[gnutls-devel] GnuTLS | kTLS with TLS-PSK fails with an internal error (#1384)

[Read-only notification of GnuTLS library development activities]

Richard W_M_ Jones created an issue: https://gitlab.com/gnutls/gnutls/-/issues/1384



For this you will need to enable kTLS in gnutls (an experimental feature), load the tls.ko kernel module, and maybe enable ktls in your security policy.  After doing that you can reproduce the bug using just gnutls-serv/gnutls-cli as follows:

```
$ cat keys.psk
qemu:82b818aa2e9e5473567fa94e4eec4aa086bb839abbb26c378be7ace07d986cf4

$ LD_LIBRARY_PATH=~/d/gnutls/lib/.libs gnutls-serv --priority
NORMAL:+ECDHE-PSK:+PSK --pskpasswd keys.psk --pskhint qemu --http -d 99

$ LD_LIBRARY_PATH=~/d/gnutls/lib/.libs gnutls-cli --pskusername qemu --pskkey
82b818aa2e9e5473567fa94e4eec4aa086bb839abbb26c378be7ace07d986cf4 --priority
NORMAL:-KX-ALL:+ECDHE-PSK:+DHE-PSK:+PSK -p 5556 localhost
```

Hit enter in CLI, and you will see the server failing with:

```
|<5>| REC: Sending Alert[2|80] - Internal error
Error: Error in the pull function.
|<13>| BUF[HSK]: Emptied buffer
|<5>| REC[0x5642b619cd00]: Start of epoch cleanup
|<5>| REC[0x5642b619cd00]: End of epoch cleanup
|<5>| REC[0x5642b619cd00]: Epoch #2 freed
```

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/issues/1384
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20220711/07cd5d1c/attachment.html>