- mbed-tls - lists.trustedfirmware.org

Re: [mbed-tls] PKCS7 Generation Contribution

by Gilles Peskine

Hi Nick, It would be great to have even partial support of PKCS#7 in Mbed TLS and we would welcome your contribution! You can find some guidance in CONTRIBUTING.md (https://github.com/ARMmbed/mbedtls/blob/development/CONTRIBUTING.md). Feel free to ask on the mailing list if anything is unclear. Note that there is a work in progress for adding PKCS#7 parsing: https://github.com/ARMmbed/mbedtls/pull/3431 . It may help to see what it does, but also note the review comments that point out some remaining issues. If you and naynajain work on parsing and generation at the same time, you'll need to synchronize since both sides will need to create pkcs7.[hc]. -- Gilles Peskine Mbed TLS developer On 10/11/2020 17:28, Nick Child via mbed-tls wrote: > Hello, > > For one of my projects, I had to create a PKCS7 generation/builder. I > noticed mbedtls currently has no support for PKCS7. After much trial > and error, I was able to use mbedtls functions to create a PKCS7 > structure for Signed Data. I was wondering if this something that > might be useful in later versions of mbedtls? The code currently has a > long way to go until it meets mbedtls coding standards, but I figured > I would ask if it is even possible and worth the efforts before > getting into it. I am also a rookie when it comes to open source > contributions, so I was hoping for some guidance regarding merging > upstream. > > Thanks for your time, > > Nick Child >

4 years, 10 months

1
0
0 0

PKCS7 Generation Contribution

by Nick Child

Hello, For one of my projects, I had to create a PKCS7 generation/builder. I noticed mbedtls currently has no support for PKCS7. After much trial and error, I was able to use mbedtls functions to create a PKCS7 structure for Signed Data. I was wondering if this something that might be useful in later versions of mbedtls? The code currently has a long way to go until it meets mbedtls coding standards, but I figured I would ask if it is even possible and worth the efforts before getting into it. I am also a rookie when it comes to open source contributions, so I was hoping for some guidance regarding merging upstream. Thanks for your time, Nick Child

4 years, 10 months

1
0
0 0

Re: [mbed-tls] PKCS7 compliance

by Gilles Peskine

Hello, No, unfortunately Mbed TLS does not support the PKCS#7 CMS format. Contributions would be welcome. -- Gilles Peskine Mbed TLS developer On 06/11/2020 13:50, Alvaro Gonzalez via mbed-tls wrote: > > Hello mbed-tls mailing list. > > ï¿½ > > Does mbed-tls comply PKCS7? Can handle .p7, .p7b and/or .p7a extension > files? > > ï¿½ > > Best Regards. > > ï¿½ > >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] TLS-SRP Support

by Gilles Peskine

Hello, Mbed TLS does not currently support SRP and it is not on our roadmap (https://developer.trustedfirmware.org/w/mbed-tls/roadmap/). Arm does not intend to work on it, but support can be added if someone else contributes it. If you are interested in contributing SRP support, please discuss it on this list first to settle some potential issues: conflicts with other work (in particular TLS 1.3 preparation, which involves some refactoring of existing TLS code), review bandwidth schedule, test plan. -- Gilles Peskine Mbed TLS developer On 09/11/2020 14:01, Gijs Peskens via mbed-tls wrote: > > For an Open Source project we started using Mbed-TLS to do AES > encryption and, in a future version, will use Mbed-TLS for DTLS. > Part of the protocol we support requires TLS-SRP (either via DTLS or > via EAP), I’m unable to find anything relating to TLS-SRP support. > > Does Mbed-TLS support TLS-SRP currently? And if not is there intention > to add it in a future release? > > Br, > > Gijs Peskens > >

4 years, 10 months

1
0
0 0

Re: [mbed-tls] TLS-SRP Support

by Janos Follath

Hi Gijs, I am not sure what TLS-SRP support is, could you please point me to the standard defining it? Best regards, Janos From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Gijs Peskens via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Gijs Peskens <gijsje(a)heteigenwijsje.nl> Date: Monday, 9 November 2020 at 13:02 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] TLS-SRP Support For an Open Source project we started using Mbed-TLS to do AES encryption and, in a future version, will use Mbed-TLS for DTLS. Part of the protocol we support requires TLS-SRP (either via DTLS or via EAP), I’m unable to find anything relating to TLS-SRP support. Does Mbed-TLS support TLS-SRP currently? And if not is there intention to add it in a future release? Br, Gijs Peskens

4 years, 10 months

2
1
0 0

TLS-SRP Support

by Gijs Peskens

For an Open Source project we started using Mbed-TLS to do AES encryption and, in a future version, will use Mbed-TLS for DTLS. Part of the protocol we support requires TLS-SRP (either via DTLS or via EAP), I’m unable to find anything relating to TLS-SRP support. Does Mbed-TLS support TLS-SRP currently? And if not is there intention to add it in a future release? Br, Gijs Peskens

4 years, 10 months

1
0
0 0

PKCS7 compliance

by Alvaro Gonzalez

Hello mbed-tls mailing list. Does mbed-tls comply PKCS7? Can handle .p7, .p7b and/or .p7a extension files? Best Regards.

4 years, 10 months

1
0
0 0

Re: [mbed-tls] Chinese characters garbled after calling mbedtls_x509_crt_info() or mbedtls_x509_dn_gets()

by Janos Follath

Hi Newt, This is normal and happens not just to Chinese characters, but to all non-ASCII characters. This supposed to be a feature of Mbed TLS, to ensure that we return something printable whether the platform can handle the original encoding or not. Of course we can consider providing a way to add an option to disable this feature: if you would like to submit a PR, please let us discuss first what can be done. If you wouldn't like to submit a PR, then please raise an issue on github for this feature request. Until this feature is implemented, you can access the original encoding in the `val` field of the `mbedtls_x509_name` parameter you would be passing to `mbedtls_x509_dn_gets()`. Regards, Janos On 06/11/2020, 03:54, "mbed-tls on behalf of 马瑞宜 via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Hello everyone, I have this certificate blob and I'm using mbedtls to read this, but after called mbedtls_x509_crt_info() or mbedtls_x509_dn_gets(), the chinese characters got garbled. I have googled this, read the mbedtls knowledge base and searched the issues and got no luck. The field i want to parse is the subject field and the issuer field. and currently I cannot provide the certificate blob due to security reasons. Any help would be much appreciated. Sincerely, Newt Ma -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

4 years, 10 months

2
1
0 0

Chinese characters garbled after calling mbedtls_x509_crt_info() or mbedtls_x509_dn_gets()

by 马瑞宜

Hello everyone, I have this certificate blob and I'm using mbedtls to read this, but after called mbedtls_x509_crt_info() or mbedtls_x509_dn_gets(), the chinese characters got garbled. I have googled this, read the mbedtls knowledge base and searched the issues and got no luck. The field i want to parse is the subject field and the issuer field. and currently I cannot provide the certificate blob due to security reasons. Any help would be much appreciated. Sincerely, Newt Ma

4 years, 10 months

1
0
0 0

Re: [mbed-tls] About mbedtls CVE

by Janos Follath

Hi Sawyer, After looking at the issues in more detail I would like to be more precise about CVE-2018-1000520: * It is not a security issue in the context of TLS 1.2 * It can be a security issue if TLS 1.0 or TLS 1.1 is used * The severity is so low that we decided not fixing it ourselves, but to open it up for community contributions * The corresponding issue has been closed down by mistake, I am reopening it now: https://github.com/ARMmbed/mbedtls/issues/1561 (Many thanks to Simon Butcher for noticing this and pointing it out.) Please let me know if I you would like to know more about this issue. Best regards, Janos (Mbed TLS developer) From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Janos Follath via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Janos Follath <Janos.Follath(a)arm.com> Date: Wednesday, 28 October 2020 at 09:42 To: Sawyer Liu <sawyer.liu(a)nxp.com> Cc: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: Re: [mbed-tls] About mbedtls CVE Hi Sawyer, Thank you for your interest in Mbed TLS. Currently the status of these CVE’s is: - CVE-2020-16150 has been fixed in the latest Mbed TLS release - CVE-2018-1000520 is not a security issue, it had been studied and rejected - CVE-2016-3739 is a vulnerability in an application using Mbed TLS but not in Mbed TLS itself, also it too had been fixed. Does this answer your question? (Also, I would like to make a minor clarification: we are not Arm Support. As far as I know Arm does not offer official support for Mbed TLS. Arm only contributes engineers to the Mbed TLS project, and at the moment these engineers are the maintainers of Mbed TLS. We are on this mailing list and try to answer questions, but we are not doing that as official support provided by Arm, but as members of the community. Mbed TLS is supported by the community and this mailing list is indeed the right place to get that support. I apologise for the nitpick, I just wanted to make sure that we are not giving the wrong impressions.) Best regards, Janos (Mbed TLS developer) From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Sawyer Liu via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Reply to: Sawyer Liu <sawyer.liu(a)nxp.com> Date: Wednesday, 28 October 2020 at 01:59 To: "mbed-tls(a)lists.trustedfirmware.org" <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] About mbedtls CVE Hello ARM Support, About below CVEs, any update? Thanks. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16150<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcve.mitre…> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000520 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3739 Best Regards Sawyer Liu Microcontrollers, NXP Semiconductors

4 years, 10 months

2
1
0 0

2025

2024

2023

2022

2021

2020

mbed-tls