Make it clear that you can't use all ciphers for CMAC

Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11972)
author: Matt Caswell <matt@openssl.org> 2020-05-27 11:50:05 +0100
committer: Matt Caswell <matt@openssl.org> 2020-06-10 12:58:26 +0100
commit: 5cff2df8cedd7b8185756df216f16a213fb22637 (patch)
tree: 2b95ac51ca6afd00f394d8ffae4be25b1eff7737 /doc
parent: a370ff8daa31f5030fb12e298730bbecf69c7e09 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/doc/man3/EVP_PKEY_new.pod b/doc/man3/EVP_PKEY_new.pod
index 3efab95671..ff5744bebd 100644
--- a/doc/man3/EVP_PKEY_new.pod
+++ b/doc/man3/EVP_PKEY_new.pod
@@ -96,7 +96,8 @@ B<EVP_PKEY_X25519>, B<EVP_PKEY_ED25519>, B<EVP_PKEY_X448> or B<EVP_PKEY_ED448>.
 EVP_PKEY_new_CMAC_key() works in the same way as EVP_PKEY_new_raw_private_key()
 except it is only for the B<EVP_PKEY_CMAC> algorithm type. In addition to the
 raw private key data, it also takes a cipher algorithm to be used during
-creation of a CMAC in the B<cipher> argument.
+creation of a CMAC in the B<cipher> argument. The cipher should be a standard
+encryption only cipher. For example AEAD and XTS ciphers should not be used.
 
 EVP_PKEY_new_mac_key() works in the same way as EVP_PKEY_new_raw_private_key().
 New applications should use EVP_PKEY_new_raw_private_key() instead.
author	Matt Caswell <matt@openssl.org>	2020-05-27 11:50:05 +0100
committer	Matt Caswell <matt@openssl.org>	2020-06-10 12:58:26 +0100
commit	5cff2df8cedd7b8185756df216f16a213fb22637 (patch)
tree	2b95ac51ca6afd00f394d8ffae4be25b1eff7737 /doc
parent	a370ff8daa31f5030fb12e298730bbecf69c7e09 (diff)