Description
This release of Mbed TLS provides bug fixes and minor enhancements.
Mbed TLS 2.28 is a long-time support branch. It will be supported with bug-fixes and security fixes until end of 2024.
Security Advisories
There are no security advisories for this release.
Release Notes
Features
- Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
setting the CMake variable of the same name at configuration time.
Bugfix
- Fix crypt_and_hash decryption fail when used with a stream cipher
mode of operation, due to the input not being a multiple of the block
size. Resolves #7417. - Fix a bug where mbedtls_x509_string_to_names() would return success
when given a invalid name string, if it did not contain '=' or ','. - Fix missing PSA initialization in sample programs when
MBEDTLS_USE_PSA_CRYPTO is enabled. - Fix clang and armclang compilation error when targeting certain Arm
M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
SecurCore SC000). Fixes #1077. - Fixed an issue that caused compile errors when using CMake and the IAR
toolchain. - Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
- Fix builds on Windows with clang.
- Fix compilation warnings in aes.c for certain combinations
of configuration options. - Fix a compilation error on some platforms when including mbedtls/ssl.h
with all TLS support disabled. Fixes #6628.
Changes
- Update test data to avoid failures of unit tests after 2023-08-07, and
update expiring certififcates in the certs module.
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Checksum
The SHA256 hashes for the archives are:
578c4dcd15bbff3f5cd56aa07cd4f850fc733634e3d5947be4f7157d5bfd81ac mbedtls-2.28.4.tar.gz
c325bce754bcd26ae45af8fa38f67dcd45d2e23784cf818c4c97694903add530 mbedtls-2.28.4.zip