Don't set default public key methods in FIPS mode so applications

can switch between modes.
author: Dr. Stephen Henson <steve@openssl.org> 2011-06-20 19:41:13 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-06-20 19:41:13 +0000
commit: 3a5b97b7f124cbd5346ab0d8fe6fc1705a81a675 (patch)
tree: 0f027ac3ffcd69a7242023f43d5b309be2b71983 /CHANGES
parent: 45bf825066b1929ec219b8b76321f5191e44f370 (diff)
download: openssl-new-3a5b97b7f124cbd5346ab0d8fe6fc1705a81a675.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 7127003293..cf52b0f3f7 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,12 @@
 
  Changes between 1.0.0e and 1.0.1  [xx XXX xxxx]
 
+  *) For FIPS capable OpenSSL interpret a NULL default public key method
+     as unset and return the appopriate default but do *not* set the default.
+     This means we can return the appopriate method in applications that
+     swicth between FIPS and non-FIPS modes.
+     [Steve Henson]
+
   *) Redirect HMAC and CMAC operations to FIPS module in FIPS mode. If an
      ENGINE is used then we cannot handle that in the FIPS module so we
      keep original code iff non-FIPS operations are allowed.
author	Dr. Stephen Henson <steve@openssl.org>	2011-06-20 19:41:13 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-06-20 19:41:13 +0000
commit	3a5b97b7f124cbd5346ab0d8fe6fc1705a81a675 (patch)
tree	0f027ac3ffcd69a7242023f43d5b309be2b71983 /CHANGES
parent	45bf825066b1929ec219b8b76321f5191e44f370 (diff)
download	openssl-new-3a5b97b7f124cbd5346ab0d8fe6fc1705a81a675.tar.gz