- mbed-tls - lists.trustedfirmware.org

mbedtls_hmac_drbg_seed fails, returns MBEDTLS_ERR_ENTROPY_SOURCE_FAILED

by Thompson, Jeff

The call flow is mbedtls_hmac_drbg -> mbedtls_hmac_drbg_reseed -> mbedtls_entropy_func where the parameter, len, is 48 and MBEDTLS_ENTROPY_BLOCK_SIZE is 32. I see that mbedtls_hmac_drbg_seed sets ctx->entropy_len = entropy_len * 3 / 2, which explains the size difference. I've probably mis-configured (see attached) in order to use TLS-ECDHE-RSA-WITH-AES-128-CBC-SHA, because other ciphers take too long. Jeff Thompson | Senior Electrical Engineer-Firmware +1 704 752 6513 x1394 www.invue.com [cid:image001.gif@01D72ABA.56C4A310]

4 years, 5 months

1
0
0 0

Re: [mbed-tls] Mbed TLS mbedtls_ssl_config (struct) Question

by Manuel Pegourie-Gonnard

Hi Keith, Those are good questions, and the short answer is everything should work in a multi-threaded environment if Mbed TLS was built with threading support (for example, enabling MBEDTLS_THREADING_C and MBEDTLS_THREADING_PTHREAD in config.h). Now for some more details: regarding mbedtls_ssl_config, it is indeed treated as read-only by all function in the SSL/TLS module, except of course those functions that are explicitly meant to modify it (those whose name starts with mbedtls_ssl_conf_). So, if you set it up in the main thread and then use it in other threads, everything will be fine regarding the top-level structure itself (for sub-structures see below), regardless of whether threading support is enabled. For the DRBG contexts, you're right that each time we draw from them, they need to update their state. However, this is protected by a mutex if threading support was enabled at compile-time. A similar thing goes for private keys : RSA private keys are protected by a mutex if threading support is enabled (using them mutates state used for side-channel countermeasures), and ECDSA private keys are safe too. X.509 structures are always treated as read-only. Regarding documentation: we did recently expand the documentation on DRBGs: https://github.com/ARMmbed/mbedtls/commit/f305d92480c81c6eb02934a4e1af58152… Regarding SSL, I agree this should be better documented. If you'd like to open a PR to add documentation that would have answered your question, that would be very welcome. Regards, Manuel ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Keith Cancel via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 02 April 2021 06:43 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Mbed TLS mbedtls_ssl_config (struct) Question Hello, I hope this a simple question regarding mbedtls_ssl_config. So it seems this structure is meant to be shared/used for multiple connections. However, if I have multiple threads is it treated as a read only structure by all the library code, or does it update some state at times? Similar thing regarding the mbedtls_x509_crt struct and mbedtls_ctr_drbg_context which also seem to be added to the config when I setup the config. I was hoping that once set I don’t have to worry about any mutexs/locks being used by the library under the hood. Mainly, that once the configuration is set in the main thread it state is never updated again. What made me curious about this is the fact the RNG seems to be part of the configuration and a CPRNG will generally have state that needs to change. Moreover, I can’t really find a clear answer looking at the docs. Thanks, Keith Cancel -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 5 months

1
0
0 0

Mbed TLS mbedtls_ssl_config (struct) Question

by Keith Cancel

Hello, I hope this a simple question regarding mbedtls_ssl_config. So it seems this structure is meant to be shared/used for multiple connections. However, if I have multiple threads is it treated as a read only structure by all the library code, or does it update some state at times? Similar thing regarding the mbedtls_x509_crt struct and mbedtls_ctr_drbg_context which also seem to be added to the config when I setup the config. I was hoping that once set I don’t have to worry about any mutexs/locks being used by the library under the hood. Mainly, that once the configuration is set in the main thread it state is never updated again. What made me curious about this is the fact the RNG seems to be part of the configuration and a CPRNG will generally have state that needs to change. Moreover, I can’t really find a clear answer looking at the docs. Thanks, Keith Cancel

4 years, 5 months

1
0
0 0

MbedTLS handshark faild "The certificate is not correctly signed bythe trusted CA"

