[gnutls-devel] GnuTLS | WIP: KTLS key update support (!1625)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Sep 27 08:02:06 CEST 2022 


Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1625 was reviewed by Daiki Ueno

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno started a new discussion on lib/system/ktls.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1115437509

>  
> -int _gnutls_ktls_set_keys(gnutls_session_t session)
> +gnutls_transport_ktls_enable_flags_t

I would keep the return type as `int`, because this function could return error codes, which are not part of the `gnutls_transport_ktls_enable_flags_t` enum, and that may confuse the caller.

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno started a new discussion on lib/handshake.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1115437512

>  	if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_DUPLEX)) {
> -		_gnutls_ktls_set_keys(session);
> +		_gnutls_ktls_set_keys(session, GNUTLS_KTLS_DUPLEX);

No check on the return value?

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno started a new discussion on lib/tls13/key_update.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1115437517

>  		ret = _tls13_write_connection_state_init(session, stage);
> +		if (IS_KTLS_ENABLED(session, GNUTLS_KTLS_SEND))
> +			ret = _gnutls_ktls_set_keys(session, GNUTLS_KTLS_SEND);

This overwrites `ret` previously set. Maybe if could add:
```c
if (ret < 0)
  return gnutls_assert_val(ret);
```
before the `if`?

--
  <!-- Get preloaded note discussion-->
  
Daiki Ueno started a new discussion on lib/record.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625#note_1115437520

>  
>  	/* When using this, the outgoing handshake messages should
>  	 * also be handled manually */

Good to expand the comment explaining why KTLS is special here.


-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1625
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220927/a3e8b954/attachment-0001.html>

More information about the Gnutls-devel mailing list