diff options
author | Bodo Möller <bodo@openssl.org> | 2000-01-30 02:23:03 +0000 |
---|---|---|
committer | Bodo Möller <bodo@openssl.org> | 2000-01-30 02:23:03 +0000 |
commit | a87030a1edf0e4c6d601895f810b2d0da84ee10a (patch) | |
tree | 398075a9540e68b2dc417a80ac83fe13e5253958 /CHANGES | |
parent | 15701211b57b63f1f91a9c3781ea91c019b1dc1d (diff) |
Make DSA_generate_parameters, and fix a couple of bug
(including another problem in the s3_srvr.c state machine).
Diffstat (limited to 'CHANGES')
-rw-r--r-- | CHANGES | 43 |
1 files changed, 35 insertions, 8 deletions
@@ -4,6 +4,35 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 2000] + *) Bugfix: ssl3_send_server_key_exchange was not restartable + (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of + this the server could overwrite ephemeral keys that the client + has already seen). + [Bodo Moeller] + + *) Turn DSA_is_prime into a macro that calls BN_is_prime, + using 50 iterations of the Rabin-Miller test. + + DSA_generate_parameters now uses BN_is_prime_fasttest (with 50 + iterations of the Rabin-Miller test as required by the appendix + to FIPS PUB 186[-1]) instead of DSA_is_prime. + As BN_is_prime_fasttest includes trial division, DSA parameter + generation becomes much faster. + + This implies a change for the callback functions in DSA_is_prime + and DSA_generate_parameters: They are now called once for each + positive witness in the Rabin-Miller test, not just occasionally + in the inner loop; and the parameters to the callback function now + provide an iteration count for the outer loop rather than for the + current invocation of the inner loop. + [Bodo Moeller] + + *) New functions BN_is_prime_fasttest that optionally does trial + division before starting the Rabin-Miller test and has + an additional BN_CTX * argument (whereas BN_is_prime always + has to allocate at least one BN_CTX). + [Bodo Moeller] + *) Fix for bug in CRL encoding. The validity dates weren't being handled as ASN1_TIME. [Steve Henson] @@ -11,10 +40,6 @@ *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. [Steve Henson] - *) Use BN_prime_checks_size(BN_num_bits(w)) rounds of Miller-Rabin when - generating DSA primes. - [Ulf Möller] - *) New function BN_pseudo_rand(). [Ulf Möller] @@ -41,7 +66,10 @@ *) Make BN_generate_prime() return NULL on error if ret!=NULL. [Ulf Möller] - *) Retain source code compatibility for BN_prime_checks macro. + *) Retain source code compatibility for BN_prime_checks macro: + BN_is_prime(..., BN_prime_checks, ...) now uses + BN_prime_checks_for_size to determine the appropriate number of + Rabin-Miller iterations. [Ulf Möller] *) Diffie-Hellman uses "safe" primes: DH_check() return code renamed to @@ -114,10 +142,9 @@ *) Do more iterations of Rabin-Miller probable prime test (specifically, 3 for 1024-bit primes, 6 for 512-bit primes, 12 for 256-bit primes - instead of only 2 for all lengths; see BN_prime_checks_size definition + instead of only 2 for all lengths; see BN_prime_checks_for_size definition in crypto/bn/bn_prime.c for the complete table). This guarantees a - false-positive rate of at most 2^-80 (actually less because we are - additionally doing trial division) for random input. + false-positive rate of at most 2^-80 for random input. [Bodo Moeller] *) Rewrite ssl3_read_n (ssl/s3_pkt.c) avoiding a couple of bugs. |