Release: v1.3.52

Weekly release for Sept 25 2023

What's Changed

• ci: Add uemu test with ktls enabled by @lrstewart in #4190
• ktls: add sendfile by @lrstewart in #4186
• ci: Upgrade asan to catch use after scope by @lrstewart in #4192
• ci: run duvet when commits are merged into main branch by @toidiu in #4197
• ktls: self-talk tests for send by @lrstewart in #4189
• Reduce allocs in ktls app data send by @lrstewart in #4181
• ktls: recv alerts by @lrstewart in #4199
• bindings: release 0.0.38 by @goatgoose in #4196
• docs: add citations for alert behavior by @toidiu in #4198
• ktls: receive app data by @lrstewart in #4201
• Add asan support to cmake/nix by @lrstewart in #4194
• build: use feature probes for CLOEXEC by @camshaft in #4206
• docs: add rfc citations by @toidiu in #4202
• ktls: fix flaky test by @lrstewart in #4214
• Generalize io handling + add ktls EINTR handling by @lrstewart in #4203
• ktls: clean up enable by @lrstewart in #4212
• feat: send psk_ke_modes ext in first flight by @jmayclin in #4177
• feat: add s2n_strerror_source API by @camshaft in #4209
• docs: generate citations meta data by @toidiu in #4205
• Add API to retrieve parsed supported groups by @goatgoose in #4216
• ktls: release APIs as unstable by @lrstewart in #4217

Full Changelog: v1.3.51...v1.3.52

Release: v1.3.51

Weekly release for September 11 2023

What's Changed

• bindings: release 0.0.37 by @goatgoose in #4172
• feat(benchmarks): add session resumption support by @jmayclin in #4173
• api :Add S2N_EXTENSION_SUPPORTED_VERSIONS as s2n_tls_extension_type by @raycoll in #4160
• Small sendv doc fix by @lrstewart in #4178
• ktls: send app data by @lrstewart in #4174
• Add testlib to track memory allocations by @lrstewart in #4180
• ci: buildspec for qemu ktls test by @dougch in #4175
• Allow CI to build with default libcrypto by @lrstewart in #4179
• ktls: send alerts by @lrstewart in #4185
• Commit buildspec for s2nGeneralBatch by @lrstewart in #4188
• Add API to disable certificate validity period validation by @goatgoose in #4183

Full Changelog: v1.3.50...v1.3.51

Release: v1.3.50

Weekly release for August 25 2023

What's Changed

• Adds resumption functions to Rust bindings by @maddeleine in #4114
• Make invalid chains available via get_client_cert_chain by @lrstewart in #4134
• Update blocked status documentation by @goatgoose in #4139
• bindings: release 0.0.36 by @goatgoose in #4145
• Use client_hello.parsed as precondition for retrieving client_hello by @raycoll in #4144
• Update historical benching graphs and readme by @tinzh in #4136
• Don't exit nix dev shell on integ test failure by @lrstewart in #4149
• kTLS: get and set control data on msghdr by @toidiu in #4146
• Call enable_session_tickets before adding a ticket key by @maddeleine in #4150
• refactor and cleanup some ktls code by @toidiu in #4152
• Fix s2n_ecdsa_secp521r1_sha512 + improve integ ECDSA coverage by @lrstewart in #4148
• kTLS: implement sendmsg by @toidiu in #4147
• Add cert validation callback by @goatgoose in #4156
• Fix clippy warnings by @goatgoose in #4166
• kTLS: implement recvmsg by @toidiu in #4154
• Publish cert validation callback APIs and add documentation by @goatgoose in #4161

Full Changelog: v1.3.49...v1.3.50

Release: v1.3.49

Weekly release for August 14 2023

What's Changed

• Refactor benching harness to separate out client and server connections by @tinzh in #4113
• bindings: release 0.0.35 by @goatgoose in #4122
• Change PR template formatting to be more consistent by @tinzh in #4116
• Move around and update scripts in bench crate by @tinzh in #4115
• Feature cleanup for bench crate by @tinzh in #4120
• ktls: self talk inet socket test by @toidiu in #4075
• Unnest loops over parameters in handshake bench by @tinzh in #4129
• Fix throughput bench issues and add documentation by @tinzh in #4130
• Add new Kyber768+ KEMs and security policy by @WillChilds-Klein in #4034
• Add flamegraph generation and reuse configs to benchmarks by @tinzh in #4128
• Add different parameters for memory benching by @tinzh in #4125
• Update build documentation by @goatgoose in #4126
• Prevent get_peer_cert_chain from modifying existing cert chain by @lrstewart in #4135
• Add additional Kyber768 tests by @WillChilds-Klein in #4089
• test: ensure s2n_recv blocked status behavior doesn't change by @camshaft in #4127
• ktls: mock send/recvmsg IO by @toidiu in #4109

Full Changelog: v1.3.48...v1.3.49

Release: v1.3.48

Weekly release for July 28 2023

What's Changed

• bindings: release 0.0.34 by @maddeleine in #4096
• nix: pin corretto version by @dougch in #4103
• Add historical performance benchmark by @tinzh in #4083
• Add memory bench with valgrind/massif by @tinzh in #4081
• Add different certificate signature algorithms to benchmarks by @tinzh in #4080
• fix: get_session behavior for TLS 1.3 by @jmayclin in #4104
• Trying to use an invalid ticket should not mutate state by @lrstewart in #4110
• ktls: set keys on socket and enable ktls by @toidiu in #4071
• Print error for 32bit test by @lrstewart in #4107

Full Changelog: v1.3.47...v1.3.48

Release: v1.3.47

Weekly release for July 14 2023

What's Changed

• Add KeyUpdate threading test by @lrstewart in #4059
• Add new CRT policies by @maddeleine in #4072
• nix: Skip the sslyze test on arm by @dougch in #4050
• fix: Add implicit gcc flag to all feature probes by @goatgoose in #4074
• Add openssl handshake to benchmarking by @tinzh in #4069
• bindings: release 0.0.33 by @goatgoose in #4076
• Fix openssl-1.0.2k x509 validator test failure by @lrstewart in #4084
• feat: introduce s2n_key_material for handling key material info by @toidiu in #4047
• Fix pthread key cleanup with musl libc by @lrstewart in #4085
• Add mTLS to benchmarks by @tinzh in #4079
• Add throughput benchmark by @tinzh in #4077
• ktls: config socket ULP by @toidiu in #4066
• Enable -wsign-compare check by @aditishri18 in #4061
• Generify Kyber files + functions over security parameters by @WillChilds-Klein in #4087
• Fix clippy warnings by @WillChilds-Klein in #4093
• Fix try_compile bug on gcc 4 by @maddeleine in #4091

Full Changelog: v1.3.46...v1.3.47

Release: v1.3.46

Weekly release for June 23 2023

What's Changed

• build: make feature flags consistent by @camshaft in #3921
• Fixes dynamic loading bug by @maddeleine in #4024
• bindings(rust): release 0.0.32 by @camshaft in #4032
• Refactor alerts to make behavior clear by @lrstewart in #4019
• ci: typos config file by @dougch in #4021
• Add pre-TLS13 libcrypto PRF implementation by @goatgoose in #4020
• fix: ossl3 legacy provider mem leak by @jmayclin in #4033
• nix devShell with aws-lc by @dougch in #4028
• Never send KeyUpdate message if <TLS1.3 by @lrstewart in #4038
• ci: allow running multiple integ tests at once in nix devshell by @dougch in #4029
• Add libcrypto HKDF implementation by @goatgoose in #4035
• Fixes pthread leak by @maddeleine in #4037
• Fix usage guide examples + enable testing of examples by @lrstewart in #4044
• feat: add checked return values diagnostic by @camshaft in #3798
• Add ThreadSanitizer by @lrstewart in #4046
• Update nix corretto; make it platform aware. by @dougch in #4043
• Fix TSAN s2n_shutdown failures by @lrstewart in #4055
• feat(bindings/s2n-tls): add ja-3 apis by @jmayclin in #4009
• s2n-tls handshake benchmark by @tinzh in #4053
• Validate PRK output size in the libcrypto HKDF implementation by @goatgoose in #4057
• remove kTLS feature probe by @toidiu in #4064
• Add rustls handshake to benchmarks by @tinzh in #4063
• Disable build flag for openssl102 nix aarch64-linux by @dougch in #4045
• Fixes broken link by @maddeleine in #4060
• bindings: do not enable OCSP when calling trust_location() by @WesleyRosenblum in #4016
• Create new KMS TLS Policy with TLSv1.2 Minimum by @alexw91 in #4068

Full Changelog: v1.3.45...v1.3.46

Release: v1.3.45

Weekly release for June 01 2023

What's Changed

• Dashboard stale by @dougch in #3947
• ci: nix devShell simplification by @dougch in #3964
• Print Wire Bytes In and Out for s2nc by @alexw91 in #3986
• chore: bindings release 0.0.31 by @WesleyRosenblum in #3997
• ci: enable ossl3 tls13 tests by @jmayclin in #3992
• test: add more x509 OCSP tests by @jmayclin in #3970
• Update FAQ + add s2n_negotiate example to Usage Guide by @lrstewart in #3984
• bindings: Add option to disable loading system certs by @goatgoose in #3985
• docs: add notes on s2nc and s2nd usage by @WesleyRosenblum in #4003
• Quoting RFC-4492 to verify behavior when supported_groups extension is not sent by @aditishri18 in #3998
• Upgrade OpenSSL module for CBMC proofs by @feliperodri in #3978
• nix devShell with openssl3 by @dougch in #3993
• fix(s2nd): parse psk given to s2nd non-destructively by @WesleyRosenblum in #4006
• style: simplfy api for test utility by @jmayclin in #4008
• nix: add a LibreSSL nix devShell by @dougch in #4010
• nix: Use nixpkgs gnutls instead by @dougch in #4013
• Add the libcrypto random generation implementation by @goatgoose in #4004
• X509 asn1 refactor by @jmayclin in #4011
• fix: open files with the O_CLOEXEC flag by @toidiu in #3989
• test(bindings/s2n-tls-tokio): fix tokio bindings close test by @jmayclin in #4007
• fix(api/unstable): make all api methods visible by @jmayclin in #4015
• nix: add an Openssl102 nix devShell by @dougch in #4014
• Fix s2n_error_get_type mistake in usage guide by @lrstewart in #4022
• Publish minimal s2n_config APIs and add documentation by @goatgoose in #3972
• Only call getenv for integ test marker in s2n_init by @lrstewart in #4025
• Disable retry client random validation outside of tests by @lrstewart in #4023
• fix: improve compatibility with old Linux versions by @camshaft in #4027

Full Changelog: v1.3.44...v1.3.45

Release: v1.3.44

Weekly release for May 09 2023

What's Changed

• Fix end-of-data behavior by @lrstewart in #3945
• Add logging for failed CRT tests by @lrstewart in #3962
• Cover more situations where no close_notify is sent/received by @lrstewart in #3957
• chore[bindings]: release 0.0.30 by @toidiu in #3956
• chore: remove module.modulemap by @toidiu in #3961
• Add API to create s2n_configs without loading system certs by @goatgoose in #3950
• Add new API to perform half-close by @lrstewart in #3952
• Add test for cipher selection with dh params by @lrstewart in #3974
• style: clean up fuzz corpus by @jmayclin in #3971
• Only Rust LTO with GCC by @justsmth in #3968
• docs: update clang-format and gdb documentation by @jmayclin in #3967
• s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypto by @riverszhang89 in #3966
• Use custom library context for rc4 instead of global default context by @lrstewart in #3980
• Add 32 bit buildspec by @jmayclin in #3977
• test: fix session-ticket, non-blocking-io tests on 32 bit by @jmayclin in #3969

New Contributors

• @riverszhang89 made their first contribution in #3966

Full Changelog: v1.3.43...v1.3.44

Release: v1.3.43

Weekly release for April 27 2023

What's Changed

• docs: add compliance notes for RFC 6125 by @camshaft in #3915
• test: add retry logic for well-known endpoints by @camshaft in #3918
• chore(bindings): release 0.0.29 by @camshaft in #3919
• test: Bump nix devShell python to 3.10 by @dougch in #3914
• Attempts to fix flakiness in session_ticket_test by @maddeleine in #3913
• Create new PQ TLS Policies with minimum of TLSv1.2 by @alexw91 in #3927
• doc: Flesh out steps in nix readme. by @dougch in #3923
• Add note about server_name spec requirements by @lrstewart in #3930
• ci: Update AWSLC test dependency to v1.8.0 by @goatgoose in #3938
• Adds FAQ doc by @maddeleine in #3920
• Remove unnecessary flush by @lrstewart in #3940
• update security policy and rust binding documentation by @jmayclin in #3906
• ci: Add github stale action by @goatgoose in #3929
• Add test to verify TLS1.2 downgrade by @aditishri18 in #3939
• Reinstate Kyber KEM check by @WillChilds-Klein in #3905
• Don't send close_notify after an alert by @lrstewart in #3942
• Update IO section of Usage Guide by @lrstewart in #3917
• Add basic half-close TLS1.3 behavior by @lrstewart in #3932
• bindings: add verify_host_callback to the connection by @toidiu in #3925
• ci: Add AWSLC-FIPS 2022 to CI by @goatgoose in #3943
• add 32 bit cross-compile toolchain by @jmayclin in #3924
• ci: Disable automatically closing stale PRs by @goatgoose in #3946
• Fix expected negotiated version in client auth downgrade test by @goatgoose in #3951

Full Changelog: v1.3.42...v1.3.43