Release: v1.18.0

What's Changed

• Upstream merge 2023-11-20 by @torben-hansen in #1315
• Wire up s2n-bignum Ed25519 backend by @torben-hansen in #1309
• Allow 0 byte read/write in SSL_{read,write}_ex by @WillChilds-Klein in #1316
• Increment session hit counter for ticket resumptions by @WillChilds-Klein in #1320
• Add back SSL_use_certificate_chain_file by @samuel40791765 in #1312
• Log symbol name for fips scope assertion error by @torben-hansen in #1321
• Add support for building with pkgconfig by @samuel40791765 in #1310
• Docker images for loongarch64, ppc64, ppc64le, and riscv64 by @justsmth in #1168
• Use mkstemp instead of tmpname when available by @samuel40791765 in #1325
• CI for Build/Testing on PPC64BE by @justsmth in #1318
• Improve decision logic for s2n-bignum implementation by @torben-hansen in #1323
• Add null-check for input args in SSL_{read|write}_ex by @dkostic in #1326
• CI for PPC32 Cross build/test by @justsmth in #1329
• Give BIO an ex_data by @samuel40791765 in #1328
• Return 0 if using default proto min/max by @WillChilds-Klein in #1322
• Fix expected error string for Postgres integration by @samuel40791765 in #1330
• Improve backwards compatability for the TLS transfer parser by @torben-hansen in #1337
• Prepare release 1.18.0 by @justsmth in #1336

Full Changelog: v1.17.4...v1.18.0

Release: v1.17.4

What's Changed

• Add HybridKeyShare support for SecP256r1Kyber768Draft00 and X25519Kyber768Draft00 by @alexw91 in #1201
• Refactor ED25519_sign into hw and nohw backend by @torben-hansen in #1276
• Add back OCSP integration test executing by @samuel40791765 in #1303
• Refactor ED25519_verify into hw and nohw backend by @torben-hansen in #1305
• Add check for sk_X509_push by @samuel40791765 in #1304
• Upstream merge 2023-11-10 by @samuel40791765 in #1302
• Fix-up curve25519 code to prepare for s2n-bignum by @torben-hansen in #1306
• Fix bn_assert_fits_in_bytes for big-endian by @justsmth in #1258
• Include Codecov in CI by @justsmth in #1307
• Add integration ci for Monit by @samuel40791765 in #1286
• Use OPENSSL_DEPRECATED by @justsmth in #1285
• Silence warning on CMP0116 by @justsmth in #1284
• Add BNAssertTest by @justsmth in #1267
• Update s2n-bignum subtree 2023-11-15 by @torben-hansen in #1308
• Update s2n-bignum subtree 2023-11-19 by @torben-hansen in #1314
• Improve Codecov reporting by @justsmth in #1313
• Bump release version number string to 1.17.4 by @dkostic in #1319

Full Changelog: v1.17.3...v1.17.4

Release v1.17.3

What's Changed

• Upstream merge 2023-11-01 by @justsmth in #1277
• Upstream merge 2023-11-01 (part 2) by @justsmth in #1278
• Only update thread_states_list if freed state is head when prev is NULL by @skmcgrail in #1294
• Add PPC64BE to module wrapper by @andrewhop in #1295
• Revert "Give up on qsort for sk_FOO_sort" by @samuel40791765 in #1299
• Update the integrity hash calculation in bcm.c to handle big/little endian platforms by @andrewhop in #1300

Full Changelog: v1.17.2...v1.17.3

Release AWS-LC-FIPS v2.0.2

What's Changed

• [fips-2022-11-02] Only update thread_states_list if freed state is head when prev is NULL by @skmcgrail in #1298

Full Changelog: AWS-LC-FIPS-2.0.1...AWS-LC-FIPS-2.0.2

Release AWS-LC-FIPS v1.1.4

What's Changed

• [fips-2021-10-20] Only update thread_states_list if freed state is head when prev is NULL by @skmcgrail in #1296

Full Changelog: AWS-LC-FIPS-1.1.3...AWS-LC-FIPS-1.1.4

Release v1.17.2

What's Changed

• EVP_PKEY assert that method is found by @justsmth in #1279
• Rearrange X509 symbols for Monit support by @samuel40791765 in #1272
• Update gha windows instance type names by @samuel40791765 in #1283
• Use uint8_t not u_int8_t by @justsmth in #1287
• Update create_image.sh for formal verification to fetch the updated Dockerfile by @pennyannn in #1281
• Ensure rand_thread_state is always zerod in the event that CRYPTO_set_thread_local needs to call the deconstructor by @skmcgrail in #1288
• Don't use expired certificates if possible. by @samuel40791765 in #1282
• Bump version to 1.17.2 by @skmcgrail in #1290

Full Changelog: v1.17.1...v1.17.2

Release AWS-LC FIPS v2.0.1

What's Changed

• Backport rand_thread_state zero patch to 2022-11-02, bump version to 2.0.1. by @skmcgrail in #1289

Full Changelog: AWS-LC-FIPS-2.0.0...AWS-LC-FIPS-2.0.1

Release AWS-LC-FIPS v1.1.3

What's Changed

• Backport rand_thread_state zero patch to 2021-10-20, bump version to 1.1.3 by @skmcgrail in #1291

Full Changelog: AWS-LC-FIPS-1.1.2...AWS-LC-FIPS-1.1.3

Release v1.17.1

What's Changed

• Document Ed25519 verification operation by @torben-hansen in #1256
• Fix AES on PPCBE (32-bit and 64-bit). by @nebeid in #1213
• Upstream merge 2023-10-23 by @nebeid in #1262
• Create dirs in cmake build dir with default permissions by @sfod in #1269
• Refactor ED25519_keypair into hw and nohw backend by @torben-hansen in #1271
• Run basic test run in GHA before using expensive runners by @samuel40791765 in #1270
• Bump version to v1.17.1 by @justsmth in #1280

New Contributors

• @sfod made their first contribution in #1269

Full Changelog: v1.17.0...v1.17.1

Release v1.17.0

What's Changed

• Add a FFDH benchmark to demonstrate how slow it is by @andrewhop in #1202
• Add missing NULL check in conf test by @torben-hansen in #1208
• Add EVP support for SHA512-224 by @WillChilds-Klein in #1170
• Handle x30 target register in delocator for aarch64 to avoid clobbering the register by @torben-hansen in #1204
• Elaborate on whiten factor for passive entropy by @torben-hansen in #1209
• Implement SSL_get_client_ciphers by @WillChilds-Klein in #1159
• Add ARM dimensions for integration test CI by @samuel40791765 in #1206
• Add back support for SSL_build_cert_chain by @samuel40791765 in #1200
• Add BIGNUM support for big-endian architectures by @justsmth in #1205
• For Issue-1185: Avoid 'may be used uninitialized' warning by @justsmth in #1212
• Use s2n-bignum's constant-time table lookup for copy_from_prebuf by @aqjune-aws in #1189
• No external conditioning by @torben-hansen in #1216
• Don't build FFDH benchmarks with AWS-LC API versions less than 22 by @andrewhop in #1218
• Add TLS Transfer Support Caller Responsibilities by @skmcgrail in #1223
• EC support for PPC64 big endian by @justsmth in #1214
• Update bio_info_cb to align with OpenSSL 3.x by @justsmth in #1222
• bump version to 2.0 for FIPS by @samuel40791765 in #1225
• Revert "Bump version to 2.0 for FIPS" by @samuel40791765 in #1227
• Abstract some ec2 CI logic and add support for c7g by @samuel40791765 in #1220
• Fix AppleClang 15 FIPS Shared Library Build by @skmcgrail in #1224
• Update rsa service indicator test vectors by @billbo-yang in #1230
• Expose SHAKE through the EVP API by @WillChilds-Klein in #1199
• Add support for RSA KeyGen AFT tests for FIPS186-5 to ACVP tool by @billbo-yang in #1234
• Fix Blake2b for BigEndian by @justsmth in #1235
• Upstream merge 2023-10-02 by @dkostic in #1221
• self destruct ec2 instances after certain amount of time by @samuel40791765 in #1233
• Fix bad cast in SSHKDF by @justsmth in #1241
• Add Github actions job pruner by @samuel40791765 in #1242
• Ensure array length assumption agree by @torben-hansen in #1246
• Use scoped version of EVP_MD_CTX in test by @samuel40791765 in #1244
• Resolve aws-lc-rs CI build issues by @skmcgrail in #1231
• Completely remove Jitter CPU from library artifact if not enabled by @torben-hansen in #1249
• Fix Spake25519 for big-endian by @justsmth in #1243
• Slight build fix and migrate to GHA for MacOS ARM CI by @samuel40791765 in #1245
• Fix 32-bit big-endian p521 bug by @justsmth in #1240
• Add support for BIO_FP_TEXT in file BIOs by @WillChilds-Klein in #1153
• Fix GCC 13.x compiler error by @justsmth in #1259
• Fix XChaCha20Poly1305 for big-endian by @justsmth in #1257
• Fix scrypt for big-endian by @justsmth in #1253
• Fix SipHash for big-endian by @justsmth in #1251
• Upstream merge 2023-10-15 by @andrewhop in #1250
• Add CRT integration test by @andrewhop in #1248
• Update patch for nginx integration CI by @samuel40791765 in #1260
• Add SDE+ASAN CI dimension by @samuel40791765 in #1254
• Add CI for Windows MSVC2019, MSVC2022, and SDE 32/64-bit by @samuel40791765 in #1228
• Test fixes by @nebeid in #1263
• Add a build option to the assembler to retain local symbols. by @nebeid in #1252
• Remove -mavx512vbmi2 clang compiler argument by @skmcgrail in #1266

Full Changelog: v1.16.0...v1.17.0