Merge branch 'master' into CRYPTO-161

.asf.yaml

@@ -0,0 +1,29 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+github:
+  description: "Apache Commons Crypto"
+  homepage: https://commons.apache.org/crypto/
+
+notifications:
+    commits:      [email protected]
+    issues:       [email protected]
+    pullrequests: [email protected]
+    jira_options: link label
+    jobs:         [email protected]
+    issues_bot_dependabot: [email protected]
+    pullrequests_bot_dependabot: [email protected]
+    issues_bot_codecov-commenter: [email protected]
+    pullrequests_bot_codecov-commenter: [email protected]

.github/GH-ROBOTS.txt

@@ -0,0 +1,19 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Keeps on creating FUD PRs in test code
+# Does not follow Apache disclosure policies
+User-agent: JLLeitschuh/security-research
+Disallow: *

.github/workflows/adhoctest.yml

@@ -0,0 +1,113 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Java AdHoc
+
+# Check for openssl and crypto installs
+
+on:
+  # allow direct trigger
+  workflow_dispatch:
+  # and self-trigger
+  push:
+    paths:
+      - '**/workflows/adhoctest.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+
+    runs-on: ${{ matrix.os }}
+    # env:
+      # LD_LIBRARY_PATH:  "/usr/local"
+      # DYLD_LIBRARY_PATH:  "/usr/local"
+      # ZLD_LIBRARY_PATH:  "/usr/local"
+      # ZDYLD_LIBRARY_PATH:  "/usr/local"
+      # DYLD:  "/usr/local"
+      # DYLD_:  "/usr/local"
+      # commons.crypto.debug: true
+    strategy:
+      matrix:
+        # os: [macos-latest]
+        os: [windows-latest]
+        java: [ 8 ]
+        # ref: [ 'rel/commons-crypto-1.1.0', master ]
+        ref: [ master ]
+      fail-fast: false
+
+    steps:
+    # - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0
+    #   with:
+    #     persist-credentials: false
+    #     ref: ${{ matrix.ref }}
+    # - name: Set up JDK ${{ matrix.java }}
+    #   uses: actions/[email protected]
+    #   with:
+    #     distribution: 'temurin'
+    #     java-version: ${{ matrix.java }}
+    - name: OpenSSL version
+      run: openssl version -a
+    - name: Find libcrypto
+      run: |
+        dir -s 'C:\Program Files\' libcrypto.dll
+    # - name: Compile with Maven
+    #   env:
+    #     OPENSSL_HOME: "C:\\Miniconda\\Library"
+    #   run: mvn -V compile -D"rat.skip" -D"animal.sniffer.skip" --no-transfer-progress -DtrimStackTrace=false
+    # - name: Run sample Crypto
+    #   run: |
+    #     mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.Crypto" -D"commons.crypto.debug=true"
+    # - name: Run sample OpenSslJna (default library)
+    #   if: always()
+    #   run: |
+    #     mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"commons.crypto.debug=true"
+    # # - name: Run sample OpenSslJna
+    # #   if: always()
+    # #   run: |
+    # #     mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"jna.library.path=C:/Miniconda/Library/bin"
+    # - name: Run sample OpenSslJna (miniconda lib)
+    #   if: always()
+    #   run: |
+    #     mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"jna.library.path=/usr/local/miniconda/lib" -D"commons.crypto.debug=true"
+    # - name: Run sample OpenSslJna (Cellar lib from openssl version -a)
+    #   if: always()
+    #   run: |
+    #     mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"jna.library.path=/usr/local/Cellar/[email protected]/1.1.1v/lib" -D"commons.crypto.debug=true"
+    # # - name: Find OpenSSL Mac
+    # #   if: ${{ matrix.os == 'macos-latest' }}
+    # #   run: |
+    # #     for i in $(which -a openssl) ; do  echo $i; $i version ; echo ""; done
+    # #     set -v
+    # #     find /usr/lib -name libcrypto*.dylib -ls || true
+    # #     find /usr/local -name libcrypto*.dylib -ls || true
+    # #     find /opt/local/lib -name libcrypto*.dylib -ls || true
+    # # - name: Find OpenSSL Win
+    # #   if: ${{ matrix.os == 'windows-latest' }}
+    # #   run: |
+    # #     where /T openssl
+    # #     echo "==="
+    # #     where /T libcrypto.dll
+    # #     echo "==="
+    # #     dir "C:\Program Files\OpenSSL\bin\"
+    # #     C:
+    # #     cd \
+    # #     dir /s libcrypto*.dll
+    # #   shell: cmd
+    # - name: env sort
+    #   if: always()
+    #   run: |
+    #     env | sort

.github/workflows/benchmarkadhoc.yml

@@ -0,0 +1,68 @@
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+name: Benchmark adhoc
+
+on:
+  # allow direct trigger
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+
+    runs-on: ${{ matrix.os }}
+    continue-on-error: ${{ matrix.experimental }}
+    strategy:
+      matrix:
+        # macos-latest and ubuntu-latest uses OpenSSL 3 which breaks tests
+        os: [macos-11, ubuntu-20.04, windows-latest]
+        # Run lowest and highest Java versions only
+        java: [ 8, 21 ]
+        experimental: [false]
+      fail-fast: false
+
+    steps:
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        persist-credentials: false
+    - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+    - name: Set up JDK ${{ matrix.java }}
+      uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+      with:
+        distribution: 'temurin'
+        java-version: ${{ matrix.java }}
+    - name: OpenSSL version
+      run: openssl version -a
+    # - name: Build with Maven
+    #   # OPENSSL_HOME is needed for Windows build; not used by other builds so can set unconditionally
+    #   # It's not clear how one is supposed to find the correct setting;
+    #   # The value below was found by searching for openssl files under C (warning: slow)
+    #   # Other possible values are:
+    #   # "C:\\Miniconda\\pkgs\\openssl-1.1.1n-h2bbff1b_0\\Library"
+    #   # "C:\\ProgramData\\chocolatey\\lib\\mingw\\tools\\install\\mingw64\\opt"
+    #   env:
+    #     OPENSSL_HOME: "C:\\Miniconda\\Library"
+    #   run: mvn --show-version --batch-mode --no-transfer-progress -DtrimStackTrace=false clean test-compile -Pbenchmark
+    #   # will fail on Windows...
+    - name: Host details
+      run: uname -a

.github/workflows/codeql-analysis.yml

@@ -16,18 +16,27 @@
 name: "CodeQL"
 
 on:
+  # allow direct trigger
+  workflow_dispatch:
   push:
+    paths-ignore:
+      - '**/workflows/*.yml'
     branches: [ master ]
   pull_request:
+    paths-ignore:
+      - '**/workflows/*.yml'
     # The branches below must be a subset of the branches above
     branches: [ master ]
-  schedule:
-    - cron: '33 9 * * 4'
+  # schedule:
+  #   - cron: '33 9 * * 4'
+
+permissions:
+  contents: read
 
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     permissions:
       actions: read
       contents: read
@@ -37,16 +46,35 @@ jobs:
       fail-fast: false
       matrix:
         language: [ 'cpp', 'java' ]
+        java: [ 8 ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        persist-credentials: false
+    - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
+      with:
+        path: ~/.m2/repository
+        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+        restore-keys: |
+          ${{ runner.os }}-maven-
+
+    # Override Java default
+    # Java 11 complains about illegal access; drop this override when sorted
+    # Also complains: "Corrupted channel by directly writing to native stream in forked JVM 1"
+    - name: Set up JDK ${{ matrix.java }}
+      if: ${{ matrix.language == 'java' }}
+      uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
+      with:
+        distribution: 'temurin'
+        java-version: ${{ matrix.java }}
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -67,9 +95,10 @@ jobs:
     #    uses a compiled language
 
     - name: Build with Maven
-      run: mvn package
+      # -DargLine=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED (not with Java 8)
+      run: mvn -V package  --no-transfer-progress -Drat.skip -Danimal.sniffer.skip
 #      make bootstrap
 #      make release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5

.github/workflows/coverage.yml

@@ -15,36 +15,46 @@
 
 name: Coverage
 
-on: [push, pull_request]
+on:
+  # allow direct trigger
+  workflow_dispatch:
+  push:
+    paths-ignore:
+      - '**/workflows/*.yml'
+  pull_request:
+    paths-ignore:
+      - '**/workflows/*.yml'
 
 permissions:
   contents: read
 
 jobs:
   build:
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     strategy:
       matrix:
         java: [ 8 ]
 
     steps:
-    - uses: actions/checkout@v3
-    - uses: actions/[email protected]
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        persist-credentials: false
+    - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
       with:
         path: ~/.m2/repository
         key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
         restore-keys: |
           ${{ runner.os }}-maven-
     - name: Set up JDK ${{ matrix.java }}
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0
       with:
-        distribution: adopt
+        distribution: 'temurin'
         java-version: ${{ matrix.java }}
     - name: Build with Maven
-      run: mvn -V test jacoco:report --file pom.xml --no-transfer-progress
+      run: mvn --show-version --batch-mode --no-transfer-progress test jacoco:report
 
     - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v3
+      uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4
       with:
         files: ./target/site/jacoco/jacoco.xml