Mbed TLS is now part of TrustedFirmware.org.

PolarSSL 1.3.3 released


Our parting gift for the year 2013: PolarSSL 1.3.3!

We'd really like to thank everybody for the great year we had! Loads of new features, great feedback from our users and the energy to push even further in 2014!

This feature release adds a bunch of new features, improvements and fixes.


On the feature-front this release introduces support for:

  • new cryptographic constants, such as Curve25519, and the ECDH-RSA and ECDH-ECDSA key exchange methods and ciphersuites. optional optimizations for speeding up the NIST MODP elliptic curves.
  • AES-NI

Furthermore we've added support for EC key generation in the gen_key application.


Our ECP curves module now includes Curve25519, thus allowing you to perform operations with it.


Based on requests from our users we've added the non-ephemeral version of the ECDH key exchanges to our capabilities as well. The full list of supported ciphersuites and key exchanged can be seen in our (overview of supported ciphersuites).

AES-NI support

We've incorporated support for AES-NI in our AES and GCM modules.

As a result we had a major speedup of our AES-GCM performance numbers:

cipher          (1)     (2)
AES-GCM-128     22      13      cycles/byte
AES-GCM-192     23      14      cycles/byte
AES-GCM-256     25      15      cycles/byte

(1) is without AES-NI support at all
(2) is with full AES-NI support (AES + GCM tag)


Internally we introduced optimizations to speed up prime generation in mpi_gen_prime() and ECP multiplications in addition to reducing the memory used in the ECP module.

ECP memory optimizations

The operational memory used within the ECP module for storing the used curves and performing operations has been reduced. So the improvement on a 64-bit platform with 521-bit curves is:

1.3.2:    86k
1.3.2bis: 38k
1.3.3:    16k

1.3.2:    all default values
1.3.2bis: new default values for windows size and such in ECP module
1.3.3:    curve to ROM and memory optimizations

Also on 32-bits, here are the numbers for 256-bit curves, with default config and with minimal memory usage:

default: 4.7k
minimal: 1.8k

ECP Multiplication speed-up

In this version we introduce a time-memory trade-off for ECP multiplications, which speeds up ECDSA and ECDH(E).

Our before and after:

ECDSA-secp521r1 : 192 ->  566 sign/s
ECDSA-secp521r1 :  92 ->  135 verify/s
ECDSA-secp384r1 : 287 ->  837 sign/s
ECDSA-secp384r1 : 138 ->  198 verify/s
ECDSA-secp256r1 : 445 -> 1126 sign/s
ECDSA-secp256r1 : 210 ->  293 verify/s

ECDHE-secp521r1 :  93 ->  141 handshake/s
ECDH-secp521r1  : 171 ->  183 handshake/s
ECDHE-secp384r1 : 136 ->  210 handshake/s
ECDH-secp384r1  : 250 ->  267 handshake/s
ECDHE-secp256r1 : 211 ->  305 handshake/s
ECDH-secp256r1  : 382 ->  407 handshake/s

Bug fixes

Fixes include:

  • Potential memory leaks in corner cases
  • Fixed x509_crt_parse_path() bug on Windows platforms
  • Fixed bug in mpi_set_bit() on platforms where t_uint is wider than int
  • Fixed X.509 hostname comparison (with non-regular characters)
  • SSL now gracefully handles missing RNG
  • crypt_and_hash app checks MAC before final decryption


A possible remotely-triggered out-of-bounds memory access was fixed as well. This issue was found by the great team at TrustInSoft!

Who should update

We advise users of PolarSSL to update if they:

  • want to have faster ECP / ECDSA / ECDHE / AES / AES-GCM
  • want to use less memory in the ECP modules
  • want to play with Curve25519
  • need to support EDCH-RSA or ECDH-ECDSA ciphersuites

Download links

Get your copy here: polarssl-1.3.3-gpl.tgz


The hashes for polarssl-1.3.3-gpl.tgz are:

SHA-1  : c1072e97b21e94721b8d37509a589ea10249fdbd
SHA-256: 597d229876af8c962b14c98450ef2669bed3c639ba82762bd01488e094a23f93

Like this?




Last updated:
Dec 31, 2013


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.