9d6fa696ad
- Update to version 1.67.0: * Migrate Wycheproof test vectors for ECDSA, RSA PKCS#1, and some more * Rename volatile state/memory to unique state/memory * Service Indicator: Add error call trampoline to avoid delocator issue * Add support for Big Endian in ACVP tool * AES-GCM: Add function pointer trampolines to avoid delocator issue * Use already defined macro for no inline * Remove Kyber completely * Import mldsa-native * Use existing session context if new is actually NULL * Integrate Wycheproof ML-KEM test vectors * Avoid cross-compilation build failure * Cleanup pass on Go code in repository * Update patch for nmap - remove vendor-fix.patch, as upstream finally fixed the issue
Richard Rahl
2026-01-30 12:23:20 +00:00
575eb165d4
Accepting request 1326315 from security:tls
Ana Guerrero2026-01-09 16:04:44 +00:00
750996bad3
- Update to version 1.66.2: * Fix incorrect assembler directive in AArch64 code * Fix the libwebsockets integration test script * Remove pkcs8 expected in test * Add randomized unit testing for EVP_CIPHERs * fix(target): fix mipseb 64bit compile * Consolidate FORMAT_DER/PEM in tool-openssl * Replace password string with proper class * Fix ppc64le; Improve platform detection
Richard Rahl
2026-01-09 10:07:03 +00:00
d395f10a92
- Update to version 1.66.1: * Iterate through all DNS entries in connect CLI * Fix socat integration test * Remove OPENSSL_NO_BF for real * Add openssl genpkey cli utility tool * Add stdin support for pkcs8 tool * Fix extension processing order in x509 cli * ML-DSA: Missing Private Key Validation Checks - Update to version 1.66.0: * Add encap/decapKeyCheck support in ACVP * Clarify comments and API behaviour for equal-preference for TLS 1.3 * Add support for external contexts in ML-DSA ACVP * Route ML-DSA ACVP to the right APIs * Add sha1 CLI * Fix openssl comparison tests * tool-openssl: pkcs8 error output on decrypt * Add RSA_X931_PADDING to rsa.h * Blowfish OFB Block Cipher Mode Support * Run ACCP integration tests on aarch64 * Support stdin for openssl rsa tool * Remove rsa expected in test * [tool-openssl] basic asn1parse support * Several CLI Fixes * Implement enc CLI - Update to version 1.65.1: * Adjust image-build-android concurrency group * s_client: Add TLS 1.2 and 1.3 protocol selection flags * Add EVP_bf_cfb64 * Add conversion and traceability for third-party test vectors * Verify size of mlen in ML-DSA external mu mode * Replicate OpenSSL 1.1.1 behavior for BIO_s_mem BIO_NOCLOSE * Add ACVP support for AES CFB128 * Add support for HMAC-SHA3 to ACVP tool * Move dk to Tests in ML-KEM ACVP - Update to version 1.65.0: * Use new images for fuzzing and x509 * Remove unused Wycheproof test vectors * Fix openldap; regenerate configure script * Fix unchecked return value * Avoid NULL dereference * AES-XTS Enc Dec test on rand incremental length inputs * Make N1 cpucap a subset of that of V1 and V2 * Set SSL_R_NO_CIPHER_MATCH when failing to set ciphers * Add CFI directives to chacha-armv8.pl * Add CFI directives in aesv8-armx.pl * Match req CLI behavior with OpenSSL * Adjust script to handle other event types - Update to version 1.64.0: * Update max polyz value * Support more "openssl rsa" options * Additional options for "openssl c_client" * Use C++11 atomics to update session stats * Support "openssl dhparam" * Remove dead code * Rename snapsafe to VM UBE * Extend grv asan timeout for Golang to allow completion * Implement more options for req CLI * Ensure HMAC_Init_ex reinitializes data properly - enable more tests, by exposing openssl/bssl tools - add skip-test.patch, skipping tool_openssl_test, as for some reason, a lot of features in that tool are not available - Update to version 1.63.0: * Failing no-op implementations for several UI functions * Tool util functions in tool_util.cc * AES-XTS on AArch64: Set w19 earlier before cipher-stealing of 1 block + tail - update to version 1.62.0: * nginx now supports AWS-LC * Fix tests that assume X25519 will be negotiated * Fixing a bug in ML-DSA poly_uniform function * Migrate integration omnibus * Delete util/bot