updated FIPS status

161cc82d · Dr. Stephen Henson · 42bd0a6b · 161cc82d
隐藏空白更改
内联并排

Showing with 8 addition and 5 deletion

README.FIPS README.FIPS +8 -5

未找到文件。
--- a/README.FIPS
+++ b/README.FIPS
@@ -44,11 +44,14 @@ Known issues:
 Algorithm tests are pre-2011.
 The fipslagtest.pl script wont auto run new algorithm tests such as DSA2.
-Usage of ECDH/DH needs review and adding appropriate self tests.
+Usage of ECDH/DH needs review and whether any KDFs need to be implemented.
 Selftests need updating with larger key sizes in some cases and redundant
 tests pruned.
-SP800-90 DRBG needs more work: health checks, continuous PRNG test,
+SP800-90 DRBG needs more work: check for compliance, continuous PRNG test
-entropy gathering, security checks in algorithms, add appropriate RAND method
+when entropy gathering, periodic health tests.
-for use by rest of OpenSSL.
+Some algorithms need to check security strength of PRNG: keygen etc.
-No CMAC.
 No CCM.
+No XTS.
+The "FIPS capable OpenSSL" is not yet complete: meaning that the rest of
+OpenSSL doesn't always use the correct FIPS module APIs and block others
+in FIPS mode.