Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid storing signature schemes in a separate buffer #4543

Open
goatgoose opened this issue May 6, 2024 · 1 comment
Open

Avoid storing signature schemes in a separate buffer #4543

goatgoose opened this issue May 6, 2024 · 1 comment
Labels
priority/medium Rank 3 size/medium

Comments

@goatgoose
Copy link
Contributor

goatgoose commented May 6, 2024
edited

Problem:

Currently the peer's signature schemes are read into the iana_list buffer. This limits the number of possible signature schemes the peer is allowed to send, since the buffer has a fixed size. If too many signature schemes are received, the connection fails.

Solution:

Rather than copy the signature schemes into a separate buffer, the signature schemes should instead be read straight from the client hello/certificate request.
@goatgoose goatgoose added the priority/high Rank 2 label May 6, 2024
@lrstewart
Copy link
Contributor

In case it helps: I started on but I guess never finished this last year e088cb7 I'm not sure why I thought skipping extensions was necessary there though, we should just be able to have a separate "process" method we call after receiving the extension, like we do to calculate the PSK binders.

@goatgoose goatgoose mentioned this issue May 6, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
priority/medium Rank 3 size/medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@goatgoose @lrstewart