Trusted Firmware Logo

MBed TLS v3.2.1 - PSA Crypto, TLS1.3, Acceleration and More!

logo
Shebu Kuriakose| Wednesday, July 13, 2022|3 min read

Introduction

Mbed TLS project has released v3.2.1 and v2.28.1 LTS this week. v3.2.1 was done soon after v3.2.0 to include a missing file. Being the development release since December last year, v3.2.1 includes several enhancements, bug fixes and security fixes. v2.28.1 released from Mbed TLS 2.28 Long Time Support (LTS) branch includes latest bug fixes and security fixes.

Refer to the release notes for a complete list of changes in the releases. Here are some of the highlights of v3.2.1:

Highlights

  1. Usability Improvements: As part of improving the usability of Mbed TLS 3.1 and 3.2 releases, several accessor functions, public getter APIs to access certain private fields in structures, and converting private fields in structures to public are included. The specific changes can be found in the release notes

  2. TLS/X.509 using PSA Crypto APIs: Mbed TLS project provides a reference implementation of the PSA Crypto APIs. Mbed TLS 3.1 onwards include implementation of all essential PSA Crypto v1.0 APIs, and pass the PSA Crypto API compliance test suite.

    Earlier only a limited subset of crypto operations in TLS, X.509 and PK used PSA Crypto APIs using the MBEDTLS_USE_PSA_CRYPTO config option. In Mbed TLS 3.2.1, most of the crypto operations are done using PSA Crypto APIs with a few exceptions. Refer here for list of exceptions

  3. TLS 1.3 Enhancements: Mbed TLS 3.1 release included a minimum viable implementation of TLS 1.3 which provided limited client side support. Several new features including server side support (ephemeral key establishment only), client authentication, client side TLS version negotiation, building Mbed TLS only with TLS 1.3 without TLS 1.2 support etc are included. Refer here for details.

  4. Acceleration: Improved performance of SHA-2 algorithm on Armv8 platforms by enabling SHA-2 acceleration instructions when building for Aarch64. SHA-256 is 7.5x faster and SHA-512 is 4.5x faster than in Mbed TLS 3.1.

What’s Next?

During H2’2022, focus will remain on some of the remaining areas of TLS and X.509 using PSA Crypto such as allowing isolation of long term secrets, TLS and X.509 working when library built without software implementations of crypto operations if crypto hardware supports those operations etc. TLS 1.3 enhancements such as PSK support, EC J-PAKE PSA API implementation are also areas the project plans to spend time on.

We welcome community participation in ongoing and future work items in the project that can be found here. Subscribe to the mailing list to start participating in the design and development of the project. The bi-weekly Mbed TLS Technical Forums are also an opportunity to understand major developments in the project.

Recent Posts

post image
MBed TLS v3.6.0 Long Term Support(LTS) Release

Tuesday, April 16, 2024

MBed TLS v3.6.0 Long Term Support(LTS) Release

post image
Trusted Firmware OP-TEE v4.2.0 Release

Sunday, April 14, 2024

Trusted Firmware OP-TEE: v4.2.0 Release

post image
Trusted Firmware-A LTS v2.10.2 released!

Tuesday, February 20, 2024

Building on the 1st TF-A LTS in 2023, Trusted Firmware-A is pleased to announce the release of the second major LTS version- LTS v2.10 \[1], its first valid tag being lts-v2.10.2. The LTS is branched out of TF-A 2.10, the second 2023 TF-A Release \[Nov’2023]

post image
Trusted Firmware OP TEE Release 4.1.0

Thursday, January 18, 2024

Trusted Firmware OP TEE: v4.1.0 Release

post image
Trusted Firmware-A v2.10 released!

Saturday, December 9, 2023

Introduction Trusted Firmware-A has come a long way since its first commit in 2013, ten years and counting! Co-incidentally, the latest official TF-A Release increments to the same number - v2.10.