- mbed-tls - lists.trustedfirmware.org

Re: [mbed-tls] MBEDTLS_ENTROPY_HARDWARE_ALT, mbedtls_ctr_drbg_seed() freezes ?

by Gilles Peskine

Hi Manu, f_entropy is the argument passed to mbedtls_ctr_drbg_seed, which is mbedtls_entropy_func. This function obtains entropy from all configured sources, which depends on the library configuration. Check if it might be calling other sources (see what sources are added in mbedtls_entropy_init in library/entropy.c). I think there's a bug in your mbedtls_hardware_poll implementation. It's receiving a buffer ent_buf with room for count BYTES, but you're filling it with count WORDS. You need to pass the exact number of bytes. In practice, unless the library is configured in a weird way, count will be a multiple of 4, which can make your code a bit simpler. -- Gilles Peskine Mbed TLS developer On 17/08/2020 19:16, Manu Abraham via mbed-tls wrote: > Greetings, > > I am new to the list, please do excuse me, in case of any list > specific etiquette issues. > > Trying to use a 1.6.1 release with a Cortex M7 port, specifically a STM32H7. > > After enabling MBEDTLS_ENTROPY_HARDWARE_ALT, did implement > mbedtls_hardware_poll() > > It looks thus, and it does appear to work from a hardware perspective: > > /** > * mbedtls_hardware_poll() > * Read random data from the Hardware RNG for entropy applications > */ > int mbedtls_hardware_poll(void *arg, > unsigned char *ent_buf, > size_t count, > size_t *ent_len) > { > register uint8_t i = 0; > uint32_t rand; > > if (!LL_RNG_IsEnabled(RNG)) > LL_RNG_Enable(RNG); /* Enable Random Number Generator */ > > for (i = 0; i < count; i++) { > while (!LL_RNG_IsActiveFlag_DRDY(RNG)) { } /* Wait for DRDY > flag to be raised */ > if ((LL_RNG_IsActiveFlag_CECS(RNG)) || > (LL_RNG_IsActiveFlag_SECS(RNG))) { /* Check error, if any */ > > /* Clock or Seed Error detected. Set Error */ > printf(" (%d) %s: Clock/Seed Error!\r\n", __LINE__, __FUNCTION__); > } > rand = LL_RNG_ReadRandData32(RNG); /* Read RNG data */ > memcpy(&(ent_buf[i * 4]), &rand, 4); /* *ent_len += 4 */ > } > LL_RNG_Disable(RNG); /* Stop random numbers generation */ > *ent_len = ((i + 1) * 4); > printf(" (%d) %s: Random Words: %d Word: %04d\r\n", > __LINE__, > __FUNCTION__, > count, > rand); > > return 0; > } > > The code which causes the problem is this, in my tls_init() > > int tls_init(void) > { > int ret; > > /* inspired by https://tls.mbed.org/kb/how-to/mbedtls-tutorial */ > const char *pers = "SYS-LWH7"; > > printf(" (%d) %s: Initializing\r\n", __LINE__, __FUNCTION__); > /* initialize descriptors */ > > mbedtls_ssl_init(&ssl); > printf(" (%d) %s: SSL initialize\r\n", __LINE__, __FUNCTION__); > > mbedtls_ssl_config_init(&conf); > printf(" (%d) %s: SSL Config initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_x509_crt_init(&cacert);work > printf(" (%d) %s: x509 CRT initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_ctr_drbg_init(&ctr_drbg); > printf(" (%d) %s: DRBG initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_entropy_init(&entropy); > printf(" (%d) %s: Entropy initialized\r\n", __LINE__, __FUNCTION__); > > > ret = mbedtls_ctr_drbg_seed(&ctr_drbg, > mbedtls_entropy_func, > &entropy, > (const unsigned char *) pers, > strlen(pers)); > if (ret) { > > LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, > ("failed !\n mbedtls_ctr_drbg_seed returned %d\n", > ret)); > > printf(" (%d) %s: DRBG seed failed, ret=%d\r\n", __LINE__, > __FUNCTION__, ret); > return -1; > } > printf(" (%d) %s: DRBG seed returned:%d\r\n", __LINE__, __FUNCTION__, ret); > > /** > * The transport type determines if we are using > * TLS (MBEDTLS_SSL_TRANSPORT_STREAM) or > * DTLS (MBEDTLS_SSL_TRANSPORT_DATAGRAM). > */ > ret = mbedtls_ssl_config_defaults(&conf, > MBEDTLS_SSL_IS_CLIENT, > MBEDTLS_SSL_TRANSPORT_STREAM, > MBEDTLS_SSL_PRESET_DEFAULT); > if (ret) { > LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, > ("failed !\n mbedtls_ssl_config_defaults returned %d\n\n", > ret)); > > printf("(%d) %s: SSL config defaults failed, ret=%d\r\n", > __LINE__, __FUNCTION__, ret); > return -1; > } > printf("(%d) %s: SSL config defaults returned:%d\r\n", __LINE__, > __FUNCTION__, ret); > > ret = mbedtls_x509_crt_parse(&cacert, > (const unsigned char *)test_ca_crt, > test_ca_crt_len); > if (ret) > printf(" (%d) %s: failed!\n mbedtls_x509_crt_parse returned > %d\r\n", __LINE__, __FUNCTION__, ret); > else > printf(" (%d) %s: mbedtls_x509_crt_parse returned %d\r\n", > __LINE__, __FUNCTION__, ret); > > mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); > mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); > > /** > * The library needs to know which random engine > * to use and which debug function to use as callback. > */ > mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); > mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); > mbedtls_ssl_setup(&ssl, &conf); > } > > > The output of which looks thus, in a serial terminal: > > (1217) print_dhcp_state: Try connect to Broker > (174) tls_init: Initializing > (178) tls_init: SSL initialize > (181) tls_init: SSL Config initialized > (184) tls_init: x509 CRT initialized > (187) tls_init: DRBG initialized > (190) tls_init: Entropy initialized > (1027) mbedtls_hardware_poll: Random Words: 128 Word: -558876895 > > > Any thoughts/ideas, what could be wrong ? > Any kind soul in here ? > > Thanks, > Manu

