- mbed-tls - lists.trustedfirmware.org

[Mbed-tls-announce] Mbed TLS: Security Advisory and Release of Mbed TLS 2.24.0, 2.16.8 and 2.7.17

by Janos Follath via Mbed-tls-announce

Mbed TLS Security Advisories have been issued to accompany the release of Mbed TLS versions 2.24.0, 2.16.8 and 2.7.17, which have just been released. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.24.0, https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.8, https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.7.17) and in the 2020-07 security advisories (https://tls.mbed.org/tech-updates/security-advisories) We recommend all users to consider whether they are impacted, and to upgrade appropriately. -- Mbed-tls-announce mailing list Mbed-tls-announce(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls-announce

5 years, 3 months

1
0
0 0

Re: [mbed-tls] Print long MPI

by Gilles Peskine

Hello, 4096 bytes is a lot larger than a typical public key. 4096 *bits* is common for an RSA key. Are you sure you're using the correct units? By default the library doesn't support the creation of MPI that are larger than 1024 bytes. This is a configuration option (MBEDTLS_MPI_MAX_SIZE), although it's uncommon to change it (a larger value is hardly ever necessary, and a smaller value won't save memory except in RSA which needs at least 512 bytes for 4096-bit keys). However mbedtls_mpi_write_file itself doesn't have any size limit. Best regards, -- Gilles Peskine Mbed TLS developer On 27/08/2020 13:27, youssouf sokhona via mbed-tls wrote: > > Hello everyone, I think you are fine during this crisis. > > > > I am working now with mbedtls modulee, and I wanted to print a > function « mbedtls_mpi_write_file » to print the value of an MPI. This > function works with common values. > > > > However, when I want to print an MPI which is very long (about 4096 > bytes, a public key), it doesn’t work. Someone knows how to solve this > problem ? > > > > Thanks a lot > > > > Best regards, YS > > > >

5 years, 3 months

1
0
0 0

Print long MPI

by youssouf sokhona

Hello everyone, I think you are fine during this crisis. I am working now with mbedtls modulee, and I wanted to print a function « mbedtls_mpi_write_file » to print the value of an MPI. This function works with common values. However, when I want to print an MPI which is very long (about 4096 bytes, a public key), it doesn’t work. Someone knows how to solve this problem ? Thanks a lot Best regards, YS

