Skip to content

Implementation Notes

Jump to bottom
PI edited this page Nov 2, 2023 · 8 revisions

We have made several changes to the existing BoringSSL code that can be viewed by grepping for "OQS note:". Some of the more salient ones are:

  1. ssl/handshake.cc:ssl_max_handshake_message_len: The maximum message size for handshakes which do not accept peer certificate chains has been increased from 2^14 to 2^15 = 32768 bytes to accommodate the Frodo1344 variants.

  2. extensions.cc: We have numerous key-exchange algorithms and their hybrid variants in the fork, and it would be unwieldy to add all their group IDs and keyshares the ClientHello. We therefore only list the level-1 P-256 hybrids in the ClientHello by default. To override this default behaviour, the client can use the SSL_CTX_set1_curves_list call, or, if possible, specify the curve through a command line option. If this is impossible, e.g., because the client does not provide access to this option, the code needs to be changed (the list of entries in kDefaultGroups) if a specific (set of) default groups shall be announced by the client.

Clone this wiki locally