-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow longer username and password under Dynamic Challenge/Response P… #295
base: master
Are you sure you want to change the base?
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
{ | ||
inputs = { | ||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; | ||
devenv.url = "github:cachix/devenv"; | ||
}; | ||
|
||
outputs = { self, nixpkgs, devenv, ... } @ inputs: | ||
let | ||
systems = [ "x86_64-linux" "i686-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; | ||
forAllSystems = f: builtins.listToAttrs (map (name: { inherit name; value = f name; }) systems); | ||
in | ||
{ | ||
devShells = forAllSystems | ||
(system: | ||
let | ||
pkgs = import nixpkgs { | ||
inherit system; | ||
}; | ||
in | ||
{ | ||
default = devenv.lib.mkShell { | ||
inherit inputs pkgs; | ||
modules = [ | ||
{ | ||
# https://devenv.sh/reference/options/ | ||
packages = [ | ||
pkgs.autoconf | ||
pkgs.automake | ||
pkgs.libtool | ||
pkgs.openssl_1_1 | ||
pkgs.lz4 | ||
pkgs.lzo | ||
pkgs.pam | ||
pkgs.cmocka | ||
]; | ||
|
||
languages.c.enable = true; | ||
|
||
enterShell = '' | ||
# Allows autreconf to find libtool. | ||
export ACLOCAL_PATH=${pkgs.libtool}/share/aclocal:$ACLOCAL_PATH | ||
''; | ||
} | ||
]; | ||
}; | ||
}); | ||
}; | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -65,7 +65,11 @@ struct user_pass | |
#ifdef ENABLE_PKCS11 | ||
#define USER_PASS_LEN 4096 | ||
#else | ||
#define USER_PASS_LEN 128 | ||
/* | ||
* Increase the username and password length size to 65KB, in order | ||
* to support long passwords under the dynamic challenge/response protocol. | ||
*/ | ||
#define USER_PASS_LEN 65536 | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Only increasing the size to 65k when PKCS11 is not enabled feels questionable to say the least. This would in most cases not change anything as PKCS11 is typically enabled. |
||
#endif | ||
/* Note that username and password are expected to be null-terminated */ | ||
char username[USER_PASS_LEN]; | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -52,10 +52,13 @@ | |
#define MAX_PARMS 16 | ||
|
||
/* | ||
* Max size of options line and parameter. | ||
* Max size of options line and parameter. Note these | ||
* must be able to accomodate large (>50Kb) values in | ||
* order to support long passwords under the dynamic challenge-response | ||
* protocol. | ||
*/ | ||
#define OPTION_PARM_SIZE 256 | ||
#define OPTION_LINE_SIZE 256 | ||
#define OPTION_PARM_SIZE USER_PASS_LEN | ||
#define OPTION_LINE_SIZE OPTION_PARM_SIZE | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Changing these constants here is a very drastic change that changes all kind of parsing. |
||
|
||
extern const char title_string[]; | ||
|
||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think this makes sense as TLS record size is only 16k.