Skip to content

Commit 8aa419e

Browse files
goatgoosegoatgoose
authored
fix: Increase received signature scheme limit (#4544)
1 parent eb168f2 commit 8aa419e

12 files changed

+64
-44
lines changed

error/s2n_errno.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,7 @@ static const char *no_such_error = "Internal s2n error";
201201
ERR_ENTRY(S2N_ERR_CLIENT_MODE, "Operation not allowed in client mode") \
202202
ERR_ENTRY(S2N_ERR_CLIENT_MODE_DISABLED, "client connections not allowed") \
203203
ERR_ENTRY(S2N_ERR_TOO_MANY_CERTIFICATES, "only 1 certificate is supported in client mode") \
204-
ERR_ENTRY(S2N_ERR_TOO_MANY_SIGNATURE_SCHEMES, "Max supported length of SignatureAlgorithms/SignatureSchemes list is 32") \
204+
ERR_ENTRY(S2N_ERR_TOO_MANY_SIGNATURE_SCHEMES, "Max supported length of SignatureAlgorithms/SignatureSchemes list is 128") \
205205
ERR_ENTRY(S2N_ERR_CLIENT_AUTH_NOT_SUPPORTED_IN_FIPS_MODE, "Client Auth is not supported when in FIPS mode") \
206206
ERR_ENTRY(S2N_ERR_INVALID_BASE64, "invalid base64 encountered") \
207207
ERR_ENTRY(S2N_ERR_INVALID_HEX, "invalid HEX encountered") \

tests/unit/s2n_client_signature_algorithms_extension_test.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ int main(int argc, char **argv)
6464
EXPECT_SUCCESS(s2n_client_signature_algorithms_extension.recv(server_conn, &io));
6565
EXPECT_EQUAL(s2n_stuffer_data_available(&io), 0);
6666

67-
EXPECT_TRUE(server_conn->handshake_params.client_sig_hash_algs.len > 0);
67+
EXPECT_TRUE(server_conn->handshake_params.peer_sig_scheme_list.len > 0);
6868

6969
s2n_stuffer_free(&io);
7070
s2n_connection_free(client_conn);
@@ -91,7 +91,7 @@ int main(int argc, char **argv)
9191

9292
/* If a valid algorithm is offered among unknown algorithms, the valid one should be chosen */
9393
EXPECT_SUCCESS(s2n_client_signature_algorithms_extension.recv(conn, &signature_algorithms_extension));
94-
EXPECT_EQUAL(conn->handshake_params.client_sig_hash_algs.len, sig_hash_algs.len);
94+
EXPECT_EQUAL(conn->handshake_params.peer_sig_scheme_list.len, sig_hash_algs.len);
9595
EXPECT_OK(s2n_signature_algorithm_select(conn));
9696
EXPECT_EQUAL(conn->handshake_params.server_cert_sig_scheme->iana_value, TLS_SIGNATURE_SCHEME_RSA_PKCS1_SHA384);
9797

tests/unit/s2n_server_signature_algorithms_extension_test.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,7 @@ int main(int argc, char **argv)
4444
EXPECT_SUCCESS(s2n_server_signature_algorithms_extension.recv(client_conn, &io));
4545
EXPECT_EQUAL(s2n_stuffer_data_available(&io), 0);
4646

47-
EXPECT_TRUE(client_conn->handshake_params.server_sig_hash_algs.len > 0);
47+
EXPECT_TRUE(client_conn->handshake_params.peer_sig_scheme_list.len > 0);
4848

4949
s2n_stuffer_free(&io);
5050
EXPECT_SUCCESS(s2n_connection_free(server_conn));

tests/unit/s2n_signature_algorithms_test.c

+45-21
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ int main(int argc, char **argv)
254254
struct s2n_local_sig_schemes_context local_context = { 0 };
255255
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
256256
test_schemes, s2n_array_len(test_schemes)));
257-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
257+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
258258
test_schemes, s2n_array_len(test_schemes)));
259259

260260
/* Test: ECDSA */
@@ -301,7 +301,7 @@ int main(int argc, char **argv)
301301
struct s2n_local_sig_schemes_context local_context = { 0 };
302302
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
303303
test_schemes, s2n_array_len(test_schemes)));
304-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
304+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
305305
test_schemes, s2n_array_len(test_schemes)));
306306

307307
/* Test: ECDSA */
@@ -348,7 +348,7 @@ int main(int argc, char **argv)
348348

349349
struct s2n_local_sig_schemes_context local_context = { 0 };
350350
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context, &expected, 1));
351-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
351+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
352352
&expected, 1));
353353

354354
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -367,7 +367,7 @@ int main(int argc, char **argv)
367367

