v1.52.0

What's Changed

• Fix prefix build when path has spaces by @justsmth in #2400
• Prepare v1.51.2 by @justsmth in #2401
• Set OPENSSL_NO_EXTERNAL_PSK_TLS13 to indicate lack of TLS 1.3 PSK by @WillChilds-Klein in #2399
• BIO datagram functions by @justsmth in #2321
• Reject NewSessionTicket messages with empty tickets in TLS 1.3 by @justsmth in #2367
• Ensure that AVX512 is not used on macOS by @justsmth in #2363
• Fix socket test issues by @torben-hansen in #2404
• Remove python CI patch for main by @WillChilds-Klein in #2407
• Remove xmlsec patch by @smittals2 in #2405
• Fix clang tidy ci by @justsmth in #2375
• Mark fallible container operations as nodiscard by @justsmth in #2366
• Remove extra va_end in err_add_error_vdata by @justsmth in #2364
• Check for QUIC in SSL_process_quic_post_handshake by @justsmth in #2365
• Add missing symbols for Unbound by @nhatnghiho in #2352
• Update mlkem-native by @hanno-becker in #2406
• CI for iOS by @justsmth in #2389
• Squelch clang-tidy by @justsmth in #2414
• Clang-tidy is still noisy by @justsmth in #2417
• Add back two rules for clang-tidy by @smittals2 in #2418
• Implement BIO_dump by @kingstjo in #2331
• Make ASN1_get_object a direct call by @samuel40791765 in #2332
• Add Python 3.9 CI patch by @WillChilds-Klein in #2415
• Rework memory BIOs and implement BIO_seek by @nhatnghiho in #2380
• ML-DSA: ASN.1 Module - add parsing of BOTH private key format by @jakemas in #2416
• Detection of unused results by @justsmth in #2411
• Fix gtest_util.sh failure detection by @justsmth in #2423
• Remove unused docs/configs by @torben-hansen in #2427
• ML-DSA: Add ML-DSA keyGen to break-kat.go by @jakemas in #2422
• Fix CI for mingw by @justsmth in #2428
• Bump AWSLC_API_VERSION for X509_STORE_CTX_set_verify_crit_oids by @samuel40791765 in #2426
• Revert "Rework memory BIOs and implement BIO_seek (#2380)" by @samuel40791765 in #2432
• Resolve SSL_PRIVATE_METHOD and certificate slots functionality by @skmcgrail in #2429

Full Changelog: v1.51.1...v1.52.0

v1.51.2

What's Changed

• Fix prefix build when path has spaces by @justsmth in #2400
• Prepare v1.51.2 by @justsmth in #2401

Full Changelog: v1.51.1...v1.51.2

v1.51.1

What's Changed

• Use Win32 threads when compiling with Clang on MinGW by @ognevny in #2381
• Prepare v1.51.1 by @justsmth in #2398

New Contributors

• @ognevny made their first contribution in #2381

Full Changelog: v1.51.0...v1.51.1

v1.51.0

What's Changed

• Fix ImplDispatchTest for 32-bit x86 build by @dkostic in #2386
• No need for MacOS large/xlarge by @justsmth in #2384
• Revert "Update patch for Postgres (#2232)" by @samuel40791765 in #2358
• Fix socat test by @justsmth in #2388
• Remove special s2n-bignum source code processing at buid-time by @torben-hansen in #2385
• Correct typo in malloc debug environment variable by @torben-hansen in #2391
• Fix PQ Integration tests by @alexw91 in #2392
• Remove patch for IbmTpm by @smittals2 in #2393
• Support allowing specific unknown critical extensions by @samuel40791765 in #2377
• Add Xmlsec to our CI by @smittals2 in #2333
• Bump to v1.51.0 by @samuel40791765 in #2395

Full Changelog: v1.50.1...v1.51.0

v1.50.1

What's Changed

• Fix GCC 4.8 docker img; Also w/ GCC 7.5 by @justsmth in #2344
• Fix LibRdKafka CI by @smittals2 in #2372
• Expand .clang-tidy configuration by @justsmth in #2356
• nginx-1.28.0 aws-lc-nginx.patch by @robvanoostenrijk in #2373
• s2n bignum import method change by @torben-hansen in #2324
• Fix a theoretical overflow in BIO_printf by @justsmth in #2369
• Fix tpm2-tss integration test by @justsmth in #2370
• Bump to v1.50.1 by @justsmth in #2378

Full Changelog: v1.50.0...v1.50.1

v1.50.0

What's Changed

• Remove FFDHE and SECLEVEL python test patches by @WillChilds-Klein in #2307
• Remove unused ENABLE_DILITHIUM CMake option by @andrewhop in #2304
• SSL_in_*_init macros by @justsmth in #2302
• Fix link to bcm.c in FIPS.md by @justsmth in #2309
• Test build with CMake v4.0 by @justsmth in #2251
• Update formal verification section in README.md by @pennyannn in #2301
• Add CI for Xtrabackup by @samuel40791765 in #2275
• Add Libwebsockets to our CI by @smittals2 in #2290
• Implement legacy callback with BIO_set_callback by @kingstjo in #2285
• Import mlkem-native by @hanno-becker in #2176
• Split out socket BIO tests by @justsmth in #2320
• Run clang tidy by @justsmth in #2323
• Tweaking clang-tidy config by @justsmth in #2329
• Reinstate indefinite length and [UNIVERSAL 0] support in crypto/asn1 by @samuel40791765 in #2306
• Implemented no-op CRYPTO_mem_ctrl by @kingstjo in #2295
• SCRUTINICE Fixes by @smittals2 in #2326
• Fix clang-tidy lints by @justsmth in #2328
• Reinstate support for constructed strings in crypto/asn1 by @samuel40791765 in #2310
• Migrate jobs from ubuntu-20.04 to ubuntu-22.04 by @skmcgrail in #2337
• Add SecP384r1MLKEM1024 by @alexw91 in #2327
• Test on 13.5 and 14.2 FreeBSD which are non-EOL, Fix Workflow by @skmcgrail in #2338
• Add FIPS callback tests for x86 AL2023 and arm AL2/AL2023 by @andrewhop in #2311
• Checkout full depth of repo for tag ci check to work on push events by @skmcgrail in #2343
• Fix CMake (< v3.20) warning by @justsmth in #2345
• Add MLDSA44 and MLDSA87 to OBJ_find_sigid_algs by @lrstewart in #2348
• Bump AWSLC_API_VERSION to account for OBJ_find_sigid_algs bug by @lrstewart in #2349
• GCC-10 & Clang-10 testing for Ubuntu-20.04 via container by @skmcgrail in #2346
• Fix CI - MySQL 2025-04 by @justsmth in #2355
• Stop more background process that might be holding any apt locks in the EC2 test framework by @andrewhop in #2317
• Add AES CBC cipher to speed.cc by @andrewhop in #2315
• Add X509_VERIFY_PARAM_get_hostflags by @WillChilds-Klein in #2359
• Enable IPv6 for curl integ by @justsmth in #2357
• Add null check for EVP_get_digestbyobj by @samuel40791765 in #2360
• Bump to v1.50.0 by @justsmth in #2354

New Contributors

• @lrstewart made their first contribution in #2348

Full Changelog: v1.49.1...v1.50.0

v1.49.1

What's Changed

• FIPS Integrity Hash Tooling by @skmcgrail in #2296
• Add more build options to match callback build by @andrewhop in #2279
• Add req to OpenSSL CLI tool by @smittals2 in #2284
• Turn on better logging for EC2 test framework by @andrewhop in #2298

Full Changelog: v1.49.0...v1.49.1

v1.49.0

What's Changed

• Revert "Allow constructed strings in BER parsing (#2015)" by @samuel40791765 in #2278
• Add the rehash utility to the openssl CLI tool by @smittals2 in #2258
• Documentation on service indicator by @justsmth in #2281
• Update patches in Ruby CI by @samuel40791765 in #2233
• Reject DSA trailing garbage in EVP layer, add test cases by @skmcgrail in #2289
• Add support for verifying PKCS7 signed attributes by @samuel40791765 in #2264
• Add support for more SSL BIO functions by @samuel40791765 in #2273
• Wire-up rust-openssl into GitHub CI (for the time being) by @skmcgrail in #2291
• Adding detection of out-of-bound pre-bound memory read to AES-XTS tests. by @nebeid in #2286
• AES: Add function pointer trampoline to avoid delocator issue by @hanno-becker in #2294
• Bump mysql CI to 9.2.0 by @samuel40791765 in #2161
• Cherrypick hardening DSA param checks from BoringSSL by @smittals2 in #2293

Full Changelog: v1.48.5...v1.49.0

v1.48.5

What's Changed

• GitHub CI job to verify tags are on expected branches by @justsmth in #2170
• ci: Nix flake and devShell by @dougch in #2189
• s2n-bignum build should use boringssl_prefix_symbols_asm.h by @justsmth in #2265
• Prepare AWS-LC v1.48.5 by @justsmth in #2274

Full Changelog: v1.48.4...v1.48.5

v1.48.4

What's Changed

• Make AWS_LC_fips_failure_callback optional in builds with AWSLC_FIPS_FAILURE_CALLBACK by @andrewhop in #2266
• Prepare for release v.1.48.4 by @andrewhop in #2271

Full Changelog: v1.48.3...v1.48.4