From c7424fe68c65aa2187a8e4028d7dea742b95d81a Mon Sep 17 00:00:00 2001
From: slontis <shane.lontis@oracle.com>
Date: Wed, 26 Oct 2022 11:10:50 +1000
Subject: Use RSA CRT parameters in FIPS self tests.

Fixes #19488

Use the correct OSSL_PKEY_PARAM_RSA CRT names fior the self tests.
The invalid names cause CRT parameters to be silently ignored.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19501)
---
 CHANGES.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'CHANGES.md')

diff --git a/CHANGES.md b/CHANGES.md
index c05b906a71..f0ecb25483 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -24,6 +24,16 @@ OpenSSL 3.2
 
 ### Changes between 3.0 and 3.2 [xx XXX xxxx]
 
+ * Removed all references to invalid OSSL_PKEY_PARAM_RSA names for CRT parameters
+   in OpenSSL code.
+   Applications should not use the names OSSL_PKEY_PARAM_RSA_FACTOR,
+   OSSL_PKEY_PARAM_RSA_EXPONENT and OSSL_PKEY_PARAM_RSA_COEFFICIENT.
+   Use the numbered names such as OSSL_PKEY_PARAM_RSA_FACTOR1 instead.
+   Using these invalid names may cause algorithms to use slower methods
+   that ignore the CRT parameters.
+
+   *Shane Lontis*
+
  * Add support for certificate compression (RFC8879), including
    library support for Brotli and Zstandard compression.
 
-- 
cgit v1.2.3