5 years, 3 months

1
0
0 0

Re: [mbed-tls] mbedtls handshake failed

by Hannes Tschofenig

Hi Manu, It looks like you made a mistake on the client side configuring the certificate/private key. The client does not send the certificate and that corresponds to the error message on the server-side ("peer did not return a certificate"). Ciao Hannes -----Original Message----- From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> On Behalf Of Manu Abraham via mbed-tls Sent: Tuesday, August 25, 2020 5:20 PM To: mbed-tls(a)lists.trustedfirmware.org Subject: [mbed-tls] mbedtls handshake failed Greetings, I am trying to connect from a STM32H7 MCU to a mosquitto peer, Can someone please help me to fix this issue that I have ? I have used the DES3 cipher to create the keys .. openssl genrsa -des3 -out test_ca.key 2048 .. Fiddled quite a bit with buffers, stack, heap and mbedtls config, eventually the communication appears to be working, but the handshake appears to fail. At the client MCU side, I see the mbedtls_ssl_handshake failed message with a return value of 0x7780 Additionally, I do see this message too: ssl_tls.c:5169: got an alert message, type: [2:40] ssl_tls.c:5177: is a fatal alert message (msg 40) But unfortunately, I am unable to make out what the error message means. At the peer, this is what i do see: 1598367067: New connection from 192.168.1.33 on port 8883. 1598367074: OpenSSL Error: error:1417C0C7:SSL routines:tls_process_client_certif icate:peer did not return a certificate 1598367074: Socket error on client <unknown>, disconnecting. 1598368366: mosquitto version 1.6.7 terminating Someone, Please help ! Thanks, Manu ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 0 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:3510: client state: 1 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:0774: => write client hello ssl_cli.c:0811: client hello, max version: [3:3] ssl_cli.c:0821: dumping 'client hello, random bytes' (32 bytes) ssl_cli.c:0821: 0000: 3c ce d6 f9 48 cc 7d 5d 77 24 74 f2 1d 9f 8b aa <...H.}]w$t..... ssl_cli.c:0821: 0010: 4b 0c 20 64 d3 22 d0 ee 5e 3b 83 24 a7 01 ec d9 K. d."..^;.$.... ssl_cli.c:0874: client hello, session id len.: 0 ssl_cli.c:0875: dumping 'client hello, session id' (0 bytes) ssl_cli.c:0921: client hello, add ciphersuite: c02c ssl_cli.c:0921: client hello, add ciphersuite: c02b ssl_cli.c:0921: client hello, add ciphersuite: c030 ssl_cli.c:0921: client hello, add ciphersuite: c02f ssl_cli.c:0934: client hello, got 4 ciphersuites (excluding SCSVs) ssl_cli.c:0943: adding EMPTY_RENEGOTIATION_INFO_SCSV ssl_cli.c:0992: client hello, compress len.: 1 ssl_cli.c:0993: client hello, compress alg.: 0 ssl_cli.c:0186: client hello, adding signature_algorithms extension ssl_cli.c:0271: client hello, adding supported_elliptic_curves extension ssl_cli.c:0336: client hello, adding supported_point_formats extension ssl_cli.c:1070: client hello, total extension length: 38 ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 93 ssl_tls.c:3425: dumping 'output record sent to network' (98 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 5d 01 00 00 59 03 03 3c ce d6 f9 48 ....]...Y..<...H .. .. .. .. .. .. .. .. .. .. ssl_tls.c:3425: 0050: 03 01 00 0a 00 06 00 04 00 18 00 17 00 0b 00 02 ................ ssl_tls.c:3425: 0060: 01 00 .. ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 98, out_left: 98 ssl_tls.c:2779: ssl->f_send() returned 98 (-0xffffff9e) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_cli.c:1106: <= write client hello ssl_cli.c:3510: client state: 2 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:1499: => parse server hello ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:8094: <= handshake ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 2 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:1499: => parse server hello ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 00 59 ....Y ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 89 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 94 ssl_tls.c:2720: in_left: 5, nb_want: 94 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 89 (-0xffffffa7) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (94 bytes) ssl_tls.c:4232: 0000: 16 03 03 00 59 02 00 00 55 03 03 d1 64 6e e1 0c ....Y...U...dn.. .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0050: 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 .............. ssl_tls.c:3624: handshake message: msglen = 89, type = 2, hslen = 89 ssl_tls.c:4385: <= read record ssl_cli.c:1579: dumping 'server hello, version' (2 bytes) ssl_cli.c:1579: 0000: 03 03 .. ssl_cli.c:1600: server hello, current time: 3513020129 ssl_cli.c:1610: dumping 'server hello, random bytes' (32 bytes) ssl_cli.c:1610: 0000: d1 64 6e e1 0c 1f ac 75 77 eb d7 02 24 dd a7 da .dn....uw...$... ssl_cli.c:1610: 0010: 48 f3 50 43 34 10 d8 d9 44 4f 57 4e 47 52 44 01 H.PC4...DOWNGRD. ssl_cli.c:1690: server hello, session id len.: 32 ssl_cli.c:1691: dumping 'server hello, session id' (32 bytes) ssl_cli.c:1691: 0000: 90 8f cc f8 31 63 81 ae aa bf a9 b9 61 1e 78 f6 ....1c......a.x. ssl_cli.c:1691: 0010: 79 b8 26 66 51 99 f4 50 45 d4 21 9b 22 24 4c 63 y.&fQ..PE.!."$Lc ssl_cli.c:1728: no session has been resumed ssl_cli.c:1731: server hello, chosen ciphersuite: c030 ssl_cli.c:1732: server hello, compress alg.: 0 ssl_cli.c:1764: server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ssl_cli.c:1789: server hello, total extension length: 13 ssl_cli.c:1809: found renegotiation extension ssl_cli.c:1888: found supported_point_formats extension ssl_cli.c:1292: point format selected: 0 ssl_cli.c:1978: <= parse server hello ssl_cli.c:3510: client state: 3 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5655: => parse certificate ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 07 80 ..... ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 1920 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 1925 ssl_tls.c:2720: in_left: 5, nb_want: 1925 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 1361 (-0xfffffaaf) ssl_tls.c:2720: in_left: 1366, nb_want: 1925 ssl_tls.c:8094: <= handshake ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 3 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5655: => parse certificate ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 1366, nb_want: 5 ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 07 80 ..... ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 1920 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 1366, nb_want: 1925 ssl_tls.c:2720: in_left: 1366, nb_want: 1925 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 559 (-0xfffffdd1) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (1925 bytes) ssl_tls.c:4232: 0000: 16 03 03 07 80 0b 00 07 7c 00 07 79 00 03 90 30 ........|..y...0 .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0770: df d8 30 17 65 70 2a 02 54 9a 4c cf b1 51 04 25 ..0.ep*.T.L..Q.% ssl_tls.c:4232: 0780: 83 2c ab dd 46 .,..F ssl_tls.c:3624: handshake message: msglen = 1920, type = 11, hslen = 1920 ssl_tls.c:4385: <= read record ssl_tls.c:5606: peer certificate #1: ssl_tls.c:5606: cert. version : 1 ssl_tls.c:5606: serial number : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issuer name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: subject name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issued on : 2020-08-15 09:12:30 ssl_tls.c:5606: expires on : 2030-08-13 09:12:30 ssl_tls.c:5606: signed using : RSA with SHA-256 ssl_tls.c:5606: RSA key size : 2048 bits ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c:5606: c9 93 0d f4 7b 93 95 8f 4d ec bb 77 46 82 48 6d .. .. .. .. .. .. .. .. .. .. ssl_tls.c:5606: 0f 00 85 cf c9 40 b0 f8 b2 df 1b 75 bd 2e 95 43 ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is: ssl_tls.c:5606: 01 00 01 ssl_tls.c:5606: peer certificate #2: ssl_tls.c:5606: cert. version : 3 ssl_tls.c:5606: serial number : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issuer name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: subject name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issued on : 2020-08-15 08:54:30 ssl_tls.c:5606: expires on : 2030-08-13 08:54:30 ssl_tls.c:5606: signed using : RSA with SHA-256 ssl_tls.c:5606: RSA key size : 2048 bits ssl_tls.c:5606: basic constraints : CA=true ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c:5606: c4 e2 4b 37 45 4a 36 e5 b0 14 f7 fa 76 1d c4 29 .. .. .. .. .. .. .. .. .. .. ssl_tls.c:5606: 43 7c 19 f2 b0 dc ef 69 cf 13 c4 cb fa 80 92 f1 ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is: ssl_tls.c:5606: 01 00 01 ssl_tls.c:5856: Certificate verification flags clear ssl_tls.c:5863: <= parse certificate ssl_cli.c:3510: client state: 4 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2336: => parse server key exchange ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 01 4d ....M ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 333 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 338 ssl_tls.c:2720: in_left: 5, nb_want: 338 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 333 (-0xfffffeb3) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (338 bytes) ssl_tls.c:4232: 0000: 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04 6e 49 ....M...I...A.nI .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0140: c4 4b 34 2f 83 5f 98 17 39 5e 6e 4d 56 f4 c1 4c .K4/._..9^nMV..L ssl_tls.c:4232: 0150: 39 0f 9. ssl_tls.c:3624: handshake message: msglen = 333, type = 12, hslen = 333 ssl_tls.c:4385: <= read record ssl_cli.c:2424: dumping 'server key exchange' (329 bytes) ssl_cli.c:2424: 0000: 03 00 17 41 04 6e 49 4b 1c 4e 7b 2b ff c3 c9 9b ...A.nIK.N{+.... .. .. .. .. .. .. .. .. .. .. ssl_cli.c:2424: 0130: d9 33 d2 6e a7 05 ca c4 4b 34 2f 83 5f 98 17 39 .3.n....K4/._..9 ssl_cli.c:2424: 0140: 5e 6e 4d 56 f4 c1 4c 39 0f ^nMV..L9. ssl_cli.c:2044: ECDH curve: secp256r1 ssl_cli.c:2054: value of 'ECDH: Qp(X)' (255 bits) is: ssl_cli.c:2054: 6e 49 4b 1c 4e 7b 2b ff c3 c9 9b 81 29 4d a8 92 ssl_cli.c:2054: af c2 77 2b 3b c6 26 ba d4 c7 a2 2d 83 78 e3 54 ssl_cli.c:2054: value of 'ECDH: Qp(Y)' (256 bits) is: ssl_cli.c:2054: d6 91 fe 18 70 fb bc b6 c7 aa 67 1c 08 8b 4d 58 ssl_cli.c:2054: a4 70 59 97 90 23 8d 4b b6 24 4e 1a 7e 13 f2 d1 ssl_cli.c:2278: Server used SignatureAlgorithm 1 ssl_cli.c:2279: Server used HashAlgorithm 4 ssl_cli.c:2580: dumping 'signature' (256 bytes) ssl_cli.c:2580: 0000: b3 88 25 7f 3f 6b cf 7e 03 de 11 5b 4f 47 e9 6e ..%.?k.~...[OG.n .. .. .. .. .. .. .. .. .. .. ssl_cli.c:2580: 00f0: 34 2f 83 5f 98 17 39 5e 6e 4d 56 f4 c1 4c 39 0f 4/._..9^nMV..L9. ssl_cli.c:2616: dumping 'parameters hash' (32 bytes) ssl_cli.c:2616: 0000: bc 4e 7e a6 a6 02 76 66 2c da 19 6c ea 5a aa df .N~...vf,..l.Z.. ssl_cli.c:2616: 0010: ae 3a ff e9 34 c6 d1 72 98 b4 f3 7d b8 71 11 65 .:..4..r...}.q.e ssl_cli.c:2664: <= parse server key exchange ssl_cli.c:3510: client state: 5 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2697: => parse certificate request ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 00 3a ....: ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 58 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 63 ssl_tls.c:2720: in_left: 5, nb_want: 63 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 58 (-0xffffffc6) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (63 bytes) ssl_tls.c:4232: 0000: 16 03 03 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 ....:...6...@... .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0030: 01 02 01 03 02 02 02 04 02 05 02 06 02 00 00 ............... ssl_tls.c:3624: handshake message: msglen = 58, type = 13, hslen = 58 ssl_tls.c:4385: <= read record ssl_cli.c:2723: got a certificate request ssl_cli.c:2823: Supported Signature Algorithm found: 4,3 ssl_cli.c:2823: Supported Signature Algorithm found: 5,3 ssl_cli.c:2823: Supported Signature Algorithm found: 6,3 ssl_cli.c:2823: Supported Signature Algorithm found: 8,7 ssl_cli.c:2823: Supported Signature Algorithm found: 8,8 ssl_cli.c:2823: Supported Signature Algorithm found: 8,9 ssl_cli.c:2823: Supported Signature Algorithm found: 8,10 ssl_cli.c:2823: Supported Signature Algorithm found: 8,11 ssl_cli.c:2823: Supported Signature Algorithm found: 8,4 ssl_cli.c:2823: Supported Signature Algorithm found: 8,5 ssl_cli.c:2823: Supported Signature Algorithm found: 8,6 ssl_cli.c:2823: Supported Signature Algorithm found: 4,1 ssl_cli.c:2823: Supported Signature Algorithm found: 5,1 ssl_cli.c:2823: Supported Signature Algorithm found: 6,1 ssl_cli.c:2823: Supported Signature Algorithm found: 3,3 ssl_cli.c:2823: Supported Signature Algorithm found: 2,3 ssl_cli.c:2823: Supported Signature Algorithm found: 3,1 ssl_cli.c:2823: Supported Signature Algorithm found: 2,1 ssl_cli.c:2823: Supported Signature Algorithm found: 3,2 ssl_cli.c:2823: Supported Signature Algorithm found: 2,2 ssl_cli.c:2823: Supported Signature Algorithm found: 4,2 ssl_cli.c:2823: Supported Signature Algorithm found: 5,2 ssl_cli.c:2823: Supported Signature Algorithm found: 6,2 ssl_cli.c:2846: <= parse certificate request ssl_cli.c:3510: client state: 6 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2856: => parse server hello done ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 00 04 ..... ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 4 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 9 ssl_tls.c:2720: in_left: 5, nb_want: 9 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 4 (-0xfffffffc) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (9 bytes) ssl_tls.c:4232: 0000: 16 03 03 00 04 0e 00 00 00 ......... ssl_tls.c:3624: handshake message: msglen = 4, type = 14, hslen = 4 ssl_tls.c:4385: <= read record ssl_cli.c:2886: <= parse server hello done ssl_cli.c:3510: client state: 7 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5329: => write certificate ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 7 ssl_tls.c:3425: dumping 'output record sent to network' (12 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 07 0b 00 00 03 00 00 00 ............ ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 12, out_left: 12 ssl_tls.c:2779: ssl->f_send() returned 12 (-0xfffffff4) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_tls.c:5433: <= write certificate ssl_cli.c:3510: client state: 8 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2898: => write client key exchange ssl_cli.c:2977: value of 'ECDH: Q(X)' (256 bits) is: ssl_cli.c:2977: e8 dd a7 e4 3d f4 43 c0 1f 42 67 99 2f 1b bd a8 ssl_cli.c:2977: 10 03 3d 45 5f 3b f8 46 ff d6 b8 65 3c 13 6a 3b ssl_cli.c:2977: value of 'ECDH: Q(Y)' (256 bits) is: ssl_cli.c:2977: 9a f8 36 4d 19 01 01 02 d6 bb 51 4a 1d ec f1 7f ssl_cli.c:2977: 28 70 31 95 65 62 1e d6 8d 97 b6 cc 3f b4 9a 8e ssl_cli.c:3005: value of 'ECDH: z' (253 bits) is: ssl_cli.c:3005: 14 06 75 26 fd 2c 2e 3f ad cf 0c fe 6b df 66 7c ssl_cli.c:3005: c2 b7 54 7e 62 ea 4e 0b 93 d0 62 22 15 e6 db 43 ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 70 ssl_tls.c:3425: dumping 'output record sent to network' (75 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 46 10 00 00 42 41 04 e8 dd a7 e4 3d ....F...BA.....= .. .. .. .. .. .. .. .. .. .. ssl_tls.c:3425: 0040: 62 1e d6 8d 97 b6 cc 3f b4 9a 8e b......?... ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 75, out_left: 75 ssl_tls.c:2779: ssl->f_send() returned 75 (-0xffffffb5) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_cli.c:3172: <= write client key exchange ssl_cli.c:3510: client state: 9 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:3224: => write certificate verify ssl_tls.c:0628: => derive keys ssl_tls.c:0705: dumping 'premaster secret' (32 bytes) ssl_tls.c:0705: 0000: 14 06 75 26 fd 2c 2e 3f ad cf 0c fe 6b df 66 7c ..u&.,.?....k.f| ssl_tls.c:0705: 0010: c2 b7 54 7e 62 ea 4e 0b 93 d0 62 22 15 e6 db 43 ..T~b.N...b"...C ssl_tls.c:0794: ciphersuite = TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ssl_tls.c:0796: dumping 'master secret' (48 bytes) ssl_tls.c:0796: 0000: 5a 15 26 c7 71 73 1a 2e 8c 0d 0e 55 d7 6f 7f b5 Z.&.qs.....U.o.. .. .. .. .. .. .. .. .. .. .. ssl_tls.c:0796: 0020: 24 bf 3f 51 ca e9 7b 66 99 61 cf a9 fb 61 e2 2f $.?Q..{f.a...a./ ssl_tls.c:0797: dumping 'random bytes' (64 bytes) ssl_tls.c:0797: 0000: d1 64 6e e1 0c 1f ac 75 77 eb d7 02 24 dd a7 da .dn....uw...$... .. .. .. .. .. .. .. .. .. .. ssl_tls.c:0797: 0030: 4b 0c 20 64 d3 22 d0 ee 5e 3b 83 24 a7 01 ec d9 K. d."..^;.$.... ssl_tls.c:0798: dumping 'key block' (256 bytes) ssl_tls.c:0798: 0000: 5d b4 7a 60 2e 5b f8 fb 8f e4 75 22 9a b4 8c 04 ].z`.[....u".... .. .. .. .. .. .. .. .. .. .. ssl_tls.c:0798: 00f0: 53 af 8e 78 d0 03 ca 26 b7 43 ee c6 aa 0e 71 88 S..x...&.C....q. ssl_tls.c:0919: keylen: 32, minlen: 24, ivlen: 12, maclen: 0 ssl_tls.c:1116: <= derive keys ssl_cli.c:3253: <= skip write certificate verify ssl_cli.c:3510: client state: 10 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5879: => write change cipher spec ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 20, version = [3:3], msglen = 1 ssl_tls.c:3425: dumping 'output record sent to network' (6 bytes) ssl_tls.c:3425: 0000: 14 03 03 00 01 01 ...... ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 6, out_left: 6 ssl_tls.c:2779: ssl->f_send() returned 6 (-0xfffffffa) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_tls.c:5893: <= write change cipher spec ssl_cli.c:3510: client state: 11 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:6398: => write finished ssl_tls.c:6272: => calc finished tls sha384 ssl_tls.c:6283: dumping 'finished sha512 state' (64 bytes) ssl_tls.c:6283: 0000: e2 6c 37 56 90 66 0a f8 1c c7 26 d0 49 a9 87 52 .l7V.f....&.I..R .. .. .. .. .. .. .. .. .. .. ssl_tls.c:6283: 0030: 85 b3 04 84 77 e5 02 b0 53 d7 31 b4 c4 e4 08 c0 ....w...S.1..... ssl_tls.c:6296: dumping 'calc finished result' (12 bytes) ssl_tls.c:6296: 0000: c4 6a dd c2 9b a7 75 28 ff 53 5a 3f .j....u(.SZ? ssl_tls.c:6302: <= calc finished ssl_tls.c:6443: switching to new transform spec for outbound data ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:1445: => encrypt buf ssl_tls.c:1455: dumping 'before encrypt: output payload' (16 bytes) ssl_tls.c:1455: 0000: 14 00 00 0c c4 6a dd c2 9b a7 75 28 ff 53 5a 3f .....j....u(.SZ? ssl_tls.c:1574: dumping 'additional data for AEAD' (13 bytes) ssl_tls.c:1574: 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 ............. ssl_tls.c:1604: dumping 'IV used (internal)' (12 bytes) ssl_tls.c:1604: 0000: a0 9a 1f cb 00 00 00 00 00 00 00 00 ............ ssl_tls.c:1606: dumping 'IV used (transmitted)' (8 bytes) ssl_tls.c:1606: 0000: 00 00 00 00 00 00 00 00 ........ ssl_tls.c:1616: before encrypt: msglen = 24, including 0 bytes of padding ssl_tls.c:1643: dumping 'after encrypt: tag' (16 bytes) ssl_tls.c:1643: 0000: e7 10 1d 99 f6 b6 a5 40 de e8 c0 d5 ec 48 de 6e .......@.....H.n ssl_tls.c:1781: <= encrypt buf ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 40 ssl_tls.c:3425: dumping 'output record sent to network' (45 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 00 73 7e ....(.........s~ .. .. .. .. .. .. .. .. .. .. ssl_tls.c:3425: 0020: 99 f6 b6 a5 40 de e8 c0 d5 ec 48 de 6e ....@.....H.n ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 45, out_left: 45 ssl_tls.c:2779: ssl->f_send() returned 45 (-0xffffffd3) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_tls.c:6507: <= write finished ssl_cli.c:3510: client state: 12 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5902: => parse change cipher spec ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:8094: <= handshake ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 12 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5902: => parse change cipher spec ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 15 03 03 00 02 ..... ssl_tls.c:4053: input record: msgtype = 21, version = [3:3], msglen = 2 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 7 ssl_tls.c:2720: in_left: 5, nb_want: 7 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (7 bytes) ssl_tls.c:4232: 0000: 15 03 03 00 02 02 28 ......( ssl_tls.c:5169: got an alert message, type: [2:40] ssl_tls.c:5177: is a fatal alert message (msg 40) ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) ssl_tls.c:5906: mbedtls_ssl_read_record() returned -30592 (-0x7780) ssl_tls.c:8094: <= handshake mbedtls_ssl_handshake failed: -30592 -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

5 years, 3 months

2
1
0 0

Re: [mbed-tls] Set an MPI and print it

by Manuel Pegourie-Gonnard

Hi Youssouf, I think you're looking for mbedtls_mpi_write_file() - just pass NULL as the file argument to write to stdout. You can use the radix argument to print out hex or decimal. Regards, Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of youssouf sokhona via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 25 August 2020 15:40 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Set an MPI and print it Hi everyone, I think you all are fine. I am a beginner on mbedtls, and I wanted to set a dhm context. So, at first, I just want to set the value of the prime P, and the generator G. So to that I wrote the function below : [cid:image001.png@01D67AF5.D43FDE60] To check if it is correctly set, I wanted to print it to see. However, it is not the case. Do you know how to set and print the value ? Thanks, and have a good day Best regards, YS

5 years, 3 months

1
0
0 0

mbedtls handshake failed

by Manu Abraham

Greetings, I am trying to connect from a STM32H7 MCU to a mosquitto peer, Can someone please help me to fix this issue that I have ? I have used the DES3 cipher to create the keys .. openssl genrsa -des3 -out test_ca.key 2048 .. Fiddled quite a bit with buffers, stack, heap and mbedtls config, eventually the communication appears to be working, but the handshake appears to fail. At the client MCU side, I see the mbedtls_ssl_handshake failed message with a return value of 0x7780 Additionally, I do see this message too: ssl_tls.c:5169: got an alert message, type: [2:40] ssl_tls.c:5177: is a fatal alert message (msg 40) But unfortunately, I am unable to make out what the error message means. At the peer, this is what i do see: 1598367067: New connection from 192.168.1.33 on port 8883. 1598367074: OpenSSL Error: error:1417C0C7:SSL routines:tls_process_client_certif icate:peer did not return a certificate 1598367074: Socket error on client <unknown>, disconnecting. 1598368366: mosquitto version 1.6.7 terminating Someone, Please help ! Thanks, Manu ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 0 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:3510: client state: 1 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:0774: => write client hello ssl_cli.c:0811: client hello, max version: [3:3] ssl_cli.c:0821: dumping 'client hello, random bytes' (32 bytes) ssl_cli.c:0821: 0000: 3c ce d6 f9 48 cc 7d 5d 77 24 74 f2 1d 9f 8b aa <...H.}]w$t..... ssl_cli.c:0821: 0010: 4b 0c 20 64 d3 22 d0 ee 5e 3b 83 24 a7 01 ec d9 K. d."..^;.$.... ssl_cli.c:0874: client hello, session id len.: 0 ssl_cli.c:0875: dumping 'client hello, session id' (0 bytes) ssl_cli.c:0921: client hello, add ciphersuite: c02c ssl_cli.c:0921: client hello, add ciphersuite: c02b ssl_cli.c:0921: client hello, add ciphersuite: c030 ssl_cli.c:0921: client hello, add ciphersuite: c02f ssl_cli.c:0934: client hello, got 4 ciphersuites (excluding SCSVs) ssl_cli.c:0943: adding EMPTY_RENEGOTIATION_INFO_SCSV ssl_cli.c:0992: client hello, compress len.: 1 ssl_cli.c:0993: client hello, compress alg.: 0 ssl_cli.c:0186: client hello, adding signature_algorithms extension ssl_cli.c:0271: client hello, adding supported_elliptic_curves extension ssl_cli.c:0336: client hello, adding supported_point_formats extension ssl_cli.c:1070: client hello, total extension length: 38 ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 93 ssl_tls.c:3425: dumping 'output record sent to network' (98 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 5d 01 00 00 59 03 03 3c ce d6 f9 48 ....]...Y..<...H .. .. .. .. .. .. .. .. .. .. ssl_tls.c:3425: 0050: 03 01 00 0a 00 06 00 04 00 18 00 17 00 0b 00 02 ................ ssl_tls.c:3425: 0060: 01 00 .. ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 98, out_left: 98 ssl_tls.c:2779: ssl->f_send() returned 98 (-0xffffff9e) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_cli.c:1106: <= write client hello ssl_cli.c:3510: client state: 2 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:1499: => parse server hello ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:8094: <= handshake ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 2 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:1499: => parse server hello ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 00 59 ....Y ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 89 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 94 ssl_tls.c:2720: in_left: 5, nb_want: 94 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 89 (-0xffffffa7) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (94 bytes) ssl_tls.c:4232: 0000: 16 03 03 00 59 02 00 00 55 03 03 d1 64 6e e1 0c ....Y...U...dn.. .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0050: 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 .............. ssl_tls.c:3624: handshake message: msglen = 89, type = 2, hslen = 89 ssl_tls.c:4385: <= read record ssl_cli.c:1579: dumping 'server hello, version' (2 bytes) ssl_cli.c:1579: 0000: 03 03 .. ssl_cli.c:1600: server hello, current time: 3513020129 ssl_cli.c:1610: dumping 'server hello, random bytes' (32 bytes) ssl_cli.c:1610: 0000: d1 64 6e e1 0c 1f ac 75 77 eb d7 02 24 dd a7 da .dn....uw...$... ssl_cli.c:1610: 0010: 48 f3 50 43 34 10 d8 d9 44 4f 57 4e 47 52 44 01 H.PC4...DOWNGRD. ssl_cli.c:1690: server hello, session id len.: 32 ssl_cli.c:1691: dumping 'server hello, session id' (32 bytes) ssl_cli.c:1691: 0000: 90 8f cc f8 31 63 81 ae aa bf a9 b9 61 1e 78 f6 ....1c......a.x. ssl_cli.c:1691: 0010: 79 b8 26 66 51 99 f4 50 45 d4 21 9b 22 24 4c 63 y.&fQ..PE.!."$Lc ssl_cli.c:1728: no session has been resumed ssl_cli.c:1731: server hello, chosen ciphersuite: c030 ssl_cli.c:1732: server hello, compress alg.: 0 ssl_cli.c:1764: server hello, chosen ciphersuite: TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ssl_cli.c:1789: server hello, total extension length: 13 ssl_cli.c:1809: found renegotiation extension ssl_cli.c:1888: found supported_point_formats extension ssl_cli.c:1292: point format selected: 0 ssl_cli.c:1978: <= parse server hello ssl_cli.c:3510: client state: 3 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5655: => parse certificate ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 07 80 ..... ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 1920 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 1925 ssl_tls.c:2720: in_left: 5, nb_want: 1925 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 1361 (-0xfffffaaf) ssl_tls.c:2720: in_left: 1366, nb_want: 1925 ssl_tls.c:8094: <= handshake ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 3 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5655: => parse certificate ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 1366, nb_want: 5 ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 07 80 ..... ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 1920 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 1366, nb_want: 1925 ssl_tls.c:2720: in_left: 1366, nb_want: 1925 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 559 (-0xfffffdd1) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (1925 bytes) ssl_tls.c:4232: 0000: 16 03 03 07 80 0b 00 07 7c 00 07 79 00 03 90 30 ........