Release: v1.3.34

Weekly release for January 27 2023

What's Changed

• Clang format cleanup by @harrisonkaiser in #3767
• Adds check to ensure no switching between state machines by @maddeleine in #3747
• Record padding integration test by @franklee26 in #3715
• Rename OCSP extensions by @goatgoose in #3765
• Blob initialization fix-2 by @aditishri18 in #3762
• Consolidate handshake and post-handshake record writing by @lrstewart in #3750
• Blob initialization fix-3 by @aditishri18 in #3768
• ci: remove build-dashboard action from PR flow by @jmayclin in #3764
• s2n_shutdown: do not require response during handshake by @lrstewart in #3772
• Initialize blobs and stuffers by @lrstewart in #3783

Full Changelog: v1.3.33...v1.3.34

Release: v1.3.33

Weekly release for January 18 2023

What's Changed

• Add check to s2n_signature_scheme_valid_to_accept by @harrisonkaiser in #3728
• Ensure non-zero record protocol version by @lrstewart in #3744
• ci: improve test name parsing for criterion by @dougch in #3704
• Bump rust bindings version for v1.3.32 release by @goatgoose in #3746
• Fragment large post-handshake records by @lrstewart in #3741
• Criterion integrationv2 python changes by @dougch in #3534
• Repair build on OpenBSD by @knightjoel in #3670
• Remove unused extension functions by @jmayclin in #3752
• chore(ci): add CI workflow for OpenBSD by @knightjoel in #3754
• ci: Bump boringssl version by @dougch in #3739
• ci: upgrade checkout action to v3 by @jmayclin in #3761
• Blob initialization fix-1 by @aditishri18 in #3735
• ci: enable multicore builds for unit test by @jmayclin in #3753

Full Changelog: v1.3.32...v1.3.33

Release: v1.3.32

Weekly release for January 05 2023

What's Changed

• Fix sizes in s2n_resume_test by @lrstewart in #3705
• Chore: Bump rust bindings version by @maddeleine in #3709
• Clang-format tests/unit/s2n_s.*\.c and enforce in CI by @harrisonkaiser in #3678
• CBMC proofs: remove type-conflicting definition of s2n_calculate_stacktrace by @tautschnig in #3714
• ci: codebuid scripts for criterion by @dougch in #3703
• CBMC proofs: fix typing by @tautschnig in #3718
• Clang-format tests/unit/s2n_[l-r].*\.c and enforce in CI by @harrisonkaiser in #3677
• Adds Wno-strict-prototypes flag to CMakeLists by @maddeleine in #3721
• Remove unnecessary "extern" from function declarations by @lrstewart in #3726
• Fix s2n_record_write return value by @lrstewart in #3722
• Adds TLSv1.2_2017 security policy with ECDHE-{RSA,ECDSA}-AES256-SHA ciphers enabled by @RobertRayer in #3723
• Upgrade CBMC infrastructure (starter-kit 2.8) by @feliperodri in #3727
• fix: disable pthread_atfork fork detection on OpenBSD by @knightjoel in #3712
• Update team members by @jmayclin in #3640
• Quick typo fix in s2n_aead_cipher_aes_gcm_encrypt by @franklee26 in #3716
• Upgrade CBMC infrastructure (starter-kit 2.8.8) by @angelonakos in #3731
• ci: Update fuzz buildspec to use pre-built image by @dougch in #3604
• ci: Clean up integration v1 buildspecs by @dougch in #3627
• Autopep8 updated CI and code. by @harrisonkaiser in #3736
• utils: guard POSIX signals with >S2N_FAILURE by @camshaft in #3733
• Intentionally disable fragmenting KeyUpdates by @lrstewart in #3708
• added ecdhe_rsa_aes128 cipher to the tls_1_2_2017 policy by @RobertRayer in #3740
• ci: Fix libfuzzer path for third-party-src dir by @goatgoose in #3742

New Contributors

• @RobertRayer made their first contribution in #3723
• @jmayclin made their first contribution in #3640

Full Changelog: v1.3.31...v1.3.32

Release: v1.3.31

Weekly release for December 14 2022

What's Changed

• Clang-format tls/s2n_[i-r].*\.[ch] and enforce in CI by @harrisonkaiser in #3682
• Read until error or supplied buffer is full by @baldwinmatt in #3690
• Fix FreeBSD minherit arg naming by @lrstewart in #3694
• Add CloudFront-TLS-1-2-2021-ChaCha20-Boosted Security Policy w/ Docs Update by @franklee26 in #3686
• Clang-format tests/unit/s2n_[d-k].*\.c and enforce in CI by @harrisonkaiser in #3676
• Clang format tests/unit/s2n_[bc].*\.c and enforce in CI by @harrisonkaiser in #3675
• Clang-format tests/unit/s2n_[t-z].*\.c and enforce in CI by @harrisonkaiser in #3679
• Clang-format tls/s2n_[s-z].*\.[ch] and enforce in CI by @harrisonkaiser in #3683
• Clang-format crypto/ and enforce in CI by @harrisonkaiser in #3680
• tokio-s2n-tls: add poll_blinding and fix blinding on shutdown by @arielb1 in #3700
• Clang format tls/s2n_[a-h].*\.[ch] and enforce in CI by @harrisonkaiser in #3681

Full Changelog: v1.3.30...v1.3.31

Release: v1.3.30

Weekly release for December 07 2022

What's Changed

• Fix flaky send buffer test by @harrisonkaiser in #3647
• clang-format tests/testslib and add to ci by @harrisonkaiser in #3650
• Update to clang-format causes reformat of api folder by @harrisonkaiser in #3663
• Test for legacy version vs SupportedVersions priority by @aditishri18 in #3661
• ci: Update OpenSSL dependencies by @goatgoose in #3623
• Removes double semicolons and expands simple_mistakes.sh by @maddeleine in #3665
• Bump rust bindings for 1.3.29 release by @WesleyRosenblum in #3666
• fix(rust-bindings): store client_hello_callback state on connection by @toidiu in #3631
• fix(tests): honour RFC 5280 4.1.2.5 when creating CRLs by @knightjoel in #3669
• Regenerate CRL test PEMs by @goatgoose in #3672
• Fix default X509 store flags by @goatgoose in #3671
• Add prioritize_chacha20 flag to cipher preferences by @franklee26 in #3543
• Clang-format of tests/unit/s2n_[3a].*\.c + transision to exclude regex by @harrisonkaiser in #3664
• Make header deps explicit in preperation for clang-format by @harrisonkaiser in #3684
• ci: Cleanup integration codebuild scripts by @dougch in #3628
• ci: pin ubuntu version to 20.04 for cppcheck by @WesleyRosenblum in #3673
• Add CodeQL workflow for GitHub code scanning by @lgtm-com in #3601
• Handle fragmented post-handshake messages by @lrstewart in #3641
• avoid unnecessarily zeroing the receive buffer in poll_read by @arielb1 in #3662
• tests: delete integv1 code by @WesleyRosenblum in #3685
• ci: Fix LibreSSL paths in CI by @goatgoose in #3688
• bindings (rust): handle propagating the async client_hello callback error by @toidiu in #3687
• chore: introduce rust-toolchain and pin to enforce MSRV by @toidiu in #3691
• Add support for AWS-LC PQ KEM by @geedo0 in #3634
• Clean up test trust store by @lrstewart in #3692
• chore: bump rust bindings version by @toidiu in #3693

New Contributors

• @knightjoel made their first contribution in #3669
• @lgtm-com made their first contribution in #3601
• @arielb1 made their first contribution in #3662
• @geedo0 made their first contribution in #3634

Full Changelog: v1.3.29...v1.3.30

Release: v1.3.29

Weekly release for November 29 2022

Release: v1.3.28

Weekly release for November 15 2022

What's Changed

• Try to clarify the use of s2n_blob_zeroize_free by @lrstewart in #3591
• Apache renegotiation integration tests by @goatgoose in #3580
• 1.3.27 rust bindings update by @maddeleine in #3599
• Add some redundant null ptr validation - for defence in depth by @harrisonkaiser in #3596
• Fix FreeBSD build test bug by @lrstewart in #3587
• [bindings] Fix client hello callback with config swap by @lrstewart in #3600
• Re-enable saw proofs for TLS handshake with NPN extension disabled by @pennyannn in #3594
• Move CRL timestamp validation into the CRL lookup callback by @goatgoose in #3515
• Fix to handle callback failure by @aditishri18 in #3597
• Adds s2n_connection section to usage guide by @maddeleine in #3605
• Fix very minor DeprecationWarning in integrationv2 by @harrisonkaiser in #3609
• wrapper for wall_clock by @aditishri18 in #3611
• bindings(rust): add lto in release mode by @camshaft in #3610

New Contributors

• @pennyannn made their first contribution in #3594
• @aditishri18 made their first contribution in #3597

Full Changelog: v1.3.27...v1.3.28

Release: v1.3.27

Weekly release for November 04 2022

What's Changed

• ci: Remove s2n-core from CODEOWNERS by @dougch in #3571
• Added compliance comment for renegotiate/npn by @maddeleine in #3572
• More openssl renegotiate integ tests by @lrstewart in #3570
• Rust bindings version bump for 1.3.26 by @franklee26 in #3574
• Removing more failing saw tests by @maddeleine in #3577
• Adds TLS12 Encrypted Extensions Messages by @maddeleine in #3545
• Add apache renegotiation test server to CI by @goatgoose in #3565
• Bump Doxygen version 1.9.3 -> 1.9.5 by @harrisonkaiser in #3581
• Add CRL lookup callback by @goatgoose in #3546
• Adds API for NPN support by @maddeleine in #3575
• Adding null checks to tls/extensions and tls/s2n_perf by @franklee26 in #3578
• NPN integration tests by @maddeleine in #3583
• Add rust binding for s2n_set_config_send_buffer_size by @harrisonkaiser in #3582
• Fix free error when using jemalloc by @lrstewart in #3585
• Update vmactions/freebsd github action by @lrstewart in #3592
• LibreSSL version 3.5 implements the OpenSSL 1.1 API (almost) by @jorgen in #3589
• Ensure data is stuffer is empty by @harrisonkaiser in #3588
• Npn cleanup by @maddeleine in #3590

New Contributors

• @harrisonkaiser made their first contribution in #3581
• @jorgen made their first contribution in #3589

Full Changelog: v1.3.26...v1.3.27

Release: v1.3.26

Weekly release for October 25 2022

What's Changed

• Rust bindings version bump for 1.3.25 by @maddeleine in #3567
• Basic renegotiation integ tests by @lrstewart in #3563
• Add array init with capacity API by @goatgoose in #3554
• Handshake changes necessary to negotiate NPN by @maddeleine in #3558
• Fix check for non-portable optimizations by @baldwinmatt in #3573
• Add IO debug info to integrationv2 framework by @lrstewart in #3564

Full Changelog: v1.3.25...v1.3.26

Release: v1.3.25

Weekly release for October 21 2022