Hi,
In mbedTLS road map, there is a future task to remove legacy cipher API (https://developer.trustedfirmware.org/w/mbed-tls/roadmap/). Does that mean all existing mbedtls crypto APIs will not be supported anymore?
mbedTLS is used for both its TLS and crypto library. I am curious how the planned changes will affect both set of users.
* Are the crypto library users expected to only use PSA crypto APIs and key IDs?
* Are the TLS library users expected to see API changes to TLS functions to support key IDs?
Thank,
Archanaa
Hi guys,
I use mbedtls for years (since 2.10 IIRC) upgrading to latest available as time goes by. For DTLS that is.
I remember a case in the past where a link would have a small MTU (around 500 bytes) and I had to tune ssl_context.handshake.mtu to a lower value to successfully complete handshakes.
I do not remember exactly why, but I did not want to actually restrict maximum value via mbedtls_ssl_set_mtu, maybe it was even ignored back then for handshakes… but
Now when working on migration to 3.2.1 (gave some time to 3x releases to stabilize) I noticed that the whole ssl_context.handshake member is now private and inaccessible, which I guess is fine.
Could somebody with more knowledge of the code recommend what is the best strategy for DTLS app where MTU may not always be 1400?
thanks a lot for your time,
Martin
Hi All,
A gentle reminder that the US-Europe timezone-friendly MBed TLS Tech forum
is next Monday at 4:30 PM UK time. Invite details can be found on the
online calendar here <https://www.trustedfirmware.org/meetings/>.
If you have any topics, please let Dave Rodgman know. :)
Best regards,
Don Harbin
TrustedFirmware Community Manager
don.harbin(a)linaro.org
We're seeing pretty much the same issue on 3.0.0 ARM. However, if I build the ssh_client2 tool on my host machine (x64) and try to mimic the config as close as possible, it works just fine.
Do you think we're seeing the same problem? Will try with a newer version next week.
Hello,
I am wondering if there are APIs for Hmac and Cmac verification?
from md.h and cmac.h, Hmac and Cmac generation functionalities are provided
in a single and streaming approach. But is there a plan to add verification
APIs for future releases maybe?
Kind regards,
Ahmed Mohammed
Hello,
What is the difference between these two macros in
include/mbedtls/build_info.h:
MBEDTLS_CONFIG_FILE
MBEDTLS_USER_CONFIG_FILE
In other words, why would I have two different user configuration files? Or
I misunderstand the difference between such files.
Kind regards,
Ahmed Mohammed
I am verifying a signature generated using ecdsa secp256r1. The signature is getting verified but the time taken by the verification step is too long. It takes 4-5 seconds to verify the signature. The implementation is bare metal i.e. no RTOS (one realizes the use of RTOS but still the time is too long). Can you please guide a way around for this issue. How to make it work faster , the ideal verification time would be 30ms - 60ms.
Here is a gist of my code
mbedtls_ecp_curve_info *curve_info = NULL;
mbedtls_ecdsa_context ecdsa_context;
/// Initialization
mbedtls_ecdsa_init(&ecdsa_context);
curve_info = mbedtls_ecp_curve_info_from_tls_id(23); /// 23 is tls_id of secp256r1
mbedtls_ecp_group_load(&ecdsa_context.grp, curve_info->grp_id);
/// Processing
result = mbedtls_ecp_point_read_binary(
&ecdsa_context.grp,
&ecdsa_context.Q,
public_key_data, // public key data in uncompressed format i.e. including leading 0x04
sizeof(public_key_data)
);
/// 32 /// 71
status_verify_signature = mbedtls_ecdsa_read_signature(&ecdsa_context, hash, sizeof(hash), signature, sizeof(sig)); /// converts the signature data to ASN1, verifies the signature
Thank you :)
Hello,
Can please provide me with any example on "how to achieve Mutual
authentication(Client and server certificate validation)" in mbed-tls.
Please help me with this.It is a little urgent.
Thank you
Regards
Anupma Jain