Changes between 1.0.0d and 1.0.1 [xx XXX xxxx]
+ *) Low level digest APIs are not approved in FIPS mode: any attempt
+ to use these will cause a fatal error. Applications that *really* want
+ to use them can use the private_* version instead.
+ [Steve Henson]
+
+ *) Redirect cipher operations to FIPS module for FIPS builds.
+ [Steve Henson]
+
+ *) Redirect digest operations to FIPS module for FIPS builds.
+ [Steve Henson]
+
+ *) Update build system to add "fips" flag which will link in fipscanister.o
+ for static and shared library builds embedding a signature if needed.
+ [Steve Henson]
+
+ *) Output TLS supported curves in preference order instead of numerical
+ order. This is currently hardcoded for the highest order curves first.
+ This should be configurable so applications can judge speed vs strength.
+ [Steve Henson]
+
+ *) Add protection against ECDSA timing attacks as mentioned in the paper
+ by Billy Bob Brumley and Nicola Tuveri, see:
+
+ http://eprint.iacr.org/2011/232.pdf
+
+ [Billy Bob Brumley and Nicola Tuveri]
+
+ *) Add TLS v1.2 server support for client authentication.
+ [Steve Henson]
+
+ *) Add support for FIPS mode in ssl library: disable SSLv3, non-FIPS ciphers
+ and enable MD5.
+ [Steve Henson]
+
*) Functions FIPS_mode_set() and FIPS_mode() which call the underlying
FIPS modules versions.
[Steve Henson]
projects / oweals / openssl.git / blobdiff