ARMmbed

Can't use ECP_RESTARTABLE

I’m using lwip and mbedTLS to make a TLS connection to AWS IoT Core. It works.

Now I’m trying to enable MBEDTLS_ECP_RESTARTABLE, because the handshake is very slow on the target (Cortex-M3), and I want to give other tasks the possibility to execute. Unfortunately I can’t.

When restartable option isn’t enabled, I see the client blocks for a long time (around 5-10 seconds) and after I see some TLS messages output: Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message. After that, the server replies with Change Chiper Spec and Encrypted Handshake Message and the handshake ends with success.

When I enable restartable, something different happens. During long calculations, Certificate message and Client Key Exchange messages are sent. After some seconds (I suppose after all calculations end) only the TLS message Ceritifcate Verify is sent. Then the handshake stalls and after many seconds the server closes the connection.

Do you argue what could be the problem? It seems the client doesn’t send Change Cipher Spec and Encrypted Handshake Message with the last message.

I’m able to compile the same source code in mingw and here it works even when restartable is enabled. Of course, in mingw the calculations is very short.

Hi @pozzugno
Thank you for your question.

I assume you read https://tls.mbed.org/kb/development/restartable-ecc . Have you tried calling mbedtls_ecp_set_max_ops() with different values?

Hi @roneld01,
thank you for your prompt reply. Yes I read that page.

I finally found the problem. On the target board, I have very limited RAM so one lwip malloc fails. It is strange, because the allocated memory is the same with and without restartable option. Most probably, the sequence of allocations changes and this leads to allocation failure.

I increased the heap size a little, and now restartable works well on target too. It’s not an issue related to mbedTLS.