SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for libs2n0unstable-debuginfo-1.5.11-1.1.x86_64.rpm :

* Mon Feb 03 2025 John Paul Adrian Glaubitz - Update to version 1.5.11
* fix: add build specs to copyright check (#5025)
* chore: run more checks on pushes to main (#4963)
* feature: remove openssl-1.0.2-fips fips mode support (#5030)
* tests: make integV2 locally runnable (#5029)
* chore: improve the dashboard comment query (#5016)
* refactor(bin): remove references to FIPS_mode_set (#5026)
* ci: improve output of validate_start_codebuild_script (#5031)
* chore: remove unused test utils (#5005)
* ci: keep start_codebuild.sh up-to-date (#5023)
* ci: commit integrationv2 small batch spec (#5020)
* fix(bindings/bench): Prevent IO from going out of scope (#5007)
* chore: remove unused imports (#5017)
* fix: don\'t prefix empty string when interning (#5015)
* Migrate PQ Python code to TLS 1.3 (#4999)
* ci: config logging for integration tests (#4751)
* ci: add script to help launch stuck codebuild jobs (#5004)
* chore(s2n-tls-hyper): Publish s2n-tls-hyper (#5000)
* chore: add new team member (#5006)
* Migrate PQ Rust code to TLS 1.3 (#4998)
* ci: remove S2N_TEST_IN_FIPS_MODE (#4994)
* ci: remove openssl-1.0.2-fips builds (#4995)
* ci: correctly read environment variable from CodeBuild configuration for scheduled fuzz test (#4990)
* fix: add coverage for all ticket formats (#4997)
* ci: fix regression test paths (#4996)
* ci: run fuzz tests in parallel and generate coverage report (#4960)
* chore: move hyper to a newer MSRV (#4983)
* chore: remove toidiu from teams.yml (#4985)
* feat(s2n-tls-hyper): Allow plain HTTP connections (#4978)
* chore(binding): release 0.3.9 (#4982)
* refactor(bindings/bench): make harness own IO (#4847)
* refactor(s2n-tls-hyper): Add HttpsConnector builder (#4976)
* Tue Jan 07 2025 John Paul Adrian Glaubitz - Update to version 1.5.10
* refactor(bench): remove historical benchmarks (#4940)
* fix: pem parsing detection of last cert errors (#4908)
* docs: specify s2n_blob growable conditions (#4943)
* chore(bindings): move tokio examples to dedicated folder (#4954)
* chore: fix GHA for merge-queue (#4973)
* chore(binding): release 0.3.8 (#4969)
* (chore): Installs Nix in AL2023 Buildspec (#4934)
* build(deps): bump the all-gha-updates group in /.github/workflows with 5 updates (#4961)
* feat(s2n-tls-hyper): Add support for negotiating HTTP/2 (#4924)
* tests: allow TLS1.2 with RSA-PSS certs in integ tests (#4949)
* ci: update CRT test ubuntu version to ubuntu24 (#4964)
* feat(bindings): enable application owned certs (#4937)
* ci: batch dependabot updates (#4959)
* ci(refactor): deprecate Omnibus (#4953)
* build(deps): bump actions/cache from 2.1.4 to 4.1.2 in /.github/workflows (#4928)
* build(deps): bump peaceiris/actions-gh-pages from 3 to 4 in /.github/workflows (#4921)
* build(deps): bump cross-platform-actions/action from 0.23.0 to 0.26.0 in /.github/workflows (#4951)
* build(deps): bump github/codeql-action from 2 to 3 in /.github/workflows (#4917)
* ci: add change directory to third-party-src logic (#4950)
* feat: TLS1.2 support for RSA-PSS certificates (#4927)
* feat: feature probe S2N_LIBCRYPTO_SUPPORTS_ENGINE (#4878)
* test(bindings): run unit tests under asan (#4948)
* ci(refactor): remove ASAN from Omnibus and GeneralBatch (#4946)
* ci(refactor): remove fuzz tests from Omnibus (#4945)
* refactor: add a s2n_libcrypto_is_openssl() helper function (#4930)
* fix(s2n-tls-hyper): Add proper IPv6 address formatting (#4938)
* ci: add openssl-1.0.2-fips to fuzz test (#4942)
* ci(refactor): remove Valgrind checks from omnibus and generalBatch (#4913)
* fix(bindings): address clippy issues from 1.83 (#4941)
* test: pin tests to explicit TLS 1.2/TLS 1.3 policy (#4926)
* (chore): Fixes team-label github action (#4935)
* chore: add new team member (#4939)
* upgrade cmake version to 3.9 (#4933)
* ci: add awslc-fips and openssl-1.0.2-fips to valgrind (#4912)
* chore(bindings): feature gate network testsa and relax http status assertions (#4907)
* chore: Ocsp timeout adjustment (#4866)
* build(deps): bump aws-actions/configure-aws-credentials from 4.0.1 to 4.0.2 in /.github/workflows (#4892)
* test: expand s2n_record_read testing to both TLS1.3 and TLS1.2 (#4903)
* test: pin optional client auth test to a TLS 1.2 policy (#4914)
* feat: add alert mappings for certificate errors (#4919)
* doc: document generating bindings with prebuilt libs2n (#4872)
* ci: Move kTLS test out of GeneralBatch (#4904)
* build(deps): bump actions/checkout from 3 to 4 in /.github/workflows (#4888)
* test(s2n-tls-hyper): matching on s2n-tls error (#4906)
* build(deps): bump nixbuild/nix-quick-install-action from 21 to 29 in /.github/workflows (#4890)
* build(deps): bump JulienKode/team-labeler-action from 0.1.1 to 1.3 in /.github/workflows (#4889)
* tests: pin tests to a numbered TLS1.2 policy (#4905)
* test: remove load system certs functionality for s2n_default_tls13_config (#4897)
* doc: add information about s2n-tls software architecture (#4868)
* ci: grant dependabot status update permissions (#4898)
* ci: fixes for cargo audit (#4895)
* test(s2n-tls-hyper): Add localhost http tests (#4838)
* test: add rust well-known-endpoint tests (#4884)
* chore: bindings release 0.3.7 (#4894)
* chore: add a cargo audit action (#4862)
* ci: add open fds valgrind check (#4851)
* Thu Nov 21 2024 John Paul Adrian Glaubitz - Update to version 1.5.9
* feat: Reworking cleanup behavior (#4871)
* chore: broaden use of flaky mark (#4865)
* chore: configure dependabot (#4861)- from version 1.5.8
* fix: fix open AF_INET sockets in s2n_self_talk_ktls_test.c (#4852)
* chore: update github PR template (#4885)
* feat: add new security policy `20241106` (#4874)
* chore: remove unused benchmarks (#4869)
* ci: Clean dup source tree for CRT (#4882)
* ci: remove www.mozilla.com from well-known to unblock CI (#4880)
* fix: move prelude inclusion as PRIVATE (#4876)
* build: add s2n_prelude.h to consolidate defines (#4465)
* chore: bindings release 0.3.6 (#4867)
* doc: fix incorrect README references (#4863)
* fix: typo in comment of s2n_self_talk_tls13_test (#4864)
* Mon Nov 04 2024 John Paul Adrian Glaubitz - Update to version 1.5.7
* fix: close all /dev/urandom open fds (#4835)
* docs: update fips documentation to specify supported libcrypto (#4857)
* fix(bindings): correct poll_flush implementation (#4859)
* feat: Adds cleanup_final (#4853)
* test(bindings): Consolidate test pems (#4858)
* chore: bindings release 0.3.5 (#4860)
* chore: grant duvet action more permissions (#4854)
* (feat): Adds certificate match metrics API (#4844)
* Thu Oct 24 2024 John Paul Adrian Glaubitz - Update to version 1.5.6
* chore: Fix failing OIDC workflows; cleanup unused actions (#4848)
* chore(GHA): Update duvet arguments (#4850)
* chore: remove unused compile definition (#4815)
* Add new MLKEM TLS Policies (#4830)
* fix: fix opened AF_UNIX sockets that didn\'t call s2n_io_pair_close (#4833)
* bindings: pin openssl crate to 0.10.66 (#4849)
* chore: flip 2 GHAs to use short lived creds. (#4839)
* fix: fix s2n_io_pair_close_one_end (#4841)
* ci: Re-enable asan and ubsan for fuzz tests (#4840)
* fix: some open AF_UNIX sockets in forked child processes (#4834)
* Update FIPS rules for ML-KEM (#4829)
* ci: update ubuntu versions (#4828)
* Add initial support for MLKEM768 (without any new Security Policies) (#4816)
* chore: Adds print statements to help debug s2n_dynamic_load_test (#4836)
* ci: add more libcryptos for fuzz batch & follow cmake idioms (#4795)
* feature: bump cert authorities max size to 20kb (#4832)
* ci: Add ubuntu24 with a new cmake buildspec (#4824)
* Add ML-KEM Feature Probe and Test (#4823)
* docs: update stateful resumption doc (#4818)
* chore: remove make fuzz and AFL fuzz (#4808)- from version 1.5.5
