Skip to content

Mbed TLS 2.7.6
Compare
Choose a tag to compare
@simonbutcher simonbutcher released this 13 Sep 11:34
· 24629 commits to development since this release
mbedtls-2.7.6
eee169a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Description

Mbed TLS 2.7.6 is a maintenance release, and contains no new features. It addresses one security issue and resolves multiple defects.

Security

  • Fixed an issue in the X.509 module which could lead to a buffer overread during certificate extensions parsing. A read of one byte beyond the limit of the input buffer was made, when the extensions length field was zero. Found by Nathan Crandall.

Bugfix

  • Fixed a potential memory leak in mbedtls_ssl_setup() function. An allocation failure in the function could lead to other buffers being leaked.

  • Fixed an issue with MBEDTLS_CHACHAPOLY_C which would not compile if MBEDTLS_ARC4_C and MBEDTLS_CIPHER_NULL_CIPHER weren't also defined, and an issue with the wrong test dependencies for MBEDTLS_ARC4_C. #1890.

  • Fixed a memory leak in ecp_mul_comb() if ecp_precompute_comb() fails. Fix contributed by Espressif Systems.

  • ECC extensions are now only included if an ECC based ciphersuite is used. This improves compliance to (RFC 4492, and as a result, solves interoperability issues with BouncyCastle. Raised by milenamil in #1157.

  • Fixed a potential use-after-free issue in mbedtls_ssl_get_max_frag_len() and mbedtls_ssl_get_record_expansion() after a session reset. Fixes #1941.

  • Fixed a miscalculation of the maximum record expansion in mbedtls_ssl_get_record_expansion() when using the Chacha-Poly1305 ciphersuites or any CBC ciphersuites in (D)TLS versions 1.1 or higher. Fixes #1913 and #1914.

  • Fixed a bug that caused SSL/TLS clients to incorrectly abort the handshake with TLS versions 1.1 and earlier when the server requested authentication without providing a list of CA's (Certificate Authorities). This was due to an overly strict bounds check in parsing the CertificateRequest message, introduced in an earlier version. Fixes #1954.

  • Fixed a memory leak and free without initialization in the pk_encrypt and pk_decrypt example programs. Reported by Brace Stout. Fixes #1128.

  • Fixed undefined shifts with negative values in certificates parsing. Fixed by Catena Cyber, with credit for finding the issue to OSS-Fuzz.

Changes

  • Improved interworking with some alternative Mbed OS hardware accelerated CCM implementations by using CCM test vectors from RAM.

Who should update

We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Users of Mbed TLS 1.3 or any earlier version are recommended to upgrade to one of the maintained releases as Mbed TLS 1.3 has now reached its end-of-life.

End of life for Mbed TLS 2.1

Mbed TLS 2.1.0 was first shipped on 4th September 2015, and is nearing the end of its life. Mbed TLS 2.1 will not be supported after Autumn 2018. All users of Mbed TLS 2.1 are advised to upgrade to a later version of Mbed TLS wherever possible. The latest long-term support branch is Mbed TLS 2.7.

Assets 2