- mbed-tls - lists.trustedfirmware.org

Re: [Mbed-tls-announce] New Mbed TLS releases : 3.5.0 and 2.28.5

by Oubaid AKRMI

Hi, Is the SHA-3 impacted by the vulnerability reported in NIST vulnerability database (link below) ? https://nvd.nist.gov/vuln/detail/CVE-2022-37454 "Description The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. " Best regards, [Shape, rectangle Description automatically generated] Oubaid AKRMI | Mobile: +33 7 53 06 08 49 GPM | Application Security Engineer [Icon Description automatically generated]<https://www.facebook.com/STMicroelectronics.NV/> [cid:image003.png@01D9FD35.14D24980] <https://twitter.com/st_world> [Icon Description automatically generated] <https://www.linkedin.com/company/stmicroelectronics/> [Icon Description automatically generated] <https://www.instagram.com/stmicroelectronics.nv/> [Icon Description automatically generated] <https://www.youtube.com/user/STonlineMedia> ST online: www.st.com<https://stmicroelectronics-my.sharepoint.com/personal/oubaid_akrmi_st_com/D…>

1 year, 11 months

2
1
0 0

Link to MBed TLS Tech Forum - Asia/Europe

by Daniel Morris

Just in case others are struggling to join/had a bad bookmark for the meeting which started a few minutes ago, the right one is: https://linaro-org.zoom.us/j/95471735908?pwd=WStaaWhEVXNqcWx1S2pEQU13cHU2UT… Also handily listed here: https://www.trustedfirmware.org/meetings/ Daniel %<---------------------------------------------------------------------- Daniel Morris eCosCentric - The eCos experts Tel: +44 1223 245 571 - info(a)eCosCentric.com

1 year, 11 months

1
0
0 0

psa_raw_key_agreement does not like PSA_ALG_ECDSA(PSA_ALG_SHA_256)

by Christian Huitema

I am not sure I completely understand the PSA API for key exchange. I have been creating a private key, exporting the public key, passing that successfully to the peer, obtaining the peer's public key, and I want to use psa_raw_key_agreement to obtain the shared secret. But it fails in: if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) { status = PSA_ERROR_INVALID_ARGUMENT; goto exit; } The value of "alg" is 0x06000609, computed as PSA_ALG_ECDSA(PSA_ALG_SHA_256). That's probably wrong, but I do not know why... -- Christian Huitema

2 years

1
1
0 0

Output format of mbedtls_ecdh_make_params does not play well with TLS 1.3

by Christian Huitema

In TLS 1.3, one half of an ECDH exchange is defined as a "key entry", coded as: struct { NamedGroup group; opaque key_exchange<1..2^16-1>; } KeyShareEntry; The opaque data is typically encoded as a one byte format (e.g., 0x04, no compression), and then the encoding of either one or two points: 32 bytes for one point with CURVE25519, 64 bytes for two points with SECP256R1. The encoding for the "public key" output of mbedtls_ecdh_make_params is different: 1 byte of length, followed by 2 bytes of curve ID, followed by the raw encoding of the point or points. The related encoding of the server public key output of mbedtls_ecdh_make_public is also different: 1 byte of length, followed by 2 bytes of curve ID, followed by the raw encoding of the point or points. To make that work, I need some reformatting: strip out 3 bytes for the client public key, write a single 0x04 byte instead; strip out one byte from the key-exchange data received at the server and write 3 bytes of length and curve ID instead. Also, make sure to reset the strings to the unmodified value before calling mbedtls_ecdh_calc_secret, which probably means maintaining two copies, thus twice the memory. This is a bit messy, and probably unnecessary. The extra parameters "length" is already passed through the API (the &olen argument) and the "group_id" could easily be passed as well. Or maybe I am looking at the wrong API... -- Christian Huitema

2 years

3
7
0 0

TLS handshake with AWS IoT MQTT broker seems to succeed and then is terminated by the broker

by Roger Sala

I am developing an AWS IoT MQTT client on STM32H723 using FreeRTOS 10.3.1, LwIP 2.1.2 and MbedTLS. My first attempt used MbedTLS 2.16.2 and it mostly works except that sometimes, seemingly related to the timing of the network I'm using, it fails when my client fails to send out anything after the Client Key Exchange message and then the server responds with a Close Notify as follows: "Time","Source","Destination","Protocol","Length","Info" "0.000000","10.24.108.94","54.157.158.237","TLSv1.2","418","Client Hello" "0.016460","54.157.158.237","10.24.108.94","TLSv1.2","150","Server Hello" "0.002777","54.157.158.237","10.24.108.94","TLSv1.2","685","Certificate" "0.000000","54.157.158.237","10.24.108.94","TLSv1.2","438","Server Key Exchange, Certificate Request, Server Hello Done" "0.976521","10.24.108.94","54.157.158.237","TLSv1.2","1006","Certificate, Client Key Exchange" "0.014853","54.157.158.237","10.24.108.94","TLSv1.2","61","Alert (Level: Warning, Description: Close Notify)" When it works it looks like this: "Time","Source","Destination","Protocol","Length","Info" "0.000000000","10.0.0.11","54.84.254.130","TLSv1.2","418","Client Hello" "0.017495225","54.84.254.130","10.0.0.11","TLSv1.2","150","Server Hello" "0.001743255","54.84.254.130","10.0.0.11","TLSv1.2","685","Certificate" "0.000022282","54.84.254.130","10.0.0.11","TLSv1.2","392","Server Key Exchange" "0.000004428","54.84.254.130","10.0.0.11","TLSv1.2","100","Certificate Request, Server Hello Done" "2.606030441","10.0.0.11","54.84.254.130","TLSv1.2","1326","Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message" "0.027421478","54.84.254.130","10.0.0.11","TLSv1.2","105","Change Cipher Spec, Encrypted Handshake Message" "0.000971482","10.0.0.11","54.84.254.130","TLSv1.2","193","Application Data" "0.075384354","54.84.254.130","10.0.0.11","TLSv1.2","87","Application Data" The last two "Application Data" messages are the MQTT connect and connect ACK, So before I filed a bug report, I upgraded to MbedTLS 2.28.4. The good news is that this client always (seems) to successfully negotiate the TLS handshake, but after receiving the first encrypted "Application Data" (connect), the broker immediately sends and "Encrypted Alert", which I'm taking to be a Close Notify because a TCP FIN follows shortly thereafter. The Wireshark capture of the 2.28.4 handshake looks almost exactly like the successful 2.16.2 handshake: "Time","Source","Destination","Protocol","Length","Info" "0.000000000","10.0.0.11","44.195.98.16","TLSv1.2","336","Client Hello" "0.018450117","44.195.98.16","10.0.0.11","TLSv1.2","150","Server Hello" "0.000524146","44.195.98.16","10.0.0.11","TLSv1.2","685","Certificate" "0.000003168","44.195.98.16","10.0.0.11","TLSv1.2","392","Server Key Exchange" "0.000002995","44.195.98.16","10.0.0.11","TLSv1.2","100","Certificate Request, Server Hello Done" "2.517148776","10.0.0.11","44.195.98.16","TLSv1.2","1329","Certificate, Client Key Exchange, Certificate Verify, Change Cipher Spec, Encrypted Handshake Message" "0.016572792","44.195.98.16","10.0.0.11","TLSv1.2","60","Change Cipher Spec" "0.000007326","44.195.98.16","10.0.0.11","TLSv1.2","99","Encrypted Handshake Message" "0.001500778","10.0.0.11","44.195.98.16","TLSv1.2","193","Application Data" "0.031014646","44.195.98.16","10.0.0.11","TLSv1.2","85","Encrypted Alert" ... except for the "Encrypted Alert" from the broker that leads to the closing of the session. I'm hoping someone has an explanation of the behavior I'm seeing and can suggest a path forward for me. Another data point is the fact that the client with MbedTLS 2.28.4 can successfully authentic and negotiate a TLS handshake with a mosquitto broker I'm running locally using self signed certificates. ====================================================================== The information contained in this e-mail, including all of its attachments, is confidential and proprietary information of IPG Photonics and its affiliates and intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately notify the sender by telephone or e-mail, and destroy this communication and all copies. Thank you. ======================================================================= This Email has been scanned for all viruses by IPG Photonics Email Scanning Services.

2 years

1
0
0 0

Reminder: MBed TLS Tech Forum - Asia/Europe

by Don Harbin

Hi All, A gentle reminder that the Asia-Europe timezone-friendly MBed TLS Tech forum is *next Monday at 10:00am PM UK time.* Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org ReplyReply to allForward

2 years

2
2
0 0

New TrustedFirmware Discord Server

by Don Harbin

Hi All, Note you may have received another instance of this note but when I attempted to send to all TF ML's simultaneously it seemed to fail, so sending to each one at a time. Sorry about that. :/ We've created a Discord Server for real time chats/sharing. This solution comes at no cost to the project, is set up with channels for each project, includes a #general channel, and supports direct 1-1 chats between members, all with the goal of improving collaboration between trustedfirmware.org developers. We encourage all to join! :) Instructions for joining can be found on the TF.org FAQ page <https://www.trustedfirmware.org/faq/>. See you all there and please don't hesitate to reach out if you have any questions! Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

2 years

1
0
0 0

New TrustedFirmware Discord Server

by don.harbin＠linaro.org

The content of this message was lost. It was probably cross-posted to multiple lists and previously handled on another list.

