Extensive reorganisation of PRNG handling in FIPS module: all calls

now use an internal RAND_METHOD. All dependencies to OpenSSL standard PRNG are now removed: it is the applications resposibility to setup the FIPS PRNG and initalise it. Initial OpenSSL RAND_init_fips() function that will setup the DRBG for the "FIPS capable OpenSSL".
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-05 15:24:10 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-05 15:24:10 +0000
commit: 05e24c87dd1428809d6eaebf754b472a6cb4bb50 (patch)
tree: db17782a6020c7f4962f8bf9c1666f6f19356e1a /CHANGES
parent: cab0595c1426b2f70d88b824028c6d1ef4a4476e (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 7709cc2ef4..4307a998df 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,14 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
+     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
+     performs algorithm blocking for unapproved PRNG types. Also do not
+     set PRNG type in FIPS_mode_set(): leave this to the application.
+     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
+     the standard OpenSSL PRNG.
+     [Steve Henson]
+
   *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
      This shouldn't present any incompatibility problems because applications
      shouldn't be using these directly and any that are will need to rethink
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-05 15:24:10 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-05 15:24:10 +0000
commit	05e24c87dd1428809d6eaebf754b472a6cb4bb50 (patch)
tree	db17782a6020c7f4962f8bf9c1666f6f19356e1a /CHANGES
parent	cab0595c1426b2f70d88b824028c6d1ef4a4476e (diff)