Add a CHANGES entry for BN_generate_prime_ex
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1 when not computing safe primes. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9309)
This commit is contained in:
parent
03b9393e15
commit
bba0d270a6
1 changed files with 9 additions and 0 deletions
9
CHANGES
9
CHANGES
|
@ -9,6 +9,15 @@
|
|||
|
||||
Changes between 1.1.1 and 3.0.0 [xx XXX xxxx]
|
||||
|
||||
*) Revised BN_generate_prime_ex to not avoid factors 2..17863 in p-1
|
||||
when primes for RSA keys are computed.
|
||||
Since we previously always generated primes == 2 (mod 3) for RSA keys,
|
||||
the 2-prime and 3-prime RSA modules were easy to distinguish, since
|
||||
N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting
|
||||
2-prime vs. 3-prime RSA keys was possible by computing N mod 3.
|
||||
This avoids possible fingerprinting of newly generated RSA modules.
|
||||
[Bernd Edlinger]
|
||||
|
||||
*) Correct the extended master secret constant on EBCDIC systems. Without this
|
||||
fix TLS connections between an EBCDIC system and a non-EBCDIC system that
|
||||
negotiate EMS will fail. Unfortunately this also means that TLS connections
|
||||
|
|
Loading…
Reference in a new issue