Bugfix
   * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
     twice is safe. This happens for RSA when some Mbed TLS library functions
     fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
     enabled on platforms where freeing a mutex twice is not safe.
   * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
     when MBEDTLS_THREADING_C is enabled on platforms where initializing
     a mutex allocates resources.

Default behavior changes
   * In mbedtls_rsa_context objects, the ver field was formerly documented
     as always 0. It is now reserved for internal purposes and may take
     different values.