1 files changed, 50 insertions, 0 deletions

diff --git a/doc/internal/man3/evp_keymgmt_export_to_provider.pod b/doc/internal/man3/evp_keymgmt_export_to_provider.pod
new file mode 100644
index 0000000000..51234bd609
--- /dev/null
+++ b/doc/internal/man3/evp_keymgmt_export_to_provider.pod
@@ -0,0 +1,50 @@
+=pod
+
+=head1 NAME
+
+evp_keymgmt_export_to_provider - key material exporter to providers for EVP
+
+=head1 SYNOPSIS
+
+ #include "internal/evp_int.h"
+
+ void *evp_keymgmt_export_to_provider(EVP_PKEY *pk, EVP_KEYMGMT *keymgmt);
+
+=head1 DESCRIPTION
+
+evp_keymgmt_export_to_provider() exports the key material from the
+given key I<pk> to a provider via a B<EVP_KEYMGMT> interface, if this
+hasn't already been done.
+It maintains a cache of provider key references in I<pk> to keep track
+of all such exports.
+
+If I<pk> has an assigned legacy key, a check is done to see if any of
+its key material has changed since last export, i.e. the legacy key's
+is_dirty() method returns 1.
+If it has, the cache of already exported keys is cleared, and a new
+export is made with the new key material.
+
+=head1 RETURN VALUES
+
+evp_keymgmt_export_to_provider() returns a pointer to the newly
+created provider side key, or NULL on error.
+
+=head1 NOTES
+
+"Legacy key" is the term used for any key that has been assigned to an
+B<EVP_PKEY> with EVP_PKEY_assign_RSA() and similar functions.
+
+=head1 SEE ALSO
+
+L<EVP_PKEY_ASN1_METHOD(3)>, L<EVP_PKEY_assign_RSA(3)>
+
+=head1 COPYRIGHT
+
+Copyright 2019 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut