From ceca680f1294d55251e7f8ace1ce291e4fd6255c Mon Sep 17 00:00:00 2001
From: lacatoire <la.catoire@gmail.com>
Date: Thu, 5 Feb 2026 12:36:22 +0100
Subject: [PATCH] Fix OPENSSL_RAW_DATA description for encrypt/decrypt

Fixes #3826
---
 reference/openssl/constants.xml                 |  8 ++++----
 reference/openssl/functions/openssl-decrypt.xml | 12 +++++++++---
 reference/openssl/functions/openssl-encrypt.xml | 11 ++++++++---
 3 files changed, 21 insertions(+), 10 deletions(-)

diff --git a/reference/openssl/constants.xml b/reference/openssl/constants.xml
index b81e52ee1309..ef6710da1774 100644
--- a/reference/openssl/constants.xml
+++ b/reference/openssl/constants.xml
@@ -779,10 +779,10 @@
       </term>
       <listitem>
         <simpara>
-         If <constant>OPENSSL_RAW_DATA</constant> is set in the
-         <function>openssl_encrypt</function> or <function>openssl_decrypt</function>,
-         the returned data is returned as-is.
-         When it is not specified, Base64 encoded data is returned to the caller.
+         Used with <function>openssl_encrypt</function> and
+         <function>openssl_decrypt</function> to indicate that data
+         should be in raw binary format rather than base64-encoded.
+         See the respective function descriptions for details.
         </simpara>
       </listitem>
     </varlistentry>
diff --git a/reference/openssl/functions/openssl-decrypt.xml b/reference/openssl/functions/openssl-decrypt.xml
index 8c0e62ab6685..a112ba1354ed 100644
--- a/reference/openssl/functions/openssl-decrypt.xml
+++ b/reference/openssl/functions/openssl-decrypt.xml
@@ -66,10 +66,16 @@
       <term><parameter>options</parameter></term>
       <listitem>
        <para>
-        <parameter>options</parameter> can be one of
+        <parameter>options</parameter> is a bitwise disjunction of the flags
         <constant>OPENSSL_RAW_DATA</constant>,
-        <constant>OPENSSL_ZERO_PADDING</constant>
-        or <constant>OPENSSL_DONT_ZERO_PAD_KEY</constant>.
+        <constant>OPENSSL_ZERO_PADDING</constant>,
+        and <constant>OPENSSL_DONT_ZERO_PAD_KEY</constant>.
+       </para>
+       <para>
+        When <constant>OPENSSL_RAW_DATA</constant> is set,
+        <parameter>data</parameter> is expected to be raw binary
+        ciphertext. When it is not set, <parameter>data</parameter>
+        is expected to be base64-encoded.
        </para>
       </listitem>
     </varlistentry>
diff --git a/reference/openssl/functions/openssl-encrypt.xml b/reference/openssl/functions/openssl-encrypt.xml
index b729ebe58609..59d68f4eede5 100644
--- a/reference/openssl/functions/openssl-encrypt.xml
+++ b/reference/openssl/functions/openssl-encrypt.xml
@@ -67,9 +67,14 @@
       <listitem>
         <para>
           <parameter>options</parameter> is a bitwise disjunction of the flags
-          <constant>OPENSSL_RAW_DATA</constant>, and
-          <constant>OPENSSL_ZERO_PADDING</constant>
-          or <constant>OPENSSL_DONT_ZERO_PAD_KEY</constant>.
+          <constant>OPENSSL_RAW_DATA</constant>,
+          <constant>OPENSSL_ZERO_PADDING</constant>,
+          and <constant>OPENSSL_DONT_ZERO_PAD_KEY</constant>.
+         </para>
+         <para>
+          When <constant>OPENSSL_RAW_DATA</constant> is set, the
+          encrypted output is returned as raw binary data. When it
+          is not set, the return value is base64-encoded.
         </para>
       </listitem>
     </varlistentry>