Releases: aws/aws-lc
Releases · aws/aws-lc
v1.56.0
What's Changed
- Export BIO_f_md for consumers by @samuel40791765 in #2515
- Remove obsolete python main patch by @WillChilds-Klein in #2522
- Remove redundant conditions by @torben-hansen in #2523
- ci: Add GitHub user ID 159580656 to CI allowlist by @kingstjo in #2530
- fix: Update Clang version from 18 to 19 in Windows workflow by @kingstjo in #2529
- Implement pkcs8 cli by @kingstjo in #2342
- Export BF_cfb64_encrypt by @samuel40791765 in #2525
- cpu_ppc64le.c: fix build on FreeBSD by @pkubaj in #2520
- Add prikhap to allow list for CI by @samuel40791765 in #2533
- Add pkey command to CLI tool by @smittals2 in #2519
- Improve OpenSSL compatibility by @justsmth in #2540
- Fix PKCS12 Error Code by @smittals2 in #2538
- Use SP 800-56Arev3 Section 5.6.2.1.4.b instead of ECDSA PCT method by @torben-hansen in #2536
- Fix python main diff after upstream PR 135402 merge by @WillChilds-Klein in #2542
- Minimize the nginx patch even further by @samuel40791765 in #2537
- Add LC contributors to allowlist by @nhatnghiho in #2547
- Align -help return codes in tool-openssl CLI to match Openssl by @smittals2 in #2543
- Dynamically link AWS-LC in cpython integration tests by @WillChilds-Klein in #2545
- Add missing x509 CI to list of tests by @nhatnghiho in #2548
- CI for mingw64 and ucrt64 w/ msys2 by @justsmth in #2502
- docs: Add FIPS documentation to BUILDING.md and README.md by @dougch in #2387
- Prepare Docker images for upcoming CI changes by @nhatnghiho in #2475
- Implement SSL_CTX_set_client_hello_cb for ClientHello callback by @justsmth in #2490
- tool-openssl: Fix warning 'strnlen' specified bound 4096 exceeds source size 128 by @skmcgrail in #2556
- Pull in SSL_get_negotiated_group and TLSEXT_nid_unknown from upstream by @samuel40791765 in #2558
- Document non-support of TLS 1.3 PHA by @justsmth in #2560
- Remove nsym-related CI by @justsmth in #2566
- Implement SSL_set_verify_result by @nhatnghiho in #2526
- Revert "Implement SSL_set_verify_result (#2526)" by @nhatnghiho in #2569
- Prepare AWS-LC v1.56.0 by @samuel40791765 in #2563
Full Changelog: v1.55.0...v1.56.0
Contributors
skmcgrail, WillChilds-Klein, and 8 other contributors
Assets 2
v1.55.0
What's Changed
- Add SSL_CTRL defines for SSL_*_tlsext_status_type by @samuel40791765 in #2496
- Implement HMAC over SHA3 truncated variants by @WillChilds-Klein in #2484
- Temporarily allowlist the webhook actors to AWS-LC by @dkostic in #2514
- Rework memory BIOs and implement BIO_seek (3rd try) by @nhatnghiho in #2472
- Silence GCC 15 warning for uninitialized variable by @torben-hansen in #2517
- s2n-bignum: Add prefix header to _s2n_bignum_internal.h by @hanno-becker in #2510
- Prepare AWS-LC v1.55.0 by @WillChilds-Klein in #2521
Full Changelog: v1.54.0...v1.55.0
Contributors
WillChilds-Klein, samuel40791765, and 4 other contributors
Assets 2
v1.54.0
What's Changed
- Rename SSL test files to match Scrutinice filter by @nhatnghiho in #2491
- Order tool output by options provided - x509 by @justsmth in #2454
- Fix Console Test Suite Execution Locally by @smittals2 in #2493
- Re-remove afunix.h by @justsmth in #2495
- Note a couple of typoed struct names that we'll leave alone. by @justsmth in #2499
- Document that EVP_PKEY_CTX_set_rsa_keygen_pubexp takes ownership by @justsmth in #2503
- Remove sys headers from bio.h by @samuel40791765 in #2508
- rwlock race tests is not a GoogleTest executable by @torben-hansen in #2509
- Add two new APIs to expose TLS 1.3 traffic secrets for kTLS by @skmcgrail in #2506
- Intentionally redefine iovec in headers as CI by @samuel40791765 in #2512
Full Changelog: v1.53.1...v1.54.0
Contributors
skmcgrail, samuel40791765, and 4 other contributors
Assets 2
v1.53.1
What's Changed
- Add timeouts to PQ TLS Integ Tests by @alexw91 in #2464
- Split ssl handshake tests by @justsmth in #2489
- Add password prompting support & EVP_read_pw_string by @smittals2 in #2419
- Impl BIO_ADDR_xxx functions by @justsmth in #2439
- Update mlkem-native to v1 by @hanno-becker in #2451
- Prepare v1.53.1 by @justsmth in #2492
Full Changelog: v1.53.0...v1.53.1
Contributors
alexw91, hanno-becker, and 2 other contributors
Assets 2
v1.53.0
What's Changed
- Add build with hardened flag by @m271828 in #2396
- Openssl tool output ordered by options provided by @justsmth in #2452
- [SCRUTINICE] Remove redundant condition check by @nhatnghiho in #2450
- Support relro in delocator by @torben-hansen in #2455
- Explicitly don't allow buffers aliasing in ctr-drbg implementation by @torben-hansen in #2458
- Remove unused Windows afunix.h by @justsmth in #2461
- Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)" by @justsmth in #2466
- Use max_cert_list for TLSv1.3 NewSessionTicket by @skmcgrail in #2453
- ML-KEM memory safety by @m271828 in #2263
- Simplify Compiler CI jobs by @justsmth in #2430
- Improve support for multilib-style distros in our test scripts by @justsmth in #2467
- Fix Ruby mainline and nginx CI by @samuel40791765 in #2460
- Add hardened build back in by @m271828 in #2474
- Fix OCSP integration test failures by @samuel40791765 in #2480
- Fix some theoretical missing earlyclobber markers in inline assembly by @torben-hansen in #2477
- Simplify sshkdf and kbkdf by @torben-hansen in #2478
- Run 3p module tests on python 3.13, add patch for 3.14 by @WillChilds-Klein in #2476
- [UPSTREAM] Fix BIO_eof for BIO pairs by @justsmth in #2440
- Fix service indicator in HKDF, more paranoid zeroization, and simplify logic by @torben-hansen in #2482
- Prepare v1.53.0 by @justsmth in #2471
New Contributors
Full Changelog: v1.52.1...v1.53.0
Contributors
skmcgrail, WillChilds-Klein, and 5 other contributors
Assets 2
v1.52.1
What's Changed
- Increase default salt from 8 to 16 bytes for PKCS#8 & PKCS#12 by @xnox in #2409
- fix(nix): Make sure bssl is in the PATH; workaround nix build failure… by @dougch in #2431
- Fix path-has-spaces test by @justsmth in #2436
- Create pre-production stage for CI pipeline by @nhatnghiho in #2282
- Fix CI cross-mingw by @justsmth in #2437
- Display X509 fingerprint after hash by @justsmth in #2444
- Prepare v1.52.1 by @justsmth in #2445
New Contributors
Full Changelog: v1.52.0...v1.52.1
Contributors
xnox, nhatnghiho, and 2 other contributors
Assets 2
v1.52.0
What's Changed
- Set OPENSSL_NO_EXTERNAL_PSK_TLS13 to indicate lack of TLS 1.3 PSK by @WillChilds-Klein in #2399
- BIO datagram functions by @justsmth in #2321
- Reject NewSessionTicket messages with empty tickets in TLS 1.3 by @justsmth in #2367
- Ensure that AVX512 is not used on macOS by @justsmth in #2363
- Fix socket test issues by @torben-hansen in #2404
- Remove python CI patch for main by @WillChilds-Klein in #2407
- Remove xmlsec patch by @smittals2 in #2405
- Fix clang tidy ci by @justsmth in #2375
- Mark fallible container operations as
nodiscardby @justsmth in #2366 - Remove extra va_end in err_add_error_vdata by @justsmth in #2364
- Check for QUIC in SSL_process_quic_post_handshake by @justsmth in #2365
- Add missing symbols for Unbound by @nhatnghiho in #2352
- Update mlkem-native by @hanno-becker in #2406
- CI for iOS by @justsmth in #2389
- Squelch clang-tidy by @justsmth in #2414
- Clang-tidy is still noisy by @justsmth in #2417
- Add back two rules for clang-tidy by @smittals2 in #2418
- Implement BIO_dump by @kingstjo in #2331
- Make ASN1_get_object a direct call by @samuel40791765 in #2332
- Add Python 3.9 CI patch by @WillChilds-Klein in #2415
- Rework memory BIOs and implement BIO_seek by @nhatnghiho in #2380
- ML-DSA: ASN.1 Module - add parsing of BOTH private key format by @jakemas in #2416
- Detection of unused results by @justsmth in #2411
- Fix gtest_util.sh failure detection by @justsmth in #2423
- Remove unused docs/configs by @torben-hansen in #2427
- ML-DSA: Add ML-DSA keyGen to break-kat.go by @jakemas in #2422
- Fix CI for mingw by @justsmth in #2428
- Bump AWSLC_API_VERSION for X509_STORE_CTX_set_verify_crit_oids by @samuel40791765 in #2426
- Revert "Rework memory BIOs and implement BIO_seek (#2380)" by @samuel40791765 in #2432
- Resolve SSL_PRIVATE_METHOD and certificate slots functionality by @skmcgrail in #2429
Full Changelog: v1.51.1...v1.52.0
Contributors
skmcgrail, WillChilds-Klein, and 8 other contributors
Assets 2
v1.51.2
What's Changed
Full Changelog: v1.51.1...v1.51.2
Contributors
justsmth
Assets 2
v1.51.1
Contributors
justsmth and ognevny
Assets 2
v1.51.0
What's Changed
- Fix ImplDispatchTest for 32-bit x86 build by @dkostic in #2386
- No need for MacOS large/xlarge by @justsmth in #2384
- Revert "Update patch for Postgres (#2232)" by @samuel40791765 in #2358
- Fix socat test by @justsmth in #2388
- Remove special s2n-bignum source code processing at buid-time by @torben-hansen in #2385
- Correct typo in malloc debug environment variable by @torben-hansen in #2391
- Fix PQ Integration tests by @alexw91 in #2392
- Remove patch for IbmTpm by @smittals2 in #2393
- Support allowing specific unknown critical extensions by @samuel40791765 in #2377
- Add Xmlsec to our CI by @smittals2 in #2333
- Bump to v1.51.0 by @samuel40791765 in #2395
Full Changelog: v1.50.1...v1.51.0
Contributors
alexw91, samuel40791765, and 4 other contributors