mirror of
https://github.com/openssl/openssl.git
synced 2024-12-15 06:01:37 +08:00
1c16253f3c
If |q| >= |p| then the q value is obviously wrong as q is supposed to be a prime divisor of p-1. We check if p is overly large so this added test implies that q is not large either when performing subsequent tests using that q value. Otherwise if it is too large these additional checks of the q value such as the primality test can then trigger DoS by doing overly long computations. Fixes CVE-2023-3817 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21550) |
||
|---|---|---|
| .. | ||
| build.info | ||
| dh_ameth.c | ||
| dh_asn1.c | ||
| dh_backend.c | ||
| dh_check.c | ||
| dh_depr.c | ||
| dh_err.c | ||
| dh_gen.c | ||
| dh_group_params.c | ||
| dh_kdf.c | ||
| dh_key.c | ||
| dh_lib.c | ||
| dh_local.h | ||
| dh_meth.c | ||
| dh_pmeth.c | ||
| dh_prn.c | ||
| dh_rfc5114.c | ||