Releases: aws/s2n-tls
Releases · aws/s2n-tls
Release: v1.4.9
Weekly release for April 02 2024
What's Changed
- chore(bindings): release 0.1.7 by @camshaft in #4462
- fix: pedantic memory leak in handshake test by @jmayclin in #4463
- fix(test): narrow valgrind suppressions by @jmayclin in #4369
- Make S2N_CERT_AUTH_OPTIONAL the default for clients by @lrstewart in #4390
- bindings: mark Connection as Sync by @lrstewart in #4467
- bindings: ensure CFLAGS includes come after build script includes by @lrstewart in #4475
- feat: getter for TLS1.2 master secrets by @lrstewart in #4470
- example(bindings): client hello cb example by @jmayclin in #4385
- fix: refactor rust bindings fingerprint methods by @maddeleine in #4474
- fix: Adds non_exhaustive flag to FingerprintType by @maddeleine in #4481
- ci: add asan runs under gcc by @jmayclin in #4402
- New TLS1.2-only variant of 20230317 policy by @lrstewart in #4483
Full Changelog: v1.4.8...v1.4.9
Release: v1.4.8
What's Changed
- fix(bindings): Apply with_system_certs to Config builder() API by @goatgoose in #4456
- refactor: make memmove vs memcpy behavior clearer by @lrstewart in #4447
- refactor: clang-tidy null deref and undefined mod by @jmayclin in #4436
- build: remove unnecessary includes by @jmayclin in #4451
- feat: Add FIPS mode getter API by @goatgoose in #4450
- style: fix declarations without initial value by @jmayclin in #4404
- Add s2n_stuffer_shift by @lrstewart in #4458
- refactor: UBSAN build and address out of bound reads by @jmayclin in #4440
- feat: Add additional EC key validation for FIPS by @goatgoose in #4452
Full Changelog: v1.4.7...v1.4.8
Release v1.4.7
What's Changed
- style: manual initial value fix by @jmayclin in #4449
- api: add key update request functionality by @jmayclin in #4453
Full Changelog: v1.4.6...v1.4.7
Release: v1.4.6
What's Changed
- Add Rust bindings for certificate chains by @Mark-Simulacrum in #4398
- fix(test): fix dangling pointers in cert verify test by @jmayclin in #4430
- Extend license check to .rs files by @Mark-Simulacrum in #4428
- feat: apply cert signature preferences locally by @jmayclin in #4407
- test: add cert chain with mixed key sizes by @jmayclin in #4433
- chore: bindings bump by @maddeleine in #4437
- feat: add cert key preferences by @jmayclin in #4434
- fix: prevent enabling ktls with a buffered record header fragment by @lrstewart in #4426
- Relax HRR consistency requirements for second client hello by @goatgoose in #4429
- fix: Unsets global libcrypto rand by @maddeleine in #4424
- refactor: fix unread variable warnings by @jmayclin in #4405
- refactor: enforce stuffer return check by @jmayclin in #4399
- docs: Specify the return value of S2N_FAILURE for IO APIs by @goatgoose in #4446
Full Changelog: v1.4.5...v1.4.6
Release: v1.4.5
Weekly release for February 23 2024
What's Changed
- bindings: use aws-lc-rs instead of aws-lc-sys by @camshaft in #4415
- chore(bindings): release 0.1.4 by @WesleyRosenblum in #4418
- chore(bindings): release 0.1.5 by @WesleyRosenblum in #4420
- cleanup: Remove unused dependencies by @maddeleine in #4417
- refactor: zero static s2n_configs on cleanup by @jmayclin in #4416
- feat: Server name getter for client hello by @maddeleine in #4396
- fix: s2n_shutdown should handle partial records by @lrstewart in #4421
- chore(ci): Give OpenBSD CI job a performance boost by @knightjoel in #4427
- fix: parse fragmented sslv2 client hellos by @lrstewart in #4425
Full Changelog: v1.4.4...v1.4.5
Release: v1.4.4
Weekly release for February 14 2024
What's Changed
- enforce result checking for blob and mem by @jmayclin in #4389
- s2n-tls-tokio: use s2n_shutdown_send instead of s2n_shutdown by @lrstewart in #4374
- chore(bindings): bump aws-lc-sys by @toidiu in #4393
- chore(bindings): release by @toidiu in #4388
- utils: add map iteration iterator by @jmayclin in #4377
- Check fd status before using urandom by @goatgoose in #4352
- fix: only initialize default tls 1.3 config in tests by @camshaft in #4302
- feat: More client hello getters by @maddeleine in #4380
- refactor: generalize cert sig preference handling by @jmayclin in #4379
- style(bindings): address new clippy lint by @jmayclin in #4411
- build: make CMake test flags more consistent with make by @jmayclin in #4392
- refactor: Consolidate record wiping by @lrstewart in #4412
- allows cmake to force crypto linkage. by @sbiscigl in #4383
New Contributors
Full Changelog: v1.4.3...v1.4.4
Release: v1.4.3
Weekly release for January 30 2024
What's Changed
- refactor: ossl x509 parsing by @jmayclin in #4351
- feature: Use S2N_FAST_INTEG_TESTS to run pytest in parallel under nix by @dougch in #4368
- test: add additional test certs by @jmayclin in #4353
- chore: bindings release 0.1.2 by @jmayclin in #4376
- test: additional test certs by @jmayclin in #4378
- chore: add valgrind to nix develop by @dougch in #4365
- test: Adds SSLv3 integ test by @maddeleine in #4372
- More specific error for unexpected cert request by @lrstewart in #4381
- Fix SSLv3 detection with AWS-LC by @goatgoose in #4361
- ci: Disable broken rust dry-runs by @lrstewart in #4384
Full Changelog: v1.4.2...v1.4.3
Release: v1.4.2
What's Changed
- Add FIPS security rule by @lrstewart in #4315
- bindings: ensure CFLAGS includes come after libcrypto includes by @WesleyRosenblum in #4338
- (feat): Adds API to allow s2n-quic to check for resumption by @maddeleine in #4335
- chore: bindings release 0.1.1 by @WesleyRosenblum in #4341
- Add PQ integration tests between s2n and AWS-LC's libssl by @alexw91 in #4267
- feat: Publishes mdbook to Github Pages by @maddeleine in #4343
- bug: Fixes mdbook action by @maddeleine in #4345
- ktls: improve messaging around freed handshakes by @lrstewart in #4346
- fix(bindings): remove optional cmake dependency by @camshaft in #4347
- fix: stack-use-after-scope variable ordering by @jmayclin in #4355
- ci: cmake asan build by @jmayclin in #4048
- bindings: clean up blinding tests by @lrstewart in #4356
- Move client hello parsing out of unstable by @lrstewart in #4359
- ktls: add method to track key updates by @lrstewart in #4364
- Add new PQ TLS Policies by @alexw91 in #4327
- Fix s2n_shutdown + failed recv bug by @lrstewart in #4350
- bindings: fix handling of s2n_shutdown errors by @lrstewart in #4358
- Fix initialization errors in unit tests by @goatgoose in #4370
- docs(bench): update docs to reflect aws-lc default by @jmayclin in #4336
Full Changelog: v1.4.1...v1.4.2
Release: v1.4.1
Weekly release for December 22 2023
What's Changed
- documentation: fix security policy table by @jmayclin in #4304
- Enforce security rules on security policies by @lrstewart in #4311
- ci: add workflow for rust bench crate by @jmayclin in #4210
- bindings: release rust bindings 0.1.0 by @toidiu in #4313
- Fix incorrect inline assembly usage in s2n_rand_rdrand_impl by @DimasKovas in #4310
- cleanup: add getter for sequence number by @lrstewart in #4317
- ci: fix pep8 linting by @lrstewart in #4319
- ktls: add TLS1.3 support by @lrstewart in #4314
- ci: switch FreeBSD back to vmactions by @lrstewart in #4326
- ci: ignore cbmc prereleases by @lrstewart in #4328
- ci: switch autopep8 action by @lrstewart in #4322
- ci: pin home crate to fix rust build by @lrstewart in #4330
- ktls: handle TLS1.3 key limits by @lrstewart in #4318
- docs: remove gitter references by @lrstewart in #4332
- Add CBMC proof for s2n_stuffer_printf by @lrstewart in #4309
- ci: fix flaky interning test by @lrstewart in #4334
- ktls: add method to enable TLS1.3 by @lrstewart in #4331
- (docs): Reordered and moved usage guide into an mdbook by @maddeleine in #4300
- bindings: match tcp EOF behavior by @lrstewart in #4323
New Contributors
- @DimasKovas made their first contribution in #4310
Full Changelog: v1.4.0...v1.4.1
Release: v1.4.0
Weekly release for December 06 2023
What's Changed
- Fixes failing FreeBSD build in CI by @maddeleine in #4272
- Change pkey parse methods to return s2n_result by @lrstewart in #4271
- bindings: release 0.0.41 by @maddeleine in #4276
- Detect KEM support at runtime by @WillChilds-Klein in #4101
- Remove p384 restriction by @jmayclin in #4275
- ci: update integ dependencies by @jmayclin in #4261
- test: remove blinding from self_talk_sesion_id test by @jmayclin in #4281
- Bump cross-platform actions to pull in fix for failing to eject a disk by @maddeleine in #4278
- Add API to retrieve the supported groups for a security policy by @goatgoose in #4273
- bindings(rust): make callbacks Send + Sync by @camshaft in #4289
- fix(bindings): pin jobserver in more places and run cargo publish --dry-run in generate.sh by @WesleyRosenblum in #4255
- fix(bindings): enable session tickets after setting callback by @camshaft in #4292
- bench: increase cert chain length by @jmayclin in #4287
- ci: add mainline coverage job by @jmayclin in #4288
- fix: probe for all AES_GCM ktls variants by @camshaft in #4295
- feat(bindings): use aws-lc-sys instead of openssl-sys by @camshaft in #4290
- Remove NULLs in s2n_kex by @lrstewart in #4293
- feat: Adds ConnectionInitializer to Rust bindings by @maddeleine in #4250
- Remove s2n's internal Kyber512 implementation, and rely on AWS-LC for Kyber support by @alexw91 in #4283
- Clean up selecting a signature algorithm by @lrstewart in #4285
- Bump AWS-LC version to v1.17.4 by @alexw91 in #4303
- Update CloudFront's upstream ECC preference list by @zz85 in #4301
- Add basic "security rules" by @lrstewart in #4298
Full Changelog: v1.3.56...v1.4.0