* chore: bindings release 0.3.24 by @johubertj in (#5455)
* chore: apply clippy fixes by @johubertj in (#5459)
* Add fixed version of the rfc9151 policy by @Mark-Simulacrum in (#5277)
* test(integration): add record padding test by @jmayclin in (#5451)
* refactor(stuffer): Rename s2n_stuffer_has_pem_encapsulated_block
by @alice-aws in (#5465)
* ci: don't include tls/extensions in SAW build by @lrstewart in (#5466)
* ci: fix wikipedia network test + better error message by @lrstewart in (#5470)
* refactor: setup replacement default policies by @lrstewart in (#5464)
* Add TLSv1.3 (classical + PQ) policies for CloudFront Upstream
by @WillChilds-Klein in (#5460)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=93
* refactor(bench): unify IO methods (#5434)
* test(bench): add api for mutual auth handshake (#5437)
* chore: bindings release 0.3.23 (#5439)
* ci: document how to manually run the codebuild jobs (#5441)
* chore: add Awslc fips next to CI (#5349)
* feat: add integration test for secp384r1_mlkem_1024 (#5438)
* fix(typo): fix a typo in codebuild.yml (#5445)
* build(deps): update criterion requirement from 0.6 to 0.7 in
/bindings/rust/standard (#5442)
* chore(ci): tell crt to not check submodule version (#5450)
* Add AWS-CRT-SDK-TLSv1.0-2025-PQ (#5403)
* chore(ci): once a week, clean the nix store for the kTLS job. (#5430)
* refactor(tls-harness): separate benchmark abstractions (#5444)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=91
* Remove unused negotiate_kem function causing build failure (#5316)
* chore: Bump nixpkgs version to 24.11 (#5294)
* tests: policy snapshot test (#5309)
* fix(benches): use session ticket for resumption (#5305)
* feature: release ML-DSA support (#5307)
* feature: support for ML-DSA handshake signatures (#5303)
* tests: turn verbose mode off by default in integ tests (#5286)
* Revert "build: add pull requests limit for dependabot" (#5302)
* chore: Update Apache test certificates from RSA1024 to RSA2048 (#5285)
* feature: add crypto support for mldsa signing (#5272)
* refactor: remove conn->client_hello_version (#5278)
* build(deps): unpin test-log because of MSRV updates (#5300)
* build: add pull requests limit for dependabot (#5299)
* chore: bindings release 0.3.19 (#5298)
* build(deps): update strum requirement from 0.25 to 0.27
in /bindings/rust/standard (#5292)
* build(deps): update test-log-macros requirement from =0.2.14
to =0.2.17 in /bindings/rust/standard (#5290)
* feat: Add `as_ptr()` API for Config (#5274)
* tests: reduce integ test flakiness + improve debugability (#5282)
* build(deps): update env_logger requirement from 0.10 to 0.11
in /bindings/rust/standard (#5296)
* build(deps): bump aws-actions/configure-aws-credentials from 4.1.0
to 4.2.0 in /.github/workflows in the all-gha-updates group (#5297)
* tests: fix flaky test_serialization (#5288)
* chore: bump standard MSRV to 1.82.0 (#5295)
* chore: Add comments to track dependency requirements (#5287)
* tests: improve coverage for s2n_stream_cipher_null (#5268)
* build(deps): bump astral-sh/setup-uv from 5 to 6 in /.github/workflows
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=81
* feature: openssl-3.0-fips support (#5191)
* ci: defend against unset version number in awslc installer (#5195)
* fix: openssl-3.0-fips should use libcrypto HKDF (#5183)
* fix: remove unnecessary RC4 restriction (#5170)
* fix: openssl-3.0-fips should use separate private rand (#5184)
* ci: move openssl3fips build to existing asan build (#5181)
* chore: include Need By Date section in github issue template (#5187)
* ci: cleanup awslc-fips versioning (#5156)
* chore: bump linting action Ubuntu version (#5186)
* build(deps): update aws-lc-rs version to remove paste deps (#5192)
* test: fix self-talk pkey offload test for openssl-3.0-fips (#5175)
* test: reduce parameter selection (#5161)
* chore: add inline noqa suppression (#5159)
* ci: make start_codebuild.sh work for forks (#5178)
* test(integv2): add partial support for OpenSSL 3.0 provider (#5131)
* (docs): Improve PQ docs (#5173)
* ci: use ruff --diff instead of --check (#5177)
* chore: pin once_cell version to unblock the CI (#5174)
* fix(ruff): resolve linting errors detected by Ruff (#5140)
* fix: mark chachapoly as unavailable with openssl-3.0-fips (#5168)
* tests: fix flaky ja4 test (#5169)
* chore: update git blame ignore commit ID (#5164)
* style: fix redundant return (#5150)
* build(deps): bump nixbuild/nix-quick-install-action from 29 to 30
in /.github/workflows in the all-gha-updates group (#5153)
* refactor: add libcrypto PRF impl for openssl-3.0-fips (#5158)
* chore: binding release 0.3.13 (#5167)
* chore(ci): pin symbolic-common (#5166)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=73
* tests: try to make s2n_mem_usage_test more useful (#5139)
* chore: git-blame-ignore ruff formatting (#5151)
* chore(bindings): change in rustup behavior (#5160)
* refactor: remove unused prf hmac impls (#5148)
* chore(ci): make the awslc fips install script version aware (#5100)
* fix: memory leak during STEK rotation (#5146)
* refactor: add alternative EVP signing method (#5141)
* refactor: cleanup prf header (#5144)
* feat(bindings): expose context on cert chain (#5132)
* Ruff Formatting and add to CI (#5138)
* chore(nix): Add aws-lc-fips 2022/4 (#5109)
* test(integv2): fixes to allow test_record_padding to partially run (#5099)
* build(deps): update rtshark requirement from 2.9.0 to 3.1.0 in /tests/pcap
in the all-cargo-updates group across 1 directory (#5087)
* tests: use sig schemes as source of truth for valid hash+sig algs (#5129)
- from version 1.5.13
* ci: always set values for command line defines (#5126)
* fix: update callback return value (#5136)
* refactor: always use EVP hashing (#5121)
* ci: add check for third-party-src in disable rand override buildspec (#5137)
* feat: add async cert validation support (#5110)
* chore: remove unused well-known-endpoints.py (#5127)
* fix(bindings): remove mutation behind Arc (#5124)
* chore: binding release 0.3.12 (#5128)
* refactor: use EVP_MD_fetch() if available (#5116)
* feat: Option to disable RAND engine override (#5108)
* fix(bindings): make Context borrow immutable (#5071)
* build(deps): update rand requirement (#5125)
* chore: fix a typo in API comments (#5123)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=71
* refactor(bench): remove historical benchmarks (#4940)
* fix: pem parsing detection of last cert errors (#4908)
* docs: specify s2n_blob growable conditions (#4943)
* chore(bindings): move tokio examples to dedicated folder (#4954)
* chore: fix GHA for merge-queue (#4973)
* chore(binding): release 0.3.8 (#4969)
* (chore): Installs Nix in AL2023 Buildspec (#4934)
* build(deps): bump the all-gha-updates group in /.github/workflows with 5 updates (#4961)
* feat(s2n-tls-hyper): Add support for negotiating HTTP/2 (#4924)
* tests: allow TLS1.2 with RSA-PSS certs in integ tests (#4949)
* ci: update CRT test ubuntu version to ubuntu24 (#4964)
* feat(bindings): enable application owned certs (#4937)
* ci: batch dependabot updates (#4959)
* ci(refactor): deprecate Omnibus (#4953)
* build(deps): bump actions/cache from 2.1.4 to 4.1.2 in /.github/workflows (#4928)
* build(deps): bump peaceiris/actions-gh-pages from 3 to 4 in /.github/workflows (#4921)
* build(deps): bump cross-platform-actions/action from 0.23.0 to 0.26.0 in /.github/workflows (#4951)
* build(deps): bump github/codeql-action from 2 to 3 in /.github/workflows (#4917)
* ci: add change directory to third-party-src logic (#4950)
* feat: TLS1.2 support for RSA-PSS certificates (#4927)
* feat: feature probe S2N_LIBCRYPTO_SUPPORTS_ENGINE (#4878)
* test(bindings): run unit tests under asan (#4948)
* ci(refactor): remove ASAN from Omnibus and GeneralBatch (#4946)
* ci(refactor): remove fuzz tests from Omnibus (#4945)
* refactor: add a s2n_libcrypto_is_openssl() helper function (#4930)
* fix(s2n-tls-hyper): Add proper IPv6 address formatting (#4938)
* ci: add openssl-1.0.2-fips to fuzz test (#4942)
* ci(refactor): remove Valgrind checks from omnibus and generalBatch (#4913)
* fix(bindings): address clippy issues from 1.83 (#4941)
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=67
- Update to version 1.4.9
* New TLS1.2-only variant of 20230317 policy (#4483)
* ci: add asan runs under gcc (#4402)
* fix: Adds non_exhaustive flag to FingerprintType
* fix: refactor rust bindings fingerprint methods (#4474)
* example(bindings): client hello cb example (#4385)
* feat: getter for TLS1.2 master secrets (#4470)
* bindings: ensure CFLAGS includes come after build script includes (#4475)
* bindings: mark Connection as Sync (#4467)
* Make S2N_CERT_AUTH_OPTIONAL the default for clients (#4390)
* fix(test): narrow valgrind suppressions (#4369)
* fix: pedantic memory leak in handshake test (#4463)
* chore(bindings): release 0.1.7 (#4462)
OBS-URL: https://build.opensuse.org/request/show/1164579
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=43
- Update to version 1.4.4
* allows cmake to force crypto linkage (#4383)
* refactor: consolidate record wiping (#4412)
* build: make CMake test flags more consistent with make (#4392)
* style(bindings): address new clippy lint (#4411)
* refactor: generalize cert sig preference handling (#4379)
* feat: More client hello getters (#4380)
* fix: only initialize default tls 1.3 config in tests (#4302)
* Check fd status before using urandom (#4352)
* utils: add map iteration iterator (#4377)
* chore(bindings): release (#4388)
* chore(bindings): bump aws-lc-sys (#4393)
* s2n-tls-tokio: use s2n_shutdown_send instead of s2n_shutdown (#4374)
* enforce result checking for blob and mem (#4389)
OBS-URL: https://build.opensuse.org/request/show/1148699
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=39
- Update to version 1.3.45
* fix: improve compatibility with old Linux versions (#4027)
* Disable retry client random validation outside of tests (#4023)
* Only call getenv for integ test marker in s2n_init (#4025)
* Publish minimal s2n_config APIs and add documentation (#3972)
* Fix s2n_error_get_type mistake in usage guide (#4022)
* nix: add an Openssl102 nix devShell (#4014)
* fix(api/unstable): make all api methods visible (#4015)
* test(bindings/s2n-tls-tokio): fix tokio bindings close test (#4007)
* fix: open files with the O_CLOEXEC flag (#3989)
* feat(s2n-tls): X509 asn1 refactor (#4011)
* Add the libcrypto random generation implementation (#4004)
* nix: Use nixpkgs gnutls instead (#4013)
* nix: add a LibreSSL nix devShell (#4010)
* style: simplfy api for test utility (#4008)
* fix(s2nd): parse psk given to s2nd non-destructively (#4006)
* nix devShell with openssl3 (#3993)
* Upgrade OpenSSL model for CBMC proofs (#3978)
* Quoting RFC-4492 to verify behavior when supported_groups extension is not sent (#3998)
* docs: add notes on s2nc and s2nd usage (#4003)
* bindings: Add option to disable loading system certs (#3985)
* Update FAQ + add s2n_negotiate example to Usage Guide (#3984)
* test: add more x509 OCSP tests (#3970)
* ci: enable ossl3 tls13 tests (#3992)
* chore: bindings release 0.0.31 (#3997)
* Print Wire Bytes In and Out for s2nc (#3986)
* ci: nix devShell simplification (#3964)
* utils: Add a stale box to the GH dashboard; use an action for pushing pages (#3947)
- from version 1.3.44
* test: fix session-ticket, non-blocking-io tests on 32 bit (#3969)
OBS-URL: https://build.opensuse.org/request/show/1091849
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=29
- Update to version 1.3.41
* fix: remove broken check in test (#3901)
- from version 1.3.40
* Rewrite of the PSK section in Usage Guide (#3864)
* test: cleanup after tests (#3831)
* ktls: feature probe test (#3869)
* Fixes some compiler warnings coming from tests (#3883)
* tokio-s2n-tls: Enable access to the IO instance from TcpStream (#3882)
* chore: bump rust bindings for 1.3.39 release (#3887)
* Migrate Kyber 512 to EVP KEM API (#3853)
* test: cleanup tests (#3832)
* test: Add missing packages to nix devShell (#3885)
* Document behavior of s2n_negotiate for a client with client auth (#3891)
* Switch OpenBSD CI job GH action to something more robust (#3877)
* Enable strict compile checks in unit test build (#3878)
* ci: enable valgrind pedantic check (#3886)
* Allow client hellos from raw bytes (#3871)
* Add new security policy (#3895)
- from version 1.3.39
* Removed codecov github status badge. (#3859)
* Add method to create Rust certs without private keys (#3860)
* Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (#3800)
* chore: bump rust bindings version; crates msrv to 1.63.0 (#3863)
* ci: Check for msrv match between rust-toolchain an crates; make them match. (#3866)
* fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns (#3870)
* tests: add checks for LTO+interning compatibility (#3839)
* Enforce that ENSURE and GUARD_OSSL use valid error codes (#3873)
- from version 1.3.38
* Add CMake targets for integration tests and switch CI to use them (#3776)
* ci: reduce the number of BSD artifacts (#3837)
OBS-URL: https://build.opensuse.org/request/show/1077188
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=27
- Update to version 1.3.37
* Make unstable fingerprint methods accessible (#3823)
* Clean up thread-local memory (#3771)
* bindings(rust): bump MSRV to 1.60.0 (#3833)
* Criterion delta (#3811)
* Add JA3 fingerprinting (#3817)
* Clarify that AWS-LC is also supported (#3821)
* Add unit test to check that the build's libcrypto
reflects the CI's intended libcrypto (#3774)
* Clarify SSLv2 ClientHellos (#3815)
* Bump rust bindings for 1.3.36 release (#3818)
* Add stuffer method for standard init process (#3814)
- from version 1.3.36
* ktls: rm kTLS request field on config (#3816)
* ktls: add ktls_supported field to s2n_cipher (#3806)
* Make test_install_shared_and_static easier to debug
* ktls: s2n_ktls_mode and building blocks (#3797)
* ci: Update OpenBSD's MEM_PER_CONNECTION, based on error message (#3791)
* s2n-tls nix flake (#3794)
* Updated rust bindings (#3802)
* Update omnibus fuzz image; remove fuzz job we're not running anymore in PR (#3796)
* Adds client hello section to usage guide (#3757)
* Integration test to check default signature algorithm behavior (#3719)
* Blob Initialization fix-Test_1 (#3790)
- from version 1.3.35
* fix: pass an empty string to host verify without usable identifiers (#3793)
* add code coverage support (#3759)
* ci: Enable CTEST_OUTPUT_ON_FAILURE on all targets (#3789)
* Enforce that clippy msrv matches rust-toolchain (#3787)
* Blob Initialization fix-Test (#3780)
OBS-URL: https://build.opensuse.org/request/show/1066354
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=26
- Update to version 1.3.31
* Clang format `tls/s2n_[a-h].*\.[ch]` and enforce in CI (#3681)
* tokio-s2n-tls: add poll_blinding and fix blinding on shutdown (#3700)
* Clang-format `crypto/` and enforce in CI (#3680)
* Clang-format `tls/s2n_[s-z].*\.[ch]` and enforce in CI (#3683)
* Clang-format `tests/unit/s2n_[t-z].*\.c` and enforce in CI (#3679)
* Clang format `tests/unit/s2n_[bc].*\.c` and enforce in CI (#3675)
* Clang-format `tests/unit/s2n_[d-k].*\.c` and enforce in CI (#3676)
* Add `CloudFront-TLS-1-2-2021-ChaCha20-Boosted` Security Policy w/ Docs Update (#3686)
* Fix FreeBSD minherit arg naming (#3694)
* Add config to read until error or supplied buffer is full (#3690)
* Clang-format `tls/s2n_[i-r].*\.[ch]` and enforce in CI (#3682)
- from version 1.3.30
* chore: bump rust bindings version (#3693)
* Clean up test trust store (#3692)
* Add support for AWS-LC PQ KEM (#3634)
* chore: introduce rust-toolchain and enforce MSRV (#3691)
* bindings (rust): handle propagating the async client_hello callback error (#3687)
* ci: Fix LibreSSL paths in CI (#3688)
* tests: delete integv1 code (#3685)
* bindings(rust): avoid unnecessarily zeroing the receive buffer in poll_read (#3662)
* Handle fragmented post-handshake messages (#3641)
* Add CodeQL workflow for GitHub code scanning (#3601)
* ci: pin ubuntu version to 20.04 for cppcheck (#3673)
* ci: Remove references to TEST=integration and related codebuild scripting (#3628)
* Make header deps explicit in preperation for clang-format (#3684)
* Clang-format of `tests/unit/s2n_[3a].*\.c` + transision to exclude regex (#3664)
* Add prioritize_chacha20 flag to cipher preferences (#3543)
* Fix default X509 store flags (#3671)
* Regenerate CRL pems (#3672)
OBS-URL: https://build.opensuse.org/request/show/1055811
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=24
- Update to version 1.3.27
* Npn cleanup (#3590)
* Ensure extended master secrets ext have no data (#3588)
* LibreSSL version 3.5 implements the OpenSSL 1.1 API (almost) (#3589)
* Update vmactions/freebsd github action (#3592)
* Fix free error when using jemalloc (#3585)
* Add rust binding for s2n_set_config_send_buffer_size (#3582)
* NPN integration tests (#3583)
* Adding null checks to tls/extensions and tls/s2n_perf (#3578)
* Adds API for NPN support (#3575)
* Add CRL lookup callback (#3546)
* Bump Doxygen version 1.9.3 -> 1.9.5 (#3581)
* Add apache renegotiation test server to CI (#3565)
* Adds TLS12 Encrypted Extensions Messages (#3545)
* Removing more failing saw (#3577)
* bump to 0.0.17 (#3574)
* More openssl renegotiate integ tests (#3570)
* Added compliance comment for renegotiate (#3572)
* Remove s2n-core from CODEOWNERS (#3571)
- from version 1.3.26
* Add IO debug info to integrationv2 framework (#3564)
* Fix check for non-portable optimizations (#3573)
* Handshake changes necessary to negotiate NPN (#3558)
* Add array init with capacity API (#3554)
* Basic renegotiation integ tests (#3563)
* Rust bindings version bump for 1.3.25 (#3567)
- from version 1.3.25
* Only enable non-portable optimizations safety
checks during GitHub CI builds (#3562)
* Release renegotiation feature as unstable (#3556)
OBS-URL: https://build.opensuse.org/request/show/1035322
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=23
- Update to version 1.3.13
* Enforce how the client hello is modified during retry (#3311)
* Use SHA1+MD5 for <TLS1.2 + FIPS (#3310)
* Don't generate a new client random on retries (#3312)
* Rewrite cookie extension (#3306)
* Fixed CBMC_ENSURE_REF calls where NULL return type expected (#3304)
* ci: Fix boringssl unit tests (#3309)
* Improve cmake logging (#3305)
* [bindings] Clean up async behavior (#3299)
* ci: Temporarily remove more test endpoints with expired certs (#3300)
* ci: add awslc interning to omnibus (#3295)
* fix(s2n-tls-sys): add cmake files to the include directive (#3297)
* release(rust-bindings): 0.0.6 (#3296)
* build(bindings): use cmake when building with pq feature (#3294)
* [bindings] Add basic send and recv (#3290)
* Interning not supported with FIPS enabled. (#3277)
* fix: FreeBSD will now fail loudly (#3284)
* [bindings] Hide ffi types + basic debug info (#3279)
OBS-URL: https://build.opensuse.org/request/show/977950
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=18
- Update to version 1.3.12
* Use pointer to variable type as required by cleanup attribute (#3289)
* bug: fix s2n_connection->cookie_stuffer initialization (#3282)
* Add test utility for fork tests (#3253)
* Add additional libcryptos to V2 integration tests (#3244)
* ci: GitHub actions for osx (#3280)
* Fix MacOS unit tests (#3278)
* build: use S2N_LIBCRYPTO to pick interning lib (#3276)
* [bindings] Add basic s2n-tls-tokio skeleton (#3261)
* exclude cast-qual in Cmake for aws-lcw (#3270)
* Disable strict-prototypes diagnostic flag in Clang (#3275)
* ci: check integv2 python for pep8 issues (#3271)
- from version 1.3.11
* auto format integv2 python (#3268)
* ci: don't update the ghpages dashboard outside of main repo (#3267)
* release(rust-bindings): 0.0.5 (#3256)
* Add basic rust ci jobs (#3265)
* Fix wrong assumption about osx/apple (#3264)
* ci: temporarily remove expired certs (#3266)
* fix: correctly export internal APIs (#3260)
* deps: Upgrade CBMC submodules (#3259)
* Fully separate key and secret state machines (#3238)
* test: OCSP integrationv2 test with GnuTLS (#3207)
* Port drbg.c functions to use S2N_RESULT (#3252)
* feat(rust-bindings): add support for linking an external build (#3254)
- from version 1.3.10
* build: fix libcrypto interning (#3204)
* Update install_awslc to install the correct FIPS branch of AWS-LC (#3255)
* ci: add make install (#3224)
* ci: Add a CRT codebuild job (#3245)
OBS-URL: https://build.opensuse.org/request/show/973664
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=17
- Update to version 1.3.7
* Crypto variable update missing from #3181 (#3189)
* SSLyze integrationv2 test (#3186)
* Added try_compile for features.h (#3197)
* bindings: update rust bindings (#3196)
* Centralize transcript hash copy logic (#3195)
* Enable PQ in FIPS mode with awslc (#3183)
* Revert "Flush stdout with initial BEGIN_TEST message (#3185)" (#3193)
- from version 1.3.6
* Store TLS1.3 transcript hash digests rather than full hash state (#3188)
* Remove in-source build target check hackery. (#3181)
- Refresh patches for new version
* s2n_fix-cmake-modules-path.patch
OBS-URL: https://build.opensuse.org/request/show/958261
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=16
- Update to version 1.3.5
* remove extra S2N_API (#3187)
* Use `llvm_points_to_bitfield` in SAW proofs (#3155)
* Add API s2n_client_hello_has_extension to check if extension exists (#3180)
* Flush stdout with initial BEGIN_TEST message (#3185)
* FreeBSD ci (#3184)
* Add some comments to build scripts (#3182)
* Document which macros should not be used for new code (#3179)
* remove unused function s2n_actual_getpid (#3172)
* Workaround AL2 nodejs package issue (#3174)
* Add API method to translate errors to alerts (#3171)
* Upgrade CBMC submodules (#3165)
* tests: add s2n_init/s2n_cleanup tests (#3164)
OBS-URL: https://build.opensuse.org/request/show/950402
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=15
- Update to version 1.3.3
* Fix s2n_connection_get_client_cert_chain for TLS1.3 (#3156)
* Fixing Flakiness in Cross-Compat Test (#3158)
* Enforce RSA-PSS saltlen requirements (#3157)
* Rearrange TLS1.2 and TLS1.3 secret storage (#3154)
* Use libcrypto signing methods in compliance with FIPS 140-3 (#3142)
* docs: update readme (#3153)
- from version 1.3.2
* Adds Cross-Compatibility Test (#3147)
* Makes s2n_stuffer_skip_whitespace verification friendly (#3143)
* ci: fix Kwstyle (#3136)
* only print on retries (#3151)
* integration: enforce timeout, allow for the process to
shutdown gracefully, run in non-blocking mode (#3148)
* Added Script to Compile Main for Cross-Compat Testing (#3139)
* Adds Options to Output and Input Session Ticket to s2nc (#3134)
* Upgrade CBMC submodules (#3135)
OBS-URL: https://build.opensuse.org/request/show/943783
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=13
- Update to version 1.3.1
* Nitpick usage guide links (#3133)
* FIPS Static Config is Only Created When Needed (#3129)
* Fix build on NetBSD. (#3131)
* Feature probe for EVP_md5_sha1() (#3128)
* Allow EVP hash implementation to use EVP_md5_sha1 if available (#3126)
* Allow synchronous private key operations (#3121)
- from version 1.3.0
* EMS Re-Release (#3122)
* If QUIC, only offer TLS1.3 (#3124)
- from version 1.2.1
* tests: fix s2n_enable_tls13 deprecation warnings (#3120)
* Fix FindLibCrypto for list-typed CMAKE_PREFIX_PATH (#3067)
* Add AWS-LC FIPS integration target (#3084)
* Detect nested s2n_negotiate calls (#3119)
* build: add the option to enable LTO (#3117)
* Prevent Uninitialized Memory Access in case of FIPS Mode Disabled (#3016)
* Fixed EMS to work with Session Caching (#3102)
* Rename internal HMAC implementations in s2n_prf to
clarify which implementation is used (#3103)
* Finish memcpy->memmove migration (#3110)
- from version 1.2.0
* Revert "EMS Release (#3053)" (#3113)
* Reapply "Update QUIC parameters IANA (#3029)" (#3106)
* Add a flag to s2nc to enable FIPS mode in the underlying libcrypto.
Update integration tests to use the new flag when needed (#3101)
* Added Backwards-Incompatible Ticket Version (#3099)
* Don't allow QUIC to be enabled if TLS1.3 not possible (#3088)
* ci: remove spaces from benchmark name (#3097)
* Lets make S2N play nicely with the rest of the world shall we? Added … (#2669)
OBS-URL: https://build.opensuse.org/request/show/937731
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=12
- Update to version 1.0.16
* Updated PSS support definition to account for new BoringSSL version (#2297)
* Add quic_transport_parameters extension (#2288)
* added unit test for sort order of s2n_all_cipher_suites in IANA order (#2192)
* Add initial QUIC setup (#2283)
* Fix macro usage, indexing and magic numbers (#2271)
- from version 1.0.15
* Add client-side support for PQ HRR (#2260)
* Add AWS-LC pre-processor directive similar to BoringSSL (#2273)
* Fix awslc codebuild hang (#2282)
* Fixed processing issue with status request extension (#2229)
* Update s2n to compile on FreeBSD (#2272)
* Add aws-lc code build. (#2275)
* Don't enable OCSP stapling if not available (#2253)
* Improves performance and coverage of s2n_stuffer_* proofs (#2230)
* Codebuild batch and Omnibus job (#2245)
* Disable sending of PQ group IDs for FIPS or TLS1.2 (#2267)
* Use NIST P-256 for key generation when client do not specify curve (#2265)
* Fix TLS 1.3 server side OCSP metrics (#2241)
* Add client/server share size fields to s2n_kem_group (#2269)
* alloc and sub overflow proofs (#2255)
* Add ECDSA ciphers for viewer side support (#2219)
* Adds proof harnesses for s2n_array_free* functions (#2244)
* Checking data size instead of data pointers in
s2n_stream_cipher_null_endecrypt (#2263)
- from version 1.0.14
* Update CloudFront security policies (#2238)
* Adds proof harnesses for s2n_array_* functions (#2246)
* Implements client-side sending of PQ key shares for 1.3 (#2215)
* Change fuzz coverage below minimum to an error (#2259)
OBS-URL: https://build.opensuse.org/request/show/911576
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=9
- Update to version 1.0.12
* Update Max Connection memory usage to support Round 3 KEM Groups (#2933)
* Check for -1 return code from OCSP_basic_verify() (#2931)
* Add Round 3 PQ TLS Policies (#2842)
* Add public function for wiping the trust store (#2927)
* fix memcpy bug in client hello - copy address of pointer (#2917)
* Stops TLS13 From Erroring if Session Ticket Write Fails (#2928)
* Fixing wrong file path in makefile for BIKE R3 (#2925)
* Check Cipher Suite is ECC Before Returning Curve (#2908)
* Add unit test to monitor s2n_connection size changes (#2913)
* bindings: export include dir in rust build (#2918)
- from version 1.0.11
* Add a stale bot configuration (#2897)
* bindings: add rust bindings (#2754)
* Suggestion: Prevent randomness callbacks being set to NULL (#2916)
* Reduce memory allocated for conn->out (#2904)
* document sigpipe handling (#2909)
* place -Werror behind a flag which is ON by default (#2903)
* resolve -Wstrict-prototypes compiler warning (#2906)
* OpenSSL rand-engine requires engine support (#2885)
* Fix TLS1.3 dynamic record min calculation (#2900)
* Make client respect max frag len extension result (#2898)
* Initial proofs for s2n_socket functions (#2896)
* Do not calculate transcript on failed connection (#2886)
* Add gcov and lcov targets for pq (#2895)
* Adds close markers to flaky test (#2863)
* Fix some OCSP-related cert behavior (#2894)
* Adding Usage Guide for Pre-Shared Keys (#2890)
* Remove sikep434r2 code (#2864)
* Adds Error Checking Around Fragment Length (#2888)
OBS-URL: https://build.opensuse.org/request/show/904581
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=8
- Update to version 1.0.10
* Release TLS1.3 Pre-Shared Key (PSK) (#2889)
* Release early data / 0RTT (#2882)
* Release TLS1.3 Session Resumption (#2877)
* Limit session resumption PSKs processed (#2879)
* Client should not accept invalid TLS1.3 ticket_lifetime (#2878)
* Updates CI buildspec to include PSK integration tests (#2875)
* Adds External PSK Integration Tests (#2821)
* Make TLS1.3 ticket processing less strict to handle future changes (#2876)
* Add handshake type message for integration tests (#2873)
* Fixes s2n_get_session_length in TLS1.3 (#2858)
* Update Codebuild batch spec with early data integration test (#2872)
* Duplicate Certificate Error Message (#2870)
* Early data integration tests (#2857)
* Various small integration framework fixes (#2868)
* Bring __ANDROID__ and ANDROID back for tm_gmtoff (#2869)
* More fixes for BIKE R3 optimized builds (#2867)
* Supports in-source build with AWS-LC. (#2714)
* Larger chunk size based on worker count (#2865)
* BIKE R3 fix for gcc-4.8.2 (#2866)
* Fix BIKE_R3 build issue (#2860)
* Error blinding updates / fixes (#2852)
* BIKE Round-3 runtime code path selection based on CPU capabilities (#2793)
* Removes tolower stub from CBMC proofs (#2853)
* Stop rejected 0RTT data from triggering error blinding (#2849)
- from version 1.0.9
* Add new s2n_cert_chain_and_key load api that takes non-null-terminated
data and length (#2753)
* Adds TLS1.3 Session Resumption Integration Tests (#2814)
* Integrate sikep434r3 x86_64 assembly (#2820)
OBS-URL: https://build.opensuse.org/request/show/899455
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=7
- Update to version 1.0.5
* utils: remove deprecated safety macros (#2747)
* Fix loop counter overflow due to inconsistent type (#2739)
* Upgrades CBMC templates for proof harnesses (#2744)
* Import Bike Round 3 Implementation into s2n (#2726)
* Cleanup TLS1.3 fixed ticket sizes (#2729)
* Export symbols when building dynamically (#2730)
* Check for validity in s2n_stuffer_wipe*operations (#2732)
* Skip coverage upload (#2734)
* Don't send the client_session_ticket extension when using TLS1.3 tickets (#2725)
* Added server deserialize method (#2709)
* Make early data callback async (#2717)
* Include early data config in session tickets (#2720)
* quic: add S2N_API to secret callback api (#2728)
* Consolidate handshake pause logic (#2716)
* Pinned bash script to previous commit (#2723)
* Add early data callback (#2715)
* Set early data context for new session tickets (#2718)
* Adding prefix s2n_cert for s2n certificate APIs (#2713)
* Safeguard linker flags on Apple (#2710)
* Add APIs to send and receive early data (#2682)
* Adds helper function to obtain the OID value from the X509v3 extensions (#2702)
* Created GDB flag to remove optimizations (#2711)
- from version 1.0.4
* Add flags for non exec stack and read only GOT. (#2707)
* Fix for failing resume test (#2706)
* Add context to PSK selection callback (#2704)
* Calculated obfuscated ticket age (#2697)
* Don't allow non-post handshake messages to be received post handshake (#2703)
- from version 1.0.3
OBS-URL: https://build.opensuse.org/request/show/888423
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=5
oid sha256:8a9aa2ba9a25f936e241eaa6bb7e39bc1a097d178c4b255fa36795c0457e3f4e
size 4926060
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