368368
struct s2n_local_sig_schemes_context local_context = { 0 };
369369
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context, &expected, 1));
370-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
370+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
371371
&expected, 1));
372372

373373
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -398,7 +398,7 @@ int main(int argc, char **argv)
398398
{
399399
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
400400
order, s2n_array_len(order)));
401-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
401+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
402402
reversed_order, s2n_array_len(reversed_order)));
403403

404404
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -409,7 +409,7 @@ int main(int argc, char **argv)
409409
{
410410
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
411411
reversed_order, s2n_array_len(reversed_order)));
412-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
412+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
413413
order, s2n_array_len(order)));
414414

415415
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -422,7 +422,7 @@ int main(int argc, char **argv)
422422
{
423423
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
424424
order, s2n_array_len(order)));
425-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
425+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
426426
order, s2n_array_len(order)));
427427

428428
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -444,7 +444,7 @@ int main(int argc, char **argv)
444444
struct s2n_local_sig_schemes_context local_context = { 0 };
445445
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
446446
&invalid, 1));
447-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
447+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
448448
&invalid, 1));
449449

450450
/* Fails for TLS1.3 */
@@ -471,7 +471,7 @@ int main(int argc, char **argv)
471471
struct s2n_local_sig_schemes_context local_context = { 0 };
472472
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
473473
&invalid, 1));
474-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
474+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
475475
&invalid, 1));
476476

477477
/* Fails for TLS1.2 */
@@ -505,7 +505,7 @@ int main(int argc, char **argv)
505505
struct s2n_local_sig_schemes_context local_context = { 0 };
506506
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
507507
&invalid, 1));
508-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
508+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
509509
&invalid, 1));
510510

511511
/* Fails with SHA1 */
@@ -536,7 +536,7 @@ int main(int argc, char **argv)
536536
struct s2n_local_sig_schemes_context local_context = { 0 };
537537
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
538538
&invalid, 1));
539-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
539+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
540540
&invalid, 1));
541541

542542
/* Fails for pkcs1 */
@@ -563,7 +563,7 @@ int main(int argc, char **argv)
563563
struct s2n_local_sig_schemes_context local_context = { 0 };
564564
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
565565
&scheme, 1));
566-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
566+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
567567
&scheme, 1));
568568

569569
/* Fails for default config with no certs */
@@ -594,7 +594,7 @@ int main(int argc, char **argv)
594594
struct s2n_local_sig_schemes_context local_context = { 0 };
595595
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
596596
&scheme, 1));
597-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
597+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
598598
&scheme, 1));
599599

600600
/* Fails for default config with no certs */
@@ -634,7 +634,7 @@ int main(int argc, char **argv)
634634
/* Fails with wrong curve (256) */
635635
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
636636
&ecdsa256, 1));
637-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
637+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
638638
&ecdsa256, 1));
639639
EXPECT_ERROR_WITH_ERRNO(
640640
s2n_signature_algorithm_select(conn),
@@ -643,7 +643,7 @@ int main(int argc, char **argv)
643643
/* Succeeds with right curve (384) */
644644
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
645645
&ecdsa384, 1));
646-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
646+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
647647
&ecdsa384, 1));
648648
EXPECT_OK(s2n_signature_algorithm_select(conn));
649649
};
@@ -673,7 +673,7 @@ int main(int argc, char **argv)
673673
struct s2n_local_sig_schemes_context local_context = { 0 };
674674
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
675675
schemes, s2n_array_len(schemes)));
676-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
676+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
677677
schemes, s2n_array_len(schemes)));
678678

679679
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -702,7 +702,7 @@ int main(int argc, char **argv)
702702
struct s2n_local_sig_schemes_context local_context = { 0 };
703703
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
704704
local_schemes, s2n_array_len(local_schemes)));
705-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
705+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
706706
peer_schemes, s2n_array_len(peer_schemes)));
707707

708708
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -852,7 +852,7 @@ int main(int argc, char **argv)
852852
struct s2n_local_sig_schemes_context local_context = { 0 };
853853
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
854854
local_schemes, s2n_array_len(local_schemes)));
855-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
855+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
856856
peer_schemes, s2n_array_len(peer_schemes)));
857857

858858
/* ECDSA */
@@ -893,7 +893,7 @@ int main(int argc, char **argv)
893893
struct s2n_local_sig_schemes_context local_context = { 0 };
894894
EXPECT_OK(s2n_test_set_local_sig_schemes(conn, &local_context,
895895
local_schemes, s2n_array_len(local_schemes)));
896-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
896+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
897897
peer_schemes, s2n_array_len(peer_schemes)));
898898

