Previous: , Up: The TLS record protocol   [Contents][Index]


3.3.3 On record padding

The TLS 1.3 protocol allows for extra padding of records to prevent statistical analysis based on the length of exchanged messages. GnuTLS takes advantage of this feature, by allowing the user to specify the amount of padding for a particular message. The simplest interface is provided by gnutls_record_send2, and is made available when under TLS1.3; alternatively gnutls_record_can_use_length_hiding can be queried.

Function: ssize_t gnutls_record_send2 (gnutls_session_t session, const void * data, size_t data_size, size_t pad, unsigned flags)

session: is a gnutls_session_t type.

data: contains the data to send

data_size: is the length of the data

pad: padding to be added to the record

flags: must be zero

This function is identical to gnutls_record_send() except that it takes an extra argument to specify padding to be added the record. To determine the maximum size of padding, use gnutls_record_get_max_size() and gnutls_record_overhead_size() .

Returns: The number of bytes sent, or a negative error code. The number of bytes sent might be less than data_size . The maximum number of bytes this function can send in a single call depends on the negotiated maximum record size.

Since: 3.6.3

Older GnuTLS versions provided an API suitable for cases where the sender sends data that are always within a given range. That API is still available, and consists of the following functions.

unsigned gnutls_record_can_use_length_hiding (gnutls_session_t session)
ssize_t gnutls_record_send_range (gnutls_session_t session, const void * data, size_t data_size, const gnutls_range_st * range)