Trusted Firmware Logo

MBed TLS v3.2.1 - PSA Crypto, TLS1.3, Acceleration and More!

logo
Shebu Kuriakose| Wednesday, July 13, 2022|3 min read

Introduction

Mbed TLS project has released v3.2.1 and v2.28.1 LTS this week. v3.2.1 was done soon after v3.2.0 to include a missing file. Being the development release since December last year, v3.2.1 includes several enhancements, bug fixes and security fixes. v2.28.1 released from Mbed TLS 2.28 Long Time Support (LTS) branch includes latest bug fixes and security fixes.

Refer to the release notes for a complete list of changes in the releases. Here are some of the highlights of v3.2.1:

Highlights

  1. Usability Improvements: As part of improving the usability of Mbed TLS 3.1 and 3.2 releases, several accessor functions, public getter APIs to access certain private fields in structures, and converting private fields in structures to public are included. The specific changes can be found in the release notes

  2. TLS/X.509 using PSA Crypto APIs: Mbed TLS project provides a reference implementation of the PSA Crypto APIs. Mbed TLS 3.1 onwards include implementation of all essential PSA Crypto v1.0 APIs, and pass the PSA Crypto API compliance test suite.

    Earlier only a limited subset of crypto operations in TLS, X.509 and PK used PSA Crypto APIs using the MBEDTLS_USE_PSA_CRYPTO config option. In Mbed TLS 3.2.1, most of the crypto operations are done using PSA Crypto APIs with a few exceptions. Refer here for list of exceptions

  3. TLS 1.3 Enhancements: Mbed TLS 3.1 release included a minimum viable implementation of TLS 1.3 which provided limited client side support. Several new features including server side support (ephemeral key establishment only), client authentication, client side TLS version negotiation, building Mbed TLS only with TLS 1.3 without TLS 1.2 support etc are included. Refer here for details.

  4. Acceleration: Improved performance of SHA-2 algorithm on Armv8 platforms by enabling SHA-2 acceleration instructions when building for Aarch64. SHA-256 is 7.5x faster and SHA-512 is 4.5x faster than in Mbed TLS 3.1.

What’s Next?

During H2’2022, focus will remain on some of the remaining areas of TLS and X.509 using PSA Crypto such as allowing isolation of long term secrets, TLS and X.509 working when library built without software implementations of crypto operations if crypto hardware supports those operations etc. TLS 1.3 enhancements such as PSK support, EC J-PAKE PSA API implementation are also areas the project plans to spend time on.

We welcome community participation in ongoing and future work items in the project that can be found here. Subscribe to the mailing list to start participating in the design and development of the project. The bi-weekly Mbed TLS Technical Forums are also an opportunity to understand major developments in the project.

Recent Posts

post image
Trusted Firmware-A v2.12 released!

Monday, January 6, 2025

Introduction Trusted Firmware-A recently had its second release in 2024 for TF-A v2.12. It is tagged across multiple repositories – TF-A, TF-A Tests, Hafnium, TF-A OpenCI Scripts, Trusted Services and Realm Management Monitor (RMM) 0.6.0 components.

post image
Trusted Firmware OP TEE Release 4.4.0

Sunday, October 20, 2024

Trusted Firmware OP TEE: v4.4.0 Release

post image
Trusted Firmware OP TEE Release 4.3.0

Friday, July 12, 2024

Trusted Firmware OP TEE: v4.3.0 Release

post image
Trusted Firmware-M’s First Long Term Support (LTS) Release v2.1.0

Wednesday, May 22, 2024

Trusted Firmware-M’s First Long Term Support (LTS) Release: v2.1.0

post image
MBed TLS v3.6.0 Long Term Support(LTS) Release

Tuesday, April 16, 2024

MBed TLS v3.6.0 Long Term Support(LTS) Release