mbedTLS v3.0.0p1 Release Notes

Release Date: 2019-07-12 // 4 months ago

Previous changes from v2.16.2

  • Description

    🚀 Mbed TLS 2.16.2 is a maintenance release of the Mbed TLS 2.16 branch, and
    🛠 provides bug fixes and minor enhancements.

    🔒 Security

    • Make mbedtls_ecdh_get_params return an error if the second key belongs to a different group from the first. Before, if an application passed keys that belonged to different group, the first key's data was interpreted according to the second group, which could lead to either an error or a meaningless output from mbedtls_ecdh_get_params. In the latter case, this could expose at most 5 bits of the private key.

    🛠 Bugfix

    • ⚡️ Server's RSA certificate in certs.c was SHA-1 signed. In the default Mbed TLS configuration only SHA-2 signed certificates are accepted. This certificate is used in the demo server programs, which lead the client programs to fail at the peer's certificate verification due to an unacceptable hash signature. The certificate has been updated to one that is SHA-256 signed. Fix contributed by Illya Gerasymchuk.
    • Fix private key DER output in the key_app_writer example. File contents were shifted by one byte, creating an invalid ASN.1 tag. Fixed by Christian Walther in #2239.
    • 🛠 Fix potential memory leak in X.509 self test. Found and fixed by Junhwan Park, #2106.
    • ⬇️ Reduce stack usage of HKDF tests. Fixes #2195.
    • Fix 1-byte buffer overflow in mbedtls_mpi_write_string() when used with negative inputs. Found by Guido Vranken in #2404. Credit to OSS-Fuzz.
    • 🛠 Fix bugs in the AEAD test suite which would be exposed by ciphers which either used both encrypt and decrypt key schedules, or which perform padding. GCM and CCM were not affected. Fixed by Jack Lloyd.
    • Fix incorrect default port number in ssl_mail_client example's usage. Found and fixed by irwir. #2337
    • Add missing parentheses around parameters in the definition of the public macro MBEDTLS_X509_ID_FLAG. This could lead to invalid evaluation in case operators binding less strongly than subtraction were used for the parameter.
    • Add a check for MBEDTLS_X509_CRL_PARSE_C in ssl_server2, guarding the crl sni entry parameter. Reported by inestlerode in #560.
    • 🛠 Fix missing bounds checks in X.509 parsing functions that could lead to successful parsing of ill-formed X.509 CRTs. Fixes #2437.
    • 🛠 Fix multiple X.509 functions previously returning ASN.1 low-level error codes to always wrap these codes into X.509 high level error codes before returning. Fixes #2431.
    • Add DER-encoded test CRTs to library/certs.c, allowing the example programs ssl_server2 and ssl_client2 to be run if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.

    🔄 Changes

    • Return from various debugging routines immediately if the provided SSL context is unset.
    • ✂ Remove dead code from bignum.c in the default configuration. Found by Coverity, reported and fixed by Peter Kolbus (Garmin). Fixes #2309.
    • Add test for minimal value of MBEDTLS_MPI_WINDOW_SIZE to all.sh. Contributed by Peter Kolbus (Garmin).
    • Change wording in the mbedtls_ssl_conf_max_frag_len()'s documentation to improve clarity. Fixes #2258.
    • ✅ Replace multiple uses of MD2 by SHA-256 in X.509 test suite. Fixes #821.

    ⚡️ Who should update

    ⚡️ We recommend all affected users should update to take advantage of the bug
    🛠 fixes contained in this release at an appropriate point in their development
    lifecycle.