Releases: aws/aws-lc
Releases · aws/aws-lc
AWS-LC FIPS-NETOS v1.29.1
What's Changed
- Add encap/decapKeyCheck support in ACVP by @samuel40791765 in #2872
- Clarify comments and API behaviour for equal-preference for TLS 1.3 by @torben-hansen in #2873
Full Changelog: v1.65.1...AWS-LC-FIPS-NETOS-v1.29.1
Contributors
samuel40791765 and torben-hansen
Assets 2
AWS-LC FIPS v3.1.0
What's Changed
- Cherry-pick BORINGSSL_bcm_text_hash Go utility by @skmcgrail in #2221
- Cherry-pick: Fix out-of-bound (OOB) input read in AES-XTS Decrypt in AVX-512 implementation by @nebeid in #2228
- Cherry-pick support for CMake 4.0 to fips-2024-09-27 by @justsmth in #2277
- Cherry-pick to fips-2024-09-27 by @skmcgrail in #2254
- Cherrypick SSL_CTX_use_cert_and_key for Librdkafka 2.8.0 support by @smittals2 in #2292
- [fips-2024-09-27][cherry-pick] FIPS Integrity Hash Tooling (#2296) by @skmcgrail in #2300
- Cherry-pick: Harden bound checking tests of AES-XTS and replace SSE instructions that degraded performance for certain input lengths by @nebeid in #2319
- [FIPS - Cherry-pick] Support allowing specific unknown critical extensions (#2377) by @justsmth in #2473
- [cherry-pick] Add back X509_STORE_get_verify_cb and X509_STORE_set_lookup_crls_cb by @skmcgrail in #2587
- Cherry-pick TLS transfer serialization changes to FIPS 3.x branch by @skmcgrail in #2672
- [cherry-pick for 2024 fips] Fix RSAZABI test and enable IFMA based RSA on Windows (#1869) by @torben-hansen in #2689
- [FIPS 2024 - CHERRY_PICK] Offer P521 for signature_algorithms in client Hello (#2572) by @justsmth in #2731
- Add CTR-DRBG derivation function by @torben-hansen in #2863
- Prepare FIPS 3.1.0 release by @torben-hansen in #2878
Full Changelog: AWS-LC-FIPS-3.0.0...AWS-LC-FIPS-3.1.0
Contributors
skmcgrail, torben-hansen, and 3 other contributors
Assets 2
v1.65.1
What's Changed
- Adjust image-build-android concurrency group by @skmcgrail in #2848
- s_client: Add TLS 1.2 and 1.3 protocol selection flags by @skmcgrail in #2850
- Fix AWS-LC Analytics Job by @skmcgrail in #2855
- Exclude .git from source size metric reporting by @skmcgrail in #2858
- Add EVP_bf_cfb64 by @nhatnghiho in #2851
- Add conversion and traceability for third-party test vectors by @sgmenda in #2839
- Verify size of mlen in ML-DSA external mu mode by @jakemas in #2841
- Replicate OpenSSL 1.1.1 behavior for BIO_s_mem BIO_NOCLOSE by @skmcgrail in #2864
- Add ACVP support for AES CFB128 by @WillChilds-Klein in #2861
- Add support for HMAC-SHA3 to ACVP tool by @samuel40791765 in #2866
- Move dk to Tests in ML-KEM ACVP by @samuel40791765 in #2867
- Prepare v1.65.1 by @justsmth in #2870
Full Changelog: v1.65.0...v1.65.1
Contributors
skmcgrail, WillChilds-Klein, and 5 other contributors
Assets 2
v1.65.0
What's Changed
- Use new images for fuzzing and x509 by @skmcgrail in #2804
- Disable old Windows jobs by @skmcgrail in #2812
- Remove unused Wycheproof test vectors by @sgmenda-aws in #2792
- Fix openldap; regenerate configure script by @justsmth in #2818
- Setup OIDC for exchanging GitHub Token for AWS Credentials by @skmcgrail in #2819
- Remove Docker Image build infrastructure from CodePipeline by @skmcgrail in #2822
- Fix bind9 CI failure by @justsmth in #2817
- [SCRUTINICE] Fix unchecked return value by @nhatnghiho in #2773
- Fix apache httpd; keep pytest <7.0 by @justsmth in #2825
- Fix tpm2-tss CI; update patches by @justsmth in #2827
- Refactor the staging repository to make the name consistent for writing IAM policies by @skmcgrail in #2824
- Fix OCSP CI failure by @justsmth in #2828
- Fix HAProxy CI failures by @justsmth in #2829
- Android Docker Image Build by @skmcgrail in #2830
- Fix workflow permissions for formal verification & windows by @skmcgrail in #2831
- [SCRUTINICE] Avoid NULL dereference by @justsmth in #2823
- Add infrastructure for managing third-party test vectors by @sgmenda-aws in #2811
- AES-XTS Enc Dec test on rand incremental length inputs by @manastasova in #2795
- Make N1 cpucap a subset of that of V1 and V2 by @nebeid in #2815
- Grant OIDC Token Permissions to Top-Level Image Build Workflow by @skmcgrail in #2837
- Guard for __NR_getrandom use by @justsmth in #2834
- Set SSL_R_NO_CIPHER_MATCH when failing to set ciphers by @skmcgrail in #2840
- Add CFI directives to chacha-armv8.pl by @andrewhop in #2633
- Add CFI directives in aesv8-armx.pl by @andrewhop in #2634
- Bump openssl from 0.10.66 to 0.10.73 in /tests/ci/lambda by @dependabot[bot] in #2550
- Match req CLI behavior with OpenSSL by @nhatnghiho in #2836
- Add authorization environments by @skmcgrail in #2843
- Adjust script to handle other event types by @skmcgrail in #2845
- Prepare AWS-LC v1.65.0 by @justsmth in #2844
Full Changelog: v1.64.0...v1.65.0
Contributors
skmcgrail, dependabot, and 6 other contributors
Assets 2
v1.64.0
What's Changed
- Update max polyz value by @jakemas in #2787
- ECR Repositories for Android and Formal Verification Images by @skmcgrail in #2794
- Support more "openssl rsa" options by @justsmth in #2777
- Remove python codebuild patches by @WillChilds-Klein in #2793
- Additional options for "openssl c_client" by @justsmth in #2791
- GitHub-based Formal Verification Image Build by @skmcgrail in #2796
- Use C++11 atomics to update session stats by @justsmth in #2786
- Support "openssl dhparam" by @justsmth in #2790
- Add scrutinice pull permissions for aws-lc/amazonlinux repository by @skmcgrail in #2799
- Use GitHub-based Verification Images by @skmcgrail in #2798
- Remove dead code by @torben-hansen in #2797
- Rename snapsafe to VM UBE by @torben-hansen in #2800
- Bump MySQL version tag to 9.5.0 by @samuel40791765 in #2768
- Migrate to macos-15-intel by @samuel40791765 in #2802
- Use right compiler with ruby CI by @samuel40791765 in #2801
- Migrate analytics job to be GitHub triggered by @skmcgrail in #2779
- Support NetBSD by @justsmth in #2754
- Make poly_chknorm constant flow by @jakemas in #2788
- Rename fork to fork UBE by @torben-hansen in #2803
- Extend grv asan timeout for Golang to allow completion by @torben-hansen in #2805
- Implement more options for req CLI by @nhatnghiho in #2775
- Ensure HMAC_Init_ex reinitializes data properly by @samuel40791765 in #2806
- Prepare release v1.64.0 by @justsmth in #2810
Full Changelog: v1.63.0...v1.64.0
Contributors
skmcgrail, WillChilds-Klein, and 5 other contributors
Assets 2
v1.63.0
What's Changed
- Fix tpm2-tss CI by @samuel40791765 in #2767
- Fix Ruby integration CI by @samuel40791765 in #2765
- Migrate Windows Omnibus to GitHub Workflow by @skmcgrail in #2780
- Add compiler to 24.04 docker image by @samuel40791765 in #2783
- CI add rpmbuild job by @torben-hansen in #2774
- Failing no-op implementations for several UI functions by @justsmth in #2772
- Tool util functions in tool_util.cc by @justsmth in #2778
- AES-XTS on AArch64: Set w19 earlier before cipher-stealing of 1 block + tail. by @nebeid in #2785
- Prepare release v1.63.0 by @torben-hansen in #2789
Bug fixes
- Fixed a bug in the AES-XTS-256 aarch64 architecture implementation. For input lengths of 17-31 bytes there was a 50% probability that an encryption operation would result in corrupted ciphertext. The resulting ciphertext would result in corrupted plaintext when performing a decrypt operation.
Full Changelog: v1.62.1...v1.63.0
Contributors
skmcgrail, samuel40791765, and 3 other contributors
Assets 2
v1.62.1
Post release edit
- This release contains a bug in the AES-XTS implementation on aarch64 platforms affecting input lengths of 17 to 31 bytes.
What's Changed
- Implement ecparam CLI tool by @kingstjo in #2718
- CodeBuild Setup for GitHub Docker Image Builds by @skmcgrail in #2745
- Add Docker Image Build Workflows by @skmcgrail in #2746
- Add ecr:BatchImportUpstreamImage for first-time cache pull-thru by @skmcgrail in #2747
- Use New Docker Images in GitHub Workflows by @skmcgrail in #2752
- Add OPENSSL_NO_UI_CONSOLE macro by @smittals2 in #2751
- Cipher-stealing: no need for re-loading round keys; they're still in registers. by @nebeid in #2734
- Fix windows CI job by @justsmth in #2744
- Consolidate GitHub CodeBuild Projects by @skmcgrail in #2757
- Don't log feature probe error message unless requested by @torben-hansen in #2755
- Implement more options for x509 CLI by @nhatnghiho in #2735
- AWS CodeBuild Fleets Setup by @skmcgrail in #2758
- ci: scope down GitHub Token permissions by @AdnaneKhan in #2762
- Fix librelp integration CI by @nhatnghiho in #2766
- Implement -passin for dgst cli by @nhatnghiho in #2763
- AL2023 x509-limbo container by @skmcgrail in #2761
- Migrate Graviton2 and Graviton4 from EC2 Test Framework by @skmcgrail in #2759
- Add Windows Docker Image Build by @skmcgrail in #2760
- Do no consider warnings fatal in CPU Jitter for LTO build by @torben-hansen in #2769
- Add more options to genrsa by @smittals2 in #2770
- Prepare v1.62.1 by @torben-hansen in #2771
New Contributors
- @AdnaneKhan made their first contribution in #2762
Full Changelog: v1.62.0...v1.62.1
Contributors
skmcgrail, AdnaneKhan, and 6 other contributors
Assets 2
v1.62.0
Post release edit
- This release contains a bug in the AES-XTS implementation on aarch64 platforms affecting input lengths of 17 to 31 bytes.
What's Changed
- nginx now supports AWS-LC by @samuel40791765 in #2714
- Fix tests that assume X25519 will be negotiated by @alexw91 in #2682
- Fixing a bug in ML-DSA poly_uniform function by @dkostic in #2721
- Migrate integration omnibus by @skmcgrail in #2715
- Delete util/bot directory by @justsmth in #2723
- Don't ignore CMAKE_C_FLAGS w/ MSVC by @justsmth in #2722
- Bump urllib3 from 2.2.3 to 2.5.0 in /tests/ci by @dependabot[bot] in #2551
- Type fix in mldsa by @manastasova in #2308
- Centralize password handling tool-openssl by @kingstjo in #2555
- crypto/pem: replace strncmp with CRYPTO_memcmp to fix -Wstring-compare error by @R3hankhan123 in #2724
- Implement dgst CLI command by @nhatnghiho in #2638
- Add ASN.1 decoding for ML-KEM private keys as seeds by @jakemas in #2707
- Implement genrsa command by @kingstjo in #2535
- Move udiv and sencond tweak calculations to when needed by @nebeid in #2726
- Add null check on RSA key checks by @samuel40791765 in #2727
- Implement workaround for FORTIFY_SOURCE warning with jitterentropy by @skmcgrail in #2728
- Implement coverity suggestions by @skmcgrail in #2730
- Add minimal EC CLI tool implementation by @kingstjo in #2640
- Adding pkeyutl tool to the CLI by @smittals2 in #2575
- Add CI dimensions for legacy AVX512 flags by @smittals2 in #2732
- Fix Libwebsockets CI by @smittals2 in #2737
- Add option ENABLE_SOURCE_MODIFICATION by @justsmth in #2739
- Simple script to build/run tests by @justsmth in #2736
- Add build-time option to opt-out of CPU Jitter Entropy by @torben-hansen in #2733
- Prepare v1.62.0 by @justsmth in #2743
New Contributors
- @R3hankhan123 made their first contribution in #2724
Full Changelog: v1.61.4...v1.62.0
Contributors
skmcgrail, alexw91, and 12 other contributors
Assets 2
v1.61.4
What's Changed
- Pin PyCA version in python integration tests by @WillChilds-Klein in #2706
- Migrate linux-x86 jobs to self-hosted runners by @skmcgrail in #2708
- Migrate Linux ARM omnibus by @skmcgrail in #2711
- Fixes for android CI tests by @nhatnghiho in #2713
- Check compiler for 'linux/random.h' by @justsmth in #2716
- Prepare 1.61.4 by @justsmth in #2717
Full Changelog: v1.61.3...v1.61.4
Contributors
skmcgrail, WillChilds-Klein, and 2 other contributors
Assets 2
v1.61.3
What's Changed
- Remove jitter entropy tests folder by @torben-hansen in #2702
- CodeBuild GitHub Actions Runner Project by @skmcgrail in #2704
- Prepare v1.61.3 by @torben-hansen in #2705
Full Changelog: v1.61.2...v1.61.3
Contributors
skmcgrail and torben-hansen