-
Notifications
You must be signed in to change notification settings - Fork 19
Implementation Notes
We have made several changes to the existing BoringSSL code that can be viewed by grepping for "OQS note:". Some of the more salient ones are:
-
ssl/handshake.cc:ssl_max_handshake_message_len: The maximum message size for handshakes which do not accept peer certificate chains has been increased from 2^14 to 2^15 = 32768 bytes to accommodate the
Frodo1344
variants. -
t1_lib.cc: We have numerous key-exchange algorithms and their hybrid variants in the fork, and it would be unwieldy to add all their group IDs and keyshares the ClientHello. We therefore only list the level-1 P-256 hybrids in the ClientHello by default. To override this default behaviour, the client can use the
SSL_CTX_set1_curves_list
call, or, if possible, specify the curve through a command line option. -
ssl.h: To accommodate some of the Rainbow variants (such as
Rainbow-Ia-Classic
) we have increased the value ofSSL_MAX_CERT_LIST_DEFAULT
, the maximum acceptable length of a peer certificate chain, from 102400 bytes to the maximum possible value specified by RFC 8446, which is 2^(24) - 1 = 16777215 bytes.