2 years

1
0
0 0

Does mbedtls support x509 certificates signed wih ED448 algorithm?

by Bahadır Maktav

Hi, I am trying to use a certificate with its public key algorithm is NIST P-384 and its signature algorithm is ED448. I am working on ESP board with IDF framework which supports mbedtls. But when I am trying to use that certificate, I got error message about 'MBEDTLS_ERR_X509_UNKOWN_SIG_ALG'. So, I thought that maybe mbedtls does not support certificates which signed with ED448.

2 years

2
1
0 0

Does mbedtls support x509 certificates signed wih ED448 algorithm?

by Bahadır Maktav

Hi, I am trying to use a certificate with its public key algorithm is NIST P-384 and its signature algorithm is ED448. I am working on ESP board with IDF framework which supports mbedtls. But when I am trying to use that certificate, I got error message about 'MBEDTLS_ERR_X509_UNKOWN_SIG_ALG'. So, I thought that maybe mbedtls does not support certificates which signed with ED448.

2 years

1
0
0 0

Example of AEAD decrypt?

by Christian Huitema

The example of AEAD encryption in "aead_demo" is very useful. Is there a similar example for decryption? -- Christian Huitema

2 years

2
1
0 0

Does mbedTLS TLS1.3 only support PSK?

by Thompson, Jeff

I've got mbedTLS 3.1.4 and want to use TLS 1.3. My handshake fails very early because I don't have any Pre-Shared Keys. Does mbedTLS TLS1.3 only support PSKs, or can I still use generated session keys as does TLS 1.2? If so, how? Jeff Thompson | Senior Electrical Engineer - Firmware +1 704 752 6513 x1394 www.invue.com [cid:image001.gif@01D9D729.620C6230]

2 years, 1 month

2
2
0 0

Silly python problem when building on MacOS

by Christian Huitema

Hello, I am trying to build MbedTLS on a Mac, as part of a project to support MbedTLS in the "picoquic" implementation of QUIC. I have a small problem, probably something of my making. I have cloned the repo on an "mbedtls" directory, created a "build" subdirectory, and from there run"cmake ..", which worked fine, and then tried to run "make", which fails in "generating psa_crypto_driver_wrapper.c" when trying the python script "generate_driver_wrappers.py" because it cannot find the python module "jsonschema". I tried to solve that by installing that module using "pip", and test programs running python3 do find the "jsonschema". Calling print(jsonschema.__file__) shows the module is installed in my user directory: /users/christianhuitema/Library/python3.9/lib/python/... Is there a simple way to fix that? -- Christian Huitema

2 years, 1 month

2
4
0 0

Certificate Revocation

by ahmed bouzid

Hello, I'm currently engaged in a project where I'm utilizing mbedtls for the management of certificates. Within this project, I'm aiming to integrate a revocation feature using Certificate Revocation Lists (CRLs). However, my search for resources on how to effectively implement a comprehensive certificate revocation process using mbedtls has unfortunately yielded no productive outcomes. I am concerned about how to first create a crl file and sign it using my self-signed CA, how to revocate a certificate if we need to revocate it, and how to update the CRL, then when parsing the cert how to detect that this certificate has been revocated. ( I am using LPCXpresso55S16 as a client and raspberry pi as a server and I am doing all with coding). Thank you in advance for your support. Best regards, Ahmed.

2 years, 1 month

2
1
0 0

Custom MBEDTLS_CONFIG_FILE with CMake subproject

by mickael.bonjour＠cysec.com

Hello, I need some help to setup mbedtls as a CMake subproject, I added it as a subdirectory in my CMakeLists. However, I can't figure out how to use my own config file for mbedtls (MBEDTLS_CONFIG_FILE option to the file I want as a config file). When I put my custom config file to the include folder of mbedtls in the place of the original mbedtls_config.h file it works wel,l but it's not a future-proof option for me, is there anyone that could help me with this setup ?

