Skip to content

Commit 7325ca6

Browse files
Bump org.bouncycastle:bcpg-fips from 1.0.7.1 to 2.0.8 and org.bouncycastle:bc-fips from 1.0.2.5 to 2.0.0 (opensearch-project#15122) (opensearch-project#15128)
* Bump org.bouncycastle:bcpg-fips from 1.0.7.1 to 2.0.8 and org.bouncycastle:bc-fips from 1.0.2.5 to 2.0.0 in /distribution/tools/plugin-cli * Add to CHANGELOG --------- (cherry picked from commit 7769ce5) Signed-off-by: Craig Perkins <cwperx@amazon.com> Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com> Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
1 parent a10e20a commit 7325ca6

6 files changed

+5
-31
lines changed

CHANGELOG.md

+1
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
2121
- Bump `actions/github-script` from 6 to 7 ([#14997](https://github.com/opensearch-project/OpenSearch/pull/14997))
2222
- Bump `org.tukaani:xz` from 1.9 to 1.10 ([#15110](https://github.com/opensearch-project/OpenSearch/pull/15110))
2323
- Bump `org.apache.avro:avro` from 1.11.3 to 1.12.0 in /plugins/repository-hdfs ([#15119](https://github.com/opensearch-project/OpenSearch/pull/15119))
24+
- Bump `org.bouncycastle:bcpg-fips` from 1.0.7.1 to 2.0.8 and `org.bouncycastle:bc-fips` from 1.0.2.5 to 2.0.0 in /distribution/tools/plugin-cli ([#15103](https://github.com/opensearch-project/OpenSearch/pull/15103))
2425

2526
### Changed
2627
- Add lower limit for primary and replica batch allocators timeout ([#14979](https://github.com/opensearch-project/OpenSearch/pull/14979))

distribution/tools/plugin-cli/build.gradle

+2-29
Original file line numberDiff line numberDiff line change
@@ -37,8 +37,8 @@ base {
3737
dependencies {
3838
compileOnly project(":server")
3939
compileOnly project(":libs:opensearch-cli")
40-
api "org.bouncycastle:bcpg-fips:1.0.7.1"
41-
api "org.bouncycastle:bc-fips:1.0.2.5"
40+
api "org.bouncycastle:bcpg-fips:2.0.8"
41+
api "org.bouncycastle:bc-fips:2.0.0"
4242
testImplementation project(":test:framework")
4343
testImplementation 'com.google.jimfs:jimfs:1.3.0'
4444
testRuntimeOnly("com.google.guava:guava:${versions.guava}") {
@@ -58,33 +58,6 @@ test {
5858
jvmArgs += [ "-Djava.security.egd=file:/dev/urandom" ]
5959
}
6060

61-
/*
62-
* these two classes intentionally use the following JDK internal APIs in order to offer the necessary
63-
* functionality
64-
*
65-
* sun.security.internal.spec.TlsKeyMaterialParameterSpec
66-
* sun.security.internal.spec.TlsKeyMaterialSpec
67-
* sun.security.internal.spec.TlsMasterSecretParameterSpec
68-
* sun.security.internal.spec.TlsPrfParameterSpec
69-
* sun.security.internal.spec.TlsRsaPremasterSecretParameterSpec
70-
* sun.security.provider.SecureRandom
71-
*
72-
*/
73-
thirdPartyAudit.ignoreViolations(
74-
'org.bouncycastle.jcajce.provider.BouncyCastleFipsProvider$CoreSecureRandom',
75-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF',
76-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$BaseTLSKeyGeneratorSpi',
77-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator',
78-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSKeyMaterialGenerator$2',
79-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator',
80-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSMasterSecretGenerator$2',
81-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSPRFKeyGenerator',
82-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator',
83-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSRsaPreMasterSecretGenerator$2',
84-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator',
85-
'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator$2'
86-
)
87-
8861
thirdPartyAudit.ignoreMissingClasses(
8962
'org.brotli.dec.BrotliInputStream',
9063
'org.objectweb.asm.AnnotationVisitor',

distribution/tools/plugin-cli/licenses/bc-fips-1.0.2.5.jar.sha1

-1
This file was deleted.
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
ee9ac432cf08f9a9ebee35d7cf8a45f94959a7ab

distribution/tools/plugin-cli/licenses/bcpg-fips-1.0.7.1.jar.sha1

-1
This file was deleted.
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
51c2f633e0c32d10de1ebab4c86f93310ff820f8

0 commit comments

Comments
 (0)