- A+
Mbed TLS 2.23.0 - 2021-03-25
This release adds the `X25519` and `ED448` functions to the high level API, as well as adding Curve25519 and Curve448 key agreement algorithm support. It also adds support for TLS 1.3 certificates, including an API to read them, an API to manipulate their extensions, and an API to write them.
The `PK` API has been refactored to support the three public-key families more easily, and more API functions have been added to make dealing with ECC curves painless.
Improvements were made to the `PEM` API, including support for multiple headers, and the `X509` API, where DSA and ECDSA signatures were added. The API to read a private key now supports PKCS#12 files and hardware-based keys.
The `ECP` API was improved with the addition of batch operations for scalar multiplications and additions, and support for out-of-memory operations on the dedicated hardware implementation.
The `TLS` API now supports MQTT, and the logic to negotiate TLS 1.2 and 1.3 connections was improved.
The `HMAC` API was improved to make it easier to use with hardware-accelerated HMAC.
Support for the ChaCha20-Poly1305 AEAD modes was added and the `SSL_CTX_reset()` function was added to the `SSL` API.
Other changes include improvements to the `CMS` API for better compatibility, enhancements to the `ASN1` API to better reflect the `PKCS7` standard, and improvements to the `ECJPAKE` API for better interoperability.
The release also includes a range of bug fixes, including a fix to the PKCS#12 library, improved compatibility with Chromium, and improved the code to accept empty messages.
Finally, the release includes support for more compilers and operating systems, including Windows 10 on ARM.
