- mbed-tls - lists.trustedfirmware.org

by Christie Su

Hi, Is there anyone who can tell me how to send the question related to MbedTLS? Which forum can I sign in? Thanks, Christie -----Original Message----- From: mbed-tls-request(a)lists.trustedfirmware.org <mbed-tls-request(a)lists.trustedfirmware.org> Sent: April-25-22 8:00 PM To: mbed-tls(a)lists.trustedfirmware.org Subject: mbed-tls Digest, Vol 26, Issue 5 Send mbed-tls mailing list submissions to mbed-tls(a)lists.trustedfirmware.org To subscribe or unsubscribe via email, send a message with subject or body 'help' to mbed-tls-request(a)lists.trustedfirmware.org You can reach the person managing the list at mbed-tls-owner(a)lists.trustedfirmware.org When replying, please edit your Subject line so it is more specific than "Re: Contents of mbed-tls digest..." Today's Topics: 1. misc. questions (Frank Bergmann) ---------------------------------------------------------------------- Message: 1 Date: Mon, 25 Apr 2022 12:47:07 +0200 From: Frank Bergmann <mbedtls(a)tuxad.com> Subject: [mbed-tls] misc. questions To: mbed-tls(a)lists.trustedfirmware.org Message-ID: <20220425104707.GA3579(a)treferpol.tuxad.net> Content-Type: text/plain; charset=us-ascii Hi all, I have some questions. 1) If you have an established TLS connection (mbed TLS 3.x) and while the connection is up the (server-) certificate expires: Will the connection stay up? Or is a new handshake (with valid cert) REQUIRED? 2) Related to question 1: CAN mbed TLS switch to a new cert on an existing TLS connection? (e.g. by doing another handshake from server OR client side) 3) With 3.x some struct members are now "private". Even if you can allow private access by a define it would be better to use a getter. But for ssl context's "state" I am missing this and also for "p_bio" (to access fd). Is there a chance to get this implemented? BTW - a big "LIKE" for 3.x! I really appreciate the changes. Thank you! kind regards, Frank ------------------------------ Subject: Digest Footer mbed-tls mailing list -- mbed-tls(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave(a)lists.trustedfirmware.org ------------------------------ End of mbed-tls Digest, Vol 26, Issue 5 ***************************************

3 years, 11 months

1
0
0 0

Reminder: MBed TLS Technical Forum - Asia

by don.harbin＠linaro.org

Hi All, A gentle reminder that the Asia-Europe timezone-friendly MBest TLS Tech forum is next Monday. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Title: MBed TLS Technical Forum - Asia Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum - Asia Time: Nov 8, 2021 10:00 AM London Every 4 weeks on Mon, 20 occurrence(s) Nov 8, 2021 10:00 AM Dec 6, 2021 10:00 AM Jan 3, 2022 10:00 AM Jan 31, 2022 10:00 AM Feb 28, 2022 10:00 AM Mar 28, 2022 10:00 AM Apr 25, 2022 10:00 AM May 23, 2022 10:00 AM Jun 20, 2022 10:00 AM Jul 18, 2022 10:00 AM Aug 15, 2022 10:00 AM Sep 12, 2022 10:00 AM Oct 10, 2022 10:00 AM Nov 7, 2022 10:00 AM Dec 5, 2022 10:00 AM Jan 2, 2023 10:00 AM Jan 30, 2023 10:00 AM Feb 27, 2023 10:00 AM Mar 27, 2023 10:00 AM Apr 24, 2023 10:00 AM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJ0kc-GsqDktHNGa8CWl6wJ7je6CKD-5zgh8/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt When: Mon Apr 25, 2022 2am – 2:50am Mountain Standard Time - Phoenix Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org * nnac123(a)gmail.com * santosdanillo(a)gmail.com * schoenle.thomas(a)googlemail.com

3 years, 11 months

1
0
0 0

Mbed tls handshake returns –x7200

by arman_ilmak＠yahoo.com

Hey friends Im trying to do a secure connection between my stm32 board and server. I wrote the code based on GitHub - eziya/STM32F4_HAL_ETH_MBEDTLS: STM32 mbedTLS library testing (SSL/TLS client) that i found. My board is based on stm32h7 series. And im using google to test my app.(ip 142.250.74.196 port 443) This is the debug section: https://aws1.discourse-cdn.com/standard17/uploads/mbed/original/2X/e/ee636c… How should i solve the problem?

3 years, 11 months

2
2
0 0

Issues with mbedtls_rsa_import_raw + mbedtls_rsa_pkcs1_verify

by m4D

Greetings! I'm having an issue while veryfing signature with imported RSA2048 public key, generated with Win7 CryptoAPI (PUBLICKEYBLOB) into latest mbedtls 2.28.x. The blob contains RSA modulus N (256 bytes) and public exponent E (4 bytes) - I do extract them succesfully, then provide into mbedtls_rsa_import_raw. It all goes smth. like this: u32 errval = mbedtls_rsa_init(ctx, MBEDTLS_RSA_PKCS_V15, 0); // errval == 0 here errval = mbedtls_rsa_import_raw(ctx, n, nlen, 0l, 0, 0l, 0, 0l, 0, e, elen); // errval == 0 here errval = mbedtls_rsa_complete(ctx); // errval == 0 here errval = mbedtls_rsa_check_pubkey(ctx); // errval == 0 here Then i ran: errval = mbedtls_rsa_pkcs1_verify(ctx, 0l, 0l, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA512, 0, _src, _sign); and get -0x4380 (verify failed) _src - is sha512 hash of data to be verified (64 bytes) _sign - is 256 bytes of signature, provided by win7 cryptoapi P.S. just in case, i did tried messing with endianess in every way for e AND n, it didn't help. I added a little debugging inside library/rsa.cpp, turned out we do call mbedtls_rsa_rsassa_pkcs1_v15_verify, and there is a memcmp between 'encoded' and 'encoded_expected' bufs. 'encoded' is derived from signature (_sign), and 'encoded_expected' is derived from hash (_src) printhex for 'encoded' looks like this: 1a1da83b 14be17a2 c8401d41 1d453909 ... total 16 lines (256 bytes) ... 7fb37ea2 719a5562 aebdb3ed 296e0ed1 but printhex for 'encoded_expected' looks like this: ffff0100 ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ... wtf??? padding ??? ... ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff ffffffff 30513000 6009060d 65014886 03020403 40040005 b190b45a a40b354f 32271b34 f022abd3 ... sha512-derived data here, 64 bytes 557abf2b e2cc4e0f 0b77bdfc b45688b0 So, there is no way these two bufs match. I wonded if there is some issue in parsing _sign, or I didn't prepared input data good enough. Any ideas? B.R., m4D.

3 years, 12 months

1
0
0 0

How to verify in a server that session cache resumption was used for a given connection

by eoin.mcmahon.dev＠gmail.com

I am trying to modify the dtls_server.c example to keep track of whether session caching was used for a given connection. Ideally I would have an interget value i.e `session_resumed = #1 or 0` One way I tried to do this was by reading the value of the mbedtls_ssl_context struct `ssl`: ``` /* * 5. Handshake */ do ret = mbedtls_ssl_handshake( &ssl ); while( ret == MBEDTLS_ERR_SSL_WANT_READ || ret == MBEDTLS_ERR_SSL_WANT_WRITE ); if( ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED ) { printf( " hello verification requested\n" ); ret = 0; goto reset; } else if( ret != 0 ) { printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); goto reset; } printf( " session cache status: %d\n", ssl.handshake.resume ); ``` The issue with this is that the ssl struct is set to private, so the code fails to compile with the error: 'struct mbedtls_ssl_context' has no member named 'handshake' Can somebody help me with some example code that would make this possible?

4 years

3
3
0 0

Mbed TLS GitHub migration

by Dave Rodgman

Hi all, Please note that in the next couple of weeks, we will migrate Mbed TLS to a new GitHub organisation. Your existing scripts, links etc for accessing Mbed TLS on GitHub should not be affected. This will change the url from https://github.com/ARMmbed/mbedtls to https://github.com/Mbed-TLS/mbedtls . GitHub will redirect any accesses to the old URL for the foreseeable future, but we would recommend updating your links once the migration is complete. All of the Mbed TLS repositories will migrate to this new organisation, i.e.: mbedtls mbedtls-docs mbedtls-test Thanks Dave Rodgman

4 years

1
1
0 0

ECDSA Help

by Deep Patel

Hello, mbedTLS has ECDSA module that takes Signature with ASN1 encoding as input mbedtls_pk_verify() The Signature I receive is without ASN1 encoded. Trying to find an implementation within mbedTLS that can add ASN1 to signature before I feed into the verify function. Any help ? [RF IDeas]<http://www.rfideas.com/> Deep Patel Sr. Embedded Software Engineer D: 224-333-2084 P: 847-870-1723 Ext 437 E: ddpatel(a)rfideas.com<mailto:ddpatel@rfideas.com> A: <https://www.rfideas.com/> 425 North Martingale Road, Suite 1680, Schaumburg, IL 60173 <https://www.rfideas.com/>

4 years

2
1
0 0

TrustedFirmware Code of Conduct

by Don Harbin

Hi All, Please find the link to the TrustedFirmware Community Code of Conduct here: https://developer.trustedfirmware.org/w/collaboration/community_guidelines/… Trusted Firmware has a very diverse and global developer community. It is important that we adhere to the code of conduct in all our interactions. For some of you all this may be new and for others just a gentle reminder. In either case, if you have any questions, please feel free to reach out to me directly. And thanks to you all for your contributions to the TrustedFirmware community! Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

4 years

1
0
0 0

Official release with mutual authentication support

by Tove Rumar

Hello! Is there a time plan for when there will be an official release with TLS 1.3 (Client) that supports mutual authentication? Kind Regards Tove Rumar Software Engineer u-blox Malmo Östra Varvsgatan 4 SE- Malmö www.u-blox.com<https://www.u-blox.com> Reliable. Smart. Secure.

4 years

1
0
0 0

AES Memory Leak

by Subramanian Gopi Krishnan

Hi, I have developed a program to send encrypted data continuously. The program is working fine for few hours. After 6 to 8 Hrs, I get returned MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180 Do I need to free the gcm context for every time I send data? What would be the root cause. #define AEAD_KEY_SIZE (32) /**< AEAD Key Size(in bytes). */ #define AEAD_IV_SIZE (12) /**< AEAD IV Size(in bytes). */ #define AEAD_AD_SIZE (16) /**< AEAD AAD Size(in bytes). */ #define AEAD_TAG_SIZE (16) /**< AEAD Tag Size(in bytes). */ #define AEAD_ID_SIZE (4) /**< AEAD Tag Size(in bytes). */ #define MAX_CIPHER_SIZE (2048)/**< AEAD Cipher/Plaintext Segent Size unoperation(in bytes). */ typedef struct { mbedtls_gcm_context CtxAead; /**< aes-gcm 3rd party library context */ uint8_t pu8Key[AEAD_KEY_SIZE]; /**< Key - Randomly Generated */ uint8_t pu8InitVector[AEAD_IV_SIZE]; /**< Randomly Generated */ uint8_t pu8AddData[AEAD_AD_SIZE]; /**< Additional Associated Data - md5sum() */ uint8_t pu8Tag[AEAD_TAG_SIZE]; /**< Hold Digest/Tag of encryped data */ uint8_t pu8Id[AEAD_ID_SIZE]; /**< KeyID is generated */ uint8_t pu8Data[MAX_CIPHER_SIZE]; /**< Buffer to hold plain-text after decipher */ uint8_t pu8Cipher[MAX_CIPHER_SIZE]; /**< Buffer to hold cipher-text after cipher */ uint16_t u16Length; /**< Current length of buffer to encrypt/decrypt */ }S_Aead; int32_t i32Aead_EncryptionCycle(S_Aead *ctx ,uint8_t *pu8AddData, uint16_t u16Length ) { int32_t i32Ret = 0; if(NULL == ctx) { return (NULL_AEAD_CTX); } /* Initilaze GCM Context **/ mbedtls_gcm_init ( &(ctx->CtxAead) ); /*SETTING ADDITIONAL DATA as MD5 of incoming data **/ if( AEAD_AD_SIZE < u16Length ) { return (ERROR_INPUT_BUFFER_TOO_LONG); } memset( ctx->pu8AddData, 0x00, AEAD_AD_SIZE ); i32Ret = mbedtls_md5_ret(pu8AddData, u16Length, ctx->pu8AddData); if (i32Ret) { return (i32Ret); } /* symetric key for testing */ memset( ctx->pu8Key, 0xAB, AEAD_KEY_SIZE ) /* Setting the key */ if( i32Ret = mbedtls_gcm_setkey ( &(ctx->CtxAead), MBEDTLS_CIPHER_ID_AES, ctx->pu8Key, AEAD_KEY_SIZE*OCTETS ) ) { return (i32Ret); } while(1) { /* OS Wait for 1000ms for data to get ready */ if( OS_WaitSingleEventTimed( TX_DATA_BUFFER_READY, WAIT_1000MS ) ) { if( ctx->u16Length == 0 ) { /* No data ready for sending (or) timed-out */; continue; } /* New Initial Vector */ if( i32Ret = i32NewRandomByte( ctx->pu8InitVector, AEAD_IV_SIZE, "AEAD_NEW_IV_GENERATION" ) ) { return(i32Ret); } ctx->u16Length = u16Length; if( i32Ret = mbedtls_gcm_crypt_and_tag( &(ctx->CtxAead), MBEDTLS_GCM_ENCRYPT, ctx->u16Length, ctx->pu8InitVector, AEAD_IV_SIZE, ctx->pu8AddData, AEAD_AD_SIZE, ctx->pu8Data, ctx->pu8Cipher, AEAD_TAG_SIZE, ctx->pu8Tag)) { return(i32Ret); } if( ctx->u16Length == send_data(ctx->pu8Cipher, ctx->u16Length) ) { /* tx success*/ memset( ctx->pu8Data, 0x00, ctx->u16Length ); memset( ctx->pu8Cipher, 0x00, ctx->u16Length ); ctx->u16Length = 0; } } } /* Free GCM Context */ mbedtls_gcm_free( &(ctx->CtxAead) ); /* Reset context memory */ memset(ctx, 0, sizeof(S_Aead)); }

4 years

1
0
0 0

MBed TLS Technical Forum - reminder

by Don Harbin

Hi All, A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum is next Monday. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

4 years

1
0
0 0

signature verification of ECC type

by Sunil Jain

Hello, we are using mbedTLS version 2.16. We are facing a problem in verifying the signed message for ECDSA type of algorithms. Do you have any sample code for this as given for the RSA type algorithm in rsa_verify.c. We have derived the R and S values and their length, but we are not sure which context to use to verify the signature. Please help urgently. -- Regards, Sunil Jain

4 years, 1 month

2
1
0 0

Re: How to verify in a server that session cache resumption was used for a given connection

by Eoin McMahon

Hi thanks for getting back to me, That's fine if it doesn't work in future releases, I will most likely stay on 3.0.0. Unfortunately when trying to add this line to the dtls_server example I get: error: dereferencing pointer to incomplete type 'mbedtls_ssl_handshake_params' {aka 'struct mbedtls_ssl_handshake_params'} int resumed = ssl.MBEDTLS_PRIVATE(handshake)->resume; ^~ my use case for this is to test a client's ability to connect to the server and use session caching, I want to essentially send messages to the server from a client, and have the server send a message back either 'session cache was used' or 'session cache was not used'.

4 years, 1 month

2
1
0 0

Realization TLS 1.2. in libiec61850

by kirilllatyshov99＠gmail.com

Good afternoon, I'm trying to implement TLS 1.2. for MMS using the library libiec61850. When a connection is established, the interaction is interrupted at the stage "Client Key Exchange". Also, when monitoring the interaction through wireshark, I see that an error is displayed at the "Certificate Request" stage. I use default certificates, the project is built through CMake on Windows and TLS 1.1. works flawlessly. In the file tls_mbedtls.c I changed only the values of the minimum and maximum versions to TLS 1.2. Thank you in advance for your response.

