Releases: aws/aws-lc
Releases · aws/aws-lc
v1.37.0
What's Changed
- Remove special s2n-bignum symbol handling sauce from build by @torben-hansen in #1903
- ML-KEM FIPS 203 destruction of intermediate values by @dkostic in #1883
- Create mutable EC_GROUP API for OpenSSL compatibility by @samuel40791765 in #1860
- Update Dilithium from crystals upstream by @jakemas in #1894
- Upstream merge 2024 09 16 by @andrewhop in #1862
- Add Alpine-Linux-x86 to GitHub Actions CI by @kexgaber in #1753
- P159598331 coverity cleanup by @skmcgrail in #1908
- add support for EVP_PKEY_CTX callback functions by @samuel40791765 in #1905
- Remove duplicate s2n-bignum prefix include option by @torben-hansen in #1909
- Handle Windows not supporting static array dimension by @torben-hansen in #1912
- Update FIPS docs w/ certs by @justsmth in #1900
- ML-DSA parameter refactor by @jakemas in #1910
- Implement more EVP_PKEY_DH functionality by @justsmth in #1880
- Add EC_GROUP mutablility to custom curves by @samuel40791765 in #1881
- Avoid allocating EVP_PKEY on size checks by @geedo0 in #1911
- build: fix pkgconfig files by @theoparis in #1913
- P161732527 coverity cleanup by @samuel40791765 in #1918
- Align X509 PARTIAL_CHAIN behavior with 1.1.1 by @samuel40791765 in #1917
- Add 2024 FIPS and fix build issues on older arm FIPS by @torben-hansen in #1920
- Prepare 1.37.0 release by @torben-hansen in #1927
New Contributors
- @theoparis made their first contribution in #1913
Full Changelog: v1.36.1...v1.37.0
Contributors
skmcgrail, geedo0, and 8 other contributors
Assets 2
AWS-LC-FIPS-2.0.17
What's Changed
- Align X509 PARTIAL_CHAIN behavior with 1.1.1 (#1917) by @samuel40791765 in #1921
- Prepare v2.0.17 release by @samuel40791765 in #1922
Full Changelog: AWS-LC-FIPS-2.0.16...AWS-LC-FIPS-2.0.17
Contributors
samuel40791765
Assets 2
AWS-LC-FIPS-2.0.16
What's Changed
- Map certs with ITUT X509 to our RSA implementation (#1754) by @nebeid in #1893
- Pin the version of aws-lc-verification to a known working version by @andrewhop in #1895
Full Changelog: AWS-LC-FIPS-2.0.15...AWS-LC-FIPS-2.0.16
Contributors
andrewhop and nebeid
Assets 2
v1.36.1
What's Changed
- Fix pkg-config files by @skmcgrail in #1890
- Remove nginx-tests patch now that upstream supports AWS-LC by @andrewhop in #1898
- Improve build and fix X509 test failures for Ruby by @samuel40791765 in #1887
- Use larger instance for c6g fips by @samuel40791765 in #1899
- Fix OCSP timebomb in tests by @samuel40791765 in #1891
- Github action asserting license statement in PR description by @torben-hansen in #1892
- Detect all Apple M* CPUs and enable the wide multiplier assembly implementations by @andrewhop in #1901
- Add and move OCSP no-op flags to own section by @samuel40791765 in #1902
- Prepare release 1.36.1 by @justsmth in #1906
Full Changelog: v1.36.0...v1.36.1
Contributors
skmcgrail, samuel40791765, and 3 other contributors
Assets 2
v1.36.0
What's Changed
- Check for null return pointers in pem_test.cc by @andrewhop in #1855
- Quell static-analysis concern about div-by-0 by @justsmth in #1866
- Update s2n-bignum subtree by @torben-hansen in #1865
- Add return checks on SHA3 functions in ML-KEM by @manastasova in #1859
- Map certs with ITUT X509 to our RSA implementation by @samuel40791765 in #1754
- ML-KEM encapsulation key modulus check by @dkostic in #1868
- Add docker image for gcc 7.2 by @justsmth in #1863
- ML-KEM decapsulation key hash check by @dkostic in #1873
- support building on illumos systems by @iliana in #1854
- Update Service Indicator to handle custom crypto through *_METHOD structs by @smittals2 in #1857
- Extend #1869, update Intel SDE; Enable Linux AVX512 IFMA usage by @justinwsmith in #1871
- Adding a runtime dis/enabler of DIT Capability on AArch64. by @nebeid in #1783
- Fix flaky ssl BadKemKeyShare tests by @dkostic in #1876
- ML-KEM encaps key modulus check optimization by @dkostic in #1874
- Add KBKDF counter HMAC KAT to self-test. by @nebeid in #1882
- Add explanation for FIPS 203 encaps and decaps input validation by @dkostic in #1884
