README.wishlist

   1 A "wish list" of changes we'd like to make to the FIPS module if we could.
   2 Note the CMVP requires retesting of all previously tested platforms
   3 ("Operational Environments") to implement any changes considered "cryptographically
   4 significant". Since the OpenSSL FIPS module v2.0 has some 250 such formally
   5 tested platforms (and counting), retesting just isn't logistically or economically
   6 feasible.
   7
   8 --------
   9 https://github.com/openssl/openssl/pull/4157
  10 From 2017-08-14, Fix GCM MAC computation for AES-GCM by srahul123
  11 cryptographically significant, not fixable
  12
  13 --------
  14 Andy Polyakov: harmonize with __thumb__ clause in FIPS_ref_point() (#3354),
  15 https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/3354.patch
  16 https://github.com/openssl/openssl/pull/3354#pullrequestreview-36086406
  17 May be possible to introduce in future change letter
  18
  19 --------
  20 CVE-2016-0701
  21 cryptographically significant, not fixable
  22
  23 --------
  24 CVE-2014-0076
  25 cryptographically significant, not fixable
  26
  27 --------
  28 "Lucky 13", CVE-2013-0169
  29 cryptographically significant, not fixable
  30
  31 --------