From: David Benjamin <davidben@google.com>
Date: Mon, 7 Apr 2025 20:40:05 +0000 (-0400)
Subject: Fix PKCS7_sign and CMS_sign default hash documentation
X-Git-Tag: openssl-3.0.17~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=58bc526e2a01f695583b5581993203f5a11cfac3;p=thirdparty%2Fopenssl.git

Fix PKCS7_sign and CMS_sign default hash documentation

Fixes #27291. See issue for details.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27292)

(cherry picked from commit 4f81470afadea3d1582d1df7f1b2b5e3ece63331)
---

diff --git a/doc/man3/CMS_sign.pod b/doc/man3/CMS_sign.pod
index 03bfc6fce16..2c96deaa71c 100644
--- a/doc/man3/CMS_sign.pod
+++ b/doc/man3/CMS_sign.pod
@@ -96,7 +96,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_CMS().
 
 If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
 
 If B<signcert> and B<pkey> are NULL then a certificates only CMS structure is
 output.
diff --git a/doc/man3/PKCS7_sign.pod b/doc/man3/PKCS7_sign.pod
index 1d997045fe1..f0f3941b33a 100644
--- a/doc/man3/PKCS7_sign.pod
+++ b/doc/man3/PKCS7_sign.pod
@@ -80,7 +80,7 @@ can be performed by obtaining the streaming ASN1 B<BIO> directly using
 BIO_new_PKCS7().
 
 If a signer is specified it will use the default digest for the signing
-algorithm. This is B<SHA1> for both RSA and DSA keys.
+algorithm. This is B<SHA256> for both RSA and DSA keys.
 
 The I<certs>, I<signcert> and I<pkey> parameters can all be
 NULL if the B<PKCS7_PARTIAL> flag is set. One or more signers can be added