- mbed-tls - lists.trustedfirmware.org

by Elsa zz

Hi, Could anyone please handle this PR? Fix build warning/error using llvm-mingw: - https://github.com/Mbed-TLS/mbedtls/pull/10695 Thanks!

3 days, 22 hours

1
0
0 0

Max. heap size for X509 certificate chain verification

by Huber, Ralf

Dear Mbed TLS contributors, I am working on an embedded project where we need to verify an X509 certificate chain with up to 4 certificates (root cert + 2 intermediates + client cert) and a CRL. The certificates contain public keys for ECDSA for the SECP_R1_256 curve. We are using mbedTLS 4.x. There is no heap memory in this project. It is a vehicle control ECU and all RAM is normally statically allocated for safety reasons. However, the certificate verification is not safety critical. It is OK for us to use mbedtls_memory_buffer_alloc_init() as a heap replacement for mbedTLS. I will refer to this as the "heap" for the rest of this mail. I would like to find out how large the heap needs to be for the chain verification. The system requirements state that it shall support certificates and CRL in DER format with a size of up to 2 kB each. There are 10 kB of static RAM buffer to store 4 certificates and the CRL. The certificates are parsed with mbedtls_x509_crt_parse_der_nocopy(), so the certificate raw data is not duplicated on the heap. The CRL is parsed with mbedtls_x509_crl_parse_der(), so I am expecting that the CRL raw data will be copied to the heap. Thus, it needs to be at least 2 kB. Unfortunately, there seems to be no "_nocopy()" function for CRLs. 8 kB heap was enough in my tests to verify a chain of 3 test certificates with sizes of ca. 0.5 kB each. 6 kB heap wasn't enough to do this. Is there a way to calculate or at least estimate the maximum required heap for the given maximum certificate and CRL sizes, such that a call of mbedtls_x509_crt_verify() for the chain will never fail due to insufficient memory? Is the required heap size fixed for a given number of certificates, or does it depend on the content of the certificates? If it does depend on the content, is there some way to construct "worst case certificates" that result in maximum heap usage, so I could use them to measure the heap consumption? Any help on this topic is kindly appreciated! Best regards, Ralf Huber KION Supply Chain Solutions Linde Material Handling GmbH, Sitz der Gesellschaft: Aschaffenburg, Registergericht: Aschaffenburg HRB9963, Ust-IdNr. DE814809128, Gesch?ftsf?hrung: Andreas Krinninger (Vorsitzender), Dr. Karoline Jung-Senssfelder, Ulrike Just, Dr. Frank Schepp, Vorsitzende des Aufsichtsrats: Valeria Gargiulo

4 days, 22 hours

2
3
0 0

Migration from Mbed TLS 2.x to 3.6.x — key export

by Piotr Kurowski (Nokia)

Dear MbedTLS team, I maintain the Mbed TLS integration for our embedded products. We are still migrating from Mbed TLS 2.x to 3.6.x and need guidance on replacing the legacy SSL key export behavior. One of our legacy products utilizes handshake key material from mbedtls_ssl_conf_export_keys_cb in an accelerator. For compatibility with existing deployments, we must preserve this key export so the other side can decode. Section “SSL key export interface change” in 3.0-migration-guide.md (as referenced for the 3.6.x line) states that mbedtls_ssl_conf_export_keys_cb() and mbedtls_ssl_conf_export_keys_ext_cb() were replaced with mbedtls_ssl_set_export_keys_cb(), and that the new callback no longer exports raw keys and IV. The guide suggests that applications requiring raw traffic keys may derive them from the master secret and handshake transcript hashes from the on-wire data. I'm not sure how this can be coded. What is the recommended way to obtain or derive the raw keys and IV (or equivalent data) under the 3.6.x API? Could you point to documentation, examples of code would be very beneficial. We would also like to align with the 4.1.x in future. If there are changes in this area, we are interested in a common and supported approach to avoid repeated breaking migrations. Thank you for your time. Kind regards, Piotr

2 weeks, 4 days

1
0
0 0

Synced invitation: MBed TLS Technical Forum - US @ Mon 6 Apr 2026 4:30pm - 5:30pm (BST) (mbed-tls@lists.trustedfirmware.org)

