openssl-1_1/openssl-rsakeygen-minimum-distance.patch

Index: openssl-1.1.0f/crypto/rsa/rsa_gen.c
===================================================================
--- openssl-1.1.0f.orig/crypto/rsa/rsa_gen.c	2017-05-29 13:02:47.095166778 +0200
+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c	2017-05-29 13:03:29.415824383 +0200
@@ -419,6 +419,19 @@ static int rsa_builtin_keygen(RSA *rsa,
     bitsp = (bits + 1) / 2;
     bitsq = bits - bitsp;
 
+    /* prepare a maximum for p and q */
+    /* 0xB504F334 is (sqrt(2)/2)*2^32 */
+    if (!BN_set_word(r0, 0xB504F334))
+        goto err;
+    if (!BN_lshift(r0, r0, bitsp - 32))
+        goto err;
+
+    /* prepare minimum p and q difference */
+    if (!BN_one(r3))
+        goto err;
+    if (!BN_lshift(r3, r3, bitsp - 100))
+        goto err;
+
     /* We need the RSA components non-NULL */
     if (!rsa->n && ((rsa->n = BN_new()) == NULL))
         goto err;
@@ -444,6 +457,8 @@ static int rsa_builtin_keygen(RSA *rsa,
     for (;;) {
         if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))
             goto err;
+        if (BN_cmp(rsa->p, r0) < 0)
+            continue;
         if (!BN_sub(r2, rsa->p, BN_value_one()))
             goto err;
         if (!BN_gcd(r1, r2, rsa->e, ctx))
@@ -460,6 +475,13 @@ static int rsa_builtin_keygen(RSA *rsa,
             if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
                 goto err;
         } while (BN_cmp(rsa->p, rsa->q) == 0);
+        if (BN_cmp(rsa->q, r0) < 0)
+            continue;
+        /* check for minimum distance between p and q, 2^(bitsp-100) */
+        if (!BN_sub(r2, rsa->q, rsa->p))
+            goto err;
+        if (BN_ucmp(r2, r3) <= 0)
+            continue;
         if (!BN_sub(r2, rsa->q, BN_value_one()))
             goto err;
         if (!BN_gcd(r1, r2, rsa->e, ctx))
- Renamed from openssl-1_1_0 (bsc#1081335) * All the minor versions of the 1.1.x openssl branch have the same sonum and keep ABI compatibility - Remove bit obsolete syntax - Use %license macro - Don't disable afalgeng on aarch64 - Add support for s390x CPACF enhancements (fate#321518) patches taken from https://github.com/openssl/openssl/pull/2859: * 0002-crypto-modes-asm-ghash-s390x.pl-fix-gcm_gmult_4bit-K.patch * 0004-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch * 0005-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch * 0006-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0007-crypto-evp-e_aes.c-add-foundations-for-extended-s390.patch * 0008-s390x-assembly-pack-extended-s390x-capability-vector.patch * 0009-crypto-aes-asm-aes-s390x.pl-add-KMA-code-path.patch * 0010-doc-man3-OPENSSL_s390xcap.pod-update-KMA.patch * 0011-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch * 0012-s390x-assembly-pack-add-KMA-code-path-for-aes-gcm.patch * 0013-crypto-aes-asm-aes-s390x.pl-add-CFI-annotations-KMA-.patch - Do not filter pkgconfig() provides/requires. - Obsolete openssl-1_0_0 by openssl-1_1_0: this is required for a clean upgrade path as an aid to zypp (boo#1070003). - Update to 1.1.0g OpenSSL Security Advisory [02 Nov 2017] OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=2 2018-02-16 13:13:08 +01:00			`Index: openssl-1.1.0f/crypto/rsa/rsa_gen.c`
			`===================================================================`
			`--- openssl-1.1.0f.orig/crypto/rsa/rsa_gen.c 2017-05-29 13:02:47.095166778 +0200`
			`+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-05-29 13:03:29.415824383 +0200`
			`@@ -419,6 +419,19 @@ static int rsa_builtin_keygen(RSA *rsa,`
			`bitsp = (bits + 1) / 2;`
			`bitsq = bits - bitsp;`

			`+ /* prepare a maximum for p and q */`
			`+ /* 0xB504F334 is (sqrt(2)/2)2^32 /`
			`+ if (!BN_set_word(r0, 0xB504F334))`
			`+ goto err;`
			`+ if (!BN_lshift(r0, r0, bitsp - 32))`
			`+ goto err;`
			`+`
			`+ /* prepare minimum p and q difference */`
			`+ if (!BN_one(r3))`
			`+ goto err;`
			`+ if (!BN_lshift(r3, r3, bitsp - 100))`
			`+ goto err;`
			`+`
			`/* We need the RSA components non-NULL */`
			`if (!rsa->n && ((rsa->n = BN_new()) == NULL))`
			`goto err;`
			`@@ -444,6 +457,8 @@ static int rsa_builtin_keygen(RSA *rsa,`
			`for (;;) {`
			`if (!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb))`
			`goto err;`
			`+ if (BN_cmp(rsa->p, r0) < 0)`
			`+ continue;`
			`if (!BN_sub(r2, rsa->p, BN_value_one()))`
			`goto err;`
			`if (!BN_gcd(r1, r2, rsa->e, ctx))`
			`@@ -460,6 +475,13 @@ static int rsa_builtin_keygen(RSA *rsa,`
			`if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))`
			`goto err;`
			`} while (BN_cmp(rsa->p, rsa->q) == 0);`
			`+ if (BN_cmp(rsa->q, r0) < 0)`
			`+ continue;`
			`+ /* check for minimum distance between p and q, 2^(bitsp-100) */`
			`+ if (!BN_sub(r2, rsa->q, rsa->p))`
			`+ goto err;`
			`+ if (BN_ucmp(r2, r3) <= 0)`
			`+ continue;`
			`if (!BN_sub(r2, rsa->q, BN_value_one()))`
			`goto err;`
			`if (!BN_gcd(r1, r2, rsa->e, ctx))`