Description
This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues.
Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024.
Security Advisories
For full details, please see the following links:
Release Notes
Security
- Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does
not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when
MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
CVE-2024-45157
Bugfix
- Fix the build in some configurations when check_config.h is not included.
Fix #9152. - Fix issue of redefinition warning messages for _GNU_SOURCE in
entropy_poll.c and sha_256.c. There was a build warning during
building for linux platform.
Resolves #9026 - Fix error handling when creating a key in a dynamic secure element
(feature enabled by MBEDTLS_PSA_CRYPTO_SE_C). In a low memory condition,
the creation could return PSA_SUCCESS but using or destroying the key
would not work. Fixes #8537. - Fix a memory leak that could occur when failing to process an RSA
key through some PSA functions due to low memory conditions. - Document and enforce the limitation of mbedtls_psa_register_se_key()
to persistent keys. Resolves #9253.
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Note
❕
mbedtls-2.28.9.tar.bz2are our official release files.source.tar.gzandsource.zipare automatically generated snapshot's that github is generating. They do not include external dependencies, and can't be configured
Checksum
The SHA256 hashes for the archives are:
e85ea97aaf78dd6c0a5ba2e54dd5932ffa15f39abfc189c26beef7684630c02b mbedtls-2.28.9.tar.bz2