1 files changed, 31 insertions, 5 deletions

diff --git a/upstream/debian-unstable/man7/provider-keymgmt.7ssl b/upstream/debian-unstable/man7/provider-keymgmt.7ssl
index e582229d..a5cd3c41 100644
--- a/upstream/debian-unstable/man7/provider-keymgmt.7ssl
+++ b/upstream/debian-unstable/man7/provider-keymgmt.7ssl
@@ -55,7 +55,7 @@
 .\" ========================================================================
 .\"
 .IX Title "PROVIDER-KEYMGMT 7SSL"
-.TH PROVIDER-KEYMGMT 7SSL 2024-02-03 3.1.5 OpenSSL
+.TH PROVIDER-KEYMGMT 7SSL 2024-04-04 3.2.2-dev OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -107,9 +107,11 @@ provider\-keymgmt \- The KEYMGMT library <\-> provider functions
 \& /* Key object import and export functions */
 \& int OSSL_FUNC_keymgmt_import(void *keydata, int selection, const OSSL_PARAM params[]);
 \& const OSSL_PARAM *OSSL_FUNC_keymgmt_import_types(int selection);
+\& const OSSL_PARAM *OSSL_FUNC_keymgmt_import_types_ex(void *provctx, int selection);
 \& int OSSL_FUNC_keymgmt_export(void *keydata, int selection,
 \&                              OSSL_CALLBACK *param_cb, void *cbarg);
 \& const OSSL_PARAM *OSSL_FUNC_keymgmt_export_types(int selection);
+\& const OSSL_PARAM *OSSL_FUNC_keymgmt_export_types_ex(void *provctx, int selection);
 \&
 \& /* Key object duplication, a constructor */
 \& void *OSSL_FUNC_keymgmt_dup(const void *keydata_from, int selection);
@@ -177,8 +179,10 @@ macros in \fBopenssl\-core_dispatch.h\fR\|(7), as follows:
 \&
 \& OSSL_FUNC_keymgmt_import               OSSL_FUNC_KEYMGMT_IMPORT
 \& OSSL_FUNC_keymgmt_import_types         OSSL_FUNC_KEYMGMT_IMPORT_TYPES
+\& OSSL_FUNC_keymgmt_import_types_ex      OSSL_FUNC_KEYMGMT_IMPORT_TYPES_EX
 \& OSSL_FUNC_keymgmt_export               OSSL_FUNC_KEYMGMT_EXPORT
 \& OSSL_FUNC_keymgmt_export_types         OSSL_FUNC_KEYMGMT_EXPORT_TYPES
+\& OSSL_FUNC_keymgmt_export_types_ex      OSSL_FUNC_KEYMGMT_EXPORT_TYPES_EX
 \&
 \& OSSL_FUNC_keymgmt_dup                  OSSL_FUNC_KEYMGMT_DUP
 .Ve
@@ -366,13 +370,25 @@ by the implementation of this function.
 from \fIkeydata\fR, create an \fBOSSL_PARAM\fR\|(3) array with them and call
 \&\fIparam_cb\fR with that array as well as the given \fIcbarg\fR.
 .PP
-\&\fBOSSL_FUNC_keymgmt_import_types()\fR should return a constant array of descriptor
+\&\fBOSSL_FUNC_keymgmt_import_types()\fR and \fBOSSL_FUNC_keymgmt_import_types_ex()\fR
+should return a constant array of descriptor
 \&\fBOSSL_PARAM\fR\|(3) for data indicated by \fIselection\fR, for parameters that
 \&\fBOSSL_FUNC_keymgmt_import()\fR can handle.
-.PP
-\&\fBOSSL_FUNC_keymgmt_export_types()\fR should return a constant array of descriptor
+Either \fBOSSL_FUNC_keymgmt_import_types()\fR or \fBOSSL_FUNC_keymgmt_import_types_ex()\fR,
+must be implemented, if \fBOSSL_FUNC_keymgmt_import_types_ex()\fR is implemented, then
+it is preferred over \fBOSSL_FUNC_keymgmt_import_types()\fR.
+Providers that are supposed to be backward compatible with OpenSSL 3.0 or 3.1
+must continue to implement \fBOSSL_FUNC_keymgmt_import_types()\fR.
+.PP
+\&\fBOSSL_FUNC_keymgmt_export_types()\fR and \fBOSSL_FUNC_keymgmt_export_types_ex()\fR
+should return a constant array of descriptor
 \&\fBOSSL_PARAM\fR\|(3) for data indicated by \fIselection\fR, that the
 \&\fBOSSL_FUNC_keymgmt_export()\fR callback can expect to receive.
+Either \fBOSSL_FUNC_keymgmt_export_types()\fR or \fBOSSL_FUNC_keymgmt_export_types_ex()\fR,
+must be implemented, if \fBOSSL_FUNC_keymgmt_export_types_ex()\fR is implemented, then
+it is preferred over \fBOSSL_FUNC_keymgmt_export_types()\fR.
+Providers that are supposed to be backward compatible with OpenSSL 3.0 or 3.1
+must continue to implement \fBOSSL_FUNC_keymgmt_export_types()\fR.
 .PP
 \&\fBOSSL_FUNC_keymgmt_dup()\fR should duplicate data subsets indicated by
 \&\fIselection\fR or the whole key data \fIkeydata_from\fR and create a new
@@ -396,6 +412,9 @@ the result of asymmetric encryption / decryption (\fIout\fR in
 \&\fBprovider\-asym_cipher\fR\|(7), a derived secret (\fIsecret\fR in
 \&\fBprovider\-keyexch\fR\|(7), and similar data).
 .Sp
+Providers need to implement this parameter
+in order to properly support various use cases such as CMS signing.
+.Sp
 Because an EVP_KEYMGMT method is always tightly bound to another method
 (signature, asymmetric cipher, key exchange, ...) and must be of the
 same provider, this number only needs to be synchronised with the
@@ -451,11 +470,15 @@ the requested operation, or NULL if the same name used to fetch the keymgmt
 applies.
 .PP
 \&\fBOSSL_FUNC_keymgmt_gettable_params()\fR and \fBOSSL_FUNC_keymgmt_settable_params()\fR
-\&\fBOSSL_FUNC_keymgmt_import_types()\fR, \fBOSSL_FUNC_keymgmt_export_types()\fR
+\&\fBOSSL_FUNC_keymgmt_import_types()\fR, \fBOSSL_FUNC_keymgmt_import_types_ex()\fR,
+\&\fBOSSL_FUNC_keymgmt_export_types()\fR, \fBOSSL_FUNC_keymgmt_export_types_ex()\fR
 should
 always return a constant \fBOSSL_PARAM\fR\|(3) array.
 .SH "SEE ALSO"
 .IX Header "SEE ALSO"
+\&\fBEVP_PKEY_get_size\fR\|(3),
+\&\fBEVP_PKEY_get_bits\fR\|(3),
+\&\fBEVP_PKEY_get_security_bits\fR\|(3),
 \&\fBprovider\fR\|(7),
 \&\fBEVP_PKEY\-X25519\fR\|(7), \fBEVP_PKEY\-X448\fR\|(7), \fBEVP_PKEY\-ED25519\fR\|(7),
 \&\fBEVP_PKEY\-ED448\fR\|(7), \fBEVP_PKEY\-EC\fR\|(7), \fBEVP_PKEY\-RSA\fR\|(7),
@@ -463,6 +486,9 @@ always return a constant \fBOSSL_PARAM\fR\|(3) array.
 .SH HISTORY
 .IX Header "HISTORY"
 The KEYMGMT interface was introduced in OpenSSL 3.0.
+.PP
+Functions \fBOSSL_FUNC_keymgmt_import_types_ex()\fR, and \fBOSSL_FUNC_keymgmt_export_types_ex()\fR
+were added with OpenSSL 3.2.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
 Copyright 2019\-2024 The OpenSSL Project Authors. All Rights Reserved.