v1.34.0

What's Changed

• Build CMake with multiple jobs to save time by @andrewhop in #1735
• Make aes_hw_ctr32_encrypt_blocks handle len=0 correctly by @nebeid in #1690
• add support for OCSP_copy_nonce by @samuel40791765 in #1711
• Specifying CPU threads in cmake_build.sh to fix CI failures by @smittals2 in #1740
• Upstream merge 2024 08 02 by @smittals2 in #1738
• code refactor to add fqmul by @jakemas in #1748
• Updating Pyyaml Dependency by @smittals2 in #1746
• Enabling DIT flag in AArch64. by @nebeid in #1687
• Fix for BIO_gets and update documentation by @smittals2 in #1756
• Fix cmov implementation in ML-KEM/Kyber by @dkostic in #1760
• Add PQ key exchange OIDs by @WillChilds-Klein in #1730
• CI: speed up GHA package manipulation by skipping some feeds by @chipitsine in #1758
• Add macros for HMAC precomputed key sizes by @fabrice102 in #1745
• add basic support for dgst hmac in tool by @samuel40791765 in #1755
• Resolve useless_type_qualifier_on_return_type in hmac_test.cc by @skmcgrail in #1765
• refactor md5 tool with dgst and fix stdin behavior by @samuel40791765 in #1766
• Support OCSP_basic_add1_nonce by @samuel40791765 in #1736
• Support CMAKE_MSVC_RUNTIME_LIBRARY by @justsmth in #1737
• Tighten up experimental pointer guard macro by @torben-hansen in #1771
• Log prefix build options configuration by @torben-hansen in #1772
• EVP_PKEY_get0 implementation by @justsmth in #1749
• Upstream merge 2024 08 12 by @torben-hansen in #1761
• Improving instruction flow in aes_hw_ctr32_encrypt_blocks tail len = 0 case by @nebeid in #1774
• add support and tests for OCSP_basic_sign by @samuel40791765 in #1742
• Add -text support to X509 tool, add Version tool by @andrewhop in #1773
• Rename ocsp test files for clarity by @samuel40791765 in #1782
• Enable C11 automatically if the compiler supports it by @andrewhop in #1729
• Prepare for the 1.34.0 release by @andrewhop in #1786

New Contributors

• @chipitsine made their first contribution in #1758

Full Changelog: v1.33.0...v1.34.0

AWS-LC-FIPS-2.0.15

What's Changed

• Fix aws-lc-rs GH CI for FIPS-2.x branch by @justsmth in #1651
• Allow aarch64 CPUID capability check for all Linux platforms by @skmcgrail in #1762
• [fips-2022-11-02] Backport Latest TLS Transfer Version by @skmcgrail in #1764

Full Changelog: AWS-LC-FIPS-2.0.14...AWS-LC-FIPS-2.0.15

Release v1.33.0

What's Changed

• Added options to x509 tool by @ecdeye in #1696
• Add support to detect Neoverse V2 cores by @andrewhop in #1706
• Move OCSP functions for Ruby out of internal.h by @samuel40791765 in #1704
• Add aes-256-xts to EVP_get_cipherbyname by @torben-hansen in #1707
• Match using CMAKE_SYSTEM_PROCESSOR_LOWER by @justsmth in #1709
• Update MySQL to 9.0.0 by @skmcgrail in #1685
• [EC] Unify scalar multiplication for P-256/384/521 by @dkostic in #1693
• Adds const qualifier to ciphertext parameter in EVP_PKEY_decapsulate by @maddeleine in #1713
• Upstream merge 2024 06 24 by @nebeid in #1661
• NIST SP 800-108r1-upd1: KDF Counter Implementation by @skmcgrail in #1644
• Upstream merge 2024 07 09 by @nebeid in #1694
• Design for support of HMAC precomputed keys by @fabrice102 in #1574
• Fix for select point from table in ec_nistp scalar_mul by @dkostic in #1719
• X509toolcomparison by @ecdeye in #1714
• AWS-LC s2n-bignum update 2024-07-22 by @dkostic in #1718
• Add OpenVPN to CI by @smittals2 in #1705
• Lower required Go version, add CI test for specific version by @andrewhop in #1717
• ec2-test-framework enhancements and graviton 4 testing by @samuel40791765 in #1715
• sha + chacha: Move AArch64/X86-64 dispatching to C. by @justsmth in #1625
• Show number of pruned ec2 instances in dashboard by @samuel40791765 in #1728
• rsa and md5 tools by @ecdeye in #1722
• FIPS 203 IPD update: ML-KEM-IPD-768 and ML-KEM-IPD-1024 by @jakemas in #1724
• bump mysql CI to 9.0.1 by @samuel40791765 in #1727
• Support utility OCSP request functions by @samuel40791765 in #1708
• add support for OCSP_SINGLERESP functions by @samuel40791765 in #1703
• Prepare Release for v1.33.0 by @skmcgrail in #1734
• Implement BIO_puts and add callback function support to BIO_puts,gets,ctrl by @kexgaber in #1721