2 years, 1 month

2
1
0 0

Missing PSA wrapper for MAC verify

by Ruchika Gupta

Hi, I have noticed that PSA driver wrapper function is missing for single part MAC verify function. In the current implementation, it calls the MAC compute wrapper and does the comparison using mbedtls_psa_safer_memcmp. The hardware I am working on allows the complete process to be offloaded to it. Can we have an option for the same in wrapper layer for PSA for MAC verify ? Regards, Ruchika

2 years, 1 month

2
2
0 0

New releases: Mbed TLS 3.4.1 and 2.28.4 LTS

by Dave Rodgman

Hi Mbed TLS users, We are releasing Mbed TLS 3.4.1 and 2.28.4 LTS. As the point release suggests, this is a small update which primarily addresses some expiring test certificates. Full details are available via the release notes: https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.4.1 https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Thanks, The Mbed TLS team

2 years, 1 month

1
0
0 0

Updated invitation: MBed TLS Technical Forum - Asia @ Every 4 weeks from 3am to 3:50am on Monday from Mon Jan 30 to Sun Aug 13 (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been updated Changed: time MBed TLS Technical Forum - Asia Every 4 weeks from 3am to 3:50am on Monday from Monday Jan 30 to Sunday Aug 13 Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum - Asia Time: Nov 8, 2021 10:00 AM London Every 4 weeks on Mon, 20 occurrence(s) Nov 8, 2021 10:00 AM Dec 6, 2021 10:00 AM Jan 3, 2022 10:00 AM Jan 31, 2022 10:00 AM Feb 28, 2022 10:00 AM Mar 28, 2022 10:00 AM Apr 25, 2022 10:00 AM May 23, 2022 10:00 AM Jun 20, 2022 10:00 AM Jul 18, 2022 10:00 AM Aug 15, 2022 10:00 AM Sep 12, 2022 10:00 AM Oct 10, 2022 10:00 AM Nov 7, 2022 10:00 AM Dec 5, 2022 10:00 AM Jan 2, 2023 10:00 AM Jan 30, 2023 10:00 AM Feb 27, 2023 10:00 AM Mar 27, 2023 10:00 AM Apr 24, 2023 10:00 AM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJ0kc-GsqDktHNGa8CWl6wJ7je6CKD-5zgh8/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt Guests Don Harbin - creator nnac123(a)gmail.com santosdanillo(a)gmail.com schoenle.thomas(a)googlemail.com psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org kris.kwiatkowski(a)pqshield.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=MzE1cHJuZGxwMDFo… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=MzE1cHJuZGxwMDFo… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 1 month

1
0
0 0

Updated invitation: MBed TLS Technical Forum - Asia @ Every 4 weeks from 2am to 2:50am on Monday 3 times (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been updated Changed: time, description MBed TLS Technical Forum - Asia Every 4 weeks from 2am to 2:50am on Monday 3 times Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS - AsisTime: Aug 14, 2023 10:00 AM London Every 4 weeks on Mon, 20 occurrence(s) Aug 14, 2023 10:00 AM Sep 11, 2023 10:00 AM Oct 9, 2023 10:00 AM Nov 6, 2023 10:00 AM Dec 4, 2023 10:00 AM Jan 1, 2024 10:00 AM Jan 29, 2024 10:00 AM Feb 26, 2024 10:00 AM Mar 25, 2024 10:00 AM Apr 22, 2024 10:00 AM May 20, 2024 10:00 AM Jun 17, 2024 10:00 AM Jul 15, 2024 10:00 AM Aug 12, 2024 10:00 AM Sep 9, 2024 10:00 AM Oct 7, 2024 10:00 AM Nov 4, 2024 10:00 AM Dec 2, 2024 10:00 AM Dec 30, 2024 10:00 AM Jan 27, 2025 10:00 AMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJEpcOivrT4jGtzyd1M9ASL221VfGUYcCKhw/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/95471735908?pwd=WStaaWhEVXNqcWx1S2pEQU13cHU2UT09Meeting ID: 954 7173 5908Passcode: 300608---One tap mobile+13462487799,,95471735908# US (Houston)+16694449171,,95471735908# US---Dial by your location• +1 346 248 7799 US (Houston)• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 689 278 1000 US• +1 301 715 8592 US (Washington DC)• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 954 7173 5908Find your local number: https://linaro-org.zoom.us/u/aEkjrvuAZ Guests Don Harbin - creator nnac123(a)gmail.com santosdanillo(a)gmail.com schoenle.thomas(a)googlemail.com psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org kris.kwiatkowski(a)pqshield.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=MzE1cHJuZGxwMDFo… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=MzE1cHJuZGxwMDFo… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 1 month

