-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Address misc security issues #47
Conversation
07fec5e
to
b70e8bf
Compare
rustica/src/verification.rs
Outdated
// Restrict the max size of certificates | ||
// For Yubikey 5 Nano, actual intermediate cert size is approx 800 bytes | ||
// and actual client cert size is approx 700 bytes | ||
const CERT_MAX_SIZE: usize = 1024 * 2; // 2 KiB |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These should go at the top of the file or in the lib.rs
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@obelisk Do you think the size check itself should be done in sshcerts too? That'd be cleaner but it might break some edge cases where people have unusually large attestation data.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just address the constant
Testing done: