Em implicitly CA
+variant is not supported.
+.Pp
+.Fn EC_GROUP_get_curve_name
+gets the Numerical Identifier (NID) representation of the
+ASN.1 Object Identifier used for the named curve encoding of
+.Fa group .
+.Fn EC_GROUP_set_curve_name
+sets it to
+.Fa nid .
+.Pp
+.Fn EC_GROUP_get_asn1_flag
+retrieves the value of the
+.Fa asn1_flag
+member of
+.Fa group .
+If the bit corresponding to
+.Dv OPENSSL_EC_NAMED_CURVE
+is set, named curve encoding is used for
+.Fa group ,
+otherwise explicit encoding is used.
+.Fn EC_GROUP_set_asn1_flag
+sets the
+.Fa asn1_flag
+member of group to
+.Fa flag ,
+which should be either
+.Dv OPENSSL_EC_NAMED_CURVE
+to use named curve encoding or
+.Dv OPENSSL_EC_EXPLICIT_CURVE
+to use explicit encoding.
+.Pp
+The ASN.1 encoding of explicit curve parameters includes
+an optional seed value for parameters generated verifiably at random.
+If a seed value is set on
+.Fa group ,
+.Fn EC_GROUP_get0_seed
+returns a pointer to the internal byte string whose length is returned by
+.Fn EC_GROUP_get_seed_len .
+.Pp
+.Fn EC_GROUP_set_seed
+first clears any seed and length already stored in
+.Fa group .
+If
+.Fa seed
+is not
+.Dv NULL
+and
+.Fa len
+is not zero, it stores a copy of them in
+.Fa group .
+The
+.Fa seed
+should be a random byte string of
+.Fa len
+at least 20 bytes.
+The seed can be unset by passing
+.Dv NULL
+as a
+.Fa seed
+and a
+.Fa len
+of zero.
+The library does not perform any computation or validation with this seed,
+it only includes it in its ASN.1 encoded parameters,
+whether it contains a sensible value or not.
+.Pp
+Points on an elliptic curve, such as the generator or a public key,
+can be encoded in compressed form, uncompressed form,
+or in a hybrid form encompassing both, see
+.Xr EC_POINT_point2oct 3 .
+.Fn EC_GROUP_get_point_conversion_form
+retrieves the encoding used for points on
+.Fa group
+and
+.Fn EC_GROUP_set_point_conversion_form
+sets it to
+.Fa form .
+.Pp
+The deprecated
+.Fn EC_GROUP_get_basis_type
+only makes sense for curves over binary fields.
+It is provided for compatibility only.
+.Sh RETURN VALUES
+.Fn EC_GROUP_get_curve_name
+returns the NID to be used for named curve encoding of
+.Fa group
+or
+.Dv NID_undef
+if no NID is set.
+.Pp
+.Fn EC_GROUP_get_asn1_flag
+returns the value most recently set by
+.Fn EC_GROUP_set_asn1_flag
+on
+.Fa group .
+.Pp
+.Fn EC_GROUP_get0_seed
+returns an internal pointer to the
+.Fa seed
+on
+.Fa group
+or
+.Dv NULL
+if none is set.
+.Pp
+.Fn EC_GROUP_get_seed_len
+returns the byte length of the seed set on
+.Fa group
+or zero if none is set.
+.Pp
+.Fn EC_GROUP_set_seed
+returns 0 on memory allocation failure.
+It returns
+.Fa len
+on success unless
+.Fa seed
+is
+.Dv NULL
+or
+.Fa len
+is zero, in which case it returns 1.
+.Pp
+.Fn EC_GROUP_get_point_conversion_form
+returns the point conversion form last set by
+.Fn EC_GROUP_set_point_conversion_form
+on
+.Fa group .
+.Pp
+.Fn EC_GROUP_get_basis_type
+always returns
+.Dv NID_undef .
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3 ,
+.Xr OBJ_obj2nid 3
+.Sh HISTORY
+These functions first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
+.Sh BUGS
+Most of the setters cannot report errors and none of them perform proper
+input validation and accept most of the values passed in.
+This can result in invalid or nonsensical ASN.1 encoding produced by
+.Xr i2d_ECPKParameters 3
+and related functions.
diff --git a/src/lib/libcrypto/man/EC_GROUP_new.3 b/src/lib/libcrypto/man/EC_GROUP_new.3
deleted file mode 100644
index 83e3e4c870..0000000000
--- a/src/lib/libcrypto/man/EC_GROUP_new.3
+++ /dev/null
@@ -1,353 +0,0 @@
-.\"     $OpenBSD: EC_GROUP_new.3,v 1.18 2025/03/08 16:38:13 tb Exp $
-.\"     OpenSSL 6328d367 Sat Jul 4 21:58:30 2020 +0200
-.\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2013 The OpenSSL Project.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 8 2025 $
-.Dt EC_GROUP_NEW 3
-.Os
-.Sh NAME
-.Nm EC_GROUP_new ,
-.Nm EC_GROUP_free ,
-.Nm EC_GROUP_clear_free ,
-.Nm EC_GROUP_new_curve_GFp ,
-.Nm EC_GROUP_new_by_curve_name ,
-.Nm EC_GROUP_set_curve ,
-.Nm EC_GROUP_get_curve ,
-.Nm EC_GROUP_set_curve_GFp ,
-.Nm EC_GROUP_get_curve_GFp ,
-.Nm EC_get_builtin_curves ,
-.Nm EC_curve_nid2nist ,
-.Nm EC_curve_nist2nid
-.Nd create and destroy EC_GROUP objects
-.Sh SYNOPSIS
-.In openssl/ec.h
-.In openssl/bn.h
-.Ft EC_GROUP *
-.Fo EC_GROUP_new
-.Fa "const EC_METHOD *meth"
-.Fc
-.Ft void
-.Fo EC_GROUP_free
-.Fa "EC_GROUP *group"
-.Fc
-.Ft void
-.Fo EC_GROUP_clear_free
-.Fa "EC_GROUP *group"
-.Fc
-.Ft EC_GROUP *
-.Fo EC_GROUP_new_curve_GFp
-.Fa "const BIGNUM *p"
-.Fa "const BIGNUM *a"
-.Fa "const BIGNUM *b"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft EC_GROUP *
-.Fo EC_GROUP_new_by_curve_name
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo EC_GROUP_set_curve
-.Fa "EC_GROUP *group"
-.Fa "const BIGNUM *p"
-.Fa "const BIGNUM *a"
-.Fa "const BIGNUM *b"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_curve
-.Fa "const EC_GROUP *group"
-.Fa "BIGNUM *p"
-.Fa "BIGNUM *a"
-.Fa "BIGNUM *b"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_set_curve_GFp
-.Fa "EC_GROUP *group"
-.Fa "const BIGNUM *p"
-.Fa "const BIGNUM *a"
-.Fa "const BIGNUM *b"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_GROUP_get_curve_GFp
-.Fa "const EC_GROUP *group"
-.Fa "BIGNUM *p"
-.Fa "BIGNUM *a"
-.Fa "BIGNUM *b"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft size_t
-.Fo EC_get_builtin_curves
-.Fa "EC_builtin_curve *r"
-.Fa "size_t nitems"
-.Fc
-.Ft "const char *"
-.Fo EC_curve_nid2nist
-.Fa "int nid"
-.Fc
-.Ft int
-.Fo EC_curve_nist2nid
-.Fa "const char *name"
-.Fc
-.Sh DESCRIPTION
-The EC library provides functions for performing operations on
-elliptic curves in Weierstrass form.
-Such curves are defined over the prime field of order
-.Fa p
-and satisfy the Weierstrass equation with coefficients
-.Fa a
-and
-.Fa b
-.Pp
-.Dl y^2 = x^3 + ax + b
-.Pp
-An
-.Vt EC_GROUP
-structure is used to represent the definition of an elliptic curve.
-A new curve can be constructed by calling
-.Fn EC_GROUP_new ,
-using the implementation provided by
-.Fa meth .
-It is then necessary to call
-.Fn EC_GROUP_set_curve
-to set the curve parameters.
-.Pp
-.Fn EC_GROUP_set_curve
-sets the curve parameters
-.Fa p ,
-.Fa a ,
-and
-.Fa b ,
-where
-.Fa a
-and
-.Fa b
-represent the coefficients of the curve equation.
-.Pp
-.Fn EC_GROUP_set_curve_GFp
-is a deprecated synonym for
-.Fn EC_GROUP_set_curve .
-.Pp
-.Fn EC_GROUP_get_curve
-obtains the previously set curve parameters.
-.Pp
-.Fn EC_GROUP_get_curve_GFp
-is a deprecated synonym for
-.Fn EC_GROUP_get_curve .
-.Pp
-The function
-.Fn EC_GROUP_new_curve_GFp
-is a shortcut for calling
-.Fn EC_GROUP_new
-and
-.Fn EC_GROUP_set_curve .
-An appropriate default implementation method will be used.
-.Pp
-Whilst the library can be used to create any curve using the functions
-described above, there are also a number of predefined curves that are
-available.
-In order to obtain a list of all of the predefined curves, call the
-function
-.Fn EC_get_builtin_curves .
-The parameter
-.Fa r
-should be an array of
-.Vt EC_builtin_cure
-structures of size
-.Fa nitems .
-The function will populate the
-.Fa r
-array with information about the builtin curves.
-If
-.Fa nitems
-is less than the total number of curves available, then the first
-.Fa nitems
-curves will be returned.
-Otherwise the total number of curves will be provided.
-The return value is the total number of curves available (whether that
-number has been populated in
-.Fa r
-or not).
-Passing a
-.Dv NULL
-.Fa r ,
-or setting
-.Fa nitems
-to 0, will do nothing other than return the total number of curves
-available.
-The
-.Vt EC_builtin_curve
-structure is defined as follows:
-.Bd -literal
-typedef struct {
-        int nid;
-        const char *comment;
-} EC_builtin_curve;
-.Ed
-.Pp
-Each
-.Vt EC_builtin_curve
-item has a unique integer ID
-.Pq Fa nid
-and a human readable comment string describing the curve.
-.Pp
-In order to construct a builtin curve, use the function
-.Fn EC_GROUP_new_by_curve_name
-and provide the
-.Fa nid
-of the curve to be constructed.
-.Pp
-.Fn EC_GROUP_free
-frees the memory associated with the
-.Vt EC_GROUP .
-If
-.Fa group
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-.Fn EC_GROUP_clear_free
-destroys any sensitive data held within the
-.Vt EC_GROUP
-and then frees its memory.
-If
-.Fa group
-is a
-.Dv NULL
-pointer, no action occurs.
-.Pp
-Some builtin curves can be identified by their NIST name
-in addition to a numerical identifier (NID).
-.Fn EC_curve_nid2nist
-and
-.Fn EC_curve_nist2nid
-translate between the two.
-The five built-in prime curves are:
-.Pp
-.Bl -column "NIST name" NID_X9_62_prime256v1 "deprecated in SP800-186" -compact
-.It No NIST Fa name Ta Em ASN.1 NID       Ta Em notes
-.It Qq P-192   Ta Dv NID_X9_62_prime192v1 Ta No deprecated in SP800-186
-.It Qq P-224   Ta Dv NID_secp224r1        Ta
-.It Qq P-256   Ta Dv NID_X9_62_prime256v1 Ta
-.It Qq P-384   Ta Dv NID_secp384r1        Ta
-.It Qq P-521   Ta Dv NID_secp521r1        Ta
-.El
-.Pp
-.Fn EC_curve_nid2nist
-and
-.Fn EC_curve_nist2nid
-also accept the ten binary curves defined in FIPS\& 186-4
-and deprecated in SP800-186,
-although they no longer correspond to builtin curves in LibreSSL.
-.Sh RETURN VALUES
-All
-.Fn EC_GROUP_new*
-functions return a pointer to the newly constructed group or
-.Dv NULL
-on error.
-.Pp
-.Fn EC_get_builtin_curves
-returns the number of builtin curves that are available.
-.Pp
-.Fn EC_curve_nid2nist
-returns a string constant containing the NIST name if
-.Fa nid
-identifies a NIST curve or
-.Dv NULL
-otherwise.
-.Pp
-.Fn EC_curve_nist2nid
-returns the NID corresponding to the NIST curve
-.Fa name ,
-or
-.Dv NID_undef .
-.Pp
-.Fn EC_GROUP_set_curve ,
-.Fn EC_GROUP_get_curve ,
-.Fn EC_GROUP_set_curve_GFp ,
-and
-.Fn EC_GROUP_get_curve_GFp
-return 1 on success or 0 on error.
-.Sh SEE ALSO
-.Xr crypto 3 ,
-.Xr d2i_ECPKParameters 3 ,
-.Xr EC_GROUP_copy 3 ,
-.Xr EC_KEY_new 3 ,
-.Xr EC_POINT_add 3 ,
-.Xr EC_POINT_new 3 ,
-.Xr ECDH_compute_key 3 ,
-.Xr ECDSA_SIG_new 3
-.Sh HISTORY
-.Fn EC_GROUP_new ,
-.Fn EC_GROUP_free ,
-.Fn EC_GROUP_clear_free ,
-.Fn EC_GROUP_new_curve_GFp ,
-.Fn EC_GROUP_set_curve_GFp ,
-and
-.Fn EC_GROUP_get_curve_GFp
-first appeared in OpenSSL 0.9.7 and have been available since
-.Ox 3.2 .
-.Pp
-.Fn EC_GROUP_new_by_curve_name
-and
-.Fn EC_get_builtin_curves
-first appeared in OpenSSL 0.9.8 and have been available since
-.Ox 4.5 .
-.Fn EC_curve_nid2nist ,
-and
-.Fn EC_curve_nist2nid
-first appeared in OpenSSL 1.1.0 and have been available since
-.Ox 5.8 .
-.Pp
-.Fn EC_GROUP_set_curve
-and
-.Fn EC_GROUP_get_curve
-first appeared in OpenSSL 1.1.1 and have been available since
-.Ox 7.0 .
diff --git a/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3 b/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3
new file mode 100644
index 0000000000..128b30eda5
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_GROUP_new_by_curve_name.3
@@ -0,0 +1,310 @@
+.\" $OpenBSD: EC_GROUP_new_by_curve_name.3,v 1.1 2025/04/25 19:57:12 tb Exp $
+.\"
+.\" Copyright (c) 2024, 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 25 2025 $
+.Dt EC_GROUP_NEW_BY_CURVE_NAME 3
+.Os
+.Sh NAME
+.Nm EC_GROUP_new_by_curve_name ,
+.Nm EC_GROUP_free ,
+.Nm EC_GROUP_dup ,
+.Nm EC_GROUP_cmp ,
+.Nm EC_get_builtin_curves ,
+.Nm EC_curve_nid2nist ,
+.Nm EC_curve_nist2nid
+.Nd instantiate named curves built into libcrypto
+.Sh SYNOPSIS
+.In openssl/bn.h
+.In openssl/ec.h
+.In openssl/objects.h
+.Ft "EC_GROUP *"
+.Fo EC_GROUP_new_by_curve_name
+.Fa "int nid"
+.Fc
+.Ft void
+.Fo EC_GROUP_free
+.Fa "EC_GROUP *group"
+.Fc
+.Ft EC_GROUP *
+.Fo EC_GROUP_dup
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_cmp
+.Fa "const EC_GROUP *group1"
+.Fa "const EC_GROUP *group2"
+.Fa "BN_CTX *ctx"
+.Fc
+.Bd -literal
+typedef struct {
+        int nid;
+        const char *comment;
+} EC_builtin_curve;
+
+.Ed
+.Ft size_t
+.Fo EC_get_builtin_curves
+.Fa "EC_builtin_curve *curves"
+.Fa "size_t ncurves"
+.Fc
+.Ft int
+.Fo EC_curve_nist2nid
+.Fa "const char *name"
+.Fc
+.Ft "const char *"
+.Fo EC_curve_nid2nist
+.Fa "int nid"
+.Fc
+.Sh DESCRIPTION
+Most elliptic curves used in cryptographic protocols have a
+standardized representation as a
+.Em named curve ,
+where an ASN.1 Object Identifier (OID) is used instead of
+detailed domain parameters.
+This OID is represented internally by a Numerical Identifier (NID),
+and the parameters themselves must be built into the library.
+In the EC library the
+.Em curve name
+refers to this NID.
+.Pp
+.Fn EC_GROUP_new_by_curve_name
+returns a new
+.Vt EC_GROUP
+object representing the named curve corresponding to
+.Fa nid ,
+using the parameters built into the library.
+It is equivalent to passing the appropriate parameters to
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_GROUP_set_curve_name 3 ,
+.Xr EC_GROUP_set_generator 3
+and
+.Xr EC_GROUP_set_seed 3 .
+.Pp
+.Fn EC_GROUP_free
+frees
+.Fa group
+and all the memory associated with it.
+If
+.Fa group
+is
+.Dv NULL ,
+no action occurs.
+.Pp
+.Fn EC_GROUP_dup
+creates a deep copy of
+.Fa group .
+.Pp
+.Fn EC_GROUP_cmp
+is intended to determine whether
+.Fa group1
+and
+.Fa group2
+represent the same elliptic curve,
+making use of the optional
+.Fa ctx .
+If the curve name is set on both curves, they are compared as integers,
+then the prime field,
+the coefficients of the Weierstrass equation,
+the generators, their order and their cofactors are compared
+using
+.Xr BN_cmp 3
+or
+.Xr EC_POINT_cmp 3 ,
+respectively.
+.Pp
+.Fn EC_get_builtin_curves
+returns the number of builtin curves.
+If
+.Fa curves
+is
+.Dv NULL
+or
+.Fa ncurves
+is zero, it performs no other action.
+Otherwise, after reducing
+.Fa ncurves
+to the number of builtin curves if necessary,
+it copies the
+.Fa nid
+and a pointer to the
+.Fa comment
+of the first
+.Fa ncurves
+built-in curves to the array of
+.Vt EC_builtin_curve
+objects pointed to by
+.Fa curves
+and leaves the remainder of the array uninitialized.
+.Pp
+Some curves can be identified by their NIST name
+in addition to the numerical identifier (NID).
+.Fn EC_curve_nist2nid
+and
+.Fn EC_curve_nid2nist
+translate between the two.
+The builtin NIST curves over a prime field are:
+.Pp
+.Bl -column "NIST name" NID_X9_62_prime256v1 "deprecated in SP800-186" -compact
+.It No NIST Fa name Ta Em ASN.1 NID       Ta Em notes
+.It Qq P-224   Ta Dv NID_secp224r1        Ta
+.It Qq P-256   Ta Dv NID_X9_62_prime256v1 Ta also known as secp256r1
+.It Qq P-384   Ta Dv NID_secp384r1        Ta
+.It Qq P-521   Ta Dv NID_secp521r1        Ta
+.El
+.Pp
+.Fn EC_curve_nist2nid
+and
+.Fn EC_curve_nid2nist
+also accept the binary curves defined in FIPS\& 186-4
+and deprecated in SP800-186,
+as well as
+.Qq P-192
+and
+.Dv NID_X9_62_prime192v1 ,
+although all these no longer correspond to builtin curves in LibreSSL.