* chore: bump awslc(non FIPS) to 1.36.0 (#4821)
* chore: bindings release 0.3.4 (#4819)
* feat: add s2n_cleanup_thread (#4584)
* feat(bindings): add set receive buffering to the rust bindings (#4817)- from version 1.5.4
* refactor: make s2n_array_len constant (#4801)
* feature(bindings): scheduled renegotiation via poll_recv (#4764)
* Update PQ code to be generic over EVP_KEM API\'s (#4810)
* refactor(bindings): add general bindings error context (#4811)
* ci: adding CTest memcheck to CodeBuild (#4776)
* Revert \"test: disallow explict use of \"default\" policy in tests (#4750)\" (#4812)
* ci: check for s2n_array_len in loop bounds (#4802)
* ci: use clang to build awslc (#4794)
* ci: run clippy on all features (#4809)
* docs: Update certificate loading documentation (#4790)
* test: only build requested unit tests in nix (#4770)
* refactor: clean up CMakelists.txt (#4779)
* fix: pem parsing should allow single dashes in comments (#4787)
* ci: use temporary directory for s2n_head build (#4771)
* fix(bindings): handle failures from wipe (#4798)
* fix: don\'t iterate over certs if not validating certs (#4797)
* ci: add buildspec file for scheduled fuzzing (#4763)
* Al2023 codebuild (#4756)
* test: disallow explict use of \"default\" policy in tests (#4750)
* chore: bindings release 0.3.3 (#4791)
* docs: clarify pre-TLS1.2 support (#4780)
* fix: update ja4 compliance (#4773)
* chore(bindings): pin unicode-width (#4785)- from version 1.5.3
* ci: refactor fuzz buildspec (#4783)
* docs(bindings): example for Policy::from_version (#4731)
* test: refactor pcap test to use version from rtshark (#4774)
* test: use seccomp on handshake test (#4768)
* ci: use newer version of libFuzzer (#4762)
* test: avoid mutating static configs in tests (#4749)
* chore(bindings): release 0.3.2 (#4760)
* ci: Emit CloudWatch metrics from rust benchmarks (#4742)
* CI: enable fuzz test build with cmake (#4743)
* fix: update handling of ja4 alpn edge cases (#4755)
* fix(bindings): update cc and unpin jobserver (#4758)
* fix: add missing null-checks in s2n_connection.c (#4754)- from version 1.5.2
* refactor: replace memcmp to s2n_constant_time_equals (#4709)
* tests(pcap): fix support for older tshark versions (#4744)
* refactor: move s2n_result functions inline (#4739)
* refactor: make s2n_stuffer_read_hex match s2n_stuffer_read (#4726)
* ci:Al2023 CodeBuild script (#4737)
* Update to CBMC 6.2.0 (#4746)
* docs: add test readme (#4718)
* tests(pcaps): download additional pcaps (#4728)
* ci: Add UBSAN test to the sanitizer (#4740)
* chore(integrationv2): add license header (#4732)
* fix: Cleanup libcrypto errors (#4733)
* fix(ci): update CBMC proofs\' Makefile.common (#4703)
* ci: add separate license check (#4727)
* chore: cleanup old docker dev build (#4729)
* fix: resolve UBSAN violations in the codebase (#4722)
* refactor: minor fixes for common fingerprint code (#4712)
* tests: add JA4 pcap tests (#4714)
* fix: correct JA4 alpn parsing (#4721)
* chore: bump versions of aws-lc and aws-lc-fips (#4716)
* fix: Reorder PR and Mainline in Regression Test Runner (#4720)
* docs: Add a supported platforms section (#4695)
* chore(bindings): release 0.3.1 (#4719)
* test: add a harness for session resumption in regression test (#4706)
* fix(bindings): ConfigPool should always yield associated connections (#4708)
* Mon Aug 26 2024 John Paul Adrian Glaubitz - Update to version 1.5.1
* Add performance regression tests in CI (#4701)
* feat: JA4 fingerprinting (#4669)
* Clarify s2nc/s2nd PQ output (#4702)
* fix: building for AL2 (#4679)
* ci(nix): Startup/configure apache for renegotiate test under nix (#4592)
* fix: Initial config influences client hello parsing (#4676)
* Add s2n_signature_preferences_20240521 (#4565)
* New s2n core member (#4707)
* Modify regression threshold to configurable percentage (#4698)
* chore: remove unused benchmarks (#4696)
* docs: add pq to usage guide (#4677)- from version 1.5.0
* chore: Rust bindings bump v0.3.0 (#4697)
* Merge commit from fork
* fix: upload fuzz output to s3 when test fails (#4694)
* fix(ci): partially revert checking out head from current clone. (#4693)
* Enabling differential performance benchmarking (#4667)
* chore: document OpenSSL-FIPS restriction on RSA key size (#4654)
* ci: store fuzz artifacts in s3 (#4678)
* feat: Changes ticket encryption scheme to be nonce-reuse resistant (#4663)
* chore: Bump rust bindings to 0.2.11 (#4690)
* fix(bindings): enforce waker contract on `poll` operations (#4688)
* docs: update blinding docs (#4686)
* fix: zip corpus files before uploading to s3 (#4685)
* Adopt CBMC 6.1 and cbmc-viewer 3.9 (#4661)
* test(cbmc): add stuffer hex proofs (#4659)
* fix: don\'t fail for 0 blinding delay (#4671)
* chore(bindings): release 0.2.10 (#4683)
* feat(bindings): Add hyper compatibility crate (#4617)
* refactor: switch JA3 to use stuffer hex methods (#4662)
* fix: SSLv3 handshake with openssl-1.0.2-fips fails (#4644)
* feat(bindings): add renegotiate to the rust bindings (#4668)
* ci: move fuzz corpus to S3 (#4665)
* fix: default s2nc should accept default s2nd cert (#4670)
* fix: add missing corpus files for s2n_deserialize_resumption_state_test (#4672)
* refactor: clean up other hex methods (#4664)
* Set up regression benchmark for scalar performance (#4649)
* ci(nix): Setup a head build for the cross_compatibility integ test (#4567)
* fix: new clippy lints (#4666)
* fix: allow for clock skew in resumption (#4650)
* fix: Refactor some s2n_resume functions (#4648)
* fix: pin tokio-macros version (#4658)
* refactor: move stuffer hex methods out of testlib (#4653)
* Fri Jul 26 2024 John Paul Adrian Glaubitz - Update to version 1.14.18
* chore: Bump Rust bindings v1.4.18 (#4656)
* fix: Removing new usage of memcmp (#4657)
* Merge commit from fork
* Update s2n_connection_get_kem_group_name() to work with ClientHelloRetries (#4652)
* fix: avoid cert validation on connection_set_config (#4612)
* ci: add merge_group event to GHA workflow. (#4646)
* feat: Add API to gate session tickets to TLS1.3 only (#4645)
* feature: reusable fingerprinting interface (#4628)
* refactor(bindings/s2n-tls): finish test harness refactor (#4636)
* test(pcap): handle pcaps with tcp fragmentation (#4643)
* Refactor: change is_available return type to bool in s2n_cipher struct (#4630)
* Refactor: change init and destroy_key return type to S2N_RESULT in s2n_cipher struct (#4639)
* Refactor: change set/get_decryption_key return type to S2N_RESULT in s2n_cipher struct (#4638)
* chore: document why SHA1 is the only supported hash algorithm for cert_id generation in OCSP response (#4625)
* ci(nix): Add tshark to nix devshell (#4571)
* refactor: use feature probe for AEAD gate logic instead of AWS-LC/BoringSSL macros (#4642)
* api(bindings/s2n-tls)!: remove public testing feature (#4623)
* chore(bindings): release 0.2.8 (#4635)
* feat(bindings/s2n-tls): add client_hello_version (#4609)
* fix: remove S2N_NO_PQ option (#4622)
* chore: fix CBMC proof summary count (#4627)
* refactor: separate out ja3 specific logic (#4578)
* Tue Jul 09 2024 John Paul Adrian Glaubitz - Update to version 1.4.17
* bug: Fixing bash error (#4624)
* chore: make cbmc proof build more strict by adding -Werror flag (#4606)
* Perform 2-RTT Handshake to upgrade to PQ when possible (#4526)
* test(bindings/s2n-tls): refactor testing::s2n-tls tests (#4613)
* docs: add timeout note to blinding delay docs (#4621)
* docs: Add back suggested FIPS + TLS1.3 policy (#4605)
* ci: shallow clone musl repo (#4611)
* example(bindings): add async ConfigResolver (#4477)
* chore: use CBMC version 5.95.1 (#4586)
* s2n-tls rust binding: expose selected application protocol (#4599)
* test: add pcap testing crate (#4604)
* testing(bindings): add new test helper (#4596)
