Fix CMS encryption with key agreement when originator set

OpenSSL currently does not support encryption with originator flag so it should fail nicely instead of segfaulting. Reviewed-by: Hugo Landau <hlandau@devever.net> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26014)
author: Jakub Zelenka <jakub.openssl@gmail.com> 2024-12-13 13:48:23 +0100
committer: Tomas Mraz <tomas@openssl.org> 2025-01-06 11:45:02 +0100
commit: 894e69e747a93a1f166891f5f029b78c68088f50 (patch)
tree: 534fd41ba52ecf17cb52fe47500e9b26f90a328d /doc
parent: Fix originator cert leak in cms app (diff)
download: openssl-894e69e747a93a1f166891f5f029b78c68088f50.tar.xz
openssl-894e69e747a93a1f166891f5f029b78c68088f50.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man1/openssl-cms.pod.in b/doc/man1/openssl-cms.pod.in
index 9b6fd2a134..c1066039fe 100644
--- a/doc/man1/openssl-cms.pod.in
+++ b/doc/man1/openssl-cms.pod.in
@@ -390,7 +390,8 @@ See L<openssl-format-options(1)> for details.
 =item B<-originator> I<file>
 
 A certificate of the originator of the encrypted message. Necessary for
-decryption when Key Agreement is in use for a shared key.
+decryption when Key Agreement is in use for a shared key. Currently, not
+allowed for encryption.
 
 =item B<-recip> I<file>
author	Jakub Zelenka <jakub.openssl@gmail.com>	2024-12-13 13:48:23 +0100
committer	Tomas Mraz <tomas@openssl.org>	2025-01-06 11:45:02 +0100
commit	894e69e747a93a1f166891f5f029b78c68088f50 (patch)
tree	534fd41ba52ecf17cb52fe47500e9b26f90a328d /doc
parent	Fix originator cert leak in cms app (diff)
download	openssl-894e69e747a93a1f166891f5f029b78c68088f50.tar.xz openssl-894e69e747a93a1f166891f5f029b78c68088f50.zip