Hello,
I am using mbedTLS 3.6.5 on a Renesas RX65N with compiler ccrx.
I am implementing a TLS 1.2 server using:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ECDSA P-256 server certificate
- ECDHE secp256r1

During the handshake (I use  openssl s_client), I get:
    >>> TLS 1.2, Alert [length 0002], fatal illegal_parameter

       02 2f

   140605661713728:error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve:../crypto/ec/ec_lib.c:812:

   140605661713728:error:141A4132:SSL routines:tls_process_ske_ecdhe:bad ecpoint:../ssl/statem/statem_clnt.c:2229:
   mbedtls_ecdh_make_params() returned -0x4C80 (MBEDTLS_ERR_ECP_INVALID_KEY)

This happens right after:
      ssl_tls12_server.c:4304: server state: 4

      ssl_tls12_server.c:3234: => write server key exchange

      ssl_tls12_server.c:2971: ECDHE curve: secp256r1

      ssl_tls12_server.c:3075: value of 'ECDH: Q(X)' (256 bits) is:

      ssl_tls12_server.c:3075:  f0 7e c6 f3 cc 41 71 bb a8 01 0b cc 3a 8a 5e 72

      ssl_tls12_server.c:3075:  9d db bc d9 a1 5a 04 91 47 44 e0 ff 6f 42 de b3

      ssl_tls12_server.c:3075: value of 'ECDH: Q(Y)' (255 bits) is:

      ssl_tls12_server.c:3075:  5e ba af af 86 55 1a 6e 04 a8 97 b4 13 12 c2 3c

      ssl_tls12_server.c:3075:  a3 2e 00 a4 2d 44 e8 63 bf 98 08 74 81 94 5f 5e

      ssl_tls12_server.c:3130: pick hash algorithm 9 for signing

      ssl_tls.c:9231: Perform mbedtls-based computation of digest of ServerKeyExchange

      ssl_tls12_server.c:3148: dumping 'parameters hash' (32 bytes)

      ssl_tls12_server.c:3148: 0000:  2d b3 aa 62 c4 5a 87 18 39 a6 b6 91 0e 6d fb 81  -..b.Z..9....m..

      ssl_tls12_server.c:3148: 0010:  f7 55 38 54 33 1d 30 cc 85 83 10 2e 39 5c 5d 67  .U8T3.0.....9\]g

      ssl_tls12_server.c:3296: dumping 'my signature' (72 bytes)

      ssl_tls12_server.c:3296: 0000:  30 46 02 21 00 ee 81 dd 1f 32 62 66 57 5c 90 31  0F.!.....2bfW\.1

      ssl_tls12_server.c:3296: 0010:  a9 84 2a c4 e8 ee 6a c5 f0 db 39 01 58 d5 9c e3  ..*...j...9.X...

      ssl_tls12_server.c:3296: 0020:  6e e6 bd 04 25 02 21 00 f5 c6 89 97 d8 dd 2f 93  n...%.!......./.

      ssl_tls12_server.c:3296: 0030:  d0 11 19 f7 0a e7 c4 6b ae 27 b8 d5 db b4 a9 2c  .......k.'.....,

      ssl_tls12_server.c:3296: 0040:  2f ec 2e b4 53 1a 72 01

I suspect an entropy / RNG issue. My RNG initialization is:
- custom entropy source based on XXX
- added via mbedtls_entropy_add_source(...)
- CTR_DRBG seeded with personalization string "debug-seed"
Do you see any problem in this setup ? Do not hesitate if you need any other information.

I'm new to cryptography and currently learning TLS with mbedTLS.
Thanks in advance,

Adrien.