AmazonCorrettoCryptoProvider 2.0.0 - 2023-02-14

ACCP 2.0.0

We're pleased to announce the release of ACCP 2.0.0.

Highlights

• Added Build artifacts for Linux-x86 and Linux-aarch64. Access these from the release section on Github or on Maven Central.
• Uses to AWS-LC as the underlying cryptographic library instead of OpenSSL (version 1.1.1j). AWS-LC went through rigorous testing and formal verification in its development lifecycle, reducing the risk of security vulnerabilities. AWS-LC has optimized assembly implementations of some cryptographic algorithms which translates to better performance. These optimizations are beneficial for AWS Graviton 2 & 3 users as well as x86 based platforms;

New

• Support build and releases for Linux x86 and Linux aarch64
• Use AWS-LC (https://github.com/awslabs/aws-lc/) as the as the underlying cryptographic library
• Use SecureRandom implementation backed by AWS-LC DRBG
• Use AES key wrapping (a.k.a. KWP mode of AES)
• Use RSA OAEP cipher padding over SHA2 hashes
• Use RSA PSS signature padding over SHA1 and SHA2 hashes

Breaking Changes

This version is not backward compatible and the differences may affect your application.

• Drop support for (non-EC) DSA signatures
• Drop support for (non-EC) Diffie-Hellman key exchange
• Drop support for secp192r1, as well as most other non-NIST "legacy" curves
• Drop RDRAND-seeded, AES-CTR SecureRandom implementation
• The implementation of the SecureRandom relies on AWS-LC's DRBG and the name is changed from "NIST800-90A/AES-CTR-256" to "LibCryptoRng".
• AWS-LC and OpenSSL are not 100% compatible. We have tried to keep the incompatibilities hidden from ACCP users, and we will deal with such scenarios case by case in the future.

Improvements

• Add support for AES ciphers with specific key sizes (GCM, no padding)
• Track the AWS-LC dependency as a Git Submodule instead of downloaded tarball
• Improving the configuration (https://github.com/corretto/amazon-corretto-crypto-provider#configuration) and system properties that control ACCP's behavior
• External integration tests now skip certificate validation for expired certificates. This is to work around external sites which may have allowed their certificates to expire. PR #190 (#189)
• Allows developers to run clang-tidy against the source by passing -DUSE_CLANG_TIDY=true to gradlew
  • Example: ./gradlew -DUSE_CLANG_TIDY=true build
  • This may require deleting build/cmake prior to running PR #191 (#191)
• Add KeyFactory implementations for RSA and EC keys. This also includes our own implementations of keys for the same algorithms. PR #132 (#132)
• Added amazon-corretto-crypto-provider-jdk15.security to support JDK15+
• Add support for MacOS builds for development
• Add TLS 1.3 to local integ tests

Bug Fixes

• Fix libaccp builds for GCC 4.1.2

AmazonCorrettoCryptoProvider 1.6.1 - 2021-04-21

1.6.1

Patches

• Fix an issue where a race condition can cause ACCP's MessageDigest hashing algorithms to return the same value for different inputs PR #157

AmazonCorrettoCryptoProvider 1.6.0 - 2021-03-17

1.6.0

Breaking Change

In accordance with our versioning policy, this release contains a low-risk breaking change. For details please see the 1.5.0 release. This change only impacts libraries that generate EC keys using the KeyPairGenerator.initialize(int keysize) method.

Improvements

• Stricter guarantees about which curves are used for EC key generation. PR #127
• Reduce timing signal from trimming zeros of TLSPremasterSecrets from DH KeyAgreement. PR #129
• Reuse state in MessageDigest to decrease object allocation rate. PR #131
• Now uses OpenSSL 1.1.1j. PR #145 (ACCP is not impacted by CVE-2020-1971, CVE-2021-23841, or CVE-2021-23839 as ACCP does not use or expose any of the relevant functionality. ACCP is not impacted by CVE-2021-23840 as ACCP does not use the relevant functionality under the affected conditions.)

Patches

• Add version gating to some tests introduced in 1.5.0 PR #128
• More accurate output size estimates from Cipher.getOutputSize() PR #138
• Validate that AesGcmSpi receives a non-null key on init to prevent unnecessarily late NPE PR #146
• Gracefully handle calling Cipher.doFinal() without any input bytes in RsaCipher PR #147

AmazonCorrettoCryptoProvider 1.5.0 - 2020-09-10

1.5.0

Breaking Change Warning

In accordance with our versioning policy, we post warnings of upcoming changes that might cause compatibility issues. As always, we expect that these changes will not impact the vast majority of consumers and can be picked up automatically provided you have good unit and integration changes.

Starting in ACCP version 1.6.0, EC key pair generation will throw an InvalidParameterException if initialized to a keysize that is not in the following list. For these explicit sizes (only), ACCP behavior is unchanged. ACCP selects the the "secp*r1" curve that corresponds to the value. (For these values, its also the corresponding NIST prime curve).

