public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: test in the non-FIPS RSA keygen for minimal distance of p and q
@ 2026-06-09 12:43 Tomas Mraz
0 siblings, 0 replies; only message in thread
From: Tomas Mraz @ 2026-06-09 12:43 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : 6a450be963275556d0b3371487810ffd39392e5f
Author : Tomas Mraz <tmraz@fedoraproject.org>
Date : 2015-01-16T16:16:14+01:00
Stats : +34/-3 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/6a450be963275556d0b3371487810ffd39392e5f?branch=rebase_40beta
Log:
test in the non-FIPS RSA keygen for minimal distance of p and q
similarly to the FIPS RSA keygen
---
diff --git a/openssl-1.0.1e-cc-reqs.patch b/openssl-1.0.1e-cc-reqs.patch
new file mode 100644
index 0000000..e266bb1
--- /dev/null
+++ b/openssl-1.0.1e-cc-reqs.patch
@@ -0,0 +1,25 @@
+diff -up openssl-1.0.1e/crypto/rsa/rsa_gen.c.cc-reqs openssl-1.0.1e/crypto/rsa/rsa_gen.c
+--- openssl-1.0.1e/crypto/rsa/rsa_gen.c.cc-reqs 2015-01-13 12:45:51.000000000 +0100
++++ openssl-1.0.1e/crypto/rsa/rsa_gen.c 2015-01-15 17:35:04.649697922 +0100
+@@ -438,6 +438,10 @@ static int rsa_builtin_keygen(RSA *rsa,
+ if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
+ if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
+
++ /* prepare minimum p and q difference */
++ if (!BN_one(r3)) goto err;
++ if (bitsp > 100 && !BN_lshift(r3, r3, bitsp - 100)) goto err;
++
+ BN_copy(rsa->e, e_value);
+
+ /* generate p and q */
+@@ -463,7 +467,9 @@ static int rsa_builtin_keygen(RSA *rsa,
+ {
+ if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
+ goto err;
+- } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
++ if (!BN_sub(r2, rsa->q, rsa->p))
++ goto err;
++ } while((BN_ucmp(r2, r3) <= 0) && (++degenerate < 3));
+ if(degenerate == 3)
+ {
+ ok = 0; /* we set our own err */
diff --git a/openssl.spec b/openssl.spec
index bac101b..e33bfa8 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -23,7 +23,7 @@
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 1.0.1k
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
# We have to remove certain patented algorithms from the openssl source
# tarball with the hobble-openssl script which is included below.
@@ -88,7 +88,8 @@ Patch80: openssl-1.0.1j-evp-wrap.patch
Patch81: openssl-1.0.1k-padlock64.patch
Patch84: openssl-1.0.1k-trusted-first.patch
Patch85: openssl-1.0.1e-arm-use-elf-auxv-caps.patch
-Patch89: openssl-1.0.1k-ephemeral-key-size.patch
+Patch86: openssl-1.0.1k-ephemeral-key-size.patch
+Patch87: openssl-1.0.1e-cc-reqs.patch
License: OpenSSL
Group: System Environment/Libraries
@@ -210,7 +211,8 @@ cp %{SOURCE12} %{SOURCE13} crypto/ec/
%patch81 -p1 -b .padlock64
%patch84 -p1 -b .trusted-first
%patch85 -p1 -b .armcap
-%patch89 -p1 -b .ephemeral
+%patch86 -p1 -b .ephemeral
+%patch87 -p1 -b .cc-reqs
sed -i 's/SHLIB_VERSION_NUMBER "1.0.0"/SHLIB_VERSION_NUMBER "%{version}"/' crypto/opensslv.h
@@ -478,6 +480,10 @@ rm -rf $RPM_BUILD_ROOT/%{_libdir}/fipscanister.*
%postun libs -p /sbin/ldconfig
%changelog
+* Thu Jan 15 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-2
+- test in the non-FIPS RSA keygen for minimal distance of p and q
+ similarly to the FIPS RSA keygen
+
* Fri Jan 9 2015 Tomáš Mráz <tmraz@redhat.com> 1.0.1k-1
- new upstream release fixing multiple security issues
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:43 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:43 [rpms/openssl] rebase_40beta: test in the non-FIPS RSA keygen for minimal distance of p and q Tomas Mraz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox