Mbed TLS 2.14.1
·
22853 commits
to development
since this release
Description
Mbed TLS 2.14.1 is a maintenance release, and contains no new features. It addresses two security issues, one of which we have issued Security Advisory 18-03 for.
Security
- Fixes timing variations and memory access variations in RSA PKCS#1 v1.5 decryption that could lead to a Bleichenbacher-style padding oracle attack. In TLS, this affects servers that accept ciphersuites based on RSA decryption (i.e. ciphersuites whose name contains RSA but not (EC)DH(E)). The issue was first discovered and raised by Eyal Ronen - Weizmann Institute, Robert Gillham - University of Adelaide, Daniel Genkin - University of Michigan, Adi Shamir - Weizmann Institute, David Wong - NCC Group, and Yuval Yarom - University of Adelaide and Data61. The attack is described in more detail in the paper, The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations. This issue has been allocated CVE-2018-19608.
- Now wipes sensitive buffers on the stack in the CTR_DRBG and HMAC_DRBG modules.
API Changes
- The new functions
mbedtls_ctr_drbg_update_ret()andmbedtls_hmac_drbg_update_ret()are similar tombedtls_ctr_drbg_update()andmbedtls_hmac_drbg_update()respectively, but the new functions report errors whereas the old functions return void. We recommend that applications use the new functions.
Who should update
We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
End of life for Mbed TLS 2.1
Mbed TLS 2.1.0 was first shipped on 4th September 2015, and is nearing the end of its life. All users of Mbed TLS 2.1 are advised to upgrade to a later version of Mbed TLS wherever possible. There will be no further releases of Mbed TLS 2.1 after 2018. The latest long-term support branch is Mbed TLS 2.7.