Merging upstream version 4.23.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

1 files changed, 24 insertions, 4 deletions

diff --git a/upstream/debian-unstable/man3/PKCS12_create.3ssl b/upstream/debian-unstable/man3/PKCS12_create.3ssl
index 61a5aa33..847037c1 100644
--- a/upstream/debian-unstable/man3/PKCS12_create.3ssl
+++ b/upstream/debian-unstable/man3/PKCS12_create.3ssl
@@ -55,13 +55,13 @@
 .\" ========================================================================
 .\"
 .IX Title "PKCS12_CREATE 3SSL"
-.TH PKCS12_CREATE 3SSL 2024-02-03 3.1.5 OpenSSL
+.TH PKCS12_CREATE 3SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
 .nh
 .SH NAME
-PKCS12_create, PKCS12_create_ex \- create a PKCS#12 structure
+PKCS12_create, PKCS12_create_ex, PKCS12_create_cb, PKCS12_create_ex2 \- create a PKCS#12 structure
 .SH SYNOPSIS
 .IX Header "SYNOPSIS"
 .Vb 1
@@ -74,9 +74,17 @@ PKCS12_create, PKCS12_create_ex \- create a PKCS#12 structure
 \&                          X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
 \&                          int iter, int mac_iter, int keytype,
 \&                          OSSL_LIB_CTX *ctx, const char *propq);
+\&
+\& typedef int PKCS12_create_cb(PKCS12_SAFEBAG *bag, void *cbarg);
+\&
+\& PKCS12 *PKCS12_create_ex2(const char *pass, const char *name, EVP_PKEY *pkey,
+\&                           X509 *cert, STACK_OF(X509) *ca, int nid_key, int nid_cert,
+\&                           int iter, int mac_iter, int keytype,
+\&                           OSSL_LIB_CTX *ctx, const char *propq,
+\&                           PKCS12_create_cb *cb, void *cbarg);
+\&=head1 DESCRIPTION
 .Ve
-.SH DESCRIPTION
-.IX Header "DESCRIPTION"
+.PP
 \&\fBPKCS12_create()\fR creates a PKCS#12 structure.
 .PP
 \&\fIpass\fR is the passphrase to use. \fIname\fR is the \fBfriendlyName\fR to use for
@@ -92,6 +100,14 @@ iteration count to use and \fImac_iter\fR is the MAC iteration count to use.
 .PP
 \&\fBPKCS12_create_ex()\fR is identical to \fBPKCS12_create()\fR but allows for a library context
 \&\fIctx\fR and property query \fIpropq\fR to be used to select algorithm implementations.
+.PP
+\&\fBPKCS12_create_ex2()\fR is identical to \fBPKCS12_create_ex()\fR but allows for a user defined
+callback \fIcb\fR of type \fBPKCS12_create_cb\fR to be specified and also allows for an 
+optional argument \fIcbarg\fR to be passed back to the callback.
+.PP
+The \fIcb\fR if specified will be called for every safebag added to the
+PKCS12 structure and allows for optional application processing on the associated
+safebag. For example one such use could be to add attributes to the safebag.
 .SH NOTES
 .IX Header "NOTES"
 The parameters \fInid_key\fR, \fInid_cert\fR, \fIiter\fR, \fImac_iter\fR and \fIkeytype\fR
@@ -139,6 +155,9 @@ is not a FIPS approvable algorithm.
 \&\fBPKCS12_create()\fR makes assumptions regarding the encoding of the given pass
 phrase.
 See \fBpassphrase\-encoding\fR\|(7) for more information.
+.PP
+If \fIcb\fR is specified, then it should return 1 for success and \-1 for a fatal error.
+A return of 0 is intended to mean to not add the bag after all.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
 \&\fBPKCS12_create()\fR returns a valid \fBPKCS12\fR structure or NULL if an error occurred.
@@ -154,6 +173,7 @@ IETF RFC 7292 (<https://tools.ietf.org/html/rfc7292>)
 .SH HISTORY
 .IX Header "HISTORY"
 \&\fBPKCS12_create_ex()\fR was added in OpenSSL 3.0.
+\&\fBPKCS12_create_ex2()\fR was added in OpenSSL 3.2.
 .PP
 The defaults for encryption algorithms, MAC algorithm, and the MAC key
 derivation iteration count were changed in OpenSSL 3.0 to more modern