directory * Type fix in mldsa * Centralize password handling tool-openssl * crypto/pem: replace strncmp with CRYPTO_memcmp to fix -Wstring-compare error * Implement dgst CLI command * Add ASN.1 decoding for ML-KEM private keys as seeds * Implement genrsa command * Move udiv and sencond tweak calculations to when needed * Add null check on RSA key checks * Implement workaround for FORTIFY_SOURCE warning with jitterentropy * Implement coverity suggestions * Add minimal EC CLI tool implementation * Adding pkeyutl tool to the CLI * Add option ENABLE_SOURCE_MODIFICATION * Simple script to build/run tests * Add build-time option to opt-out of CPU Jitter Entropy - update to version 1.61.4: * Pin PyCA version in python integration tests * Check compiler for 'linux/random.h' - update to version 1.61.3: * Remove jitter entropy tests folder - update to version 1.61.2: * Fix build when path has spaces * Fix test issues with run_minimal_tests - update to version 1.61.1: * Fix duplicate test names in CodeBuild integration tests - update to version 1.61.0: * Apply additional X509 validation checks on certificates sourced from trust store * Reorganizing compatibility tests, rework certificates for better groking * Additional X.509 Behavior Compatibility Tests * Add Support for IPv4 and IPv6 X.509 Certificate Name Constraints * Merge main to x509 * Reintroduce support for validating DNS commonName subjects when name constraints are present. * Support client-side hostname checks with leading . * Verify leaf certificate public key rather then leaving it to the caller * Support for explicit curve parameter on EC public keys where parameters match supported curves * Add x86 Keccak implementation * Gate EC explicit curve parameters for X.509 behind flag * Update CPU Jitter Entropy dependency to version 3.6.3 * Fix benchmarking issues with FIPS main * Add standalone MLKEM supported groups * Document and statically assert counters can't overflow * TLS Transfer Serialization Improvements * Fix ternary operator in github workflow * Merge x509 branch into main * Address clang-ci comments on new x509 code * Implement snapsafe fallback entropy source * Rand small fixes * Import s2n-bignum 2025-09-05-04 * Refactor iOS CI script * Re-import mlkem-native for addition of CFI directives * Fix typo in ssl_transfer_asn1 * Fix for zig build * Update SSLProxy patch * ML-DSA service indicator * Add aes-xts AArch64 implementation that will eventually be imported from s2n-bignum. * Fix Keccak MY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX flag * Increase SSLBuffer size to INT_MAX * Wrap compiler when FIPS w/ clang v20+ * Test ACCP in FIPS mode as well as non-FIPS * fix: Allow zero-length passwords in PEM key decryption * Use CheckCCompilerFlag to test -Wno-cast-function-type * Make X509 CodeBuild webhook more resilient - update to version 1.60.0: * Anchor CodeBuild account-id patterns * Implement read/write timeouts for BIO datagram * Migrate from CodeBuild account actor filter to pull request comment filter based on GitHub permissions * Implement ragdoll * Add expandedKey ASN.1 encoding for KEM keys - update to version 1.59.0: * Support other field for PKCS7 * Add CFI directives to armv8-mont * Add back RC4_options from decrepit * Apache httpd integration test * Fix clang-21 compile error * Fix MariaDB integration test * ML-KEM: Re-import mlkem-native * ML-KEM: import and enable x86_64 backend from mlkem-native * X509_REQ_verify for MLDSA44 and MLDSA87 * Remove BIT_INTERLEAVE support * ML-KEM: Fix mlkem-native importer.sh * Add CFI directives in md5-armv8.pl - update to version 1.58.1: * Add support for EVP_PKEY_param_check * Move check-linkage.sh to util - update to version 1.58.0: * Add EVP_PKEY_check and EVP_PKEY_public_check * Rewrite 4-fold batched SHAKE to be amenable to batched Keccak-F1600 assembly * Fix Win64 unwind info alignment * Migrate MSVC tests to CodeBuild * Add optimized + verified hybrid AArch64 assembly for batched SHA3/SHAKE * target.h: more clearly check for ppc64 endianness * Impl SSL_client_hello_get1_extensions_present