|
1 | 1 | mbed TLS ChangeLog (Sorted per branch, date) |
2 | 2 |
|
| 3 | += mbed TLS 2.16.12 branch released 2021-12-17 |
| 4 | + |
| 5 | +Security |
| 6 | + * Zeroize several intermediate variables used to calculate the expected |
| 7 | + value when verifying a MAC or AEAD tag. This hardens the library in |
| 8 | + case the value leaks through a memory disclosure vulnerability. For |
| 9 | + example, a memory disclosure vulnerability could have allowed a |
| 10 | + man-in-the-middle to inject fake ciphertext into a DTLS connection. |
| 11 | + * Fix a double-free that happened after mbedtls_ssl_set_session() or |
| 12 | + mbedtls_ssl_get_session() failed with MBEDTLS_ERR_SSL_ALLOC_FAILED |
| 13 | + (out of memory). After that, calling mbedtls_ssl_session_free() |
| 14 | + and mbedtls_ssl_free() would cause an internal session buffer to |
| 15 | + be free()'d twice. |
| 16 | + |
| 17 | +Bugfix |
| 18 | + * Stop using reserved identifiers as local variables. Fixes #4630. |
| 19 | + * The GNU makefiles invoke python3 in preference to python except on Windows. |
| 20 | + The check was accidentally not performed when cross-compiling for Windows |
| 21 | + on Linux. Fix this. Fixes #4774. |
| 22 | + * Mark basic constraints critical as appropriate. Note that the previous |
| 23 | + entry for this fix in the 2.16.10 changelog was in error, and it was not |
| 24 | + included in the 2.16.10 release as was stated. |
| 25 | + Make 'mbedtls_x509write_crt_set_basic_constraints' consistent with RFC |
| 26 | + 5280 4.2.1.9 which says: "Conforming CAs MUST include this extension in |
| 27 | + all CA certificates that contain public keys used to validate digital |
| 28 | + signatures on certificates and MUST mark the extension as critical in |
| 29 | + such certificates." Previous to this change, the extension was always |
| 30 | + marked as non-critical. This was fixed by #4044. |
| 31 | + * Fix missing constraints on x86_64 assembly code for bignum multiplication |
| 32 | + that broke some bignum operations with (at least) Clang 12. |
| 33 | + Fixes #4116, #4786, #4917. |
| 34 | + * Failures of alternative implementations of AES or DES single-block |
| 35 | + functions enabled with MBEDTLS_AES_ENCRYPT_ALT, MBEDTLS_AES_DECRYPT_ALT, |
| 36 | + MBEDTLS_DES_CRYPT_ECB_ALT or MBEDTLS_DES3_CRYPT_ECB_ALT were ignored. |
| 37 | + This does not concern the implementation provided with Mbed TLS, |
| 38 | + where this function cannot fail, or full-module replacements with |
| 39 | + MBEDTLS_AES_ALT or MBEDTLS_DES_ALT. Reported by Armelle Duboc in #1092. |
| 40 | + * Some failures of HMAC operations were ignored. These failures could only |
| 41 | + happen with an alternative implementation of the underlying hash module. |
| 42 | + * Fix the build of sample programs when neither MBEDTLS_ERROR_C nor |
| 43 | + MBEDTLS_ERROR_STRERROR_DUMMY is enabled. |
| 44 | + * Fix a bug in mbedtls_gcm_starts() when the bit length of the iv |
| 45 | + exceeds 2^32. Fixes #4884. |
| 46 | + * Fix the build when no SHA2 module is included. Fixes #4930. |
| 47 | + * Fix the build when only the bignum module is included. Fixes #4929. |
| 48 | + * Fix a potential invalid pointer dereference and infinite loop bugs in |
| 49 | + pkcs12 functions when the password is empty. Fix the documentation to |
| 50 | + better describe the inputs to these functions and their possible values. |
| 51 | + Fixes #5136. |
| 52 | + |
| 53 | +Changes |
| 54 | + * Improve the performance of base64 constant-flow code. The result is still |
| 55 | + slower than the original non-constant-flow implementation, but much faster |
| 56 | + than the previous constant-flow implementation. Fixes #4814. |
| 57 | + |
3 | 58 | = mbed TLS 2.16.11 branch released 2021-07-07 |
4 | 59 |
|
5 | 60 | Security |
|
0 commit comments