diff options
author | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-07-15 20:34:31 +0200 |
---|---|---|
committer | Bernd Edlinger <bernd.edlinger@hotmail.de> | 2019-08-09 11:41:08 +0200 |
commit | bba0d270a6449910ee089a612b19eac3c3bab55e (patch) | |
tree | 2f0704f58a998abcc370a8decb1833fbe4e69c4a /CHANGES | |
parent | 03b9393e15990f0e557e477e945cb5f334574696 (diff) | |
download | openssl-new-bba0d270a6449910ee089a612b19eac3c3bab55e.tar.gz |
Add a CHANGES entry for BN_generate_prime_ex
BN_generate_prime_ex no longer avoids factors 3..17863 in p-1
when not computing safe primes.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9309)
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 9 |
1 files changed, 9 insertions, 0 deletions
@@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Revised BN_generate_prime_ex to not avoid factors 2..17863 in p-1 + when primes for RSA keys are computed. + Since we previously always generated primes == 2 (mod 3) for RSA keys, + the 2-prime and 3-prime RSA modules were easy to distinguish, since + N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting + 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. + This avoids possible fingerprinting of newly generated RSA modules. + [Bernd Edlinger] + *) Correct the extended master secret constant on EBCDIC systems. Without this fix TLS connections between an EBCDIC system and a non-EBCDIC system that negotiate EMS will fail. Unfortunately this also means that TLS connections |