* chore(bindings): fix shebang in generate.sh (#4603)
* fix(s2n_session_ticket_test): correct clock mocking (#4602)
* Fix: update default cert chain for unit tests (#4582)
* refactor(binding): more accurate naming for const str helper (#4601)
* fix: error rather than empty cipher suites (#4597)
* chore: update s2n_stuffer_printf CBMC harness (#4531)
* ci(nix): Fix integ pq test in a devShell (#4576)
* feature: new compatibility-focused security policy preferring ECDSA (#4579)
* compliance: update generate_report.sh to point to compliance directory (#4588)
* ci: fix cppcheck errors (#4589)
* chore: cleanup duplicate duvet citations (#4587)
* Tue Jun 11 2024 John Paul Adrian Glaubitz - Update to version 1.4.16
* Merge pull request from GHSA-52xf-5p2m-9wrv
* chore(bindings): release 0.2.7 (#4580)
* fix: Validate received signature algorithm in EVP verify (#4574)
* refactor: add try_compile feature probe for RSA-PSS signing (#4569)
* feat: Configurable blinding (#4562)
* docs: document s2n_cert_auth_type behavior (#4454)
* fix: init implicit iv for serialization feature (#4572)
* [Nix] adjust pytest retrys (#4558)
* fix: cert verify test fix (#4545)
* fix: update default security policies (#4523)
* feat(bindings): Associate an application context with a Connection (#4563)
* chore(bindings): version bump (#4566)
* Additional test cases for s2n_constant_time_equals() (#4559)
* test: backwards compatibility test for the serialization feature (#4548)
* chore(bench): upgrade rustls (#4554)
* Tue Jun 04 2024 John Paul Adrian Glaubitz - Update to version 1.4.15
* bug(nix:corretto): use autoPatchelfHook on all systems and ignore als… (#4561)
* feat(bindings): Add API to check for resumption (#4552)
* fix: Send zero-length NST when session key is expired (#4532)
* feat: add key preferences to rfc9151 policy (#4540)
* chore: bindings release 0.2.5 (#4551)
* refactor: Avoid unnecessary s2n_hmac calls in s2n_record_write (#4539)
* feat: Modify s2nd/c to do serialization/deserialization (#4533)
* Mon May 13 2024 John Paul Adrian Glaubitz - Update to version 1.4.14
* fix: Increase received signature scheme limit (#4544)
* fix: Fix a bug in tls1.3 code path (#4513)
* ci: grep for S2N_RESULT_ERR without setting s2n_errno (#4534)
* style(bindings): fix new clippy lints (#4536)
* bin: tool to print security policies (#4524)
* feat[bindings]: fips feature flag (#4527)
* feat: set certificate_authorities from trust store (#4509)
* Wed May 08 2024 John Paul Adrian Glaubitz - Update to version 1.4.13
* chore(bindings): release 0.2.4 (#4530)
* nix gdb/lldb utils (#4460)
* binding: Add s2n_connection_get_session on the Connection (#4522)
* chore: update s2n-core team (#4520)
* fix: Python integ tests are flaky on arm (#4512)
* ci: Nix libcrypto helpers (#4422)
* ci: Remove actions-rs (#4514)
* chore(bindings): Pin `zeroize` to avoid MSRV increase (#4519)
* feat: add missing numbered security policies (#4511)
* docs(bindings): fix client hello doc tests (#4495)
* docs: add more warnings about security policy defaults (#4507)
* feat: add basic support for certificate_authorities (#4506)
* fix: Fix redundant code (#4504)
* chore: Rust bindings bump v1.4.12 (#4505)
* fix(sidetrail): Invalid stream cipher struct in proof wrapper (#4484)
* refactor: rename error + extension iana for consistency (#4503)- from version 1.4.12
* feat: Serialization Rust APIs (#4493)
* refactor: combine TLS1.2 and TLS1.3 sig scheme representations (#4498)
* feat: Release C APIs for serialization (#4501)
* fix: Wipe conn->in on all record parse failures (#4499)
* Mon Apr 15 2024 John Paul Adrian Glaubitz - Update to version 1.4.11
* chore(bindings): release 0.2.2 (#4497)
* feat(binding): add key update request api (#4469)
* tests: Serialization feature with post-handshake features (#4489)
* fix: add missing TLS1.3 p521 sig schemes (#4496)
* fix: correct broken early data test (#4494)
* fix: better errors for all client auth failures (#4492)- from version 1.4.10
* feat: add s2n_peek_buffered (#4490)
* feat: reduce read syscalls to improve performance (#4485)
* feat: connection serialization (#4468)
* chore(bindings): release 0.2.1 (#4486)
* fix(bindings): print cargo commands to stdout (#4482)
* Thu Apr 04 2024 John Paul Adrian Glaubitz - Update to version 1.4.9
* New TLS1.2-only variant of 20230317 policy (#4483)
* ci: add asan runs under gcc (#4402)
* fix: Adds non_exhaustive flag to FingerprintType
* fix: refactor rust bindings fingerprint methods (#4474)
* example(bindings): client hello cb example (#4385)
* feat: getter for TLS1.2 master secrets (#4470)
* bindings: ensure CFLAGS includes come after build script includes (#4475)
* bindings: mark Connection as Sync (#4467)
* Make S2N_CERT_AUTH_OPTIONAL the default for clients (#4390)
* fix(test): narrow valgrind suppressions (#4369)
* fix: pedantic memory leak in handshake test (#4463)
* chore(bindings): release 0.1.7 (#4462)
* Fri Mar 22 2024 John Paul Adrian Glaubitz - Update to version 1.4.8
* feat: Add additional EC key validation for FIPS (#4452)
* refactor: UBSAN build and address out of bound reads (#4440)
* Add s2n_stuffer_shift (#4458)
* style: fix declarations without initial value (#4404)
* feat: Add FIPS mode getter API (#4450)
* remove unnecessary includes (#4451)
* refactor: clang-tidy null deref and undefined mod (#4436)
* refactor: make memmove vs memcpy behavior clearer (#4447)
* fix(bindings): Apply with_system_certs to Config builder (#4456)- from version 1.4.7
* api: add key update request functionality (#4453)
* style: manual initial value fix (#4449)- from version 1.4.6
* docs: Specify the return value of S2N_FAILURE for IO APIs (#4446)
* refactor: enforce stuffer return check (#4399)
* refactor: fix unread variable warnings (#4405)
* fix: Unsets global libcrypto rand (#4424)
* Relax HRR consistency requirements for second client hello (#4429)
* fix: prevent enabling ktls with a buffered record header fragment (#4426)
* feat: add cert key preferences (#4434)
* chore: bindings bump 0.1.6 (#4437)
* test: add cert chain with mixed key sizes (#4433)
* feat: apply cert signature preferences locally (#4407)
* docs: Extend license check to .rs files (#4428)
* fix(test): fix dangling pointers in cert verify test (#4430)
* Add Rust bindings for certificate chains (#4398)- from version 1.4.5
* fix: parse fragmented sslv2 client hellos (#4425)
* chore(ci): Give OpenBSD CI job a performance boost (#4427)
* fix: s2n_shutdown should handle partial records (#4421)
* feat: Server name getter for client hello (#4396)
* refactor: zero static s2n_configs on cleanup (#4416)
* Removed unused dependencies (#4417)
* chore(bindings): release 0.1.5 (#4420)
* chore(bindings): release 0.1.4 (#4418)
* bindings: use aws-lc-rs instead of aws-lc-sys (#4415)
* Wed Feb 21 2024 John Paul Adrian Glaubitz - Update to version 1.4.4
* allows cmake to force crypto linkage (#4383)
* refactor: consolidate record wiping (#4412)
* build: make CMake test flags more consistent with make (#4392)
* style(bindings): address new clippy lint (#4411)
* refactor: generalize cert sig preference handling (#4379)
* feat: More client hello getters (#4380)
* fix: only initialize default tls 1.3 config in tests (#4302)
* Check fd status before using urandom (#4352)
* utils: add map iteration iterator (#4377)
* chore(bindings): release (#4388)
* chore(bindings): bump aws-lc-sys (#4393)
* s2n-tls-tokio: use s2n_shutdown_send instead of s2n_shutdown (#4374)
* enforce result checking for blob and mem (#4389)
* Wed Feb 07 2024 John Paul Adrian Glaubitz - Update to version 1.4.3
* ci: Disable broken rust dry-runs (#4384)
* Fix SSLv3 detection with AWS-LC (#4361)
* More specific error for unexpected cert request (#4381)
* test: Adds SSLv3 integ test (#4372)
