Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update to 1.3.56 #2

Merged
merged 286 commits into from
Feb 11, 2024
Merged

Update to 1.3.56 #2

merged 286 commits into from
Feb 11, 2024

Conversation

nickitat
Copy link
Member

No description provided.

lrstewart and others added 30 commits February 23, 2023 15:18
@lrstewart
Add JA3 to s2nd (aws#3838)
eb83c3d
@WesleyRosenblum
filter do_not_merge label from Ready to merge (aws#3849)
55c8a52
@lrstewart
Remove unused s2n_config_client_hello_cb_enable_poll (aws#3850)
60da828
@harrisonkaiser
Run integv2 tests with nix (aws#3824)
6d4eb1f
@dougch
ci: nix fmt action (aws#3834)
5d1898a
@karkhaz
Add CBMC proof-running GitHub Action (aws#3840)
2352dd1
@feliperodri
Upgrade OpenSSL model for CBMC proofs (aws#3857)
9533076 
Signed-off-by: Felipe R. Monteiro <[email protected]>
@dougch
Bump Rust MSRV for latest openssl-src. (aws#3858)
a9c152f
@lrstewart
Handle ASN.1 type detection errors (aws#3855)
8062414
@lrstewart
[bindings] Add private key callback (aws#3847)
274f321
@amazonKamath
Removed codecov github status badge. (aws#3859)
4af1487
@lrstewart
Add method to create Rust certs without private keys (aws#3860)
e885b1b
@alexw91
Update s2n to latest revision of PQ Hybrid TLS 1.3 Draft RFC (aws#3800)
7640009 
* Update s2n to latest PQ Hybrid TLS 1.3 Draft Specification
@dougch
chore: bump rust bindings version; crates msrv to 1.63.0 (aws#3863)
e3cecf2
@dougch
ci: Check for msrv match between rust-toolchain an crates; make them …
61d77b0 
…match. (aws#3866)
@WesleyRosenblum
fix: disable defer cleanup in failure case in s2n_cert_chain_and_key_…
acb9cb5 
…load_cns (aws#3870)

* Revert defer_cleanup

* use ZERO_TO_DISABLE_DEFER_CLEANUP

* Add unit test

* Add second link

* Use defer cleanup for X509_NAME

* Break up test

* Call load cns multiple times

* Use default cert and check return values

* Avoid reassigning x509_name

* Move define pointer cleanup func into test
@camshaft
tests: add checks for LTO+interning compatibility (aws#3839)
8816a57
@lrstewart
Enforce that ENSURE and GUARD_OSSL use valid error codes (aws#3873)
77d70d8
@maddeleine
Rewrite of the PSK section in Usage Guide (aws#3864)
1707ff2
@toidiu
test: cleanup after tests (aws#3831)
ae5c47c
@toidiu
ktls: feature probe test (aws#3869)
bd0b756
@maddeleine
Fixes some compiler warnings coming from tests (aws#3883)
6f4e104
@mathpal @camshaft
tokio-s2n-tls: Enable access to the IO instance from TcpStream (aws#3882
d35e966 
)

* tokio-s2n-tls: Enable access to the IO instance from TcpStream

* Rename io_* get_* for getting the inner stream

---------

Co-authored-by: Cameron Bytheway <[email protected]>
@jmayclin
chore: bump rust bindings for 1.3.39 release (aws#3887)
63870f4
@WillChilds-Klein
Migrate Kyber 512 to EVP KEM API (aws#3853)
10ec83a 
New usage is based on [the KEM API design document][1] and [header][2].
Now that we're on a stable KEM API, we remove the
S2N_AWSLC_KYBER_UNSTABLE build flag and always use the linked
libcrypto's Kyber implementation if available. This flag wasn't
previously specified in any of our CI scripts, meaning that
AWS-LC-backed kyber was previously uncovered in s2n's CI. This commit
ensures that coverage and updates the PQ KEM unit test to asserts that
if (non-FIPS) AWS-LC is used as the backing libcrypto, it has the new
Kyber 512 KEM API available.

