Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

s2n-devel-1.5.1-lp160.1.1 RPM for x86_64

From OpenSuSE Leap 16.0 for x86_64

Name: s2n-devel Distribution: openSUSE Leap 16.0
Version: 1.5.1 Vendor: openSUSE
Release: lp160.1.1 Build date: Mon Aug 26 17:23:53 2024
Group: Development/Libraries/C and C++ Build host: reproducible
Size: 224105 Source RPM: s2n-1.5.1-lp160.1.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/awslabs/s2n
Summary: Development files for s2n library
s2n is a C99 implementation of the TLS/SSL protocols.

This package contains the development files.

Provides

Requires

License

Apache-2.0

Changelog

* Mon Aug 26 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.5.1
    * Add performance regression tests in CI (#4701)
    * feat: JA4 fingerprinting (#4669)
    * Clarify s2nc/s2nd PQ output (#4702)
    * fix: building for AL2 (#4679)
    * ci(nix): Startup/configure apache for renegotiate test under nix (#4592)
    * fix: Initial config influences client hello parsing (#4676)
    * Add s2n_signature_preferences_20240521 (#4565)
    * New s2n core member (#4707)
    * Modify regression threshold to configurable percentage (#4698)
    * chore: remove unused benchmarks (#4696)
    * docs: add pq to usage guide (#4677)
  - from version 1.5.0
    * chore: Rust bindings bump v0.3.0 (#4697)
    * Merge commit from fork
    * fix: upload fuzz output to s3 when test fails (#4694)
    * fix(ci): partially revert checking out head from current clone. (#4693)
    * Enabling differential performance benchmarking (#4667)
    * chore: document OpenSSL-FIPS restriction on RSA key size (#4654)
    * ci: store fuzz artifacts in s3 (#4678)
    * feat: Changes ticket encryption scheme to be nonce-reuse resistant (#4663)
    * chore: Bump rust bindings to 0.2.11 (#4690)
    * fix(bindings): enforce waker contract on `poll` operations (#4688)
    * docs: update blinding docs (#4686)
    * fix: zip corpus files before uploading to s3 (#4685)
    * Adopt CBMC 6.1 and cbmc-viewer 3.9 (#4661)
    * test(cbmc): add stuffer hex proofs (#4659)
    * fix: don't fail for 0 blinding delay (#4671)
    * chore(bindings): release 0.2.10 (#4683)
    * feat(bindings): Add hyper compatibility crate (#4617)
    * refactor: switch JA3 to use stuffer hex methods (#4662)
    * fix: SSLv3 handshake with openssl-1.0.2-fips fails (#4644)
    * feat(bindings): add renegotiate to the rust bindings (#4668)
    * ci: move fuzz corpus to S3 (#4665)
    * fix: default s2nc should accept default s2nd cert (#4670)
    * fix: add missing corpus files for s2n_deserialize_resumption_state_test (#4672)
    * refactor: clean up other hex methods (#4664)
    * Set up regression benchmark for scalar performance (#4649)
    * ci(nix): Setup a head build for the cross_compatibility integ test (#4567)
    * fix: new clippy lints (#4666)
    * fix: allow for clock skew in resumption (#4650)
    * fix: Refactor some s2n_resume functions (#4648)
    * fix: pin tokio-macros version (#4658)
    * refactor: move stuffer hex methods out of testlib (#4653)
* Fri Jul 26 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.14.18
    * chore: Bump Rust bindings v1.4.18 (#4656)
    * fix: Removing new usage of memcmp (#4657)
    * Merge commit from fork
    * Update s2n_connection_get_kem_group_name() to
      work with ClientHelloRetries (#4652)
    * fix: avoid cert validation on connection_set_config (#4612)
    * ci: add merge_group event to GHA workflow. (#4646)
    * feat: Add API to gate session tickets to TLS1.3 only (#4645)
    * feature: reusable fingerprinting interface (#4628)
    * refactor(bindings/s2n-tls): finish test harness refactor (#4636)
    * test(pcap): handle pcaps with tcp fragmentation (#4643)
    * Refactor: change is_available return type to
      bool in s2n_cipher struct (#4630)
    * Refactor: change init and destroy_key return type to
      S2N_RESULT in s2n_cipher struct (#4639)
    * Refactor: change set/get_decryption_key return type to
      S2N_RESULT in s2n_cipher struct (#4638)
    * chore: document why SHA1 is the only supported hash algorithm
      for cert_id generation in OCSP response (#4625)
    * ci(nix): Add tshark to nix devshell (#4571)
    * refactor: use feature probe for AEAD gate logic instead of
      AWS-LC/BoringSSL macros (#4642)
    * api(bindings/s2n-tls)!: remove public testing feature (#4623)
    * chore(bindings): release 0.2.8 (#4635)
    * feat(bindings/s2n-tls): add client_hello_version (#4609)
    * fix: remove S2N_NO_PQ option (#4622)
    * chore: fix CBMC proof summary count (#4627)
    * refactor: separate out ja3 specific logic (#4578)
* Tue Jul 09 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.17
    * bug: Fixing bash error (#4624)
    * chore: make cbmc proof build more strict by adding -Werror flag (#4606)
    * Perform 2-RTT Handshake to upgrade to PQ when possible (#4526)
    * test(bindings/s2n-tls): refactor testing::s2n-tls tests (#4613)
    * docs: add timeout note to blinding delay docs (#4621)
    * docs: Add back suggested FIPS + TLS1.3 policy (#4605)
    * ci: shallow clone musl repo (#4611)
    * example(bindings): add async ConfigResolver (#4477)
    * chore: use CBMC version 5.95.1 (#4586)
    * s2n-tls rust binding: expose selected application protocol (#4599)
    * test: add pcap testing crate (#4604)
    * testing(bindings): add new test helper (#4596)
    * chore(bindings): fix shebang in generate.sh (#4603)
    * fix(s2n_session_ticket_test): correct clock mocking (#4602)
    * Fix: update default cert chain for unit tests (#4582)
    * refactor(binding): more accurate naming for const str helper (#4601)
    * fix: error rather than empty cipher suites (#4597)
    * chore: update s2n_stuffer_printf CBMC harness (#4531)
    * ci(nix): Fix integ pq test in a devShell (#4576)
    * feature: new compatibility-focused security policy preferring ECDSA (#4579)
    * compliance: update generate_report.sh to point to compliance directory (#4588)
    * ci: fix cppcheck errors (#4589)
    * chore: cleanup duplicate duvet citations (#4587)
* Tue Jun 11 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.16
    * Merge pull request from GHSA-52xf-5p2m-9wrv
    * chore(bindings): release 0.2.7 (#4580)
    * fix: Validate received signature algorithm in EVP verify (#4574)
    * refactor: add try_compile feature probe for RSA-PSS signing (#4569)
    * feat: Configurable blinding (#4562)
    * docs: document s2n_cert_auth_type behavior (#4454)
    * fix: init implicit iv for serialization feature (#4572)
    * [Nix] adjust pytest retrys (#4558)
    * fix: cert verify test fix (#4545)
    * fix: update default security policies (#4523)
    * feat(bindings): Associate an application context with a Connection (#4563)
    * chore(bindings): version bump (#4566)
    * Additional test cases for s2n_constant_time_equals() (#4559)
    * test: backwards compatibility test for the serialization feature (#4548)
    * chore(bench): upgrade rustls (#4554)
* Tue Jun 04 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.15
    * bug(nix:corretto): use autoPatchelfHook on all systems and ignore als… (#4561)
    * feat(bindings): Add API to check for resumption (#4552)
    * fix: Send zero-length NST when session key is expired (#4532)
    * feat: add key preferences to rfc9151 policy (#4540)
    * chore: bindings release 0.2.5 (#4551)
    * refactor: Avoid unnecessary s2n_hmac calls in s2n_record_write (#4539)
    * feat: Modify s2nd/c to do serialization/deserialization (#4533)
* Mon May 13 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.14
    * fix: Increase received signature scheme limit (#4544)
    * fix: Fix a bug in tls1.3 code path (#4513)
    * ci: grep for S2N_RESULT_ERR without setting s2n_errno (#4534)
    * style(bindings): fix new clippy lints (#4536)
    * bin: tool to print security policies (#4524)
    * feat[bindings]: fips feature flag (#4527)
    * feat: set certificate_authorities from trust store (#4509)
* Wed May 08 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.13
    * chore(bindings): release 0.2.4 (#4530)
    * nix gdb/lldb utils (#4460)
    * binding: Add s2n_connection_get_session on the Connection (#4522)
    * chore: update s2n-core team (#4520)
    * fix: Python integ tests are flaky on arm (#4512)
    * ci: Nix libcrypto helpers (#4422)
    * ci: Remove actions-rs (#4514)
    * chore(bindings): Pin `zeroize` to avoid MSRV increase (#4519)
    * feat: add missing numbered security policies (#4511)
    * docs(bindings): fix client hello doc tests (#4495)
    * docs: add more warnings about security policy defaults (#4507)
    * feat: add basic support for certificate_authorities (#4506)
    * fix: Fix redundant code (#4504)
    * chore: Rust bindings bump v1.4.12 (#4505)
    * fix(sidetrail): Invalid stream cipher struct in proof wrapper (#4484)
    * refactor: rename error + extension iana for consistency (#4503)
  - from version 1.4.12
    * feat: Serialization Rust APIs (#4493)
    * refactor: combine TLS1.2 and TLS1.3 sig scheme representations (#4498)
    * feat: Release C APIs for serialization (#4501)
    * fix: Wipe conn->in on all record parse failures (#4499)
* Mon Apr 15 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.11
    * chore(bindings): release 0.2.2 (#4497)
    * feat(binding): add key update request api (#4469)
    * tests: Serialization feature with post-handshake features (#4489)
    * fix: add missing TLS1.3 p521 sig schemes (#4496)
    * fix: correct broken early data test (#4494)
    * fix: better errors for all client auth failures (#4492)
  - from version 1.4.10
    * feat: add s2n_peek_buffered (#4490)
    * feat: reduce read syscalls to improve performance (#4485)
    * feat: connection serialization (#4468)
    * chore(bindings): release 0.2.1 (#4486)
    * fix(bindings): print cargo commands to stdout (#4482)
* Thu Apr 04 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.9
    * New TLS1.2-only variant of 20230317 policy (#4483)
    * ci: add asan runs under gcc (#4402)
    * fix: Adds non_exhaustive flag to FingerprintType
    * fix: refactor rust bindings fingerprint methods (#4474)
    * example(bindings): client hello cb example (#4385)
    * feat: getter for TLS1.2 master secrets (#4470)
    * bindings: ensure CFLAGS includes come after build script includes (#4475)
    * bindings: mark Connection as Sync (#4467)
    * Make S2N_CERT_AUTH_OPTIONAL the default for clients (#4390)
    * fix(test): narrow valgrind suppressions (#4369)
    * fix: pedantic memory leak in handshake test (#4463)
    * chore(bindings): release 0.1.7 (#4462)
* Fri Mar 22 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.8
    * feat: Add additional EC key validation for FIPS (#4452)
    * refactor: UBSAN build and address out of bound reads  (#4440)
    * Add s2n_stuffer_shift (#4458)
    * style: fix declarations without initial value (#4404)
    * feat: Add FIPS mode getter API (#4450)
    * remove unnecessary includes (#4451)
    * refactor: clang-tidy null deref and undefined mod (#4436)
    * refactor: make memmove vs memcpy behavior clearer (#4447)
    * fix(bindings): Apply with_system_certs to Config builder (#4456)
  - from version 1.4.7
    * api: add key update request functionality (#4453)
    * style: manual initial value fix (#4449)
  - from version 1.4.6
    * docs: Specify the return value of S2N_FAILURE for IO APIs (#4446)
    * refactor: enforce stuffer return check (#4399)
    * refactor: fix unread variable warnings (#4405)
    * fix: Unsets global libcrypto rand (#4424)
    * Relax HRR consistency requirements for second client hello (#4429)
    * fix: prevent enabling ktls with a buffered record header fragment (#4426)
    * feat: add cert key preferences (#4434)
    * chore: bindings bump 0.1.6 (#4437)
    * test: add cert chain with mixed key sizes (#4433)
    * feat: apply cert signature preferences locally (#4407)
    * docs: Extend license check to .rs files (#4428)
    * fix(test): fix dangling pointers in cert verify test (#4430)
    * Add Rust bindings for certificate chains (#4398)
  - from version 1.4.5
    * fix: parse fragmented sslv2 client hellos (#4425)
    * chore(ci): Give OpenBSD CI job a performance boost (#4427)
    * fix: s2n_shutdown should handle partial records (#4421)
    * feat: Server name getter for client hello (#4396)
    * refactor: zero static s2n_configs on cleanup (#4416)
    * Removed unused dependencies (#4417)
    * chore(bindings): release 0.1.5 (#4420)
    * chore(bindings): release 0.1.4 (#4418)
    * bindings: use aws-lc-rs instead of aws-lc-sys (#4415)
* Wed Feb 21 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.4
    * allows cmake to force crypto linkage (#4383)
    * refactor: consolidate record wiping (#4412)
    * build: make CMake test flags more consistent with make (#4392)
    * style(bindings): address new clippy lint (#4411)
    * refactor: generalize cert sig preference handling (#4379)
    * feat: More client hello getters (#4380)
    * fix: only initialize default tls 1.3 config in tests (#4302)
    * Check fd status before using urandom (#4352)
    * utils: add map iteration iterator (#4377)
    * chore(bindings): release (#4388)
    * chore(bindings): bump aws-lc-sys (#4393)
    * s2n-tls-tokio: use s2n_shutdown_send instead of s2n_shutdown (#4374)
    * enforce result checking for blob and mem (#4389)
* Wed Feb 07 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.3
    * ci: Disable broken rust dry-runs (#4384)
    * Fix SSLv3 detection with AWS-LC (#4361)
    * More specific error for unexpected cert request (#4381)
    * test: Adds SSLv3 integ test (#4372)
    * chore: add valgrind to nix develop (#4365)
    * test: additional test certs (#4378)
    * chore: bindings release 0.1.2 (#4376)
    * test: add additional test certs (#4353)
    * feature: Use S2N_FAST_INTEG_TESTS to run
      pytest in parallel under nix (#4368)
    * refactor: ossl x509 parsing (#4351)
* Fri Jan 26 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.2
    * docs(bench): update docs to reflect aws-lc default (#4336)
    * Fix initialization errors in unit tests (#4370)
    * bindings: fix handling of s2n_shutdown errors (#4358)
    * Fix s2n_shutdown + failed recv bug (#4350)
    * Add new PQ TLS Policies (#4327)
    * ktls: add method to track key updates (#4364)
    * Move client hello parsing out of unstable (#4359)
    * bindings: clean up blinding tests (#4356)
    * ci: cmake asan buildspec (#4048)
    * fix: stack-use-after-scope variable ordering (#4355)
    * fix(bindings): remove optional cmake dependency (#4347)
    * ktls: improve messaging around freed handshakes (#4346)
    * bug: Fixes mdbook action (#4345)
    * feat: Publishes mdbook to Github Pages (#4343)
    * Add PQ integration tests between s2n and AWS-LC's libssl (#4267)
    * chore: bindings release 0.1.1 (#4341)
    * (feat): Adds API to allow s2n-quic to check for resumption (#4335)
    * bindings: ensure CFLAGS includes come after libcrypto includes (#4338)
    * Add FIPS security rule (#4315)
* Wed Jan 03 2024 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.4.1
    * bindings: match tcp EOF behavior (#4323)
    * (docs): Reordered and moved usage guide into an mdbook (#4300)
    * ktls: add method to enable TLS1.3 (#4331)
    * ci: fix flaky interning test (#4334)
    * Add CBMC proof for s2n_stuffer_printf (#4309)
    * docs: remove gitter references (#4332)
    * ktls: handle TLS1.3 key limits (#4318)
    * ci: pin home crate to fix rust build (#4330)
    * ci: switch autopep8 action (#4322)
    * ci: ignore cbmc prereleases (#4328)
    * ci: switch FreeBSD back to vmactions (#4326)
    * ktls: add TLS1.3 support (#4314)
    * ci: fix pep8 linting (#4319)
    * cleanup: add getter for sequence number (#4317)
    * Mark inline asm output as earlyclobber (#4310)
    * bindings: release rust bindings 0.1.0 (#4313)
    * ci: add workflow for rust bench crate (#4210)
    * Enforce security rules on security policies (#4311)
    * documentation: fix security policy table (#4304)
  - from version 1.4.0
    * Add basic "security rules" (#4298)
    * Update CloudFront's upstream ECC Preference list (#4301)
    * Bump AWS-LC version to v1.17.4 (#4303)
    * Clean up selecting a signature algorithm (#4285)
    * Remove s2n's internal Kyber512 implementation, and rely on
      AWS-LC for Kyber support (#4283)
    * feat: Adds ConnectionInitializer to Rust bindings (#4250)
    * Remove NULLs in s2n_kex (#4293)
    * feat(bindings): use aws-lc-sys instead of openssl-sys (#4290)
    * fix: probe for all AES_GCM variants (#4295)
    * ci: add mainline coverage job (#4288)
    * bench: increase cert chain length (#4287)
    * fix(bindings): enable session tickets after setting callback (#4292)
    * fix(bindings): pin jobserver in more places and run cargo
      publish --dry-run in generate.sh (#4255)
    * bindings(rust): make callbacks Send + Sync (#4289)
    * Add API to retrieve the supported groups for a security policy (#4273)
    * test: Bump cross-platform actions to pull in fix for flaky BSD (#4278)
    * test: remove blinding from unit tests (#4281)
    * ci: update integ dependencies (#4261)
    * ci: add additional p-384 test coverage (#4275)
    * Detect KEM support at runtime (#4101)
    * Bumped version to 0.41.0 (#4276)
    * Change pkey parse methods to return s2n_result (#4271)
    * Fixes failing FreeBSD build in CI (#4272)
  - from version 1.3.56
    * ci: Minor cppcheck speedup (#4268)
    * fix: update permissions to allow dashboard to write to gh-pages. (#4228)
    * Clean up receiving peer sig alg (#4259)
    * Switch from vmactions to cross-platform-actions (#4266)
    * Update get_client_cert_chain API documentation (#4260)
    * Always apply the PARTIAL_CHAIN flag (#4258)
    * Allow TLS 1.2 servers to report client versions from
      the supported versions extension (#4249)
    * Clean up sending supported sig algs (#4254)
    * refactor(bench): remove non-generic connection logic (#4236)
    * docs: remove extra security policy item (#4248)
    * bindings: release 0.0.40 (#4251)
  - from version 1.3.55
    * Add new PQ TLS 1.3 policies (#4247)
    * Switch sig schemes from copies to references (#4237)
    * feat: Turns off automatic ticket creation for quic (#4239)
    * chore: pin dependency to fix rust MSRV issues (#4243)
    * feat: Processes post-handshake messages for quic (#4218)
    * bindings: release 0.0.39 (#4235)
    * Run clang-format (#4238)
  - from version 1.3.54
    * Merge pull request from GHSA-97r4-p6c4-5gv3
    * ktls: support aes256 (#4227)
    * ktls: forbid renegotiation (#4229)
    * ci: add ktls + asan build (#4213)
    * Add support for exporting symmetric keys from connections (#4230)
  - from version 1.3.53
    * ktls: make usable outside of tests (#4232)
    * overwrite the random state key only if initialized (#4225)
    * ci: Authorize requests to GitHub API (#4223)
  - from version 1.3.52
    * ktls: release APIs as unstable (#4217)
    * Add API to retrieve parsed supported groups (#4216)
    * docs: generate citations meta data and add CI check (#4205)
    * feat: add s2n_strerror_source API (#4209)
    * feat: send psk_ke_modes ext in first flight (#4177)
    * ktls: clean up enable (#4212)
    * Generalize io handling + add ktls EINTR handling (#4203)
    * ktls: fix flaky test (#4214)
    * docs: add rfc citations (#4202)
    * build: use feature probes for CLOEXEC (#4206)
    * Add asan support to cmake/nix (#4194)
    * ktls: receive app data (#4201)
    * docs: add citations for alert behavior (#4198)
    * bindings: release 0.0.38 (#4196)
    * ktls: recv alerts (#4199)
    * Reduce allocs in ktls app data send (#4181)
    * ktls: self-talk tests for send (#4189)
    * ci: run duvet when commits are merged into main branch (#4197)
    * ci: Upgrade asan to catch use after scope (#4192)
    * ktls: add sendfile (#4186)
    * Add test with ktls enabled to s2nGeneralBatch (#4190)
* Thu Sep 14 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.51
    * Add API to disable certificate validity period validation (#4183)
    * Commit buildspec for s2nGeneralBatch (#4188)
    * ktls: Send alerts (#4185)
    * Add AL2 test with system libcrypto (#4179)
    * ci: buildspec for qemu ktls test (#4175)
    * Add testlib to track memory allocations (#4180)
    * ktls: Send app data (#4174)
    * Small sendv doc fix (#4178)
    * api: Add S2N_EXTENSION_SUPPORTED_VERSIONS as s2n_tls_extension_type (#4160)
    * feat(benchmarks): Add session resumption support (#4173)
    * bindings: Release 0.0.37 (#4172)
* Fri Sep 01 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.50
    * Publish cert validation callback APIs and add documentation (#4161)
    * kTLS: implement recvmsg (#4154)
    * Fix clippy (#4166)
    * Add cert validation callback (#4156)
    * kTLS: implement sendmsg (#4147)
    * Fix s2n_ecdsa_secp521r1_sha512 + improve integ ECDSA coverage (#4148)
    * refactor and cleanup some ktls code (#4152)
    * Call enable_session_tickets before adding a ticket key (#4150)
    * kTLS: get and set control data on msghdr (#4146)
    * Don't exit nix dev shell on integ test failure (#4149)
    * docs(bench): update historical benching graphs and readme (#4136)
    * Use client_hello.parsed as precondition for retrieving client_hello (#4144)
    * bindings: release 0.0.36 (#4145)
    * Update blocked status documentation (#4139)
    * Make invalid chains available via get_client_cert_chain (#4134)
    * Adds resumption functions to Rust bindings (#4114)
