Arm Mbed and Pelion Device Management support forum

Mbedtls porting network functions

Hi,

Developing a TLS Client on a embedded device, are using non-standard send/recv platform function. After TCP connection happens successfully, the TLS starts and ends in halfway with TLS Alert message.

It seems our recv function is getting all message instead of first 96 byte message of handshake and try to parse it as whole.

Our recv function is prototype below:
void platformRecv(uint8_t *Buffer, uint16_t &Length, uint16_t Timeout);
THe Length param is quite tricky. THere we have to pass the size and after execution, it will update the actual length of recved pkt.

SO, I take it later and return the Length after dereferencing in mbedtls_net_send function.

The Server is setup on Ubuntu System and it is working fine, as we tested the same client program on Ubuntu System. Given output below for ref:

Our client program prints log as below:

. Receiveed by kernel[96] bytes
. ip_kernel recive done failed! mbedtls_ssl_handshake returned -7200

and TLS Server we are running on Ubuntu System, outputs following:
. Performing the SSL/TLS handshake…/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5178: is a fatal alert message (msg 10)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5699: mbedtls_ssl_read_record() returned -30592 (-0x7780)
failed
! mbedtls_ssl_handshake returned -30592

Last error was: -30592 - SSL - A fatal alert message was received from our peer

. Waiting for a remote connection … ok
. Performing the SSL/TLS handshake…/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5178: is a fatal alert message (msg 10)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780)
/home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_tls.c:5699: mbedtls_ssl_read_record() returned -30592 (-0x7780)
failed
! mbedtls_ssl_handshake returned -30592

Last error was: -30592 - SSL - A fatal alert message was received from our peer

Thanks,
Gopi Krishnan

The client is always returning.
MBEDTLS_ERR_SSL_INVALID_RECORD -0x7200

additionally, it is also returning . Received by kernel[96] bytes
. ip_kernel reeceive done failed! mbedtls_ssl_handshake returnd -6c00(this does not come often)

Hi Gopi,
It seems that you have an issue with your recv functionality

If I understand correct, your recv function returns the Actual number of bytes that it read from your transport layer socket, even if it is bigger than the input length parameter. Am I right?
Without looking at your recv function, I would suggest you change the behviour, that it will return to the caller only the requested amount of bytes asked ( or less, if this is what returned).
Try having an intermediate circular buffer to hold the incoming data, and read from it only what was asked
Regards,
Mbed TLS Support
Ron

Would simple FIFO/queue buffer resolve this issue?

HI Gopi,
Yes, the circular buffer I was referring to is a FIFO buffer.
I believe that a simpler FIFO buffer may also work, however you will need to manage the size limitation.
I also wonder what will be the items in this FIFO buffer
Regards

Hi Ron,

Thanks for the suggestion; the simple fifo queue has been implemented. However, not resolved yet.

Creating new TLS->Client
Connect..........................................................
client state: 0
client state: 1

 .> PKT->Send[304]

 16 03 01 01 2b 01 00 01 27 03 03 ff ff ff ff 53
 0f 8a fb c7 45 36 b9 a9 63 b4 f1 c4 cb 73 8b ce
 a7 40 3d 4d 60 6b 6e 07 4e c5 d3 00 00 be cc a8
 cc a9 cc aa c0 ad c0 9f 00 6b c0 0a c0 14 00 39
 c0 af c0 a3 00 c4 00 88 c0 2b c0 2f 00 9e c0 ac
 c0 9e c0 23 c0 27 00 67 c0 09 c0 13 00 33 c0 ae
 c0 a2 c0 86 c0 8a c0 7c c0 72 c0 76 00 be 00 45
 cc ac cc ad c0 a7 c0 36 00 91 c0 ab 00 aa c0 a6
 c0 37 00 b2 c0 35 00 90 c0 90 c0 96 c0 9a c0 aa
 c0 9d 00 3d 00 35 c0 0f c0 05 c0 a1 c0 7b 00 c0
 00 84 00 9c c0 9c 00 3c 00 2f c0 31 c0 29 c0 0e
 c0 2d c0 25 c0 04 c0 a0 c0 7a 00 ba 00 41 c0 8c
 c0 78 c0 88 c0 74 cc ae 00 95 00 ac 00 b6 00 94
 c0 92 c0 98 cc ab c0 a5 00 8d c0 a9 00 a8 c0 a4
 00 ae 00 8c c0 8e c0 94 c0 a8 00 ff 01 00 00 40
 00 0d 00 0e 00 0c 04 03 04 01 03 03 03 01 02 03
 02 01 00 0a 00 18 00 16 00 19 00 1c 00 18 00 1b
 00 17 00 16 00 1a 00 15 00 14 00 13 00 12 00 0b
 00 02 01 00 00 16 00 00 00 17 00 00 00 23 00 00...............................................
client state: 2

  . Received by kernel[96] bytes
16 03 03 00 5b 02 00 00 57 03 03 5e 69 d1 93 e2 
0b 9a ca 04 63 25 f0 5e 5a 5f c4 40 db dc c4 07 
3a 09 f9 69 96 6b ec f2 71 df 53 20 a1 44 78 f5 
a3 ee 58 23 fd a0 3c 6f f5 b2 55 09 64 1f e3 d6 
d9 e2 87 f2 a5 5e 0f c5 58 cf f2 c5 cc a8 00 00 
0f ff 01 00 01 00 00 17 00 00 00 0b 00 02 01 00 
  . ip_kernel receive done  . done PlatformReceive() returned 0x0000
  . Cached data[from: 0 to: 96 in Q 96 bytes from kernel]: 
  . data [in-Cache:96 req-by-mbedtls:5]
  . consumed data:[5=5] front:[5]  rear:[96] 
 .> PKT->Received:

 16 03 03 00 5b

  . data [in-Cache:91 req-by-mbedtls:91]
  . consumed data:[91=91] front:[96]  rear:[96] 
 .> PKT->Received:

 02 00 00 57 03 03 5e 69 d1 93 e2 0b 9a ca 04 63
 25 f0 5e 5a 5f c4 40 db dc c4 07 3a 09 f9 69 96
 6b ec f2 71 df 53 20 a1 44 78 f5 a3 ee 58 23 fd
 a0 3c 6f f5 b2 55 09 64 1f e3 d6 d9 e2 87 f2 a5
 5e 0f c5 58 cf f2 c5 cc a8 00 00 0f ff 01 00 01
 00 00 17 00 00 00 0b 00 02 01 00
client state: 3

But after the client state:3 there is no movement. However after this step, the server is supposed to send TLS version and Length of Certificate. Howeer the server is reseting connection with error

  . Waiting for a remote connection ... ok
  . Performing the SSL/TLS handshake.../home/user/Wz/Thirdparty/mbedtls-2.16.3/library/ssl_srv.c:1228: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
 failed
  ! mbedtls_ssl_handshake returned -29312

Last error was: -29312 - SSL - The connection indicated an EOF

Could you suggest how to proceed from here?

I would suggest you debug this bio functions on your local machine.
I believe your client terminates connection, for some reason