Dear Developer,
I was reviewing the code and noticed that in the TLS 1.3 handshake protocol state machine, the "Change Cipher Spec" state has been divided into five different states based on its occurrence timing. Could you please clarify if there are any specific considerations for this approach?
Additionally, these states can appear multiple times during a single handshake, which implies multiple "Change Cipher Spec" messages. However, the TLS 1.3 standard suggests that the "Change Cipher Spec" should only appear once in a single handshake. Could you kindly explain the rationale behind this design decision?
Thank you for your time and assistance. I look forward to your response.
Best regards,
XiangDong Li
Hi,
I am trying to determine what would be an optimal stack and heap allocation for mbedtls.
I realize this changes with algorithms, some configuration macros for the algorithms as well as concurrency.
But is there any information on stack and heap usage that I can use as a starting point? And is there any information on the same for a crypto suite.
Thanks
Michael T
Disclaimer: This message and any files or text attached to it are intended only for the recipients named above and contain information that may be confidential or privileged. If you are not an intended recipient, you must not forward, copy, use or otherwise disclose this communication or the information contained herein. In the event you have received this message in error, please notify the sender immediately by replying to this message, and then delete all copies of it from your system. Thank you.
Hello,
I am currently working on a project using STM32CubeIDE, where I am leveraging mbedTLS v2.16.2 to establish a secure MQTT connection with a Mosquitto broker on port 8883.
During my implementation, I encountered a TLS handshake error with the following details:
mbedtls_ssl_handshake failed. -29312 (-0x7280)
I would like to confirm if mbedTLS v2.16.2, as provided in STM32CubeIDE, supports secure TLS connections (e.g., Secure MQTT) and is compatible with Mosquitto broker configurations. Additionally, I would appreciate guidance on resolving this error.
Here are some specific details about my setup:
1. mbedTLS version: 2.16.2 (as integrated into STM32CubeIDE).
2. Broker: Mosquitto, configured for secure MQTT on port 8883.
3. Issue: TLS handshake fails with the error mentioned above.
4. Certificates: [Specify if you are using self-signed certificates, CA certificates, etc.].
Please let me know if additional information or logs would be helpful for diagnosing the issue.
Thank you for your assistance.
Regards,
Noushad
Embedded systems engineer
Inthings Technologies Private Limited
www.inthings.tech<http://www.inthings.tech>
[cid:image001.png@01DB5D28.96B30030]
Regards,
Noushad
Embedded systems engineer
Inthings Technologies Private Limited
www.inthings.tech<http://www.inthings.tech>
[cid:image001.png@01DB5D28.96B30030]
Dear Mbed TLS Support Team,
I am currently working on a project using Mbed TLS version 3.6 on FreeRTOS,
and I am encountering an issue with handling multiple CA certificates
during the TLS handshake process. My device has a set of built-in
certificates, and I need to try each certificate one by one to establish a
successful connection to my server. However, I am facing difficulties in
this process.
### System Information:
- **Mbed TLS version**: 3.6
- **Operating System**: FreeRTOS
- **Configuration**: Default
- **Compiler and Options**: N/A (using default configuration)
### Expected Behavior:
The first certificate (e.g., `cdotroot.cer`) cannot be verified by Mbed
TLS, while the correct certificate should successfully establish a
connection.
### Actual Behavior:
Both the incorrect and correct CA certificates fail to establish a
connection successfully.
### Steps to Reproduce:
Here is a sample of my code:
```c
static int load_and_verify_certificates(int conn_id, uint8_t *cert_buffer,
size_t buffer_size) {
int ret;
bool connection_established = false;
uint32_t cert_index = 0;
while (!connection_established && cert_index < MAX_CERT_COUNT) {
size_t cert_size = buffer_size;
// Free and initialize the certificate context
mbedtls_x509_crt_free(&cacert[conn_id]);
mbedtls_x509_crt_init(&cacert[conn_id]);
// Load the built-in certificate
ret = try_built_in_certificate(cert_buffer, &cert_size, cert_index);
if (ret == CERT_ERR_INDEX_OUT_OF_RANGE) {
break;
}
if (ret != CERT_SUCCESS) {
cert_index++;
continue;
}
// Parse the certificate
cert_buffer[cert_size] = '\0';
ret = mbedtls_x509_crt_parse(&cacert[conn_id], cert_buffer,
cert_size + 1);
if (ret < 0) {
cert_index++;
continue;
}
// Set the certificate chain
mbedtls_ssl_conf_ca_chain(&conf[conn_id], &cacert[conn_id], NULL);
// Perform the TLS handshake
ret = mbedtls_ssl_handshake(&ssl[conn_id]);
if (ret == 0) {
uint32_t flags = mbedtls_ssl_get_verify_result(&ssl[conn_id]);
if (flags == 0) {
connection_established = true;
// Cache the certificate
cache_certificate(cert_buffer, cert_size, cert_index);
break;
}
} else {
LOGD("Failed to perform handshake with certificate index %d,
error: -0x%x\n", cert_index, -ret);
}
// Reset the SSL session
ret = mbedtls_ssl_session_reset(&ssl[conn_id]);
if (ret != 0) {
LOGD("Failed to reset SSL session, error: -0x%x\n", -ret);
return ret;
}
cert_index++;
}
return connection_established ? 0 : -1;
}
```
### Additional Information:
Here are the logs:
```
Reading certificate 'cdotroot.cer' at address 0x08100650, size: 1348
Failed to perform handshake with certificate index 0, error: -0x2700
Reading certificate 'digicertroot.cer' at address 0x08100B94, size: 1360
Failed to perform handshake with certificate index 1, error: -0x7300
...
```
I suspect that the issue may be related to the limited RAM space available
on my device. I am looking for guidance on how to properly iterate through
and verify the built-in certificates within these constraints. Any
suggestions or best practices for handling multiple certificates in such an
environment would be greatly appreciated.
Thank you for your assistance.
Best regards,
[Tony]
---
Feel free to replace `[Your Name]` with your actual name before sending the
email.
Hello,
I described an issue I have here: https://github.com/Mbed-TLS/mbedtls/issues/9867
During compilation it compiles with the wrong mbedtls_config.h even though I set up this part in my CMakeLists.txt:
#MbedTLS default START
# 1. MbedTLS custom config setup
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls)
set(MBEDTLS_CONFIG_FILE "${CMAKE_CURRENT_SOURCE_DIR}/mbedtls_config.h")
add_compile_definitions(
MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}"
)
set(ENABLE_TESTING OFF CACHE BOOL "Disable mbedtls testing" FORCE)
set(ENABLE_PROGRAMS OFF CACHE BOOL "Disable mbedtls programs" FORCE)
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR}/mbedtls)
# Add mbedtls build
add_subdirectory(${MBEDTLS_DIR})
#MbedTLS END
There’s more information on the GitHub link.
Thank you in advance.
Alex
Dear Mbed TLS users,
Mbed TLS has contained the reference implementation of the PSA Crypto API since the early days of the standard. This implementation was experimental at first, but over years of development it reached maturity, and the experimental status was removed three years ago (in version 3.6.1.).
Shortly after that, in 2022, the TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> repository was created just for the PSA Crypto API implementation to make it more accessible for users only interested in that. This repository was only a mirror of the main one and the development of the PSA Crypto API implementation remained integral part of Mbed TLS.
In the background, work has been started to make this repository the place where the development of the PSA Crypto API reference implementation happens. This work has finally been completed and from now on TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> is ready to receive contributions, bug reports and enhancement requests. TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> will now be the development repository for the PSA Crypto reference implementation.
Mbed TLS will continue to rely on TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> and will be using it as a submodule.
Many thanks,
Janos Follath
Mbed TLS developer
Hi,
Can you give me a little advice on how v3 works?
I've updated our mbed library from 2.16.1 to 3.6.2 which was mostly a very
smooth experience, thanks.
The one question in my mind relates to making p_bio private in
mbedtls_ssl_context
*I used to free it before calling mbedtls_ssl_free - is it ok to skip this
now? ie:*
//mbedtls_net_free((mbedtls_net_context *) m_ssl.p_bio);
mbedtls_ssl_free(&m_ssl);
*I also used to poll it before calling mbedtls_ssl_close_notify - is ok to
skip this now? ie:*
//if(mbedtls_net_poll((mbedtls_net_context *) m_ssl.p_bio,
MBEDTLS_NET_POLL_WRITE, 0) < 0)
// return;
int ret;
while((ret = mbedtls_ssl_close_notify(&m_ssl)) < 0)
{
if(ret != MBEDTLS_ERR_SSL_WANT_READ &&
ret != MBEDTLS_ERR_SSL_WANT_WRITE)
return;
}
It all seems to run just fine like this, but I could really do with some
confidence boosting validation of my cavalier commenting.
Thank you
Daniel
Dear Mbed TLS team,
I am trying to integrate Mbed TLS in our platform:
- nxp imx rt 1024 CPU (arm based)
- FreeRTOS (10.6)
- Lwip (2.2)
- Mbed TLS (3.6.2)
LWIP supports Mbed TLS when adding defines in their configuration:
/* ---------- TLS ------------------------- */
#define LWIP_ALTCP 1
#define LWIP_ALTCP_TLS 1
#define LWIP_ALTCP_TLS_MBEDTLS 1
But, unfortunately this supports an older version of Mbed TLS (I believe
2.2.x).
When I try to compile against the Mbed TLS 3.6.2 libraries, I get a bunch
of compiler warnings / errors. Most of them are mentioned in the migration
guide, but even then, I have a hard time figuring out how to resolve them
"the right way".
1. Private fields
The migration guide
<https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/3.0-migration-gui…>
explains that most structs are now considered private.
1.1: The altcp_mbed module in LWIP relies on the *out_left* field of the *ssl
context* struct.
/* calculate TLS overhead part to not send it to application */
overhead = state->overhead_bytes_adjust + state->ssl_context.out_left;
I am correct that this field is simply not exposed through accessor
functions? I can find functions like mbedtls_ssl_get_avail, so I would
expect something like mbedtls_ssl_get_bytes_to_write or something like that?
1.2: The altcp_mbed module in LWIP relies on the *start* field of the *ssl
session* struct.
err_t
altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session
*session)
{
if (session && conn && conn->state) {
altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
int ret = -1;
* if (session->data.start)*
ret = mbedtls_ssl_set_session(&state->ssl_context, &session->data);
return ret < 0 ? ERR_VAL : ERR_OK;
}
return ERR_ARG;
}
I also don't know how to obtain this field "the right way". I know this is
a bad idea, but it's all I got
if (session->data.*private_start)* ...
2. parse key expects a RNG function
This is also explained in the migration guide:
*Some functions gained an RNG parameterThis affects users of the following
functions: `mbedtls_ecp_check_pub_priv()`,`mbedtls_pk_check_pair()`,
`mbedtls_pk_parse_key()`, and`mbedtls_pk_parse_keyfile()`.You now need to
pass a properly seeded, cryptographically secure RNG whencalling these
functions. It is used for blinding, a countermeasure againstside-channel
attacks.*
Can you please give me some guidance here? I looked for examples in Mbed
TLS repo and ended up with this (bold parts are added, using the key_app.c
in your repo as leading example):
* mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); if
((ret = mbedtls_ctr_drbg_seed( &ctr_drbg,
mbedtls_entropy_func, &entropy, privkey,
privkey_len)) != 0) { // TODO: handle error } *
ret = mbedtls_pk_parse_key(
conf->pkey, privkey,
privkey_len,
privkey_pass,
privkey_pass_len,
*mbedtls_ctr_drbg_random, &ctr_drbg*);
3. The altcp_mbed module in LWIP relies on mbedtls_ssl_flush_output
The altcp_mbed module had an include on ssl internal.
#include "mbedtls/ssl_internal.h" /* to call mbedtls_flush_output after
ERR_MEM */
This header seems no longer part of the library. But the prototype of the
function is now part of ssl_misc.h, but I don't think I am supposed to rely
on this header either.
I have a couple of options:
- ignore the compiler warning
/home/dev_container/app/thirdparty/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c:535:5:
warning: implicit declaration of function 'mbedtls_ssl_flush_output'; did
you mean 'mbedtls_ssl_tls_prf'? [-Wimplicit-function-declaration]
535 | mbedtls_ssl_flush_output(&state->ssl_context);
- copy paste the declaration in the LWIP source file
- Or.... don't flush any buffers managed by Mbed TLS in the first place?
For the last one, I could really use your input. Can you say anything
meaningful about the flush (line in bold) In the below function, Is it
mandatory? Or can I trust the Mbed TLS will flush the output buffer
whenever it needs to get flushed?
/** Sent callback from lower connection (i.e. TCP)
* This only informs the upper layer the number of ACKed bytes.
* This now take care of TLS added bytes so application receive
* correct ACKed bytes.
*/
static err_t
altcp_mbedtls_lower_sent(void *arg, struct altcp_pcb *inner_conn, u16_t len)
{
struct altcp_pcb *conn = (struct altcp_pcb *)arg;
LWIP_UNUSED_ARG(inner_conn); /* for LWIP_NOASSERT */
if (conn) {
int overhead;
u16_t app_len;
altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state;
LWIP_ASSERT("state", state != NULL);
LWIP_ASSERT("pcb mismatch", conn->inner_conn == inner_conn);
/* calculate TLS overhead part to not send it to application */
mbedtls_ssl_get_bytes_avail(&state->ssl_context);
overhead = state->overhead_bytes_adjust +
state->ssl_context.private_out_left;
if ((unsigned)overhead > len) {
overhead = len;
}
/* remove ACKed bytes from overhead adjust counter */
state->overhead_bytes_adjust -= len;
/* try to send more if we failed before (may increase overhead adjust
counter) */
*mbedtls_ssl_flush_output(&state->ssl_context); // Does it make sense
this LWIP port is responsible for flushing here??*
/* remove calculated overhead from ACKed bytes len */
app_len = len - (u16_t)overhead;
/* update application write counter and inform application */
if (app_len) {
state->overhead_bytes_adjust += app_len;
if (conn->sent)
return conn->sent(conn->arg, conn, app_len);
}
}
return ERR_OK;
}
After applying the changes I mentioned above, the software compiles against
Mbed TLS. I haven't dared to run anything, I just want to enjoy this short
moment where I have the feeling I achieved something before runtime errors
ruin my day :).
Many thanks in advance for any reply!
Best regards, Bas
[image: image.png]
Hi Team
I am investigating the move from MbedTLS 2.25 to 3.6, however, our client uses the 2.25 currently (looks like they prefer to stay with it) and I need to provide convincing proof to move to 3.6 considering the upgrade issues that might arise. Any suggestions here that is convincing proof to do the migration to 3.6? I would appreciate your comments. Thanks
Michael
Dear Mbed TLS team,
I am at the early steps of trying to integrate Mbed TLS with LWIP for our
project (imx rt 1024 NXP micro, arm M7, running FreeRTOS and LWIP). I
understand the basics of TLS, but I am far from an expert.
Let me first apologise for the lengthy first email. I am afraid to leave
out details. Feel free to skip directly to the end marked with:
=============================
My questions:
=============================
Some background / translation of how I think it (should) work:
From a distance, I understand that LWIP has an abstraction layer on their
TCP module, which can be used to integrate Mbed TLS.
In fact, LWIP already did this, all I need to do is enable some directives
(LWIP_ALTCP_TLS and LWIP_ALTCP_TLS_MBEDTLS).
The implemented integration assumes a somewhat older version of Mbed TLS,
so I have to adjust a couple to cope with the breaking changes from Mbed
TLS 2.x to Mbed TLS 3.6.2.
But other than that, integrating Mbed TLS would mean:
- figure out which options i want to enable in Mbed TLS
- cross compile it for our arm toolchain
- extend our build scripts to compile against 3 static Mbed TLS libraries
- figure out how to read the CA certificates, and provide them to Mbed TLS
- test and fail, and hopefully be man enough to solve the challenges
ahead...
I haven't achieved much yet, but at least I managed to compile Mbed TLS
with our toolchain and recompile our project against the linked libraries.
This steps fails though, I get a bunch of linker errors :
[100%] Linking CXX executable app.axf
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_msg.c.obj):
in function `mbedtls_ssl_encrypt_buf':
/home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:1211:(.text.mbedtls_ssl_encrypt_buf+0x1b4):
undefined reference to `mbedtls_cipher_auth_encrypt_ext'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_msg.c.obj):
in function `mbedtls_ssl_decrypt_buf':
/home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:1638:(.text.mbedtls_ssl_decrypt_buf+0x180):
undefined reference to `mbedtls_cipher_auth_decrypt_ext'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_msg.c.obj):
in function `mbedtls_ssl_transform_free':
/home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:6213:(.text.mbedtls_ssl_transform_free+0x14):
undefined reference to `mbedtls_cipher_free'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:6214:(.text.mbedtls_ssl_transform_free+0x1e):
undefined reference to `mbedtls_cipher_free'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj):
in function `mbedtls_ssl_transform_init':
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:1028:(.text.mbedtls_ssl_transform_init+0x18):
undefined reference to `mbedtls_cipher_init'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:1029:(.text.mbedtls_ssl_transform_init+0x22):
undefined reference to `mbedtls_cipher_init'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj):
in function `mbedtls_ssl_get_mode_from_ciphersuite':
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:2453:(.text.mbedtls_ssl_get_mode_from_ciphersuite+0x12):
undefined reference to `mbedtls_cipher_info_from_type'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj):
in function `mbedtls_ssl_parse_finished':
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:8680:(.text.mbedtls_ssl_parse_finished+0xac):
undefined reference to `mbedtls_ct_memcmp'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj):
in function `ssl_tls12_populate_transform':
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:8878:(.text.ssl_tls12_populate_transform+0xa6):
undefined reference to `mbedtls_cipher_info_from_type'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9136:(.text.ssl_tls12_populate_transform+0x454):
undefined reference to `mbedtls_cipher_setup'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9142:(.text.ssl_tls12_populate_transform+0x476):
undefined reference to `mbedtls_cipher_setup'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9148:(.text.ssl_tls12_populate_transform+0x4a8):
undefined reference to `mbedtls_cipher_setkey'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9155:(.text.ssl_tls12_populate_transform+0x4da):
undefined reference to `mbedtls_cipher_setkey'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
CMakeFiles/app.dir/home/dev/app/thirdparty/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c.obj:
in function `altcp_mbedtls_sndbuf':
/home/dev/app/thirdparty/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c:1192:(.text.altcp_mbedtls_sndbuf+0x7e):
undefined reference to `mbedtls_ssl_get_max_frag_len'
/opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld:
/home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls12_server.c.obj):
in function `ssl_parse_client_psk_identity':
/home/dev/app/thirdparty/mbedtls/library/ssl_tls12_server.c:3638:(.text.ssl_parse_client_psk_identity+0xb6):
undefined reference to `mbedtls_ct_memcmp'
The distinct list undefined references of the above:
undefined reference to `mbedtls_cipher_auth_encrypt_ext'
undefined reference to `mbedtls_cipher_auth_decrypt_ext'
undefined reference to `mbedtls_cipher_free'
undefined reference to `mbedtls_cipher_init'
undefined reference to `mbedtls_cipher_info_from_type'
undefined reference to `mbedtls_ct_memcmp'
undefined reference to `mbedtls_cipher_setup'
undefined reference to `mbedtls_cipher_setup'
undefined reference to `mbedtls_cipher_setkey'
undefined reference to `mbedtls_cipher_setkey'
undefined reference to `mbedtls_ssl_get_max_frag_len'
All except the last one are coming from Mbed TSL internally, so I *guess*
this means I am missing options? Or maybe I am still having too many?
The last one is called from the LWIP integration of Mbed TLS, and I could
"sweep this under the carpet" by disabling
"MBEDTLS_SSL_MAX_FRAGMENT_LENGTH". But I haven't looked further in what I
cause if I do not support "RFC 6066 max_fragment_length extension in SSL"
My Mbed TLS configuration:
I followed the suggestion of your documentation, and went for a minimal
example configuration. Pure on intuition, I went for
"config-ccm-psk-dtls1_2.h". Because the file name suggests it brings TSL
1.2 which is basically all I need. I think.
I did had to make the following changes in order to be able to compile it:
1. Comment out two defines in order to get rid of module requiring
"windows or unix"
//#define MBEDTLS_NET_C
//#define MBEDTLS_TIMING_C
2. Add a define, again to get rid of the compiler error "require windows or
unix"
#define MBEDTLS_NO_PLATFORM_ENTROPY
After applying these small changes to the include/mbedtls/mbedtls_config.h
I was able to cross compile (and link) Mbed TLS with arm-none-eabi
toolchain.
Once I adjusted the build scripts to lnk against the Mbed TLS static
libraries, I finally ended up with the earlier mentioned linker errors.
=============================
My questions:
=============================
1. Does my starting point configuration make sense?
As mentioned earlier, pure intuition made me try the
"config-ccm-psk-dtls1_2.h" configuration example, which after some
modifications compiled and produced 3 static libraries. but, this bit in
the example header worries me a bit:
* Distinguishing features:
* - Optimized for small code size, low bandwidth (on an unreliable
transport),
* and low RAM usage.
* - No asymmetric cryptography (no certificates, no Diffie-Hellman key
* exchange).
* - Fully modern and secure (provided the pre-shared keys are generated and
* stored securely).
* - Very low record overhead with CCM-8.
* - Includes several optional DTLS features typically used in IoT.
What does "no asymmetric cryptography" exactly mean? Isn't that the pure
basis of TLS altogether?
If I want to achieve HTTPS using TLS, is this a good starting point?
2. Undefined references: wrong configuration, or should I supply some of
the implementations?
As mentioned before, I have quite a few linking errors related to the
cipher module. I tried to find answers in the documentation, but came up
empty.
I assume (again...) that I should be able to get rid of these linking
errors by enabling more features in Mbed TLS. But I honestly get lost in
#define's. And maybe it's documented somewhere, but I couldn't find it.
3. Root CA provided by me?
I assume I *need* to provide at least one root CA for Mbed TLS to be able
to verify the public key provided by the server, at some point, right? I
would expect some callback I need to implement where such a root CA was
read (in my case, i would have to read if from flash). Am I
misunderstanding Mbed TLS on this aspect also? Or did I just miss the
obvious spot where to Mbed TLS requests a root CA?
4. More examples available for typical microcontroller projects
(FreeRTOS/LWIP)?
My experience so far is:
- Mbed TLS is well documented
- LWIP is no longer actively maintained, and lacks documentation in general
- Google finds a painful amount of LWIP/TLS integrations which are based on
really old implementations of both, which does more harm than good for me
- Chat GPT knows everything, even when it doesn't, which is a really great
recipe to get on the wrong track... It doesn't seem rather helpful on my
integration questions for Mbed TLS/LWIP. Disclaimer: could be that my lack
of knowledge is causing gpt to come up with wrong answers of course...
I understand that my email is (too?) long, and that the chance somebody
will actually find the time to help me out is limited.
I expect nothing,
I hope for everything :)
ANY help is more than welcome. Good references, links to official
documentation I missed, or in the best case: answers to my
questions/uncertainties.
Many thanks in advance.
Best regards, Bas
Dear MbedTLS maintainers,
we are already using MBedTLS, however, we recently enabled TLS 1.3 and
found that our certificates doesn't work anymore, because they are
brainpoolP256r1 (https://datatracker.ietf.org/doc/html/rfc8734). So the
question would be, if I missed any configuration to enable the usage of
brainpool curves (which are working for TLS 1.2) or if there are any
plans, that these are getting supported by MBedTLS 3.6.x?
Best regards,
Maren Konrad
Hi,
I am trying to build lief which is dependent on mbedtls as a static library.
I am using conan recipe to build using cmake.
The build of the library succeeded, however later while trying to build my
own application and link with lief I get the following error:
LIEF.lib(x509.obj) : error LNK2001: unresolved external symbol
mbedtls_snprintf
What do I do wrong?
Or should I configure something while building the mbedtls library ?
Thanks,
Gal.
Dear Mbed TLS maintainers,
I have surveyed Mbed TLS and know that it has features which can improve
AES block cipher performance by hardware instructions instead of SW
implementation
e.q., AESCE of ARMV8 and AESNI of INTEL.
AS far as I know about RISC-V Cryptography extension(Zkne and Zknd),
it also supports relevant AES instructions which can accelerate aes
key schedule, encryption and decryption process.
(https://tools.cloudbear.ru/docs/riscv-crypto-spec-scalar-1.0.0-rc6-20211012…)
I want to ask for your opinions and agreement.
Is there any willingness to accept this RISC-V accelerated feature
idea and contribution to Mbed TLS ?
If you agree with it, I would like to prepare a pull request for you to review.
Sincerely,
Rick
Dear Mbed TLS users,
We have released Mbed TLS version 3.6.2. This release provides a security fix for an out-of-bounds write vulnerability in the pkwrite module.
Full details are available in the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Many thanks,
David Horstmann
Mbed TLS developer
Hi,
I'm currently working on adding mbedTLS 3.x support for Privoxy [0].
Everything seems to be working but I ifdef'ed out the following
code in [1] that worked with mbedTLS 2.28.8:
/*
* Check if key and issuer certificate match
*/
if (!mbedtls_pk_can_do(&issuer_cert.pk, MBEDTLS_PK_RSA) ||
mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->N,
&mbedtls_pk_rsa(*issuer_key)->N) != 0 ||
mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->E,
&mbedtls_pk_rsa(*issuer_key)->E) != 0)
{
log_error(LOG_LEVEL_ERROR,
"Issuer key doesn't match issuer certificate");
ret = -1;
goto exit;
}
As N and E are private now it no longer compiles.
Is there a way to implement the check with mbedTLS 3.x?
My impression is that the sanity check is overly cautious
and we don't have equivalent code for OpenSSL and wolfSSL
but I'm curious.
Thanks,
Fabian
[0] <https://www.privoxy.org/>
[1] <https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=ssl.c;h=e8007cd9adad…>
Hello,
I'm running into an issue with using Mbed-TLS on an embedded device of ours and I'm curious if anyone would be able to point me in the right direction. If this is the wrong channel for general use questions, let me know and I'll search elsewhere. As a forewarning, I'm still getting my bearings around the nuts and bolts of Mbed-TLS and network security; apologies if I misstate something or jumble things up.
Our device uses Mbed-TLS 3.0.0; ideally I'd like to upgrade this to a newer version, but this version was included in a SDK package for our device and I'd like to get some basic functionality proven out first before trying to reintegrate a newer version into the rest of provided code. The current goal is to get our device to serve a web page over HTTPS with TLS.
What we currently see is that the initial hello client and server messages are exchanged without issue, but the connection is rejected after the server requests a certificate from the client. In some browsers, this opens a prompt where you can select a given certificate on the machine; in others, it skips this prompt and sends a response back with an empty certificate. In both instances, the server will return an error and deny the connection.
This seems like some sort of user configuration error, given your average web page served over HTTPS on the internet avoids making this request. The literature I've been able to find so far also seems to suggest this request is entirely optional. Is there some option I'm overlooking that makes the server skip asking the client for its certificate and lets connection continue on?
Michael Reutman
Senior Embedded Software Engineer
NovaTech Automation
261 Brodhead Rd.
Bethlehem, PA 18017
novatechautomation.com<http://www.novatechautomation.com/> | NovaTechLinkedIn<https://www.linkedin.com/company/565017>
NovaTech Automation is Net Zero committed. #KeepItCool<https://www.keepitcool.earth/>
Receipt of this email implies compliance with our terms and conditions<https://www.novatechautomation.com/email-terms-conditions>.
Hi,
I'm trying to parse this DER encoded certificate in hex format:
3082018230820128a003020102020900f3b305f55622cfdf300a06082a8648ce3d04030230003020170d3735303130313030303030305a180f34303936303130313030303030305a30003059301306072a8648ce3d020106082a8648ce3d0301070342000458f7e9581748ff9bdd933b655cc0e5552a1248f840658cc221dec2186b5a2fe4641b86ab7590a3422cdbb1000cf97662f27e5910d7569f22feed8829c8b52e0fa38188308185308182060a2b0601040183a25a01010101ff0471306f042508021221026b053094d1112bce799dc8026040ae6d4eb574157929f1598172061f753d9b1b04463044022040712707e97794c478d93989aaa28ae1f71c03af524a8a4bd2d98424948a782302207b61b7f074b696a25fb9e0059141a811cccc4cc28042d9301b9b2a4015e87470300a06082a8648ce3d04030203480030450220143ae4d86fdc8675d2480bb6912eca5e39165df7f572d836aa2f2d6acfab13f8022100831d1979a98f0c4a6fb5069ca374de92f1a1205c962a6d90ad3d7554cb7d9df4
This certificate is part of a simple test for this specification
https://github.com/libp2p/specs/blob/master/tls/tls.md
I'm using this https://github.com/status-im/nim-mbedtls Nim language
library wrapper for mbedtls. I don't know the mbedtls version exactly,
but the lib is based on this commit
https://github.com/Mbed-TLS/mbedtls/tree/09d23786f6fdcb4dfa88aad30c8767bd27….
In my code I use:
proc parseUnverified*(derInput: seq[byte]) =
var crt: mbedtls_x509_crt
mbedtls_x509_crt_init(addr crt)
var ret = mbedtls_x509_crt_parse_der(addr crt, unsafeAddr
derInput[0], derInput.len.uint)
if ret != 0:
raise newException(Exception, "Failed to parse certificate, error
code: " & $ret)
which is a straightforward version of the C code, but ti fails with:
Failed to parse certificate, error code: -9186 [Exception]
It seems the problem is because the certificate doesn't have the
Distinguished Name set. Does it make sense? If this is really the
cause of the problem, is there any workaround?
Regards.
Hi,
We were using old MBed TLS version 2.19.1 and existing trusted CA
certificates were working fine in that release. Recently we upgraded
to 3.6.0 and see that now certificate parsing is returning -ox262e
value from function mbedtls_x509_get_sig_alg cause of which handshake
is not even initiated.
Can you please let us know what can cause such an issue and remedy the same?
Regards,
Prakash
Hi Mbed TLS,
I am looking for some suggestions about make some (or all) Mbed TLS APIs non-secure callable APIs on armv8m.
The background is that I am going to have a secure firmware that provides encryption services by building part (or whole) of Mbed TLS into that firmware and make those original mbedtls_x APIs non-secure callable, so the existing non-secure firmware could link those non-secure callable APIs and use them.
Some of my thoughts:
(1) The easiest way to do it I can think of is just add the attribute "cmse_nonsecure_call" to those APIs' declaration (or use a macro to wrap the attribute for conditional build to not impact others don't want it), but I do not think this modification could be accepted by upstream 🙂.
(2) So my another thought is duplicate all header files and put them under another folder, assuming it is my-include folder, then I can do whatever I want to my-include folder, but there is also a problem I can think of: a merge/compare burden between include and my-include folder after I have updated Mbed TLS.
I really appreciate other suggestions!
Thanks,
William
Hi All,
A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum
is next Monday at 4:30pm UK time. Invite details can be found on the online
calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Janos know. :)
Don
My mbedtls client has been working for 2 years. It did what I required and
has been stable.
However, I now need to force a new server to use my preferred cipher suite.
I found the helper function to force the cipher suite here:
https://github.com/Mbed-TLS/mbedtls/blob/de4d5b78558666d2e258d95e6c5875f9c7…
I added mbedtls_ssl_conf_preference_order(conf,
MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) to the end of the function to
force the server to choose my ciphersuite.
Prior to this change I called the mbedtls functions in this chronological
order:
mbedtls_ssl_init(&_ssl);
mbedtls_ssl_config_init(&_conf);
mbedtls_ctr_drbg_init(&_ctr_drbg);
mbedtls_entropy_init(&_entropy);
mbedtls_x509_crt_init(&_cacert);
mbedtls_pk_init(&_pkey);
mbedtls_ctr_drbg_seed
mbedtls_ssl_config_defaults
mbedtls_ssl_conf_rng
mbedtls_ssl_conf_authmode
mbedtls_x509_crt_parse_file
mbedtls_ssl_conf_ca_chain
mbedtls_ssl_setup
mbedtls_ssl_set_hostname
and then proceed to call:
mbedtls_ssl_set_bio
mbedtls_ssl_handshake
Now:
If I call mbedtls_ssl_conf_ciphersuites BEFORE mbedtls_ssl_config_defaults,
the ciphersuite list is ignored/seems to get overriden.
If I call mbedtls_ssl_conf_ciphersuites AFTER mbedtls_ssl_config_defaults,
my ciphersuite list changes are accepted and transmitted (I can see in
Wireshark). The server then responds agreeing to use my chosen cipher suite.
However, mbedtls_ssl_handshake returns with value -26112, which I have
looked up to be MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER.
Unfortunately I have no clue what is causing this.
Could somebody please advise how this should be done? I can see Client2
example but there are functions I have which are not in there. Client1
seems too simple for me but Client2 seems beyond what I require.
I am using MbedTLS client code based on this:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I am connecting to a server via it's URL. However, I would like to connect directly using an IP address returned from running the traceroute command on the URL.
So I replaced the URL with the IP address. However, MBedTLS fails on the handshake:
https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket…
I get the error:
"error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed"
If I revert back to URL, it works. The IP address does exist.
How can I connect using the IP address, instead of the URL?