by chen

Hello, I run a client that has been ported MbedTLS, but the client connect server faild. I check the debug log, the end client state is 15. In the client state 3, the client receive only one certificate from server, and the log printing "Certificate verification flags 8". Here are part of logs: ..\MbedTLS\library\ssl_tls.c:4232: dumping 'input record from network' (4467 bytes) ..\MbedTLS\library\ssl_tls.c:4232: 0000: 16 03 03 11 6e 0b 00 11 6a 00 11 67 00 05 c2 30 ....n...j..g...0 ..\MbedTLS\library\ssl_tls.c:4232: 0010: -------- omit some network input data -------- ..\MbedTLS\library\ssl_tls.c:4232: 0ff0: 38 a0 36 a0 34 86 32 68 74 74 70 3a 2f 2f 63 72 8.6.4.2http://cr ..\MbedTLS\library\ssl_tls.c:3624: handshake message: msglen = 4462, type = 11, hslen = 4462 ..\MbedTLS\library\ssl_tls.c:4385: <= read record ..\MbedTLS\library\ssl_tls.c:5606: peer certificate #1: ..\MbedTLS\library\ssl_tls.c:5606: cert. version : 3 ..\MbedTLS\library\ssl_tls.c:5606: serial number : F0:57:5F:65:80:A9:70:B4:F9:8E:42:91:AE:D0:70:27 ..\MbedTLS\library\ssl_tls.c:5606: issuer name : C=GB, ST=Greater Manchester, L=Salford, O=Sectigo Limited, CN=Sectigo RSA Domain Validation Secure Server CA ..\MbedTLS\library\ssl_tls.c:5606: subject name : CN=*.xxxxxxxx.com ..\MbedTLS\library\ssl_tls.c:5606: issued on : 2020-06-01 00:00:00 ..\MbedTLS\library\ssl_tls.c:5606: expires on : 2021-05-26 23:59:59 ..\MbedTLS\library\ssl_tls.c:5606: signed using : RSA with SHA-256 ..\MbedTLS\library\ssl_tls.c:5606: RSA key size : 2048 bits ..\MbedTLS\library\ssl_tls.c:5606: basic constraints : CA=false ..\MbedTLS\library\ssl_tls.c:5606: subject alt name : *.xxxxxxxx.com, xxxxxxxx.com ..\MbedTLS\library\ssl_tls.c:5606: key usage : Digital Signature, Key Encipherment ..\MbedTLS\library\ssl_tls.c:5606: ext key usage : TLS Web Server Authentication, TLS Web Client Authentication ..\MbedTLS\library\ssl_tls.c:5606: value of 'crt->rsa.N' (2048 bits) is: ..\MbedTLS\library\ssl_tls.c:5606: af b7 73 1a f9 8a 2d 5e a2 e8 0f fd 89 5d 60 1d ..\MbedTLS\library\ssl_tls.c:5606: -------- omit some bits -------- ..\MbedTLS\library\ssl_tls.c:5606: e6 8e f8 3e ed ec 8e dd ec 46 48 85 9a b4 c8 71 ..\MbedTLS\library\ssl_tls.c:5606: value of 'crt->rsa.E' (17 bits) is: ..\MbedTLS\library\ssl_tls.c:5606: 01 00 01 ..\MbedTLS\library\ssl_tls.c:5757: x509_verify_cert() returned -9984 (-0x2700) ..\MbedTLS\library\ssl_tls.c:5851: ! Certificate verification flags 8 ..\MbedTLS\library\ssl_tls.c:5863: <= parse certificate At the client side, I download certificate of server, and get CA and root CA base on this certificate. Loading any one of these certificates into the client can't connect server. I did a test with another server. The different of the handshark is that the server issued two certificates, one is server's cert and another is CA cert. Loading CA or root CA into the client both can connect server successfully. problems: 1. Must the server send CA certificate in handshake phase? 2. The client holds CA certificate, dose MbedTLS client support downloading CA base on server's certificate? 3. In the source code, the certificate chain only contains the certificate issued by the server during handshake, not the CA certificate downloaded by the client according to the server certificate? Thank you very much for the answers. Best regards, berry chen

4 years, 5 months

1
0
0 0

Re: [mbed-tls] C/assembly option

by Gilles Peskine

Hi Raoul, Do I understand correctly that the problem with Mbed TLS as it is now is that you need MBEDTLS_HAVE_ASM enabled for AESNI and disabled for bignum? Would you want even more granularity? In principle, we could create a new compile-time option MBEDTLS_MPI_ASM, defaulting to what it does now (enabled if MBEDTLS_HAVE_ASM if the platform is one of the known ones) but overridable in either direction. However I don't like it much because we're trying to cut down on compilation options to reduce the maintenance burden: each compilation option adds complexity which makes it harder to understand all interactions between different parts of the library, and adds some testing burden. Symmetric and asymmetric crypto are mostly decoupled, so this one wouldn't be too bad, but it all adds up. In the long term, I expect that the different cryptographic algorithms will become more decoupled, with a possibility to treat each one as a black box that could be implemented by a hardware driver, and with a uniform mechanism to select drivers (or maybe they should be called engines). The evolution of the crypto part of the library to PSA is going in this direction. But we aren't there yet. Sorry that I don't have a more satisfying answer here. -- Gilles Peskine Mbed TLS developer On 31/03/2021 09:13, Raoul Strackx via mbed-tls wrote: > Hi all, > > We have a product that requires very strong security measures. When > compiling the mbedtls library, we face the following issue: Compiling C > code with LVI-mitigations is often much faster than relying on automatic > LVI mitigations on assembly code. The MPI functions are a good example > where we wish to rely on C source code. For other functions, we need to > rely on assembly code in order to mitigate other vulnerabilities (e.g., > we require AESNI assembly instructions over C implementations of AES). > Currently there isn't an option to choose between C/assembly per function. > > What would be an acceptable solution for this? > > greetings, > > Raoul > > >

4 years, 5 months

1
0
0 0

Minimum development environment: 2021 edition

by Gilles Peskine

Hello, In a nutshell: 1. Must Mbed TLS support Python 3.4 to configure and test, or can 3.6 be enough? 2. Must the supplied CMake scripts support 2.8.12.2, or can 3.5.2 be enough? This thread is about minimum tool versions to configure, build and test Mbed TLS (excluding TLS interoperability testing and some maintainer scripts) on Linux and similar (Unix-like) platforms. (This is not about the set of platforms where Mbed TLS will _run_, which is as close to “anything with CHAR_BIT==8 and sizeof(size_t) >= 4” as we can make it.) Our general guideline is that Mbed TLS should build out of the box on supported versions of major desktop and server operating systems. In practice, this has tended to mean supporting tool versions from RHEL/CentOS, SLES and Ubuntu LTS releases (but not necessarily extended security maintenance releases). Last year (https://lists.trustedfirmware.org/pipermail/mbed-tls/2020-April/thread.html) we concluded that we should support the following minimum versions, which will remain supported in the Mbed TLS 2.16 long-time support (LTS) branch: clang 3.8 cmake 2.8.12.2 gcc 4.4 make 3.81 python 3.4 (in 2.16: only to build the unit tests, not to configure) Since then, RHEL 6 and Ubuntu 16.04 have reached their end of life, the CentOS world has changed considerably. Looking at maintained platforms after April 2021 (https://github.com/ARMmbed/mbedtls/issues/2896#issuecomment-603471273), our current goal for the upcoming Mbed TLS 2.x LTS (last release before 3.0) is: clang 6.0 cmake 2.8.12.2 (or 3.5.2? or 3.10.2?) gcc 4.8 make 3.82 python 3.6 (or 3.4.10?) Regarding Python: is there any demand for supporting Python versions older than 3.6? Python 3 is required to fine-tune the library configuration (it is not needed if you use the default config.h or a handwritten one) and build the unit tests. Regarding CMake: it is increasingly problematic for us to support CMake 2.8.12, which is only required for RHEL 7: other distributions under consideration have at least CMake 3.5. There is an ongoing effort to improve our CMake scripts to make it easier to integrate Mbed TLS into a larger project, but it is difficult to preserve backward compatibility with 2.8.12. Would it be acceptable to require CMake >= 3.5? CMake >= 3.10.2? If you have any constraints that are not captured here or if you have an opinion regarding Python and CMake versions, please let us know quickly. -- Gilles Peskine Mbed TLS developer

4 years, 5 months

1
0
0 0

C/assembly option

by Raoul Strackx

Hi all, We have a product that requires very strong security measures. When compiling the mbedtls library, we face the following issue: Compiling C code with LVI-mitigations is often much faster than relying on automatic LVI mitigations on assembly code. The MPI functions are a good example where we wish to rely on C source code. For other functions, we need to rely on assembly code in order to mitigate other vulnerabilities (e.g., we require AESNI assembly instructions over C implementations of AES). Currently there isn't an option to choose between C/assembly per function. What would be an acceptable solution for this? greetings, Raoul

4 years, 5 months

1
0
0 0

Mbed TLS releases: 2.26.0, 2.16.10 and 2.7.19

by Dave Rodgman

Hi Mbed TLS users, We have released Mbed TLS versions 2.7.19, 2.16.10 and 2.26.0. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.26.0, https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.16.10, https://github.com/ARMmbed/mbedtls/releases/tag/mbedtls-2.7.19). We recommend all users to consider whether they are impacted, and to upgrade appropriately. Please note that there will be no further releases on the 2.7 branch, as this is now out of the three year support period. Dave Rodgman

4 years, 6 months

1
0
0 0

OCSP

by Giuseppe Modugno

Is there any support for OCSP stapling in mbedTLS? Is there any roadmap for implementing it?

4 years, 6 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Gilles Peskine

Also, if you're looking for a hardware platform with PSA Crypto drivers, Silicon Labs has one available. They've been participating in Mbed TLS development recently and a large part of the driver support code added in the past few months comes from them. You can see the documentation of their development kit at https://docs.silabs.com/mbed-tls/latest/ . (If you want to know about getting sample hardware and driver code … I'm not the right person to ask.) -- Gilles Peskine On 24/02/2021 22:26, Gilles Peskine via mbed-tls wrote: > Hi Frank, > > I'm not sure what you're looking for. Do you mean open source projects > like Curl and Hiawatha that can use Mbed TLS as a cryptography provider? > Those are generally using the classic API, and so can't make generic use > of secure elements. I am aware of private projects using the limited > features available today (for example, TLS servers can use async private > key operations to put the key in an HSM — see > https://tls.mbed.org/kb/how-to/ssl_async). > > I've used SoftHSM in the past as a way to test portable PKCS#11 client > code without hardware. It did the job well. I can't speak for the > quality of its cryptography since I was only using it for testing. > > If you're looking for a generic interface between applications and > secure elements, then I would recommend PSA crypto over PKCS#11. We did > try to make PSA Crypto a better PKCS#11. Obviously I'm biased :) But of > course PKCS#11 is old and venerable, whereas PSA is new and the support > for hardware secure elements is still a work in progress. >

