Merge branch 'develop' into evp_factory

* develop: Support testing against JDK17 (corretto#165) Add assumeMinimumVersion to InputBuffer tests (corretto#160) Update CHANGELOG for 1.6.1 (corretto#158) Fix issue with hashing (corretto#157) Improve the README (corretto#155)
SalusaSecondus · Sep 21, 2021 · 244016b · 244016b
2 parents 6e67e13 + a72c6de
commit 244016b
Show file tree

Hide file tree

Showing 19 changed files with 522 additions and 345 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,15 +1,16 @@
 # Changelog
 
-## 2.0.0 (Unreleased)
-We're marking this as a major version release due to new implementions of `KeyFactory`.
-Though these changes are expected to have no visible impact (other than performance) to consumers,
-they do correspond to a significant rearchitecture of ACCP.
+## EVP (Unreleased)
+(Temporarily marking it as 2.0)
 
 ### Improvements
 * Add `KeyFactory` implementations for RSA, EC, DH, and DSA keys. This also includes our own implementations of keys for the same algorithms. [PR #132](https://github.com/corretto/amazon-corretto-crypto-provider/pull/132)
 
 ### Patches
 * Correctly reject non-empty `PSource.PSpecified` values for RSA-OAEP.
+## 1.6.1
+### Patches
+* Fix an issue where a race condition can cause ACCP's MessageDigest hashing algorithms to return the same value for different inputs [PR #157](https://github.com/corretto/amazon-corretto-crypto-provider/pull/157)
 
 ## 1.6.0
 ### Breaking Change

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -50,6 +50,7 @@ endif()
 
 if (NOT DEFINED TEST_JAVA_HOME)
   set(TEST_JAVA_EXECUTABLE ${Java_JAVA_EXECUTABLE})
+  set(TEST_JAVA_MAJOR_VERSION ${Java_VERSION_MAJOR})
 else()
   set(TEST_JAVA_EXECUTABLE ${TEST_JAVA_HOME}/bin/java)
 endif()
@@ -608,8 +609,20 @@ add_custom_command(
 add_custom_target(tests-jar DEPENDS ${TESTS_JAR})
 set_property(TARGET tests-jar PROPERTY JAR_FILE ${TESTS_JAR})
 
+# These flags are necessary in Java17+ in order for certain unit tests to
+# perform deep reflection on nonpublic members
+if (TEST_JAVA_MAJOR_VERSION VERSION_GREATER_EQUAL 17)
+  set(TEST_ADD_OPENS
+    --add-opens java.base/javax.crypto=ALL-UNNAMED
+    --add-opens java.base/java.lang.invoke=ALL-UNNAMED
+    --add-opens java.base/java.security=ALL-UNNAMED
+    --add-exports jdk.crypto.ec/sun.security.ec=java.base
+    )
+endif()
+
 set(TEST_RUNNER_ARGUMENTS
     -javaagent:${JACOCO_AGENT_JAR}=destfile=coverage/jacoco.exec,classdumpdir=coverage/classes
+    ${TEST_ADD_OPENS}
     -Djava.library.path=$<TARGET_FILE_DIR:amazonCorrettoCryptoProvider>
     -Dcom.amazon.corretto.crypto.provider.inTestSuite=hunter2
     -Dtest.data.dir=${TEST_DATA_DIR}

diff --git a/README.md b/README.md
@@ -106,7 +106,7 @@ Whether you're using Maven, Gradle, or some other build system that also pulls
 packages from Maven Central, it's important to specify `linux-x86_64` as the
 classifier. You'll get an empty package otherwise.
 
-Regardless of how you acquire ACCP (Maven, manual build, etc.) you will still need to follow the guidance in the [Configuration section][#configuration] to enable ACCP in your application.
+Regardless of how you acquire ACCP (Maven, manual build, etc.) you will still need to follow the guidance in the [Configuration section](#configuration) to enable ACCP in your application.
 
 ### Maven
 Add the following to your `pom.xml` or wherever you configure your Maven dependencies.
@@ -175,6 +175,8 @@ Building this provider requires a 64 bit Linux build system with the following p
 * release: **Default target** depends on build, test, and coverage
 * overkill: Run **all** tests (no coverage)
 * generateEclipseClasspath: Generates a `.classpath` file which is understandable by Eclipse and VS Code to make development easier. (This should ideally be run prior to opening ACCP in your IDE.)
+* single_test: Runs a single unit test. The test is selected with the Java system property `SINGLE_TEST`. For example: `./gradlew single_test -DSINGLE_TEST=com.amazon.corretto.crypto.provider.test.EcGenTest`
+  (You may need to do a clean build when switching between selected tests.)
 
 ## Configuration
 There are several ways to configure the ACCP as the highest priority provider in Java.

diff --git a/arm.patch b/arm.patch
diff --git a/build.gradle b/build.gradle
@@ -48,15 +48,15 @@ repositories {
 
 dependencies {
     // Separate so we can extract the jar for the agent specifically
-    jacocoAgent group: 'org.jacoco', name: 'org.jacoco.agent', version: '0.8.3', classifier: 'runtime'
+    jacocoAgent group: 'org.jacoco', name: 'org.jacoco.agent', version: '0.8.7', classifier: 'runtime'
 
     // Separate so we can extract the jar for the runner specifically
     testRunner group: 'org.junit.platform', name: 'junit-platform-console-standalone', version: '1.6.2'
 
     testDep 'org.junit.jupiter:junit-jupiter:5.6.2'
     testDep 'org.junit.vintage:junit-vintage-engine:5.6.2'
-    testDep 'org.bouncycastle:bcprov-debug-jdk15on:1.65'
-    testDep 'org.bouncycastle:bcpkix-jdk15on:1.65'
+    testDep 'org.bouncycastle:bcprov-debug-jdk15on:1.69'
+    testDep 'org.bouncycastle:bcpkix-jdk15on:1.69'
     testDep 'commons-codec:commons-codec:1.12'
     testDep 'org.hamcrest:hamcrest:2.1'
     testDep 'org.jacoco:org.jacoco.core:0.8.3'
@@ -83,13 +83,6 @@ task getOpensslSrc(type: Copy) {
     def outputDir = file("${buildDir}/openssl/")
     from tarTree(tarFile)
     into outputDir
-
-    doLast {
-        // Remove this once the patch is incorporated into an official OpenSSL release
-        ant.patch(patchfile: "${projectDir}/arm.patch",
-            dir: opensslSrcPath,
-            strip: 1)
-    }
 }
 
 task buildOpenSsl {
@@ -160,6 +153,9 @@ task executeCmake(type: Exec) {
     if (System.properties['TEST_JAVA_HOME'] != null) {
         args '-DTEST_JAVA_HOME=' + System.properties['TEST_JAVA_HOME']
     }
+    if (System.properties['TEST_JAVA_MAJOR_VERSION'] != null) {
+        args '-DTEST_JAVA_MAJOR_VERSION=' + System.properties['TEST_JAVA_MAJOR_VERSION']
+    }
 
     if (System.properties['SINGLE_TEST'] != null) {
         args '-DSINGLE_TEST=' + System.properties['SINGLE_TEST']
@@ -442,7 +438,7 @@ if (project.hasProperty('mavenUser') && project.hasProperty('jcecertAlias')) {
         }
     }
 
-    task sign(overwrite: true) {
+    task sign {
         doFirst {
             ant.fail('Insufficient configuration for signing')
         }

diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar
diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties
@@ -1,5 +1,5 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-5.3-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-7.2-bin.zip
 zipStoreBase=GRADLE_USER_HOME
 zipStorePath=wrapper/dists