1 files changed, 29 insertions, 26 deletions

diff --git a/secure/lib/libcrypto/man/man7/provider-keymgmt.7 b/secure/lib/libcrypto/man/man7/provider-keymgmt.7
index 655da73d2284..0791275da775 100644
--- a/secure/lib/libcrypto/man/man7/provider-keymgmt.7
+++ b/secure/lib/libcrypto/man/man7/provider-keymgmt.7
@@ -1,5 +1,5 @@
 .\" -*- mode: troff; coding: utf-8 -*-
-.\" Automatically generated by Pod::Man 5.0102 (Pod::Simple 3.45)
+.\" Automatically generated by Pod::Man v6.0.2 (Pod::Simple 3.45)
 .\"
 .\" Standard preamble:
 .\" ========================================================================
@@ -52,10 +52,13 @@
 .    \}
 .\}
 .rr rF
+.\"
+.\" Required to disable full justification in groff 1.23.0.
+.if n .ds AD l
 .\" ========================================================================
 .\"
 .IX Title "PROVIDER-KEYMGMT 7ossl"
-.TH PROVIDER-KEYMGMT 7ossl 2025-09-30 3.5.4 OpenSSL
+.TH PROVIDER-KEYMGMT 7ossl 2026-04-07 3.5.6 OpenSSL
 .\" For nroff, turn off justification.  Always turn off hyphenation; it makes
 .\" way too many mistakes in technical documents.
 .if n .ad l
@@ -124,8 +127,8 @@ provider\-keymgmt \- The KEYMGMT library <\-> provider functions
 .Ve
 .SH DESCRIPTION
 .IX Header "DESCRIPTION"
-The KEYMGMT operation doesn't have much public visibility in OpenSSL
-libraries, it's rather an internal operation that's designed to work
+The KEYMGMT operation doesn\*(Aqt have much public visibility in OpenSSL
+libraries, it\*(Aqs rather an internal operation that\*(Aqs designed to work
 in tandem with operations that use private/public key pairs.
 .PP
 Because the KEYMGMT operation shares knowledge with the operations it
@@ -137,7 +140,7 @@ provider side key data for the OpenSSL library EVP_PKEY structure.
 .PP
 All "functions" mentioned here are passed as function pointers between
 \&\fIlibcrypto\fR and the provider in \fBOSSL_DISPATCH\fR\|(3) arrays via
-\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider's
+\&\fBOSSL_ALGORITHM\fR\|(3) arrays that are returned by the provider\*(Aqs
 \&\fBprovider_query_operation()\fR function
 (see "Provider Functions" in \fBprovider\-base\fR\|(7)).
 .PP
@@ -204,7 +207,7 @@ interface that we document here can be passed as is to other provider
 operations, such as \fBOP_signature_sign_init()\fR (see
 \&\fBprovider\-signature\fR\|(7)).
 .PP
-With some of the KEYMGMT functions, it's possible to select a specific
+With some of the KEYMGMT functions, it\*(Aqs possible to select a specific
 subset of data to handle, governed by the bits in a \fIselection\fR
 indicator.  The bits are:
 .IP \fBOSSL_KEYMGMT_SELECT_PRIVATE_KEY\fR 4
@@ -224,7 +227,7 @@ considered.
 Indicating that other parameters in a key object should be
 considered.
 .Sp
-Other parameters are key parameters that don't fit any other
+Other parameters are key parameters that don\*(Aqt fit any other
 classification.  In other words, this particular selector bit works as
 a last resort bit bucket selector.
 .PP
@@ -250,7 +253,7 @@ Indicating that everything in a key object should be considered.
 The exact interpretation of those bits or how they combine is left to
 each function where you can specify a selector.
 .PP
-It's left to the provider implementation to decide what is reasonable
+It\*(Aqs left to the provider implementation to decide what is reasonable
 to do with regards to received selector bits and how to do it.
 Among others, an implementation of \fBOSSL_FUNC_keymgmt_match()\fR might opt
 to not compare the private half if it has compared the public half,
@@ -341,7 +344,7 @@ must also be present, and vice versa.
 supported algorithm for the operation \fIoperation_id\fR.  This is
 similar to \fBprovider_query_operation()\fR (see \fBprovider\-base\fR\|(7)),
 but only works as an advisory.  If this function is not present, or
-returns NULL, the caller is free to assume that there's an algorithm
+returns NULL, the caller is free to assume that there\*(Aqs an algorithm
 from the same provider, of the same name as the one used to fetch the
 keymgmt and try to use that.
 .PP
@@ -410,14 +413,14 @@ provider side key object with the data.
 .IX Subsection "Common Information Parameters"
 See \fBOSSL_PARAM\fR\|(3) for further details on the parameters structure.
 .PP
-Common information parameters currently recognised by all built-in
+Common information parameters currently recognised by all built\-in
 keymgmt algorithms are as follows:
 .IP """bits"" (\fBOSSL_PKEY_PARAM_BITS\fR) <integer>" 4
 .IX Item """bits"" (OSSL_PKEY_PARAM_BITS) <integer>"
 The value should be the cryptographic length of the cryptosystem to
 which the key belongs, in bits.  The definition of cryptographic
 length is specific to the key cryptosystem.
-.IP """max-size"" (\fBOSSL_PKEY_PARAM_MAX_SIZE\fR) <integer>" 4
+.IP """max\-size"" (\fBOSSL_PKEY_PARAM_MAX_SIZE\fR) <integer>" 4
 .IX Item """max-size"" (OSSL_PKEY_PARAM_MAX_SIZE) <integer>"
 The value should be the maximum size that a caller should allocate to
 safely store a signature (called \fIsig\fR in \fBprovider\-signature\fR\|(7)),
@@ -432,28 +435,28 @@ Because an EVP_KEYMGMT method is always tightly bound to another method
 (signature, asymmetric cipher, key exchange, ...) and must be of the
 same provider, this number only needs to be synchronised with the
 dimensions handled in the rest of the same provider.
-.IP """security-bits"" (\fBOSSL_PKEY_PARAM_SECURITY_BITS\fR) <integer>" 4
+.IP """security\-bits"" (\fBOSSL_PKEY_PARAM_SECURITY_BITS\fR) <integer>" 4
 .IX Item """security-bits"" (OSSL_PKEY_PARAM_SECURITY_BITS) <integer>"
 The value should be the number of security bits of the given key.
 Bits of security is defined in SP800\-57.
-.IP """mandatory-digest"" (\fBOSSL_PKEY_PARAM_MANDATORY_DIGEST\fR) <UTF8 string>" 4
+.IP """mandatory\-digest"" (\fBOSSL_PKEY_PARAM_MANDATORY_DIGEST\fR) <UTF8 string>" 4
 .IX Item """mandatory-digest"" (OSSL_PKEY_PARAM_MANDATORY_DIGEST) <UTF8 string>"
 If there is a mandatory digest for performing a signature operation with
 keys from this keymgmt, this parameter should get its name as value.
 .Sp
-When \fBEVP_PKEY_get_default_digest_name()\fR queries this parameter and it's
+When \fBEVP_PKEY_get_default_digest_name()\fR queries this parameter and it\*(Aqs
 filled in by the implementation, its return value will be 2.
 .Sp
 If the keymgmt implementation fills in the value \f(CW""\fR or \f(CW"UNDEF"\fR,
 \&\fBEVP_PKEY_get_default_digest_name\fR\|(3) will place the string \f(CW"UNDEF"\fR into
 its argument \fImdname\fR.  This signifies that no digest should be specified
 with the corresponding signature operation.
-.IP """default-digest"" (\fBOSSL_PKEY_PARAM_DEFAULT_DIGEST\fR) <UTF8 string>" 4
+.IP """default\-digest"" (\fBOSSL_PKEY_PARAM_DEFAULT_DIGEST\fR) <UTF8 string>" 4
 .IX Item """default-digest"" (OSSL_PKEY_PARAM_DEFAULT_DIGEST) <UTF8 string>"
 If there is a default digest for performing a signature operation with
 keys from this keymgmt, this parameter should get its name as value.
 .Sp
-When \fBEVP_PKEY_get_default_digest_name\fR\|(3) queries this parameter and it's
+When \fBEVP_PKEY_get_default_digest_name\fR\|(3) queries this parameter and it\*(Aqs
 filled in by the implementation, its return value will be 1.  Note that if
 \&\fBOSSL_PKEY_PARAM_MANDATORY_DIGEST\fR is responded to as well,
 \&\fBEVP_PKEY_get_default_digest_name\fR\|(3) ignores the response to this
@@ -466,28 +469,28 @@ with the corresponding signature operation, but may be specified as an
 option.
 .PP
 The OpenSSL FIPS provider also supports the following parameters:
-.IP """fips-indicator"" (\fBOSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
+.IP """fips\-indicator"" (\fBOSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR\fR) <integer>" 4
 .IX Item """fips-indicator"" (OSSL_PKEY_PARAM_FIPS_APPROVED_INDICATOR) <integer>"
 A getter that returns 1 if the operation is FIPS approved, or 0 otherwise.
 This may be used after calling \fBOSSL_FUNC_keymgmt_gen()\fR function. It may
-return 0 if either the "key-check", or "sign-check" are set to 0.
-.IP """key-check"" (\fBOSSL_PKEY_PARAM_FIPS_KEY_CHECK\fR) <integer>" 4
+return 0 if either the "key\-check", or "sign\-check" are set to 0.
+.IP """key\-check"" (\fBOSSL_PKEY_PARAM_FIPS_KEY_CHECK\fR) <integer>" 4
 .IX Item """key-check"" (OSSL_PKEY_PARAM_FIPS_KEY_CHECK) <integer>"
 If required this parameter should be set using \fBOSSL_FUNC_keymgmt_gen_set_params()\fR
 or \fBOSSL_FUNC_keymgmt_gen_init()\fR.
 The default value of 1 causes an error during the init if the key is not FIPS
 approved (e.g. The key has a security strength of less than 112 bits). Setting
-this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option breaks FIPS compliance if it causes the approved "fips-indicator"
+this to 0 will ignore the error and set the approved "fips\-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips\-indicator"
 to return 0.
-.IP """sign-check"" (\fBOSSL_PKEY_PARAM_FIPS_SIGN_CHECK\fR) <integer>" 4
+.IP """sign\-check"" (\fBOSSL_PKEY_PARAM_FIPS_SIGN_CHECK\fR) <integer>" 4
 .IX Item """sign-check"" (OSSL_PKEY_PARAM_FIPS_SIGN_CHECK) <integer>"
 If required this parameter should be set before the \fBOSSL_FUNC_keymgmt_gen()\fR
 function. This value is not supported by all keygen algorithms.
 The default value of 1 will cause an error if the generated key is not
 allowed to be used for signing.
-Setting this to 0 will ignore the error and set the approved "fips-indicator" to 0.
-This option breaks FIPS compliance if it causes the approved "fips-indicator"
+Setting this to 0 will ignore the error and set the approved "fips\-indicator" to 0.
+This option breaks FIPS compliance if it causes the approved "fips\-indicator"
 to return 0.
 .SH "RETURN VALUES"
 .IX Header "RETURN VALUES"
@@ -539,9 +542,9 @@ were added with OpenSSL 3.2.
 The functions \fBOSSL_FUNC_keymgmt_gen_get_params()\fR and
 \&\fBOSSL_FUNC_keymgmt_gen_gettable_params()\fR were added in OpenSSL 3.4.
 .PP
-The parameters "sign-check" and "fips-indicator" were added in OpenSSL 3.4.
+The parameters "sign\-check" and "fips\-indicator" were added in OpenSSL 3.4.
 .PP
-Support for the \fBML-DSA\fR, \fBML-KEM\fR and \fBSLH-DSA\fR algorithms was added in OpenSSL 3.5.
+Support for the \fBML\-DSA\fR, \fBML\-KEM\fR and \fBSLH\-DSA\fR algorithms was added in OpenSSL 3.5.
 .SH COPYRIGHT
 .IX Header "COPYRIGHT"
 Copyright 2019\-2025 The OpenSSL Project Authors. All Rights Reserved.