Releases: aws/aws-lc
Releases · aws/aws-lc
v1.62.0
Post release edit
- This release contains a bug in the AES-XTS implementation on aarch64 platforms affecting input lengths of 17 to 31 bytes.
What's Changed
- nginx now supports AWS-LC by @samuel40791765 in #2714
- Fix tests that assume X25519 will be negotiated by @alexw91 in #2682
- Fixing a bug in ML-DSA poly_uniform function by @dkostic in #2721
- Migrate integration omnibus by @skmcgrail in #2715
- Delete util/bot directory by @justsmth in #2723
- Don't ignore CMAKE_C_FLAGS w/ MSVC by @justsmth in #2722
- Bump urllib3 from 2.2.3 to 2.5.0 in /tests/ci by @dependabot[bot] in #2551
- Type fix in mldsa by @manastasova in #2308
- Centralize password handling tool-openssl by @kingstjo in #2555
- crypto/pem: replace strncmp with CRYPTO_memcmp to fix -Wstring-compare error by @R3hankhan123 in #2724
- Implement dgst CLI command by @nhatnghiho in #2638
- Add ASN.1 decoding for ML-KEM private keys as seeds by @jakemas in #2707
- Implement genrsa command by @kingstjo in #2535
- Move udiv and sencond tweak calculations to when needed by @nebeid in #2726
- Add null check on RSA key checks by @samuel40791765 in #2727
- Implement workaround for FORTIFY_SOURCE warning with jitterentropy by @skmcgrail in #2728
- Implement coverity suggestions by @skmcgrail in #2730
- Add minimal EC CLI tool implementation by @kingstjo in #2640
- Adding pkeyutl tool to the CLI by @smittals2 in #2575
- Add CI dimensions for legacy AVX512 flags by @smittals2 in #2732
- Fix Libwebsockets CI by @smittals2 in #2737
- Add option ENABLE_SOURCE_MODIFICATION by @justsmth in #2739
- Simple script to build/run tests by @justsmth in #2736
- Add build-time option to opt-out of CPU Jitter Entropy by @torben-hansen in #2733
- Prepare v1.62.0 by @justsmth in #2743
New Contributors
- @R3hankhan123 made their first contribution in #2724
Full Changelog: v1.61.4...v1.62.0
Contributors
skmcgrail, alexw91, and 12 other contributors
Assets 2
v1.61.4
What's Changed
- Pin PyCA version in python integration tests by @WillChilds-Klein in #2706
- Migrate linux-x86 jobs to self-hosted runners by @skmcgrail in #2708
- Migrate Linux ARM omnibus by @skmcgrail in #2711
- Fixes for android CI tests by @nhatnghiho in #2713
- Check compiler for 'linux/random.h' by @justsmth in #2716
- Prepare 1.61.4 by @justsmth in #2717
Full Changelog: v1.61.3...v1.61.4
Contributors
skmcgrail, WillChilds-Klein, and 2 other contributors
Assets 2
v1.61.3
What's Changed
- Remove jitter entropy tests folder by @torben-hansen in #2702
- CodeBuild GitHub Actions Runner Project by @skmcgrail in #2704
- Prepare v1.61.3 by @torben-hansen in #2705
Full Changelog: v1.61.2...v1.61.3
Contributors
skmcgrail and torben-hansen
Assets 2
v1.61.2
What's Changed
- Update Android CI config by @justsmth in #2687
- Fix build when path has spaces by @justsmth in #2696
- Fix test issues with run_minimal_tests by @samuel40791765 in #2695
- Fix illumos/OpenSolaris by @justsmth in #2698
- Windows/MSBuild doesn't provide 'all' target by @justsmth in #2697
- Prepare v1.61.2 by @justsmth in #2699
Full Changelog: v1.61.1...v1.61.2
Contributors
samuel40791765 and justsmth
Assets 2
v1.61.1
What's Changed
- Use /FI for MSVC forced-includes by @justsmth in #2684
- More arm64 CI tests by @justsmth in #2674
- Fix duplicate test names in CodeBuild integration tests by @nhatnghiho in #2686
- Support FIPS build for Windows/ARM64 by @justsmth in #2688
- Prepare v1.61.1 by @justsmth in #2685
Full Changelog: v1.61.0...v1.61.1
Contributors
nhatnghiho and justsmth
Assets 2
v1.61.0
What's Changed
- Apply additional X509 validation checks on certificates sourced from trust store by @skmcgrail in #2230
- Reorganizing compatibility tests, rework certificates for better groking by @skmcgrail in #2305
- Additional X.509 Behavior Compatibility Tests by @skmcgrail in #2312
- Add Support for IPv4 and IPv6 X.509 Certificate Name Constraints by @skmcgrail in #2340
- Merge main to x509 by @skmcgrail in #2390
- Reintroduce support for validating DNS commonName subjects when name constraints are present. by @skmcgrail in #2376
- Support client-side hostname checks with leading . by @skmcgrail in #2403
- Verify leaf certificate public key rather then leaving it to the caller by @skmcgrail in #2438
- Support for explicit curve parameter on EC public keys where parameters match supported curves by @skmcgrail in #2642
- Add x86 Keccak implementation by @manastasova in #2619
- Gate EC explicit curve parameters for X.509 behind flag by @skmcgrail in #2648
- Update CPU Jitter Entropy dependency to version 3.6.3 by @torben-hansen in #2654
- Fix benchmarking issues with FIPS main by @samuel40791765 in #2655
- Add standalone MLKEM supported groups by @alexw91 in #2589
- Document and statically assert counters can't overflow by @torben-hansen in #2658
- TLS Transfer Serialization Improvements by @skmcgrail in #2616
- Fix ternary operator in github workflow by @torben-hansen in #2653
- Merge x509 branch into main by @skmcgrail in #2660
- Address clang-ci comments on new x509 code by @skmcgrail in #2662
- Implement snapsafe fallback entropy source by @torben-hansen in #2651
- Rand small fixes by @torben-hansen in #2664
- Import s2n-bignum 2025-09-05-04 by @dkostic in #2667
- Refactor iOS CI script by @justsmth in #2637
- Re-import mlkem-native for addition of CFI directives by @hanno-becker in #2659
- Fix typo in ssl_transfer_asn1 by @samuel40791765 in #2665
- Fix for zig build by @justsmth in #2668
- Update SSLProxy patch by @skmcgrail in #2663
- ML-DSA service indicator by @jakemas in #2666
- Add aes-xts AArch64 implementation that will eventually be imported from s2n-bignum. by @nebeid in #2632
- Fix Keccak MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX flag by @manastasova in #2670
- Increase SSLBuffer size to INT_MAX by @samuel40791765 in #2673
- Wrap compiler when FIPS w/ clang v20+ by @justsmth in #2671
- Test ACCP in FIPS mode as well as non-FIPS by @WillChilds-Klein in #2669
- fix: Allow zero-length passwords in PEM key decryption by @kingstjo in #2677
- Use CheckCCompilerFlag to test -Wno-cast-function-type by @justsmth in #2678
- Make X509 CodeBuild webhook more resilient by @skmcgrail in #2680
- Prepare AWS-LC v1.61.0 by @justsmth in #2681
Full Changelog: v1.60.0...v1.61.0
Contributors
skmcgrail, WillChilds-Klein, and 10 other contributors
Assets 2
v1.60.0
What's Changed
- Anchor CodeBuild account-id patterns by @justsmth in #2641
- Implement read/write timeouts for BIO datagram by @smittals2 in #2610
- Migrate from CodeBuild account actor filter to pull request comment filter based on GitHub permissions by @andrewhop in #2644
- Fix macOS FIPS build w/ clang-20 by @justsmth in #2645
- Implement ragdoll by @torben-hansen in #2615
- Prepare for v1.60.0 release by @andrewhop in #2649
- Add expandedKey ASN.1 encoding for KEM keys by @prasden in #2624
Full Changelog: v1.59.0...v1.60.0
Contributors
andrewhop, torben-hansen, and 3 other contributors
Assets 2
v1.59.0
What's Changed
- Support other field for PKCS7 by @samuel40791765 in #2603
- Add CFI directives to armv8-mont by @andrewhop in #2584
- Add back RC4_options from decrepit by @samuel40791765 in #2618
- allow prasden ci by @prasden in #2621
- Apache httpd integration test by @justsmth in #2614
- Fix clang-21 compile error by @justsmth in #2623
- Fix MariaDB integration test by @justsmth in #2625
- ML-KEM: Re-import mlkem-native by @hanno-becker in #2630
- Fix Bind9 CI test by @nhatnghiho in #2629
- ML-KEM: import and enable x86_64 backend from mlkem-native by @dkostic in #2631
- Add CMake Configure pre-push checker by @skmcgrail in #2596
- Add CFI directives in md5-armv8.pl by @andrewhop in #2627
- X509_REQ_verify for MLDSA44 and MLDSA87 by @justsmth in #2636
- Remove BIT_INTERLEAVE support by @manastasova in #2628
- ML-KEM: Fix mlkem-native importer.sh by @hanno-becker in #2635
- Prepare release v1.59.0 by @justsmth in #2643
New Contributors
Full Changelog: v1.58.1...v1.59.0
Contributors
skmcgrail, samuel40791765, and 7 other contributors
Assets 2
v1.58.1
What's Changed
- Move check-linkage.sh to util by @justsmth in #2608
- Add support for EVP_PKEY_param_check by @samuel40791765 in #2611
- Prepare release v1.58.1 by @justsmth in #2609
Full Changelog: v1.58.0...v1.58.1
Contributors
samuel40791765 and justsmth
Assets 2
v1.58.0
What's Changed
- Add EVP_PKEY_check and EVP_PKEY_public_check by @smittals2 in #2565
- Rewrite 4-fold batched SHAKE to be amenable to batched Keccak-F1600 assembly by @hanno-becker in #2598
- Fix Win64 unwind info alignment by @kkent030315 in #2559
- Migrate MSVC tests to CodeBuild by @nhatnghiho in #2583
- Add optimized + verified hybrid AArch64 assembly for batched SHA3/SHAKE by @hanno-becker in #2600
- target.h: more clearly check for ppc64 endianness by @pkubaj in #2604
- Impl
SSL_client_hello_get1_extensions_presentand friends by @justsmth in #2561 - Implement SSL_set_verify_result by @nhatnghiho in #2576
- ML-DSA constant-time hardening for caddq, poly_chknorm, decompose by @dkostic in #2602
- Prepare release v1.58.0 by @justsmth in #2607
New Contributors
- @kkent030315 made their first contribution in #2559
Full Changelog: v1.57.1...v1.58.0
Contributors
pkubaj, dkostic, and 5 other contributors