Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

der: support lengths larger than 64kB #370

Closed
tarcieri opened this issue Apr 15, 2021 · 0 comments · Fixed by #411
Closed

der: support lengths larger than 64kB #370

tarcieri opened this issue Apr 15, 2021 · 0 comments · Fixed by #411

Comments

@tarcieri
Copy link
Member

The der crate presently supports documents up to 64kB (i.e. 65535 bytes).

While having a maximum document size bound in general seems like a good idea, the specific choice of 64kB is imposed because the length decoder/encoder implementations do not support longer lengths, and only support encoded lengths of up to 3-bytes. Internally the Length newtype uses u32 and thus could potentially support a larger Length value.

It might make sense to expand this by one additional byte: 4-bytes total, 1-byte encoding the length-of-the-length, 3-bytes for representing the length itself as a big endian integer. That would raise the max document size to 16384kB (16777216 bytes).

tarcieri added a commit that referenced this issue May 16, 2021
Closes #370.

Adds support for 4-byte DER-encoded lengths.

While this could potentially support lengths up to 16 MiB (2 << 24),
the library maintains a more conservative cap of 1 MiB as this should
be sufficient for the security-oriented cases this library is intended
to be used for.

This can be re-examined if there is a legitimate use case.
tarcieri added a commit that referenced this issue May 16, 2021
Closes #370.

Adds support for 4-byte DER-encoded lengths.

While this could potentially support lengths up to 16 MiB (2 << 24),
the library maintains a more conservative cap of 1 MiB as this should
be sufficient for the security-oriented cases this library is intended
to be used for.

This can be re-examined if there is a legitimate use case.
tarcieri added a commit that referenced this issue May 16, 2021
Closes #370.

Adds support for 4-byte DER-encoded lengths.

While this could potentially support lengths up to 16 MiB (2 << 24),
the library maintains a more conservative cap of 1 MiB as this should
be sufficient for the security-oriented cases this library is intended
to be used for.

This can be re-examined if there is a legitimate use case.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

1 participant