mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-21 01:15:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

changes: note the banning of truncated hashes with DRBGs

Browse Source 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20521)
This commit is contained in:
Pauli 2023-03-17 11:23:49 +11:00
parent e14fc22c90
commit 808b30f6b6
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CHANGES.md
View File

@ -250,6 +250,13 @@ OpenSSL 3.1
### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx]
* Add FIPS provider configuration option to disallow the use of
truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.).
The option '-no_drbg_truncated_digests' can optionally be
supplied to 'openssl fipsinstall'.
*Paul Dale*
* Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
that it does not enable policy checking. Thanks to David Benjamin for
discovering this issue.