[gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512)

[Read-only notification of GnuTLS library development activities]

Daiki Ueno commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849608834

> +int
> +gnutls_compress_certificate_set_methods(gnutls_session_t session, const gnutls_datum_t * methods)
> +{
> +    int ret, tmp;
> +    uint16_t priv_algs[MAX_COMPRESS_CERTIFICATE_METHODS];
> +    gnutls_compression_method_t algs[MAX_COMPRESS_CERTIFICATE_METHODS];
> +    gnutls_datum_t priv;
> +
> +    if (methods->size < MIN_COMPRESS_CERTIFICATE_METHODS ||
> +        methods->size > MAX_COMPRESS_CERTIFICATE_METHODS)
> +        return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
> +
> +    memcpy(algs, methods->data, methods->size * sizeof(gnutls_compression_method_t));
> +
> +    for (unsigned i = 0; i < methods->size; ++i) {
> +        tmp = _gnutls_compress_certificate_method2num(algs[i]);

`GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER` is typically used when the TLS server/client receives illegal parameter from the peer. In this case, the caller of this function is application, I'd say `GNUTLS_E_INVALID_REQUEST` is more appropriate.

> Because currently if you would set them, you wouldnt be able to unset them as methods_len 0 would be an invalid param error.

Couldn't it possible to check `methods_len` at the beginning of the function (before checking the content of `methods`) and unset priv data if it's 0?

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_849608834
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220221/defe76cd/attachment.html>