From: Matt Caswell <matt@openssl.org>
Date: Mon, 28 Oct 2019 14:43:42 +0000 (+0000)
Subject: Increase OSSL_PARAM_BLD_MAX for multi-prime RSA
X-Git-Tag: openssl-3.0.0-alpha1~958
X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=081d08fa58e300142f08ee670d63c84333a47cb0

Increase OSSL_PARAM_BLD_MAX for multi-prime RSA

The old value of 10 for OSSL_PARAM_BLD_MAX is insufficient for multi-prime
RSA. That code has this assert:

        if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1
                         + numprimes + numexps + numcoeffs
                         <= OSSL_PARAM_BLD_MAX))
            goto err;

So we increase OSSL_PARAM_BLD_MAX which would be enough for 7 primes
(more than you would ever reasonably want).

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10152)
---

diff --git a/crypto/rsa/rsa_ameth.c b/crypto/rsa/rsa_ameth.c
index d2f976f681..ade3fe2578 100644
--- a/crypto/rsa/rsa_ameth.c
+++ b/crypto/rsa/rsa_ameth.c
@@ -1096,10 +1096,7 @@ static void *rsa_pkey_export_to(const EVP_PKEY *pk, EVP_KEYMGMT *keymgmt,
         if (numprimes < 2 || numexps < 2 || numcoeffs < 1)
             goto err;
 
-        /*
-         * assert that an OSSL_PARAM_BLD has enough space.
-         * (the current 10 places doesn't have space for multi-primes)
-         */
+        /* assert that an OSSL_PARAM_BLD has enough space. */
         if (!ossl_assert(/* n, e */ 2 + /* d */ 1 + /* numprimes */ 1
                          + numprimes + numexps + numcoeffs
                          <= OSSL_PARAM_BLD_MAX))
diff --git a/include/internal/param_build.h b/include/internal/param_build.h
index a5297b843d..a8116e35cd 100644
--- a/include/internal/param_build.h
+++ b/include/internal/param_build.h
@@ -11,7 +11,7 @@
 #include <openssl/params.h>
 #include <openssl/types.h>
 
-#define OSSL_PARAM_BLD_MAX 10
+#define OSSL_PARAM_BLD_MAX 25
 
 typedef struct {
     const char *key;