CHANGES.md: Support for PKCS#7 inner contents verification

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22575)
2024-11-21 01:15:20 +08:00 · 2024-10-14 14:19:55 +02:00 · 2024-10-14 14:19:55 +02:00 · 256f580dcd
commit 256f580dcd
parent 8cfc26e6c4
1 changed files with 13 additions and 0 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -30,6 +30,19 @@ OpenSSL 3.4

 ### Changes between 3.4 and 3.5 [xx XXX xxxx]

+ * Enhanced PKCS#7 inner contents verification.
+   In the PKCS7_verify() function, the BIO *indata parameter refers to the
+   signed data if the content is detached from p7. Otherwise, indata should be
+   NULL, and then the signed data must be in p7.
+
+   The previous OpenSSL implementation only supported MIME inner content
+   [RFC 5652, section 5.2].
+
+   The added functionality now enables support for PKCS#7 inner content
+   [RFC 2315, section 7].
+
+   *Małgorzata Olszówka*
+
 * Optionally allow the FIPS provider to use the `JITTER` entropy source.
   Note that using this option will require the resulting FIPS provider
   to undergo entropy source validation [ESV] by the [CMVP], without this