mbed TLS 2.3.0, 2.1.5 and 1.3.17 released
mbed TLS version 2.3.0 has been released, as well as maintenance releases of stable branches, mbed TLS 2.1.5 and 1.3.17.
mbed TLS version 2.3.0 addresses three security issues, two of which are not exploitable remotely, strengthens security defaults, and fixes a few bugs. Each maintenance release contains backports of the relevant fixes.
- (2.3, 2.1, 1.3) Fixed missing padding length check required by PKCS1 v2.2 in
mbedtls_rsa_rsaes_pkcs1_v15_decrypt(). (considered low impact)
- (2.3, 2.1, 1.3) Fixed potential integer overflow to buffer overflow in
mbedtls_rsa_rsaes_oaep_encrypt(). (not triggerable remotely in (D)TLS).
- (2.3, 2.1, 1.3) Fixed potential integer underflow to buffer overread in
mbedtls_rsa_rsaes_oaep_decrypt(). It is not triggerable remotely in SSL/TLS.
- (2.3, 2.1) Support for platform abstraction of the standard C library
- (2.3) Support for seeding the entropy source from non-volatile storage.
- (2.3) Support for non-secure testing on targets without strong entropy source implemented.
- (2.3, 2.1, 1.3) Fixed bug in
mbedtls_mpi_add_mpi()that caused wrong results when the three arguments were the same (in-place doubling). #309
- (2.3) Fixed potential build failures related to the 'apidoc' target, introduced in the previous patch release. Found by Robert Scheck. #390 #391
- (2.3, 2.1, 1.3) Fixed issue in Makefile that prevented building using armar. #386
- (2.3) Fixed memory leak that occured only when ECJPAKE was enabled and ECDHE and ECDSA was disabled in
config.h. The leak didn't occur by default.
- (2.3) Fixed issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate in the trusted certificate list.
- (2.3, 2.1) Fixed bug in
mbedtls_x509_crt_parse()that caused trailing extra data in the buffer after DER certificates to be included in the raw representation.
- (2.3, 2.1, 1.3) Fixed issue that caused a hang when generating RSA keys of odd bitlength.
- (2.3, 2.1, 1.3) Fixed bug in
mbedtls_rsa_rsaes_pkcs1_v15_encrypt()that made null pointer dereference possible.
- (2.3, 2.1, 1.3) Fixed issue that caused a crash if invalid curves were passed to
- (2.3, 2.1) Fixed issue in
ssl_fork_server()which was preventing it from functioning. #429
- (2.3) Fixed memory leaks in test framework.
- (2.3) Fixed test in ssl-opt.sh that does not run properly with valgrind.
- (2.3, 2.1, 1.3) On ARM platforms, when compiling with
-O0with GCC, Clang or armcc5, don't use the optimized assembly for bignum multiplication. This removes the need to pass
-fomit-frame-pointerto avoid a build error with
- (2.3, 2.1, 1.3) Disabled SSLv3 in the default configuration.
- (2.3) Optimized
mbedtls_mpi_zeroize()for MPI integer size. (Fix by Alexey Skalozub).
- (2.3, 2.1) Fix non-compliance server extension handling. Extensions for SSLv3 are now ignored, as required by RFC6101.
Who should update
Users affected by one of the issues should update.
Users who want to use the new features should update.
Users of the PolarSSL 1.2 branch are urged to upgrade to one of the maintained branches as 1.2 is now end-of-life and will no longer receive security fixes.
Get your copy here:
The hashes for files/mbedtls-2.3.0-apache.tgz are:
SHA-1: 85fa4e61849646561a4d1f584fac3bf811db6066 SHA-256: 590734c8bc8b3ac48e9123d44bf03562e91f8dce0d1ac2615c318c077f3215b2
The hashes for files/mbedtls-2.3.0-gpl.tgz are:
SHA-1: c56d2743a2158fccbf5536d18a11196eca76fc76 SHA-256: 21237014f779bde70b2d71399cc1ea53365eb7f10cdd74a13ee6329a1910cb49
The hashes for files/mbedtls-2.1.5-apache.tgz are:
SHA-1: 770a64a07e0f67546a3007dd865a180b54377a0a SHA-256: dcf59264a5272ac768aec83026cf63dd9253742948ae4548c7d52ddd636ac980
The hashes for files/mbedtls-2.1.5-gpl.tgz are:
SHA-1: 6c893be2df995916ca555f646d022c2cdc1d7c8e SHA-256: 119ff3ee2788a2c5f0604b247bdffd401c439c8e551561cbb4b1f9d3a21a120d
The hashes for files/mbedtls-1.3.17-gpl.tgz are:
SHA-1: f6e6d0e08e4425e0cbd141dd007541fedfff2a3e SHA-256: f5beb43e850283915e3e0f8d37495eade3bfb5beedfb61e7b8da70d4c68edb82