make RSA blinding thread-safe

[openssl.git] / CHANGES

diff --git a/CHANGES b/CHANGES
index a03875767c533fd2d1d5d4bfaea22790e0c153d5..77da6273c440c033692f9f885abd706e16448ce9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,16 @@
 
  Changes between 0.9.7a and 0.9.8  [xx XXX xxxx]
 
+  *) Generate muti valued AVAs using '+' notation in config files for
+     req and dirName.
+     [Steve Henson]
+
+  *) Support for nameConstraints certificate extension.
+     [Steve Henson]
+
+  *) Support for policyConstraints certificate extension.
+     [Steve Henson]
+
   *) Support for policyMappings certificate extension.
      [Steve Henson]
 
@@ -473,12 +483,17 @@
      to avoid a timing attack. Applications that don't want it can call
      RSA_blinding_off() or use the new flag RSA_FLAG_NO_BLINDING.
      They would be ill-advised to do so in most cases.
-     [Ben Laurie, Steve Henson, Geoff Thorpe]
+     [Ben Laurie, Steve Henson, Geoff Thorpe, Bodo Moeller]
 
   *) Change RSA blinding code so that it works when the PRNG is not
      seeded (in this case, the secret RSA exponent is abused as
      an unpredictable seed -- if it is not unpredictable, there
-     is no point in blinding anyway).
+     is no point in blinding anyway).  Make RSA blinding thread-safe
+     by remembering the creator's thread ID in rsa->blinding and
+     having all other threads use local one-time blinding factors
+     (this requires more computation than sharing rsa->blinding, but
+     avoids excessive locking; and if an RSA object is not shared
+     between threads, blinding will still be very fast).
      [Bodo Moeller]
 
 yet to be integrated into this CVS branch: