Hello,
while setting up a TLS 1.3 client based on mbedTLS 3.6.6, I am facing a memory corruption issue and would appreciate any advice on how to debug it further.
Initial symptoms
================
Originally I was using FreeRTOS heap_4 as the allocator.
During the TLS handshake I eventually hit one of the following assertions inside the FreeRTOS heap implementation:
configASSERT( heapBLOCK_IS_ALLOCATED( pxLink ) != 0 );
configASSERT(
pxLink->pxNextFreeBlock ==
heapPROTECT_BLOCK_POINTER( NULL ) );
This suggested corruption of the heap block header structures.
Isolation attempt
=================
To exclude interactions with the FreeRTOS heap allocator, I reconfigured mbedTLS to use a dedicated static memory pool by enabling:
MBEDTLS_MEMORY_BUFFER_ALLOC_C
I allocated a dedicated 1 MB memory pool located in external RAM and initialized it via:
mbedtls_memory_buffer_alloc_init(...);
No other software component is intended to access this memory area.
New failure
===========
With the dedicated memory pool in place, the TLS 1.3 handshake now fails inside memory_buffer_alloc.c with the following consistency check:
if (cur->alloc != 0) {
#if defined(MBEDTLS_MEMORY_DEBUG)
mbedtls_fprintf(stderr,
"FATAL: block in free_list but allocated data\n");
#endif
mbedtls_exit(1);
}
The execution stops with:
FATAL: block in free_list but allocated data
This appears to indicate that a block found in the free list still has its allocation flag set.
What I have checked so far
==========================
- Initially I suspected FreeRTOS heap corruption.
- I added hardware watchpoints at the beginning and end of the affected memory blocks.
- No obvious buffer overflow was detected using those watchpoints.
- Secure and Non-Secure heaps are separated.
- I experimented with MPU guard regions.
- The issue is reproducible under TLS/WebSocket traffic.
- mbedTLS is now running from a dedicated static memory pool.
- The dedicated mbedTLS pool is approximately 1 MB and is not shared with the FreeRTOS heap.
Platform
========
- STM32U585
- TrustZone enabled
- FreeRTOS
- mbedTLS 3.6.6
- TLS 1.3 enabled
- WebSocket over TLS
Are there recommended debugging options or allocator diagnostics that could help identify the offending allocation or the block whose metadata became inconsistent?
Has anyone experienced similar issues specifically with TLS 1.3 handshakes, especially during key share generation?
Relevant handshake log
======================
init connect[1]
. Performing the SSL/TLS handshake...[TLS][2] ../SRV_TLS/mbedtls/library/ssl_tls.c:4670: => handshake
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_msg.c:2356: => flush output
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_msg.c:2365: <= flush output
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_tls.c:4589: client state: MBEDTLS_SSL_HELLO_REQUEST
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_misc.h:1353: handshake state: 0 (MBEDTLS_SSL_HELLO_REQUEST) -> 1 (MBEDTLS_SSL_CLIENT_HELLO)
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_msg.c:2356: => flush output
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_msg.c:2365: <= flush output
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_tls.c:4589: client state: MBEDTLS_SSL_CLIENT_HELLO
[TLS][2] ../SRV_TLS/mbedtls/library/ssl_client.c:921: => write client hello
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:487: dumping 'client hello, random bytes' (32 bytes)
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:487: 0000: 9a 99 37 69 fa 5e 07 f7 ff c8 5b ac 56 fe 45 1a ..7i.^....[.V.E.
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:487: 0010: 53 d1 a1 d6 27 f6 5d 5a 4e 5b 2a 80 4c 1e 9b cb S...'.]ZN[*.L...
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:512: dumping 'session id' (0 bytes)
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:370: client hello, add ciphersuite: 1301, TLS1-3-AES-128-GCM-SHA256
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:388: adding EMPTY_RENEGOTIATION_INFO_SCSV
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_client.c:397: client hello, got zu cipher suites
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_tls13_client.c:57: client hello, adding supported versions extension
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_tls13_client.c:80: supported version: [3:4]
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_tls13_client.c:86: supported version: [3:3]
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_tls13_client.c:573: no cookie to send; skip extension
[TLS][3] ../SRV_TLS/mbedtls/library/ssl_tls13_client.c:285: client hello: adding key share extension
[TLS][1] ../SRV_TLS/mbedtls/library/ssl_tls13_generic.c:1552: Perform PSA-based ECDH/FFDH computation.
FATAL: block in free_list but allocated data
Any suggestions, debugging techniques, or similar experiences would be greatly appreciated.
Thank you very much.
Best regards,
Cesaire
Mit freundlichen Grüßen / Best regards
i. A. Cesaire Sielatchom
Konstrukteur und Entwickler
[BKS_4c.gif]
BKS GmbH
Entwicklung Elektronik
Heidestr. 71
D-42549 Velbert
Telefon +49 2051 201 528<tel:+49%202051%20201%20528>
Cesaire.Sielatchom(a)bks.de<mailto:Cesaire.Sielatchom@bks.de>
www.bks.de<https://www.bks.de/de-de>
BKS GmbH
Sitz der Gesellschaft: Velbert
Amtsgericht Wuppertal, HRB 17711
GF: Thomas Polonyi
Vorsitzender des Aufsichtsrats: Dirk Leuker
WEEE-Reg.-Nr. DE 14737171
[Email_Footer SicherheitsExpo 2026.jpg]
Diese Mail ist vertraulich. Wenn Sie nicht der beabsichtigte Empfänger sind, dürfen Sie die Informationen nicht offenlegen,
benutzen, kopieren oder verteilen. Wenn Sie diese Mail durch einen Fehler bekommen haben, teilen Sie uns dies bitte dadurch mit,
dass Sie diese Mail an den Absender zurückschicken. Bitte löschen Sie danach diese Mail und alle Anhänge. Danke.
This e-mail message including any attachment is intended for the sole use of the individual or entity named above.
If you are not the intended recipient, please do not read, copy, use or disclose this communication to others; also please notify the sender by replying
to this message and then delete it and all attachments from your system.Thank you.
This email keeps the event up to date in your calendar.
MBed-TLS Technical Forum - Asia
Every 4 weeks from 10am to 10:50am on Monday
United Kingdom Time
Location
https://linaro-org.zoom.us/j/97758661706?pwd=baMjUvnWbY20z3ignQca7QVahhozkI…https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9775866…
Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic:
MBed-TLS Technical Forum - AsiaTime: Jun 16, 2025 10:00 AM London
Every 4 weeks on Mon, 39 occurrence(s)Please download and import the
following iCalendar (.ics) files to your calendar system.Weekly:
https://linaro-org.zoom.us/meeting/tJMqcuGuqDotGtIbACm498ytl0ZhydWKdu1b/ics…
Zoom
Meetinghttps://linaro-org.zoom.us/j/97758661706?pwd=baMjUvnWbY20z3ignQca7QVahhozkI.1Meeting
ID: 977 5866 1706Passcode: 577208---One tap
mobile+16892781000,,97758661706# US+17193594580,,97758661706# US---Dial by
your location• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US•
+1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224
1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799
US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US•
+1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1
669 444 9171 US• +1 669 900 9128 US (San Jose)• 833 548 0282 US Toll-free•
833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US
Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-free• 833 548
0276 US Toll-freeMeeting ID: 977 5866 1706Find your local number:
https://linaro-org.zoom.us/u/acdtApJNbc
Guests
mbed-tls(a)lists.trustedfirmware.org
psa-crypto(a)lists.trustedfirmware.org
~~//~~
Invitation from Google Calendar: https://calendar.google.com/calendar/
You are receiving this email because you are an attendee on the event.
Forwarding this invitation could allow any recipient to send a response to
the organizer, be added to the guest list, invite others regardless of
their own invitation status, or modify your RSVP.
Learn more https://support.google.com/calendar/answer/37135#forwarding
This event has been updated with a note:
"Pushing to fix meeting link issue"
Changed: location
MBed TLS Technical Forum - US
Every 4 weeks from 4:30pm to 5:30pm on Monday
United Kingdom Time
Location
https://linaro-org.zoom.us/j/93546216467?pwd=ja9Nxd0uLBn04jg1Be0NTy17Konzfl…https://www.google.com/url?q=https%3A%2F%2Flinaro-org.zoom.us%2Fj%2F9354621…
Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed
TLS Technical Forum - USTime: May 4, 2026 04:30 PM LondonEvery 4 weeks on
Mon, 38 occurrence(s)Please download and import the following iCalendar
(.ics) files to your calendar
system.Weekly: https://linaro-org.zoom.us/meeting/tJcoc--qrz0uHNNmuZMtfpylBgIZjC2so7xz/ics…
Zoom
Meetinghttps://linaro-org.zoom.us/j/93546216467?pwd=ja9Nxd0uLBn04jg1Be0NTy17Konzfl.1Meeting
ID: 935 4621 6467Passcode: 683772---One tap
mobile+13126266799,,93546216467# US (Chicago)+13462487799,,93546216467# US
(Houston)---Dial by your location• +1 312 626 6799 US (Chicago)• +1 346 248
7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847
US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US•
+1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1
719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 301
715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• 833
928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US
Toll-free• 888 788 0099 US Toll-free• 833 548 0276 US Toll-free• 833 548
0282 US Toll-free• 833 928 4608 US Toll-freeMeeting ID: 935 4621 6467Find
your local number:https://linaro-org.zoom.us/u/azKzC20VI
Guests
psa-crypto(a)lists.trustedfirmware.org
mbed-tls(a)lists.trustedfirmware.org
hordijk(a)aurora.tech
Ben Taylor
cjej65eug(a)gmail.com
View all guest info
https://calendar.google.com/calendar/event?action=VIEW&eid=dm9wcGhnbnZvMnRh…
Reply for mbed-tls(a)lists.trustedfirmware.org and view more details
https://calendar.google.com/calendar/event?action=VIEW&eid=dm9wcGhnbnZvMnRh…
Your attendance is optional.
~~//~~
Invitation from Google Calendar: https://calendar.google.com/calendar/
You are receiving this email because you are an attendee on the event.
Forwarding this invitation could allow any recipient to send a response to
the organizer, be added to the guest list, invite others regardless of
their own invitation status, or modify your RSVP.
Learn more https://support.google.com/calendar/answer/37135#forwarding
Hi,
How can I extract the AKI (Authority Key Identifier) from a certificate
using mbedtls ?
I could parse the certificate file itself, I guess, but isn't that what
mbedtls does?
Thanks,
Danny
https://www.rfc-editor.org/info/rfc5280#section-4.2.1.1
--
Danny Backx - dannybackx(a)telenet.be
Hi all,
We will be upgrading Cloudbees CI and clusters hosting review.trustedfirmware.org and ci.trustedfirmware.org on Wednesday, 3rd June 2025 at 16:00 GMT+1.
During this maintenance window, both services will be unavailable for approximately 8 hours.
A follow-up email will be sent once the services are fully restored.
Best regards,
Saheer
[LOGO SMALL]
Saheer Babu
Principal Software Engineer
CESW – Engineering Infrastructure
I'm currently working on adding MbedTLS 4.x support for
Privoxy [0] and noticed that mbedtls_ssl_read() frequently
returns MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET.
Apparently the error code was added in f8a4994ec7 and marked
experimental in da13072c5b.
It doesn't seem explicitly documented at [1], but of course
it's covered by "or another negative error code".
My current solution is to simply continue reading:
extern int ssl_recv_data(struct ssl_attr *ssl_attr, unsigned char *buf, size_t max_length)
{
[...]
do
{
ret = mbedtls_ssl_read(ssl, buf, max_length);
#if MBEDTLS_VERSION_MAJOR > 3
if (ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET)
{
log_error(LOG_LEVEL_CONNECT,
"mbedtls_ssl_read() reported new session ticket for "
"the connection on socket %d.",
ssl_attr->mbedtls_attr.socket_fd.fd);
}
#endif
} while (ret == MBEDTLS_ERR_SSL_WANT_READ
#if MBEDTLS_VERSION_MAJOR > 3
|| ret == MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
#endif
|| ret == MBEDTLS_ERR_SSL_WANT_WRITE);
When using MbedTLS 4.1.0 on ElectroBSD 14.4-STABLE this seems to work.
For some connections the log message is emitted once, for others
it's emitted twice:
09:20:58.982 024 Connect: Connected to 127.0.1.2[127.0.1.2]:9050.
09:20:59.222 024 Connect: Created new connection to www.electrobsd.org:443 on socket 9.
09:20:59.243 024 Connect: Performing the TLS handshake with the server.
09:20:59.583 024 Connect: Server successfully connected over TLSv1.3 (TLS1-3-CHACHA20-POLY1305-SHA256).
09:20:59.583 024 Connect: Encrypted request sent.
09:20:59.809 024 Connect: mbedtls_ssl_read() reported new session ticket for the connection on socket 9.
09:20:59.902 024 Connect: mbedtls_ssl_read() reported new session ticket for the connection on socket 9.
09:21:00.041 024 Header: scan: HTTP/1.1 200 OK
I noticed that there's already an open ticket [2] which contains
the sentence:
| For client side, mbedtls_ssl_{read,write} might return the error also,
| we should process it in the error handler also.
I haven't seen mbedtls_ssl_write() return MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
yet, though.
Can you confirm that handling MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET
by continuing reading is currently the best option?
Thanks.
Fabian
[0]: <https://www.privoxy.org/>
[1]: <https://os.mbed.com/teams/sandbox/code/mbedtls/docs/tip/ssl_8h.html#aa2c29e…>
[2]: <https://github.com/Mbed-TLS/mbedtls/issues/6640>