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Gilles Peskine

Hi Frank, I'm not sure what you're looking for. Do you mean open source projects like Curl and Hiawatha that can use Mbed TLS as a cryptography provider? Those are generally using the classic API, and so can't make generic use of secure elements. I am aware of private projects using the limited features available today (for example, TLS servers can use async private key operations to put the key in an HSM — see https://tls.mbed.org/kb/how-to/ssl_async). I've used SoftHSM in the past as a way to test portable PKCS#11 client code without hardware. It did the job well. I can't speak for the quality of its cryptography since I was only using it for testing. If you're looking for a generic interface between applications and secure elements, then I would recommend PSA crypto over PKCS#11. We did try to make PSA Crypto a better PKCS#11. Obviously I'm biased :) But of course PKCS#11 is old and venerable, whereas PSA is new and the support for hardware secure elements is still a work in progress. -- Gilles Peskine Mbed TLS developer and PSA Crypto architect On 21/02/2021 17:11, Frank Bergmann via mbed-tls wrote: > Hi Gilles, > > thank you for your detailled answer. > Honestly I was in fear that your answer would look like this. ;-) > > Do you maybe know of any plans of any software project to use mbed TLS > together with a secure element? > > I asked SoftHSM because it looks much promising for our goals but they > answered that they don't have any plans to use different ssl libs. > > > cheers, > Frank > > > On 08.02.21 23:07, Gilles Peskine via mbed-tls wrote: >> Hi Frank, >> >> Support for HSM keys in Mbed TLS is a work in progress. The way it will >> work eventually is by plugging an HSM driver under the PSA crypto API, >> which supports both transparent and opaque keys. >> >> The TLS code can already use the PSA crypto API for some things, >> including client signature. Enable MBEDTLS_USE_PSA_CRYPTO, call >> mbedtls_pk_setup_opaque() to create a PK object for the key, and declare >> the key to the TLS code with mbedtls_ssl_conf_own_cert() as usual. >> >> To create the key, you will need to write a PKCS#11 secure element >> driver. ("Secure element" = "HSM" for this purpose.) I think it would >> make sense to have one in Mbed TLS, but I don't know when we might get >> around to writing one. >> >> There are two secure element driver interfaces in Mbed TLS right now: >> MBEDTLS_PSA_CRYPTO_SE_C (dynamic secure element interface) and >> MBEDTLS_PSA_CRYPTO_DRIVERS (unified driver interface). Both are still >> experimental: we can't guarantee API stability at this stage. >> MBEDTLS_PSA_CRYPTO_SE_C was the first proposal, and its development is >> currently frozen and may be abandonned, so I don't recommend investing >> any effort in it at the moment, but if you need something fast (e.g. for >> a demo/proof-of-concept), it's your best bet. MBEDTLS_PSA_CRYPTO_DRIVERS >> is the way of the future, but it's an active work in progress. >> >> If you're creating the key from your application, just call >> psa_generate_key. If the key was provisioned externally, it's >> unfortunately not so easy. With MBEDTLS_PSA_CRYPTO_SE_C, you can >> register a key that's already present in the secure element with >> mbedtls_psa_register_se_key(). The corresponding facility in the >> MBEDTLS_PSA_CRYPTO_DRIVERS interface is a "get_builtin_key" entry point, >> but this is not implemented yet. (There's a prototype at >> https://github.com/ARMmbed/mbedtls/pull/3822 but nobody is working on >> it. The specification is in docs/proposed/psa-driver-interface.md.) >> >> There's an example application with a MBEDTLS_PSA_CRYPTO_SE_C driver at >> https://github.com/ARMmbed/mbed-os-example-atecc608a . We don't have >> example code for MBEDTLS_PSA_CRYPTO_DRIVERS yet, or good documentation, >> or an easy-to-use build system — those are still a few months in the future. >> >> If you write a driver in the next few months, I recommend that you stay >> in touch with the Mbed TLS development team and follow the development >> branch of Mbed TLS closely, since it's a very active area of development >> at the moment. >>

4 years, 7 months

1
0
0 0

Re: [mbed-tls] PR-4161-merge TLS Testing — Failures: ABI-API-checking

by Janos Follath

Hi Gábor, Yes, it is ready for review, I have added the corresponding labels. Now there is nothing else to do just to wait for the reviews. Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Tuesday, 23 February 2021 at 06:29 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] PR-4161-merge TLS Testing — Failures: ABI-API-checking Hello Guys! AFter a week of debugging yesterday I was able to solve the issues on my PR, but the ABI-API failure is still on. I was told that based on my changes it is OK, I should not worry. Does this mean that my PR is ready for review or it should have disappeared by now? In the second case could someone provide me the jenkins reports and some idea where should I start searching? This is my PR: https://github.com/ARMmbed/mbedtls/pull/4161 Thank you in advance! BR, Gábor

4 years, 7 months

1
0
0 0

PR-4161-merge TLS Testing — Failures: ABI-API-checking

by Gábor Tóth

Hello Guys! AFter a week of debugging yesterday I was able to solve the issues on my PR, but the ABI-API failure is still on. I was told that based on my changes it is OK, I should not worry. Does this mean that my PR is ready for review or it should have disappeared by now? In the second case could someone provide me the jenkins reports and some idea where should I start searching? This is my PR: https://github.com/ARMmbed/mbedtls/pull/4161 Thank you in advance! BR, Gábor

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140

by Gábor Tóth

Helló János! Yes I tried that one (and plenty of other stuff). Finally I just reset the branch and recommited the changes solving this particular issue. Unfortunately I had to create a new PR, because git did not let me reopen it, but that is another topic. Thank you for the help! BR, Gábor Janos Follath <Janos.Follath(a)arm.com> ezt írta (időpont: 2021. febr. 22., H, 13:17): > Hi Gábor, > > > > Have you tried running `git commit --amend` (without --no-edit --signoff) > and adding the “Signed-off-by: toth92g <toth92g(a)gmail.com>" line by hand? > > > > Best regards, > > Janos > > > > *From: *Gábor Tóth <toth92g(a)gmail.com> > *Date: *Monday, 22 February 2021 at 11:44 > *To: *Janos Follath <Janos.Follath(a)arm.com> > *Subject: *Re: [mbed-tls] Failing signoff (DCO) on: > https://github.com/ARMmbed/mbedtls/pull/4140 > > Helló János! > > > > Yes, I know which one, but I do not know how to change the commit message > in git. I have used the provided commands (amend), but it did not correct > the error. > > > > Do you know how to change it manually? > > > > BR, > > Gábor > > > > Janos Follath <Janos.Follath(a)arm.com> ezt írta (időpont: 2021. febr. 22., > H, 12:38): > > Hi Gábor, > > > > If you click on the “details” link on the DCO check it will tell you which > commits are missing the sign-off: > > https://github.com/ARMmbed/mbedtls/pull/4140/checks?check_run_id=1950600200 > > > > In this case you have one commit that is not signed off: > > > https://github.com/ARMmbed/mbedtls/pull/4140/commits/fdd3c65ee47ab80f69cfa4… > > > > Best regards, > > Janos > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf > of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> > *Date: *Monday, 22 February 2021 at 11:05 > *To: *mbed-tls(a)lists.trustedfirmware.org < > mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Failing signoff (DCO) on: > https://github.com/ARMmbed/mbedtls/pull/4140 > > Hello Guys! > > > > I know it is a newbie question, but I am not able to pass this freaking > DCO test...I have used the provided commands to signoff all the commits and > as I see all of them has signoff, but it still failes on one. Do you have > any idea what's wrong or how could I correct it? > > > > Till now I was able to correct it, but now it seems to be bugged. > > > > Thank you! > > > > BR? > Gábor > > IMPORTANT NOTICE: The contents of this email and any attachments are > confidential and may also be privileged. If you are not the intended > recipient, please notify the sender immediately and do not disclose the > contents to any other person, use it for any purpose, or store or copy the > information in any medium. Thank you. >

