- mbed-tls - lists.trustedfirmware.org

[TLS 1.2][ECDHE][RX65N] point is not on curve (secp256r1)

by Adrien LEGER

Hello, I am using mbedTLS 3.6.5 on a Renesas RX65N with compiler ccrx. I am implementing a TLS 1.2 server using: - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 - ECDSA P-256 server certificate - ECDHE secp256r1 During the handshake (I use openssl s_client), I get: >>> TLS 1.2, Alert [length 0002], fatal illegal_parameter 02 2f 140605661713728:error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve:../crypto/ec/ec_lib.c:812: 140605661713728:error:141A4132:SSL routines:tls_process_ske_ecdhe:bad ecpoint:../ssl/statem/statem_clnt.c:2229: mbedtls_ecdh_make_params() returned -0x4C80 (MBEDTLS_ERR_ECP_INVALID_KEY) This happens right after: ssl_tls12_server.c:4304: server state: 4 ssl_tls12_server.c:3234: => write server key exchange ssl_tls12_server.c:2971: ECDHE curve: secp256r1 ssl_tls12_server.c:3075: value of 'ECDH: Q(X)' (256 bits) is: ssl_tls12_server.c:3075: f0 7e c6 f3 cc 41 71 bb a8 01 0b cc 3a 8a 5e 72 ssl_tls12_server.c:3075: 9d db bc d9 a1 5a 04 91 47 44 e0 ff 6f 42 de b3 ssl_tls12_server.c:3075: value of 'ECDH: Q(Y)' (255 bits) is: ssl_tls12_server.c:3075: 5e ba af af 86 55 1a 6e 04 a8 97 b4 13 12 c2 3c ssl_tls12_server.c:3075: a3 2e 00 a4 2d 44 e8 63 bf 98 08 74 81 94 5f 5e ssl_tls12_server.c:3130: pick hash algorithm 9 for signing ssl_tls.c:9231: Perform mbedtls-based computation of digest of ServerKeyExchange ssl_tls12_server.c:3148: dumping 'parameters hash' (32 bytes) ssl_tls12_server.c:3148: 0000: 2d b3 aa 62 c4 5a 87 18 39 a6 b6 91 0e 6d fb 81 -..b.Z..9....m.. ssl_tls12_server.c:3148: 0010: f7 55 38 54 33 1d 30 cc 85 83 10 2e 39 5c 5d 67 .U8T3.0.....9\]g ssl_tls12_server.c:3296: dumping 'my signature' (72 bytes) ssl_tls12_server.c:3296: 0000: 30 46 02 21 00 ee 81 dd 1f 32 62 66 57 5c 90 31 0F.!.....2bfW\.1 ssl_tls12_server.c:3296: 0010: a9 84 2a c4 e8 ee 6a c5 f0 db 39 01 58 d5 9c e3 ..*...j...9.X... ssl_tls12_server.c:3296: 0020: 6e e6 bd 04 25 02 21 00 f5 c6 89 97 d8 dd 2f 93 n...%.!......./. ssl_tls12_server.c:3296: 0030: d0 11 19 f7 0a e7 c4 6b ae 27 b8 d5 db b4 a9 2c .......k.'....., ssl_tls12_server.c:3296: 0040: 2f ec 2e b4 53 1a 72 01 I suspect an entropy / RNG issue. My RNG initialization is: - custom entropy source based on XXX - added via mbedtls_entropy_add_source(...) - CTR_DRBG seeded with personalization string "debug-seed" Do you see any problem in this setup ? Do not hesitate if you need any other information. I'm new to cryptography and currently learning TLS with mbedTLS. Thanks in advance, Adrien.

2 days, 3 hours

2
1
0 0

Performance Inquiry- High read/write latency observed in Mbedtls 3.6.2 (DTLS)

by Ankita Hatmode

Hi Team, We are working on an embedded security project using MbedTLS 3.6.2 for DTLS communication. As part of our performance evaluation, we analyzed the timing metrics for DTLS handshake and application data read/write operations. During testing, we observed that the time taken for data read and write operations is significantly higher than expected. [image: image.png] We would appreciate your guidance on the following: 1. What factors in MbedTLS could contribute to higher read/write latency? 2. Are there any known performance limitations or configuration settings that impact DTLS data transfer timing? 3. Are there recommended optimizations for embedded platforms to improve throughput? Please let us know if any more info is required. Looking forward to your response. Thanks and regards, Ankita Hatmode -- ------------------------------------------------------------------------------------------------------------------------- **Disclaimer:** This email message including any attachments is confidential, and may be privileged and proprietary to Agiliad. If you are not the intended recipient, please notify us immediately by replying to this message and destroy all copies of this message including any attachments. You are NOT authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. Thank you. ------------------------------------------------------------------------------------------------------------------------

5 days, 3 hours

2
1
0 0

mbedtls 2.28 - resumption in an ongoing session (abbreviated renegotiation)

by Tommaso Mancini

Hello, I am trying to test a device’s conformance to IEC62351-3 which defines some rules about TLS implementations, in particular im wondering if it’s possible to: Use mbedtls on a TLS server to accept a session resumption when a client sends a ClientHello message with a session ID in an ongoing TLS session. Also RFC 5246 says this about resumption for tls v1.2: The ClientHello message includes a variable-length session identifier. If not empty, the value identifies a session between the same client and server whose security parameters the client wishes to reuse. The session identifier MAY be from an earlier connection, this connection, or from another currently active connection. so it should be possible to resume in an ongoing session but: I already have a working implementation of a TLS 1.2 server using mbedtls 2.28, but if a client sends a clienthello with a session ID in an ongoing session, the server always responds with a renegotiation by default. Taking a look at the library code i tried to change the function: static void ssl_handle_id_based_session_resumption(mbedtls_ssl_context *ssl) found in the file ssl_srv.c in mbedtls 2.28, and removed a check which skipped resumption if a client hello was received during a session, this does not work properly however because the server closes the connection after sending the finished message due to a MBEDTLS_SSL_ALERT_MSG_DECRYPT_ERROR. Im wondering if there is anyway to allow resumption in this manner using mbedtls or if im doing something wrong? If you require further information please let me know and i will try to add as much as i can! [1741361442716] <mailto:tommaso.mancini@sel-electric.it> Tommaso Mancini SEL S.p.A. R&D Software and Test Engineer Via Amendola 9,11,13,15,17 51035 Lamporecchio (PT) Tel. +39 0573 80051 Fax +39 0573 803110 website: www.sel-electric.com<http://www.sel-electric.com/> e-mail: tommaso.mancini(a)sel-electric.it<mailto:tommaso.mancini@sel-electric.it> <mailto:tommaso.mancini@sel-electric.it>Questo è un messaggio di posta elettronica proveniente da SEL s.p.a. Le informazioni contenut in questa comunicazione sono altamente riservate e possono essere utilizzate solo dalla persona o dall’ente cui sono destinate. La diffusione, distribuzione e/o copiatura del documento trasmesso da parte di qualsiasi soggetto diverso dal destinatario è proibita. Se avete ricevuto questo messaggio per errore, Vi preghiamo di contattarci immediatamente. Grazie. This communication is intended only for use by the addressee. It may contain confidential or privileged information. Transmission cannot be guaranteed to be secure or error-free. If you receive this communication unintentionally, please inform us immediately. Thank you. Per favore, pensa all’ambiente prima di stampare. Please, consider the environment before you print.

3 weeks, 6 days

1
0
0 0

Some problems regarding mbed TLS

by Milorad Podoaba

Hello, Our devices are connecting to AWS IoT Core. Recently we had few customers with poor connection complaining that the device didn't reconnect. We are using ARM Keil MDK 8.1.0 + mbed TLS 3.6.4. On Wireshark logs we have identified 2 errors: 1. close notify from server after client hello 2. bad certificate or unknown CA from client after server hello The device was stuck on one of these errors and only a reboot would fix it. I think these 2 errors are not related. On detail analysis for the first error, we saw that the cipher suites list was missing and that was the reason for close notify from server. Looking at the TLS code saw that the list is being created only one time after reboot. So in ssl_ciphersuites.c just commented out supported_init = 1 and now seems to be good. I do not know the reason why the list was lost during runtime. For the second error, we were able to reproduce the problem quite consistently. Some logs at IoT client code showed that somehow the TLS lost the ability to parse properly the server certificates. I believe that this was some memory allocation problem, so I've configured the mbed TLS to get allocation from a separate buffer and that seems to fix the problem. This buffer has to be quite large, 56k size. Any smaller size would return memory allocation failure. Any reason why it has to be so big? Just want to know if someone had before these issues and if I can lower the buffer. Let me know if you need extra details about the problems. Thank you and regards, Milo -- MiloradPodoaba Firmware System Engineer Arrowhead Alarm Products Ltd. (09) 414 0085 <tel:%2809%29%20414%200085%20%20%20> milo(a)aap.co.nz <mailto:milo@aap.co.nz> www.aap.co.nz <//www.aap.co.nz> 1A Emirali Road, Silverdale, Auckland, New Zealand facebook <https://www.facebook.com/ArrowheadAlarmProductsLtd/?hc_ref=ARTrnwMZmLZimX6K…> linkedin <https://www.linkedin.com/company/arrowhead-alarm-products-ltd-/> instagram <https://instagram.com/aapltd?igshid=1356ehzmruf5r>

