diff --git a/doc/crypto/CMS_sign_add1_signer.pod b/doc/crypto/CMS_sign_add1_signer.pod index 6513885f8f..ee2f93a8ae 100644 --- a/doc/crypto/CMS_sign_add1_signer.pod +++ b/doc/crypto/CMS_sign_add1_signer.pod @@ -8,7 +8,7 @@ CMS_sign_add_signer, CMS_SignerInfo_sign - add a signer to a CMS_ContentInfo sig #include - CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, int flags); + CMS_SignerInfo *CMS_sign_add1_signer(CMS_ContentInfo *cms, X509 *signcert, EVP_PKEY *pkey, const EVP_MD *md, unsigned int flags); int CMS_SignerInfo_sign(CMS_SignerInfo *si); @@ -36,9 +36,9 @@ are both set. =head1 NOTES -The main purpose of this function is to provide finer control over a CMS -signed data structure where the simpler CMS_sign() function defaults are -not appropriate. For example if multiple signers or non default digest +The main purpose of this CMS_sign_add1_signer() is to provide finer control +over a CMS signed data structure where the simpler CMS_sign() function defaults +are not appropriate. For example if multiple signers or non default digest algorithms are needed. New attributes can also be added using the returned CMS_SignerInfo struture and the CMS attribute utility functions. @@ -52,8 +52,8 @@ The returned CMS_ContentInfo structure will be valid and finalized when this flag is set. If B is set in addition to B then the -B structure will not be finalized so additional attributes -can be added. In this case an explicit call to CMS_SignerInfo_Sign() is +CMS_SignerInfo structure will not be finalized so additional attributes +can be added. In this case an explicit call to CMS_SignerInfo_sign() is needed to finalize it. If B is set the signer's certificate will not be included in the @@ -74,10 +74,12 @@ identifier value instead. An error occurs if the signing certificate does not have a subject key identifier extension. If present the SMIMECapabilities attribute indicates support for the following -algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of -these algorithms is disabled then it will not be included. +algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192 +bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. +If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is +not loaded. -CMS_sign_add_signers() returns an internal pointer to the CMS_SIGNER_INFO +CMS_sign_add1_signer() returns an internal pointer to the CMS_SignerInfo structure just added, this can be used to set additional attributes before it is finalized.