File aws-lc.changes of Package aws-lc
-------------------------------------------------------------------
Fri Aug 29 11:30:05 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.59.0:
* Support other field for PKCS7
* Add CFI directives to armv8-mont
* Add back RC4_options from decrepit
* Apache httpd integration test
* Fix clang-21 compile error
* Fix MariaDB integration test
* ML-KEM: Re-import mlkem-native
* ML-KEM: import and enable x86_64 backend from mlkem-native
* X509_REQ_verify for MLDSA44 and MLDSA87
* Remove BIT_INTERLEAVE support
* ML-KEM: Fix mlkem-native importer.sh
* Add CFI directives in md5-armv8.pl
-------------------------------------------------------------------
Thu Aug 14 12:47:07 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.58.1:
* Add support for EVP_PKEY_param_check
* Move check-linkage.sh to util
-------------------------------------------------------------------
Tue Aug 12 18:33:26 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.58.0:
* Add EVP_PKEY_check and EVP_PKEY_public_check
* Rewrite 4-fold batched SHAKE to be amenable to batched Keccak-F1600 assembly
* Fix Win64 unwind info alignment
* Migrate MSVC tests to CodeBuild
* Add optimized + verified hybrid AArch64 assembly for batched SHA3/SHAKE
* target.h: more clearly check for ppc64 endianness
* Impl SSL_client_hello_get1_extensions_present and friends
* Implement SSL_set_verify_result
* ML-DSA constant-time hardening for caddq, poly_chknorm, decompose
-------------------------------------------------------------------
Mon Aug 11 11:13:59 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.57.1:
* Resolve issue with conflicting pkg-config variables
- update to version 1.57.0:
* Preparation for Adopting SONAME and ABI Versioning
* Offer P521 for signature_algorithms in client Hello
* ML-KEM: Import AArch64 backend from mlkem-native
* Add back X509_STORE_get_verify_cb and X509_STORE_set_lookup_crls_cb
* Explicitly test that input length is as expected for ed25519ph
* Fix Libwebsocket Build
* Return NULL when a NULL or empty string is passed to NETSCAPE_SPKI_b64_decode
* Reimplement SSL_clear_num_renegotiations
* ABI monitoring GitHub workflow improvements
* Migrate Openssl-tool parameter parsing
* Add HMAC SHA3 benchmarks
* Re-import s2n-bignum after merge of ML-KEM/Keccak functionality
* Integrate formally verified AArch64 Keccak-x1 assembly
* Add a couple more no-ops for legacy builds
- remove soname.patch, as upstream formally introduced a soname
- adjust the lib names
- add the crypto lib as a requires to the devel package
-------------------------------------------------------------------
Wed Jul 23 13:51:05 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to version 1.56.0:
* Export BIO_f_md for consumers
* Remove obsolete python main patch
* Remove redundant conditions
* Implement pkcs8 cli
* Export BF_cfb64_encrypt
* Add pkey command to CLI tool
* Improve OpenSSL compatibility
* Fix PKCS12 Error Code
* Use SP 800-56Arev3 Section 5.6.2.1.4.b instead of
ECDSA PCT method
* Minimize the nginx patch even further
* Add LC contributors to allowlist
* Align -help return codes in tool-openssl CLI to match Openssl
* Dynamically link AWS-LC in cpython integration tests
* Add missing x509 CI to list of tests
* docs: Add FIPS documentation to BUILDING.md and README.md
* Implement SSL_CTX_set_client_hello_cb for ClientHello callback
* tool-openssl: Fix warning 'strnlen' specified bound 4096 exceeds
source size 128
* Pull in SSL_get_negotiated_group and TLSEXT_nid_unknown
from upstream
* Document non-support of TLS 1.3
- update to version 1.55.0:
* Add SSL_CTRL defines for SSL_*_tlsext_status_type
* Implement HMAC over SHA3 truncated variants
* Temporarily allowlist the webhook actors to AWS-LC
* Rework memory BIOs and implement BIO_seek
* s2n-bignum: Add prefix header to _s2n_bignum_internal.h
-------------------------------------------------------------------
Mon Jun 30 12:50:18 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 1.54.0:
* Rename SSL test files to match Scrutinice filter
* Order tool output
* Fix Console Test Suite Execution Locally
* Re-remove afunix.h
* Note a couple of typoed struct names that we'll leave alone
* Document that EVP_PKEY_CTX_set_rsa_keygen_pubexp takes ownership
* Remove sys headers from bio.h
* rwlock race tests is not a GoogleTest executable
* Add two new APIs to expose TLS 1.3 traffic secrets for kTLS
* Intentionally redefine iovec in headers as CI
- update to 1.53.1:
* Add timeouts to PQ TLS Integ Tests
* Split ssl handshake tests
* Add password prompting support & EVP_read_pw_string
* Impl BIO_ADDR_xxx functions
* Update mlkem-native to v1
- update to 1.53.0:
* Add build with hardened flag
* Openssl tool output ordered
* [SCRUTINICE] Remove redundant condition check
* Support relro in delocator
* Explicitly don't allow buffers aliasing in ctr-drbg implementation
* Remove unused Windows afunix.h
* Revert "Rework memory BIOs and implement BIO_seek (2nd try) (#2433)"
* Use max_cert_list for TLSv1.3 NewSessionTicket
* ML-KEM memory safety
* Improve support for multilib-style distros in our test scripts
