[gnutls-devel] GnuTLS | Add compress_certificate extension (RFC8879) (!1512)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Tue Feb 22 18:08:13 CET 2022 



Daiki Ueno commented on a discussion on lib/ext/compress_certificate.c: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851506961

> +        return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
> +
> +    for (unsigned i = 0; i < methods_len; ++i) {
> +        tmp = _gnutls_compress_certificate_method2num(methods[i]);
> +        if (tmp == GNUTLS_E_RECEIVED_ILLEGAL_PARAMETER ||
> +            gnutls_compression_get_name(tmp) == NULL)
> +            return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
> +        _gnutls_write_uint16(tmp, (uint8_t *)(algs + i));
> +    }
> +
> +    _gnutls_hello_ext_unset_priv(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE);
> +
> +    priv.data = (unsigned char *)algs;
> +    priv.size = methods_len * sizeof(uint16_t);
> +
> +    ret = _gnutls_hello_ext_set_datum(session, GNUTLS_EXTENSION_COMPRESS_CERTIFICATE, &priv);

For sending that would be ok, but for receiving you still have deserialization logic for the data we set by ourselves (to figure out the overlapped algorithms sent by the peer and ours).

I'd say it is a good practice to avoid (de)serialization as possible, and one way to do that is to do (de)serialization at the very point it is needed. So I suggest:

- in `_set_methods`, store `gnutls_compression_method_t` as is in priv, no serialization
- in `_send`, serialize the `gnutls_compression_method_t` array to bytes
- in `_recv`, deserialize the `gnutls_compression_method_t` array from bytes

Currently, it's mixed like:

- in `_set_methods`, serialize the `gnutls_compression_method_t` to bytes and store it in priv
- in `_send`, send it as is
- in `_recv`, deserialize the `gnutls_compression_method_t` array from bytes sent by the peer, as well as ours

which is a bit hard to follow...

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1512#note_851506961
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220222/262f8774/attachment-0001.html>

More information about the Gnutls-devel mailing list