4 years, 1 month

1
0
0 0

Reminder: MBed TLS Technical Forum - Asia

by don.harbin＠linaro.org

Hi All, A gentle reminder that the Asia-Europe timezone-friendly MBest TLS Tech forum is next Monday. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Title: MBed TLS Technical Forum - Asia Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum - Asia Time: Nov 8, 2021 10:00 AM London Every 4 weeks on Mon, 20 occurrence(s) Nov 8, 2021 10:00 AM Dec 6, 2021 10:00 AM Jan 3, 2022 10:00 AM Jan 31, 2022 10:00 AM Feb 28, 2022 10:00 AM Mar 28, 2022 10:00 AM Apr 25, 2022 10:00 AM May 23, 2022 10:00 AM Jun 20, 2022 10:00 AM Jul 18, 2022 10:00 AM Aug 15, 2022 10:00 AM Sep 12, 2022 10:00 AM Oct 10, 2022 10:00 AM Nov 7, 2022 10:00 AM Dec 5, 2022 10:00 AM Jan 2, 2023 10:00 AM Jan 30, 2023 10:00 AM Feb 27, 2023 10:00 AM Mar 27, 2023 10:00 AM Apr 24, 2023 10:00 AM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJ0kc-GsqDktHNGa8CWl6wJ7je6CKD-5zgh8/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt When: Mon Feb 28, 2022 3am – 3:50am Mountain Standard Time - Phoenix Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org * nnac123(a)gmail.com * santosdanillo(a)gmail.com

4 years, 1 month

1
0
0 0

Re: ssl_server2 failed with mbedtls_ssl_handshake returned error -30976

by Dave Rodgman

Hi Dmitrij, (Please note, I've moved this question to the main Mbed TLS list as this is the right place for this kind of question). I've tested our example ssl_client2 against test.mosquitto.org, using a client certificate & key generated via https://test.mosquitto.org/ssl/index.php, and CA file from https://test.mosquitto.org/. This connects properly using the command line: ./ssl_client2 server_addr=test.mosquitto.org server_port=8884 ca_file=mosquitto.org.crt server_name=test.mosquitto.org crt_file=client.crt key_file=client.key Similarly, OpenSSL succeeds using the same certificates: openssl s_client -connect test.mosquitto.org:8884 -CAfile mosquitto.org.crt -servername test.mosquitto.org -cert client.crt -key client.key However, if I omit the client key (i.e. remove "-key client.key"), Mbed TLS fails in the manner you describe. It looks like you are not supplying the client key? Regards Dave Rodgman On 21/02/2022, 10:55, "Dmitrij Shabroff via Mbed-tls-announce via mbed-tls" <mbed-tls(a)lists.trustedfirmware.org> wrote: Good day Please answer my questions - there is very little literature on the topic. I do not know what to do. I have dealt with the message [2:40] issue. I did not enroll the user certificate using: if((ret = mbedtls_ssl_conf_own_cert(&conf, &clicert, &pkey))!= 0) and this certificate was not transmitted. Now I have taken it a step further, the certificate is successfully transferred and the server does not break the connection. I switched to TLS 1.3. ---------------------------------------------------------------------- But in your examples, I see the use of two certificates: mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); ret = mbedtls_ssl_conf_own_cert( &conf, &clicert, &pkey ) ) And also the key: ret = mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_cli_key, mbedtls_test_cli_key_len, NULL, 0, rng_get, &rng ); In my version, I only have a client certificate. I working with https://test.mosquitto.org/ Would you advise where to get the missing certificates and where to get the key for the mbedtls_pk_parse_key function? ---------------------------------------------------------------------- Now in both functions I use the same certificate and a PCA key from the example. I get a message: ..\Src\mbedTLS\library\ssl_msg.c:4645:got an alert message, type: [2:51] ..\Src\mbedTLS\library\ssl_msg.c:4653:is a fatal alert message (msg 51) ..\Src\mbedTLS\library\ssl_msg.c:3763:mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) ..\Src\mbedTLS\library\ssl_msg.c:4771:mbedtls_ssl_read_record() returned -30592 (-0x7780) Sincerely, Shabrov Dmitry >Понедельник, 7 февраля 2022, 16:28 +03:00 от B Mahesh via Mbed-tls-announce via mbed-tls <mbed-tls(a)lists.trustedfirmware.org>: > >Hi , > > > >*Problem description :* > > > >Trying to run example >https://github.com/ARMmbed/mbedtls/blob/master/programs/ssl/ssl_server2.c . > >Updated ssl_server2 port to listen on 7777 for incoming client request >,ssl_server2 >will be waiting for remote connection continuously. > >There was no client request for connection on this port, but still server >is getting some spurious connection request and goes for handshake and >fails with below error code. > > > >Error code: mbedtls_ssl_handshake returned error -30976 > > > > >*Steps to reproduce: =============* > > 1. start ssl_server2 program > 2. Monitor for ssl_server2 connection waiting , observe ssl_server2 will > accept spurious connection request and goes for handshake and fails >with above > mentioned error code. > > > >*Expected behavior:* >ssl_server2 wait for remote connection infinitely and connect to valid >client request and perform handshake every time. > > >*Actual behavior:* >Occasionally ssl_server2 will accept spurious connection request and goes >for handshake and fails with below error code. > > > >Error code: >mbedtls_ssl_handshake returned error -30976 on ssl_server2 > > > >*Analysis:* > >As per below logs what we understand is ssl_server2 will accept spurious >connection request and goes for handshake and fails with error code >-30796 ,MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO >on ssl_server2 side . > > > >Can you please help us to understand this behavior? > >What could be the reason for ssl_server2 to connect to a spurious >connection request?, as mentioned above there was no client request for >connection on this ssl_server2 port( 7777) . > >We have tried this on other SERVER_PORT as well . > > > >*Logs Snippet:* > >*==========* > > > >. Seeding the random number generator... ok > > . Loading the CA root certificate ... ok (0 skipped) > > . Loading the server cert. and key... ok > > . Bind on tcp://*:7777/ ... ok > > . Setting up the SSL/TLS structure... ok > > . Waiting for a remote connection ...ok > > . Performing the SSL/TLS handshake... failed > > ! mbedtls_ssl_handshake returned -0x7900 > > > >Last error was: -30976 - SSL - Processing of the ClientHello handshake >message failed > > > > . Waiting for a remote connection ... ok > > . Performing the SSL/TLS handshake... failed > > ! mbedtls_ssl_handshake returned -0x7900 > > > >Last error was: -30976 - SSL - Processing of the ClientHello handshake >message failed > > > > . Waiting for a remote connection ... ok > > . Performing the SSL/TLS handshake... failed > > ! mbedtls_ssl_handshake returned -0x7900 > > > >Last error was: -30976 - SSL - Processing of the ClientHello handshake >message failed > > > >Regards >Mahesh >-- >Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org >To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org >-- >mbed-tls mailing list -- mbed-tls(a)lists.trustedfirmware.org >To unsubscribe send an email to mbed-tls-leave(a)lists.trustedfirmware.org -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org -- mbed-tls mailing list -- mbed-tls(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave(a)lists.trustedfirmware.org

4 years, 1 month

2
1
0 0

TLS PSK display X.509 verified

by Subramanian Gopi Krishnan

Hi, I am evaluating TLS PSK capability on mbedlts-2.16.12 by running following command. I modified TLS client to have only PSK and removed all private key and certificate related code. However, the servier indicated x.509 verification ok. What is it? ./a.out ok . Performing the SSL/TLS handshake... ok [ Protocol is TLSv1.2 ] [ Ciphersuite is TLS-PSK-WITH-AES-128-GCM-SHA256 ] [ Record expansion is 29 ] . Closing the connection... done ./ssl_server2 psk="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" psk_list="Client_identity","AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256 . Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Loading the server cert. and key... ok . Bind on tcp://*:4433/ ... ok . Setting up the SSL/TLS structure... ok . Waiting for a remote connection ... ok . Performing the SSL/TLS handshake... ok [ Protocol is TLSv1.2 ] [ Ciphersuite is TLS-PSK-WITH-AES-128-GCM-SHA256 ] [ Record expansion is 29 ] [ Maximum fragment length is 16384 ] . Verifying peer X.509 certificate... ok < Read from client: 34 bytes read GET / HTTP/1.0 Extra-header: > Write to client: 144 bytes written in 1 fragments HTTP/1.0 200 OK Content-Type: text/html <h2>mbed TLS Test Server</h2> <p>Successful connection using: TLS-PSK-WITH-AES-128-GCM-SHA256</p> . Closing the connection... done . Waiting for a remote connection ... Thanks, Gopi Krishnan

4 years, 1 month

2
1
0 0

Re: TLS PSK display X.509 verified

by Hannes Tschofenig

Hi Gopi, When you say "I modified TLS client to have only PSK and removed all private key and certificate related code." did you set the C processor directives in the include/mbedtls/mbedtls_config.h file? To me it seems that you didn't do this and hence you still use the default configuration settings, which means that all PKI-related code is compiled into your binary. Ciao Hannes From: Subramanian Gopi Krishnan via mbed-tls <mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org>> Sent: Tuesday, February 22, 2022 12:15 PM To: mbed-tls(a)lists.trustedfirmware.org<mailto:mbed-tls@lists.trustedfirmware.org> Subject: [mbed-tls] TLS PSK display X.509 verified Hi, I am evaluating TLS PSK capability on mbedlts-2.16.12 by running following command. I modified TLS client to have only PSK and removed all private key and certificate related code. However, the servier indicated x.509 verification ok. What is it? ./a.out ok . Performing the SSL/TLS handshake... ok [ Protocol is TLSv1.2 ] [ Ciphersuite is TLS-PSK-WITH-AES-128-GCM-SHA256 ] [ Record expansion is 29 ] . Closing the connection... done ./ssl_server2 psk="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" psk_list="Client_identity","AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" force_ciphersuite=TLS-PSK-WITH-AES-128-GCM-SHA256 . Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Loading the server cert. and key... ok . Bind on tcp://*:4433/ ... ok . Setting up the SSL/TLS structure... ok . Waiting for a remote connection ... ok . Performing the SSL/TLS handshake... ok [ Protocol is TLSv1.2 ] [ Ciphersuite is TLS-PSK-WITH-AES-128-GCM-SHA256 ] [ Record expansion is 29 ] [ Maximum fragment length is 16384 ] . Verifying peer X.509 certificate... ok < Read from client: 34 bytes read GET / HTTP/1.0 Extra-header: > Write to client: 144 bytes written in 1 fragments HTTP/1.0 200 OK Content-Type: text/html <h2>mbed TLS Test Server</h2> <p>Successful connection using: TLS-PSK-WITH-AES-128-GCM-SHA256</p> . Closing the connection... done . Waiting for a remote connection ... Thanks, Gopi Krishnan

4 years, 1 month

1
0
0 0

[Mbed-tls-announce] ssl_server2 failed with mbedtls_ssl_handshake returned error -30976

by B Mahesh via Mbed-tls-announce

Hi , *Problem description :* Trying to run example https://github.com/ARMmbed/mbedtls/blob/master/programs/ssl/ssl_server2.c . Updated ssl_server2 port to listen on 7777 for incoming client request ,ssl_server2 will be waiting for remote connection continuously. There was no client request for connection on this port, but still server is getting some spurious connection request and goes for handshake and fails with below error code. Error code: mbedtls_ssl_handshake returned error -30976 *Steps to reproduce: =============* 1. start ssl_server2 program 2. Monitor for ssl_server2 connection waiting , observe ssl_server2 will accept spurious connection request and goes for handshake and fails with above mentioned error code. *Expected behavior:* ssl_server2 wait for remote connection infinitely and connect to valid client request and perform handshake every time. *Actual behavior:* Occasionally ssl_server2 will accept spurious connection request and goes for handshake and fails with below error code. Error code: mbedtls_ssl_handshake returned error -30976 on ssl_server2 *Analysis:* As per below logs what we understand is ssl_server2 will accept spurious connection request and goes for handshake and fails with error code -30796 ,MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO on ssl_server2 side . Can you please help us to understand this behavior? What could be the reason for ssl_server2 to connect to a spurious connection request?, as mentioned above there was no client request for connection on this ssl_server2 port( 7777) . We have tried this on other SERVER_PORT as well . *Logs Snippet:* *==========* . Seeding the random number generator... ok . Loading the CA root certificate ... ok (0 skipped) . Loading the server cert. and key... ok . Bind on tcp://*:7777/ ... ok . Setting up the SSL/TLS structure... ok . Waiting for a remote connection ...ok . Performing the SSL/TLS handshake... failed ! mbedtls_ssl_handshake returned -0x7900 Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed . Waiting for a remote connection ... ok . Performing the SSL/TLS handshake... failed ! mbedtls_ssl_handshake returned -0x7900 Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed . Waiting for a remote connection ... ok . Performing the SSL/TLS handshake... failed ! mbedtls_ssl_handshake returned -0x7900 Last error was: -30976 - SSL - Processing of the ClientHello handshake message failed Regards Mahesh -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org

4 years, 1 month

2
2
0 0

MBEDTLS_ERR_CIPHER_ALLOC_FAILED on Embedded Platform

by Subramanian Gopi Krishnan

Hi, I have ported mbedtls library on am embedded platform developed to encrypt / decrypt messages using AES GCM 256 key. After several hours of running, we are experiencing error MBEDTLS_ERR_CIPHER_ALLOC_FAILED 0x6180 and malloc functions fails as the heap seems to be piled-up. How could I is using correct free function and the actual allocated memory is freed? Thanks, Gopi Krishnan

4 years, 1 month

2
1
0 0

Tentative: MBed TLS Technical Forum

by Gergely Pintér

4 years, 1 month

1
0
0 0

Future crypto library features

by Hulshof, Robert

All, Not sure if this is the right audience (If it is not let me know if there is a better place to ask the following question) We have been looking at future security requirements for CPE devices, and we think that we need the following functionality that is currently not really available in the current crypto libraries. - Support for Quantum computing secure algorithms (Post Quantum of PQ algorithms) - Support for Hybrid keys ( PQ plus Classic algorithm), preferable in any configuration. - Modularized public key crypto algorithms implementation, to simplify adding new algorithms - Updating public key architecture to simplify off-loading private key operations to a Trusted Execution environment or other security HW. We initially looked at openssl, but found the openssl difficult to work with, so we decided to look at Mbedtls, which has a more lightweight design. We modified the mbedtls 'pkey' code to make it more modularized (building on the pkwrap design), and added to support for Hybrid keys, which was relatively easy to do. Updating the TLS library to support hybrid keys has however been a big challenge. The TLS code is very interwoven with the 'pkey' code, and seems to have almost unique implementation for each type of key, making it difficult to follow and modify. Adding support for other (PQ) algorithms within that design will be challenge. Before spending too much time on this we would like to know if there is an interest in the MBEDTLS community for a redesign of the code to support hybrid keys, PQ algorithms and modularized public key architecture. Thanks, Robert E-MAIL CONFIDENTIALITY NOTICE: The contents of this e-mail message and any attachments are intended solely for the addressee(s) and may contain confidential and/or legally privileged information. If you are not the intended recipient of this message or if this message has been addressed to you in error, please immediately alert the sender by reply e-mail and then delete this message and any attachments. If you are not the intended recipient, you are notified that any use, dissemination, distribution, copying, or storage of this message or any attachment is strictly prohibited.

4 years, 1 month

2
1
0 0

MBed TLS Technical Forum - reminder

by don.harbin＠linaro.org

Hi All, A gentle reminder that the US-Europe timezone-friendly MBest TLS Tech forum is next Monday. If you have any topics, please let Dave Rodgman know. :) Best regards, Don Title: MBed TLS Technical Forum Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y When: Mon Feb 14, 2022 9:30am – 10:30am Mountain Standard Time - Phoenix Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org * nnac123(a)gmail.com

4 years, 1 month

1
0
0 0

mbedTLS Question

by SHIRLEY Murray

Hello, I am evaluating the mbedTLS library and trying to create a build with Visual Studio 2010, but I am encountering errors. Below are the steps I have taken: 1. Downloaded "mbedtls-3.1.0.zip" and extracted the contents to my Windows 10 computer. 2. Run Visual Studio 2010 and open the solution "mbedTLS.sln" in the folder "mbedtls-3.1.0\visualc\VS2010". 3. Select the "mbedTLS" project and select "Rebuild Only mbedTLS". This is for the Release configuration targeting Win32. 4. During the build process multiple errors are encounter, which seem to be related to Visual Studio's limited C Compiler support. The build output is attached. Am I missing any steps for configuring the solution or project? I was under the impression that mbedTLS offered support for compiling with Visual Studio 2010? Any help that you can provide would be greatly appreciated. Best regards, Murray Shirley, P.Eng. MicroSurvey Software, Inc. (250) 707-0000 murray.shirley(a)microsurvey.com<mailto:murray.shirley@microsurvey.com>

4 years, 1 month

2
1
0 0

TLS Only for Data Authentication

by Subramanian Gopi Krishnan

Hi, I am developing TLS client and server for embedded systems. Considering the operational efficiency, it is sufficient to have data authentication. Is it possible to setup a TLS communication with data authentication and without encryption? Consider a PLC network, 1. Within physical secure zone. 2. Requires faster data transfer. 3. Data are not confidential, but must be cryptographically authenticated. Thanks, Gopi Krishnan

4 years, 2 months

2
1
0 0

Please, help me about Mbedtls_ssl_handshake return error -0x2700

by Dmitrij Shabroff

Hello. I am facing the issue of certificate verification error during handshake.The problem is described by me in the appropriate section of the forum. https://forums.mbed.com/t/mbedtls-failing-with-the-certificate-is-not-corre… Please help me figure it out - there is no one else to turn to. Sincerely, Shabrov Dmitry

4 years, 2 months

1
0
0 0

Does MbedTLS provide paid tech support?

by Tom Zhu

We are interested in whether there are paid supports from MbedTLS regarding optimization on some ARM MCUs. If so, whom should we contact? Thanks! Tom

4 years, 2 months

1
0
0 0

TLS 1.3 support

by Lukas Frei

Good morning, My team and me are starting a bigger project concerning object control on the rail. The security specifications shall use TLS version 1.3. I could read on some forums that you are actually working on it. Could I please get some information about the release date of it? If not provided soon we will be forced to switch to another library. Thanks a lot for your help. Best Regards, Lukas Frei Dipl. MSc Universität Bern und BFH in Biomedical Engineering Embedded Software Engineer CSA Engineering AG Hans Huber-Strasse 38 CH-4500 Solothurn Direkt +41 32 626 35 81 Telefon +41 32 626 35 55 Fax +41 32 626 35 50 mailto:lukas.frei@csa.ch https://www.csa.ch ________________________________ Confidentiality Note: This message is intended only for the use of the named recipient(s) and may contain confidential and/or privileged information. If you are not the/an intended recipient, please contact the sender and delete this message. Any unauthorized use of the information contained in this message is prohibited.

