[gnutls-devel] wrongly encoded padding extension in GnuTLS
nmav at gnutls.org
Thu Jul 9 13:47:39 CEST 2015
On Thu, Jul 9, 2015 at 12:13 PM, Hannes Mehnert <hannes at mehnert.org> wrote:
> while investigating an interoperability failure between GnuTLS and
> nqsb-TLS , I discovered that your encoding of the padding extension
> (ext/dumbfw.c) is slightly wrong.
> The IETF draft  specifies the extension type to be 0x00 0x15,
> followed by the extension length (another 16 bit), followed by
> extension length 0s, the example being:
> 00 15 00 06 00 00 00 00 00 00
> But GnuTLS encodes another 16 bit length field inside the padding data:
> 00 15 00 06 00 04 00 00 00 00
Thanks, nice catch. That code seems to follow an earlier draft which
in the contents.
> While this is likely not a security issue yet, encoding arbitrary data
> in padding lead to several problems in the past (PKCS, ASN.1 encoding,
> POODLE, ...).
I think that is an overstatement. The TLS extension padding is to
avoid certain broken firewalls,
and has no cryptographic significance whatsoever.
More information about the Gnutls-devel