* chore: add valgrind to nix develop (#4365)
* test: additional test certs (#4378)
* chore: bindings release 0.1.2 (#4376)
* test: add additional test certs (#4353)
* feature: Use S2N_FAST_INTEG_TESTS to run pytest in parallel under nix (#4368)
* refactor: ossl x509 parsing (#4351)
* Fri Jan 26 2024 John Paul Adrian Glaubitz - Update to version 1.4.2
* docs(bench): update docs to reflect aws-lc default (#4336)
* Fix initialization errors in unit tests (#4370)
* bindings: fix handling of s2n_shutdown errors (#4358)
* Fix s2n_shutdown + failed recv bug (#4350)
* Add new PQ TLS Policies (#4327)
* ktls: add method to track key updates (#4364)
* Move client hello parsing out of unstable (#4359)
* bindings: clean up blinding tests (#4356)
* ci: cmake asan buildspec (#4048)
* fix: stack-use-after-scope variable ordering (#4355)
* fix(bindings): remove optional cmake dependency (#4347)
* ktls: improve messaging around freed handshakes (#4346)
* bug: Fixes mdbook action (#4345)
* feat: Publishes mdbook to Github Pages (#4343)
* Add PQ integration tests between s2n and AWS-LC\'s libssl (#4267)
* chore: bindings release 0.1.1 (#4341)
* (feat): Adds API to allow s2n-quic to check for resumption (#4335)
* bindings: ensure CFLAGS includes come after libcrypto includes (#4338)
* Add FIPS security rule (#4315)
* Wed Jan 03 2024 John Paul Adrian Glaubitz - Update to version 1.4.1
* bindings: match tcp EOF behavior (#4323)
* (docs): Reordered and moved usage guide into an mdbook (#4300)
* ktls: add method to enable TLS1.3 (#4331)
* ci: fix flaky interning test (#4334)
* Add CBMC proof for s2n_stuffer_printf (#4309)
* docs: remove gitter references (#4332)
* ktls: handle TLS1.3 key limits (#4318)
* ci: pin home crate to fix rust build (#4330)
* ci: switch autopep8 action (#4322)
* ci: ignore cbmc prereleases (#4328)
* ci: switch FreeBSD back to vmactions (#4326)
* ktls: add TLS1.3 support (#4314)
* ci: fix pep8 linting (#4319)
* cleanup: add getter for sequence number (#4317)
* Mark inline asm output as earlyclobber (#4310)
* bindings: release rust bindings 0.1.0 (#4313)
* ci: add workflow for rust bench crate (#4210)
* Enforce security rules on security policies (#4311)
* documentation: fix security policy table (#4304)- from version 1.4.0
* Add basic \"security rules\" (#4298)
* Update CloudFront\'s upstream ECC Preference list (#4301)
* Bump AWS-LC version to v1.17.4 (#4303)
* Clean up selecting a signature algorithm (#4285)
* Remove s2n\'s internal Kyber512 implementation, and rely on AWS-LC for Kyber support (#4283)
* feat: Adds ConnectionInitializer to Rust bindings (#4250)
* Remove NULLs in s2n_kex (#4293)
* feat(bindings): use aws-lc-sys instead of openssl-sys (#4290)
* fix: probe for all AES_GCM variants (#4295)
* ci: add mainline coverage job (#4288)
* bench: increase cert chain length (#4287)
* fix(bindings): enable session tickets after setting callback (#4292)
* fix(bindings): pin jobserver in more places and run cargo publish --dry-run in generate.sh (#4255)
* bindings(rust): make callbacks Send + Sync (#4289)
* Add API to retrieve the supported groups for a security policy (#4273)
* test: Bump cross-platform actions to pull in fix for flaky BSD (#4278)
* test: remove blinding from unit tests (#4281)
* ci: update integ dependencies (#4261)
* ci: add additional p-384 test coverage (#4275)
* Detect KEM support at runtime (#4101)
* Bumped version to 0.41.0 (#4276)
* Change pkey parse methods to return s2n_result (#4271)
* Fixes failing FreeBSD build in CI (#4272)- from version 1.3.56
* ci: Minor cppcheck speedup (#4268)
* fix: update permissions to allow dashboard to write to gh-pages. (#4228)
* Clean up receiving peer sig alg (#4259)
* Switch from vmactions to cross-platform-actions (#4266)
* Update get_client_cert_chain API documentation (#4260)
* Always apply the PARTIAL_CHAIN flag (#4258)
* Allow TLS 1.2 servers to report client versions from the supported versions extension (#4249)
* Clean up sending supported sig algs (#4254)
* refactor(bench): remove non-generic connection logic (#4236)
* docs: remove extra security policy item (#4248)
* bindings: release 0.0.40 (#4251)- from version 1.3.55
* Add new PQ TLS 1.3 policies (#4247)
* Switch sig schemes from copies to references (#4237)
* feat: Turns off automatic ticket creation for quic (#4239)
* chore: pin dependency to fix rust MSRV issues (#4243)
* feat: Processes post-handshake messages for quic (#4218)
* bindings: release 0.0.39 (#4235)
* Run clang-format (#4238)- from version 1.3.54
* Merge pull request from GHSA-97r4-p6c4-5gv3
* ktls: support aes256 (#4227)
* ktls: forbid renegotiation (#4229)
* ci: add ktls + asan build (#4213)
* Add support for exporting symmetric keys from connections (#4230)- from version 1.3.53
* ktls: make usable outside of tests (#4232)
* overwrite the random state key only if initialized (#4225)
* ci: Authorize requests to GitHub API (#4223)- from version 1.3.52
* ktls: release APIs as unstable (#4217)
* Add API to retrieve parsed supported groups (#4216)
* docs: generate citations meta data and add CI check (#4205)
* feat: add s2n_strerror_source API (#4209)
* feat: send psk_ke_modes ext in first flight (#4177)
* ktls: clean up enable (#4212)
* Generalize io handling + add ktls EINTR handling (#4203)
* ktls: fix flaky test (#4214)
* docs: add rfc citations (#4202)
* build: use feature probes for CLOEXEC (#4206)
* Add asan support to cmake/nix (#4194)
* ktls: receive app data (#4201)
* docs: add citations for alert behavior (#4198)
* bindings: release 0.0.38 (#4196)
* ktls: recv alerts (#4199)
* Reduce allocs in ktls app data send (#4181)
* ktls: self-talk tests for send (#4189)
* ci: run duvet when commits are merged into main branch (#4197)
* ci: Upgrade asan to catch use after scope (#4192)
* ktls: add sendfile (#4186)
* Add test with ktls enabled to s2nGeneralBatch (#4190)
* Thu Sep 14 2023 John Paul Adrian Glaubitz - Update to version 1.3.51
* Add API to disable certificate validity period validation (#4183)
* Commit buildspec for s2nGeneralBatch (#4188)
* ktls: Send alerts (#4185)
* Add AL2 test with system libcrypto (#4179)
* ci: buildspec for qemu ktls test (#4175)
* Add testlib to track memory allocations (#4180)
* ktls: Send app data (#4174)
* Small sendv doc fix (#4178)
* api: Add S2N_EXTENSION_SUPPORTED_VERSIONS as s2n_tls_extension_type (#4160)
* feat(benchmarks): Add session resumption support (#4173)
* bindings: Release 0.0.37 (#4172)
* Fri Sep 01 2023 John Paul Adrian Glaubitz - Update to version 1.3.50
* Publish cert validation callback APIs and add documentation (#4161)
* kTLS: implement recvmsg (#4154)
* Fix clippy (#4166)
* Add cert validation callback (#4156)
* kTLS: implement sendmsg (#4147)
* Fix s2n_ecdsa_secp521r1_sha512 + improve integ ECDSA coverage (#4148)
* refactor and cleanup some ktls code (#4152)
* Call enable_session_tickets before adding a ticket key (#4150)
* kTLS: get and set control data on msghdr (#4146)
* Don\'t exit nix dev shell on integ test failure (#4149)
* docs(bench): update historical benching graphs and readme (#4136)
* Use client_hello.parsed as precondition for retrieving client_hello (#4144)
* bindings: release 0.0.36 (#4145)
* Update blocked status documentation (#4139)
* Make invalid chains available via get_client_cert_chain (#4134)
* Adds resumption functions to Rust bindings (#4114)
* Thu Aug 17 2023 John Paul Adrian Glaubitz - Update to version 1.3.49
* ktls: mock send/recvmsg IO (#4109)
* test: ensure s2n_recv blocked status behavior doesn\'t change (#4127)
* Add additional Kyber768 tests (#4089)
* Prevent get_peer_cert_chain from modifying existing cert chain (#4135)
* Update build documentation (#4126)
* feat(bench): add different parameters for memory benching (#4125)
* feat(bench): add flamegraph generation to benchmarks and reuse configs when benching (#4128)
* Add new Kyber768+ KEMs and security policy (#4034)
* fix(bench): fix throughput bench issues and add documentation (#4130)
* refactor(bench): unnest loops over parameters in handshake bench (#4129)
* ktls: self talk inet socket test (#4075)
* refactor(bench): feature cleanup for benches (#4120)
* refactor(bench): move around and update scripts in bench crate (#4115)
* Fix PR template styling (#4116)
* bindings: release 0.0.35 (#4122)
* refactor(bench): separate out client and server connections in benching harness (#4113)- from version 1.3.48
* Print error for 32bit test (#4107)
* ktls: set keys on socket and enable ktls (#4071)
* Trying to use an invalid ticket should not mutate state (#4110)
* fix: get_session behavior for TLS 1.3 (#4104)
* feat(bench): add different certificate signature algorithms to benchmarks (#4080)
* feat(bench): add memory bench with valgrind/massif (#4081)
* feat(bench): add historical performance benchmark (#4083)
* nix: pin corretto version (#4103)
* bindings: release 0.0.34 (#4096)- from version 1.3.47
* Fix try_compile bug on gcc 4 (#4091)
* Fix clippy warnings (#4093)
* Generify Kyber files + functions over security parameters (#4087)
* Disabling sign compare check as debug build option, enabling wsign-compare check and fixing 32bit build failures (#4061)
* ktls: config socket ULP (#4066)
* feat(bench): add throughput benchmarks (#4077)
* feat(bench): add mTLS to benchmarks (#4079)
* Fix pthread key cleanup with musl libc (#4085)
* feat: introduce s2n_key_material for handling key material info (#4047)
* Fix openssl-1.0.2k x509 validator test failure (#4084)
* bindings: release 0.0.33 (#4076)
* feat(bench): add openssl handshake to benchmarking (#4069)
* fix: Add implicit gcc flag to all feature probes (#4074)
* nix: skip the sslyze test on aarch64 (#4050)
* Adds new CRT policies (#4072)
* Add KeyUpdate threading test (#4059)
* Wed Jun 28 2023 John Paul Adrian Glaubitz - Update to version 1.3.46
* Create new KMS TLS Policy with TLSv1.2 Minimum (#4068)
* bindings: do not enable OCSP when calling trust_location() (#4016)
* Fixes broken link in comment (#4060)
* Disable build flag for openssl102 nix aarch64-linux (#4045)
* Add rustls handshake to benchmarks (#4063)
* remove kTLS feature probe (#4064)
* Validate PRK output size in the libcrypto HKDF implementation (#4057)
* s2n-tls handshake benchmark (#4053)
* feat(bindings/s2n-tls): add ja-3 apis (#4009)
* Fix TSAN s2n_shutdown failures (#4055)
* Update nix corretto; make it platform aware. (#4043)
* Add ThreadSanitizer (#4046)
* feat: add checked return values diagnostic (#3798)
* Fix usage guide examples + enable testing of examples (#4044)
* Fix pthread leak (#4037)
* Add libcrypto HKDF implementation (#4035)
* ci: allow running multiple integ tests at once in nix devshell (#4029)
* Never send KeyUpdate message if * nix devShell with aws-lc (#4028)
* fix: ossl3 legacy provider mem leak (#4033)
* Add pre-TLS13 libcrypto PRF implementation (#4020)
* ci: typos config file (#4021)
* Refactor alerts to make behavior clear (#4019)
* bindings: release 0.0.32 (#4032)
* Fixes dynamic loading bug (#4024)
* build: make feature flags consistent (#3921)
* Sat Jun 10 2023 John Paul Adrian Glaubitz - Update to version 1.3.45
* fix: improve compatibility with old Linux versions (#4027)
* Disable retry client random validation outside of tests (#4023)
* Only call getenv for integ test marker in s2n_init (#4025)
* Publish minimal s2n_config APIs and add documentation (#3972)
* Fix s2n_error_get_type mistake in usage guide (#4022)
* nix: add an Openssl102 nix devShell (#4014)
* fix(api/unstable): make all api methods visible (#4015)
* test(bindings/s2n-tls-tokio): fix tokio bindings close test (#4007)
* fix: open files with the O_CLOEXEC flag (#3989)
* feat(s2n-tls): X509 asn1 refactor (#4011)
* Add the libcrypto random generation implementation (#4004)
* nix: Use nixpkgs gnutls instead (#4013)
* nix: add a LibreSSL nix devShell (#4010)
* style: simplfy api for test utility (#4008)
* fix(s2nd): parse psk given to s2nd non-destructively (#4006)
* nix devShell with openssl3 (#3993)
* Upgrade OpenSSL model for CBMC proofs (#3978)
* Quoting RFC-4492 to verify behavior when supported_groups extension is not sent (#3998)
* docs: add notes on s2nc and s2nd usage (#4003)
* bindings: Add option to disable loading system certs (#3985)
* Update FAQ + add s2n_negotiate example to Usage Guide (#3984)
* test: add more x509 OCSP tests (#3970)
* ci: enable ossl3 tls13 tests (#3992)
* chore: bindings release 0.0.31 (#3997)
* Print Wire Bytes In and Out for s2nc (#3986)
* ci: nix devShell simplification (#3964)
* utils: Add a stale box to the GH dashboard; use an action for pushing pages (#3947)- from version 1.3.44
* test: fix session-ticket, non-blocking-io tests on 32 bit (#3969)
* ci: add 32 bit buildspec (#3977)
* [ci]: Use custom library context for rc4 instead of global default context (#3980)
* s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypto (#3966)
* docs: update clang-format and gdb documentation (#3967)
* Only LTO on GCC (#3968)
* style: clean up fuzz corpus (#3971)
* Add test for cipher selection with dh params (#3974)
* Add new API to perform half-close (#3952)
* Add API to create s2n_configs without loading system certs (#3950)
* chore: remove module.modulemap and allow customers to generate it themselves (#3961)
* chore: bindings release (#3956)
* Cover more situations where no close_notify is sent/received (#3957)
* Add logging for failed CRT tests (#3962)
* Fix end-of-data behavior (#3945)- from version 1.3.43
* Fix expected negotiated version in client auth downgrade test (#3951)
* ci: Disable automatically closing stale PRs (#3946)
* add 32 bit cross-compile toolchain (#3924)
* ci: Add AWSLC-FIPS 2022 to CI (#3943)
* bindings: add verify_host_callback to the connection (#3925)
* Add basic half-close TLS1.3 behavior (#3932)
* Update IO section of Usage Guide (#3917)
* Don\'t send close_notify after an alert (#3942)
* Reinstate Kyber KEM check (#3905)
* Add test to verify TLS1.2 downgrade (#3939)
* Add github stale action (#3929)
* update security policy and rust binding documentation (#3906)
* Remove unnecessary flush (#3940)
* Adds FAQ doc (#3920)
* ci: Update AWSLC test dependency to v1.8.0 (#3938)
* Add note about server_name spec requirements (#3930)
* doc: Flesh out steps in nix readme. (#3923)
* Create new PQ TLS Policies with minimum of TLSv1.2 (#3927)
* Attempts to fix flakiness in session_ticket_test (#3913)
* test: Bump nix devShell python to 3.10 (#3914)
* chore(bindings): release 0.0.29 (#3919)
* test: add retry logic for well-known endpoints (#3918)
* docs: add compliance notes for RFC 6125 (#3915)
* Wed Apr 19 2023 John Paul Adrian Glaubitz - Update to version 1.3.42
* CI: Restrict Nix integ test to 1 job (#3897)
* Don\'t set actual_protocol_version early when resuming a session (#3907)
* Expose curve details to rust bindings (#3912)
* Move secret type out of tls12/tls13 union (#3908)
* Appends S2N_API (#3910)
* chore: bump rust bindings (#3909)
* test: Nix s3 cache (#3904)
* Tue Apr 04 2023 John Paul Adrian Glaubitz - Update to version 1.3.41
* fix: remove broken check in test (#3901)- from version 1.3.40
* Rewrite of the PSK section in Usage Guide (#3864)
* test: cleanup after tests (#3831)
* ktls: feature probe test (#3869)
* Fixes some compiler warnings coming from tests (#3883)
* tokio-s2n-tls: Enable access to the IO instance from TcpStream (#3882)
* chore: bump rust bindings for 1.3.39 release (#3887)
* Migrate Kyber 512 to EVP KEM API (#3853)
* test: cleanup tests (#3832)
* test: Add missing packages to nix devShell (#3885)
* Document behavior of s2n_negotiate for a client with client auth (#3891)
* Switch OpenBSD CI job GH action to something more robust (#3877)
* Enable strict compile checks in unit test build (#3878)
* ci: enable valgrind pedantic check (#3886)
* Allow client hellos from raw bytes (#3871)
* Add new security policy (#3895)- from version 1.3.39
* Removed codecov github status badge. (#3859)
* Add method to create Rust certs without private keys (#3860)
* Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (#3800)
* chore: bump rust bindings version; crates msrv to 1.63.0 (#3863)
* ci: Check for msrv match between rust-toolchain an crates; make them match. (#3866)
* fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns (#3870)
* tests: add checks for LTO+interning compatibility (#3839)
* Enforce that ENSURE and GUARD_OSSL use valid error codes (#3873)- from version 1.3.38
* Add CMake targets for integration tests and switch CI to use them (#3776)
* ci: reduce the number of BSD artifacts (#3837)
* Enable -Wsign-Compare-check_v2-tests/unit (#3827)
* Add github trigger event for merge queue (#3836)
* Prevent auto-enabling OCSP requests for servers (#3830)
* Enable -Wsign-Compare-check_v3-tests/unit/ (#3828)
* Enable -Wsign-Compare-check_bin/_crypto/_stuffer/_utils/ (#3825)
* Enable -Wsign-Compare-check_v1-tests/ (#3826)
* Update s2n_libcrypto_validate_name_prefix to only check the prefix of the libcrypto name (#3779)
* Enable -Wsign-Compare-check_tls/ (#3829)
* Add OCSP stapling for client auth (#3770)
* Enable -Wsign-Compare-check_CMakeLists (#3842)
* CI: pin AWS-LC versions #3846
* [bindings] Generalize async in preparation for pkey offloading (#3844)
* fix: use actual_protocol_version for session ID (#3845)
* Add JA3 to s2nd (#3838)
* filter do_not_merge label from Ready to merge (#3849)
* Remove unused s2n_config_client_hello_cb_enable_poll (#3850)
* Run integv2 tests with nix (#3824)
* ci: nix fmt action (#3834)
* Add CBMC proof-running GitHub Action (#3840)
* Upgrade OpenSSL model for CBMC proofs (#3857)
* Bump Rust MSRV for latest openssl-src. (#3858)
* Handle ASN.1 type detection errors (#3855)
* [bindings] Add private key callback (#3847)
* Fri Feb 17 2023 John Paul Adrian Glaubitz - Update to version 1.3.37
* Make unstable fingerprint methods accessible (#3823)
* Clean up thread-local memory (#3771)
* bindings(rust): bump MSRV to 1.60.0 (#3833)
* Criterion delta (#3811)
* Add JA3 fingerprinting (#3817)
* Clarify that AWS-LC is also supported (#3821)
* Add unit test to check that the build\'s libcrypto reflects the CI\'s intended libcrypto (#3774)
* Clarify SSLv2 ClientHellos (#3815)
* Bump rust bindings for 1.3.36 release (#3818)
* Add stuffer method for standard init process (#3814)- from version 1.3.36
* ktls: rm kTLS request field on config (#3816)
* ktls: add ktls_supported field to s2n_cipher (#3806)
* Make test_install_shared_and_static easier to debug
* ktls: s2n_ktls_mode and building blocks (#3797)
* ci: Update OpenBSD\'s MEM_PER_CONNECTION, based on error message (#3791)
* s2n-tls nix flake (#3794)
* Updated rust bindings (#3802)
* Update omnibus fuzz image; remove fuzz job we\'re not running anymore in PR (#3796)
* Adds client hello section to usage guide (#3757)
* Integration test to check default signature algorithm behavior (#3719)
* Blob Initialization fix-Test_1 (#3790)- from version 1.3.35
* fix: pass an empty string to host verify without usable identifiers (#3793)
* add code coverage support (#3759)
* ci: Enable CTEST_OUTPUT_ON_FAILURE on all targets (#3789)
* Enforce that clippy msrv matches rust-toolchain (#3787)
* Blob Initialization fix-Test (#3780)
* s2n_shutdown should ignore unread messages (#3769)
* Add min supported rust version for clippy (#3785)- from version 1.3.34
* Initialize blobs and stuffers (#3783)
* s2n_shutdown: no not require response during handshake (#3772)
* ci: remove build-dashboard action from PR flow (#3764)
* ci: remove build-dashboard action from PR flow (#3764)
* Blob initialization fix-3 (#3768)
* Consolidate handshake and post-handshake record writing (#3750)
* Blob initialization fix-2 (#3762)
* Rename OCSP extensions (#3765)
* Record padding integration test (#3715)
* Adds check to ensure no switching between state machines (#3747)
* Clang format cleanup (#3767)
* Thu Jan 26 2023 John Paul Adrian Glaubitz - Update to version 1.3.33
* ci: enable multicore builds for unit test (#3753)
* Blob initialization fix-1 (#3735)
* ci: upgrade checkout action (#3761)
* ci: Bump boringssl version (#3739)
* chore(ci): add CI workflow for OpenBSD (#3754)
* Remove unused extension functions (#3752)
* Repair build on OpenBSD (#3670)
* Criterion tests (#3534)
* Fragment large post-handshake records (#3741)
* Bump rust bindings for 1.3.32 release (#3746)
* ci: improve test name parsing for criterion (#3704)
* Ensure non-zero record protocol version (#3744)
* Add check to s2n_signature_scheme_valid_to_accept (#3728)- from version 1.3.32
* ci: Fix libfuzzer path for third-party-src dir (#3742)
* added ecdhe_rsa_aes128 cipher to the tls_1_2_2017 policy (#3740)
* Intentionally disable fragmenting KeyUpdates (#3708)
* utils: guard POSIX signals with >S2N_FAILURE (#3733)
* Autopep8 updated CI and code (#3736)
* ci: CLean up integration v1 buildspecs (#3627)
* ci: Update fuzz buildspec to use pre-built image (#3604)
* Upgrade CBMC infrastructure (starter-kit 2.8.8) (#3731)
* quick fix (#3716)
* Update team members (#3640)
* fix: disable pthread_atfork fork detection on OpenBSD (#3712)
* Upgrade CBMC infrastructure (starter-kit 2.8) (#3727)
* Adds TLSv1.2_2017 security policy with ECDHE-{RSA,ECDSA}-AES256-SHA ciphers enabled (#3723)
* Fix s2n_record_write return value (#3722)
* Remove unnecessary \"extern\" from function declarations (#3726)
* Adds no-strict-prototypes (#3721)
* Clang-format `tests/unit/s2n_[l-r].
*\\.c` and enforce in CI (#3677)
* CBMC proofs: fix typing (#3718)
* ci: codebuid scripts for criterion (#3703)
* CBMC proofs: remove type-conflicting definition of s2n_calculate_stacktrace (#3714)
* Clang-format `tests/unit/s2n_s.
*\\.c` and enforce in CI (#3678)
* bindings bump (#3709)
* Fix sizes in s2n_resume_test (#3705)- Drop patches for issues fixed upstream
* s2n_disable-werror.patch
* Wed Jan 04 2023 John Paul Adrian Glaubitz - Update to version 1.3.31
* Clang format `tls/s2n_[a-h].
*\\.[ch]` and enforce in CI (#3681)
* tokio-s2n-tls: add poll_blinding and fix blinding on shutdown (#3700)
* Clang-format `crypto/` and enforce in CI (#3680)
* Clang-format `tls/s2n_[s-z].
*\\.[ch]` and enforce in CI (#3683)
* Clang-format `tests/unit/s2n_[t-z].
*\\.c` and enforce in CI (#3679)
* Clang format `tests/unit/s2n_[bc].
*\\.c` and enforce in CI (#3675)
* Clang-format `tests/unit/s2n_[d-k].
*\\.c` and enforce in CI (#3676)
* Add `CloudFront-TLS-1-2-2021-ChaCha20-Boosted` Security Policy w/ Docs Update (#3686)
* Fix FreeBSD minherit arg naming (#3694)
* Add config to read until error or supplied buffer is full (#3690)
* Clang-format `tls/s2n_[i-r].
*\\.[ch]` and enforce in CI (#3682)- from version 1.3.30
* chore: bump rust bindings version (#3693)
* Clean up test trust store (#3692)
* Add support for AWS-LC PQ KEM (#3634)
* chore: introduce rust-toolchain and enforce MSRV (#3691)
* bindings (rust): handle propagating the async client_hello callback error (#3687)
* ci: Fix LibreSSL paths in CI (#3688)
* tests: delete integv1 code (#3685)
* bindings(rust): avoid unnecessarily zeroing the receive buffer in poll_read (#3662)
* Handle fragmented post-handshake messages (#3641)
* Add CodeQL workflow for GitHub code scanning (#3601)
* ci: pin ubuntu version to 20.04 for cppcheck (#3673)
* ci: Remove references to TEST=integration and related codebuild scripting (#3628)
* Make header deps explicit in preperation for clang-format (#3684)
* Clang-format of `tests/unit/s2n_[3a].
*\\.c` + transision to exclude regex (#3664)
* Add prioritize_chacha20 flag to cipher preferences (#3543)
* Fix default X509 store flags (#3671)
* Regenerate CRL pems (#3672)
* fix(tests): honour RFC 5280 4.1.2.5 when creating CRLs (#3669)
* fix(rust-bindings): store client_hello_callback state on connection (#3631)
* Bump rust bindings for 1.3.29 release (#3666)
* Removes double semicolons and expands simple_mistakes.sh (#3665)
* ci: Update OpenSSL dependencies (#3623)
* Test for legacy version vs SupportedVersions priority (#3661)
* Update to clang-format causes reformat of api folder (#3663)
* clang-format `tests/testslib` and add to ci (#3650)
* Fix flaky send buffer test (#3647)- from version 1.3.29
* Fix clippy issues and formatting in bindings (#3659)
* Add batch of clang-format PRs to .git-blame-ignore-revs (#3653)
* Use gcc-ar instead of ar (#3625)
* bindings(rust): Implement Deref and DerefMut traits for PooledConnection (#3642)
* clang-format `utils/` and enforce in ci (#3651)
* clang-format `api/` and enforce in ci (#3637)
* clang-format `error/` and enforce in ci (#3638)
* Fix file modes and enforce in ci (#3645)
* clang-format `bin/` and enforce in ci (#3635)
* Add and document CRL APIs (#3523)
* clang-format `tls/extensions` and enforce in ci (#3633)
* Add stuffer version of s2n_io_pair (#3632)
* Add clang-format of stuffer to .git-blame-ignore-revs (#3629)
* Add clang-format ci action (#3618)
* Adds Usage Guide section on the Config object (#3620)
* bump rust bindings for 1.3.28 release (#3622)
* Add buffered send integration test (#3537)
* Declaring Virtual Function Tables as const- crypto (#3616)
* Add proof for TLS handshake with NPN extension nondeterministically enabled or disabled (#3613)
* ci: Fix SAW sha_bad_magic_mod failure test (#3617)
* Remove s2n_cbc_verify_test (#3615)- from version 1.3.28
* bindings(rust): add lto in release mode (#3610)
* wrapper for wall_clock (#3611)
* Fix very minor DeprecationWarning in integrationv2 (#3609)
* Adds s2n_connection section to usage guide (#3605)
* Fix to handle callback failure (#3597)
* Move CRL timestamp validation into the CRL lookup callback (#3515)
* Re-enable saw proofs for TLS handshake with NPN extension disabled (#3594)
* [bindings] Fix client hello callback with config swap (#3600)
* Fix FreeBSD build test bug (#3587)
* Add some missing null ptr checks for defence in depth (#3596)
* 1.3.27 bindings update (#3599)
* Apache renegotiation integration tests (#3580)
* Try to clarify the use of s2n_blob_zeroize_free (#3591)
* Fri Nov 11 2022 John Paul Adrian Glaubitz - Update to version 1.3.27
* Npn cleanup (#3590)
* Ensure extended master secrets ext have no data (#3588)
* LibreSSL version 3.5 implements the OpenSSL 1.1 API (almost) (#3589)
* Update vmactions/freebsd github action (#3592)
* Fix free error when using jemalloc (#3585)
* Add rust binding for s2n_set_config_send_buffer_size (#3582)
* NPN integration tests (#3583)
* Adding null checks to tls/extensions and tls/s2n_perf (#3578)
* Adds API for NPN support (#3575)
* Add CRL lookup callback (#3546)
* Bump Doxygen version 1.9.3 -> 1.9.5 (#3581)
* Add apache renegotiation test server to CI (#3565)
* Adds TLS12 Encrypted Extensions Messages (#3545)
* Removing more failing saw (#3577)
* bump to 0.0.17 (#3574)
* More openssl renegotiate integ tests (#3570)
* Added compliance comment for renegotiate (#3572)
* Remove s2n-core from CODEOWNERS (#3571)- from version 1.3.26
* Add IO debug info to integrationv2 framework (#3564)
* Fix check for non-portable optimizations (#3573)
* Handshake changes necessary to negotiate NPN (#3558)
* Add array init with capacity API (#3554)
* Basic renegotiation integ tests (#3563)
* Rust bindings version bump for 1.3.25 (#3567)- from version 1.3.25
* Only enable non-portable optimizations safety checks during GitHub CI builds (#3562)
* Release renegotiation feature as unstable (#3556)
* Refactor write_pem_file_to_stuffer_as_chain (#3553)
* Temporarily removing TLS12 SAW tests (#3560)
* Fix bug on RHEL5 platform (#3561)
* Tweaks to HelloRequest handling (#3555)
* ci: update group for labeler action (#3544)
* test(rust-bindings): improve test reliability (#3552)
* Add send-file option to s2nc (#3550)
* Add API to handle renegotiation (#3549)
* Change behavior when no protocols match (#3548)
* Limit slow DHE handshakes in test (#3541)
* Keep finished data on s2n_renegotiate_wipe (#3539)
* Rust bindings version bump for 1.3.24 (#3540)
* Add wrapper struct for X509_CRL (#3520)
* Added NPN Handshake Message (#3526)
* Add server secure_renegotiation checks for testing (#3533)
* Finish compliance comments for secure renegotiation (RFC5746) (#3536)- from version 1.3.24
* Fix fatal no_renegotiation alert (#3535)
* Add renegotiation callback (#3527)
* Partially wipe connections for renegotiation (#3522)
* Revert \"ci: Criterion integv2 test changes (#3222)\" (#3531)
* ci: Criterion integv2 test changes (#3222)
* Enforce init and cleanup calling rules (#3512)
* Fix npn test bug (#3529)
* Npn Extension Functions (#3521)
* ci: Move sidetrail docker container to other repo; rework sidetrail to install tooling ahead of time. (#3518)
* docs: update openssl docs (#3503)
* Add additional CBMC dependencies to README (#3517)
* Refactor s2n_x509_validator_validate_cert_chain to support an async callback (#3500)
* Fix memory leaked by s2n_cleanup (#3506) (#3506)
* Disable AVX2 compiler flags in portable PQ implementation (#3508)- from version 1.3.23
* Merge pull request from GHSA-m74w-59v6-c5r8
* Merge pull request from GHSA-mm47-wjfh-4hf5
* ci: Custom ubuntu18 image (#3513)
* release: bump rust bindings (#3507)
* Implement client-side safety features for secure renegotiation (#3497)
* ci: Criterion benchmark handlers (#3223)- from version 1.3.22
* Add compliance exceptions for server renegotiation (#3498)
* Store explicit length of verify_data (#3494)
* Send no_renegotiation alert (#3490)
* Add FS2 Scala Native binding (#3496)
* Allow static and shared libs to be mixed (take 2) (#3484)
* Removing some LGTM warnings (#3493)
* Add compliance comments for secure renegotiation initial handshakes (#3485)
* release(rust-bindings): 0.0.13 (#3487)
* Add test for verify after sign failure (#3486)
* Add option to verify after sign (#3482)
* Usage Guide Changes for Certificate Inspection Methods (#3480)- from version 1.3.21
* Revert \"Allow static and shared libs to be mixed. (#3467)\" (#3483)
* Allow static and shared libs to be mixed. (#3467)
* openssl3 integration: cleanup providers (#3481)
* openssl3 integration: store const RSA and EC_KEY (#3474)
* ci: update freebsd image (#3479)
* Fix documentation for record sizes (#3418)
* Fix reference to wrong function (#3478)
* ci: add openssl111 to LD_LIBRARY_PATH for integv2 testing (#3464)
* Add test certificate chains and CRLs for testing CRL validation (#3458)
* feat: add dynamic buffer capabilities (#3472)
* openssl3 integration: workaround for new EVP_Cipher return code (#3466)
* Allocate s2n_crypto_parameters separately (#3470)
* Reference s2n_crypto_parameters via pointers (#3469)
* openssl3 integration: work around for broken make build (#3468)
* create rfc9151 security policy (#3431)
* openssl3 integration: fix padding (#3450)
* openssl3 integration: load legacy provider for rc4 cipher (#3457)
* Re-worked Session Resumption Usage Guide Sections (#3423)
* release(rust-bindings): 0.0.12 (#3462)- from version 1.3.20
* Initialize locking sooner (#3456)
* build and link s2n-tls with openssl3 (#3441)
* build: fix Ubuntu quickstart instructions (#3452)
* double fallback for load libcrypto (#3451)
* tests: add global retries and fail fast (#3454)
* Add basic buffered send behavior (#3434)
* Fixing cargo clippy complaints (#3448)
* Return s2n_result from x509 validator functions (#3444)
* Correct CODEOWNERS team name (#3449)
* Fuzz s2n_deserialize_resumption_state (#3421)
* s2n_peek should not report partial, encrypted data (#3443)
* Fix early data reporting on partial send (#3439)
* rust bindings release 0.0.11 (#3437)- from version 1.3.19
* ci(rust-bindings): Bump nightly version (#3430)
* S2N client negotation of un-offered group fix (#3422)
* Remove patch version from .so (#3426)
* cleanup codecov from codebuild (#3425)
* Shared library .so version (#3407)
* Revert \"ci: Temporarily pin AWS-LC to a commit before gcc4.8 breaks (#3414)\" (#3424)
* Set Openssl-1.0.2 locking callback (#3415)
* Add more testing for s2n_send (#3409)
* Miscellaneous Usage Guide Fixes (#3411)
* Added RFC exception comment (#3405)
* Mon Aug 08 2022 John Paul Adrian Glaubitz - Update to version 1.3.18
* ci: Temporarily pin AWS-LC to a commit before gcc4.8 breaks (#3414)
* [bindings] Bump s2n-tls-tokio version (#3413)
* [bindings] Make errno a required dependency (#3412)
* release (rust bindings) for v1.3.17 release (#3402)
* [bindings] Fix constant name (#3410)
* ci: update OSX env for FreeBSD action (#3406)
* [bindings] Include errno in errors (#3403)
* Don\'t force static crypto dependency in case of a static build (#3395)
* pq: Remove support for BIKE, SIKE, and Kyber (Round 2) (#3392)
* Tue Jul 26 2022 John Paul Adrian Glaubitz - Update to version 1.3.17
* Don\'t wipe extensions after processing (#3401)
* fail generate.sh when cargo fails (#3398)
* Remove CBMC proof typechecking warnings (#3397)
* ci: Remove Integration Tests from Omnibus (#3391)
* Remove litani submodule and update CBMC starter kit to 2.5 (#3385)
* Prevent modifying of shared cert chains through config API (#3384)
* Fix how KeyUpdates trigger (#3387)
* Added OCSP and CT Sections to the Usage Guide (#3382)
* release(rust-bindings): 0.0.9 (#3388)
* Add HRR compliance comments and tests for remaining TLS RFC sections (#3363)
* build(rust-bindings): use the 2021 rust edition (#3386)
* Add HRR compliance comments and tests for TLS RFC section 4.2.8 (#3362)
* Tue Jul 12 2022 John Paul Adrian Glaubitz - Update to version 1.3.16
* Add \'poll_\' to polling method names (#3383)
* Update fips_default security policy (#3378)
* [bindings] Parity with unofficial bindings (#3374)
* Add clone and initialisation unit tests (#3367)
* [bindings] Export policy macro (#3375)
* ci: Generate Duvet reports in CI (#3372)
* Set server key share extension as a response extension (#3358)
* Enable S2N_AES_SHA1/256_COMPOSITE when AWSLC_API_VERSION >= 18. (#3269)
* Update CBMC starter kit to v2.4 (#3376)
* Import Microsoft\'s recent PQCrypto-SIDH SIKE patches into s2n (#3366)
* Temporarily change OpenSSL 1.1.1 versions to fix CI. (#3368)
* [bindings] Get rid of \'raw\' module (#3360)
* Replace existing fork detection with the FGN implementation (#3355)
* Fix clap dependency (#3361)
* Add compliance comments and tests for TLS RFC section 4.1.4 (#3337)
* [bindings] Apply async blinding (#3356)
* [bindings] Add connection pooling support (#3336)
* [bindings] Rework connection builder trait (#3335)
* Expand random api tests (#3342)
* docs: Documentation Clean Up (#3329)- from version 1.3.15
* fix: Add option to disable stacktrace feature (#3345)
* Fix interning build for cmake version 3.15+ (#3346)
* docs: Make Doxygen prettier. (#3343)
* free EVP_PKEY_CTX before returning from s2n_evp_sign/verify (#3333)
* ci:Add valgrind tests for awslc (#3338)
* Improve libcrypto checks (#3272)
* fix: Accurately track wire_bytes_out (#3332)
* ci: CodeBuild spec updates to support criterion integv2 (#3225)
* [bindings] Handle async callback behavior (#3325)
* release(rust-bindings): 0.0.8 (#3341)
* Refactor randomness API tests (#3328)
* Catch broken pipe exceptions on pipe flush. (#3321)
* doc fix: Update documentation for s2n_connection_get_cipher. (#3330)
* Wed May 25 2022 John Paul Adrian Glaubitz - Update to version 1.3.14
* [bindings] Allow modification of new connections (#3320)
* fix(bindings-rust): move vendored openssl-sys to dev-dependency (#3323)
* ci: Temporarily remove more test endpoints with expired certs (#3322)
* [bindings] Move enums to separate file (#3319)
* Feature probe for EVP_rc4 (#3301)
* Use CaDiCaL solver for s2n_stuffer_private_key_from_pem proof (#3318)
* docs: Introduce Doxygen to s2n (#3302)
* Wed May 18 2022 John Paul Adrian Glaubitz - Update to version 1.3.13
* Enforce how the client hello is modified during retry (#3311)
* Use SHA1+MD5 for * Don\'t generate a new client random on retries (#3312)
* Rewrite cookie extension (#3306)
* Fixed CBMC_ENSURE_REF calls where NULL return type expected (#3304)
* ci: Fix boringssl unit tests (#3309)
* Improve cmake logging (#3305)
* [bindings] Clean up async behavior (#3299)
* ci: Temporarily remove more test endpoints with expired certs (#3300)
* ci: add awslc interning to omnibus (#3295)
* fix(s2n-tls-sys): add cmake files to the include directive (#3297)
* release(rust-bindings): 0.0.6 (#3296)
* build(bindings): use cmake when building with pq feature (#3294)
* [bindings] Add basic send and recv (#3290)
* Interning not supported with FIPS enabled. (#3277)
* fix: FreeBSD will now fail loudly (#3284)
* [bindings] Hide ffi types + basic debug info (#3279)
* Thu Apr 28 2022 John Paul Adrian Glaubitz - Update to version 1.3.12
* Use pointer to variable type as required by cleanup attribute (#3289)
* bug: fix s2n_connection->cookie_stuffer initialization (#3282)
* Add test utility for fork tests (#3253)
* Add additional libcryptos to V2 integration tests (#3244)
* ci: GitHub actions for osx (#3280)
* Fix MacOS unit tests (#3278)
* build: use S2N_LIBCRYPTO to pick interning lib (#3276)
* [bindings] Add basic s2n-tls-tokio skeleton (#3261)
* exclude cast-qual in Cmake for aws-lcw (#3270)
* Disable strict-prototypes diagnostic flag in Clang (#3275)
* ci: check integv2 python for pep8 issues (#3271)- from version 1.3.11
* auto format integv2 python (#3268)
* ci: don\'t update the ghpages dashboard outside of main repo (#3267)
* release(rust-bindings): 0.0.5 (#3256)
* Add basic rust ci jobs (#3265)
* Fix wrong assumption about osx/apple (#3264)
* ci: temporarily remove expired certs (#3266)
* fix: correctly export internal APIs (#3260)
* deps: Upgrade CBMC submodules (#3259)
* Fully separate key and secret state machines (#3238)
* test: OCSP integrationv2 test with GnuTLS (#3207)
* Port drbg.c functions to use S2N_RESULT (#3252)
* feat(rust-bindings): add support for linking an external build (#3254)- from version 1.3.10
* build: fix libcrypto interning (#3204)
* Update install_awslc to install the correct FIPS branch of AWS-LC (#3255)
* ci: add make install (#3224)
* ci: Add a CRT codebuild job (#3245)
* ci: script changes to test aws-crt (#3176)
* Add step by step instructions to Readme (#3061)
* ci: Issue/PR dashboard (#3235)
* feat(rust-bindings): add support for mTLS (#3241)
* Address new-ish python warning (#3208)
* Add check on zero returned by EVP_CIPHER_CTX_ctrl. (#3221)
* Changed function declarations to match their definitions (#3243)
* Add missing safety macro deprecation messages (#3242)
* Fix auto-generated RESULT_GUARD_RESULT macros (#3239)
* sike_r3: add missing GNU note for executable stack on ELF (#3194)
* Implementation of fork generation number API (#3191)
* fix cmake package name in usage guide (#3232)
* bindings: update version in preperation for publishing the bindings to crates.io (#3233)
* bindings: manually track Config lifetime and expose ClientHelloHandler for client_hello_callback (#3216)
* Remove nonexistent macro reference from docs (#3237)
* internal api: add new api to poll client_hello callback (#3230)
* Make secrets available early for QUIC (#3229)- from version 1.3.9
* Remove PQ tests that break on Openssl DRBG calling pattern updates (#3231)
* Split up slow pq test (#3226)
* Secret reorder for s2n-quic (#3227)
* Fix BIKE Round 3 try_compile statements (#3219)
* Update sidetrail readme (#3220)- from version 1.3.8
* Delete more old key schedule methods (#3215)
* Wipe TLS1.3 secrets after handshake (#3212)
* Fix cleanup issues with HELLO_REQUEST received during handshake (#3217)
* Add tls13 state machaine file back (#3205)
* api: add context on s2n_config. add internal api to access config set on connection (#3210)
* Clarify TLS1.3 secrets tracking (#3213)
* Remove old key schedule methods (#3209)
* Refactor TLS1.3 key schedule (#3198)
* Tue Mar 01 2022 John Paul Adrian Glaubitz - Update to version 1.3.7
* Crypto variable update missing from #3181 (#3189)
* SSLyze integrationv2 test (#3186)
* Added try_compile for features.h (#3197)
* bindings: update rust bindings (#3196)
* Centralize transcript hash copy logic (#3195)
* Enable PQ in FIPS mode with awslc (#3183)
* Revert \"Flush stdout with initial BEGIN_TEST message (#3185)\" (#3193)- from version 1.3.6
* Store TLS1.3 transcript hash digests rather than full hash state (#3188)
* Remove in-source build target check hackery. (#3181)- Refresh patches for new version
* s2n_fix-cmake-modules-path.patch
* Tue Feb 01 2022 John Paul Adrian Glaubitz - Update to version 1.3.5
* remove extra S2N_API (#3187)
* Use `llvm_points_to_bitfield` in SAW proofs (#3155)
* Add API s2n_client_hello_has_extension to check if extension exists (#3180)
* Flush stdout with initial BEGIN_TEST message (#3185)
* FreeBSD ci (#3184)
* Add some comments to build scripts (#3182)
* Document which macros should not be used for new code (#3179)
* remove unused function s2n_actual_getpid (#3172)
* Workaround AL2 nodejs package issue (#3174)
* Add API method to translate errors to alerts (#3171)
* Upgrade CBMC submodules (#3165)
* tests: add s2n_init/s2n_cleanup tests (#3164)
* Thu Jan 20 2022 John Paul Adrian Glaubitz - Update to version 1.3.4
* Change AWS-LC aes-gcm aead APIs to the ones that are FIPS validated (#3137)
* Conflicting ports in integration test (#3161)
* Tue Jan 04 2022 John Paul Adrian Glaubitz - Update to version 1.3.3
* Fix s2n_connection_get_client_cert_chain for TLS1.3 (#3156)
* Fixing Flakiness in Cross-Compat Test (#3158)
* Enforce RSA-PSS saltlen requirements (#3157)
* Rearrange TLS1.2 and TLS1.3 secret storage (#3154)
* Use libcrypto signing methods in compliance with FIPS 140-3 (#3142)
* docs: update readme (#3153)- from version 1.3.2
* Adds Cross-Compatibility Test (#3147)
* Makes s2n_stuffer_skip_whitespace verification friendly (#3143)
* ci: fix Kwstyle (#3136)
* only print on retries (#3151)
* integration: enforce timeout, allow for the process to shutdown gracefully, run in non-blocking mode (#3148)
* Added Script to Compile Main for Cross-Compat Testing (#3139)
* Adds Options to Output and Input Session Ticket to s2nc (#3134)
* Upgrade CBMC submodules (#3135)
  
ICM