From c3074077136c698af05ebe57347c186ae15c910a Mon Sep 17 00:00:00 2001 From: Bernd Edlinger Date: Mon, 15 Jul 2019 20:48:38 +0200 Subject: [PATCH] Add a CHANGES entry for BN_generate_prime_ex BN_generate_prime_ex no longer avoids factors 3..17863 in p-1 when not computing safe primes. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/9387) --- CHANGES | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 2d1d13f7fb..ac6777eae8 100644 --- a/CHANGES +++ b/CHANGES @@ -9,7 +9,14 @@ Changes between 1.1.1e and 1.1.1f [xx XXX xxxx] - *) + *) Revised BN_generate_prime_ex to not avoid factors 3..17863 in p-1 + when primes for RSA keys are computed. + Since we previously always generated primes == 2 (mod 3) for RSA keys, + the 2-prime and 3-prime RSA modules were easy to distinguish, since + N = p*q = 1 (mod 3), but N = p*q*r = 2 (mod 3). Therefore fingerprinting + 2-prime vs. 3-prime RSA keys was possible by computing N mod 3. + This avoids possible fingerprinting of newly generated RSA modules. + [Bernd Edlinger] Changes between 1.1.1d and 1.1.1e [17 Mar 2020] *) Properly detect EOF while reading in libssl. Previously if we hit an EOF -- 2.25.1