Replying to my own post,

I did dig in a bit more;

It appears that it gets stuck in here within: int mbedtls_ctr_drbg_reseed( mbedtls_ctr_drbg_context *ctx, const unsigned char *additional, size_t len )

memset( seed, 0, MBEDTLS_CTR_DRBG_MAX_SEED_INPUT ); printf("(%d) %s: Done\r\n", __LINE__, __FUNCTION__); <---- line#412

/* * Gather entropy_len bytes of entropy to seed state */ if( 0 != ctx->f_entropy( ctx->p_entropy, seed, ctx->entropy_len ) ) <----- appears to be stuck in this callback f_entropy() { return( MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ); }

seedlen += ctx->entropy_len; printf("(%d) %s: Done\r\n", __LINE__, __FUNCTION__); <----- line #424

Sprinkling a few prints here and there, it looks thus:

(174) tls_init: Initializing (178) tls_init: SSL initialize (181) tls_init: SSL Config initialized (184) tls_init: x509 CRT initialized (187) tls_init: DRBG initialized (190) tls_init: Entropy initialized (95) mbedtls_ctr_drbg_seed_entropy_len: AES initialized (112) mbedtls_ctr_drbg_seed_entropy_len: AES setkey enc (412) mbedtls_ctr_drbg_reseed: Done (1027) mbedtls_hardware_poll: Random Words: 128 Word: 834688558

Someone help ?

Thanks, Manu

On Mon, Aug 17, 2020 at 10:46 PM Manu Abraham via mbed-tls mbed-tls@lists.trustedfirmware.org wrote:

Greetings,

I am new to the list, please do excuse me, in case of any list specific etiquette issues.

Trying to use a 1.6.1 release with a Cortex M7 port, specifically a STM32H7.

After enabling MBEDTLS_ENTROPY_HARDWARE_ALT, did implement mbedtls_hardware_poll()

It looks thus, and it does appear to work from a hardware perspective:

/**

• mbedtls_hardware_poll()
• Read random data from the Hardware RNG for entropy applications

*/ int mbedtls_hardware_poll(void *arg, unsigned char *ent_buf, size_t count, size_t *ent_len) { register uint8_t i = 0; uint32_t rand;

if (!LL_RNG_IsEnabled(RNG))
    LL_RNG_Enable(RNG);                /* Enable Random Number Generator */

for (i = 0; i < count; i++) {
    while (!LL_RNG_IsActiveFlag_DRDY(RNG)) { }    /* Wait for DRDY

flag to be raised */ if ((LL_RNG_IsActiveFlag_CECS(RNG)) || (LL_RNG_IsActiveFlag_SECS(RNG))) { /* Check error, if any */

        /* Clock or Seed Error detected. Set Error */
        printf(" (%d) %s: Clock/Seed Error!\r\n", __LINE__, __FUNCTION__);
    }
    rand = LL_RNG_ReadRandData32(RNG);        /* Read RNG data */
    memcpy(&(ent_buf[i * 4]), &rand, 4);        /* *ent_len += 4 */
}
LL_RNG_Disable(RNG);                    /* Stop random numbers generation */
*ent_len = ((i + 1) * 4);
printf(" (%d) %s: Random Words: %d Word: %04d\r\n",
    __LINE__,
    __FUNCTION__,
    count,
    rand);

return 0;

}

The code which causes the problem is this, in my tls_init()

int tls_init(void) { int ret;

/* inspired by https://tls.mbed.org/kb/how-to/mbedtls-tutorial */
const char *pers = "SYS-LWH7";

printf(" (%d) %s: Initializing\r\n", __LINE__, __FUNCTION__);
/* initialize descriptors */

mbedtls_ssl_init(&ssl);
printf(" (%d) %s: SSL initialize\r\n", __LINE__, __FUNCTION__);

mbedtls_ssl_config_init(&conf);
printf(" (%d) %s: SSL Config initialized\r\n", __LINE__, __FUNCTION__);

mbedtls_x509_crt_init(&cacert);
printf(" (%d) %s: x509 CRT initialized\r\n", __LINE__, __FUNCTION__);

mbedtls_ctr_drbg_init(&ctr_drbg);
printf(" (%d) %s: DRBG initialized\r\n", __LINE__, __FUNCTION__);

mbedtls_entropy_init(&entropy);
printf(" (%d) %s: Entropy initialized\r\n", __LINE__, __FUNCTION__);


ret = mbedtls_ctr_drbg_seed(&ctr_drbg,
                mbedtls_entropy_func,
                &entropy,
                (const unsigned char *) pers,
                strlen(pers));
if (ret) {

    LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE,
            ("failed !\n mbedtls_ctr_drbg_seed returned %d\n",
            ret));

    printf(" (%d) %s: DRBG seed failed, ret=%d\r\n", __LINE__,

__FUNCTION__, ret); return -1; } printf(" (%d) %s: DRBG seed returned:%d\r\n", __LINE__, __FUNCTION__, ret);

/**
 * The transport type determines if we are using
 * TLS (MBEDTLS_SSL_TRANSPORT_STREAM) or
 * DTLS (MBEDTLS_SSL_TRANSPORT_DATAGRAM).
 */
ret = mbedtls_ssl_config_defaults(&conf,
                  MBEDTLS_SSL_IS_CLIENT,
                  MBEDTLS_SSL_TRANSPORT_STREAM,
                  MBEDTLS_SSL_PRESET_DEFAULT);
if (ret) {
    LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE,
            ("failed !\n mbedtls_ssl_config_defaults returned %d\n\n",
            ret));

    printf("(%d) %s: SSL config defaults failed, ret=%d\r\n",

__LINE__, __FUNCTION__, ret); return -1; } printf("(%d) %s: SSL config defaults returned:%d\r\n", __LINE__, __FUNCTION__, ret);

ret = mbedtls_x509_crt_parse(&cacert,
                 (const unsigned char *)test_ca_crt,
                 test_ca_crt_len);
if (ret)
    printf(" (%d) %s: failed!\n  mbedtls_x509_crt_parse returned

%d\r\n", __LINE__, __FUNCTION__, ret); else printf(" (%d) %s: mbedtls_x509_crt_parse returned %d\r\n", __LINE__, __FUNCTION__, ret);

mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);

/**
 * The library needs to know which random engine
 * to use and which debug function to use as callback.
 */
mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg);
mbedtls_ssl_conf_dbg(&conf, my_debug, stdout);
mbedtls_ssl_setup(&ssl, &conf);

}

The output of which looks thus, in a serial terminal:

(1217) print_dhcp_state: Try connect to Broker (174) tls_init: Initializing (178) tls_init: SSL initialize (181) tls_init: SSL Config initialized (184) tls_init: x509 CRT initialized (187) tls_init: DRBG initialized (190) tls_init: Entropy initialized (1027) mbedtls_hardware_poll: Random Words: 128 Word: -558876895

Any thoughts/ideas, what could be wrong ? Any kind soul in here ?

Thanks, Manu -- mbed-tls mailing list mbed-tls@lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls