Encryption libraries, PolarSSL is moving to Apache license

It was announced recently that the PolarSSL cryptography library has been acquired by ARM, the CPU manufacturers.

They’re ramping up development and rebranding it to ‘mbed TLS’ as part of their embedded systems / internet of things plans.

Previously this very useful and professionally written library was available free of charge only to open source developers, now ARM have taken over the company they’re changing it over to the Apache 2.0 license which means anyone can use it in their commercial products without paying thousands of dollars in licensing fees.

This is a big development because it’s a professionally written, open and pretty comprehensive crypto library and now backed by a huge company.

The library provides a lot of functionality which isn’t available in Xojo at the moment without using external dlls/dylibs.

Some simple C programs can expose all the functionality of PolarSSL to Xojo using declares and passing pointers to memoryblocks. I’ve done some test programming on this and got the ECC + Diffie Hellman key exhange protocol along with AES256 encryption working in a Xojo project with just a few small wrapper functions, this can be used for perfect forward secrecy using the modern ECC methods with their smaller keys as opposed to the older and apparently slower RSA system. I note that PolarSSL supports RSA as well.

This library supports Elliptic Curve Cryptography with a large number of curves, not just the standard NIST approved curves but a whole bunch of other more recent curves as well. It also provides ECDH functionality, has its own mpi / big integer implementation and whole host of other things that most people would never use.

I have a feeling that this will take PolarSSL / mbed TLS as it’s now known to the masses once it’s free to use for everyone in the commercial world. I also suspect that the days of OpenSSL are numbered due to developments like this.

The good thing about this library is that it’s written in ANSI C89 with on exception being stdint.h which compiles pretty much anywhere (32 and 64 bit) so it already works on all Mac, Windows and Linux operting systems along with a whole bunch of embedded platforms.

So why am I posting this ? It’s more of a general information post so commercial developers are aware of this recent change over at PolarSSL. Also I think it would be a good for Xojo to consider natively supporting this mbed TLS crypto library which would greatly add to the functionality of the Crypto module. I believe the licensing changes ARM are introducing will make this possible but I guess that’s a matter for the lawyers.

Edit: Link to announcement by ARM http://www.arm.com/about/newsroom/arm-buys-leading-iot-security-company-offspark-as-it-expands-its-mbed-platform.php

We have to wait to know how to get our own libs on the iPhone. Then we can look into this.