X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=doc%2Fcrypto%2FCMS_sign.pod;h=2cc72de3272038c4bbe92f2a7b23dc9f59caa8e4;hp=46b1debde4a847e1100f8e1683cbaf40f5b966a3;hb=c303d4d8686b9b46b5d85acdd94ec896433b813f;hpb=360bb61d860f9ce7e48b2bb85d3ef9f521f95ab9

diff --git a/doc/crypto/CMS_sign.pod b/doc/crypto/CMS_sign.pod
index 46b1debde4..2cc72de327 100644
--- a/doc/crypto/CMS_sign.pod
+++ b/doc/crypto/CMS_sign.pod
@@ -2,7 +2,7 @@
 
 =head1 NAME
 
-CMS_sign - create a CMS SignedData structure
+ CMS_sign - create a CMS SignedData structure
 
 =head1 SYNOPSIS
 
@@ -13,7 +13,7 @@ CMS_sign - create a CMS SignedData structure
 =head1 DESCRIPTION
 
 CMS_sign() creates and returns a CMS SignedData structure. B<signcert> is
-the certificate to sign with, B<pkey> is the corresponsding private key.
+the certificate to sign with, B<pkey> is the corresponding private key.
 B<certs> is an optional additional set of certificates to include in the CMS
 structure (for example any intermediate CAs in the chain). Any or all of
 these parameters can be B<NULL>, see B<NOTES> below.
@@ -54,8 +54,10 @@ will be used. If B<CMS_NOSMIMECAP> is set then just the SMIMECapabilities are
 omitted.
 
 If present the SMIMECapabilities attribute indicates support for the following
-algorithms: triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2. If any of
-these algorithms is disabled then it will not be included.
+algorithms in preference order: 256 bit AES, Gost R3411-94, Gost 28147-89, 192
+bit AES, 128 bit AES, triple DES, 128 bit RC2, 64 bit RC2, DES and 40 bit RC2.
+If any of these algorithms is not available then it will not be included: for example the GOST algorithms will not be included if the GOST ENGINE is
+not loaded.
 
 OpenSSL will by default identify signing certificates using issuer name
 and serial number. If B<CMS_USE_KEYID> is set it will use the subject key
@@ -92,18 +94,18 @@ The function CMS_sign() is a basic CMS signing function whose output will be
 suitable for many purposes. For finer control of the output format the
 B<certs>, B<signcert> and B<pkey> parameters can all be B<NULL> and the
 B<CMS_PARTIAL> flag set. Then one or more signers can be added using the
-function B<CMS_sign_add1_signer()>, non default digests set and custom
+function CMS_sign_add1_signer(), non default digests can be used and custom
 attributes added. B<CMS_final()> must then be called to finalize the
 structure if streaming is not enabled. 
 
 =head1 BUGS
 
-Some advanced attributes such as counter signatures are not supported.
+Some attributes such as counter signatures are not supported.
 
 =head1 RETURN VALUES
 
 CMS_sign() returns either a valid CMS_ContentInfo structure or NULL if an error
-occurred.  The error can be obtained from ERR_get_error(3).
+occurred. The error can be obtained from ERR_get_error(3).
 
 =head1 SEE ALSO
 
@@ -114,6 +116,6 @@ L<ERR_get_error(3)|ERR_get_error(3)>, L<CMS_verify(3)|CMS_verify(3)>
 CMS_sign() was added to OpenSSL 0.9.8
 
 The B<CMS_STREAM> flag is only supported for detached data in OpenSSL 0.9.8,
-it is supportd for embedded data in OpenSSL 0.9.9 and later.
+it is supported for embedded data in OpenSSL 1.0.0 and later.
 
 =cut