Release: v1.3.0

Major changes since the last release (v.1.2.0):

• Add support to use a static or shared libcrypto when building consuming application or libraries
• Automatically link libjitterentropy.a into libcrypto.a for static builds so consuming libraries do not need to update their linker flags
• Add EVP_aead_aes_128_ccm_matter cipher

Release: v1.2.0

Major changes since the last release (v.1.1.0):

• Added additional EVP_CIPHER CFB ciphers.
• Added SHA3 and SHAKE implementation. Run-time enabling required.
• Added EVP_PKEY_HKDF support.
• Made EVP_CIPHER opaque.
• Added SSL_CTX_SET_ciphersuites support.
• Imported jitter entropy 3.4.0.
• Installing bssl tool by default.
• Bumped required cmake version to 3.0.
• Added awslc_api_version_num for getting api version number.
• Synced s2n-bignum.
• Added optimised md5 implementation for aarch64.
• Added stitched implementation for aes-cbc+hmac TLS ciphers.

Release v1.0.2

Changes from the previous release (v1.0.1):

• Allow FIPS integrity test to be run on-demand (#489)

Release: v1.1.0

Major changes since the last release (v.1.0.2):

• Import latest Jitter source code
• Optimized HMAC implementation
• Simplified benchmarking framework
• Android CI
• secp256k1 curve support
• Windows FIPS support
• AES-XTS optimization for aarch64 and x86_64
• P-384/521 s2n-bignum on Apple platforms
• AES128-SHA256 and ECDHE-RSA-AES128-SHA256

Release v1.0.2

Changes from v1.0.1 include but not limited to:

• CVE-2022-0778 fix (the CVE announced by OpenSSL),
• P-384 and P-521 implementations,
• macOS and iOS FIPS build.

AWS-LC FIPS 1.0.1

The only change to the previous release is a fix for CVE-2022-0778 (the CVE was announced by OpenSSL).

Release v1.0.1

Changes from v0.0.2 include but not limited to:

• Integrated s2n-bignum assembly functions in P-384 implementation.
• JitterEntropy static library no longer installed by default.
• Use CCRandomGenerateBytes for system randomness on Apple OSs.
• Backwards implemented EVP_MD_CTX_set_pkey_ctx function to support manual construction of EVP_PKEY_CTX.

FIPS mode only related changes:

• Completed service indicator

AWS-LC FIPS 1.0.0

Initial production release a FIPS 140-3 validated AWS-LC.

Release v0.0.2

Changes from v0.0.1 include but not limited to:

• Fixed bug in HRSS handling of Arm 32-bit.
• Added OCSP stapling support.
• Merged in all changes from BoringSSL up to f3e594.
• Moved number of MR iterations from 32 to 64.
• Changes related to CVE-2021-3712.

FIPS mode only related changes

• Introduced Jitter as entropy source.
• DRBG reseed interval moved from 2^12 to 2^24.

Release: v0.0.1

Initial production release of AWS-LC. Changes from v0.1-beta include but not limited to:

• Remove Quilt from AWS-LC build system
• Update CMakeLists to support turning Perl, Go, Testing, and libssl off
• CI CDK code to configure AWS-LC's CI in an AWS account
• Performance improvements in several algorithms
• New minor features and defense in depth security changes
• Merge all changes from BoringSSL up to c6d3fd1