[gnutls-devel] GnuTLS | gnutls_session_channel_binding returns empty binding data for TLS1.3 (#1041)

Development of GNU's TLS library gnutls-devel at lists.gnutls.org
Thu Jun 18 11:31:18 CEST 2020

Ruslan Marchenko created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1041

## Description of problem:
When using TLS1.3 connection and attempting to retrieve tls-unique binding data the 
gnutls_session_channel_binding() call succeeds however returns empty data (zero size buffer).
Looking at the code - the call intercepts finished message only on lib/handshake.c but not in lib/tls13/finished.c
Technically you don't need to store finished in tls13 as it could always be computed, which is not done in this call.

## Version of gnutls used:

## Distributor of gnutls (e.g., Ubuntu, Fedora, RHEL)

## How reproducible:
  gnutls_datum_t cb;
  int ret = gnutls_session_channel_binding (priv->session, GNUTLS_CB_TLS_UNIQUE, &cb);

  if (ret == GNUTLS_E_SUCCESS)
      if (data != NULL)
          g_tls_log_debug (gnutls, "tls-unique binding size %d", cb.size);
          g_free (g_byte_array_steal (data, NULL));
          g_byte_array_append (data, cb.data, cb.size);
      g_free (cb.data);
      return TRUE;

Steps to Reproduce:

 * run with G_TLS_GNUTLS_PRIORITY='NORMAL:%COMPAT:!VERS-TLS1.3' - result is
(/home/ruff/co/glib-networking/_build/tls/tests/connection-gnutls:430951): GLib-Net-DEBUG: 11:27:43.445: CLIENT[0x55b24b896440]: tls-unique binding size 12
(/home/ruff/co/glib-networking/_build/tls/tests/connection-gnutls:430951): GLib-Net-DEBUG: 11:27:43.445: SERVER[0x55b24b8a29d0]: tls-unique binding size 12
 * run with defaults (which prefers TLS1.3)
(/home/ruff/co/glib-networking/_build/tls/tests/connection-gnutls:430949): GLib-Net-DEBUG: 11:27:43.398: CLIENT[0x564054f58440]: tls-unique binding size 0
(/home/ruff/co/glib-networking/_build/tls/tests/connection-gnutls:430949): GLib-Net-DEBUG: 11:27:43.398: SERVER[0x564054f649d0]: tls-unique binding size 0
## Actual results:

see above

## Expected results:

tls-unique binding size 48 (at least that's what I get with OpenSSL)

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1041
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20200618/c572acd5/attachment.html>

More information about the Gnutls-devel mailing list