diff options
author | steve <steve> | 2011-04-05 15:24:08 +0000 |
---|---|---|
committer | steve <steve> | 2011-04-05 15:24:08 +0000 |
commit | 9868ebb0c60a952032dd0604682c9cd83570e92c (patch) | |
tree | 9bcc1c8428fbb2df953ef4dc701e4f2172f3365f /CHANGES | |
parent | 11556cbfd6d874758dcb25ee834d5b62f05b03dd (diff) | |
download | openssl-9868ebb0c60a952032dd0604682c9cd83570e92c.tar.gz |
Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -4,6 +4,14 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies + to OpenSSL RAND code and replace with a tiny FIPS RAND API which also + performs algorithm blocking for unapproved PRNG types. Also do not + set PRNG type in FIPS_mode_set(): leave this to the application. + Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with + the standard OpenSSL PRNG. + [Steve Henson] + *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*. This shouldn't present any incompatibility problems because applications shouldn't be using these directly and any that are will need to rethink |