bump GNUTLS_MAX_ALGORITHM_NUM / MAX_ALGOS

Fedora 36 LEGACY crypto-policy uses allowlisting format
and is long enough to blow past the 64 priority string
elements mark, causing, effectively, priority string truncation.

Signed-off-by: Alexander Sosedkin <asosedkin@redhat.com>

diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in
index 6359a0edb6ff39eb1e57391eeab2a7357bc291d5..16140c878794c35592659e3a8e44395dfc5e991a 100644 (file)
--- a/lib/includes/gnutls/gnutls.h.in
+++ b/lib/includes/gnutls/gnutls.h.in
@@ -408,7 +408,7 @@ typedef enum {
   /* exported for other gnutls headers. This is the maximum number of
    * algorithms (ciphers, kx or macs).
    */
-#define GNUTLS_MAX_ALGORITHM_NUM 64
+#define GNUTLS_MAX_ALGORITHM_NUM 128
 #define GNUTLS_MAX_SESSION_ID_SIZE 32
 
 

diff --git a/lib/priority.c b/lib/priority.c
index 54d7b1bb45a59009515730d0be90c5726ff1cf8c..e7698ba7eb0f8f947db9336d2392e6247eb8647f 100644 (file)
--- a/lib/priority.c
+++ b/lib/priority.c
@@ -43,7 +43,7 @@
 #include "profiles.h"
 #include "name_val_array.h"
 
-#define MAX_ELEMENTS 64
+#define MAX_ELEMENTS GNUTLS_MAX_ALGORITHM_NUM
 
 #define ENABLE_PROFILE(c, profile) do { \
        c->additional_verify_flags &= 0x00ffffff; \