New AWS-LC release: v5.0.0

[github-actions]

New Versioning Policy

Check out VERSIONING.md to learn about our new versioning scheme.

What's Changed

• Test key import in EVPTest a bit more extensively by @nebeid in #3058
• Add OPENSSL_cleanse to zero stack secrets before return by @prasden in #3227
• Fix: Apply COHABITANT_HEADERS logic to location of tool binaries by @edmundlod in #3116
• Fix wherelen handling in BIO_ADDR_rawmake AF_UNIX path by @samuel40791765 in #3233
• Harden PKCS7 and OCSP error handling by @prasden in #3237
• Reject len < -1 in ASN1_mbstring_ncopy by @samuel40791765 in #3232
• Free existing union arm by current type in PKCS7_set_type by @samuel40791765 in #3231
• Ensure no trailing data for PKCS8 EVP_parse_private_key by @torben-hansen in #3242
• Include trailing NUL in BIO_ADDR_rawaddress AF_UNIX length by @samuel40791765 in #3236
• Reject negative pass_len in PEM_ASN1_write_bio by @samuel40791765 in #3228
• Check parameters before comparing pqdsa public keys by @samuel40791765 in #3229
• Free existing responderId union arm in OCSP_RESPID setters by @samuel40791765 in #3234
• Release cipher_data on error path too for EVP_CTRL_INIT and EVP_CTRL_COPY by @torben-hansen in #3243
• ci: declare contents: read on zig compiler workflow by @arpitjain099 in #3249
• Add new review workflow by @nhatnghiho in #3230
• Log versioning and library names druing cmake build step by @torben-hansen in #3254
• Tighten OCSP_parse_url URL parsing by @prasden in #3238
• Add SHRT_MAX caps to bound iteration and input lengths by @prasden in #3240
• Fix correctness findings from penpal testing by @prasden in #3235
• Document new versioning scheme and bump mainline to v5.0.0 by @samuel40791765 in #3212
• Decouple the FIPS version number from the AWS-LC version number by @samuel40791765 in #3211
• Bump the github-actions group with 2 updates by @dependabot[bot] in #3258
• Bump time from 0.3.36 to 0.3.47 in /tests/ci/lambda by @dependabot[bot] in #3248
• tool-openssl/s_client: default SNI to -connect host to match OpenSSL by @alexw91 in #3209
• Reject undersized buffer in pkey_dsa_sign by @nebeid in #3112
• Drop obsolete test_pkey_rsa.rb hunk from Ruby 3.4 patch by @geedo0 in #3260
• Enable Windows 7 compat path on MinGW builds by @justsmth in #3239
• Add getauxval availability detection with /proc/self/auxv fallback for uclibc targets by @justsmth in #3250
• Prefer CRLs with specific IDP match by @nhatnghiho in #3264
• Fix manylinux1 build: O_CLOEXEC fallback in getauxval shim by @justsmth in #3268
• Gate Linux specific code to fix compilation on AIX by @pgimalac in #3265
• BoringSSL: Harden nc_email name constraint checking by @nebeid in #3266
• Fix python 3.13 patch by @WillChilds-Klein in #3271
• Make rustfmt optional for Rust bindings generation by @justsmth in #3270
• Skip MariaDB socket conflict test unable to run as root by @WillChilds-Klein in #3274
• use /map: linker flag to avoid running a binary to capture the hash by @yoavwizstein in #3133
• Add inline documentation for API contracts by @nebeid in #3267
• ML-DSA support as a TLS 1.3 signature scheme by @dkostic in #3251
• Make FIPS compiler wrapper unconditional by @justsmth in #3269

New Contributors

• @edmundlod made their first contribution in #3116
• @arpitjain099 made their first contribution in #3249
• @pgimalac made their first contribution in #3265
• @yoavwizstein made their first contribution in #3133

Full Changelog: v1.73.0...v5.0.0

https://github.com/aws/aws-lc/releases/tag/v5.0.0