* Thu Aug 17 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.49
    * ktls: mock send/recvmsg IO (#4109)
    * test: ensure s2n_recv blocked status behavior doesn't change (#4127)
    * Add additional Kyber768 tests (#4089)
    * Prevent get_peer_cert_chain from modifying existing cert chain (#4135)
    * Update build documentation (#4126)
    * feat(bench): add different parameters for memory benching (#4125)
    * feat(bench): add flamegraph generation to benchmarks
      and reuse configs when benching (#4128)
    * Add new Kyber768+ KEMs and security policy (#4034)
    * fix(bench): fix throughput bench issues and add documentation (#4130)
    * refactor(bench): unnest loops over parameters in handshake bench (#4129)
    * ktls: self talk inet socket test (#4075)
    * refactor(bench): feature cleanup for benches (#4120)
    * refactor(bench): move around and update scripts in bench crate (#4115)
    * Fix PR template styling (#4116)
    * bindings: release 0.0.35 (#4122)
    * refactor(bench): separate out client and server
      connections in benching harness (#4113)
  - from version 1.3.48
    * Print error for 32bit test (#4107)
    * ktls: set keys on socket and enable ktls (#4071)
    * Trying to use an invalid ticket should not mutate state (#4110)
    * fix: get_session behavior for TLS 1.3 (#4104)
    * feat(bench): add different certificate signature algorithms to benchmarks (#4080)
    * feat(bench): add memory bench with valgrind/massif (#4081)
    * feat(bench): add historical performance benchmark (#4083)
    * nix: pin corretto version (#4103)
    * bindings: release 0.0.34 (#4096)
  - from version 1.3.47
    * Fix try_compile bug on gcc 4 (#4091)
    * Fix clippy warnings (#4093)
    * Generify Kyber files + functions over security parameters (#4087)
    * Disabling sign compare check as debug build option, enabling
      wsign-compare check and fixing 32bit build failures (#4061)
    * ktls: config socket ULP (#4066)
    * feat(bench): add throughput benchmarks (#4077)
    * feat(bench): add mTLS to benchmarks (#4079)
    * Fix pthread key cleanup with musl libc (#4085)
    * feat: introduce s2n_key_material for handling key material info (#4047)
    * Fix openssl-1.0.2k x509 validator test failure (#4084)
    * bindings: release 0.0.33 (#4076)
    * feat(bench): add openssl handshake to benchmarking (#4069)
    * fix: Add implicit gcc flag to all feature probes (#4074)
    * nix: skip the sslyze test on aarch64 (#4050)
    * Adds new CRT policies (#4072)
    * Add KeyUpdate threading test (#4059)
* Wed Jun 28 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.46
    * Create new KMS TLS Policy with TLSv1.2 Minimum (#4068)
    * bindings: do not enable OCSP when calling trust_location() (#4016)
    * Fixes broken link in comment (#4060)
    * Disable build flag for openssl102 nix aarch64-linux (#4045)
    * Add rustls handshake to benchmarks (#4063)
    * remove kTLS feature probe (#4064)
    * Validate PRK output size in the libcrypto HKDF implementation (#4057)
    * s2n-tls handshake benchmark (#4053)
    * feat(bindings/s2n-tls): add ja-3 apis (#4009)
    * Fix TSAN s2n_shutdown failures (#4055)
    * Update nix corretto; make it platform aware. (#4043)
    * Add ThreadSanitizer (#4046)
    * feat: add checked return values diagnostic (#3798)
    * Fix usage guide examples + enable testing of examples (#4044)
    * Fix pthread leak (#4037)
    * Add libcrypto HKDF implementation (#4035)
    * ci: allow running multiple integ tests at once in nix devshell (#4029)
    * Never send KeyUpdate message if <TLS1.3 (#4038)
    * nix devShell with aws-lc (#4028)
    * fix: ossl3 legacy provider mem leak (#4033)
    * Add pre-TLS13 libcrypto PRF implementation (#4020)
    * ci: typos config file (#4021)
    * Refactor alerts to make behavior clear (#4019)
    * bindings: release 0.0.32 (#4032)
    * Fixes dynamic loading bug (#4024)
    * build: make feature flags consistent (#3921)
* Sat Jun 10 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.45
    * fix: improve compatibility with old Linux versions (#4027)
    * Disable retry client random validation outside of tests (#4023)
    * Only call getenv for integ test marker in s2n_init (#4025)
    * Publish minimal s2n_config APIs and add documentation (#3972)
    * Fix s2n_error_get_type mistake in usage guide (#4022)
    * nix: add an Openssl102 nix devShell (#4014)
    * fix(api/unstable): make all api methods visible (#4015)
    * test(bindings/s2n-tls-tokio): fix tokio bindings close test (#4007)
    * fix: open files with the O_CLOEXEC flag (#3989)
    * feat(s2n-tls): X509 asn1 refactor (#4011)
    * Add the libcrypto random generation implementation (#4004)
    * nix: Use nixpkgs gnutls instead (#4013)
    * nix: add a LibreSSL nix devShell (#4010)
    * style: simplfy api for test utility (#4008)
    * fix(s2nd): parse psk given to s2nd non-destructively  (#4006)
    * nix devShell with openssl3 (#3993)
    * Upgrade OpenSSL model for CBMC proofs (#3978)
    * Quoting RFC-4492 to verify behavior when supported_groups extension is not sent (#3998)
    * docs: add notes on s2nc and s2nd usage (#4003)
    * bindings: Add option to disable loading system certs (#3985)
    * Update FAQ + add s2n_negotiate example to Usage Guide (#3984)
    * test: add more x509 OCSP tests (#3970)
    * ci: enable ossl3 tls13 tests (#3992)
    * chore: bindings release 0.0.31 (#3997)
    * Print Wire Bytes In and Out for s2nc (#3986)
    * ci: nix devShell simplification  (#3964)
    * utils: Add a stale box to the GH dashboard; use an action for pushing pages (#3947)
  - from version 1.3.44
    * test: fix session-ticket, non-blocking-io tests on 32 bit (#3969)
    * ci: add 32 bit buildspec (#3977)
    * [ci]: Use custom library context for rc4 instead of global default context (#3980)
    * s2n_rand_cleanup: be sure to unregister s2n RAND engine from libcrypto (#3966)
    * docs: update clang-format and gdb documentation (#3967)
    * Only LTO on GCC (#3968)
    * style: clean up fuzz corpus (#3971)
    * Add test for cipher selection with dh params (#3974)
    * Add new API to perform half-close (#3952)
    * Add API to create s2n_configs without loading system certs (#3950)
    * chore: remove module.modulemap and allow customers to generate it themselves (#3961)
    * chore: bindings release (#3956)
    * Cover more situations where no close_notify is sent/received (#3957)
    * Add logging for failed CRT tests (#3962)
    * Fix end-of-data behavior (#3945)
  - from version 1.3.43
    * Fix expected negotiated version in client auth downgrade test (#3951)
    * ci: Disable automatically closing stale PRs (#3946)
    * add 32 bit cross-compile toolchain (#3924)
    * ci: Add AWSLC-FIPS 2022 to CI (#3943)
    * bindings: add verify_host_callback to the connection (#3925)
    * Add basic half-close TLS1.3 behavior (#3932)
    * Update IO section of Usage Guide (#3917)
    * Don't send close_notify after an alert (#3942)
    * Reinstate Kyber KEM check (#3905)
    * Add test to verify TLS1.2 downgrade  (#3939)
    * Add github stale action (#3929)
    * update security policy and rust binding documentation (#3906)
    * Remove unnecessary flush (#3940)
    * Adds FAQ doc (#3920)
    * ci: Update AWSLC test dependency to v1.8.0 (#3938)
    * Add note about server_name spec requirements (#3930)
    * doc: Flesh out steps in nix readme. (#3923)
    * Create new PQ TLS Policies with minimum of TLSv1.2 (#3927)
    * Attempts to fix flakiness in session_ticket_test (#3913)
    * test: Bump nix devShell python to 3.10 (#3914)
    * chore(bindings): release 0.0.29 (#3919)
    * test: add retry logic for well-known endpoints (#3918)
    * docs: add compliance notes for RFC 6125 (#3915)
* Wed Apr 19 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.42
    * CI: Restrict Nix integ test to 1 job (#3897)
    * Don't set actual_protocol_version early when resuming a session (#3907)
    * Expose curve details to rust bindings (#3912)
    * Move secret type out of tls12/tls13 union (#3908)
    * Appends S2N_API (#3910)
    * chore: bump rust bindings (#3909)
    * test: Nix s3 cache (#3904)
* Tue Apr 04 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.41
    * fix: remove broken check in test (#3901)
  - from version 1.3.40
    * Rewrite of the PSK section in Usage Guide (#3864)
    * test: cleanup after tests (#3831)
    * ktls: feature probe test (#3869)
    * Fixes some compiler warnings coming from tests (#3883)
    * tokio-s2n-tls: Enable access to the IO instance from TcpStream (#3882)
    * chore: bump rust bindings for 1.3.39 release (#3887)
    * Migrate Kyber 512 to EVP KEM API (#3853)
    * test: cleanup tests (#3832)
    * test: Add missing packages to nix devShell (#3885)
    * Document behavior of s2n_negotiate for a client with client auth (#3891)
    * Switch OpenBSD CI job GH action to something more robust (#3877)
    * Enable strict compile checks in unit test build (#3878)
    * ci: enable valgrind pedantic check (#3886)
    * Allow client hellos from raw bytes (#3871)
    * Add new security policy (#3895)
  - from version 1.3.39
    * Removed codecov github status badge. (#3859)
    * Add method to create Rust certs without private keys (#3860)
    * Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (#3800)
    * chore: bump rust bindings version; crates msrv to 1.63.0 (#3863)
    * ci: Check for msrv match between rust-toolchain an crates; make them match. (#3866)
    * fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_load_cns (#3870)
    * tests: add checks for LTO+interning compatibility (#3839)
    * Enforce that ENSURE and GUARD_OSSL use valid error codes (#3873)
  - from version 1.3.38
    * Add CMake targets for integration tests and switch CI to use them (#3776)
    * ci: reduce the number of BSD artifacts (#3837)
    * Enable -Wsign-Compare-check_v2-tests/unit (#3827)
    * Add github trigger event for merge queue (#3836)
    * Prevent auto-enabling OCSP requests for servers (#3830)
    * Enable -Wsign-Compare-check_v3-tests/unit/ (#3828)
    * Enable -Wsign-Compare-check_bin/_crypto/_stuffer/_utils/ (#3825)
    * Enable -Wsign-Compare-check_v1-tests/ (#3826)
    * Update s2n_libcrypto_validate_name_prefix to only
      check the prefix of the libcrypto name (#3779)
    * Enable -Wsign-Compare-check_tls/  (#3829)
    * Add OCSP stapling for client auth (#3770)
    * Enable -Wsign-Compare-check_CMakeLists (#3842)
    * CI: pin AWS-LC versions #3846
    * [bindings] Generalize async in preparation for pkey offloading (#3844)
    * fix: use actual_protocol_version for session ID (#3845)
    * Add JA3 to s2nd (#3838)
    * filter do_not_merge label from Ready to merge (#3849)
