mbed TLS version 2.2.1 has been released, as well as maintenance releases of stable branches, mbed TLS 2.1.4 and 1.3.16, and PolarSSL 1.2.19.
mbed TLS version 2.2.1 addresses a non-remotely exploitable security issue, strengthens security defaults, and fixes a few bugs. Each maintenance release contains backports of the relevant fixes.
- (2.2, 2.1, 1.3) Fixes a potential double free when
mbedtls_asn1_store_named_data()fails to allocate memory. This was only used for certificate generation and was not triggerable remotely in SSL/TLS. The original issues was found by Rafał Przywara, in #367
- (2.2, 2.1, 1.3) Disables by default MD5 handshake signatures in TLS 1.2 to prevent the SLOTH attack on TLS 1.2 server authentication (other attacks from the SLOTH paper do not apply to any version of mbed TLS or PolarSSL).
- (2.2, 2.1, 1.3) Fixes an over-restrictive length limit in GCM. Found by Andreas-N. #362
- (all branches) Fixes a bug in certificate validation that caused valid chains to be rejected when the first intermediate certificate has a pathLenConstraint equal to zero. Found by Nicholas Wilson and introduced in the previous release. #280
- (all branches) Removed potential leak in
mbedtls_rsa_rsassa_pkcs1_v15_sign(), found by JayaraghavendranK.
- (2.2, 2.1) Fixes suboptimal handling of unexpected records that caused interop issues with some peers over unreliable links. We now avoid dropping an entire DTLS datagram if a single record in a datagram is unexpected, and instead only drop the record and look at subsequent records (if any are present) in the same datagram. Found by jeannotlapin. #345
- (1.3) Added
POLARSSL_SSL_ENABLE_MD5_SIGNATURESto control use of MD5-based signatures for TLS 1.2 handshake (disabled by default).
Who should update
Users affected by one of the issues should update.
Users of the PolarSSL 1.2 branch are urged to upgrade to one of the maintained branches as 1.2 is now end-of-life and will no longer receive security fixes.
Get your copy here:
The hashes for files/mbedtls-2.2.1-apache.tgz are:
SHA-1: d2ff60fad7191dbb5b81ff6c22769964e5a7d53d SHA-256: 6ddd5ca2e7dfb43d2fd750400856246fc1c98344dabf01b1594eb2f9880ef7ce
The hashes for files/mbedtls-2.2.1-gpl.tgz are:
SHA-1: 513f8cd8afd82e3181ab742eefcfe32fc1a4594d SHA-256: bb1bffa3ac5ab143be2aae3d45a7a92b36112888ef465024d83724865fe62974
The hashes for files/mbedtls-2.1.4-apache.tgz are:
SHA-1: de4e18e55b8b933540e4eda4cb73dac5ceecd9fe SHA-256: ee61c4a782a50e69802605f86eda9eb77d3606f4c7d88f70642053df683b4365
The hashes for files/mbedtls-2.1.4-gpl.tgz are:
SHA-1: a2d745da5ae025509b459b1e78eb090f7251d3ff SHA-256: 113384533b02cfdbbdf0994132b28911ef97c5e71507cec76ead571f984db991
The hashes for files/mbedtls-1.3.16-gpl.tgz are:
SHA-1: 775486e7af1112bbc623f122353e48cb3a8f76a9 SHA-256: f413146c177c52d4ad8f48015e2fb21dd3a029ca30a2ea000cbc4f9bd092c933
The hashes for files/polarssl-1.2.19-gpl.tgz are:
SHA-1: ea77f5c61b0ba9ae0a033fdb0260b87cb812d5b5 SHA-256: 24cb1608a160101ead3c7240f35fc447fe7880cd60f7ed6c9db7a1d773ccd4b8