Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

mbedtls_ssl_free hangs #371

Closed
kglowacki opened this issue Feb 22, 2017 · 5 comments
Closed

mbedtls_ssl_free hangs #371

kglowacki opened this issue Feb 22, 2017 · 5 comments

Comments

@kglowacki
Copy link

I'm trying to rework 'https' example to use a client certificate and make a POST to AWS-Iot.
Request itself actually succeeds, but I'm unable to release ssl resources afterwards. mbedtls_ssl_free() hangs (or, rarely, crashes). I see similar effect with mbedtls_ssl_session_reset.

code available here (last line fails) [https://github.com/openairproject/sensor-esp32/blob/aws-iot/components/awsiot/awsiot_rest.c]

@kglowacki
Copy link
Author

if I skip mbedtls_ssl_close_notify(&ssl_ctx) it crashes and occasionally give me a coredump:

`================== CURRENT THREAD REGISTERS ===================
pc 0x40140e77 0x40140e77 <mbedtls_mpi_zeroize+11>
lbeg 0x400014fd 1073747197
lend 0x4000150d 1073747213
lcount 0xfffffffe 4294967294
sar 0x4 4
ps 0x60a20 395808
threadptr
br
scompare1
acclo
acchi
m0
m1
m2
m3
expstate
f64r_lo
f64r_hi
f64s
fcr
fsr
a0 0x40125e02 1074945538
a1 0x3ffd3e60 1073561184
a2 0x3f3ffffe 1061158910
a3 0x0 0
a4 0x3ffb13e4 1073419236
a5 0x3ffb7728 1073444648
a6 0x0 0
a7 0x0 0
a8 0xa8bf0300 -1463876864
a9 0x3ffd3e40 1073561152
a10 0x3ffb13e4 1073419236
a11 0x60a20 395808
a12 0x60a20 395808
a13 0x80 128
a14 0x17 23
a15 0x0 0

==================== CURRENT THREAD STACK =====================
#0 0x40140e77 in mbedtls_mpi_zeroize (v=, n=2831090432) at /Users/kris/Dev/iot/ESP32/esp-idf/components/mbedtls/library/bignum.c:65
#1 0x40125e02 in mbedtls_mpi_free (X=0x3ffdf6a4) at /Users/kris/Dev/iot/ESP32/esp-

idf/components/mbedtls/library/bignum.c:104
#2 0x40128f21 in mbedtls_dhm_free (ctx=0x3ffdf634) at /Users/kris/Dev/iot/ESP32/esp-idf/components/mbedtls/library/dhm.c:403
#3 0x4011e3f7 in mbedtls_ssl_handshake_free (handshake=0x3ffdf62c) at /Users/kris/Dev/iot/ESP32/esp-idf/components/mbedtls/library/ssl_tls.c:6942
#4 0x4011e8c2 in mbedtls_ssl_free (ssl=0x3ffd4328) at /Users/kris/Dev/iot/ESP32/esp-idf/components/mbedtls/library/ssl_tls.c:7056
#5 0x40108705 in awsiot_update_shadow (awsiot_config=..., body=) at /Users/kris/Dev/iot/ESP32/workspace/pmsensor/components/awsiot/./awsiot_rest.c:400
#6 0x40107d26 in awsiot_task () at /Users/kris/Dev/iot/ESP32/workspace/pmsensor/components/awsiot/./awsiot.c:97`

@negativekelvin
Copy link
Contributor

check return code of mbedtls_ssl_close_notify?

@kglowacki
Copy link
Author

mbedtls_ssl_close_notify ends with ESP_OK.

mbedtls_ssl_free crashes while trying to release memory allocated during handshake at ssl_context.handshake->dhm_ctx.pX.p, I commented out everything between handshake and ssl_free, and it still crashes. Also tried with disabled hardware acceleration for mbedtls, no luck.

@kglowacki
Copy link
Author

kglowacki commented Feb 23, 2017

rookie mistake - I've passed mbedtls_ssl_context by value instead of a pointer so handshake() modified a copy.

@projectgus
Copy link
Contributor

Thanks for letting us know, glad you got this working correctly.

handshake() modified a copy

BTW, if passed by value instead of pointer in C then mbedtls_ssl_context will actually treat the first 4 bytes of the structure contents as the pointer. The first 4 bytes of mbedtls_ssl_context struct is a pointer to mbedtls_ssl_config, so the handshake would have treated the config structure as if it was the context and probably totally corrupted it. Yay memory unsafe languages? At least the compiler can warn for this particular one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants