Mbed TLS is now part of TrustedFirmware.org.

mbedtls_ecdh_make_public returned -16


Jan 10, 2018 10:17
Chris Rutherford

I'm making a TLS connection, but sometimes I get a handshake error caused by mbedtls_ecdh_make_public failing. In the successful case mbedtls_ecdh_make_public returns a success and the rest of the handshake completes. Does anyone know what could cause this function to fail? i.e. does it try to allocate memory or possibly something time related or stack corruption, missing data?

Fail case:


cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2441: ssl->f_send() returned 877 (-0xfffffc93)
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2460: <= flush output
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2850: <= write record
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4211: <= write certificate
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:3279: client state: 8
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2416: => flush output
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2428: <= flush output
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2732: => write client key exchange
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2793: mbedtls_ecdh_make_public() returned -16 (-0x0010)
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:6345: <= handshake failed  
! mbedtls_ssl_handshake returned -0x10

Success case:


cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2441: ssl->f_send() returned 877 (-0xfffffc93)
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2460: <= flush output
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2850: <= write record
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4211: <= write certificate
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:3279: client state: 8
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2416: => flush output
cube/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:2428: <= flush output
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2732: => write client key exchange
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797: value of 'ECDH: Q(X)' (520 bits) is:
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  cf f7 90 cc 4c 1c 06 81 88 cf 08 a8 f4 70 a1 a6
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  56 64 64 f6 8e 62 c3 fa 1a 84 8d be 42 e5 1b 57
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  7b 35 18 2e 30 bf 92 29 87 de ce af 4c bb 31 b6
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  86 51 11 6b 0a 13 68 c3 60 da 54 40 2d 63 15 55
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  3f
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797: value of 'ECDH: Q(Y)' (521 bits) is:
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  01 86 8a 19 f8 46 7b 33 df 03 8d da be 8d a9 4f
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  a0 89 b7 83 fd 50 fd 2b 83 7f fb cf e4 cd ae 77
cube/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2797:  84 cb 21 22 c5 bd 1d d5 7b da 95 14 7f 24 c2 f8
etc
 
Jan 10, 2018 11:00
Chris Rutherford

I might be on to something.... #define MBEDTLS_ERR_MPI_ALLOC_FAILED -0x0010

 
Jan 10, 2018 11:06
Chris Rutherford

Could you point me to some guidelines / recommendations for minimizing the mbedtls memory footprint.

Thanks.

Chris

 
Jan 11, 2018 14:29
Ron Eldor

HI Chris,
As you rightfully mentioned MBEDTLS_ERR_MPI_ALLOC_FAILED is the error code you are receiving.
I believe this article should help you.
Regards,
Mbed TLS Team member
Ron