Re: Potential kTLS issue with TLS-PSK, GnuTLS + Rawhide - how to debug it?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Turns out this is fixed in upstream gnutls (not the version in
Rawhide).  The commit which fixes it is:

commit 67843b3a8e28e4c74296caea2d1019065c87afb3
Author: Frantisek Krenzelok <krenzelok.frantisek@xxxxxxxxx>
Date:   Mon Sep 5 13:05:17 2022 +0200

    KTLS: fallback to default
    
    If an error occurs during setting of keys either initial or key update
    then fallback to default mode of operation (disable ktls) and let the
    user know
    
    Signed-off-by: Frantisek Krenzelok <krenzelok.frantisek@xxxxxxxxx>

 lib/handshake.c        |  7 ++++++-
 lib/tls13/key_update.c | 23 +++++++++++++++++++----
 2 files changed, 25 insertions(+), 5 deletions(-)

With full debugging you can see the message caused by this commit:

nbdkit: null[1]: debug: gnutls: 4: HSK[0x7fc9e00010a0]: TLS 1.3 set read key with cipher suite: GNUTLS_CHACHA20_POLY1305_SHA256
nbdkit: null[1]: debug: gnutls: 13: BUF[HSK]: Emptied buffer
nbdkit: null[1]: debug: gnutls: 13: BUF[HSK]: Emptied buffer
nbdkit: null[1]: debug: gnutls: 5: REC[0x7fc9e00010a0]: Start of epoch cleanup
nbdkit: null[1]: debug: gnutls: 5: REC[0x7fc9e00010a0]: Epoch #0 freed
nbdkit: null[1]: debug: gnutls: 5: REC[0x7fc9e00010a0]: Epoch #1 freed
nbdkit: null[1]: debug: gnutls: 5: REC[0x7fc9e00010a0]: End of epoch cleanup
nbdkit: null[1]: debug: gnutls: 1: disabling KTLS: failed to set keys

Is this because kTLS doesn't support PSK?

Anyway I will file a bug to add this commit to Rawhide.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines.  Supports shell scripting,
bindings from many languages.  http://libguestfs.org
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux