openGauss-third_party/dependency/openssl/CVE-2023-3817.patch

diff -Naur a/crypto/dh/dh_check.c b/crypto/dh/dh_check.c
--- a/crypto/dh/dh_check.c	2023-09-01 14:52:09.746018434 +0800
+++ b/crypto/dh/dh_check.c	2023-09-01 15:06:12.055519115 +0800
@@ -97,7 +97,7 @@
 
 int DH_check(const DH *dh, int *ret)
 {
-    int ok = 0, r;
+    int ok = 0, r, q_good = 0;
     BN_CTX *ctx = NULL;
     BIGNUM *t1 = NULL, *t2 = NULL;
 
@@ -113,7 +113,14 @@
     if (t2 == NULL)
         goto err;
 
-    if (dh->q) {
+    if (dh->q != NULL) {
+        if (BN_ucmp(dh->p, dh->q) > 0)
+            q_good = 1;
+        else
+            *ret |= DH_CHECK_INVALID_Q_VALUE;
+    }
+
+    if (q_good) {
         if (BN_cmp(dh->g, BN_value_one()) <= 0)
             *ret |= DH_NOT_SUITABLE_GENERATOR;
         else if (BN_cmp(dh->g, dh->p) >= 0)