Hi, On Tue, Oct 19, 2021 at 2:32 PM Arne Schwabe <a...@rfc2549.org> wrote:
> The signature messages required by external key managed also break > the 1280 limit. To also avoid this surprise of different behaviour > with PKCS11 enabled/disable, always use the larger size. > This may be enough in most cases, but to be safer, shall we increase it to 10240? I have seen up to 6 K handshake messages when undigested messages are to be passed to the management interface and that's already 8K with base64 overhead. That said, I think we need a better solution. As it stands it's a bit silly that we keep allocating required buffers dynamically at the origination point, a number of places in manage.c, all the way up to x_msg_va() in error.c where it gets silently truncated to a hard-coded size. Can we use the return value of vsnprintf() in x_msg_va() to determine the size of the buffer required? Not sure whether that is reliable on all platforms. Only the size of m1 has to be determined as m2 has a more-or-less predictable overhead on top of that. Selva
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
