I have some questions.
1) If you have an established TLS connection (mbed TLS 3.x) and while the
connection is up the (server-) certificate expires: Will the connection stay
up? Or is a new handshake (with valid cert) REQUIRED?
2) Related to question 1: CAN mbed TLS switch to a new cert on an existing
TLS connection? (e.g. by doing another handshake from server OR client side)
3) With 3.x some struct members are now "private". Even if you can allow
private access by a define it would be better to use a getter. But for ssl
context's "state" I am missing this and also for "p_bio" (to access fd). Is
there a chance to get this implemented?
BTW - a big "LIKE" for 3.x! I really appreciate the changes. Thank you!
A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum
is tomorrow (Monday) at 4:30 PM UK time.
If you have any topics, please let Dave Rodgman know. :)
TrustedFirmware Community Manager
Hi mbed-tls Team,
PSA crypto API for HW acceleration seems pretty new.
Question1: is there some reference code or project I could poke around to see how it is being used?
Currently I have added (locally) a set of driver to make use of our HW crypto using the *_ALT way (the old way?) and for what I understand, the PSA API is the "new way" to do things.
But It is still unclear how vendor do upstream there HW acceleration drivers.
If this part is kept in another repo, then the mbedTLS build does not have any "hooks" to pull-in the vendor specific code to build the mbedTLS library with.
The current implementation seems to be agnostic to any vendor specific HW so I am wondering if there is a "standard" way for vendor to upstream their mbedTLS HW acceleration code that would be built as part of mbedTLS library.
I have posted a similar thread to the "issue" ticket of the mbedtls repo for reference: https://github.com/Mbed-TLS/mbedtls/issues/5975
Thanks for any feedback/pointers/ideas.
Hi All, This is a gentle reminder that the next MBed TLS Tech forum is next
Monday 4:30 PM UK time. If you have any topics, please let Dave Rodgman
know. :) Best regards, Don
MBed TLS Technical Forum
Monday Jul 4, 2022 ⋅ 8:30am – 9:30am
Mountain Standard Time - Phoenix
Trusted Firmware is inviting you to a scheduled Zoom meeting.
Topic: MBed TLS Technical Forum
Time: Oct 25, 2021 04:30 PM London
Every 4 weeks on Mon, 20 occurrence(s)
Oct 25, 2021 04:30 PM
Nov 22, 2021 04:30 PM
Dec 20, 2021 04:30 PM
Jan 17, 2022 04:30 PM
Feb 14, 2022 04:30 PM
Mar 14, 2022 04:30 PM
Apr 11, 2022 04:30 PM
May 9, 2022 04:30 PM
Jun 6, 2022 04:30 PM
Jul 4, 2022 04:30 PM
Aug 1, 2022 04:30 PM
Aug 29, 2022 04:30 PM
Sep 26, 2022 04:30 PM
Oct 24, 2022 04:30 PM
Nov 21, 2022 04:30 PM
Dec 19, 2022 04:30 PM
Jan 16, 2023 04:30 PM
Feb 13, 2023 04:30 PM
Mar 13, 2023 04:30 PM
Apr 10, 2023 04:30 PM
Please download and import the following iCalendar (.ics) files to your
Join Zoom Meeting
Meeting ID: 959 6263 5632
One tap mobile
+13462487799,,95962635632# US (Houston)
+16699009128,,95962635632# US (San Jose)
Dial by your location
+1 346 248 7799 US (Houston)
+1 669 900 9128 US (San Jose)
+1 253 215 8782 US (Tacoma)
+1 312 626 6799 US (Chicago)
+1 646 558 8656 US (New York)
+1 301 715 8592 US (Washington DC)
877 853 5247 US Toll-free
888 788 0099 US Toll-free
Meeting ID: 959 6263 5632
Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y
We're seeking feedback on our plans regarding support for Finite-Field DHE (also known as FFDH(E), as opposed to the Elliptic Curve version, ECDH(E)).
Currently the PSA Crypto API only supports FFDH with named groups, which aligns well with modern cryptographic practice and the needs of TLS 1.3, but less well with TLS 1.2 where arbitrary parameters can be chosen by the server, leading to various interoperability and security issues (see the introduction of RFC 7919, hence the general move to named groups).
Some data suggests that FFDH is already seeing very little use (less than 1% of TLS 1.2 traffic) on major websites, and presumably this would be even less when constrained devices are involved, since ECDH is less resource-intensive.
So, we are currently planning on removing support for DHE-RSA and DHE-PSK key exchanges in TLS 1.2 in the next major version of Mbed TLS. We would retain support of ECDHE in TLS 1.2, and of DHE (in addition to ECDHE) in TLS 1.3. (Support for FFDH in TLS 1.2 would also be present in the LTS version released around the same time as the next major version.)
If you have any objection to this plan, please let us know about your use case and motivations, either by responding to this email, or by commenting on the corresponding github issue: https://github.com/Mbed-TLS/mbedtls/issues/5278 Thank you!
Manuel for the Mbed TLS team.
I have an inhouse developed secure authentication program that uses certificate for authentication. I have used mbedtls library for the x.509 certificate verification purpose. In our custom PKI we have only three level of certificates, Root-CA -> Intermediate-CA -> Device-Cert.
The embedded device has very limited memory, so instead of sending whole certificate chain, the devices communicates intermediate_CA and device cert (in der format base64 encoded) in separate packet. Root-CA will be available on node as trusted-ca. Intermediate is verified against Root; then device cert is verified against intermediate.
The problem is, the poc developed on linux platform is working fine - but on embedded platform I encounter either 0x3b00(parsing failed) or 0x2700(with flag 8). Also the error code are inconsistent.
I verified the integrity of packet with certificate using crc16. So no chance of certificate getting corrupted. Also verified the certificate's base64 format integrity using crc16.
All certificates are sha256WithRSAEncryption; RSA Public-Key: (4096 bit)
Attached config.h on target platform for reference - could you help me if anything wrong with configuration.
While trying to trace, the flag was set from x509_crt.c from below code.
/* No parent? We're done here */
if( parent == NULL )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
return( 0 );
Any clue would be helpful.
I have one root ca, intermediate ca, and device certificate in der format.
While am trying to verify one by one as intermediate-ca with root-ca and device cert with intermediate-ca; things work fine.
But if I tried to verify like having two context one for ca and one chain. I parse root ca on CA context and intermediate ca and device cert on chain context. Now verification fails with flag 8 error code -0x2700.
I have attached verify_der_one_by_one.c it is working without any issue; but verify_der_chain.c is causing the issue stated above.
Any help would be appreciated.
Mbed TLS supports AES acceleration with VIA Padlock (MBEDTLS_PADLOCK_C).
We do not have the hardware to test it, so this should be considered
We are making a patch to the AES module which has a small risk of
breaking VIA padlock support:
https://github.com/Mbed-TLS/mbedtls/pull/5896 . If you are using VIA
padlock, please test this change and let us know if something's wrong.
On a related note, we intend to drop the Padlock code in the next major
version of Mbed TLS (https://github.com/Mbed-TLS/mbedtls/issues/5903).
If you care about this feature, please let us know.
Mbed TLS developer
I'm using an mbedTLS server on a CPU with a small memory foot print. In a search to serve as many as possible TLS clients, I found that the mbedtls_ssl_session.master structure member is still in memory after the handshake is over.
(I filed an issue to start with, but was quickly directed to this mailing list, thanks to Tom Cosgrove. See Clear master secret from mbedtls_ssl_session after handshake is ready * Issue #5832 * Mbed-TLS/mbedtls (github.com)<https://github.com/Mbed-TLS/mbedtls/issues/5832>)
I'm wondering why this is needed. The `master` secret references I can find in the code are either related to the TLS handshake, or to serialization/deserialization. I am wondering whether it makes sense to serialize/deserialize the master secret but I'm not sure if it is a use case to support serialization of ongoing handshake operations.
Based on this 2 questions:
* Is the master secret relevant when the handshake is over?
* Is the master secret really useful in serialization/deserialization? If so, I could use `MBEDTLS_SSL_CONTEXT_SERIALIZATION` in my eventual merge request to keep facilitating this.
Looking forward for relevant answers. Thanks in advance,