Releases: aws/aws-lc
Releases · aws/aws-lc
v1.41.1
Contributors
pittma, dkostic, and 2 other contributors
Assets 2
v1.41.0
What's Changed
- Allow constructed strings in BER parsing by @WillChilds-Klein in #2015
- Fix python 3.13 patch by @WillChilds-Klein in #2026
- Update aws-lc-nginx.patch by @robvanoostenrijk in #2023
- Fix segfault in PKCS7 test by @justsmth in #2025
- Expose BN_set_flags as a no-op by @samuel40791765 in #2021
- Ran minimise_corpora.sh by @justsmth in #2024
- Fix strongSwan CI by @geedo0 in #2028
- Coverity fixes for P173127397 by @skmcgrail in #2014
- Add ML-DSA-44 and ML-DSA-87 to PQDSA API by @jakemas in #2009
- strdup is not C99 by @justsmth in #2008
- Fix CI issues with ML-DSA by @jakemas in #2031
- Upstream merge 2024 11 18 by @skmcgrail in #2012
- Fix perl handling of paths w/ spaces by @justsmth in #2005
- Revert "Trim some redundant Arm feature detection files" by @knightjoel in #1979
- Only abort when RSA PWCT fail in FIPS by @samuel40791765 in #2020
- Move PQDSA to FIPS module by @jakemas in #2032
- Implement PKCS7_verify, update PKCS7_sign by @WillChilds-Klein in #1993
- Add AWS-LC-FIPS v3.0 policy docs by @justsmth in #2043
- Initialize arrays as arrays by @justsmth in #2042
- Add blowfish names to EVP_CIPHER API by @WillChilds-Klein in #2041
- Use SHA256 as default digest for OCSP signing by @samuel40791765 in #2038
- Allow build on Solaris by @psumbera in #2035
- Deprecate recently added PKCS7 functions by @WillChilds-Klein in #2039
- Prevent accidental null dereference by @torben-hansen in #2046
- Link to NIST website by @justsmth in #2045
- Added FIPS 204 documentation, cleanse intermediate values by @jakemas in #2017
- Switch ML-DSA to use AWS-LC SHA3 by @jakemas in #2001
- Update FIPS v3.0 draft security policy by @justsmth in #2047
New Contributors
- @robvanoostenrijk made their first contribution in #2023
- @psumbera made their first contribution in #2035
Full Changelog: v1.40.0...v1.41.0
Contributors
skmcgrail, WillChilds-Klein, and 8 other contributors
Assets 2
AWS-LC FIPS v3.0.0
What's New
This is our third annual update to the AWS-LC-FIPS module. Our team has made numerous improvements since AWS-LC-FIPS v2.0. See our blog post for details!
v1.40.0
What's Changed
- Added CRL tool to CLI by @smittals2 in #1976
- Allow ASN1_get_object to parse indefinite and universal by @justsmth in #1994
- Expose a bit of lhash/conf for Ruby by @samuel40791765 in #1987
- Addition of generic NIST-DSA PKEY and ASN1 to support ML-DSA by @jakemas in #1963
- Implement PKCS7_dataInit and PKCS7_dataFinal by @WillChilds-Klein in #1816
- Minor improvement to DSA (ASN1) + DSA Tests by @justsmth in #1990
- Test cleanup by @justsmth in #2000
- Add internal APIs for ML-DSA by @jakemas in #1999
- [EC] Unify scalar_mul_base point for ec_nistp curves by @dkostic in #2003
- Add Clang 19 to CI by @justsmth in #1998
- Adding the OpenSSL s_client tool by @smittals2 in #1959
- [EC] Unify scalar_mul_public for ec_nistp curves by @dkostic in #2004
- Implement PKCS7_encrypt and PKC7_decrypt by @WillChilds-Klein in #1996
- Upstream merge 2024-11-11 by @andrewhop in #1985
- Adding -verify and expanding -x509 options for our OpenSSL tool by @smittals2 in #1951
- Fail FIPS rsa_keygen_pubexp on change by @justsmth in #2016
- Document TLS Server Renegotiation Behavior by @skmcgrail in #2018
- [EC] Use s2n-bignum point doubling for P-384 and P-521 by @dkostic in #2011
- Prepare for v1.40.0 release by @smittals2 in #2019
Full Changelog: v1.39.0...v1.40.0
Contributors
skmcgrail, WillChilds-Klein, and 6 other contributors
Assets 2
v1.39.0
What's Changed
- fix
-Wcast-function-typebuild issues by @vszakats in #1972 - Fix i2d behavior for i2d_SSL_SESSION by @samuel40791765 in #1966
- Support Finished-based APIs for TLS 1.3 by @samuel40791765 in #1952
- Fix sess_hits counter on the server by @samuel40791765 in #1974
- CI gcc-4.8 - use 4.8.5 tag by @justsmth in #1980
- Upstream merge 2024-10-23 by @justsmth in #1955
- Ruby Support - More EVP_PKEY_DSA by @justsmth in #1954
- Avoid compiler warning by @justsmth in #1981
- Update PQREADME to add link to the KEM readme file by @dkostic in #1973
- Add CRYPTO_sysrand benchmarks to speed.cc by @andrewhop in #1978
- Allocate 16k scratch on heap by @justsmth in #1991
- Account for cipher auth with multiple cert slots by @samuel40791765 in #1956
- Cleanup test File utilities by @justsmth in #1989
- Add Cyrus-SASL to our CI by @smittals2 in #1988
- Revert "Replace CONF's internal representation with something more typesafe" by @samuel40791765 in #1986
- Prepare release AWS-LC v1.39.0 by @justsmth in #1995
New Contributors
Full Changelog: v1.38.0...v1.39.0
Contributors
vszakats, samuel40791765, and 4 other contributors
