Hello,
In the next release of TF-PSA-Crypto 1.1.0 and Mbed TLS 4.1.0, we have
made significant changes to code that detects features that are not part
of C99 proper. The changes are mainly:
* Uniformization of POSIX/Unix feature detection macros.
* Assume a C99-compliant printf (dropping hacks for ancient MSVC and
forcing compliant printf on MinGW).
* Expansion of “static assert” in C99 when an official C11
static_assert isn't available.
We believe the new code to be standards-compliant, however it may break
the build on some platforms that are not strictly POSIX compliant or
cause some new compiler warnings.
If you use TF-PSA-Crypto or Mbed TLS on a “less mainstream” Unix-like
platform, or with a compiler that isn't GCC or Clang, and the break
builds for you, please open a pull request with the necessary fixes
(probably in core/tf_psa_crypto_platform_requirements.h,
core/tf_psa_crypto_common.h, or library/mbedtls_platform_requirements.h).
We have also made some minor changes in the Mbed TLS 3.6 long-time
support branch. They are significantly less expansive, but may affect
platforms that are mostly Linux-like but are not Linux or are using an
unusual libc.
Best regards,
--
Gilles Peskine
TF-PSA-Crypto and Mbed TLS developer
Dear MbedTLS contributors,
I'm reaching out with a question regarding the ECDH and similar interfaces on the MbedTLS development branch. I hope this mailing list is the appropriate venue for this discussion.
I am preparing a pull request for an implementation of the Hybrid Public Key Encryption (HPKE) standard for MbedTLS/TF-PSA-Crypo. It seems like the development branch at TF-PSA-Crypo does not seem to support ecdh.h anymore. While this is not seem to be explicitly stated anywhere, there are instructions on how to use the PSA interface instead to create ECDH keys.
Now my question: So the my code meets the desired quality criteria, does all other key interfaces also have to be changed? I am using the ECP interface a lot, so mbedtls_ecp_group_init, mbedtls_ecp_point_init, mbedtls_ecp_keypair_init and so on. The functions are still available but the instructions in psa_tranistion.md in Section "translating a legacy ephemeral key agreement TLS server workflow" make me believe that using non-psa key interfaces might be undesirable in MbedTLS in general.
I would greatly appreciate any clarification on this matter.
Best regards,
Leonie
[ABB logotype]
—
Dr. Leonie Reichert
Research Scientist "Secure Connected Systems"
ABB AG
Kallstadter Strasse 1
Mannheim
Mobile: +49 160 99002896
E-mail: leonie.reichert(a)de.abb.com<mailto:leonie.reichert@de.abb.com>
abb.com<https://www.abb.com/>
[ABB logotype]
ABB AG
Sitz/Head Office: Mannheim
Registergericht/Registry Court: Mannheim
Handelsregisternummer/Commercial Register No.: HRB 4664
Vorstand/Managing Board: Klaus Eble (Vorsitzender/Chairman), Alexander Zumkeller
Vorsitzender des Aufsichtsrats/ Chairman of Supervisory Board: Adrian Guggisberg
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte Weitergabe dieser Mail ist nicht gestattet.
Bitte beachten Sie auch unsere Datenschutzerklärung, die Sie auf unserer Webseite<https://new.abb.com/privacy-policy/de/datenschutz> finden.
This E-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this E-mail in error) please notify the sender immediately and destroy this E-mail. Any unauthorized copying, disclosure or distribution of the material in this E-mail is strictly forbidden.
Please also take note of our privacy notice, which you can find on our webpage<https://new.abb.com/privacy-notice>.
