diff options
author | Pauli <pauli@openssl.org> | 2023-03-17 11:23:49 +1100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-03-29 09:29:29 +1100 |
commit | d5c1aa0eec288a2aac4ff400496c9411be9dad9f (patch) | |
tree | 199ae8970293364e71f0b44d8c523e834f6a7845 /CHANGES.md | |
parent | 2fa58ca78266a0c9e01030520fe743cb7eeed72f (diff) |
changes: note the banning of truncated hashes with DRBGs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)
(cherry picked from commit 808b30f6b60da3e92283e315f2e6f0e574a62080)
Diffstat (limited to 'CHANGES.md')
-rw-r--r-- | CHANGES.md | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/CHANGES.md b/CHANGES.md index dc701f0388..548179e589 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -24,6 +24,13 @@ OpenSSL 3.1 ### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx] + * Add FIPS provider configuration option to disallow the use of + truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.). + The option '-no_drbg_truncated_digests' can optionally be + supplied to 'openssl fipsinstall'. + + *Paul Dale* + * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention that it does not enable policy checking. Thanks to David Benjamin for discovering this issue. |