1
0
0 0

Updated invitation: MBed TLS Technical Forum - US @ Every 4 weeks from 8:30am to 9:30am on Monday (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been updated Changed: title, description MBed TLS Technical Forum - US Every 4 weeks from 8:30am to 9:30am on Monday Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting.Trusted Firmware is inviting you to a scheduled Zoom meeting.Topic: MBed TLS Tech Forum - USTime: Aug 28, 2023 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Aug 28, 2023 04:30 PM Sep 25, 2023 04:30 PM Oct 23, 2023 04:30 PM Nov 20, 2023 04:30 PM Dec 18, 2023 04:30 PM Jan 15, 2024 04:30 PM Feb 12, 2024 04:30 PM Mar 11, 2024 04:30 PM Apr 8, 2024 04:30 PM May 6, 2024 04:30 PM Jun 3, 2024 04:30 PM Jul 1, 2024 04:30 PM Jul 29, 2024 04:30 PM Aug 26, 2024 04:30 PM Sep 23, 2024 04:30 PM Oct 21, 2024 04:30 PM Nov 18, 2024 04:30 PM Dec 16, 2024 04:30 PM Jan 13, 2025 04:30 PM Feb 10, 2025 04:30 PMPlease download and import the following iCalendar (.ics) files to your calendar system.Weekly: https://linaro-org.zoom.us/meeting/tJ0udu2spj0vHtbQtlCmHwhHCT7ECtJI39J4/ics… Zoom Meetinghttps://linaro-org.zoom.us/j/99314486542?pwd=Q1ZjaFhQeDRrQWxsa3MvT1Mwditqdz09Meeting ID: 993 1448 6542Passcode: 628327---One tap mobile+13462487799,,99314486542# US (Houston)+16694449171,,99314486542# US---Dial by your location• +1 346 248 7799 US (Houston)• +1 669 444 9171 US• +1 669 900 9128 US (San Jose)• +1 719 359 4580 US• +1 253 205 0468 US• +1 253 215 8782 US (Tacoma)• +1 360 209 5623 US• +1 386 347 5053 US• +1 507 473 4847 US• +1 564 217 2000 US• +1 646 558 8656 US (New York)• +1 646 931 3860 US• +1 689 278 1000 US• +1 301 715 8592 US (Washington DC)• +1 305 224 1968 US• +1 309 205 3325 US• +1 312 626 6799 US (Chicago)• 877 853 5247 US Toll-free• 888 788 0099 US Toll-freeMeeting ID: 993 1448 6542Find your local number: https://linaro-org.zoom.us/u/adSjuOyMhI Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org nnac123(a)gmail.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 1 month

1
0
0 0

Updated invitation: MBed TLS Technical Forum @ Every 4 weeks from 9:30am to 10:30am on Monday (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been updated MBed TLS Technical Forum Every 4 weeks from 9:30am to 10:30am on Monday Mountain Standard Time - Phoenix Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y Guests psa-crypto(a)lists.trustedfirmware.org mbed-tls(a)lists.trustedfirmware.org nnac123(a)gmail.com View all guest info https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Reply for mbed-tls(a)lists.trustedfirmware.org and view more details https://calendar.google.com/calendar/event?action=VIEW&eid=ZGExMnNqcDB1MDFm… Your attendance is optional. ~~//~~ Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this email because you are an attendee on the event. To stop receiving future updates for this event, decline this event. Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more https://support.google.com/calendar/answer/37135#forwarding

2 years, 1 month

1
0
0 0

Reminder: MBed TLS Tech Forum - US/Europe External

by Don Harbin

Hi All, A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum is next Monday at 4:30 PM UK time. Invite details can be found on the online calendar here <https://www.trustedfirmware.org/meetings/>. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

2 years, 2 months

1
0
0 0

mbedtls_pk_verify verify report MBEDTLS_ERR_RSA_VERIFY_FAILED

by yang ming

When `mbedtls_pk_verify` is used to verify digital signatures generated by openssl, the MBEDTLS_ERR_RSA_VERIFY_FAILED error occurs, openssl Specifies the command used to generate a certificate: ```bash openssl md5 -sign private.key -out sign test.md ``` But when I use `mbedtls_pk_sign(&pk_pri_ctx, MBEDTLS_MD_MD5, md, 0, sign_info, sizeof(sign_info), &size, mbedtls_ctr_drbg_random, &ctrl_drbg)` Generating the signature and using `mbedtls_pk_verify` results are successful, Print the signatures generated by mbedtls are not found to be the same as those generated by openssl. Please help。 mbedtls version: ```c #define MBEDTLS_VERSION_STRING "3.4.0" #define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.4.0" ``` openssl version: ```c OpenSSL 1.1.1 11 Sep 2018 ```

2 years, 2 months

2
1
0 0

PSA crypto drivers

by Ruchika Gupta

Hi, I am currently working on PSA driver for our SoC's security crypto-processor. This processor needs to do some handling when a key is destroyed. In the current implementation in mbedTLS, I don't see a driver wrapper function available in psa_destroy_key(). Is there a specific reason for not having wrapper for driver function available for psa_destroy_key() ? Another query pertaining to the tests in the testsuite in mbedTLS. I was exploring if I could reuse the tests for the crypto-processor implementation. Have these been written with this kind of reuse in mind ? Basically I would like the ability to add driver location to the cases. The few cases I have looked at for psa seem to be very specific. Any pointers/suggestions if anyone is reusing this test suite to test their specific PSA drivers? Regards, Ruchika

