From 081d08fa58e300142f08ee670d63c84333a47cb0 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Mon, 28 Oct 2019 14:43:42 +0000 Subject: [PATCH] Increase OSSL_PARAM_BLD_MAX for multi-prime RSA The old value of 10 for OSSL_PARAM_BLD_MAX is insufficient for multi-prime RSA. That code has this assert: if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1 + numprimes + numexps + numcoeffs <= OSSL_PARAM_BLD_MAX)) goto err; So we increase OSSL_PARAM_BLD_MAX which would be enough for 7 primes (more than you would ever reasonably want). Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/10152) --- crypto/rsa/rsa_ameth.c | 5 +---- include/internal/param_build.h | 2 +- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c index d2f976f681..ade3fe2578 100644 --- a/crypto/rsa/rsa_ameth.c +++ b/crypto/rsa/rsa_ameth.c @@ -1096,10 +1096,7 @@ static void *rsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt, if (numprimes < 2 || numexps < 2 || numcoeffs < 1) goto err; - /* - * assert that an OSSL_PARAM_BLD has enough space. - * (the current 10 places doesn't have space for multi-primes) - */ + /* assert that an OSSL_PARAM_BLD has enough space. */ if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1 + numprimes + numexps + numcoeffs <= OSSL_PARAM_BLD_MAX)) diff --git a/include/internal/param_build.h b/include/internal/param_build.h index a5297b843d..a8116e35cd 100644 --- a/include/internal/param_build.h +++ b/include/internal/param_build.h @@ -11,7 +11,7 @@ #include #include -#define OSSL_PARAM_BLD_MAX 10 +#define OSSL_PARAM_BLD_MAX 25 typedef struct { const char *key; -- 2.25.1