4 Replies Latest reply on Nov 7, 2017 12:18 AM by GauravS_31

    sdk-5.2: mbedtls_open library bug

    AxLi_1746341

      I found httpbin snip fails to connect server in FreeRTOS+debug build.

      And then I trace to below problem: (with some of my debug print)

       

      [18:31:04:726] Resolving IP address of www.httpbin.org␍␊

      [18:31:04:980] www.httpbin.org is at 54.197.228.226␍␊

      [18:31:05:019] Connecting to www.httpbin.org␍␊

      [18:31:05:349] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 0 ␍␊

      [18:31:05:385] #RET=0␍␊

      [18:31:05:385] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 1 ␍␊

      [18:31:05:385] #RET=0␍␊

      [18:31:05:385] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 2 ␍␊

      [18:31:05:719] #RET=0␍␊

      [18:31:05:723] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 3 ␍␊

      [18:31:05:980] #RET=0␍␊

      [18:31:05:983] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 4 ␍␊

      [18:31:06:236] [mbedtls_ssl_handshake_client_step()] : [3465] : Parse MBEDTLS_SSL_SERVER_KEY_EXCHANGE DONE : 0 ␍␊

      [18:31:06:248] #RET=0␍␊

      [18:31:06:248] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 5 ␍␊

      [18:31:06:278] [mbedtls_ssl_handshake_client_step()] : [3472] : Parse MBEDTLS_SSL_CERTIFICATE_REQUEST DONE : 0 ␍␊

      [18:31:06:278] #RET=0␍␊

      [18:31:06:278] [mbedtls_ssl_handshake_client_step()] : [3399] : TLS Handshake state : 6 ␍␊

      [18:31:06:278] ssl_parse_server_hello_done: Begin ret=134523681 ssl->record_read=1␍␊

      [18:31:06:278] ssl_parse_server_hello_done: End ret=134523681␍␊

      [18:31:06:278] [mbedtls_ssl_handshake_client_step()] : [3479] : Parse MBEDTLS_SSL_SERVER_HELLO_DONE DONE : 134523681 ␍␊

      [18:31:06:293] #RET=134523681␍␊

      [18:31:06:293] failed␍␊

      [18:31:06:293]   ! mbedtls_ssl_handshake returned -0x804ab21␍␊

      [18:31:06:305] netconn_connect start_tls=4␍␊

      [18:31:06:305] Discon failed to connect to serve␍rConnected to www.httpbin.org␍␊

      [18:31:06:313] Connected to www.httpbin.org␊

      [18:31:06:323] erver: 4␍␊

       

      So obviously, the returned error is the valure of uninitialized ret variable in

      ssl_parse_server_hello_done(). (ret=134523681 is 0x804ab21 in hex)

       

      I don't think init ret to 0 is a correct fix, I'm not expert in this part,

      maybe someone from cypress can take a look and provide the fix.

       

      I'm also wondering if Cypress can upgrade the mbedTLS from v2.4.0 to v2.6.0 (latest stable version).