[openssl] master update

tmraz at fedoraproject.org tmraz at fedoraproject.org
Tue Feb 9 12:45:38 UTC 2021 

The branch master has been updated
       via  93b39c85c9bbf4b40d3cc2486a0ecac50422b2f3 (commit)
      from  4d2a6159db1060ca38a3808cfa60bac46737c670 (commit)


- Log -----------------------------------------------------------------
commit 93b39c85c9bbf4b40d3cc2486a0ecac50422b2f3
Author: Tomas Mraz <tomas at openssl.org>
Date:   Thu Feb 4 18:40:33 2021 +0100

    CHANGES.md: Mention RSA key generation slowdown related changes
    
    Fixes #14068
    
    Reviewed-by: Kurt Roeckx <kurt at roeckx.be>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14073)

-----------------------------------------------------------------------

Summary of changes:
 CHANGES.md                     | 18 +++++++++++++++++-
 doc/man3/BN_generate_prime.pod |  3 +++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 318cce84fc..380cd07886 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -52,7 +52,23 @@ OpenSSL 3.0
 
    *Tomáš Mráz*
 
- * Deprecate EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
+ * The default key generation method for the regular 2-prime RSA keys was
+   changed to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with
+   Conditions Based on Auxiliary Probable Primes). This method is slower
+   than the original method.
+
+   *Shane Lontis*
+
+ * Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions.
+   They are replaced with the BN_check_prime() function that avoids possible
+   misuse and always uses at least 64 rounds of the Miller-Rabin
+   primality test. At least 64 rounds of the Miller-Rabin test are now also
+   used for all prime generation, including RSA key generation.
+   This increases key generation time, especially for larger keys.
+
+   *Kurt Roeckx*
+
+ * Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
    as they are not useful with non-deprecated functions.
 
    *Rich Salz*
diff --git a/doc/man3/BN_generate_prime.pod b/doc/man3/BN_generate_prime.pod
index 6b2ca3baab..288969c525 100644
--- a/doc/man3/BN_generate_prime.pod
+++ b/doc/man3/BN_generate_prime.pod
@@ -233,6 +233,9 @@ L<RAND(7)>
 
 =head1 HISTORY
 
+The BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions were
+deprecated in OpenSSL 3.0.
+
 The BN_GENCB_new(), BN_GENCB_free(),
 and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.

More information about the openssl-commits mailing list