[gnutls-help] about ecnrypting pkts with lenght 0

Andrea Dal Bo a.dalbo at adbglobal.com
Tue Mar 12 14:13:46 CET 2019 

Hi,
recently we moved from gnults 2.13.23 to gnutls 3.6.5.
By doing this I encountered an issue with applications using the library. In fact it happens that the our TR-069 agent is sending pkts over https by means of gnutls_record_send. It might happens that gnutls_record_send is called with data_size=0.  This was accepted in the older gnutls 2.13.23.
With gnutls 3.6.5 it is not. In fact gnutls_record_send calls gnutls_record_send2 with pad=0, and subsequently _gnutls_send_tlen_int  that verifies that if both data_size and pad are 0 returns GNUTLS_E_INVALID_REQUEST (record.c line 492).
I tried to modify the application to add a padding>=1 in case of data_size=0 by calling  gnutls_record_can_use_length_hiding. In fact even if this function was returning 1, the subsequent call of gnutls_record_send2 was still returning GNUTLS_E_INVALID_REQUEST. In fact the discrimination was that tls1.3 handshake semantics was set to false. That is a bit misleading, IMHO.
Can you explain the reason for that?
Moreover why this restriction on the data_size length has been added to?
Thanks

Andrea

[https://www.adbglobal.com/wp-content/uploads/adb.png]
adbglobal.com<https://www.adbglobal.com>
This message (including any attachments) may contain confidential, proprietary, privileged and/or private information. The information is intended for the use of the individual or entity designated above. If you are not the intended recipient of this message, please notify the sender immediately, and delete the message and any attachments. Any disclosure, reproduction, distribution or other use of this message or any attachments by an individual or entity other than the intended recipient is STRICTLY PROHIBITED.
Please note that ADB protects your privacy. Any personal information we collect from you is used in accordance with our Privacy Policy<https://www.adbglobal.com/privacy-policy/> and in compliance with applicable European data protection law (Regulation (EU) 2016/679, General Data Protection Regulation) and other statutory provisions.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20190312/4cad4b3d/attachment.html>

More information about the Gnutls-help mailing list