[gnutls-help] decoding memory buffers in a tls session

Vittorio Giovara vittorio.giovara at savoirfairelinux.com
Fri May 30 23:37:01 CEST 2014

On 2014-05-24 03:40, Nikos Mavrogiannopoulos wrote:
> On Fri, 2014-05-23 at 19:20 -0400, Vittorio Giovara wrote:
>> Hello everyone,
>> I am in the process of implementing a GnuTLS backend to PJSIP, a popular
>> voip/sip library, and I started off by editing the OpenSSL backend.
>> Normally the library uses a complex callback mechanism that informs the
>> underlying secure socket layer that data has been read from the (normal)
>> socket and then it waits for the callback return value containing the
>> decrypted data. With openssl this is implemented by heavy use of
>> BIO_read/BIO_write functions, however it is where I am stuck during my
>> porting.
>> As far as I understand the gnutls logic, everything must go through
>> gnutls_record_send and gnutls_record_recv, but there is no way to use
>> the session information to decrypt a raw memory buffer isn't there?
> Hello,
>   You could replace the pull function to read from memory, and then
> gnutls_record_recv() would decrypt from memory (and I see that's what
> you actually do).

Hello again,
This method works fine for normal data transmission, but since I've 
tried to remove the do {} while loop when doing handshake (and rely on 
the application loop to retry the connection) I can't seem to find a way 
to complete the handshake.
In fact when data from the callback is available and I hook it up the my 
record_recv callbacks they will fail instead of asking for more data 
(invalidating the session in the meantime).

Is it possible to do a partial handshake, wait for some more data and 
then resume it again?


More information about the Gnutls-help mailing list