- Update to version 1.3.45
* fix: improve compatibility with old Linux versions (#4027)
* Disable retry client random validation outside of tests (#4023)
* Only call getenv for integ test marker in s2n_init (#4025)
* Publish minimal s2n_config APIs and add documentation (#3972)
* Fix s2n_error_get_type mistake in usage guide (#4022)
* nix: add an Openssl102 nix devShell (#4014)
* fix(api/unstable): make all api methods visible (#4015)
* test(bindings/s2n-tls-tokio): fix tokio bindings close test (#4007)
* fix: open files with the O_CLOEXEC flag (#3989)
* feat(s2n-tls): X509 asn1 refactor (#4011)
* Add the libcrypto random generation implementation (#4004)
* nix: Use nixpkgs gnutls instead (#4013)
* nix: add a LibreSSL nix devShell (#4010)
* style: simplfy api for test utility (#4008)
* fix(s2nd): parse psk given to s2nd non-destructively (#4006)
* nix devShell with openssl3 (#3993)
* Upgrade OpenSSL model for CBMC proofs (#3978)
* Quoting RFC-4492 to verify behavior when supported_groups extension is not sent (#3998)
* docs: add notes on s2nc and s2nd usage (#4003)
* bindings: Add option to disable loading system certs (#3985)
* Update FAQ + add s2n_negotiate example to Usage Guide (#3984)
* test: add more x509 OCSP tests (#3970)
* ci: enable ossl3 tls13 tests (#3992)
* chore: bindings release 0.0.31 (#3997)
* Print Wire Bytes In and Out for s2nc (#3986)
* ci: nix devShell simplification (#3964)
* utils: Add a stale box to the GH dashboard; use an action for pushing pages (#3947)
- from version 1.3.44
* test: fix session-ticket, non-blocking-io tests on 32 bit (#3969)
OBS-URL: https://build.opensuse.org/request/show/1091849
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=29
- Update to version 1.3.41
* fix: remove broken check in test (#3901)
- from version 1.3.40
* Rewrite of the PSK section in Usage Guide (#3864)
* test: cleanup after tests (#3831)
* ktls: feature probe test (#3869)
* Fixes some compiler warnings coming from tests (#3883)
* tokio-s2n-tls: Enable access to the IO instance from TcpStream (#3882)
* chore: bump rust bindings for 1.3.39 release (#3887)
* Migrate Kyber 512 to EVP KEM API (#3853)
* test: cleanup tests (#3832)
* test: Add missing packages to nix devShell (#3885)
* Document behavior of s2n_negotiate for a client with client auth (#3891)
* Switch OpenBSD CI job GH action to something more robust (#3877)
* Enable strict compile checks in unit test build (#3878)
* ci: enable valgrind pedantic check (#3886)
* Allow client hellos from raw bytes (#3871)
* Add new security policy (#3895)
- from version 1.3.39
* Removed codecov github status badge. (#3859)
* Add method to create Rust certs without private keys (#3860)
* Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (#3800)
* chore: bump rust bindings version; crates msrv to 1.63.0 (#3863)
* ci: Check for msrv match between rust-toolchain an crates; make them match. (#3866)
* fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns (#3870)
* tests: add checks for LTO+interning compatibility (#3839)
* Enforce that ENSURE and GUARD_OSSL use valid error codes (#3873)
- from version 1.3.38
* Add CMake targets for integration tests and switch CI to use them (#3776)
* ci: reduce the number of BSD artifacts (#3837)
OBS-URL: https://build.opensuse.org/request/show/1077188
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=27
- Update to version 1.3.37
* Make unstable fingerprint methods accessible (#3823)
* Clean up thread-local memory (#3771)
* bindings(rust): bump MSRV to 1.60.0 (#3833)
* Criterion delta (#3811)
* Add JA3 fingerprinting (#3817)
* Clarify that AWS-LC is also supported (#3821)
* Add unit test to check that the build's libcrypto
reflects the CI's intended libcrypto (#3774)
* Clarify SSLv2 ClientHellos (#3815)
* Bump rust bindings for 1.3.36 release (#3818)
* Add stuffer method for standard init process (#3814)
- from version 1.3.36
* ktls: rm kTLS request field on config (#3816)
* ktls: add ktls_supported field to s2n_cipher (#3806)
* Make test_install_shared_and_static easier to debug
* ktls: s2n_ktls_mode and building blocks (#3797)
* ci: Update OpenBSD's MEM_PER_CONNECTION, based on error message (#3791)
* s2n-tls nix flake (#3794)
* Updated rust bindings (#3802)
* Update omnibus fuzz image; remove fuzz job we're not running anymore in PR (#3796)
* Adds client hello section to usage guide (#3757)
* Integration test to check default signature algorithm behavior (#3719)
* Blob Initialization fix-Test_1 (#3790)
- from version 1.3.35
* fix: pass an empty string to host verify without usable identifiers (#3793)
* add code coverage support (#3759)
* ci: Enable CTEST_OUTPUT_ON_FAILURE on all targets (#3789)
* Enforce that clippy msrv matches rust-toolchain (#3787)
* Blob Initialization fix-Test (#3780)
OBS-URL: https://build.opensuse.org/request/show/1066354
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=26
- Update to version 1.3.31
* Clang format `tls/s2n_[a-h].*\.[ch]` and enforce in CI (#3681)
* tokio-s2n-tls: add poll_blinding and fix blinding on shutdown (#3700)
* Clang-format `crypto/` and enforce in CI (#3680)
* Clang-format `tls/s2n_[s-z].*\.[ch]` and enforce in CI (#3683)
* Clang-format `tests/unit/s2n_[t-z].*\.c` and enforce in CI (#3679)
* Clang format `tests/unit/s2n_[bc].*\.c` and enforce in CI (#3675)
* Clang-format `tests/unit/s2n_[d-k].*\.c` and enforce in CI (#3676)
* Add `CloudFront-TLS-1-2-2021-ChaCha20-Boosted` Security Policy w/ Docs Update (#3686)
* Fix FreeBSD minherit arg naming (#3694)
* Add config to read until error or supplied buffer is full (#3690)
* Clang-format `tls/s2n_[i-r].*\.[ch]` and enforce in CI (#3682)
- from version 1.3.30
* chore: bump rust bindings version (#3693)
* Clean up test trust store (#3692)
* Add support for AWS-LC PQ KEM (#3634)
* chore: introduce rust-toolchain and enforce MSRV (#3691)
* bindings (rust): handle propagating the async client_hello callback error (#3687)
* ci: Fix LibreSSL paths in CI (#3688)
* tests: delete integv1 code (#3685)
* bindings(rust): avoid unnecessarily zeroing the receive buffer in poll_read (#3662)
* Handle fragmented post-handshake messages (#3641)
* Add CodeQL workflow for GitHub code scanning (#3601)
* ci: pin ubuntu version to 20.04 for cppcheck (#3673)
* ci: Remove references to TEST=integration and related codebuild scripting (#3628)
* Make header deps explicit in preperation for clang-format (#3684)
* Clang-format of `tests/unit/s2n_[3a].*\.c` + transision to exclude regex (#3664)
* Add prioritize_chacha20 flag to cipher preferences (#3543)
* Fix default X509 store flags (#3671)
* Regenerate CRL pems (#3672)
OBS-URL: https://build.opensuse.org/request/show/1055811
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=24
- Update to version 1.3.27
* Npn cleanup (#3590)
* Ensure extended master secrets ext have no data (#3588)
* LibreSSL version 3.5 implements the OpenSSL 1.1 API (almost) (#3589)
* Update vmactions/freebsd github action (#3592)
* Fix free error when using jemalloc (#3585)
* Add rust binding for s2n_set_config_send_buffer_size (#3582)
* NPN integration tests (#3583)
* Adding null checks to tls/extensions and tls/s2n_perf (#3578)
* Adds API for NPN support (#3575)
* Add CRL lookup callback (#3546)
* Bump Doxygen version 1.9.3 -> 1.9.5 (#3581)
* Add apache renegotiation test server to CI (#3565)
* Adds TLS12 Encrypted Extensions Messages (#3545)
* Removing more failing saw (#3577)
* bump to 0.0.17 (#3574)
* More openssl renegotiate integ tests (#3570)
* Added compliance comment for renegotiate (#3572)
* Remove s2n-core from CODEOWNERS (#3571)
- from version 1.3.26
* Add IO debug info to integrationv2 framework (#3564)
* Fix check for non-portable optimizations (#3573)
* Handshake changes necessary to negotiate NPN (#3558)
* Add array init with capacity API (#3554)
* Basic renegotiation integ tests (#3563)
* Rust bindings version bump for 1.3.25 (#3567)
- from version 1.3.25
* Only enable non-portable optimizations safety
checks during GitHub CI builds (#3562)
* Release renegotiation feature as unstable (#3556)
OBS-URL: https://build.opensuse.org/request/show/1035322
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=23
- Update to version 1.3.13
* Enforce how the client hello is modified during retry (#3311)
* Use SHA1+MD5 for <TLS1.2 + FIPS (#3310)
* Don't generate a new client random on retries (#3312)
* Rewrite cookie extension (#3306)
* Fixed CBMC_ENSURE_REF calls where NULL return type expected (#3304)
* ci: Fix boringssl unit tests (#3309)
* Improve cmake logging (#3305)
* [bindings] Clean up async behavior (#3299)
* ci: Temporarily remove more test endpoints with expired certs (#3300)
* ci: add awslc interning to omnibus (#3295)
* fix(s2n-tls-sys): add cmake files to the include directive (#3297)
* release(rust-bindings): 0.0.6 (#3296)
* build(bindings): use cmake when building with pq feature (#3294)
* [bindings] Add basic send and recv (#3290)
* Interning not supported with FIPS enabled. (#3277)
* fix: FreeBSD will now fail loudly (#3284)
* [bindings] Hide ffi types + basic debug info (#3279)
OBS-URL: https://build.opensuse.org/request/show/977950
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=18
- Update to version 1.3.12
* Use pointer to variable type as required by cleanup attribute (#3289)
* bug: fix s2n_connection->cookie_stuffer initialization (#3282)
* Add test utility for fork tests (#3253)
* Add additional libcryptos to V2 integration tests (#3244)
* ci: GitHub actions for osx (#3280)
* Fix MacOS unit tests (#3278)
* build: use S2N_LIBCRYPTO to pick interning lib (#3276)
* [bindings] Add basic s2n-tls-tokio skeleton (#3261)
* exclude cast-qual in Cmake for aws-lcw (#3270)
* Disable strict-prototypes diagnostic flag in Clang (#3275)
* ci: check integv2 python for pep8 issues (#3271)
- from version 1.3.11
* auto format integv2 python (#3268)
* ci: don't update the ghpages dashboard outside of main repo (#3267)
* release(rust-bindings): 0.0.5 (#3256)
* Add basic rust ci jobs (#3265)
* Fix wrong assumption about osx/apple (#3264)
* ci: temporarily remove expired certs (#3266)
* fix: correctly export internal APIs (#3260)
* deps: Upgrade CBMC submodules (#3259)
* Fully separate key and secret state machines (#3238)
* test: OCSP integrationv2 test with GnuTLS (#3207)
* Port drbg.c functions to use S2N_RESULT (#3252)
* feat(rust-bindings): add support for linking an external build (#3254)
- from version 1.3.10
* build: fix libcrypto interning (#3204)
* Update install_awslc to install the correct FIPS branch of AWS-LC (#3255)
* ci: add make install (#3224)
* ci: Add a CRT codebuild job (#3245)
OBS-URL: https://build.opensuse.org/request/show/973664
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=17
- Update to version 1.3.7
* Crypto variable update missing from #3181 (#3189)
* SSLyze integrationv2 test (#3186)
* Added try_compile for features.h (#3197)
* bindings: update rust bindings (#3196)
* Centralize transcript hash copy logic (#3195)
* Enable PQ in FIPS mode with awslc (#3183)
* Revert "Flush stdout with initial BEGIN_TEST message (#3185)" (#3193)
- from version 1.3.6
* Store TLS1.3 transcript hash digests rather than full hash state (#3188)
* Remove in-source build target check hackery. (#3181)
- Refresh patches for new version
* s2n_fix-cmake-modules-path.patch
OBS-URL: https://build.opensuse.org/request/show/958261
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=16
- Update to version 1.3.5
* remove extra S2N_API (#3187)
* Use `llvm_points_to_bitfield` in SAW proofs (#3155)
* Add API s2n_client_hello_has_extension to check if extension exists (#3180)
* Flush stdout with initial BEGIN_TEST message (#3185)
* FreeBSD ci (#3184)
* Add some comments to build scripts (#3182)
* Document which macros should not be used for new code (#3179)
* remove unused function s2n_actual_getpid (#3172)
* Workaround AL2 nodejs package issue (#3174)
* Add API method to translate errors to alerts (#3171)
* Upgrade CBMC submodules (#3165)
* tests: add s2n_init/s2n_cleanup tests (#3164)
OBS-URL: https://build.opensuse.org/request/show/950402
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=15
- Update to version 1.3.3
* Fix s2n_connection_get_client_cert_chain for TLS1.3 (#3156)
* Fixing Flakiness in Cross-Compat Test (#3158)
* Enforce RSA-PSS saltlen requirements (#3157)
* Rearrange TLS1.2 and TLS1.3 secret storage (#3154)
* Use libcrypto signing methods in compliance with FIPS 140-3 (#3142)
* docs: update readme (#3153)
- from version 1.3.2
* Adds Cross-Compatibility Test (#3147)
* Makes s2n_stuffer_skip_whitespace verification friendly (#3143)
* ci: fix Kwstyle (#3136)
* only print on retries (#3151)
* integration: enforce timeout, allow for the process to
shutdown gracefully, run in non-blocking mode (#3148)
* Added Script to Compile Main for Cross-Compat Testing (#3139)
* Adds Options to Output and Input Session Ticket to s2nc (#3134)
* Upgrade CBMC submodules (#3135)
OBS-URL: https://build.opensuse.org/request/show/943783
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=13
- Update to version 1.3.1
* Nitpick usage guide links (#3133)
* FIPS Static Config is Only Created When Needed (#3129)
* Fix build on NetBSD. (#3131)
* Feature probe for EVP_md5_sha1() (#3128)
* Allow EVP hash implementation to use EVP_md5_sha1 if available (#3126)
* Allow synchronous private key operations (#3121)
- from version 1.3.0
* EMS Re-Release (#3122)
* If QUIC, only offer TLS1.3 (#3124)
- from version 1.2.1
* tests: fix s2n_enable_tls13 deprecation warnings (#3120)
* Fix FindLibCrypto for list-typed CMAKE_PREFIX_PATH (#3067)
* Add AWS-LC FIPS integration target (#3084)
* Detect nested s2n_negotiate calls (#3119)
* build: add the option to enable LTO (#3117)
* Prevent Uninitialized Memory Access in case of FIPS Mode Disabled (#3016)
* Fixed EMS to work with Session Caching (#3102)
* Rename internal HMAC implementations in s2n_prf to
clarify which implementation is used (#3103)
* Finish memcpy->memmove migration (#3110)
- from version 1.2.0
* Revert "EMS Release (#3053)" (#3113)
* Reapply "Update QUIC parameters IANA (#3029)" (#3106)
* Add a flag to s2nc to enable FIPS mode in the underlying libcrypto.
Update integration tests to use the new flag when needed (#3101)
* Added Backwards-Incompatible Ticket Version (#3099)
* Don't allow QUIC to be enabled if TLS1.3 not possible (#3088)
* ci: remove spaces from benchmark name (#3097)
* Lets make S2N play nicely with the rest of the world shall we? Added … (#2669)
OBS-URL: https://build.opensuse.org/request/show/937731
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=12
- Update to version 1.0.16
* Updated PSS support definition to account for new BoringSSL version (#2297)
* Add quic_transport_parameters extension (#2288)
* added unit test for sort order of s2n_all_cipher_suites in IANA order (#2192)
* Add initial QUIC setup (#2283)
* Fix macro usage, indexing and magic numbers (#2271)
- from version 1.0.15
* Add client-side support for PQ HRR (#2260)
* Add AWS-LC pre-processor directive similar to BoringSSL (#2273)
* Fix awslc codebuild hang (#2282)
* Fixed processing issue with status request extension (#2229)
* Update s2n to compile on FreeBSD (#2272)
* Add aws-lc code build. (#2275)
* Don't enable OCSP stapling if not available (#2253)
* Improves performance and coverage of s2n_stuffer_* proofs (#2230)
* Codebuild batch and Omnibus job (#2245)
* Disable sending of PQ group IDs for FIPS or TLS1.2 (#2267)
* Use NIST P-256 for key generation when client do not specify curve (#2265)
* Fix TLS 1.3 server side OCSP metrics (#2241)
* Add client/server share size fields to s2n_kem_group (#2269)
* alloc and sub overflow proofs (#2255)
* Add ECDSA ciphers for viewer side support (#2219)
* Adds proof harnesses for s2n_array_free* functions (#2244)
* Checking data size instead of data pointers in
s2n_stream_cipher_null_endecrypt (#2263)
- from version 1.0.14
* Update CloudFront security policies (#2238)
* Adds proof harnesses for s2n_array_* functions (#2246)
* Implements client-side sending of PQ key shares for 1.3 (#2215)
* Change fuzz coverage below minimum to an error (#2259)
OBS-URL: https://build.opensuse.org/request/show/911576
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=9
- Update to version 1.0.12
* Update Max Connection memory usage to support Round 3 KEM Groups (#2933)
* Check for -1 return code from OCSP_basic_verify() (#2931)
* Add Round 3 PQ TLS Policies (#2842)
* Add public function for wiping the trust store (#2927)
* fix memcpy bug in client hello - copy address of pointer (#2917)
* Stops TLS13 From Erroring if Session Ticket Write Fails (#2928)
* Fixing wrong file path in makefile for BIKE R3 (#2925)
* Check Cipher Suite is ECC Before Returning Curve (#2908)
* Add unit test to monitor s2n_connection size changes (#2913)
* bindings: export include dir in rust build (#2918)