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140

by Janos Follath

Hi Gábor, If you click on the “details” link on the DCO check it will tell you which commits are missing the sign-off: https://github.com/ARMmbed/mbedtls/pull/4140/checks?check_run_id=1950600200 In this case you have one commit that is not signed off: https://github.com/ARMmbed/mbedtls/pull/4140/commits/fdd3c65ee47ab80f69cfa4… Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Monday, 22 February 2021 at 11:05 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140 Hello Guys! I know it is a newbie question, but I am not able to pass this freaking DCO test...I have used the provided commands to signoff all the commits and as I see all of them has signoff, but it still failes on one. Do you have any idea what's wrong or how could I correct it? Till now I was able to correct it, but now it seems to be bugged. Thank you! BR? Gábor

4 years, 7 months

1
0
0 0

Failing signoff (DCO) on: https://github.com/ARMmbed/mbedtls/pull/4140

by Gábor Tóth

Hello Guys! I know it is a newbie question, but I am not able to pass this freaking DCO test...I have used the provided commands to signoff all the commits and as I see all of them has signoff, but it still failes on one. Do you have any idea what's wrong or how could I correct it? Till now I was able to correct it, but now it seems to be bugged. Thank you! BR? Gábor

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Use PKCS#11 and mbed TLS

by Frank Bergmann

Hi Gilles, thank you for your detailled answer. Honestly I was in fear that your answer would look like this. ;-) Do you maybe know of any plans of any software project to use mbed TLS together with a secure element? I asked SoftHSM because it looks much promising for our goals but they answered that they don't have any plans to use different ssl libs. cheers, Frank On 08.02.21 23:07, Gilles Peskine via mbed-tls wrote: > Hi Frank, > > Support for HSM keys in Mbed TLS is a work in progress. The way it will > work eventually is by plugging an HSM driver under the PSA crypto API, > which supports both transparent and opaque keys. > > The TLS code can already use the PSA crypto API for some things, > including client signature. Enable MBEDTLS_USE_PSA_CRYPTO, call > mbedtls_pk_setup_opaque() to create a PK object for the key, and declare > the key to the TLS code with mbedtls_ssl_conf_own_cert() as usual. > > To create the key, you will need to write a PKCS#11 secure element > driver. ("Secure element" = "HSM" for this purpose.) I think it would > make sense to have one in Mbed TLS, but I don't know when we might get > around to writing one. > > There are two secure element driver interfaces in Mbed TLS right now: > MBEDTLS_PSA_CRYPTO_SE_C (dynamic secure element interface) and > MBEDTLS_PSA_CRYPTO_DRIVERS (unified driver interface). Both are still > experimental: we can't guarantee API stability at this stage. > MBEDTLS_PSA_CRYPTO_SE_C was the first proposal, and its development is > currently frozen and may be abandonned, so I don't recommend investing > any effort in it at the moment, but if you need something fast (e.g. for > a demo/proof-of-concept), it's your best bet. MBEDTLS_PSA_CRYPTO_DRIVERS > is the way of the future, but it's an active work in progress. > > If you're creating the key from your application, just call > psa_generate_key. If the key was provisioned externally, it's > unfortunately not so easy. With MBEDTLS_PSA_CRYPTO_SE_C, you can > register a key that's already present in the secure element with > mbedtls_psa_register_se_key(). The corresponding facility in the > MBEDTLS_PSA_CRYPTO_DRIVERS interface is a "get_builtin_key" entry point, > but this is not implemented yet. (There's a prototype at > https://github.com/ARMmbed/mbedtls/pull/3822 but nobody is working on > it. The specification is in docs/proposed/psa-driver-interface.md.) > > There's an example application with a MBEDTLS_PSA_CRYPTO_SE_C driver at > https://github.com/ARMmbed/mbed-os-example-atecc608a . We don't have > example code for MBEDTLS_PSA_CRYPTO_DRIVERS yet, or good documentation, > or an easy-to-use build system — those are still a few months in the future. > > If you write a driver in the next few months, I recommend that you stay > in touch with the Mbed TLS development team and follow the development > branch of Mbed TLS closely, since it's a very active area of development > at the moment. > -- Frank Bergmann, Pödinghauser Str. 5, D-32051 Herford, Tel. +49-5221-9249753 SAP Hybris & Linux LPIC-3, E-Mail tx2014(a)tuxad.de, USt-IdNr DE237314606 http://tdyn.de/freel -- Redirect to profile at freelancermap http://www.gulp.de/freiberufler/2HNKY2YHW.html -- Profile at GULP

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Failures: all_sh-ubuntu-16.04-test_memory_buffer_allocator

by Gilles Peskine

Hi Gábor, To reproduce locally, the correct invocation would be tests/scripts/all.sh test_memory_buffer_allocator Specifically, the failing tests are SSL tests. To reproduce those tests, build the right configuration and run tests/ssl-opt.sh -f 'DTLS fragmenting: proxy MTU, * renego' I've posted the relevant logs on the GitHub issue. It's unusual for the memory_buffer tests to fail when memory sanitizers are passing, so I don't know what's going on. -- Gilles Peskine Mbed TLS developer On 16/02/2021 11:13, Gábor Tóth via mbed-tls wrote: > Hello Guys! > > I have an error related to test_memory_buffer_allocator on the server > in my PR (https://github.com/ARMmbed/mbedtls/pull/4140). Tried to find > the issue locally on both the latest Ubuntu and on version 16.04 (same > as on the server), but without success. > All the tests pass if I run "make test" command (of course I changed > config.h based on the component in all.sh).. > I have also tried: > "./tests/scripts/all.sh component_test_memory_buffer_allocator", but > it does not do anything, just lists some tools. Maybe I am not using > it right... > > The memory allocation/freeing mechanism was not touched by my changes > except that in the function that frees a CRT I added a small part to > free the new dynamic field. > > Do you have any idea what's wrong with my PR, how could I solve it or > find out the cause? > > Thank you guys! > > BR, > Gábor >

