- mbed-tls - lists.trustedfirmware.org

Re: [mbed-tls] LTS roadmap and announcement channel?

by Manuel Pegourie-Gonnard

Hi Simon, Indeed while the migration is underway things can be a bit confusing, so let me try to clarify: * releases can be found at: https://github.com/ARMmbed/mbedtls/releases - near the top you'll alwys find the latest development release followed by the latest LTS releases. At this point it is unclear if releases are going to stay on github or if they would move to trustedfrimware.org in the future, but if anything changes, we'll announce it. * announcements about new releases and other important project events are made on the new Mbed-tls-announce mailing-list: https://github.com/ARMmbed/mbedtls/releases - if you're already subscribed to mbed-tls (this list), you don't need to subscribe to the "announce" mailing list in addition, as any post to "announce" is automatically cross-posted here ("announce" is for people who want a lower volume list). * I don't think we're currently making announcements about upcoming releases, but I know we considered that. Unfortunately I don't remember the details and the colleague who was working on improving our release process is on leave now. But it we start making such announcements, they'll be on the "announce" list. * We're currently planning 2.16.8 early in September. * If you have a large number of products deployed that depend on Mbed TLS (or indeed any other tf.org project) and would like to be notified in advance of upcoming security fixes, please see the following pages: https://developer.trustedfirmware.org/w/mbed-tls/security-center/ https://developer.trustedfirmware.org/w/collaboration/security_center/repor… https://developer.trustedfirmware.org/w/collaboration/security_center/trust… I hope this answers your questions, and feel free to ask otherwise. Manuel. ________________________________ From: mbed-tls <mbed-tls-bounces(a)lists.trustedfirmware.org> on behalf of Simon Leet via mbed-tls <mbed-tls(a)lists.trustedfirmware.org> Sent: 14 August 2020 15:13 To: mbed-tls(a)lists.trustedfirmware.org <mbed-tls(a)lists.trustedfirmware.org> Subject: [mbed-tls] LTS roadmap and announcement channel? Hi folks, I understand that https://tls.mbed.org/ has migrated under the umbrella of https://www.trustedfirmware.org/ but it’s not clear where I should turn to for information about the updates to the LTS versions. The https://tls.mbed.org/tech-updates blog used to announce LTS branch updates but seems defunct as of 2.16.7, and I can’t find equivalent information in https://developer.trustedfirmware.org/w/mbed-tls/roadmap/, https://github.com/ARMmbed/mbedtls/projects/2 or the generic https://www.trustedfirmware.org/blog/. Is there a new channel for information about upcoming LTS mbedtls releases so that users can plan their appropriate upgrade cycles? E.g. when is 2.16.8 roughly expected to be released? Is the new model for monitoring release announcements reliably going to be as a new tag on https://github.com/ARMmbed/mbedtls/tags? -Simon

5 years, 7 months

1
0
0 0

MbedTLS_hardware_poll

by youssouf sokhona

Hi everyone, Hope you are still going well I am now working on MbedTLS to establish a key exchange with a BGM which has a TRNG , and I read that I have to implement myself a function called «mbedTLS_hardware_poll » But I have no idea to know how I can implement this function zlthough I read articles on the mbedtls.com about entropy site…. Can you help me, to know how I can implement this function ?

5 years, 7 months

1
0
0 0

Test

by Manu Abraham

Test mail

5 years, 7 months

1
0
0 0

Custom PSA API Implementation for mbedTLS tests

by murat＠za-ya.co

Hi all, We have implemented the PSA Functional API for a custom secure environment which passes PSA Arch tests. Now we would like to run mbedtls tests (make check) on the PSA API if possible. When we run "make check", it includes and compiles library/psa_crypto.c file for mbedTLS's PSA API Implementation. Herein, we would like to compile our own psa_crypto.c implementation, does mbedtls build system allow us to include custom PSA API Implementation to run tests? Thank you. Murat

5 years, 7 months

1
0
0 0

LTS roadmap and announcement channel?

by Simon Leet

Hi folks, I understand that https://tls.mbed.org/ has migrated under the umbrella of https://www.trustedfirmware.org/ but it's not clear where I should turn to for information about the updates to the LTS versions. The https://tls.mbed.org/tech-updates blog used to announce LTS branch updates but seems defunct as of 2.16.7, and I can't find equivalent information in https://developer.trustedfirmware.org/w/mbed-tls/roadmap/, https://github.com/ARMmbed/mbedtls/projects/2 or the generic https://www.trustedfirmware.org/blog/. Is there a new channel for information about upcoming LTS mbedtls releases so that users can plan their appropriate upgrade cycles? E.g. when is 2.16.8 roughly expected to be released? Is the new model for monitoring release announcements reliably going to be as a new tag on https://github.com/ARMmbed/mbedtls/tags? -Simon

5 years, 7 months

1
0
0 0

Re: [mbed-tls] Diffie Hellman Key Exchange

by Gilles Peskine

Hello, The interface of the Diffie-Hellman (DHM) module is modeled on the way it's used in TLS, which is a bit different from the classical presentation. You can find code examples in programs/pkey/dh_client.c and programs/pkey/dh_server.c . Elliptic-curve Diffie-Hellman (provided by the ECDH module) has similar security properties and is significantly faster. If you don't need interoperability with legacy software that only supports classical (finite-field) Diffie-Hellman, you should use ECDH rather than DHM. With the ECDH module, you can use either the same TLS-inspired interface as the DHM module, or a more classical interface for which there is a usage example in psa_crypto.c in the function psa_key_agreement_ecdh. Hope this helps, -- Gilles Peskine Mbed TLS developer You can find an example of the TLS-like inter On 12/08/2020 14:02, youssouf sokhona via mbed-tls wrote: > > Hello, I hope you are going well during this Covid crisis. > > > > I'm sending you this message to find out how to generate a Diffie > Hellman key using MbedTLS. Indeed, with all the documentation, I'm a > bit lost. > > > > I think, you have to use the int mbedtls_dhm_set_group function to > create p and g. And then, I don't know how to use which function... > Moreover, I can't find any function that allows to set a and b, > whereas they are 2 fundamental elements > > Can you help me? Thank you! > > > > Best regards, YS > > >

5 years, 7 months

1
0
0 0

Minimum Python version

by Gilles Peskine

Hello, Short version: to use the official tools to configure Mbed TLS, or to run the unit tests, you need Python. If we start requiring Python 3.5, is this going to be a problem? Detailed version: Mbed TLS includes four Python scripts that are of interest to users, with a fifth one in preparation: * scripts/config.py : compile-time configuration (unless you prefer to edit config.h directly). * scripts/generate_psa_constants.py : to build programs/psa/psa_constant_names (we have a pending task to commit the result instead of requiring it during the build). * tests/scripts/generate_test_code.py : necessary to build the unit tests. * tests/scripts/mbedtls_test.py : does anyone use this? It's for testing on platforms with Greentea, but some of the automation is missing. * upcoming: a script to generate glue code for accelerator and secure element drivers. We'll also provide a manual way, but it won't be as convenient. This is a question to everyone who's building Mbed TLS and using some of these scripts: is it ok if they require Python 3.5? Currently: * scripts/config.py requires Python 3.5. * scripts/generate_psa_constants.py requires Python 3.3. * tests/scripts/generate_test_code.py still works with Python 2.7. * tests/scripts/mbedtls_test.py still works with Python 2.7. * the driver glue code generation script will require Python 3.5, or Python 3.4 + typing. Is there any demand for versions of Python before 3.5? -- Gilles Peskine Mbed TLS developer

5 years, 7 months

1
0
0 0

Diffie Hellman Key Exchange

by youssouf sokhona

Hello, I hope you are going well during this Covid crisis. I'm sending you this message to find out how to generate a Diffie Hellman key using MbedTLS. Indeed, with all the documentation, I'm a bit lost. I think, you have to use the int mbedtls_dhm_set_group function to create p and g. And then, I don't know how to use which function... Moreover, I can't find any function that allows to set a and b, whereas they are 2 fundamental elements Can you help me? Thank you! Best regards, YS

5 years, 7 months

1
0
0 0

Re: [mbed-tls] Availability of 2.16.7 in download archive

by Janos Follath

Hi Frank, We have now updated the links both on the download-archive and releases site and now they point to https://github.com/ARMmbed/mbedtls/releases, where all the releases are available. We also have added checksums to the release notes on github and fixed the archive structure. Thank you very much for pointing these issues out! Cheers, Janos (Mbed TLS developer) On 04/08/2020, 19:06, "mbed-tls on behalf of Frank Bergmann via mbed-tls" <mbed-tls-bounces(a)lists.trustedfirmware.org on behalf of mbed-tls(a)lists.trustedfirmware.org> wrote: Hi, 2.16.7 was released on github more than one month ago (2020-07-01). But it is not listed on - download archive at https://tls.mbed.org/download-archive - release news at https://tls.mbed.org/tech-updates/releases Questions about that: - Is it an "official" release even if it is not mentioned on release news? - When will it be available in download archive? - If there will be no more addings to download archive because now we'll have to use github: * Will there be separate releases GPL/Apache available? * Will a signed/unsigned check sum be provided? * Will the "new structure" as provided by tarball on github be kept in future or was it just an accident? (e.g. main dir is named "mbedtls-mbedtls-2.16.7") I started using mbed TLS with 2.16.6 but now I am confused. ;-) cheers, Frank -- mbed-tls mailing list mbed-tls(a)lists.trustedfirmware.org https://lists.trustedfirmware.org/mailman/listinfo/mbed-tls

5 years, 7 months

1
0
0 0

Re: [mbed-tls] Availability of 2.16.7 in download archive

by Gilles Peskine

Hi Frank, I confirm that 2.16.7 is an official release of the 2.16 long-time support branch of Mbed TLS, alongside 2.7.16 for the 2.7 branch and 2.23.0 for the latest features. Everyone should update to one of these versions since they fix security issues and other bugs. We're progressively transitioning the project from Arm infrastructure to TrustedFirmware infrastructure. Eventually we'll decommission the existing tls.mbed.org, and we intend to distribute releases via trustedfirmware.org. We no longer intend to reference new releases directly on https://tls.mbed.org/download-archive . For the time being, we're distributing via GitHub. However, it isn't right that https://tls.mbed.org/download-archive links to https://github.com/ARMmbed/mbedtls/releases/ which doesn't list LTS branches. We need to link from https://tls.mbed.org/download-archive to the place that has the latest LTS releases one way or the other. There are no longer separate archives with Apache and GPL licenses. These archives were always identical except for license headers. Now LTS releases are distributed as a single archive in which the files are dual-licensed. The naming with mbedtls-mbedtls- must be a bug in our release script. Thanks for noticing. I don't think we made a conscious decision not to provide official checksums. I can see the value of having them so let's try to incorporate those in our new release process. -- Gilles Peskine Mbed TLS developer On 04/08/2020 19:05, Frank Bergmann via mbed-tls wrote: > Hi, > > 2.16.7 was released on github more than one month ago (2020-07-01). > But it is not listed on > - download archive at https://tls.mbed.org/download-archive > - release news at https://tls.mbed.org/tech-updates/releases > > Questions about that: > - Is it an "official" release even if it is not mentioned on release news? > - When will it be available in download archive? > - If there will be no more addings to download archive because now we'll > have to use github: > * Will there be separate releases GPL/Apache available? > * Will a signed/unsigned check sum be provided? > * Will the "new structure" as provided by tarball on github be kept > in future or was it just an accident? (e.g. main dir is named > "mbedtls-mbedtls-2.16.7") > > I started using mbed TLS with 2.16.6 but now I am confused. ;-) > > cheers, > Frank > >

5 years, 7 months

1
0
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls