- mbed-tls - lists.trustedfirmware.org

About `MBEDTLS_ALLOW_PRIVATE_ACCESS`

by Aditya Patwardhan

Hi, While working on updating mbedtls to v3.0, I saw that the internal fields in MBEDTLS have been made private. ( ref- here<https://github.com/ARMmbed/mbedtls/blob/development/docs/3.0-migration-guid…>). It says there and I quote "As a last resort, you can access the field foo of a structure bar by writing bar.MBEDTLS_PRIVATE(foo). Note that you do so at your own risk, since such code is likely to break in a future minor version of Mbed TLS.” I just wanted to know if there is any alternative solution to this, rather than using `MBEDTLS_PRIVATE` everywhere. I know the next release of mbedtls probably plans to fix this with appropriate solution. But we wanted to push out our feature branch As early as possible. I saw in the PR<https://github.com/zephyrproject-rtos/zephyr/pull/37753> in zephyr RTOS about updating to mbedtls-3.0. They have just added this line<https://github.com/ceolin/zephyr/blob/5bf3128a9703561e578651218f5bcdafb96f8…> #if !defined(MBEDTLS_ALLOW_PRIVATE_ACCESS) #define MBEDTLS_ALLOW_PRIVATE_ACCESS # endif Is this an alternative solution to using `MBEDTLS_PRIVATE` for accessing a private field. If yes, can somebody please point me to respective document as this would greatly reduce our code-changes. I understand there is some discussion going on in mbedtls about this change, and appropriate getter-setter functions shall be provided. But we wanted to push out out feature branch for early testing. Thanks and Regards, Aditya

4 years, 4 months

2
2
0 0

Mbed TLS Tech Forum

by Dave Rodgman

Hi, On Monday 8th we will have the next Mbed TLS Tech Forum. Please reply to the list if you have any agenda topics to raise. As a starter for the agenda, we will likely discuss: https://github.com/ARMmbed/mbedtls/pull/5067 Proposal for driver dispatch code gen Dave Rodgman Zoom details below. The call will be recorded and made available on the TF website : https://www.trustedfirmware.org/meetings/ Join Zoom Meeting https://linaro-org.zoom.us/j/99948462765?pwd=SGlHYlF1Z2owUDNFWWppaGlSRDh5UT… Meeting ID: 999 4846 2765 Passcode: 196117 One tap mobile +12532158782,,99948462765# US (Tacoma) +13462487799,,99948462765# US (Houston) Dial by your location +1 253 215 8782 US (Tacoma) +1 346 248 7799 US (Houston) +1 669 900 9128 US (San Jose) +1 301 715 8592 US (Washington DC) +1 312 626 6799 US (Chicago) +1 646 558 8656 US (New York) 888 788 0099 US Toll-free 877 853 5247 US Toll-free Meeting ID: 999 4846 2765 Find your local number: https://linaro-org.zoom.us/u/anpWWkRdt

4 years, 4 months

1
0
0 0

mbedtls client: TLS 1.2 Client Hello triggers a -0x7780 fatal internal server error...?

by secretimap＠nickpelling.com

Hi everyone, The company I’m working for uses mbedtls to drive an embedded TLS server (for HTTPS): but now needs the same device to also act as a TLS client for logging in to remote servers (e.g. for LDAP etc). My embedded test code tries (but fails) to connect to a remote HTTPS server on port 443: I can connect to the same server via openssl on a desktop command line, so it seems to be working. Basically, the client hello message goes out fine (for brevity, I’ve skipped all the ciphersuites, but note that the list does contain the 0xC030 ciphersuite that desktop openssl is able to connect to OK): .ssl_cli.c:934: client hello, got 25 ciphersuites (excluding SCSVs) .ssl_cli.c:943: adding EMPTY_RENEGOTIATION_INFO_SCSV .ssl_cli.c:992: client hello, compress len.: 1 .ssl_cli.c:994: client hello, compress alg.: 0 .ssl_cli.c:186: client hello, adding signature_algorithms extension .ssl_cli.c:271: client hello, adding supported_elliptic_curves extension .ssl_cli.c:336: client hello, adding supported_point_formats extension .ssl_cli.c:518: client hello, adding encrypt_then_mac extension .ssl_cli.c:552: client hello, adding extended_master_secret extension .ssl_cli.c:585: client hello, adding session ticket extension .ssl_cli.c:1071: client hello, total extension length: 52 0000: 16 03 01 00 95 01 00 00 91 03 03 16 e9 7a ea aa 0010: 31 81 60 b6 a8 d3 32 93 a4 50 ca f3 e0 66 f8 47 0020: 56 95 0c cd a0 db b6 0e ae a7 d4 00 00 34 c0 30 0030: 00 9f c0 ad c0 9f c0 24 c0 28 00 6b c0 0a c0 14 0040: 00 39 c0 af c0 a3 c0 2b c0 2f 00 9e c0 ac c0 9e 0050: c0 23 c0 27 00 67 c0 09 c0 13 00 33 c0 ae c0 a2 0060: 00 ff 01 00 00 34 00 0d 00 16 00 14 06 03 06 01 0070: 05 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 0080: 00 0a 00 04 00 02 00 17 00 0b 00 02 01 00 00 16 0090: 00 00 00 17 00 00 00 23 00 00 However, the server hello that comes back is both unhappy and unhelpful: .ssl_tls.c:2721: in_left: 5, nb_want: 7 .ssl_tls.c:2722: ssl->f_recv(_timeout)() returned 2 (-0xfffffffe) .ssl_tls.c:2742: <= fetch input .ssl_tls.c:4233: dumping 'input record from network' (7 bytes) .ssl_tls.c:4233: 0000: 15 03 03 00 02 02 50 ......P .ssl_tls.c:5170: got an alert message, type: [2:80] .ssl_tls.c:5178: is a fatal alert message (msg 80) .ssl_tls.c:4369: mbedtls_ssl_handle_message_type() returned -30592 (-0x7780) .ssl_cli.c:1506: mbedtls_ssl_read_record() returned -30592 (-0x7780) Putting the ciphersuites to one side, I suspect that what is happening here is that the (remote) server is complaining about a TLS extension the mbedtls client is either including or omitting. (I’ve already disabled the max fragment extension). But because I can’t see inside the remote server, I can’t tell. ☹ Might the mbedtls TLS client need the supported_versions extension (43) to work with many remote TLS servers? Is this a known issue? I’ve gone through loads of mailing list archive messages here, but haven’t found anything that matches this. Thanks, Nick PS: when OpenSSL connects to the server, the client hello message (that works fine) looks like this in Wireshark: Transport Layer Security TLSv1.2 Record Layer: Handshake Protocol: Client Hello Content Type: Handshake (22) Version: TLS 1.2 (0x0303) Length: 358 Handshake Protocol: Client Hello Handshake Type: Client Hello (1) Length: 354 Version: TLS 1.2 (0x0303) Random: [SNIP] GMT Unix Time: Jan 21, 2095 20:50:07.000000000 GMT Standard Time Random Bytes: [SNIP] Session ID Length: 32 Session ID: [SNIP] Cipher Suites Length: 90 Cipher Suites (45 suites) [SNIP!] Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) Compression Methods Length: 1 Compression Methods (1 method) Compression Method: null (0) Extensions Length: 191 Extension: status_request (len=5) Type: status_request (5) Length: 5 Certificate Status Type: OCSP (1) Responder ID list Length: 0 Request Extensions Length: 0 Extension: supported_groups (len=22) Type: supported_groups (10) Length: 22 Supported Groups List Length: 20 Supported Groups (10 groups) Supported Group: x25519 (0x001d) Supported Group: secp256r1 (0x0017) Supported Group: secp384r1 (0x0018) Supported Group: secp521r1 (0x0019) Supported Group: x448 (0x001e) Supported Group: ffdhe2048 (0x0100) Supported Group: ffdhe3072 (0x0101) Supported Group: ffdhe4096 (0x0102) Supported Group: ffdhe6144 (0x0103) Supported Group: ffdhe8192 (0x0104) Extension: ec_point_formats (len=2) Type: ec_point_formats (11) Length: 2 EC point formats Length: 1 Elliptic curves point formats (1) EC point format: uncompressed (0) Extension: signature_algorithms (len=34) Type: signature_algorithms (13) Length: 34 Signature Hash Algorithms Length: 32 Signature Hash Algorithms (16 algorithms) [SNIP!] Extension: signature_algorithms_cert (len=34) Type: signature_algorithms_cert (50) Length: 34 Signature Hash Algorithms Length: 32 Signature Hash Algorithms (16 algorithms) [SNIP!] Extension: status_request_v2 (len=9) Type: status_request_v2 (17) Length: 9 Certificate Status List Length: 7 Certificate Status Type: OCSP Multi (2) Certificate Status Length: 4 Responder ID list Length: 0 Request Extensions Length: 0 Extension: extended_master_secret (len=0) Type: extended_master_secret (23) Length: 0 Extension: supported_versions (len=5) Type: supported_versions (43) Length: 5 Supported Versions length: 4 Supported Version: TLS 1.3 (0x0304) Supported Version: TLS 1.2 (0x0303) Extension: psk_key_exchange_modes (len=2) Type: psk_key_exchange_modes (45) Length: 2 PSK Key Exchange Modes Length: 1 PSK Key Exchange Mode: PSK with (EC)DHE key establishment (psk_dhe_ke) (1) Extension: key_share (len=38) Type: key_share (51) Length: 38 Key Share extension Client Key Share Length: 36 Key Share Entry: Group: x25519, Key Exchange length: 32 Group: x25519 (29) Key Exchange Length: 32 Key Exchange: 9f8e83a6859e6b4c6c3e43b524b81e6f63cc409c5757692a2343a2929c681c17

4 years, 4 months

1
0
0 0

Compact public ECC key representation

by Hristozov, Stefan

Hi all, For an IETF protocol that I am currently implementing a compact representation [1] of ECDH public keys needs to be sent over the network and be used on the receiving side for deriving a shared secret. With psa_export_public_key() I can export the public key form a psa_key_id_t object. The exported key is 65 bytes long (I am working with P256) which has the format 04|x|y as documented in [2]. It is easy to compress the public key before sending it -> just send the x part. How to decompress the x part back to the representation 04|x|y. As far I understand the psa_raw_key_agreement() function the public key must be encoded "in the same format that psa_import_key() accepts", that is 04|x|y [3]. Is there a function for that? [1]: https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-12#appendix-B draft-ietf-lake-edhoc-12<https://datatracker.ietf.org/doc/html/draft-ietf-lake-edhoc-12#appendix-B> Network Working Group G. Selander Internet-Draft J. Preuß Mattsson Intended status: Standards Track F. Palombini Expires: 23 April 2022 Ericsson 20 October 2021 Ephemeral Diffie-Hellman Over COSE (EDHOC) draft-ietf-lake-edhoc-12 Abstract This document specifies Ephemeral Diffie-Hellman Over COSE (EDHOC), a very compact and lightweight authenticated Diffie-Hellman key exchange with ephemeral keys. datatracker.ietf.org [2]: https://github.com/ARMmbed/mbedtls/blob/f660c7c92308b6080f8ca97fa1739370d1b… [https://opengraph.githubassets.com/aee6bf8d395880d12a54b66dd4188b9fd92064a1…]<https://github.com/ARMmbed/mbedtls/blob/f660c7c92308b6080f8ca97fa1739370d1b…> mbedtls/crypto.h at f660c7c92308b6080f8ca97fa1739370d1b2fab5 · ARMmbed/mbedtls<https://github.com/ARMmbed/mbedtls/blob/f660c7c92308b6080f8ca97fa1739370d1b…> An open source, portable, easy to use, readable and flexible SSL library - mbedtls/crypto.h at f660c7c92308b6080f8ca97fa1739370d1b2fab5 · ARMmbed/mbedtls github.com [3]: https://github.com/ARMmbed/mbedtls/blob/f660c7c92308b6080f8ca97fa1739370d1b… [https://opengraph.githubassets.com/aee6bf8d395880d12a54b66dd4188b9fd92064a1…]<https://github.com/ARMmbed/mbedtls/blob/f660c7c92308b6080f8ca97fa1739370d1b…> mbedtls/crypto.h at f660c7c92308b6080f8ca97fa1739370d1b2fab5 · ARMmbed/mbedtls<https://github.com/ARMmbed/mbedtls/blob/f660c7c92308b6080f8ca97fa1739370d1b…> An open source, portable, easy to use, readable and flexible SSL library - mbedtls/crypto.h at f660c7c92308b6080f8ca97fa1739370d1b2fab5 · ARMmbed/mbedtls github.com Br, Stefan

