Maintenance releases for Mbed TLS 2.16 and Mbed TLS 2.7 are now available.
- (2.16, 2.7) Make
mbedtls_ecdh_get_paramsreturn an error if the second key belongs to a different group from the first. Before, if an application passed keys that belonged to different group, the first key's data was interpreted according to the second group, which could lead to either an error or a meaningless output from
mbedtls_ecdh_get_params. In the latter case, this could expose at most 5 bits of the private key.
- (2.16, 2.7) Server's RSA certificate in
certs.cwas SHA-1 signed. In the default Mbed TLS configuration only SHA-2 signed certificates are accepted. This certificate is used in the demo server programs, which lead the client programs to fail at the peer's certificate verification due to an unacceptable hash signature. The certificate has been updated to one that is SHA-256 signed. Fix contributed by Illya Gerasymchuk.
- (2.16, 2.7) Fix private key DER output in the
key_app_writer example. File contents were shifted by one byte, creating an invalid ASN.1 tag. Fixed by Christian Walther in #2239.
- (2.16, 2.7) Fix potential memory leak in X.509 self test. Found and fixed by Junhwan Park, #2106.
- (2.16) Reduce stack usage of HKDF tests. Fixes #2195.
- (2.16, 2.7) Fix 1-byte buffer overflow in
mbedtls_mpi_write_string()when used with negative inputs. Found by Guido Vranken in #2404. Credit to OSS-Fuzz.
- (2.16, 2.7) Fix bugs in the AEAD test suite which would be exposed by ciphers which either used both encrypt and decrypt key schedules, or which perform padding. GCM and CCM were not affected. Fixed by Jack Lloyd.
- (2.16, 2.7) Fix incorrect default port number in
ssl_mail_clientexample's usage. Found and fixed by irwir. #2337
- (2.16, 2.7) Add missing parentheses around parameters in the definition of the public macro
MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation in case operators binding less strongly than subtraction were used for the parameter.
- (2.16, 2.7) Add a check for
ssl_server2, guarding the crl sni entry parameter. Reported by inestlerode in #560.
- (2.16, 2.7) Fix missing bounds checks in X.509 parsing functions that could lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
- (2.16, 2.7) Fix multiple X.509 functions previously returning ASN.1 low-level error codes to always wrap these codes into X.509 high level error codes before returning. Fixes #2431.
- (2.16) Add DER-encoded test CRTs to
library/certs.c, allowing the example programs
ssl_client2to be run if
MBEDTLS_PEM_PARSE_Care unset. Fixes #2254.
- (2.16, 2.7) Return from various debugging routines immediately if the provided SSL context is unset.
- (2.16, 2.7) Remove dead code from
bignum.cin the default configuration. Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
- (2.16, 2.7) Add test for minimal value of
MBEDTLS_MPI_WINDOW_SIZEto all.sh. Contributed by Peter Kolbus (Garmin).
- (2.16, 2.7) Change wording in the
mbedtls_ssl_conf_max_frag_len()'s documentation to improve clarity. Fixes #2258.
- (2.16, 2.7) Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
- (2.7) Improve debug output of
ssl_server2in case suitable test CRTs are available because
MBEDTLS_PEM_PARSE_Cis disabled. Fixes #2254.
Who should update
We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Get your copy here:
The hashes for mbedtls-2.16.2-apache.tgz are:
SHA-1: ba809acfd4b41b86895b92e98d936695b5b62b73 SHA-256: a6834fcd7b7e64b83dfaaa6ee695198cb5019a929b2806cb0162e049f98206a4
The hashes for mbedtls-2.16.2-gpl.tgz are:
SHA-1: d8d65bf01ae7015a50f4b103f064a4379eff9115 SHA-256: 40d18965dd36ce0158a2b037c8c54401bad54f683f4311502518ee1a1a0b622c
The hashes for mbedtls-2.7.11-apache.tgz are:
SHA-1: 6bb5da4ed18bbdb5518e133315b63c1263f86eb2 SHA-256: da82b5959cf56b82dc70142e2b669a9f68cc76f5542739dbc7039ebcf6831d23
The hashes for mbedtls-2.7.11-gpl.tgz are:
SHA-1: 5814a00323bbfa0e8a7e19ae92ad07c42b52d3cf SHA-256: 2271090e66fae39d23d8d2361a78e34a3b27692793b491c91efe40d11452e908