[thirdparty/openssl.git] / CHANGES


 OpenSSL CHANGES
 _______________

 Changes between 0.9.4 and 0.9.5  [xx XXX 2000]

  *) Bugfix: ssl3_send_server_key_exchange was not restartable
     (the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
     this the server could overwrite ephemeral keys that the client
     has already seen).
     [Bodo Moeller]

  *) Turn DSA_is_prime into a macro that calls BN_is_prime,
     using 50 iterations of the Rabin-Miller test.

     DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
     iterations of the Rabin-Miller test as required by the appendix
     to FIPS PUB 186[-1]) instead of DSA_is_prime.
     As BN_is_prime_fasttest includes trial division, DSA parameter
     generation becomes much faster.

     This implies a change for the callback functions in DSA_is_prime
     and DSA_generate_parameters: They are now called once for each
     positive witness in the Rabin-Miller test, not just occasionally
     in the inner loop; and the parameters to the callback function now
     provide an iteration count for the outer loop rather than for the
     current invocation of the inner loop.
     [Bodo Moeller]

  *) New function BN_is_prime_fasttest that optionally does trial
     division before starting the Rabin-Miller test and has
     an additional BN_CTX * argument (whereas BN_is_prime always
     has to allocate at least one BN_CTX).
     [Bodo Moeller]    

  *) Fix for bug in CRL encoding. The validity dates weren't being handled
     as ASN1_TIME.
     [Steve Henson]

  *) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
     [Steve Henson]

  *) New function BN_pseudo_rand().
Commit	Line	Data
651d0aff	1
f1c236f8	2	OpenSSL CHANGES
651d0aff RE	3	_______________
651d0aff RE	4
38e33cef UM	5	Changes between 0.9.4 and 0.9.5 [xx XXX 2000]
38e33cef UM	6
a87030a1 BM	7	*) Bugfix: ssl3_send_server_key_exchange was not restartable
	8	(the state was not changed to SSL3_ST_SW_KEY_EXCH_B, and because of
	9	this the server could overwrite ephemeral keys that the client
	10	has already seen).
	11	[Bodo Moeller]
	12
	13	*) Turn DSA_is_prime into a macro that calls BN_is_prime,
	14	using 50 iterations of the Rabin-Miller test.
	15
	16	DSA_generate_parameters now uses BN_is_prime_fasttest (with 50
	17	iterations of the Rabin-Miller test as required by the appendix
	18	to FIPS PUB 186[-1]) instead of DSA_is_prime.
	19	As BN_is_prime_fasttest includes trial division, DSA parameter
	20	generation becomes much faster.
	21
	22	This implies a change for the callback functions in DSA_is_prime
	23	and DSA_generate_parameters: They are now called once for each
	24	positive witness in the Rabin-Miller test, not just occasionally
	25	in the inner loop; and the parameters to the callback function now
	26	provide an iteration count for the outer loop rather than for the
	27	current invocation of the inner loop.
	28	[Bodo Moeller]
	29
7865b871	30	*) New function BN_is_prime_fasttest that optionally does trial
a87030a1 BM	31	division before starting the Rabin-Miller test and has
	32	an additional BN_CTX * argument (whereas BN_is_prime always
	33	has to allocate at least one BN_CTX).
	34	[Bodo Moeller]
	35
e1314b57 DSH	36	*) Fix for bug in CRL encoding. The validity dates weren't being handled
	37	as ASN1_TIME.
	38	[Steve Henson]
	39
90644dd7 DSH	40	*) New -pkcs12 option to CA.pl script to write out a PKCS#12 file.
	41	[Steve Henson]
	42
38e33cef UM	43	*) New function BN_pseudo_rand().
38e33cef UM	44