4 years, 2 months

1
0
0 0

Re: [mbed-tls] Failing CI tests, Generating coverage report

by Manuel Pegourie-Gonnard

Hi Gábor, Congrats on fixing the previous issues and getting Travis to pass. Unfortunately, the complete logs of the Jenkins part of the CI can only be accessed by Arm employees so far. We have plans to move to a fully-public CI system, but this won't happen before the second half of this year. In the meantime I'm afraid you'll have to ask a team member to get you the results. > continuous-integration/jenkins/pr-head — This commit cannot be built > continuous-integration/jenkins/pr-merge — This commit cannot be buil Note: this can be ignore, these are the results of the parent jobs that spawn the other jobs. > PR-4117-head TLS Testing — Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator > PR-4117-merge TLS Testing — Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator Note: this is a partial list of failed components (truncated due to limits in the Github notifications API). Most of them as components of tests/scripts/all.sh - if you have access to a Linux/Unix machine with the proper dependencies, you can run them locally, for example here the first one would be tests/scripts/all.sh test_m32_o1, the second one tests/scripts/all.sh test_memory_buffer_allocator. Regarding your question about coverage: I _think_ it should work on Windows if you exclude ssl-opt.sh and compat.sh. As your work is related to X.509, excluding those SSL-related scripts should not affect coverage of the areas of interest. I'm not sure if lcov (the programs that turns gcov's raw data to human-readable form) works on Windows, I'm sure your favourite search engine will have more information than me about this 🙂 Note however that most of the development/testing tools are made with Linux in mind, so you might have an easier time running a Linux VM to use them. As a last resort, one of the reviewers of the PRs can measure coverage on their machine - that's something I often do for PRs adding features, especially when some form of parsing is involved. Thanks for paying attention to coverage, by the way, that's really appreciated! Best regards, Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 11 February 2021 11:39 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Failing CI tests, Generating coverage report Hello Guys! I have a branch that has been successfully built, but 4/10 tests are failing. Unfortunately I am not even able to read a log, because if I click on the details button I am redirected to a "This site can't be reached" page. Could you help me how to check the logs regarding the Jenkins CI builds? This is the pull request https://github.com/ARMmbed/mbedtls/pull/4117 These are the failing tests: continuous-integration/jenkins/pr-head — This commit cannot be built continuous-integration/jenkins/pr-merge — This commit cannot be buil PR-4117-head TLS Testing — Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator PR-4117-merge TLS Testing — Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator I am also working on tests to cover the new functionality, but can not run coverage report. In the makefile of the base directory of mbedtls I have found this part: ifndef WINDOWS # note: for coverage testing, build with: # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check programs/test/selftest tests/compat.sh tests/ssl-opt.sh So am I right, that coverage check is only supported ot linux platform? Do I need to use that one or are there any solutions on windows? Thank you in advance! BR, Gábor

4 years, 2 months

2
2
0 0

Failing CI tests, Generating coverage report

by Gábor Tóth

Hello Guys! I have a branch that has been successfully built, but 4/10 tests are failing. Unfortunately I am not even able to read a log, because if I click on the details button I am redirected to a "This site can't be reached" page. Could you help me how to check the logs regarding the Jenkins CI builds? This is the pull request https://github.com/ARMmbed/mbedtls/pull/4117 These are the failing tests: *continuous-integration/jenkins/pr-head *— This commit cannot be built *continuous-integration/jenkins/pr-merge *— This commit cannot be buil *PR-4117-head TLS Testing *— Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator *PR-4117-merge TLS Testing *— Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator I am also working on tests to cover the new functionality, but can not run coverage report. In the makefile of the base directory of mbedtls I have found this part: ifndef WINDOWS # note: for coverage testing, build with: # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check programs/test/selftest tests/compat.sh tests/ssl-opt.sh So am I right, that coverage check is only supported ot linux platform? Do I need to use that one or are there any solutions on windows? Thank you in advance! BR, Gábor

4 years, 2 months

1
0
0 0

Re: [mbed-tls] X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gábor Tóth

Hello Gilles! Thank you for your helpful answer! Unfortunately this solution to find memory leakage problems is not working under windows (as I read), but fortunately I was able to locate the source and now my changes are green on the server. Thank you, again :) BR, Gábor Gilles Peskine via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> ezt írta (időpont: 2021. febr. 10., Sze, 12:03): > Hi Gábor, > > Thank you for contributing to Mbed TLS! > > For the memory leaks, compile with ASan(+UBSan): > export ASAN_OPTIONS='symbolize=1' > # also export ASAN_SYMBOLIZER_PATH=/path/to/llvm-symbolizer if it's not > found automatically > export ASAN_FLAGS='-O2 -fsanitize=address,undefined > -fno-sanitize-recover=all' > make CFLAGS="$ASAN_FLAGS" LDFLAGS="$ASAN_FLAGS" > > The SSL test scripts depend on precise versions of OpenSSL and GnuTLS. > Versions that are too old are missing some features and recent versions > have removed some features. Even some versions from Linux distributions > have removed obsolete algorithms that we're still testing. If you want > to pass all the tests on your machine, I recommend that you install them > from source. There's a list of the versions we use on our CI at > https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/ . > > When you're debugging, it's useful to run a single test case or a small > number of test cases with ssl-opt -f 'regexp' . The logs are in > tests/o-cli-<number>.log and tests/o-srv-<number>.log . > > Hope this helps. > > -- > Gilles Peskine > Mbed TLS developer > > On 10/02/2021 10:17, Gábor Tóth via mbed-tls wrote: > > Hello Guys! > > > > I am working on an update of MBEDTLS that will support AuthorityKeyId > > and SubjetKeyId V3 extensions of X509. I have created a pull request, > > but I have not been able to solve the issues on Travis: > > https://github.com/ARMmbed/mbedtls/pull/4117 > > > > As I see the problems are: memory leakage and the failure of two tests > > suites. > > I tried to run these suites and a memory leakage check on my host > > machine, but the .sh scripts are just flashing once and disappearing > > in a few seconds after catching some kind of exception. > > > > I have Python2, Perl, Mingw64 (with gcc) installed and added to the > > Path. These commands are working: > > - make CC=gcc > > - make tests > > All the 87 tests pass. > > > > Tried running ssl-opt.sh without arguments and with "-m", but it exits > > after a few lines. > > > > Do you have any idea what I am missing? It would make the work much > > easier if I could run the testsuites reproducing the error and if I > > could find the memory leaks. > > > > Thank you in advance! > > > > BR, > > Gábor > > > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 2 months

1
0
0 0

Re: [mbed-tls] X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gilles Peskine

Hi Gábor, Thank you for contributing to Mbed TLS! For the memory leaks, compile with ASan(+UBSan): export ASAN_OPTIONS='symbolize=1' # also export ASAN_SYMBOLIZER_PATH=/path/to/llvm-symbolizer if it's not found automatically export ASAN_FLAGS='-O2 -fsanitize=address,undefined -fno-sanitize-recover=all' make CFLAGS="$ASAN_FLAGS" LDFLAGS="$ASAN_FLAGS" The SSL test scripts depend on precise versions of OpenSSL and GnuTLS. Versions that are too old are missing some features and recent versions have removed some features. Even some versions from Linux distributions have removed obsolete algorithms that we're still testing. If you want to pass all the tests on your machine, I recommend that you install them from source. There's a list of the versions we use on our CI at https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/ . When you're debugging, it's useful to run a single test case or a small number of test cases with ssl-opt -f 'regexp' . The logs are in tests/o-cli-<number>.log and tests/o-srv-<number>.log . Hope this helps. -- Gilles Peskine Mbed TLS developer On 10/02/2021 10:17, Gábor Tóth via mbed-tls wrote: > Hello Guys! > > I am working on an update of MBEDTLS that will support AuthorityKeyId > and SubjetKeyId V3 extensions of X509. I have created a pull request, > but I have not been able to solve the issues on Travis: > https://github.com/ARMmbed/mbedtls/pull/4117 > > As I see the problems are: memory leakage and the failure of two tests > suites. > I tried to run these suites and a memory leakage check on my host > machine, but the .sh scripts are just flashing once and disappearing > in a few seconds after catching some kind of exception. > > I have Python2, Perl, Mingw64 (with gcc) installed and added to the > Path. These commands are working: > - make CC=gcc > - make tests > All the 87 tests pass. > > Tried running ssl-opt.sh without arguments and with "-m", but it exits > after a few lines. > > Do you have any idea what I am missing? It would make the work much > easier if I could run the testsuites reproducing the error and if I > could find the memory leaks. > > Thank you in advance! > > BR, > Gábor >

4 years, 2 months

1
0
0 0

X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gábor Tóth

Hello Guys! I am working on an update of MBEDTLS that will support AuthorityKeyId and SubjetKeyId V3 extensions of X509. I have created a pull request, but I have not been able to solve the issues on Travis: https://github.com/ARMmbed/mbedtls/pull/4117 As I see the problems are: memory leakage and the failure of two tests suites. I tried to run these suites and a memory leakage check on my host machine, but the .sh scripts are just flashing once and disappearing in a few seconds after catching some kind of exception. I have Python2, Perl, Mingw64 (with gcc) installed and added to the Path. These commands are working: - make CC=gcc - make tests All the 87 tests pass. Tried running ssl-opt.sh without arguments and with "-m", but it exits after a few lines. Do you have any idea what I am missing? It would make the work much easier if I could run the testsuites reproducing the error and if I could find the memory leaks. Thank you in advance! BR, Gábor

4 years, 2 months

1
0
0 0

mbedtls_rsa_private execution time on stm32f417

by Dmitry X

Hi, im using mbedtls 2.7.17 in my project on stm32f417 (168Mhz) with config similar to config-mini-tls1_1.h for server HTTPS support (Keil). mbedtls_rsa_private is executed ~19seconds on key_exchange phase on browser connection. I’m use default embedded test RSA ca, cert and pkey. Compilation with speed optimization and without not signaficantly reduces this time. Is it normal time of caclulation or something wrong with my platform? I’m expected about 1-2s, not 19..How can i reduce execution time as an expected? Thanks. #ifndef MBEDTLS_CONFIG_H #define MBEDTLS_CONFIG_H /* System support */ #define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME /* mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_PKCS1_V15 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_1 /* mbed TLS modules */ #define MBEDTLS_AES_C #define MBEDTLS_ASN1_PARSE_C #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_DES_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_MD_C #define MBEDTLS_MD5_C //#define MBEDTLS_NET_C #define MBEDTLS_OID_C #define MBEDTLS_PK_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C #define MBEDTLS_SHA256_C //#define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_SRV_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_USE_C /* For test certificates */ #define MBEDTLS_BASE64_C #define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C /* For testing with compat.sh */ //#define MBEDTLS_FS_IO #define MBEDTLS_NO_PLATFORM_ENTROPY #include "mbedtls/check_config.h" #endif /* MBEDTLS_CONFIG_H */ -- Dmitry X