by shaun.longhorn＠linaro.org

This email keeps the event up to date in your calendar. MBed TLS Technical Forum - US Monday 6 Apr 2026 ⋅ 4:30pm – 5:30pm United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS Tech Forum - USTime: Aug 28, 2023 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Aug 28, 2023 04:30 PM Sep 25, 2023 04:30 PM Oct 23, 2023 04:30 PM Nov 20, 2023 04:30 PM Dec 18, 2023 04:30 PM Jan 15, 2024 04:30 PM Feb 12, 2024 04:30 PM Mar 11, 2024 04:30 PM Apr 8, 2024 04:30 PM May 6, 2024 04:30 PM Jun 3, 2024 04:30 PM Jul 1, 2024 04:30 PM Jul 29, 2024 04:30 PM Aug 26, 2024 04:30 PM Sep 23, 2024 04:30 PM Oct 21, 2024 04:30 PM Nov 18, 2024 04:30 PM Dec 16, 2024 04:30 PM Jan 13, 2025 04:30 PM Feb 10, 2025 04:30 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJ0udu2spj0vHtbQtlCmHwhHCT7ECtJI39J4/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/99314486542?pwd=Q1ZjaFhQeDRrQWxsa3MvT1Mwditqdz09Meeting ID: 993 1448 6542Passcode: 628327---One tap mobile+13462487799,,99314486542# US (Houston)+16694449171,,99314486542# US---Dial by your location• +1 346 248 7799 US (Houston)• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 689 278 1000 US• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 993 1448 6542Find your local number: https://linaro-org.zoom.us/u/adSjuOyMhI Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 5 days

1
0
0 0

Synced invitation: MBed TLS Technical Forum - US @ Mon 4 May 2026 4:30pm - 5:30pm (BST) (mbed-tls@lists.trustedfirmware.org)

by shaun.longhorn＠linaro.org

This email keeps the event up to date in your calendar. MBed TLS Technical Forum - US Monday 4 May 2026 ⋅ 4:30pm – 5:30pm United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS Tech Forum - USTime: Aug 28, 2023 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Aug 28, 2023 04:30 PM Sep 25, 2023 04:30 PM Oct 23, 2023 04:30 PM Nov 20, 2023 04:30 PM Dec 18, 2023 04:30 PM Jan 15, 2024 04:30 PM Feb 12, 2024 04:30 PM Mar 11, 2024 04:30 PM Apr 8, 2024 04:30 PM May 6, 2024 04:30 PM Jun 3, 2024 04:30 PM Jul 1, 2024 04:30 PM Jul 29, 2024 04:30 PM Aug 26, 2024 04:30 PM Sep 23, 2024 04:30 PM Oct 21, 2024 04:30 PM Nov 18, 2024 04:30 PM Dec 16, 2024 04:30 PM Jan 13, 2025 04:30 PM Feb 10, 2025 04:30 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJ0udu2spj0vHtbQtlCmHwhHCT7ECtJI39J4/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/99314486542?pwd=Q1ZjaFhQeDRrQWxsa3MvT1Mwditqdz09Meeting ID: 993 1448 6542Passcode: 628327---One tap mobile+13462487799,,99314486542# US (Houston)+16694449171,,99314486542# US---Dial by your location• +1 346 248 7799 US (Houston)• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 689 278 1000 US• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 993 1448 6542Find your local number: https://linaro-org.zoom.us/u/adSjuOyMhI Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 5 days

1
0
0 0

Updated invitation with note: MBed TLS Technical Forum - US @ Every 4 weeks from 4:30pm to 5:30pm on Monday (BST) (mbed-tls@lists.trustedfirmware.org)

by Shaun Longhorn

This event has been updated with a note: "Updated expired zoom link" Changed: title, time, description MBed TLS Technical Forum - US Every 4 weeks from 4:30pm to 5:30pm on Monday United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS Technical Forum - USTime: May 4, 2026 04:30 PM LondonEvery 4 weeks on Mon, 38 occurrence(s)Please download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJcoc--qrz0uHNNmuZMtfpylBgIZjC2so7xz/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/93546216467?pwd=ja9Nxd0uLBn04jg1Be0NTy17Konzfl.1Meeting ID: 935 4621 6467Passcode: 683772---One tap mobile+13126266799,,93546216467# US (Chicago)+13462487799,,93546216467# US (Houston)---Dial by your location• +1 312 626 6799 US (Chicago)• +1 346 248 7799 US (Houston)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 689 278 1000 US• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• 833 928 4609 US Toll-free• 833 928 4610 US Toll-free• 877 853 5247 US Toll-free• 888 788 0099 US Toll-free• 833 548 0276 US Toll-free• 833 548 0282 US Toll-free• 833 928 4608 US Toll-freeMeeting ID: 935 4621 6467Find your local number:https://linaro-org.zoom.us/u/azKzC20VI Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=dm9wcGhnbnZvMnRh… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=dm9wcGhnbnZvMnRh… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 5 days

1
0
0 0

Synced invitation: MBed TLS Technical Forum - US @ Every 4 weeks from 4:30pm to 5:30pm on Monday from Mon 28 Aug 2023 to Sun 31 May (BST) (mbed-tls@lists.trustedfirmware.org)

by Shaun Longhorn

This email keeps the event up to date in your calendar. MBed TLS Technical Forum - US Every 4 weeks from 4:30pm to 5:30pm on Monday from Monday 28 Aug 2023 to Sunday 31 May United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS Tech Forum - USTime: Aug 28, 2023 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Aug 28, 2023 04:30 PM Sep 25, 2023 04:30 PM Oct 23, 2023 04:30 PM Nov 20, 2023 04:30 PM Dec 18, 2023 04:30 PM Jan 15, 2024 04:30 PM Feb 12, 2024 04:30 PM Mar 11, 2024 04:30 PM Apr 8, 2024 04:30 PM May 6, 2024 04:30 PM Jun 3, 2024 04:30 PM Jul 1, 2024 04:30 PM Jul 29, 2024 04:30 PM Aug 26, 2024 04:30 PM Sep 23, 2024 04:30 PM Oct 21, 2024 04:30 PM Nov 18, 2024 04:30 PM Dec 16, 2024 04:30 PM Jan 13, 2025 04:30 PM Feb 10, 2025 04:30 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJ0udu2spj0vHtbQtlCmHwhHCT7ECtJI39J4/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/99314486542?pwd=Q1ZjaFhQeDRrQWxsa3MvT1Mwditqdz09Meeting ID: 993 1448 6542Passcode: 628327---One tap mobile+13462487799,,99314486542# US (Houston)+16694449171,,99314486542# US---Dial by your location• +1 346 248 7799 US (Houston)• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 689 278 1000 US• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 993 1448 6542Find your local number: https://linaro-org.zoom.us/u/adSjuOyMhI Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 5 days

1
0
0 0

Updated invitation: MBed TLS Technical Forum @ Every 4 weeks from 4:30pm to 5:30pm on Monday from Mon 13 Mar 2023 to Sun 31 May (GMT) (mbed-tls@lists.trustedfirmware.org)

by Shaun Longhorn

This event has been updated Changed: time MBed TLS Technical Forum Every 4 weeks from 4:30pm to 5:30pm on Monday from Monday 13 Mar 2023 to Sunday 31 May United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 5 days

1
0
0 0

Canceled event with note: MBed TLS Technical Forum - US @ Mon 6 Apr 2026 4:30pm - 5:30pm (BST) (mbed-tls@lists.trustedfirmware.org)

by Shaun Longhorn

This event has been canceled with a note: "cancelled due to holidays" MBed TLS Technical Forum - US Monday 6 Apr 2026 ⋅ 4:30pm – 5:30pm United Kingdom Time Trusted Firmware is inviting you to a scheduled Zoom meeting.Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS Tech Forum - USTime: Aug 28, 2023 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Aug 28, 2023 04:30 PM Sep 25, 2023 04:30 PM Oct 23, 2023 04:30 PM Nov 20, 2023 04:30 PM Dec 18, 2023 04:30 PM Jan 15, 2024 04:30 PM Feb 12, 2024 04:30 PM Mar 11, 2024 04:30 PM Apr 8, 2024 04:30 PM May 6, 2024 04:30 PM Jun 3, 2024 04:30 PM Jul 1, 2024 04:30 PM Jul 29, 2024 04:30 PM Aug 26, 2024 04:30 PM Sep 23, 2024 04:30 PM Oct 21, 2024 04:30 PM Nov 18, 2024 04:30 PM Dec 16, 2024 04:30 PM Jan 13, 2025 04:30 PM Feb 10, 2025 04:30 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJ0udu2spj0vHtbQtlCmHwhHCT7ECtJI39J4/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/99314486542?pwd=Q1ZjaFhQeDRrQWxsa3MvT1Mwditqdz09Meeting ID: 993 1448 6542Passcode: 628327---One tap mobile+13462487799,,99314486542# US (Houston)+16694449171,,99314486542# US---Dial by your location• +1 346 248 7799 US (Houston)• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 689 278 1000 US• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 993 1448 6542Find your local number: https://linaro-org.zoom.us/u/adSjuOyMhI Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 weeks, 5 days

1
0
0 0

Announcing the releases of Mbed TLS 3.6.6, Mbed TLS 4.1.0 & TF-PSA-Crypto 1.1.0

by Minos Galanakis

Hi Mbed TLS users, We have released Mbed TLS 4.1.0, Mbed TLS 3.6.6, and TF-PSA-Crypto 1.1.0. These releases address several security issues, include bug fixes, and bring other improvements. Mbed TLS 4.1.0 and TF-PSA-Crypto 1.1.0 are new Long Term Support (LTS) releases and will be supported until March 2029. Mbed TLS 3.6 remains supported until March 2027. We recommend all users review the changes, assess any impact, and upgrade as appropriate. Full details are available in the release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-4.1.0 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.6 https://github.com/Mbed-TLS/TF-PSA-Crypto/releases/tag/tf-psa-crypto-1.1.0 Kind regards, The Mbed TLS Team

2 weeks, 5 days

1
0
0 0

2026

2025

2024

2023

2022

2021

2020