]> git.ipfire.org Git - thirdparty/openssl.git/blobdiff - CHANGES.md
projects / thirdparty / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
changes: note the banning of truncated hashes with DRBGs
[thirdparty/openssl.git] / CHANGES.md
diff --git a/CHANGES.md b/CHANGES.md
index 452e5d0e7490cdd7087c32f39f8d544921348ab2..9fa63ea7f0f498eac6ac341759531824fa117545 100644 (file)
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -250,6 +250,13 @@ OpenSSL 3.1
 
 ### Changes between 3.1.0 and 3.1.1 [xx XXX xxxx]
 
+ * Add FIPS provider configuration option to disallow the use of
+   truncated digests with Hash and HMAC DRBGs (q.v. FIPS 140-3 IG D.R.).
+   The option '-no_drbg_truncated_digests' can optionally be
+   supplied to 'openssl fipsinstall'.
+
+   *Paul Dale*
+
  * Corrected documentation of X509_VERIFY_PARAM_add0_policy() to mention
    that it does not enable policy checking. Thanks to David Benjamin for
    discovering this issue.
A mirror of the official openssl repository