4 years, 2 months

2
1
0 0

Now Im subscribe

by Dmitrij Shabroff

Good afternoon. I am a microcontroller product designer. I ported MBED TLS to STM 32L471 microcontroller. While I do not understand how can I use the certificate. My customer gave me a certificate in the form of a center2m.com.cer file. The file contains the 3 fields: -----BEGIN CERTIFICATE----- MIIGVzCCBT+gAwIBAgIMEnU/ ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIET ... -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIDDX ... -----END CERTIFICATE----- tell me please, how to port my certificate to certs.c file. The question is which fields to insert where? Please help. No one can answer this question except you. Sincerely, development engineer, Shabrov Dmitrii

4 years, 2 months

2
3
0 0

Next MBed TLS Tech Forum - Monday

by Don Harbin

Hi All, This is a gentle reminder that the next MBed TLS Tech forum is next Monday @10am UK time. Reminders: - This is the "Asia timezone friendly" session, but the session recording and supporting content are archived here <https://www.trustedfirmware.org/meetings/mbed-tls-technical-forum/>. - Dial-in details can be found in the online calendar <https://www.trustedfirmware.org/meetings/>. If you click on this event in the calendar, it also provides the option to add it to your personal calendar if you wish If anyone has topics you would like to see added to the agenda, please share and Dave and the team will work to get these onto the agenda. Best regards, Don

4 years, 2 months

1
0
0 0

Tentative: MBed TLS Technical Forum - Asia

by Gergely Pintér

4 years, 2 months

1
0
0 0

mbedtls handshake error

by MATRIX 小牧

Hello. I'm sorry for the sudden email. I have a question about mbedtls. Currently, HTTPS communication is performed by mbedtls with a microcomputer called esp32-wroom-32d. The following error occurs when validating the root certificate. --------------------------------------------- mbedtls: ssl_tls.c: 5808 x509_verify_cert () returned -12288 (-0x3000) --------------------------------------------- I can't find out the details even if I check the error code. Changing the certificate will eliminate the error. It has been confirmed that the certificate is legitimate and can be used. [SecurityCommunicationRootCA1.pem] ---- Success [SecurityCommunicationRootCA2.pem] ---- Failure I would like to have any information. Sorry for the unfamiliar English. I look forward to working with you. Komaki

4 years, 2 months

1
0
0 0

Updated invitation: MBed TLS Technical Forum - Asia @ Every 4 weeks from 3am to 3:50am on Monday 17 times (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been changed. Title: MBed TLS Technical Forum - Asia Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum - Asia Time: Nov 8, 2021 10:00 AM London Every 4 weeks on Mon, 20 occurrence(s) Nov 8, 2021 10:00 AM Dec 6, 2021 10:00 AM Jan 3, 2022 10:00 AM Jan 31, 2022 10:00 AM Feb 28, 2022 10:00 AM Mar 28, 2022 10:00 AM Apr 25, 2022 10:00 AM May 23, 2022 10:00 AM Jun 20, 2022 10:00 AM Jul 18, 2022 10:00 AM Aug 15, 2022 10:00 AM Sep 12, 2022 10:00 AM Oct 10, 2022 10:00 AM Nov 7, 2022 10:00 AM Dec 5, 2022 10:00 AM Jan 2, 2023 10:00 AM Jan 30, 2023 10:00 AM Feb 27, 2023 10:00 AM Mar 27, 2023 10:00 AM Apr 24, 2023 10:00 AM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJ0kc-GsqDktHNGa8CWl6wJ7je6CKD-5zgh8/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt When: Every 4 weeks from 3am to 3:50am on Monday 17 times Mountain Standard Time - Phoenix Calendar: mbed-tls(a)lists.trustedfirmware.org Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org * nnac123(a)gmail.com * santosdanillo(a)gmail.com Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=MmU4dm1iNzJ0dmV1… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account mbed-tls(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

4 years, 2 months

1
0
0 0

Updated invitation: MBed TLS Technical Forum @ Every 4 weeks from 9:30am to 10:30am on Monday 17 times (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

This event has been changed. Title: MBed TLS Technical Forum Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y When: Every 4 weeks from 9:30am to 10:30am on Monday 17 times Mountain Standard Time - Phoenix Calendar: mbed-tls(a)lists.trustedfirmware.org Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org * nnac123(a)gmail.com Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=NWdhMWpuZ2ZpdWNp… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account mbed-tls(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

4 years, 2 months

1
0
0 0

Entropy PSA Crypto driver support

by François Beerten

Hi everyone, The PSA Crypto Driver Interface describes entry points for collecting entropy from drivers: |psa_status_t acme_get_entropy(uint32_t flags, size_t *estimate_bits, uint8_t *output, size_t output_size);| Currently, MbedTLS does not have any kind of support for those PSA driver entry points. I'm currently looking at trying to add initial support for those in the code. The idea is to write a very simple solution to get the ball rolling and that can be extended and improved later on. Is there interest for a patch to add this? There are different ways to integrate it into the current MbedTLS code. Do you already have plans or ideas on how it should be done? After multiple attempts locally, I've came up with an approach that can work well. Like for other PSA Crypto drivers, the entropy entry points would be listed in the generated "psa_crypto_driver_wrappers.c" file. Those entry points can then be used by a sub-function of mbedtls_entropy_gather(). What do you think of that approach? Best regards, François.

4 years, 2 months

2
1
0 0

Re: License conflict with OpenVPN

by Dave Rodgman

Hi Max, Unfortunately, it would not be possible for us to re-license the project to GPLv2 - this would require agreement with all copyright holders of code contributed to Mbed TLS 2.17, which isn't feasible. For this reason I'm afraid we cannot offer an exception for individual projects. Regards Dave Rodgman On 13/01/2022, 10:28, "Maximilian Fillinger via mbed-tls" <mbed-tls(a)lists.trustedfirmware.org> wrote: Hello! OpenVPN can be compiled with OpenSSL or mbedtls. However, OpenVPN is licensed under GPLv2 only. If I understand correctly, that means it is not legal to distribute binaries of OpenVPN that are linked with mbedtls 2.17 or later. At Fox Crypto, we produce a hardened version of OpenVPN, called OpenVPN-NL, for use by the Dutch government, which uses mbedtls. (The latest release is rather old and still uses 2.16.) Is there anyone I could ask about making an exception for linking OpenVPN with mbedtls? Regards, Max Fillinger -- mbed-tls mailing list -- mbed-tls(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-leave(a)lists.trustedfirmware.org

4 years, 2 months

1
0
0 0

Invitation: MBed TLS Technical Forum - Asia @ Every 4 weeks from 3am to 3:50am on Monday 17 times (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