Full Changelog: v1.32.0...v1.33.0

Release v1.32.0

What's Changed

• Update HMAC to fail when null value is passed to out parameter by @kexgaber in #1662
• Add EC seed functions as deprecated no-ops by @samuel40791765 in #1674
• Remove source patches for python main integration test by @WillChilds-Klein in #1681
• extend ec2-test-framework instance timeout by @samuel40791765 in #1688
• Add initial x509 tool by @ecdeye in #1666
• add support for EC_POINT_bn2point by @samuel40791765 in #1645
• Improve gcc-4.8 support/testing by @justsmth in #1665
• ec_nistp table generation for scalar multiplication by @dkostic in #1669
• Remove dead tail code from (non-SHA3) AES-GCM AArch64 kernel by @hanno-becker in #1639
• Set ret to NULL before return in EC_POINT_bn2point by @samuel40791765 in #1692
• Add CI script to build and test ACCP by @sp717 in #1684
• Update patch for tpm2-tss by @justsmth in #1698
• Update tcpdump integ test by @justsmth in #1699
• Add support for parsing ECPKParameter PEM files by @samuel40791765 in #1670
• add ECPKParameters_print as no-op by @samuel40791765 in #1686
• AES-GCM AArch64: Store swapped Htable values by @hanno-becker in #1403
• Add test to ensure sequence numbers are allowed to increase by more than one by @maddeleine in #1667
• Upstream: Add Intel Indirect Branch Tracking support by @justsmth in #1659
• Fix Windows/ARM64 assembly build by @justsmth in #1697
• Prepare release v1.32.0 by @justsmth in #1700

New Contributors

• @kexgaber made their first contribution in #1662
• @hanno-becker made their first contribution in #1639
• @sp717 made their first contribution in #1684
• @maddeleine made their first contribution in #1667

Full Changelog: v1.31.0...v1.32.0

AWS-LC-FIPS-2.0.14

What's Changed

• [fips-2022-11-02] Make SSL_select_next_proto more robust to invalid calls. by @skmcgrail in #1680
• Include FIPS mode in OpenSSL_version return value by @WillChilds-Klein in #1689
• AWS-LC-FIPS-2.0.14 release preparation by @WillChilds-Klein in #1701

Full Changelog: AWS-LC-FIPS-2.0.13...AWS-LC-FIPS-2.0.14

Release v1.31.0

What's Changed

• Add point add/dbl to ec_nistp_felem_meth and rename it to ec_nistp_meth by @dkostic in #1654
• Added constant_time_select array and entry_from_table by @dkostic in #1660
• Use params to build_compilation_database.sh by @justsmth in #1647
• Replace OPENSSL_NO_TLS_PHA with SSL_VERIFY_POST_HANDSHAKE by @WillChilds-Klein in #1668
• Make DH_check consistent with OpenSSL by @dkostic in #1642
• Update ACVP SHAKE test implementations by @billbo-yang in #1663
• [main] Make SSL_select_next_proto more robust to invalid calls. by @skmcgrail in #1675
• Better support legacy DES customers by @andrewhop in #1671
• AT_HWCAP2 not always defined by @justsmth in #1682
• Added generic EC scalar rwnaf encoding for ec_nistp by @dkostic in #1664
• Prepare for release v1.31.0 by @andrewhop in #1683

Full Changelog: v1.30.1...v1.31.0

Release v1.30.1

What's Changed

• Revert _CET_ENDBR by @justsmth in #1656
• Prepare for release v1.30.1 by @justsmth in #1657
• Fix for loading JCA stripped private keys by @dkostic in #1658

Full Changelog: v1.30.0...v1.30.1

AWS-LC-FIPS-2.0.13

What's Changed

• Snapsafe-type uniqueness breaking event detection (#1640) by @justsmth in #1648
• (FIPS Backport) Close FD in Snapsafe test function (#1649) by @justsmth in #1652
• (FIPS Backport) Add EVP_md_null and SSL_set_ciphersuites (#1637) by @WillChilds-Klein in #1653
• AWS-LC-FIPS-2.0.13 release preparation by @justsmth in #1655

Full Changelog: AWS-LC-FIPS-2.0.12...AWS-LC-FIPS-2.0.13

Release v1.30.0

What's Changed

• Move SSL_CIPHER_get_version test to SSLVersionTest.Version by @WillChilds-Klein in #1631
• Fix AES key size for AES256 in ABI test by @andrewhop in #1629
• Upstream merge 2024 06 03 by @samuel40791765 in #1621
• [EC] Unify point addition for P-256/384/521 by @dkostic in #1602
• Upstream Merge: Add Intel Indirect Branch Tracking support by @justsmth in #1628
• align gcc version with curl's CI by @samuel40791765 in #1633
• Add support for NETSCAPE_SPKI_print by @samuel40791765 in #1624
• More minor symbols for Ruby support by @samuel40791765 in #1581
• Upstream merge 2024-06-13 by @dkostic in #1636
• NIST.SP.800-56Cr2 One-Step Key Derivation by @skmcgrail in #1607
• OpenVPN error codes, SSL_get_peer_signature_* funcs, and first patch file by @smittals2 in #1584
• Require newer assembler for _CET_ENDBR by @justsmth in #1641
• Patch for OpenVPN certificate setting behavioral difference by @smittals2 in #1643
• Add de-randomized ML-KEM modes to experimental EVP API by @jakemas in #1578
• Add EVP_md_null and SSL_set_ciphersuites by @WillChilds-Klein in #1637
• Snapsafe-type uniqueness breaking event detection by @justsmth in #1640
• Prepare for release v1.30.0 by @justsmth in #1646
• Close FD in Snapsafe test function by @justsmth in #1649

Full Changelog: v1.29.0...v1.30.0

AWS-LC-FIPS-2.0.12

What's Changed

• [Backport] Prevent non-constant-time code in Kyber-R3 implementation by @geedo0 in #1632
• AWS-LC-FIPS-2.0.12 release preparation by @geedo0 in #1635

Full Changelog: AWS-LC-FIPS-2.0.11...AWS-LC-FIPS-2.0.12