CHANGES.md: Support for PKCS#7 inner contents verification

author olszomal <Malgorzata.Olszowka@stunnel.org>

Mon, 14 Oct 2024 12:19:55 +0000 (14:19 +0200)

committer Matt Caswell <matt@openssl.org>

Mon, 21 Oct 2024 10:32:04 +0000 (11:32 +0100)
author olszomal <Malgorzata.Olszowka@stunnel.org>
Mon, 14 Oct 2024 12:19:55 +0000 (14:19 +0200)
committer Matt Caswell <matt@openssl.org>
Mon, 21 Oct 2024 10:32:04 +0000 (11:32 +0100)
diff --git a/CHANGES.md b/CHANGES.md

index b240095c2c3c8a211b1a9c7be610c7382ead5934..0cd08de76e28fe34c4b1abf0579f354a48d5b6ff 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,19 @@ OpenSSL 3.4
  
  ### Changes between 3.4 and 3.5 [xx XXX xxxx]
  
+ * Enhanced PKCS#7 inner contents verification.
+   In the PKCS7_verify() function, the BIO *indata parameter refers to the
+   signed data if the content is detached from p7. Otherwise, indata should be
+   NULL, and then the signed data must be in p7.
+
+   The previous OpenSSL implementation only supported MIME inner content
+   [RFC 5652, section 5.2].
+
+   The added functionality now enables support for PKCS#7 inner content
+   [RFC 2315, section 7].
+
+   *Małgorzata Olszówka*
+
   * Optionally allow the FIPS provider to use the `JITTER` entropy source.
     Note that using this option will require the resulting FIPS provider
     to undergo entropy source validation [ESV] by the [CMVP], without this
author	olszomal <Malgorzata.Olszowka@stunnel.org>
	Mon, 14 Oct 2024 12:19:55 +0000 (14:19 +0200)
committer	Matt Caswell <matt@openssl.org>
	Mon, 21 Oct 2024 10:32:04 +0000 (11:32 +0100)