Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move to openssl 1.1.1i #136

Merged
merged 2 commits into from
Dec 8, 2020
Merged

Move to openssl 1.1.1i #136

merged 2 commits into from
Dec 8, 2020

Conversation

SalusaSecondus
Copy link
Contributor

Upgrades ACCP to OpenSSL 1.1.1i.

Note that ACCP is not impacted by CVE-2020-1971.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

AzeemJiva
AzeemJiva previously approved these changes Dec 8, 2020
View reviewed changes
lrstewart
lrstewart previously approved these changes Dec 8, 2020
View reviewed changes
CHANGELOG.md Outdated
@@ -12,6 +12,8 @@ method.
* Stricter guarantees about which curves are used for EC key generation. [PR #127](https://github.com/corretto/amazon-corretto-crypto-provider/pull/127)
* Reduce timing signal from trimming zeros of TLSPremasterSecrets from DH KeyAgreement. [PR #129](https://github.com/corretto/amazon-corretto-crypto-provider/pull/129)
* Reuse state in `MessageDigest` to decrease object allocation rate. [PR #131](https://github.com/corretto/amazon-corretto-crypto-provider/pull/131)
* Now uses [OpenSSL 1.1.1i](https://www.openssl.org/source/openssl-1.1.1i.tar.gz). [PR #136](https://github.com/corretto/amazon-corretto-crypto-provider/pull/136)
(ACCP is not impacted by [CVE-2020-1971](https://www.openssl.org/news/secadv/20201208.txt).)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it worth saying why it's not impacted?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if it is necessary. It is related to TLS and certificates and we don't do anything with them.

@SalusaSecondus SalusaSecondus dismissed stale reviews from lrstewart and AzeemJiva via e6c151c December 8, 2020 17:04
@SalusaSecondus SalusaSecondus merged commit 3ea3061 into corretto:develop Dec 8, 2020
@SalusaSecondus SalusaSecondus deleted the ossl_i branch December 8, 2020 21:07
SalusaSecondus added a commit to SalusaSecondus/amazon-corretto-crypto-provider that referenced this pull request Apr 15, 2021
@SalusaSecondus
Merge branch 'develop' into evp_factory. Picks up 1.6.0 version
6e67e13 
* develop:
  Remove dead code and bump patch version
  Add logic to generate a classpath file
  Clarify best practices are local to ACCP
  Improve documentation (corretto#151)
  Update CHANGELOG for 1.6.0 (corretto#148)
  Handle RsaCipher#engineDoFinal with no input bytes (corretto#147)
  Validate that AesGcmSpi#engineInit gets non-null key (corretto#146)
  Move to OpenSSL 1.1.1j (corretto#145)
  Add list of known differences (corretto#137)
  Better output size estimates. Fixes corretto#135
  Move to openssl 1.1.1i (corretto#136)
  Initial commit of the development guide (corretto#134)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lrstewart lrstewart lrstewart approved these changes

@ttjsu-aws ttjsu-aws ttjsu-aws approved these changes

@AzeemJiva AzeemJiva AzeemJiva left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@SalusaSecondus @AzeemJiva @lrstewart @ttjsu-aws