Changes between 1.0.1 and 1.1.0 [xx XXX xxxx]
+ *) More extensive health check for DRBG checking many more failure modes.
+ New function FIPS_selftest_drbg_all() to handle every possible DRBG
+ combination: call this in fips_test_suite.
+ [Steve Henson]
+
+ *) Add support for Dual EC DRBG from SP800-90. Update DRBG algorithm test
+ and POST to handle Dual EC cases.
+ [Steve Henson]
+
*) Add support for canonical generation of DSA parameter 'g'. See
FIPS 186-3 A.2.3.
- *) Add support for HMAC DRBG from SP800-90. Update algorithm and POST
- to handle HMAC cases.
+ *) Add support for HMAC DRBG from SP800-90. Update DRBG algorithm test and
+ POST to handle HMAC cases.
[Steve Henson]
*) Add functions FIPS_module_version() and FIPS_module_version_text()
Changes between 1.0.0d and 1.0.0e [xx XXX xxxx]
+ *) Fix bug where CRLs with nextUpdate in the past are sometimes accepted
+ by initialising X509_STORE_CTX properly. (CVE-2011-3207)
+ [Kaspar Brand <ossl@velox.ch>]
+
*) Fix SSL memory handling for (EC)DH ciphersuites, in particular
- for multi-threaded use of ECDH.
+ for multi-threaded use of ECDH. (CVE-2011-3210)
[Adam Langley (Google)]
*) Fix x509_name_ex_d2i memory leak on bad inputs.