Releases: aws/aws-lc
Releases · aws/aws-lc
v1.36.0
What's Changed
- Check for null return pointers in pem_test.cc by @andrewhop in #1855
- Quell static-analysis concern about div-by-0 by @justsmth in #1866
- Update s2n-bignum subtree by @torben-hansen in #1865
- Add return checks on SHA3 functions in ML-KEM by @manastasova in #1859
- Map certs with ITUT X509 to our RSA implementation by @samuel40791765 in #1754
- ML-KEM encapsulation key modulus check by @dkostic in #1868
- Add docker image for gcc 7.2 by @justsmth in #1863
- ML-KEM decapsulation key hash check by @dkostic in #1873
- support building on illumos systems by @iliana in #1854
- Update Service Indicator to handle custom crypto through *_METHOD structs by @smittals2 in #1857
- Extend #1869, update Intel SDE; Enable Linux AVX512 IFMA usage by @justinwsmith in #1871
- Adding a runtime dis/enabler of DIT Capability on AArch64. by @nebeid in #1783
- Fix flaky ssl BadKemKeyShare tests by @dkostic in #1876
- ML-KEM encaps key modulus check optimization by @dkostic in #1874
- Add KBKDF counter HMAC KAT to self-test. by @nebeid in #1882
- Add explanation for FIPS 203 encaps and decaps input validation by @dkostic in #1884
- Prepare release v1.36.0 by @justsmth in #1885
New Contributors
Full Changelog: v1.35.1...v1.36.0
Contributors
iliana, justinwsmith, and 8 other contributors
Assets 2
v1.35.1
What's Changed
- More tweaks for Ruby integration by @samuel40791765 in #1852
- Implementation of EVP_PKEY_CTX_ctrl_str for various key types by @justsmth in #1850
- Add MLKEM768 Hybrid Groups to libssl by @alexw91 in #1849
- add support for PEM_write_bio_PrivateKey_traditional by @samuel40791765 in #1845
- Update s2n-bignum subtree by @torben-hansen in #1861
- Add asserts in testing to fix Coverity alert by @smittals2 in #1864
- Disable CRYPTO_is_AVX512IFMA_capable by @justsmth in #1858
Full Changelog: v1.35.0...v1.35.1
Contributors
alexw91, samuel40791765, and 3 other contributors
Assets 2
v1.35.0
What's Changed
- Use OPENSSL_STATIC_ASSERT which handles all the platform/compiler/C s… by @andrewhop in #1791
- ML-KEM refactor by @dkostic in #1763
- ML-KEM-IPD to ML-KEM as defined in FIPS 203 by @dkostic in #1796
- Add KDA OneStep testing to ACVP by @skmcgrail in #1792
- Updating erroneous documentation for BIO_get_mem_data and subsequent usage by @smittals2 in #1752
- No-op impls for several EVP_PKEY_CTX functions by @justsmth in #1759
- Drop "ipd" suffix from ML-KEM related code by @dkostic in #1797
- Upstream merge 2024 08 19 by @skmcgrail in #1781
- ML-KEM move to the FIPS module by @dkostic in #1802
- Reduce collision probability for variable names by @torben-hansen in #1804
- Refactor ENGINE API and memory around METHOD structs by @smittals2 in #1776
- bn: Move x86-64 argument-based dispatching of bn_mul_mont to C. by @justsmth in #1795
- Check at runtime that the tool is loading the same libcrypto it was built with by @andrewhop in #1716
- Avoid matching prefixes of a symbol as arm registers by @torben-hansen in #1807
- Add CI for FreeBSD by @justsmth in #1787
- Move curve25519 implementations to fips module except spake25519 by @torben-hansen in #1809
- Add CAST for SP 800-56Cr2 One-Step function by @skmcgrail in #1803
- Remove custom PKCS7 ASN1 functions, add new structs by @WillChilds-Klein in #1726
- NASM use default debug format by @justsmth in #1747
- Add KDF in counter mode ACVP Testing by @skmcgrail in #1810