2 years, 2 months

2
1
0 0

Crash observed while using MBED-TLS

by Ajay Mishra

Hi All, Thank you for sharing the MBED-TLS open source platform. I need help with on of the crashes that I am observing right now. Below are my setup details: Below are my setup details: System information Client side setup Platform : Micro controller based platform stm32 OS : FreeRTOS Compiler: gcc-arm-none-eabi-8-2019-q3-update Below is the backtrace: (gdb) bt #0 panicCB (file=0xc94d7 "memory", line=734, message=0x2000ff50 <sli_wisun_event_loop_task_stack+4224> "Ajay Malloc Failed 88") at build/3pp/freertos/FreeRTOS/Source/include/../../Source/portable/GCC/ARM_CM3/portmacro.h:237 #1 0x0003b2ae in panicHalt_ (file=file@entry=0xc94d7 "memory", line=line@entry=734, message=<optimized out>) at src/platform/core/assert.c:34 #2 0x0003bf0a in reallocInternal (p=<optimized out>, size=68, zeroFill=<optimized out>, file=0xc94d7 "memory", line=734) at src/platform/core/memory.c:317 #3 0x0003c2d8 in reallocWrapper (p=p@entry=0x0, size=<optimized out>, zeroFill=zeroFill@entry=true, file=file@entry=0xc94d7 "memory", line=line@entry=734) at src/platform/core/memory.c:673 #4 0x0003c350 in platformCalloc (n=<optimized out>, size=<optimized out>) at src/platform/core/memory.c:734 #5 0x00043dac in mbedtls_mpi_grow (nblimbs=17, X=0x2001001c <sli_wisun_event_loop_task_stack+4428>) at build/3pp/mbedtls/library/bignum.c:125 #6 mbedtls_mpi_grow (X=0x2001001c <sli_wisun_event_loop_task_stack+4428>, nblimbs=17) at build/3pp/mbedtls/library/bignum.c:115 #7 0x0004414a in mbedtls_mpi_shift_l (X=X@entry=0x2001001c <sli_wisun_event_loop_task_stack+4428>, count=count@entry=256) at build/3pp/mbedtls/library/bignum.c:1016 #8 0x00044818 in mbedtls_mpi_div_mpi (Q=Q@entry=0x0, R=R@entry=0x200100bc <sli_wisun_event_loop_task_stack+4588>, A=A@entry=0x200100bc <sli_wisun_event_loop_task_stack+4588>, B=B@entry=0x200101d0 <sli_wisun_event_loop_task_stack+4864>) at build/3pp/mbedtls/library/bignum.c:1812 #9 0x00044a46 in mbedtls_mpi_mod_mpi (R=R@entry=0x200100bc <sli_wisun_event_loop_task_stack+4588>, A=A@entry=0x200100bc <sli_wisun_event_loop_task_stack+4588>, B=B@entry=0x200101d0 <sli_wisun_event_loop_task_stack+4864>) at build/3pp/mbedtls/library/bignum.c:1917 #10 0x00046486 in ecdsa_verify_restartable (grp=grp@entry=0x20010184 <sli_wisun_event_loop_task_stack+4788>, buf=buf@entry=0x200102a4 <sli_wisun_event_loop_task_stack+5076> "c;\371\274\231xF\004 \207\005\271\257\177\266\224\234\212\205Є\331\366D\304L<\243\303f\246j\250\370\001 ", blen=blen@entry=32, Q=Q@entry=0x2001020c <sli_wisun_event_loop_task_stack+4924>, r=r@entry=0x20010120 <sli_wisun_event_loop_task_stack+4688>, s=s@entry=0x2001012c <sli_wisun_event_loop_task_stack+4700>, rs_ctx=0x0) at build/3pp/mbedtls/library/ecdsa.c:649 #11 0x00046660 in mbedtls_ecdsa_read_signature_restartable (ctx=ctx@entry=0x20010184 <sli_wisun_event_loop_task_stack+4788>, hash=hash@entry=0x200102a4 <sli_wisun_event_loop_task_stack+5076> "c;\371\274\231xF\004 \207\005\271\257\177\266\224\234\212\205Є\331\366D\304L<\243\303f\246j\250\370\001 ", hlen=hlen@entry=32, sig=sig@entry=0x2001d2e1 "0D\002 r\203\237\331\v\346J*m\312\326\346\004+\a\377\373bX\016\233خ\346\030\356\311Nk\270\341L\002 