- PR 397: Support for Concatenation KDFs
- PR 399: Support for Counter KDFs
- PR 394: Support for Ed25519 DSA
- PR 380: Support for AES-CBC with NoPadding, PKCS5Padding, PKCS7Padding
- PR 381: Support for AES-CBC with ISO10126Padding
- PR 353: Static linking to libcrypto
- PR 356: Match SunRsaSign's behavior when setting null params
- PR 362: Fix IllegalArgumentException upon GCM decryption failure
- PR 363: Fix NullPointerException on invalid keys
- PR 361: Allow configuration of tmpdir to avoid issues with noexec on java.io.tmpdir
Starting from this version, build artifacts for MacOS AARCH64 (Arm64) are released.
The corresponding Jar is identified by osx-aarch_64 classifier.
Please note that ACCP-FIPS does not have osx-aarch_64 artifacts and osx-aarch_64
is only available for non-FIPS builds.
- Use AWS-LC v1.17.0 for ACCP
- Use AWS-LC AWS-LC-FIPS-2.0.2 for ACCP-FIPS
- PR 335: Do not destroy linked public keys
- PR 329: Allow users to control the release of EVP context for AES-GCM
Starting from this version, build artifacts for MacOS X86-64 are released.
The corresponding Jar is identified by osx-x86_64 classifier.
Please note that ACCP-FIPS does not have osx-x86_64 artifacts and osx-x86_64
is only available for non-FIPS builds.
- Use AWS-LC v1.16.0 for ACCP
- Use fips-2022-11-02 branch of AWS-LC at commit ID
329d23ce93d42b9017502ac24ca073ebdaa7660ffor ACCP-FIPS - PR 338: Avoid buffering cipher text for one-shot AES-GCM decrypt
- PR 336: Fix ByteBuffer position handling
- PR 333: Replace MessageDigest.isEqual with our own implementation
- PR 334: Let ECDSA Signature objects accept parameters
- PR 327: Github issue 326, NPE
- Use AWS-LC v1.15.0 for ACCP
- RSA performance on Graviton 2 has improved in version v1.15.0 of AWS-LC.
- For more details, please refer to the release notes for v1.15.0
- Use fips-2022-11-02 branch of AWS-LC at commit ID
d780e5e025c47cd782fd3d5d70a033e59fe80166for ACCP-FIPS - Round RSA key sizes up when generating keys for ACCP PR 321
- Throwing exceptions for too-short signatures PR 320
Starting from this version, build artifacts for ACCP-FIPS are also released for
experimental purposes. This version of ACCP-FIPS uses
fips-2022-11-02 branch of
AWS-LC at commit ID 993c6ff33a2d709ddc25d1557cd96261217bf1fd.
- Support HKDF [PR 310, 312]
- Support AES-XTS [PR 306]
- AesXts.kt shows how AES-XTS can be used.
- Serialization for EvpKeys [PR 304]
- Support AlgorithmParameters for EC [PR 274]
- Support KeyGenerator for AES [PR 279]
- Register LibCryptoRng by default in non-FIPS mode [PR 286]
- Use FIPS approved API of AWS-LC for RSA key generation in FIPS mode [PR 301]
- Include AWS-LC's self tests as part of ACCP's self tests [PR 283]
- Fixed bug in output buffer size check [PR 297]
- Improved the performance of AES-GCM [PRs 296, 298, 300, 302]
- Added code formatting and style checking to the build scripts [PRs 287, 292]
- Renamed branches on GitHub
This is a new major release of ACCP. We provide build artifacts for Linux-x86 and Linux-aarch64, which can be accessed either from the release section on Github, or via Maven Central.
This version uses AWS-LC instead of OpenSSL (version 1.1.1j) as the underlying cryptographic library. The switch provides advantages over the previous version of ACCP, such as improved performance due to optimized assembly implementations of some cryptographic algorithms in AWS-LC. These optimizations are beneficial for AWS Graviton users as well as x86 based platforms; moreover, rigorous testing and formal verification in AWS-LC’s development lifecycle reduces the risk of security vulnerabilities.