+.Sh RETURN VALUES
+.Fn EC_GROUP_new_by_curve_name
+returns a newly allocated group or
+.Dv NULL
+if there is no built-in group with NID
+.Fa nid ,
+or if memory allocation fails.
+.Pp
+.Fn EC_GROUP_dup
+returns a newly allocated group or
+.Dv NULL
+if memory allocation fails.
+.Pp
+.Fn EC_GROUP_cmp
+returns 1 if the groups are distinct, 0 if the groups are
+considered identical and \-1 on memory allocation error.
+.Pp
+.Fn EC_get_builtin_curves
+returns the number of builtin curves.
+.Pp
+.Fn EC_curve_nid2nist
+returns a string constant containing the NIST name if
+.Fa nid
+identifies a NIST curve or
+.Dv NULL
+otherwise.
+.Pp
+.Fn EC_curve_nist2nid
+returns the NID corresponding to the NIST curve
+.Fa name ,
+or
+.Dv NID_undef .
+.Sh EXAMPLES
+Print the list of builtin curves, their NIDs, their NIST name and
+a comment describing each curve:
+.Bd -literal
+#include <err.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+#include <openssl/ec.h>
+
+int
+main(void)
+{
+        EC_builtin_curve *curves;
+        size_t ncurves, i;
+
+        if (pledge("stdio", NULL) == -1)
+                err(1, "pledge");
+
+        ncurves = EC_get_builtin_curves(NULL, 0);
+        if ((curves = calloc(ncurves, sizeof(*curves))) == NULL)
+                err(1, NULL);
+        (void)EC_get_builtin_curves(curves, ncurves);
+
+        printf("curve\etnid\etNIST\etcomment\en");
+        for (i = 0; i < ncurves; i++) {
+                const char *nist_name = EC_curve_nid2nist(curves[i].nid);
+
+                printf("%2zu\et%d\et%s\et%s\en", i, curves[i].nid,
+                    nist_name != NULL ? nist_name : "", curves[i].comment);
+        }
+
+        free(curves);
+
+        return 0;
+}
+.Ed
+.Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3 ,
+.Xr OBJ_nid2obj 3
+.Sh STANDARDS
+.Rs
+.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
+.%U https://www.secg.org/sec1-v2.pdf
+.%D May 21, 2009
+.Re
+.Pp
+.Rs
+.%T SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0
+.%U https://www.secg.org/sec2-v2.pdf
+.%D Jan 27, 2010
+.Re
+.Sh HISTORY
+.Fn EC_GROUP_free
+first appeared in OpenSSL 0.9.7 and has been available since
+.Ox 3.2 .
+.Pp
+.Fn EC_GROUP_new_by_curve_name ,
+.Fn EC_GROUP_cmp ,
+.Fn EC_GROUP_dup ,
+and
+.Fn EC_get_builtin_curves
+first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
+.Pp
+.Fn EC_curve_nid2nist
+and
+.Fn EC_curve_nist2nid
+first appeared in OpenSSL 1.1.0 and have been available since
+.Ox 5.8 .
+.Sh BUGS
+.Fn EC_GROUP_cmp
+compares the coefficients of the Weierstrass equation as
+integers, not as elements of the prime field.
+It also treats the generator as mandatory while it is generally
+optional in the EC library.
+Aspects of the ASN.1 encoding controlled by the functions in
+.Xr EC_GROUP_get_asn1_flag 3 ,
+in particular seed, ASN.1 flag, and point conversion form,
+are ignored in the comparison.
+Group objects may therefore compare as equal and produce
+completely different ASN.1 encodings via
+.Xr i2d_ECPKParameters 3
+and related functions.
+In fact, either of these encodings might be valid or not,
+accepted or rejected by
+.Xr d2i_ECPKParameters 3 ,
+or the encoding might fail on one or both of the group objects.
diff --git a/src/lib/libcrypto/man/EC_GROUP_new_curve_GFp.3 b/src/lib/libcrypto/man/EC_GROUP_new_curve_GFp.3
new file mode 100644
index 0000000000..f13c969c28
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_GROUP_new_curve_GFp.3
@@ -0,0 +1,450 @@
+.\" $OpenBSD: EC_GROUP_new_curve_GFp.3,v 1.1 2025/04/25 19:57:12 tb Exp $
+.\"
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 25 2025 $
+.Dt EC_GROUP_NEW_CURVE_GFP 3
+.Os
+.Sh NAME
+.Nm EC_GROUP_new_curve_GFp ,
+.Nm EC_GROUP_set_curve ,
+.Nm EC_GROUP_get_curve ,
+.Nm EC_GROUP_set_generator ,
+.Nm EC_GROUP_get0_generator ,
+.Nm EC_GROUP_get_degree ,
+.Nm EC_GROUP_get_order ,
+.Nm EC_GROUP_order_bits ,
+.Nm EC_GROUP_get_cofactor ,
+.Nm EC_GROUP_clear_free ,
+.Nm EC_GROUP_set_curve_GFp ,
+.Nm EC_GROUP_get_curve_GFp
+.Nd define elliptic curves and retrieve information from them
+.Sh SYNOPSIS
+.In openssl/bn.h
+.In openssl/ec.h
+.Ft "EC_GROUP *"
+.Fo EC_GROUP_new_curve_GFp
+.Fa "const BIGNUM *p"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_set_curve
+.Fa "EC_GROUP *group"
+.Fa "const BIGNUM *p"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_curve
+.Fa "const EC_GROUP *group"
+.Fa "BIGNUM *p"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_set_generator
+.Fa "EC_GROUP *group"
+.Fa "const EC_POINT *generator"
+.Fa "const BIGNUM *order"
+.Fa "const BIGNUM *cofactor"
+.Fc
+.Ft "const EC_POINT *"
+.Fo EC_GROUP_get0_generator
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_degree
+.Fa "const EC_GROUP *"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_order
+.Fa "const EC_GROUP *group"
+.Fa "BIGNUM *order"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_order_bits
+.Fa "const EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_cofactor
+.Fa "const EC_GROUP *group"
+.Fa "BIGNUM *cofactor"
+.Fa "BN_CTX *ctx"
+.Fc
+.Pp
+Deprecated:
+.Pp
+.Ft void
+.Fo EC_GROUP_clear_free
+.Fa "EC_GROUP *group"
+.Fc
+.Ft int
+.Fo EC_GROUP_set_curve_GFp
+.Fa "EC_GROUP *group"
+.Fa "const BIGNUM *p"
+.Fa "const BIGNUM *a"
+.Fa "const BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_GROUP_get_curve_GFp
+.Fa "const EC_GROUP *group"
+.Fa "BIGNUM *p"
+.Fa "BIGNUM *a"
+.Fa "BIGNUM *b"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+With the exception of the getters
+the functions in this manual should not be used.
+Use
+.Xr EC_GROUP_new_by_curve_name 3
+instead.
+.Pp
+The EC library uses
+.Vt EC_GROUP
+objects to represent
+elliptic curves in Weierstrass form.
+These curves are defined over the prime field of order
+.Fa p
+via the Weierstrass equation
+.Dl y^2 = x^3 + ax + b
+where
+.Fa a
+and
+.Fa b
+are such that the discriminant 4a^3 - 27b^2 is non-zero.
+.Pp
+The points on an elliptic curve form a group.
+Cryptographic applications usually depend on the choice of a
+.Fa generator
+whose multiples form a cyclic subgroup of a certain
+.Fa order .
+By Lagrange's theorem, the number of points on the elliptic curve is
+the product of
+.Fa order
+and another integer called the
+.Fa cofactor .
+Hasse's theorem is the inequality
+.Dl | Ns Fa order No * Fa cofactor No - (p + 1)| <= 2 sqrt(p)
+which implies an upper bound on
+.Fa order
+in terms of
+.Fa p
+and allows the computation of
+.Fa cofactor
+provided that
+.Fa order
+is large enough.
+.Pp
+.Fn EC_GROUP_new_curve_GFp
+instantiates a new
+.Vt EC_GROUP
+object over the prime field of size
+.Fa p
+with Weierstrass equation given by the coefficients
+.Fa a
+and
+.Fa b .
+The optional
+.Fa ctx
+is used to transform the other arguments into internal representation.
+It is the caller's responsibility to ensure that
+.Fa p
+is a prime number greater than three and that
+the discriminant is non-zero.
+This can be done with
+.Xr EC_GROUP_check_discriminant 3
+or as part of
+.Xr EC_GROUP_check 3
+after
+.Fn EC_GROUP_set_generator .
+.Pp
+.Fn EC_GROUP_set_curve
+sets the curve parameters of
+.Fa group
+to
+.Fa p ,
+.Fa a ,
+.Fa b
+using the optional
+.Fa ctx
+and the comments in
+.Fn EC_GROUP_new_curve_GFp
+apply.
+Existing
+.Fa generator ,
+.Fa order ,
+or
+.Fa cofactor
+on
+.Fa group
+are left unmodified and become most likely invalid.
+They must therefore be set to legitimate values using
+.Fn EC_GROUP_set_generator .
+.Pp
+.Fn EC_GROUP_get_curve
+copies the curve parameters of
+.Fa group
+into the caller-owned
+.Fa p ,
+.Fa a ,
+and
+.Fa b ,
+possibly making use of the
+.Fa ctx
+for conversion from internal representations.
+Except for
+.Fa group ,
+all arguments are optional.
+.Pp
+.Fn EC_GROUP_set_generator
+performs sanity checks based on Hasse's theorem
+and copies
+.Fa generator ,
+.Fa order
+and the optional
+.Fa cofactor
+into
+.Fa group ,
+replacing all existing entries.
+It is the caller's responsibility to ensure that
+.Fa generator
+is a point on the curve and that
+.Fa order
+is its order,
+which can partially be accomplished with a subsequent call to
+.Xr EC_GROUP_check 3 .
+If
+.Fa cofactor
+is
+.Dv NULL ,
+it can be computed on curves of cryptographic interest,
+in which case
+.Fa cofactor
+is set to the computed value, otherwise it is set to zero.
+.Pp
+.Fn EC_GROUP_get0_generator
+returns an internal pointer to the
+.Fa group Ns 's
+.Fa generator ,
+which may be
+.Dv NULL
+if no generator was set.
+.Pp
+.Fn EC_GROUP_get_degree
+returns the bit length of the prime
+.Fa p
+set on
+.Fa group .
+.Pp
+.Fn EC_GROUP_get_order
+copies the value of the
+.Fa group Ns 's
+.Fa order
+into the caller-owned
+.Fa order ,
+returning failure if the
+.Fa group Ns 's
+.Fa order
+is zero.
+The
+.Fa ctx
+argument is ignored.
+.Pp
+.Fn EC_GROUP_order_bits
+returns the number of bits in the
+.Fa group Ns 's
+.Fa order ,
+which is the result of calling
+.Xr BN_num_bits 3
+on
+.Fa order .
+Unlike
+.Fn EC_GROUP_get_order ,
+it does not fail if
+.Fa order
+is zero.
+.Pp
+.Fn EC_GROUP_get_cofactor
+copies the value of the
+.Fa group Ns 's
+.Fa cofactor
+into the caller-owned
+.Fa cofactor ,
+returning failure if the
+.Fa group Ns 's
+.Fa cofactor
+is zero.
+The
+.Fa ctx
+argument is ignored.
+.Pp
+The deprecated
+.Fn EC_GROUP_clear_free
+uses
+.Xr explicit_bzero 3
+and
+.Xr freezero 3
+to clear and free all data associated with
+.Fa group .
+If
+.Fa group
+is
+.Dv NULL ,
+no action occurs.
+Since there is no secret data in
+.Fa group ,
+this API is useless.
+In LibreSSL,
+.Xr EC_GROUP_free 3
+and
+.Fn EC_GROUP_clear_free
+behave identically.
+.Pp
+.Fn EC_GROUP_set_curve_GFp
+and
+.Fn EC_GROUP_get_curve_GFp
+are deprecated aliases for
+.Fn EC_GROUP_set_curve
+and
+.Fn EC_GROUP_get_curve ,
+respectively.
+.Sh RETURN VALUES
+.Fn EC_GROUP_new_curve_GFp
+returns a newly allocated group or
+.Dv NULL
+if memory allocation fails,
+or if some minimal sanity checks on
+.Fa p ,
+.Fa a ,
+and
+.Fa b
+fail.
+.Pp
+.Fn EC_GROUP_set_curve
+and
+.Fn EC_GROUP_set_curve_GFp
+return 1 on success and 0 on failure.
+Failure conditions include that
+.Fa p
+is smaller than or equal to three, or even, or
+memory allocation failure.
+.Pp
+.Fn EC_GROUP_get_curve
+and
+.Fn EC_GROUP_get_curve_GFp
+return 1 on success and 0 on memory allocation failure.
+.Pp
+.Fn EC_GROUP_set_generator
+returns 1 on success and 0 on memory allocation failure, or if
+.Fa order
+or
+.Fa cofactor
+are larger than Hasse's theorem allows.
+.Fn EC_GROUP_get0_generator
+returns an internal pointer to the
+.Fa generator
+or
+.Dv NULL
+if none was set on
+.Fa group .
+.Pp
+.Fn EC_GROUP_get_order
+returns 1 on success or 0 on memory allocation failure or if the
+.Fa group Ns 's
+order is set to
+.Fa zero .
+.Pp
+.Fn EC_GROUP_get_degree ,
+.Fn EC_GROUP_order_bits ,
+and
+.Fn EC_GROUP_get_cofactor
+return the number of bits in the
+.Fa group Ns 's
+.Fa p ,
+.Fa order ,
+and
+.Fa cofactor ,
+respectively.
+.Sh SEE ALSO
+.Xr BN_new 3 ,
+.Xr BN_num_bits 3 ,
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3
+.Sh STANDARDS
+.Rs
+.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
+.%U https://www.secg.org/sec1-v2.pdf
+.%D May 21, 2009
+.Re
+.Pp
+.Rs
+.%T SEC 2: Recommended Elliptic Curve Domain Parameters, Version 2.0
+.%U https://www.secg.org/sec2-v2.pdf
+.%D Jan 27, 2010
+.Re
+.Sh HISTORY
+.Fn EC_GROUP_new_curve_GFp ,
+.Fn EC_GROUP_clear_free ,
+.Fn EC_GROUP_set_curve_GFp ,
+.Fn EC_GROUP_get_curve_GFp ,
+.Fn EC_GROUP_set_generator ,
+.Fn EC_GROUP_get0_generator ,
+.Fn EC_GROUP_get_order ,
+and
+.Fn EC_GROUP_get_cofactor
+first appeared in OpenSSL 0.9.7 and
+have been available since
+.Ox 3.2 .
+.Pp
+.Fn EC_GROUP_get_degree
+first appeared in OpenSSL 0.9.8 and
+has been available since
+.Ox 4.5 .
+.Pp
+.Fn EC_GROUP_set_curve ,
+.Fn EC_GROUP_get_curve ,
+and
+.Fn EC_GROUP_order_bits
+first appeared in OpenSSL 1.1.1 and
+have been available since
+.Ox 7.0
+.Sh BUGS
+Too many.
+The API is unergonomic and the design is very poor even by
+OpenSSL's standards.
+Naming is inconsistent, especially in regards to the _GFp suffix
+and the _get_ infix.
+Function signatures are inconsistent.
+In particular, functions that should have a
+.Vt BN_CTX
+argument don't have one and functions that don't need it have one.
diff --git a/src/lib/libcrypto/man/EC_KEY_METHOD_new.3 b/src/lib/libcrypto/man/EC_KEY_METHOD_new.3
index 79c16ef014..5f5795d5cc 100644
--- a/src/lib/libcrypto/man/EC_KEY_METHOD_new.3
+++ b/src/lib/libcrypto/man/EC_KEY_METHOD_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.4 2024/07/21 08:36:43 tb Exp $
+.\" $OpenBSD: EC_KEY_METHOD_new.3,v 1.5 2025/04/25 19:57:12 tb Exp $
 .\" Copyright (c) 2019 Ingo Schwarze <schwarze@openbsd.org>
 .\"
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.Dd $Mdocdate: July 21 2024 $
+.Dd $Mdocdate: April 25 2025 $
 .Dt EC_KEY_METHOD_NEW 3
 .Os
 .Sh NAME
@@ -312,7 +312,16 @@ returns 1 for success or 0 for failure.
 returns the EC_KEY implementation used by the given
 .Fa key .
 .Sh SEE ALSO
+.Xr crypto 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
 .Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
 .Xr ECDSA_sign 3
 .Sh HISTORY
 These functions first appeared in OpenSSL 1.1.0
diff --git a/src/lib/libcrypto/man/EC_KEY_new.3 b/src/lib/libcrypto/man/EC_KEY_new.3
index c24cb080ef..a2592a20ae 100644
--- a/src/lib/libcrypto/man/EC_KEY_new.3
+++ b/src/lib/libcrypto/man/EC_KEY_new.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: EC_KEY_new.3,v 1.21 2025/03/08 16:38:13 tb Exp $
+.\" $OpenBSD: EC_KEY_new.3,v 1.22 2025/04/25 19:57:12 tb Exp $
 .\" full merge up to: OpenSSL 3aef36ff Jan 5 13:06:03 2016 -0500
 .\" partial merge up to: OpenSSL e9b77246 Jan 20 19:58:49 2017 +0100
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 8 2025 $
+.Dd $Mdocdate: April 25 2025 $
 .Dt EC_KEY_NEW 3
 .Os
 .Sh NAME
@@ -234,7 +234,7 @@ and supplying the
 .Fa nid
 of the associated curve.
 Refer to
-.Xr EC_GROUP_new 3
+.Xr EC_GROUP_new_by_curve_name 3
 for a description of curve names.
 This function simply wraps calls to
 .Fn EC_KEY_new
@@ -357,7 +357,7 @@ The format of the external representation of the public key written by
 such as whether it is stored in a compressed form or not,
 is described by the point_conversion_form.
 See
-.Xr EC_GROUP_copy 3
+.Xr EC_POINT_point2oct 3
 for a description of point_conversion_form.
 .Pp
 When reading a private key encoded without an associated public key,
@@ -378,7 +378,7 @@ and
 get and set the point_conversion_form for the
 .Fa key .
 For a description of point_conversion_form refer to
-.Xr EC_GROUP_copy 3 .
+.Xr EC_POINT_point2oct 3 .
 .Pp
 .Fn EC_KEY_set_flags
 sets the flags in the
@@ -407,7 +407,7 @@ sets the asn1_flag on the underlying
 .Vt EC_GROUP
 object (if set).
 Refer to
-.Xr EC_GROUP_copy 3
+.Xr EC_GROUP_get_curve_name 3
 for further information on the asn1_flag.
 .Pp
 .Fn EC_KEY_precompute_mult
@@ -488,11 +488,14 @@ returns the point_conversion_form for the
 .Vt EC_KEY .
