[gnutls-help] GNU TLS and extensions/supplemental data
tquemerais at awox.com
Fri Mar 13 14:53:03 CET 2015
Thank you for your reply.
Please find attached to this Email, the patch I made to achieve my goal.
For your information, I also found an issue in GNUTLS which does not handle supplemental data type > 255.
This fix is included in this patch:
- buf->data[sizepos] = 0;
- buf->data[sizepos + 1] = p->type;
+ buf->data[sizepos] = (p->type >> 8) & 0xFF;
+ buf->data[sizepos + 1] = (p->type) & 0xFF;
This patch do different things:
1) It allow to add extensions support from public API: gnutls_ext_register
2) It allow to add supplemental data support from public API: gnutls_supplemental_register
To achieve my goal :
I changed the way supplemental callback are stored. (gnutls_supplemental.c)
I moved extension en supplemental structure to gnutls.h header. (gnutls_supplemental_entry, extension_entry_st)
I created an opaque struct for strings (typedef struct gnutls_buffer gnutls_buffer_st;) and I added a function to append data in this buffer (Used by extension/supplemental callbacks).
Feel free to contact me if you have any question or if something doesn't look like your expectations.
From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
Sent: Monday, March 09, 2015 7:05 PM
To: Thierry Quemerais
Cc: gnutls-help at lists.gnutls.org
Subject: Re: [gnutls-help] GNU TLS and extensions/supplemental data
On Mon, 2015-03-09 at 12:30 +0100, Thierry Quemerais wrote:
> Hi all,
> 1) Is there any way to register extensions and supplemental data
> callback out of GNUTLS (With public API). I found no way to do it
> without changing GNUTLS source code, does I missed something ?
> 2) If no, I plan to make this work and to re-distribute it and I
> would like to know why (if there is any reason like security) this
> work have not been done ?
> Why no public API is available to add and handle customs
> extensions/supplemental data ?
In a re-organization of the code the exported functions were removed because they would have to depend on an internal API. The reason was that I had no time to implement an API which would allow to register extensions in a way that it would not depend on internal functionality.
Said that, if you sent a patch with a clean API which doesn't depend on internals (*), to register extensions and supplemental data, I'll include it.
(*) or export the minimum necessary so we can rewrite the code without changing the API
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 15588 bytes
More information about the Gnutls-help