91c79aab4c
Since edk2 does not compile the apps/ subdirectory, the only other patches that might apply are openssl-1.1.0-no-md5-verify.patch (but edk2 does not have secure_getenv) and of course FIPS 140-2 mode.
28 lines
1.2 KiB
Diff
28 lines
1.2 KiB
Diff
diff -up a/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c.cc-reqs b/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c
|
|
--- a/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c.cc-reqs 2017-01-26 14:10:23.000000000 +0100
|
|
+++ b/CryptoPkg/Library/OpensslLib/openssl/crypto/rsa/rsa_gen.c 2017-01-26 16:01:52.622308528 +0100
|
|
@@ -75,6 +75,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
|
|
goto err;
|
|
|
|
+ /* prepare minimum p and q difference */
|
|
+ if (!BN_one(r3))
|
|
+ goto err;
|
|
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
|
|
+ goto err;
|
|
+
|
|
if (BN_copy(rsa->e, e_value) == NULL)
|
|
goto err;
|
|
|
|
@@ -103,7 +109,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
do {
|
|
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
|
goto err;
|
|
- } while ((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
|
|
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
|
+ goto err;
|
|
+ } while ((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
|
|
if (degenerate == 3) {
|
|
ok = 0; /* we set our own err */
|
|
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, RSA_R_KEY_SIZE_TOO_SMALL);
|