Release v1.24.0

What's Changed

• Add ASN1_i2d_bio and ASN1_i2d_bio_of back by @samuel40791765 in #1486
• Provide an API to turn off blinding for RSA by @amirhosv in #1479
• Error Codes for NodeJS compatibility added by @smittals2 in #1475
• Adding No-op functions required for NodeJS compatability by @smittals2 in #1474
• Only enable dilithium and secp256k1 benchmark if AWS-LC API supports it by @andrewhop in #1495
• Update the BoringSSL benchmark to install libdecrepit by @andrewhop in #1505
• Update patches and build methods for integration CI by @samuel40791765 in #1507
• Fix overscoped json policies in CI by @samuel40791765 in #1494
• RSA key check consolidation part 2 by @dkostic in #1502
• Add integration CI for tpm2-tools by @samuel40791765 in #1487
• Attempt to fix rust sanity check by @samuel40791765 in #1512
• Always install libdecrepit for BoringSSL benchmark by @andrewhop in #1513
• Various minor functions to support mysql 8.3 by @samuel40791765 in #1496
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 cipher suite support by @skmcgrail in #1455
• Cherry-pick 3 RSA related commits from upstream by @dkostic in #1510
• Support for MinGW on Windows by @justinwsmith in #1492
• Upstream merge 2024-03-11 by @andrewhop in #1488
• [ML-KEM] Import ml-kem-ipd source code from Crystals repo by @dkostic in #1514
• Upstream merge 2024 03 18 by @nebeid in #1501
• Fix CPython patches by @WillChilds-Klein in #1515
• Clarify documentation around SSL_MODE_NO_AUTO_CHAIN by @samuel40791765 in #1509
• RSA key pair-wise consistency test with approved APIs by @dkostic in #1518
• Upstream merge 2024-03-21 by @justsmth in #1506
• Add NULL checks to EVP_MD_CTX_cleanse/cleanup by @dkostic in #1519
• add support for X509_get_signature_info by @samuel40791765 in #1504
• allow empty lists in SSL_CTX_set_ciphersuites by @samuel40791765 in #1511
• aws-lc-rs CI step must use CMake to build by @justsmth in #1523
• Bump to v1.24.0 by @justsmth in #1522

New Contributors

• @amirhosv made their first contribution in #1479
• @smittals2 made their first contribution in #1475
• @justinwsmith made their first contribution in #1492

Full Changelog: v1.23.0...v1.24.0

Release: v1.23.0

What's Changed

• Aws lc s2n bignum update 2024 03 06 by @aqjune-aws in #1478
• Add updated porting guide for AWS-LC by @samuel40791765 in #1463
• Add more platforms to CI by @justsmth in #1467
• Adds CI job to test strongSwan integration by @geedo0 in #1472
• Update go.cmake to use PROJECT_SOURCE_DIR by @andrewhop in #1484
• Update return type for EVP_EncodeUpdate by @samuel40791765 in #1481
• Pin Monit CI to a specific release by @samuel40791765 in #1490
• Remove SSL Proxy API version update reminders by @samuel40791765 in #1491
• RSA key check consolidation part 1b by @dkostic in #1480
• Remove build patch for bind9 by @samuel40791765 in #1497
• Update return value from EVP_Encode_Update in one error case by @nebeid in #1499
• Bump the release version number string to 1.23.0 by @dkostic in #1500

Full Changelog: v1.22.0...v1.23.0

AWS-LC-FIPS-2.0.9

What's Changed

Backporting of 2 build fixes from main:

• [Backport] Use x30 instead of lr which otherwise trip some versions of gcc by @justsmth in #1489
• [Backport] Update go.cmake to use PROJECT_SOURCE_DIR by @justsmth in #1485

Other changes

• FIPS 2.0.9 release version number update by @justsmth in #1493

Full Changelog: AWS-LC-FIPS-2.0.8...AWS-LC-FIPS-2.0.9

Release v1.22.0

What's Changed

• Update patch for tpm2-tss by @justsmth in #1422
• Zero the stack after AVX-512 XTS by @pittma in #1415
• Add cpython integration test by @WillChilds-Klein in #1359
• Upstream merge 2024 01 29 by @torben-hansen in #1425
• Cleanup for CMAKE_ASM_FLAGS by @justsmth in #1430
• Verify contentinfo content is NULL is handled by @torben-hansen in #1428
• Disable failing MariaDB tests by @justsmth in #1436
• Speed up CodeBuild CI by @andrewhop in #1426
• Fix BIOTest.InvokeConnectCallback test. by @PiotrSikora in #1433
• CodeBuild project public artifacts by @justsmth in #1438
• Patch trousers by @justsmth in #1432
• Additional EVP_AEAD_CTX / TLS Transfer Serialization Tests by @skmcgrail in #1407
• Change sk_*_find signature to 2-arg for OpenSSL comapat by @WillChilds-Klein in #1429
• Include FIPS mode in OpenSSL_version return value by @WillChilds-Klein in #1419
• Slight tweaks and integration CI to support Bind9 by @samuel40791765 in #1423
• Upstream merge 2024 02 09 by @justsmth in #1439
• Fix mariadb CI broken by upstream by @samuel40791765 in #1443
• Upstream merge 2024 02 13 by @torben-hansen in #1440
• Reduce compiler ability to optimise to statisfy gcc 9.5 by @torben-hansen in #1442
• Fix Clang-6 FIPS static build issue by @skmcgrail in #1424
• Use OPENSSL_zalloc in more places by @justsmth in #1447
• RSA key check consolidation part 1a by @dkostic in #1349
• Fixing typo in comment in md32_common.h by @fabrice102 in #1453
• Add platform support section to README by @justsmth in #1446
• Make the clang-6 bcm-delocated.S directive behavior for start/end symbols dynamic by @skmcgrail in #1456
• Upstream merge 2024 02 23 by @samuel40791765 in #1452
• Avoid out of range pc-relative fixup value by @justsmth in #1454
• Android 14: Don't set execute-only on FIPS .text segment by @justsmth in #1460
• Use x30 instead of lr which otherwise trip some versions of gcc by @torben-hansen in #1464
• Add misc. x509 un/lock and set1 functions by @WillChilds-Klein in #1449
• Add support for s390x architecture. by @PiotrSikora in #1431
• Upstream merge 2024-02-28 by @dkostic in #1459
• Convert ERR_LIB_* from enum to macros by @WillChilds-Klein in #1470
• Staging v1.22.0 release by @justsmth in #1471

New Contributors

• @pittma made their first contribution in #1415
• @fabrice102 made their first contribution in #1453

Full Changelog: v1.21.0...v1.22.0

AWS-LC-FIPS v2.0.8

What's Changed

Backporting of 2 build fixes from main

• [Backport] Make the clang-6 bcm-delocated.S directive behavior for start/end symbols dynamic by @skmcgrail in #1457
• [Backport] Android 14: Don't set execute-only on FIPS .text segment by @justsmth in #1461

Other changes

• FIPS 2.0.8 release version number update by @justsmth in #1458

Full Changelog: AWS-LC-FIPS-2.0.7...AWS-LC-FIPS-2.0.8

AWS-LC-FIPS v2.0.7

What's Changed

Backporting of 3 build fixes from main:

• Fix Clang-6 FIPS static build issue (#1424) by @skmcgrail in #1450
• Fix delocator and FIPS static build prefixing behaviors (#1342) by @skmcgrail #1451
• Mark bcm_redirector functions as local (#1352) by @skmcgrail #1451

Other changes

• Update version for 2.0.7 by @justsmth #1451

Full Changelog: AWS-LC-FIPS-2.0.6...AWS-LC-FIPS-2.0.7

Release v1.21.0

What's Changed

• Shorten cmake test names so they fit in GitHub by @andrewhop in #1394
• Turn off flaky MariaDB test main.ssl_crl by @andrewhop in #1396
• Update all integration targets to use RelWithDebInfo and increase size of ARM OpenSSH test host by @andrewhop in #1393
• Update base ec2 test framework by @andrewhop in #1395
• Use system allocator for thread-local values by @justsmth in #1397
• Implement AES-CCM by @geedo0 in #1373
• Upstream merge 2024 01 05 by @justsmth in #1385
• Implement SSL_MODE_AUTO_RETRY by @WillChilds-Klein in #1333
• Turn off Graviton 3 test by @andrewhop in #1399
• temporarily turn off 32-bit Windows SDE CI by @samuel40791765 in #1406
• allow HMAC via EVP_PKEY raw privkey functions by @samuel40791765 in #1338
• Only build the grpc tests that we're going to run to save time by @andrewhop in #1412
• Update CDK docs/dependencies by @justsmth in #1392
• Update Formal Verification section in README to match latest status by @pennyannn in #1413
• Upstream merge 2024 01 12 by @andrewhop in #1402
• Skip another MariaDB test that appears to be flaky. P112867839 by @andrewhop in #1411
• Integration with tpm2-tss by @justsmth in #1361
• Fix issue with iOS FIPS builds. Requires -DCMAKE_SYSTEM_NAME=iOS by @skmcgrail in #1416
• Add socat integration test by @andrewhop in #1387
• Use standard CMake options to specify C/C++ language standard, add BoringSSL to speed test by @andrewhop in #1410
• Upstream merge 2024 01 17 by @skmcgrail in #1414
• More test coverage for AWSLC_thread_local_clear by @justsmth in #1409
• Staging v1.21.0 release by @torben-hansen in #1421

Full Changelog: v1.20.0...v1.21.0

AWS-LC-FIPS v2.0.6

What's Changed

• Backport: Fix issue with iOS FIPS builds. Requires -DCMAKE_SYSTEM_NAME=iOS by @skmcgrail in #1417
• FIPS 2.0.6 release version number update by @justsmth in #1418

Full Changelog: AWS-LC-FIPS-2.0.5...AWS-LC-FIPS-2.0.6

AWS-LC-FIPS v2.0.5

What's Changed

• Backport: Fix AppleClang 15 FIPS Shared Build (#1224) by @justsmth in #1400
• FIPS-2022-11-02: thread-local using system allocator by @justsmth in #1401

Full Changelog: AWS-LC-FIPS-2.0.4...AWS-LC-FIPS-2.0.5

Release v1.20.0

What's Changed

• TrouSerS integration by @justsmth in #1364
• Fix delocator and FIPS static build prefixing behaviors by @skmcgrail in #1342
• Add HMAC init benchmark by @andrewhop in #1370
• Add option to run speed for specified milliseconds by @andrewhop in #1368
• Add assertions and unify tmpfile uniqueptr by @samuel40791765 in #1372
• Add DH groups from RFC 7919 to support MySQL 8.1 by @samuel40791765 in #1371
• Add back support for EVP_PKEY_HMAC by @samuel40791765 in #1324
• Update poly_compress and polyvec_compress to prevent the compiler from using DIV by @brian-jarvis-aws in #1376
• Fix memory leaks in speed.cc by @andrewhop in #1377
• Fix case issue with sha-224 in speed tool by @torben-hansen in #1379
• Fix speed tool timeout flag by @justsmth in #1382
• check/assert hmac_update success by @justsmth in #1383
• Upstream merge 2024 01 02 by @nebeid in #1374
• Add an integration test for NTP by @andrewhop in #1369
• Add an additional test that HAProxy is built with AWS-LC by @andrewhop in #1386
• Add CMake GitHub Actions CI by @skmcgrail in #1367
• Always run 'apt-get update' before 'installing' by @andrewhop in #1391
• Initialize ECCurveTest values to null instead of relying on uninitialized value from default constructor by @andrewhop in #1389
• Staging v1.20.0 release by @andrewhop in #1390

Full Changelog: v1.19.0...v1.20.0