4 years, 5 months

1
0
0 0

Using mbedtls with a CA chain

by Loren Rogers

I need to use mbedtls (bundled with Nordic SDK, and unsure of version) to do some cloud-based functionality (AWS cloud, using OpenAM with a CA chain containing 4 certs). According to something I read, I need to use a pkcs7 container? If so, it seems that mbedtls does not support pkcs7? I did hand-copy some code from a PR, but as I was looking through the pkcs7.c, it seems that it still only supports the CA Root. Is this true? Is there anyone that can give me a hand in solving what I am attempting to do? Thank you /Loren Rogers

4 years, 5 months

1
0
0 0

password for the files root.cer, client1.cer and client1-key.pem

by lekshmi g

Dear Sir,/Madam We need to convert the files - root.cer,client1.cer and client1-key.pem to jks using the tool keystore explorer. For that, the password for the files are needed.Please provide passwords.We need to establish connection between java client and mbedtls c server.Kindly provide help. Regards Lekshmi G

4 years, 5 months

1
0
0 0

TLS connection establishment between OpenMUC java client and mbedtls server

by lekshmi g

Dear Madam/Sir, We are working on a project which requires IEC 62351 standards. For that we had developed a TLS server in C language and we had the requirement of developing a TLS client in Java language. We had used the *mbedTLS library for server* and *OpenMUC libraries for client*. But we are getting exception while certificate exchange phase and all. We had attached the listed exceptions and errors. Kindly provide necessary support for the same. Also please confirm whether we can develop above specified architecture, ie TLS based server in C language and client in Java. If available please share some sample programs also. Please reply ASAP. We have debugged the code and the following are the messages we have got in mbedtls java server and OPENMUC java tls client . During certificate exchange from client to server (MBEDTLS_SSL_CLIENT_CERTIFICATE case in server), the function returns a nonzero value and the alert shows in server is 49 (ie, MBEDTLS_SSL_ALERT_MSG_ACCESS_DENIED). *Please check Fig 1 and Fig 2* for the messages displayed during connection establishment.Kindly help us to solve the issues. [image: image.png] Fig 1- case:MBEDTLS_SSL_CLIENT_CERTIFICATE fails [image: image.png] Fig 2-OPENMUC java client error when connecting to mbedtlsserver ReplyForward <https://drive.google.com/u/0/settings/storage?hl=en&utm_medium=web&utm_sour…> <https://www.google.com/intl/en/policies/terms/> <https://www.google.com/intl/en/policies/privacy/> <https://www.google.com/gmail/about/policy/>

4 years, 5 months

1
0
0 0

[Mbed-tls-announce] Mbed TLS Tech Forum

by Dave Rodgman via Mbed-tls-announce

Hi, I would like to announce the Mbed TLS Tech Forum, a regular engineering call to discuss topics of interest to the Mbed TLS community. The call is currently planned to take place every two weeks, alternating between US-friendly and China-friendly times (16:30 and 10:00 UK time), starting on the 25th October at 16:30 BST. Please reply to the list if you have any agenda topics to raise. As a starting point, we will cover: Format – check if times & cadence are suitable TLS 1.3 – high-level update on progress & direction PSA Cryptoprocessor Driver Interface – code generation for driver dispatch as per https://github.com/ARMmbed/mbedtls/pull/5067 Zoom details below. The call will be recorded and made available on the TF website: https://www.trustedfirmware.org/meetings/ Dave Rodgman Mbed TLS tech lead -- Dave Rodgman is inviting you to a scheduled Zoom meeting. Join Zoom Meeting https://armltd.zoom.us/j/93259847316?pwd=N0d4Z0o5RXRLKzZFaE1sd044bm14dz09&f… Meeting ID: 932 5984 7316 Passcode: 991642 One tap mobile +442034815240,,93259847316#,,,,*991642# United Kingdom Dial by your location +44 203 481 5240 United Kingdom +1 346 248 7799 US (Houston) +1 408 638 0968 US (San Jose) +1 646 518 9805 US (New York) +91 116 480 2722 India +91 224 879 8012 India +91 406 480 2722 India +91 806 480 2722 India +852 5803 3730 Hong Kong SAR +46 8 4468 2488 Sweden +972 3 978 6688 Israel +353 1 536 9320 Ireland +36 1 408 8456 Hungary +33 1 7037 2246 France +358 3 4109 2129 Finland +45 32 70 12 06 Denmark +1 438 809 7799 Canada +65 3158 7288 Singapore +27 87 550 3946 South Africa +32 1579 5132 Belgium +48 22 307 3488 Poland +386 1600 3102 Slovenia +60 3 3099 2229 Malaysia +886 (2) 7741 7473 Taiwan Meeting ID: 932 5984 7316 Passcode: 991642 Find your local number: https://armltd.zoom.us/u/adTMafG7oQ Join by SIP 93259847316(a)zoomcrc.com Join by H.323 162.255.37.11 (US West) 162.255.36.11 (US East) 115.114.131.7 (India Mumbai) 115.114.115.7 (India Hyderabad) 213.19.144.110 (Amsterdam Netherlands) 213.244.140.110 (Germany) 103.122.166.55 (Australia Sydney) 103.122.167.55 (Australia Melbourne) 209.9.211.110 (Hong Kong SAR) 149.137.40.110 (Singapore) 64.211.144.160 (Brazil) 69.174.57.160 (Canada Toronto) 65.39.152.160 (Canada Vancouver) 207.226.132.110 (Japan Tokyo) 149.137.24.110 (Japan Osaka) Meeting ID: 932 5984 7316 Passcode: 991642 IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list Mbed-tls-announce(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls-announce

4 years, 5 months

3
2
0 0

switching from libressl to MbedTLS

by LM

I'm hoping to make the switch from libressl to MbedTLS. I'm working on a Linux from scratch style project. Curl works fine with MbedTLS and most of the utilities I work with use libcurl. I'm also using libtomcrypt for some of its hash and cryptographic functionality. The only place I'm having a problem making the switch at present is when I follow the LFS logic to make certificates (make-ca). There's a openssl/libressl command in the script that looks like the following: openssl x509 -hash -noout -in "$1" Is there a way to replace this functionality with a command or procedure or function from another program so that libressl or openssl isn't needed to perform this step? Thanks.

4 years, 5 months

1
0
0 0

Mbedtls Client Key Exchange Time

by Duygu D.

Hello, I'm using mbedTLS on baremetal lwip+stm32f4 system as a Server. TLS working successfully with the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 but when I receive the Client Hello message than my receive proccess function in ethernetif_input: err = netif->input(p, netif); takes 300ms time. This function normaly takes 1ms. I need to reduce this time. How Can I do that ? This is my config file: https://paste.ofcode.org/Bdt4FapskKY7M5ggm3uViJ Best Regards. -- Embeded System Engineer

4 years, 5 months

1
0
0 0

passing jks format client certificate

by lekshmi g

Dear Madam/Sir We need to establish connection with security between MMS client application in java(OPENMUC java client) and MMS server (tls_server_example in mbedtls).The java client application uses keystore.jks and truststore.jks (*jks format* ) instead of certificate in *cer *format.Is it possible to establish connection between OPENMUC java mms client and libiec61850 1.5 with mbedtls-2.16.6* ?* . We have added the *root.cer details *(certificate in the sample mbedtls server program ) to * truststore.jks* in client (openmuc java) and *client1.cer details* (client1 certificate in the sample mbedtls server program ) *to keystore.jks* .When trying to establish connection server hello messages are completed ,but showing the following error: *MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE.* * Please help...* *Regards* *Lekshmi G*

4 years, 5 months

1
0
0 0

Re: [mbed-tls] [TF-M] Adding platform specific functions to Crypto Service.

by Fabian Schmidt

Hi Roman, My understanding is that you would like to add features to the Crypto service API, but the features which you would like to add are not cryptographic in nature. Have you considered creating your own service for those features, instead of modifying the Crypto service? Or is there anything makes this not a viable option? If you are thinking about adding hardware acceleration for some Crypto features, that's indeed covered in Shebu's link. Greetings, Fabian Schmidt From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Shebu Varghese Kuriakose via TF-M Sent: Dienstag, 12. Oktober 2021 11:46 To: David Hu <David.Hu(a)arm.com>; Roman.Mazurak(a)infineon.com; tf-m(a)lists.trustedfirmware.org; mbed-tls(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: [EXT] Re: [TF-M] Adding platform specific functions to Crypto Service. Caution: EXT Email Hi Roman, I also might not have understood the question completely. As you mention crypto HAL API, here is the specification which defines a standardized mechanism for PSA Crypto implementations to interface with Secure elements and crypto accelerators - https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-driver -interface.md <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2FARMmbed%2Fmbedtls%2Fblob%2Fdevelopment%2Fdocs%2Fproposed%2Fpsa-driver-in terface.md&data=04%7C01%7Cfabian.schmidt%40nxp.com%7C17489158b6384ef5caa308d 98d654ead%7C686ea1d3bc2b4c6fa92cd99c5c301635%7C0%7C0%7C637696288543072051%7C Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC JXVCI6Mn0%3D%7C1000&sdata=uKX4sUH37jNx1%2BvACuN8tBQl05OaXPPnMT9FqMwbhdU%3D&r eserved=0> Also adding mbed-tls mailing list as the thread is crypto related.. Regards, Shebu From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org <mailto:tf-m-bounces@lists.trustedfirmware.org> > On Behalf Of David Hu via TF-M Sent: Tuesday, October 12, 2021 4:18 AM To: Roman.Mazurak(a)infineon.com <mailto:Roman.Mazurak@infineon.com> ; tf-m(a)lists.trustedfirmware.org <mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com <mailto:nd@arm.com> > Subject: Re: [TF-M] Adding platform specific functions to Crypto Service. Hi Roman, Are you asking about adding platform specific HAL API to implement PSA Crypto API function? Please correct me if I misunderstand your question. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org <mailto:tf-m-bounces@lists.trustedfirmware.org> > On Behalf Of Roman Mazurak via TF-M Sent: Monday, October 11, 2021 9:45 PM To: tf-m(a)lists.trustedfirmware.org <mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Adding platform specific functions to Crypto Service. Hi all, We would like to add a number of platform specific functions to Crypto Service API. Is it ok if such functions will not be related to cryptographic service, but such approach allows us to optimize platform design? Is there any initiative to create a Crypto Service HAL API to extend Crypto with custom functions? Best regards, Roman.

4 years, 5 months

3
3
0 0

Re: [mbed-tls] Adding platform specific functions to Crypto Service.

by Shebu Varghese Kuriakose

Hi Roman, I also might not have understood the question completely. As you mention crypto HAL API, here is the specification which defines a standardized mechanism for PSA Crypto implementations to interface with Secure elements and crypto accelerators - https://github.com/ARMmbed/mbedtls/blob/development/docs/proposed/psa-drive… Also adding mbed-tls mailing list as the thread is crypto related.. Regards, Shebu From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of David Hu via TF-M Sent: Tuesday, October 12, 2021 4:18 AM To: Roman.Mazurak(a)infineon.com; tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] Adding platform specific functions to Crypto Service. Hi Roman, Are you asking about adding platform specific HAL API to implement PSA Crypto API function? Please correct me if I misunderstand your question. Best regards, Hu Ziji From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Roman Mazurak via TF-M Sent: Monday, October 11, 2021 9:45 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: [TF-M] Adding platform specific functions to Crypto Service. Hi all, We would like to add a number of platform specific functions to Crypto Service API. Is it ok if such functions will not be related to cryptographic service, but such approach allows us to optimize platform design? Is there any initiative to create a Crypto Service HAL API to extend Crypto with custom functions? Best regards, Roman.

4 years, 5 months

1
0
0 0

MbedTLS and IPv4 packet length problem

by Duygu D.

Hello, I am using this example for the source of the my main purpose : https://github.com/straight-coding/LPC407x-NoOS-LWIP-MBEDTLS-HTTPD-KEIL/blo… This example using https but I'm trying to use this example on Modbus Server. This is init function for the server tcp connections: BOOL xMBTCPPortInit( USHORT usTCPPort ) { struct altcp_pcb *pxPCBListenNew, *pxPCBListenOld; BOOL bOkay = (BOOL)FALSE; USHORT usPort; extern struct altcp_tls_config* getTlsConfig(void); tls_config = getTlsConfig(); mbedtls_ssl_conf_dbg(tls_config, my_debug, NULL); mbedtls_debug_set_threshold(5); if( usTCPPort == 0 ) { usPort = MB_TCP_DEFAULT_PORT; } else { usPort = ( USHORT ) usTCPPort; } if( ( pxPCBListenNew = pxPCBListenOld = altcp_tls_new( tls_config,IPADDR_TYPE_ANY) ) == NULL ) { /* Can't create TCP socket. */ bOkay = (BOOL)FALSE; } else if( altcp_bind( pxPCBListenNew, IP_ANY_TYPE, ( u16_t ) usPort ) != ERR_OK ) { /* Bind failed - Maybe illegal port value or in use. */ ( void )altcp_close( pxPCBListenOld ); bOkay = (BOOL)FALSE; } else if( ( pxPCBListenNew = altcp_listen( pxPCBListenNew ) ) == NULL ) { ( void )altcp_close( pxPCBListenOld ); bOkay = (BOOL)FALSE; } else { // altcp_tls_new(pxPCBListenNew, IP_GET_TYPE(ip_addr))*/; /* Register callback function for new clients. */ altcp_accept( pxPCBListenNew, prvxMBTCPPortAccept ); /* Everything okay. Set global variable. */ pxPCBListen = pxPCBListenNew; #ifdef MB_TCP_DEBUG vMBPortLog( MB_LOG_DEBUG, "MBTCP-ACCEPT", "Protocol stack ready.\r\n" ); #endif SerialPrint("MBTCTP-ACCEPT"); } bOkay = (BOOL)TRUE; return bOkay; } struct altcp_tls_config* getTlsConfig(void) { struct altcp_tls_config* conf; size_t privkey_len = strlen(privkey) + 1; size_t privkey_pass_len = strlen(privkey_pass) + 1; size_t cert_len = strlen(cert) + 1; conf = altcp_tls_create_config_server_privkey_cert((u8_t*)privkey, privkey_len, (u8_t*)privkey_pass, privkey_pass_len, (u8_t*)cert, cert_len); return conf; } And I am using basic python tls client example to show successful mbedtls handshake. This is my client.py codes: import time from socket import create_connection from ssl import SSLContext, PROTOCOL_TLS_CLIENT import ssl hostname='example.org' ip = '192.168.1.2' port = 502 context = SSLContext(PROTOCOL_TLS_CLIENT) context.options |= ssl.OP_NO_SSLv3 context.options |= ssl.OP_NO_TLSv1 context.options |= ssl.OP_NO_TLSv1_1 context.load_verify_locations('cert.pem') with create_connection((ip, port)) as client: with context.wrap_socket(client, server_hostname=hostname) as tls: print(f'Using {tls.version()}\n') tls.sendall(b'Hello world') data = tls.recv(1024) print(f'Server says: {data}') When I try to start communication I get below outputs on wireshark: [image: image.png] When the server send hello message I've this error on the line: [image: image.png] When I checked the low_level_output functions I get sending data bytes 150 byte but Ipv4 length shows us 576 byte, opt.h file set as default but if I changed TCP_MSS as a 250 byte so I can send 136 byte and Ipv4 packet lenght shows me 136. But does not make sense. I couldnt do successful handshaking. My mbedtls debug outputs in this link https://paste.ofcode.org/PP3zFmrLcKqPdRMT3LzETz How cna I solve this problem ? What is the reason for the lenght problem ? Best Regards. -- Embeded System Engineer

4 years, 5 months

3
4
0 0

image-20211001180442075

by Shudong Zhang

Hello, I am very sorry about last email by mistakes. I have some questions about multiplication on ecp curves. I add an ecp curve parameter in ecp_curve.c form SM2 algorithm standard, and the parameter is as follow: Then I followed the loading method of secp256r1 to load, but I don’t know how to perform fast calculations, so I commented NIST_MODP( p256 ). #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) caseMBEDTLS_ECP_DP_SECP256R1: NIST_MODP( p256 ); return( LOAD_GROUP( secp256r1 ) ); #endif #if defined(MBEDTLS_ECP_DP_SM256_ENABLED) caseMBEDTLS_ECP_DP_SM256: //NIST_MODP( p256 ); return( LOAD_GROUP_A( sm256 ) ); #endif Then I call the functional interface mbedtls_ecp_mul to perform the multiplication operation, but the heap memory keeps increasing . voidtest() { intret; mbedtls_mpiUd; mbedtls_ecp_groupgrp; mbedtls_ecp_pointT_Q; mbedtls_mpi_init(&Ud); mbedtls_ecp_group_init( &grp ); mbedtls_ecp_point_init( &T_Q ); ret=mbedtls_mpi_read_binary(&Ud, arrUd, sizeof(arr_U_d)); // ret = mbedtls_ecp_group_load(&grp,MBEDTLS_ECP_DP_SECP256R1); ret=mbedtls_ecp_group_load(&grp,MBEDTLS_ECP_DP_SM256); ret=mbedtls_ecp_mul(&grp, &T_Q, &Ud, &(grp.G), NULL, NULL) ; printf("%x\n", -ret); mbedtls_mpi_free(&Ud); mbedtls_ecp_group_free( &grp ); mbedtls_ecp_point_free( &T_Q ); } intmain() { for(inti=0; i<10; i++) test(); return0; } The heap memory is mesaured by massif( valgring tools), Can someone tell me what this is because of and how to fix this problem ? Best Regards. Shudong Zhang

4 years, 5 months

1
0
0 0

Add an ecp curves, but the multiplication add heap memory continuouly

by Shudong Zhang

Hello， I add an ecc curve parameter in ecp_curve.c form SM2 algorithm, and the parameter is as follow:

4 years, 5 months

2
1
0 0

Unable to enable CCM ciphers in mbedtls

by Ron Eggler

The |mbedtls| client project I'm working on, is to also support the cipher suites: |TLS-ECDHE-ECDSA-WITH-AES-256-CCM| & |TLS-ECDHE-ECDSA-WITH-AES-128-CCM|. I have specified them like: |const int ciphersuites[] = { MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA384, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_128_CCM, MBEDTLS_TLS_ECDHE_ECDSA_WITH_AES_256_CCM, 0 }; mbedtls_ssl_conf_ciphersuites(&ctxt->conf,ciphersuites); | and while I can see the GCM ciphers in the |Client Hello|, I cannot see the |CCM| ciphers. In |mbedtls/include/mbedtls/config.h|, the following are enabled: |#define MBEDTLS_CCM_ALT #define MBEDTLS_CCM_C #define MBEDTLS_ECDH_GEN_PUBLIC_ALT #define MBEDTLS_ECDH_COMPUTE_SHARED_ALT #define MBEDTLS_ECDSA_SIGN_ALT | What is still missing? While CCM is not listed under The following ciphers may be included <https://tls.mbed.org/module-level-design-cipher>, the ciphers i would like to add definitely show up under Supported SSL / TLS ciphersuites <https://tls.mbed.org/supported-ssl-ciphersuites>, Can someone help out?

4 years, 5 months

2
2
0 0

RAM usage and Slowness issue

by Sunil Jain

Hello, *RAM USAGE:* We are using mbedTLS 2.16 for TLS communication and found that it is consuming more RAM compared to other Cybersecurity library (Mocana ) which we were using earlier. I want to reduce the RAM usage, if there are any settings which i can apply to reduce the RAM usage Presently MbedTLS is using almost 38KB of RAM per TLS connection, I have small memory in my device (STM32F437), I want to reduce this RAM consumption to 30KB per TLS connection. *SLOWNESS:* we have found that after 4 TLS connections on STM32F437 controller, communication becomes very slow, we measured the CPU utilization at this point of time, and it's only 40% ustilized, we are not getting any clue why it becomes so slow. When we compare with Mocana cyber security library we were able to run 6 TLS connections with good speed. Please help us with the above 2 topics. -- Thanks and Regards, Sunil Jain

4 years, 5 months

2
1
0 0

TLS 1.3 support

by Alex Sukhov

Hi mbedTLS team, Our teams are in the process of reviewing available TLS library options. Is there any information that we can find with respect to the mbedTLS stance on TLS 1.3 support? I.E is there a timeline available supporting TLS 1.3? Alternatively is there documentation available that outlines the expected deltas between TLS 1.2 and 1.3 that can help compare the value gained by using TLS 1.3 instead of 1.2? Regards, Alex Sukhov Geotab Embedded System Developer, Team Lead Toll-free Visit +1 (877) 431-8221 www.geotab.com Twitter <https://twitter.com/geotab> | Facebook <https://www.facebook.com/Geotab> | YouTube <https://www.youtube.com/user/MyGeotab> | LinkedIn <https://www.linkedin.com/company/geotab/>

4 years, 6 months

3
2
0 0

Doubt in mbedtls version support for libiec61850-1.5

by lekshmi g

When we are using the version *mbedtls-2.16.6* with *libiec61850-1.5*, the TLS connection is established successfully. But when we use the *2.7.19*, the connection fails(we renamed *mbedtls 2.7.19* as *mbedtls 2.16* and put in the folder third_party\mbedtls ). We had occurred following error during the execution of client- server example programs tls_server_example and tls_client_example using 2.7.19 version. During handshaking process till CASE " MBEDTLS_SSL_CLIENT_CHANGE_CIPHER_SPEC " it worked as expected. But In CASE "MBEDTLS_SSL_CLIENT_FINISHED" the return value should be zero. But we got in function mbedtls_ssl_safer_memcmp mac_peer==41155316 mac_expect==41155356 diff=255 (this value has to be 0 for connection establishment) But we are getting 255 constantly in all runnings. Kindly help us to resolve the issue. If this issue is due to the non supporting of mbedtls version ?.Thanks in advance. Please let us know the *supporting versions of mbedtls *for *libiec61850-1.5 *.

4 years, 6 months

2
2
0 0

On the future of on-target testing

by Gilles Peskine

Hello, Mbed TLS supports building and running unit tests in one of two modes: “hosted” or “on target”. The on-target mode relies on Greentea, the Mbed OS test framework. The on-target mode is unmaintained (there's no CI for it and the Mbed TLS maintainers hardly ever even try to build it these days) and we're considering retiring it in Mbed TLS 2.28. If you do use Mbed TLS's on-target unit testing, either by building target_test.function or by plugging your own file instead of target_test.function or host_test.function, please let us know and weigh in on https://github.com/ARMmbed/mbedtls/issues/4912 <https://github.com/ARMmbed/mbedtls/issues/4912> . Best regards, -- Gilles Peskine Mbed TLS developer

4 years, 6 months

1
1
0 0

How can I read plain-text private key into rsa_context?

by Shariful Alam

Hello, I'm using an older version of mbedtls (polarssl-1.3.9). I have a plain text private key generated from OpenSSL like the following. I'm trying to load this private key into the *rsa_context *using the following code (sorry, for the following code, I just don't know what to copy), Private key with padding (I have added padding manualy to make it divisible by 16 ) ================================================== // Total private key size is 4013 # define KEY_BUFFER_SIZE 4017 unsigned char private_decrypt[KEY_BUFFER_SIZE]; *printf("private key with padding --> \n %s \n", private_decrypt); --> shows the following* private key with padding --> RSA Private-Key: (2048 bit, 2 primes) modulus: 00:cc:40:c3:c6:e7:29:ae:f5:94:d8:3b:3f:a4:33: c2:6d:29:86:63:db:b7:8c:d4:07:f7:b3:db:96:83: f7:55:dd:6a:7b:04:49:53:3d:52:30:5f:af:0b:c2: b1:f0:48:a4:66:0a:b7:aa:29:b1:d0:91:4f:9c:1c: cf:df:5c:10:04:85:f9:bd:7b:93:ed:a6:77:80:12: 34:64:19:1a:18:b5:4e:94:7c:39:ce:99:38:50:e9: 82:71:f6:0f:3e:b8:af:11:3c:f4:05:69:72:8e:96: f6:81:ac:46:29:eb:88:88:c5:54:2f:89:1b:b9:32: da:76:23:a2:00:76:a5:8e:50:d3:ba:39:35:f9:4d: 95:63:ff:6a:3c:c8:a8:53:aa:78:d8:81:c8:bd:af: cf:6c:de:33:aa:c9:d4:80:2c:1f:ef:92:90:8a:c4: 88:e6:9a:e5:ad:2d:08:60:89:1a:77:fc:bf:68:64: 6f:c0:a7:fa:33:6d:ff:d2:e6:a4:7f:ad:87:be:0c: cb:9d:18:44:57:fe:db:86:7f:0b:c5:f7:9a:29:4b: 61:62:48:91:01:f7:e7:5e:64:4d:20:ec:ac:3c:07: 59:d6:19:f5:8c:01:9f:d5:6e:16:a8:8e:f9:2d:f6: f8:73:25:0a:b5:d8:62:2a:f8:ba:d5:dc:ff:6e:77: 0d:35 publicExponent: 65537 (0x10001) privateExponent: 4a:17:50:2d:2d:9b:5c:40:ef:3e:44:b7:c0:3b:9a: 52:78:d6:ac:10:7e:93:92:32:55:b3:23:7b:84:e1: 4a:7f:67:e9:b9:d3:53:63:92:15:c4:0f:be:47:60: be:95:cb:34:cc:bc:74:f8:6c:ed:08:59:05:7b:1a: 18:9e:cf:9c:a4:70:c4:40:38:97:e3:63:c3:cc:56: be:dc:b0:2f:b8:4d:09:e5:ca:1e:5c:4c:26:65:9e: 10:f2:bd:f2:f5:91:63:c2:65:8e:35:02:fe:20:5a: c9:0d:11:e2:90:f2:d5:12:27:88:9a:c6:b8:b6:6e: b2:9e:18:5c:ec:ac:ff:63:42:94:b3:b5:ff:69:75: f5:e9:41:77:8b:ee:1d:fa:47:78:9a:9c:1f:84:8b: 85:f9:29:a5:27:e4:1f:04:34:4e:ce:c2:28:18:38: 72:63:5c:44:88:4f:e2:ec:bc:c4:3e:af:d8:bb:a9: 0f:c9:30:0f:bf:bc:1d:8a:fc:d9:cf:27:f5:16:38: 34:07:3d:bf:a5:45:70:df:c5:8f:ee:79:3e:69:6e: e4:0c:74:76:f7:8a:2c:11:34:53:60:27:c3:73:55: 62:d5:06:cb:35:a4:3d:d6:79:3f:50:d4:81:7c:0f: 03:c5:15:b2:4a:eb:84:f1:16:07:ec:16:02:e4:5c: 1d prime1: 00:e5:40:6a:4c:8d:d3:8d:8d:e6:df:e7:1d:c4:8f: 4d:b4:b7:71:51:b7:c4:8a:19:fe:fd:3e:4b:a9:0b: d0:22:64:e0:76:f4:8b:88:d6:30:4b:f6:41:ae:20: c5:cc:79:ec:05:d0:6b:0e:64:16:c5:b5:e3:74:b6: a8:ac:39:74:1d:8a:09:b8:68:64:a4:c1:74:fa:f6: cd:1b:24:d6:86:1e:40:51:dc:09:78:76:8b:16:3e: f1:ea:a9:9b:25:69:4a:c4:3e:ba:63:62:6c:06:40: 83:8d:af:69:89:bd:ad:07:f4:97:39:7c:25:59:80: 07:59:4e:74:a0:4b:2a:05:67 prime2: 00:e4:15:a8:6a:e6:30:95:d6:36:44:a7:57:ac:99: d5:4d:d9:58:59:05:49:89:b8:42:cb:0e:e8:9d:12: fc:a4:76:e7:07:11:08:97:05:7d:0a:34:21:23:03: c9:4b:97:5c:6f:fc:7e:28:8a:c5:b1:44:12:61:03: 60:5e:f9:d2:51:cf:53:0f:7a:2f:a5:96:5a:f5:33: f7:6f:6e:92:14:cc:54:b1:48:ad:da:f7:37:c7:ca: 6f:a2:6a:00:de:73:6c:67:59:78:af:e9:ce:fb:02: 95:f8:0d:82:38:02:79:e5:a4:3b:61:16:b7:70:b1: 70:c8:9a:e8:81:c7:cb:fb:03 exponent1: 57:04:78:54:ce:90:ba:6e:5e:70:26:9d:d9:fa:3b: 18:99:78:dd:f7:cf:16:4c:7f:c9:48:58:17:b6:70: 2e:5d:f4:05:b3:15:33:bf:79:5d:9b:ff:9a:44:be: 4f:bb:07:a7:bd:50:a5:89:c0:4b:13:9b:5e:b5:e6: 98:58:c6:86:5f:db:08:b0:37:63:82:3b:10:f7:95: 2a:f4:74:a9:3b:da:56:38:1b:30:2a:6e:e8:e6:c3: 94:bb:04:34:d3:1e:9a:16:e5:50:cc:0f:0c:e0:78: 0e:d3:c2:4f:92:3b:97:85:73:d1:52:1a:2b:3a:b9: 8f:60:84:4c:43:bb:93:89 exponent2: 00:d7:ea:08:bc:e9:9c:24:bb:dc:33:b1:96:b5:b6: 0a:ce:df:69:5b:1c:3e:39:39:4d:41:9c:a3:67:ce: 89:8b:c7:63:7c:b5:0b:44:ab:d5:6a:cb:5e:73:1f: 2a:77:7c:99:ed:09:41:04:70:1a:25:6d:23:58:e3: 31:5f:b7:6e:fa:33:21:96:0d:3c:fd:ac:0f:fe:ff: 6a:c4:fa:0f:1f:d1:2e:7b:85:29:cf:97:28:1e:e1: ec:3b:fb:cd:46:c8:4d:5e:a8:bc:2f:0b:4e:fd:1f: bd:88:4c:81:71:34:26:e0:d5:4f:c0:e1:18:56:7e: 23:1e:44:46:c6:54:b5:2c:b1 coefficient: 2e:45:e5:0a:bc:66:bc:6e:9d:0d:ce:02:d6:30:62: 44:f6:38:d0:a7:2a:25:c4:42:76:cc:59:38:af:35: cb:6e:a7:5e:3c:71:97:6a:7b:c4:69:25:2e:c4:07: 20:2c:86:5c:a1:e8:6e:d8:e6:b7:9a:21:28:1e:8a: b1:4b:c5:ab:4e:35:e0:83:b5:30:56:53:d7:50:2f: 69:a2:6c:7b:00:d8:15:17:bb:79:72:33:30:11:47: 06:c5:58:16:63:e3:f5:ac:71:3d:ce:64:67:0e:6a: e0:cd:c2:e6:ad:30:f9:3e:7e:52:01:cf:fc:fc:66: 10:44:1a:4b:1b:08:7a:8d 000 <----- padding ============================================ Remove padding and get the actual private key using the the following code, ============================================================================= size_t lenght=strlen(private_decrypt); // length =4016 int N= lenght-4013; // 4013 is the original length of the private key, N is the length of padding private_decrypt[lenght-N]='\0'; // So, now *private_decrypt *contains the actual key ============================================================================= Then I use the following code to split each key and load into rsa_context, ===================================================================== char *strings[]={ "modulus:", "publicExponent:", "privateExponent:", "prime1:", "prime2:", "exponent1:", "exponent2:", "coefficient:"}; char* in = &private_decrypt; char *token; const char s[2] = " "; char *token_2; int k=0, size; do { if(k<8){ token = strstr(in,strings[k]); size= strlen(token); if (token){ *token = '\0'; } switch (k) { case 1: strcat(in,"\0"); printf("k=%d:\n %s\n",k,in); mpi_read_string(&rsaContext->N, 16, in); break; case 2: token_2 = strtok_r(in, s, &in); strcat(token_2,"\0"); printf("k=%d:\n %s\n",k,token_2); mpi_read_string(&rsaContext->E, 16, token_2); break; case 3: break; case 4: break; case 5: break; case 6: break; case 7: break; } //printf("k=%d \n%s\n",k,in); in = token+strlen(strings[k]); k=k+1; } else{ token= "NULL"; break; } }while(token!=NULL); // Check Public key if(rsa_check_pubkey(rsaContext)!=0){ printf("Reading public key error\n"); exit(0); } ===================================================================== Upon doing all this, when check the if the public key is load correctly or not, I'm getting *"Reading public key error". *Any help, what I'm doing wrong? Regards, Shariful Alam

4 years, 6 months

1
0
0 0

How can I get plaintext rsa private key from .pem format?

by Shariful Alam

Hello, I found that, /programs/pkeyrsa_genkey.c creates a plaintext rsa private key. Is there any way I can generate the keys in the same format from a .pem format? Regards, Shariful Alam

4 years, 6 months

1
0
0 0

-0x7880 "error" after successful failed download

by Ron Eggler

Hi, I'm getting the following errors printed: tls : error : [2021/06/21 21:43:12.360] [id = 10]: ../../src/../externals/mbedtls/mbedtls/library/ssl_tls.c(4369): mbedtls_ssl_handle_message_type() returned -30848 (-0x7880) tls : error : [2021/06/21 21:43:12.360] [id = 11]: ../../src/../externals/mbedtls/mbedtls/library/ssl_tls.c(8335): mbedtls_ssl_read_record() returned -30848 (-0x7880) after a file is successfully downloaded. It looks like MBEDTLS_ERR_SSL_PEER_CLOSE_NOTIFY gets interpreted and printed as error. How can I fix this? Is this a configuration thing or do I edit the ssl_tls.c source code? Thank you, Ron mbedtls 2.16.0

4 years, 7 months

1
0
0 0

Re: [mbed-tls] FTPS: Bad Record Mac on login

by Ron Eggler

On 2021-08-16 11:11 a.m., Ron Eggler via mbed-tls wrote: > Hi, > > I am working on a client where I need to login to a FTPS server > (vsftpd). I establish the connection, exchange Hellos, certificate & > key exchange and all seems succesful and are happening fine. > > I am able to send "PBSZ 0" to the server which gets acknowledged with > "200 PBSZ set to 0." (as seen in Wireshark). > > Then, when it comes to sending "PROT P", I cannot see it encoded in > Wireshark. it just says "Application Data" and the next frame reads > "Alert (Level: Fatal, Description: Bad Record Mac)". I have > investigated my code (mostly for differences between "PBSZ 0" and > "PROT P" but came up empty) and have searched the web but have failed > to find the resolution to my problem, as of yet. It seems obvious that > the problem must be in my code but I seem to be unable to put my > finger on it! I thought I should check if someone here may have any > other hints that will help me resolve the problem. > > I have temporarily set "mbedtls_ssl_conf_authmode( &ctxt.conf, > MBEDTLS_SSL_VERIFY_NONE);" to make sure that the CA is not the causing > any issues. > I have been able to resolve this. It was caused by usage of different context structure pointers.

4 years, 7 months

1
0
0 0

FTPS: Bad Record Mac on login

by Ron Eggler

Hi, I am working on a client where I need to login to a FTPS server (vsftpd). I establish the connection, exchange Hellos, certificate & key exchange and all seems succesful and are happening fine. I am able to send "PBSZ 0" to the server which gets acknowledged with "200 PBSZ set to 0." (as seen in Wireshark). Then, when it comes to sending "PROT P", I cannot see it encoded in Wireshark. it just says "Application Data" and the next frame reads "Alert (Level: Fatal, Description: Bad Record Mac)". I have investigated my code (mostly for differences between "PBSZ 0" and "PROT P" but came up empty) and have searched the web but have failed to find the resolution to my problem, as of yet. It seems obvious that the problem must be in my code but I seem to be unable to put my finger on it! I thought I should check if someone here may have any other hints that will help me resolve the problem. I have temporarily set "mbedtls_ssl_conf_authmode( &ctxt.conf, MBEDTLS_SSL_VERIFY_NONE);" to make sure that the CA is not the causing any issues. Thank you!

4 years, 7 months

1
0
0 0

record and no record delemma

by Dave Plater

Hi, I wonder if anyone can tell me what I'm doing wrong. I use a modified client1.c for getting payment objects from an aws address, curl says that the connection uses "SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256" if it's any use. I can retrieve any single payment object which has a content length of about 443 but when I try to get the entire record of payments of which I only need the first or latest payment to check that I'm in sync, I get "Last error was: -28928 - SSL - Bad input parameters to function". This started at a certain point in the payment object accumulation don't quite know when, the current record of all payments is 22526 and it grows with every transaction. The GET request for the all the payment objects ends in "/payments/" and for a single object /payments/ has the objects id appended to it. There must be a way to receive a truncated record of all payments. Here is my latest config.h: #ifndef MBEDTLS_CONFIG_H #define MBEDTLS_CONFIG_H /* System support */ //#define MBEDTLS_HAVE_ASM #define MBEDTLS_HAVE_TIME #define MBEDTLS_NO_PLATFORM_ENTROPY #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES #define MBEDTLS_TEST_NULL_ENTROPY #define MBEDTLS_ERROR_C #define MBEDTLS_PLATFORM_C //#define MBEDTLS_PLATFORM_EXIT_ALT //#define MBEDTLS_PLATFORM_TIME_ALT //#define MBEDTLS_PLATFORM_FPRINTF_ALT //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_VSNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT //#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /* mbed TLS feature support */ #define MBEDTLS_CIPHER_MODE_CBC #define MBEDTLS_PKCS1_V15 #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_SSL_PROTO_TLS1_2 #define MBEDTLS_SSL_CLI_C #define MBEDTLS_SSL_TLS_C #define MBEDTLS_ENTROPY_C #define MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES //experiment #define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED #define MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED #define MBEDTLS_ECDH_C #define MBEDTLS_ECP_C #define MBEDTLS_ECP_DP_SECP192R1_ENABLED #define MBEDTLS_RSA_C #define MBEDTLS_OID_C #define MBEDTLS_PKCS1_V15 #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_CIPHER_C #define MBEDTLS_MD_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_SHA256_C #define MBEDTLS_PK_PARSE_C #define MBEDTLS_PK_C #define MBEDTLS_ASN1_PARSE_C /* mbed TLS modules */ #define MBEDTLS_AES_C /* #define MBEDTLS_ASN1_WRITE_C #define MBEDTLS_BIGNUM_C #define MBEDTLS_CIPHER_C #define MBEDTLS_CTR_DRBG_C #define MBEDTLS_DES_C #define MBEDTLS_MD_C #define MBEDTLS_MD5_C //#define MBEDTLS_RSA_C #define MBEDTLS_SHA1_C #define MBEDTLS_SHA256_C */ #define MBEDTLS_X509_USE_C /* For test certificates */ #define MBEDTLS_BASE64_C #define MBEDTLS_CERTS_C #define MBEDTLS_PEM_PARSE_C /* Limit memory use*/ #define MBEDTLS_SSL_MAX_CONTENT_LEN 16384 /* For testing with compat.sh */ //#define MBEDTLS_FS_IO #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ Thanks, Dave P

4 years, 7 months

1
0
0 0

Compare certs' RSA keys, subjects etc..

by Nassim Eddequiouaq

Hi, I'd like to compare a signing cert in a cert chain against a pinned cert. Given two mbedtls_x509_crt (or two mbedtls_rsa_context), what is the recommended way to compare them? Thanks! -- Nassim Eddequiouaq

4 years, 7 months

1
0
0 0

Re: [mbed-tls] Could memory leak or heap fragmentation be the issue?

by Gilles Peskine

Hello, I don't see anything obviously wrong with the code. Heap fragmentation is a possibility. A memory leak is also a possibility; we do fairly extensive testing for memory leaks in unit tests, but this doesn't catch unusual conditions (especially not recovering after a low-memory condition). I think the first tool to investigate is to enable MBEDTLS_MEMORY_DEBUG. This has a small cost in code size and gives you access to some introspection functions mbedtls_memory_buffer_alloc_status() and mbedtls_memory_buffer_alloc_max_get(). Call these functions on an error, and also perhaps at other times for comparison. There's also an option MBEDTLS_MEMORY_BACKTRACE which creates extremely verbose logs. Those logs might be helpful, but they're so verbose that they often aren't practical in a real-world application. I notice that the allocation is for a little over 16kB. The default size of the SSL input/output buffers is 16kB because that's the maximum size of a message according to the specification. However you can usually get away with a lot less, especially on IoT networks where the infrastructure is geared towards much smaller messages. See https://tls.mbed.org/kb/how-to/controlling_package_size <https://tls.mbed.org/kb/how-to/controlling_package_size> for more information on message sizes and buffer sizes. If the problem is a memory leak, smaller buffers will only delay the failure. But if the problem is that the application just needs a bit more heap space, this could solve the problem. Concretely, try setting MBEDTLS_SSL_IN_CONTENT_LEN and MBEDTLS_SSL_OUT_CONTENT_LEN in the compile-time configuration to much lower values. MBEDTLS_SSL_OUT_CONTENT_LEN can be as low as you like as long as the handshake messages fit. MBEDTLS_SSL_IN_CONTENT_LEN has to be large enough for the messages that you're sent. Alternatively, enable the option MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH, which results in smaller buffers but can make fragmentation worse due to reallocations. Hope this helps. -- Gilles Peskine Mbed TLS developer On 01/08/2021 22:40, Alan Chen via mbed-tls wrote: > > I posted the question on the mbedTLS forum, only to realized that > mbedTLS is now maintained by the projectï¿½s mailing list. Here is the > copy of what I wrote: > > ï¿½ > > *Occasionally*ï¿½ I am getting MBEDTLS_ERR_SSL_ALLOC_FAILED from > mbedtls_ssl_setup() during repeated HTTP partial content download. > Since this problem happens very rarely, it is a bit difficult to > troubleshoot. > > ï¿½ > > I am running mbedTLS on a Microchip PIC32MZ MCU, connected to a > LTE-M/NB-IoT modem. I have 128K static memory reserved for the library > with MBEDTLS_PLATFORM_MEMORY defined in the config.h file. The MCU > runs two main tasks - MQTT client, talking to the AWS MQTT broker, and > HTTPS client, for downloading new firmware image from the AWS S3 > bucket over the air. > > ï¿½ > > Due to the slowness and limited bandwidth of the LTE-M and NB-IoT > technologies, the HTTP file download has to use the partial content > GET, basically 2KB per request, until all ~700KB of data are received. > During the course of the file download, one can see as many as 30 > disconnect and reconnect, and each time the TLS session would close > down and re-open once the cell network is established. Here are some > of my functions: > > ï¿½ > > ``` > > #define MBEDTLS_MAX_MEMORY_ALLOCATEDï¿½ï¿½ï¿½ (1024 * 128) > > static uint8_t tls_memory_buf[MBEDTLS_MAX_MEMORY_ALLOCATED]; > > ï¿½ > > // called in main() > > void mbedtls_mem_init(void) > > { > > ï¿½ï¿½ï¿½ mbedtls_memory_buffer_alloc_init(tls_memory_buf, sizeof > tls_memory_buf); > > } > > ï¿½ > > void HTTPS_TLS_CLOSE(void) > > { > > ï¿½ï¿½ï¿½ if (server_fd_https.fd != -1) > > ï¿½ï¿½ï¿½ {ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½mbedtls_entropy_free(&entropy_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_x509_crt_free(&cacert_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_ctr_drbg_free(&ctr_drbg_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_ssl_config_free(&conf_https); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ mbedtls_ssl_free(&ssl_https); > > ï¿½ > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ server_fd_https.fd = -1; > > ï¿½ï¿½ï¿½ } > > } > > ï¿½ > > bool HTTPS_TLS_OPEN(void) > > { > > ï¿½ï¿½ï¿½ int ret; > > ï¿½ï¿½ï¿½ const char *pers = "https_tls_wrapper"; > > ï¿½ > > ï¿½ > > ï¿½ï¿½ï¿½ server_fd_https.fd = 1; > > ï¿½ï¿½ï¿½ mbedtls_debug_set_threshold(1); > > ï¿½ > > ï¿½ï¿½ï¿½ mbedtls_ssl_init(&ssl_https); > > ï¿½ï¿½ï¿½ mbedtls_ssl_config_init(&conf_https); > > ï¿½ï¿½ï¿½ mbedtls_ctr_drbg_init(&ctr_drbg_https); > > ï¿½ï¿½ï¿½ mbedtls_x509_crt_init(&cacert_https); > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½mbedtls_entropy_init(&entropy_https);ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½mbedtls_entropy_add_source(&entropy_https, my_https_entropy, NULL, > sizeof my_https_random, MBEDTLS_ENTROPY_SOURCE_STRONG); > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ret = mbedtls_ctr_drbg_seed(&ctr_drbg_https, mbedtls_entropy_func, > &entropy_https, (const unsigned char *)pers, strlen(pers)); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_ctr_drbg_seed ERROR -0x%x\r\n", > __FUNCTION__, -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ > > ï¿½ï¿½ï¿½ ret = mbedtls_x509_crt_parse(&cacert_https, TRUSTED_ROOT_CA, > TRUSTED_ROOT_CA_SIZE); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_x509_crt_parse cacert ERROR -0x%x\r\n", > __FUNCTION__, -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ret = mbedtls_ssl_config_defaults(&conf_https, > MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, > MBEDTLS_SSL_PRESET_DEFAULT); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_ssl_config_defaults ERROR -0x%x\r\n", > __FUNCTION__, -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_verify(&conf_https, NULL, NULL); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_authmode(&conf_https, MBEDTLS_SSL_VERIFY_REQUIRED); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_rng(&conf_https, mbedtls_ctr_drbg_random, > &ctr_drbg_https); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_dbg(&conf_https, my_https_debug, stdout); > > ï¿½ï¿½ï¿½ mbedtls_ssl_conf_ca_chain(&conf_https, &cacert_https, NULL); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½mbedtls_ssl_conf_read_timeout(&conf_https, TLS_TIMEOUT_MS); > > ï¿½ > > ï¿½ï¿½ï¿½ HTTPS_SetHostname(); /* calling mbedtls_ssl_set_hostname */ > > ï¿½ï¿½ï¿½ > > ï¿½ï¿½ï¿½ï¿½ret = mbedtls_ssl_setup(&ssl_https, &conf_https); > > ï¿½ï¿½ï¿½ if (ret != 0) > > ï¿½ï¿½ï¿½ { > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ printf("%s: mbedtls_ssl_setup ERROR -0x%x\r\n", __FUNCTION__, > -ret); > > ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ï¿½ return false; > > ï¿½ï¿½ï¿½ } > > ï¿½ > > ï¿½ï¿½ï¿½ mbedtls_ssl_set_bio(&ssl_https, &server_fd_https, > mbedtls_https_send, mbedtls_https_recv, NULL); > > ï¿½ > > ï¿½ï¿½ï¿½ return true; > > } > > ``` > > Can someone please tell me if I am doing something inappropriate here? > I am speculating that perhaps there is a memory leak or the heap > becomes so fragmented that it fails on mbedtls_calloc(). The exact > error message in my case is: > > ï¿½ > > > ../mbedtls_lib/ssl_tls.c:5661: alloc(16717 bytes) failed > > ï¿½ > > Thanks. > > ï¿½ > > Alan Chen > > > > ------------------------------------------------------------------------ > <https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> > Scanned by McAfee > <https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> > and confirmed virus-free. > >

4 years, 7 months

1
0
0 0

R: Re: Mbed TLS: long term support versions

by matteo.cogi＠alice.it

Hi Dave and Gilles, Perfect, so I will wait for the last 2.x (presumably the 2.28.x) strand of the version later this year. Thanks again. Regards, Matteo ------ Messaggio Originale ------ Da: mbed-tls(a)lists.trustedfirmware.org A: Gilles.Peskine(a)arm.com; mbed-tls(a)lists.trustedfirmware.org Inviato: giovedì 29 luglio 2021 15:33 Oggetto: Re: [mbed-tls] Mbed TLS: long term support versions Sorry, just realised that myself! Gilles is correct, I should have said 2.28. Thanks Dave On 29/07/2021, 14:25, "mbed-tls on behalf of Gilles Peskine via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Off-by-one error! The current 2.x release is 2.27.0. Most development work is happening on 3.x but there will be at least one more 2.x release: 2.28.0. The last 2.x release will become an LTS. -- Gilles Peskine Mbed TLS developer On 29/07/2021 15:05, Dave Rodgman via mbed-tls wrote: > > Hi Matteo, > > > > We expect to release an LTS later this year. It’s likely to be 2.27, > and very likely will be supported for the usual LTS period of 3 years. > > > > So if you are considering updating to a new LTS, you could use 2.26 > for prototyping in the short term until the LTS becomes available. The > upcoming LTS will be API-compatible with 2.26. > > > > Hope this helps, > > > > Dave > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on > behalf of "matteo.cogi--- via mbed-tls" > <mbed-tls(a)lists.trustedfirmware.org> > *Reply to: *"matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> > *Date: *Tuesday, 27 July 2021 at 07:44 > *To: *"mbed-tls(a)lists.trustedfirmware.org" > <mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Mbed TLS: long term support versions > > > > Dear all, > I wish to know which are the future LTS (Long Term Support) versions > for Mbed TLS. > In these last years I have been working with the 2.16.x, but I read it > will be maintained until at least the end of 2021 ( > https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… > <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> > ), so I am considering an update to a newer LTS version. > However I don’t find which are the next LTS version and for how much > time they will be maintained. > Thanks in advance. > Regards, > Matteo > > -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 8 months

1
0
0 0

Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Gilles Peskine

(Note: I'm replying to the list. Please keep list conversations on the list.) Writing memory allocators is a specialty. It's not my specialty, and apparently it's not your specialty either, so if we design a memory allocator we're likely to end up with poor performance. On most systems, the standard library malloc is designed by experts, and often fine-tuned for the type of platform and usage (e.g. large or small pools, with or without MMU, with or without cache). memory_buffer_alloc uses an array to implement malloc. One possible explanation for poor performance is if your allocator doesn't align data nicely. Some platforms supports unaligned accesses (e.g. accessing a 4-byte value at an address that isn't a multiple of 4) but with a significant performance penalty (most others just crash). If there's a cache, alignment with cache line boundaries can also help. Another potential reason in a multithreaded program is not doing synchronization efficiently, or doing it too often. Note that you do NOT need synchronization if each thread has its own memory pool and no thread ever modifies the data of another thread. Note, however, that Mbed TLS caches some data in public/private key objects, so doing an operation with a key modifies the key object, therefore each thread would need to have its own copy of the key. There are undoubtedly other likely reasons that I'm not thinking of. Best regards, -- Gilles Peskine Mbed TLS developer On 29/07/2021 22:38, Shariful Alam wrote: > Hi Gilles, > Hope you are well. The project that I'm currently working on requires > static memory allocation instead of dynamic memory allocation. I was > trying to use "memory_buffer_alloc()". Since memory_buffer_alloc() > doesn't support multiple memory pools, seems like I can't use this > function in my project. > > I have a working version of a modified bignum.c & bignum.h, where > malloc is replaced with an array. The library is working. However, the > performance is poor (~4 times slower). I was wondering what could > cause this slow performance. I mean, I understand it will be slow, but > I did not expect it to be 4 times slower. > > Is there any version, where an array was used instead of malloc? Or if > you could point out some of the reasons for this library to slow down > while using an array, I will be very grateful. > > Best regards, > Shariful > > > On Tue, Jul 20, 2021 at 2:22 PM Gilles Peskine <gilles.peskine(a)arm.com > <mailto:gilles.peskine@arm.com>> wrote: > > Hi Shariful, > > You just call mbedtls_calloc() (or let other functions call it). > It will use the memory pool set by mbedtls_memory_buffer_alloc_init(). > > The memory_buffer_alloc module does not support multiple memory > pools. If you want a separate pool for each thread's allocation > for performance reasons on a multicore system, you'd better rely > on your platform's built-in calloc(). It's likely to be > fined-tuned for multicore operation. The built-in allocator in > Mbed TLS is intended for highly resource-constrained systems where > the basic platform doesn't even include an allocator. > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > On 20/07/2021 22:10, Shariful Alam wrote: >> Hi Gilles, >> Thank you very much, for your reply. Sorry to bother you again. I >> am trying to follow your instructions. I have a question >> regarding your suggestions. >> >> You said "applications call mbedtls_memory_buffer_alloc_init() in >> the startup code of the initial thread, before creating other >> threads. The alloc/free functions are thread-safe, but the >> initialization and deinitialization functions aren't." >> >> I'm a little confused here. Say, if I call >> mbedtls_memory_buffer_alloc_init() with a buffer in the main >> thread, how did all other threads use this memory (or how do all >> the threads know which memory block to use)? >> >> After calling mbedtls_memory_buffer_alloc_init() in the main >> thread, I can get the address of the buffer and pass it to the >> threads, do I have to call mbedtls_memory_buffer_alloc_init() >> again inside each thread? >> >> Thanks, >> Shariful >> >> On Mon, Jul 19, 2021 at 3:48 AM Gilles Peskine via mbed-tls >> <mbed-tls(a)lists.trustedfirmware.org >> <mailto:mbed-tls@lists.trustedfirmware.org>> wrote: >> >> Hi Shariful, >> >> First, please note that the library called PolarSSL with >> functions like >> rsa_private() and memory_buffer_alloc_init() has not been >> supported for >> several years. You should upgrade to Mbed TLS, with functions >> like >> mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). >> That being >> said, the memory_buffer_alloc module works in the same way. >> >> Normally, applications call >> mbedtls_memory_buffer_alloc_init() in the >> startup code of the initial thread, before creating other >> threads. The >> alloc/free functions are thread-safe, but the initialization and >> deinitialization functions aren't. If you must call >> mbedtls_memory_buffer_alloc_init() after creating other >> threads, make >> sure that no thread calls mbedtls_calloc until >> mbedtls_memory_buffer_alloc_init() has returned. >> >> The same principle applies to other parts of Mbed TLS that are >> thread-safe. For example, only the RSA operations (encryption, >> decryption, signature, verification, and also the low-level >> functions >> mbedtls_rsa_public() and mbedtls_rsa_private()) are >> protected. So you >> must finish setting up the RSA key inside one thread before >> you pass a >> pointer to other threads. Similarly, only >> mbedtls_xxx_drbg_random() is >> thread-safe, and the RNG setup (including >> mbedtls_xxx_drgb_seed()) >> should be done as part of the initial application startup. >> >> Finally, note that mbedtls_rsa_private() alone cannot decrypt >> a message: >> all it does it to apply the private key operation. To decrypt >> a simple >> message encrypted with RSA-OAEP, call >> mbedtls_rsa_rsaes_oaep_decrypt() >> or mbedtls_rsa_pkcs1_decrypt() with a key set up for >> MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 >> mechanism, >> call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or >> mbedtls_rsa_pkcs1_decrypt() with a key set up for >> .MBEDTLS_RSA_PKCS_V15. >> To decrypt a message using a RSA FDH hybrid scheme, you do >> need to call >> mbedtls_rsa_private() since Mbed TLS doesn't support it >> natively, but >> what this gives you is the intermediate secret from which you >> then need >> to derive a symmetric key, not the message itself. >> >> Best regards, >> >> -- >> Gilles Peskine >> Mbed TLS developer >> >> On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote: >> > Hello, >> > I have a simple example code to decrypt an >> encrypted message using >> > *rsa_private()*. I use *memory_buffer_alloc_init(), *in >> order to use >> > a static memory for the computation. I want to run my code >> > concurrently. My code works with a single pthread. However, >> when I try >> > to run more than one thread my program fails to decrypt. >> > >> > ** I check the same code >> without *memory_buffer_alloc_init(), *it >> > works concurrently, without any issues at all. >> > >> > Therefore, I believe, the issue that I'm facing is >> coming from the use >> > of static memory(e.g. *memory_buffer_alloc_init()*). The >> documentation >> > of memorry_buffer_alloc.h shows, >> > >> > /** >> > >> > * \brief Initialize use of stack-based memory allocator. >> > >> > * The stack-based allocator does memory >> management >> > inside the >> > >> > * presented buffer and does not call malloc() >> and free(). >> > >> > * It sets the global polarssl_malloc() and >> > polarssl_free() pointers >> > >> > * to its own functions. >> > >> > * (Provided polarssl_malloc() and >> polarssl_free() are >> > thread-safe if >> > >> > * POLARSSL_THREADING_C is defined) >> > >> > * >> > >> > * \note This code is not optimized and provides a >> straight-forward >> > >> > * implementation of a stack-based memory >> allocator. >> > >> > * >> > >> > * \param buf buffer to use as heap >> > >> > * \param len size of the buffer >> > >> > * >> > >> > * \return 0 if successful >> > >> > */ >> > >> > >> > So, I added the following configuration to the *config.h* >> file >> > >> > 1. #define POLARSSL_THREADING_PTHREAD >> > 2. #define POLARSSL_THREADING_C >> > >> > But I'm still getting errors while decrypting. Any help on >> how to fix >> > this? or what else should I add into the config.h file to >> > make *memory_buffer_alloc_init() *thread-safe? Here is my >> sample >> > code: https://pastebin.com/uyW3vknt >> <https://pastebin.com/uyW3vknt> >> <https://pastebin.com/uyW3vknt <https://pastebin.com/uyW3vknt>> >> > >> > Thanks, >> > Shariful >> > >> >> -- >> mbed-tls mailing list >> mbed-tls(a)lists.trustedfirmware.org >> <mailto:mbed-tls@lists.trustedfirmware.org> >> https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >> <https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls> >> >

4 years, 8 months

1
0
0 0

Could memory leak or heap fragmentation be the issue?

by Alan Chen

I posted the question on the mbedTLS forum, only to realized that mbedTLS is now maintained by the project's mailing list. Here is the copy of what I wrote: *Occasionally* I am getting MBEDTLS_ERR_SSL_ALLOC_FAILED from mbedtls_ssl_setup() during repeated HTTP partial content download. Since this problem happens very rarely, it is a bit difficult to troubleshoot. I am running mbedTLS on a Microchip PIC32MZ MCU, connected to a LTE-M/NB-IoT modem. I have 128K static memory reserved for the library with MBEDTLS_PLATFORM_MEMORY defined in the config.h file. The MCU runs two main tasks - MQTT client, talking to the AWS MQTT broker, and HTTPS client, for downloading new firmware image from the AWS S3 bucket over the air. Due to the slowness and limited bandwidth of the LTE-M and NB-IoT technologies, the HTTP file download has to use the partial content GET, basically 2KB per request, until all ~700KB of data are received. During the course of the file download, one can see as many as 30 disconnect and reconnect, and each time the TLS session would close down and re-open once the cell network is established. Here are some of my functions: ``` #define MBEDTLS_MAX_MEMORY_ALLOCATED (1024 * 128) static uint8_t tls_memory_buf[MBEDTLS_MAX_MEMORY_ALLOCATED]; // called in main() void mbedtls_mem_init(void) { mbedtls_memory_buffer_alloc_init(tls_memory_buf, sizeof tls_memory_buf); } void HTTPS_TLS_CLOSE(void) { if (server_fd_https.fd != -1) { mbedtls_entropy_free(&entropy_https); mbedtls_x509_crt_free(&cacert_https); mbedtls_ctr_drbg_free(&ctr_drbg_https); mbedtls_ssl_config_free(&conf_https); mbedtls_ssl_free(&ssl_https); server_fd_https.fd = -1; } } bool HTTPS_TLS_OPEN(void) { int ret; const char *pers = "https_tls_wrapper"; server_fd_https.fd = 1; mbedtls_debug_set_threshold(1); mbedtls_ssl_init(&ssl_https); mbedtls_ssl_config_init(&conf_https); mbedtls_ctr_drbg_init(&ctr_drbg_https); mbedtls_x509_crt_init(&cacert_https); mbedtls_entropy_init(&entropy_https); mbedtls_entropy_add_source(&entropy_https, my_https_entropy, NULL, sizeof my_https_random, MBEDTLS_ENTROPY_SOURCE_STRONG); ret = mbedtls_ctr_drbg_seed(&ctr_drbg_https, mbedtls_entropy_func, &entropy_https, (const unsigned char *)pers, strlen(pers)); if (ret != 0) { printf("%s: mbedtls_ctr_drbg_seed ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } ret = mbedtls_x509_crt_parse(&cacert_https, TRUSTED_ROOT_CA, TRUSTED_ROOT_CA_SIZE); if (ret != 0) { printf("%s: mbedtls_x509_crt_parse cacert ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } ret = mbedtls_ssl_config_defaults(&conf_https, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT); if (ret != 0) { printf("%s: mbedtls_ssl_config_defaults ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } mbedtls_ssl_conf_verify(&conf_https, NULL, NULL); mbedtls_ssl_conf_authmode(&conf_https, MBEDTLS_SSL_VERIFY_REQUIRED); mbedtls_ssl_conf_rng(&conf_https, mbedtls_ctr_drbg_random, &ctr_drbg_https); mbedtls_ssl_conf_dbg(&conf_https, my_https_debug, stdout); mbedtls_ssl_conf_ca_chain(&conf_https, &cacert_https, NULL); mbedtls_ssl_conf_read_timeout(&conf_https, TLS_TIMEOUT_MS); HTTPS_SetHostname(); /* calling mbedtls_ssl_set_hostname */ ret = mbedtls_ssl_setup(&ssl_https, &conf_https); if (ret != 0) { printf("%s: mbedtls_ssl_setup ERROR -0x%x\r\n", __FUNCTION__, -ret); return false; } mbedtls_ssl_set_bio(&ssl_https, &server_fd_https, mbedtls_https_send, mbedtls_https_recv, NULL); return true; } ``` Can someone please tell me if I am doing something inappropriate here? I am speculating that perhaps there is a memory leak or the heap becomes so fragmented that it fails on mbedtls_calloc(). The exact error message in my case is: > ../mbedtls_lib/ssl_tls.c:5661: alloc(16717 bytes) failed Thanks. Alan Chen ________________________________ [https://secureimages.mcafee.com/common/affiliateImages/mfe/logo.png]<https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> Scanned by McAfee<https://home.mcafee.com/utm_medium=email&utm_source=link&utm_campaign=sig-e…> and confirmed virus-free.

