### Changes between 3.4 and 3.5 [xx XXX xxxx]
- * none yet
+ * Optionally allow the FIPS provider to use the `JITTER` entropy source.
+ Note that using this option will require the resulting FIPS provider
+ to undergo entropy source validation [ESV] by the [CMVP], without this
+ the FIPS provider will not be FIPS compliant. Enable this using the
+ configuration option `enable-fips-jitter`.
+
+ *Paul Dale*
OpenSSL 3.4
-----------
[CVE-2002-0657]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0657
[CVE-2002-0656]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0656
[CVE-2002-0655]: https://www.openssl.org/news/vulnerabilities.html#CVE-2002-0655
+[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
+[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
This release adds the following new features:
- * none yet
+ * Allow the FIPS provider to optionally use the `JITTER` seed source.
+ Because this seed source is not part of the OpenSSL FIPS validations,
+ it should only be enabled after the [jitterentropy-library] has been
+ assessed for entropy quality. Moreover, the FIPS provider including
+ this entropy source will need to obtain an [ESV] from the [CMVP] before
+ FIPS compliance can be claimed. Enable this using the configuration
+ option `enable-fips-jitter`.
OpenSSL 3.4
-----------
[CHANGES.md]: ./CHANGES.md
[README-QUIC.md]: ./README-QUIC.md
[issue tracker]: https://github.com/openssl/openssl/issues
+[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
+[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
+[jitterentropy-library]: https://github.com/smuellerDD/jitterentropy-library
projects / thirdparty / openssl.git / commitdiff
