[gnutls-help] decoding memory buffers in a tls session

Vittorio Giovara vittorio.giovara at savoirfairelinux.com
Sat May 24 01:20:53 CEST 2014

Hello everyone,
I am in the process of implementing a GnuTLS backend to PJSIP, a popular 
voip/sip library, and I started off by editing the OpenSSL backend.

Normally the library uses a complex callback mechanism that informs the 
underlying secure socket layer that data has been read from the (normal) 
socket and then it waits for the callback return value containing the 
decrypted data. With openssl this is implemented by heavy use of 
BIO_read/BIO_write functions, however it is where I am stuck during my 

As far as I understand the gnutls logic, everything must go through 
gnutls_record_send and gnutls_record_recv, but there is no way to use 
the session information to decrypt a raw memory buffer isn't there? I 
have tried to hack things around saving the externally-received buffer 
and hijacking the _recv function so that it would decrypt that buffer 
only, instead of waiting to receive on the socket, but I must be doing 
something wrong as I always get a 'tls packet with wrong length'.

If anyone could give some advice I'd really appreciate that; the 
currently WIP code is here if anyone want to look 
Thanks for any suggestions,

More information about the Gnutls-help mailing list