3 weeks, 6 days

3
3
0 0

Fwd: Some problems regarding mbed TLS

by Ben Taylor

Also anything you can share around the size and quantity of certificates you are parsing would be useful. 56K does seem very high, though if at the time you are parsing large numbers of large certificates it could get up that far. Regards Ben ---------- Forwarded message --------- From: Ben Taylor <ben.taylor(a)linaro.org> Date: Tue, 27 Jan 2026 at 11:33 Subject: Re: [mbed-tls] Some problems regarding mbed TLS To: Milorad Podoaba <milo(a)aap.co.nz> Hi Milo, For the second issue the memory allocation problem if you are able to share your mbedtls configuration, that would be useful as customising this could impact how much is allocated. Beyond this anything further you can share about how you are using the library when you encounter high usage would be useful. Ideally a code snippet which reproduces the error, though if not any further information will help us reproduce the error and attempt to assist you. For the first issue again if you can share your config and any code snippets you have that can reproduce the issue that would be helpful. Many thanks Ben On Mon, 26 Jan 2026 at 20:54, Milorad Podoaba <milo(a)aap.co.nz> wrote: > Hi Ben, > > Not sure how much code you want me to share. You need to be more specific. > There might be a memory problem in our application, it just hard to tell > and the mbed TLS seems not able to recover. > > At this stage, I only want to reduce the size of the buffer for the > alternative memory alloc. > Do you know a way to do it? > > Thank you and regards, > Milo > > > Milorad Podoaba > > Firmware System Engineer > > Arrowhead Alarm Products Ltd. > > > > (09) 414 0085 <%2809%29%20414%200085%20%20%20> > milo(a)aap.co.nz > www.aap.co.nz <//www.aap.co.nz> > 1A Emirali Road, Silverdale, Auckland, New Zealand > > > > [image: facebook] > <https://www.facebook.com/ArrowheadAlarmProductsLtd/?hc_ref=ARTrnwMZmLZimX6K…> > > [image: linkedin] > <https://www.linkedin.com/company/arrowhead-alarm-products-ltd-/> > > [image: instagram] <https://instagram.com/aapltd?igshid=1356ehzmruf5r> > > > On 27/01/2026 12:19 am, Ben Taylor wrote: > > Hi Milo, > Thanks for reporting this issue. Is there any chance you could > share some example code that can reproduce the error, so we can investigate > it further? > > Many thanks > > Ben > > On Mon, 26 Jan 2026 at 10:28, Milorad Podoaba via mbed-tls < > mbed-tls(a)lists.trustedfirmware.org> wrote: > >> Hello, >> >> Our devices are connecting to AWS IoT Core. >> Recently we had few customers with poor connection complaining that the >> device didn't reconnect. >> >> We are using ARM Keil MDK 8.1.0 + mbed TLS 3.6.4. >> >> On Wireshark logs we have identified 2 errors: >> >> 1. close notify from server after client hello >> 2. bad certificate or unknown CA from client after server hello >> >> The device was stuck on one of these errors and only a reboot would fix >> it. >> I think these 2 errors are not related. >> >> On detail analysis for the first error, we saw that the cipher suites >> list was missing and that was the reason for close notify from server. >> Looking at the TLS code saw that the list is being created only one time >> after reboot. >> So in ssl_ciphersuites.c just commented out supported_init = 1 and now >> seems to be good. >> I do not know the reason why the list was lost during runtime. >> >> For the second error, we were able to reproduce the problem quite >> consistently. >> Some logs at IoT client code showed that somehow the TLS lost the ability >> to parse properly the server certificates. >> I believe that this was some memory allocation problem, so I've >> configured the mbed TLS to get allocation from a separate buffer and that >> seems to fix the problem. >> This buffer has to be quite large, 56k size. Any smaller size would >> return memory allocation failure. >> Any reason why it has to be so big? >> >> Just want to know if someone had before these issues and if I can lower >> the buffer. >> Let me know if you need extra details about the problems. >> >> Thank you and regards, >> Milo >> >> >> -- >> Milorad Podoaba >> >> Firmware System Engineer >> >> Arrowhead Alarm Products Ltd. >> >> >> >> (09) 414 0085 <%2809%29%20414%200085%20%20%20> >> milo(a)aap.co.nz >> www.aap.co.nz <//www.aap.co.nz> >> 1A Emirali Road, Silverdale, Auckland, New Zealand >> >> >> >> [image: facebook] >> <https://www.facebook.com/ArrowheadAlarmProductsLtd/?hc_ref=ARTrnwMZmLZimX6K…> >> [image: linkedin] >> <https://www.linkedin.com/company/arrowhead-alarm-products-ltd-/> >> [image: instagram] <https://instagram.com/aapltd?igshid=1356ehzmruf5r> >> -- >> mbed-tls mailing list -- mbed-tls(a)lists.trustedfirmware.org >> To unsubscribe send an email to mbed-tls-leave(a)lists.trustedfirmware.org >> > >