|..y...0 .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0770: df d8 30 17 65 70 2a 02 54 9a 4c cf b1 51 04 25 ..0.ep*.T.L..Q.% ssl_tls.c:4232: 0780: 83 2c ab dd 46 .,..F ssl_tls.c:3624: handshake message: msglen = 1920, type = 11, hslen = 1920 ssl_tls.c:4385: <= read record ssl_tls.c:5606: peer certificate #1: ssl_tls.c:5606: cert. version : 1 ssl_tls.c:5606: serial number : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issuer name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: subject name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issued on : 2020-08-15 09:12:30 ssl_tls.c:5606: expires on : 2030-08-13 09:12:30 ssl_tls.c:5606: signed using : RSA with SHA-256 ssl_tls.c:5606: RSA key size : 2048 bits ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c:5606: c9 93 0d f4 7b 93 95 8f 4d ec bb 77 46 82 48 6d .. .. .. .. .. .. .. .. .. .. ssl_tls.c:5606: 0f 00 85 cf c9 40 b0 f8 b2 df 1b 75 bd 2e 95 43 ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is: ssl_tls.c:5606: 01 00 01 ssl_tls.c:5606: peer certificate #2: ssl_tls.c:5606: cert. version : 3 ssl_tls.c:5606: serial number : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issuer name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: subject name : XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssl_tls.c:5606: issued on : 2020-08-15 08:54:30 ssl_tls.c:5606: expires on : 2030-08-13 08:54:30 ssl_tls.c:5606: signed using : RSA with SHA-256 ssl_tls.c:5606: RSA key size : 2048 bits ssl_tls.c:5606: basic constraints : CA=true ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is: ssl_tls.c:5606: c4 e2 4b 37 45 4a 36 e5 b0 14 f7 fa 76 1d c4 29 .. .. .. .. .. .. .. .. .. .. ssl_tls.c:5606: 43 7c 19 f2 b0 dc ef 69 cf 13 c4 cb fa 80 92 f1 ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is: ssl_tls.c:5606: 01 00 01 ssl_tls.c:5856: Certificate verification flags clear ssl_tls.c:5863: <= parse certificate ssl_cli.c:3510: client state: 4 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2336: => parse server key exchange ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 01 4d ....M ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 333 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 338 ssl_tls.c:2720: in_left: 5, nb_want: 338 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 333 (-0xfffffeb3) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (338 bytes) ssl_tls.c:4232: 0000: 16 03 03 01 4d 0c 00 01 49 03 00 17 41 04 6e 49 ....M...I...A.nI .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0140: c4 4b 34 2f 83 5f 98 17 39 5e 6e 4d 56 f4 c1 4c .K4/._..9^nMV..L ssl_tls.c:4232: 0150: 39 0f 9. ssl_tls.c:3624: handshake message: msglen = 333, type = 12, hslen = 333 ssl_tls.c:4385: <= read record ssl_cli.c:2424: dumping 'server key exchange' (329 bytes) ssl_cli.c:2424: 0000: 03 00 17 41 04 6e 49 4b 1c 4e 7b 2b ff c3 c9 9b ...A.nIK.N{+.... .. .. .. .. .. .. .. .. .. .. ssl_cli.c:2424: 0130: d9 33 d2 6e a7 05 ca c4 4b 34 2f 83 5f 98 17 39 .3.n....K4/._..9 ssl_cli.c:2424: 0140: 5e 6e 4d 56 f4 c1 4c 39 0f ^nMV..L9. ssl_cli.c:2044: ECDH curve: secp256r1 ssl_cli.c:2054: value of 'ECDH: Qp(X)' (255 bits) is: ssl_cli.c:2054: 6e 49 4b 1c 4e 7b 2b ff c3 c9 9b 81 29 4d a8 92 ssl_cli.c:2054: af c2 77 2b 3b c6 26 ba d4 c7 a2 2d 83 78 e3 54 ssl_cli.c:2054: value of 'ECDH: Qp(Y)' (256 bits) is: ssl_cli.c:2054: d6 91 fe 18 70 fb bc b6 c7 aa 67 1c 08 8b 4d 58 ssl_cli.c:2054: a4 70 59 97 90 23 8d 4b b6 24 4e 1a 7e 13 f2 d1 ssl_cli.c:2278: Server used SignatureAlgorithm 1 ssl_cli.c:2279: Server used HashAlgorithm 4 ssl_cli.c:2580: dumping 'signature' (256 bytes) ssl_cli.c:2580: 0000: b3 88 25 7f 3f 6b cf 7e 03 de 11 5b 4f 47 e9 6e ..%.?k.~...[OG.n .. .. .. .. .. .. .. .. .. .. ssl_cli.c:2580: 00f0: 34 2f 83 5f 98 17 39 5e 6e 4d 56 f4 c1 4c 39 0f 4/._..9^nMV..L9. ssl_cli.c:2616: dumping 'parameters hash' (32 bytes) ssl_cli.c:2616: 0000: bc 4e 7e a6 a6 02 76 66 2c da 19 6c ea 5a aa df .N~...vf,..l.Z.. ssl_cli.c:2616: 0010: ae 3a ff e9 34 c6 d1 72 98 b4 f3 7d b8 71 11 65 .:..4..r...}.q.e ssl_cli.c:2664: <= parse server key exchange ssl_cli.c:3510: client state: 5 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2697: => parse certificate request ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 00 3a ....: ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 58 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 63 ssl_tls.c:2720: in_left: 5, nb_want: 63 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 58 (-0xffffffc6) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (63 bytes) ssl_tls.c:4232: 0000: 16 03 03 00 3a 0d 00 00 36 03 01 02 40 00 2e 04 ....:...6...@... .. .. .. .. .. .. .. .. .. .. ssl_tls.c:4232: 0030: 01 02 01 03 02 02 02 04 02 05 02 06 02 00 00 ............... ssl_tls.c:3624: handshake message: msglen = 58, type = 13, hslen = 58 ssl_tls.c:4385: <= read record ssl_cli.c:2723: got a certificate request ssl_cli.c:2823: Supported Signature Algorithm found: 4,3 ssl_cli.c:2823: Supported Signature Algorithm found: 5,3 ssl_cli.c:2823: Supported Signature Algorithm found: 6,3 ssl_cli.c:2823: Supported Signature Algorithm found: 8,7 ssl_cli.c:2823: Supported Signature Algorithm found: 8,8 ssl_cli.c:2823: Supported Signature Algorithm found: 8,9 ssl_cli.c:2823: Supported Signature Algorithm found: 8,10 ssl_cli.c:2823: Supported Signature Algorithm found: 8,11 ssl_cli.c:2823: Supported Signature Algorithm found: 8,4 ssl_cli.c:2823: Supported Signature Algorithm found: 8,5 ssl_cli.c:2823: Supported Signature Algorithm found: 8,6 ssl_cli.c:2823: Supported Signature Algorithm found: 4,1 ssl_cli.c:2823: Supported Signature Algorithm found: 5,1 ssl_cli.c:2823: Supported Signature Algorithm found: 6,1 ssl_cli.c:2823: Supported Signature Algorithm found: 3,3 ssl_cli.c:2823: Supported Signature Algorithm found: 2,3 ssl_cli.c:2823: Supported Signature Algorithm found: 3,1 ssl_cli.c:2823: Supported Signature Algorithm found: 2,1 ssl_cli.c:2823: Supported Signature Algorithm found: 3,2 ssl_cli.c:2823: Supported Signature Algorithm found: 2,2 ssl_cli.c:2823: Supported Signature Algorithm found: 4,2 ssl_cli.c:2823: Supported Signature Algorithm found: 5,2 ssl_cli.c:2823: Supported Signature Algorithm found: 6,2 ssl_cli.c:2846: <= parse certificate request ssl_cli.c:3510: client state: 6 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2856: => parse server hello done ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 16 03 03 00 04 ..... ssl_tls.c:4053: input record: msgtype = 22, version = [3:3], msglen = 4 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 9 ssl_tls.c:2720: in_left: 5, nb_want: 9 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 4 (-0xfffffffc) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (9 bytes) ssl_tls.c:4232: 0000: 16 03 03 00 04 0e 00 00 00 ......... ssl_tls.c:3624: handshake message: msglen = 4, type = 14, hslen = 4 ssl_tls.c:4385: <= read record ssl_cli.c:2886: <= parse server hello done ssl_cli.c:3510: client state: 7 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5329: => write certificate ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 7 ssl_tls.c:3425: dumping 'output record sent to network' (12 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 07 0b 00 00 03 00 00 00 ............ ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 12, out_left: 12 ssl_tls.c:2779: ssl->f_send() returned 12 (-0xfffffff4) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_tls.c:5433: <= write certificate ssl_cli.c:3510: client state: 8 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:2898: => write client key exchange ssl_cli.c:2977: value of 'ECDH: Q(X)' (256 bits) is: ssl_cli.c:2977: e8 dd a7 e4 3d f4 43 c0 1f 42 67 99 2f 1b bd a8 ssl_cli.c:2977: 10 03 3d 45 5f 3b f8 46 ff d6 b8 65 3c 13 6a 3b ssl_cli.c:2977: value of 'ECDH: Q(Y)' (256 bits) is: ssl_cli.c:2977: 9a f8 36 4d 19 01 01 02 d6 bb 51 4a 1d ec f1 7f ssl_cli.c:2977: 28 70 31 95 65 62 1e d6 8d 97 b6 cc 3f b4 9a 8e ssl_cli.c:3005: value of 'ECDH: z' (253 bits) is: ssl_cli.c:3005: 14 06 75 26 fd 2c 2e 3f ad cf 0c fe 6b df 66 7c ssl_cli.c:3005: c2 b7 54 7e 62 ea 4e 0b 93 d0 62 22 15 e6 db 43 ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 70 ssl_tls.c:3425: dumping 'output record sent to network' (75 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 46 10 00 00 42 41 04 e8 dd a7 e4 3d ....F...BA.....= .. .. .. .. .. .. .. .. .. .. ssl_tls.c:3425: 0040: 62 1e d6 8d 97 b6 cc 3f b4 9a 8e b......?... ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 75, out_left: 75 ssl_tls.c:2779: ssl->f_send() returned 75 (-0xffffffb5) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_cli.c:3172: <= write client key exchange ssl_cli.c:3510: client state: 9 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_cli.c:3224: => write certificate verify ssl_tls.c:0628: => derive keys ssl_tls.c:0705: dumping 'premaster secret' (32 bytes) ssl_tls.c:0705: 0000: 14 06 75 26 fd 2c 2e 3f ad cf 0c fe 6b df 66 7c ..u&.,.?....k.f| ssl_tls.c:0705: 0010: c2 b7 54 7e 62 ea 4e 0b 93 d0 62 22 15 e6 db 43 ..T~b.N...b"...C ssl_tls.c:0794: ciphersuite = TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ssl_tls.c:0796: dumping 'master secret' (48 bytes) ssl_tls.c:0796: 0000: 5a 15 26 c7 71 73 1a 2e 8c 0d 0e 55 d7 6f 7f b5 Z.&.qs.....U.o.. .. .. .. .. .. .. .. .. .. .. ssl_tls.c:0796: 0020: 24 bf 3f 51 ca e9 7b 66 99 61 cf a9 fb 61 e2 2f $.?Q..{f.a...a./ ssl_tls.c:0797: dumping 'random bytes' (64 bytes) ssl_tls.c:0797: 0000: d1 64 6e e1 0c 1f ac 75 77 eb d7 02 24 dd a7 da .dn....uw...$... .. .. .. .. .. .. .. .. .. .. ssl_tls.c:0797: 0030: 4b 0c 20 64 d3 22 d0 ee 5e 3b 83 24 a7 01 ec d9 K. d."..^;.$.... ssl_tls.c:0798: dumping 'key block' (256 bytes) ssl_tls.c:0798: 0000: 5d b4 7a 60 2e 5b f8 fb 8f e4 75 22 9a b4 8c 04 ].z`.[....u".... .. .. .. .. .. .. .. .. .. .. ssl_tls.c:0798: 00f0: 53 af 8e 78 d0 03 ca 26 b7 43 ee c6 aa 0e 71 88 S..x...&.C....q. ssl_tls.c:0919: keylen: 32, minlen: 24, ivlen: 12, maclen: 0 ssl_tls.c:1116: <= derive keys ssl_cli.c:3253: <= skip write certificate verify ssl_cli.c:3510: client state: 10 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5879: => write change cipher spec ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:3420: output record: msgtype = 20, version = [3:3], msglen = 1 ssl_tls.c:3425: dumping 'output record sent to network' (6 bytes) ssl_tls.c:3425: 0000: 14 03 03 00 01 01 ...... ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 6, out_left: 6 ssl_tls.c:2779: ssl->f_send() returned 6 (-0xfffffffa) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_tls.c:5893: <= write change cipher spec ssl_cli.c:3510: client state: 11 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:6398: => write finished ssl_tls.c:6272: => calc finished tls sha384 ssl_tls.c:6283: dumping 'finished sha512 state' (64 bytes) ssl_tls.c:6283: 0000: e2 6c 37 56 90 66 0a f8 1c c7 26 d0 49 a9 87 52 .l7V.f....&.I..R .. .. .. .. .. .. .. .. .. .. ssl_tls.c:6283: 0030: 85 b3 04 84 77 e5 02 b0 53 d7 31 b4 c4 e4 08 c0 ....w...S.1..... ssl_tls.c:6296: dumping 'calc finished result' (12 bytes) ssl_tls.c:6296: 0000: c4 6a dd c2 9b a7 75 28 ff 53 5a 3f .j....u(.SZ? ssl_tls.c:6302: <= calc finished ssl_tls.c:6443: switching to new transform spec for outbound data ssl_tls.c:3184: => write handshake message ssl_tls.c:3343: => write record ssl_tls.c:1445: => encrypt buf ssl_tls.c:1455: dumping 'before encrypt: output payload' (16 bytes) ssl_tls.c:1455: 0000: 14 00 00 0c c4 6a dd c2 9b a7 75 28 ff 53 5a 3f .....j....u(.SZ? ssl_tls.c:1574: dumping 'additional data for AEAD' (13 bytes) ssl_tls.c:1574: 0000: 00 00 00 00 00 00 00 00 16 03 03 00 10 ............. ssl_tls.c:1604: dumping 'IV used (internal)' (12 bytes) ssl_tls.c:1604: 0000: a0 9a 1f cb 00 00 00 00 00 00 00 00 ............ ssl_tls.c:1606: dumping 'IV used (transmitted)' (8 bytes) ssl_tls.c:1606: 0000: 00 00 00 00 00 00 00 00 ........ ssl_tls.c:1616: before encrypt: msglen = 24, including 0 bytes of padding ssl_tls.c:1643: dumping 'after encrypt: tag' (16 bytes) ssl_tls.c:1643: 0000: e7 10 1d 99 f6 b6 a5 40 de e8 c0 d5 ec 48 de 6e .......@.....H.n ssl_tls.c:1781: <= encrypt buf ssl_tls.c:3420: output record: msgtype = 22, version = [3:3], msglen = 40 ssl_tls.c:3425: dumping 'output record sent to network' (45 bytes) ssl_tls.c:3425: 0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 00 73 7e ....(.........s~ .. .. .. .. .. .. .. .. .. .. ssl_tls.c:3425: 0020: 99 f6 b6 a5 40 de e8 c0 d5 ec 48 de 6e ....@.....H.n ssl_tls.c:2755: => flush output ssl_tls.c:2773: message length: 45, out_left: 45 ssl_tls.c:2779: ssl->f_send() returned 45 (-0xffffffd3) ssl_tls.c:2807: <= flush output ssl_tls.c:3476: <= write record ssl_tls.c:3320: <= write handshake message ssl_tls.c:6507: <= write finished ssl_cli.c:3510: client state: 12 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5902: => parse change cipher spec ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:8094: <= handshake ssl_tls.c:8084: => handshake ssl_cli.c:3510: client state: 12 ssl_tls.c:2755: => flush output ssl_tls.c:2767: <= flush output ssl_tls.c:5902: => parse change cipher spec ssl_tls.c:4311: => read record ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 0, nb_want: 5 ssl_tls.c:2720: in_left: 0, nb_want: 5 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 5 (-0xfffffffb) ssl_tls.c:2742: <= fetch input ssl_tls.c:4047: dumping 'input record header' (5 bytes) ssl_tls.c:4047: 0000: 15 03 03 00 02 ..... ssl_tls.c:4053: input record: msgtype = 21, version = [3:3], msglen = 2 ssl_tls.c:2536: => fetch input ssl_tls.c:2696: in_left: 5, nb_want: 7 ssl_tls.c:2720: in_left: 5, nb_want: 7 ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe) ssl_tls.c:2742: <= fetch input ssl_tls.c:4232: dumping 'input record from network' (7 bytes) ssl_tls.c:4232: 0000: 15 03 03 00 02 02 28 ......( ssl_tls.c:5169: got an alert message, type: [2:40] ssl_tls.c:5177: is a fatal alert message (msg 40) ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) ssl_tls.c:5906: mbedtls_ssl_read_record() returned -30592 (-0x7780) ssl_tls.c:8094: <= handshake mbedtls_ssl_handshake failed: -30592

