-operations. By modifying the method, alternative implementations
-such as hardware accelerators may be used.
-
-Initially, the default is to use the OpenSSL internal implementation,
-unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL>
-options. RSA_PKCS1_SSLeay() returns a pointer to that method.
-
-RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref
-library. This is the default method in the C<rsaref> configuration;
-the function is not available in other configurations.
-RSA_null_method() returns a pointer to a method that does not support
-the RSA transformation. It is the default if OpenSSL is compiled with
-C<-DRSA_NULL>. These methods may be useful in the USA because of a
-patent on the RSA cryptosystem.
-
-RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA>
-structures created later. B<NB:> This is true only whilst the default engine
-for RSA operations remains as "openssl". ENGINEs provide an
-encapsulation for implementations of one or more algorithms at a time, and all
-the RSA functions mentioned here operate within the scope of the default
-"openssl" engine.
-
-RSA_get_default_openssl_method() returns a pointer to the current default
-method for the "openssl" engine.
-
-RSA_set_method() selects B<engine> for all operations using the key
-B<rsa>.
+operations. By modifying the method, alternative implementations such as
+hardware accelerators may be used. IMPORTANT: See the NOTES section for
+important information about how these RSA API functions are affected by the
+use of B<ENGINE> API calls.
+
+Initially, the default RSA_METHOD is the OpenSSL internal implementation,
+as returned by RSA_PKCS1_SSLeay().
+
+RSA_set_default_method() makes B<meth> the default method for all RSA
+structures created later. B<NB>: This is true only whilst no ENGINE has
+been set as a default for RSA, so this function is no longer recommended.
+
+RSA_get_default_method() returns a pointer to the current default
+RSA_METHOD. However, the meaningfulness of this result is dependent on
+whether the ENGINE API is being used, so this function is no longer
+recommended.
+
+RSA_set_method() selects B<meth> to perform all operations using the key
+B<rsa>. This will replace the RSA_METHOD used by the RSA key and if the
+previous method was supplied by an ENGINE, the handle to that ENGINE will
+be released during the change. It is possible to have RSA keys that only
+work with certain RSA_METHOD implementations (eg. from an ENGINE module
+that supports embedded hardware-protected keys), and in such cases
+attempting to change the RSA_METHOD for the key can have unexpected
+results.
+
+RSA_get_method() returns a pointer to the RSA_METHOD being used by B<rsa>.
+This method may or may not be supplied by an ENGINE implementation, but if
+it is, the return value can only be guaranteed to be valid as long as the
+RSA key itself is valid and does not have its implementation changed by
+RSA_set_method().
+
+RSA_flags() returns the B<flags> that are set for B<rsa>'s current
+RSA_METHOD. See the BUGS section.