Skip to content

Mbed TLS 2.16.1
Compare
Choose a tag to compare
@Patater Patater released this 27 Mar 13:11
· 24150 commits to development since this release
mbedtls-2.16.1
9f4f8ee

Description

Mbed TLS 2.16.1 is a maintenance release of the Mbed TLS 2.16 branch, and provides bug fixes and minor enhancements.

Features

Bugfix

  • Fix a compilation issue with mbedtls_ecp_restart_ctx not being defined when MBEDTLS_ECP_ALT is defined. Reported by jwhui. Fixes #2242.
  • Run the AD too long test only if MBEDTLS_CCM_ALT is not defined. Raised as a comment in #1996.
  • Reduce the stack consumption of mbedtls_mpi_fill_random() which could previously lead to a stack overflow on constrained targets.
  • Add MBEDTLS_SELF_TEST for the mbedtls_self_test functions in the header files, which missed the precompilation check. #971
  • Fix clobber list in MIPS assembly for large integer multiplication. Previously, this could lead to functionally incorrect assembly being produced by some optimizing compilers, showing up as failures in e.g. RSA or ECC signature operations. Reported in #1722, fix suggested by Aurelien Jarno and submitted by Jeffrey Martin.
  • Fix signed-to-unsigned integer conversion warning in X.509 module. Fixes #2212.
  • Reduce stack usage of mpi_write_hlp() by eliminating recursion. Fixes #2190.
  • Remove a duplicate #include in a sample program. Fixed by Masashi Honma #2326.
  • Remove the mbedtls namespacing from the header file, to fix a "file not found" build error. Fixed by Haijun Gu #2319.
  • Fix returning the value 1 when mbedtls_ecdsa_genkey() failed.
  • Fix false failure in all.sh when backup files exist in include/mbedtls (e.g. config.h.bak). Fixed by Peter Kolbus (Garmin) #2407.
  • Ensure that unused bits are zero when writing ASN.1 bitstrings when using mbedtls_asn1_write_bitstring().
  • Fix issue when writing the named bitstrings in KeyUsage and NsCertType extensions in CSRs and CRTs that caused these bitstrings to not be encoded correctly as trailing zeroes were not accounted for as unused bits in the leading content octet. Fixes #1610.

Changes

  • Include configuration file in all header files that use configuration, instead of relying on other header files that they include. Inserted as an enhancement for #1371
  • Add support for alternative CSR headers, as used by Microsoft and defined in RFC 7468. Found by Michael Ernst. Fixes #767.
  • Fix configuration queries in ssl-opt.h. #2030
  • Ensure that ssl-opt.h can be run in OS X. #2029
  • Reduce the complexity of the timing tests. They were assuming more than the underlying OS actually guarantees.
  • Re-enable certain interoperability tests in ssl-opt.sh which had previously been disabled for lack of a sufficiently recent version of GnuTLS on the CI.
  • Ciphersuites based on 3DES now have the lowest priority by default when they are enabled.

Who should update

We recommend all affected users should update to take advantage of the bug fixes contained in this release at an appropriate point in their development lifecycle.

Assets 2
Loading