1 files changed, 9 insertions, 1 deletions

diff --git a/upstream/debian-unstable/man7/provider-asym_cipher.7ssl b/upstream/debian-unstable/man7/provider-asym_cipher.7ssl
index ddcd6000..3ccaf5b1 100644
--- a/upstream/debian-unstable/man7/provider-asym_cipher.7ssl
+++ b/upstream/debian-unstable/man7/provider-asym_cipher.7ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PROVIDER-ASYM_CIPHER 7SSL"
-.TH PROVIDER-ASYM_CIPHER 7SSL 2024-02-03 3.1.5 OpenSSL
+.TH PROVIDER-ASYM_CIPHER 7SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -277,6 +277,14 @@ The TLS protocol version first requested by the client.
 .IP """tls-negotiated-version"" (\fBOSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION\fR) <unsigned integer>" 4
 .IX Item """tls-negotiated-version"" (OSSL_ASYM_CIPHER_PARAM_TLS_CLIENT_VERSION) <unsigned integer>"
 The negotiated TLS protocol version.
+.IP """implicit-rejection"" (\fBOSSL_PKEY_PARAM_IMPLICIT_REJECTION\fR) <unsigned integer>" 4
+.IX Item """implicit-rejection"" (OSSL_PKEY_PARAM_IMPLICIT_REJECTION) <unsigned integer>"
+Gets of sets the use of the implicit rejection mechanism for RSA PKCS#1 v1.5
+decryption. When set (non zero value), the decryption API will return
+a deterministically random value if the PKCS#1 v1.5 padding check fails.
+This makes exploitation of the Bleichenbacher significantly harder, even
+if the code using the RSA decryption API is not implemented in side-channel
+free manner. Set by default.
 .PP
 \&\fBOSSL_FUNC_asym_cipher_gettable_ctx_params()\fR and \fBOSSL_FUNC_asym_cipher_settable_ctx_params()\fR
 get a constant \fBOSSL_PARAM\fR\|(3) array that describes the gettable and settable