Mbed TLS is an open source library which implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocols. It provides a reference implementation of the ARM Platform Security Architecture (PSA) Cryptography API. The project also supports the PSA Cryptoprocessor Driver Interface which enables support for cryptoprocessor drivers. The small code footprint makes the project suitable for embedded systems. It has many users, including TF-A, TF-M and OP-TEE.
MbedTLS v3.5 was released on October 5th with several contributions from BayLibre. Valerio Setti focused mainly on enabling elliptic curve keys and algorithm acceleration through PSA drivers. It is now possible to completely accelerate ECDH, ECDSA and ECJPAKE without any need to rely on library’s builtin implementations. We also contributed to the PK module reshaping and improvements for private/public key parsing and management. Other interesting improvements included in this release concern TLS 1.2/1.3, x509, code’s footprint reductions (which is particularly interesting for embedded platforms) as well as drivers’ acceleration support for FFDH algorithm with DH keys, hashes and HMAC.