[gnutls-devel] GnuTLS | kTLS with TLS-PSK fails with an internal error (#1384)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Mon Jul 11 15:49:34 CEST 2022

Richard W_M_ Jones created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1384

For this you will need to enable kTLS in gnutls (an experimental feature), load the tls.ko kernel module, and maybe enable ktls in your security policy.  After doing that you can reproduce the bug using just gnutls-serv/gnutls-cli as follows:

$ cat keys.psk

$ LD_LIBRARY_PATH=~/d/gnutls/lib/.libs gnutls-serv --priority
NORMAL:+ECDHE-PSK:+PSK --pskpasswd keys.psk --pskhint qemu --http -d 99

$ LD_LIBRARY_PATH=~/d/gnutls/lib/.libs gnutls-cli --pskusername qemu --pskkey
82b818aa2e9e5473567fa94e4eec4aa086bb839abbb26c378be7ace07d986cf4 --priority
NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK -p 5556 localhost

Hit enter in CLI, and you will see the server failing with:

|<5>| REC: Sending Alert[2|80] - Internal error
Error: Error in the pull function.
|<13>| BUF[HSK]: Emptied buffer
|<5>| REC[0x5642b619cd00]: Start of epoch cleanup
|<5>| REC[0x5642b619cd00]: End of epoch cleanup
|<5>| REC[0x5642b619cd00]: Epoch #2 freed

Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1384
You're receiving this email because of your account on gitlab.com.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220711/07cd5d1c/attachment.html>

More information about the Gnutls-devel mailing list