- from version 1.0.11
* Add a stale bot configuration (#2897)
* bindings: add rust bindings (#2754)
* Suggestion: Prevent randomness callbacks being set to NULL (#2916)
* Reduce memory allocated for conn->out (#2904)
* document sigpipe handling (#2909)
* place -Werror behind a flag which is ON by default (#2903)
* resolve -Wstrict-prototypes compiler warning (#2906)
* OpenSSL rand-engine requires engine support (#2885)
* Fix TLS1.3 dynamic record min calculation (#2900)
* Make client respect max frag len extension result (#2898)
* Initial proofs for s2n_socket functions (#2896)
* Do not calculate transcript on failed connection (#2886)
* Add gcov and lcov targets for pq (#2895)
* Adds close markers to flaky test (#2863)
* Fix some OCSP-related cert behavior (#2894)
* Adding Usage Guide for Pre-Shared Keys (#2890)
* Remove sikep434r2 code (#2864)
* Adds Error Checking Around Fragment Length (#2888)
OBS-URL: https://build.opensuse.org/request/show/904581
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=8
- Update to version 1.0.10
* Release TLS1.3 Pre-Shared Key (PSK) (#2889)
* Release early data / 0RTT (#2882)
* Release TLS1.3 Session Resumption (#2877)
* Limit session resumption PSKs processed (#2879)
* Client should not accept invalid TLS1.3 ticket_lifetime (#2878)
* Updates CI buildspec to include PSK integration tests (#2875)
* Adds External PSK Integration Tests (#2821)
* Make TLS1.3 ticket processing less strict to handle future changes (#2876)
* Add handshake type message for integration tests (#2873)
* Fixes s2n_get_session_length in TLS1.3 (#2858)
* Update Codebuild batch spec with early data integration test (#2872)
* Duplicate Certificate Error Message (#2870)
* Early data integration tests (#2857)
* Various small integration framework fixes (#2868)
* Bring __ANDROID__ and ANDROID back for tm_gmtoff (#2869)
* More fixes for BIKE R3 optimized builds (#2867)
* Supports in-source build with AWS-LC. (#2714)
* Larger chunk size based on worker count (#2865)
* BIKE R3 fix for gcc-4.8.2 (#2866)
* Fix BIKE_R3 build issue (#2860)
* Error blinding updates / fixes (#2852)
* BIKE Round-3 runtime code path selection based on CPU capabilities (#2793)
* Removes tolower stub from CBMC proofs (#2853)
* Stop rejected 0RTT data from triggering error blinding (#2849)
- from version 1.0.9
* Add new s2n_cert_chain_and_key load api that takes non-null-terminated
data and length (#2753)
* Adds TLS1.3 Session Resumption Integration Tests (#2814)
* Integrate sikep434r3 x86_64 assembly (#2820)
OBS-URL: https://build.opensuse.org/request/show/899455
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=7
- Update to version 1.0.5
* utils: remove deprecated safety macros (#2747)
* Fix loop counter overflow due to inconsistent type (#2739)
* Upgrades CBMC templates for proof harnesses (#2744)
* Import Bike Round 3 Implementation into s2n (#2726)
* Cleanup TLS1.3 fixed ticket sizes (#2729)
* Export symbols when building dynamically (#2730)
* Check for validity in s2n_stuffer_wipe*operations (#2732)
* Skip coverage upload (#2734)
* Don't send the client_session_ticket extension when using TLS1.3 tickets (#2725)
* Added server deserialize method (#2709)
* Make early data callback async (#2717)
* Include early data config in session tickets (#2720)
* quic: add S2N_API to secret callback api (#2728)
* Consolidate handshake pause logic (#2716)
* Pinned bash script to previous commit (#2723)
* Add early data callback (#2715)
* Set early data context for new session tickets (#2718)
* Adding prefix s2n_cert for s2n certificate APIs (#2713)
* Safeguard linker flags on Apple (#2710)
* Add APIs to send and receive early data (#2682)
* Adds helper function to obtain the OID value from the X509v3 extensions (#2702)
* Created GDB flag to remove optimizations (#2711)
- from version 1.0.4
* Add flags for non exec stack and read only GOT. (#2707)
* Fix for failing resume test (#2706)
* Add context to PSK selection callback (#2704)
* Calculated obfuscated ticket age (#2697)
* Don't allow non-post handshake messages to be received post handshake (#2703)
- from version 1.0.3
OBS-URL: https://build.opensuse.org/request/show/888423
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=5