    * Remove unused s2n_config_client_hello_cb_enable_poll (#3850)
    * Run integv2 tests with nix (#3824)
    * ci: nix fmt action (#3834)
    * Add CBMC proof-running GitHub Action (#3840)
    * Upgrade OpenSSL model for CBMC proofs (#3857)
    * Bump Rust MSRV for latest openssl-src. (#3858)
    * Handle ASN.1 type detection errors (#3855)
    * [bindings] Add private key callback (#3847)
* Fri Feb 17 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.37
    * Make unstable fingerprint methods accessible (#3823)
    * Clean up thread-local memory (#3771)
    * bindings(rust): bump MSRV to 1.60.0 (#3833)
    * Criterion delta (#3811)
    * Add JA3 fingerprinting (#3817)
    * Clarify that AWS-LC is also supported (#3821)
    * Add unit test to check that the build's libcrypto
      reflects the CI's intended libcrypto (#3774)
    * Clarify SSLv2 ClientHellos (#3815)
    * Bump rust bindings for 1.3.36 release (#3818)
    * Add stuffer method for standard init process (#3814)
  - from version 1.3.36
    * ktls: rm kTLS request field on config (#3816)
    * ktls: add ktls_supported field to s2n_cipher (#3806)
    * Make test_install_shared_and_static easier to debug
    * ktls: s2n_ktls_mode and building blocks (#3797)
    * ci: Update OpenBSD's MEM_PER_CONNECTION, based on error message (#3791)
    * s2n-tls nix flake (#3794)
    * Updated rust bindings (#3802)
    * Update omnibus fuzz image; remove fuzz job we're not running anymore in PR (#3796)
    * Adds client hello section to usage guide (#3757)
    * Integration test to check default signature algorithm behavior (#3719)
    * Blob Initialization fix-Test_1 (#3790)
  - from version 1.3.35
    * fix: pass an empty string to host verify without usable identifiers (#3793)
    * add code coverage support (#3759)
    * ci: Enable CTEST_OUTPUT_ON_FAILURE on all targets (#3789)
    * Enforce that clippy msrv matches rust-toolchain (#3787)
    * Blob Initialization fix-Test (#3780)
    * s2n_shutdown should ignore unread messages (#3769)
    * Add min supported rust version for clippy (#3785)
  - from version 1.3.34
    * Initialize blobs and stuffers (#3783)
    * s2n_shutdown: no not require response during handshake (#3772)
    * ci: remove build-dashboard action from PR flow (#3764)
    * ci: remove build-dashboard action from PR flow (#3764)
    * Blob initialization fix-3 (#3768)
    * Consolidate handshake and post-handshake record writing (#3750)
    * Blob initialization fix-2 (#3762)
    * Rename OCSP extensions (#3765)
    * Record padding integration test (#3715)
    * Adds check to ensure no switching between state machines (#3747)
    * Clang format cleanup (#3767)
* Thu Jan 26 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.33
    * ci: enable multicore builds for unit test (#3753)
    * Blob initialization fix-1 (#3735)
    * ci: upgrade checkout action (#3761)
    * ci: Bump boringssl version (#3739)
    * chore(ci): add CI workflow for OpenBSD (#3754)
    * Remove unused extension functions (#3752)
    * Repair build on OpenBSD (#3670)
    * Criterion tests (#3534)
    * Fragment large post-handshake records (#3741)
    * Bump rust bindings for 1.3.32 release (#3746)
    * ci: improve test name parsing for criterion (#3704)
    * Ensure non-zero record protocol version (#3744)
    * Add check to s2n_signature_scheme_valid_to_accept (#3728)
  - from version 1.3.32
    * ci: Fix libfuzzer path for third-party-src dir (#3742)
    * added ecdhe_rsa_aes128 cipher to the tls_1_2_2017 policy (#3740)
    * Intentionally disable fragmenting KeyUpdates (#3708)
    * utils: guard POSIX signals with >S2N_FAILURE (#3733)
    * Autopep8 updated CI and code (#3736)
    * ci: CLean up integration v1 buildspecs (#3627)
    * ci: Update fuzz buildspec to use pre-built image (#3604)
    * Upgrade CBMC infrastructure (starter-kit 2.8.8) (#3731)
    * quick fix (#3716)
    * Update team members (#3640)
    * fix: disable pthread_atfork fork detection on OpenBSD (#3712)
    * Upgrade CBMC infrastructure (starter-kit 2.8) (#3727)
    * Adds TLSv1.2_2017 security policy with ECDHE-{RSA,ECDSA}-AES256-SHA ciphers enabled (#3723)
    * Fix s2n_record_write return value (#3722)
    * Remove unnecessary "extern" from function declarations (#3726)
    * Adds no-strict-prototypes (#3721)
    * Clang-format `tests/unit/s2n_[l-r].*\.c` and enforce in CI (#3677)
    * CBMC proofs: fix typing (#3718)
    * ci: codebuid scripts for criterion (#3703)
    * CBMC proofs: remove type-conflicting definition of s2n_calculate_stacktrace (#3714)
    * Clang-format `tests/unit/s2n_s.*\.c` and enforce in CI (#3678)
    * bindings bump (#3709)
    * Fix sizes in s2n_resume_test (#3705)
  - Drop patches for issues fixed upstream
    * s2n_disable-werror.patch
* Wed Jan 04 2023 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.31
    * Clang format `tls/s2n_[a-h].*\.[ch]` and enforce in CI (#3681)
    * tokio-s2n-tls: add poll_blinding and fix blinding on shutdown (#3700)
    * Clang-format `crypto/` and enforce in CI (#3680)
    * Clang-format `tls/s2n_[s-z].*\.[ch]` and enforce in CI (#3683)
    * Clang-format `tests/unit/s2n_[t-z].*\.c` and enforce in CI (#3679)
    * Clang format `tests/unit/s2n_[bc].*\.c` and enforce in CI (#3675)
    * Clang-format `tests/unit/s2n_[d-k].*\.c` and enforce in CI (#3676)
    * Add `CloudFront-TLS-1-2-2021-ChaCha20-Boosted` Security Policy w/ Docs Update (#3686)
    * Fix FreeBSD minherit arg naming (#3694)
    * Add config to read until error or supplied buffer is full (#3690)
    * Clang-format `tls/s2n_[i-r].*\.[ch]` and enforce in CI (#3682)
  - from version 1.3.30
    * chore: bump rust bindings version (#3693)
    * Clean up test trust store (#3692)
    * Add support for AWS-LC PQ KEM (#3634)
    * chore: introduce rust-toolchain and enforce MSRV (#3691)
    * bindings (rust): handle propagating the async client_hello callback error (#3687)
    * ci: Fix LibreSSL paths in CI (#3688)
    * tests: delete integv1 code (#3685)
    * bindings(rust): avoid unnecessarily zeroing the receive buffer in poll_read (#3662)
    * Handle fragmented post-handshake messages (#3641)
    * Add CodeQL workflow for GitHub code scanning (#3601)
    * ci: pin ubuntu version to 20.04 for cppcheck (#3673)
    * ci: Remove references to TEST=integration and related codebuild scripting (#3628)
    * Make header deps explicit in preperation for clang-format (#3684)
    * Clang-format of `tests/unit/s2n_[3a].*\.c` + transision to exclude regex (#3664)
    * Add prioritize_chacha20 flag to cipher preferences (#3543)
    * Fix default X509 store flags (#3671)
    * Regenerate CRL pems (#3672)
    * fix(tests): honour RFC 5280 4.1.2.5 when creating CRLs (#3669)
    * fix(rust-bindings): store client_hello_callback state on connection (#3631)
    * Bump rust bindings for 1.3.29 release (#3666)
    * Removes double semicolons and expands simple_mistakes.sh (#3665)
    * ci: Update OpenSSL dependencies (#3623)
    * Test for legacy version vs SupportedVersions priority (#3661)
    * Update to clang-format causes reformat of api folder (#3663)
    * clang-format `tests/testslib` and add to ci (#3650)
    * Fix flaky send buffer test (#3647)
  - from version 1.3.29
    * Fix clippy issues and formatting in bindings (#3659)
    * Add batch of clang-format PRs to .git-blame-ignore-revs (#3653)
    * Use gcc-ar instead of ar (#3625)
    * bindings(rust): Implement Deref and DerefMut traits for PooledConnection (#3642)
    * clang-format `utils/` and enforce in ci (#3651)
    * clang-format `api/` and enforce in ci (#3637)
    * clang-format `error/` and enforce in ci (#3638)
    * Fix file modes and enforce in ci (#3645)
    * clang-format `bin/` and enforce in ci (#3635)
    * Add and document CRL APIs (#3523)
    * clang-format `tls/extensions` and enforce in ci (#3633)
    * Add stuffer version of s2n_io_pair (#3632)
    * Add clang-format of stuffer to .git-blame-ignore-revs (#3629)
    * Add clang-format ci action (#3618)
    * Adds Usage Guide section on the Config object (#3620)
    * bump rust bindings for 1.3.28 release (#3622)
    * Add buffered send integration test (#3537)
    * Declaring Virtual Function Tables as const- crypto (#3616)
    * Add proof for TLS handshake with NPN extension nondeterministically enabled or disabled (#3613)
    * ci: Fix SAW sha_bad_magic_mod failure test (#3617)
    * Remove s2n_cbc_verify_test (#3615)
  - from version 1.3.28
    * bindings(rust): add lto in release mode (#3610)
    * wrapper for wall_clock  (#3611)
    * Fix very minor DeprecationWarning in integrationv2 (#3609)
    * Adds s2n_connection section to usage guide (#3605)
    * Fix to handle callback failure (#3597)
    * Move CRL timestamp validation into the CRL lookup callback (#3515)
    * Re-enable saw proofs for TLS handshake with NPN extension disabled (#3594)
    * [bindings] Fix client hello callback with config swap (#3600)
    * Fix FreeBSD build test bug (#3587)
    * Add some missing null ptr checks for defence in depth (#3596)
    * 1.3.27 bindings update (#3599)
    * Apache renegotiation integration tests (#3580)
    * Try to clarify the use of s2n_blob_zeroize_free (#3591)
* Fri Nov 11 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.27
    * Npn cleanup (#3590)
    * Ensure extended master secrets ext have no data (#3588)
    * LibreSSL version 3.5 implements the OpenSSL 1.1 API (almost) (#3589)
    * Update vmactions/freebsd github action (#3592)
    * Fix free error when using jemalloc (#3585)
    * Add rust binding for s2n_set_config_send_buffer_size (#3582)
    * NPN integration tests (#3583)
    * Adding null checks to tls/extensions and tls/s2n_perf (#3578)
    * Adds API for NPN support (#3575)
    * Add CRL lookup callback (#3546)
    * Bump Doxygen version 1.9.3 -> 1.9.5 (#3581)
    * Add apache renegotiation test server to CI (#3565)
    * Adds TLS12 Encrypted Extensions Messages (#3545)
    * Removing more failing saw (#3577)
    * bump to 0.0.17 (#3574)
    * More openssl renegotiate integ tests (#3570)
    * Added compliance comment for renegotiate (#3572)
    * Remove s2n-core from CODEOWNERS (#3571)
  - from version 1.3.26
    * Add IO debug info to integrationv2 framework (#3564)
    * Fix check for non-portable optimizations (#3573)
    * Handshake changes necessary to negotiate NPN (#3558)
    * Add array init with capacity API (#3554)
    * Basic renegotiation integ tests (#3563)
    * Rust bindings version bump for 1.3.25 (#3567)
  - from version 1.3.25
    * Only enable non-portable optimizations safety
      checks during GitHub CI builds (#3562)
    * Release renegotiation feature as unstable (#3556)
    * Refactor write_pem_file_to_stuffer_as_chain (#3553)
    * Temporarily removing TLS12 SAW tests (#3560)
    * Fix bug on RHEL5 platform (#3561)
    * Tweaks to HelloRequest handling (#3555)
    * ci: update group for labeler action (#3544)
    * test(rust-bindings): improve test reliability (#3552)
    * Add send-file option to s2nc (#3550)
    * Add API to handle renegotiation (#3549)
    * Change behavior when no protocols match (#3548)
    * Limit slow DHE handshakes in test (#3541)
    * Keep finished data on s2n_renegotiate_wipe (#3539)
    * Rust bindings version bump for 1.3.24 (#3540)
    * Add wrapper struct for X509_CRL (#3520)
    * Added NPN Handshake Message (#3526)
    * Add server secure_renegotiation checks for testing (#3533)
    * Finish compliance comments for secure renegotiation (RFC5746) (#3536)
  - from version 1.3.24
    * Fix fatal no_renegotiation alert (#3535)
    * Add renegotiation callback (#3527)
    * Partially wipe connections for renegotiation (#3522)
    * Revert "ci: Criterion integv2 test changes (#3222)" (#3531)
    * ci: Criterion integv2 test changes (#3222)
    * Enforce init and cleanup calling rules (#3512)
    * Fix npn test bug (#3529)
    * Npn Extension Functions (#3521)
    * ci: Move sidetrail docker container to other repo; rework sidetrail
      to install tooling ahead of time. (#3518)
    * docs: update openssl docs (#3503)
    * Add additional CBMC dependencies to README (#3517)
    * Refactor s2n_x509_validator_validate_cert_chain to support an async callback (#3500)
    * Fix memory leaked by s2n_cleanup (#3506) (#3506)
    * Disable AVX2 compiler flags in portable PQ implementation (#3508)
  - from version 1.3.23
    * Merge pull request from GHSA-m74w-59v6-c5r8
    * Merge pull request from GHSA-mm47-wjfh-4hf5
    * ci: Custom ubuntu18 image (#3513)
    * release: bump rust bindings (#3507)
    * Implement client-side safety features for secure renegotiation (#3497)
    * ci: Criterion benchmark handlers (#3223)
  - from version 1.3.22
    * Add compliance exceptions for server renegotiation (#3498)
    * Store explicit length of verify_data (#3494)
    * Send no_renegotiation alert (#3490)
    * Add FS2 Scala Native binding (#3496)
    * Allow static and shared libs to be mixed (take 2) (#3484)
    * Removing some LGTM warnings (#3493)
    * Add compliance comments for secure renegotiation initial handshakes (#3485)
    * release(rust-bindings): 0.0.13 (#3487)
    * Add test for verify after sign failure (#3486)
    * Add option to verify after sign (#3482)
    * Usage Guide Changes for Certificate Inspection Methods (#3480)
  - from version 1.3.21
    * Revert "Allow static and shared libs to be mixed. (#3467)" (#3483)
    * Allow static and shared libs to be mixed. (#3467)
    * openssl3 integration: cleanup providers (#3481)
    * openssl3 integration: store const RSA and EC_KEY (#3474)
    * ci: update freebsd image (#3479)
    * Fix documentation for record sizes (#3418)
    * Fix reference to wrong function (#3478)
    * ci: add openssl111 to LD_LIBRARY_PATH for integv2 testing (#3464)
    * Add test certificate chains and CRLs for testing CRL validation (#3458)
    * feat: add dynamic buffer capabilities (#3472)
    * openssl3 integration: workaround for new EVP_Cipher return code (#3466)
    * Allocate s2n_crypto_parameters separately (#3470)
    * Reference s2n_crypto_parameters via pointers (#3469)
    * openssl3 integration: work around for broken make build (#3468)
    * create rfc9151 security policy (#3431)
    * openssl3 integration: fix padding (#3450)
    * openssl3 integration: load legacy provider for rc4 cipher (#3457)
    * Re-worked Session Resumption Usage Guide Sections (#3423)
    * release(rust-bindings): 0.0.12 (#3462)
  - from version 1.3.20
    * Initialize locking sooner (#3456)
    * build and link s2n-tls with openssl3 (#3441)
    * build: fix Ubuntu quickstart instructions (#3452)
    * double fallback for load libcrypto (#3451)
    * tests: add global retries and fail fast (#3454)
    * Add basic buffered send behavior (#3434)
    * Fixing cargo clippy complaints (#3448)
    * Return s2n_result from x509 validator functions (#3444)
    * Correct CODEOWNERS team name (#3449)
    * Fuzz s2n_deserialize_resumption_state (#3421)
    * s2n_peek should not report partial, encrypted data (#3443)
    * Fix early data reporting on partial send (#3439)
    * rust bindings release 0.0.11 (#3437)
  - from version 1.3.19
    * ci(rust-bindings): Bump nightly version (#3430)
    * S2N client negotation of un-offered group fix (#3422)
    * Remove patch version from .so (#3426)
    * cleanup codecov from codebuild (#3425)
    * Shared library .so version (#3407)
    * Revert "ci: Temporarily pin AWS-LC to a commit before gcc4.8 breaks (#3414)" (#3424)
    * Set Openssl-1.0.2 locking callback (#3415)
    * Add more testing for s2n_send (#3409)
    * Miscellaneous Usage Guide Fixes (#3411)
    * Added RFC exception comment (#3405)
* Mon Aug 08 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.18
    * ci: Temporarily pin AWS-LC to a commit before gcc4.8 breaks (#3414)
    * [bindings] Bump s2n-tls-tokio version (#3413)
    * [bindings] Make errno a required dependency (#3412)
    * release (rust bindings) for v1.3.17 release (#3402)
    * [bindings] Fix constant name (#3410)
    * ci: update OSX env for FreeBSD action (#3406)
    * [bindings] Include errno in errors (#3403)
    * Don't force static crypto dependency in case of a static build (#3395)
    * pq: Remove support for BIKE, SIKE, and Kyber (Round 2) (#3392)
* Tue Jul 26 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.17
    * Don't wipe extensions after processing (#3401)
    * fail generate.sh when cargo fails (#3398)
    * Remove CBMC proof typechecking warnings (#3397)
    * ci: Remove Integration Tests from Omnibus (#3391)
    * Remove litani submodule and update CBMC starter kit to 2.5 (#3385)
    * Prevent modifying of shared cert chains through config API (#3384)
    * Fix how KeyUpdates trigger (#3387)
    * Added OCSP and CT Sections to the Usage Guide (#3382)
    * release(rust-bindings): 0.0.9 (#3388)
    * Add HRR compliance comments and tests for remaining TLS RFC sections (#3363)
    * build(rust-bindings): use the 2021 rust edition (#3386)
    * Add HRR compliance comments and tests for TLS RFC section 4.2.8 (#3362)
* Tue Jul 12 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.16
    * Add 'poll_' to polling method names (#3383)
    * Update fips_default security policy (#3378)
    * [bindings] Parity with unofficial bindings (#3374)
    * Add clone and initialisation unit tests (#3367)
    * [bindings] Export policy macro (#3375)
    * ci: Generate Duvet reports in CI (#3372)
    * Set server key share extension as a response extension (#3358)
    * Enable S2N_AES_SHA1/256_COMPOSITE when AWSLC_API_VERSION >= 18. (#3269)
    * Update CBMC starter kit to v2.4 (#3376)
    * Import Microsoft's recent PQCrypto-SIDH SIKE patches into s2n (#3366)
    * Temporarily change OpenSSL 1.1.1 versions to fix CI. (#3368)
    * [bindings] Get rid of 'raw' module (#3360)
    * Replace existing fork detection with the FGN implementation (#3355)
    * Fix clap dependency (#3361)
    * Add compliance comments and tests for TLS RFC section 4.1.4 (#3337)
    * [bindings] Apply async blinding (#3356)
    * [bindings] Add connection pooling support (#3336)
    * [bindings] Rework connection builder trait (#3335)
    * Expand random api tests (#3342)
    * docs: Documentation Clean Up (#3329)
  - from version 1.3.15
    * fix: Add option to disable stacktrace feature (#3345)
    * Fix interning build for cmake version 3.15+ (#3346)
    * docs: Make Doxygen prettier. (#3343)
    * free EVP_PKEY_CTX before returning from s2n_evp_sign/verify (#3333)
    * ci:Add valgrind tests for awslc (#3338)
    * Improve libcrypto checks (#3272)
    * fix: Accurately track wire_bytes_out (#3332)
    * ci: CodeBuild spec updates to support criterion integv2 (#3225)
    * [bindings] Handle async callback behavior (#3325)
    * release(rust-bindings): 0.0.8 (#3341)
    * Refactor randomness API tests (#3328)
    * Catch broken pipe exceptions on pipe flush. (#3321)
    * doc fix: Update documentation for s2n_connection_get_cipher. (#3330)
* Wed May 25 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.14
    * [bindings] Allow modification of new connections (#3320)
    * fix(bindings-rust): move vendored openssl-sys to dev-dependency (#3323)
    * ci: Temporarily remove more test endpoints with expired certs (#3322)
    * [bindings] Move enums to separate file (#3319)
    * Feature probe for EVP_rc4 (#3301)
    * Use CaDiCaL solver for s2n_stuffer_private_key_from_pem proof (#3318)
    * docs: Introduce Doxygen to s2n (#3302)
* Wed May 18 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.13
    * Enforce how the client hello is modified during retry (#3311)
    * Use SHA1+MD5 for <TLS1.2 + FIPS (#3310)
    * Don't generate a new client random on retries (#3312)
    * Rewrite cookie extension (#3306)
    * Fixed CBMC_ENSURE_REF calls where NULL return type expected (#3304)
    * ci: Fix boringssl unit tests (#3309)
    * Improve cmake logging (#3305)
    * [bindings] Clean up async behavior (#3299)
    * ci: Temporarily remove more test endpoints with expired certs (#3300)
    * ci: add awslc interning to omnibus (#3295)
    * fix(s2n-tls-sys): add cmake files to the include directive (#3297)
    * release(rust-bindings): 0.0.6 (#3296)
    * build(bindings): use cmake when building with pq feature (#3294)
    * [bindings] Add basic send and recv (#3290)
    * Interning not supported with FIPS enabled. (#3277)
    * fix: FreeBSD will now fail loudly (#3284)
    * [bindings] Hide ffi types + basic debug info (#3279)
* Thu Apr 28 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.12
    * Use pointer to variable type as required by cleanup attribute (#3289)
    * bug: fix s2n_connection->cookie_stuffer initialization (#3282)
    * Add test utility for fork tests (#3253)
    * Add additional libcryptos to V2 integration tests (#3244)
    * ci: GitHub actions for osx (#3280)
    * Fix MacOS unit tests (#3278)
    * build: use S2N_LIBCRYPTO to pick interning lib (#3276)
    * [bindings] Add basic s2n-tls-tokio skeleton (#3261)
    * exclude cast-qual in Cmake for aws-lcw (#3270)
    * Disable strict-prototypes diagnostic flag in Clang (#3275)
    * ci: check integv2 python for pep8 issues (#3271)
  - from version 1.3.11
    * auto format integv2 python (#3268)
    * ci: don't update the ghpages dashboard outside of main repo (#3267)
    * release(rust-bindings): 0.0.5 (#3256)
    * Add basic rust ci jobs (#3265)
    * Fix wrong assumption about osx/apple (#3264)
    * ci: temporarily remove expired certs (#3266)
    * fix: correctly export internal APIs (#3260)
    * deps: Upgrade CBMC submodules (#3259)