4 years, 2 months

1
0
0 0

3.0 plans: remove the RSA key mutex

by Gilles Peskine

Hello, RSA key objects include a mutex. `mbedtls_rsa_private` locks the mutex because it caches some auxiliary values used for blinding in the key object. (`mbedtls_rsa_public` also locks the mutex but it seems pointless.) This allows applications to create a key (this must be done in a single-threaded way), then use that key concurrently. This feature has a number of downsides. From a high-level architectural perspective, the RSA module is a low-level part of the code dedicated to peforming calculations; managing concurrency is outside its scope. The presence of the mutex complicates the lifecycle of RSA contexts, leading to unmet expectations (https://github.com/ARMmbed/mbedtls/issues/2621) and bugs on certain platforms (https://github.com/ARMmbed/mbedtls/pull/4104). ECC contexts do not have a mutex, even though they would need one, so a multithreaded application that works with RSA keys can't easily be changed to ECC keys. As a consequence, I propose to remove mutexes from RSA keys in Mbed TLS 3.0. Applications that currently rely on the mutex should either migrate to the PSA API or wrap an RSA object (or a pk object, which would allow algorithm agility) in a mutex. This proposal is also recorded with more details at https://github.com/ARMmbed/mbedtls/issues/4124 . -- Gilles Peskine Mbed TLS developer

4 years, 2 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Gilles Peskine

Hi Frank, Support for HSM keys in Mbed TLS is a work in progress. The way it will work eventually is by plugging an HSM driver under the PSA crypto API, which supports both transparent and opaque keys. The TLS code can already use the PSA crypto API for some things, including client signature. Enable MBEDTLS_USE_PSA_CRYPTO, call mbedtls_pk_setup_opaque() to create a PK object for the key, and declare the key to the TLS code with mbedtls_ssl_conf_own_cert() as usual. To create the key, you will need to write a PKCS#11 secure element driver. ("Secure element" = "HSM" for this purpose.) I think it would make sense to have one in Mbed TLS, but I don't know when we might get around to writing one. There are two secure element driver interfaces in Mbed TLS right now: MBEDTLS_PSA_CRYPTO_SE_C (dynamic secure element interface) and MBEDTLS_PSA_CRYPTO_DRIVERS (unified driver interface). Both are still experimental: we can't guarantee API stability at this stage. MBEDTLS_PSA_CRYPTO_SE_C was the first proposal, and its development is currently frozen and may be abandonned, so I don't recommend investing any effort in it at the moment, but if you need something fast (e.g. for a demo/proof-of-concept), it's your best bet. MBEDTLS_PSA_CRYPTO_DRIVERS is the way of the future, but it's an active work in progress. If you're creating the key from your application, just call psa_generate_key. If the key was provisioned externally, it's unfortunately not so easy. With MBEDTLS_PSA_CRYPTO_SE_C, you can register a key that's already present in the secure element with mbedtls_psa_register_se_key(). The corresponding facility in the MBEDTLS_PSA_CRYPTO_DRIVERS interface is a "get_builtin_key" entry point, but this is not implemented yet. (There's a prototype at https://github.com/ARMmbed/mbedtls/pull/3822 but nobody is working on it. The specification is in docs/proposed/psa-driver-interface.md.) There's an example application with a MBEDTLS_PSA_CRYPTO_SE_C driver at https://github.com/ARMmbed/mbed-os-example-atecc608a . We don't have example code for MBEDTLS_PSA_CRYPTO_DRIVERS yet, or good documentation, or an easy-to-use build system — those are still a few months in the future. If you write a driver in the next few months, I recommend that you stay in touch with the Mbed TLS development team and follow the development branch of Mbed TLS closely, since it's a very active area of development at the moment. -- Gilles Peskine Mbed TLS developer On 06/02/2021 16:59, Frank Bergmann via mbed-tls wrote: > Hi, > > I want to use PKCS#11 with mbed TLS... > > - cross platform: Windows, mobile device (e.g. Android), *nix > - on *client* side > - to create keys (for certs) and store private keys in an HSM (could also be e.g. softhsm as fallback) > > How to "integrate" PKCS#11 with mbed TLS and achieve those requirements? > > > cheers, > Frank >

4 years, 2 months

1
0
0 0

Re: [mbed-tls] DTLS Mutual authentication

by Manuel Pegourie-Gonnard

Dear Farhad, Sure, the thing you need to do is to call mbedtls_ssl_conf_authmode( conf, MBEDTLS_SSL_VERIFY_REQUIRED ) where conf is the ssl_config of the server. For more details, see that function's documentation (in ssl.h). For an example, see the command-line option auth_mode in programs/ssl/ssl_server2.c. Hope this helps! Best regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of saghili via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 05 February 2021 17:34 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] DTLS Mutual authentication Dear, I would like to have mutual authentication using dtls_client.c and dtls_server.c examples. In the current version of the example, the client does not send his own certificate and the server does not verify the certificate of the client. Could you please provide me the changes that I need to make in both dtls_client.c and dtls_server.c examples? Best regards, Farhad -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 2 months

1
0
0 0

Use PKCS#11 and mbed TLS

by Frank Bergmann

Hi, I want to use PKCS#11 with mbed TLS... - cross platform: Windows, mobile device (e.g. Android), *nix - on *client* side - to create keys (for certs) and store private keys in an HSM (could also be e.g. softhsm as fallback) How to "integrate" PKCS#11 with mbed TLS and achieve those requirements? cheers, Frank

4 years, 2 months

1
0
0 0

DTLS Mutual authentication

by saghili

Dear, I would like to have mutual authentication using dtls_client.c and dtls_server.c examples. In the current version of the example, the client does not send his own certificate and the server does not verify the certificate of the client. Could you please provide me the changes that I need to make in both dtls_client.c and dtls_server.c examples? Best regards, Farhad

