From: Bernd Edlinger Date: Mon, 15 Jul 2019 18:34:31 +0000 (+0200) Subject: Add a CHANGES entry for BN_generate_prime_ex X-Git-Tag: openssl-3.0.0-alpha1~1647 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=bba0d270a6449910ee089a612b19eac3c3bab55e;p=oweals%2Fopenssl.git Add a CHANGES entry for BN_generate_prime_ex BN_generate_prime_ex no longer avoids factors 3..17863 in p-1 when not computing safe primes. Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/9309) --- diff --git a/CHANGES b/CHANGES index 5979cd89e3..e3131f0ef8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,6 +9,15 @@ Changes between 1.1.1 and 3.0.0 [xx XXX xxxx] + *) Revised BN_generate_prime_ex to not avoid factors 2..17863 in p-1 + when primes for RSA keys are computed. + Since we previously always generated primes == 2 (mod 3) for RSA keys, + the 2-prime and 3-prime RSA modules were easy to distinguish, since + N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting + 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. + This avoids possible fingerprinting of newly generated RSA modules. + [Bernd Edlinger] + *) Correct the extended master secret constant on EBCDIC systems. Without this fix TLS connections between an EBCDIC system and a non-EBCDIC system that negotiate EMS will fail. Unfortunately this also means that TLS connections