- mbed-tls - lists.trustedfirmware.org

Request for comments on adding more MBEDTLS_PRIVATE accessors.

by Minos Galanakis

Hi all. We are currently planning on improving our coverage and adding accessor functionality for members marked as MBEDTLS_PRIVATE. I have created an issue ( #8529 )<https://github.com/Mbed-TLS/mbedtls/issues/8529> to consolidate all the information and design-review the task. It would really help to hear from the community as to which members they are still using, and what is their use-case. Feel free to comment on the issue, or discuss it here. There may be members that we have decided not to include and are essential to your integration or are completely missing/not being considered. Best Regards, Minos Galanakis

2 years, 2 months

1
0
0 0

MbedTLS Code 3.5.1

by Satya Prakash Prasad

Hi, We need to integrate the TLS Code in our codebase. I have downloaded Mbed TLS 3.5.1 @ https://github.com/Mbed-TLS/mbedtls/releases and compiled it. I understand that we can just use the code in mbedtls-3.5.1\library directory for the TLS functionality - can anyone please confirm. Are there any other directories where TLS Code exists in the MbedTLS 3.5.1 repo? Please confirm how we can only integrate MbedTLS TLS functionality code in other applications / repo. There are so many other directories in MbedTLS 3.5.1 repo - how is the code in repo organized? Do we need all the code in MbedTLS 3.5.1 repo? Your valid input will help me to integrate the MbedTLS Code in our codebase? Please provide all other details as required or will be helpful for the same. Thanks in advance. Regards, Prakash

2 years, 3 months

1
0
0 0

Mbed TLS 3.5.1

by Satya Prakash Prasad

Hi, I downloaded Mbed TLS 3.5.1 @ https://github.com/Mbed-TLS/mbedtls/releases. Please let me know how to configure and compile the same. Also please let me know how to run some sample tests there or manually to verify. Thanks in advance. Regards, Prakash

2 years, 3 months

1
0
0 0

Code samples for psa_import_key and ECC?

by Christian Huitema

I am trying to use psa_import_key() after loading private keys from PEM files. I am succeeding when parsing an "RSA PRIVATE KEY", but no such luck for "EC PRIVATE KEY". I assume that I am not setting attributes correctly. A code sample would be nice! Or, maybe I could just use mbedtls_pk_parse_keyfile(), but then I would need to "import" a PSA key from the "mbedtls" context, ad I did not find sample code for that either. -- Christian Huitema

2 years, 3 months

2
4
0 0

Mbed TLS 3.5.1 and 2.28.6

by Dave Rodgman

Hi Mbed TLS users, We have released Mbed TLS versions 3.5.1 and 2.28.6. These releases of Mbed TLS are made under a dual Apache-2.0 OR GPL-2.0-or-later license. Mbed TLS 3.5.1 also contains a bugfix for CMake builds. They are otherwise identical to the previous releases, 2.28.5 and 3.5.0. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.6, https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.1)<https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0)>. We recommend all users to consider whether they are impacted, and to upgrade appropriately. Many Thanks. Dave

2 years, 3 months

1
0
0 0

[Mbed-tls-announce] New Mbed TLS releases : 3.5.0 and 2.28.5

by Minos Galanakis via Mbed-tls-announce

We have released Mbed TLS versions 3.5.0 and 2.8.5. These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.5, https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.0). We recommend all users to consider whether they are impacted, and to upgrade appropriately. Many Thanks. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. -- Mbed-tls-announce mailing list -- mbed-tls-announce(a)lists.trustedfirmware.org To unsubscribe send an email to mbed-tls-announce-leave(a)lists.trustedfirmware.org

2 years, 3 months

3
2
0 0

Mbed TLS license change

by Dave Rodgman

Hi Mbed TLS users, We are planning to change the license for Mbed TLS shortly, from Apache 2.0 to a dual license Apache 2.0 / GPLv2-0-or-later license. This will allow GPL-licensed projects to take Mbed TLS under a GPL license. Projects which currently take Mbed TLS under an Apache 2.0 license may continue to do so, and therefore should not be affected by this change. The inbound license, under which we accept contributions, is already a dual-license. There is therefore no impact for contributors, and no impact on PRs that are currently in review, or those that have previously been integrated into the library. We hope that this will enable more projects to make use of Mbed TLS. Dave Rodgman

2 years, 3 months

1
0
0 0

TF-PSA-Crypto publication

by Ronald Cron

We are happy to announce the publication in GitHub of the TF-PSA-Crypto repository: https://github.com/Mbed-TLS/TF-PSA-Crypto. The TF-PSA-Crypto repository provides an implementation of the PSA Cryptography API (https://arm-software.github.io/psa-api). This encompasses the on-going extensions to the PSA Cryptography API (e.g. PAKE). The PSA Cryptography API implementation is organized around the PSA Cryptography driver interface aiming to ease the support of cryptographic accelerators and processors. This is a significant milestone on the journey to split the PSA Cryptography API implementation and its development out of the Mbed TLS repository into TF-PSA-Crypto. This is early days though and the TF-PSA-Crypto repository should be considered as a prototype: it is read-only and mostly a mirror of the PSA Cryptography API implementation of Mbed TLS. But we believe it is a good illustration of what we are aiming at. Thanks, Ronald Cron on behalf of the Mbed TLS team.

2 years, 3 months

2
2
0 0

How to implement Opaque driver API

by Jiamei Xie

Hi experts, I wanted to forward some crypto operations to an external driver that provides psa_call APIs. The mbedtls version I am using 3.4.0. Take psa_asymmetric_encrypt as an example, The mbedtls api is psa_status_t psa_asymmetric_encrypt(mbedtls_svc_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) It gets attribute, key.data and key.byte from key_id. Then call function psa_driver_wrapper_asymmetric_encrypt without key_id as its argument: status = psa_driver_wrapper_asymmetric_encrypt( &attributes, slot->key.data, slot->key.bytes, alg, input, input_length, salt, salt_length, output, output_size, output_length); In psa_driver_wrapper_asymmetric_encrypt, it will use different implementations according to the location value in https://github.com/Mbed-TLS/mbedtls/blob/d69d3cda34c400a55220352518e37d3d2c…. I define a new location definition(RSS_PSA_LOCATION. When the location is RSS_PSA_LOCATION, making it call psa_status_t crypto_psa_asymmetric_encrypt(psa_key_id_t key, psa_algorithm_t alg, const uint8_t *input, size_t input_length, const uint8_t *salt, size_t salt_length, uint8_t *output, size_t output_size, size_t *output_length) This API require key_id. Is it possible to get key_id from attribute and key_slot? Regards, Jiamei Xie

2 years, 3 months

3
3
0 0

Driver only build option

by Ruchika Gupta

Hi, I am trying to use the MACRO's defined at - https://github.com/Mbed-TLS/mbedtls/blob/development/docs/driver-only-build… to enable driver only build. As mentioned on the page I tried to do this for SHA256. However, the code in sha256.c isn't ifdefed by "MBEDTLS_PSA_ACCEL_ALG_SHA_256" so still gets compiled ? Can you point me to what I am missing here ? Regards, Ruchika

2 years, 4 months

1
1
0 0

2026

2025

2024

2023

2022

2021

2020

mbed-tls