]>
Commit | Line | Data |
---|---|---|
651d0aff | 1 | |
f1c236f8 | 2 | OpenSSL CHANGES |
651d0aff RE |
3 | _______________ |
4 | ||
38e33cef UM |
5 | Changes between 0.9.4 and 0.9.5 [xx XXX 2000] |
6 | ||
a87030a1 BM |
7 | *) Bugfix: ssl3_send_server_key_exchange was not restartable |
8 | (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of | |
9 | this the server could overwrite ephemeral keys that the client | |
10 | has already seen). | |
11 | [Bodo Moeller] | |
12 | ||
13 | *) Turn DSA_is_prime into a macro that calls BN_is_prime, | |
14 | using 50 iterations of the Rabin-Miller test. | |
15 | ||
16 | DSA_generate_parameters now uses BN_is_prime_fasttest (with 50 | |
17 | iterations of the Rabin-Miller test as required by the appendix | |
18 | to FIPS PUB 186[-1]) instead of DSA_is_prime. | |
19 | As BN_is_prime_fasttest includes trial division, DSA parameter | |
20 | generation becomes much faster. | |
21 | ||
22 | This implies a change for the callback functions in DSA_is_prime | |
23 | and DSA_generate_parameters: They are now called once for each | |
24 | positive witness in the Rabin-Miller test, not just occasionally | |
25 | in the inner loop; and the parameters to the callback function now | |
26 | provide an iteration count for the outer loop rather than for the | |
27 | current invocation of the inner loop. | |
28 | [Bodo Moeller] | |
29 | ||
7865b871 | 30 | *) New function BN_is_prime_fasttest that optionally does trial |
a87030a1 BM |
31 | division before starting the Rabin-Miller test and has |
32 | an additional BN_CTX * argument (whereas BN_is_prime always | |
33 | has to allocate at least one BN_CTX). | |
34 | [Bodo Moeller] | |
35 | ||
e1314b57 DSH |
36 | *) Fix for bug in CRL encoding. The validity dates weren't being handled |
37 | as ASN1_TIME. | |
38 | [Steve Henson] | |
39 | ||
90644dd7 DSH |
40 | *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file. |
41 | [Steve Henson] | |
42 | ||
38e33cef UM |
43 | *) New function BN_pseudo_rand(). |
44 |