- add support for OCSP_request_verify by @samuel40791765 in #1778
- Fix GitHub/CodeBuild Purge Lambda by @justsmth in #1808
- KBKDF_ctr_hmac FIPS Service Indicator by @skmcgrail in #1798
- Update x509 tool to write all output to common BIO which is a file or stdout by @andrewhop in #1800
- Add ML-KEM to speed.cc, bump AWSLC_API_VERSION to 30 by @andrewhop in #1817
- Add EVP_PKEY_asn1_* functions by @justsmth in #1751
- Improve portability of CI integration script by @torben-hansen in #1815
- Upstream merge 2024 08 23 by @justsmth in #1799
- Replace ECDSA_METHOD with EC_KEY_METHOD and add the associated API by @smittals2 in #1785
- Cherrypick "Add some barebones support for DH in EVP" by @samuel40791765 in #1813
- Add KDA OneStep (SSKDF_digest and SSKDF_hmac) to FIPS indicator by @skmcgrail in #1793
- Add EVP_Digest one-shot test XOFs by @WillChilds-Klein in #1820
- Wire-up ACVP Testing for SHA3 Signatures with RSA by @skmcgrail in #1805
- Make SHA3 (not SHAKE) Approved for EVP_DigestSign/Verify, RSA and ECDSA. by @nebeid in #1821
- Begin tracking RelWithDebInfo library statistics by @andrewhop in #1822
- Move EVP ed25519 function table under FIPS module by @torben-hansen in #1826
- Avoid C11 Atomics on Windows by @justsmth in #1824
- Improve pre-sandbox setup by @torben-hansen in #1825
- Add OCSP round trip integration test with minor fixes by @samuel40791765 in #1811
- Add various PKCS7 getters and setters by @WillChilds-Klein in #1780
- Run clang-format on pkcs7 code by @WillChilds-Klein in #1830
- Move KEM API and ML-KEM definitions to FIPS module by @torben-hansen in #1828
- fix socat integration CI by @samuel40791765 in #1833
- Retire out-of-module KEM folder by @torben-hansen in #1832
- Refactor RSA_METHOD and expand API by @smittals2 in #1790
- Update benchmark documentation in tool/readme.md by @andrewhop in #1812
- Pre jail unit test by @torben-hansen in #1835
- Move EVP KEM implementation to in-module and correct OID by @torben-hansen in #1838
- More minor symbols Ruby depends on by @samuel40791765 in #1837
- ED25519 Power-on Self Test / CAST / KAT by @skmcgrail in #1834
- ACVP ML-KEM testing by @skmcgrail in #1840
- ACVP ECDSA SHA3 Digest Testing by @skmcgrail in #1819
- ML-KEM Service Indicator for EVP_PKEY_keygen, EVP_PKEY_encapsulate, EVP_PKEY_decapsulate by @skmcgrail in #1844
- Add ML-KEM CAST for KeyGen, Encaps, and Decaps by @skmcgrail in #1846
- ED25519 Service Indicator by @skmcgrail in #1829
- Update Allowed RSA KeySize Generation to FIPS 186-5 specification by @skmcgrail in #1823
- Add ED25519 ACVP Testing by @skmcgrail in #1818
- Make EDDSA/Ed25519 POST lazy initalized by @skmcgrail in #1848
- add support for PEM Parameters without ASN1 hooks by @samuel40791765 in #1831
- Add OpenVPN tip of main to CI by @smittals2 in #1843
- Ensure SSE2 is enabled when using optimized assembly for 32-bit x86 by @graebm in #1841
- Add support for
EVP_PKEY_CTX_ctrl_str- Step #1 by @justsmth in #1842 - Added SHA3/SHAKE XOF functionality by @jakemas in #1839
- Migrated ML-KEM SHA3/SHAKE usage to fipsmodule by @jakemas in #1851
- AVX-512 support for RSA Signing by @pittma in #1273
Full Changelog: v1.34.2...v1.35.0
Contributors
skmcgrail, pittma, and 10 other contributors
Assets 2
v1.34.2
What's Changed
- add OCSP_response_create and OCSP_basic_add1_status by @samuel40791765 in #1732
- Use _Static_assert in refcount_c11.c to support old compilers that don't support the macro static_assert by @andrewhop in #1789
Full Changelog: v1.34.1...v1.34.2
Contributors
samuel40791765 and andrewhop
Assets 2
v1.34.1
What's Changed
- Silence tmpname warning by @torben-hansen in #1784
- Handle systems defining ATOMIC_LONG_LOCK_FREE as expression by @andrewhop in #1788
Full Changelog: v1.34.0...v1.34.1
Contributors
andrewhop and torben-hansen
Assets 2
v1.34.0
What's Changed
- Build CMake with multiple jobs to save time by @andrewhop in #1735
- Make aes_hw_ctr32_encrypt_blocks handle len=0 correctly by @nebeid in #1690
- add support for OCSP_copy_nonce by @samuel40791765 in #1711
- Specifying CPU threads in cmake_build.sh to fix CI failures by @smittals2 in #1740
- Upstream merge 2024 08 02 by @smittals2 in #1738
- code refactor to add fqmul by @jakemas in #1748
- Updating Pyyaml Dependency by @smittals2 in #1746
- Enabling DIT flag in AArch64. by @nebeid in #1687
- Fix for BIO_gets and update documentation by @smittals2 in #1756
- Fix cmov implementation in ML-KEM/Kyber by @dkostic in #1760
- Add PQ key exchange OIDs by @WillChilds-Klein in #1730
- CI: speed up GHA package manipulation by skipping some feeds by @chipitsine in #1758
- Add macros for HMAC precomputed key sizes by @fabrice102 in #1745
- add basic support for dgst hmac in tool by @samuel40791765 in #1755
- Resolve useless_type_qualifier_on_return_type in hmac_test.cc by @skmcgrail in #1765
- refactor md5 tool with dgst and fix stdin behavior by @samuel40791765 in #1766
- Support OCSP_basic_add1_nonce by @samuel40791765 in #1736
- Support CMAKE_MSVC_RUNTIME_LIBRARY by @justsmth in #1737
- Tighten up experimental pointer guard macro by @torben-hansen in #1771
- Log prefix build options configuration by @torben-hansen in #1772
- EVP_PKEY_get0 implementation by @justsmth in #1749
- Upstream merge 2024 08 12 by @torben-hansen in #1761
- Improving instruction flow in
aes_hw_ctr32_encrypt_blockstail len = 0 case by @nebeid in #1774 - add support and tests for OCSP_basic_sign by @samuel40791765 in #1742
- Add -text support to X509 tool, add Version tool by @andrewhop in #1773
- Rename ocsp test files for clarity by @samuel40791765 in #1782
- Enable C11 automatically if the compiler supports it by @andrewhop in #1729
- Prepare for the 1.34.0 release by @andrewhop in #1786
New Contributors
- @chipitsine made their first contribution in #1758
Full Changelog: v1.33.0...v1.34.0
Contributors
skmcgrail, fabrice102, and 10 other contributors
Assets 2
AWS-LC-FIPS-2.0.15
What's Changed
- Fix aws-lc-rs GH CI for FIPS-2.x branch by @justsmth in #1651
- Allow aarch64 CPUID capability check for all Linux platforms by @skmcgrail in #1762
- [fips-2022-11-02] Backport Latest TLS Transfer Version by @skmcgrail in #1764
Full Changelog: AWS-LC-FIPS-2.0.14...AWS-LC-FIPS-2.0.15
Contributors
skmcgrail and justsmth
Assets 2
Release v1.33.0
What's Changed
- Added options to x509 tool by @ecdeye in #1696
- Add support to detect Neoverse V2 cores by @andrewhop in #1706
- Move OCSP functions for Ruby out of internal.h by @samuel40791765 in #1704
- Add aes-256-xts to EVP_get_cipherbyname by @torben-hansen in #1707
- Match using CMAKE_SYSTEM_PROCESSOR_LOWER by @justsmth in #1709
- Update MySQL to 9.0.0 by @skmcgrail in #1685
- [EC] Unify scalar multiplication for P-256/384/521 by @dkostic in #1693
- Adds const qualifier to ciphertext parameter in EVP_PKEY_decapsulate by @maddeleine in #1713
- Upstream merge 2024 06 24 by @nebeid in #1661