You have been invited to the following event. Title: MBed TLS Technical Forum - Asia Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum - Asia Time: Nov 8, 2021 10:00 AM London Every 4 weeks on Mon, 20 occurrence(s) Nov 8, 2021 10:00 AM Dec 6, 2021 10:00 AM Jan 3, 2022 10:00 AM Jan 31, 2022 10:00 AM Feb 28, 2022 10:00 AM Mar 28, 2022 10:00 AM Apr 25, 2022 10:00 AM May 23, 2022 10:00 AM Jun 20, 2022 10:00 AM Jul 18, 2022 10:00 AM Aug 15, 2022 10:00 AM Sep 12, 2022 10:00 AM Oct 10, 2022 10:00 AM Nov 7, 2022 10:00 AM Dec 5, 2022 10:00 AM Jan 2, 2023 10:00 AM Jan 30, 2023 10:00 AM Feb 27, 2023 10:00 AM Mar 27, 2023 10:00 AM Apr 24, 2023 10:00 AM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJ0kc-GsqDktHNGa8CWl6wJ7je6CKD-5zgh8/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt When: Every 4 weeks from 3am to 3:50am on Monday 17 times Mountain Standard Time - Phoenix Joining info: Join with Google Meet https://meet.google.com/fwh-srqw-rgf?hs=224 Join by phone (US) +1 304-397-0314 (PIN: 358348986) More phone numbers: https://tel.meet/fwh-srqw-rgf?pin=6539665554630&hs=0 Calendar: mbed-tls(a)lists.trustedfirmware.org Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=MmU4dm1iNzJ0dmV1… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account mbed-tls(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

4 years, 2 months

1
0
0 0

Invitation: MBed TLS Technical Forum @ Every 4 weeks from 9:30am to 10:30am on Monday 17 times (MST) (mbed-tls@lists.trustedfirmware.org)

by don.harbin＠linaro.org

You have been invited to the following event. Title: MBed TLS Technical Forum Trusted Firmware is inviting you to a scheduled Zoom meeting. Topic: MBed TLS Technical Forum Time: Oct 25, 2021 04:30 PM London Every 4 weeks on Mon, 20 occurrence(s) Oct 25, 2021 04:30 PM Nov 22, 2021 04:30 PM Dec 20, 2021 04:30 PM Jan 17, 2022 04:30 PM Feb 14, 2022 04:30 PM Mar 14, 2022 04:30 PM Apr 11, 2022 04:30 PM May 9, 2022 04:30 PM Jun 6, 2022 04:30 PM Jul 4, 2022 04:30 PM Aug 1, 2022 04:30 PM Aug 29, 2022 04:30 PM Sep 26, 2022 04:30 PM Oct 24, 2022 04:30 PM Nov 21, 2022 04:30 PM Dec 19, 2022 04:30 PM Jan 16, 2023 04:30 PM Feb 13, 2023 04:30 PM Mar 13, 2023 04:30 PM Apr 10, 2023 04:30 PM Please download and import the following iCalendar (.ics) files to your calendar system. Weekly: https://linaro-org.zoom.us/meeting/tJEkceuurT4sGdaksikbUn6FARB9Kuk3ac2o/ics… Join Zoom Meeting https://linaro-org.zoom.us/j/95962635632?pwd=STFkQVltejAzRDJ6NmoxZjhmZC9RUT… Meeting ID: 959 6263 5632 Passcode: 018366 One tap mobile +13462487799,,95962635632# US (Houston) +16699009128,,95962635632# US (San Jose) Dial by your location +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 253 215 8782 US (Tacoma) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) +1 301 715 8592 US (Washington DC) 877 853 5247 US Toll-free 888 788 0099 US Toll-free Meeting ID: 959 6263 5632 Find your local number: https://linaro-org.zoom.us/u/aewUpnQu5y When: Every 4 weeks from 9:30am to 10:30am on Monday 17 times Mountain Standard Time - Phoenix Joining info: Join with Google Meet https://meet.google.com/ofy-jxph-boy?hs=224 Join by phone (US) +1 704-705-7047 (PIN: 141276187) More phone numbers: https://tel.meet/ofy-jxph-boy?pin=3695767709143&hs=0 Calendar: mbed-tls(a)lists.trustedfirmware.org Who: * Don Harbin - creator * psa-crypto(a)lists.trustedfirmware.org * mbed-tls(a)lists.trustedfirmware.org Event details: https://calendar.google.com/calendar/event?action=VIEW&eid=NWdhMWpuZ2ZpdWNp… Invitation from Google Calendar: https://calendar.google.com/calendar/ You are receiving this courtesy email at the account mbed-tls(a)lists.trustedfirmware.org because you are an attendee of this event. To stop receiving future updates for this event, decline this event. Alternatively you can sign up for a Google account at https://calendar.google.com/calendar/ and control your notification settings for your entire calendar. Forwarding this invitation could allow any recipient to send a response to the organizer and be added to the guest list, or invite others regardless of their own invitation status, or to modify your RSVP. Learn more at https://support.google.com/calendar/answer/37135#forwarding

4 years, 2 months

1
0
0 0

Adding lists to the MBed TLS Tech Forum invite

by Don Harbin

Hi All, FYI, per Shebu, I'm adding both mbed-tls(a)lists.trustedfirmware.org and psa-crypto(a)lists.trustedfirmware.org to the MBed TLS Tech Forum invites. Please look for this in your inbox and accept it if you would like the series added to your calendar. - Note that this is a monthly meeting but you will see two invites, one that is for Asia timezones and one for Europe/US. Just delete the series that isn't timezone friendly for you. - FYI, recall that this and other tech forums can be found in the meeting calendar on the TF website <https://www.trustedfirmware.org/meetings/>. If you see a meeting in that calendar, click on the entry and an option comes up saying "copy to my calendar." It will import that single instance into your personal calendar from there if you wish. I wasn't able to test this feature with outlook, but it worked fine for google calendar. Please let me know if you have any questions. Best regards, Don Harbin TrustedFirmware Community Manager don.harbin(a)linaro.org

4 years, 2 months

1
0
0 0

License conflict with OpenVPN

by Maximilian Fillinger

Hello! OpenVPN can be compiled with OpenSSL or mbedtls. However, OpenVPN is licensed under GPLv2 only. If I understand correctly, that means it is not legal to distribute binaries of OpenVPN that are linked with mbedtls 2.17 or later. At Fox Crypto, we produce a hardened version of OpenVPN, called OpenVPN-NL, for use by the Dutch government, which uses mbedtls. (The latest release is rather old and still uses 2.16.) Is there anyone I could ask about making an exception for linking OpenVPN with mbedtls? Regards, Max Fillinger

4 years, 2 months

1
0
0 0

Tinycrypt performance & integration

by andrei.menzopol＠nxp.com

Hello, I want to test/analyze the performance increase of using tinycrypt for ECC operations instead of the standard MbedTLS ECC functions. Could you please help me with a few answers regarding this? I am aware that tinycrypt is already integrated in the baremetal branch. Do you happen to know what is the performance increase of using this tinycrypt uECC implementation instead of the standard one on arm cortex m4 microcontrollers? I would like to port the tinycrypt uECC changes from baremetal branch to a Mbed TLS 2.25.0 version used in Matter repo (from where Mbed TLS repo is refered), more exactly this commit: https://github.com/ARMmbed/mbedtls/tree/1c54b5410fd48d6bcada97e30cac417c5c7… What do you think is the best approach? I thought of forking Mbed TLS, creating a separate branch with that commit and adding there the tinycrypt changes from baremetal branch. However, I'm not sure how to proceed next since the Matter repo refers the MbedTLS repo. Is this approach ok? Thank you!

4 years, 2 months

1
0
0 0

EC and FF checks support

by Thomas Fossati

Hi all, Does mbedTLS implement any of the checks in NIST SP 800 56Ar3? (In particular, I am interested in those defined in Section 5.6.2 [1]?) Thanks, cheers! [1] https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-56Ar3.pdf…

4 years, 3 months

1
0
0 0

request to unsubscribe from this mailing list

by Innocenti, Michele

Hi, I have completed my job on these topics so I would like to unsubscribe from this mailing list, can you help me? Thank you! Michele [cid:image001.png@01D7FCCB.D711FD40] Hillrom is now a part of Baxter Michele Innocenti Sr Principal Engineer, SW Eng Gambro Dasco S.p.A. Via Modenese 66 / 41036 Medolla, Modena, Italy T. +39 0535.50578 michele_innocenti(a)baxter.com<mailto:michele_innocenti@baxter.com>

4 years, 3 months

3
2
0 0

Side by side installation of mbedtls 2.x and mbedtls 3.x

by Fabrice Fontaine

Dear all, mbedtls 3.x is incompatible with mbedtls 2.x so the transition of all the packages using mbedtls will take a long time. However, from my understanding, it is not possible to install both versions side by side as a lot of headers are common to both versions and installed in include/mbedtls. This fact is raising concern on buildroot side, see: https://patchwork.ozlabs.org/project/buildroot/patch/20211228153345.4087026… Can you confirm that a side-by-side installation of both mbedtls versions is not possible and/or can you share some inputs on this topic? Best Regards, Fabrice

