April 2023 - mbed-tls - lists.trustedfirmware.org

by Subramanian Gopi Krishnan

Hi, I have an inhouse developed secure authentication program that uses certificate for authentication. I have used mbedtls library for the x.509 certificate verification purpose. In our custom PKI we have only three level of certificates, Root-CA -> Intermediate-CA -> Device-Cert. The embedded device has very limited memory, so instead of sending whole certificate chain, the devices communicates intermediate_CA and device cert (in der format base64 encoded) in separate packet. Root-CA will be available on node as trusted-ca. Intermediate is verified against Root; then device cert is verified against intermediate. The problem is, the poc developed on linux platform is working fine - but on embedded platform I encounter either 0x3b00(parsing failed) or 0x2700(with flag 8). Also the error code are inconsistent. I verified the integrity of packet with certificate using crc16. So no chance of certificate getting corrupted. Also verified the certificate's base64 format integrity using crc16. All certificates are sha256WithRSAEncryption; RSA Public-Key: (4096 bit) Attached config.h on target platform for reference - could you help me if anything wrong with configuration. While trying to trace, the flag was set from x509_crt.c from below code. /* No parent? We're done here */ if( parent == NULL ) { printf("NO_PARENT\r\n"); *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; return( 0 ); } Any clue would be helpful. Thanks, Gopi Krishnan

1 month, 4 weeks

2
1
0 0

Reminder: MBed TLS Tech Forum - US/Europe

by Don Harbin

Hi All, A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum is next Monday at 4:30 PM UK time. Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

1 year, 1 month

1
5
0 0

Support for SHA3 and HMAC with SHA3

by Nilesh.Badodekar＠infineon.com

Hi, Is there a plan to support SHA3 (256 and 384) and subsequent usage in HMAC on mbedtls? - Regards Nilesh Badodekar

1 year, 2 months

2
2
0 0

TLS over UART using MbedTLS Library for STM32U5

by manish.verma＠cyient.com

Hi Team, I want to implement TLS over UART using MbedTLS library, But the issue i am facing right now is There are no example codes or any reference document for briefing how to import the libraries and what changes should be done to do so. I tried to use some examples for Lwip examples but i am getting errors while importing library like platform error, timing_alt.h error. Please help me out in urgent. Thanks !!

1 year, 2 months

2
2
0 0

Memory leak in mbedtls_ssl_handshake

by Malcolm Bugler

I have created an http server following the example for server1 under FreeRTOS and Lwip running on a STM32H753 using the Stm32CubeIDE. Everything seem to work correctly, however, I am experiencing a small memory leak over each successive TLS connection of 160 bytes. It is obvious that I must not be freeing a context, but as I am following the example very closely, except for running the code in a FreeRTOS thread, I must be missing something fundemental. Has anyone on this list experienced a similar issue or have any ideas on how to debug it?

1 year, 2 months

2
1
0 0

Reminder: MBed TLS Tech Forum - Asia/Europe

by Don Harbin

Hi All, A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech forum is next Monday at 10:00am PM UK time. Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

1 year, 2 months

1
0
0 0

best way to shut down network connection

by Gary Metalle

Hi What's the best way to shutdown a network connection for when say an embedded device is shutting down or going to reboot? I have the following code I call when I am going to kick off a reboot: LOG_DEBUG("Network Manager: Ethernet is going down%s", networkManager->rebootInProgress ? "..." : " for reconfiguration..."); netifapi_dhcp_release_and_stop(&networkManager->networkInterfaceContext); netifapi_netif_set_link_down(&networkManager->networkInterfaceContext); netifapi_netif_set_down(&networkManager->networkInterfaceContext); networkManager->ethernetLinkUp = false; if (networkManager->rebootInProgress) { netifapi_netif_remove(&networkManager->networkInterfaceContext); } The trouble is that the link seems to come back up again as soon as it goes down and my state machine starts doing stuff like kicking off a new DHCP request etc, right about the time the hardware reboots. I added in the call to netifapi_netif_remove() quite recently but it doesn't seem to make any difference. I could put some more code in my link status state machine for an impending reboot, but this seems more complicated than it probably needs to be, as I'm probably not doing something I should be. Gary Metalle Senior Embedded Software Engineer

1 year, 2 months

1
0
0 0

PSA API support

by S Krishnan, Archanaa

Hello, What is the extent of PSA Crypto API 1.1 support available in mbedTLS today? From the road map, API v1.0 is supported. I also see that PBKDF, which is in PSA API v1.1, is in development. Regards, Archanaa

1 year, 2 months

1
0
0 0

Is there a DTLS 1.3 roadmap?

by Achim Kraus

Hi List, last year I read in a comment https://github.com/Mbed-TLS/mbedtls/issues/5443#issuecomment-1017379238 that DTLS 1.3 is on the roadmap for the near future. Is it available? Are there any schedules? The Eclipse/wakaama project is looking for DTLS 1.3 (see https://github.com/eclipse/wakaama/issues/684), therefore I'm asking best regards Achim

1 year, 2 months

3
2
0 0

Canceled event with note: MBed TLS Technical Forum @ Mon Apr 10, 2023 8:30am - 9:30am (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been canceled with a note: "Bank Holiday - Cancelling " MBed TLS Technical Forum Monday Apr 10, 2023 ⋅ 8:30am – 9:30am Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y Guests nnac123(a)gmail.com psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

1 year, 2 months

1
0
0 0

2024

2023

2022

2021

2020

mbed-tls April 2023