4 years, 3 months

1
0
0 0

Re: [mbed-tls] [Mbed-tls-announce] Mbed TLS 3.0 plans

by Dave Rodgman

Hello, We've now created the branch to allow Mbed TLS 3.0 development to begin. Mbed TLS 3.0 development will take place on development_3.0 in the short term. Mbed TLS 2.x development will continue on development. We'll regularly merge changes to development into development_3.0 so that they stay aligned. At the point of the release of Mbed TLS 2.26, we will rename development to become mbedtls-2.26 and rename development_3.0 to become development, so that the focus for new work becomes the upcoming Mbed TLS 3.0 release. Regards, Dave Rodgman On 17/12/2020, 10:04, "Mbed-tls-announce on behalf of Dave Rodgman via Mbed-tls-announce" <mbed-tls-announce-bounces(a)lists.trustedfirmware.org on behalf of Mbed-tls-announce(a)lists.trustedfirmware.org> wrote: Hello, We are planning to release Mbed TLS 3.0 around June 2021, alongside an LTS release of Mbed TLS 2.x. Our major version numbers indicate API breaking changes, and this is no exception: Mbed TLS 3.0 will have changes that make it incompatible with 2.x (as an obvious example, functions that are deprecated in 2.x will be removed). In setting a near-term release date, we have chosen some key areas that we want to focus on for 3.0. Some other API-breaking items (i.e., those requiring significant design time) won't make the cut and we will hold those back for a future major version, in order to have time to get them right. The main focus for 3.0 will be reduction in API surface, and changes that are low-impact for almost everyone. Work towards 3.0 will start in late January, on the development branch which will contain a public work-in-progress view of Mbed TLS 3.0. Any work for 2.x in this timeframe will take place on a separate branch (provisionally named like "mbedtls-2.x"). During the 3.0 development period, bug fixes and security fixes will continue to be a priority, but we will have slightly less capacity for other features. While 3.0 is in development, any new features will by default be landed in 3.0 only, unless there is a strong case for back-porting to 2.x. The 2.x LTS branches will still be supported with bug fixes and security fixes for the normal three year lifetime (i.e., the final LTS release of 2.x in mid-2021 will be supported until mid-2024). In terms of content, we are taking a cautious approach to what we plan for 3.0. In the past we've been ambitious here and as a result, have slipped on the release date; by being cautious on feature set we can be confident about hitting the mid-year release date. We won't try to make all of the changes that would be nice-to-have; instead, we will focus on tasks that reduce maintenance, unlock other improvements in a 3.x timeframe, are still valuable if only partially completed, and can fit within this time frame. Currently we're looking at the following areas for 3.0: * Reduce the public surface of the API * Clean-up existing APIs * Changes to default options Regards Dave Rodgman -- Mbed-tls-announce mailing list Mbed-tls-announce(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls-announce

4 years, 3 months

1
0
0 0

Re: [mbed-tls] mbed-tls Digest, Vol 11, Issue 7 ENTROPY_SOURCE_FAILED :0x0034

by T V LIJIN (EXT)

Hi, As suggested by @Gilles Peskine , I did try enabling MBEDTLS_ENTROPY_FORCE_SHA256 , but even after enabling this mbedtls_ctr_drbg_seed was still returning 0X0034 (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED ), please note that I'm using NVRAM for Seeding. I'm attaching my config.h file along with this mail for you reference. PFA -----Original Message----- From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> On Behalf Of mbed-tls-request(a)lists.trustedfirmware.org Sent: Thursday, January 28, 2021 1:19 AM To: mbed-tls(a)lists.trustedfirmware.org Subject: mbed-tls Digest, Vol 11, Issue 7 This message is from an external sender. Be cautious, especially with links and attachments. Send mbed-tls mailing list submissions to mbed-tls(a)lists.trustedfirmware.org To subscribe or unsubscribe via the World Wide Web, visit https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… or, via email, send a message with subject or body 'help' to mbed-tls-request(a)lists.trustedfirmware.org You can reach the person managing the list at mbed-tls-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of mbed-tls digest..." Today's Topics: 1. Re: ENTROPY_SOURCE_FAILED :0x0034 (Gilles Peskine) 2. Re: Reduce mbedTLS memory and storage footprint (Gilles Peskine) ---------------------------------------------------------------------- Message: 1 Date: Wed, 27 Jan 2021 20:36:18 +0100 From: Gilles Peskine <gilles.peskine(a)arm.com> To: mbed-tls(a)lists.trustedfirmware.org Subject: Re: [mbed-tls] ENTROPY_SOURCE_FAILED :0x0034 Message-ID: <9fcd3d55-ad54-05cf-63f9-7f3d09f3ee0d(a)arm.com> Content-Type: text/plain; charset=windows-1252 Hello, The entropy module uses a hash to mix the entropy. It uses SHA-512 if present and SHA-256 otherwise. Depending on the hash function, the entropy module can return either up to 64 bytes (SHA-512) or 32 bytes (SHA-256). The CTR_DRBG module knows about this and requests only 32 bytes at a time if the entropy module only delivers 32 bytes at a time. It looks like something goes wrong when CTR_DRBG tries to request 64 bytes. This could be, for example, because a buffer is too small somewhere, or because of a limitation of the entropy source. You would need to debug the call to mbedtls_entropy_func to know more. As a workaround, you can enable MBEDTLS_ENTROPY_FORCE_SHA256. Then the entropy module will use SHA-256 (even if MBEDTLS_SHA512_C is enabled) and only return 32 bytes at a time, and CTR_DRBG understands this and will only request 32 bytes. -- Gilles Peskine Mbed TLS developer On 27/01/2021 06:08, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > After enabling *MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* , > /mbedtls_ctr_drbg_seed/ is returning *0x0034 > */(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED)/ > But if I just enable *MBEDTLS_NO_PLATFORM_ENTROPY* and keep > *MBEDTLS_SHA512_C* disabled, it does not return any error for > /mbedtls_ctr_drbg_seed./ / / My project uses certificates with SHA384 > signature, so it requires***MBEDTLS_SHA512_C *to be enabled. > /*MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* /both needs to be > enabled in my project , but Iam facing issue with > mbedtls_ctr_drbg_seed returning 0x0034. Please guide me on this. What > might be the reason for mbedtls_ctr_drbg_seed to fail while > enabling/////*MBEDTLS_SHA512_C.*///// > How to overcome this issue? > > > Thanks, > LIJIN T V > ------------------------------ Message: 2 Date: Wed, 27 Jan 2021 20:48:27 +0100 From: Gilles Peskine <gilles.peskine(a)arm.com> To: mbed-tls(a)lists.trustedfirmware.org Subject: Re: [mbed-tls] Reduce mbedTLS memory and storage footprint Message-ID: <b59f3e91-ae60-fae6-5fca-402894b0a890(a)arm.com> Content-Type: text/plain; charset=windows-1252 Hello, The most important thing is to make sure you've disabled all the features you don't need in config.h. The default configuration enables most cryptographic mechanisms, but typical constrained systems usually only need a few. If your toolchain supports it, use link-time optimization (e.g. gcc -Os -flto or clang -Oz -flto). I've seen that this makes a significant improvement for Mbed TLS (I got -30% on one build, obviously the numbers depend heavily on the configuration and the compiler). (In contrast LTO when optimizing for performance doesn't seem to improve anything.) MBEDTLS_MPI_WINDOW_SIZE, MBEDTLS_MPI_MAX_SIZE and MBEDTLS_ECP_MAX_BITS only impact memory usage (stack and heap), not code size. -- Gilles Peskine Mbed TLS developer On 27/01/2021 05:36, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > I'm trying to optimize the size of my binary file by making the > following changes in "*mbedtls/config.h*" > > #define MBEDTLS_MPI_WINDOW_SIZE 1 > #define MBEDTLS_MPI_MAX_SIZE 32 > #define MBEDTLS_ECP_MAX_BITS 256 > #define MBEDTLS_SHA256_SMALLER > > Even after making the above changes I couldn't see any change in the > binary size. > https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftls. > mbed.org%2Fkb%2Fhow-to%2Freduce-mbedtls-memory-and-storage-footprint&a > mp;data=04%7C01%7Clijin.tv%40kone.com%7C1a138332ca084342827b08d8c2fc9d > b9%7C2bb82c642eb143f78862fdc1d2333b50%7C0%7C0%7C637473737538267015%7CU > nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1ha > WwiLCJXVCI6Mn0%3D%7C1000&sdata=ql17fsSC0eX7Hq5ofrsWAe%2BEenOc2piLq > 4jBix%2Bjr20%3D&reserved=0 > - This is the link I referred to follow the above-mentioned steps. > Is there anything else I can try to reduce my final binary file size > (ROM size) ? > > > Thanks, > LIJIN T V > ------------------------------ Subject: Digest Footer mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.tru… ------------------------------ End of mbed-tls Digest, Vol 11, Issue 7 ***************************************

4 years, 3 months

1
0
0 0

Re: [mbed-tls] Reduce mbedTLS memory and storage footprint

by Gilles Peskine

Hello, The most important thing is to make sure you've disabled all the features you don't need in config.h. The default configuration enables most cryptographic mechanisms, but typical constrained systems usually only need a few. If your toolchain supports it, use link-time optimization (e.g. gcc -Os -flto or clang -Oz -flto). I've seen that this makes a significant improvement for Mbed TLS (I got -30% on one build, obviously the numbers depend heavily on the configuration and the compiler). (In contrast LTO when optimizing for performance doesn't seem to improve anything.) MBEDTLS_MPI_WINDOW_SIZE, MBEDTLS_MPI_MAX_SIZE and MBEDTLS_ECP_MAX_BITS only impact memory usage (stack and heap), not code size. -- Gilles Peskine Mbed TLS developer On 27/01/2021 05:36, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > I'm trying to optimize the size of my binary file by making the > following changes in "*mbedtls/config.h*" > > #define MBEDTLS_MPI_WINDOW_SIZE 1 > #define MBEDTLS_MPI_MAX_SIZE 32 > #define MBEDTLS_ECP_MAX_BITS 256 > #define MBEDTLS_SHA256_SMALLER > > Even after making the above changes I couldn't see any change in the > binary size. > https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint > - This is the link I referred to follow the above-mentioned steps. > Is there anything else I can try to reduce my final binary file size > (ROM size) ? > > > Thanks, > LIJIN T V >

4 years, 3 months

1
0
0 0

Re: [mbed-tls] ENTROPY_SOURCE_FAILED :0x0034

by Gilles Peskine

Hello, The entropy module uses a hash to mix the entropy. It uses SHA-512 if present and SHA-256 otherwise. Depending on the hash function, the entropy module can return either up to 64 bytes (SHA-512) or 32 bytes (SHA-256). The CTR_DRBG module knows about this and requests only 32 bytes at a time if the entropy module only delivers 32 bytes at a time. It looks like something goes wrong when CTR_DRBG tries to request 64 bytes. This could be, for example, because a buffer is too small somewhere, or because of a limitation of the entropy source. You would need to debug the call to mbedtls_entropy_func to know more. As a workaround, you can enable MBEDTLS_ENTROPY_FORCE_SHA256. Then the entropy module will use SHA-256 (even if MBEDTLS_SHA512_C is enabled) and only return 32 bytes at a time, and CTR_DRBG understands this and will only request 32 bytes. -- Gilles Peskine Mbed TLS developer On 27/01/2021 06:08, T V LIJIN (EXT) via mbed-tls wrote: > Hi, > After enabling *MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* , > /mbedtls_ctr_drbg_seed/ is returning *0x0034 > */(MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED)/ > But if I just enable *MBEDTLS_NO_PLATFORM_ENTROPY* and keep > *MBEDTLS_SHA512_C* disabled, it does not return any error for > /mbedtls_ctr_drbg_seed./ > / > / > My project uses certificates with SHA384 signature, so it > requires***MBEDTLS_SHA512_C *to be enabled. > /*MBEDTLS_NO_PLATFORM_ENTROPY* and*MBEDTLS_SHA512_C* /both needs to be > enabled in my project , but Iam facing issue with > mbedtls_ctr_drbg_seed returning 0x0034. Please guide me on this. What > might be the reason for mbedtls_ctr_drbg_seed to fail while > enabling/////*MBEDTLS_SHA512_C.*///// > How to overcome this issue? > > > Thanks, > LIJIN T V >