- Prepare release v1.36.0 by @justsmth in #1885
New Contributors
Full Changelog: v1.35.1...v1.36.0
Contributors
iliana, justinwsmith, and 8 other contributors
Assets 2
v1.35.1
What's Changed
- More tweaks for Ruby integration by @samuel40791765 in #1852
- Implementation of EVP_PKEY_CTX_ctrl_str for various key types by @justsmth in #1850
- Add MLKEM768 Hybrid Groups to libssl by @alexw91 in #1849
- add support for PEM_write_bio_PrivateKey_traditional by @samuel40791765 in #1845
- Update s2n-bignum subtree by @torben-hansen in #1861
- Add asserts in testing to fix Coverity alert by @smittals2 in #1864
- Disable CRYPTO_is_AVX512IFMA_capable by @justsmth in #1858
Full Changelog: v1.35.0...v1.35.1
Contributors
alexw91, samuel40791765, and 3 other contributors
Assets 2
v1.35.0
What's Changed
- Use OPENSSL_STATIC_ASSERT which handles all the platform/compiler/C s… by @andrewhop in #1791
- ML-KEM refactor by @dkostic in #1763
- ML-KEM-IPD to ML-KEM as defined in FIPS 203 by @dkostic in #1796
- Add KDA OneStep testing to ACVP by @skmcgrail in #1792
- Updating erroneous documentation for BIO_get_mem_data and subsequent usage by @smittals2 in #1752
- No-op impls for several EVP_PKEY_CTX functions by @justsmth in #1759
- Drop "ipd" suffix from ML-KEM related code by @dkostic in #1797
- Upstream merge 2024 08 19 by @skmcgrail in #1781
- ML-KEM move to the FIPS module by @dkostic in #1802
- Reduce collision probability for variable names by @torben-hansen in #1804
- Refactor ENGINE API and memory around METHOD structs by @smittals2 in #1776
- bn: Move x86-64 argument-based dispatching of bn_mul_mont to C. by @justsmth in #1795
- Check at runtime that the tool is loading the same libcrypto it was built with by @andrewhop in #1716
- Avoid matching prefixes of a symbol as arm registers by @torben-hansen in #1807
- Add CI for FreeBSD by @justsmth in #1787
- Move curve25519 implementations to fips module except spake25519 by @torben-hansen in #1809
- Add CAST for SP 800-56Cr2 One-Step function by @skmcgrail in #1803
- Remove custom PKCS7 ASN1 functions, add new structs by @WillChilds-Klein in #1726
- NASM use default debug format by @justsmth in #1747
- Add KDF in counter mode ACVP Testing by @skmcgrail in #1810
- add support for OCSP_request_verify by @samuel40791765 in #1778
- Fix GitHub/CodeBuild Purge Lambda by @justsmth in #1808
- KBKDF_ctr_hmac FIPS Service Indicator by @skmcgrail in #1798
- Update x509 tool to write all output to common BIO which is a file or stdout by @andrewhop in #1800
- Add ML-KEM to speed.cc, bump AWSLC_API_VERSION to 30 by @andrewhop in #1817
- Add EVP_PKEY_asn1_* functions by @justsmth in #1751
- Improve portability of CI integration script by @torben-hansen in #1815
- Upstream merge 2024 08 23 by @justsmth in #1799
- Replace ECDSA_METHOD with EC_KEY_METHOD and add the associated API by @smittals2 in #1785
- Cherrypick "Add some barebones support for DH in EVP" by @samuel40791765 in #1813
- Add KDA OneStep (SSKDF_digest and SSKDF_hmac) to FIPS indicator by @skmcgrail in #1793
- Add EVP_Digest one-shot test XOFs by @WillChilds-Klein in #1820
- Wire-up ACVP Testing for SHA3 Signatures with RSA by @skmcgrail in #1805
- Make SHA3 (not SHAKE) Approved for EVP_DigestSign/Verify, RSA and ECDSA. by @nebeid in #1821
- Begin tracking RelWithDebInfo library statistics by @andrewhop in #1822
- Move EVP ed25519 function table under FIPS module by @torben-hansen in #1826
- Avoid C11 Atomics on Windows by @justsmth in #1824
- Improve pre-sandbox setup by @torben-hansen in #1825
- Add OCSP round trip integration test with minor fixes by @samuel40791765 in #1811
- Add various PKCS7 getters and setters by @WillChilds-Klein in #1780
- Run clang-format on pkcs7 code by @WillChilds-Klein in #1830
- Move KEM API and ML-KEM definitions to FIPS module by @torben-hansen in #1828
- fix socat integration CI by @samuel40791765 in #1833
- Retire out-of-module KEM folder by @torben-hansen in #1832
- Refactor RSA_METHOD and expand API by @smittals2 in #1790
- Update benchmark documentation in tool/readme.md by @andrewhop in #1812
- Pre jail unit test by @torben-hansen in #1835
- Move EVP KEM implementation to in-module and correct OID by @torben-hansen in #1838
- More minor symbols Ruby depends on by @samuel40791765 in #1837
- ED25519 Power-on Self Test / CAST / KAT by @skmcgrail in #1834
- ACVP ML-KEM testing by @skmcgrail in #1840
- ACVP ECDSA SHA3 Digest Testing by @skmcgrail in #1819
- ML-KEM Service Indicator for EVP_PKEY_keygen, EVP_PKEY_encapsulate, EVP_PKEY_decapsulate by @skmcgrail in #1844
- Add ML-KEM CAST for KeyGen, Encaps, and Decaps by @skmcgrail in #1846
- ED25519 Service Indicator by @skmcgrail in #1829
- Update Allowed RSA KeySize Generation to FIPS 186-5 specification by @skmcgrail in #1823
- Add ED25519 ACVP Testing by @skmcgrail in #1818
- Make EDDSA/Ed25519 POST lazy initalized by @skmcgrail in #1848
- add support for PEM Parameters without ASN1 hooks by @samuel40791765 in #1831
- Add OpenVPN tip of main to CI by @smittals2 in #1843
- Ensure SSE2 is enabled when using optimized assembly for 32-bit x86 by @graebm in #1841
- Add support for
EVP_PKEY_CTX_ctrl_str- Step #1 by @justsmth in #1842 - Added SHA3/SHAKE XOF functionality by @jakemas in #1839
- Migrated ML-KEM SHA3/SHAKE usage to fipsmodule by @jakemas in #1851
- AVX-512 support for RSA Signing by @pittma in #1273
Full Changelog: v1.34.2...v1.35.0
Contributors
skmcgrail, pittma, and 10 other contributors
Assets 2
v1.34.2
What's Changed
- add OCSP_response_create and OCSP_basic_add1_status by @samuel40791765 in #1732
- Use _Static_assert in refcount_c11.c to support old compilers that don't support the macro static_assert by @andrewhop in #1789
Full Changelog: v1.34.1...v1.34.2
Contributors
samuel40791765 and andrewhop
Assets 2
v1.34.1
What's Changed
- Silence tmpname warning by @torben-hansen in #1784
- Handle systems defining ATOMIC_LONG_LOCK_FREE as expression by @andrewhop in #1788
Full Changelog: v1.34.0...v1.34.1
Contributors
andrewhop and torben-hansen
Assets 2
v1.34.0
What's Changed
- Build CMake with multiple jobs to save time by @andrewhop in #1735
- Make aes_hw_ctr32_encrypt_blocks handle len=0 correctly by @nebeid in #1690
- add support for OCSP_copy_nonce by @samuel40791765 in #1711
- Specifying CPU threads in cmake_build.sh to fix CI failures by @smittals2 in #1740
- Upstream merge 2024 08 02 by @smittals2 in #1738
- code refactor to add fqmul by @jakemas in #1748
- Updating Pyyaml Dependency by @smittals2 in #1746
- Enabling DIT flag in AArch64. by @nebeid in #1687
- Fix for BIO_gets and update documentation by @smittals2 in #1756
- Fix cmov implementation in ML-KEM/Kyber by @dkostic in #1760
- Add PQ key exchange OIDs by @WillChilds-Klein in #1730
- CI: speed up GHA package manipulation by skipping some feeds by @chipitsine in #1758
- Add macros for HMAC precomputed key sizes by @fabrice102 in #1745
- add basic support for dgst hmac in tool by @samuel40791765 in #1755
- Resolve useless_type_qualifier_on_return_type in hmac_test.cc by @skmcgrail in #1765
- refactor md5 tool with dgst and fix stdin behavior by @samuel40791765 in #1766
- Support OCSP_basic_add1_nonce by @samuel40791765 in #1736
- Support CMAKE_MSVC_RUNTIME_LIBRARY by @justsmth in #1737
- Tighten up experimental pointer guard macro by @torben-hansen in #1771
- Log prefix build options configuration by @torben-hansen in #1772
- EVP_PKEY_get0 implementation by @justsmth in #1749
- Upstream merge 2024 08 12 by @torben-hansen in #1761
- Improving instruction flow in
aes_hw_ctr32_encrypt_blockstail len = 0 case by @nebeid in #1774 - add support and tests for OCSP_basic_sign by @samuel40791765 in #1742
- Add -text support to X509 tool, add Version tool by @andrewhop in #1773
- Rename ocsp test files for clarity by @samuel40791765 in #1782
- Enable C11 automatically if the compiler supports it by @andrewhop in #1729
- Prepare for the 1.34.0 release by @andrewhop in #1786
New Contributors
- @chipitsine made their first contribution in #1758
Full Changelog: v1.33.0...v1.34.0
Contributors
skmcgrail, fabrice102, and 10 other contributors