and friends * Implement SSL_set_verify_result * ML-DSA constant-time hardening for caddq, poly_chknorm, decompose - update to version 1.57.1: * Resolve issue with conflicting pkg-config variables - update to version 1.57.0: * Preparation for Adopting SONAME and ABI Versioning * Offer P521 for signature_algorithms in client Hello * ML-KEM: Import AArch64 backend from mlkem-native * Add back X509_STORE_get_verify_cb and X509_STORE_set_lookup_crls_cb * Explicitly test that input length is as expected for ed25519ph * Fix Libwebsocket Build * Return NULL when a NULL or empty string is passed to NETSCAPE_SPKI_b64_decode * Reimplement SSL_clear_num_renegotiations * ABI monitoring GitHub workflow improvements * Migrate Openssl-tool parameter parsing * Add HMAC SHA3 benchmarks * Re-import s2n-bignum after merge of ML-KEM/Keccak functionality * Integrate formally verified AArch64 Keccak-x1 assembly * Add a couple more no-ops for legacy builds - remove soname.patch, as upstream formally introduced a soname - adjust the lib names - add the crypto lib as a requires to the devel package - update to version 1.56.0: * Export BIO_f_md for consumers * Remove obsolete python main patch * Remove redundant conditions * Implement pkcs8 cli * Export BF_cfb64_encrypt * Add pkey command to CLI tool * Improve OpenSSL compatibility * Fix PKCS12 Error Code * Use SP 800-56Arev3 Section 5.6.2.1.4.b instead of ECDSA PCT method * Minimize the nginx patch even further * Add LC contributors to allowlist * Align -help return codes in tool-openssl CLI to match Openssl * Dynamically link AWS-LC in cpython integration tests * Add missing x509 CI to list of tests * docs: Add FIPS documentation to BUILDING.md and README.md * Implement SSL_CTX_set_client_hello_cb for ClientHello callback * tool-openssl: Fix warning 'strnlen' specified bound 4096 exceeds source size 128 * Pull in SSL_get_negotiated_group and TLSEXT_nid_unknown from upstream * Document non-support of TLS 1.3 - update to version 1.55.0: * Add SSL_CTRL defines for SSL_*_tlsext_status_type * Implement HMAC over SHA3 truncated variants * Temporarily allowlist the webhook actors to AWS-LC * Rework memory BIOs and implement BIO_seek * s2n-bignum: Add prefix header to _s2n_bignum_internal.h - update to 1.54.0: * Rename SSL test files to match Scrutinice filter * Order tool output * Fix Console Test Suite Execution Locally * Re-remove afunix.h * Note a couple of typoed struct names that we'll leave alone * Document that EVP_PKEY_CTX_set_rsa_keygen_pubexp takes ownership * Remove sys headers from bio.h * rwlock race tests is not a GoogleTest executable * Add two new APIs to expose TLS 1.3 traffic secrets for kTLS * Intentionally redefine iovec in headers as CI - update to 1.53.1: * Add timeouts to PQ TLS Integ Tests * Split ssl handshake tests * Add password prompting support & EVP_read_pw_string * Impl BIO_ADDR_xxx functions * Update mlkem-native to v1 - update to 1.53.0: * Add build with hardened flag * Openssl tool output ordered * [SCRUTINICE] Remove redundant condition check * Support relro in delocator * Explicitly don't allow buffers aliasing in ctr-drbg implementation * Remove unused Windows afunix.h * Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)" * Use max_cert_list for TLSv1.3 NewSessionTicket * ML-KEM memory safety * Improve support for multilib-style distros in our test scripts * Fix Ru * Add hardened build back in * Fix OCSP integration test failures * Fix some theoretical missing earlyclobber markers in inline assembly * Simplify sshkdf and kbkdf * Run 3p module tests on python 3.13, add patch for 3.14 * Fix service indicator in HKDF, more paranoid zeroization, and simplify logic = make it so that the patch adapts to the version - exclude %{arm} as those are not suppported and don't build - adapt soname.patch to also give a version to libcrypto (fixes boo#1244562) - bump soversion to actual aws-lc version - conflict the correct package - Update to 1.52.1: * Increase default salt from 8 to 16 bytes for PKCS#8 & PKCS#12 * fix(nix): Make sure bssl is in the PATH; workaround nix build failure… * Fix path-has-spaces test * Display X509 fingerprint after hash - Update to 1.52.0: * Set OPENSSL_NO_EXTERNAL_PSK_TLS13 to indicate lack of TLS 1.3 PSK * BIO datagram functions * Reject NewSessionTicket messages with empty tickets in TLS 1.3 * Fix socket test issues * Remove python CI patch for main * Remove xmlsec patch * Mark fallible container operations as nodiscard * Remove extra va_end in err_add_error_vdata * Check for QUIC in SSL_process_quic_post_handshake * Add missing symbols for Unbound * Update mlkem-native * Squelch clang-tidy * Clang-tidy is still noisy * Add back two rules for clang-tidy * Implement BIO_dump * Make ASN1_get_object a direct call * Rework memory BIOs and implement BIO_seek * ML-DSA: ASN.1 Module - add parsing of BOTH private key format * Detection of unused results * Fix gtest_util.sh failure detection * Remove unused docs/configs * ML-DSA: Add ML-DSA keyGen to break-kat.go * Bump AWSLC_API_VERSION for X509_STORE_CTX_set_verify_crit_oids * Revert "Rework memory BIOs and implement BIO_seek * Resolve SSL_PRIVATE_METHOD and certificate slots functionality - Update to 1.51.2: * Fix prefix build when path has spaces - Update to 1.51.1: * nothing of relevance - Update to 1.51.0: * Fix ImplDispatchTest for 32-bit x86 build * Revert "Update patch for Postgres * Fix socat test * Remove special s2n-bignum source code processing at buid-time * Correct typo in malloc debug environment variable * Fix PQ Integration tests * Remove patch for IbmTpm * Support allowing specific unknown critical extensions - Update to 1.50.1: * Expand .clang-tidy configuration * nginx-1.28.0 aws-lc-nginx.patch * s2n bignum import method change * Fix a theoretical overflow in BIO_printf * Fix tpm2-tss integration tes - Update to 1.50.0: * Remove FFDHE and SECLEVEL python test patches * Remove unused ENABLE_DILITHIUM CMake option * SSL_in_*_init macros * Fix link to bcm.c in FIPS.md * Make sure it builds with CMake v4.0 * Update formal verification section in README.md * Implement legacy callback with BIO_set_callback * Import mlkem-native * Split out socket BIO tests * Run clang tidy * Reinstate indefinite length and [UNIVERSAL 0] support in crypto/asn1 * Implemented no-op CRYPTO_mem_ctrl * SCRUTINICE Fixes * Fix clang-tidy lints * Reinstate support for constructed strings in crypto/asn1 * Add SecP384r1MLKEM1024 * Fix CMake (< v3.20) warning * Add MLDSA44 and MLDSA87 to OBJ_find_sigid_algs * Bump AWSLC_API_VERSION to account for OBJ_find_sigid_algs bug * Add AES CBC cipher to speed.cc * Add X509_VERIFY_PARAM_get_hostflags * Enable IPv6 for curl integ * Add null check for EVP_get_digestbyobj - Update to 1.49.1: * FIPS Integrity Hash Tooling * Add more build options to match callback build * Add req to OpenSSL CLI tool - Update to 1.49.0: * Revert "Allow constructed strings in BER parsing * Add the rehash utility to the openssl CLI tool * Documentation on service indicator * Reject DSA trailing garbage in EVP layer, add test cases * Add support for verifying PKCS7 signed attributes * Add support for more SSL BIO functions * Adding detection of out-of-bound pre-bound memory read to AES-XTS tests * AES: Add function pointer trampoline to avoid delocator issue * Cherrypick hardening DSA param checks from BoringSSL - move services from disabled to manual - add patches disable-integrationtest.patch (needs internet), vendor-fix.patch (go mod tidy) and soname.patch (changes soname, so we can co-install the lib) - rework the packages we create - Update to version 1.48.5 - Package OpenSSL files - Move bssl out of devel subpackage - Switch to obs_scm - Cleanup - Initial spec for v1.3.0
Richard Rahl
2025-12-21 23:38:34 +00:00
a7a3089dac
- Update to version 1.66.1: * Iterate through all DNS entries in connect CLI * Fix socat integration test * Remove OPENSSL_NO_BF for real * Add openssl genpkey cli utility tool * Add stdin support for pkcs8 tool * Fix extension processing order in x509 cli * ML-DSA: Missing Private Key Validation Checks - Update to version 1.66.0: * Add encap/decapKeyCheck support in ACVP * Clarify comments and API behaviour for equal-preference for TLS 1.3 * Add support for external contexts in ML-DSA ACVP * Route ML-DSA ACVP to the right APIs * Add sha1 CLI * Fix openssl comparison tests * tool-openssl: pkcs8 error output on decrypt * Add RSA_X931_PADDING to rsa.h * Blowfish OFB Block Cipher Mode Support * Run ACCP integration tests on aarch64 * Support stdin for openssl rsa tool * Remove rsa expected in test * [tool-openssl] basic asn1parse support * Several CLI Fixes * Implement enc CLI - Update to version 1.65.1: * Adjust image-build-android concurrency group * s_client: Add TLS 1.2 and 1.3 protocol selection flags * Add EVP_bf_cfb64 * Add conversion and traceability for third-party test vectors * Verify size of mlen in ML-DSA external mu mode
Richard Rahl
2025-12-21 23:34:47 +00:00
f4b277d4cc
- Update to version 1.63.0: * Failing no-op implementations for several UI functions * Tool util functions in tool_util.cc * AES-XTS on AArch64: Set w19 earlier before cipher-stealing of 1 block + tail
Richard Rahl
2025-11-02 11:34:33 +00:00
bcde956380
Accepting request 1312224 from security:tls
Ana Guerrero2025-10-20 11:35:44 +00:00
435fcc5e1c
- update to version 1.62.0: * nginx now supports AWS-LC * Fix tests that assume X25519 will be negotiated * Fixing a bug in ML-DSA poly_uniform function * Migrate integration omnibus * Delete util/bot directory * Type fix in mldsa * Centralize password handling tool-openssl * crypto/pem: replace strncmp with CRYPTO_memcmp to fix -Wstring-compare error * Implement dgst CLI command * Add ASN.1 decoding for ML-KEM private keys as seeds * Implement genrsa command * Move udiv and sencond tweak calculations to when needed * Add null check on RSA key checks * Implement workaround for FORTIFY_SOURCE warning with jitterentropy * Implement coverity suggestions * Add minimal EC CLI tool implementation * Adding pkeyutl tool to the CLI * Add option ENABLE_SOURCE_MODIFICATION * Simple script to build/run tests * Add build-time option to opt-out of CPU Jitter Entropy
Richard Rahl
2025-10-19 13:26:14 +00:00
d6290d3e77
- update to version 1.61.4: * Pin PyCA version in python integration tests * Check compiler for 'linux/random.h' - update to version 1.61.3: * Remove jitter entropy tests folder
Richard Rahl
2025-10-07 11:51:12 +00:00
5d4269148f
- update to version 1.61.2: * Fix build when path has spaces * Fix test issues with run_minimal_tests - update to version 1.61.1: * Fix duplicate test names in CodeBuild integration tests
Richard Rahl
2025-09-20 15:05:48 +00:00
c0387c0c11
Accepting request 1305213 from security:tls
Ana Guerrero2025-09-18 19:08:17 +00:00
36c9026521
- update to version 1.61.0: * Apply additional X509 validation checks on certificates sourced from trust store * Reorganizing compatibility tests, rework certificates for better groking * Additional X.509 Behavior Compatibility Tests * Add Support for IPv4 and IPv6 X.509 Certificate Name Constraints * Merge main to x509 * Reintroduce support for validating DNS commonName subjects when name constraints are present. * Support client-side hostname checks with leading . * Verify leaf certificate public key rather then leaving it to the caller * Support for explicit curve parameter on EC public keys where parameters match supported curves * Add x86 Keccak implementation * Gate EC explicit curve parameters for X.509 behind flag * Update CPU Jitter Entropy dependency to version 3.6.3 * Fix benchmarking issues with FIPS main * Add standalone MLKEM supported groups * Document and statically assert counters can't overflow * TLS Transfer Serialization Improvements * Fix ternary operator in github workflow * Merge x509 branch into main * Address clang-ci comments on new x509 code * Implement snapsafe fallback entropy source * Rand small fixes * Import s2n-bignum 2025-09-05-04 * Refactor iOS CI script * Re-import mlkem-native for addition of CFI directives * Fix typo in ssl_transfer_asn1 * Fix for zig build * Update SSLProxy patch * ML-DSA service indicator * Add aes-xts AArch64 implementation that will eventually be imported from s2n-bignum.
Richard Rahl
2025-09-16 13:38:50 +00:00
d7b8a247d1
Accepting request 1301925 from security:tls
Ana Guerrero2025-08-29 16:37:37 +00:00
5571fc550a
- update to version 1.59.0: * Support other field for PKCS7 * Add CFI directives to armv8-mont * Add back RC4_options from decrepit * Apache httpd integration test * Fix clang-21 compile error * Fix MariaDB integration test * ML-KEM: Re-import mlkem-native * ML-KEM: import and enable x86_64 backend from mlkem-native * X509_REQ_verify for MLDSA44 and MLDSA87 * Remove BIT_INTERLEAVE support * ML-KEM: Fix mlkem-native importer.sh * Add CFI directives in md5-armv8.pl
Richard Rahl
2025-08-29 11:58:27 +00:00
ab9abf4690
- adjust the lib names - add the crypto lib as a requires to the devel package
Richard Rahl
2025-08-11 12:43:18 +00:00
5a77dcdc2d
- update to version 1.57.1: * Resolve issue with conflicting pkg-config variables - update to version 1.57.0: * Preparation for Adopting SONAME and ABI Versioning * Offer P521 for signature_algorithms in client Hello * ML-KEM: Import AArch64 backend from mlkem-native * Add back X509_STORE_get_verify_cb and X509_STORE_set_lookup_crls_cb * Explicitly test that input length is as expected for ed25519ph * Fix Libwebsocket Build * Return NULL when a NULL or empty string is passed to NETSCAPE_SPKI_b64_decode * Reimplement SSL_clear_num_renegotiations * ABI monitoring GitHub workflow improvements * Migrate Openssl-tool parameter parsing * Add HMAC SHA3 benchmarks * Re-import s2n-bignum after merge of ML-KEM/Keccak functionality * Integrate formally verified AArch64 Keccak-x1 assembly * Add a couple more no-ops for legacy builds - remove soname.patch, as upstream formally introduced a soname
Richard Rahl
2025-08-11 12:02:55 +00:00
05ca53f845
- update to version 1.56.0: * Export BIO_f_md for consumers * Remove obsolete python main patch * Remove redundant conditions * Implement pkcs8 cli * Export BF_cfb64_encrypt * Add pkey command to CLI tool * Improve OpenSSL compatibility * Fix PKCS12 Error Code * Use SP 800-56Arev3 Section 5.6.2.1.4.b instead of ECDSA PCT method * Minimize the nginx patch even further * Add LC contributors to allowlist * Align -help return codes in tool-openssl CLI to match Openssl * Dynamically link AWS-LC in cpython integration tests * Add missing x509 CI to list of tests * docs: Add FIPS documentation to BUILDING.md and README.md * Implement SSL_CTX_set_client_hello_cb for ClientHello callback * tool-openssl: Fix warning 'strnlen' specified bound 4096 exceeds source size 128 * Pull in SSL_get_negotiated_group and TLSEXT_nid_unknown from upstream * Document non-support of TLS 1.3 - update to version 1.55.0: * Add SSL_CTRL defines for SSL_*_tlsext_status_type * Implement HMAC over SHA3 truncated variants * Temporarily allowlist the webhook actors to AWS-LC * Rework memory BIOs and implement BIO_seek * s2n-bignum: Add prefix header to _s2n_bignum_internal.h
Richard Rahl
2025-07-23 14:26:40 +00:00
5cc492d693
Accepting request 1289678 from security:tls
Ana Guerrero2025-07-02 10:11:59 +00:00
3c5da96cf2
- update to 1.54.0: * Rename SSL test files to match Scrutinice filter * Order tool output * Fix Console Test Suite Execution Locally * Re-remove afunix.h * Note a couple of typoed struct names that we'll leave alone * Document that EVP_PKEY_CTX_set_rsa_keygen_pubexp takes ownership * Remove sys headers from bio.h * rwlock race tests is not a GoogleTest executable * Add two new APIs to expose TLS 1.3 traffic secrets for kTLS * Intentionally redefine iovec in headers as CI - update to 1.53.1: * Add timeouts to PQ TLS Integ Tests * Split ssl handshake tests * Add password prompting support & EVP_read_pw_string * Impl BIO_ADDR_xxx functions * Update mlkem-native to v1 - update to 1.53.0: * Add build with hardened flag * Openssl tool output ordered * [SCRUTINICE] Remove redundant condition check * Support relro in delocator * Explicitly don't allow buffers aliasing in ctr-drbg implementation * Remove unused Windows afunix.h * Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)" * Use max_cert_list for TLSv1.3 NewSessionTicket * ML-KEM memory safety * Improve support for multilib-style distros in our test scripts * Fix Ru * Add hardened build back in
Richard Rahl
2025-07-01 19:29:59 +00:00
2815884f0e
Accepting request 1288747 from security:tls
Ana Guerrero2025-06-27 21:01:36 +00:00
b8b2b23e1c
Accepting request 1285636 from home:rrahl0
Richard Rahl
2025-06-13 18:59:49 +00:00
c1fc3d91ba
Accepting request 1284794 from security:tls
Ana Guerrero2025-06-11 14:27:24 +00:00
d960ba01b9
- conflict the correct package
Richard Rahl
2025-06-11 11:23:09 +00:00
Ana Guerrero
Richard Rahl
Dominique Leuenberger
Martin Pluskal