From 256f580dcd2ea208b9f3e5dc357e893a21e683d2 Mon Sep 17 00:00:00 2001
From: olszomal <Malgorzata.Olszowka@stunnel.org>
Date: Mon, 14 Oct 2024 14:19:55 +0200
Subject: [PATCH] CHANGES.md: Support for PKCS#7 inner contents verification

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22575)
---
 CHANGES.md | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index b240095c2c..0cd08de76e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -30,6 +30,19 @@ OpenSSL 3.4
 
 ### Changes between 3.4 and 3.5 [xx XXX xxxx]
 
+ * Enhanced PKCS#7 inner contents verification.
+   In the PKCS7_verify() function, the BIO *indata parameter refers to the
+   signed data if the content is detached from p7. Otherwise, indata should be
+   NULL, and then the signed data must be in p7.
+
+   The previous OpenSSL implementation only supported MIME inner content
+   [RFC 5652, section 5.2].
+
+   The added functionality now enables support for PKCS#7 inner content
+   [RFC 2315, section 7].
+
+   *Małgorzata Olszówka*
+
  * Optionally allow the FIPS provider to use the `JITTER` entropy source.
    Note that using this option will require the resulting FIPS provider
    to undergo entropy source validation [ESV] by the [CMVP], without this