New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added CERTIFICATE_VERIFY_MAX_LENGTH
constant
#20486
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@VeronikaNguyen You are aware that you(r employer) needs to provide the CLA before this can move forward? Second comment: For testing these changes, may it be sensible to extend the artificial "signature algorithm" in the test tls-provider to a(n even more artificial) length that actually triggers/necessitates these constant changes? It might be as simple as setting a suitably large number here:
Line 2747 in 9313694
*siglen = max_sig_len; |
Line 2766 in 9313694
*siglen = xor_sig_len; |
oqsprovider
that tests these limits.
Sorry for the late answer. Thanks @baentsch for the review. Yes, I submitted a CLA on Friday. I will look into your testing proposal and update the PR this week. |
We don't accept merge commits. Can you remove the last merge commit? Thanks! |
Aside from that - this PR looks good to me. |
It looks like the author on the commits is not the same as on your submitted CLA. Could you change the author via |
- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to `65538 = 2^16+2` - Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH` in `statem_srvr.c` and `statem_clnt.c`
- to 65539 (2 bytes for the algorithm identifier + 2 bytes of signature length + 65535 bytes of signature)
This pull request is ready to merge |
Squashed the commits and merged to master branch. Thank you for your contribution. |
- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539 (2 bytes for the algorithm identifier + 2 bytes of signature length + 65535 bytes of signature) - Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH` in `statem_srvr.c` and `statem_clnt.c` Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #20486)
CERTIFICATE_VERIFY_MAX_LENGTH
to65539 = 2^16 - 1 + 2 + 2
SSL3_RT_MAX_PLAIN_LENGTH
toCERTIFICATE_VERIFY_MAX_LENGTH
incase TLS_ST_CR_CERT_VRFY
in the functionossl_statem_client_max_message_size
ofstatem_clnt.c
and in the functionossl_statem_server_max_message_size
ofstatem_srvr.c