Releases: aws/s2n-tls
Releases · aws/s2n-tls
Release: v1.5.9
Weekly release for November 13 2024
Summary
- Disables use of the atexit handler to cleanup global state. See GHSA-rp9h-rf7g-hwgr.
What's Changed
- chore: configure dependabot by @dougch in #4861
- chore: broaden use of flaky mark by @dougch in #4865
- feat: Reworking cleanup behavior by @maddeleine in #4871
Full Changelog: v1.5.8...v1.5.9
Contributors
dougch and maddeleine
Assets 2
Release: v1.5.8
Weekly release for November 12 2024
What's Changed
- fix: typo in comment of s2n_self_talk_tls13_test by @boquan-fang in #4864
- doc: fix incorrect README references by @jouho in #4863
- chore: bindings release 0.3.6 by @goatgoose in #4867
- build: add s2n_prelude.h to consolidate defines by @camshaft in #4465
- fix: move prelude inclusion as PRIVATE by @camshaft in #4876
- ci: remove www.mozilla.com from well-known to unblock CI by @toidiu in #4880
- ci: Clean dup source tree for CRT by @dougch in #4882
- chore: remove unused benchmarks by @jmayclin in #4869
- feat: add new security policy
20241106by @toidiu in #4874 - chore: update github PR template by @lrstewart in #4885
- fix: fix open AF_INET sockets in s2n_self_talk_ktls_test.c by @boquan-fang in #4852
Full Changelog: v1.5.7...v1.5.8
Contributors
camshaft, goatgoose, and 6 other contributors
Assets 2
Release: v1.5.7
Weekly release for November 01 2024
Summary
- Adds the
s2n_connection_get_certificate_match()API, which allows users to determine whether the server was able to provide the client with a certificate chain that matched the client's SNI extension. - Adds the
s2n_cleanup_final()API, which allows users to completely cleanup and deinitialize s2n-tls, regardless of the s2n-tls atexit configuration. - Fixes
poll_flush()in the rust bindings to properly flush pending send data without producing an error.
What's Changed
- (feat): Adds certificate match metrics API by @maddeleine in #4844
- chore: grant duvet more permissions by @dougch in #4854
- chore: bindings release 0.3.5 by @toidiu in #4860
- test(bindings): Consolidate test pems by @goatgoose in #4858
- feat: Adds cleanup_final by @maddeleine in #4853
- fix(bindings): correct poll_flush implementation by @lrstewart in #4859
- docs: update fips documentation to specify supported libcrypto by @toidiu in #4857
- fix: close all /dev/urandom open fds by @boquan-fang in #4835
Full Changelog: v1.5.6...v1.5.7
Contributors
goatgoose, toidiu, and 4 other contributors
Assets 2
Release: v1.5.6
Weekly release for October 23 2024
What's Changed
- chore: remove make fuzz and AFL fuzz by @jouho in #4808
- docs: update stateful resumption doc by @jouho in #4818
- Add ML-KEM Feature Probe and Test by @alexw91 in #4823
- ci: Add ubuntu24 with a new cmake buildspec by @dougch in #4824
- feature: bump cert authorities max size to 20kb by @lrstewart in #4832
- ci: add more libcryptos for fuzz batch & follow cmake idioms by @jouho in #4795
- chore: Adds print statements to help debug s2n_dynamic_load_test by @maddeleine in #4836
- Add initial support for MLKEM768 (without any new Security Policies) by @alexw91 in #4816
- ci: update ubuntu versions by @boquan-fang in #4828
- Update FIPS rules for ML-KEM by @alexw91 in #4829
- fix: some open AF_UNIX sockets in forked child processes by @boquan-fang in #4834
- ci: Re-enable asan and ubsan for fuzz tests by @jouho in #4840
- fix: fix s2n_io_pair_close_one_end by @boquan-fang in #4841
- chore: flip 2 GHAs to use short lived creds. by @dougch in #4839
- bindings: pin openssl crate to 0.10.66 by @camshaft in #4849
- fix: fix opened AF_UNIX sockets that didn't call s2n_io_pair_close by @boquan-fang in #4833
- Add new MLKEM TLS Policies by @alexw91 in #4830
- chore: remove unused compile definition by @jmayclin in #4815
- chore(GHA): Update duvet arguments by @dougch in #4850
- chore: Fix failing OIDC workflows; cleanup unused actions by @dougch in #4848
Full Changelog: v1.5.5...v1.5.6
Contributors
camshaft, alexw91, and 6 other contributors
Assets 2
Release: v1.5.5
What's Changed
- feat(bindings): add set receive buffering to the rust bindings by @zz85 in #4817
- feat: add s2n_cleanup_thread by @WesleyRosenblum in #4584
- chore: bindings release 0.3.4 by @jouho in #4819
- chore: bump awslc(non FIPS) to 1.36.0 by @dougch in #4821
Full Changelog: v1.5.4...v1.5.5
Contributors
zz85, jouho, and 2 other contributors
Assets 2
Release: v1.5.4
Weekly release for October 03 2024
What's Changed
- chore(bindings): pin unicode-width by @lrstewart in #4785
- fix: update ja4 compliance by @lrstewart in #4773
- docs: clarify pre-TLS1.2 support by @lrstewart in #4780
- chore: bindings release 0.3.3 by @jouho in #4791
- test: disallow explict use of "default" policy in tests by @toidiu in #4750
- Al2023 codebuild by @dougch in #4756
- ci: add buildspec file for scheduled fuzzing by @jouho in #4763
- fix: don't iterate over certs if not validating certs by @lrstewart in #4797
- fix(bindings): handle failures from wipe by @lrstewart in #4798
- ci: use temporary directory for s2n_head build by @lrstewart in #4771
- fix: pem parsing should allow single dashes in comments by @lrstewart in #4787
- refactor: clean up CMakelists.txt by @jmayclin in #4779
- test: only build requested unit tests in nix by @lrstewart in #4770
- docs: Update certificate loading documentation by @goatgoose in #4790
- ci: run clippy on all features by @lrstewart in #4809
- ci: use clang to build awslc by @dougch in #4794
- ci: check for s2n_array_len in loop bounds by @lrstewart in #4802
- Revert "test: disallow explict use of "default" policy in tests (#4750)" by @toidiu in #4812
- CI: Adding CTest memcheck to CodeBuild by @boquan-fang in #4776
- refactor(bindings): add general bindings error context by @lrstewart in #4811
- Update PQ code to be generic over EVP_KEM API's by @alexw91 in #4810
- feature(bindings): scheduled renegotiation via poll_recv by @lrstewart in #4764
- refactor: make s2n_array_len constant by @lrstewart in #4801
Full Changelog: v1.5.3...v1.5.4
Contributors
alexw91, goatgoose, and 6 other contributors
Assets 2
Release: v1.5.3
Weekly release for September 20 2024
What's Changed
- fix: add missing null-checks in s2n_connection.c by @jouho in #4754
- fix(bindings): unpin jobserver by @toidiu in #4758
- fix: update handling of ja4 alpn edge cases by @lrstewart in #4755
- CI: enable fuzz test build with cmake by @jouho in #4743
- ci: Emit CloudWatch metrics from rust benchmarks by @goatgoose in #4742
- chore(bindings): release 0.3.2 by @dougch in #4760
- test: avoid mutating static configs in tests by @toidiu in #4749
- ci: use newer version of libFuzzer by @jouho in #4762
- test: use seccomp on handshake test by @lrstewart in #4768
- test: refactor pcap test to use version from rtshark by @lrstewart in #4774
- docs(bindings): example for Policy::from_version by @jmayclin in #4731
- ci: refactor fuzz buildspec by @jouho in #4783
Full Changelog: v1.5.2...v1.5.3
Contributors
goatgoose, toidiu, and 4 other contributors
Assets 2
Release: v1.5.2
Weekly release for September 06 2024
What's Changed
- fix(bindings): ConfigPool should always yield associated connections by @jmayclin in #4708
- Adding a harness for session resumption in regression test by @kaukabrizvi in #4706
- chore(bindings): release 0.3.1 by @dougch in #4719
- docs: Add a supported platforms section by @dougch in #4695
- Reorder PR and Mainline in Regression Test Runner by @kaukabrizvi in #4720
- chore: bump versions of aws-lc and aws-lc-fips by @dougch in #4716
- fix: correct JA4 alpn parsing by @lrstewart in #4721
- tests: add JA4 pcap tests by @lrstewart in #4714
- refactor: minor fixes for common fingerprint code by @lrstewart in #4712
- fix: resolve UBSAN violations in the codebase by @boquan-fang in #4722
- chore: cleanup old docker dev build by @dougch in #4729
- ci: add separate license check by @jmayclin in #4727
- fix(ci): update CBMC proofs' Makefile.common by @tautschnig in #4703
- fix: Cleanup libcrypto errors by @goatgoose in #4733
- chore(integrationv2): add license header by @jmayclin in #4732
- ci: Add UBSAN test to the sanitizer by @boquan-fang in #4740
- tests(pcaps): download additional pcaps by @lrstewart in #4728
- docs: add test readme by @jmayclin in #4718
- Update to CBMC 6.2.0 by @rod-chapman in #4746
- ci:Al2023 CodeBuild script by @dougch in #4737
- refactor: make s2n_stuffer_read_hex match s2n_stuffer_read by @lrstewart in #4726
- refactor: move s2n_result functions inline by @camshaft in #4739
- tests(pcap): fix support for older tshark versions by @lrstewart in #4744
- Replace memcmp to s2n_constant_time_equals by @boquan-fang in #4709
Full Changelog: v1.5.1...v1.5.2
Contributors
camshaft, tautschnig, and 7 other contributors
Assets 2
Release: v1.5.1
Weekly release for August 20 2024
What's Changed
- docs: add pq to usage guide by @lrstewart in #4677
- chore: remove unused benchmarks by @jmayclin in #4696
- Modify regression threshold to configurable percentage by @kaukabrizvi in #4698
- New s2n core member by @boquan-fang in #4707
- Add s2n_signature_preferences_20240521 by @raycoll in #4565
- fix: Initial config influences client hello parsing by @maddeleine in #4676
- ci(nix): Startup/configure apache for renegotiate test under nix by @dougch in #4592
- fix: building for AL2 by @lucykorea414 in #4679
- Clarify s2nc/s2nd PQ output by @lrstewart in #4702
- feat: JA4 fingerprinting by @lrstewart in #4669
- Add performance regression tests in CI by @kaukabrizvi in #4701
New Contributors
- @boquan-fang made their first contribution in #4707
- @lucykorea414 made their first contribution in #4679
Full Changelog: v1.5.0...v1.5.1
Contributors
raycoll, lrstewart, and 6 other contributors
Assets 2
Release: v1.5.0
Weekly release for August 9 2024
Note: The minor version has been bumped in this release due to a commit that makes a backwards-incompatible change to the session resumption ticket schema.
What's Changed
- refactor: move stuffer hex methods out of testlib by @lrstewart in #4653
- fix: pin tokio-macros version by @lrstewart in #4658
- Refactor some s2n_resume functions by @maddeleine in #4648
- fix: allow for clock skew in resumption by @jmayclin in #4650
- fix: new clippy lints by @jmayclin in #4666
- ci(nix): Setup a head build for the cross_compatibility integ test by @dougch in #4567
- Set up regression benchmark for scalar performance by @kaukabrizvi in #4649
- refactor: clean up other hex methods by @lrstewart in #4664
- fix: add missing corpus files for s2n_deserialize_resumption_state_test by @jouho in #4672
- fix: default s2nc should accept default s2nd cert by @lrstewart in #4670
- ci: move fuzz corpus to S3 by @jouho in #4665
- feat(bindings): add renegotiate to the rust bindings by @lrstewart in #4668
- fix: SSLv3 handshake with openssl-1.0.2-fips fails by @jouho in #4644
- refactor: switch JA3 to use stuffer hex methods by @lrstewart in #4662
- feat(bindings): Add hyper compatibility crate by @goatgoose in #4617
- chore(bindings): release 0.2.10 by @WesleyRosenblum in #4683
- fix: don't fail for 0 blinding delay by @lrstewart in #4671
- test(cbmc): add stuffer hex proofs by @lrstewart in #4659
- Adopt CBMC 6.1 and cbmc-viewer 3.9 by @rod-chapman in #4661
- fix: zip corpus files before uploading to s3 by @jouho in #4685
- docs: update blinding docs by @lrstewart in #4686
- fix(bindings): enforce waker contract on
polloperations by @camshaft in #4688 - chore: Bump rust bindings to 0.2.11 by @maddeleine in #4690
- feat: Changes ticket encryption scheme to be nonce-reuse resistant by @maddeleine in #4663
- ci: store fuzz artifacts in s3 by @jouho in #4678
- chore: document OpenSSL-FIPS restriction on RSA key size by @jouho in #4654
- Enabling differential performance benchmarking by @kaukabrizvi in #4667
- fix(ci): partially revert checking out head from current clone. by @dougch in #4693
- fix: upload fuzz output to s3 when test fails by @jouho in #4694
- chore: Rust bindings bump v0.3.0 by @maddeleine in #4697
New Contributors
- @kaukabrizvi made their first contribution in #4649
Full Changelog: v1.4.18...v1.5.0
Contributors
camshaft, goatgoose, and 8 other contributors