Release: v1.3.24

Weekly release for October 05 2022

What's Changed

• Disable AVX2 compiler flags in portable PQ implementation by @alexw91 in #3508
• Fix memory leaked by s2n_cleanup by @jeking3 in #3506
• Refactor s2n_x509_validator_validate_cert_chain to support an async callback by @goatgoose in #3500
• Add additional CBMC dependencies to README by @goatgoose in #3517
• docs: update openssl docs by @toidiu in #3503
• ci: Move sidetrail docker container to other repo by @dougch in #3518
• Npn Extension Functions by @maddeleine in #3521
• Fix npn test bug by @lrstewart in #3529
• Enforce init and cleanup calling rules (#3446) by @jeking3 in #3512
• ci: Criterion integv2 test changes by @dougch in #3222
• Revert "ci: Criterion integv2 test changes" by @dougch in #3531
• Partially wipe connections for renegotiation by @lrstewart in #3522
• Add renegotiation callback by @lrstewart in #3527
• Fix fatal no_renegotiation alert by @lrstewart in #3535

New Contributors

• @jeking3 made their first contribution in #3506

Full Changelog: v1.3.23...v1.3.24

Release: v1.3.23

Weekly release for September 26 2022

What's Changed

• ci: Criterion benchmark handlers by @dougch in #3223
• Implement client-side safety features for secure renegotiation by @lrstewart in #3497
• release: bump rust bindings by @toidiu in #3507
• Custom ubuntu18 image by @dougch in #3513
• Fix for GHSA-mm47-wjfh-4hf5
• Fix for GHSA-m74w-59v6-c5r8

Full Changelog: v1.3.22...v1.3.23

Release: v1.3.22

Weekly release for September 20 2022

What's Changed

• Usage Guide Changes for Certificate Inspection Methods by @maddeleine in #3480
• Allow verification of signatures before sending by @lrstewart in #3482
• Add test for verify after sign with invalid signature by @lrstewart in #3486
• release(rust-bindings): 0.0.13 by @maddeleine in #3487
• Add compliance comments for secure renegotiation initial handshakes by @lrstewart in #3485
• Removing Some LGTM Warnings by @maddeleine in #3493
• Allow static and shared libs to be mixed (take 2) by @graebm in #3484
• Add FS2 Scala Native binding to binding list by @armanbilge in #3496
• Send no_renegotiation alert by @lrstewart in #3490
• Store explicit length of verify_data by @lrstewart in #3494
• Add compliance exceptions for server renegotiation by @lrstewart in #3498

Full Changelog: v1.3.21...v1.3.22

Release: v1.3.21

Weekly release for September 13 2022

What's Changed

• release(rust-bindings): 0.0.12 by @goatgoose in #3462
• Re-worked Session Resumption Usage Guide Sections by @maddeleine in #3423
• openssl3 integration: load legacy provider for rc4 cipher by @toidiu in #3457
• pass padding of 0 to EVP_CIPHER_CTX_set_padding by @toidiu in #3450
• create rfc9151 security policy by @toidiu in #3431
• openssl3 integration: work around for broken make build by @toidiu in #3468
• Reference s2n_crypto_parameters via pointers by @lrstewart in #3469
• Allocate s2n_crypto_parameters separately by @lrstewart in #3470
• openssl3 integration: workaround for new EVP_Cipher return code by @toidiu in #3466
• feat: add dynamic buffer capabilities by @camshaft in #3472
• Add test certificate chains and CRLs for testing CRL validation by @goatgoose in #3458
• ci: add openssl111 to LD_LIBRARY_PATH for integv2 testing by @dougch in #3464
• Fix reference to wrong function by @armanbilge in #3478
• Fix documentation for record sizes by @lrstewart in #3418
• ci: update freebsd image by @toidiu in #3479
• openssl3 integration: store const RSA and EC_KEY by @toidiu in #3474
• openssl3 integration: cleanup providers by @toidiu in #3481
• Allow static and shared libs to be mixed. by @graebm in #3467
• Revert "Allow static and shared libs to be mixed." by @dougch in #3483

New Contributors

• @armanbilge made their first contribution in #3478

Full Changelog: v1.3.20...v1.3.21

Release: v1.3.20

Weekly release for August 22 2022

What's Changed

• release(rust-bindings): 0.0.11 by @franklee26 in #3437
• Fix early data reporting on partial send by @lrstewart in #3439
• s2n_peek should not report partial, encrypted data by @lrstewart in #3443
• Fuzz s2n_deserialize_resumption_state by @maddeleine in #3421
• Correct CODEOWNERS team name by @lrstewart in #3449
• Return s2n_result from x509 validator functions by @goatgoose in #3444
• Fixing cargo clippy complaints by @franklee26 in #3448
• Add basic buffered send behavior by @lrstewart in #3434
• tests: add global retries and fail fast by @WesleyRosenblum in #3454
• double fallback for load libcrypto by @TingDaoK in #3451
• build: fix Ubuntu quickstart instructions by @WesleyRosenblum in #3452
• build and link s2n-tls with openssl3 by @toidiu in #3441
• Initialize locking sooner by @lrstewart in #3456