4 years, 8 months

1
0
0 0

Re: [mbed-tls] Mbed TLS: long term support versions

by Dave Rodgman

Sorry, just realised that myself! Gilles is correct, I should have said 2.28. Thanks Dave On 29/07/2021, 14:25, "mbed-tls on behalf of Gilles Peskine via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Off-by-one error! The current 2.x release is 2.27.0. Most development work is happening on 3.x but there will be at least one more 2.x release: 2.28.0. The last 2.x release will become an LTS. -- Gilles Peskine Mbed TLS developer On 29/07/2021 15:05, Dave Rodgman via mbed-tls wrote: > > Hi Matteo, > > > > We expect to release an LTS later this year. It’s likely to be 2.27, > and very likely will be supported for the usual LTS period of 3 years. > > > > So if you are considering updating to a new LTS, you could use 2.26 > for prototyping in the short term until the LTS becomes available. The > upcoming LTS will be API-compatible with 2.26. > > > > Hope this helps, > > > > Dave > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on > behalf of "matteo.cogi--- via mbed-tls" > <mbed-tls(a)lists.trustedfirmware.org> > *Reply to: *"matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> > *Date: *Tuesday, 27 July 2021 at 07:44 > *To: *"mbed-tls(a)lists.trustedfirmware.org" > <mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Mbed TLS: long term support versions > > > > Dear all, > I wish to know which are the future LTS (Long Term Support) versions > for Mbed TLS. > In these last years I have been working with the 2.16.x, but I read it > will be maintained until at least the end of 2021 ( > https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… > <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> > ), so I am considering an update to a newer LTS version. > However I don’t find which are the next LTS version and for how much > time they will be maintained. > Thanks in advance. > Regards, > Matteo > > -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 8 months

1
0
0 0

Re: [mbed-tls] Mbed TLS: long term support versions

by Gilles Peskine

Off-by-one error! The current 2.x release is 2.27.0. Most development work is happening on 3.x but there will be at least one more 2.x release: 2.28.0. The last 2.x release will become an LTS. -- Gilles Peskine Mbed TLS developer On 29/07/2021 15:05, Dave Rodgman via mbed-tls wrote: > > Hi Matteo, > > > > We expect to release an LTS later this year. It’s likely to be 2.27, > and very likely will be supported for the usual LTS period of 3 years. > > > > So if you are considering updating to a new LTS, you could use 2.26 > for prototyping in the short term until the LTS becomes available. The > upcoming LTS will be API-compatible with 2.26. > > > > Hope this helps, > > > > Dave > > > > *From: *mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on > behalf of "matteo.cogi--- via mbed-tls" > <mbed-tls(a)lists.trustedfirmware.org> > *Reply to: *"matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> > *Date: *Tuesday, 27 July 2021 at 07:44 > *To: *"mbed-tls(a)lists.trustedfirmware.org" > <mbed-tls(a)lists.trustedfirmware.org> > *Subject: *[mbed-tls] Mbed TLS: long term support versions > > > > Dear all, > I wish to know which are the future LTS (Long Term Support) versions > for Mbed TLS. > In these last years I have been working with the 2.16.x, but I read it > will be maintained until at least the end of 2021 ( > https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… > <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> > ), so I am considering an update to a newer LTS version. > However I don’t find which are the next LTS version and for how much > time they will be maintained. > Thanks in advance. > Regards, > Matteo > >

4 years, 8 months

1
0
0 0

Re: [mbed-tls] Mbed TLS: long term support versions

by Dave Rodgman

Hi Matteo, We expect to release an LTS later this year. It’s likely to be 2.27, and very likely will be supported for the usual LTS period of 3 years. So if you are considering updating to a new LTS, you could use 2.26 for prototyping in the short term until the LTS becomes available. The upcoming LTS will be API-compatible with 2.26. Hope this helps, Dave From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of "matteo.cogi--- via mbed-tls" <mbed-tls(a)lists.trustedfirmware.org> Reply to: "matteo.cogi(a)alice.it" <matteo.cogi(a)alice.it> Date: Tuesday, 27 July 2021 at 07:44 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Mbed TLS: long term support versions Dear all, I wish to know which are the future LTS (Long Term Support) versions for Mbed TLS. In these last years I have been working with the 2.16.x, but I read it will be maintained until at least the end of 2021 ( https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… ), so I am considering an update to a newer LTS version. However I don’t find which are the next LTS version and for how much time they will be maintained. Thanks in advance. Regards, Matteo

4 years, 8 months

1
0
0 0

Mbed TLS: long term support versions

by matteo.cogi＠alice.it

Dear all, I wish to know which are the future LTS (Long Term Support) versions for Mbed TLS. In these last years I have been working with the 2.16.x, but I read it will be maintained until at least the end of 2021 ( https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra… <https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md#current-bra…> ), so I am considering an update to a newer LTS version. However I don’t find which are the next LTS version and for how much time they will be maintained. Thanks in advance. Regards, Matteo

4 years, 8 months

1
0
0 0

Re: [mbed-tls] May I know why SHA224 is mandatory with SH256?

by Gilles Peskine

Hello, Mbed TLS has never supported a build with SHA-256 but not SHA-224. In Mbed TLS 2.x, enabling MBEDTLS_SHA256_C enables both SHA-256 and SHA-224. Likewise, MBEDTLS_SHA512_C enables both SHA-512 and SHA-384. The reason for this design is that SHA-256 and SHA-224 have essentially the same code but different constants, and likewise for SHA-512 and SHA-384. What changed in Mbed TLS 3.0 is that there are now separate configuration options for each of the four SHA2 variants. It is not possible yet to enable SHA-384 without SHA-512, SHA-224 without SHA-256 or SHA-256 without SHA-224. These are implementation limitations due to missing #ifdef in various places. We expect to lift these limitations in one of the next 3.x releases. Best regards, -- Gilles Peskine Mbed TLS developer On 19/07/2021 14:50, David Hu via mbed-tls wrote: > > Hi, > > ï¿½ > > It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS > latest version, according to this new check below: > > ï¿½ > > #if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) > > #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" > > #endif > > ï¿½ > > May I know why SHA224 must be enabled with SHA256? > > Could you please point me to any reference/document? > > ï¿½ > > Best regards, > > Hu Ziji > >

4 years, 8 months

2
3
0 0

Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Shariful Alam

Hi Gilles, Thank you very much, for your reply. Sorry to bother you again. I am trying to follow your instructions. I have a question regarding your suggestions. You said "applications call mbedtls_memory_buffer_alloc_init() in the startup code of the initial thread, before creating other threads. The alloc/free functions are thread-safe, but the initialization and deinitialization functions aren't." I'm a little confused here. Say, if I call mbedtls_memory_buffer_alloc_init() with a buffer in the main thread, how did all other threads use this memory (or how do all the threads know which memory block to use)? After calling mbedtls_memory_buffer_alloc_init() in the main thread, I can get the address of the buffer and pass it to the threads, do I have to call mbedtls_memory_buffer_alloc_init() again inside each thread? Thanks, Shariful On Mon, Jul 19, 2021 at 3:48 AM Gilles Peskine via mbed-tls < mbed-tls(a)lists.trustedfirmware.org> wrote: > Hi Shariful, > > First, please note that the library called PolarSSL with functions like > rsa_private() and memory_buffer_alloc_init() has not been supported for > several years. You should upgrade to Mbed TLS, with functions like > mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). That being > said, the memory_buffer_alloc module works in the same way. > > Normally, applications call mbedtls_memory_buffer_alloc_init() in the > startup code of the initial thread, before creating other threads. The > alloc/free functions are thread-safe, but the initialization and > deinitialization functions aren't. If you must call > mbedtls_memory_buffer_alloc_init() after creating other threads, make > sure that no thread calls mbedtls_calloc until > mbedtls_memory_buffer_alloc_init() has returned. > > The same principle applies to other parts of Mbed TLS that are > thread-safe. For example, only the RSA operations (encryption, > decryption, signature, verification, and also the low-level functions > mbedtls_rsa_public() and mbedtls_rsa_private()) are protected. So you > must finish setting up the RSA key inside one thread before you pass a > pointer to other threads. Similarly, only mbedtls_xxx_drbg_random() is > thread-safe, and the RNG setup (including mbedtls_xxx_drgb_seed()) > should be done as part of the initial application startup. > > Finally, note that mbedtls_rsa_private() alone cannot decrypt a message: > all it does it to apply the private key operation. To decrypt a simple > message encrypted with RSA-OAEP, call mbedtls_rsa_rsaes_oaep_decrypt() > or mbedtls_rsa_pkcs1_decrypt() with a key set up for > MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 mechanism, > call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or > mbedtls_rsa_pkcs1_decrypt() with a key set up for .MBEDTLS_RSA_PKCS_V15. > To decrypt a message using a RSA FDH hybrid scheme, you do need to call > mbedtls_rsa_private() since Mbed TLS doesn't support it natively, but > what this gives you is the intermediate secret from which you then need > to derive a symmetric key, not the message itself. > > Best regards, > > -- > Gilles Peskine > Mbed TLS developer > > On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote: > > Hello, > > I have a simple example code to decrypt an encrypted message using > > *rsa_private()*. I use *memory_buffer_alloc_init(), *in order to use > > a static memory for the computation. I want to run my code > > concurrently. My code works with a single pthread. However, when I try > > to run more than one thread my program fails to decrypt. > > > > ** I check the same code without *memory_buffer_alloc_init(), *it > > works concurrently, without any issues at all. > > > > Therefore, I believe, the issue that I'm facing is coming from the use > > of static memory(e.g. *memory_buffer_alloc_init()*). The documentation > > of memorry_buffer_alloc.h shows, > > > > /** > > > > * \brief Initialize use of stack-based memory allocator. > > > > * The stack-based allocator does memory management > > inside the > > > > * presented buffer and does not call malloc() and free(). > > > > * It sets the global polarssl_malloc() and > > polarssl_free() pointers > > > > * to its own functions. > > > > * (Provided polarssl_malloc() and polarssl_free() are > > thread-safe if > > > > * POLARSSL_THREADING_C is defined) > > > > * > > > > * \note This code is not optimized and provides a > straight-forward > > > > * implementation of a stack-based memory allocator. > > > > * > > > > * \param buf buffer to use as heap > > > > * \param len size of the buffer > > > > * > > > > * \return 0 if successful > > > > */ > > > > > > So, I added the following configuration to the *config.h* file > > > > 1. #define POLARSSL_THREADING_PTHREAD > > 2. #define POLARSSL_THREADING_C > > > > But I'm still getting errors while decrypting. Any help on how to fix > > this? or what else should I add into the config.h file to > > make *memory_buffer_alloc_init() *thread-safe? Here is my sample > > code: https://pastebin.com/uyW3vknt <https://pastebin.com/uyW3vknt> > > > > Thanks, > > Shariful > > > > -- > mbed-tls mailing list > mbed-tls(a)lists.trustedfirmware.org > https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls >

4 years, 8 months

2
1
0 0

May I know why SHA224 is mandatory with SH256?

by David Hu

Hi, It seems that SHA224 is mandatory if SHA256 is selected, in Mbed TLS latest version, according to this new check below: #if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C) #error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C" #endif May I know why SHA224 must be enabled with SHA256? Could you please point me to any reference/document? Best regards, Hu Ziji

4 years, 8 months

1
0
0 0

Re: [mbed-tls] How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Gilles Peskine

Hi Shariful, First, please note that the library called PolarSSL with functions like rsa_private() and memory_buffer_alloc_init() has not been supported for several years. You should upgrade to Mbed TLS, with functions like mbedtls_rsa_private() and mbedtls_memory_buffer_alloc_init(). That being said, the memory_buffer_alloc module works in the same way. Normally, applications call mbedtls_memory_buffer_alloc_init() in the startup code of the initial thread, before creating other threads. The alloc/free functions are thread-safe, but the initialization and deinitialization functions aren't. If you must call mbedtls_memory_buffer_alloc_init() after creating other threads, make sure that no thread calls mbedtls_calloc until mbedtls_memory_buffer_alloc_init() has returned. The same principle applies to other parts of Mbed TLS that are thread-safe. For example, only the RSA operations (encryption, decryption, signature, verification, and also the low-level functions mbedtls_rsa_public() and mbedtls_rsa_private()) are protected. So you must finish setting up the RSA key inside one thread before you pass a pointer to other threads. Similarly, only mbedtls_xxx_drbg_random() is thread-safe, and the RNG setup (including mbedtls_xxx_drgb_seed()) should be done as part of the initial application startup. Finally, note that mbedtls_rsa_private() alone cannot decrypt a message: all it does it to apply the private key operation. To decrypt a simple message encrypted with RSA-OAEP, call mbedtls_rsa_rsaes_oaep_decrypt() or mbedtls_rsa_pkcs1_decrypt() with a key set up for MBEDTLS_RSA_PKCS_V21 encoding. To use the legacy PKCS#1v1.5 mechanism, call mbedtls_rsa_rsaes_pkcs1_v15_decrypt() or mbedtls_rsa_pkcs1_decrypt() with a key set up for .MBEDTLS_RSA_PKCS_V15. To decrypt a message using a RSA FDH hybrid scheme, you do need to call mbedtls_rsa_private() since Mbed TLS doesn't support it natively, but what this gives you is the intermediate secret from which you then need to derive a symmetric key, not the message itself. Best regards, -- Gilles Peskine Mbed TLS developer On 18/07/2021 07:16, Shariful Alam via mbed-tls wrote: > Hello, > I have a simple example code to decrypt an encrypted message using > *rsa_private()*. I use *memory_buffer_alloc_init(), *in order to use > a static memory for the computation. I want to run my code > concurrently. My code works with a single pthread. However, when I try > to run more than one thread my program fails to decrypt. > > ** I check the same code without *memory_buffer_alloc_init(), *it > works concurrently, without any issues at all. > > Therefore, I believe, the issue that I'm facing is coming from the use > of static memory(e.g. *memory_buffer_alloc_init()*). The documentation > of memorry_buffer_alloc.h shows, > > /** > > * \brief Initialize use of stack-based memory allocator. > > * The stack-based allocator does memory management > inside the > > * presented buffer and does not call malloc() and free(). > > * It sets the global polarssl_malloc() and > polarssl_free() pointers > > * to its own functions. > > * (Provided polarssl_malloc() and polarssl_free() are > thread-safe if > > * POLARSSL_THREADING_C is defined) > > * > > * \note This code is not optimized and provides a straight-forward > > * implementation of a stack-based memory allocator. > > * > > * \param buf buffer to use as heap > > * \param len size of the buffer > > * > > * \return 0 if successful > > */ > > > So, I added the following configuration to the *config.h* file > > 1. #define POLARSSL_THREADING_PTHREAD > 2. #define POLARSSL_THREADING_C > > But I'm still getting errors while decrypting. Any help on how to fix > this? or what else should I add into the config.h file to > make *memory_buffer_alloc_init() *thread-safe? Here is my sample > code: https://pastebin.com/uyW3vknt <https://pastebin.com/uyW3vknt> > > Thanks, > Shariful >

4 years, 8 months

1
0
0 0

How to setup config.h to make memory_buffer_alloc_init() thread-safe?

by Shariful Alam

Hello, I have a simple example code to decrypt an encrypted message using *rsa_private()*. I use *memory_buffer_alloc_init(), *in order to use a static memory for the computation. I want to run my code concurrently. My code works with a single pthread. However, when I try to run more than one thread my program fails to decrypt. ** I check the same code without *memory_buffer_alloc_init(), *it works concurrently, without any issues at all. Therefore, I believe, the issue that I'm facing is coming from the use of static memory(e.g. *memory_buffer_alloc_init()*). The documentation of memorry_buffer_alloc.h shows, /** * \brief Initialize use of stack-based memory allocator. * The stack-based allocator does memory management inside the * presented buffer and does not call malloc() and free(). * It sets the global polarssl_malloc() and polarssl_free() > pointers * to its own functions. * (Provided polarssl_malloc() and polarssl_free() are thread-safe > if * POLARSSL_THREADING_C is defined) * * \note This code is not optimized and provides a straight-forward * implementation of a stack-based memory allocator. * * \param buf buffer to use as heap * \param len size of the buffer * * \return 0 if successful */ So, I added the following configuration to the *config.h* file 1. #define POLARSSL_THREADING_PTHREAD 2. #define POLARSSL_THREADING_C But I'm still getting errors while decrypting. Any help on how to fix this? or what else should I add into the config.h file to make *memory_buffer_alloc_init() *thread-safe? Here is my sample code: https://pastebin.com/uyW3vknt Thanks, Shariful

4 years, 8 months

1
1
0 0

question about sslv3 alert certificate unknown

by Ron Eggler

Hi, I'm working on a client application that will connect to an FTPS server (vsftpd) to download files. Now, I have ca-cert, cert and key files all setup to work with curl like: curl -3 -k -v --ftp-ssl --tlsv1.2 --ftp-ssl-reqd --ftp-pasv --verbose \ --ssl \ --cert ./en-cert.pem \ --cert-type PEM \ --key ./en-cert.key \ --key-type PEM \ --cacert ./ca-cert \ ftp://user:pass@10.10.100.1/test.txt -O Now, I use the same cert, key & ca-cert with mbedtls but am unable to handshake, mbedtls_ssl_handshake() keeps giving me an error, what is done in order: - init cert, ca-cert, key, entropy, drbg, ssl, config - parse ca-cert, cert & key - seed RNG - mbedtls_ctr_drbg_seed with mbedtls_hardware_poll - set config defaults MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT - mbedtls_ssl_conf_ca_chain - mbedtls_ssl_conf_rng with mbedtls_ctr_drbg_random - mbedtls_ssl_conf_dbg - mbedtls_ssl_conf_own_cert - mbedtls_ssl_setup - mbedtls_ssl_set_bio - mbedtls_ssl_handshake which up to the handshake all seems to go through without any issues. When I look at it with wireshark, I see something like: Response: 234 Proceed with negotiation. Request:looks like the certificate jumbled up Response 500 OOPS: Response :SSL routines:ssl3_read_bytes:sslv3 alert certificate unknown Any hints on how I best go about troubleshooting this? I have confirmed that ca-cert, cert & key are identical to the ones that are used for the above curl command. Thanks,

4 years, 8 months

1
0
0 0

Re: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability

by Janos Follath

Hi, Semantic versioning applies only to API compatibility but not for ABI. When we break the ABI we increase the SO version for that part of the library and this is how linux distributions normally track our ABI compatibility. Additionally, we try very hard not to break ABI at all in LTS versions. You can find a detailed description what Mbed TLS promises regarding API/ABI compatibility: https://github.com/ARMmbed/mbedtls/blob/development/BRANCHES.md Kind regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Hugues De Valon via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Date: Wednesday, 14 July 2021 at 17:09 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] Question about dynamic linking, versioning and API/ABI stability Hello, We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won’t contain any API/ABI breaking changes or is there nothing of the sort? I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning? It might be that the good solution is that we shouldn’t dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach! Kind regards, Hugues

4 years, 8 months

2
2
0 0

Question about dynamic linking, versioning and API/ABI stability

by Hugues De Valon

Hello, We are using Mbed Crypto in our Parsec project through the psa-crypto Rust crate (https://github.com/parallaxsecond/rust-psa-crypto). We currently have Mbed Crypto through Mbed TLS 2.25.0 which we build statically from scratch by default. We also offer the option to dynamically link with an Mbed Crypto library available on the system. Ideally, this would offer an easy and simple way to patch bug fixes without having to recompile everything. However, as we observed API (and probably ABI) breaking changes over the past versions of Mbed TLS we were wondering if this (dynamic linking) was a model we should promote at all. Is there a semantic versioning process currently applied in Mbed TLS? If we use Mbed TLS 3.0.0 in our crate, can we be sure than 3.x.y versions won't contain any API/ABI breaking changes or is there nothing of the sort? I believe that Mbed Crypto is catching up to be fully compliant with PSA Crypto 1.0.1. Once that will be the case, will its API/ABI be stable and follow the PSA Crypto semantic versioning? It might be that the good solution is that we shouldn't dynamically link with Mbed Crypto but always compile it from scratch as we do by default. I am just sending this email so that we follow the good approach! Kind regards, Hugues

4 years, 8 months

1
0
0 0

serial communication in FTP

by Sunil Jain

Hello, we are using the mbed-tls for secure communication for FTP. FTP server is handling the client hello serially one at a time, one communication is blocking other clients to communicate. What could be the reason and how to solve this issue. -- Thanks and Regards, Sunil Jain

4 years, 8 months

1
0
0 0

Mbed TLS: Release of Mbed TLS 3.0.0, 2.27.0, and 2.16.11

by Dave Rodgman

Hi Mbed TLS users, We are pleased to announce the release of Mbed TLS versions 3.0.0, 2.27.0 and 2.16.11. These releases of Mbed TLS address several security issues, and provide bug fixes and enhancements. Mbed TLS 3.0.0 also brings many API-breaking changes. Full details, including security advisories, are available in the release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v3.0.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.27.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Dave Rodgman

4 years, 8 months

1
0
0 0

Mbed TLS: Release of Mbed TLS 3.0.0, 2.27.0, and 2.16.11

by Dave Rodgman

Hi Mbed TLS users, We are pleased to announce the release of Mbed TLS versions 3.0.0, 2.27.0 and 2.16.11. These releases of Mbed TLS address several security issues, and provide bug fixes and enhancements. Mbed TLS 3.0.0 also brings many API-breaking changes. Full details, including security advisories, are available in the release notes: https://github.com/ARMmbed/mbedtls/releases/tag/v3.0.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.27.0 https://github.com/ARMmbed/mbedtls/releases/tag/v2.16.11 We recommend all users to consider whether they are impacted, and to upgrade appropriately. Dave Rodgman

4 years, 8 months

1
0
0 0

Re: [mbed-tls] mbedtls_x509_crt_parse returned -0x2180

by Danny Backx

Gilles, Thanks for getting me to try to read DER files. There must definitely be something wrong in that area. I am speficying support for PEM in the build but reading DER gets me past that error. Searching further :-) Again, thanks Danny On 05/07/2021 20:27, Gilles Peskine via mbed-tls wrote: > Hello, > > The first thing when you see an unexpected error code is to look up the > corresponding error message. Mbed TLS comes with a utility for that: > > programs/util/strerror 0x2180 > Last error was: -0x2180 - X509 - The CRT/CRL/CSR format is invalid, > e.g. different type expected > > You can also search the error code in the source code: > > grep 0x2180 include/mbedtls/*.h > include/mbedtls/x509.h:#define > MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 /**< The > CRT/CRL/CSR format is invalid, e.g. different type expected. */ > > At first glance it looks like there's only one case for which CRT > parsing return MBEDTLS_ERR_X509_INVALID_FORMAT as opposed to > (MBEDTLS_ERR_X509_INVALID_FORMAT + low_level_error_code), and that's if > the certificate doesn't parse like a DER format at the top level. A > plausible reason for that is that the certificate is in PEM format and > your build has PEM support turned off. If that's the case, convert the > certifcate to DER when you copy it to the device. You can use the Mbed > TLS utility programs/util/pem2der for that. > > Best regards, > -- Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info

4 years, 8 months

1
0
0 0

SHA NI support in mbedtls

by Lu, Jingdong

Hi, mbedtls experts I note that there is AES NI support (aesni.c) on x86 platform. I'm wondering why there is no SHA NI support for SHA1 and SHA256? How can I get SHA NI support? Should I choose another crypto library? Thanks, Jingdong

4 years, 8 months

1
0
0 0

Re: [mbed-tls] mbedtls_x509_crt_parse returned -0x2180

by Gilles Peskine

Hello, The first thing when you see an unexpected error code is to look up the corresponding error message. Mbed TLS comes with a utility for that: programs/util/strerror 0x2180 Last error was: -0x2180 - X509 - The CRT/CRL/CSR format is invalid, e.g. different type expected You can also search the error code in the source code: grep 0x2180 include/mbedtls/*.h include/mbedtls/x509.h:#define MBEDTLS_ERR_X509_INVALID_FORMAT -0x2180 /**< The CRT/CRL/CSR format is invalid, e.g. different type expected. */ At first glance it looks like there's only one case for which CRT parsing return MBEDTLS_ERR_X509_INVALID_FORMAT as opposed to (MBEDTLS_ERR_X509_INVALID_FORMAT + low_level_error_code), and that's if the certificate doesn't parse like a DER format at the top level. A plausible reason for that is that the certificate is in PEM format and your build has PEM support turned off. If that's the case, convert the certifcate to DER when you copy it to the device. You can use the Mbed TLS utility programs/util/pem2der for that. Best regards, -- Gilles Peskine Mbed TLS developer On 05/07/2021 18:10, Danny Backx via mbed-tls wrote: > > Hi, > > I must be missing something obvious but my code (on an ESP32) fails to > accept an incoming connection. > > I tried the same certificate on an ESP32 sample, and it appears to > work there. > > Does anyone have a clue where to look next ? > > Danny > > I (16:06:51.481) esp_https_server: performing session handshake > E (16:06:51.483) x509_crt: x509_crt_parse_der_core -> 0x2180 > E (16:06:51.484) esp_tls_mbedtls: set_pki_context: public_cert > 0x3ffdb924, len 5750 -> ret 0x2180 > E (16:06:51.493) esp-tls-mbedtls: mbedtls_x509_crt_parse returned -0x2180 > E (16:06:51.501) esp-tls-mbedtls: Failed to set server pki context > E (16:06:51.508) esp-tls-mbedtls: Failed to set server configurations > E (16:06:51.515) esp-tls-mbedtls: create_ssl_handle failed > E (16:06:51.521) esp_https_server: esp_tls_create_server_session failed > W (16:06:51.528) httpd: httpd_accept_conn: session creation failed > W (16:06:51.538) httpd: httpd_server: error accepting new connection > > -- > Danny Backx - dannybackx(a)telenet.be - http://danny.backx.info >

4 years, 8 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls