Blame SOURCES/openssl-1.0.2o-cc-reqs.patch

c05f5d
diff -up openssl-1.0.2o/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.2o/crypto/rsa/rsa_gen.c
c05f5d
--- openssl-1.0.2o/crypto/rsa/rsa_gen.c.cc-reqs	2018-04-05 17:48:48.180527469 +0200
c05f5d
+++ openssl-1.0.2o/crypto/rsa/rsa_gen.c	2018-04-05 17:57:41.740893045 +0200
c05f5d
@@ -506,6 +506,12 @@ static int rsa_builtin_keygen(RSA *rsa,
c05f5d
     if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
c05f5d
         goto err;
c05f5d
 
c05f5d
+    /* prepare minimum p and q difference */
c05f5d
+    if (!BN_one(r3))
c05f5d
+        goto err;
c05f5d
+    if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
c05f5d
+        goto err;
c05f5d
+
c05f5d
     if (BN_copy(rsa->e, e_value) == NULL)
c05f5d
         goto err;
c05f5d
 
c05f5d
@@ -538,7 +544,9 @@ static int rsa_builtin_keygen(RSA *rsa,
c05f5d
         do {
c05f5d
             if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
c05f5d
                 goto err;
c05f5d
-        } while (BN_cmp(rsa->p, rsa->q) == 0);
c05f5d
+            if (!BN_sub(r2, rsa->q, rsa->p))
c05f5d
+                goto err;
c05f5d
+        } while (BN_ucmp(r2, r3) <= 0);
c05f5d
         if (!BN_sub(r2, rsa->q, BN_value_one()))
c05f5d
             goto err;
c05f5d
         ERR_set_mark();