Commit 5041f15320 for openssl.org

commit 5041f15320e76de26e5524dcaaba94b1780c99a8
Author: Stefan Berger <stefanb@linux.ibm.com>
Date:   Sun Mar 8 18:07:16 2026 -0500

    man: Mention Ed448 for CMS with signed attributes is not supported

    Mention that Ed448 keys cannot currently be used for CMS with
    signed attributes since RFC 8419 requires id-shake256-len be used,
    which is not currently supported by OpenSSL.

    Resolves: 30291
    Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

    Reviewed-by: Tomas Mraz <tomas@openssl.org>
    Reviewed-by: Paul Dale <paul.dale@oracle.com>
    Reviewed-by: Neil Horman <nhorman@openssl.org>
    MergeDate: Tue Mar 17 16:20:20 2026
    (Merged from https://github.com/openssl/openssl/pull/30312)

diff --git a/doc/man3/CMS_add1_signer.pod b/doc/man3/CMS_add1_signer.pod
index c7618f6f32..58b8bcc51d 100644
--- a/doc/man3/CMS_add1_signer.pod
+++ b/doc/man3/CMS_add1_signer.pod
@@ -87,6 +87,10 @@ scheme will be used. This is the case for EdDSA (RFC 8419). For SLH-DSA (RFC 981
 and ML-DSA (RFC 9882), the scheme-suggested hash will only be used if B<md> is
 NULL.

+Signing with Ed448 is currently not supported for the case of signed-data
+with signedAttributes due to missing support for id-shake256-len (RFC 8419;
+sec 3.1).
+
 CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
 structure just added, this can be used to set additional attributes
 before it is finalized.