 .Sh SEE ALSO
 .Xr d2i_ECPKParameters 3 ,
-.Xr EC_GROUP_copy 3 ,
-.Xr EC_GROUP_new 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
 .Xr EC_KEY_METHOD_new 3 ,
 .Xr EC_POINT_add 3 ,
-.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_point2oct 3 ,
 .Xr ECDH_compute_key 3 ,
 .Xr ECDSA_SIG_new 3 ,
 .Xr EVP_PKEY_set1_EC_KEY 3
diff --git a/src/lib/libcrypto/man/EC_POINT_add.3 b/src/lib/libcrypto/man/EC_POINT_add.3
index cc35499c0e..9c75f0dcd3 100644
--- a/src/lib/libcrypto/man/EC_POINT_add.3
+++ b/src/lib/libcrypto/man/EC_POINT_add.3
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: EC_POINT_add.3,v 1.15 2025/03/08 16:48:22 tb Exp $
+.\"     $OpenBSD: EC_POINT_add.3,v 1.16 2025/04/25 19:57:12 tb Exp $
 .\"     OpenSSL b97fdb57 Nov 11 09:33:09 2016 +0100
 .\"
 .\" This file was written by Matt Caswell <matt@openssl.org>.
@@ -48,7 +48,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: March 8 2025 $
+.Dd $Mdocdate: April 25 2025 $
 .Dt EC_POINT_ADD 3
 .Os
 .Sh NAME
@@ -177,7 +177,7 @@ in which case the result is just
 .Dl q * m.
 .Pp
 See
-.Xr EC_GROUP_copy 3
+.Xr EC_GROUP_new_curve_GFp 3
 for information about the generator.
 .Sh RETURN VALUES
 The following functions return 1 on success or 0 on error:
@@ -197,11 +197,17 @@ returns 1 if the point is on the curve, 0 if not, or -1 on error.
 .Fn EC_POINT_cmp
 returns 1 if the points are not equal, 0 if they are, or -1 on error.
 .Sh SEE ALSO
+.Xr crypto 3 ,
 .Xr d2i_ECPKParameters 3 ,
-.Xr EC_GROUP_copy 3 ,
-.Xr EC_GROUP_new 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
 .Xr EC_KEY_new 3 ,
-.Xr EC_POINT_new 3
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3
 .Sh HISTORY
 .Fn EC_POINT_add ,
 .Fn EC_POINT_dbl ,
diff --git a/src/lib/libcrypto/man/EC_POINT_get_affine_coordinates.3 b/src/lib/libcrypto/man/EC_POINT_get_affine_coordinates.3
new file mode 100644
index 0000000000..b36d480530
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_POINT_get_affine_coordinates.3
@@ -0,0 +1,215 @@
+.\" $OpenBSD: EC_POINT_get_affine_coordinates.3,v 1.1 2025/04/25 19:57:12 tb Exp $
+.\"
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 25 2025 $
+.Dt EC_POINT_GET_AFFINE_COORDINATES 3
+.Os
+.Sh NAME
+.Nm EC_POINT_get_affine_coordinates ,
+.Nm EC_POINT_set_affine_coordinates ,
+.Nm EC_POINT_set_compressed_coordinates ,
+.Nm EC_POINT_set_to_infinity ,
+.Nm EC_POINT_get_affine_coordinates_GFp ,
+.Nm EC_POINT_set_affine_coordinates_GFp ,
+.Nm EC_POINT_set_compressed_coordinates_GFp
+.Nd get and set coordinates of elliptic curve points
+.Sh SYNOPSIS
+.In openssl/bn.h
+.In openssl/ec.h
+.Pp
+.Ft int
+.Fo EC_POINT_get_affine_coordinates
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "BIGNUM *x"
+.Fa "BIGNUM *y"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_set_affine_coordinates
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fa "const BIGNUM *x"
+.Fa "const BIGNUM *y"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_set_compressed_coordinates
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fa "const BIGNUM *x"
+.Fa "int y_bit"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_set_to_infinity
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fc
+.Pp
+Deprecated:
+.Pp
+.Ft int
+.Fo EC_POINT_get_affine_coordinates_GFp
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "BIGNUM *x"
+.Fa "BIGNUM *y"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_set_affine_coordinates_GFp
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fa "const BIGNUM *x"
+.Fa "const BIGNUM *y"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_set_compressed_coordinates_GFp
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fa "const BIGNUM *x"
+.Fa "int y_bit"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+.Fn EC_POINT_get_affine_coordinates
+assumes that
+.Fa point
+is a point on
+.Fa group ,
+calculates its affine coordinates from its internal representation
+using the optional
+.Fa ctx ,
+and copies them into the optional user-provided
+.Fa x
+and
+.Fa y .
+.Pp
+.Fn EC_POINT_set_affine_coordinates
+assumes that
+.Fa x
+and
+.Fa y
+are the affine coordinates of a point on
+.Fa group ,
+converts them into internal representation and sets them on
+.Fa point
+using the optional
+.Fa ctx .
+The user-provided
+.Fa point
+should be the result of
+.Fn EC_POINT_new 3
+with an argument of
+.Fa group .
+It then verifies using
+.Xr EC_POINT_is_on_curve 3
+that
+.Fa x
+and
+.Fa y
+are indeed the affine coordinates of a point on
+.Fa group .
+.Pp
+.Fn EC_POINT_set_compressed_coordinates
+assumes that
+.Fa x
+is the x-coordinate and
+.Fa y_bit
+is the parity bit of a point on
+.Fa group
+and sets
+.Fa point
+to the corresponding point on
+.Fa group .
+It does this by solving the quadratic equation y^2 = x^3 + ax + b using
+.Xr BN_mod_sqrt 3
+and the optional
+.Fa ctx ,
+chooses the solution
+.Fa y
+with parity matching
+.Fa y_bit ,
+and passes
+.Fa x
+and
+.Fa y
+to
+.Fn EC_POINT_set_affine_coordinates .
+The user-provided
+.Fa point
+should be the result of
+.Fn EC_POINT_new
+with argument
+.Fa group .
+.Pp
+.Fn EC_POINT_set_to_infinity
+sets
+.Fa point
+to the internal representation of the point at infinity on
+.Fa group .
+.Pp
+.Fn EC_POINT_get_affine_coordinates_GFp
+is a deprecated alias for
+.Fn EC_POINT_get_affine_coordinates .
+Similarly for
+.Fn EC_POINT_set_affine_coordinates_GFp
+and
+.Fn EC_POINT_set_compressed_coordinates_GFp .
+.Sh RETURN VALUES
+All these functions return 1 on success and 0 on error.
+Error conditions include memory allocation failure,
+that
+.Fa point
+is incompatible with
+.Fa group ,
+and, for the coordinate setters, that the provided coordinates
+do not represent a point on
+.Fa group .
+.Sh SEE ALSO
+.Xr BN_CTX_new 3 ,
+.Xr BN_is_zero 3 ,
+.Xr BN_mod_sqrt 3 ,
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3
+.Sh HISTORY
+.Fn EC_POINT_get_affine_coordinates_GFp ,
+.Fn EC_POINT_set_affine_coordinates_GFp ,
+.Fn EC_POINT_set_compressed_coordinates_GFp ,
+and
+.Fn EC_POINT_set_to_infinity
+first appeared in OpenSSL 0.9.7 and have been available since
+.Ox 3.2 .
+.Pp
+.Fn EC_POINT_get_affine_coordinates ,
+.Fn EC_POINT_set_affine_coordinates ,
+and
+.Fn EC_POINT_set_compressed_coordinates
+first appeared in OpenSSL 1.1.1 and have been available since
+.Ox 7.0 .
diff --git a/src/lib/libcrypto/man/EC_POINT_new.3 b/src/lib/libcrypto/man/EC_POINT_new.3
index db6280fce7..cfc988f294 100644
--- a/src/lib/libcrypto/man/EC_POINT_new.3
+++ b/src/lib/libcrypto/man/EC_POINT_new.3
@@ -1,54 +1,20 @@
-.\" $OpenBSD: EC_POINT_new.3,v 1.17 2025/03/08 17:04:07 tb Exp $
-.\" full merge up to: OpenSSL 50db8163 Jul 30 16:56:41 2018 +0100
+.\" $OpenBSD: EC_POINT_new.3,v 1.18 2025/04/25 19:57:12 tb Exp $
 .\"
-.\" This file was written by Matt Caswell <matt@openssl.org>.
-.\" Copyright (c) 2013, 2016 The OpenSSL Project.  All rights reserved.
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
 .\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
 .\"
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in
-.\"    the documentation and/or other materials provided with the
-.\"    distribution.
-.\"
-.\" 3. All advertising materials mentioning features or use of this
-.\"    software must display the following acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
-.\"
-.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-.\"    endorse or promote products derived from this software without
-.\"    prior written permission. For written permission, please contact
-.\"    openssl-core@openssl.org.
-.\"
-.\" 5. Products derived from this software may not be called "OpenSSL"
-.\"    nor may "OpenSSL" appear in their names without prior written
-.\"    permission of the OpenSSL Project.
