-
由 Tomas Mraz 提交于
If |q| >= |p| then the q value is obviously wrong as q is supposed to be a prime divisor of p-1. We check if p is overly large so this added test implies that q is not large either when performing subsequent tests using that q value. Otherwise if it is too large these additional checks of the q value such as the primality test can then trigger DoS by doing overly long computations. Fixes CVE-2023-3817 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21551) Signed-off-by: Ncode4lala <fengziteng2@huawei.com>
3607afbf