Supported keysize values:

• 192
• 224
• 256
• 384
• 521

This means that the following code will start failing because it requests a keysize that is not on the list.

KeyPairGenerator kg = KeyPairGenerator.getInstance("EC");
kg.initialize(160); // Throws an InvalidParameterException

We are making this change because the "SunEC" provider does not document its curve selection process for sizes other than those listed above and does not promise that it will continue to use the same curve selection process. Without a consistency guarantee, developers can't use KeyPairGenerator.initialize(int keysize) safely (regardless of whether ACCP is used or not).

We strongly recommend using KeyPairGenerator.initialize(AlgorithmParameterSpec params) with ECGenParameterSpec to generate EC keys.

From versions 1.2.0 through 1.5.0, ACCP selects the corresponding "secp*r1" curve for any keysize requested.
For the explicit sizes listed above this matches the SunEC behavior.
For other sizes, there are no documented guarantees of the SunEC behavior.

Improvements

• Now uses OpenSSL 1.1.1g. PR #108

• Adds support for running a single test from the command line with the following syntax: PR #113

  ./gradlew single_test -DSINGLE_TEST=<Fully Qualified Classname>

  For example: ./gradlew single_test -DSINGLE_TEST=com.amazon.corretto.crypto.provider.test.EcGenTest

  You may need to do a clean build when changing tests.

Patches

• Ensure unauthenticated plaintext is not released through either Cipher.doFinal(byte[], int, int, byte[], int) or Cipher.doFinal(ByteBuffer, ByteBuffer). PR #123
• Better handle HMAC keys with a null format. PR #124
• Throw IllegalBlockSizeException when attempting RSA encryption/decryption on data larger than the keysize. PR #122

Maintenance

• Upgrade tests to JUnit5. PR #111
• Upgrade BouncyCastle test dependency 1.65. PR #110
• Add version gating to P1363 Format tests. PR #112
• Re-add support for very old x86_64 build-chains. PR #112

AmazonCorrettoCryptoProvider 1.4.0 - 2020-04-16

1.4.0

Improvements

• Now uses OpenSSL 1.1.1f. PR #97
• EXPERIMENTAL support for aarch64 added. PR #99

Maintenance

• Test code reuses instances of SecureRandom for better efficiency on platforms with slow entropy. PR #96

AmazonCorrettoCryptoProvider 1.3.1 Release -- 2020-03-05

1.3.1

Maintenance

• Add timestamping to signed jars. PR #85
• Create the Janitor in the Loader so that it gets a more logical and consistent ThreadGroup. PR #87
• Signed with new JCE signing certificate

AmazonCorrettoCryptoProvider 1.3.0 Release -- 2020-01-13

1.3.0

Improvements

• Now supports ECDSA signatures in IEEE P1363 format. (Also known as "raw" or "plain".) PR #75
• Now allows cloning of Mac objects. PR #78

Maintenance

• You can disable parallel execution of tests by setting the ACCP_TEST_PARALLEL environment variable to false.

AmazonCorrettoCryptoProvider 1.2.0 Release -- 2019-11-12

1.2.0

Improvements

• Now uses OpenSSL 1.1.1.d. PR #60

Patches

• Detects stuck AMD Ryzen RDRAND and correctly treats as an error PR #67
• When initialized with an int,KeyPairGenerator for "EC" keys now always uses "secp*r1" curves.
  This matches the behavior of SunEC.
  This changes the curves selected for 192 from secp192k1 to secp192r1/P-192, and curves selected for 256 from secp256k1 to secp256r1/P-256.
  PR #68

Maintenance

• The test output now contains a prefix indication whether the suite will fail. PR #63
• You can disable colored test output by setting the ACCP_TEST_COLOR environment variable to false PR #64

AmazonCorrettoCryptoProvider 1.1.1 Release -- 2019-09-12

1.1.1

Patches

• amazon-corretto-crypto-provider.security updated to work on both JDK8 and JDK9+
• Improve performance of single-byte handling in message digests.

Maintenance

• Support using a different JDK for testing via the TEST_JAVA_HOME JVM property
• Clarify licensing

AmazonCorrettoCryptoProvider 1.1.0 Release -- 2019-07-15

1.1.0

Improvements

• Now supports DH key agreement for more than two parties.

Patches

• Reject RSA key generation shorter than 512 bits
• Fix incorrect exception when SunJSSE validates RSA signatures backed by ACCP RSA
• Make the provider actually serializable to keep JTREG happy
• Moved property and resource access to inside PrivilegedAction blocks
• Throw InvalidKeyException when KeyAgreement and Signature gets null keys
• Throw SignatureException on corrupted signatures as required by the JCA/JCE

Maintenance

• Changed logging level to eliminate output under normal usage.

1.0.4

Maintenance

• Fix Java heap space issues in unit tests