v1.35.0

What's Changed

• Use OPENSSL_STATIC_ASSERT which handles all the platform/compiler/C s… by @andrewhop in #1791
• ML-KEM refactor by @dkostic in #1763
• ML-KEM-IPD to ML-KEM as defined in FIPS 203 by @dkostic in #1796
• Add KDA OneStep testing to ACVP by @skmcgrail in #1792
• Updating erroneous documentation for BIO_get_mem_data and subsequent usage by @smittals2 in #1752
• No-op impls for several EVP_PKEY_CTX functions by @justsmth in #1759
• Drop "ipd" suffix from ML-KEM related code by @dkostic in #1797
• Upstream merge 2024 08 19 by @skmcgrail in #1781
• ML-KEM move to the FIPS module by @dkostic in #1802
• Reduce collision probability for variable names by @torben-hansen in #1804
• Refactor ENGINE API and memory around METHOD structs by @smittals2 in #1776
• bn: Move x86-64 argument-based dispatching of bn_mul_mont to C. by @justsmth in #1795
• Check at runtime that the tool is loading the same libcrypto it was built with by @andrewhop in #1716
• Avoid matching prefixes of a symbol as arm registers by @torben-hansen in #1807
• Add CI for FreeBSD by @justsmth in #1787
• Move curve25519 implementations to fips module except spake25519 by @torben-hansen in #1809
• Add CAST for SP 800-56Cr2 One-Step function by @skmcgrail in #1803
• Remove custom PKCS7 ASN1 functions, add new structs by @WillChilds-Klein in #1726
• NASM use default debug format by @justsmth in #1747
• Add KDF in counter mode ACVP Testing by @skmcgrail in #1810
• add support for OCSP_request_verify by @samuel40791765 in #1778
• Fix GitHub/CodeBuild Purge Lambda by @justsmth in #1808
• KBKDF_ctr_hmac FIPS Service Indicator by @skmcgrail in #1798
• Update x509 tool to write all output to common BIO which is a file or stdout by @andrewhop in #1800
• Add ML-KEM to speed.cc, bump AWSLC_API_VERSION to 30 by @andrewhop in #1817
• Add EVP_PKEY_asn1_* functions by @justsmth in #1751
• Improve portability of CI integration script by @torben-hansen in #1815
• Upstream merge 2024 08 23 by @justsmth in #1799
• Replace ECDSA_METHOD with EC_KEY_METHOD and add the associated API by @smittals2 in #1785
• Cherrypick "Add some barebones support for DH in EVP" by @samuel40791765 in #1813
• Add KDA OneStep (SSKDF_digest and SSKDF_hmac) to FIPS indicator by @skmcgrail in #1793
• Add EVP_Digest one-shot test XOFs by @WillChilds-Klein in #1820
• Wire-up ACVP Testing for SHA3 Signatures with RSA by @skmcgrail in #1805
• Make SHA3 (not SHAKE) Approved for EVP_DigestSign/Verify, RSA and ECDSA. by @nebeid in #1821
• Begin tracking RelWithDebInfo library statistics by @andrewhop in #1822
• Move EVP ed25519 function table under FIPS module by @torben-hansen in #1826
• Avoid C11 Atomics on Windows by @justsmth in #1824
• Improve pre-sandbox setup by @torben-hansen in #1825
• Add OCSP round trip integration test with minor fixes by @samuel40791765 in #1811
• Add various PKCS7 getters and setters by @WillChilds-Klein in #1780
• Run clang-format on pkcs7 code by @WillChilds-Klein in #1830
• Move KEM API and ML-KEM definitions to FIPS module by @torben-hansen in #1828
• fix socat integration CI by @samuel40791765 in #1833
• Retire out-of-module KEM folder by @torben-hansen in #1832
• Refactor RSA_METHOD and expand API by @smittals2 in #1790
• Update benchmark documentation in tool/readme.md by @andrewhop in #1812
• Pre jail unit test by @torben-hansen in #1835
• Move EVP KEM implementation to in-module and correct OID by @torben-hansen in #1838
• More minor symbols Ruby depends on by @samuel40791765 in #1837
• ED25519 Power-on Self Test / CAST / KAT by @skmcgrail in #1834
• ACVP ML-KEM testing by @skmcgrail in #1840
• ACVP ECDSA SHA3 Digest Testing by @skmcgrail in #1819
• ML-KEM Service Indicator for EVP_PKEY_keygen, EVP_PKEY_encapsulate, EVP_PKEY_decapsulate by @skmcgrail in #1844
• Add ML-KEM CAST for KeyGen, Encaps, and Decaps by @skmcgrail in #1846
• ED25519 Service Indicator by @skmcgrail in #1829
• Update Allowed RSA KeySize Generation to FIPS 186-5 specification by @skmcgrail in #1823
• Add ED25519 ACVP Testing by @skmcgrail in #1818
• Make EDDSA/Ed25519 POST lazy initalized by @skmcgrail in #1848
• add support for PEM Parameters without ASN1 hooks by @samuel40791765 in #1831
• Add OpenVPN tip of main to CI by @smittals2 in #1843
• Ensure SSE2 is enabled when using optimized assembly for 32-bit x86 by @graebm in #1841
• Add support for EVP_PKEY_CTX_ctrl_str - Step #1 by @justsmth in #1842
• Added SHA3/SHAKE XOF functionality by @jakemas in #1839
• Migrated ML-KEM SHA3/SHAKE usage to fipsmodule by @jakemas in #1851
• AVX-512 support for RSA Signing by @pittma in #1273

Full Changelog: v1.34.2...v1.35.0