AmazonCorrettoCryptoProvider 2.5.0 - 2025-03-05

Build Artifacts

With the 2.5.0 release of ACCP(-FIPS), we've decided to remove build artifacts from GitHub releases, aligning with other AWS cryptography libraries such as AWS-LC and aws-lc-rs. The build artifacts (JARs) are available for download on Maven Central:

• ACCP
• ACCP-FIPS

What's Changed

• Add AWS-LC src & ref flags to Gradle build by @sp717 in #390
• Benchmark to compare AES/GCM and AES/KWP for key wrapping by @amirhosv in #391
• Avoid using RSA_blinding_off_temp_for_accp_compatibility by @amirhosv in #389
• Use LibCryptoRng instead of DEFAULT in Random benchmark by @fabrice102 in #392
• Refactoring some KDF related functions by @amirhosv in #393
• Apply the rule of 3/5/0 to JByteArrayCritical et al. by @fabrice102 in #395
• ConcatinationKDF: SSKDF from NIST.SP.800-56Cr2 Key Derivation by @amirhosv in #397
• Add Ed25519 DSA by @sp717 in #394
• Add Benchmarks for Ed25519 by @sp717 in #401
• Counter KDF: NIST SP 800-108r1-upd1 by @amirhosv in #399
• Use environment variable for key store's password and minor updates by @amirhosv in #402
• Experimental FIPS build by @amirhosv in #403
• Update RSA key generation unit test by @amirhosv in #405
• Avoid unnecessary array copy in singlePass by @pengxiaolong in #408
• Update the FIPS section of README by @amirhosv in #406
• Fix ByteBuffer offset calculation for AES/CBC/NoPadding by @bmathiske in #412
• Make Ed25519 KeyFactory registration Opt-in by @amirhosv in #410
• Remove CPP coverage target from default coverage target by @geedo0 in #414
• Update README section on building ACCP in FIPS mode by @brian-jarvis-aws in #415
• JMH Benchmarking Fixups by @geedo0 in #416
• Add missing JMH parameters and naming changes by @geedo0 in #417
• Add ACCP/AWS-LC version table to README by @WillChilds-Klein in #419
• Add Benchmarking Data to README by @geedo0 in #418
• Bump AWS-LC version to 1.42.0 and AWS-LC-FIPS version to 3.0.0 by @WillChilds-Klein in #421
• Update pom descriptions by @WillChilds-Klein in #420
• Support "pure" ML-DSA by @WillChilds-Klein in #422
• Support "External Mu" ML-DSA by @WillChilds-Klein in #423
• Use ACCP for ML-DSA in EvpKeyFactoryTest (for now) by @WillChilds-Klein in #424
• Add null check to AesCbcSpi by @geedo0 in #426
• Digests in rsa cipher test by @WillChilds-Klein in #428
• Add provider info string by @chockalingamc in #427
• Refactor Git tags to enable use in downstream build scripts by @chockalingamc in #430
• Update README.md regarding ACCP-FIPS and randomness by @fabrice102 in #400
• Bump AWS-LC dependency to 1.45 by @WillChilds-Klein in #431
• Refactor Cipher/AES/CBC Service Registration by @geedo0 in #429
• Support Ed25519ph by @WillChilds-Klein in #432
• Fix classname field of AES KeyGenerator Service by @geedo0 in #435
• Encode ML-DSA priv key as seed, expose MlDsaUtils by @WillChilds-Klein in #434

New Contributors

• @pengxiaolong made their first contribution in #408
• @bmathiske made their first contribution in #412
• @chockalingamc made their first contribution in #427

Full Changelog: 2.4.1...2.5.0

AmazonCorrettoCryptoProvider 2.4.1 - 2024-06-27

2.4.1

Patch

• PR 388: Undo PR 376

AmazonCorrettoCryptoProvider 2.4.0 - 2024-06-27

2.4.0

Overview

This version of ACCP uses v1.30.1 and AWS-LC-FIPS-2.0.13 versions of AWS-LC for regular and FIPS builds respectively. These versions support Snapsafe-type uniqueness breaking event detection.

Minor

• PR 380: Support for AES-CBC with NoPadding, PKCS5Padding, PKCS7Padding
• PR 381: Support for AES-CBC with ISO10126Padding

Patch

• PR 353: Static linking to libcrypto
• PR 356: Match SunRsaSign's behavior when setting null params
• PR 362: Fix IllegalArgumentException upon GCM decryption failure
• PR 363: Fix NullPointerException on invalid keys
• PR 361: Allow configuration of tmpdir to avoid issues with noexec on java.io.tmpdir

AmazonCorrettoCryptoProvider 2.3.3 - 2024-01-12

2.3.3

Overview

Starting from this version, build artifacts for MacOS AARCH64 (Arm64) are released.
The corresponding Jar is identified by osx-aarch_64 classifier.
Please note that ACCP-FIPS does not have osx-aarch_64 artifacts and osx-aarch_64
is only available for non-FIPS builds.

Patch

• Use AWS-LC v1.17.0 for ACCP
• Use AWS-LC AWS-LC-FIPS-2.0.2 for ACCP-FIPS
• PR 335: Do not destroy linked public keys
• PR 329: Allow users to control the release of EVP context for AES-GCM

AmazonCorrettoCryptoProvider 2.3.2 - 2023-10-27

2.3.2

Overview

Starting from this version, build artifacts for MacOS X86-64 are released. The corresponding Jar is identified by osx-x86_64 classifier. Please note that ACCP-FIPS does not have osx-x86_64 artifacts and osx-x86_64 is only available for non-FIPS builds.

Patch

• Use AWS-LC v1.16.0 for ACCP
• Use fips-2022-11-02 branch of AWS-LC at commit ID 329d23ce93d42b9017502ac24ca073ebdaa7660f for ACCP-FIPS
• PR 338: Avoid buffering cipher text for one-shot AES-GCM decrypt
• PR 336: Fix ByteBuffer position handling
• PR 333: Replace MessageDigest.isEqual with our own implementation
• PR 334: Let ECDSA Signature objects accept parameters
• PR 327: Github issue 326, NPE

AmazonCorrettoCryptoProvider 2.3.1 - 2023-08-31

2.3.1

Patches

• Use AWS-LC v1.15.0 for ACCP
  • RSA performance on Graviton 2 has improved in version v1.15.0 of AWS-LC.
  • For more details, please refer to the release notes for v1.15.0
• Use fips-2022-11-02 branch of AWS-LC at commit ID d780e5e025c47cd782fd3d5d70a033e59fe80166 for ACCP-FIPS
• Round RSA key sizes up when generating keys for ACCP PR 321
• Throwing exceptions for too-short signatures PR 320

AmazonCorrettoCryptoProvider 2.3.0 - 2023-08-09

2.3.0

Overview

Starting from this version, build artifacts for ACCP-FIPS are also released for experimental purposes. This version of ACCP-FIPS uses
fips-2022-11-02 branch of AWS-LC at commit ID 993c6ff33a2d709ddc25d1557cd96261217bf1fd.

Minor changes

• Support HKDF [PR 310, 312]

AmazonCorrettoCryptoProvider 2.2.0 - 2023-07-06

2.2.0

Minor changes

• Support AES-XTS [PR 306]
  • AesXts.kt shows how AES-XTS can be used.
• Serialization for EvpKeys [PR 304]

AmazonCorrettoCryptoProvider 2.1.0 - 2023-06-09

2.1.0

• Support AlgorithmParameters for EC [PR 274]
• Support KeyGenerator for AES [PR 279]
• Register LibCryptoRng by default in non-FIPS mode [PR 286]
• Use FIPS approved API of AWS-LC for RSA key generation in FIPS mode [PR 301]
• Include AWS-LC's self tests as part of ACCP's self tests [PR 283]

Patches

• Fixed bug in output buffer size check [PR 297]
• Improved the performance of AES-GCM [PRs 296, 298, 300, 302]
• Added code formatting and style checking to the build scripts [PRs 287, 292]
• Renamed branches on GitHub

AmazonCorrettoCryptoProvider 1.6.2 - 2023-03-09

1.6.2

This is an update to ACCP 1.6.1 to use OpenSSL 1.1.1t. We recommend migrating to ACCP 2.X since there will be no new features added to ACCP 1.X.

Patches

• Update OpenSSL version used in ACCP to 1.1.1t