[gnutls-devel] wrongly encoded padding extension in GnuTLS

Nikos Mavrogiannopoulos nmav at gnutls.org
Thu Jul 9 13:47:39 CEST 2015


On Thu, Jul 9, 2015 at 12:13 PM, Hannes Mehnert <hannes at mehnert.org> wrote:
> Hi,
> while investigating an interoperability failure between GnuTLS and
> nqsb-TLS [1], I discovered that your encoding of the padding extension
> (ext/dumbfw.c) is slightly wrong.
> The IETF draft [2] specifies the extension type to be 0x00 0x15,
> followed by the extension length (another 16 bit), followed by
> extension length 0s, the example being:
> 00 15 00 06 00 00 00 00 00 00
> But GnuTLS encodes another 16 bit length field inside the padding data:
> 00 15 00 06 00 04 00 00 00 00

Thanks, nice catch. That code seems to follow an earlier draft which
allowed freedom
in the contents.

> While this is likely not a security issue yet, encoding arbitrary data
> in padding lead to several problems in the past (PKCS, ASN.1 encoding,
> POODLE, ...).

I think that is an overstatement. The TLS extension padding is to
avoid certain broken firewalls,
and has no cryptographic significance whatsoever.

regards,
Nikos



More information about the Gnutls-devel mailing list