X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=README.FIPS;h=6c5250cf44f882581a5bdac09ab22d390596aa0e;hp=5197276740af8cec5c980693b6204b07b2287ca0;hb=8742ae6e19e4d899d77ef0ca961775764e5bfe62;hpb=4d5d28675ebe00fbe2bbf89d80122625ae0c13cb

diff --git a/README.FIPS b/README.FIPS
index 5197276740..6c5250cf44 100644
--- a/README.FIPS
+++ b/README.FIPS
@@ -28,6 +28,12 @@ Run test vectors:
 4. It should say "passed all tests" at the end. Report full details of any
    failures.
 
+Run:
+
+make clean
+
+to remove any object modules from previous compile.
+
 Run symbol hiding test:
 
 ./config fipscanisteronly -DOPENSSL_FIPSSYMS
@@ -44,11 +50,14 @@ Known issues:
 
 Algorithm tests are pre-2011.
 The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
-Usage of ECDH/DH needs review and adding appropriate self tests.
+Usage of ECDH/DH needs review and whether any KDFs need to be implemented.
 Selftests need updating with larger key sizes in some cases and redundant
 tests pruned.
-SP800-90 DRBG needs more work: health checks, continuous PRNG test,
-entropy gathering, security checks in algorithms, add appropriate RAND method
-for use by rest of OpenSSL.
-No CMAC.
+SP800-90 DRBG needs more work: check for compliance, continuous PRNG test
+when entropy gathering, periodic health tests.
+Some algorithms need to check security strength of PRNG: keygen etc.
 No CCM.
+No XTS.
+The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of
+OpenSSL doesn't always use the correct FIPS module APIs and block others
+in FIPS mode.