We recently discovered and fixed a bug in the prime number generation code in the 'freebl' library of NSS 3.1. (See http://bugzilla.mozilla.org/show_bug.cgi?id=59438.) This bug affects all platforms and affects the following algorithms: - Diffie-Hellman and DSA parameter generation: the parameter may not be a prime. Generation of Diffie-Hellman or DSA parameters is typically done only by a Certification Authority (e.g. in CMS), not in other client or server products. - RSA key pair generation: the keys may not contain the product of two primes. RSA key pair generation is done by all SSL servers, each time they are started up, to generate a "step down" key for use with export cipher suites. It is also done by all products that generate Certificate Signing Requests. Note that this bug does not affect products using NSS 3.1 with RSA BSAFE Crypto-C or Netscape's internal 'libcrypto' library. It does not affect any present releases of PSM either because those all have used 'libcrypto'. We will issue a NSS 3.1.1 patch release that includes the fix for this bug and some other bug fixes. All products that are planning to ship with NSS 3.1 with 'freebl' are strongly urged to use NSS 3.1.1 instead. NSS 3.1.1 will be released no later than Jan. 15, 2001. If your product release schedule requires that NSS 3.1.1 be released sooner, please let us know immediately. Wan-Teh