Full Changelog: 1.3.19...v1.3.20

Release: v1.3.19

Weekly release for August 09 2022

What's Changed

• Added RFC exception comment by @maddeleine in #3405
• Miscellaneous Usage Guide Fixes by @maddeleine in #3411
• Add more testing for s2n_send by @lrstewart in #3409
• Set Openssl-1.0.2 locking callback by @lrstewart in #3415
• Revert "ci: Temporarily pin AWS-LC to a commit before gcc 4.8 breaks" by @bryce-shang in #3424
• Shared library .so version by @dougch in #3407
• cleanup codecov artifacts by @toidiu in #3425
• Remove patch version from .so by @dougch in #3426
• S2N client negotation of un-offered group fix by @franklee26 in #3422
• ci(rust-bindings): Bump nightly version by @franklee26 in #3430

New Contributors

• @franklee26 made their first contribution in #3422

Full Changelog: v1.3.18...v1.3.19

Release: v1.3.18

Weekly release for July 26 2022

What's Changed

• Remove support for BIKE, SIKE, and Kyber (Round 2) by @alexw91 in #3392
• Don't force static crypto dependency in case of a static build by @SergeyRyabinin in #3395
• [bindings] Include errno in errors by @lrstewart in #3403
• ci: update OSX env for FreeBSD action by @dougch in #3406
• [bindings] Fix constant name by @lrstewart in #3410
• release (rust bindings) for v1.3.17 release by @dougch in #3402
• [bindings] Make errno a required dependency by @goatgoose in #3412
• [bindings] Bump s2n-tls-tokio version to 0.0.10 by @goatgoose in #3413
• ci: Temporarily pin AWS-LC to a commit before gcc 4.8 breaks by @goatgoose in #3414

New Contributors

• @SergeyRyabinin made their first contribution in #3395

Full Changelog: v1.3.17...v1.3.18

Release: v1.3.17

Weekly release for July 20 2022

What's Changed

• Add HRR compliance comments and tests for TLS RFC section 4.2.8 by @goatgoose in #3362
• build(rust-bindings): use the 2021 rust edition by @camshaft in #3386
• Add HRR compliance comments and tests for remaining TLS RFC sections by @goatgoose in #3363
• release(rust-bindings): 0.0.9 by @maddeleine in #3388
• Added OCSP and CT Sections to the Usage Guide by @maddeleine in #3382
• Fix how KeyUpdates trigger by @lrstewart in #3387
• Prevent modifying of shared cert chains through config API by @lrstewart in #3384
• Removing litani submodule from repository by @nwetzler in #3385
• ci: Remove Integration Tests from Omnibus by @goatgoose in #3391
• Remove CBMC proof typechecking warnings by @tautschnig in #3397
• fail generate.sh when cargo fails by @justsmth in #3398
• Don't wipe extensions after processing by @lrstewart in #3401

New Contributors

• @justsmth made their first contribution in #3398

Full Changelog: v1.3.16...v1.3.17

Release: v1.3.16

Weekly release for July 05 2022

What's Changed

• docs: Documentation clean up by @lundinc2 in #3329
• Expand random api tests by @torben-hansen in #3342
• [bindings] Rework connection builder trait by @lrstewart in #3335
• [bindings] Add connection pooling support by @lrstewart in #3336
• [bindings] Apply async blinding by @lrstewart in #3356
• Add compliance comments and tests for TLS RFC section 4.1.4 by @goatgoose in #3337
• [bindings] Fix clap dependency by @lrstewart in #3361
• Replace existing fork detection with the FGN implementation by @torben-hansen in #3355
• [bindings] Get rid of 'raw' module by @lrstewart in #3360
• Temporarily change OpenSSL 1.1.1 versions to fix CI. by @lundinc2 in #3368
• Import Microsoft's recent PQCrypto-SIDH SIKE patches into s2n by @alexw91 in #3366
• Update CBMC starter kit to v2.4 by @angelonakos in #3376
• Enable S2N_AES_SHA1/256_COMPOSITE when AWSLC_API_VERSION >= 18. by @bryce-shang in #3269
• Set server key share extension as a response extension by @goatgoose in #3358
• ci: Generate Duvet reports in CI by @goatgoose in #3372
• [bindings] Export policy macro by @lrstewart in #3375
• Add clone and initialisation unit tests by @torben-hansen in #3367
• [bindings] Parity with unofficial bindings by @lrstewart in #3374
• Update fips_default security policy by @lrstewart in #3378
• [bindings] Add 'poll_' to polling method names by @lrstewart in #3383

Full Changelog: v1.3.15...v1.3.16

Release: v1.3.15

Weekly release for June 06 2022

What's Changed

• doc fix: Update documentation for s2n_connection_get_cipher. by @lundinc2 in #3330
• Catch broken pipe exceptions on pipe flush. by @lundinc2 in #3321
• Refactor randomness API tests by @torben-hansen in #3328
• release(rust-bindings): 0.0.8 by @goatgoose in #3341
• [bindings] Handle async callback behavior by @lrstewart in #3325
• ci: CodeBuild spec updates to support criterion integv2 by @dougch in #3225
• fix: Accurately track wire_bytes_out by @lundinc2 in #3332
• Improve libcrypto checks by @torben-hansen in #3272
• ci:Add valgrind tests for awslc by @dougch in #3338
• free EVP_PKEY_CTX before returning from s2n_evp_sign/verify by @dougch in #3333
• docs: Make Doxygen prettier by @lundinc2 in #3343
• Fix interning build for cmake version 3.15+ by @torben-hansen in #3346
• fix: Add option to disable stacktrace feature by @goatgoose in #3345

Full Changelog: v1.3.14...v1.3.15