4 years, 7 months

1
0
0 0

Failures: all_sh-ubuntu-16.04-test_memory_buffer_allocator

by Gábor Tóth

Hello Guys! I have an error related to test_memory_buffer_allocator on the server in my PR (https://github.com/ARMmbed/mbedtls/pull/4140). Tried to find the issue locally on both the latest Ubuntu and on version 16.04 (same as on the server), but without success. All the tests pass if I run "make test" command (of course I changed config.h based on the component in all.sh).. I have also tried: "./tests/scripts/all.sh component_test_memory_buffer_allocator", but it does not do anything, just lists some tools. Maybe I am not using it right... The memory allocation/freeing mechanism was not touched by my changes except that in the function that frees a CRT I added a small part to free the new dynamic field. Do you have any idea what's wrong with my PR, how could I solve it or find out the cause? Thank you guys! BR, Gábor

4 years, 7 months

1
0
0 0

Requesting a sample code: adding two numbers using mbedtls_mpi_add_int?

by Shariful Alam

Hello, Sorry to bother with a noob question. I am trying to understand how bignum.c works. For that, I'm trying to write a program to add two numbers. Here is what I have https://pastebin.com/mbRaE5i5, I'm not sure if this is the correct approach. I use the following to compile the code, * gcc -o mpi_example mpi_example.c bignum.c* But get the following error, /tmp/ccMo7DMW.o: In function `main': mpi_example.c:(.text+0x2d): undefined reference to `mbedtls_mpi_init' mpi_example.c:(.text+0x39): undefined reference to `mbedtls_mpi_init' mpi_example.c:(.text+0x45): undefined reference to `mbedtls_mpi_init' mpi_example.c:(.text+0x6c): undefined reference to `mbedtls_mpi_add_int' mpi_example.c:(.text+0x9a): undefined reference to `mbedtls_mpi_free' mpi_example.c:(.text+0xa6): undefined reference to `mbedtls_mpi_free' mpi_example.c:(.text+0xb2): undefined reference to `mbedtls_mpi_free' collect2: error: ld returned 1 exit status Any help what I'm doing wrong here? Or any sample code and how to compile it? Thanks, ~ Shariful

4 years, 7 months

1
0
0 0

Overring bignum, aka MBEDTLS_BIGNUM_ALT?

by Fabio Utzig

Hi, I am working on adding HW acceleration to a NXP Kinetis MCU, but the HW accelerator happens to implement many operations which are defined in bignum.c, like "mbedtls_mpi_exp_mod", "mbedtls_mpi_gcd", "mbedtls_mpi_inv_mod" and so on. The bignum clients for me would be ecp.c and ecp_curves.c (as well as ecdh and ecdsa), and while I can override some of those using _ALT macros, for bignum it seems not possible to do so, short of not defining MBEDLTS_BIGNUM_C and all associated dependency issues. Also bignum itself also has other call paths that happen to use the functions I am trying to accelerate, which are themselves called by other files. Since I am using an open-source OSS and can't just override stuff in a fork, so I would like to know if there is some technical reason for an option like "MBEDTLS_BIGNUM_ALT" not being available and if such change would be acceptable? Fabio

4 years, 7 months

1
0
0 0

Re: [mbed-tls] MBEDTLS_ENTROPY_HARDWARE_ALT, mbedtls_ctr_drbg_seed() freezes ?

