mbed 1.3.11 has been released!
This release is mainly fixing a number of outstanding issues and security fixes.
Minor features have been added to enhance functionality and usability.
Handling of the SSL_VERIFY_OPTIONAL
authmode was changed to make sure that information about keyUsage and extendedKeyUsage was properly propagated and accessible to the calling function. Just as a reminder, SSL_VERIFY_REQUIRED is the recommended security setting for
A team of security researchers dove back into the Lucky 13 issue and found potential weaknesses in SSL implementations when the attacker can execute code on the same physical machine. mbed TLS was modified to always generate a cache miss and make sure that attackers gain no information from that event. More can be read in the paper Lucky 13 strikes back.
General improvements were made in the platform layer to allow abstracting more platform-dependent functions and allow them to be replaced by macros.
Contributions were taken to improve ECC performance, and add support for Diffie-Hellman parameters that encode private value lengths.
More features can be found in the ChangeLog.
Important changes in this release include:
- Remove bias in
mpi_gen_prime(contributed by Pascal Junod).
- Remove potential sources of timing variations (some contributed by Pascal Junod).
- Options POLARSSL_HAVE_INT8 and POLARSSL_HAVE_INT16 are deprecated.
- Enabling POLARSSL_NET_C without POLARSSL_HAVE_IPV6 is deprecated.
- compat-1.2.h and openssl.h are deprecated.
- Adjusting/overriding CFLAGS and LDFLAGS with the make build system is now more flexible (warning: OFLAGS is not used any more) (see the README) (contributed by Alon Bar-Lev).
ssl_set_own_cert()no longer calls
pk_check_pair()since the performance impact was bad for some users (this was introduced in 1.3.10).
- Move from SHA-1 to SHA-256 in example programs using signatures (suggested by Thorsten Mühlfelder).
- Remove some unneeded inclusions of header files from the standard library "minimize" others (e.g. use stddef.h if only
#includelines in test files to use double quotes instead of angle brackets for uniformity with the rest of the code.
- Remove dependency on
sscanf()in X.509 parsing modules.
- Fix compile errors with PLATFORM_NO_STD_FUNCTIONS.
- Fix compile error with PLATFORM_EXIT_ALT (thanks to Rafał Przywara).
- Fix bug in entropy.c when THREADING_C is also enabled that caused
entropy_free()to crash (thanks to Rafał Przywara).
- Fix memory leak when
ccm_setkey()are used more than once on the same context.
- Fix bug in ssl_mail_client when password is longer that username (found by Bruno Pape).
- Fix undefined behaviour (
memcmp( NULL, NULL, 0 );) in X.509 modules (detected by Clang's 3.6 UBSan).
mpi_msb()would segfault when called on an mpi that is initialized but not set (found by pravic).
- Fix detection of support for getrandom() on Linux (reported by syzzer) by doing it at runtime (using uname) rather that compile time.
- Fix handling of symlinks by "make install" (found by Gaël PORTAY).
- Fix potential NULL pointer dereference (not trigerrable remotely) when
ssl_write()is called before the handshake is finished (introduced in 1.3.10) (first reported by Martin Blumenstingl).
- Fix bug in
pk_parse_key()that caused some valid private EC keys to be rejected.
- Fix bug in Via Padlock support (found by Nikos Mavrogiannopoulos).
- Fix thread safety bug in RSA operations (found by Fredrik Axelsson).
hardclock()(only used in the benchmarking program) with some versions of mingw64 (found by kxjhlele).
- Fix warnings from mingw64 in timing.c (found by kxjklele).
- Fix potential unintended sign extension in
asn1_get_len()on 64-bit platforms.
- Fix potential memory leak in
ssl_set_psk()(found by Mansour Moufid).
- Fix compile error when POLARSSL_SSL_DISABLE_RENEGOTATION and POLARSSL_SSL_SSESSION_TICKETS where both enabled in config.h (introduced in 1.3.10).
- Add missing extern "C" guard in aesni.h (reported by amir zamani).
- Add missing dependency on SHA-256 in some x509 programs (reported by Gergely Budai).
- Fix bug related to
ssl_set_curves(): the client didn't check that the curve picked by the server was actually allowed.
More details can be found in the ChangeLog.
Who should update
We advise users of mbed TLS (and PolarSSL) to update.
Get your copy here: mbedtls-1.3.11-gpl.tgz
The hashes for mbedtls-1.3.11-gpl.tgz are:
SHA-1 : 3948084c9d3312b381d458b06d9a2066c3cc0184 SHA-256: 67a593027b6a442a4fa5b6c224c4ac8cdae5be721f5a28a11d34f10dcda441cb