[gnutls-devel] GnuTLS | restrict allowlisting api to before priority string initialization (!1533)
Read-only notification of GnuTLS library development activities
gnutls-devel at lists.gnutls.org
Wed Feb 16 20:40:38 CET 2022
Merge request https://gitlab.com/gnutls/gnutls/-/merge_requests/1533 was reviewed by Alexander Sosedkin
--
Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442627
> + _gnutls_debug_log("cfg: unable to construct "
> + "system-wide priority string: %s",
> + strerror(ret));
right, fixed
--
Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442629
> - goto out;
> + if (system_priority_file_loaded) {
> + system_priority_file_loaded = \
OK
--
Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442631
>
> - ret = _gnutls_update_system_priorities();
> + ret = _gnutls_update_system_priorities(1 /* defer_system_wide */);
replaced `1` with `true`
--
Alexander Sosedkin commented on a discussion on lib/priority.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442634
> */
> - ret = _gnutls_update_system_priorities();
> + ret = _gnutls_update_system_priorities(0 /* defer_system_wide */);
replaced `0` with `false`
--
Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442640
> + */
> +
> +#define COPY_ARRAY_NULL_TERMINATE(dst, src, len) \
Oh, right, why didn't I use `memcpy`. Rewriting this one with `memcpy` and unmacroing is just +6 lines, so I unmacroed it.
--
Alexander Sosedkin commented on a discussion on lib/config_int.h: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533#note_845442644
> + */
> +
> +#define APPEND_TO_NULL_TERMINATED_ARRAY(dst, element) \
After some discussions off the MR, I kept this as is and added a comment explaining other possible approaches if somebody takes on it later. If you insist, I can unmacro.
--
Alexander Sosedkin commented:
Many thanks for a prompt review! Pushing an update to address your concerns above +
1. Two unused error codes around `/* irregularity */` intertwined `sigs*` modifications caught by a static analyzer.
2. The issue where deinit + reinit can prevent FIPS tests from working as relevant algorithms are disabled through `supported`/`flags`. The issue isn't a regression + not sure if we even support deinit + reinit, so I rewrote the test to not reinit, but restart the process (and left invocations testing reinit specifically commented out for the future).
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1533
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220216/99e55753/attachment-0001.html>
More information about the Gnutls-devel
mailing list