From 87a796dd69fcdbd1c0dd7594f3ddb16c90abee5e Mon Sep 17 00:00:00 2001
From: Thomas Pornin <pornin@bolet.org>
Date: Tue, 22 Jan 2019 00:04:08 +0100
Subject: [PATCH] Fixed computing of intermediate buffer size for maximum-size
 RSA keys.

---
 src/rsa/rsa_i15_modulus.c | 2 +-
 src/rsa/rsa_i31_modulus.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/rsa/rsa_i15_modulus.c b/src/rsa/rsa_i15_modulus.c
index d61c794..16458c3 100644
--- a/src/rsa/rsa_i15_modulus.c
+++ b/src/rsa/rsa_i15_modulus.c
@@ -28,7 +28,7 @@
 size_t
 br_rsa_i15_compute_modulus(void *n, const br_rsa_private_key *sk)
 {
-	uint16_t tmp[2 * ((BR_MAX_RSA_SIZE + 14) / 15) + 5];
+	uint16_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 14) / 15) + 5];
 	uint16_t *t, *p, *q;
 	const unsigned char *pbuf, *qbuf;
 	size_t nlen, plen, qlen, tlen;
diff --git a/src/rsa/rsa_i31_modulus.c b/src/rsa/rsa_i31_modulus.c
index c469cf3..f5f997f 100644
--- a/src/rsa/rsa_i31_modulus.c
+++ b/src/rsa/rsa_i31_modulus.c
@@ -28,7 +28,7 @@
 size_t
 br_rsa_i31_compute_modulus(void *n, const br_rsa_private_key *sk)
 {
-	uint32_t tmp[2 * ((BR_MAX_RSA_SIZE + 30) / 31) + 5];
+	uint32_t tmp[4 * (((BR_MAX_RSA_SIZE / 2) + 30) / 31) + 5];
 	uint32_t *t, *p, *q;
 	const unsigned char *pbuf, *qbuf;
 	size_t nlen, plen, qlen, tlen;
-- 
2.17.1