Hello,
I am using mbedTLS 3.6.5 on a Renesas RX65N with compiler ccrx.
I am implementing a TLS 1.2 server using:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- ECDSA P-256 server certificate
- ECDHE secp256r1
During the handshake (I use openssl s_client), I get:
>>> TLS 1.2, Alert [length 0002], fatal illegal_parameter
02 2f
140605661713728:error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve:../crypto/ec/ec_lib.c:812:
140605661713728:error:141A4132:SSL routines:tls_process_ske_ecdhe:bad ecpoint:../ssl/statem/statem_clnt.c:2229:
mbedtls_ecdh_make_params() returned -0x4C80 (MBEDTLS_ERR_ECP_INVALID_KEY)
This happens right after:
ssl_tls12_server.c:4304: server state: 4
ssl_tls12_server.c:3234: => write server key exchange
ssl_tls12_server.c:2971: ECDHE curve: secp256r1
ssl_tls12_server.c:3075: value of 'ECDH: Q(X)' (256 bits) is:
ssl_tls12_server.c:3075: f0 7e c6 f3 cc 41 71 bb a8 01 0b cc 3a 8a 5e 72
ssl_tls12_server.c:3075: 9d db bc d9 a1 5a 04 91 47 44 e0 ff 6f 42 de b3
ssl_tls12_server.c:3075: value of 'ECDH: Q(Y)' (255 bits) is:
ssl_tls12_server.c:3075: 5e ba af af 86 55 1a 6e 04 a8 97 b4 13 12 c2 3c
ssl_tls12_server.c:3075: a3 2e 00 a4 2d 44 e8 63 bf 98 08 74 81 94 5f 5e
ssl_tls12_server.c:3130: pick hash algorithm 9 for signing
ssl_tls.c:9231: Perform mbedtls-based computation of digest of ServerKeyExchange
ssl_tls12_server.c:3148: dumping 'parameters hash' (32 bytes)
ssl_tls12_server.c:3148: 0000: 2d b3 aa 62 c4 5a 87 18 39 a6 b6 91 0e 6d fb 81 -..b.Z..9....m..
ssl_tls12_server.c:3148: 0010: f7 55 38 54 33 1d 30 cc 85 83 10 2e 39 5c 5d 67 .U8T3.0.....9\]g
ssl_tls12_server.c:3296: dumping 'my signature' (72 bytes)
ssl_tls12_server.c:3296: 0000: 30 46 02 21 00 ee 81 dd 1f 32 62 66 57 5c 90 31 0F.!.....2bfW\.1
ssl_tls12_server.c:3296: 0010: a9 84 2a c4 e8 ee 6a c5 f0 db 39 01 58 d5 9c e3 ..*...j...9.X...
ssl_tls12_server.c:3296: 0020: 6e e6 bd 04 25 02 21 00 f5 c6 89 97 d8 dd 2f 93 n...%.!......./.
ssl_tls12_server.c:3296: 0030: d0 11 19 f7 0a e7 c4 6b ae 27 b8 d5 db b4 a9 2c .......k.'.....,
ssl_tls12_server.c:3296: 0040: 2f ec 2e b4 53 1a 72 01
I suspect an entropy / RNG issue. My RNG initialization is:
- custom entropy source based on XXX
- added via mbedtls_entropy_add_source(...)
- CTR_DRBG seeded with personalization string "debug-seed"
Do you see any problem in this setup ? Do not hesitate if you need any other information.
I'm new to cryptography and currently learning TLS with mbedTLS.
Thanks in advance,
Adrien.
Hi Team,
We are working on an embedded security project using MbedTLS 3.6.2 for DTLS
communication.
As part of our performance evaluation, we analyzed the timing metrics for
DTLS handshake and application data read/write operations.
During testing, we observed that the time taken for data read and write
operations is significantly higher than expected.
[image: image.png]
We would appreciate your guidance on the following:
1. What factors in MbedTLS could contribute to higher read/write latency?
2. Are there any known performance limitations or configuration settings
that impact DTLS data transfer timing?
3. Are there recommended optimizations for embedded platforms to improve
throughput?
Please let us know if any more info is required.
Looking forward to your response.
Thanks and regards,
Ankita Hatmode
--
-------------------------------------------------------------------------------------------------------------------------
**Disclaimer:** This email message including any attachments is
confidential, and may be privileged and proprietary to Agiliad. If you are
not the intended recipient, please notify us immediately by replying to
this message and destroy all copies of this message including any
attachments. You are NOT authorized to read, print, retain, copy,
disseminate, distribute, or use this message or any part thereof. Thank
you.
------------------------------------------------------------------------------------------------------------------------
