- mbed-tls - lists.trustedfirmware.org

by Tom Strolch

Hello all, I want to use mbedtls-functions for "Shared Secret" according ECDH with C448. First I want to check the test vectors mentioned in RFC7748 (chapter 6.2). But it fails in function mbedtls_ecdh_compute_shared(...) with return value -0x4C80 MBEDTLS_ERR_ECP_INVALID_KEY (please see code below) But up to now I can't find the root cause. Is there a similar example available? Regards, Tom // Alice's private key static const unsigned char alice_private_key[] = { 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a }; // Bob's private key static const unsigned char bob_private_key[] = { 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb }; int main() { mbedtls_ecdh_context ecdh; unsigned char shared_secret[32]; size_t olen; int ret; mbedtls_ecdh_init(&ecdh); // Load Bob's private key ret = mbedtls_ecp_group_load(&ecdh.grp, MBEDTLS_ECP_DP_CURVE25519); if (ret != 0) { printf("Failed to load group\n"); return 1; } ret = mbedtls_mpi_read_binary(&ecdh.d, bob_private_key, sizeof(bob_private_key)); if (ret != 0) { printf("Failed to read private key\n"); return 1; } // Compute the shared secret ret = mbedtls_ecdh_compute_shared(&ecdh.grp, &ecdh.z, &ecdh.Qp, &ecdh.d, mbedtls_ctr_drbg_random, NULL); if (ret != 0) { printf("Failed to compute shared secret\n"); return 1; } ... Test vector: Alice's private key, a: 9a8f4925d1519f5775cf46b04b5800d4ee9ee8bae8bc5565d498c28d d9c9baf574a9419744897391006382a6f127ab1d9ac2d8c0a598726b Alice's public key, X448(a, 5): 9b08f7cc31b7e3e67d22d5aea121074a273bd2b83de09c63faa73d2c 22c5d9bbc836647241d953d40c5b12da88120d53177f80e532c41fa0 Bob's private key, b: 1c306a7ac2a0e2e0990b294470cba339e6453772b075811d8fad0d1d 6927c120bb5ee8972b0d3e21374c9c921b09d1b0366f10b65173992d Bob's public key, X448(b, 5): 3eb7a829b0cd20f5bcfc0b599b6feccf6da4627107bdb0d4f345b430 27d8b972fc3e34fb4232a13ca706dcb57aec3dae07bdc1c67bf33609 Their shared secret, K: 07fff4181ac6cc95ec1c16a94a0f74d12da232ce40a77552281d282b b60c0b56fd2464c335543936521c24403085d59a449a5037514a879d

11 months

1
0
0 0

Migrate LWIP mbed TLS port to Mbed TLS 3.6.2 (or later)

by Bas Prins

Dear Mbed TLS team, I am trying to integrate Mbed TLS in our platform: - nxp imx rt 1024 CPU (arm based) - FreeRTOS (10.6) - Lwip (2.2) - Mbed TLS (3.6.2) LWIP supports Mbed TLS when adding defines in their configuration: /* ---------- TLS ------------------------- */ #define LWIP_ALTCP 1 #define LWIP_ALTCP_TLS 1 #define LWIP_ALTCP_TLS_MBEDTLS 1 But, unfortunately this supports an older version of Mbed TLS (I believe 2.2.x). When I try to compile against the Mbed TLS 3.6.2 libraries, I get a bunch of compiler warnings / errors. Most of them are mentioned in the migration guide, but even then, I have a hard time figuring out how to resolve them "the right way". 1. Private fields The migration guide <https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/3.0-migration-gui…> explains that most structs are now considered private. 1.1: The altcp_mbed module in LWIP relies on the *out_left* field of the *ssl context* struct. /* calculate TLS overhead part to not send it to application */ overhead = state->overhead_bytes_adjust + state->ssl_context.out_left; I am correct that this field is simply not exposed through accessor functions? I can find functions like mbedtls_ssl_get_avail, so I would expect something like mbedtls_ssl_get_bytes_to_write or something like that? 1.2: The altcp_mbed module in LWIP relies on the *start* field of the *ssl session* struct. err_t altcp_tls_set_session(struct altcp_pcb *conn, struct altcp_tls_session *session) { if (session && conn && conn->state) { altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state; int ret = -1; * if (session->data.start)* ret = mbedtls_ssl_set_session(&state->ssl_context, &session->data); return ret < 0 ? ERR_VAL : ERR_OK; } return ERR_ARG; } I also don't know how to obtain this field "the right way". I know this is a bad idea, but it's all I got if (session->data.*private_start)* ... 2. parse key expects a RNG function This is also explained in the migration guide: *Some functions gained an RNG parameterThis affects users of the following functions: `mbedtls_ecp_check_pub_priv()`,`mbedtls_pk_check_pair()`, `mbedtls_pk_parse_key()`, and`mbedtls_pk_parse_keyfile()`.You now need to pass a properly seeded, cryptographically secure RNG whencalling these functions. It is used for blinding, a countermeasure againstside-channel attacks.* Can you please give me some guidance here? I looked for examples in Mbed TLS repo and ended up with this (bold parts are added, using the key_app.c in your repo as leading example): * mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; mbedtls_entropy_init(&entropy); mbedtls_ctr_drbg_init(&ctr_drbg); if ((ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, privkey, privkey_len)) != 0) { // TODO: handle error } * ret = mbedtls_pk_parse_key( conf->pkey, privkey, privkey_len, privkey_pass, privkey_pass_len, *mbedtls_ctr_drbg_random, &ctr_drbg*); 3. The altcp_mbed module in LWIP relies on mbedtls_ssl_flush_output The altcp_mbed module had an include on ssl internal. #include "mbedtls/ssl_internal.h" /* to call mbedtls_flush_output after ERR_MEM */ This header seems no longer part of the library. But the prototype of the function is now part of ssl_misc.h, but I don't think I am supposed to rely on this header either. I have a couple of options: - ignore the compiler warning /home/dev_container/app/thirdparty/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c:535:5: warning: implicit declaration of function 'mbedtls_ssl_flush_output'; did you mean 'mbedtls_ssl_tls_prf'? [-Wimplicit-function-declaration] 535 | mbedtls_ssl_flush_output(&state->ssl_context); - copy paste the declaration in the LWIP source file - Or.... don't flush any buffers managed by Mbed TLS in the first place? For the last one, I could really use your input. Can you say anything meaningful about the flush (line in bold) In the below function, Is it mandatory? Or can I trust the Mbed TLS will flush the output buffer whenever it needs to get flushed? /** Sent callback from lower connection (i.e. TCP) * This only informs the upper layer the number of ACKed bytes. * This now take care of TLS added bytes so application receive * correct ACKed bytes. */ static err_t altcp_mbedtls_lower_sent(void *arg, struct altcp_pcb *inner_conn, u16_t len) { struct altcp_pcb *conn = (struct altcp_pcb *)arg; LWIP_UNUSED_ARG(inner_conn); /* for LWIP_NOASSERT */ if (conn) { int overhead; u16_t app_len; altcp_mbedtls_state_t *state = (altcp_mbedtls_state_t *)conn->state; LWIP_ASSERT("state", state != NULL); LWIP_ASSERT("pcb mismatch", conn->inner_conn == inner_conn); /* calculate TLS overhead part to not send it to application */ mbedtls_ssl_get_bytes_avail(&state->ssl_context); overhead = state->overhead_bytes_adjust + state->ssl_context.private_out_left; if ((unsigned)overhead > len) { overhead = len; } /* remove ACKed bytes from overhead adjust counter */ state->overhead_bytes_adjust -= len; /* try to send more if we failed before (may increase overhead adjust counter) */ *mbedtls_ssl_flush_output(&state->ssl_context); // Does it make sense this LWIP port is responsible for flushing here??* /* remove calculated overhead from ACKed bytes len */ app_len = len - (u16_t)overhead; /* update application write counter and inform application */ if (app_len) { state->overhead_bytes_adjust += app_len; if (conn->sent) return conn->sent(conn->arg, conn, app_len); } } return ERR_OK; } After applying the changes I mentioned above, the software compiles against Mbed TLS. I haven't dared to run anything, I just want to enjoy this short moment where I have the feeling I achieved something before runtime errors ruin my day :). Many thanks in advance for any reply! Best regards, Bas [image: image.png]

11 months, 1 week

1
0
0 0

MbedTLS 2.5 vs MbedTLS 3.6

by Michael Khoyilar

Hi Team I am investigating the move from MbedTLS 2.25 to 3.6, however, our client uses the 2.25 currently (looks like they prefer to stay with it) and I need to provide convincing proof to move to 3.6 considering the upgrade issues that might arise. Any suggestions here that is convincing proof to do the migration to 3.6? I would appreciate your comments. Thanks Michael

11 months, 1 week

5
5
0 0

Trying to integrate Mbed TLS (3.6) with LWIP (2.x)

by Bas Prins

Dear Mbed TLS team, I am at the early steps of trying to integrate Mbed TLS with LWIP for our project (imx rt 1024 NXP micro, arm M7, running FreeRTOS and LWIP). I understand the basics of TLS, but I am far from an expert. Let me first apologise for the lengthy first email. I am afraid to leave out details. Feel free to skip directly to the end marked with: ============================= My questions: ============================= Some background / translation of how I think it (should) work: From a distance, I understand that LWIP has an abstraction layer on their TCP module, which can be used to integrate Mbed TLS. In fact, LWIP already did this, all I need to do is enable some directives (LWIP_ALTCP_TLS and LWIP_ALTCP_TLS_MBEDTLS). The implemented integration assumes a somewhat older version of Mbed TLS, so I have to adjust a couple to cope with the breaking changes from Mbed TLS 2.x to Mbed TLS 3.6.2. But other than that, integrating Mbed TLS would mean: - figure out which options i want to enable in Mbed TLS - cross compile it for our arm toolchain - extend our build scripts to compile against 3 static Mbed TLS libraries - figure out how to read the CA certificates, and provide them to Mbed TLS - test and fail, and hopefully be man enough to solve the challenges ahead... I haven't achieved much yet, but at least I managed to compile Mbed TLS with our toolchain and recompile our project against the linked libraries. This steps fails though, I get a bunch of linker errors : [100%] Linking CXX executable app.axf /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_msg.c.obj): in function `mbedtls_ssl_encrypt_buf': /home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:1211:(.text.mbedtls_ssl_encrypt_buf+0x1b4): undefined reference to `mbedtls_cipher_auth_encrypt_ext' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_msg.c.obj): in function `mbedtls_ssl_decrypt_buf': /home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:1638:(.text.mbedtls_ssl_decrypt_buf+0x180): undefined reference to `mbedtls_cipher_auth_decrypt_ext' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_msg.c.obj): in function `mbedtls_ssl_transform_free': /home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:6213:(.text.mbedtls_ssl_transform_free+0x14): undefined reference to `mbedtls_cipher_free' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/thirdparty/mbedtls/library/ssl_msg.c:6214:(.text.mbedtls_ssl_transform_free+0x1e): undefined reference to `mbedtls_cipher_free' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj): in function `mbedtls_ssl_transform_init': /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:1028:(.text.mbedtls_ssl_transform_init+0x18): undefined reference to `mbedtls_cipher_init' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:1029:(.text.mbedtls_ssl_transform_init+0x22): undefined reference to `mbedtls_cipher_init' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj): in function `mbedtls_ssl_get_mode_from_ciphersuite': /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:2453:(.text.mbedtls_ssl_get_mode_from_ciphersuite+0x12): undefined reference to `mbedtls_cipher_info_from_type' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj): in function `mbedtls_ssl_parse_finished': /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:8680:(.text.mbedtls_ssl_parse_finished+0xac): undefined reference to `mbedtls_ct_memcmp' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls.c.obj): in function `ssl_tls12_populate_transform': /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:8878:(.text.ssl_tls12_populate_transform+0xa6): undefined reference to `mbedtls_cipher_info_from_type' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9136:(.text.ssl_tls12_populate_transform+0x454): undefined reference to `mbedtls_cipher_setup' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9142:(.text.ssl_tls12_populate_transform+0x476): undefined reference to `mbedtls_cipher_setup' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9148:(.text.ssl_tls12_populate_transform+0x4a8): undefined reference to `mbedtls_cipher_setkey' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/thirdparty/mbedtls/library/ssl_tls.c:9155:(.text.ssl_tls12_populate_transform+0x4da): undefined reference to `mbedtls_cipher_setkey' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: CMakeFiles/app.dir/home/dev/app/thirdparty/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c.obj: in function `altcp_mbedtls_sndbuf': /home/dev/app/thirdparty/lwip/src/apps/altcp_tls/altcp_tls_mbedtls.c:1192:(.text.altcp_mbedtls_sndbuf+0x7e): undefined reference to `mbedtls_ssl_get_max_frag_len' /opt/gcc-arm-none-eabi/bin/../lib/gcc/arm-none-eabi/13.2.1/../../../../arm-none-eabi/bin/ld: /home/dev/app/source/iobox-app/../../thirdparty/mbedtls/build/library/libmbedtls.a(ssl_tls12_server.c.obj): in function `ssl_parse_client_psk_identity': /home/dev/app/thirdparty/mbedtls/library/ssl_tls12_server.c:3638:(.text.ssl_parse_client_psk_identity+0xb6): undefined reference to `mbedtls_ct_memcmp' The distinct list undefined references of the above: undefined reference to `mbedtls_cipher_auth_encrypt_ext' undefined reference to `mbedtls_cipher_auth_decrypt_ext' undefined reference to `mbedtls_cipher_free' undefined reference to `mbedtls_cipher_init' undefined reference to `mbedtls_cipher_info_from_type' undefined reference to `mbedtls_ct_memcmp' undefined reference to `mbedtls_cipher_setup' undefined reference to `mbedtls_cipher_setup' undefined reference to `mbedtls_cipher_setkey' undefined reference to `mbedtls_cipher_setkey' undefined reference to `mbedtls_ssl_get_max_frag_len' All except the last one are coming from Mbed TSL internally, so I *guess* this means I am missing options? Or maybe I am still having too many? The last one is called from the LWIP integration of Mbed TLS, and I could "sweep this under the carpet" by disabling "MBEDTLS_SSL_MAX_FRAGMENT_LENGTH". But I haven't looked further in what I cause if I do not support "RFC 6066 max_fragment_length extension in SSL" My Mbed TLS configuration: I followed the suggestion of your documentation, and went for a minimal example configuration. Pure on intuition, I went for "config-ccm-psk-dtls1_2.h". Because the file name suggests it brings TSL 1.2 which is basically all I need. I think. I did had to make the following changes in order to be able to compile it: 1. Comment out two defines in order to get rid of module requiring "windows or unix" //#define MBEDTLS_NET_C //#define MBEDTLS_TIMING_C 2. Add a define, again to get rid of the compiler error "require windows or unix" #define MBEDTLS_NO_PLATFORM_ENTROPY After applying these small changes to the include/mbedtls/mbedtls_config.h I was able to cross compile (and link) Mbed TLS with arm-none-eabi toolchain. Once I adjusted the build scripts to lnk against the Mbed TLS static libraries, I finally ended up with the earlier mentioned linker errors. ============================= My questions: ============================= 1. Does my starting point configuration make sense? As mentioned earlier, pure intuition made me try the "config-ccm-psk-dtls1_2.h" configuration example, which after some modifications compiled and produced 3 static libraries. but, this bit in the example header worries me a bit: * Distinguishing features: * - Optimized for small code size, low bandwidth (on an unreliable transport), * and low RAM usage. * - No asymmetric cryptography (no certificates, no Diffie-Hellman key * exchange). * - Fully modern and secure (provided the pre-shared keys are generated and * stored securely). * - Very low record overhead with CCM-8. * - Includes several optional DTLS features typically used in IoT. What does "no asymmetric cryptography" exactly mean? Isn't that the pure basis of TLS altogether? If I want to achieve HTTPS using TLS, is this a good starting point? 2. Undefined references: wrong configuration, or should I supply some of the implementations? As mentioned before, I have quite a few linking errors related to the cipher module. I tried to find answers in the documentation, but came up empty. I assume (again...) that I should be able to get rid of these linking errors by enabling more features in Mbed TLS. But I honestly get lost in #define's. And maybe it's documented somewhere, but I couldn't find it. 3. Root CA provided by me? I assume I *need* to provide at least one root CA for Mbed TLS to be able to verify the public key provided by the server, at some point, right? I would expect some callback I need to implement where such a root CA was read (in my case, i would have to read if from flash). Am I misunderstanding Mbed TLS on this aspect also? Or did I just miss the obvious spot where to Mbed TLS requests a root CA? 4. More examples available for typical microcontroller projects (FreeRTOS/LWIP)? My experience so far is: - Mbed TLS is well documented - LWIP is no longer actively maintained, and lacks documentation in general - Google finds a painful amount of LWIP/TLS integrations which are based on really old implementations of both, which does more harm than good for me - Chat GPT knows everything, even when it doesn't, which is a really great recipe to get on the wrong track... It doesn't seem rather helpful on my integration questions for Mbed TLS/LWIP. Disclaimer: could be that my lack of knowledge is causing gpt to come up with wrong answers of course... I understand that my email is (too?) long, and that the chance somebody will actually find the time to help me out is limited. I expect nothing, I hope for everything :) ANY help is more than welcome. Good references, links to official documentation I missed, or in the best case: answers to my questions/uncertainties. Many thanks in advance. Best regards, Bas