h;\b\301\206\215\346\005\021c\"|\026\353𦕟\327\300ģ\221\\\324s\n^GW", <incomplete sequence \314>, slen=slen@entry=70, rs_ctx=rs_ctx@entry=0x0) at build/3pp/mbedtls/library/ecdsa.c:881 #12 0x0004668e in mbedtls_ecdsa_read_signature (ctx=ctx@entry=0x20010184 <sli_wisun_event_loop_task_stack+4788>, hash=hash@entry=0x200102a4 <sli_wisun_event_loop_task_stack+5076> "c;\371\274\231xF\004 \207\005\271\257\177\266\224\234\212\205Є\331\366D\304L<\243\303f\246j\250\370\001 ", hlen=hlen@entry=32, sig=sig@entry=0x2001d2e1 "0D\002 r\203\237\331\v\346J*m\312\326\346\004+\a\377\373bX\016\233خ\346\030\356\311Nk\270\341L\002 h;\b\301\206\215\346\005\021c\"|\026\353𦕟\327\300ģ\221\\\324s\n^GW", <incomplete sequence \314>, slen=slen@entry=70) at build/3pp/mbedtls/library/ecdsa.c:832 #13 0x0004a830 in ecdsa_verify_wrap (ctx=ctx@entry=0x20010184 <sli_wisun_event_loop_task_stack+4788>, md_alg=md_alg@entry=MBEDTLS_MD_SHA256, hash=hash@entry=0x200102a4 <sli_wisun_event_loop_task_stack+5076> "c;\371\274\231xF\004 \207\005\271\257\177\266\224\234\212\205Є\331\366D\304L<\243\303f\246j\250\370\001 ", hash_len=hash_len@entry=32, sig=sig@entry=0x2001d2e1 "0D\002 r\203\237\331\v\346J*m\312\326\346\004+\a\377\373bX\016\233خ\346\030\356\311Nk\270\341L\002 h;\b\301\206\215\346\005\021c\"|\026\353𦕟\327\300ģ\221\\\324s\n^GW", <incomplete sequence \314>, sig_len=sig_len@entry=70) at build/3pp/mbedtls/library/pk_wrap.c:633 #14 0x0004a872 in eckey_verify_wrap (ctx=<optimized out>, md_alg=<optimized out>, hash=0x200102a4 <sli_wisun_event_loop_task_stack+5076> "c;\371\274\231xF\004 \207\005\271\257\177\266\224\234\212\205Є\331\366D\304L<\243\303f\246j\250\370\001 ", hash_len=32, sig=0x2001d2e1 "0D\002 r\203\237\331\v\346J*m\312\326\346\004+\a\377\373bX\016\233خ\346\030\356\311Nk\270\341L\002 h;\b\301\206\215\346\005\021c\"|\026\353𦕟\327\300ģ\221\\\324s\n^GW", <incomplete sequence \314>, sig_len=70) at build/3pp/mbedtls/library/pk_wrap.c:252 #15 0x0004a3de in mbedtls_pk_verify (ctx=ctx@entry=0x2001ce48, md_alg=<optimized out>, hash=<optimized out>, hash_len=<optimized out>, sig=0x2001d2e1 "0D\002 r\203\237\331\v\346J*m\312\326\346\004+\a\377\373bX\016\233خ\346\030\356\311Nk\270\341L\002 h;\b\301\206\215\346\005\021c\"|\026\353𦕟\327\300ģ\221\\\324s\n^GW", <incomplete sequence \314>, sig_len=70) at build/3pp/mbedtls/library/pk.c:326 #16 0x0004a55c in mbedtls_pk_verify_ext (type=<optimized out>, options=<optimized out>, ctx=ctx@entry=0x2001ce48, md_alg=<optimized out>, hash=<optimized out>, hash@entry=0x200102a4 <sli_wisun_event_loop_task_stack+5076> "c;\371\274\231xF\004 \207\005\271\257\177\266\224\234\212\205Є\331\366D\304L<\243\303f\246j\250\370\001 ", hash_len=<optimized out>, hash_len@entry=32, sig=0x2001d2e1 "0D\002 r\203\237\331\v\346J*m\312\326\346\004+\a\377\373bX\016\233خ\346\030\356\311Nk\270\341L\002 h;\b\301\206\215\346\005\021c\"|\026\353𦕟\327\300ģ\221\\\324s\n^GW", <incomplete sequence \314>, sig_len=70) at build/3pp/mbedtls/library/pk.c:390 #17 0x0004feb4 in x509_crt_check_signature (rs_ctx=<optimized out>, parent=0x2001cd7c, child=0x2001f8a8) at build/3pp/mbedtls/library/x509_crt.c:2474 #18 x509_crt_find_parent_in (rs_ctx=<optimized out>, self_cnt=<optimized out>, path_cnt=<optimized out>, top=<optimized out>, r_signature_is_good=<optimized out>, r_parent=<optimized out>, candidates=<optimized out>, child=<optimized out>) at build/3pp/mbedtls/library/x509_crt.c:2612 #19 x509_crt_find_parent (rs_ctx=<optimized out>, self_cnt=<optimized out>, path_cnt=<optimized out>, signature_is_good=<optimized out>, parent_is_trusted=<optimized out>, parent=<optimized out>, trust_ca=<optimized out>, child=<optimized out>) at build/3pp/mbedtls/library/x509_crt.c:2709 #20 x509_crt_verify_chain (f_ca_cb=0x0, p_ca_cb=0x0, rs_ctx=0x0, ver_chain=0x200102c4 <sli_wisun_event_loop_task_stack+5108>, profile=0xcd08c <mbedtls_x509_crt_profile_default>, ca_crl=0x0, trust_ca=0x2001cd7c, crt=0x2001f8a8) at build/3pp/mbedtls/library/x509_crt.c:2919 #21 x509_crt_verify_restartable_ca_cb (crt=crt@entry=0x2001f8a8, trust_ca=trust_ca@entry=0x2001cd7c, ca_crl=0x0, profile=0xcd08c <mbedtls_x509_crt_profile_default>, cn=0x0, flags=0x2001dd30, f_vrfy=0x695f1 <tls_sec_prot_lib_x509_crt_verify>, p_vrfy=0x2001c8a0, rs_ctx=0x0, p_ca_cb=0x0, f_ca_cb=0x0) at build/3pp/mbedtls/library/x509_crt.c:3150 --Type <RET> for more, q to quit, c to continue without paging-- #22 0x00050090 in mbedtls_x509_crt_verify_restartable (crt=crt@entry=0x2001f8a8, trust_ca=trust_ca@entry=0x2001cd7c, ca_crl=<optimized out>, profile=<optimized out>, cn=0x0, flags=0x2001dd30, f_vrfy=0x695f1 <tls_sec_prot_lib_x509_crt_verify>, p_vrfy=0x2001c8a0, rs_ctx=rs_ctx@entry=0x0) at build/3pp/mbedtls/library/x509_crt.c:3258 #23 0x00058f7c in ssl_parse_certificate_verify (rs_ctx=0x0, chain=0x2001f8a8, authmode=<optimized out>, ssl=0x2001c918) at build/3pp/mbedtls/library/ssl_tls.c:2542 #24 mbedtls_ssl_parse_certificate (ssl=ssl@entry=0x2001c918) at build/3pp/mbedtls/library/ssl_tls.c:2795 #25 0x00051d1c in mbedtls_ssl_handshake_client_step (ssl=0x2001c918) at build/3pp/mbedtls/library/ssl_cli.c:4295 #26 0x00058210 in mbedtls_ssl_handshake_step (ssl=0x2001c918) at build/3pp/mbedtls/library/ssl_tls.c:5668 #27 0x00069922 in tls_sec_prot_lib_process () #28 0x0006b442 in client_tls_sec_prot_state_machine () #29 0x00069af8 in tls_sec_prot_receive () #30 0x00068072 in supp_eap_tls_sec_prot_state_machine () #31 0x000627b8 in supp_eap_tls_sec_prot_receive () #32 0x0006d28c in kmp_eapol_pdu_if_receive () #33 0x0007d602 in ws_eapol_pdu_mpx_data_indication () #34 0x00080f2e in ws_llc_mac_indication_cb.lto_priv () #35 0x000a8df6 in mac_mcps_sap_data_tasklet.lto_priv () #36 0x000ae3f8 in event_loop_thread.lto_priv () #37 0x000414c0 in xEventGroupSetBitsFromISR (xEventGroup=<optimized out>, uxBitsToSet=<optimized out>, pxHigherPriorityTaskWoken=<optimized out>) at build/3pp/freertos/FreeRTOS/Source/event_groups.c:724 Backtrace stopped: previous frame identical to this frame (corrupt stack?) (gdb) (gdb) I see a crash while my node is trying to authenticate using EAP-TLS to a gateway. I am able to consistently reproduce observe this issue. Is this something that has been already solved or is seen by anybody ? Any inputs on this will help. With regards, Ajay.

2 years, 2 months

2
1
0 0

2025

2024

2023

2022

2021

2020