[gnutls-help] GNU TLS and extensions/supplemental data

Thierry Quemerais tquemerais at awox.com
Fri Mar 13 14:53:03 CET 2015

Hi Nikos,

Thank you for your reply.

Please find attached to this Email, the patch I made to achieve my goal.

For your information, I also found an issue in GNUTLS which does not handle supplemental data type > 255.
This fix is included in this patch:
-			buf->data[sizepos] = 0;
-			buf->data[sizepos + 1] = p->type;
+			buf->data[sizepos] = (p->type >> 8) & 0xFF;
+			buf->data[sizepos + 1] = (p->type) & 0xFF;

This patch do different things:
	1) It allow to add extensions support from public API: gnutls_ext_register
	2) It allow to add supplemental data support from public API: gnutls_supplemental_register

To achieve my goal :
	I changed the way supplemental callback are stored. (gnutls_supplemental.c)
	I moved extension en supplemental structure to gnutls.h header.  (gnutls_supplemental_entry, extension_entry_st)
	I created an opaque struct for strings (typedef struct gnutls_buffer gnutls_buffer_st;) and I added a function to append data in this buffer (Used by extension/supplemental callbacks).

Feel free to contact me if you have any question or if something doesn't look like your expectations.


-----Original Message-----
From: Nikos Mavrogiannopoulos [mailto:n.mavrogiannopoulos at gmail.com] On Behalf Of Nikos Mavrogiannopoulos
Sent: Monday, March 09, 2015 7:05 PM
To: Thierry Quemerais
Cc: gnutls-help at lists.gnutls.org
Subject: Re: [gnutls-help] GNU TLS and extensions/supplemental data

On Mon, 2015-03-09 at 12:30 +0100, Thierry Quemerais wrote:
> Hi all,
> 1)      Is there any way to register extensions and supplemental data
> callback out of GNUTLS (With public API). I found no way to do it 
> without changing GNUTLS source code, does I missed something ?
> 2)      If no, I plan to make this work and to re-distribute it and I
> would like to know why (if there is any reason like security) this 
> work have not been done ?
> Why no public API is available to add and handle customs 
> extensions/supplemental data ?

 In a re-organization of the code the exported functions were removed because they would have to depend on an internal API. The reason was that I had no time to implement an API which would allow to register extensions in a way that it would not depend on internal functionality.
Said that, if you sent a patch with a clean API which doesn't depend on internals (*), to register extensions and supplemental data, I'll include it.


(*) or export the minimum necessary so we can rewrite the code without changing the API

-------------- next part --------------
A non-text attachment was scrubbed...
Name: gnutls_ext_supp_public.diff
Type: application/octet-stream
Size: 15588 bytes
Desc: gnutls_ext_supp_public.diff
URL: </pipermail/attachments/20150313/16179652/attachment-0001.obj>

More information about the Gnutls-help mailing list