This version is not backward compatible and the differences may affect your
application. Some major features, such as non-EC DSA and non-EC DH key exchange
algorithms, are removed. Other minor changes include, the implementation of the
SecureRandom relies on AWS-LC’s DRBG and the name is changed from
NIST800-90A/AES-CTR-256 to LibCryptoRng. AWS-LC and OpenSSL are not 100% compatible.
We have tried to keep the incompatibilities hidden from ACCP users, and we will deal
with such scenarios case by case in the future.
- Support build and releases for Linux x86 and Linux aarch64
- Use AWS-LC, v1.4.0, as the underlying cryptographic library
- Drop support for (non-EC) DSA signatures
- Drop support for (non-EC) Diffie-Hellman key exchange
- Drop support for
secp192r1, as well as most other non-NIST "legacy" curves - Drop RDRAND-seeded, AES-CTR SecureRandom implementation
- Add SecureRandom implementation backed by AWS-LC DRBG
- Add AES key wrapping (a.k.a. KWP mode of AES)
- Add RSA OAEP cipher padding over SHA2 hashes
- Add RSA PSS signature padding over SHA1 and SHA2 hashes
- Add support for AES Ciphers with specific key sizes (GCM, no padding)
- Track the AWS-LC dependency as a git submodule instead of downloaded tarball
- Improving the configuration and system properties that control ACCP’s behavior
- External integration tests now skip certificate validation for expired certificates; this is to work around external sites which may have allowed their certificates to expire PR #190
- Allows developers to run
clang-tidyagainst the source by passing-DUSE_CLANG_TIDY=trueto gradlew- Example:
./gradlew -DUSE_CLANG_TIDY=true build - This may require deleting
build/cmakeprior to running PR #191
- Example:
- Add
KeyFactoryimplementations for RSA and EC keys. This also includes our own implementations of keys for the same algorithms PR #132 - Added
amazon-corretto-crypto-provider-jdk15.securityto support JDK15+ - Add support for MacOS builds for development
- Add TLS 1.3 to local integ tests
- Fix libaccp builds for GCC 4.1.2
- Load AWS-LC using RPATH, restrict its symbols into a local object group
- Improve zeroization of DRBG output. PR #162
- Correctly reject non-empty
PSource.PSpecifiedvalues for RSA-OAEP.
- Fix an issue where a race condition can cause ACCP's MessageDigest hashing algorithms to return the same value for different inputs PR #157
In accordance with our versioning policy, this release contains a low-risk breaking change. For details please see the 1.5.0 section of this document. This change only impacts libraries that generate EC keys using the KeyPairGenerator.initialize(int keysize) method.
- Stricter guarantees about which curves are used for EC key generation. PR #127
- Reduce timing signal from trimming zeros of TLSPremasterSecrets from DH KeyAgreement. PR #129
- Reuse state in
MessageDigestto decrease object allocation rate. PR #131 - Now uses OpenSSL 1.1.1j. PR #145 (ACCP is not impacted by CVE-2020-1971, CVE-2021-23841, or CVE-2021-23839 as ACCP does not use or expose any of the relevant functionality. ACCP is not impacted by CVE-2021-23840 as ACCP does not use the relevant functionality under the affected conditions.)
- Add version gating to some tests introduced in 1.5.0 PR #128
- More accurate output size estimates from
Cipher.getOutputSize()PR #138 - Validate that
AesGcmSpireceives a non-null key on init to prevent unnecessarily late NPE PR #146 - Gracefully handle calling
Cipher.doFinal()without any input bytes inRsaCipherPR #147
In accordance with our versioning policy, we post warnings of upcoming changes that might cause compatibility issues. As always, we expect that these changes will not impact the vast majority of consumers and can be picked up automatically provided you have good unit and integration changes.
Starting in ACCP version 1.6.0, EC key pair generation will throw an InvalidParameterException if initialized to a keysize that is not in the following list.
For these explicit sizes (only), ACCP behavior is unchanged. ACCP selects the the "secp*r1" curve that corresponds to the value. (For these values, its also the corresponding NIST prime curve).
Supported keysize values:
- 192
- 224
- 256
- 384
- 521
This means that the following code will start failing because it requests a keysize that is not on the list.
KeyPairGenerator kg = KeyPairGenerator.getInstance("EC");
kg.initialize(160); // Throws an InvalidParameterExceptionWe are making this change because the "SunEC" provider does not document its curve selection process for sizes other than those listed above and does not promise that it will continue to use the same curve selection process. Without a consistency guarantee, developers can't use KeyPairGenerator.initialize(int keysize) safely (regardless of whether ACCP is used or not).
We strongly recommend using KeyPairGenerator.initialize(AlgorithmParameterSpec params) with ECGenParameterSpec to generate EC keys.
From versions 1.2.0 through 1.5.0, ACCP selects the corresponding "secp*r1" curve for any keysize requested. For the explicit sizes listed above this matches the SunEC behavior. For other sizes, there are no documented guarantees of the SunEC behavior.
-
Now uses OpenSSL 1.1.1g. PR #108
-
Adds support for running a single test from the command line with the following syntax: PR #113
./gradlew single_test -DSINGLE_TEST=<Fully Qualified Classname>For example:
./gradlew single_test -DSINGLE_TEST=com.amazon.corretto.crypto.provider.test.EcGenTestYou may need to do a clean build when changing tests.
- Ensure unauthenticated plaintext is not released through either Cipher.doFinal(byte[], int, int, byte[], int) or Cipher.doFinal(ByteBuffer, ByteBuffer). PR #123
- Better handle HMAC keys with a
nullformat. PR #124 - Throw
IllegalBlockSizeExceptionwhen attempting RSA encryption/decryption on data larger than the keysize. PR #122
- Upgrade tests to JUnit5. PR #111
- Upgrade BouncyCastle test dependency 1.65. PR #110
- Add version gating to P1363 Format tests. PR #112
- Re-add support for very old x86_64 build-chains. PR #112
- Now uses OpenSSL 1.1.1f. PR #97
- EXPERIMENTAL support for aarch64 added. PR #99
- Test code reuses instances of
SecureRandomfor better efficiency on platforms with slow entropy. PR #96
- Add timestamping to signed jars. PR #85
- Create the
Janitorin theLoaderso that it gets a more logical and consistentThreadGroup. PR #87 - Signed with new JCE signing certificate
- Now supports ECDSA signatures in IEEE P1363 Format. (Also known as "raw" or "plain".) PR #75
- Now allows cloning of
Macobjects. PR #78
- You can disable parallel execution of tests by setting the
ACCP_TEST_PARALLELenvironment variable tofalse
- Now uses OpenSSL 1.1.1d. PR #60
- Detects stuck AMD Ryzen RDRAND and correctly treats as an error PR #67
- When initialized with an
int,KeyPairGeneratorfor "EC" keys now always uses "secp*r1" curves. This matches the behavior of SunEC. This changes the curves selected for 192 from secp192k1 to secp192r1/P-192, and curves selected for 256 from secp256k1 to secp256r1/P-256. PR #68
- The test output now contains a prefix indication whether the suite will fail. PR #63
- You can disable colored test output by setting the
ACCP_TEST_COLORenvironment variable tofalsePR #64
amazon-corretto-crypto-provider.securityupdated to work on both JDK8 and JDK9+ PR #49- Improved performance of single-byte handling in message digests. PR #53 and PR #54
- Support using a different JDK for testing via the
TEST_JAVA_HOMEJVM property PR #50 - Clarify licensing PR #55
- Now supports DH key agreement for more than two parties.
- Reject RSA key generation shorter than 512 bits
- Fix incorrect exception when SunJSSE validates RSA signatures backed by ACCP RSA
- Make the provider actually serializable to keep JTREG happy
- Moved property and resource access to inside PrivilegedAction blocks
- Throw
InvalidKeyExceptionwhen KeyAgreement and Signature getsnullkeys - Throw
SignatureExceptionon corrupted signatures as required by the JCA/JCE
- Changed logging level to eliminate output under normal usage.
- Fix Java heap space issues in unit tests
- Fix performance issue caused by always clearing the OpenSSL error stack
- Correctly clear OpenSSL error stack in failed signature verification
- Make coverage fail if OpenSSL error stack isn't clean
- Consolidate version information to single location
- Improve docs