man: Mention Ed448 for CMS with signed attributes is not supported

Mention that Ed448 keys cannot currently be used for CMS with
signed attributes since RFC 8419 requires id-shake256-len be used,
which is not currently supported by OpenSSL.

Resolves: 30291
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
MergeDate: Tue Mar 17 16:20:20 2026
(Merged from https://github.com/openssl/openssl/pull/30312)

diff --git a/doc/man3/CMS_add1_signer.pod b/doc/man3/CMS_add1_signer.pod
index c7618f6f3296b725acc5ab82db525c2f333f6bb0..58b8bcc51d7ff139ff223517611912ae7839f9a4 100644 (file)
--- a/doc/man3/CMS_add1_signer.pod
+++ b/doc/man3/CMS_add1_signer.pod
@@ -87,6 +87,10 @@ scheme will be used. This is the case for EdDSA (RFC 8419). For SLH-DSA (RFC 981
 and ML-DSA (RFC 9882), the scheme-suggested hash will only be used if B<md> is
 NULL.
 
+Signing with Ed448 is currently not supported for the case of signed-data
+with signedAttributes due to missing support for id-shake256-len (RFC 8419;
+sec 3.1).
+
 CMS_add1_signer() returns an internal pointer to the CMS_SignerInfo
 structure just added, this can be used to set additional attributes
 before it is finalized.