4 years, 3 months

2
1
0 0

Mbed TLS releases: 2.16.12, 2.28.0, 3.1.0

by Dave Rodgman

Hi, We are pleased to announce the release of Mbed TLS 2.16.12, 2.28.0 and 3.1.0. These releases of Mbed TLS address several security issues, provide bug fixes, and new features, including initial support for TLS 1.3 in Mbed TLS 3.1.0. Full details are available in the release notes (https://github.com/ARMmbed/mbedtls/releases/tag/v3.1.0, https://github.com/ARMmbed/mbedtls/releases/tag/v2.28.0, https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.12). Mbed TLS 2.16.12 will be the last release in the 2.16 LTS; it will no longer be supported. Mbed TLS 2.28 is the new long-term support release, and will be supported with bug-fixes and security fixes until end of 2024. We recommend all users to consider whether they are impacted, and to upgrade appropriately. Dave Rodgman

4 years, 3 months

1
0
0 0

Commercial Support Request

by Felix Knorr

Dear MBedTLS-Team, we are currently evaluating MBedTLS for use in our Product. We develop an implant for blood pressure patients, and our implant and its charger need to communicate securely. We already have an AES encrypted communication running, but so far we just store the password in every device, and we would like to switch to RSA to exchange an AES key. It would also be important for us to be able to validate an x509 certificate on the implant. However, due to energy constraints, our internal flash memory on the implant is extremely small, and we would like to not parse the certificate on the implant, but rather send only the key and the signature directly, and then "validate by hand" on the implant. If I understand the procedure correctly, that would only involve taking a hash of the pubkey, decrypting the signature with a stored CA-public key, and compare them, correct? Would that be possible? Besides normal support during our implementation phase, we would be interested in being informed whenever a vulnerability is found in MBedTLS and a fast update. Do you offer such a service? If so, what will it cost? Kind Rergards, Felix Knorr -- Mit freundlichen Grüßen neuroloop GmbH i.A. Felix Knorr Senior Software Developer -------------------------------------- neuroloop GmbH Engesserstr. 4, 79108 Freiburg, Germany Amtsgericht Freiburg HRB 713935 Geschäftsführer: Dr. Michael Lauk, Dr. Dennis Plachta The information contained in this communication is confidential, may be attorney-client privileged, may constitute inside information, and is intended only for the use of the addressee. It is the property of the company of the sender of this e-mail. Unauthorized use, disclosure, or copying of this communication or any part thereof is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by return e-mail and destroy this communication and all copies thereof, including all attachments.

4 years, 3 months

2
1
0 0

mbedtls communication issue - handshake error -0x50 - NET - Connection was reset by pee

by Alugoju, Shailaja

Hi, I am trying to encrypt data on my rabbitmq communication. On the rabbitmq server end I am using the openssl and on the client end I cant use openssl but I can use mbedtls. I am using mbedtls-2.26.0 version in my rabbimq-c client . The certificate is generated via https://github.com/michaelklishin/tls-gen The certificate is valid and has no issue because the communication works fine when I use the ssl_client2 and ssl_server2 applications from the mbedtls-2.26.0\programs. The communication works fine when I use the rabbitmq openssl client and openssl server. But when I try to use the rabbitmq openssl server and ssl_client2 from mbedtls-2.26.0\programs the connection is reset. I think it’s a config issue but I am not able to figure out the solution or the rootcause. I am not sure if I can use mbedtls client with openssl server. Could you please help me in this. Below is the log from wireshark. Attached is the log from sslclient2 program. After the certificate is verified the broker resets the connection TCP 60271 → 5671 [SYN] Seq=0 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM=1 TCP 5671 → 60271 [SYN, ACK] Seq=0 Ack=1 Win=65535 Len=0 MSS=65475 WS=256 SACK_PERM=1 TCP 60271 → 5671 [ACK] Seq=1 Ack=1 Win=2618880 Len=0 TLSv1.2 Client Hello TCP 5671 → 60271 [ACK] Seq=1 Ack=305 Win=2618880 Len=0 TLSv1.2 Server Hello, Certificate, Server Key Exchange, Certificate Request, Server Hello Done TCP 60271 → 5671 [ACK] Seq=305 Ack=1976 Win=2616832 Len=0 TLSv1.2 Certificate TCP 5671 → 60271 [ACK] Seq=1976 Ack=945 Win=2618112 Len=0 TLSv1.2 Client Key Exchange TCP 5671 → 60271 [ACK] Seq=1976 Ack=1088 Win=2618112 Len=0 TLSv1.2 Certificate Verify TCP 5671 → 60271 [ACK] Seq=1976 Ack=1173 Win=2618112 Len=0 TLSv1.2 Change Cipher Spec TCP 5671 → 60271 [ACK] Seq=1976 Ack=1179 Win=2618112 Len=0 TLSv1.2 Encrypted Handshake Message TCP 5671 → 60271 [ACK] Seq=1976 Ack=1216 Win=2617856 Len=0 TLSv1.2 Change Cipher Spec, Encrypted Handshake Message TCP 60271 → 5671 [ACK] Seq=1216 Ack=2019 Win=2616832 Len=0 TLSv1.2 Application Data TCP 5671 → 60271 [ACK] Seq=2019 Ack=1245 Win=2617856 Len=0 TLSv1.2 Application Data TCP 60271 → 5671 [ACK] Seq=1245 Ack=2048 Win=2616832 Len=0 TLSv1.2 Encrypted Alert TCP 60271 → 5671 [ACK] Seq=1245 Ack=2071 Win=2616832 Len=0 TCP 5671 → 60271 [RST, ACK] Seq=2071 Ack=1245 Win=0 Len=0 Thanks, Shailaja

4 years, 4 months

1
0
0 0

Mbed TLS Tech Forum

by Dave Rodgman

Hi, On Monday at 10am UK time, we will hold the Mbed TLS Tech Forum. This is an open forum conference call for anyone to participate; please reply here if there are any agenda topics you would like to raise. Zoom details are in the TF calendar: https://www.trustedfirmware.org/meetings/mbed-tls-technical-forum/ or see below Dave Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt

4 years, 4 months

3
4
0 0

Help troubleshooting mbedtls_pk_sign() returned -17280 (-0x4380)

