Mbed TLS

Free software library implementing TLS
(Learn how and when to remove this message)
Mbed TLS
Developer(s)Collaborative project managed by TrustedFirmware (formerly by Arm)
Initial releaseJanuary 15, 2009 (2009-01-15)
Stable release3.6.0[1]Edit this on Wikidata (28 March 2024; 56 days ago (28 March 2024)) [±]
Repository
  • github.com/Mbed-TLS/mbedtls Edit this at Wikidata
Written inC
Operating systemMulti-platform
TypeSecurity library
LicenseDual Apache-2.0 or GPL-2.0-or-later
Websitewww.trustedfirmware.org/projects/mbed-tls/

Mbed TLS (previously PolarSSL) is an implementation of the TLS and SSL protocols and the respective cryptographic algorithms and support code required. It is distributed under the Apache License version 2.0. Stated on the website is that Mbed TLS aims to be "easy to understand, use, integrate and expand".

History

The PolarSSL SSL library is the official continuation fork of the XySSL SSL library. XySSL was created by the French "white hat hacker" Christophe Devine and was first released on November 1, 2006, under GNU GPL v2 and BSD licenses. In 2008, Christophe Devine was no longer able to support XySSL and allowed Paul Bakker to create the official fork, named PolarSSL.[2] In November 2014, PolarSSL was acquired by ARM Holdings.[3]

In 2011, the Dutch government approved an integration between OpenVPN and PolarSSL, which is named OpenVPN-NL. This version of OpenVPN has been approved for use in protecting government communications up to the level of Restricted.[4]

As of the release of version 1.3.10, PolarSSL has been rebranded to Mbed TLS to better show its fit inside the Mbed ecosystem.[5] Starting from version 2.1.0, the library was made available under both the GPL v2 and Apache License v2.0.[6]

In 2020, Mbed TLS joined the TrustedFirmware project.[7]

Library

The core SSL library is written in the C programming language and implements the SSL module, the basic cryptographic functions and provides various utility functions. Unlike OpenSSL and other implementations of TLS, Mbed TLS is like wolfSSL in that it is designed to fit on small embedded devices, with the minimum complete TLS stack requiring under 60KB of program space and under 64 KB of RAM. It is also highly modular: each component, such as a cryptographic function, can be used independently from the rest of the framework. Versions are also available for Microsoft Windows and Linux. Because Mbed TLS is written in the C programming language, without external dependencies, it works on most operating systems and architectures.

Since version 1.3.0, it has abstraction layers for memory allocation and threading to the core "to support better integration with existing embedded operating systems".[8]

Design priorities

The Mbed TLS library expresses a focus on readability of the code, documentation, automated regression tests, a loosely coupled design and portable code.[9]

Development documentation

The following documentation is available for developers:

Automated testing

The automated testing of Mbed TLS includes:

Use

Mbed TLS is used as the SSL component in large open source projects:

Platforms

Mbed TLS is currently available for most Operating Systems including Linux, Microsoft Windows, OS X, OpenWrt, Android, iOS, RISC OS[15] and FreeRTOS. Chipsets supported at least include ARM, x86, PowerPC, MIPS.

Algorithms

Mbed TLS supports a number of different cryptographic algorithms:

Cryptographic hash functions
MD2, MD4, MD5, RIPEMD160, SHA-1, SHA-2, SHA-3
MAC modes
CMAC, HMAC
Ciphers
AES, ARIA, Blowfish, Camellia, ChaCha, DES, RC4, Triple DES, XTEA
Cipher modes
ECB, CBC, CFB, CTR, OFB, XTS
Authenticated encryption modes
CCM, GCM, NIST Key Wrap,
ChaCha20-Poly1305
Key derivation
HKDF
Key stretching
PBKDF2, PKCS #5 PBE2, PKCS #12 key derivation
Public-key cryptography
RSA, Diffie–Hellman key exchange,
Elliptic curve cryptography (ECC), Elliptic curve Diffie–Hellman (ECDH), Elliptic Curve DSA (ECDSA), Elliptic curve J-PAKE

See also

References

  1. ^ "Release 3.6.0". 28 March 2024. Retrieved 23 April 2024.
  2. ^ "About us". PolarSSL. Retrieved 2014-05-08.
  3. ^ "PolarSSL is now a part of ARM". 2014-11-24.
  4. ^ [1] Archived January 29, 2013, at the Wayback Machine
  5. ^ "mbed TLS 1.3.10 released". 2015-02-08. Retrieved 2015-02-09.
  6. ^ "Download". Mbed TLS. Arm. Archived from the original on 2019-03-24. Retrieved 2021-04-05.
  7. ^ "Hafnium, MbedTLS, PSA Crypto join the Trusted Firmware Project". TrustedFirmware. TrustedFirmware. Archived from the original on 2020-08-12. Retrieved 2021-04-05.
  8. ^ "New features in PolarSSL 1.3.0 – Tech Updates". Polarssl.org. Retrieved 2014-05-08.
  9. ^ "PolarSSL Features: easy to use SSL library and well-documented". Polarssl.org. Retrieved 2014-05-08.
  10. ^ "PolarSSL High Level Design". Polarssl.org. Retrieved 2014-05-08.
  11. ^ "v1.3.6 source code documentation – API Documentation". PolarSSL. Retrieved 2014-05-08.
  12. ^ "polarssl/polarssl — GitHub". Github.com. Retrieved 2014-05-08.
  13. ^ executable file (2020-04-26). "mbedtls/compat.sh at development · ARMmbed/mbedtls · GitHub". Github.com. Retrieved 2021-04-05.
  14. ^ "Mbed TLS continuous integration". Trusted Firmware. Trusted Firmware. Retrieved 2021-04-05.
  15. ^ "Connecting with the 21st century". RISC OS Open. Steve Revill. Retrieved 2022-04-19.

External links

  • v
  • t
  • e
Email clients
Secure
communication
OTR
SSH
TLS & SSL
VPN
ZRTP
P2P
DRA
Disk encryption
(Comparison)
Anonymity
File systems (List)
Security-focused
operating system
Service providers
Educational
Anti–computer forensics
Related topics
  • Category
  • Commons
  • v
  • t
  • e
Protocols and technologies
Public-key infrastructure
See also
History
Implementations
Notaries
Vulnerabilities
Theory
Cipher
Protocol
Implementation