ยซ Changelog History


mbedTLS v2.7.11 Release Notes

Release Date: 2019-06-19 // almost 5 years ago

  • Description

    ๐Ÿš€ Mbed TLS 2.7.11 is a maintenance release of the Mbed TLS 2.7 branch, and
    ๐Ÿ›  provides bug fixes and minor enhancements.

    ๐Ÿ”’ Security

    • Make mbedtls_ecdh_get_params return an error if the second key belongs to a different group from the first. Before, if an application passed keys that belonged to different group, the first key's data was interpreted according to the second group, which could lead to either an error or a meaningless output from mbedtls_ecdh_get_params. In the latter case, this could expose at most 5 bits of the private key.

    ๐Ÿ›  Bugfix

    • โšก๏ธ Server's RSA certificate in certs.c was SHA-1 signed. In the default Mbed TLS configuration only SHA-2 signed certificates are accepted. This certificate is used in the demo server programs, which lead the client programs to fail at the peer's certificate verification due to an unacceptable hash signature. The certificate has been updated to one that is SHA-256 signed. Fix contributed by Illya Gerasymchuk.
    • Fix private key DER output in the key_app_writer example. File contents were shifted by one byte, creating an invalid ASN.1 tag. Fixed by Christian Walther in #2239.
    • ๐Ÿ›  Fix potential memory leak in X.509 self test. Found and fixed by Junhwan Park, #2106.
    • Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when used with negative inputs. Found by Guido Vranken in #2404. Credit to OSS-Fuzz.
    • ๐Ÿ›  Fix bugs in the AEAD test suite which would be exposed by ciphers which either used both encrypt and decrypt key schedules, or which perform padding. GCM and CCM were not affected. Fixed by Jack Lloyd.
    • Fix incorrect default port number in ssl_mail_client example's usage. Found and fixed by irwir. #2337
    • Add missing parentheses around parameters in the definition of the public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation in case operators binding less strongly than subtraction were used for the parameter.
    • Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl sni entry parameter. Reported by inestlerode in #560.
    • ๐Ÿ›  Fix missing bounds checks in X.509 parsing functions that could lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
    • ๐Ÿ›  Fix multiple X.509 functions previously returning ASN.1 low-level error codes to always wrap these codes into X.509 high level error codes before returning. Fixes #2431.

    ๐Ÿ”„ Changes

    • Return from various debugging routines immediately if the provided SSL context is unset.
    • โœ‚ Remove dead code from bignum.c in the default configuration. Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
    • Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. Contributed by Peter Kolbus (Garmin).
    • Change wording in the mbedtls_ssl_conf_max_frag_len()'s documentation to improve clarity. Fixes #2258.
    • โœ… Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.
    • Improve debug output of ssl_client2 and ssl_server2 in case suitable test CRTs are available because MBEDTLS_PEM_PARSE_C is disabled. Fixes #2254.

    โšก๏ธ Who should update

    โšก๏ธ We recommend all affected users should update to take advantage of the bug
    ๐Ÿ›  fixes contained in this release at an appropriate point in their development
    lifecycle.