From: Dmitry Belyavskiy <beldmit@gmail.com>
Date: Mon, 12 Aug 2024 12:42:59 +0000 (+0200)
Subject: Improve the EVP_PKEY_CTX_set_kem_op() documentation
X-Git-Tag: openssl-3.4.0-alpha1~146
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12ba471c29c3604d4440545efe2efe832992a8ff;p=thirdparty%2Fopenssl.git

Improve the EVP_PKEY_CTX_set_kem_op() documentation

Fixes #25142

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/25164)
---

diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
index 21ae20adb05..8ef9f4697ee 100644
--- a/doc/man3/EVP_PKEY_CTX_ctrl.pod
+++ b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -651,10 +651,12 @@ returns the previously set ID value to caller in I<id>. The caller should
 allocate adequate memory space for the I<id> before calling EVP_PKEY_CTX_get1_id().
 
 EVP_PKEY_CTX_set_kem_op() sets the KEM operation to run. This can be set after
-EVP_PKEY_encapsulate_init() or EVP_PKEY_decapsulate_init() to select the
-kem operation. RSA is the only key type that supports encapsulation currently,
-and as there is no default operation for the RSA type, this function must be
-called before EVP_PKEY_encapsulate() or EVP_PKEY_decapsulate().
+EVP_PKEY_encapsulate_init() or EVP_PKEY_decapsulate_init() to select the kem
+operation. For the key types that support encapsulation and don't have the
+default operation, e.g. RSA, this function must be called before
+EVP_PKEY_encapsulate() or EVP_PKEY_decapsulate(). The supported values for the
+built-in algorithms are enumerated in L<EVP_KEM-RSA(7)>, L<EVP_KEM-EC(7)>,
+L<EVP_KEM-X25519(7)>, and L<EVP_KEM-X448(7)>.
 
 =head1 RETURN VALUES