mirror of https://github.com/openssl/openssl
CHANGES.md: Mention RSA key generation slowdown related changes
Fixes #14068 Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14073)
This commit is contained in:
parent
4d2a6159db
commit
93b39c85c9
18
CHANGES.md
18
CHANGES.md
|
@ -52,7 +52,23 @@ OpenSSL 3.0
|
|||
|
||||
*Tomáš Mráz*
|
||||
|
||||
* Deprecate EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
|
||||
* The default key generation method for the regular 2-prime RSA keys was
|
||||
changed to the FIPS 186-4 B.3.6 method (Generation of Probable Primes with
|
||||
Conditions Based on Auxiliary Probable Primes). This method is slower
|
||||
than the original method.
|
||||
|
||||
*Shane Lontis*
|
||||
|
||||
* Deprecated the BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions.
|
||||
They are replaced with the BN_check_prime() function that avoids possible
|
||||
misuse and always uses at least 64 rounds of the Miller-Rabin
|
||||
primality test. At least 64 rounds of the Miller-Rabin test are now also
|
||||
used for all prime generation, including RSA key generation.
|
||||
This increases key generation time, especially for larger keys.
|
||||
|
||||
*Kurt Roeckx*
|
||||
|
||||
* Deprecated EVP_MD_CTX_set_update_fn() and EVP_MD_CTX_update_fn()
|
||||
as they are not useful with non-deprecated functions.
|
||||
|
||||
*Rich Salz*
|
||||
|
|
|
@ -233,6 +233,9 @@ L<RAND(7)>
|
|||
|
||||
=head1 HISTORY
|
||||
|
||||
The BN_is_prime_ex() and BN_is_prime_fasttest_ex() functions were
|
||||
deprecated in OpenSSL 3.0.
|
||||
|
||||
The BN_GENCB_new(), BN_GENCB_free(),
|
||||
and BN_GENCB_get_arg() functions were added in OpenSSL 1.1.0.
|
||||
|
||||
|
|
Loading…
Reference in New Issue