Skip to content

mbed-os-5.15.2
Compare
Choose a tag to compare
@adbridge adbridge released this 15 Apr 14:40
· 6965 commits to master since this release
mbed-os-5.15.2
565ab14
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

We are pleased to announce the Mbed OS 5.15.2 release is now available.

Summary

This latest patch release for the 5.15 branch continues to add support for our partners and customers needs whilst we continue to prepare for the next major version of Mbed OS.
It contains a branch specific Nanostack release to fix a number of outstanding issues, some important TLS updates and bootloader support for RZ_A1H and GR_LYCHEE. There are also a number of other essential fixes.

Please note that this release is NOT currently supported by the official Mbed OS examples or the online compiler.

Migration Guide

This section lists specific changes which are part of this release and may need special attention.

Upgrade to Mbed TLS 2.21.0 and Mbed Crypto 3.1.0

12767

Summary of changes

Upgrade to Mbed TLS 2.21.0 and Mbed Crypto 3.1.0

Impact of changes

  • Security fix for https://nvd.nist.gov/vuln/detail/CVE-2019-18222, without dropping Mbed TLS features by reverting back to an older LTS version of Mbed TLS (2.16.x). This requires bumping the version of Mbed Crypto to 3.1.0, which brings along with it an API break in the experimental PSA APIs

Migration actions required

What behavior changes are being made?
For security and NIST SP 800-90A compliance reasons, CTR DRBG now grabs a nonce from the entropy source if needed to provide the maximum security strength. A previously unused-before-seeding member of the CTR DRBG context, mbedtls_ctr_drbg_context::reseed_counter, is used to hold the number of bytes the user has requested to include from the nonce via mbedtls_ctr_drbg_set_nonce_len(), or -1 to indicate that the entropy nonce length was not set explicitly. This means applications that were depending on a reseed_counter value of 0 to mean "not yet seeded" will need to instead handle errors from calls to mbedtls_ctr_drbg_seed().

What is being deprecated?
A few PSA Crypto asymmetric cryptography functions and macros, key usage definitions, and error code definitions have been renamed to better reflect their operation and to improve readability.

Why is this being deprecated?
The PSA Crypto API continues to develop as it heads towards its 1.0 release. Mbed Crypto 3.0.0d0 implements more of PSA Crypto 1.0b3 than was implemented in Mbed Crypto 2.x, and this brings along some API deprecations.

Mbed Crypto includes backwards compatibility macros (by way of psa/crypto_compat.h) to provide source-level backwards compatibility, although it's recommended to stop using the deprecated APIs as soon as you are able to.

Migration
To avoid using deprecated APIs, users of PSA Crypto should update to the new version of API.

Old New
psa_asymmetric_sign() psa_sign_hash()
psa_asymmetric_verify() psa_verify_hash()
PSA_ASYMMETRIC_SIGNATURE_MAX_SIZE() PSA_SIGNATURE_MAX_SIZE()
PSA_ASYMMETRIC_SIGN_OUTPUT_SIZE() PSA_SIGN_OUTPUT_SIZE()
PSA_KEY_USAGE_SIGN PSA_KEY_USAGE_SIGN_HASH
PSA_KEY_USAGE_VERIFY PSA_KEY_USAGE_VERIFY_HASH
PSA_ERROR_UNKNOWN_ERROR PSA_ERROR_GENERIC_ERROR
PSA_ERROR_OCCUPIED_SLOT PSA_ERROR_ALREADY_EXISTS
PSA_ERROR_EMPTY_SLOT PSA_ERROR_DOES_NOT_EXIST
PSA_ERROR_INSUFFICIENT_CAPACITY PSA_ERROR_INSUFFICIENT_DATA
PSA_ERROR_TAMPERING_DETECTED PSA_ERROR_CORRUPTION_DETECTED

Known Issues

There are no new known issues with this release.

Contents

Ports for Upcoming Targets

Fixes and Changes

12780
Cypress: Remove CYSBSYSKIT_01 from 5.15

12776
Update stm32 emac ethernet driver

12771
Cypress: Partial backport of #12769

12767
Upgrade to Mbed TLS 2.21.0 and Mbed Crypto 3.1.0

12753
Cypress: Backport PRs from 6.0 to 5.15.2

12727
USBMSD security updates (bp #12693)

12724
RZ_A1H and GR_LYCHEE: Enable bootloader support (Mbed OS 5.15)

12723
Mbedtls fixes for 5.15.2

12717
Add fix for STM32F4 hardfault in sleep mode

12653
Fix issue when TDBStore has varying erase sizes between areas. (Backport)

12650
Cellular: ALT1250 PPP cellular driver for mbed-os 5.15

12485
Nanostack release for Mbed OS 5.15

Using this release

You can fetch this release from the mbed-os GitHub repository, using the tag "mbed-os-5.15.2".

If you need any help with this release please visit our support page, which provides reference links and details of our support channels.

Assets 2
Loading