Redirect DH key and parameter generation.

[oweals/openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index 4702d74f102cd1a200754efe6ea8176d45274141..647836b89bb6109f3e7a806303c71c184e1d371a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,27 @@
 
  Changes between 1.0.0d and 1.0.1  [xx XXX xxxx]
 
+  *) Redirect DSA and DH operations to FIPS module in FIPS mode.
+     [Steve Henson]
+
+  *) Redirect ECDSA and ECDH operations to FIPS module in FIPS mode. Also use
+     FIPS EC methods unconditionally for now.
+     [Steve Henson]
+
+  *) New build option no-ec2m to disable characteristic 2 code.
+     [Steve Henson]
+
+  *) Backport libcrypto audit of return value checking from HEAD, not
+     all cases can be covered as some introduce binary incompatibilities.
+     [Steve Henson]
+
+  *) Redirect RSA operations to FIPS module including keygen,
+     encrypt, decrypt, sign and verify. Block use of non FIPS RSA methods.
+     [Steve Henson]
+
+  *) Add similar low level API blocking to ciphers.
+     [Steve Henson]
+
   *) Low level digest APIs are not approved in FIPS mode: any attempt
      to use these will cause a fatal error. Applications that *really* want
      to use them can use the private_* version instead.