    * Fully separate key and secret state machines (#3238)
    * test: OCSP integrationv2 test with GnuTLS (#3207)
    * Port drbg.c functions to use S2N_RESULT (#3252)
    * feat(rust-bindings): add support for linking an external build (#3254)
  - from version 1.3.10
    * build: fix libcrypto interning (#3204)
    * Update install_awslc to install the correct FIPS branch of AWS-LC (#3255)
    * ci: add make install (#3224)
    * ci: Add a CRT codebuild job (#3245)
    * ci: script changes to test aws-crt (#3176)
    * Add step by step instructions to Readme (#3061)
    * ci: Issue/PR dashboard (#3235)
    * feat(rust-bindings): add support for mTLS (#3241)
    * Address new-ish python warning (#3208)
    * Add check on zero returned by EVP_CIPHER_CTX_ctrl. (#3221)
    * Changed function declarations to match their definitions (#3243)
    * Add missing safety macro deprecation messages (#3242)
    * Fix auto-generated RESULT_GUARD_RESULT macros (#3239)
    * sike_r3: add missing GNU note for executable stack on ELF (#3194)
    * Implementation of fork generation number API (#3191)
    * fix cmake package name in usage guide (#3232)
    * bindings: update version in preperation for publishing the bindings to crates.io (#3233)
    * bindings: manually track Config lifetime and expose
      ClientHelloHandler for client_hello_callback (#3216)
    * Remove nonexistent macro reference from docs (#3237)
    * internal api: add new api to poll client_hello callback (#3230)
    * Make secrets available early for QUIC (#3229)
  - from version 1.3.9
    * Remove PQ tests that break on Openssl DRBG calling pattern updates (#3231)
    * Split up slow pq test (#3226)
    * Secret reorder for s2n-quic (#3227)
    * Fix BIKE Round 3 try_compile statements (#3219)
    * Update sidetrail readme (#3220)
  - from version 1.3.8
    * Delete more old key schedule methods (#3215)
    * Wipe TLS1.3 secrets after handshake (#3212)
    * Fix cleanup issues with HELLO_REQUEST received during handshake (#3217)
    * Add tls13 state machaine file back (#3205)
    * api: add context on s2n_config. add internal api to
      access config set on connection (#3210)
    * Clarify TLS1.3 secrets tracking (#3213)
    * Remove old key schedule methods (#3209)
    * Refactor TLS1.3 key schedule (#3198)
* Tue Mar 01 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.7
    * Crypto variable update missing from #3181 (#3189)
    * SSLyze integrationv2 test (#3186)
    * Added try_compile for features.h (#3197)
    * bindings: update rust bindings (#3196)
    * Centralize transcript hash copy logic (#3195)
    * Enable PQ in FIPS mode with awslc (#3183)
    * Revert "Flush stdout with initial BEGIN_TEST message (#3185)" (#3193)
  - from version 1.3.6
    * Store TLS1.3 transcript hash digests rather than full hash state (#3188)
    * Remove in-source build target check hackery. (#3181)
  - Refresh patches for new version
    * s2n_fix-cmake-modules-path.patch
* Tue Feb 01 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.5
    * remove extra S2N_API (#3187)
    * Use `llvm_points_to_bitfield` in SAW proofs (#3155)
    * Add API s2n_client_hello_has_extension to check if extension exists (#3180)
    * Flush stdout with initial BEGIN_TEST message (#3185)
    * FreeBSD ci (#3184)
    * Add some comments to build scripts (#3182)
    * Document which macros should not be used for new code (#3179)
    * remove unused function s2n_actual_getpid (#3172)
    * Workaround AL2 nodejs package issue (#3174)
    * Add API method to translate errors to alerts (#3171)
    * Upgrade CBMC submodules (#3165)
    * tests: add s2n_init/s2n_cleanup tests (#3164)
* Thu Jan 20 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.4
    * Change AWS-LC aes-gcm aead APIs to the ones that
      are FIPS validated (#3137)
    * Conflicting ports in integration test (#3161)
* Tue Jan 04 2022 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.3
    * Fix s2n_connection_get_client_cert_chain for TLS1.3 (#3156)
    * Fixing Flakiness in Cross-Compat Test (#3158)
    * Enforce RSA-PSS saltlen requirements (#3157)
    * Rearrange TLS1.2 and TLS1.3 secret storage (#3154)
    * Use libcrypto signing methods in compliance with FIPS 140-3 (#3142)
    * docs: update readme (#3153)
  - from version 1.3.2
    * Adds Cross-Compatibility Test (#3147)
    * Makes s2n_stuffer_skip_whitespace verification friendly (#3143)
    * ci: fix Kwstyle (#3136)
    * only print on retries (#3151)
    * integration: enforce timeout, allow for the process to
      shutdown gracefully, run in non-blocking mode (#3148)
    * Added Script to Compile Main for Cross-Compat Testing (#3139)
    * Adds Options to Output and Input Session Ticket to s2nc (#3134)
    * Upgrade CBMC submodules (#3135)
* Thu Dec 09 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.3.1
    * Nitpick usage guide links (#3133)
    * FIPS Static Config is Only Created When Needed (#3129)
    * Fix build on NetBSD. (#3131)
    * Feature probe for EVP_md5_sha1() (#3128)
    * Allow EVP hash implementation to use EVP_md5_sha1 if available (#3126)
    * Allow synchronous private key operations (#3121)
  - from version 1.3.0
    * EMS Re-Release (#3122)
    * If QUIC, only offer TLS1.3 (#3124)
  - from version 1.2.1
    * tests: fix s2n_enable_tls13 deprecation warnings (#3120)
    * Fix FindLibCrypto for list-typed CMAKE_PREFIX_PATH (#3067)
    * Add AWS-LC FIPS integration target (#3084)
    * Detect nested s2n_negotiate calls (#3119)
    * build: add the option to enable LTO (#3117)
    * Prevent Uninitialized Memory Access in case of FIPS Mode Disabled (#3016)
    * Fixed EMS to work with Session Caching (#3102)
    * Rename internal HMAC implementations in s2n_prf to
      clarify which implementation is used (#3103)
    * Finish memcpy->memmove migration (#3110)
  - from version 1.2.0
    * Revert "EMS Release (#3053)" (#3113)
    * Reapply "Update QUIC parameters IANA (#3029)" (#3106)
    * Add a flag to s2nc to enable FIPS mode in the underlying libcrypto.
      Update integration tests to use the new flag when needed (#3101)
    * Added Backwards-Incompatible Ticket Version (#3099)
    * Don't allow QUIC to be enabled if TLS1.3 not possible (#3088)
    * ci: remove spaces from benchmark name (#3097)
    * Lets make S2N play nicely with the rest of the world shall we? Added … (#2669)
  - from version 1.1.2
    * ci: add a CODEOWNERS file (#3071)
    * utils: fix constant time equals return value (#3093)
    * Upgrade CBMC templates (#3094)
    * tests: fix fuzz count formatting (#3091)
    * Turn on Endpoint Tests (#3090)
    * Offer only TLS1.3 handshake options if QUIC enabled (#3085)
    * Added test for mutal auth (#3087)
    * Repair TLS 1.3 proofs after c096a55 (#3079)
    * Bench handshake (#3043)
    * Rename CBMC proof bound BLOB_SIZE -> MAX_BLOB_SIZE (#3073)
* Tue Oct 12 2021 Jan Engelhardt <jengelh@inai.de>
  - Trim conjecture and redundant metadata from description.
  - Simplify package names and set right shlib package name.
* Mon Oct 11 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.1.1
    * Advance CBMC litani and template submodules to latest release (#3072)
    * Update integv1 trust store (#3074)
    * Revert "Re-enable TLS 1.3 SAW tests (#3031)" (#3077)
    * Re-enable TLS 1.3 SAW tests (#3031)
    * Revert "Update QUIC parameters IANA (#3029)" (#3069)
    * NULL-check s2n_cert_chain_and_key_get_pkey_type (#3064)
    * Enable RSA_PSS_SIGNING_SUPPORTED when OPENSSL_IS_AWSLC. (#2801)
    * audit memcmp usage (#3059)
    * Turn on OCSP functionality for AWS-LC (#3058)
    * ci: Use stable for openssl1.1.1 (#3065)
  - from version 1.1.0
    * Fix TLS1.3 ticket lifetime math (#3060)
    * Add API to track session tickets sent (#3056)
    * Turn On Client OCSP Stapled Test (#3055)
    * EMS Release (#3053)
    * Add more well known endpoints for integration testing (#3054)
    * Update READING-LIST.md (#3004)
    * Add new Fuzz Test Corpus Files (#3021)
    * Remove ChaCha TLS 1.3 Cipher from KMS FIPS Cipher Pref List (#3039)
    * Re-enable Twitter.com client integration test (#3051)
    * Fix BIKE R3 PQ Assembly detection bug for AMD Zen 3 CPUs (#3050)
    * EMS Testing (#3042)
    * Enable Client-side TLS 1.2 Self Downgrade (#3030)
    * Allow QUIC to be enabled per-connection (#3048)
  - from version 1.0.19
    * Disable EndOfEarlyData message for QUIC + clean up
      QUIC special casing (#3044)
    * Fix TLS1.2 session cache + missing ticket key (#3041)
    * Remove twitter.com from endpoint handshake test for
      OpenSSL 1.0.2 (#3038)
  - from version 1.0.18
    * build: add libcrypto interning tests (#3035)
    * Add more TLS Security Policies with TLS 1.3 support (#3023)
    * Enable offloading of private key operations (#3024)
    * Fixes Potential IO Memory Leak (#3027)
    * build: add option to intern libcrypto (#3028)
    * Update QUIC parameters IANA (#3029)
    * Adding s2n_negotiate benchmarking framework (#3014)
    * Update s2n_cipher_suites.c (#3026)
    * Self Downgrade to TLS 1.2 if RSA PSS is not available and it's
      possible that it may be needed (#3009)
  - from version 1.0.17
    * Use pthread_equal for pthread_t comparison (#3022)
    * Fix pre-TLS1.2 ECDSA client certs (#3019)
    * Improved support for using s2n-tls from within an unloadable shared lib (#3011)
    * Adds EMS flag to session ticket (#2982)
    * Extra EMS Requirements (#3018)
    * Create 20210816 security policies (#3015)
    * Add RSA-PSS-PSS to integration tests (#3012)
    * Added s2n_client_hello_get_session_id calls (#3006)
    * Upgrade CBMC sub-modules (#3017)
    * Switch sigalg integ test to use s2n output instead of Openssl output (#3010)
    * bindings: import "mid-level" bindings (#2920)
    * Move/Modify methods from s2nd to common.h/common.c (#3008)
    * And test to verify unencrypted EncryptedExtensions rejected (#3003)
    * Fix behavior of signature scheme getters in TLS1.2 (#3007)
    * Added call to generate EMS when negotiated (#2986)
    * Test psk_kex_exchange_mode GREASE values (#3002)
    * introduce fd getter new API (#2981)
    * Fix build issue with AWS Common Runtime SDK CI (#3005)
    * Adds Client and Server EMS Extension (#2991)
    * Import Kyber512 Round3 AVX2 Implementation (#2946)
    * Moving code to broader files to allow for usage in other programs (#2996)
  - Refresh patches for new version
    * s2n_add-so-version.patch
* Thu Aug 12 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.0.16
    * Updated PSS support definition to account for new BoringSSL version (#2297)
    * Add quic_transport_parameters extension (#2288)
    * added unit test for sort order of s2n_all_cipher_suites in IANA order (#2192)
    * Add initial QUIC setup (#2283)
    * Fix macro usage, indexing and magic numbers (#2271)
  - from version 1.0.15
    * Add client-side support for PQ HRR (#2260)
    * Add AWS-LC pre-processor directive similar to BoringSSL (#2273)
    * Fix awslc codebuild hang (#2282)
    * Fixed processing issue with status request extension (#2229)
    * Update s2n to compile on FreeBSD (#2272)
    * Add aws-lc code build. (#2275)
    * Don't enable OCSP stapling if not available (#2253)
    * Improves performance and coverage of s2n_stuffer_* proofs (#2230)
    * Codebuild batch and Omnibus job (#2245)
    * Disable sending of PQ group IDs for FIPS or TLS1.2 (#2267)
    * Use NIST P-256 for key generation when client do not specify curve (#2265)
    * Fix TLS 1.3 server side OCSP metrics (#2241)
    * Add client/server share size fields to s2n_kem_group (#2269)
    * alloc and sub overflow proofs (#2255)
    * Add ECDSA ciphers for viewer side support (#2219)
    * Adds proof harnesses for s2n_array_free* functions (#2244)
    * Checking data size instead of data pointers in
      s2n_stream_cipher_null_endecrypt (#2263)
  - from version 1.0.14
    * Update CloudFront security policies (#2238)
    * Adds proof harnesses for s2n_array_* functions (#2246)
    * Implements client-side sending of PQ key shares for 1.3 (#2215)
    * Change fuzz coverage below minimum to an error (#2259)
    * Initialize slot variable to fix ARM compiler warning (#2258)
    * Adds proof harnesses for s2n_set_* functions (#2248)
    * Check if S2N_COVERAGE and FUZZ_COVERAGE are true (#2254)
    * Use allocation function for session key object (#2249)
    * Adds initial CBMC proofs for s2n_array and s2n_set (#2193)
    * Update the default keyshare list sent by the client  (#2190)
  - from version 1.0.13
    * Support TLS 1.3 clients that do not specify signature algorithms (#2222)
    * Importing Kyber512-90s PQ KEM (#2202)
    * build: fix cmake shared lib build (#2237)
* Wed Jul 07 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.0.12
    * Update Max Connection memory usage to support Round 3 KEM Groups (#2933)
    * Check for -1 return code from OCSP_basic_verify() (#2931)
    * Add Round 3 PQ TLS Policies (#2842)
    * Add public function for wiping the trust store (#2927)
    * fix memcpy bug in client hello - copy address of pointer (#2917)
    * Stops TLS13 From Erroring if Session Ticket Write Fails (#2928)
    * Fixing wrong file path in makefile for BIKE R3 (#2925)
    * Check Cipher Suite is ECC Before Returning Curve (#2908)
    * Add unit test to monitor s2n_connection size changes (#2913)
    * bindings: export include dir in rust build (#2918)
  - from version 1.0.11
    * Add a stale bot configuration (#2897)
    * bindings: add rust bindings (#2754)
    * Suggestion: Prevent randomness callbacks being set to NULL (#2916)
    * Reduce memory allocated for conn->out (#2904)
    * document sigpipe handling (#2909)
    * place -Werror behind a flag which is ON by default (#2903)
    * resolve -Wstrict-prototypes compiler warning (#2906)
    * OpenSSL rand-engine requires engine support (#2885)
    * Fix TLS1.3 dynamic record min calculation (#2900)
    * Make client respect max frag len extension result (#2898)
    * Initial proofs for s2n_socket functions (#2896)
    * Do not calculate transcript on failed connection (#2886)
    * Add gcov and lcov targets for pq (#2895)
    * Adds close markers to flaky test (#2863)
    * Fix some OCSP-related cert behavior (#2894)
    * Adding Usage Guide for Pre-Shared Keys (#2890)
    * Remove sikep434r2 code (#2864)
    * Adds Error Checking Around Fragment Length (#2888)
  - Refresh patches for new version
    * s2n_disable-werror.patch
    * s2n_fix-cmake-modules-path.patch
* Fri Jun 11 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.0.10
    * Release TLS1.3 Pre-Shared Key (PSK) (#2889)
    * Release early data / 0RTT (#2882)
    * Release TLS1.3 Session Resumption (#2877)
    * Limit session resumption PSKs processed (#2879)
    * Client should not accept invalid TLS1.3 ticket_lifetime (#2878)
    * Updates CI buildspec to include PSK integration tests (#2875)
    * Adds External PSK Integration Tests (#2821)
    * Make TLS1.3 ticket processing less strict to handle future changes (#2876)
    * Add handshake type message for integration tests (#2873)
    * Fixes s2n_get_session_length in TLS1.3 (#2858)
    * Update Codebuild batch spec with early data integration test (#2872)
    * Duplicate Certificate Error Message (#2870)
    * Early data integration tests (#2857)
    * Various small integration framework fixes (#2868)
    * Bring __ANDROID__ and ANDROID back for tm_gmtoff (#2869)
    * More fixes for BIKE R3 optimized builds (#2867)
    * Supports in-source build with AWS-LC. (#2714)
    * Larger chunk size based on worker count (#2865)
    * BIKE R3 fix for gcc-4.8.2 (#2866)
    * Fix BIKE_R3 build issue (#2860)
    * Error blinding updates / fixes (#2852)
    * BIKE Round-3 runtime code path selection based on CPU capabilities (#2793)
    * Removes tolower stub from CBMC proofs (#2853)
    * Stop rejected 0RTT data from triggering error blinding (#2849)
  - from version 1.0.9
    * Add new s2n_cert_chain_and_key load api that takes non-null-terminated
      data and length (#2753)
    * Adds TLS1.3 Session Resumption Integration Tests (#2814)
    * Integrate sikep434r3 x86_64 assembly (#2820)
    * Fix duplicate KEM assignment in pq_kem_test (#2848)
    * Adds new proof allocators for s2n_connection (#2832)
    * s2n_connection_get_session_id_len returns 0 for >= TLS1.3 (#2844)
    * Update codebuild script for NO_PQ when building unit tests with cmake (#2841)
    * Adds getters for connection signature algorithm and digest algorithm (#2843)
    * Adds TLS1.3 Session Resumption and Early Data Functionality to s2nd/s2nd (#2826)
    * Add signature validation for async sign call (#2791)
    * Make digest_allow_md5_for_fips proof UID unique (#2837)
    * Add BIKE Round 3 Fuzz Tests (#2790)
  - Add patch to strip -Werror from build flags
    * s2n_disable-werror.patch
* Mon May 17 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.0.8
    * Disable mlock during unit tests (#2829)
    * Fix HRR + 0RTT bug (#2824)
    * ci: Adding AL2 unit tests to CI (#2828)
    * Separate TLS1.2 and TLS1.3 client ticket memory lifecycles (#2825)
    * Remove unused macro and safeguard against removing prediction resistance (#2807)
    * Implement async private key op offload interface (#2779)
    * Updating api documentation for s2n_cert_chain_get_cert (#2822)
    * update usage docs (#2816)
    * Add AES-GCM prioritized versions of older security policies (#2767)
    * Async private key operation offload documentation (#2799)
    * ci:Create a NoPQ unit test job (#2451)
    * docs: add a Semver document (#2268)
    * Formally verify no memory leaks in s2n_stuffer (#2813)
    * Add early-data session resumption self-talk tests (#2795)
    * Formally verify no memory leaks for s2n_array & s2n_set deallocators (#2810)
    * Update gitter link (#2806)
    * Disable TLS1.3 ticket issuing outside of tests (#2809)
    * Ignore `munlock` failures (#2804)
    * Relax SIKE Round 3 architecture restrictions (#2800)
    * Ensure that s2n is initialized in s2n_free_object (#2805)
    * No optimization when debugging (#2798)
    * Formally verify no memory leaks in hash functions (#2792)
    * async_pkey support for s2n_client_verify (#2755)
    * Import sikep434r3 (#2701)
    * Use POSIX/glibc __USE_MISC feature detection instead of platform macros (#2778)
    * Adding EC_KEY_check_key for p521 curve (#2789)
    * Import kyber512r3 (#2694)
    * ci: add unit test to s2n_codebuild.sh (#2773)
    * Formally verify no memory leaks for s2n_blob (#2788)
    * tests: fix typos in identifiers and comments (#2783)
    * Clean up pq_kem_test and add negative test case for decaps (#2785)
    * Adds session-resumption self-talk tests (#2770)
    * ci: Codebuild al2 scripts (#2782)
    * Use S2N_HMAC_SHA256 in psk PRF match test case (#2746)
    * Make server_name send check more efficient (#2719)
    * Remove all occurrences of `#pragma check disable` (#2781)
    * Fix incorrect blob resize (#2784)
    * Make s2n_connection_get_session/session_length work for TLS1.3 (#2768)
    * Removes pragmas from CBMC-proof harnesses (#2775)
    * Avoid arithmetic operations on NULL pointers (#2772)
    * Make s2n_connection_get_session_ticket_lifetime_hint work with TLS1.3 (#2769)
    * Allow ecc preferences without secp256r1 (#2763)
    * docs: fix a few typos (#2765)
    * add missing Bike_r3 symbols when S2N_NO_PQ is set (#2771)
    * Update s2n_config_set_session_tickets_onoff for TLS1.3 (#2762)
    * Update s2n_connection_is_session_resumed for TLS1.3 (#2761)
    * Put limits on use of keying material (#2751)
    * Adds selection logic for resumption psks (#2743)
    * External PSK Integration Tests Part 1  (#2749)
    * Adding s2n_psk_get APIs (#2748)
    * Remove unnecessary BIKE R3 code for verbose logging (#2758)
* Mon Apr 26 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.0.5
    * utils: remove deprecated safety macros (#2747)
    * Fix loop counter overflow due to inconsistent type (#2739)
    * Upgrades CBMC templates for proof harnesses (#2744)
    * Import Bike Round 3 Implementation into s2n (#2726)
    * Cleanup TLS1.3 fixed ticket sizes (#2729)
    * Export symbols when building dynamically (#2730)
    * Check for validity in s2n_stuffer_wipe*operations (#2732)
    * Skip coverage upload (#2734)
    * Don't send the client_session_ticket extension when using TLS1.3 tickets (#2725)
    * Added server deserialize method (#2709)
    * Make early data callback async (#2717)
    * Include early data config in session tickets (#2720)
    * quic: add S2N_API to secret callback api (#2728)
    * Consolidate handshake pause logic (#2716)
    * Pinned bash script to previous commit (#2723)
    * Add early data callback (#2715)
    * Set early data context for new session tickets (#2718)
    * Adding prefix s2n_cert for s2n certificate APIs (#2713)
    * Safeguard linker flags on Apple (#2710)
    * Add APIs to send and receive early data (#2682)
    * Adds helper function to obtain the OID value from the X509v3 extensions (#2702)
    * Created GDB flag to remove optimizations (#2711)
  - from version 1.0.4
    * Add flags for non exec stack and read only GOT. (#2707)
    * Fix for failing resume test (#2706)
    * Add context to PSK selection callback (#2704)
    * Calculated obfuscated ticket age (#2697)
    * Don't allow non-post handshake messages to be received post handshake (#2703)
  - from version 1.0.3
    * Reduce fuzz timeouts due to codebuild timeout limits. (#2586)
    * Prepare s2n_config_set_psk_selection_callback to someday be async (#2689)
