Extensive reorganisation of PRNG handling in FIPS module: all calls

now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL".
author: steve <steve> 2011-04-05 15:24:08 +0000
committer: steve <steve> 2011-04-05 15:24:08 +0000
commit: 9868ebb0c60a952032dd0604682c9cd83570e92c (patch)
tree: 9bcc1c8428fbb2df953ef4dc701e4f2172f3365f /CHANGES
parent: 11556cbfd6d874758dcb25ee834d5b62f05b03dd (diff)
download: openssl-9868ebb0c60a952032dd0604682c9cd83570e92c.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 7709cc2ef..4307a998d 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
+     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
+     performs algorithm blocking for unapproved PRNG types. Also do not
+     set PRNG type in FIPS_mode_set(): leave this to the application.
+     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
+     the standard OpenSSL PRNG.
+     [Steve Henson]
+
   *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
      This shouldn't present any incompatibility problems because applications
      shouldn't be using these directly and any that are will need to rethink
author	steve <steve>	2011-04-05 15:24:08 +0000
committer	steve <steve>	2011-04-05 15:24:08 +0000
commit	9868ebb0c60a952032dd0604682c9cd83570e92c (patch)
tree	9bcc1c8428fbb2df953ef4dc701e4f2172f3365f /CHANGES
parent	11556cbfd6d874758dcb25ee834d5b62f05b03dd (diff)
download	openssl-9868ebb0c60a952032dd0604682c9cd83570e92c.tar.gz