- Update to version 1.4.9
* New TLS1.2-only variant of 20230317 policy (#4483)
* ci: add asan runs under gcc (#4402)
* fix: Adds non_exhaustive flag to FingerprintType
* fix: refactor rust bindings fingerprint methods (#4474)
* example(bindings): client hello cb example (#4385)
* feat: getter for TLS1.2 master secrets (#4470)
* bindings: ensure CFLAGS includes come after build script includes (#4475)
* bindings: mark Connection as Sync (#4467)
* Make S2N_CERT_AUTH_OPTIONAL the default for clients (#4390)
* fix(test): narrow valgrind suppressions (#4369)
* fix: pedantic memory leak in handshake test (#4463)
* chore(bindings): release 0.1.7 (#4462)
OBS-URL: https://build.opensuse.org/request/show/1164579
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=43
- Update to version 1.4.4
* allows cmake to force crypto linkage (#4383)
* refactor: consolidate record wiping (#4412)
* build: make CMake test flags more consistent with make (#4392)
* style(bindings): address new clippy lint (#4411)
* refactor: generalize cert sig preference handling (#4379)
* feat: More client hello getters (#4380)
* fix: only initialize default tls 1.3 config in tests (#4302)
* Check fd status before using urandom (#4352)
* utils: add map iteration iterator (#4377)
* chore(bindings): release (#4388)
* chore(bindings): bump aws-lc-sys (#4393)
* s2n-tls-tokio: use s2n_shutdown_send instead of s2n_shutdown (#4374)
* enforce result checking for blob and mem (#4389)
OBS-URL: https://build.opensuse.org/request/show/1148699
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=39
- Update to version 1.3.45
* fix: improve compatibility with old Linux versions (#4027)
* Disable retry client random validation outside of tests (#4023)
* Only call getenv for integ test marker in s2n_init (#4025)
* Publish minimal s2n_config APIs and add documentation (#3972)
* Fix s2n_error_get_type mistake in usage guide (#4022)
* nix: add an Openssl102 nix devShell (#4014)
* fix(api/unstable): make all api methods visible (#4015)
* test(bindings/s2n-tls-tokio): fix tokio bindings close test (#4007)
* fix: open files with the O_CLOEXEC flag (#3989)
* feat(s2n-tls): X509 asn1 refactor (#4011)
* Add the libcrypto random generation implementation (#4004)
* nix: Use nixpkgs gnutls instead (#4013)
* nix: add a LibreSSL nix devShell (#4010)
* style: simplfy api for test utility (#4008)
* fix(s2nd): parse psk given to s2nd non-destructively (#4006)
* nix devShell with openssl3 (#3993)
* Upgrade OpenSSL model for CBMC proofs (#3978)
* Quoting RFC-4492 to verify behavior when supported_groups extension is not sent (#3998)
* docs: add notes on s2nc and s2nd usage (#4003)
* bindings: Add option to disable loading system certs (#3985)
* Update FAQ + add s2n_negotiate example to Usage Guide (#3984)
* test: add more x509 OCSP tests (#3970)
* ci: enable ossl3 tls13 tests (#3992)
* chore: bindings release 0.0.31 (#3997)
* Print Wire Bytes In and Out for s2nc (#3986)
* ci: nix devShell simplification (#3964)
* utils: Add a stale box to the GH dashboard; use an action for pushing pages (#3947)
- from version 1.3.44
* test: fix session-ticket, non-blocking-io tests on 32 bit (#3969)
OBS-URL: https://build.opensuse.org/request/show/1091849
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=29
- Update to version 1.3.41
* fix: remove broken check in test (#3901)
- from version 1.3.40
* Rewrite of the PSK section in Usage Guide (#3864)
* test: cleanup after tests (#3831)
* ktls: feature probe test (#3869)
* Fixes some compiler warnings coming from tests (#3883)
* tokio-s2n-tls: Enable access to the IO instance from TcpStream (#3882)
* chore: bump rust bindings for 1.3.39 release (#3887)
* Migrate Kyber 512 to EVP KEM API (#3853)
* test: cleanup tests (#3832)
* test: Add missing packages to nix devShell (#3885)
* Document behavior of s2n_negotiate for a client with client auth (#3891)
* Switch OpenBSD CI job GH action to something more robust (#3877)
* Enable strict compile checks in unit test build (#3878)
* ci: enable valgrind pedantic check (#3886)
* Allow client hellos from raw bytes (#3871)
* Add new security policy (#3895)
- from version 1.3.39
* Removed codecov github status badge. (#3859)
* Add method to create Rust certs without private keys (#3860)
* Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (#3800)
* chore: bump rust bindings version; crates msrv to 1.63.0 (#3863)
* ci: Check for msrv match between rust-toolchain an crates; make them match. (#3866)
* fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns (#3870)
* tests: add checks for LTO+interning compatibility (#3839)
* Enforce that ENSURE and GUARD_OSSL use valid error codes (#3873)
- from version 1.3.38
* Add CMake targets for integration tests and switch CI to use them (#3776)
* ci: reduce the number of BSD artifacts (#3837)
OBS-URL: https://build.opensuse.org/request/show/1077188
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=27
- Update to version 1.3.37
* Make unstable fingerprint methods accessible (#3823)
* Clean up thread-local memory (#3771)
* bindings(rust): bump MSRV to 1.60.0 (#3833)
* Criterion delta (#3811)
* Add JA3 fingerprinting (#3817)
* Clarify that AWS-LC is also supported (#3821)
* Add unit test to check that the build's libcrypto
reflects the CI's intended libcrypto (#3774)
* Clarify SSLv2 ClientHellos (#3815)
* Bump rust bindings for 1.3.36 release (#3818)
* Add stuffer method for standard init process (#3814)
- from version 1.3.36
* ktls: rm kTLS request field on config (#3816)
* ktls: add ktls_supported field to s2n_cipher (#3806)
* Make test_install_shared_and_static easier to debug
* ktls: s2n_ktls_mode and building blocks (#3797)
* ci: Update OpenBSD's MEM_PER_CONNECTION, based on error message (#3791)
* s2n-tls nix flake (#3794)
* Updated rust bindings (#3802)
* Update omnibus fuzz image; remove fuzz job we're not running anymore in PR (#3796)
* Adds client hello section to usage guide (#3757)
* Integration test to check default signature algorithm behavior (#3719)
* Blob Initialization fix-Test_1 (#3790)
- from version 1.3.35
* fix: pass an empty string to host verify without usable identifiers (#3793)
* add code coverage support (#3759)
* ci: Enable CTEST_OUTPUT_ON_FAILURE on all targets (#3789)
* Enforce that clippy msrv matches rust-toolchain (#3787)
* Blob Initialization fix-Test (#3780)
OBS-URL: https://build.opensuse.org/request/show/1066354
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=26
- Update to version 1.3.31
* Clang format `tls/s2n_[a-h].*\.[ch]` and enforce in CI (#3681)
* tokio-s2n-tls: add poll_blinding and fix blinding on shutdown (#3700)
* Clang-format `crypto/` and enforce in CI (#3680)
* Clang-format `tls/s2n_[s-z].*\.[ch]` and enforce in CI (#3683)
* Clang-format `tests/unit/s2n_[t-z].*\.c` and enforce in CI (#3679)
* Clang format `tests/unit/s2n_[bc].*\.c` and enforce in CI (#3675)
* Clang-format `tests/unit/s2n_[d-k].*\.c` and enforce in CI (#3676)
* Add `CloudFront-TLS-1-2-2021-ChaCha20-Boosted` Security Policy w/ Docs Update (#3686)
* Fix FreeBSD minherit arg naming (#3694)
* Add config to read until error or supplied buffer is full (#3690)
* Clang-format `tls/s2n_[i-r].*\.[ch]` and enforce in CI (#3682)
- from version 1.3.30
* chore: bump rust bindings version (#3693)
* Clean up test trust store (#3692)
* Add support for AWS-LC PQ KEM (#3634)
* chore: introduce rust-toolchain and enforce MSRV (#3691)
* bindings (rust): handle propagating the async client_hello callback error (#3687)
* ci: Fix LibreSSL paths in CI (#3688)
* tests: delete integv1 code (#3685)
* bindings(rust): avoid unnecessarily zeroing the receive buffer in poll_read (#3662)
* Handle fragmented post-handshake messages (#3641)
* Add CodeQL workflow for GitHub code scanning (#3601)
* ci: pin ubuntu version to 20.04 for cppcheck (#3673)
* ci: Remove references to TEST=integration and related codebuild scripting (#3628)
* Make header deps explicit in preperation for clang-format (#3684)
* Clang-format of `tests/unit/s2n_[3a].*\.c` + transision to exclude regex (#3664)
* Add prioritize_chacha20 flag to cipher preferences (#3543)
* Fix default X509 store flags (#3671)
* Regenerate CRL pems (#3672)
OBS-URL: https://build.opensuse.org/request/show/1055811
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=24
- Update to version 1.3.27
* Npn cleanup (#3590)
* Ensure extended master secrets ext have no data (#3588)
* LibreSSL version 3.5 implements the OpenSSL 1.1 API (almost) (#3589)
* Update vmactions/freebsd github action (#3592)
* Fix free error when using jemalloc (#3585)
* Add rust binding for s2n_set_config_send_buffer_size (#3582)
* NPN integration tests (#3583)
* Adding null checks to tls/extensions and tls/s2n_perf (#3578)
* Adds API for NPN support (#3575)
* Add CRL lookup callback (#3546)
* Bump Doxygen version 1.9.3 -> 1.9.5 (#3581)
* Add apache renegotiation test server to CI (#3565)
* Adds TLS12 Encrypted Extensions Messages (#3545)
* Removing more failing saw (#3577)
* bump to 0.0.17 (#3574)
* More openssl renegotiate integ tests (#3570)
* Added compliance comment for renegotiate (#3572)
* Remove s2n-core from CODEOWNERS (#3571)
- from version 1.3.26
* Add IO debug info to integrationv2 framework (#3564)
* Fix check for non-portable optimizations (#3573)
* Handshake changes necessary to negotiate NPN (#3558)
* Add array init with capacity API (#3554)
* Basic renegotiation integ tests (#3563)
* Rust bindings version bump for 1.3.25 (#3567)
- from version 1.3.25
* Only enable non-portable optimizations safety
checks during GitHub CI builds (#3562)
* Release renegotiation feature as unstable (#3556)
OBS-URL: https://build.opensuse.org/request/show/1035322
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=23
- Update to version 1.3.13
* Enforce how the client hello is modified during retry (#3311)
* Use SHA1+MD5 for <TLS1.2 + FIPS (#3310)
* Don't generate a new client random on retries (#3312)
* Rewrite cookie extension (#3306)
* Fixed CBMC_ENSURE_REF calls where NULL return type expected (#3304)
* ci: Fix boringssl unit tests (#3309)
* Improve cmake logging (#3305)
* [bindings] Clean up async behavior (#3299)
* ci: Temporarily remove more test endpoints with expired certs (#3300)
* ci: add awslc interning to omnibus (#3295)
* fix(s2n-tls-sys): add cmake files to the include directive (#3297)
* release(rust-bindings): 0.0.6 (#3296)
* build(bindings): use cmake when building with pq feature (#3294)
* [bindings] Add basic send and recv (#3290)
* Interning not supported with FIPS enabled. (#3277)
* fix: FreeBSD will now fail loudly (#3284)
* [bindings] Hide ffi types + basic debug info (#3279)
OBS-URL: https://build.opensuse.org/request/show/977950
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=18
- Update to version 1.3.12
* Use pointer to variable type as required by cleanup attribute (#3289)
* bug: fix s2n_connection->cookie_stuffer initialization (#3282)
* Add test utility for fork tests (#3253)
* Add additional libcryptos to V2 integration tests (#3244)
* ci: GitHub actions for osx (#3280)
* Fix MacOS unit tests (#3278)
* build: use S2N_LIBCRYPTO to pick interning lib (#3276)
* [bindings] Add basic s2n-tls-tokio skeleton (#3261)
* exclude cast-qual in Cmake for aws-lcw (#3270)
* Disable strict-prototypes diagnostic flag in Clang (#3275)
* ci: check integv2 python for pep8 issues (#3271)
- from version 1.3.11
* auto format integv2 python (#3268)
* ci: don't update the ghpages dashboard outside of main repo (#3267)
* release(rust-bindings): 0.0.5 (#3256)
* Add basic rust ci jobs (#3265)
* Fix wrong assumption about osx/apple (#3264)
* ci: temporarily remove expired certs (#3266)
* fix: correctly export internal APIs (#3260)
* deps: Upgrade CBMC submodules (#3259)
* Fully separate key and secret state machines (#3238)
* test: OCSP integrationv2 test with GnuTLS (#3207)
* Port drbg.c functions to use S2N_RESULT (#3252)
* feat(rust-bindings): add support for linking an external build (#3254)
- from version 1.3.10
* build: fix libcrypto interning (#3204)
* Update install_awslc to install the correct FIPS branch of AWS-LC (#3255)
* ci: add make install (#3224)
* ci: Add a CRT codebuild job (#3245)
OBS-URL: https://build.opensuse.org/request/show/973664
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=17
- Update to version 1.3.7
* Crypto variable update missing from #3181 (#3189)
* SSLyze integrationv2 test (#3186)
* Added try_compile for features.h (#3197)
* bindings: update rust bindings (#3196)
* Centralize transcript hash copy logic (#3195)
* Enable PQ in FIPS mode with awslc (#3183)
* Revert "Flush stdout with initial BEGIN_TEST message (#3185)" (#3193)
- from version 1.3.6
* Store TLS1.3 transcript hash digests rather than full hash state (#3188)
* Remove in-source build target check hackery. (#3181)
- Refresh patches for new version
* s2n_fix-cmake-modules-path.patch
OBS-URL: https://build.opensuse.org/request/show/958261
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=16
- Update to version 1.3.5
* remove extra S2N_API (#3187)
* Use `llvm_points_to_bitfield` in SAW proofs (#3155)
* Add API s2n_client_hello_has_extension to check if extension exists (#3180)
* Flush stdout with initial BEGIN_TEST message (#3185)
* FreeBSD ci (#3184)
* Add some comments to build scripts (#3182)
* Document which macros should not be used for new code (#3179)
* remove unused function s2n_actual_getpid (#3172)
* Workaround AL2 nodejs package issue (#3174)
* Add API method to translate errors to alerts (#3171)
* Upgrade CBMC submodules (#3165)
* tests: add s2n_init/s2n_cleanup tests (#3164)
OBS-URL: https://build.opensuse.org/request/show/950402
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=15
- Update to version 1.3.3
* Fix s2n_connection_get_client_cert_chain for TLS1.3 (#3156)
* Fixing Flakiness in Cross-Compat Test (#3158)
* Enforce RSA-PSS saltlen requirements (#3157)
* Rearrange TLS1.2 and TLS1.3 secret storage (#3154)
* Use libcrypto signing methods in compliance with FIPS 140-3 (#3142)
* docs: update readme (#3153)
- from version 1.3.2
* Adds Cross-Compatibility Test (#3147)
* Makes s2n_stuffer_skip_whitespace verification friendly (#3143)
* ci: fix Kwstyle (#3136)
* only print on retries (#3151)
* integration: enforce timeout, allow for the process to
shutdown gracefully, run in non-blocking mode (#3148)
* Added Script to Compile Main for Cross-Compat Testing (#3139)
* Adds Options to Output and Input Session Ticket to s2nc (#3134)
* Upgrade CBMC submodules (#3135)
OBS-URL: https://build.opensuse.org/request/show/943783
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=13
- Update to version 1.3.1
* Nitpick usage guide links (#3133)
* FIPS Static Config is Only Created When Needed (#3129)
* Fix build on NetBSD. (#3131)
* Feature probe for EVP_md5_sha1() (#3128)
* Allow EVP hash implementation to use EVP_md5_sha1 if available (#3126)
* Allow synchronous private key operations (#3121)
- from version 1.3.0
* EMS Re-Release (#3122)
* If QUIC, only offer TLS1.3 (#3124)
- from version 1.2.1
* tests: fix s2n_enable_tls13 deprecation warnings (#3120)
* Fix FindLibCrypto for list-typed CMAKE_PREFIX_PATH (#3067)
* Add AWS-LC FIPS integration target (#3084)
* Detect nested s2n_negotiate calls (#3119)
* build: add the option to enable LTO (#3117)
* Prevent Uninitialized Memory Access in case of FIPS Mode Disabled (#3016)
* Fixed EMS to work with Session Caching (#3102)
* Rename internal HMAC implementations in s2n_prf to
clarify which implementation is used (#3103)
* Finish memcpy->memmove migration (#3110)
- from version 1.2.0
* Revert "EMS Release (#3053)" (#3113)
* Reapply "Update QUIC parameters IANA (#3029)" (#3106)
* Add a flag to s2nc to enable FIPS mode in the underlying libcrypto.
Update integration tests to use the new flag when needed (#3101)
* Added Backwards-Incompatible Ticket Version (#3099)
* Don't allow QUIC to be enabled if TLS1.3 not possible (#3088)
* ci: remove spaces from benchmark name (#3097)
* Lets make S2N play nicely with the rest of the world shall we? Added … (#2669)
OBS-URL: https://build.opensuse.org/request/show/937731
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/s2n?expand=0&rev=12
