Mbed TLS is now part of TrustedFirmware.org.

Mbed TLS 2.16.0, 2.7.9 and 2.1.18 released


Mbed TLS version 2.16.0 has now been released, in addition to maintenance releases for Mbed TLS 2.7 and Mbed TLS 2.1.

Mbed TLS 2.16.0 introduces a new feature of optional parameter validation. This feature verifies and validates all parameters passed into the library, to confirm they meet the preconditions of each library function. Normally, the library does not check for invalid parameters which are no risk to the security of the library and will cause an obvious error during execution, as it's assumed this kind of issue will be picked up during development, and are unlikely to occur in normal operation. This new feature can speed up development by identifying and indicating any obvious failure in use of the library if the parameter is invalid, and by allowing users to log such errors, in test, development or usage, rather than have to work through stack traces.

Announcing Mbed TLS 2.16 Long Term Support

We are pleased to announce that Mbed TLS 2.16.0 will be the basis of our next Long Term Support branch, and will be maintained for at least 3 years up until the end of 2021.

During that time, no new features will be added to the branch, the API and ABI will be maintained, and only bug fixes will be made to maintenance releases of 2.16.0.

This is further discussed in our blog posting 'Announcing Long Term Support Branch Mbed TLS 2.16'.

End of life for Mbed TLS 2.1

Mbed TLS 2.1.0 was first shipped on 4th September 2015, and has come to the end of its life. The time has finally come to ship the last release of Mbed TLS 2.1, and Mbed TLS 2.1.18 will be the last release of the 2.1 branch.

All users of Mbed TLS 2.1 are now advised to upgrade to a later version of Mbed TLS wherever possible. There will now be no further releases of Mbed TLS 2.1.


  • (2.16.0) Add a new config.h option of MBEDTLS_CHECK_PARAMS that enables validation of parameters in the API. This allows detection of obvious misuses of the API, such as passing NULL pointers. The API of existing functions hasn't changed, but requirements on parameters have been made more explicit in the documentation. See the corresponding API documentation for each function to see for which parameter values it is defined. This feature is disabled by default. See its API documentation in config.h for additional steps you have to take when enabling it.

API Changes

  • (2.16.0) The following functions in the random generator modules have been deprecated and replaced as shown below. The new functions change the return type from void to int to allow returning error codes when using MBEDTLS_<MODULE>_ALT for the underlying AES or message digest primitive. Fixes #1798. mbedtls_ctr_drbg_update() -> mbedtls_ctr_drbg_update_ret() mbedtls_hmac_drbg_update() -> mbedtls_hmac_drbg_update_ret()
  • (2.16.0) Extend ECDH interface to enable alternative implementations.
  • (2.16.0) Deprecate error codes of the form MBEDTLS_ERR_xxx_INVALID_KEY_LENGTH for ARIA, CAMELLIA and Blowfish. These error codes will be replaced by the more generic per-module error codes MBEDTLS_ERR_xxx_BAD_INPUT_DATA.
  • (2.16.0) Additional parameter validation checks have been added for the following modules - AES, ARIA, Blowfish, CAMELLIA, CCM, GCM, DHM, ECP, ECDSA, ECDH, ECJPAKE, SHA, Chacha20 and Poly1305, cipher, pk, RSA, and MPI. Where modules have had parameter validation added, existing parameter checks may have changed. Some modules, such as Chacha20 had existing parameter validation whereas other modules had little. This has now been changed so that the same level of validation is present in all modules, and that it is now optional with the MBEDTLS_CHECK_PARAMS flag which by default is off. That means that checks which were previously present by default will no longer be.

New deprecations

  • (2.16.0) Deprecate mbedtls_ctr_drbg_update() and mbedtls_hmac_drbg_update() in favor of functions that can return an error code.


  • (2.16.0, 2.7.9, 2.1.18) Fix for Clang, which was reporting a warning for the bignum.c inline assembly for AMD64 targets creating string literals greater than those permitted by the ISO C99 standard. Found by Aaron Jones. Fixes #482.
  • (2.16.0, 2.7.9, 2.1.18) Fix runtime error in mbedtls_platform_entropy_poll() when run through qemu user emulation. Reported and fix suggested by randombit. Fixes #1212.
  • (2.16.0, 2.7.9, 2.1.18) Fix an unsafe bounds check when restoring an SSL session from a ticket. This could lead to a buffer overflow, but only in case ticket authentication was broken. Reported and fix suggested by Guido Vranken in #659.
  • (2.16.0, 2.7.9, 2.1.18) Add explicit integer to enumeration type casts to example program programs/pkey/gen_key which previously led to compilation failure on some toolchains. Reported by phoenixmcallister. Fixes #2170.
  • (2.16.0, 2.7.9, 2.1.18) Clarify documentation of mbedtls_ssl_set_own_cert() regarding the absence of check for certificate/key matching. Reported by Attila Molnar, #507.
  • (2.16.0) Fix double initialization of ECC hardware that made some accelerators hang.

Who should update

We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Download links

Get your copy here:


The hashes for mbedtls-2.16.0-apache.tgz are:

SHA-1: 407df05f1e43dd2af885dde9ea9ebae33612c48b
SHA-256: e3dab56e9093c790b7d5e0f7eb19451010fe680649d25cf1dcca9d5441669ae2

The hashes for mbedtls-2.16.0-gpl.tgz are:

SHA-1: 3df7b6f791b74361056c7e213585ba18cdef2fb8
SHA-256: c8d7a4696287cb9533c455bdd65859106dbdd4472c125194387486e6d4df2799

The hashes for mbedtls-2.7.9-apache.tgz are:

SHA-1: 70dc65f3f6f6b2392b821163be7f1f634f0012c8
SHA-256: 18e57260b46579245744adb79c2924194dad36aac38c2d0be9e749b9181c706f

The hashes for mbedtls-2.7.9-gpl.tgz are:

SHA-1: ec4348d9c0196888f1836f8edbccefd8de583ba1
SHA-256: 2f296151cfc0d32ae6c061b403533c13995c9a3e58541346e1aa2dbcdaac3627

The hashes for mbedtls-2.1.18-apache.tgz are:

SHA-1: 0cb3fcac9490f1a0a049e5893bfa27f8f299b69a
SHA-256: adfc7c9ce252fdcab4f82f46b597cfae9722679943e906e2ad10b2f25ae94ef0

The hashes for mbedtls-2.1.18-gpl.tgz are:

SHA-1: cd0b3a9b54ada0c8b20e22d297f28cbfd4b9fbc6
SHA-256: 0d2d858e1fb3f00bd78e462a7c59cba286258e1b412e1a4facb4cf8dad5490c4

Like this?




Last updated:
Dec 24, 2018


Want to stay up to date?

To sign up for Mbed TLS news, log in to or create an Mbed account and update your marketing preferences.