diff options
| author | olszomal <Malgorzata.Olszowka@stunnel.org> | 2024-10-14 14:19:55 +0200 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2024-10-21 12:32:04 +0200 |
| commit | 256f580dcd2ea208b9f3e5dc357e893a21e683d2 (patch) | |
| tree | 9be5b018c2c17bc3213d02b074f7ec0664cccfc3 /CHANGES.md | |
| parent | Add support for p7->d.sign->contents with the V_ASN1_SEQUENCE type (diff) | |
| download | openssl-256f580dcd2ea208b9f3e5dc357e893a21e683d2.tar.xz openssl-256f580dcd2ea208b9f3e5dc357e893a21e683d2.zip | |
CHANGES.md: Support for PKCS#7 inner contents verification
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22575)
Diffstat (limited to 'CHANGES.md')
| -rw-r--r-- | CHANGES.md | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index b240095c2c..0cd08de76e 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -30,6 +30,19 @@ OpenSSL 3.4 ### Changes between 3.4 and 3.5 [xx XXX xxxx] + * Enhanced PKCS#7 inner contents verification. + In the PKCS7_verify() function, the BIO *indata parameter refers to the + signed data if the content is detached from p7. Otherwise, indata should be + NULL, and then the signed data must be in p7. + + The previous OpenSSL implementation only supported MIME inner content + [RFC 5652, section 5.2]. + + The added functionality now enables support for PKCS#7 inner content + [RFC 2315, section 7]. + + *Małgorzata Olszówka* + * Optionally allow the FIPS provider to use the `JITTER` entropy source. Note that using this option will require the resulting FIPS provider to undergo entropy source validation [ESV] by the [CMVP], without this |