Hi Gilles,

Thanks for the quick reply.

I migrated to version 2.16, and I have seen the same issue is still there. Moreover, we have reseeded the RNG, still issue is there.

 

I created a client and it's working fine, it's able to handshake and send data to the server. Only problem is server communication where control is going in infinite loop while creating server key exchange. As you asked for the call stack of the loop, I am attaching the call stack with this mail.

Please support us.

 

Thank you.


Regards,

Selin.



On Fri, May 21, 2021 at 5:30 PM <mbed-tls-request@lists.trustedfirmware.org> wrote:
Send mbed-tls mailing list submissions to
        mbed-tls@lists.trustedfirmware.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
or, via email, send a message with subject or body 'help' to
        mbed-tls-request@lists.trustedfirmware.org

You can reach the person managing the list at
        mbed-tls-owner@lists.trustedfirmware.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of mbed-tls digest..."


Today's Topics:

   1. Re: Request for Support [Issue : Webserver handshake failing
      with self-signed certificate] (Gilles Peskine)


----------------------------------------------------------------------

Message: 1
Date: Thu, 20 May 2021 15:13:54 +0200
From: Gilles Peskine <gilles.peskine@arm.com>
To: mbed-tls@lists.trustedfirmware.org
Subject: Re: [mbed-tls] Request for Support [Issue : Webserver
        handshake failing with self-signed certificate]
Message-ID: <93c3cd71-bdc1-c3ec-4bbc-89ff995a8444@arm.com>
Content-Type: text/plain; charset=utf-8

Hi Selin,

A possible problem could be a misconfigured random generator. However
this is purely speculation. Can you get a stack trace? Finding the root
cause requires finding where mbedtls_mpi_cmp_mpi is called.

Please note that Mbed TLS 2.16.3 has known bugs and vulnerabilities. You
should upgrade to the latest bug-fixing version of the 2.16 branch, 2.16.10.

--
Gilles Peskine
Mbed TLS developer

On 20/05/2021 13:06, Selin Chris via mbed-tls wrote:
>
> Hi,
>
> Thank you for adding me to the mbed-tls mailing list.
>
> We have created a self-signed certificate with ECC key of
> MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate
> after we send the certificate to chrome from our web server it shows
> not trusted and goes to the page where we need to manually proceed
> with the acceptance of the certificate to allow further communication.
> After this we again have to perform handshake for which we need to
> prepare the server key exchange, while preparing the server key
> exchange we notice that it is infinitely calling the
> mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not
> able to proceed hereafter. Sometimes we also see that when executing
> ssl_prepare_server_key_exchange() function in ssl_srv.c we find
> ciphersuite_info pointer as null and the program goes into data panic
> due to that. We have checked our stacks and not seen any sign of
> corruption.
>
> The mbedtls version that we are using is mbedtls-2.16.3.
> Please find the attached wireshark trace during this scenario. The IP
> 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc
> with the browser.
>
> Please let us know the root-cause of the issue and the actions to be
> taken to fix this - can you please expedite as this is a blocking
> issue in our project.
>
> Thanks for the support.
>
> Regards,
> Selin.
>
>
>



------------------------------

Subject: Digest Footer

mbed-tls mailing list
mbed-tls@lists.trustedfirmware.org
https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls


------------------------------

End of mbed-tls Digest, Vol 15, Issue 8
***************************************