Arm Mbed and Pelion Device Management support forum

MBEDTLS never exits ecp_double_jac function call

Hi Support,

I am using MBEDTLS and most of it works, except I have hit a snag where I am trying to communicate to an https server, and it fails in the ssl->handshake-step (ssl_write_client_key_exchange).

My stack trace shows that it gets to the function ecp_double_jac and never exits. It is looping at
MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &T, &P->X, &S ) ); MOD_ADD( T );.
Stack trace:
test.elf! mbedtls_mpi_sub_abs (mbedtls_mpi * X, const mbedtls_mpi * A, const mbedtls_mpi * B) Line: 1287
test.elf! ecp_double_jac (const mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_ecp_point * P) Line: 1310
test.elf! ecp_precompute_comb (const mbedtls_ecp_group * grp, mbedtls_ecp_point * T, const mbedtls_ecp_point * P, unsigned char w, size_t d, mbedtls_ecp_restart_ctx * rs_ctx) Line: 1702
test.elf! ecp_mul_comb (mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, int (*)(void *, unsigned char , size_t) f_rng, void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) Line: 2095
test.elf! mbedtls_ecp_mul_restartable (mbedtls_ecp_group * grp, mbedtls_ecp_point * R, const mbedtls_mpi * m, const mbedtls_ecp_point * P, int (
)(void *, unsigned char , size_t) f_rng, void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) Line: 2396
test.elf! ecdh_gen_public_restartable (mbedtls_ecp_group * grp, mbedtls_mpi * d, mbedtls_ecp_point * Q, int (
)(void *, unsigned char , size_t) f_rng, void * p_rng, mbedtls_ecp_restart_ctx * rs_ctx) Line: 84
test.elf! mbedtls_ecdh_gen_public (mbedtls_ecp_group * grp, mbedtls_mpi * d, mbedtls_ecp_point * Q, int (
)(void *, unsigned char , size_t) f_rng, void * p_rng) Line: 102
test.elf! ecdh_make_public_internal (mbedtls_ecdh_context_mbed * ctx, size_t * olen, int point_format, unsigned char * buf, size_t blen, int (
)(void *, unsigned char , size_t) f_rng, void * p_rng, int restart_enabled) Line: 514
test.elf! mbedtls_ecdh_make_public (mbedtls_ecdh_context * ctx, size_t * olen, unsigned char * buf, size_t blen, int (
)(void *, unsigned char *, size_t) f_rng, void * p_rng) Line: 542
test.elf! ssl_write_client_key_exchange (mbedtls_ssl_context * ssl) Line: 3362
test.elf! mbedtls_ssl_handshake_client_step (mbedtls_ssl_context * ssl) Line: 4015
test.elf! mbedtls_ssl_handshake_step (mbedtls_ssl_context * ssl) Line: 9564
test.elf! mbedtls_ssl_handshake (mbedtls_ssl_context * ssl) Line: 9588
test.elf! https_do_tls_handshake (struct httpsConfigStr * client) Line: 419
test.elf! HttpsStateMachine Line: 366
test.elf! HttpsTask (void * param) Line: 110
test.elf! ?? Line: 110

MBEDTLS VERSION: mbed TLS 2.18.0
PLATFORM: embedded microchip SAME70 micro controller.

I have attached my config.h file.

What am I doing wrong?

Hi @sirjeer
As mentioned in this post, Mbed TLS is now maintained under open governance at TrustedFirmware.org

It is advised you post your question in their mailing list.
Regards,
Mbed Support
Ron

Hi Roneld,

I actually did email it to mbed-tls@lists.trustedfirmware.org .

Is there another email address to send this to?

Hi @sirjeer
May I know when you have mailed there? I will see what I can do.

From a brief look, it seems that you may have some stack overflow in the function.
What is the stack size on your system?
What is the value of your MBEDTLS_MPI_MAX_SIZE configuration?
Note that the configuration file was not added.
Regard,
mbed Supprot
Ron

Hi Roneld, I emailed mbed-tls@lists.trustedfirmware.org on 04 May 2020 at 10:49 AM,

MBEDTLS_MPI_MAX_SIZE is 1024, as is defined in bignum.h, as the default value.

Additional information:
I have two servers to play on, the one that works is under our control and is happy to select TLS-RSA-WITH-AES-256-CBC-SHA256 ciphersuite when offered by the client, but the customer’s server, only selects, TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 ciphersuite, even if I change the priority order, i.e TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384 goes last in the list of supported ciphersuites.

So I have to get this to work. The customer’s server delivers 4 chained certificates including the ROOT CA, which gets parsed ok.

#if !defined(MBEDTLS_MPI_MAX_SIZE)
/*

  • Maximum size of MPIs allowed in bits and bytes for user-MPIs.
  • ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits )

I forgot to add config.h, added now.

Thanks.

(Attachment config.h is missing)