02427a3414
* All the minor versions of the 1.1.x openssl branch have the same
sonum and keep ABI compatibility
- Remove bit obsolete syntax
- Use %license macro
- Don't disable afalgeng on aarch64
- Add support for s390x CPACF enhancements (fate#321518)
patches taken from https://github.com/openssl/openssl/pull/2859:
* 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch
* 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
* 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
* 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch
* 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch
* 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch
* 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch
* 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch
* 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
* 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch
* 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch
- Do not filter pkgconfig() provides/requires.
- Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a
clean upgrade path as an aid to zypp (boo#1070003).
- Update to 1.1.0g
OpenSSL Security Advisory [02 Nov 2017]
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2
48 lines
1.7 KiB
Diff
48 lines
1.7 KiB
Diff
Index: openssl-1.1.0f/crypto/rsa/rsa_gen.c
|
|
===================================================================
|
|
--- openssl-1.1.0f.orig/crypto/rsa/rsa_gen.c 2017-05-29 13:02:47.095166778 +0200
|
|
+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-05-29 13:03:29.415824383 +0200
|
|
@@ -419,6 +419,19 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
bitsp = (bits + 1) / 2;
|
|
bitsq = bits - bitsp;
|
|
|
|
+ /* prepare a maximum for p and q */
|
|
+ /* 0xB504F334 is (sqrt(2)/2)*2^32 */
|
|
+ if (!BN_set_word(r0, 0xB504F334))
|
|
+ goto err;
|
|
+ if (!BN_lshift(r0, r0, bitsp - 32))
|
|
+ goto err;
|
|
+
|
|
+ /* prepare minimum p and q difference */
|
|
+ if (!BN_one(r3))
|
|
+ goto err;
|
|
+ if (!BN_lshift(r3, r3, bitsp - 100))
|
|
+ goto err;
|
|
+
|
|
/* We need the RSA components non-NULL */
|
|
if (!rsa->n && ((rsa->n = BN_new()) == NULL))
|
|
goto err;
|
|
@@ -444,6 +457,8 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
for (;;) {
|
|
if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
|
|
goto err;
|
|
+ if (BN_cmp(rsa->p, r0) < 0)
|
|
+ continue;
|
|
if (!BN_sub(r2, rsa->p, BN_value_one()))
|
|
goto err;
|
|
if (!BN_gcd(r1, r2, rsa->e, ctx))
|
|
@@ -460,6 +475,13 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
|
goto err;
|
|
} while (BN_cmp(rsa->p, rsa->q) == 0);
|
|
+ if (BN_cmp(rsa->q, r0) < 0)
|
|
+ continue;
|
|
+ /* check for minimum distance between p and q, 2^(bitsp-100) */
|
|
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
|
+ goto err;
|
|
+ if (BN_ucmp(r2, r3) <= 0)
|
|
+ continue;
|
|
if (!BN_sub(r2, rsa->q, BN_value_one()))
|
|
goto err;
|
|
if (!BN_gcd(r1, r2, rsa->e, ctx))
|