5 years, 3 months

1
0
0 0

Set an MPI and print it

by youssouf sokhona

Hi everyone, I think you all are fine. I am a beginner on mbedtls, and I wanted to set a dhm context. So, at first, I just want to set the value of the prime P, and the generator G. So to that I wrote the function below : [cid:image001.png@01D67AF5.D43FDE60] To check if it is correctly set, I wanted to print it to see. However, it is not the case. Do you know how to set and print the value ? Thanks, and have a good day Best regards, YS

5 years, 3 months

1
0
0 0

undefined reference….

by youssouf sokhona

Hello everybody, I hope you are going well I am creating a diffie Hellman key exchange program, so I am using functions like « mbedtls_dhm_init() » or « mbedtls_ctr_drbg_init() « for example. However, even if I defined the CTR_DRBG & the DHM_C module in the config.h file, and the header in my C file, I Always have error like that : [cid:image002.png@01D6770C.20370D40] Can someone help me to find out where does it come from ? Because I don’t know at all. Thanks, and have a good day

5 years, 3 months

1
0
0 0

Printf with %z and %hh format specifiers.

by Paul Elliott

Hi all, I am placing into review a patch ( https://github.com/ARMmbed/mbedtls/pull/3579) which replaces some invalid size printf format specifiers, mostly for size_t. This patch utilises %zu and %hhu, both of which were only introduced in C99, which I know caused some issues with compiler compatibility at the time. The problem with printf and size_t as most will know, is that its a different size in 32 bit and 64 bit, which is what %z was introduced to safely fix. My question is to whether there is anyone on the list that is using a compiler that might not handle these specifiers, for whom this patch would presumably be something of an issue. I am admittedly hoping this is not the case, given the age of the spec, but thought it best to ask. Thanks in advance, Paul.

5 years, 3 months

1
0
0 0

Re: [mbed-tls] Custom PSA API Implementation for mbedTLS tests

by Dan Handley

Hi Murat What you request may be possible with invasive changes but it is not a design goal for the PSA Cryptography API implementation in Mbed TLS to be completely replaced with an alternative implementation, while allowing re-use of the Mbed TLS build system and tests. The focus instead is to develop and implement a PSA Cryptoprocessor Driver Interface, which will allow drivers for custom secure environments to be plugged into the core PSA Cryptography API implementation in Mbed TLS. An early version of the specification of that interface can be found here: https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-drive… That specification and its implementation is under active development. Let us know if you would like to get involved. Regards Dan. From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> On Behalf Of Murat Cakmak via mbed-tls Sent: 14 August 2020 13:34 To: mbed-tls(a)lists.trustedfirmware.org Subject: [mbed-tls] Custom PSA API Implementation for mbedTLS tests Hi all, We have implemented the PSA Functional API for a custom secure environment which passes PSA Arch tests. Now we would like to run mbedtls tests (make check) on the PSA API if possible. When we run "make check", it includes and compiles library/psa_crypto.c file for mbedTLS's PSA API Implementation. Herein, we would like to compile our own psa_crypto.c implementation, does mbedtls build system allow us to include custom PSA API Implementation to run tests? Thank you. Murat

5 years, 4 months

1
0
0 0

2025

2024

2023

2022

2021

2020

mbed-tls