Assets 2
v1.38.0
What's Changed
- 800-131Ar1: length of the key-derivation key shall be at least 112 bits. by @skmcgrail in #1924
- Marshalling/Unmarshalling DH public keys by @justsmth in #1916
- Also prune SSM documents from ec2-test-framework by @samuel40791765 in #1925
- Use illegal_parameter instead of decode_error for invalid key shares by @justsmth in #1923
- Add null check in dh testing by @torben-hansen in #1937
- DH paramgen callback by @justsmth in #1928
- Upstream merge 2024 10 17 by @torben-hansen in #1934
- Remove old Intel CPU types by @justsmth in #1942
- Remove retries on PCT failure in EC and RSA key generation. by @nebeid in #1938
- Add p4p, bump up time by @justsmth in #1943
- PQ README by @jakemas in #1932
- bump mysql CI to 9.1.0 by @justsmth in #1939
- HKDF, HKDF_expand, and PBKDF Truncated SHA2-512 by @skmcgrail in #1946
- Missing functionality + Adding Nmap to our CI by @smittals2 in #1915
- Fix FIPS.md typo by @justsmth in #1950
- Support encode or decode ∞ like OpenSSL by @samuel40791765 in #1930
- Expand support for EVP_PKEY_HMAC by @justsmth in #1933
- Add PKCS7-internal BIO_f_cipher by @WillChilds-Klein in #1836
- Add PKCS7-internal BIO_f_md by @WillChilds-Klein in #1886
- Ruby Support - DSA custom md by @justsmth in #1953
- Add support for POINT_CONVERSION_HYBRID by @samuel40791765 in #1936
- Fixes for Coverity Alerts by @smittals2 in #1960
- Also test w/ gcc 4.8 by @justsmth in #1962
- Actually add support for SSL_get_server/peer_tmp_key by @samuel40791765 in #1945
- Coverity Fix Null Check by @smittals2 in #1965
- ML-KEM keygen Pairwise Consistency Test by @dkostic in #1964
- EDDSA PCT by @torben-hansen in #1968
- Expose AES_cfb1_encrypt and AES_cfb8_encrypt by @skmcgrail in #1967
Full Changelog: v1.37.0...v1.38.0
Contributors
skmcgrail, WillChilds-Klein, and 7 other contributors
Assets 2
v1.37.0
What's Changed
- Remove special s2n-bignum symbol handling sauce from build by @torben-hansen in #1903
- ML-KEM FIPS 203 destruction of intermediate values by @dkostic in #1883
- Create mutable EC_GROUP API for OpenSSL compatibility by @samuel40791765 in #1860
- Update Dilithium from crystals upstream by @jakemas in #1894
- Upstream merge 2024 09 16 by @andrewhop in #1862
- Add Alpine-Linux-x86 to GitHub Actions CI by @kexgaber in #1753
- P159598331 coverity cleanup by @skmcgrail in #1908
- add support for EVP_PKEY_CTX callback functions by @samuel40791765 in #1905
- Remove duplicate s2n-bignum prefix include option by @torben-hansen in #1909
- Handle Windows not supporting static array dimension by @torben-hansen in #1912
- Update FIPS docs w/ certs by @justsmth in #1900
- ML-DSA parameter refactor by @jakemas in #1910
- Implement more EVP_PKEY_DH functionality by @justsmth in #1880
- Add EC_GROUP mutablility to custom curves by @samuel40791765 in #1881
- Avoid allocating EVP_PKEY on size checks by @geedo0 in #1911
- build: fix pkgconfig files by @theoparis in #1913
- P161732527 coverity cleanup by @samuel40791765 in #1918
- Align X509 PARTIAL_CHAIN behavior with 1.1.1 by @samuel40791765 in #1917
- Add 2024 FIPS and fix build issues on older arm FIPS by @torben-hansen in #1920
- Prepare 1.37.0 release by @torben-hansen in #1927
New Contributors
- @theoparis made their first contribution in #1913
Full Changelog: v1.36.1...v1.37.0
Contributors
skmcgrail, geedo0, and 8 other contributors
Assets 2
AWS-LC-FIPS-2.0.17
What's Changed
- Align X509 PARTIAL_CHAIN behavior with 1.1.1 (#1917) by @samuel40791765 in #1921
- Prepare v2.0.17 release by @samuel40791765 in #1922
Full Changelog: AWS-LC-FIPS-2.0.16...AWS-LC-FIPS-2.0.17
Contributors
samuel40791765
Assets 2
AWS-LC-FIPS-2.0.16
What's Changed
- Map certs with ITUT X509 to our RSA implementation (#1754) by @nebeid in #1893
- Pin the version of aws-lc-verification to a known working version by @andrewhop in #1895
Full Changelog: AWS-LC-FIPS-2.0.15...AWS-LC-FIPS-2.0.16
Contributors
andrewhop and nebeid
Assets 2
v1.36.1
What's Changed
- Fix pkg-config files by @skmcgrail in #1890
- Remove nginx-tests patch now that upstream supports AWS-LC by @andrewhop in #1898
- Improve build and fix X509 test failures for Ruby by @samuel40791765 in #1887
- Use larger instance for c6g fips by @samuel40791765 in #1899
- Fix OCSP timebomb in tests by @samuel40791765 in #1891
- Github action asserting license statement in PR description by @torben-hansen in #1892
- Detect all Apple M* CPUs and enable the wide multiplier assembly implementations by @andrewhop in #1901
- Add and move OCSP no-op flags to own section by @samuel40791765 in #1902
- Prepare release 1.36.1 by @justsmth in #1906
Full Changelog: v1.36.0...v1.36.1
Contributors
skmcgrail, samuel40791765, and 3 other contributors