Description
This release of Mbed TLS provides bug fixes and minor enhancements. This release includes fixes for security issues.
Default behavior changes
- In mbedtls_rsa_context objects, the ver field was formerly documented
as always 0. It is now reserved for internal purposes and may take
different values.
Security
- Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
applications calling mbedtls_mpi_sub_abs() directly are affected:
all calls inside the library were safe since this function is
only called with |A| >= |B|. Reported by Guido Vranken in #4042. - Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
value the function might fail to write a private RSA keys of the largest
supported size.
Found by Daniel Otte, reported in #4093 and fixed in #4094,
backported in #4099. - Fix a stack buffer overflow with mbedtls_net_recv_timeout() when given a
file descriptor that is beyond FD_SETSIZE. Reported by FigBug in #4169. - Guard against strong local side channel attack against base64 tables by
making access aceess to them use constant flow code. (CVE-2021-24119)
Bugfix
- Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
is enabled, on platforms where initializing a mutex allocates resources.
This was a regression introduced in the previous release. Reported in
#4017, #4045 and #4071. - Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
twice is safe. This happens for RSA when some Mbed TLS library functions
fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
enabled on platforms where freeing a mutex twice is not safe. - Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
when MBEDTLS_THREADING_C is enabled on platforms where initializing
a mutex allocates resources. - Fix an incorrect error code if an RSA private operation glitched.
- Fix the build of sample programs when MBEDTLS_PEM_C is enabled but
MBEDTLS_CERTS_C is disabled. Reported by Michael Schuster in #4206.
Who should update
We recommend all users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.
Checksum
The SHA256 hashes for the archives are:
9a6e0b0386496fae6863e41968eb308034a74008e775a533750af483a38378d0 mbedtls-2.7.19.tar.gz
0f83d43f7de8866820d41db398b6640c8baebb358819223f9b2b3502f77db3d7 mbedtls-2.7.19.zip