- NIST SP 800-108r1-upd1: KDF Counter Implementation by @skmcgrail in #1644
- Upstream merge 2024 07 09 by @nebeid in #1694
- Design for support of HMAC precomputed keys by @fabrice102 in #1574
- Fix for select point from table in ec_nistp scalar_mul by @dkostic in #1719
- X509toolcomparison by @ecdeye in #1714
- AWS-LC s2n-bignum update 2024-07-22 by @dkostic in #1718
- Add OpenVPN to CI by @smittals2 in #1705
- Lower required Go version, add CI test for specific version by @andrewhop in #1717
- ec2-test-framework enhancements and graviton 4 testing by @samuel40791765 in #1715
- sha + chacha: Move AArch64/X86-64 dispatching to C. by @justsmth in #1625
- Show number of pruned ec2 instances in dashboard by @samuel40791765 in #1728
- rsa and md5 tools by @ecdeye in #1722
- FIPS 203 IPD update: ML-KEM-IPD-768 and ML-KEM-IPD-1024 by @jakemas in #1724
- bump mysql CI to 9.0.1 by @samuel40791765 in #1727
- Support utility OCSP request functions by @samuel40791765 in #1708
- add support for OCSP_SINGLERESP functions by @samuel40791765 in #1703
- Prepare Release for v1.33.0 by @skmcgrail in #1734
- Implement BIO_puts and add callback function support to BIO_puts,gets,ctrl by @kexgaber in #1721
Full Changelog: v1.32.0...v1.33.0
Contributors
skmcgrail, fabrice102, and 11 other contributors
Assets 2
Release v1.32.0
What's Changed
- Update HMAC to fail when null value is passed to out parameter by @kexgaber in #1662
- Add EC seed functions as deprecated no-ops by @samuel40791765 in #1674
- Remove source patches for python main integration test by @WillChilds-Klein in #1681
- extend ec2-test-framework instance timeout by @samuel40791765 in #1688
- Add initial x509 tool by @ecdeye in #1666
- add support for EC_POINT_bn2point by @samuel40791765 in #1645
- Improve gcc-4.8 support/testing by @justsmth in #1665
- ec_nistp table generation for scalar multiplication by @dkostic in #1669
- Remove dead tail code from (non-SHA3) AES-GCM AArch64 kernel by @hanno-becker in #1639
- Set ret to NULL before return in EC_POINT_bn2point by @samuel40791765 in #1692
- Add CI script to build and test ACCP by @sp717 in #1684
- Update patch for tpm2-tss by @justsmth in #1698
- Update tcpdump integ test by @justsmth in #1699
- Add support for parsing ECPKParameter PEM files by @samuel40791765 in #1670
- add ECPKParameters_print as no-op by @samuel40791765 in #1686
- AES-GCM AArch64: Store swapped Htable values by @hanno-becker in #1403
- Add test to ensure sequence numbers are allowed to increase by more than one by @maddeleine in #1667
- Upstream: Add Intel Indirect Branch Tracking support by @justsmth in #1659
- Fix Windows/ARM64 assembly build by @justsmth in #1697
- Prepare release v1.32.0 by @justsmth in #1700
New Contributors
- @kexgaber made their first contribution in #1662
- @hanno-becker made their first contribution in #1639
- @sp717 made their first contribution in #1684
- @maddeleine made their first contribution in #1667
Full Changelog: v1.31.0...v1.32.0
Contributors
WillChilds-Klein, samuel40791765, and 7 other contributors
Assets 2
AWS-LC-FIPS-2.0.14
What's Changed
- [fips-2022-11-02] Make SSL_select_next_proto more robust to invalid calls. by @skmcgrail in #1680
- Include FIPS mode in OpenSSL_version return value by @WillChilds-Klein in #1689
- AWS-LC-FIPS-2.0.14 release preparation by @WillChilds-Klein in #1701
Full Changelog: AWS-LC-FIPS-2.0.13...AWS-LC-FIPS-2.0.14
Contributors
skmcgrail and WillChilds-Klein