-.\"
-.\" 6. Redistributions of any form whatsoever must retain the following
-.\"    acknowledgment:
-.\"    "This product includes software developed by the OpenSSL Project
-.\"    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-.\" OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: March 8 2025 $
+.Dd $Mdocdate: April 25 2025 $
 .Dt EC_POINT_NEW 3
 .Os
 .Sh NAME
@@ -56,163 +22,56 @@
 .Nm EC_POINT_free ,
 .Nm EC_POINT_clear_free ,
 .Nm EC_POINT_copy ,
-.Nm EC_POINT_dup ,
-.Nm EC_POINT_set_to_infinity ,
-.Nm EC_POINT_set_affine_coordinates ,
-.Nm EC_POINT_set_affine_coordinates_GFp ,
-.Nm EC_POINT_get_affine_coordinates ,
-.Nm EC_POINT_get_affine_coordinates_GFp ,
-.Nm EC_POINT_set_compressed_coordinates ,
-.Nm EC_POINT_set_compressed_coordinates_GFp ,
-.Nm EC_POINT_point2oct ,
-.Nm EC_POINT_oct2point ,
-.Nm EC_POINT_point2bn ,
-.Nm EC_POINT_bn2point ,
-.Nm EC_POINT_point2hex ,
-.Nm EC_POINT_hex2point
-.Nd create, destroy, and manipulate EC_POINT objects
+.Nm EC_POINT_dup
+.Nd allocate, free and copy elliptic curve points
 .Sh SYNOPSIS
 .In openssl/ec.h
-.In openssl/bn.h
-.Ft EC_POINT *
+.Pp
+.Ft "EC_POINT *"
 .Fo EC_POINT_new
 .Fa "const EC_GROUP *group"
 .Fc
-.Ft void
+.Ft "void"
 .Fo EC_POINT_free
 .Fa "EC_POINT *point"
 .Fc
-.Ft void
+.Ft "void"
 .Fo EC_POINT_clear_free
 .Fa "EC_POINT *point"
 .Fc
-.Ft int
+.Ft "int"
 .Fo EC_POINT_copy
 .Fa "EC_POINT *dst"
 .Fa "const EC_POINT *src"
 .Fc
-.Ft EC_POINT *
+.Ft "EC_POINT *"
 .Fo EC_POINT_dup
-.Fa "const EC_POINT *src"
-.Fa "const EC_GROUP *group"
-.Fc
-.Ft int
-.Fo EC_POINT_set_to_infinity
-.Fa "const EC_GROUP *group"
-.Fa "EC_POINT *point"
-.Fc
-.Ft int
-.Fo EC_POINT_set_affine_coordinates
-.Fa "const EC_GROUP *group"
-.Fa "EC_POINT *p"
-.Fa "const BIGNUM *x"
-.Fa "const BIGNUM *y"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_POINT_set_affine_coordinates_GFp
-.Fa "const EC_GROUP *group"
-.Fa "EC_POINT *p"
-.Fa "const BIGNUM *x"
-.Fa "const BIGNUM *y"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_POINT_get_affine_coordinates
-.Fa "const EC_GROUP *group"
-.Fa "const EC_POINT *p"
-.Fa "BIGNUM *x"
-.Fa "BIGNUM *y"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_POINT_get_affine_coordinates_GFp
-.Fa "const EC_GROUP *group"
-.Fa "const EC_POINT *p"
-.Fa "BIGNUM *x"
-.Fa "BIGNUM *y"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_POINT_set_compressed_coordinates
-.Fa "const EC_GROUP *group"
-.Fa "EC_POINT *p"
-.Fa "const BIGNUM *x"
-.Fa "int y_bit"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_POINT_set_compressed_coordinates_GFp
-.Fa "const EC_GROUP *group"
-.Fa "EC_POINT *p"
-.Fa "const BIGNUM *x"
-.Fa "int y_bit"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft size_t
-.Fo EC_POINT_point2oct
+.Fa "const EC_POINT *point"
 .Fa "const EC_GROUP *group"
-.Fa "const EC_POINT *p"
-.Fa "point_conversion_form_t form"
-.Fa "unsigned char *buf"
-.Fa "size_t len"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft int
-.Fo EC_POINT_oct2point
-.Fa "const EC_GROUP *group"
-.Fa "EC_POINT *p"
-.Fa "const unsigned char *buf"
-.Fa "size_t len"
-.Fa "BN_CTX *ctx"
-.Fc
-.Ft BIGNUM *
-.Fo EC_POINT_point2bn
-.Fa "const EC_GROUP *"
-.Fa "const EC_POINT *"
-.Fa "point_conversion_form_t form"
-.Fa "BIGNUM *"
-.Fa "BN_CTX *"
-.Fc
-.Ft EC_POINT *
-.Fo EC_POINT_bn2point
-.Fa "const EC_GROUP *"
-.Fa "const BIGNUM *"
-.Fa "EC_POINT *"
-.Fa "BN_CTX *"
-.Fc
-.Ft char *
-.Fo EC_POINT_point2hex
-.Fa "const EC_GROUP *"
-.Fa "const EC_POINT *"
-.Fa "point_conversion_form_t form"
-.Fa "BN_CTX *"
-.Fc
-.Ft EC_POINT *
-.Fo EC_POINT_hex2point
-.Fa "const EC_GROUP *"
-.Fa "const char *"
-.Fa "EC_POINT *"
-.Fa "BN_CTX *"
 .Fc
 .Sh DESCRIPTION
 An
 .Vt EC_POINT
-represents a point on a curve.
-A curve is represented by an
-.Vt EC_GROUP
-object created by the functions described in
-.Xr EC_GROUP_new 3 .
+object holds a point on the elliptic curve represented by an
+.Vt EC_GROUP .
+The details of the internal representation depend on the group
+and should never be an application's concern since the EC library
+has API to set a point's coordinates,
+.Xr EC_POINT_set_affine_coordinates 3 .
 .Pp
-A new point is constructed by calling the function
 .Fn EC_POINT_new
-and providing the
-.Fa group
-object that the point relates to.
+allocates and initializes an
+.Vt EC_POINT
+object to be used with the
+.Fa group .
+Before explicitly setting its coordinates, the returned
+.Vt EC_POINT
+is invalid.
 .Pp
 .Fn EC_POINT_free
-frees the memory associated with the
-.Vt EC_POINT .
+frees
+.Fa point
+and all memory associated with it.
 If
 .Fa point
 is a
@@ -220,236 +79,129 @@ is a
 pointer, no action occurs.
 .Pp
 .Fn EC_POINT_clear_free
-destroys any sensitive data held within the
-.Vt EC_POINT
-and then frees its memory.
-If
+is intended to destroy sensitive data held in
 .Fa point
-is a
-.Dv NULL
-pointer, no action occurs.
+in addition to freeing all memory associated with it.
+Since elliptic curve points usually hold public data, this
+is rarely needed.
+In LibreSSL,
+.Fn EC_POINT_free
+and
+.Fn EC_POINT_clear_free
+behave identically.
 .Pp
 .Fn EC_POINT_copy
-copies the point
+copies the internal representation of
 .Fa src
 into
 .Fa dst .
-Both
+If
 .Fa src
 and
 .Fa dst
-must use the same
-.Vt EC_METHOD .
-.Pp
-.Fn EC_POINT_dup
-creates a new
-.Vt EC_POINT
-object and copies the content from
+are identical, no action occurs.
+Both
 .Fa src
-to the newly created
-.Vt EC_POINT
-object.
-.Pp
-A valid point on a curve is the special point at infinity.
-A point is set to be at infinity by calling
-.Fn EC_POINT_set_to_infinity .
-.Pp
-The affine coordinates for a point describe a point in terms of its
-.Fa x
-and
-.Fa y
-position.
-The function
-.Fn EC_POINT_set_affine_coordinates
-sets the
-.Fa x
-and
-.Fa y
-coordinates for the point
-.Fa p
-defined over the curve given in
-.Fa group .
-The function
-.Fn EC_POINT_get_affine_coordinates
-sets
-.Fa x
-and
-.Fa y ,
-either of which may be
-.Dv NULL ,
-to the corresponding coordinates of
-.Fa p .
-.Pp
-The functions
-.Fn EC_POINT_set_affine_coordinates_GFp
-is a deprecated synonym for
-.Fn EC_POINT_set_affine_coordinates
-and the function
-.Fn EC_POINT_get_affine_coordinates_GFp
-is a deprecated synonym for
-.Fn EC_POINT_get_affine_coordinates .
-.Pp
-Points can also be described in terms of their compressed coordinates.
-For a point
-.Pq Fa x , y ,
-for any given value for
-.Fa x
-such that the point is on the curve, there will only ever be two
-possible values for
-.Fa y .
-Therefore, a point can be set using the
-.Fn EC_POINT_set_compressed_coordinates
-function where
-.Fa x
-is the x coordinate and
-.Fa y_bit
-is a value 0 or 1 to identify which of the two possible values for y
-should be used.
-.Pp
-The functions
-.Fn EC_POINT_set_compressed_coordinates_GFp
-is a deprecated synonym for
-.Fn EC_POINT_set_compressed_coordinates .
-.Pp
-In addition
-.Vt EC_POINT Ns s
-can be converted to and from various external representations.
-Supported representations are octet strings,
-.Vt BIGNUM Ns s ,
-and hexadecimal.
-The format of the external representation is described by the
-point_conversion_form.
-See
-.Xr EC_GROUP_copy 3
-for a description of point_conversion_form.
-Octet strings are stored in a buffer along with an associated buffer
-length.
-A point held in a
-.Vt BIGNUM
-is calculated by converting the point to an octet string and then
-converting that octet string into a
-.Vt BIGNUM
-integer.
-Points in hexadecimal format are stored in a NUL terminated character
-string where each character is one of the printable values 0-9 or A-F
-(or a-f).
-.Pp
-The functions
-.Fn EC_POINT_point2oct ,
-.Fn EC_POINT_oct2point ,
-.Fn EC_POINT_point2bn ,
-.Fn EC_POINT_bn2point ,
-.Fn EC_POINT_point2hex ,
 and
-.Fn EC_POINT_hex2point
-convert from and to
-.Vt EC_POINT Ns s
-for the formats octet string,
-.Vt BIGNUM ,
-and hexadecimal, respectively.
-.Pp
-The function
-.Fn EC_POINT_point2oct
-must be supplied with a
-.Fa buf
-long enough to store the octet string.
-The return value provides the number of octets stored.