11 months, 1 week

2
1
0 0

Confirm if there is an upgrade to the PKCS#1 V2.2 standard.

by Elva Huang

Dear mbedtls platform, I would like to inquire whether the PKCS#1 standard in the source code of mbedtls V2.28.2 has been upgraded to V2.2. From which version does mbedtls start supporting PKCS#1 v2.2? Looking forward to your reply, thank you. Elva Huang | SW Engineer Tel: 18150372635 Email:elva.huang@robosense.cn<elva.huang(a)robosense.cn> 深圳市 - 南山区 - 速腾聚创产品中心 [image]<http://www.robosense.cn/> [image]<https://www.linkedin.com/company/13232246/admin/>[image]<https://twitter.com/RoboSenseLiDAR>[image]<https://www.facebook.com/RoboSenseLiDAR/>[image]<https://www.youtube.com/channel/UCYCK8j678N6d_ayWE_8F3rQ>

1 year

2
1
0 0

How to export mbedtls_snprintf ?

by Gal Rosen

Hi, I am trying to build lief which is dependent on mbedtls as a static library. I am using conan recipe to build using cmake. The build of the library succeeded, however later while trying to build my own application and link with lief I get the following error: LIEF.lib(x509.obj) : error LNK2001: unresolved external symbol mbedtls_snprintf What do I do wrong? Or should I configure something while building the mbedtls library ? Thanks, Gal.

1 year

1
0
0 0

Question about contribution of AES hardware support for RISC-V

by Rick Chen

Dear Mbed TLS maintainers, I have surveyed Mbed TLS and know that it has features which can improve AES block cipher performance by hardware instructions instead of SW implementation e.q., AESCE of ARMV8 and AESNI of INTEL. AS far as I know about RISC-V Cryptography extension(Zkne and Zknd), it also supports relevant AES instructions which can accelerate aes key schedule, encryption and decryption process. (https://tools.cloudbear.ru/docs/riscv-crypto-spec-scalar-1.0.0-rc6-20211012…) I want to ask for your opinions and agreement. Is there any willingness to accept this RISC-V accelerated feature idea and contribution to Mbed TLS ? If you agree with it, I would like to prepare a pull request for you to review. Sincerely, Rick

1 year

2
1
0 0

Mbed TLS 3.6.2 release

by David Horstmann

Dear Mbed TLS users, We have released Mbed TLS version 3.6.2. This release provides a security fix for an out-of-bounds write vulnerability in the pkwrite module. Full details are available in the release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Many thanks, David Horstmann Mbed TLS developer

1 year

1
0
0 0

Checking that RSA key and issuer certificate match using mbedTLS 3.x

by Fabian Keil

Hi, I'm currently working on adding mbedTLS 3.x support for Privoxy [0]. Everything seems to be working but I ifdef'ed out the following code in [1] that worked with mbedTLS 2.28.8: /* * Check if key and issuer certificate match */ if (!mbedtls_pk_can_do(&issuer_cert.pk, MBEDTLS_PK_RSA) || mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->N, &mbedtls_pk_rsa(*issuer_key)->N) != 0 || mbedtls_mpi_cmp_mpi(&mbedtls_pk_rsa(issuer_cert.pk)->E, &mbedtls_pk_rsa(*issuer_key)->E) != 0) { log_error(LOG_LEVEL_ERROR, "Issuer key doesn't match issuer certificate"); ret = -1; goto exit; } As N and E are private now it no longer compiles. Is there a way to implement the check with mbedTLS 3.x? My impression is that the sanity check is overly cautious and we don't have equivalent code for OpenSSL and wolfSSL but I'm curious. Thanks, Fabian [0] <https://www.privoxy.org/> [1] <https://www.privoxy.org/gitweb/?p=privoxy.git;a=blob;f=ssl.c;h=e8007cd9adad…>

1 year

2
2
0 0

Client Certificate Request Question

by Michael Reutman

Hello, I'm running into an issue with using Mbed-TLS on an embedded device of ours and I'm curious if anyone would be able to point me in the right direction. If this is the wrong channel for general use questions, let me know and I'll search elsewhere. As a forewarning, I'm still getting my bearings around the nuts and bolts of Mbed-TLS and network security; apologies if I misstate something or jumble things up. Our device uses Mbed-TLS 3.0.0; ideally I'd like to upgrade this to a newer version, but this version was included in a SDK package for our device and I'd like to get some basic functionality proven out first before trying to reintegrate a newer version into the rest of provided code. The current goal is to get our device to serve a web page over HTTPS with TLS. What we currently see is that the initial hello client and server messages are exchanged without issue, but the connection is rejected after the server requests a certificate from the client. In some browsers, this opens a prompt where you can select a given certificate on the machine; in others, it skips this prompt and sends a response back with an empty certificate. In both instances, the server will return an error and deny the connection. This seems like some sort of user configuration error, given your average web page served over HTTPS on the internet avoids making this request. The literature I've been able to find so far also seems to suggest this request is entirely optional. Is there some option I'm overlooking that makes the server skip asking the client for its certificate and lets connection continue on? Michael Reutman Senior Embedded Software Engineer NovaTech Automation 261 Brodhead Rd. Bethlehem, PA 18017 novatechautomation.com<http://www.novatechautomation.com/> | NovaTechLinkedIn<https://www.linkedin.com/company/565017> NovaTech Automation is Net Zero committed. #KeepItCool<https://www.keepitcool.earth/> Receipt of this email implies compliance with our terms and conditions<https://www.novatechautomation.com/email-terms-conditions>.

1 year, 1 month

2
2
0 0

Problem when parsing certificate without Distinguished Name

by Diego Santos

Hi, I'm trying to parse this DER encoded certificate in hex format: 3082018230820128a003020102020900f3b305f55622cfdf300a06082a8648ce3d04030230003020170d3735303130313030303030305a180f34303936303130313030303030305a30003059301306072a8648ce3d020106082a8648ce3d0301070342000458f7e9581748ff9bdd933b655cc0e5552a1248f840658cc221dec2186b5a2fe4641b86ab7590a3422cdbb1000cf97662f27e5910d7569f22feed8829c8b52e0fa38188308185308182060a2b0601040183a25a01010101ff0471306f042508021221026b053094d1112bce799dc8026040ae6d4eb574157929f1598172061f753d9b1b04463044022040712707e97794c478d93989aaa28ae1f71c03af524a8a4bd2d98424948a782302207b61b7f074b696a25fb9e0059141a811cccc4cc28042d9301b9b2a4015e87470300a06082a8648ce3d04030203480030450220143ae4d86fdc8675d2480bb6912eca5e39165df7f572d836aa2f2d6acfab13f8022100831d1979a98f0c4a6fb5069ca374de92f1a1205c962a6d90ad3d7554cb7d9df4 This certificate is part of a simple test for this specification https://github.com/libp2p/specs/blob/master/tls/tls.md I'm using this https://github.com/status-im/nim-mbedtls Nim language library wrapper for mbedtls. I don't know the mbedtls version exactly, but the lib is based on this commit https://github.com/Mbed-TLS/mbedtls/tree/09d23786f6fdcb4dfa88aad30c8767bd27…. In my code I use: proc parseUnverified*(derInput: seq[byte]) = var crt: mbedtls_x509_crt mbedtls_x509_crt_init(addr crt) var ret = mbedtls_x509_crt_parse_der(addr crt, unsafeAddr derInput[0], derInput.len.uint) if ret != 0: raise newException(Exception, "Failed to parse certificate, error code: " & $ret) which is a straightforward version of the C code, but ti fails with: Failed to parse certificate, error code: -9186 [Exception] It seems the problem is because the certificate doesn't have the Distinguished Name set. Does it make sense? If this is really the cause of the problem, is there any workaround? Regards.

1 year, 1 month

1
0
0 0

Need Info : mbedtls_x509_get_sig_alg API

by Satya Prakash Prasad

Hi, We were using old MBed TLS version 2.19.1 and existing trusted CA certificates were working fine in that release. Recently we upgraded to 3.6.0 and see that now certificate parsing is returning -ox262e value from function mbedtls_x509_get_sig_alg cause of which handshake is not even initiated. Can you please let us know what can cause such an issue and remedy the same? Regards, Prakash

1 year, 1 month

1
2
0 0

Looking for suggestions about make Mbed TLS APIs non-secure callable APIs on armv8m

by Lee, William

Hi Mbed TLS, I am looking for some suggestions about make some (or all) Mbed TLS APIs non-secure callable APIs on armv8m. The background is that I am going to have a secure firmware that provides encryption services by building part (or whole) of Mbed TLS into that firmware and make those original mbedtls_x APIs non-secure callable, so the existing non-secure firmware could link those non-secure callable APIs and use them. Some of my thoughts: (1) The easiest way to do it I can think of is just add the attribute "cmse_nonsecure_call" to those APIs' declaration (or use a macro to wrap the attribute for conditional build to not impact others don't want it), but I do not think this modification could be accepted by upstream 🙂. (2) So my another thought is duplicate all header files and put them under another folder, assuming it is my-include folder, then I can do whatever I want to my-include folder, but there is also a problem I can think of: a merge/compare burden between include and my-include folder after I have updated Mbed TLS. I really appreciate other suggestions! Thanks, William

1 year, 1 month

3
3
0 0

Reminder: MBed TLS Tech Forum - US/Europe

by Don Harbin

Hi All, A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum is next Monday at 4:30pm UK time. Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Janos know. :) Don

