mbedTLS on ESP32 vs Native Linux
Posted: Sat Jun 08, 2019 6:47 pm
I'm debugging two issues with mbedTLS that only happens when running the code on ESP32, i.e. only the mbedTLS adjusted for ESP has this issue.
The first issue is that I get this error when connecting with curl/FireFox:
To do that I'm running this script, which leads me to the next issue, namely as soon as OpenSSL tries to connect using DHE-RSA-AES256-GCM-SHA384, mbedtls_ssl_handshake_step hangs after first outputting the below output (debug lvl 4). After that the system never recovers, i.e. the task that called mbedtls_ssl_handshake_step remains hung.
I know its a pretty broad question, but if you have any idea as to why this would happen, please speak up, thank you.
I also ran the ESP https server example which does not exhibit this issue so there's of course a difference between the setup in that project and mine, but since mine does work on native Linux I'm unsure where the actual problem lays.
The first issue is that I get this error when connecting with curl/FireFox:
I've understood this as means the Message Authentication Code isn't validated for some reason. I'm therefore trying to figure out what ciphers are enabled to see if the one of those curl/FireFox uses is available.mbedtls_ssl_handshake returned -29056: SSL - Verification of the message MAC failed
To do that I'm running this script, which leads me to the next issue, namely as soon as OpenSSL tries to connect using DHE-RSA-AES256-GCM-SHA384, mbedtls_ssl_handshake_step hangs after first outputting the below output (debug lvl 4). After that the system never recovers, i.e. the task that called mbedtls_ssl_handshake_step remains hung.
I know its a pretty broad question, but if you have any idea as to why this would happen, please speak up, thank you.
I also ran the ESP https server example which does not exhibit this issue so there's of course a difference between the setup in that project and mine, but since mine does work on native Linux I'm unsure where the actual problem lays.
Code: Select all
I (24690) mbedtls: ssl_srv.c:4255 server state: 8
I (24696) mbedtls: ssl_tls.c:2751 => flush output
I (24701) mbedtls: ssl_tls.c:2763 <= flush output
I (24707) mbedtls: ssl_srv.c:3715 => parse client key exchange
I (24714) mbedtls: ssl_tls.c:4305 => read record
I (24719) mbedtls: ssl_tls.c:2532 => fetch input
I (24725) mbedtls: ssl_tls.c:2693 in_left: 0, nb_want: 5
I (24732) mbedtls: ssl_tls.c:2717 in_left: 0, nb_want: 5
I (24737) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 5 (-0xfffffffb)
I (24745) mbedtls: ssl_tls.c:2738 <= fetch input
D (24751) mbedtls: ssl_tls.c:4050 input record: msgtype = 22, version = [3:3], msglen = 262
I (24759) mbedtls: ssl_tls.c:2532 => fetch input
I (24765) mbedtls: ssl_tls.c:2693 in_left: 5, nb_want: 267
I (24771) mbedtls: ssl_tls.c:2717 in_left: 5, nb_want: 267
I (24777) mbedtls: ssl_tls.c:2718 ssl->f_recv(_timeout)() returned 262 (-0xfffffefa)
I (24786) mbedtls: ssl_tls.c:2738 <= fetch input
D (24797) mbedtls: ssl_tls.c:3620 handshake message: msglen = 262, type = 16, hslen = 262
I (24801) mbedtls: ssl_tls.c:4379 <= read record
D (24806) mbedtls: ssl_srv.c:3429 value of 'DHM: GY' (2048 bits) is:
D (24812) mbedtls: ssl_srv.c:3429 c7 7f 10 48 d1 07 62 e6 1c ff 6f 5f e0 6c bf ba
D (24820) mbedtls: ssl_srv.c:3429 2f a0 ec cb ab 7e ae e8 e1 40 7d 5e 12 35 64 77
D (24828) mbedtls: ssl_srv.c:3429 45 de e0 cd 0c c6 3e 6a 0e d2 12 6e 5d 9e a8 88
D (24836) mbedtls: ssl_srv.c:3429 aa 0f 6b 1e 9d ec 90 e8 b1 27 cc 15 34 75 d0 5d
D (24844) mbedtls: ssl_srv.c:3429 63 b7 d8 8b ef cd 91 64 48 38 fa 18 6b c6 2a 3c
D (24851) mbedtls: ssl_srv.c:3429 da e1 14 8d d2 02 b6 85 26 cb 55 6a cb c2 ca de
D (24859) mbedtls: ssl_srv.c:3429 e8 c6 0d 9c 0a 6f 22 1f 8c 3a df 3a 86 6c f6 09
D (24867) mbedtls: ssl_srv.c:3429 c9 7a 6c ed bc 87 41 be 52 4b fe ad 59 9a 00 de
D (24875) mbedtls: ssl_srv.c:3429 7e 51 ea 95 f5 b2 1a 9a d6 10 5d 8a 32 98 2e 85
D (24883) mbedtls: ssl_srv.c:3429 55 b3 7d 51 29 b8 e0 dd b9 22 39 f2 7a 63 25 19
D (24890) mbedtls: ssl_srv.c:3429 cf c9 a5 65 d7 7f be de a5 5b e0 f7 d5 a4 dd 93
D (24898) mbedtls: ssl_srv.c:3429 da 2a 93 fa 5d 82 f5 44 61 d9 e1 f7 b4 c4 e3 31
D (24906) mbedtls: ssl_srv.c:3429 ee 5c 0c 91 32 28 22 9b cb 6e 89 9a 03 39 82 6f
D (24914) mbedtls: ssl_srv.c:3429 f9 8a 30 00 d2 8a 11 86 a9 29 da 82 a4 7d 56 26
D (24922) mbedtls: ssl_srv.c:3429 04 a9 7a 5f c8 08 80 0d a3 f5 2b 31 01 ed c5 4b
D (24929) mbedtls: ssl_srv.c:3429 b0 60 a8 07 1f f2 23 0e 48 fa 99 9c ff 75 95 44