7 Jun
2021
7 Jun
'21
10:09 p.m.
Hi Selin,
Another thing to check is that the stack is large enough. Stack overflows can sometimes cause weird behavior.
Other than that, I'm afraid I can't think of a reason why there would be an infinite loop involving mbedtls_mpi_cmp_mpi. To go further, I think you need to trace the program in a debugger, figure out what arguments are being passed to the functions, and where the infinite loop is.
Best regards,
--
Gilles Peskine
Mbed TLS developer
On 26/05/2021 10:24, Selin Chris via mbed-tls wrote:
> Hi Gilles,
>
> Thanks for the quick reply.
>
> I migrated to version 2.16, and I have seen the same issue is still
> there. Moreover, we have reseeded the RNG, still issue is there.
>
>
>
> I created a client and it's working fine, it's able to handshake and
> send data to the server. Only problem is server communication where
> control is going in infinite loop while creating server key exchange.
> As you asked for the call stack of the loop, I am attaching the call
> stack with this mail.
>
> Please support us.
>
>
>
> Thank you.
>
>
> Regards,
>
> Selin.
>
>
>
> On Fri, May 21, 2021 at 5:30 PM
> <mbed-tls-request@lists.trustedfirmware.org
> mailto:mbed-tls-request@lists.trustedfirmware.org> wrote:
>
> Send mbed-tls mailing list submissions to
> mbed-tls@lists.trustedfirmware.org
> mailto:mbed-tls@lists.trustedfirmware.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>
> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
> or, via email, send a message with subject or body 'help' to
> mbed-tls-request@lists.trustedfirmware.org
> mailto:mbed-tls-request@lists.trustedfirmware.org
>
> You can reach the person managing the list at
> mbed-tls-owner@lists.trustedfirmware.org
> mailto:mbed-tls-owner@lists.trustedfirmware.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of mbed-tls digest..."
>
>
> Today's Topics:
>
> 1. Re: Request for Support [Issue : Webserver handshake failing
> with self-signed certificate] (Gilles Peskine)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Thu, 20 May 2021 15:13:54 +0200
> From: Gilles Peskine <gilles.peskine@arm.com
> mailto:gilles.peskine@arm.com>
> To: mbed-tls@lists.trustedfirmware.org
> mailto:mbed-tls@lists.trustedfirmware.org
> Subject: Re: [mbed-tls] Request for Support [Issue : Webserver
> handshake failing with self-signed certificate]
> Message-ID: <93c3cd71-bdc1-c3ec-4bbc-89ff995a8444@arm.com
> mailto:93c3cd71-bdc1-c3ec-4bbc-89ff995a8444@arm.com>
> Content-Type: text/plain; charset=utf-8
>
> Hi Selin,
>
> A possible problem could be a misconfigured random generator. However
> this is purely speculation. Can you get a stack trace? Finding the
> root
> cause requires finding where mbedtls_mpi_cmp_mpi is called.
>
> Please note that Mbed TLS 2.16.3 has known bugs and
> vulnerabilities. You
> should upgrade to the latest bug-fixing version of the 2.16
> branch, 2.16.10.
>
> --
> Gilles Peskine
> Mbed TLS developer
>
> On 20/05/2021 13:06, Selin Chris via mbed-tls wrote:
> >
> > Hi,
> >
> > Thank you for adding me to the mbed-tls mailing list.
> >
> > We have created a self-signed certificate with ECC key of
> > MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate
> > after we send the certificate to chrome from our web server it shows
> > not trusted and goes to the page where we need to manually proceed
> > with the acceptance of the certificate to allow further
> communication.
> > After this we again have to perform handshake for which we need to
> > prepare the server key exchange, while preparing the server key
> > exchange we notice that it is infinitely calling the
> > mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not
> > able to proceed hereafter. Sometimes we also see that when executing
> > ssl_prepare_server_key_exchange() function in ssl_srv.c we find
> > ciphersuite_info pointer as null and the program goes into data
> panic
> > due to that. We have checked our stacks and not seen any sign of
> > corruption.
> >
> > The mbedtls version that we are using is mbedtls-2.16.3.
> > Please find the attached wireshark trace during this scenario.
> The IP
> > 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc
> > with the browser.
> >
> > Please let us know the root-cause of the issue and the actions to be
> > taken to fix this - can you please expedite as this is a blocking
> > issue in our project.
> >
> > Thanks for the support.
> >
> > Regards,
> > Selin.
> >
> >
> >
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> mbed-tls mailing list
> mbed-tls@lists.trustedfirmware.org
> mailto:mbed-tls@lists.trustedfirmware.org
> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls
>
>
> ------------------------------
>
> End of mbed-tls Digest, Vol 15, Issue 8
> ***************************************
>
>