1 year, 1 month

1
0
0 0

Setting ciphersuite causes MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER

by Mbed TLS

My mbedtls client has been working for 2 years. It did what I required and has been stable. However, I now need to force a new server to use my preferred cipher suite. I found the helper function to force the cipher suite here: https://github.com/Mbed-TLS/mbedtls/blob/de4d5b78558666d2e258d95e6c5875f9c7… I added mbedtls_ssl_conf_preference_order(conf, MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT) to the end of the function to force the server to choose my ciphersuite. Prior to this change I called the mbedtls functions in this chronological order: mbedtls_ssl_init(&_ssl); mbedtls_ssl_config_init(&_conf); mbedtls_ctr_drbg_init(&_ctr_drbg); mbedtls_entropy_init(&_entropy); mbedtls_x509_crt_init(&_cacert); mbedtls_pk_init(&_pkey); mbedtls_ctr_drbg_seed mbedtls_ssl_config_defaults mbedtls_ssl_conf_rng mbedtls_ssl_conf_authmode mbedtls_x509_crt_parse_file mbedtls_ssl_conf_ca_chain mbedtls_ssl_setup mbedtls_ssl_set_hostname and then proceed to call: mbedtls_ssl_set_bio mbedtls_ssl_handshake Now: If I call mbedtls_ssl_conf_ciphersuites BEFORE mbedtls_ssl_config_defaults, the ciphersuite list is ignored/seems to get overriden. If I call mbedtls_ssl_conf_ciphersuites AFTER mbedtls_ssl_config_defaults, my ciphersuite list changes are accepted and transmitted (I can see in Wireshark). The server then responds agreeing to use my chosen cipher suite. However, mbedtls_ssl_handshake returns with value -26112, which I have looked up to be MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER. Unfortunately I have no clue what is causing this. Could somebody please advise how this should be done? I can see Client2 example but there are functions I have which are not in there. Client1 seems too simple for me but Client2 seems beyond what I require.

1 year, 1 month

2
5
0 0

Connect using IP address instead of URL "509 - Certificate verification failed, e.g. CRL, CA or signature check failed"

by M M

I am using MbedTLS client code based on this: https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket… I am connecting to a server via it's URL. However, I would like to connect directly using an IP address returned from running the traceroute command on the URL. So I replaced the URL with the IP address. However, MBedTLS fails on the handshake: https://github.com/machinezone/IXWebSocket/blob/master/ixwebsocket/IXSocket… I get the error: "error in handshake : X509 - Certificate verification failed, e.g. CRL, CA or signature check failed" If I revert back to URL, it works. The IP address does exist. How can I connect using the IP address, instead of the URL?

1 year, 1 month

3
3
0 0

Re: mbedtls and PQC algorithms support

by Raunak Gupta

Micron Confidential Hi, I find that mbed-tls already support LMS, could you please Point to some reference and starting from which version mbedTLS lib version supports LMS? Best Regards, Raunak Get Outlook for iOS<https://aka.ms/o0ukef> Micron Confidential

1 year, 2 months

2
1
0 0

Re: [EXT] RE: Inquiry About PQC Cryptos in embedTLS Library

by Raunak Gupta

Micron Confidential Dear MbedTLS, Can you please help to provide some references for LMS stateful signatures schemes support in MbedTLS, May be something like documentation and github repo link? Unfortunately I am not able to find it online? Thanks, Raunak Get Outlook for iOS<https://aka.ms/o0ukef> Micron Confidential ________________________________ From: Shebu Varghese Kuriakose <Shebu.VargheseKuriakose(a)arm.com> Sent: Tuesday, September 3, 2024 8:48 PM To: Raunak Gupta <raunakgupta(a)micron.com>; enquiries(a)trustedfirmware.org <enquiries(a)trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: [EXT] RE: Inquiry About PQC Cryptos in embedTLS Library Micron Confidential CAUTION: EXTERNAL EMAIL. Do not click links or open attachments unless you recognize the sender and were expecting this message. Hi Raunak, Mbed TLS today supports LMS stateful hash-based signature scheme. While supporting other PQC algorithms is in the Mbed TLS project roadmap, the team isn’t actively working on it. The focus for the team now is preparing for Mbed TLS 4.0. Feel free to ask any further technical questions in the Mbed TLS public mailing list - mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> (https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirm…) Regards, Shebu Micron Confidential From: 'Raunak Gupta' via TFenquiries <enquiries(a)trustedfirmware.org> Sent: Tuesday, September 3, 2024 2:34 AM To: enquiries(a)trustedfirmware.org Subject: Inquiry About PQC Cryptos in embedTLS Library Micron Confidential Dear Trusted Firmware Team, I hope this message finds you well. My name is Raunak, and I am a Security Engineer at Micron Technology. I would like to inquire whether the embedTLS library has been updated to include Post-Quantum Cryptography (PQC) algorithms such as LMS, HSS, and XMSS. Additionally, is the embedTLS team actively working on integrating these PQC algorithms? Thank you for your assistance. Best regards, Raunak Micron Confidential To unsubscribe from this group and stop receiving emails from it, send an email to enquiries+unsubscribe(a)trustedfirmware.org<mailto:enquiries+unsubscribe@trustedfirmware.org>.