* Fix Ru
* Add hardened build back in
* Fix OCSP integration test failures
* Fix some theoretical missing earlyclobber markers in inline assembly
* Simplify sshkdf and kbkdf
* Run 3p module tests on python 3.13, add patch for 3.14
* Fix service indicator in HKDF, more paranoid zeroization, and simplify logic
= make it so that the patch adapts to the version
- exclude %{arm} as those are not suppported and don't build
-------------------------------------------------------------------
Fri Jun 13 18:50:39 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- adapt soname.patch to also give a version to libcrypto (fixes boo#1244562)
- bump soversion to actual aws-lc version
-------------------------------------------------------------------
Wed Jun 11 11:22:45 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- conflict the correct package
-------------------------------------------------------------------
Wed Jun 4 13:37:07 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- Update to 1.52.1:
* Increase default salt from 8 to 16 bytes for PKCS#8 & PKCS#12
* fix(nix): Make sure bssl is in the PATH; workaround nix build failureā¦
* Fix path-has-spaces test
* Display X509 fingerprint after hash
- Update to 1.52.0:
* Set OPENSSL_NO_EXTERNAL_PSK_TLS13 to indicate lack of TLS 1.3 PSK
* BIO datagram functions
* Reject NewSessionTicket messages with empty tickets in TLS 1.3
* Fix socket test issues
* Remove python CI patch for main
* Remove xmlsec patch
* Mark fallible container operations as nodiscard
* Remove extra va_end in err_add_error_vdata
* Check for QUIC in SSL_process_quic_post_handshake
* Add missing symbols for Unbound
* Update mlkem-native
* Squelch clang-tidy
* Clang-tidy is still noisy
* Add back two rules for clang-tidy
* Implement BIO_dump
* Make ASN1_get_object a direct call
* Rework memory BIOs and implement BIO_seek
* ML-DSA: ASN.1 Module - add parsing of BOTH private key format
* Detection of unused results
* Fix gtest_util.sh failure detection
* Remove unused docs/configs
* ML-DSA: Add ML-DSA keyGen to break-kat.go
* Bump AWSLC_API_VERSION for X509_STORE_CTX_set_verify_crit_oids
* Revert "Rework memory BIOs and implement BIO_seek
* Resolve SSL_PRIVATE_METHOD and certificate slots functionality
- Update to 1.51.2:
* Fix prefix build when path has spaces
- Update to 1.51.1:
* nothing of relevance
- Update to 1.51.0:
* Fix ImplDispatchTest for 32-bit x86 build
* Revert "Update patch for Postgres
* Fix socat test
* Remove special s2n-bignum source code processing at buid-time
* Correct typo in malloc debug environment variable
* Fix PQ Integration tests
* Remove patch for IbmTpm
* Support allowing specific unknown critical extensions
- Update to 1.50.1:
* Expand .clang-tidy configuration
* nginx-1.28.0 aws-lc-nginx.patch
* s2n bignum import method change
* Fix a theoretical overflow in BIO_printf
* Fix tpm2-tss integration tes
- Update to 1.50.0:
* Remove FFDHE and SECLEVEL python test patches
* Remove unused ENABLE_DILITHIUM CMake option
* SSL_in_*_init macros
* Fix link to bcm.c in FIPS.md
* Make sure it builds with CMake v4.0
* Update formal verification section in README.md
* Implement legacy callback with BIO_set_callback
* Import mlkem-native
* Split out socket BIO tests
* Run clang tidy
* Reinstate indefinite length and [UNIVERSAL 0] support in crypto/asn1
* Implemented no-op CRYPTO_mem_ctrl
* SCRUTINICE Fixes
* Fix clang-tidy lints
* Reinstate support for constructed strings in crypto/asn1
* Add SecP384r1MLKEM1024
* Fix CMake (< v3.20) warning
* Add MLDSA44 and MLDSA87 to OBJ_find_sigid_algs
* Bump AWSLC_API_VERSION to account for OBJ_find_sigid_algs bug
* Add AES CBC cipher to speed.cc
* Add X509_VERIFY_PARAM_get_hostflags
* Enable IPv6 for curl integ
* Add null check for EVP_get_digestbyobj
- Update to 1.49.1:
* FIPS Integrity Hash Tooling
* Add more build options to match callback build
* Add req to OpenSSL CLI tool
- Update to 1.49.0:
* Revert "Allow constructed strings in BER parsing
* Add the rehash utility to the openssl CLI tool
* Documentation on service indicator
* Reject DSA trailing garbage in EVP layer, add test cases
* Add support for verifying PKCS7 signed attributes
* Add support for more SSL BIO functions
* Adding detection of out-of-bound pre-bound memory read to AES-XTS tests
* AES: Add function pointer trampoline to avoid delocator issue
* Cherrypick hardening DSA param checks from BoringSSL
- move services from disabled to manual
- add patches disable-integrationtest.patch (needs internet), vendor-fix.patch (go mod tidy)
and soname.patch (changes soname, so we can co-install the lib)
- rework the packages we create
-------------------------------------------------------------------
Thu Mar 27 23:23:17 UTC 2025 - Georg Pfuetzenreuter <georg.pfuetzenreuter@suse.com>
- Update to version 1.48.5
- Package OpenSSL files
- Move bssl out of devel subpackage
- Switch to obs_scm
- Cleanup
-------------------------------------------------------------------
Wed Oct 12 05:59:59 UTC 2022 - John Vandenberg <jayvdb@gmail.com>
- Initial spec for v1.3.0
