Releases: aws/aws-lc
Releases · aws/aws-lc
Release v1.17.1
What's Changed
- Document Ed25519 verification operation by @torben-hansen in #1256
- Fix AES on PPCBE (32-bit and 64-bit). by @nebeid in #1213
- Upstream merge 2023-10-23 by @nebeid in #1262
- Create dirs in cmake build dir with default permissions by @sfod in #1269
- Refactor ED25519_keypair into hw and nohw backend by @torben-hansen in #1271
- Run basic test run in GHA before using expensive runners by @samuel40791765 in #1270
- Bump version to v1.17.1 by @justsmth in #1280
New Contributors
Full Changelog: v1.17.0...v1.17.1
Contributors
sfod, samuel40791765, and 3 other contributors
Assets 2
Release v1.17.0
What's Changed
- Add a FFDH benchmark to demonstrate how slow it is by @andrewhop in #1202
- Add missing NULL check in conf test by @torben-hansen in #1208
- Add EVP support for SHA512-224 by @WillChilds-Klein in #1170
- Handle x30 target register in delocator for aarch64 to avoid clobbering the register by @torben-hansen in #1204
- Elaborate on whiten factor for passive entropy by @torben-hansen in #1209
- Implement SSL_get_client_ciphers by @WillChilds-Klein in #1159
- Add ARM dimensions for integration test CI by @samuel40791765 in #1206
- Add back support for SSL_build_cert_chain by @samuel40791765 in #1200
- Add BIGNUM support for big-endian architectures by @justsmth in #1205
- For Issue-1185: Avoid 'may be used uninitialized' warning by @justsmth in #1212
- Use s2n-bignum's constant-time table lookup for copy_from_prebuf by @aqjune-aws in #1189
- No external conditioning by @torben-hansen in #1216
- Don't build FFDH benchmarks with AWS-LC API versions less than 22 by @andrewhop in #1218
- Add TLS Transfer Support Caller Responsibilities by @skmcgrail in #1223
- EC support for PPC64 big endian by @justsmth in #1214
- Update bio_info_cb to align with OpenSSL 3.x by @justsmth in #1222
- bump version to 2.0 for FIPS by @samuel40791765 in #1225
- Revert "Bump version to 2.0 for FIPS" by @samuel40791765 in #1227
- Abstract some ec2 CI logic and add support for c7g by @samuel40791765 in #1220
- Fix AppleClang 15 FIPS Shared Library Build by @skmcgrail in #1224
- Update rsa service indicator test vectors by @billbo-yang in #1230
- Expose SHAKE through the EVP API by @WillChilds-Klein in #1199
- Add support for RSA KeyGen AFT tests for FIPS186-5 to ACVP tool by @billbo-yang in #1234
- Fix Blake2b for BigEndian by @justsmth in #1235
- Upstream merge 2023-10-02 by @dkostic in #1221
- self destruct ec2 instances after certain amount of time by @samuel40791765 in #1233
- Fix bad cast in SSHKDF by @justsmth in #1241
- Add Github actions job pruner by @samuel40791765 in #1242
- Ensure array length assumption agree by @torben-hansen in #1246
- Use scoped version of EVP_MD_CTX in test by @samuel40791765 in #1244
- Resolve aws-lc-rs CI build issues by @skmcgrail in #1231
- Completely remove Jitter CPU from library artifact if not enabled by @torben-hansen in #1249
- Fix Spake25519 for big-endian by @justsmth in #1243
- Slight build fix and migrate to GHA for MacOS ARM CI by @samuel40791765 in #1245
- Fix 32-bit big-endian p521 bug by @justsmth in #1240
- Add support for BIO_FP_TEXT in file BIOs by @WillChilds-Klein in #1153
- Fix GCC 13.x compiler error by @justsmth in #1259
- Fix XChaCha20Poly1305 for big-endian by @justsmth in #1257
- Fix scrypt for big-endian by @justsmth in #1253
- Fix SipHash for big-endian by @justsmth in #1251
- Upstream merge 2023-10-15 by @andrewhop in #1250
- Add CRT integration test by @andrewhop in #1248
- Update patch for nginx integration CI by @samuel40791765 in #1260
- Add SDE+ASAN CI dimension by @samuel40791765 in #1254
- Add CI for Windows MSVC2019, MSVC2022, and SDE 32/64-bit by @samuel40791765 in #1228
- Test fixes by @nebeid in #1263
- Add a build option to the assembler to retain local symbols. by @nebeid in #1252
- Remove -mavx512vbmi2 clang compiler argument by @skmcgrail in #1266
Full Changelog: v1.16.0...v1.17.0
Contributors
skmcgrail, WillChilds-Klein, and 8 other contributors
Assets 2
Release AWS-LC FIPS v2.0.0
- FIPS module can be statically built.
- More KDFs are now approved.
Release v1.16.0
What's Changed
- Upstream merge 2023 08 25 by @nebeid in #1169
- Add support for LoongArch. by @liuxiang88 in #1137
- Lower returned number for SSL_CTX_get_security_level by @samuel40791765 in #1157
- Add AWS-LC version number to both OpenSSL_version and OPENSSL_VERSION_TEXT by @andrewhop in #767
- Simplify HAProxy integration tests by using built in filters by @andrewhop in #1174
- Fix and add CI for postgres build on arm by @samuel40791765 in #1176
- Align with OpenSSL on TLS 1.3 cipher suite constants. by @andrewhop in #1175
- Fix Compiler Error on GCC 13 by @skmcgrail in #1184
- add integration CI dimension for nginx by @samuel40791765 in #1143
- Alias RAND_priv_bytes to RAND_bytes by @geedo0 in #1180
- Add BN_CTX_secure_new alias for BN_CTX_new by @geedo0 in #1179
- Simplify Prefix Build Support by @skmcgrail in #1178
- Check for unset certificates in servers by @samuel40791765 in #1181
- Add prefix symbols for Windows FIPS Shared Build by @skmcgrail in #1191
- MSVC 2022 - Ignore C5266 and C5267 by @justsmth in #1190
- Fix AVX512 capability check by @justsmth in #1193
- Disable XTS use of AVX512 on Windows by @justsmth in #1195
- Use passive entropy source method by default for FIPS build mode by @torben-hansen in #1188
- add patch and integration CI dimension for sslproxy by @samuel40791765 in #1183
- Pull in the latest changes from s2n-bignum (2023-09-17) by @aqjune-aws in #1197
- Upstream Merge - Remove unions in EC_SCALAR and EC_FELEM. by @justsmth in #1177
- Remove a few lingering references to Rust bindings by @justsmth in #1203
- Calibrate BN_window_bits_for_ctime_exponent_size to use 5 by @aqjune-aws in #1166
- Bump release version to v1.16.0 by @torben-hansen in #1207
New Contributors
- @liuxiang88 made their first contribution in #1137
Full Changelog: v1.15.0...v1.16.0
Contributors
skmcgrail, geedo0, and 7 other contributors
Assets 2
v1.15.0
Main changes
Reduced RSA sign/verify latency on Graviton 2 for sizes 2048-4096. For example, RSA 2048 signing reduced from ~3.3 ms to 2 ms
What's Changed
- Add EVP_MD_do_all by @WillChilds-Klein in #1154
- error: '%s' directive argument is null by @justsmth in #1158
- Fix build on gcc 4.8.3 by @samuel40791765 in #1156
- Remove duplicate handling of OPENSSL_NO_ASM from CMake. by @PiotrSikora in #1149
- Add -DBUILD_TOOL=OFF to CMake. by @PiotrSikora in #1148
- Upstream merge 2023 08 09 by @justsmth in #1152, #1160, #1161
- Add missing symbols for SSLProxy support by @samuel40791765 in #1155
- RSA performance improvement on Graviton 2 - part 1: Update montgomery multiplication to use s2n-bignum's verified scalar bignum functions by @aqjune-aws in #1135
- Add more ssl runner tests for multiple certificate support by @samuel40791765 in #1141
- CVE-2023-3446 and CVE-2023-3817 by @dkostic in #1163
- Minor fix in aead test by @dkostic in #1165
- RSA performance improvement on Graviton 2 - part 2: Conditionally enable Neon version of s2n-bignum implementations for montgomery multiplications by @aqjune-aws in #1164
- Fix build for ppc64le by @justsmth in #1167
- Add additional documentation for X509 headers by @samuel40791765 in #1142
- Preparing for release v1.15.0 by @nebeid in #1171
New Contributors
- @PiotrSikora made their first contribution in #1149
Full Changelog: v1.14.0...v1.15.0
Contributors
PiotrSikora, WillChilds-Klein, and 5 other contributors
Assets 2
Release v1.14.0
What's Changed
- Fix formal verification CI by @samuel40791765 in #1130
- Pull in the latest changes from s2n-bignum (2023-07-25) by @aqjune-aws in #1114
- Upstream merge 2023 07 28 by @samuel40791765 in #1122
- Implementation passive entropy by @torben-hansen in #1125
- add curl integration test CI dimension by @samuel40791765 in #1134
- Retrieve multiple certificate slot for TLS1.2/1.3 based on negotiated sigalgs by @samuel40791765 in #1120
- ABI Diff GitHub Action by @skmcgrail in #1116
- Add vzeroupper instruction for AVX512 optimization in AES-XTS by @shirsing0712 in #1115
- Avoid UB in test shim by @torben-hansen in #1140
- Simplify the Kyber prefix build by @andrewhop in #1131
- Pull in the latest changes from s2n-bignum (2023-08-04) by @aqjune-aws in #1139
- Detect GCM-SIV alignment change by @justsmth in #1144
- Retrieve multiple certificate slot for TLS1.0/1.1 based on negotiated sigalgs by @samuel40791765 in #1138
- Update for Release v1.14.0 by @justsmth in #1150
New Contributors
- @aqjune-aws made their first contribution in #1114
Full Changelog: v1.13.0...v1.14.0
Contributors
skmcgrail, samuel40791765, and 5 other contributors
Assets 2
AWS-LC-FIPS-1.1.2
What's Changed
- [FIPS-2021-10-20] Detect GCM-SIV alignment change by @justsmth in #1147
- [FIPS-2021-10-20] Release v1.1.2 by @justsmth in #1151
Full Changelog: AWS-LC-FIPS-1.1.1...AWS-LC-FIPS-1.1.2
Contributors
justsmth
Assets 2
Release AWS-LC-FIPS-1.1.1
What's Changed
- Fix handling of EXFLAG_INVALID_POLICY on the leaf. by @andrewhop in #913
- [fips-2021-10-20] Backport CVE-2023-3446, CVE-2023-3817 fixes for DH_check by @skmcgrail in #1127
Full Changelog: AWS-LC-FIPS-1.1.0...AWS-LC-FIPS-1.1.1
Contributors
skmcgrail and andrewhop
Assets 2
Release v1.13.0
What's Changed
- EVP API ECDHE speed tool support by @torben-hansen in #1080
- fix rust sanity check CI by @samuel40791765 in #1106
- Silence static analyser by validating pointer prior to function call by @torben-hansen in #1107
- Improve LICENSE readability by @skmcgrail in #1110
- add back CERT_PKEY structure and refactor pointers by @samuel40791765 in #1086
- Turn on tests in CI dimension for mySQL by @samuel40791765 in #1063
- Fix DH_check() excessive time with oversized modulus by @skmcgrail in #1109
- Add GitHub CODEOWNERS by @skmcgrail in #1103
- Add BoringSSL Dispatch Test for aarch64 by @billbo-yang in #1093
- Run additional HAProxy tests by @andrewhop in #1097
- Add webhook event support for push to main and fips branches by @skmcgrail in #1082
- Remove CRNGT by @torben-hansen in #1112
- Make dispatch tests use corruptible registers on aarch64. by @nebeid in #1118
- Allow
SSL_CTXto use the new multiple certificate slots internally by @samuel40791765 in #1100 - Upstream merge 2023 07 18 by @nebeid in #1101
- tweak back error string functions with exclamation marks by @samuel40791765 in #1117
- Support changing OPENSSL_armcap with environment variable on Apple 64-bit ARM systems by @billbo-yang in #1045
- Abstract fips entropy functions by @torben-hansen in #1113
- Silence static analyser with additional checks by @samuel40791765 in #1123
- Fix Excessive time spent checking DH q parameter value by @skmcgrail in #1121
Full Changelog: v1.12.1...v1.12.2
Contributors
skmcgrail, samuel40791765, and 4 other contributors
Assets 2
v1.12.1
What's Changed
- Disable two "Visual Studio 17 2022" warnings by @justsmth in #1087
- Add HAProxy to our CI by @andrewhop in #1083
- Align OCSP behavior with OpenSSL for nginx by @samuel40791765 in #1077
- Merge and remove duplicate yml files in CI by @samuel40791765 in #1088
- Missing export symbols for OCSP by @samuel40791765 in #1091
- Turn on shared library build with HAProxy by @andrewhop in #1092
- Allow SHA3 digests with EC key types by @skmcgrail in #1094
- Release v1.12.1 by @andrewhop in #1095
Full Changelog: v1.12.0...v1.12.1
Contributors
skmcgrail, samuel40791765, and 2 other contributors