Update cms docs.

(cherry picked from commit dfcb42c68eac61b35d52f2fc53771c0f27dd9c29)

1 files changed, 16 insertions, 2 deletions

diff --git a/doc/apps/cms.pod b/doc/apps/cms.pod
index 18fe43caa9..dc337039a6 100644
--- a/doc/apps/cms.pod
+++ b/doc/apps/cms.pod
@@ -57,6 +57,7 @@ B<openssl> B<cms>
 [B<-secretkeyid id>]
 [B<-econtent_type type>]
 [B<-inkey file>]
+[B<-keyopt name:parameter>]
 [B<-passin arg>]
 [B<-rand file(s)>]
 [B<cert.pem...>]
@@ -385,7 +386,8 @@ multiple times to specify successive keys.
 
 for signing and encryption this option can be used multiple times to
 set customised parameters for the preceding key or certificate. It can
-currently be used to set RSA-PSS for signing or RSA-OAEP for encryption.
+currently be used to set RSA-PSS for signing, RSA-OAEP for encryption
+or to modify default parameters for ECDH.
 
 =item B<-passin arg>
 
@@ -504,6 +506,10 @@ The B<-compress> option.
 
 The B<-secretkey> option when used with B<-encrypt>.
 
+The use of PSS with B<-sign>.
+
+The use of OAEP or non-RSA keys with B<-encrypt>.
+
 Additionally the B<-EncryptedData_create> and B<-data_create> type cannot
 be processed by the older B<smime> command.
 
@@ -591,9 +597,14 @@ Sign mail using RSA-PSS:
 
 Create encrypted mail using RSA-OAEP:
 
- openssl cms -encrypt -in plain.txt -camellia128 -out mail.msg \
+ openssl cms -encrypt -in plain.txt -out mail.msg \
 	-recip cert.pem -keyopt rsa_padding_mode:oaep
 
+Use SHA256 KDF with an ECDH certificate:
+
+ openssl cms -encrypt -in plain.txt -out mail.msg \
+	-recip ecdhcert.pem -keyopt ecdh_kdf_md:sha256
+
 =head1 BUGS
 
 The MIME parser isn't very clever: it seems to handle most messages that I've
@@ -626,4 +637,7 @@ added to OpenSSL 1.1.0
 
 Support for RSA-OAEP and RSA-PSS was first added to OpenSSL 1.1.0. 
 
+The use of non-RSA keys with B<-encrypt> and B<-decrypt> was first added
+to OpenSSL 1.1.0.
+
 =cut