Mbed-TLS/mbedtls

Features

• TLS Libraries - Provides a full TLS and DTLS library with a small footprint for embedded systems.
• PSA Cryptoprocessor Integrations - Offloads cryptographic operations to dedicated hardware through the PSA Cryptoprocessor Driver Interface.
• Platform Abstraction Layers - Ships a platform abstraction layer that lets users replace memory, I/O, network, and timer callbacks.
• Compile-Time Header Configurations - Build options are set by editing C header files before compilation for fine-grained feature selection.
• PSA Cryptography Implementations - Provides a reference implementation of the PSA Cryptography API for standardized cryptographic operations.
• Compile-Time Configurations - Sets build-time options by editing dedicated configuration header files.
• Embedded - Provides a full implementation of TLS and DTLS protocols for secure communication in embedded systems.
• Feature Set Customizations - Selects which TLS versions, key exchanges, and cryptographic modules to include or exclude from the build.
• Cryptographic Primitives - Ships a library of fundamental cryptographic primitives including encryption, hashing, and signing.
• Hardware-Accelerated Primitive Substitutions - Substitutes software cipher or hash implementations with hardware-accelerated drivers using compile-time ALT macros.
• PSA Crypto API Implementations - Implements the PSA Cryptography API for standardized cryptographic operations across platforms.
• X.509 Certificate Parsing and Validation - Provides libraries for parsing, validating, and managing X.509 digital certificates in PKI deployments.
• Library Feature Configurators - Compile-time configuration of TLS library features, algorithms, and platform abstractions.
• General TLS Connection Establishment - Implements the TLS protocol for establishing encrypted communication channels between peers.
• Platform Abstraction Layers - Provides a platform abstraction layer to replace I/O, timing, memory, and diagnostics with custom implementations.
• DTLS Protocol Implementations - Implements the DTLS protocol for secure communication over unreliable datagram transports.
• Library Lifecycle Hardware Initializers - Provides custom setup and teardown functions to manage underlying hardware or accelerators.
• Memory-Buffer File I/O Replacements - Removes all file I/O dependencies by using memory-buffer equivalents for every file-accessing function.
• Custom Memory Allocators - Overrides default dynamic memory functions with custom allocators, including a buffer-based static memory option.
• Static Memory Allocations - Supports static memory allocation for environments without a heap.
• Clock-Abstracted Time Validation - Switches off time-based features like certificate validity checks using usage-count fallbacks.
• Predefined Security Configurations - Loads ready-made minimal configurations such as the NSA Suite B TLS profile.
• DTLS Session Managers - Manages DTLS session lifecycles including handshake retransmission over unreliable datagram transports.
• Custom Entropy Source Registrations - Allows registering custom hardware or OS-specific entropy collectors to feed the random number generator.
• Cryptography - Portable TLS library and PSA reference implementation.

Star history