Dear Mbed TLS and PSA Crypto users,
We would like to update you on the release timeline for Mbed TLS 4.0/TF-PSACrypto1.0 release.
As a reminder, the key objectives of the release are a separate TF-PSA Crypto repo., PSA Crypto becoming the de facto Crypto API and Mbed TLS using PSA Crypto APIs as the crypto API by default.
While TF-PSA Crypto repository is now available, the remaining effort to be ready for the release is more than we originally planned for.
Based on remaining effort estimates, we plan to make Mbed TLS 4.0-Beta and TF-PSA Crypto 1.0-Beta release around end of June. The Mbed TLS 4.0, and TF-PSA Crypto 1.0 release is expected around end of September.
We don’t expect users to integrate the Beta release. Beta is aimed to pipeclean the separate Mbed TLS and TF-PSA Crypto release process and get any early feedback. The release in September is expected to be integrated by users to their projects.
We wanted to provide these revised release dates so that the users can plan accordingly. In the meantime, bug fixes and security fixes will continue to be provided via. Mbed TLS 3.6.x LTS releases.
Thanks,
Mbed TLS/PSA Crypto Maintainers.
Dear Mbed TLS users,
Mbed TLS has contained the reference implementation of the PSA Crypto API since the early days of the standard. This implementation was experimental at first, but over years of development it reached maturity, and the experimental status was removed three years ago (in version 3.6.1.).
Shortly after that, in 2022, the TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> repository was created just for the PSA Crypto API implementation to make it more accessible for users only interested in that. This repository was only a mirror of the main one and the development of the PSA Crypto API implementation remained integral part of Mbed TLS.
In the background, work has been started to make this repository the place where the development of the PSA Crypto API reference implementation happens. This work has finally been completed and from now on TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> is ready to receive contributions, bug reports and enhancement requests. TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> will now be the development repository for the PSA Crypto reference implementation.
Mbed TLS will continue to rely on TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> and will be using it as a submodule.
Many thanks,
Janos Follath
Mbed TLS developer
Dear Mbed TLS users,
We have released Mbed TLS version 3.6.2. This release provides a security fix for an out-of-bounds write vulnerability in the pkwrite module.
Full details are available in the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.2
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Many thanks,
David Horstmann
Mbed TLS developer
Dear Mbed TLS users,
We have released Mbed TLS versions 3.6.1 and 2.28.9. These releases provide bugfixes, security fixes and minor improvements.
The 3.6.1 release includes fixes for issues caused by enabling TLS 1.3 for TLS connections in the default configuration.
Full details are available in the release notes:
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.9https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.6.1
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Many thanks,
David Horstmann
Mbed TLS developer
Hello,
Following consultations with the community and internal discussions
among the Mbed TLS maintenance team, we can now present the major
changes that will happen in the next major version of Mbed TLS. Our plan
remains to release in the second quarter of 2025.
The next major version will focus on two things:
1. The cryptography library will be a separate product called
TF-PSA-Crypto 1.0. The X.509 and TLS library will be called Mbed TLS
4.0, and will rely on TF-PSA-Crypto for all cryptographic functionality.
2. This release completes the migration of cryptography APIs from
classic mbedtls APIs to PSA APIs.
Please find more information below about what this means in practice.
What follows are just headlines, not an exhaustive list of changes. We
expect many small changes that do not affect major functionality.
Please note that the changes presented here are our current plan. We may
revise it based on new inputs, new insights or unexpected hurdles. You
can follow the advancement of the design, planning and development of
the next release on the 4.0+1.0 planning board at
https://github.com/orgs/Mbed-TLS/projects/15/views/1 .
Removal of legacy APIs
The following low-level application interfaces will no longer be present
in the API of TF-PSA-Crypto 1.0 and Mbed TLS 4.0:
* Hashes: hkdf.h, md5.h, ripemd160.h, sha1.h, sha3.h, sha256.h, sha512.h;
* Random generation: ctr_drbg.h, hmac_drbg.h, entropy.h;
* Ciphers and modes: aes.h, aria.h, camellia.h, chacha20.h,
chachapoly.h, cipher.h, cmac.h, gcm.h, poly1305.h;
* Private key encryption mechanisms: pkcs5.h, pkcs12.h.
* Asymmetric cryptography: bignum.h, dhm.h, ecdh.h, ecdsa.h,
ecjpake.h, ecp.h, rsa.h.
The cryptographic mechanisms remain present, but they will only be
accessible via the PSA API (psa_xxx functions introduced gradually
starting with Mbed TLS 2.17).
If you maintain code that uses these interfaces, you can already start
migrating it today, since almost all PSA interfaces are available in the
mbedtls-3.6 long-time support branch (and many even in 2.28 LTS). Please
consult the PSA transition guide
https://github.com/Mbed-TLS/mbedtls/blob/mbedtls-3.6/docs/psa-transition.md
for guidance.
Some non-PSA crypto interfaces will still be present in TF-PSA-Crypto 1.0:
* pk.h will remain with some changes, mainly to provide an interface
to key parsing and formatting which does not have a PSA equivalent yet.
* md.h will remain as a thin layer over PSA hash functions (not HMAC)
to ease the transition.
* nist_kw.h will remain because it does not have a PSA equivalent yet.
Removal of legacy integration interfaces
TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer support
MBEDTLS_xxx_ALT replacement of functions and modules. Use PSA
transparent drivers instead.
TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer support
MBEDTLS_PK_RSA_ALT and MBEDTLS_PSA_CRYPTO_SE_C. Use PSA opaque drivers
instead.
TF-PSA-Crypto 1.0 and Mbed TLS 4.0 will no longer have the
mbedtls/entropy.h interface to configure entropy sources. This will be
replaced by PSA random drivers.
In addition, we are planning to rework the platform abstraction layer
(MBEDTLS_PLATFORM_xxx configuration options). More details will be
available in the coming months.
Removal of legacy mechanisms
The following cryptographic mechanisms are planned to be removed in
TF-PSA-Crypto 1.0 and Mbed TLS 4.0:
* DES (including 3DES).
* PKCS#1v1.5 encryption/decryption (RSAES-PKCS1-v1_5). (OAEP, PSS, and
PKCS#1v1.5 signature are staying.)
* Finite-field Diffie-Hellman with custom groups. (RFC 7919 groups
remain supported.)
* Elliptic curves of size 225 bits or less.
The following cipher suites are planned to be removed from (D)TLS 1.2 in
Mbed TLS 4.0:
* TLS_RSA_* (including TLS_RSA_PSK_*), i.e. cipher suites using RSA
decryption. (RSA signatures, i.e. TLS_ECDHE_RSA_*, are staying.)
* TLS_ECDH_*, i.e. cipher suites using static ECDH. (Ephemeral ECDH,
i.e. TLS_ECDHE_*, is staying.)
* TLS_DHE_*, i.e. cipher suites using finite-field Diffie-Hellman.
(Ephemeral ECDH, i.e. TLS_ECDHE_*, is staying.)
* TLS_*CBC*, i.e. all cipher suites using CBC.
Non-functional changes
Due to the separation into two separate products (TF-PSA-Crypto and Mbed
TLS), there will be major changes to the directory structure and to the
build system. We plan to use CMake as the primary build system.
Since TF-PSA-Crypto is a new product, identifiers that are not PSA
interfaces (such as optimisation options and platform interfaces) will
be renamed with a new prefix.
Best regards,
--
Gilles Peskine
Mbed TLS developer
Dear Mbed TLS users,
We recently announced the release of Mbed TLS 3.6.0, starting the 3.6 long-term support branch. We intend for this to be the last 3.x feature release. Mbed TLS 3.6.x will as usual receive bug fixes (including security improvements), but no new features. This will allow the Mbed TLS team to focus on preparing the next major release, Mbed TLS 4.0, planned for 2025 (expect further updates when the timeline becomes more precise).
The main focus of Mbed TLS 4.0 is to complete the migration to PSA crypto APIs. This means that most mbedtls_xxx cryptography APIs will be removed. We expect mbedtls_x509 and mbedtls_ssl to change in relatively minor, but sometimes incompatible ways. Alongside this technical change, the crypto APIs will be published as a separate product, TF-PSA-Crypto<https://github.com/Mbed-TLS/TF-PSA-Crypto> (very early preview so far), while the X.509 and TLS libraries will continue to be called Mbed TLS.
The work on 4.0 will happen on the development branch in the mbedtls repository, so you can expect more instability than usual on that branch. The mbedtls-3.6<https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-3.6> branch is available if you want the latest patches on Mbed TLS 3.6 LTS.
As usual, you can see our high-level plans in the roadmap<https://mbed-tls.readthedocs.io/en/latest/project/roadmap/>, and in more detail on GitHub<https://github.com/Mbed-TLS/mbedtls/issues>. Look for issues labeled api-break<https://github.com/Mbed-TLS/mbedtls/issues?q=is%3Aissue+is%3Aopen+label%3Aa…> (note that we haven't filed issues on all topics yet).
We will launch some consultations on the mbed-tls mailing list<https://lists.trustedfirmware.org/mailman3/lists/mbed-tls.lists.trustedfirm…> soon, to gather community input on some topics.
Many Thanks,
Nathan Sircombe
(On behalf of the Mbed TLS development team)
Hi Mbed TLS users,
We have released Mbed TLS versions 3.6.0 LTS and 2.28.8.
These releases of Mbed TLS address several security issues, provide bug fixes, and bring other minor changes. Full details are available in the release notes (https://github.com/Mbed-TLS/mbedtls/releases/tag/v3.6.0, https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.8).
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.
Hi Mbed TLS users,
We have released Mbed TLS versions 3.5.2 and 2.28.7.
These releases contain security fixes for: a timing side channel in private key RSA operations; and a buffer overflow in mbedtls_x509_set_extension.
Full details are available in the release notes.
https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-2.28.7https://github.com/Mbed-TLS/mbedtls/releases/tag/mbedtls-3.5.2
We recommend all users to consider whether they are impacted, and to upgrade appropriately.
Many thanks.
Dave
