Increase OSSL_PARAM_BLD_MAX for multi-prime RSA
authorMatt Caswell <matt@openssl.org>
Mon, 28 Oct 2019 14:43:42 +0000 (14:43 +0000)
committerMatt Caswell <matt@openssl.org>
Thu, 14 Nov 2019 09:29:46 +0000 (09:29 +0000)
The old value of 10 for OSSL_PARAM_BLD_MAX is insufficient for multi-prime
RSA. That code has this assert:

        if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1
                         + numprimes + numexps + numcoeffs
                         <= OSSL_PARAM_BLD_MAX))
            goto err;

So we increase OSSL_PARAM_BLD_MAX which would be enough for 7 primes
(more than you would ever reasonably want).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)

crypto/rsa/rsa_ameth.c
include/internal/param_build.h

index d2f976f6814a33f8e2313f77f9081b450060a0a6..ade3fe25780ed9b54570b16c4b166453744ee1a5 100644 (file)
@@ -1096,10 +1096,7 @@ static void *rsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
         if (numprimes < 2 || numexps < 2 || numcoeffs < 1)
             goto err;
 
-        /*
-         * assert that an OSSL_PARAM_BLD has enough space.
-         * (the current 10 places doesn't have space for multi-primes)
-         */
+        /* assert that an OSSL_PARAM_BLD has enough space. */
         if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1
                          + numprimes + numexps + numcoeffs
                          <= OSSL_PARAM_BLD_MAX))
index a5297b843d126d8dab96f1c961a7547965af1a5a..a8116e35cdbd5821ed912e4dda43f6ccbe373ed5 100644 (file)
@@ -11,7 +11,7 @@
 #include <openssl/params.h>
 #include <openssl/types.h>
 
-#define OSSL_PARAM_BLD_MAX 10
+#define OSSL_PARAM_BLD_MAX 25
 
 typedef struct {
     const char *key;