1 year, 2 months

1
0
0 0

Mbed TLS 3.6.1 and 2.28.9

by David Horstmann

Dear Mbed TLS users, We have released Mbed TLS versions 3.6.1 and 2.28.9. These releases provide bugfixes, security fixes and minor improvements. The 3.6.1 release includes fixes for issues caused by enabling TLS 1.3 for TLS connections in the default configuration. Full details are available in the release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9 https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Many thanks, David Horstmann Mbed TLS developer

1 year, 2 months

1
0
0 0

Mbed TLS 4.0 roadmap and bignum/ecp API

by Gernot Kvas

Hi all, From the announcement and also the long term plans (https://mbed-tls.readthedocs.io/en/latest/project/long-term-plans/) it is apparent that bignum/ecp operations on the public API will go away and usage will be restricted to internal only. I do understand and welcome the shift towards PSA API and to abandon the ALT interface for higher level legacy API crypto functions. However, I'm not so positive about removal of the bignum and ecp API. There are projects using those functions even in their PSA porting layer (Matter comes to mind: https://github.com/project-chip/connectedhomeip/blob/master/src/crypto/CHIP…) or projects using the bignum layer as abstraction (Zephyr hostap/wpa_supplicant: https://github.com/zephyrproject-rtos/hostap/tree/main/src/crypto, crypto_mbedtls*.c). There might be a case to support those functions to have (hardware-accelerated) low level building blocks for algorithms Mbed TLS doesn't yet or never will support. As other SSL libraries such as OpenSSL also expose similar API (BN_ and EC_POINT_ ), the removal in Mbed TLS will certainly leave a gap. What's the view here from the project team? Cheers, Gernot

1 year, 2 months

2
1
0 0

Requesting information for mbed-tls commercial license & support

by Kumar, Praveen

Hi, We are in the process of qualifying a suitable encryption library for our pre-hospital patient monitor and the telemedicine system. I am writing to request your guidance regarding the mbed-tls use for commercial purposes. I look forward to your response. Regards, Praveen Kumar R&D Project Manager Emergency Care Professional (EC-Pro) Philips Tel +44 (0) 1256 362427 Email praveen.m.kumar(a)philips.com<mailto:praveen.m.kumar@philips.com> Remote Diagnostic Technologies Limited. Registered office: Ascent 1, Farnborough Aerospace Centre, Aerospace Boulevard, Farnborough GU14 6XW, UK. Registered in England No. 3321782. [Logo Description automatically generated]<http://www.philips.com/> Connect with Philips [cid:image002.gif@01DAE7F8.0802FC50]<https://www.linkedin.com/company/philips/>[cid:image003.gif@01DAE7F8.0802FC50]<https://twitter.com/PhilipsHealth>[cid:image004.gif@01DAE7F8.0802FC50]<https://www.youtube.com/PhilipsHealthcare/videos> ________________________________ The information contained in this message may be confidential and legally protected under applicable law. The message is intended solely for the addressee(s). If you are not the intended recipient, you are hereby notified that any use, forwarding, dissemination, or reproduction of this message is strictly prohibited and may be unlawful. If you are not the intended recipient, please contact the sender by return e-mail and destroy all copies of the original message.

1 year, 2 months

3
6
0 0

Major changes in Mbed TLS 4.0

by Gilles Peskine

Hello, Following consultations with the community and internal discussions among the Mbed TLS maintenance team, we can now present the major changes that will happen in the next major version of Mbed TLS. Our plan remains to release in the second quarter of 2025. The next major version will focus on two things: 1. The cryptography library will be a separate product called TF-PSA-Crypto 1.0. The X.509 and TLS library will be called Mbed TLS 4.0, and will rely on TF-PSA-Crypto for all cryptographic functionality. 2. This release completes the migration of cryptography APIs from classic mbedtls APIs to PSA APIs. Please find more information below about what this means in practice. What follows are just headlines, not an exhaustive list of changes. We expect many small changes that do not affect major functionality. Please note that the changes presented here are our current plan. We may revise it based on new inputs, new insights or unexpected hurdles. You can follow the advancement of the design, planning and development of the next release on the 4.0+1.0 planning board at https://github.com/orgs/Mbed-TLS/projects/15/views/1 . Removal of legacy APIs The following low-level application interfaces will no longer be present in the API of TF-PSA-Crypto 1.0 and Mbed TLS 4.0: * Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h; * Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h; * Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h, chachapoly.h, cipher.h, cmac.h, gcm.h, poly1305.h; * Private key encryption mechanisms: pkcs5.h, pkcs12.h. * Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h, ecjpake.h, ecp.h, rsa.h. The cryptographic mechanisms remain present, but they will only be accessible via the PSA API (psa_xxx functions introduced gradually starting with Mbed TLS 2.17). If you maintain code that uses these interfaces, you can already start migrating it today, since almost all PSA interfaces are available in the mbedtls-3.6 long-time support branch (and many even in 2.28 LTS). Please consult the PSA transition guide https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/psa-transition.md for guidance. Some non-PSA crypto interfaces will still be present in TF-PSA-Crypto 1.0: * pk.h will remain with some changes, mainly to provide an interface to key parsing and formatting which does not have a PSA equivalent yet. * md.h will remain as a thin layer over PSA hash functions (not HMAC) to ease the transition. * nist_kw.h will remain because it does not have a PSA equivalent yet. Removal of legacy integration interfaces TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer support MBEDTLS_xxx_ALT replacement of functions and modules. Use PSA transparent drivers instead. TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer support MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C. Use PSA opaque drivers instead. TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer have the mbedtls/entropy.h interface to configure entropy sources. This will be replaced by PSA random drivers. In addition, we are planning to rework the platform abstraction layer (MBEDTLS_PLATFORM_xxx configuration options). More details will be available in the coming months. Removal of legacy mechanisms The following cryptographic mechanisms are planned to be removed in TF-PSA-Crypto 1.0 and Mbed TLS 4.0: * DES (including 3DES). * PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5). (OAEP, PSS, and PKCS#1v1.5 signature are staying.) * Finite-field Diffie-Hellman with custom groups. (RFC 7919 groups remain supported.) * Elliptic curves of size 225 bits or less. The following cipher suites are planned to be removed from (D)TLS 1.2 in Mbed TLS 4.0: * TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using RSA decryption. (RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.) * TLS_ECDH_*, i.e. cipher suites using static ECDH. (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.) * TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman. (Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.) * TLS_*CBC*, i.e. all cipher suites using CBC. Non-functional changes Due to the separation into two separate products (TF-PSA-Crypto and Mbed TLS), there will be major changes to the directory structure and to the build system. We plan to use CMake as the primary build system. Since TF-PSA-Crypto is a new product, identifiers that are not PSA interfaces (such as optimisation options and platform interfaces) will be renamed with a new prefix. Best regards, -- Gilles Peskine Mbed TLS developer

