Merge branch '3.0'

phpseclib/Math/BigInteger/Engines/Engine.php

@@ -747,6 +747,11 @@ abstract class Engine implements \JsonSerializable
             $min = $temp;
         }
 
+        $length = $max->getLength();
+        if ($length > 8196) {
+            throw new \RuntimeException("Generation of random prime numbers larger than 8196 has been disabled ($length)");
+        }
+
         $x = static::randomRange($min, $max);
 
         return static::randomRangePrimeInner($x, $min, $max);
@@ -938,6 +943,15 @@ abstract class Engine implements \JsonSerializable
      */
     public function isPrime($t = false): bool
     {
+        // OpenSSL limits RSA keys to 16384 bits. The length of an RSA key is equal to the length of the modulo, which is
+        // produced by multiplying the primes p and q by one another. The largest number two 8196 bit primes can produce is
+        // a 16384 bit number so, basically, 8196 bit primes are the largest OpenSSL will generate and if that's the largest
+        // that it'll generate it also stands to reason that that's the largest you'll be able to test primality on
+        $length = $this->getLength();
+        if ($length > 8196) {
+            throw new \RuntimeException("Primality testing is not supported for numbers larger than 8196 bits ($length)");
+        }
+
         if (!$t) {
             $t = $this->setupIsPrime();
         }

tests/Unit/File/X509/X509Test.php

@@ -1394,4 +1394,16 @@ JYhGgW6KsKViE0hzQB8dSAcNcfwQPSKzOd02crXdJ7uYvZZK9prN83Oe1iDaizeA
 
         $this->assertFalse($x509->validateURL('https://aa'));
     }
+
+    public function testLargeInteger()
+    {
+        // cert has an elliptic curve public key with a specified curve (vs a named curve) with
+        // an excessively large integer value
+        $cert = file_get_contents(__DIR__ . '/mal-cert-01.der');
+
+        $x509 = new X509();
+        $x509->loadX509($cert);
+        $this->expectException(\RuntimeException::class);
+        $x509->getPublicKey();
+    }
 }