Hi,

Thank you for adding me to the mbed-tls mailing list.

We have created a self-signed certificate with ECC key of MBEDTLS_ECP_DP_SECP256R1 type, since it is a self-signed certificate after we send the certificate to chrome from our web server it shows not trusted and goes to the page where we need to manually proceed with the acceptance of the certificate to allow further communication. After this we again have to perform handshake for which we need to prepare the server key exchange, while preparing the server key exchange we notice that it is infinitely calling the mbedtls_mpi_cmp_mpi() function in bignum.c and the execution is not able to proceed hereafter. Sometimes we also see that when executing ssl_prepare_server_key_exchange() function in ssl_srv.c we find ciphersuite_info pointer as null and the program goes into data panic due to that. We have checked our stacks and not seen any sign of corruption.

The mbedtls version that we are using is mbedtls-2.16.3.
Please find the attached wireshark trace during this scenario. The IP 192.168.2.67 corresponds to our webserver and 192.168.2.100 the pc with the browser.

Please let us know the root-cause of the issue and the actions to be taken to fix this - can you please expedite as this is a blocking issue in our project.

Thanks for the support.

Regards,
Selin.