4 weeks

2
1
0 0

PSA Key derivation driver entry points

by Ruchika Gupta

Hi All, The PSA driver interface guide describes the driver entry points for key derivation. However the implementation seems to be missing from the psa crypto core layer. Can you help update if this is something which is being worked on ? I see a lot of tickets open related for key derivation interface dating back in 2022. Are these still relevant ? Regards, Ruchika

1 month, 2 weeks

2
1
0 0

Canceled event: MBed-TLS Technical Forum - Asia @ Mon 29 Dec 2025 10am - 10:50am (GMT) (mbed-tls@lists.trustedfirmware.org)

by Shaun Longhorn

This event has been canceled. MBed-TLS Technical Forum - Asia Monday 29 Dec 2025 ⋅ 10am – 10:50am United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed-TLS Technical Forum - AsiaTime: Jun 16, 2025 10:00 AM London Every 4 weeks on Mon, 39 occurrence(s)Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJMqcuGuqDotGtIbACm498ytl0ZhydWKdu1b/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/97758661706?pwd=baMjUvnWbY20z3ignQca7QVahhozkI.1Meeting ID: 977 5866 1706Passcode: 577208---One tap mobile+16892781000,,97758661706# US+17193594580,,97758661706# US---Dial by your location• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• 833 548 0282 US Toll-free• 833 928 4608 US Toll-free• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-free• 833 548 0276 US Toll-freeMeeting ID: 977 5866 1706Find your local number: https://linaro-org.zoom.us/u/acdtApJNbc Guests mbed-tls(a)lists.trustedfirmware.org psa-crypto(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 months, 1 week

1
0
0 0

Question about using hardware-backed parameters in ALT crypto implementations

by Massimiliano Cialdi

Hi, I’m working with Mbed TLS 2.28.x on a microcontroller that provides a built-in crypto engine. The existing *_ALT support works fine for performance, and higher-level modules correctly route their block operations through the accelerated backend. On this platform the crypto hardware can also use internal key material stored in dedicated slots. These values are not accessible as byte arrays and cannot be passed to the usual setkey_*() API. Question Is there a recommended way to configure an ALT implementation so that it can select an internal key slot instead of receiving a buffer? Or, more generally, how should an ALT backend represent a key that is not exposed to software? Any guidance on the intended design would be appreciated. Thanks! Massimiliano Cialdi FIRMWARE ENGINEERING PROFESSIONAL LEADER Powersoft S.p.A. Via E. Conti, 5 - Scandicci (Fi) 50018 - Italy OFFICE: +39 055 7350230 [cid:2_3b23bc2c-3db3-4330-b6f5-3fb62b89422a.png]<https://www.facebook.com/powersoft/>[cid:3_7da2eb67-7c7f-41e6-9598-128bdd52ec04.png]<https://www.instagram.com/powersoft.official/>[cid:4_a5d469e7-3228-4fb1-948d-4c3e879ea0da.png]<https://www.youtube.com/@powersoftaudio>[cid:5_e4390674-51fd-4219-9389-28ae9a12796d.png]<https://www.linkedin.com/company/powersoft>[cid:6_083a55f9-076c-4d52-9f93-69225b28cb32.png]<https://open.spotify.com/show/6lwXROYcCyrVnJi6J9fA42>[cid:7_7fd8585e-63fd-441a-95f3-6c0b23d059e1.png]<https://x.com/Powersoft_Japan>[cid:8_6308aaa9-b97d-405b-a86c-0300a381d13f.png]<https://space.bilibili.com/3546387314641333>[cid:9_9af1e42f-0019-42c4-8046-d6246e65ed9e.png]<https://teams.microsoft.com/l/chat/0/0?users=massimiliano.cialdi@powersoft.…> [cid:pwsrgbn_12214209-f50f-45fa-be18-2a4cf1a5818a.png]<https://www.powersoft.com/en>

3 months, 1 week

2
1
0 0

Re: How can I read plain-text private key into rsa_context?

by Shannek Pierce

05 DC AD 24 F4 E4 B1 C4 39 15 62 45 02 DC 7B 4A C6 57 8F FC 40 5B 5E 6F 55 FB E1 F6 58 62 CB 57 05 Sent from my iPhone

3 months, 1 week

1
0
0 0

AI Policy - Guidance on AI-assisted contributions

by Shaun Longhorn

All, Please be aware that today we have published our AI policy with Guidance on AI-assisted contributions. See the full details here: https://www.trustedfirmware.org/aipolicy/ Should you have any questions feel free to raise them. Thanks, Shaun Community Manager

3 months, 1 week

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls