diff --git a/.asf.yaml b/.asf.yaml new file mode 100644 index 000000000..f6b142872 --- /dev/null +++ b/.asf.yaml @@ -0,0 +1,29 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +github: + description: "Apache Commons Crypto" + homepage: https://commons.apache.org/crypto/ + +notifications: + commits: commits@commons.apache.org + issues: issues@commons.apache.org + pullrequests: issues@commons.apache.org + jira_options: link label + jobs: notifications@commons.apache.org + issues_bot_dependabot: notifications@commons.apache.org + pullrequests_bot_dependabot: notifications@commons.apache.org + issues_bot_codecov-commenter: notifications@commons.apache.org + pullrequests_bot_codecov-commenter: notifications@commons.apache.org diff --git a/.github/GH-ROBOTS.txt b/.github/GH-ROBOTS.txt new file mode 100644 index 000000000..e3329e55f --- /dev/null +++ b/.github/GH-ROBOTS.txt @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# Keeps on creating FUD PRs in test code +# Does not follow Apache disclosure policies +User-agent: JLLeitschuh/security-research +Disallow: * diff --git a/.github/workflows/adhoctest.yml b/.github/workflows/adhoctest.yml new file mode 100644 index 000000000..f029543d4 --- /dev/null +++ b/.github/workflows/adhoctest.yml @@ -0,0 +1,113 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Java AdHoc + +# Check for openssl and crypto installs + +on: + # allow direct trigger + workflow_dispatch: + # and self-trigger + push: + paths: + - '**/workflows/adhoctest.yml' + +permissions: + contents: read + +jobs: + build: + + runs-on: ${{ matrix.os }} + # env: + # LD_LIBRARY_PATH: "/usr/local" + # DYLD_LIBRARY_PATH: "/usr/local" + # ZLD_LIBRARY_PATH: "/usr/local" + # ZDYLD_LIBRARY_PATH: "/usr/local" + # DYLD: "/usr/local" + # DYLD_: "/usr/local" + # commons.crypto.debug: true + strategy: + matrix: + # os: [macos-latest] + os: [windows-latest] + java: [ 8 ] + # ref: [ 'rel/commons-crypto-1.1.0', master ] + ref: [ master ] + fail-fast: false + + steps: + # - uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0 + # with: + # persist-credentials: false + # ref: ${{ matrix.ref }} + # - name: Set up JDK ${{ matrix.java }} + # uses: actions/setup-java@v3.5.1 + # with: + # distribution: 'temurin' + # java-version: ${{ matrix.java }} + - name: OpenSSL version + run: openssl version -a + - name: Find libcrypto + run: | + dir -s 'C:\Program Files\' libcrypto.dll + # - name: Compile with Maven + # env: + # OPENSSL_HOME: "C:\\Miniconda\\Library" + # run: mvn -V compile -D"rat.skip" -D"animal.sniffer.skip" --no-transfer-progress -DtrimStackTrace=false + # - name: Run sample Crypto + # run: | + # mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.Crypto" -D"commons.crypto.debug=true" + # - name: Run sample OpenSslJna (default library) + # if: always() + # run: | + # mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"commons.crypto.debug=true" + # # - name: Run sample OpenSslJna + # # if: always() + # # run: | + # # mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"jna.library.path=C:/Miniconda/Library/bin" + # - name: Run sample OpenSslJna (miniconda lib) + # if: always() + # run: | + # mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"jna.library.path=/usr/local/miniconda/lib" -D"commons.crypto.debug=true" + # - name: Run sample OpenSslJna (Cellar lib from openssl version -a) + # if: always() + # run: | + # mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"jna.library.path=/usr/local/Cellar/openssl@1.1/1.1.1v/lib" -D"commons.crypto.debug=true" + # # - name: Find OpenSSL Mac + # # if: ${{ matrix.os == 'macos-latest' }} + # # run: | + # # for i in $(which -a openssl) ; do echo $i; $i version ; echo ""; done + # # set -v + # # find /usr/lib -name libcrypto*.dylib -ls || true + # # find /usr/local -name libcrypto*.dylib -ls || true + # # find /opt/local/lib -name libcrypto*.dylib -ls || true + # # - name: Find OpenSSL Win + # # if: ${{ matrix.os == 'windows-latest' }} + # # run: | + # # where /T openssl + # # echo "===" + # # where /T libcrypto.dll + # # echo "===" + # # dir "C:\Program Files\OpenSSL\bin\" + # # C: + # # cd \ + # # dir /s libcrypto*.dll + # # shell: cmd + # - name: env sort + # if: always() + # run: | + # env | sort diff --git a/.github/workflows/benchmarkadhoc.yml b/.github/workflows/benchmarkadhoc.yml new file mode 100644 index 000000000..541749f26 --- /dev/null +++ b/.github/workflows/benchmarkadhoc.yml @@ -0,0 +1,68 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Benchmark adhoc + +on: + # allow direct trigger + workflow_dispatch: + +permissions: + contents: read + +jobs: + build: + + runs-on: ${{ matrix.os }} + continue-on-error: ${{ matrix.experimental }} + strategy: + matrix: + # macos-latest and ubuntu-latest uses OpenSSL 3 which breaks tests + os: [macos-11, ubuntu-20.04, windows-latest] + # Run lowest and highest Java versions only + java: [ 8, 21 ] + experimental: [false] + fail-fast: false + + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + distribution: 'temurin' + java-version: ${{ matrix.java }} + - name: OpenSSL version + run: openssl version -a + # - name: Build with Maven + # # OPENSSL_HOME is needed for Windows build; not used by other builds so can set unconditionally + # # It's not clear how one is supposed to find the correct setting; + # # The value below was found by searching for openssl files under C (warning: slow) + # # Other possible values are: + # # "C:\\Miniconda\\pkgs\\openssl-1.1.1n-h2bbff1b_0\\Library" + # # "C:\\ProgramData\\chocolatey\\lib\\mingw\\tools\\install\\mingw64\\opt" + # env: + # OPENSSL_HOME: "C:\\Miniconda\\Library" + # run: mvn --show-version --batch-mode --no-transfer-progress -DtrimStackTrace=false clean test-compile -Pbenchmark + # # will fail on Windows... + - name: Host details + run: uname -a diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index fb0db3365..60d4f847d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -16,18 +16,27 @@ name: "CodeQL" on: + # allow direct trigger + workflow_dispatch: push: + paths-ignore: + - '**/workflows/*.yml' branches: [ master ] pull_request: + paths-ignore: + - '**/workflows/*.yml' # The branches below must be a subset of the branches above branches: [ master ] - schedule: - - cron: '33 9 * * 4' + # schedule: + # - cron: '33 9 * * 4' + +permissions: + contents: read jobs: analyze: name: Analyze - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 permissions: actions: read contents: read @@ -37,16 +46,35 @@ jobs: fail-fast: false matrix: language: [ 'cpp', 'java' ] + java: [ 8 ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://git.io/codeql-language-support steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 + with: + path: ~/.m2/repository + key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} + restore-keys: | + ${{ runner.os }}-maven- + + # Override Java default + # Java 11 complains about illegal access; drop this override when sorted + # Also complains: "Corrupted channel by directly writing to native stream in forked JVM 1" + - name: Set up JDK ${{ matrix.java }} + if: ${{ matrix.language == 'java' }} + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + distribution: 'temurin' + java-version: ${{ matrix.java }} # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -67,9 +95,10 @@ jobs: # uses a compiled language - name: Build with Maven - run: mvn package + # -DargLine=--add-opens=java.base/sun.nio.ch=ALL-UNNAMED (not with Java 8) + run: mvn -V package --no-transfer-progress -Drat.skip -Danimal.sniffer.skip # make bootstrap # make release - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5 diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 68d62f6fb..d7d0bb402 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -15,7 +15,15 @@ name: Coverage -on: [push, pull_request] +on: + # allow direct trigger + workflow_dispatch: + push: + paths-ignore: + - '**/workflows/*.yml' + pull_request: + paths-ignore: + - '**/workflows/*.yml' permissions: contents: read @@ -23,28 +31,30 @@ permissions: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-20.04 strategy: matrix: java: [ 8 ] steps: - - uses: actions/checkout@v3 - - uses: actions/cache@v3.0.4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: - distribution: adopt + distribution: 'temurin' java-version: ${{ matrix.java }} - name: Build with Maven - run: mvn -V test jacoco:report --file pom.xml --no-transfer-progress + run: mvn --show-version --batch-mode --no-transfer-progress test jacoco:report - name: Upload coverage to Codecov - uses: codecov/codecov-action@v3 + uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d # v3.1.4 with: files: ./target/site/jacoco/jacoco.xml diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml index e3c6516eb..46b7bf842 100644 --- a/.github/workflows/maven.yml +++ b/.github/workflows/maven.yml @@ -15,7 +15,21 @@ name: Java CI -on: [push, pull_request] +# cross-build tests are done in a separate action as they currrently take a long time + +on: + # allow direct trigger + workflow_dispatch: + push: + paths-ignore: + - '**/workflows/*.yml' + - '!**/workflows/maven.yml' + pull_request: + paths-ignore: + - '**/workflows/*.yml' + +permissions: + contents: read jobs: build: @@ -24,34 +38,98 @@ jobs: continue-on-error: ${{ matrix.experimental }} strategy: matrix: -# os: [ubuntu-latest, windows-latest, macos-latest] - os: [macos-latest] - java: [ 8, 11, 17 ] + # macos-latest and ubuntu-latest uses OpenSSL 3 which breaks tests + os: [macos-11, ubuntu-20.04, windows-latest] + # These names are used in conditional statements below. + java: [ 8, 11, 17, 21 ] experimental: [false] + # macos-13-arm64 does not appear to be available + # include: + # - java: 21 + # os: macos-13-arm64 + # experimental: true # include: -# - java: 18-ea -# os: ubuntu-latest -# experimental: true -# - java: 18-ea +# - java: 22-ea +# os: ubuntu-20.04 +# experimental: true +# - java: 22-ea # os: windows-latest -# experimental: true -# - java: 18-ea +# experimental: true +# - java: 22-ea # os: macos-latest -# experimental: true +# experimental: true + # We don't need to build all Java versions every time + # Try excluding 11, 17 on branch pushes + exclude: + - java: ${{ (github.ref != 'refs/heads/master' && github.event_name == 'push') && 11 || 99 }} + - java: ${{ (github.ref != 'refs/heads/master' && github.event_name == 'push') && 17 || 99 }} fail-fast: false - + steps: - - uses: actions/checkout@v3 - - uses: actions/cache@v3.0.4 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + - uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 with: path: ~/.m2/repository key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} restore-keys: | ${{ runner.os }}-maven- - name: Set up JDK ${{ matrix.java }} - uses: actions/setup-java@v3 + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 with: distribution: 'temurin' java-version: ${{ matrix.java }} - - name: Build with Maven - run: mvn -V --file pom.xml --no-transfer-progress -DtrimStackTrace=false + - name: OpenSSL version + run: openssl version -a + - name: OpenSSL engine (macos) + # need to override the libarary on macOS + if: ${{ matrix.os == 'macos-11' }} + run: | + echo $(openssl version -e | sed -n -e 's/engines-.*//' -e 's/: "/=/p') >> "$GITHUB_ENV" + - name: OpenSSL engine (windows) + # need to override the libarary on windows + if: ${{ matrix.os == 'windows-latest' }} + # e.g. NAME: "libcrypto-1_1-x64.dll" + # Not sure how to derive this automatically + run: | + openssl version -a + echo "NAME=libcrypto-1_1-x64.dll" >> $env:GITHUB_ENV + # N.B. '-V -B -ntp' is shorthand for '--show-version --batch-mode --no-transfer-progress' + # + # The bash shell under Windows changes the openssl default library, so is not used for running tests + # Unfortunately that means separate steps for Windows, as it uses a different syntax for referrring to + # environment variables: $env:VARNAME instead of $VARNAME + # Also, note that Windows stores all the DLLs in the same directory. + # Instead of defining jni.library.path and jna.library.path we need to define + # jni.library.name and commons.crypto.OpenSslNativeJna to override the file names + - name: Build with Maven (Windows) + if: ${{ matrix.os == 'windows-latest' }} + # OPENSSL_HOME is needed for Windows build to find some header files + # It's not clear how one is supposed to find the correct setting; + # The value below was found by searching for openssl files under C (warning: slow) + # Other possible values are: + # "C:\\Miniconda\\pkgs\\openssl-1.1.1n-h2bbff1b_0\\Library" + # "C:\\ProgramData\\chocolatey\\lib\\mingw\\tools\\install\\mingw64\\opt" + # N.B. This must *not* be run under the bash shell, as that changes the default openssl library under Windows + env: + OPENSSL_HOME: "C:\\Miniconda\\Library" + run: | + mvn -V -B -ntp -DtrimStackTrace=false -D"jni.library.name=$env:NAME" -D"commons.crypto.OpenSslNativeJna=$env:NAME" + - name: Build with Maven (not Windows) + if: ${{ matrix.os != 'windows-latest' }} + run: | + mvn -V -B -ntp -DtrimStackTrace=false -D"jni.library.path=$ENGINESDIR" -D"jna.library.path=$ENGINESDIR" + - name: Check benchmark code compiles + if: ${{ matrix.java == '8' }} + env: + OPENSSL_HOME: "C:\\Miniconda\\Library" + run: | + mvn -V -B -ntp clean test-compile -Pbenchmark + - name: Check JNI and JNA tests are independent + # N.B. the default library fails with 'java is loading libcrypto in an unsafe way' + # so we need to define the appropriate library for each test + if: ${{ matrix.java == '8' && matrix.os != 'windows-latest' }} + run: | + mvn -V -B -ntp test -Ptestjni -D"jni.library.path=$ENGINESDIR" -Dcommons.crypto.OpenSslNativeJna=___ + mvn -V -B -ntp test -Ptestjna -D"jna.library.path=$ENGINESDIR" -Djni.library.name=___ diff --git a/.github/workflows/maven_adhoc.yml b/.github/workflows/maven_adhoc.yml new file mode 100644 index 000000000..c337004fd --- /dev/null +++ b/.github/workflows/maven_adhoc.yml @@ -0,0 +1,71 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Maven adhoc + +on: + # allow direct trigger + workflow_dispatch: + # self-trigger + push: + paths: + - '**/maven_adhoc.yml' + +permissions: + contents: read + +jobs: + build: + runs-on: ${{ matrix.os }} + continue-on-error: ${{ matrix.experimental }} + strategy: + fail-fast: false + matrix: + # macos-latest and ubuntu-latest uses OpenSSL 3 which breaks tests + # os: [macos-11, ubuntu-20.04, windows-latest] + os: [ macos-latest, ubuntu-latest, windows-latest ] + # These names are used in conditional statements below. + # java: [ 8, 11, 17, 21 ] + java: [ 21 ] + experimental: [false] + + steps: + - name: OpenSSL version + run: openssl version -a + - name: Checkout + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + - name: Set up JDK ${{ matrix.java }} + uses: actions/setup-java@0ab4596768b603586c0de567f2430c30f5b0d2b0 # v3.13.0 + with: + distribution: 'temurin' + java-version: ${{ matrix.java }} + - name: Build only + env: + OPENSSL_HOME: "C:\\Miniconda\\Library" + run: | + mvn clean test -B -V -ntp -DskipTests + - name: JNI test default + run: | + mvn -q exec:java -D"exec.mainClass=org.apache.commons.crypto.Crypto" -D"commons.crypto.debug=true" + - name: JNA test default + if: always() + run: | + mvn -q exec:java -D"jna.debug_load=true" -D"exec.mainClass=org.apache.commons.crypto.jna.OpenSslJna" -D"commons.crypto.debug=true" + - name: Maven test default + if: always() + run: | + mvn surefire:test -B -V -ntp -D"jna.debug_load=true" -DtrimStackTrace=false -D"commons.crypto.debug=true" diff --git a/.github/workflows/maven_crossbuild.yml b/.github/workflows/maven_crossbuild.yml new file mode 100644 index 000000000..8ee670096 --- /dev/null +++ b/.github/workflows/maven_crossbuild.yml @@ -0,0 +1,52 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Java Cross Build + +# This is done as a separate action for now, as it takes a long time + +on: + # allow direct trigger + workflow_dispatch: + push: + paths: + - '**/native/**' + - '**/maven_crossbuild.yml' + +permissions: + contents: read + +jobs: + build-cross: + strategy: + matrix: + include: + - platform: aarch64 + - platform: riscv64 + jna_override: "-Djna.version=5.12.0" # See https://github.com/java-native-access/jna/issues/1557 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + with: + platforms: ${{ matrix.platform }} + - run: | + # Build package + docker compose -f src/docker/docker-compose.yaml run crypto src/docker/build.sh + # Run on platform + docker compose -f src/docker/docker-compose.yaml run crypto-${{ matrix.platform }} \ + mvn -V -B -ntp surefire:test ${{ matrix.jna_override }} diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml new file mode 100644 index 000000000..2c130e8ed --- /dev/null +++ b/.github/workflows/scorecards-analysis.yml @@ -0,0 +1,71 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache license, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the license for the specific language governing permissions and +# limitations under the license. + +name: "Scorecards supply-chain security" + +on: + branch_protection_rule: + # schedule: + # - cron: "30 1 * * 6" # Weekly on Saturdays + push: + branches: [ "master" ] + paths-ignore: + - '**/workflows/*.yml' + +permissions: read-all + +jobs: + + analysis: + + name: "Scorecards analysis" + runs-on: ubuntu-20.04 + permissions: + # Needed to upload the results to the code-scanning dashboard. + security-events: write + actions: read + id-token: write # This is required for requesting the JWT + contents: read # This is required for actions/checkout + + steps: + + - name: "Checkout code" + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # 2.3.1 + with: + results_file: results.sarif + results_format: sarif + # A read-only PAT token, which is sufficient for the action to function. + # The relevant discussion: https://github.com/ossf/scorecard-action/issues/188 + repo_token: ${{ secrets.GITHUB_TOKEN }} + # Publish the results for public repositories to enable scorecard badges. + # For more details: https://github.com/ossf/scorecard-action#publishing-results + publish_results: true + + - name: "Upload artifact" + uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # 3.1.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # 2.22.5 + with: + sarif_file: results.sarif diff --git a/BUILDING.txt b/BUILDING.txt index c74ae6a3a..0cc1bdda8 100644 --- a/BUILDING.txt +++ b/BUILDING.txt @@ -1,3 +1,19 @@ + Build instructions for Apache Commons Crypto ---------------------------------------------------------------------------------- @@ -8,9 +24,9 @@ Requirements: * Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files (if running unit tests) * export JAVA_HOME -* Maven 3.0 or above +* Maven 3.3.9 or above * Make -* OpenSSL devel 1.1.1 or above (OpenSSL library header files are required) +* OpenSSL devel 1.1.1 (OpenSSL library header files are required) * GCC * G++ @@ -46,7 +62,7 @@ Check OpenSSL version: $ openssl version -If it is not 1.0.1c or above, upgrade OpenSSL version to 1.0.1c or above: +If it is not 1.1.1, upgrade OpenSSL version to 1.1.1: Upgrade OpenSSL in Linux: @@ -54,7 +70,7 @@ You can follow your OS distribution instructions to upgrade OpenSSL to a proper Upgrade OpenSSL in Mac: - $ brew install openssl101 + $ brew install openssl111 $ brew link openssl --force Get OpenSSL headers: sudo apt -y install libssl-dev @@ -90,4 +106,3 @@ Building distributions: Please read http://commons.apache.org/releases/index.html - diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3a5e3e052..75c4be000 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -61,7 +61,7 @@ Making Changes -------------- + Create a _topic branch_ for your isolated work. - * Usually you should base your branch on the `master` or `trunk` branch. + * Usually you should base your branch on the `master` branch. * A good topic branch name can be the JIRA bug id plus a keyword, e.g. `CRYPTO-123-InputStream`. * If you have submitted multiple JIRA issues, try to maintain separate branches and pull requests. + Make commits of logical units. diff --git a/Makefile b/Makefile index 66064ba80..1a6ef9c76 100644 --- a/Makefile +++ b/Makefile @@ -18,7 +18,11 @@ include Makefile.common COMMONS_CRYPTO_OUT:=$(TARGET)/$(commons-crypto)-$(os_arch) -COMMONS_CRYPTO_OBJ:=$(addprefix $(COMMONS_CRYPTO_OUT)/,OpenSslCryptoRandomNative.o OpenSslNative.o OpenSslInfoNative.o) +COMMONS_CRYPTO_OBJ:=$(addprefix $(COMMONS_CRYPTO_OUT)/,OpenSslCryptoRandomNative.o OpenSslNative.o OpenSslInfoNative.o DynamicLoader.o) + +# Shorthand for local dependencies +CRYPTO_H:=$(SRC_NATIVE)/org/apache/commons/crypto/org_apache_commons_crypto.h lib/include/config.h +CRYPTO_RANDOM_H:=$(SRC_NATIVE)/org/apache/commons/crypto/random/org_apache_commons_crypto_random.h # Windows uses different path separators ifeq ($(OS_NAME),Windows) @@ -35,29 +39,36 @@ endif NATIVE_TARGET_DIR:=$(TARGET)/classes/org/apache/commons/crypto/native/$(OS_NAME)/$(OS_ARCH) NATIVE_DLL:=$(NATIVE_TARGET_DIR)/$(LIBNAME) -all: $(NATIVE_DLL) +all: show $(NATIVE_DLL) + +show: + @echo "=== OS_NAME=$(OS_NAME) OS_ARCH=$(OS_ARCH) os_arch=$(os_arch) ===" -#$(TARGET)/jni-classes/org/apache/commons/crypto/cipher/OpenSslNative.h: $(TARGET)/classes/org/apache/commons/crypto/cipher/OpenSslNative.class -# $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.cipher.OpenSslNative +$(TARGET)/jni-classes/org/apache/commons/crypto/cipher/OpenSslNative.h: $(TARGET)/classes/org/apache/commons/crypto/cipher/OpenSslNative.class + $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.cipher.OpenSslNative -#$(TARGET)/jni-classes/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.h: $(TARGET)/classes/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.class -# $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.random.OpenSslCryptoRandomNative +$(TARGET)/jni-classes/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.h: $(TARGET)/classes/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.class + $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.random.OpenSslCryptoRandomNative -$#(TARGET)/jni-classes/org/apache/commons/crypto/OpenSslInfoNative.h: $(TARGET)/classes/org/apache/commons/crypto/OpenSslInfoNative.class -# $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.OpenSslInfoNative +$(TARGET)/jni-classes/org/apache/commons/crypto/OpenSslInfoNative.h: $(TARGET)/classes/org/apache/commons/crypto/OpenSslInfoNative.class + $(JAVAH) -force -classpath $(TARGET)/classes -o $@ org.apache.commons.crypto.OpenSslInfoNative -$(COMMONS_CRYPTO_OUT)/OpenSslNative.o : $(SRC_NATIVE)/org/apache/commons/crypto/cipher/OpenSslNative.c $(TARGET)/jni-classes/org_apache_commons_crypto_cipher_OpenSslNative.h +$(COMMONS_CRYPTO_OUT)/OpenSslNative.o : $(SRC_NATIVE)/org/apache/commons/crypto/cipher/OpenSslNative.c $(CRYPTO_H) $(TARGET)/jni-classes/org_apache_commons_crypto_cipher_OpenSslNative.h @mkdir -p $(@D) $(CC) $(CFLAGS) -c $< -o $@ -$(COMMONS_CRYPTO_OUT)/OpenSslCryptoRandomNative.o : $(SRC_NATIVE)/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.c $(TARGET)/jni-classes/org_apache_commons_crypto_random_OpenSslCryptoRandomNative.h +$(COMMONS_CRYPTO_OUT)/OpenSslCryptoRandomNative.o : $(SRC_NATIVE)/org/apache/commons/crypto/random/OpenSslCryptoRandomNative.c $(CRYPTO_H) $(CRYPTO_RANDOM_H) $(TARGET)/jni-classes/org_apache_commons_crypto_random_OpenSslCryptoRandomNative.h @mkdir -p $(@D) $(CC) $(CFLAGS) -c $< -o $@ -$(COMMONS_CRYPTO_OUT)/OpenSslInfoNative.o : $(SRC_NATIVE)/org/apache/commons/crypto/OpenSslInfoNative.c $(TARGET)/jni-classes/org_apache_commons_crypto_OpenSslInfoNative.h +$(COMMONS_CRYPTO_OUT)/OpenSslInfoNative.o : $(SRC_NATIVE)/org/apache/commons/crypto/OpenSslInfoNative.c $(CRYPTO_H) $(TARGET)/jni-classes/org_apache_commons_crypto_OpenSslInfoNative.h @mkdir -p $(@D) $(CC) $(CFLAGS) -DVERSION='"$(VERSION)"' -DPROJECT_NAME='"$(PROJECT_NAME)"' -I"$(TARGET)/jni-classes" -c $< -o $@ +$(COMMONS_CRYPTO_OUT)/DynamicLoader.o : $(SRC_NATIVE)/org/apache/commons/crypto/DynamicLoader.c $(CRYPTO_H) + @mkdir -p $(@D) + $(CC) $(CFLAGS) -c $< -o $@ + $(COMMONS_CRYPTO_OUT)/$(LIBNAME): $(COMMONS_CRYPTO_OBJ) $(CXX) $(CXXFLAGS) -o $@ $+ $(LINKFLAGS) $(STRIP) $@ @@ -66,14 +77,14 @@ clean: $(DELTREE) $(subst /,$(FSEP),$(TARGET)/jni-classes) $(DELTREE) $(subst /,$(FSEP),$(COMMONS_CRYPTO_OUT)) -native: $(NATIVE_DLL) +native: show $(NATIVE_DLL) $(NATIVE_DLL): $(COMMONS_CRYPTO_OUT)/$(LIBNAME) @mkdir -p $(@D) cp $< $@ - @mkdir -p $(NATIVE_TARGET_DIR) - cp $< $(NATIVE_TARGET_DIR)/$(LIBNAME) +# These targets should correspond with the entries in the list 'known_os_archs' defined in Makefile.common +# e.g. linux32 corresponds with Linux-x86 win32: $(MAKE) native CROSS_PREFIX=i686-w64-mingw32- OS_NAME=Windows OS_ARCH=x86 @@ -87,6 +98,12 @@ mac32: mac64: $(MAKE) native OS_NAME=Mac OS_ARCH=x86_64 +macArm64: + $(MAKE) native OS_NAME=Mac OS_ARCH=arm64 + +mac-aarch64: + $(MAKE) native OS_NAME=Mac OS_ARCH=aarch64 + linux32: $(MAKE) native OS_NAME=Linux OS_ARCH=x86 @@ -108,8 +125,25 @@ linux-armhf: linux-aarch64: $(MAKE) native CROSS_PREFIX=aarch64-linux-gnu- OS_NAME=Linux OS_ARCH=aarch64 -clean-native-linux32: - $(MAKE) clean-native OS_NAME=Linux OS_ARCH=x86 +# for cross-compilation on Ubuntu, install the g++-riscv64-linux-gnu +linux-riscv64: + $(MAKE) native CROSS_PREFIX=riscv64-linux-gnu- OS_NAME=Linux OS_ARCH=riscv64 + +linux-ppc: # TODO: Untested; may need additional CROSS_PREFIX define + $(MAKE) native OS_NAME=Linux OS_ARCH=ppc + +linux-ppc64: # TODO: Untested; may need additional CROSS_PREFIX define + $(MAKE) native OS_NAME=Linux OS_ARCH=ppc64 + +sunos32: # TODO: Untested; may need additional CROSS_PREFIX define + $(MAKE) native OS_NAME=SunOS OS_ARCH=x86 + +sunos64: # TODO: Untested; may need additional CROSS_PREFIX define + $(MAKE) native OS_NAME=SunOS OS_ARCH=x86_64 + +sunos-sparc: # TODO: Untested; may need additional CROSS_PREFIX define + $(MAKE) native OS_NAME=SunOS OS_ARCH=sparc + +aix-ppc64: # TODO: Untested; may need additional CROSS_PREFIX define + $(MAKE) native OS_NAME=AIX OS_ARCH=ppc64 -clean-native-win32: - $(MAKE) clean-native OS_NAME=Windows OS_ARCH=x86 diff --git a/Makefile.common b/Makefile.common index eb866d3e8..449927487 100644 --- a/Makefile.common +++ b/Makefile.common @@ -51,9 +51,16 @@ jni_include := $(shell dirname "$(jni_md)") endif -# os=Default is meant to be generic unix/linux - -known_os_archs := Linux-x86 Linux-x86_64 Linux-aarch64 Linux-arm Linux-armhf Linux-ppc Linux-ppc64 Mac-x86 Mac-x86_64 FreeBSD-x86_64 Windows-x86 Windows-x86_64 SunOS-x86 SunOS-sparc SunOS-x86_64 AIX-ppc64 +# os=Default is meant to be generic Unix/Linux +# The following list must include all OS entries below (apart from Default) +# Also there should be a target in the makefile for each of the combinations +# For example, 'Linux-x86' is invoked by the target 'linux32' +known_os_archs := Linux-x86 Linux-x86_64 Linux-aarch64 Linux-riscv64 Linux-arm Linux-armhf Linux-ppc Linux-ppc64 \ + Mac-x86 Mac-x86_64 Mac-arm64 Mac-aarch64 \ + FreeBSD-x86_64 \ + Windows-x86 Windows-x86_64 \ + SunOS-x86 SunOS-sparc SunOS-x86_64 \ + AIX-ppc64 os_arch := $(OS_NAME)-$(OS_ARCH) ifeq (,$(findstring $(strip $(os_arch)),$(known_os_archs))) @@ -65,67 +72,74 @@ os_folder := $(shell echo $(OS_NAME) | tr A-Z a-z) # cross-compilation toolchain prefix (e.g. "arm-linux-gnueabi-") CROSS_PREFIX := -Default_CC := $(CROSS_PREFIX)gcc -Default_CXX := $(CROSS_PREFIX)g++ -Default_STRIP := $(CROSS_PREFIX)strip -Default_CFLAGS := -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -Default_CXXFLAGS := -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -Default_LINKFLAGS := -shared -static -Default_LIBNAME := libcommons-crypto.so +Default_CC := $(CROSS_PREFIX)gcc +Default_CXX := $(CROSS_PREFIX)g++ +Default_STRIP := $(CROSS_PREFIX)strip +Default_CFLAGS := -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden +Default_CXXFLAGS := -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden +Default_LINKFLAGS := -shared -static +Default_LIBNAME := libcommons-crypto.so +Default_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Default_COMMONS_CRYPTO_FLAGS := -Linux-x86_CC := $(CROSS_PREFIX)gcc -Linux-x86_CXX := $(CROSS_PREFIX)g++ -Linux-x86_STRIP := $(CROSS_PREFIX)strip -Linux-x86_CXXFLAGS := -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -m32 -Linux-x86_CFLAGS := -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -m32 -Linux-x86_LINKFLAGS := -shared -static-libgcc -static-libstdc++ -Linux-x86_LIBNAME := libcommons-crypto.so +Linux-x86_CC := $(CROSS_PREFIX)gcc +Linux-x86_CXX := $(CROSS_PREFIX)g++ +Linux-x86_STRIP := $(CROSS_PREFIX)strip +Linux-x86_CXXFLAGS := -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -m32 +Linux-x86_CFLAGS := -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -m32 +Linux-x86_LINKFLAGS := -shared -static-libgcc -static-libstdc++ +Linux-x86_LIBNAME := libcommons-crypto.so +Linux-x86_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-x86_COMMONS_CRYPTO_FLAGS:= -Linux-x86_64_CC := $(CROSS_PREFIX)gcc -Linux-x86_64_CXX := $(CROSS_PREFIX)g++ -Linux-x86_64_STRIP := $(CROSS_PREFIX)strip -Linux-x86_64_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Wall -Werror -Linux-x86_64_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Wall -Werror -Linux-x86_64_LINKFLAGS := -shared -static-libgcc -Linux-x86_64_LIBNAME := libcommons-crypto.so +Linux-x86_64_CC := $(CROSS_PREFIX)gcc +Linux-x86_64_CXX := $(CROSS_PREFIX)g++ +Linux-x86_64_STRIP := $(CROSS_PREFIX)strip +Linux-x86_64_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Wall -Werror +Linux-x86_64_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Wall -Werror +Linux-x86_64_LINKFLAGS := -shared -static-libgcc +Linux-x86_64_LIBNAME := libcommons-crypto.so +Linux-x86_64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-x86_64_COMMONS_CRYPTO_FLAGS := -Linux-ppc_CC := gcc -Linux-ppc_CXX := g++ -Linux-ppc_STRIP := strip -Linux-ppc_CXXFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m32 -Linux-ppc_CFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m32 -Linux-ppc_LINKFLAGS := -shared -static-libgcc -static-libstdc++ -Linux-ppc_LIBNAME := libcommons-crypto.so +Linux-ppc_CC := gcc +Linux-ppc_CXX := g++ +Linux-ppc_STRIP := strip +Linux-ppc_CXXFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m32 +Linux-ppc_CFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m32 +Linux-ppc_LINKFLAGS := -shared -static-libgcc -static-libstdc++ +Linux-ppc_LIBNAME := libcommons-crypto.so +Linux-ppc_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-ppc_COMMONS_CRYPTO_FLAGS := -Linux-ppc64_CC := gcc -Linux-ppc64_CXX := g++ -Linux-ppc64_STRIP := strip -Linux-ppc64_CXXFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Linux-ppc64_CFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 -Linux-ppc64_LINKFLAGS := -shared -static-libgcc -static-libstdc++ -Linux-ppc64_LIBNAME := libcommons-crypto.so +Linux-ppc64_CC := gcc +Linux-ppc64_CXX := g++ +Linux-ppc64_STRIP := strip +Linux-ppc64_CXXFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 +Linux-ppc64_CFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 +Linux-ppc64_LINKFLAGS := -shared -static-libgcc -static-libstdc++ +Linux-ppc64_LIBNAME := libcommons-crypto.so +Linux-ppc64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-ppc64_COMMONS_CRYPTO_FLAGS := AIX-ppc64_CC := gcc AIX-ppc64_CXX := g++ AIX-ppc64_STRIP := strip -X64 -AIX-ppc64_LIBNAME := libcommons-crypto.a AIX-ppc64_CXXFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 AIX-ppc64_CFLAGS := -DHAVE_CONFIG_H -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -m64 AIX-ppc64_LINKFLAGS := -shared -static-libgcc -static-libstdc++ -lcrypt +AIX-ppc64_LIBNAME := libcommons-crypto.a +# TODO: AIX-ppc64_LIBNAME_OSSL3 ? AIX-ppc64_COMMONS_CRYPTO_FLAGS := -SunOS-x86_CC := gcc -SunOS-x86_CXX := g++ -SunOS-x86_STRIP := strip -SunOS-x86_CFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -SunOS-x86_CXXFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -SunOS-x86_LINKFLAGS := -shared -static-libgcc -static-libstdc++ -SunOS-x86_LIBNAME := libcommons-crypto.so +SunOS-x86_CC := gcc +SunOS-x86_CXX := g++ +SunOS-x86_STRIP := strip +SunOS-x86_CFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden +SunOS-x86_CXXFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden +SunOS-x86_LINKFLAGS := -shared -static-libgcc -static-libstdc++ +SunOS-x86_LIBNAME := libcommons-crypto.so +SunOS-x86_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so SunOS-x86_COMMONS_CRYPTO_FLAGS := SunOS-sparc_CC := gcc @@ -135,6 +149,7 @@ SunOS-sparc_CFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include SunOS-sparc_CXXFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden SunOS-sparc_LINKFLAGS := -shared -static-libgcc -static-libstdc++ SunOS-sparc_LIBNAME := libcommons-crypto.so +SunOS-sparc_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so SunOS-sparc_COMMONS_CRYPTO_FLAGS := SunOS-x86_64_CC := gcc @@ -144,6 +159,7 @@ SunOS-x86_64_CFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/includ SunOS-x86_64_CXXFLAGS := -include lib/inc_linux/jni_md.h -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -m64 SunOS-x86_64_LINKFLAGS := -shared -static-libgcc -static-libstdc++ SunOS-x86_64_LIBNAME := libcommons-crypto.so +SunOS-x86_64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so SunOS-x86_64_COMMONS_CRYPTO_FLAGS := # '-include lib/inc_linux/jni_md.h' is used to force the use of our version, @@ -154,10 +170,11 @@ SunOS-x86_64_COMMONS_CRYPTO_FLAGS := Linux-arm_CC := $(CROSS_PREFIX)gcc Linux-arm_CXX := $(CROSS_PREFIX)g++ Linux-arm_STRIP := $(CROSS_PREFIX)strip -Linux-arm_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)include" -O2 -fPIC -fvisibility=hidden -mfloat-abi=softfp -Linux-arm_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)include" -O2 -fPIC -fvisibility=hidden -mfloat-abi=softfp +Linux-arm_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -mfloat-abi=softfp +Linux-arm_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -mfloat-abi=softfp Linux-arm_LINKFLAGS := -shared -static-libgcc Linux-arm_LIBNAME := libcommons-crypto.so +Linux-arm_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-arm_COMMONS_CRYPTO_FLAGS:= Linux-armhf_CC := $(CROSS_PREFIX)gcc @@ -167,6 +184,7 @@ Linux-armhf_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -O2 -fPIC -fvi Linux-armhf_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -O2 -fPIC -fvisibility=hidden -mfloat-abi=hard Linux-armhf_LINKFLAGS := -shared -static-libgcc Linux-armhf_LIBNAME := libcommons-crypto.so +Linux-armhf_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-armhf_COMMONS_CRYPTO_FLAGS:= Linux-aarch64_CC := $(CROSS_PREFIX)gcc @@ -176,26 +194,63 @@ Linux-aarch64_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_ma Linux-aarch64_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -Wall -Werror Linux-aarch64_LINKFLAGS := -shared -static-libgcc Linux-aarch64_LIBNAME := libcommons-crypto.so +Linux-aarch64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so Linux-aarch64_COMMONS_CRYPTO_FLAGS := +Linux-riscv64_CC := $(CROSS_PREFIX)gcc +Linux-riscv64_CXX := $(CROSS_PREFIX)g++ +Linux-riscv64_STRIP := $(CROSS_PREFIX)strip +Linux-riscv64_CXXFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -Wall -Werror +Linux-riscv64_CFLAGS := -Ilib/inc_linux -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden -Wall -Werror +Linux-riscv64_LINKFLAGS := -shared -static-libgcc +Linux-riscv64_LIBNAME := libcommons-crypto.so +Linux-riscv64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so +Linux-riscv64_COMMONS_CRYPTO_FLAGS := + +ifndef Mac_INC_OPENSSL +Mac_INC_OPENSSL := /usr/local/opt/openssl/include +endif + Mac-x86_CC := gcc -arch i386 Mac-x86_CXX := g++ -arch i386 Mac-x86_STRIP := strip -x -Mac-x86_CFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.4 -fvisibility=hidden -I/usr/local/include -I/usr/local/opt/openssl/include -Mac-x86_CXXFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.4 -fvisibility=hidden -I/usr/local/include -I/usr/local/opt/openssl/include +Mac-x86_CFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.4 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) +Mac-x86_CXXFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.4 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) Mac-x86_LINKFLAGS := -dynamiclib -static-libgcc -L/usr/local/lib Mac-x86_LIBNAME := libcommons-crypto.jnilib +Mac-x86_LIBNAME_OSSL3 := libcommons-crypto-ossl3.jnilib Mac-x86_COMMONS_CRYPTO_FLAGS := Mac-x86_64_CC := gcc -arch $(OS_ARCH) Mac-x86_64_CXX := gcc -arch $(OS_ARCH) Mac-x86_64_STRIP := strip -x -Mac-x86_64_CFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.7 -fvisibility=hidden -I/usr/local/include -I/usr/local/opt/openssl/include -Mac-x86_64_CXXFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.7 -fvisibility=hidden -I/usr/local/include -I/usr/local/opt/openssl/include +Mac-x86_64_CFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.7 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) +Mac-x86_64_CXXFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=10.7 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) Mac-x86_64_LINKFLAGS := -dynamiclib -L/usr/local/lib Mac-x86_64_LIBNAME := libcommons-crypto.jnilib +Mac-x86_64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.jnilib Mac-x86_64_COMMONS_CRYPTO_FLAGS := +Mac-arm64_CC := gcc -arch $(OS_ARCH) +Mac-arm64_CXX := gcc -arch $(OS_ARCH) +Mac-arm64_STRIP := strip -x +Mac-arm64_CFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=11.0 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) +Mac-arm64_CXXFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=11.0 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) +Mac-arm64_LINKFLAGS := -dynamiclib -L/usr/local/lib +Mac-arm64_LIBNAME := libcommons-crypto.jnilib +Mac-arm64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.jnilib +Mac-arm64_COMMONS_CRYPTO_FLAGS := + +Mac-aarch64_CC := gcc -arch arm64 +Mac-aarch64_CXX := gcc -arch arm64 +Mac-aarch64_STRIP := strip -x +Mac-aarch64_CFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=11.0 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) +Mac-aarch64_CXXFLAGS := -Ilib/inc_mac -I"$(JAVA_HOME)/include" -O2 -fPIC -mmacosx-version-min=11.0 -fvisibility=hidden -I/usr/local/include -I$(Mac_INC_OPENSSL) +Mac-aarch64_LINKFLAGS := -dynamiclib -L/usr/local/lib +Mac-aarch64_LIBNAME := libcommons-crypto.jnilib +Mac-aarch64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.jnilib +Mac-aarch64_COMMONS_CRYPTO_FLAGS := + FreeBSD-x86_64_CC := $(CROSS_PREFIX)gcc FreeBSD-x86_64_CXX := $(CROSS_PREFIX)g++ FreeBSD-x86_64_STRIP := $(CROSS_PREFIX)strip @@ -203,6 +258,7 @@ FreeBSD-x86_64_CFLAGS := -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC FreeBSD-x86_64_CXXFLAGS := -I"$(JAVA_HOME)/include" -Ilib/inc_mac -O2 -fPIC -fvisibility=hidden FreeBSD-x86_64_LINKFLAGS := -shared -static-libgcc FreeBSD-x86_64_LIBNAME := libcommons-crypto.so +FreeBSD-x86_64_LIBNAME_OSSL3 := libcommons-crypto-ossl3.so FreeBSD-x86_64_COMMONS_CRYPTO_FLAGS := Windows-x86_CC := $(CROSS_PREFIX)gcc @@ -212,6 +268,7 @@ Windows-x86_CFLAGS := -I/usr/share/mingw-w64/include -I"$(JAVA_HOME)/inclu Windows-x86_CXXFLAGS := -I/usr/share/mingw-w64/include -I"$(JAVA_HOME)/include" -I"$(OPENSSL_HOME)/include" -Ilib/inc_win -O2 -fno-inline Windows-x86_LINKFLAGS := -Wl,--kill-at -shared -static Windows-x86_LIBNAME := commons-crypto.dll +Windows-x86_LIBNAME_OSSL3 := commons-crypto-ossl3.dll Windows-x86_COMMONS_CRYPTO_FLAGS := Windows-x86_64_CC := $(CROSS_PREFIX)gcc @@ -221,6 +278,7 @@ Windows-x86_64_CFLAGS := -I/usr/share/mingw-w64/include -I"$(JAVA_HOME)/in Windows-x86_64_CXXFLAGS := -I/usr/share/mingw-w64/include -I"$(JAVA_HOME)/include" -I"$(OPENSSL_HOME)/include" -Ilib/inc_win -O2 -fno-inline Windows-x86_64_LINKFLAGS := -Wl,--kill-at -shared -static Windows-x86_64_LIBNAME := commons-crypto.dll +Windows-x86_64_LIBNAME_OSSL3 := commons-crypto-ossl3.dll Windows-x86_64_COMMONS-CRYPTO_FLAGS := @@ -232,6 +290,7 @@ CFLAGS := $($(os_arch)_CFLAGS) CXXFLAGS := $($(os_arch)_CXXFLAGS) LINKFLAGS := $($(os_arch)_LINKFLAGS) LIBNAME := $($(os_arch)_LIBNAME) +LIBNAME_OSSL3 := $($(os_arch)_LIBNAME_OSSL3) COMMONS-CRYPTO_FLAGS := $($(os_arch)_COMMONS-CRYPTO_FLAGS) diff --git a/NOTICE.txt b/NOTICE.txt index dbc46b5e0..5395df2d9 100644 --- a/NOTICE.txt +++ b/NOTICE.txt @@ -1,5 +1,5 @@ Apache Commons Crypto -Copyright 2016-2022 The Apache Software Foundation +Copyright 2016-2023 The Apache Software Foundation This product includes software developed at The Apache Software Foundation (https://www.apache.org/). diff --git a/PROPOSAL.html b/PROPOSAL.html index 6d374ffff..eb0ef7fe4 100644 --- a/PROPOSAL.html +++ b/PROPOSAL.html @@ -40,81 +40,81 @@ - -
+ +

Proposal for Apache Commons Crypto Package

- +

(0) Rationale

- -

Providing Java based optimized and high performance cryptographic IO streams for -the applications who wants to implement the data encryption. It also provides cipher -level API to use. It does provide the openssl API integration and provide the fallback + +

Providing Java based optimized and high performance cryptographic IO streams for +the applications that want to implement the data encryption. It also provides cipher +level API to use. It does provide the openssl API integration and provide the fallback mechanism to use JCE when openssl library unavailable.

-

(Note: Please note that Commons Crypto doesn’t +

(Note: Please note that Commons Crypto doesn’t -implement the cryptographic algorithm such as AES directly. It wraps to Openssl or JCE +implement the cryptographic algorithm such as AES directly. It wraps to OpenSSL or JCE which implement algorithms.)

- +

(1) Scope of the Package

- -

This proposal is to create a package of cryptographic IO classes with the integration -of Openssl library.

+

This proposal is to create a package of cryptographic IO classes with the integration + +of OpenSSL library.

-

It focuses on AES-NI optimizations mainly and it can be extended to other algorithms +

It focuses on AES-NI optimizations mainly, and it can be extended to other algorithms based on demand from the users later.

- +

(1.5) Interaction With Other Packages

- -

IO Commons Crypto relies on standard JDK 7 (or later) APIs for production -deployment and on OpenSSL 1.0.1c devl libraries. It utilizes the JUnit unit testing +

IO Commons Crypto relies on standard JDK 7 (or later) APIs for production + +deployment and on OpenSSL 1.0.1c devl libraries. It utilizes the JUnit unit testing framework, but this is of interest only to developers of the component. - The functionality provided by Commons Crypto is currently in use by Apache Hadoop - - and Apache Spark, and both of those communities have expressed interest in changing - + The functionality provided by Commons Crypto is currently in use by Apache Hadoop + + and Apache Spark, and both of those communities have expressed interest in changing + their dependency to be on the central Commons Crypto package once it exists.

- +

(2) Initial Source of the Package

- +

The initial classes came from the Apache Hadoop.

- +

The proposed package name for the new component is org.apache.commons.crypto.

- +

(3) Required Apache Commons Resources

- + - +

(4) Initial Committers

- +