diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-05 15:24:10 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-05 15:24:10 +0000 |
commit | 05e24c87dd1428809d6eaebf754b472a6cb4bb50 (patch) | |
tree | db17782a6020c7f4962f8bf9c1666f6f19356e1a /CHANGES | |
parent | cab0595c1426b2f70d88b824028c6d1ef4a4476e (diff) |
Extensive reorganisation of PRNG handling in FIPS module: all calls
now use an internal RAND_METHOD. All dependencies to OpenSSL standard
PRNG are now removed: it is the applications resposibility to setup
the FIPS PRNG and initalise it.
Initial OpenSSL RAND_init_fips() function that will setup the DRBG
for the "FIPS capable OpenSSL".
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 8 |
1 files changed, 8 insertions, 0 deletions
@@ -4,6 +4,14 @@ Changes between 1.0.1 and 1.1.0 [xx XXX xxxx] + *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies + to OpenSSL RAND code and replace with a tiny FIPS RAND API which also + performs algorithm blocking for unapproved PRNG types. Also do not + set PRNG type in FIPS_mode_set(): leave this to the application. + Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with + the standard OpenSSL PRNG. + [Steve Henson] + *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*. This shouldn't present any incompatibility problems because applications shouldn't be using these directly and any that are will need to rethink |