- mbed-tls - lists.trustedfirmware.org

by Gilles Peskine

Hello, Mbed TLS 3.6.0 was the first release to enable TLS 1.3 support by default. Unfortunately, this breaks many applications that open a TLS connection with default settings, which are now negotiating TLS 1.3 instead of TLS 1.2, but hit a difference in how Mbed TLS 3.6.0 implements the two versions of the protocol. The most common symptom is: you are using the default configuration (or something close), and your application fails in the handshake with an internal error whenever it negotiates TLS 1.3. To resolve this, call psa_crypto_init() before starting a TLS handshake. For a list of other known issues, please see https://github.com/Mbed-TLS/mbedtls/issues/9223 If you are encountering a problem due to the enablement of TLS 1.3 that is not listed on that page, please let us know by opening an issue on GitHub. If no workaround or patch is available for your problem yet, you can disable TLS 1.3 by calling mbedtls_ssl_conf_max_tls_version(ssl_config, MBEDTLS_SSL_VERSION_TLS1_2) before mbedtls_ssl_setup(). We are planning to fix all the issues listed on that page before the 3.6.1 patch release. We do not yet have a date for the 3.6.1 release. Best regards, -- Gilles Peskine Mbed TLS developer

21 hours, 34 minutes

2
1
0 0

TLS-Exporter in TLS 1.3

by Maximilian Fillinger

Hello! I am trying to add TLS 1.3 support to OpenVPN when using Mbed TLS as the TLS library. My current roadblock is that OpenVPN needs the TLS-Exporter functionality (RFC 8446, Section 7.5). For TLS 1.2, we get the master secret through mbedtls_ssl_set_export_keys_cb() and then implement the exporter using mbedtls_ssl_tls_prf(). For TLS 1.3, an approach like this doesn't work because the callback isn't called with the exporter master secret. Am I missing anything, or does this feature not yet exist? Are there any plans to add it? If not, I'd be interested in trying to make a patch. Best regards, Max

1 week, 2 days

2
1
0 0

bestwritercontent

by hma3yf39＠mediaholy.com

https://www.bestwritercontent.com A man was going to the house of some rich person. As he went along the road, he saw a box of good apples at the side of the road. He said, "I do not want to eat those apples; for the rich man will give me much food; he will give me very nice food to eat." Then he took the apples and threw them away into the dust. He went on and came to a river. The river had become very big; so he could not go over it. He waited for some time; then he said, "I cannot go to the rich man's house today, for I cannot get over the river." He began to go home. He had eaten no food that day. He began to want food. He came to the apples, and he was glad to take them out of the dust and eat them.

1 week, 3 days

1
0
0 0

[Mbed-tls-announce] Requests for feedback about Mbed TLS 4: summary

by Gilles Peskine via Mbed-tls-announce

Hello, In the past few weeks, we have sent a number of requests for feedback on the mbed-tls mailing list about the next major release of Mbed TLS (TF-PSA-Crypto 1.0 + Mbed TLS 4.0). Most are about features that we may remove because we think they are not used much and are not worth maintaining. This message is a summary of the requests. If you have concerns about any of these topics, please reply on the GitHub issue (preferred), or on the mbed-tls mailing list, or by private email. (If you reply privately, we will anonymize before sharing outside Arm.) Please reply before 31 July so that we have time to plan 4.0 preparation. While we won't ignore later replies, they will be harder to accommodate. List archive: https://lists.trustedfirmware.org/archives/search?count=25&q=feedback&page=… GitHub links — cryptographic mechanisms https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/102 — Custom ECC mechanisms https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/104 — Custom RSA mechanisms https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/105 — Import of incomplete RSA private keys https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/107 — Direct access to CTR_DRBG and HMAC_DRBG https://github.com/Mbed-TLS/mbedtls/issues/8459 — RSA PKCS#1v1.5 encryption https://github.com/Mbed-TLS/mbedtls/issues/9164 — DES (including 3DES) GitHub links — cryptography implementations https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/103 — Partial ECC acceleration https://github.com/Mbed-TLS/mbedtls/issues/8151 — Dynamically registered secure element drivers GitHub links — TLS 1.2 https://github.com/Mbed-TLS/mbedtls/issues/5278 — FFDH in TLS 1.2 https://github.com/Mbed-TLS/mbedtls/issues/8170 — RSA decryption cipher suites (RSA without DH/ECDH) https://github.com/Mbed-TLS/mbedtls/issues/9201 — Static ECDH cipher suites https://github.com/Mbed-TLS/mbedtls/issues/9202 — CBC cipher suites <https://github.com/Mbed-TLS/mbedtls/issues/9201> GitHub links — platform https://github.com/Mbed-TLS/mbedtls/issues/8108 — Platform interface redesign https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/106 — Building with plain make or CMake https://github.com/Mbed-TLS/mbedtls/issues/8231 — x86_64: AESNI without compiler intrinsics https://github.com/Mbed-TLS/mbedtls/issues/9307 — Support for %zu in printf If you have an opinion on a topic where we haven't requested feedback, you can find our (rapidly evolving) planning board at https://github.com/orgs/Mbed-TLS/projects/15/views/1 . As a reminder, the main focus of the release will be that all cryptography goes through PSA APIs. Low-level legacy cryptography APIs (bignum.h, rsa.h, aes.h, etc.) will no longer be public. Except as indicated here, we generally intend feature parity, but it's possible that we've missed some unusual scenario, so please let us know if you have concerns. Best regards, -- Gilles Peskine Mbed TLS developer IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org

1 week, 4 days

1
0
0 0

Reminder: MBed TLS Tech Forum - Asia/Europe

by Don Harbin

Hi All, A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech forum is next Monday at 10:00am PM UK time. Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org ReplyReply to allForward Compose: Community activity: OpenCV, Sensors, AI [image: Minimise][image: Pop-out][image: Close] Compose: Reminder: MBed TLS Tech Forum - Asia/Europe [image: Minimise][image: Pop-out][image: Close] Recipients

2 weeks

1
3
0 0

Can TLS client send `Encrypted Alert 21` to server

by Satya Prakash Prasad

Hi All, We are using the MBedTLS 3.6.0 release stack and often see the TLS client -> server sending Encrypted Alert 21 packets followed by closing the SSL connection (or rather reconnection starting from new handshake messages). As far as I understand Alert 21 is a fatal message stating Decryption of a TLSCiphertext record is decrypted in an invalid way: either it was not an even multiple of the block length or its padding values, when checked, were not correct - copied from the Internet. But then Handshake and Application Data goes thru fine for a while and then we see our client sending Alert 21 encrypted message Is it legitimate that the client can send Alert 21 messages to the server and close the current connection - we are observing that the server application is waiting for messages from the client and is un-aware that a connection reset has occurred. So the server application states a timeout for receiving messages from the client. Further, how can we assert such a scenario? When and how can it occur? Is there a way we can simulate it and send details to owners of server firmware to fix their issue? Regards, Prakash

3 weeks, 3 days

1
0
0 0

FIPS 140-3 compliance of MbedTLS Test suites

by Viktor.Ivanets＠infineon.com

Hi All, We are using MbedTLS on our devices and implementing PSA wrappers to use our Crypto hardware. For validating this one we are using MbedTLS test suites. Could you please tell me: 1. Does your test suites compliant to FIPS 140-3? 2. Do you use NIST test vectors to validate your algorithm implementations? Thanks. Viktor Ivanets.

3 weeks, 4 days

1
0
0 0

3.6.0 library size

by Steven Burck

On a project at my company, we're using mbedtls to encrypt and sign our data. We began the project with mbedtls 2.2.6, and have continuously upgraded until now, 3.6.0. I've noticed my application has grown greatly since then, even though we are only using the following APIs: Encryption:(only decryption on the embedded side) - mbedtls_aes_init - mbedtls_aes_setkey_dec - mbedtls_aes_crypt_cbc Signing (only verification on the embedded side) - mbedtls_ecp_point_read_binary - mbedtls_sha256_init/free - mbedtls_sha256_starts_ret - mbedtls_sha256_update_ret - mbedtls_sha256_finish_ret - mbedtls_ecdsa_init/free - mbedtls_ecp_group_load - mbedtls_ecdsa_read_signature The size of libembedcrypto.a has grown from under 400K to almost 800K. I've tried reducing it with mbedtls_config,h, but it is not entirely clear to me which #defines do what. I tried one of the sample configs which by it;s name looked promising (crypto-config-ccm-aes-sha256.h), and it reduced the size of the library by 90%, but left me with link errors for all of the above functions. Going one #define at a time manually to see if it saves or grows is slow, and so I hoped I could find some assistance here. Thanks in advance

3 weeks, 4 days

2
2
0 0

Question about random number g

by Zhang, Hao

Hi TF-M and mbedtls community, I am new to TF-M, I have a few questions about CryptoCell and random number generation. Thank you in advance. 1. I figure there seems to have two CryptoCell 312 implementations within TF-M. One under lib/ext/cryptocell-312-runtime and the other under platform/ext/accelerator/cc312/cc312-rom. What are the difference between these two? 2. For lib/ext/cryptocell-312-runtime, it does not define MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG whereas /ext/accelerator/cc312/cc312-rom does. Does that mean cryptocell-312-runtime is initiating RNG cryptodriver by using mbedtls_entropy_add_source whereas cc312-rom is using mbedtls_psa_external_get_random<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…>. If so, may I ask why these two cryptocells take two different approaches? I read from one of the documentation that mbedtls_psa_external_get_random is used when entropy is sufficient. So if entropy is sufficient, is it always preferred to have MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG defined and implements mbedtls_psa_external_get_random? What are the differences between the two approaches. 3. I also found cryptocell-312-runtime defines the entry point function cc3xx_init_random<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…>. But since PSA random number entry point funciton is not complete, the cc3xx_init_random is not being called anywhere, right? [https://opengraph.githubassets.com/17cdebc400b0ed807c620b586b21f3f77ff9c5d3…]<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…> trusted-firmware-m/platform/ext/accelerator/cc312/cc312-rom/psa_driver_api/src/cc3xx_psa_random.c at 8df9cc8baf46252fd188bba1d87333a8daa9a5e8 · zephyrproject-rtos/trusted-firmware-m<https://github.com/zephyrproject-rtos/trusted-firmware-m/blob/8df9cc8baf462…> Zephyr repository tracking https://git.trustedfirmware.org/trusted-firmware-m.git/ - zephyrproject-rtos/trusted-firmware-m github.com 4. I know random number generation PSA entry point function is in development, may I ask when that would be expected to complete? Thank you very much! Best regards, Hao

4 weeks, 1 day

1
0
0 0

Request for feedback about Mbed TLS 4: DRBG interfaces

by Gilles Peskine

Hello, This is a request for feedback about the next major release of Mbed TLS (TF-PSA-Crypto 1.0 + Mbed TLS 4.0). (Mbed TLS 3.6 LTS will remain supported with its current feature set until at least Q2 2027.) Please reply to this thread or on the GitHub issue linked below. If you wish to leave feedback privately, you can reply privately and your feedback will be anonymized before sharing outside Arm. https://github.com/Mbed-TLS/TF-PSA-Crypto/issues/107 Should TF-PSA-Crypto 1.0 (and thus Mbed TLS 4.0) have an interface for *pseudo*-random generation? It will, of course, still have a pseudorandom generator (= deterministic random bit generator = DRBG) internally, to power psa_generate_random(), psa_generate_key(), etc. The question is whether there will still be a public interface to create other DRBG instances, and if so, with what interface. If you want to be able to create instances of HMAC_DRBG and CTR_DRBG from application code in TF-PSA-Crypto 1.0, please let us know what your use case is. In particular, what parameters do you need (HMAC_DRBG and CTR_DRBG have many)? Do you need reseeding, and if so under whose control (the DRBG, or the caller)? In the absence of feedback, it is likely that HMAC_DRBG and CTR_DRBG will not be publicly available. Best regards, -- Gilles Peskine Mbed TLS developer

1 month

1
0
0 0

2024

2023

2022

2021

2020

mbed-tls