[1]: https://github.com/aws/aws-lc/blob/main/crypto/kem/README.md
[2]: https://github.com/aws/aws-lc/blob/92c56fbc15f9bb43c4ff062c6c02f7991fd417f6/include/openssl/evp.h#L880

Check for other pre-processor symbol from AWS-LC
@toidiu
test: cleanup tests (aws#3832)
b999dba
@dougch
test: Add missing packages to nix devShell (aws#3885)
736bbed
@lrstewart @maddeleine
Document behavior of s2n_negotiate for a client with client auth (aws…
3a4639e 
…#3891)

Co-authored-by: maddeleine <[email protected]>
@knightjoel
Switch OpenBSD CI job GH action to something more robust (aws#3877)
2004999
@aditishri18
Enable strict compile checks in unit test build (aws#3878)
7a5a07a
Mark-Simulacrum and others added 24 commits October 4, 2023 08:09
@Mark-Simulacrum
Add support for exporting symmetric keys from connections (aws#4230)
b15a1ba 
This is currently only supported for TLS 1.3 and is standard compliant,
using the TLS-Exporter function defined by RFC 8446:
https://www.rfc-editor.org/rfc/rfc8446#section-7.5
@lrstewart
ci: add ktls + asan build (aws#4213)
76fb286
@lrstewart
ktls: forbid renegotiation (aws#4229)
a6517c5
@lrstewart
ktls: support aes256 (aws#4227)
2a6ead7
@dougch @lrstewart
Merge pull request from GHSA-97r4-p6c4-5gv3
4654fec 
Co-authored-by: Lindsay Stewart <[email protected]>
@goatgoose
Run clang-format (aws#4238)
b0ada99
@goatgoose
bindings: release 0.0.39 (aws#4235)
5af7a0d
@maddeleine
feat: Processes post-handshake messages for quic (aws#4218)
18dd059
@toidiu
chore: pin dependency to fix rust MSRV issues (aws#4243)
2d05302
@maddeleine
feat: Turns off automatic ticket creation for quic (aws#4239)
a2b16d2
@lrstewart
Switch sig schemes from copies to references (aws#4237)
92c35cb
@WillChilds-Klein
Add new PQ TLS 1.3 policies (aws#4247)
3526e69
@WesleyRosenblum
bindings: release 0.0.40 (aws#4251)
6f86292
@jmayclin
docs: remove extra security policy item (aws#4248)
fa58945
@jmayclin
refactor(bench): remove non-generic connection logic (aws#4236)
dec039d 
This commit shifts the TlsConnection trait to make it more generic. The
purpose of this is to allow more general usage of the TlsConnection
objects. In the future, "purpose-specific" logic will be implemented on
the Config type rather than the connection type.
@lrstewart
Clean up sending supported sig algs (aws#4254)
e4f5bf6
@goatgoose
Allow TLS 1.2 servers to report client versions from the supported ve…
e9d48da 
…rsions extension (aws#4249)
@goatgoose
Always apply the PARTIAL_CHAIN flag (aws#4258)
e76363e
@goatgoose
Update get_client_cert_chain API documentation (aws#4260)
80db009
@lrstewart
Switch from vmactions to cross-platform-actions (aws#4266)
aa41c9b
@lrstewart
Clean up receiving peer sig alg (aws#4259)
5c860d7
@dougch
fix: update permissions to allow dashboard to write to gh-pages. (aws…
1dc74a5 
…#4228)
@lrstewart
ci: Minor cppcheck speedup (aws#4268)
95753f0
@vitlibar @nickitat
Fix memory leak from s2n_per_thread_rand_state thread-local data wh…
5e0c164 
…en using multiple threads.

See also aws/aws-sdk-cpp#1706.
@CLAassistant
Copy link

CLAassistant commented Jan 23, 2024
edited
Loading

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you all sign our Contributor License Agreement before we can accept your contribution.
2 out of 14 committers have signed the CLA.

✅ nickitat
✅ vitlibar
❌ toidiu
❌ lrstewart
❌ camshaft
❌ goatgoose
❌ jmayclin
❌ arielb1
❌ dougch
❌ Mark-Simulacrum
❌ WillChilds-Klein
❌ WesleyRosenblum
❌ maddeleine
❌ qinheping
You have signed the CLA already but the status is still pending? Let us recheck it.

@nickitat nickitat merged commit 8824ae2 into master Feb 11, 2024
0 of 2 checks passed
@nickitat nickitat deleted the upd_1.3.56 branch February 11, 2024 22:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.