From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Mon, 14 Oct 2024 12:19:55 +0000 (+0200)
Subject: CHANGES.md: Support for PKCS#7 inner contents verification
X-Git-Tag: openssl-3.5.0-alpha1~999
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=256f580dcd2ea208b9f3e5dc357e893a21e683d2;p=thirdparty%2Fopenssl.git

CHANGES.md: Support for PKCS#7 inner contents verification

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22575)
---

diff --git a/CHANGES.md b/CHANGES.md
index b240095c2c3..0cd08de76e2 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,19 @@ OpenSSL 3.4
 
 ### Changes between 3.4 and 3.5 [xx XXX xxxx]
 
+ * Enhanced PKCS#7 inner contents verification.
+   In the PKCS7_verify() function, the BIO *indata parameter refers to the
+   signed data if the content is detached from p7. Otherwise, indata should be
+   NULL, and then the signed data must be in p7.
+
+   The previous OpenSSL implementation only supported MIME inner content
+   [RFC 5652, section 5.2].
+
+   The added functionality now enables support for PKCS#7 inner content
+   [RFC 2315, section 7].
+
+   *Małgorzata Olszówka*
+
  * Optionally allow the FIPS provider to use the `JITTER` entropy source.
    Note that using this option will require the resulting FIPS provider
    to undergo entropy source validation [ESV] by the [CMVP], without this