by Martin Man

Hi guys, I have a mbetls based server client application (DTLS) written in Apple Swift language, wrapping the mbedtls C api, running just fine for many years now on iOS, Android, and Linux. We have been compiling the code with Swift 5.0, 5.1, 5.2, 5.3, 5.4 in both release and debug mode. Recently I just recompiled my code with Swift 5.5 in release mode, and my handshakes started failing on the Linux server with cryptic mbedtls_pk_sign() returned -17280 (-0x4380). When I take the same code and recompile in debug mode (-Onone) it works as expected. The same code compiled with Swift+C for iOS and macOS still works in both debug and release mode on both client/server. If I understand the compilation process correctly, the Swift Package Manager that we use to wrap mbedtls simply uses CMakeLists.txt to compile mbedtls and pick up the right flags. I am attaching excerpt from the log where the server part of the handshake fails (in release mode) and succeeds (in debug mode). I am certain this is probably caused by my code and how I wrap C mbedtls sources in Swift, but I can not yet rule out a bug in Swift/C compiler part for Linux which from time to time does have bugs related to code optimization. Could any good soul who understands the parts of the code below point me in the direction where to look and why would the mbedtls_pk_sign fail this way? What parts of the SSL context does it use? I will deep dive into the code to see whether this can be caused by memory corruption or anything else. It’s on LTS mbedtls-2.16.11. Could I run some tests to perhaps verify that mbedtls is compiled and working correctly? thanks for any help, Martin — failing handshake — Dec 7 15:54:53 ssl_srv.c:3296 => write server key exchange Dec 7 15:54:53 ssl_srv.c:3074 ECDHE curve: secp521r1 Dec 7 15:54:53 ssl_srv.c:3100 value of 'ECDH: Q(X)' (521 bits) is: Dec 7 15:54:53 ssl_srv.c:3100 01 d0 5f 4a fa 12 f8 46 75 fb 3e 38 db ba 88 ff Dec 7 15:54:53 ssl_srv.c:3100 73 72 79 78 21 dd 9f ac ac 02 db e7 7e 91 6e 5c Dec 7 15:54:53 ssl_srv.c:3100 06 ed 77 19 42 f1 11 6a f5 75 04 20 d8 51 50 a5 Dec 7 15:54:53 ssl_srv.c:3100 8f 5a 3d 8c b3 c0 15 df cc d7 5b e5 eb 04 2e b6 Dec 7 15:54:53 ssl_srv.c:3100 2f e7 Dec 7 15:54:53 ssl_srv.c:3100 value of 'ECDH: Q(Y)' (518 bits) is: Dec 7 15:54:53 ssl_srv.c:3100 26 c1 52 f0 b6 20 4c aa 53 7c aa 27 12 5f 72 7f Dec 7 15:54:53 ssl_srv.c:3100 11 ea a9 34 9a f5 ef 63 28 76 d8 52 4e 31 a3 13 Dec 7 15:54:53 ssl_srv.c:3100 52 a5 c9 52 5f 6b 41 b6 7e 47 0e 2a 68 c5 e5 80 Dec 7 15:54:53 ssl_srv.c:3100 14 27 ad aa 96 5b 89 41 55 5b d5 52 61 66 8c 06 Dec 7 15:54:53 ssl_srv.c:3100 4b Dec 7 15:54:53 ssl_srv.c:3163 pick hash algorithm 8 for signing Dec 7 15:54:53 ssl_srv.c:3201 dumping 'parameters hash' (64 bytes) Dec 7 15:54:53 ssl_srv.c:3201 0000: 55 c8 d2 5c 83 d8 6b e3 9f 9c b2 f4 e7 f7 4d 26 U..\..k.......M& Dec 7 15:54:53 ssl_srv.c:3201 0010: b4 ce c9 df c2 ae 7a 60 cb e8 02 13 d5 6d d8 ec ......z`.....m.. Dec 7 15:54:53 ssl_srv.c:3201 0020: 48 72 77 9f e2 69 4e f5 b4 1d db 9a 75 2a 5e c7 Hrw..iN.....u*^. Dec 7 15:54:53 ssl_srv.c:3201 0030: e1 1b 66 fc a6 ff 37 c6 6d 42 9b b3 cf 63 bb 0e ..f...7.mB...c.. Dec 7 15:54:53 ssl_srv.c:3274 mbedtls_pk_sign() returned -17280 (-0x4380) Dec 7 15:54:53 ssl_tls.c:8219 <= handshake — successful handshake — Dec 7 16:13:52 ssl_srv.c:3296 => write server key exchange Dec 7 16:13:52 ssl_srv.c:3074 ECDHE curve: secp521r1 Dec 7 16:13:52 ssl_srv.c:3100 value of 'ECDH: Q(X)' (519 bits) is: Dec 7 16:13:52 ssl_srv.c:3100 52 5f 4e 78 48 bd be 6a e4 98 21 30 ce 1c ba 08 Dec 7 16:13:52 ssl_srv.c:3100 b7 ae 88 d3 ff c9 c4 a5 8c 13 1e 73 5b 1f 08 60 Dec 7 16:13:52 ssl_srv.c:3100 7c 51 a7 ec 91 54 d7 52 f3 55 6a 34 92 cf 92 e8 Dec 7 16:13:52 ssl_srv.c:3100 c8 39 33 5e d3 46 3d 89 e7 6d 8f 41 d9 e0 67 e6 Dec 7 16:13:52 ssl_srv.c:3100 7c Dec 7 16:13:52 ssl_srv.c:3100 value of 'ECDH: Q(Y)' (520 bits) is: Dec 7 16:13:52 ssl_srv.c:3100 87 48 29 20 93 8e f8 9a a9 54 70 26 58 79 9d 67 Dec 7 16:13:52 ssl_srv.c:3100 8c ec 0f 06 ae 73 13 40 72 58 fe c1 6e 14 b4 48 Dec 7 16:13:52 ssl_srv.c:3100 55 a1 27 74 9d 63 36 aa db 80 29 f8 ab 9c 64 ba Dec 7 16:13:52 ssl_srv.c:3100 f9 0a 19 af 9a 65 6f 02 96 c6 53 4d 49 4f b4 f5 Dec 7 16:13:52 ssl_srv.c:3100 46 Dec 7 16:13:52 ssl_srv.c:3163 pick hash algorithm 8 for signing Dec 7 16:13:52 ssl_srv.c:3201 dumping 'parameters hash' (64 bytes) Dec 7 16:13:52 ssl_srv.c:3201 0000: e1 65 f4 f0 a6 a3 67 7d 32 55 ed 2a 13 08 71 8a .e....g}2U.*..q. Dec 7 16:13:52 ssl_srv.c:3201 0010: 7e 13 f6 30 85 ed c3 c9 10 e8 b2 43 75 bc 6c 24 ~..0.......Cu.l$ Dec 7 16:13:52 ssl_srv.c:3201 0020: 8f fb d8 90 cb 53 7f 13 53 13 1b f4 eb bd 38 5c .....S..S.....8\ Dec 7 16:13:52 ssl_srv.c:3201 0030: ec 46 c2 0c a9 93 5b 60 5e 5d 81 f2 b3 b0 b5 a8 .F....[`^]...... Dec 7 16:13:52 ssl_srv.c:3361 dumping 'my signature' (256 bytes) Dec 7 16:13:52 ssl_srv.c:3361 0000: 7a a7 0f 17 79 33 36 b7 0c 17 84 5b cc ca 1c 0c z...y36....[.... Dec 7 16:13:52 ssl_srv.c:3361 0010: cb f5 56 80 ea 5d 7f cf ab 86 d5 f9 91 36 0e 68 ..V..].......6.h Dec 7 16:13:52 ssl_srv.c:3361 0020: 76 c6 c0 4b 77 bf 28 e7 b8 c0 a7 de ea d8 a0 30 v..Kw.(........0 Dec 7 16:13:52 ssl_srv.c:3361 0030: 3a b3 4e 24 ea e0 c8 0b e7 ad ba 4d 35 30 c0 39 :.N$.......M50.9 Dec 7 16:13:52 ssl_srv.c:3361 0040: a8 ff f0 6d 8f 28 db fc 5e c3 fb 21 fe 76 dd 07 ...m.(..^..!.v.. Dec 7 16:13:52 ssl_srv.c:3361 0050: 1b 2c 58 fe 7b 0a f5 72 49 d9 d1 9a 10 af 29 21 .,X.{..rI.....)! Dec 7 16:13:52 ssl_srv.c:3361 0060: 7a d9 01 a4 99 01 de 6e ae fd 76 ce b9 64 84 49 z......n..v..d.I Dec 7 16:13:52 ssl_srv.c:3361 0070: 96 97 2d 3a 15 ed 5b de d5 99 9d 1b eb 4c 1a aa ..-:..[......L.. Dec 7 16:13:52 ssl_srv.c:3361 0080: a8 e6 36 29 bd 67 b0 50 91 6e b8 cb 0a 42 4a 79 ..6).g.P.n...BJy Dec 7 16:13:52 ssl_srv.c:3361 0090: 4a 65 ae 95 d0 bc 5a e1 e7 75 2a f9 ba 51 1c 2c Je....Z..u*..Q., Dec 7 16:13:52 ssl_srv.c:3361 00a0: ff 67 e3 df eb a0 d7 6c d2 cf 71 d2 ea 24 7c 16 .g.....l..q..$|. Dec 7 16:13:52 ssl_srv.c:3361 00b0: f8 5b 72 83 56 a9 48 e1 b6 cd d0 bd dd 20 23 d5 .[r.V.H...... #. Dec 7 16:13:52 ssl_srv.c:3361 00c0: 80 c4 bd 6e 42 1c 61 b2 e4 41 01 ce c8 85 26 21 ...nB.a..A....&! Dec 7 16:13:52 ssl_srv.c:3361 00d0: b4 0a 5e fe 50 0d 6f 45 a8 fe 15 18 87 e3 ae b3 ..^.P.oE........ Dec 7 16:13:52 ssl_srv.c:3361 00e0: ac 46 c5 c6 bb bc 70 1b 32 b7 15 c5 3d fb 09 1e .F....p.2...=... Dec 7 16:13:52 ssl_srv.c:3361 00f0: 8f 69 f7 e7 a8 86 4d 0b 87 ea 4b fe 08 7e 00 0b .i....M...K..~.. Dec 7 16:13:52 ssl_tls.c:3289 => write handshake message Dec 7 16:13:52 ssl_tls.c:2917 => ssl_flight_append Dec 7 16:13:52 ssl_tls.c:2953 <= ssl_flight_append Dec 7 16:13:52 ssl_tls.c:3425 <= write handshake message Dec 7 16:13:52 ssl_srv.c:3380 <= write server key exchange

4 years, 4 months

2
2
0 0

Benchmark on esp32

by Marco Portoni

Hi, Is it possible to run the benchmark of all cyphers natively on a ESP32 board? I have already run them on laptop but my goal is to run them on esp32, using for example tool like espifd.

4 years, 4 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls