Releases: aws/aws-lc
Releases · aws/aws-lc
Release v1.30.0
What's Changed
- Move SSL_CIPHER_get_version test to SSLVersionTest.Version by @WillChilds-Klein in #1631
- Fix AES key size for AES256 in ABI test by @andrewhop in #1629
- Upstream merge 2024 06 03 by @samuel40791765 in #1621
- [EC] Unify point addition for P-256/384/521 by @dkostic in #1602
- Upstream Merge: Add Intel Indirect Branch Tracking support by @justsmth in #1628
- align gcc version with curl's CI by @samuel40791765 in #1633
- Add support for NETSCAPE_SPKI_print by @samuel40791765 in #1624
- More minor symbols for Ruby support by @samuel40791765 in #1581
- Upstream merge 2024-06-13 by @dkostic in #1636
- NIST.SP.800-56Cr2 One-Step Key Derivation by @skmcgrail in #1607
- OpenVPN error codes, SSL_get_peer_signature_* funcs, and first patch file by @smittals2 in #1584
- Require newer assembler for _CET_ENDBR by @justsmth in #1641
- Patch for OpenVPN certificate setting behavioral difference by @smittals2 in #1643
- Add de-randomized ML-KEM modes to experimental EVP API by @jakemas in #1578
- Add EVP_md_null and SSL_set_ciphersuites by @WillChilds-Klein in #1637
- Snapsafe-type uniqueness breaking event detection by @justsmth in #1640
- Prepare for release v1.30.0 by @justsmth in #1646
- Close FD in Snapsafe test function by @justsmth in #1649
Full Changelog: v1.29.0...v1.30.0
Contributors
skmcgrail, WillChilds-Klein, and 6 other contributors
Assets 2
AWS-LC-FIPS-2.0.12
What's Changed
- [Backport] Prevent non-constant-time code in Kyber-R3 implementation by @geedo0 in #1632
- AWS-LC-FIPS-2.0.12 release preparation by @geedo0 in #1635
Full Changelog: AWS-LC-FIPS-2.0.11...AWS-LC-FIPS-2.0.12
Contributors
geedo0
Assets 2
Release v1.29.0
What's Changed
- Fix mariadb ssl_crl patch by @samuel40791765 in #1606
- Add
all_fuzz_testsbuild target by @justsmth in #1605 - add support for X509_CRL_http_nbio by @samuel40791765 in #1596
- Cleanse the right amount of bytes in HMAC. by @nebeid in #1613
- Pin aws-lc-rs integ to nightly-2024-05-22 by @justsmth in #1612
- Fix NTP integ test by @justsmth in #1616
- Remove special aarch64 valgrind logic by @justsmth in #1618
- add back ASN1_dup with tests by @samuel40791765 in #1591
- Upstream merge 2024 05 17 by @justsmth in #1600
- Add libevent to GitHub integration CI by @andrewhop in #1615
- Add support for ocsp get id by @ecdeye in #1609
- Disable CI for gcc-14/FIPS until relocation issue is resolved by @justsmth in #1622
- Update for FIPS documentation by @justsmth in #1610
- Fix SSL_BUILD_CHAIN_FLAG_IGNORE_ERROR behavior by @samuel40791765 in #1620
- Fixes for building with
-pedanticby @justsmth in #1608 - Script for creating compilation database by @justsmth in #1617
- Update ec2-test-framework to use gv2 by @samuel40791765 in #1623
- Prevent non-constant-time code in Kyber-R3 and ML-KEM implementation by @geedo0 in #1619
- Add integration tests for OpenSSL-linking 3p modules by @WillChilds-Klein in #1587
- Implement SSL_CIPHER_get_version for recent TLS versions by @WillChilds-Klein in #1627
- Prepare for release 1.29.0 by @justsmth in #1626
- Use 'nasm' not 'yasm' by @justsmth in #1630
New Contributors
Full Changelog: v1.28.0...v1.29.0
Contributors
WillChilds-Klein, geedo0, and 5 other contributors
Assets 2
AWS-LC-FIPS-2.0.11
What's Changed
-
Backport X509 certificate verification optimizations to AWS-LC-FIPS-2.x by @samuel40791765 in #1611
- 31d5dce: Stop using time_t internally. For publicly exposed and used
inputs that rely on time_t, _posix versions are added to
support providing times as an int64_t, and internal
use is changed to use the _posix version. - 4e32cc5: When looking for the issuer of a certificate, if the current
certificate candidate is expired, X509_verify_cert will
continue searching for a valid cert. An expired certificate is
only returned if no valid certificates are found. This lets
AWS-LC gain feature parity with OpenSSL 1.1.1. - 9bed1c9: Tweak test introduced by 4e32cc5.
- 31d5dce: Stop using time_t internally. For publicly exposed and used
-
AWS-LC-FIPS-2.0.11 release preparation by @samuel40791765 in #1614
Full Changelog: AWS-LC-FIPS-2.0.10...AWS-LC-FIPS-2.0.11
Contributors
samuel40791765 and justsmth
Assets 2
Release v1.28.0
What's Changed
- Revert "Trim some unused XN_FLAG_* values" by @samuel40791765 in #1582
- [EC] Unify point doubling for P-256/384/521 by @dkostic in #1567
- Enable x86_64 AES-GCM proof in AWS-LC CI by @pennyannn in #1592
- Update the formal verification section in README by @pennyannn in #1570
- fix X509V3_EXT_METHODs for ocsp nonce extension by @samuel40791765 in #1603
- Prepare for release v1.28.0 by @samuel40791765 in #1604
- CI update for ubuntu 24.04 by @justsmth in #1599
- Upstream merge 2024 05 10 by @nebeid in #1590
Full Changelog: v1.27.0...v1.28.0
Contributors
samuel40791765, dkostic, and 3 other contributors
Assets 2
Release v1.27.0
What's Changed
- Implement DEPRECATED RSA_pkey_ctx_ctrl by @WillChilds-Klein in #1575
- Minor GitHub Action cleanup by @justsmth in #1565
- Support reading additional data from underlying BIO for each call to SSL_read by @andrewhop in #1517
- Enforce minimum go version when runnign cmake if go is not disabled by @andrewhop in #1580
- Implement low-level derand API for Kyber by @dkostic in #1552
- Cross-compile w/ MinGW; set
_WIN32_WINNTby @justsmth in #1576 - Migrate to v4 of the codecov/codecov-action action by @andrewhop in #1553
- Add support for BIO_read/write_ex; Update MySQL CI to 8.4; by @samuel40791765 in #1568
- Fix MySQL version tag alarm by @samuel40791765 in #1585
- Fix CI - tpm2-tss and ntp by @justsmth in #1589
- Windows build with clang-cl; CI for Windows/ARM64 build by @justsmth in #1538
- Give X509_STORE an ex_data by @samuel40791765 in #1583
- ppc64le: support OPENSSL_ppccap ENV variable by @justsmth in #1569
- Prepare for release v1.27.0 by @justsmth in #1593
Full Changelog: v1.26.0...v1.27.0
Contributors
WillChilds-Klein, samuel40791765, and 3 other contributors
Assets 2
AWS-LC-FIPS-2.0.10
What's Changed
- Backport vpinsrq delocate support to AWS-LC-FIPS-2.x by @skmcgrail in #1571
- Backport ARM CPUID guard for Android by @skmcgrail in #1579
Full Changelog: AWS-LC-FIPS-2.0.9...AWS-LC-FIPS-2.0.10
Contributors
skmcgrail
Assets 2
Release v1.26.0
What's Changed
- Define OPENSSL_NO_TLS_PHA, typedef PSK callback signatures by @WillChilds-Klein in #1526
- Upstream merge 2024 04 16 by @torben-hansen in #1535
- [ML-KEM] Add experimental support for ML-KEM-512-IPD by @dkostic in #1516
- Remove redundant test exec libraries by @justsmth in #1544
- Support vpinsrq in delocater by @torben-hansen in #1543
- Fix skipped tests in Mariadb integration CI by @samuel40791765 in #1533
- Fix the NTP integration test (NTP website changed) by @dkostic in #1548
- Add EC point add/dbl to speed.cc by @dkostic in #1545
- Add SHA3-256 KAT to FIPS self-test by @justsmth in #1549
- Basic GH CI build/test with full range of gcc/clang by @justsmth in #1546
- Link porting guide table to header documentation by @samuel40791765 in #1540
- Add dependency to python3-six in github action grpc by @fabrice102 in #1554
- Avoid 'z' format with MSVCRT by @justsmth in #1559
- Remove duplicate X509_OBJECT_new and X509_OBJECT_free declarations by @andrewhop in #1560
- Update x25519_test.cc array initialization to avoid a bug with a GCC 13 warning by @andrewhop in #1555
- Fix ec2 CI testing framework by @samuel40791765 in #1541
- Cleanup remaing duplicate symbol definitions and turn Wredundant-decls on by @andrewhop in #1561
- CI for other MacOS versions by @justsmth in #1558
- Centralize handling of s2n-bignum alt/non-alt function selection by @dkostic in #1547
- Migrate from FreeBSD to __FreeBSD_version by @andrewhop in #1562
- Remove comments about overread for entropy generation by @fabrice102 in #1551
- OpenBSD 7.4 and 7.5 Support by @skmcgrail in #1437
- ppc64le: EVP_has_aes_hardware is false w/ no-asm by @justsmth in #1566
- Changed SSL_client_hello_get0_ciphers to align with OpenSSL behavior by @smittals2 in #1542
- Minor functions to build with Ruby's cipher module by @samuel40791765 in #1564
- v1.26.0 Release Preparation by @skmcgrail in #1572
Full Changelog: v1.25.0...v1.26.0
Contributors
skmcgrail, fabrice102, and 7 other contributors
Assets 2
Release v1.25.0
What's Changed
- Added u16 endian loading/storing functions, SSL_CIPHER_find, and SSL_client_hello_get0_ciphers by @smittals2 in #1482
- Update EVP cipher APIs to gracefully handle null EVP_CIPHER_CTX by @andrewhop in #1398
- Upstream merge 2024 04 11 by @samuel40791765 in #1527
- Adding OPENSSL_secure_zalloc and BIO_s_secmem by @smittals2 in #1476
- Release build for MinGW CI; Fix GCC 12/13 warnings by @justsmth in #1536
- AWS-LC v1.25.0 by @justsmth in #1537
Full Changelog: v1.24.1...v1.25.0
Contributors
samuel40791765, andrewhop, and 2 other contributors
Assets 2
Release v1.24.1
What's Changed
- Fix python CI patches by @WillChilds-Klein in #1524
- Document no-op functions and flags in AWS-LC by @samuel40791765 in #1473
- Use larger ARM hosts for long CodeBuild jobs by @andrewhop in #1529
- Align GitHub workflow/job run conditions by @justsmth in #1532
- Add macho parser for use by C inject_hash by @billbo-yang in #1435
- Add non-fips/fips ci for gcc-10 by @samuel40791765 in #1525
- Bump mysql integration CI to 8.3 by @samuel40791765 in #1508
- Remove guard for big-endian support by @justsmth in #1531
rand_fork_unsafe_buffering_enabledalways 0 on Windows by @justinwsmith in #1528- MinGW: mitigate potential abort on rwlocks using PTHREAD_RWLOCK_INITIALIZER by @justinwsmith in #1530
- Bump to v1.24.1 by @justsmth in #1534
Full Changelog: v1.24.0...v1.24.1
Contributors
justinwsmith, WillChilds-Klein, and 4 other contributors