    * Add early_data_indication extension for new session tickets (#2686)
    * Don't allow both resumption and external PSKs at the same time (#2696)
    * Command Line Options Fix For s2nc.c (#2681)
    * Centralize and correct ">= S2N_TLS13" checks for extensions (#2699)
    * dont await close_notify alert if we have already received one before (#2674)
    * Add support for non blocking client hello callback (#2688)
    * Update OSX quickstart instructions (#2700)
    * Resolve conflict between 516a99e and abed2a3 (#2698)
    * Allow early data via s2n_negotiate/s2n_send/s2n_recv  (#2680)
    * Send the Client CCS message early when sending early data (#2691)
    * Handle pre-TLS1.3 peers and early data (#2690)
    * Adding a new resumption psk deletes all previous psks (#2684)
    * Add api to configure max early data for new tickets (#2683)
  - from version 1.0.2
    * Add methods to report early data status / limits (#2678)
    * Add bitflag to enable early data (#2679)
    * Added client deserialization method (#2675)
    * ci: disable go proxy (#2677)
    * Add s2n_connection_get_peer_cert_chain API (#2666)
    * Added nst to post_handshake handler (#2665)
    * Add method to perform a partial handshake (#2662)
    * Removes all proof allocators from CBMC proofs (#2668)
    * Update readable writable flags (#2667)
    * Read New Session Ticket message (#2657)
    * Add early data negotiation tests + misc minor fixes (#2658)
    * APIs to get s2n certificate in der format (#2649)
    * Added nst callback (#2639)
    * Handle rejected early data (#2647)
    * Add early traffic secrets  (#2645)
    * Adds support for incremental proof-results in CI reports (#2644)
    * ci: Update action
    * Add server early data indication extension (#2612)
  - Drop patches for issues fixed upstream
    * s2n_no-visibility-hidden.patch
* Tue Mar 16 2021 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 1.0.1
    * Make HRRs work with early data (#2611)
    * Reduce memory used by handshake arrays (#2628)
    * utils: apply safety codemod script (#2441)
    * ci: update cppcheck (#2638)
    * utils: remove the usage of S2N_ERROR_IF in favor of POSIX_ENSURE (#2636)
    * utils: add codemod script for explicit safety macro contexts (#2339)
    * Send New Session Ticket message (#2598)
    * Add support for riscv64 (#2613)
    * util: remove S2N_RESULT_TO_POSIX macro to reduce confusion (#2634)
    * Adjust test threshold (typo?) (#2631)
    * docs: Org change to aws (#2596)
    * utils: add safety_macros codegen script (#2423)
    * Parse multiple post-handshake messages in a record (#2604)
    * Fixed -Werror=strict-prototypes failure on s2n_error_location (#2632)
    * ci: bump the asan coverage instance type to 2XL (#2630)
    * [0RTT] Add early data handshakes (#2594)
    * Add client early data indication extension (#2610)
    * Self talk tests for External PSK  (#2578)
    * Removing flaky test (#2621)
    * Early data config should use cipher suite instead of iana value (#2608)
    * Make some alpn operations reuseable (#2609)
    * Allow no-op transitions in early data state machine (#2607)
    * Add separate extension list for HelloRetryRequest (#2605)
    * Build issue (#2606)
    * Detect "index" variable names to avoid build issues (#2597)
  - from version 1.0.0
    * Updating rsa_2048_sha256_uri_sans_cert (#2601)
    * Renaming index to psk_index to prevent name collision (#2595)
    * Added New Session Ticket send handler (#2580)
    * Add simple early data state machine (#2589)
    * Add CMake config to build benchmarks (#2582)
    * Add APIs to configure early data for external PSKs (#2581)
    * Update PQ KEM branches to use constant time functions. (#2590)
    * tls: add NSS key log callback (#2584)
    * Add missing newlines at end of feature test files (#2588)
    * Rework psk_selection_callback to use opaque structures (#2558)
    * api: add method to get the iana value for the negotiated cipher suite (#2550)
    * Add support for powerpc64 (#2533)
    * Refactor how external PSKs are configured (#2557)
    * ci: Cleanup travis (#2579)
    * Added new ticket api (#2549)
    * Remove the manual updating of the Yarn Debian key as CloudBuild as addressed this (#2560)
    * Probe for support of fall through attribute (#2559)
    * Removes unnecessary includes from CBMC proof harnesses (#2556)
    * Added new serialization format and updated encryption logic (#2538)
    * quic: ignore middlebox mode (#2554)
    * Add a command to manually update the Yarn Debian key (#2555)
    * ci: Update CodeBuild docker version, part 2 (#2535)
    * Remove s2n_cipher_suite_from_wire (#2546)
    * api: add method to append protocol preferences (#2534)
  - from version 0.10.26
    * extensions: fix quic_transport_parameters extension IANA value (#2551)
    * Detect nested send/recv calls (#2545)
    * Adds a proof harness for s2n_hmac_update (#2531)
    * Adds a proof harnesses for s2n_hmac_digest* functions (#2537)
    * Adds a proof harness for s2n_hmac_init (#2543)
    * Fix 'index' var shadowing with old toolchains (#2540)
    * Added session resumption to key schedule (#2528)
    * Adding callback to select a PSK identity (#2512)
    * ci: Fix annoying NONE error (#2491)
    * api: add s2n_errno_location function (#2532)
    * Migrate some KEX functions to S2N_RESULT (#2524)
    * Adds memory-safety proofs for s2n_hmac functions (#2525)
    * Adds memory-safety proofs for s2n_hmac functions (#2530)
    * ci: CodeBuild docker image version bump for fuzz jobs (#2527)
    * New CloudFront 2021 security policy (#2514)
    * Correct PSK + cert interaction (#2519)
    * Relax 3 bytes for cert length check (#2518)
    * Fix and simplify psk_param lifecycle (#2523)
    * enable secp521r1 in fips test security policy (#2516)
  - from version 0.10.25
    * Complete the migration to s2n_pq_is_enabled() (#2510)
    * Fix missing GUARDs after s2n_pkey_size calls (#2517)
    * Ensures memory safety in s2n_hmac functions (#2486)
    * Added set psk api (#2499)
    * Optimization for client psk extension on hello retry (#2508)
    * compliance: format a few comments  (#2511)
    * Update PQ fuzz tests to run when PQ is disabled (#2489)
    * Clean up PSKs after early secret calculation (#2506)
  - from version 0.10.24
    * Fix for rsa_pss_rsae_test (#2507)
    * Adding server pre_shared_key extension (#2494)
    * Reduce deprecated warning noise when building the tests (#2500)
    * Enforce that client psk extension is parsed last (#2493)
    * Added psk to key schedule (#2481)
    * Updates to readme and debugging docs for Sidetrail (#2478)
    * Ensure PQ is enabled when calling low-level PQ KEM functions (#2475)
    * Consolidate PQ unit tests (#2460)
    * Fix sys/poll.h import (#2224)
    * Added pre-shared key handshakes to tls13 state machine (#2445)
    * PskKeyExchangeModes extension (#2466)
    * Adds proof harnesses for s2n_hmac functions (#2457)
    * [PSK] Update s2n_hash_algorithm to s2n_hmac_algorithm (#2465)
  - Pass '-n %{name}-tls-%{version}' to %setup in %prep section
* Wed Dec 16 2020 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Update to version 0.10.23
    +  Fix memory allocation when session ticket is used (#2470)
    +  Remove unused security policies to avoid confusion (#2448)
    +  Refactor PQ crypto functions and header files (#2452)
    +  Update client auth integ tests to test ECDSA (#2454)
    +  Upgrades Litani (#2468)
    +  [PSK] Update cipher selection logic (#2443)
    +  Add support for debug conditions (#2433)
  - from version 0.10.22
    +  Eliminate EC_KEY_check_key validation in s2n_ecc_evp_write_params_point function (#2459)
    +  ci: AFL automation (#2395)
    +  Make server psk identity comparison constant time (#2437)
    +  Adds proof harnesses for s2n_dhe functions (#2439)
    +  Remove obsolete integv2 makefile target (#2450)
    +  Remove static qualifier from pq unit test helper function (#2449)
    +  Adds proof harnesses for s2n_hash functions (#2429)
    +  Add security policy to enable PQ TLS1.3 (#2444)
    +  Fix cert verify signature size calculation (#2442)
    +  Fix declaration order in cbmc_utils.c (#2438)
    +  Adds proof harnesses for s2n_dhe functions (#2440)
    +  Adds proof harnesses for s2n_hash functions (#2428)
    +  Adds CBMC proofs for s2n_evp functions (#2427)
    +  Added certificate signature preferences (#2370)
    +  PQ-enabled migration part 1 (#2426)
    +  Ensures memory safety in s2n_dhe functions (#2432)
    +  Adds CBMC proof harness for s2n_array_init (#2430)
    +  Only check the auth method for signatures server side (#2434)
    +  Ensure memory safety in s2n_hash functions (#2412)
    +  Add client pre_shared_key extension (#2409)
    +  Litani integration (#2381)
    +  S2n leaks (#2410)
    +  Update PSS support definition to account for new AWS-LC version (#2407)
    +  Upgrade OpenSSL verification model (#2408)
    +  Add psk binder functions (#2400)
    +  Update well known endpoint test with new PQ KMS ciphers (#2388)
    +  Allow for up to 1 trailing unparsed byte for cert length check (#2383)
    +  Remove hash state from s2n_map (#2386)
    +  Adds proof harnesses for s2n_hash functions (#2382)
    +  Verify HMAC with unbounded key/data. (#2353)
    +  Support for curve secp521r1 (#2344)
    +  Update saw (#2374)
    +  Adds a verification model for OpenSSL (#2293)
    +  ci: CodeBuild scripts to support AL2 (#2362)
    +  Add more QUIC safety checks (#2373)
    +  Add S2N_RESULT to a couple functions. (#2371)
    +  Add secret callbacks for QUIC (#2364)
    +  ci: Add well_known_endpoints to the Omnibus job (#2369)
    +  Pin the version of the BoringSSL test dependency (#2304)
    +  Improve run- and compile-time support for PQ assembly (#2338)
    +  Update the integv2 README to match the latest changes (#2365)
    +  Fix edge cases with buffer write in both s2nc and the java client. (#2367)
    +  Allow slightly overlarge TLS 1.3 inner plaintext (#2360)
  - Refresh patches for new version
    + s2n_no-visibility-hidden.patch
* Thu Nov 19 2020 John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
  - Initial build
    + Version 0.10.21

Files

/usr/include/s2n
/usr/include/s2n.h
/usr/include/s2n/unstable
/usr/include/s2n/unstable/crl.h
/usr/include/s2n/unstable/fingerprint.h
/usr/include/s2n/unstable/ktls.h
/usr/include/s2n/unstable/npn.h
/usr/include/s2n/unstable/renegotiate.h
/usr/lib64/cmake
/usr/lib64/cmake/s2n
/usr/lib64/cmake/s2n/modules
/usr/lib64/cmake/s2n/modules/Findcrypto.cmake
/usr/lib64/cmake/s2n/s2n-config.cmake
/usr/lib64/cmake/s2n/shared
/usr/lib64/cmake/s2n/shared/s2n-targets-release.cmake
/usr/lib64/cmake/s2n/shared/s2n-targets.cmake
/usr/lib64/libs2n.so


Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Dec 20 23:34:21 2024