899899
EXPECT_OK(s2n_signature_algorithm_select(conn));
@@ -1056,6 +1056,30 @@ int main(int argc, char **argv)
10561056
};
10571057
};
10581058

1059+
/* Test: Ensure that the maximum number of permitted signature schemes can be received. */
1060+
const uint16_t max_sig_schemes = TLS_SIGNATURE_SCHEME_LIST_MAX_LEN;
1061+
for (uint16_t count = max_sig_schemes - 1; count <= max_sig_schemes + 1; count++) {
1062+
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT),
1063+
s2n_connection_ptr_free);
1064+
EXPECT_NOT_NULL(conn);
1065+
1066+
DEFER_CLEANUP(struct s2n_stuffer input = { 0 }, s2n_stuffer_free);
1067+
EXPECT_SUCCESS(s2n_stuffer_growable_alloc(&input, 0));
1068+
1069+
uint16_t sig_scheme_list_size = count * TLS_SIGNATURE_SCHEME_LEN;
1070+
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&input, sig_scheme_list_size));
1071+
for (size_t i = 0; i < count; i++) {
1072+
EXPECT_SUCCESS(s2n_stuffer_write_uint16(&input, s2n_rsa_pkcs1_sha256.iana_value));
1073+
}
1074+
1075+
int ret = s2n_recv_supported_sig_scheme_list(&input, &conn->handshake_params.peer_sig_scheme_list);
1076+
if (count <= max_sig_schemes) {
1077+
EXPECT_SUCCESS(ret);
1078+
} else {
1079+
EXPECT_FAILURE_WITH_ERRNO(ret, S2N_ERR_TOO_MANY_SIGNATURE_SCHEMES);
1080+
}
1081+
}
1082+
10591083
/* Test: send and receive default signature preferences */
10601084
for (size_t i = S2N_TLS10; i < S2N_TLS13; i++) {
10611085
DEFER_CLEANUP(struct s2n_connection *conn = s2n_connection_new(S2N_CLIENT),
@@ -1162,7 +1186,7 @@ int main(int argc, char **argv)
11621186
EXPECT_SUCCESS(s2n_connection_set_config(conn, config));
11631187

11641188
const struct s2n_signature_scheme *schemes[] = { &s2n_rsa_pss_rsae_sha256 };
1165-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.server_sig_hash_algs,
1189+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
11661190
schemes, s2n_array_len(schemes)));
11671191

11681192
if (s2n_is_rsa_pss_signing_supported()) {
@@ -1187,7 +1211,7 @@ int main(int argc, char **argv)
11871211

11881212
/* Invalid (PKCS1 not allowed by TLS1.3) */
11891213
const struct s2n_signature_scheme *peer_schemes[] = { &s2n_rsa_pkcs1_sha224 };
1190-
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.client_sig_hash_algs,
1214+
EXPECT_OK(s2n_test_set_peer_sig_schemes(&conn->handshake_params.peer_sig_scheme_list,
11911215
peer_schemes, s2n_array_len(peer_schemes)));
11921216

11931217
/* Both PKCS1 and PSS supported */

tests/unit/s2n_tls13_cert_request_extensions_test.c

+2-2
Original file line numberDiff line numberDiff line change
@@ -37,10 +37,10 @@ int main(int argc, char **argv)
3737
EXPECT_NOT_NULL(conn = s2n_connection_new(S2N_CLIENT));
3838
conn->actual_protocol_version = S2N_TLS13;
3939

40-
EXPECT_EQUAL(conn->handshake_params.server_sig_hash_algs.len, 0);
40+
EXPECT_EQUAL(conn->handshake_params.peer_sig_scheme_list.len, 0);
4141
EXPECT_SUCCESS(s2n_tls13_cert_req_send(conn));
4242
EXPECT_SUCCESS(s2n_tls13_cert_req_recv(conn));
43-
EXPECT_NOT_EQUAL(conn->handshake_params.server_sig_hash_algs.len, 0);
43+
EXPECT_NOT_EQUAL(conn->handshake_params.peer_sig_scheme_list.len, 0);
4444

4545
EXPECT_SUCCESS(s2n_connection_free(conn));
4646
}

tests/unit/s2n_tls13_cert_request_test.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,7 @@ int main(int argc, char **argv)
6969
EXPECT_TRUE(s2n_stuffer_data_available(&client_conn->handshake.io) > 0);
7070
EXPECT_SUCCESS(s2n_tls13_cert_req_recv(client_conn));
7171

72-
EXPECT_TRUE(client_conn->handshake_params.server_sig_hash_algs.len > 0);
72+
EXPECT_TRUE(client_conn->handshake_params.peer_sig_scheme_list.len > 0);
7373

7474
EXPECT_SUCCESS(s2n_connection_free(client_conn));
7575
EXPECT_SUCCESS(s2n_connection_free(server_conn));

tls/extensions/s2n_client_signature_algorithms.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -49,5 +49,5 @@ static int s2n_client_signature_algorithms_send(struct s2n_connection *conn, str
4949

5050
static int s2n_client_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
5151
{
52-
return s2n_recv_supported_sig_scheme_list(extension, &conn->handshake_params.client_sig_hash_algs);
52+
return s2n_recv_supported_sig_scheme_list(extension, &conn->handshake_params.peer_sig_scheme_list);
5353
}

tls/extensions/s2n_server_signature_algorithms.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -44,5 +44,5 @@ static int s2n_signature_algorithms_send(struct s2n_connection *conn, struct s2n
4444

4545
static int s2n_signature_algorithms_recv(struct s2n_connection *conn, struct s2n_stuffer *extension)
4646
{
47-
return s2n_recv_supported_sig_scheme_list(extension, &conn->handshake_params.server_sig_hash_algs);
47+
return s2n_recv_supported_sig_scheme_list(extension, &conn->handshake_params.peer_sig_scheme_list);
4848
}

tls/s2n_handshake.h

+7-5
Original file line numberDiff line numberDiff line change
@@ -104,13 +104,15 @@ struct s2n_handshake_parameters {
104104
struct s2n_blob client_cert_chain;
105105
s2n_pkey_type client_cert_pkey_type;
106106

107-
/* Signature/hash algorithm pairs offered by the client in the signature_algorithms extension */
108-
struct s2n_sig_scheme_list client_sig_hash_algs;
107+
/* Signature/hash algorithm pairs offered by the peer.
108+
*
109+
* In the case of server connections, this list contains the client's supported signature
110+
* schemes offered in the ClientHello. In the case of client connections, this list contains
111+
* the server's supported signature schemes offered in the CertificateRequest.
112+
*/
113+
struct s2n_sig_scheme_list peer_sig_scheme_list;
109114
/* Signature scheme chosen by the server */
110115
const struct s2n_signature_scheme *server_cert_sig_scheme;
111-
112-
/* Signature/hash algorithm pairs offered by the server in the certificate request */
113-
struct s2n_sig_scheme_list server_sig_hash_algs;
114116
/* Signature scheme chosen by the client */
115117
const struct s2n_signature_scheme *client_cert_sig_scheme;
116118

tls/s2n_server_cert_request.c

+1-1
Original file line numberDiff line numberDiff line change
@@ -121,7 +121,7 @@ int s2n_cert_req_recv(struct s2n_connection *conn)
121121
POSIX_GUARD(s2n_recv_client_cert_preferences(in, &cert_type));
122122

123123
if (conn->actual_protocol_version == S2N_TLS12) {
124-
POSIX_GUARD(s2n_recv_supported_sig_scheme_list(in, &conn->handshake_params.server_sig_hash_algs));
124+
POSIX_GUARD(s2n_recv_supported_sig_scheme_list(in, &conn->handshake_params.peer_sig_scheme_list));
125125
}
126126

127127
uint16_t cert_authorities_len = 0;

tls/s2n_signature_algorithms.c

+1-7
Original file line numberDiff line numberDiff line change
@@ -161,13 +161,7 @@ static S2N_RESULT s2n_signature_algorithms_validate_supported_by_peer(
161161
{
162162
RESULT_ENSURE_REF(conn);
163163

164-
const struct s2n_sig_scheme_list *peer_list = NULL;
165-
if (conn->mode == S2N_CLIENT) {
166-
peer_list = &conn->handshake_params.server_sig_hash_algs;
167-
} else {
168-
peer_list = &conn->handshake_params.client_sig_hash_algs;
169-
}
170-
164+
const struct s2n_sig_scheme_list *peer_list = &conn->handshake_params.peer_sig_scheme_list;
171165
for (size_t i = 0; i < peer_list->len; i++) {
172166
if (peer_list->iana_list[i] == iana) {
173167
return S2N_RESULT_OK;

tls/s2n_tls_parameters.h

+1-1
Original file line numberDiff line numberDiff line change
@@ -157,7 +157,7 @@
157157
#define TLS_SIGNATURE_SCHEME_RSA_PSS_PSS_SHA512 0x080B
158158

159159
#define TLS_SIGNATURE_SCHEME_LEN 2
160-
#define TLS_SIGNATURE_SCHEME_LIST_MAX_LEN 64
160+
#define TLS_SIGNATURE_SCHEME_LIST_MAX_LEN 128
161161

162162
/* The TLS record types we support */
163163
#define SSLv2_CLIENT_HELLO 1

0 commit comments

Comments
 (0)