by Gilles Peskine

Hi Manu, f_entropy is the argument passed to mbedtls_ctr_drbg_seed, which is mbedtls_entropy_func. This function obtains entropy from all configured sources, which depends on the library configuration. Check if it might be calling other sources (see what sources are added in mbedtls_entropy_init in library/entropy.c). I think there's a bug in your mbedtls_hardware_poll implementation. It's receiving a buffer ent_buf with room for count BYTES, but you're filling it with count WORDS. You need to pass the exact number of bytes. In practice, unless the library is configured in a weird way, count will be a multiple of 4, which can make your code a bit simpler. -- Gilles Peskine Mbed TLS developer On 17/08/2020 19:16, Manu Abraham via mbed-tls wrote: > Greetings, > > I am new to the list, please do excuse me, in case of any list > specific etiquette issues. > > Trying to use a 1.6.1 release with a Cortex M7 port, specifically a STM32H7. > > After enabling MBEDTLS_ENTROPY_HARDWARE_ALT, did implement > mbedtls_hardware_poll() > > It looks thus, and it does appear to work from a hardware perspective: > > /** > * mbedtls_hardware_poll() > * Read random data from the Hardware RNG for entropy applications > */ > int mbedtls_hardware_poll(void *arg, > unsigned char *ent_buf, > size_t count, > size_t *ent_len) > { > register uint8_t i = 0; > uint32_t rand; > > if (!LL_RNG_IsEnabled(RNG)) > LL_RNG_Enable(RNG); /* Enable Random Number Generator */ > > for (i = 0; i < count; i++) { > while (!LL_RNG_IsActiveFlag_DRDY(RNG)) { } /* Wait for DRDY > flag to be raised */ > if ((LL_RNG_IsActiveFlag_CECS(RNG)) || > (LL_RNG_IsActiveFlag_SECS(RNG))) { /* Check error, if any */ > > /* Clock or Seed Error detected. Set Error */ > printf(" (%d) %s: Clock/Seed Error!\r\n", __LINE__, __FUNCTION__); > } > rand = LL_RNG_ReadRandData32(RNG); /* Read RNG data */ > memcpy(&(ent_buf[i * 4]), &rand, 4); /* *ent_len += 4 */ > } > LL_RNG_Disable(RNG); /* Stop random numbers generation */ > *ent_len = ((i + 1) * 4); > printf(" (%d) %s: Random Words: %d Word: %04d\r\n", > __LINE__, > __FUNCTION__, > count, > rand); > > return 0; > } > > The code which causes the problem is this, in my tls_init() > > int tls_init(void) > { > int ret; > > /* inspired by https://tls.mbed.org/kb/how-to/mbedtls-tutorial */ > const char *pers = "SYS-LWH7"; > > printf(" (%d) %s: Initializing\r\n", __LINE__, __FUNCTION__); > /* initialize descriptors */ > > mbedtls_ssl_init(&ssl); > printf(" (%d) %s: SSL initialize\r\n", __LINE__, __FUNCTION__); > > mbedtls_ssl_config_init(&conf); > printf(" (%d) %s: SSL Config initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_x509_crt_init(&cacert);work > printf(" (%d) %s: x509 CRT initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_ctr_drbg_init(&ctr_drbg); > printf(" (%d) %s: DRBG initialized\r\n", __LINE__, __FUNCTION__); > > mbedtls_entropy_init(&entropy); > printf(" (%d) %s: Entropy initialized\r\n", __LINE__, __FUNCTION__); > > > ret = mbedtls_ctr_drbg_seed(&ctr_drbg, > mbedtls_entropy_func, > &entropy, > (const unsigned char *) pers, > strlen(pers)); > if (ret) { > > LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, > ("failed !\n mbedtls_ctr_drbg_seed returned %d\n", > ret)); > > printf(" (%d) %s: DRBG seed failed, ret=%d\r\n", __LINE__, > __FUNCTION__, ret); > return -1; > } > printf(" (%d) %s: DRBG seed returned:%d\r\n", __LINE__, __FUNCTION__, ret); > > /** > * The transport type determines if we are using > * TLS (MBEDTLS_SSL_TRANSPORT_STREAM) or > * DTLS (MBEDTLS_SSL_TRANSPORT_DATAGRAM). > */ > ret = mbedtls_ssl_config_defaults(&conf, > MBEDTLS_SSL_IS_CLIENT, > MBEDTLS_SSL_TRANSPORT_STREAM, > MBEDTLS_SSL_PRESET_DEFAULT); > if (ret) { > LWIP_DEBUGF(MQTT_APP_DEBUG_TRACE, > ("failed !\n mbedtls_ssl_config_defaults returned %d\n\n", > ret)); > > printf("(%d) %s: SSL config defaults failed, ret=%d\r\n", > __LINE__, __FUNCTION__, ret); > return -1; > } > printf("(%d) %s: SSL config defaults returned:%d\r\n", __LINE__, > __FUNCTION__, ret); > > ret = mbedtls_x509_crt_parse(&cacert, > (const unsigned char *)test_ca_crt, > test_ca_crt_len); > if (ret) > printf(" (%d) %s: failed!\n mbedtls_x509_crt_parse returned > %d\r\n", __LINE__, __FUNCTION__, ret); > else > printf(" (%d) %s: mbedtls_x509_crt_parse returned %d\r\n", > __LINE__, __FUNCTION__, ret); > > mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); > mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED); > > /** > * The library needs to know which random engine > * to use and which debug function to use as callback. > */ > mbedtls_ssl_conf_rng(&conf, mbedtls_ctr_drbg_random, &ctr_drbg); > mbedtls_ssl_conf_dbg(&conf, my_debug, stdout); > mbedtls_ssl_setup(&ssl, &conf); > } > > > The output of which looks thus, in a serial terminal: > > (1217) print_dhcp_state: Try connect to Broker > (174) tls_init: Initializing > (178) tls_init: SSL initialize > (181) tls_init: SSL Config initialized > (184) tls_init: x509 CRT initialized > (187) tls_init: DRBG initialized > (190) tls_init: Entropy initialized > (1027) mbedtls_hardware_poll: Random Words: 128 Word: -558876895 > > > Any thoughts/ideas, what could be wrong ? > Any kind soul in here ? > > Thanks, > Manu

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Failing CI tests, Generating coverage report

