X-Git-Url: https://git.openssl.org/?p=openssl.git;a=blobdiff_plain;f=CHANGES;h=29ac9dc182bef2e8ff1f78880d33ad7fd008df3f;hp=c518f38326bc7eb5b5bf9630f06b877f201263a0;hb=84ed90f88b0542b85a9aa50723c7787cb3bb4bd5;hpb=0deea0e03cec1db2b6fe5a3328b5ce0f65b3e2bf

diff --git a/CHANGES b/CHANGES
index c518f38326..29ac9dc182 100644
--- a/CHANGES
+++ b/CHANGES
@@ -4,8 +4,44 @@
 
  Changes between 1.0.1 and 1.1.0  [xx XXX xxxx]
 
+  *) CCM support via EVP. Interface is very similar to GCM case except we
+     must supply all data in one chunk (i.e. no update, final) and the
+     message length must be supplied if AAD is used. Add algorithm test
+     support.
+     [Steve Henson]
+
+  *) Initial version of POST overhaul. Add POST callback to allow the status
+     of POST to be monitored and/or failures induced. Modify fips_test_suite
+     to use callback. Always run all selftests even if one fails.
+     [Steve Henson]
+
+  *) XTS support including algorithm test driver in the fips_gcmtest program.
+     Note: this does increase the maximum key length from 32 to 64 bytes but
+     there should be no binary compatibility issues as existing applications
+     will never use XTS mode.
+     [Steve Henson]
+
+  *) Extensive reorganisation of FIPS PRNG behaviour. Remove all dependencies
+     to OpenSSL RAND code and replace with a tiny FIPS RAND API which also
+     performs algorithm blocking for unapproved PRNG types. Also do not
+     set PRNG type in FIPS_mode_set(): leave this to the application.
+     Add default OpenSSL DRBG handling: sets up FIPS PRNG and seeds with
+     the standard OpenSSL PRNG: set additional data to a date time vector.
+     [Steve Henson]
+
+  *) Rename old X9.31 PRNG functions of the form FIPS_rand* to FIPS_x931*.
+     This shouldn't present any incompatibility problems because applications
+     shouldn't be using these directly and any that are will need to rethink
+     anyway as the X9.31 PRNG is now deprecated by FIPS 140-2
+     [Steve Henson]
+
+  *) Extensive self tests and health checking required by SP800-90 DRBG.
+     Remove strength parameter from FIPS_drbg_instantiate and always
+     instantiate at maximum supported strength.
+     [Steve Henson]
+
   *) Add SRP support.
-     [Tom Wu <thomwu@cisco.com> and Ben Laurie]
+     [Tom Wu <tjw@cs.stanford.edu> and Ben Laurie]
 
   *) Add ECDH code to fips module and fips_ecdhvs for primitives only testing.
      [Steve Henson]