-Calling the function with a
-.Dv NULL
-.Fa buf
-will not perform the conversion but will still return the required
-buffer length.
+.Fa dst
+should be the result of
+.Fn EC_POINT_new
+with the same
+.Fa group
+argument, although
+.Fn EC_POINT_copy
+cannot check that.
 .Pp
-The function
-.Fn EC_POINT_point2hex
-will allocate sufficient memory to store the hexadecimal string.
-It is the caller's responsibility to free this memory with a subsequent
-call to
-.Xr free 3 .
+.Fn EC_POINT_dup
+creates a deep copy of
+.Fa point
+by combining
+.Fn EC_POINT_new
+with
+.Fn EC_GROUP_copy .
 .Sh RETURN VALUES
 .Fn EC_POINT_new
-and
-.Fn EC_POINT_dup
-return the newly allocated
+returns a newly allocated
 .Vt EC_POINT
 or
 .Dv NULL
-on error.
+on memory allocation failure.
 .Pp
-The following functions return 1 on success or 0 on error:
-.Fn EC_POINT_copy ,
-.Fn EC_POINT_set_to_infinity ,
-.Fn EC_POINT_set_affine_coordinates ,
-.Fn EC_POINT_set_affine_coordinates_GFp ,
-.Fn EC_POINT_get_affine_coordinates ,
-.Fn EC_POINT_get_affine_coordinates_GFp ,
-.Fn EC_POINT_set_compressed_coordinates ,
-.Fn EC_POINT_set_compressed_coordinates_GFp ,
-and
-.Fn EC_POINT_oct2point .
-.Pp
-.Fn EC_POINT_point2oct
-returns the length of the required buffer, or 0 on error.
-.Pp
-.Fn EC_POINT_point2bn
-returns the pointer to the
-.Vt BIGNUM
-supplied or
-.Dv NULL
-on error.
-.Pp
-.Fn EC_POINT_bn2point
-returns the pointer to the
-.Vt EC_POINT
-supplied or
-.Dv NULL
-on error.
-.Pp
-.Fn EC_POINT_point2hex
-returns a pointer to the hex string or
-.Dv NULL
-on error.
+.Fn EC_POINT_copy
+returns 1 on success or 0 on error.
+Error conditions include memory allocation failure and that
+.Fa dst
+is incompatible with the group on which
+.Fa src
+is defined.
 .Pp
-.Fn EC_POINT_hex2point
-returns the pointer to the
+.Fn EC_POINT_dup
+returns a newly allocated
 .Vt EC_POINT
-supplied or
+or
 .Dv NULL
-on error.
+on failure.
+Error conditions include memory allocation failure or that
+.Fa group
+is incompatible with
+.Fa src .
 .Sh SEE ALSO
+.Xr BN_CTX_new 3 ,
+.Xr BN_is_zero 3 ,
+.Xr crypto 3 ,
 .Xr d2i_ECPKParameters 3 ,
-.Xr EC_GROUP_copy 3 ,
-.Xr EC_GROUP_new 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
 .Xr EC_KEY_new 3 ,
 .Xr EC_POINT_add 3 ,
-.Xr ECDH_compute_key 3
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_point2oct 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3
 .Sh HISTORY
 .Fn EC_POINT_new ,
 .Fn EC_POINT_free ,
 .Fn EC_POINT_clear_free ,
-.Fn EC_POINT_copy ,
-.Fn EC_POINT_set_to_infinity ,
-.Fn EC_POINT_set_affine_coordinates_GFp ,
-.Fn EC_POINT_get_affine_coordinates_GFp ,
-.Fn EC_POINT_set_compressed_coordinates_GFp ,
-.Fn EC_POINT_point2oct ,
 and
-.Fn EC_POINT_oct2point
+.Fn EC_POINT_copy
 first appeared in OpenSSL 0.9.7 and have been available since
 .Ox 3.2 .
 .Pp
-.Fn EC_POINT_dup ,
-.Fn EC_POINT_point2bn ,
-.Fn EC_POINT_bn2point ,
-.Fn EC_POINT_point2hex ,
-and
-.Fn EC_POINT_hex2point
-first appeared in OpenSSL 0.9.8 and have been available since
+.Fn EC_POINT_dup
+first appeared in OpenSSL 0.9.8 and has been available since
 .Ox 4.5 .
-.Pp
-.Fn EC_POINT_set_affine_coordinates ,
-.Fn EC_POINT_get_affine_coordinates ,
+.Sh BUGS
+A fundamental flaw in the OpenSSL API toolkit is that
+.Fn *_new
+functions usually create invalid objects that are tricky to
+turn into valid objects.
+A fundamental flaw in the EC library is that
+.Vt EC_POINT
+objects do not hold a reference to the group they live on
+despite the fact that
+.Fn EC_POINT_new
+has a
+.Fa group
+argument.
+This is difficult to fix because
+.Vt EC_GROUP
+objects are not reference counted and
+because of const qualifiers in the API.
+This is the root cause for various contortions in the EC library
+and API.
+This has security implications because not
+only does the library not know whether an
+.Fa EC_POINT
+object represents a valid point,
+even if it did know that it would not know on what curve.
+.Pp
+The signature of
+.Fn EC_GROUP_dup
+is bizarre and the order of
+.Fa point
 and
-.Fn EC_POINT_set_compressed_coordinates
-first appeared in OpenSSL 1.1.1 and have been available since
-.Ox 7.0 .
+.Fa group
+is inconsistent with the rest of the EC API.
diff --git a/src/lib/libcrypto/man/EC_POINT_point2oct.3 b/src/lib/libcrypto/man/EC_POINT_point2oct.3
new file mode 100644
index 0000000000..d0663670ee
--- /dev/null
+++ b/src/lib/libcrypto/man/EC_POINT_point2oct.3
@@ -0,0 +1,431 @@
+.\" $OpenBSD: EC_POINT_point2oct.3,v 1.1 2025/04/25 19:57:12 tb Exp $
+.\"
+.\" Copyright (c) 2025 Theo Buehler <tb@openbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd $Mdocdate: April 25 2025 $
+.Dt EC_POINT_POINT2OCT 3
+.Os
+.Sh NAME
+.Nm EC_POINT_point2oct ,
+.Nm EC_POINT_oct2point ,
+.Nm EC_POINT_point2bn ,
+.Nm EC_POINT_bn2point ,
+.Nm EC_POINT_point2hex ,
+.Nm EC_POINT_hex2point
+.Nd encode and decode elliptic curve points
+.Sh SYNOPSIS
+.In openssl/bn.h
+.In openssl/ec.h
+.Bd -literal
+typedef enum {
+        POINT_CONVERSION_COMPRESSED = 2,
+        POINT_CONVERSION_UNCOMPRESSED = 4,
+        POINT_CONVERSION_HYBRID = 6
+} point_conversion_form_t;
+
+.Ed
+.Ft size_t
+.Fo EC_POINT_point2oct
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "point_conversion_form_t form"
+.Fa "unsigned char *buf"
+.Fa "size_t len"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft int
+.Fo EC_POINT_oct2point
+.Fa "const EC_GROUP *group"
+.Fa "EC_POINT *point"
+.Fa "const unsigned char *buf"
+.Fa "size_t len"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft "BIGNUM *"
+.Fo EC_POINT_point2bn
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "point_conversion_form_t form"
+.Fa "BIGNUM *bn"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft "EC_POINT *"
+.Fo EC_POINT_bn2point
+.Fa "const EC_GROUP *group"
+.Fa "const BIGNUM *bn"
+.Fa "EC_POINT *point"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft "char *"
+.Fo EC_POINT_point2hex
+.Fa "const EC_GROUP *group"
+.Fa "const EC_POINT *point"
+.Fa "point_conversion_form_t form"
+.Fa "BN_CTX *ctx"
+.Fc
+.Ft "EC_POINT *"
+.Fo EC_POINT_hex2point
+.Fa "const EC_GROUP *group"
+.Fa "const char *hex"
+.Fa "EC_POINT *point"
+.Fa "BN_CTX *ctx"
+.Fc
+.Sh DESCRIPTION
+The
+.Fa ctx
+argument of all functions in this manual is optional.
+.Pp
+An
+.Vt EC_POINT
+object represents a point on the elliptic curve given by an
+.Vt EC_GROUP
+object.
+It is either the point at infinity or it has a representation
+(x, y) in standard affine coordinates,
+in which case it satisfies the curve's Weierstrass equation
+.Dl y^2 = x^3 + ax + b
+in the prime field of size p.
+Thus, y is a square root of x^3 + ax + b.
+Since p > 3 is odd, p - y is another square root
+with different parity, unless y is zero.
+Point compression uses that x and the parity of y are enough
+to compute y using
+.Xr BN_mod_sqrt 3 .
+.Pp
+Field elements are represented as non-negative integers < p
+in big-endian 2-complement form, zero-padded on the left to the byte
+length l of p.
+If X and Y are the representations of x and y, respectively, and P is
+the parity bit of y, the three encodings of the point (x, y) are
+the byte strings:
+.Bl -column "EncodingX" "CompressedX" "UncompressedX" "Hybrid" -offset indent -compact
+.It Ta Em Compressed Ta Em Uncompressed Ta Em Hybrid
+.It Encoding Ta 2+P || X Ta 4 || X || Y Ta 6+P || X || Y
+.It Length Ta 1 + l Ta 1 + 2l Ta 1 + 2l
+.El
+where the first octet is the point conversion form
+combined with the parity bit in the compressed and hybrid encodings.
+The point at infinity is encoded as a single zero byte.
+.Pp
+.Fn EC_POINT_point2oct
+converts
+.Fa point
+into the octet string encoding of type
+.Fa form .
