Improve the EVP_PKEY_CTX_set_kem_op() documentation

Fixes openssl#25142 Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Shane Lontis <[email protected]> (Merged from openssl#25164)
siemens · Aug 14, 2024 · 12ba471 · 12ba471
1 parent 21bcae6
commit 12ba471
Showing 1 changed file with 6 additions and 4 deletions.
diff --git a/doc/man3/EVP_PKEY_CTX_ctrl.pod b/doc/man3/EVP_PKEY_CTX_ctrl.pod
@@ -651,10 +651,12 @@ returns the previously set ID value to caller in I<id>. The caller should
 allocate adequate memory space for the I<id> before calling EVP_PKEY_CTX_get1_id().
 
 EVP_PKEY_CTX_set_kem_op() sets the KEM operation to run. This can be set after
-EVP_PKEY_encapsulate_init() or EVP_PKEY_decapsulate_init() to select the
-kem operation. RSA is the only key type that supports encapsulation currently,
-and as there is no default operation for the RSA type, this function must be
-called before EVP_PKEY_encapsulate() or EVP_PKEY_decapsulate().
+EVP_PKEY_encapsulate_init() or EVP_PKEY_decapsulate_init() to select the kem
+operation. For the key types that support encapsulation and don't have the
+default operation, e.g. RSA, this function must be called before
+EVP_PKEY_encapsulate() or EVP_PKEY_decapsulate(). The supported values for the
+built-in algorithms are enumerated in L<EVP_KEM-RSA(7)>, L<EVP_KEM-EC(7)>,
+L<EVP_KEM-X25519(7)>, and L<EVP_KEM-X448(7)>.
 
 =head1 RETURN VALUES