1 year, 2 months

3
4
0 0

Usage of ECB in AES mode

by Chaitanya Tata

Hi, ECB is unsecure, see https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation#Electronic_cod… and shouldn't be used in production. So, I have switched to one of CBC/CMAC/CTR modes, but in `mbedtls_cipher_cmac_starts` I see that it only accepts ECB variants, and also doesn't seem to be using the `type`. From https://github.com/Mbed-TLS/mbedtls/issues/8617 I see that ECB for AES was intentional, even for the CMAC API. Is this expected? 1. Is using ECB for CMAC API correct? 2.Shouldn't we remove the ECB altogether? Appreciate any clarifications. Cheers, Chaitanya.

1 year, 2 months

2
4
0 0

[Hyosung TNS] Request a quote for embedded encryption library

by SHIN JAE WHAN(신재환)

Dear Trusted Firmware, I’m Jay, an embedded security firmware developer at Hyosung TNS<https://global.hyosunginnovue.com/?lang_switch>. We are a company that manufactures ATMs. For cryptographic communication between ATM PC software and ATM devices, we are looking for a cryptographic library to apply to ATM devices(e.g. cash dispenser). If there is an appropriate library that meets the requirements below, I would appreciate it if you could provide us an estimate. If custom development is required, I would also like to know the expected development period. [Development environment] - CPU : TI AM1806(ARM9) - Compiler : ARM DS-5(armcc) - RTOS : ThreadX - C language - No dynamic allocation - VFP(Vectored Floating Point) not supported [Security Features] - RSA(2048bits) : Certificate and signature verification, Data encryption and decryption - ECC(256bits) : Generating a symmetric key using ECDH and ECDSA - 3DES, AES, AEAD, SHA256, HMAC256, etc : Algorithms related to data encryption and decryption - Random : Prevent replay attacks Please contact me if you have any questions. Best Regards, Jay [cid:image001.png@01DAE289.1B3D4C90] Jaewhan Shin Performance Manager | CISSP | Firmware Development Team Suseo Bldg., 281, Gwangpyeong-ro, Gangnam-gu, Seoul, 06349 Korea t. 82-2-6181-2480, m. 82-10-8158-3015 e. jaewhan.shin(a)hyosung.com<mailto:jaewhan.shin@hyosung.com> hyosunginnovue.com<https://hyosunginnovue.com/> [cid:image002.png@01DAE289.1B3D4C90]<https://www.linkedin.com/company/hyosung-tns/> [cid:image003.png@01DAE289.1B3D4C90] <https://www.youtube.com/@hyosungtns3918> HYOSUNG TNS, Inc. Email Disclaimer. This communication, including attachments, is intended only for the exclusive use of addressee and may contain proprietary, confidential, or privileged information. Any use, review, duplication, disclosure, dissemination, or distribution is strictly prohibited. If you were not the intended recipient, and you have received this communication in error, please notify sender immediately by return e-mail, delete this communication, and destroy any copies.

1 year, 3 months

1
0
0 0

TLS 1.3 failures in Mbed TLS 3.6.0

by Gilles Peskine

Hello, Mbed TLS 3.6.0 was the first release to enable TLS 1.3 support by default. Unfortunately, this breaks many applications that open a TLS connection with default settings, which are now negotiating TLS 1.3 instead of TLS 1.2, but hit a difference in how Mbed TLS 3.6.0 implements the two versions of the protocol. The most common symptom is: you are using the default configuration (or something close), and your application fails in the handshake with an internal error whenever it negotiates TLS 1.3. To resolve this, call psa_crypto_init() before starting a TLS handshake. For a list of other known issues, please see https://github.com/Mbed-TLS/mbedtls/issues/9223 If you are encountering a problem due to the enablement of TLS 1.3 that is not listed on that page, please let us know by opening an issue on GitHub. If no workaround or patch is available for your problem yet, you can disable TLS 1.3 by calling mbedtls_ssl_conf_max_tls_version(ssl_config, MBEDTLS_SSL_VERSION_TLS1_2) before mbedtls_ssl_setup(). We are planning to fix all the issues listed on that page before the 3.6.1 patch release. We do not yet have a date for the 3.6.1 release. Best regards, -- Gilles Peskine Mbed TLS developer

1 year, 3 months

2
1
0 0

2025

2024

2023

2022

2021

2020

mbed-tls