+It assumes without checking that
+.Fa point
+is a point on the elliptic curve represented by
+.Fa group
+and operates in two modes depending on the
+.Fa buf
+argument.
+If
+.Fa buf
+is
+.Dv NULL ,
+.Fn EC_POINT_point2oct
+returns the length of
+.Fa point Ns 's
+encoding of type
+.Fa form
+and ignores the
+.Fa len
+and
+.Fa ctx
+arguments.
+If
+.Fa buf
+is not
+.Dv NULL
+and its length
+.Fa len
+is sufficiently big,
+.Fn EC_POINT_point2oct 3
+writes the
+.Fa point Ns 's
+encoding of type
+.Fa form
+to
+.Fa buf
+and returns the number of bytes written.
+Unless
+.Fa point
+is the point at infinity, the coordinates to be encoded are calculated using
+.Xr EC_POINT_get_affine_coordinates 3 .
+.Pp
+.Fn EC_POINT_oct2point
+decodes the octet string representation of a point on
+.Fa group
+in
+.Fa buf
+of size
+.Fa len
+and, if it represents a point on
+.Fa group ,
+sets it on the caller-provided
+.Fa point
+using
+.Xr EC_POINT_set_to_infinity 3
+.Xr EC_POINT_set_compressed_coordinates 3 ,
+or
+.Xr EC_POINT_set_affine_coordinates 3 .
+For hybrid encoding the consistency of
+the parity bit in the leading octet is verified.
+.Pp
+.Fn EC_POINT_point2bn
+returns a
+.Vt BIGNUM
+containing the encoding of type
+.Fa form
+of the
+.Fa point
+on
+.Fa group .
+If
+.Fa bn
+is
+.Dv NULL ,
+this
+.Vt BIGNUM
+is newly allocated, otherwise the result is copied into
+.Fa bn
+and returned.
+.Fn EC_POINT_point2bn
+is equivalent to
+.Fn EC_POINT_point2oct
+followed by
+.Xr BN_bin2bn 3 .
+.Pp
+.Fn EC_POINT_bn2point
+assumes that
+.Fa bn
+contains the encoding of a point on
+.Fa group .
+If
+.Fa point
+is
+.Dv NULL ,
+the result is placed in a newly allocated
+.Vt EC_POINT ,
+otherwise the result is placed in
+.Fa point
+which is then returned.
+.Fn EC_POINT_bn2point
+is equivalent to
+.Xr BN_bn2bin 3
+followed by
+.Fn EC_POINT_oct2point .
+.Pp
+.Fn EC_POINT_point2hex
+returns a printable string containing the hexadecimal encoding of
+the point encoding of type
+.Fa form
+of the
+.Fa point
+on
+.Fa group .
+The string must be freed by the caller using
+.Xr free 3 .
+.Fn EC_POINT_point2hex
+is equivalent to
+.Fn EC_POINT_point2bn
+followed by
+.Fn BN_bn2hex 3 .
+.Pp
+.Fn EC_POINT_hex2point
+interprets
+.Fa hex
+as a hexadecimal encoding of the point encoding of a point on
+.Fa group .
+If
+.Fa point
+is
+.Dv NULL ,
+the result is returned in a newly allocated
+.Vt EC_POINT ,
+otherwise the result is copied into
+.Fa point ,
+which is then returned.
+.Fn EC_POINT_hex2point
+is equivalent to
+.Xr BN_hex2bn 3
+followed by
+.Fn EC_POINT_bn2point .
+.Sh RETURN VALUES
+If
+.Fa buf
+is
+.Dv NULL ,
+.Fn EC_POINT_point2oct
+returns the length needed to encode the
+.Fa point
+on
+.Fa group ,
+or 0 on error.
+If
+.Fa buf
+is not
+.Dv NULL ,
+.Fn EC_POINT_point2oct
+returns the number of bytes written to
+.Fa buf
+or 0 on error.
+Error conditions include that
+.Fa form
+is invalid,
+.Fa len
+is too small, and memory allocation failure.
+.Pp
+.Fn EC_POINT_oct2point
+returns 1 on success and 0 on error.
+Error conditions include invalid encoding,
+.Fa buf
+does not represent a point on
+.Fa group ,
+or memory allocation failure.
+.Pp
+.Fn EC_POINT_point2bn
+returns a
+.Vt BIGNUM
+containing the encoding of
+.Fa point
+or
+.Dv NULL
+on error.
+The returned
+.Vt BIGNUM
+is either
+.Fa in_bn
+or a newly allocated one which must be freed by the caller.
+Error conditions include those of
+.Fn EC_POINT_point2oct ,
+.Xr BN_bn2bin 3 ,
+or memory allocation failure.
+.Pp
+.Fn EC_POINT_bn2point
+returns an
+.Vt EC_POINT
+corresponding to the encoding in
+.Fa bn
+or
+.Dv NULL
+on error.
+The returned
+.Vt EC_POINT
+is either
+.Fa in_point
+or a newly allocated one which must be freed by the caller.
+Error conditions include those of
+.Xr BN_bn2bin 3 ,
+.Fn EC_POINT_oct2point ,
+or memory allocation failure.
+.Pp
+.Fn EC_POINT_point2hex
+returns a newly allocated string or
+.Dv NULL
+on error.
+Error conditions include those of
+.Fn EC_POINT_point2bn
+or
+.Xr BN_bn2hex 3 .
+.Pp
+.Fn EC_POINT_hex2point
+returns an
+.Vt EC_POINT
+containing the decoded point on
+.Fa group
+or
+.Dv NULL
+on error.
+The returned
+.Vt EC_POINT
+is either
+.Fa in_point
+or a newly allocated one which must be freed by the caller.
+Error conditions are those of
+.Xr BN_hex2bn 3 ,
+or
+.Fn EC_POINT_bn2point .
+.Sh SEE ALSO
+.Xr BN_mod_sqrt 3 ,
+.Xr BN_new 3 ,
+.Xr BN_num_bits 3 ,
+.Xr crypto 3 ,
+.Xr d2i_ECPKParameters 3 ,
+.Xr EC_GROUP_check 3 ,
+.Xr EC_GROUP_get_curve_name 3 ,
+.Xr EC_GROUP_new_by_curve_name 3 ,
+.Xr EC_GROUP_new_curve_GFp 3 ,
+.Xr EC_KEY_METHOD_new 3 ,
+.Xr EC_KEY_new 3 ,
+.Xr EC_POINT_add 3 ,
+.Xr EC_POINT_get_affine_coordinates 3 ,
+.Xr EC_POINT_new 3 ,
+.Xr ECDH_compute_key 3 ,
+.Xr ECDSA_SIG_new 3
+.Sh STANDARDS
+.Rs
+.%T SEC 1: Elliptic Curve Cryptography, Version 2.0
+.%U https://www.secg.org/sec1-v2.pdf
+.%D May 21, 2009
+.Re
+.Sh HISTORY
+.Fn EC_POINT_point2oct
+and
+.Fn EC_POINT_oct2point
+first appeared in OpenSSL 0.9.7 and have been available since
+.Ox 3.2 .
+.Pp
+.Fn EC_POINT_point2bn ,
+.Fn EC_POINT_bn2point ,
+.Fn EC_POINT_point2hex ,
+and
+.Fn EC_POINT_hex2point
+first appeared in OpenSSL 0.9.8 and have been available since
+.Ox 4.5 .
+.Sh BUGS
+The
+.Vt point_conversion_form_t
+is not properly exposed in the API.
+There is no representation for the point at infinity nor is there
+an API interface for the parity bit,
+forcing applications to invent their own and do bit twiddling in buffers.
+.Pp
+The poorly chosen signatures of the functions in this manual result
+in an unergonomic API, particularly so for
+.Fn EC_POINT_point2oct
+and
+.Fn EC_POINT_oct2point .
+Due to fundamental misdesign in the EC library,
+points are not directly linked to the curve they live on.
+Adding checks that
+.Fa point
+lives on
+.Fa group
+is too expensive and intrusive, so it is and will continue to be easy
+to make the EC_POINT_point2* API output nonsense.
+.Pp
+.Fn EC_POINT_point2bn
+and
+.Fn EC_POINT_bn2point
+make no sense.
+They abuse
+.Vt BIGNUM
+as a vector type, which is in poor taste.
+.Pp
+.Fn EC_POINT_point2hex
+and
+.Fn EC_POINT_hex2point
+use a non-standard encoding format.
diff --git a/src/lib/libcrypto/man/Makefile b/src/lib/libcrypto/man/Makefile
index 9f3d448432..b8dfe86d49 100644
--- a/src/lib/libcrypto/man/Makefile
+++ b/src/lib/libcrypto/man/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.307 2025/03/08 17:12:55 tb Exp $
+# $OpenBSD: Makefile,v 1.308 2025/04/25 19:57:12 tb Exp $
 
 .include <bsd.own.mk>
 
@@ -133,12 +133,16 @@ MAN=	\
         DSA_size.3 \
         ECDH_compute_key.3 \
         ECDSA_SIG_new.3 \
-        EC_GROUP_copy.3 \
-        EC_GROUP_new.3 \
+        EC_GROUP_check.3 \
+        EC_GROUP_get_curve_name.3 \
+        EC_GROUP_new_by_curve_name.3 \
+        EC_GROUP_new_curve_GFp.3 \
         EC_KEY_METHOD_new.3 \
         EC_KEY_new.3 \
         EC_POINT_add.3 \
+        EC_POINT_get_affine_coordinates.3 \
         EC_POINT_new.3 \
+        EC_POINT_point2oct.3 \
         ENGINE_new.3 \
         ERR.3 \
         ERR_GET_LIB.3 \