4 years, 3 months

1
0
0 0

ENTROPY_SOURCE_FAILED :0x0034

by T V LIJIN (EXT)

Hi, After enabling MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_SHA512_C , mbedtls_ctr_drbg_seed is returning 0x0034 (MBEDTLS_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED) But if I just enable MBEDTLS_NO_PLATFORM_ENTROPY and keep MBEDTLS_SHA512_C disabled, it does not return any error for mbedtls_ctr_drbg_seed. My project uses certificates with SHA384 signature, so it requires MBEDTLS_SHA512_C to be enabled. MBEDTLS_NO_PLATFORM_ENTROPY and MBEDTLS_SHA512_C both needs to be enabled in my project , but Iam facing issue with mbedtls_ctr_drbg_seed returning 0x0034. Please guide me on this. What might be the reason for mbedtls_ctr_drbg_seed to fail while enabling MBEDTLS_SHA512_C. How to overcome this issue? Thanks, LIJIN T V

4 years, 3 months

1
1
0 0

Reduce mbedTLS memory and storage footprint

by T V LIJIN (EXT)

Hi, I'm trying to optimize the size of my binary file by making the following changes in "mbedtls/config.h" #define MBEDTLS_MPI_WINDOW_SIZE 1 #define MBEDTLS_MPI_MAX_SIZE 32 #define MBEDTLS_ECP_MAX_BITS 256 #define MBEDTLS_SHA256_SMALLER Even after making the above changes I couldn't see any change in the binary size. https://tls.mbed.org/kb/how-to/reduce-mbedtls-memory-and-storage-footprint - This is the link I referred to follow the above-mentioned steps. Is there anything else I can try to reduce my final binary file size (ROM size) ? Thanks, LIJIN T V

4 years, 3 months

1
0
0 0

Devices acting as Both Client and Server

by saghili

Dear, In our project, our device should act as both client and server. Is it possible for both TLS and DTLS? If yes, how about the certificate? Do we need only 2 certs for this divice (one for the server role and one for the client role)? Best regards, Farhad

4 years, 3 months

1
0
0 0

Re: [mbed-tls] PKCS#7

by Gilles Peskine

Hello, There is work in progress by community members to implement PKCS#7 SignedData parsing and generation. https://github.com/ARMmbed/mbedtls/pull/3970 https://github.com/ARMmbed/mbedtls/pull/3431 Arm has no particular plans in this area, but if you need other parts of PKCS#7, we'd be happy to accept more contributions. We'll can't commit to doing any development, but we'll assist with submissions and review code as usual. -- Gilles Peskine Mbed TLS developer On 13/01/2021 07:31, Subramanian Gopi Krishnan via mbed-tls wrote: > > Hi, > > > > Is there a plan to support PKCS#7 Certificate in > future? We are work with rfc7030 service, which issues certificate in > PKCS#7 format. > > > > Thanks, > > Gopi Krishnan > >

4 years, 3 months

1
0
0 0

PKCS#7

by Subramanian Gopi Krishnan

Hi, Is there a plan to support PKCS#7 Certificate in future? We are work with rfc7030 service, which issues certificate in PKCS#7 format. Thanks, Gopi Krishnan

4 years, 3 months

1
0
0 0

Mbed TLS 2.7 end of support

by Dave Rodgman

This is a notice that Mbed TLS 2.7 will no longer be supported or maintained after February 5th 2021. Mbed TLS 2.7.0 was released on February 5th 2018 with a three year support period. The current version of Mbed TLS 2.7 is 2.7.18, which was released on December 11th 2020. There are no pending bug or security fixes, so unless new issues arise during the next month, there will not be another release of 2.7. We do not plan to merge any non-critical backports to 2.7 in the next month. We recommend that where practical, users upgrade to either 2.16, which will be supported until the end of 2021, or to the development branch, which will be released as an LTS in mid 2021, with an expected support period until mid 2024. Dave Rodgman

4 years, 4 months

1
0
0 0

Add support to delegate cert verification to application

by Junqi Wang

Hi, Hanno suggested me to post our discussion here: We use mbedtls in Facebook family apps. One of missing features is the ability to delegate cert verification to application. Hanno has pointed us to a similar ask in https://github.com/ARMmbed/mbedtls/pull/2091 We implemented cert verification process in Android/java and iOS/objective-C. Having this feature enables us to use the OS module for cert verification. The motivation is reduced maintenance cost. Some mobile APPs use OS TLS stack (rather than bundle mbedtls or openssl in the binary), so we have to maintain our OS-specific cert verification modules anyways. It’ll be ideal if we only keep the Android and iOS implementations as source of truth. Any thoughts on supporting this? Thanks, Junqi

4 years, 4 months

1
0
0 0

DTLS Connection-ID update - potential issue for large-scale deployments

by Manuel Pegourie-Gonnard

Hi all, Back in June 2019, we added support for the experimental DTLS Connection ID extension in Mbed TLS 2.18.0. This extension makes it possible to keep a connection alive even when the client's connectivity changes (eg new IP address). Since this was based on a draft rather than an established standard, it is disabled in the default config, and the option to enable it comes with a warning about us not being able to make any stability promises. As it turns out, a couple of months ago an extension number was assigned by IANA for this extension, which is different from the one we picked up when implementing the draft, so we'll have to change that in a future version of Mbed TLS. This change is trivial to do but would break compatibility in the following sense: and old client and a new server (or a new client and a new server) would no longer be able to negotiate this extension; only old-old and new-new would work. (Thanks to Achim Kraus for bringing that to our attention by the way: https://github.com/ARMmbed/mbedtls/issues/3892 ) One obvious solution to that issue would be to make sure all users upgrade all the clients and the servers at the same time. This can probably be managed in a development/testing environment as well as some tightly controlled production environments, but is probably less suitable for large-scale deployments where clients and servers might not even be manged by the same party. So, before we plan this changed, we'll like to know if anyone already has a production deployment relying on Connection ID where updating all the clients and servers at the same time would not be an option. If that is the case, we may consider implementing a compatibility mode that would allow a server to negotiate use of the extension with both old and new clients. However, such compatibility code would be non-standard and a testing burden (not to mention, significantly more work that just updating the relevant #define), so that's something we'd like to avoid doing unless we know that there is an actual need for it. Please let us know what you think by replying to this email either on-list, or privately if you'd rather not share deployment information publicly (in that case, please mention it explicitly so that we know you didn't just forget to Cc the list). Thanks, Manuel

4 years, 4 months

1
0
0 0

Re: [mbed-tls] MBEDTLS issue I found

by Manuel Pegourie-Gonnard

Dear Xiao Nian Jun, Thanks for your response! Knowing the practical impact of the issue will help us prioritize it. Best regards, Manuel ________________________________ From: Xiao, Nian Jun <nianjun.xiao(a)siemens.com> Sent: 29 December 2020 02:43 To: Manuel Pegourie-Gonnard <Manuel.Pegourie-Gonnard(a)arm.com> Cc: He, Shu Shan <shushan.he(a)siemens.com>; Xia, Juan <juan.xia(a)siemens.com> Subject: RE: MBEDTLS issue I found Dear Manuel, Really appreciate for your quick and detail feedback. We think this is more like an interoperability issue, we found this issue during we developing webserver feature using MBEDTLS. Google Chrome treat such certificate as invalid. Follow below steps will reproduce this issue. 1. Generate a self-signed root certificate with ECC256 key.(using genKey and certWrite program of MBEDTLS) 2. Using above root certificate to sign a device certificate which also using ECC256 as its private key. (using genKey and certWrite program of MBEDTLS) 3. Install root certificate so Chrome can see it. 4. using Nginx or some other opensource web server, modify its configuration so it will use the device certificate and corresponding private key as the ciphers to setup TLS communication. 5. Open Chrome and visit default Nginx web page(or some other web server tools’ default web page), you can see Chrome won’t let user to continue because it treat the device certificate as invalid. 6. According to our test, Chrome has this issue, fire fox, IE, etc. doesn’t have this issue. 7. If I modify function mbedtls_asn1_write_algorithm_identifier like I said yesterday, Chrome will accept it and other browser also will accept it, happy life back again. Have a good day and looking for your feedback again! B.R. Xiao Nian Jun. From: Manuel Pegourie-Gonnard <Manuel.Pegourie-Gonnard(a)arm.com> Sent: Monday, December 28, 2020 9:23 PM To: mbed-tls(a)lists.trustedfirmware.org; Xiao, Nian Jun (RC-CN DI FA BL CTR-SL PRC2) <nianjun.xiao(a)siemens.com> Cc: He, Shu Shan (RC-CN DI FA BL CTR-SL PRC2) <shushan.he(a)siemens.com> Subject: Re: MBEDTLS issue I found Dear Xiao Nian Jun, Thanks for your kind words and for reporting this issue you found. I checked RFC 7427 and indeed while parameters must be present and NULL for all RSA algorithms, appendix A.3 is clear that they must be absent for ECDSA. Since RFC 7427 is about IKEv2 rather than about X.509 certificates, I also checked RFC 5480 (updating RFC 3279 which defines the X.509 profile used by the IETF), and it concurs: for ECDSA, parameters are absent (appendix A). Our behaviour is not conformant, and this should be fixed. Just to help us evaluate the severity of the issue, I'd like to know if this is something you found by inspecting the generated certificate yourself, or if it caused the generate certificate to be rejected by some other X.509 implementation or verification tool. Said otherwise, is this only a compliance issue, or also an interoperability issue? Regarding your fix, I think it works as long as you are only generating ECC-signed X.509 certificates, but as you suggest, I'm afraid it only fixes the problem by creating another one: it would suppress the NULL parameters for RSA as well, but unfortunately, they're mandatory there (I wish the standards were more consistent). So, we'll probably have to do something similar, but only for ECDSA. I was going to create a ticket for that in our bug tracker when I noticed we already have a ticket tracking that: https://github.com/ARMmbed/mbedtls/issues/2924 - Ill add a link to your message in the ticket. Thanks again for your report. Best regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org<mailto:mbed-tls-bounces@lists.trustedfirmware.org>> on behalf of Xiao, Nian Jun via mbed-tls <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Sent: 28 December 2020 03:24 To: mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Cc: He, Shu Shan <shushan.he(a)siemens.com<mailto:shushan.he@siemens.com>> Subject: [mbed-tls] MBEDTLS issue I found Dear MBEDTLS team, I’m a developer at SIEMENS, my name is Xiao Nian Jun. Please accept my sincere gratitude for your excellent work and to spend extra time to read my email. We are using MBEDTLS to generate ECC key and certificates, we found an issue regarding algorithm identifier in the final ASN.1 certificate. For certificate signed by ECC key, the algorithm identifier is “NULL” which doesn’t conforms to RFC7427 specification. [cid:image001.png@01D6DDC1.DCE8CFC0] You can see the “NULL” string in the certificate, Chrome will treat this kind of certificate as invalid. This issue has blocked us for a while, and after some investigation, we found an easy fix –- probably immature fix --- to make it works right--- we just commented out this line of code “MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_null( p, start ) )" in function mbedtls_asn1_write_algorithm_identifier. To be honesty, we’ve been using MBEDTLS for very short time, probably this is not an issue, probably our fix will end up break up something…currently, it’s just looks correct. Please check if my fix works or not, if not, please do not hesitate to correct me. B.R. Xiao Nian Jun.

4 years, 4 months

2
1
0 0

2025

2024

2023

2022

2021

2020

mbed-tls