Blame SOURCES/openssl-1.0.2k-cc-reqs.patch

cfec1a
diff -up openssl-1.0.2k/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.2k/crypto/rsa/rsa_gen.c
cfec1a
--- openssl-1.0.2k/crypto/rsa/rsa_gen.c.cc-reqs	2017-02-06 16:42:47.313963001 +0100
cfec1a
+++ openssl-1.0.2k/crypto/rsa/rsa_gen.c	2017-02-06 16:46:54.453628783 +0100
cfec1a
@@ -474,6 +474,12 @@ static int rsa_builtin_keygen(RSA *rsa,
cfec1a
     if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
cfec1a
         goto err;
cfec1a
 
cfec1a
+    /* prepare minimum p and q difference */
cfec1a
+    if (!BN_one(r3))
cfec1a
+        goto err;
cfec1a
+    if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
cfec1a
+        goto err;
cfec1a
+
cfec1a
     if (BN_copy(rsa->e, e_value) == NULL)
cfec1a
         goto err;
cfec1a
 
cfec1a
@@ -502,7 +508,9 @@ static int rsa_builtin_keygen(RSA *rsa,
cfec1a
         do {
cfec1a
             if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
cfec1a
                 goto err;
cfec1a
-        } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
cfec1a
+            if (!BN_sub(r2, rsa->q, rsa->p))
cfec1a
+                goto err;
cfec1a
+        } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
cfec1a
         if (degenerate == 3) {
cfec1a
             ok = 0;             /* we set our own err */
cfec1a
             RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);