Topic: Fatal Error [-213] - Unexpected message (10)

I'm working on an embedded target HTTPS server on which I open multiple secure sockets in parallel.
Server Certificate is self signed for now.
Sometimes I get a Fatal Error (-213) on the wolfSSL_accept, within ProcessReply. The error message within the Fatal Error is 10 (Unexpected message).
I got this either with firefox and chrome.
Sometimes it happens sometimes it doesn't.
It is not a memory issue, as I'm plenty of ATM.

I'm attaching the "follow-tcp-stream isolated" good and bad pcap wireshark traces of packets and an Excel doc with the difference in wolfSSL enabled log when it fails and when it succeeds.

Do you recognize anything? Cause I could not further identify the error.
Thanks in advance.

Regards,
RM

Post's attachments

data.zip 25.56 kb, 4 downloads since 2014-09-05 

You don't have the permssions to download the attachments of this post.

Share

Re: Fatal Error [-213] - Unexpected message (10)

Hi RM,

It appears the RNG seed isn't unique.   What system are you on?  What defines have you used?  In the bad capture the client is trying to resume, the server wants to create a new session instead but because a bad seed is used (the time?) it appears to the client that session resumption is going forward.  The client complains with an alert which may cause the server problems too.  In short, a unique seed needs to be found.  Does your os or hardware provide anything?

Thanks,
-Todd

Share

Re: Fatal Error [-213] - Unexpected message (10)

todd wrote:

It appears the RNG seed isn't unique.   What system are you on?

Unix (Xubuntu 14.04.1 LTS) on Client (firefox 32);
FreeRTOS + LWIP 1.4 + wolfSSL embedded SSL 2.9 on Server.

todd wrote:

What defines have you used?

I'm using these defines:

CFLAGS+=-DFREERTOS
CFLAGS+=-DWOLFSSL_LWIP
CFLAGS+=-DNO_FILESYSTEM
# CFLAGS+=-DDEBUG_WOLFSSL
# CFLAGS+=-DNO_ERROR_STRINGS
CFLAGS+=-DNO_PSK
CFLAGS+=-DUSER_TICKS
CFLAGS+=-DNO_DEV_RANDOM
CFLAGS+=-DNO_SESSION_CACHE
CFLAGS+=-DNO_WRITEV
CFLAGS+=-DUSER_TIME
todd wrote:

In the bad capture the client is trying to resume, the server wants to create a new session instead but because a bad seed is used (the time?) it appears to the client that session resumption is going forward.  The client complains with an alert which may cause the server problems too.  In short, a unique seed needs to be found.  Does your os or hardware provide anything?

I've defined the function

int GenerateSeed(OS_Seed* , byte* output, word32 sz){
    get_random_sequence(output, sz);
    return 0;
}

I am not touching/using the OS_Seed *  nor know what it is for. I see that none but Windows implementation does, so I assumed it was oK to ignore it.

To verify the seed goodness, in on-chip-debug, I put a break in ctaocrypt/src/random.c:321 (@exit from GenerateSeed).
This is what gdb shows me for "key" variable (which is "output" argument of GenerateSeed call):

Breakpoint 3, InitRng (rng=0x20003a5c) at wolfssl-2.9.0/ctaocrypt/src/random.c:321
321        if (ret == 0) {
2: /x *(uint8_t[32] *) key = {0xa7, 0x3c, 0xa0, 0x38, 0x22, 0xa6, 
0xd7, 0x4e, 0xa4, 0x1f, 0xd, 0x53, 0xd, 0xff, 0x87, 0x75, 0x1d, 
0xdc, 0xbe, 0x9c, 0x3, 0x4d, 0xf7, 0xfd, 0x84, 0xc9, 0x80, 0xcc, 
0xc4, 0xad, 0x88, 0xe}
(gdb) c
Continuing.

Breakpoint 3, InitRng (rng=0x20003a5c) at wolfssl-2.9.0/ctaocrypt/src/random.c:321
321        if (ret == 0) {
2: /x *(uint8_t[32] *) key = {0x3f, 0xf4, 0xf8, 0xb0, 0x3a, 0xde, 
0xaf, 0x46, 0x3c, 0xd7, 0x65, 0xcb, 0x25, 0x37, 0x5f, 0x6d, 0xb5, 
0x94, 0x16, 0x14, 0x1b, 0x85, 0xcf, 0xf5, 0x1c, 0x81, 0xd8, 0x44,
0xdc, 0xe5, 0x60, 0x6}
(gdb) c

It is triggered any time I open a new socket.
Do you see anything wrong?

Share

Re: Fatal Error [-213] - Unexpected message (10)

Hi RM,

Are you able to show us what your get_random_sequence() looks like?

Thanks,
Chris

Re: Fatal Error [-213] - Unexpected message (10)

chrisc wrote:

Hi RM,

Are you able to show us what your get_random_sequence() looks like?

Thanks,
Chris

Sure here you go:

void get_random_sequence(unsigned char *buf, unsigned int size)
{
    int i, epoch;
    unsigned int feed_data = 0, curr_time;

    curr_time = os_ticks_get();
    epoch = sys_get_epoch();

    feed_data = curr_time ^ epoch;

    for (i = 0; i < MAX_ENTROPY_HDLRS; i++) {
        if (entropy_hdlrs[i]) {
            feed_data ^= (*entropy_hdlrs[i])();
        }
    }

    for (i = 0; i < 4; i++) {
        feed_data ^= ((curr_time ^ epoch)  << (i * 8));
    }

    srand(feed_data);

    for (i = 0; i < size; i++)
        buf[i] = rand() & 0xff;
}

I supposed that showing just the resulting random sequences - as I did in the previous reply - would be enough.

Share