github aws/aws-lc v1.72.0
on GitHub

one day ago

What's Changed

  • Reject point at infinity in EC_KEY_set_public_key by @nebeid in #3101
  • Add SSL_use_cert_and_key for per-connection cert/key setting by @geedo0 in #3114
  • Add Optimized and HOL Light verified AVX2 Keccak x4 by @manastasova in #3020
  • Fix intermittent WIN32_rename failures in openssl ca CLI tool due to transient file locks by @justsmth in #3100
  • Remove redundant definitions by @torben-hansen in #3118
  • fipsmodule/ml-kem: Import mlkem-native v1.1.0 by @hanno-becker in #3090
  • Zeroize sensitive stack buffers in DRBG, X25519, Ed25519, ECDSA, ECDH… by @justsmth in #3121
  • Fix entropy source selection for Apple cross-compilation targets by @justsmth in #3113
  • WIN32_rename: fix errno mapping and increase retry budget for transient failures by @justsmth in #3124
  • openssl-tool CLI: CA cleanup by @justsmth in #3120
  • Exclude OCSPIntegrationTest from normal CI test runs by @justsmth in #3128
  • Fix PostgreSQL integration SSL test failures for upstream error string changes by @justsmth in #3125
  • Fix Windows ARM64 FIPS build; add Clang support for Windows FIPS by @justsmth in #3013
  • Hardening fixes for ML-DSA digest mode, XTS key comparison, and urandom fd by @justsmth in #3129
  • Fix bind9 integration test for upstream build system changes by @justsmth in #3126
  • Consistently set outlen to zero for all error paths by @torben-hansen in #3104
  • Add -msg and -servername support to openssl s_client by @geedo0 in #3098
  • Add NULL pointer validation to ML-KEM EVP encapsulate/decapsulate by @dkostic in #3132
  • Add openssl version -a and -p flag support by @geedo0 in #3092
  • Rename __AWS_LC_ENSURE to AWS_LC_ENSURE to avoid reserved identifier by @torben-hansen in #3137
  • Upgrade custom libc++ to LLVM 19 and add sanitizer support to build_and_test.sh by @justsmth in #3131
  • Upgrade CI sanitizer jobs from Clang 15 to Clang 19 by @justsmth in #3148
  • Fix CMake install dir defaults on macOS/Windows when CMAKE_INSTALL_LIBDIR is specified by @justsmth in #3069
  • Update PyOpenSSL patch w/ PR #2897 by @WillChilds-Klein in #3145
  • Harden OCSP response printing and fix integer overflow in x509v3_bytes_to_hex by @justsmth in #3127
  • Increase SSL test runner idle timeout for FreeBSD CI by @justsmth in #3144
  • Fix Clang 19 GCC runtime detection on AL2023 aarch64 by @justsmth in #3150
  • Fix Clang 19 C++ header detection on AL2023 aarch64 by @justsmth in #3152
  • Fix Clang 19 C++ headers and LLVM tool version mismatches on AL2023 by @justsmth in #3157
  • Small fixes for RSA_METHOD and EVP_PKEY_derive_set_peer by @dkostic in #3130
  • Add OPENSSL_INIT_ATFORK compatibility stub by @geedo0 in #3134
  • Bound ReadConsoleW by stack buffer size by @WillChilds-Klein in #3154
  • Change ML-KEM PKCS#8 encoding from expanded to seed form by @geedo0 in #3149
  • Add missing error return for short metadata keys by @WillChilds-Klein in #3151
  • Lower default SSL peek test rounds and remove CI workarounds by @justsmth in #3155
  • Check RSA-PSS digest algorithms for X509 by @skmcgrail in #3138
  • Shard valgrind CI job to avoid GitHub Actions timeout by @justsmth in #3158
  • Update target.h to support Loongarch64 ABI1.0 architecture by @binLep in #3093
  • Make some more half-empty EVP_PKEY states impossible by @nebeid in #3056
  • Prepare v1.72.0 by @geedo0 in #3162

New Contributors

Full Changelog: v1.71.0...v1.72.0

Check out latest releases or
releases around aws/aws-lc v1.72.0

Don't miss a new aws-lc release

NewReleases is sending notifications on new releases.

Get notifications