[gnutls-help] decoding memory buffers in a tls session

Nikos Mavrogiannopoulos nmav at gnutls.org
Sat May 24 09:40:16 CEST 2014

On Fri, 2014-05-23 at 19:20 -0400, Vittorio Giovara wrote:
> Hello everyone,
> I am in the process of implementing a GnuTLS backend to PJSIP, a popular 
> voip/sip library, and I started off by editing the OpenSSL backend.
> Normally the library uses a complex callback mechanism that informs the 
> underlying secure socket layer that data has been read from the (normal) 
> socket and then it waits for the callback return value containing the 
> decrypted data. With openssl this is implemented by heavy use of 
> BIO_read/BIO_write functions, however it is where I am stuck during my 
> porting.
> As far as I understand the gnutls logic, everything must go through 
> gnutls_record_send and gnutls_record_recv, but there is no way to use 
> the session information to decrypt a raw memory buffer isn't there?

 You could replace the pull function to read from memory, and then
gnutls_record_recv() would decrypt from memory (and I see that's what
you actually do).

>  I 
> have tried to hack things around saving the externally-received buffer 
> and hijacking the _recv function so that it would decrypt that buffer 
> only, instead of waiting to receive on the socket, but I must be doing 
> something wrong as I always get a 'tls packet with wrong length'.

> if (ssock->hack) {
>        data = ssock->hack;
Shouldn't you do a memcpy there?


More information about the Gnutls-help mailing list