1ff978b22e
SRP and GOST is now allowed, note that GOST support requires adding GOST engine which is not part of openssl anymore
28 lines
1.0 KiB
Diff
28 lines
1.0 KiB
Diff
diff -up openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.1.0f/crypto/rsa/rsa_gen.c
|
|
--- openssl-1.1.0f/crypto/rsa/rsa_gen.c.cc-reqs 2017-05-25 14:46:19.000000000 +0200
|
|
+++ openssl-1.1.0f/crypto/rsa/rsa_gen.c 2017-06-02 14:13:45.352475862 +0200
|
|
@@ -85,6 +85,12 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
|
|
goto err;
|
|
|
|
+ /* prepare minimum p and q difference */
|
|
+ if (!BN_one(r3))
|
|
+ goto err;
|
|
+ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100))
|
|
+ goto err;
|
|
+
|
|
if (BN_copy(rsa->e, e_value) == NULL)
|
|
goto err;
|
|
|
|
@@ -107,7 +113,9 @@ static int rsa_builtin_keygen(RSA *rsa,
|
|
do {
|
|
if (!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
|
|
goto err;
|
|
- } while (BN_cmp(rsa->p, rsa->q) == 0);
|
|
+ if (!BN_sub(r2, rsa->q, rsa->p))
|
|
+ goto err;
|
|
+ } while (BN_ucmp(r2, r3) <= 0);
|
|
if (!BN_sub(r2, rsa->q, BN_value_one()))
|
|
goto err;
|
|
if (!BN_gcd(r1, r2, rsa->e, ctx))
|