openssl/README.wishlist

A "wish list" of changes we'd like to make to the FIPS module if we could.
Note the CMVP requires retesting of all previously tested platforms
("Operational Environments") to implement any changes considered "cryptographically
significant". Since the OpenSSL FIPS module v2.0 has some 250 such formally
tested platforms (and counting), retesting just isn't logistically or economically
feasible.

--------
https://github.com/openssl/openssl/pull/4157
From 2017-08-14, Fix GCM MAC computation for AES-GCM by	srahul123
cryptographically significant, not fixable

--------
Andy Polyakov: harmonize with __thumb__ clause in FIPS_ref_point() (#3354),
https://patch-diff.githubusercontent.com/raw/openssl/openssl/pull/3354.patch
https://github.com/openssl/openssl/pull/3354#pullrequestreview-36086406
May be possible to introduce in future change letter

--------
CVE-2016-0701
cryptographically significant, not fixable

--------
CVE-2014-0076
cryptographically significant, not fixable

--------
"Lucky 13", CVE-2013-0169
cryptographically significant, not fixable

--------