by Manuel Pegourie-Gonnard

Hi Gábor, Congrats on fixing the previous issues and getting Travis to pass. Unfortunately, the complete logs of the Jenkins part of the CI can only be accessed by Arm employees so far. We have plans to move to a fully-public CI system, but this won't happen before the second half of this year. In the meantime I'm afraid you'll have to ask a team member to get you the results. > continuous-integration/jenkins/pr-head — This commit cannot be built > continuous-integration/jenkins/pr-merge — This commit cannot be buil Note: this can be ignore, these are the results of the parent jobs that spawn the other jobs. > PR-4117-head TLS Testing — Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator > PR-4117-merge TLS Testing — Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator Note: this is a partial list of failed components (truncated due to limits in the Github notifications API). Most of them as components of tests/scripts/all.sh - if you have access to a Linux/Unix machine with the proper dependencies, you can run them locally, for example here the first one would be tests/scripts/all.sh test_m32_o1, the second one tests/scripts/all.sh test_memory_buffer_allocator. Regarding your question about coverage: I _think_ it should work on Windows if you exclude ssl-opt.sh and compat.sh. As your work is related to X.509, excluding those SSL-related scripts should not affect coverage of the areas of interest. I'm not sure if lcov (the programs that turns gcov's raw data to human-readable form) works on Windows, I'm sure your favourite search engine will have more information than me about this 🙂 Note however that most of the development/testing tools are made with Linux in mind, so you might have an easier time running a Linux VM to use them. As a last resort, one of the reviewers of the PRs can measure coverage on their machine - that's something I often do for PRs adding features, especially when some form of parsing is involved. Thanks for paying attention to coverage, by the way, that's really appreciated! Best regards, Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gábor Tóth via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 11 February 2021 11:39 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Failing CI tests, Generating coverage report Hello Guys! I have a branch that has been successfully built, but 4/10 tests are failing. Unfortunately I am not even able to read a log, because if I click on the details button I am redirected to a "This site can't be reached" page. Could you help me how to check the logs regarding the Jenkins CI builds? This is the pull request https://github.com/ARMmbed/mbedtls/pull/4117 These are the failing tests: continuous-integration/jenkins/pr-head — This commit cannot be built continuous-integration/jenkins/pr-merge — This commit cannot be buil PR-4117-head TLS Testing — Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator PR-4117-merge TLS Testing — Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator I am also working on tests to cover the new functionality, but can not run coverage report. In the makefile of the base directory of mbedtls I have found this part: ifndef WINDOWS # note: for coverage testing, build with: # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check programs/test/selftest tests/compat.sh tests/ssl-opt.sh So am I right, that coverage check is only supported ot linux platform? Do I need to use that one or are there any solutions on windows? Thank you in advance! BR, Gábor

4 years, 7 months

2
2
0 0

Failing CI tests, Generating coverage report

by Gábor Tóth

Hello Guys! I have a branch that has been successfully built, but 4/10 tests are failing. Unfortunately I am not even able to read a log, because if I click on the details button I am redirected to a "This site can't be reached" page. Could you help me how to check the logs regarding the Jenkins CI builds? This is the pull request https://github.com/ARMmbed/mbedtls/pull/4117 These are the failing tests: *continuous-integration/jenkins/pr-head *— This commit cannot be built *continuous-integration/jenkins/pr-merge *— This commit cannot be buil *PR-4117-head TLS Testing *— Failures: all_sh-ubuntu-16.04-test_m32_o1 all_sh-ubuntu-16.04-test_memory_buffer_allocator *PR-4117-merge TLS Testing *— Failures: ABI-API-checking all_sh-ubuntu-16.04-test_memory_buffer_allocator I am also working on tests to cover the new functionality, but can not run coverage report. In the makefile of the base directory of mbedtls I have found this part: ifndef WINDOWS # note: for coverage testing, build with: # make CFLAGS='--coverage -g3 -O0' covtest: $(MAKE) check programs/test/selftest tests/compat.sh tests/ssl-opt.sh So am I right, that coverage check is only supported ot linux platform? Do I need to use that one or are there any solutions on windows? Thank you in advance! BR, Gábor

4 years, 7 months

1
0
0 0

Re: [mbed-tls] X509 V3 - AuthorityKeyId extraction (pull-4117)

by Gábor Tóth

Hello Gilles! Thank you for your helpful answer! Unfortunately this solution to find memory leakage problems is not working under windows (as I read), but fortunately I was able to locate the source and now my changes are green on the server. Thank you, again :) BR, Gábor Gilles Peskine via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> ezt írta (időpont: 2021. febr. 10., Sze, 12:03): > Hi Gábor, > > Thank you for contributing to Mbed TLS! > > For the memory leaks, compile with ASan(+UBSan): > export ASAN_OPTIONS='symbolize=1' > # also export ASAN_SYMBOLIZER_PATH=/path/to/llvm-symbolizer if it's not > found automatically > export ASAN_FLAGS='-O2 -fsanitize=address,undefined > -fno-sanitize-recover=all' > make CFLAGS="$ASAN_FLAGS" LDFLAGS="$ASAN_FLAGS" > > The SSL test scripts depend on precise versions of OpenSSL and GnuTLS. > Versions that are too old are missing some features and recent versions > have removed some features. Even some versions from Linux distributions > have removed obsolete algorithms that we're still testing. If you want > to pass all the tests on your machine, I recommend that you install them > from source. There's a list of the versions we use on our CI at > https://developer.trustedfirmware.org/w/mbed-tls/testing/ci/ . > > When you're debugging, it's useful to run a single test case or a small > number of test cases with ssl-opt -f 'regexp' . The logs are in > tests/o-cli-<number>.log and tests/o-srv-<number>.log . > > Hope this helps. > > -- > Gilles Peskine > Mbed TLS developer > > On 10/02/2021 10:17, Gábor Tóth via mbed-tls wrote: > > Hello Guys! > > > > I am working on an update of MBEDTLS that will support AuthorityKeyId > > and SubjetKeyId V3 extensions of X509. I have created a pull request, > > but I have not been able to solve the issues on Travis: > > https://github.com/ARMmbed/mbedtls/pull/4117 > > > > As I see the problems are: memory leakage and the failure of two tests > > suites. > > I tried to run these suites and a memory leakage check on my host > > machine, but the .sh scripts are just flashing once and disappearing > > in a few seconds after catching some kind of exception. > > > > I have Python2, Perl, Mingw64 (with gcc) installed and added to the > > Path. These commands are working: > > - make CC=gcc > > - make tests > > All the 87 tests pass. > > > > Tried running ssl-opt.sh without arguments and with "-m", but it exits > > after a few lines. > > > > Do you have any idea what I am missing? It would make the work much > > easier if I could run the testsuites reproducing the error and if I > > could find the memory leaks. > > > > Thank you in advance! > > > > BR, > > Gábor > > > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 7 months

1
0
0 0

2025

2024

2023

2022

2021

2020

mbed-tls