ARMmbed

[solved] Mbedtls_ssl_handshake_step hanging

I’m at a my wits end here so throwing this out here in case someone happens to have a clue as to what could be going on.

I’m running the code in question on two platforms:

  • Linux, Ubuntu 18.04 mbedTLS (2.16.0-1)
  • ESP32, and as such its an mbedTLS ported to that platform by Espressif, v.2.13.1

I’m debugging two issues with mbedTLS that only happens when running the code on ESP32.

The first issue is that I get this error when connecting with curl/FireFox:

I’ve understood this as means the Message Authentication Code isn’t validated for some reason. I’m therefore trying to figure out what ciphers are enabled to see if the one of those curl/FireFox uses is available.

To do that I’m running this script, which leads me to the next issue, namely as soon as OpenSSL tries to connect using DHE-RSA-AES256-GCM-SHA384, mbedtls_ssl_handshake_step hangs after first outputting the below output (debug lvl 4). After that the system never recovers, i.e. the task that called mbedtls_ssl_handshake_step remains hung in this call.

I know its a pretty broad question, but if you have any idea as to why this would happen, please speak up, thank you.

I (24690) mbedtls: ssl_srv.c:4255 server state: 8

I (24696) mbedtls: ssl_tls.c:2751 => flush output

I (24701) mbedtls: ssl_tls.c:2763 <= flush output

I (24707) mbedtls: ssl_srv.c:3715 => parse client key exchange

I (24714) mbedtls: ssl_tls.c:4305 => read record

I (24719) mbedtls: ssl_tls.c:2532 => fetch input

I (24725) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5

I (24732) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5

I (24737) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)

I (24745) mbedtls: ssl_tls.c:2738 <= fetch input

D (24751) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 262

I (24759) mbedtls: ssl_tls.c:2532 => fetch input

I (24765) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 267

I (24771) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 267

I (24777) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 262 (-0xfffffefa)

I (24786) mbedtls: ssl_tls.c:2738 <= fetch input

D (24797) mbedtls: ssl_tls.c:3620 handshake message: msglen = 262, type = 16, hslen = 262

I (24801) mbedtls: ssl_tls.c:4379 <= read record

D (24806) mbedtls: ssl_srv.c:3429 value of 'DHM: GY' (2048 bits) is:

D (24812) mbedtls: ssl_srv.c:3429  c7 7f 10 48 d1 07 62 e6 1c ff 6f 5f e0 6c bf ba

D (24820) mbedtls: ssl_srv.c:3429  2f a0 ec cb ab 7e ae e8 e1 40 7d 5e 12 35 64 77

D (24828) mbedtls: ssl_srv.c:3429  45 de e0 cd 0c c6 3e 6a 0e d2 12 6e 5d 9e a8 88

D (24836) mbedtls: ssl_srv.c:3429  aa 0f 6b 1e 9d ec 90 e8 b1 27 cc 15 34 75 d0 5d

D (24844) mbedtls: ssl_srv.c:3429  63 b7 d8 8b ef cd 91 64 48 38 fa 18 6b c6 2a 3c

D (24851) mbedtls: ssl_srv.c:3429  da e1 14 8d d2 02 b6 85 26 cb 55 6a cb c2 ca de

D (24859) mbedtls: ssl_srv.c:3429  e8 c6 0d 9c 0a 6f 22 1f 8c 3a df 3a 86 6c f6 09

D (24867) mbedtls: ssl_srv.c:3429  c9 7a 6c ed bc 87 41 be 52 4b fe ad 59 9a 00 de

D (24875) mbedtls: ssl_srv.c:3429  7e 51 ea 95 f5 b2 1a 9a d6 10 5d 8a 32 98 2e 85

D (24883) mbedtls: ssl_srv.c:3429  55 b3 7d 51 29 b8 e0 dd b9 22 39 f2 7a 63 25 19

D (24890) mbedtls: ssl_srv.c:3429  cf c9 a5 65 d7 7f be de a5 5b e0 f7 d5 a4 dd 93

D (24898) mbedtls: ssl_srv.c:3429  da 2a 93 fa 5d 82 f5 44 61 d9 e1 f7 b4 c4 e3 31

D (24906) mbedtls: ssl_srv.c:3429  ee 5c 0c 91 32 28 22 9b cb 6e 89 9a 03 39 82 6f

D (24914) mbedtls: ssl_srv.c:3429  f9 8a 30 00 d2 8a 11 86 a9 29 da 82 a4 7d 56 26

D (24922) mbedtls: ssl_srv.c:3429  04 a9 7a 5f c8 08 80 0d a3 f5 2b 31 01 ed c5 4b

D (24929) mbedtls: ssl_srv.c:3429  b0 60 a8 07 1f f2 23 0e 48 fa 99 9c ff 75 95 44

After further digging it seems the hang is resulting from the hardware acceleration provided by the ESP32, specifically MPI (bignum).

Hi @permal
WE have found some issues related to mpi that can cause stack overflow. The fix was merged to version 2.16.1, in PR https://github.com/ARMmbed/mbedtls/pull/2214

In addition, reducing the value of MBEDTLS_MPI_MAX_SIZE should also help in avoiding stack overflow, depending on what key size you need,
Regards,
Mbed TLS Team member
Ron

Thanks @roneld01, I’ll pass this on to Espressif.