Re-enable extended record padding in TLS 1.3 (!574) · Merge requests · gnutls / GnuTLS

Daiki Ueno requested to merge tmp-draft-ietf-tls-tls13-21-dueno-padding into tmp-draft-ietf-tls-tls13-21 Jan 03, 2018

Length hiding with extended record padding was removed in commit 7df219f0, as the needed TLS extension did not get accepted by IETF: https://tools.ietf.org/html/draft-pironti-tls-length-hiding-02

However, the same algorithm can be implemented under TLS 1.3, which allows arbitrary length padding in the record protocol. This series adds back the functionality through the existing gnutls_record_send_range() API.

Fixes #276 (closed).

Checklist

Code modified for feature
Test suite updated with functionality tests

Reviewer's checklist:

There is a test suite reasonably covering new functionality or modifications
Function naming, parameters, return values, types, etc., are consistent and according to CONTRIBUTION.md
This feature/change has adequate documentation added
No obvious mistakes in the code

Edited Feb 05, 2018 by Nikos Mavrogiannopoulos

Re-enable extended record padding in TLS 1.3

Checklist

Reviewer's checklist:

Merge request reports