Add FIPS platforms check #333
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
taoliult
requested review from
JinhangZhang,
KostasTsiounis,
jasonkatonica and
johnpeck-us-ibm
KostasTsiounis
requested changes
Nov 8, 2024
src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusFIPS.java
Outdated
Show resolved
Hide resolved
src/main/java/com/ibm/crypto/plus/provider/OpenJCEPlusFIPS.java
Outdated
Show resolved
Hide resolved
taoliult
force-pushed
the
main_platformsCheck
branch
2 times, most recently
from
2f5942c to
94aecdb
Compare
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]>
taoliult
force-pushed
the
main_platformsCheck
branch
from
4adc187 to
d193a94
Compare
taoliult
added a commit
to taoliult/OpenJCEPlus
that referenced
this pull request
Nov 14, 2024
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]>
taoliult
added a commit
to taoliult/OpenJCEPlus
that referenced
this pull request
Nov 14, 2024
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]>
taoliult
added a commit
to taoliult/OpenJCEPlus
that referenced
this pull request
Nov 14, 2024
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]>
taoliult
added a commit
to taoliult/OpenJCEPlus
that referenced
this pull request
Nov 14, 2024
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]>
taoliult
added a commit
to taoliult/OpenJCEPlus
that referenced
this pull request
Nov 14, 2024
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]>
johnpeck-us-ibm
added a commit
to johnpeck-us-ibm/OpenJCEPlus
that referenced
this pull request
May 22, 2025
commit b04f54bb73356cb48c249907eddeec1285e2feed Author: John Peck <[email protected]> Date: Thu May 22 14:20:23 2025 -0500 Remove SLH-DSA and Update PQC keys to do the encoding themselves, Signed-off-by: John Peck <[email protected]> commit 99e0da53ffa13d8c5cb95774472bcec69e39f7ba Merge: 41b133e da4c646 Author: John Peck <[email protected]> Date: Tue May 20 14:08:15 2025 -0500 Merge branch 'IBM:main' into PQCNew commit 41b133ea277b049044af82cad794e9fc5f53aecf Author: John Peck <[email protected]> Date: Tue May 20 13:47:44 2025 -0500 Add tests and clean up code Signed-off-by: John Peck <[email protected]> commit da4c64681199e2b117aebb58c2d8911446886544 Author: KostasTsiounis <[email protected]> Date: Fri May 16 11:59:15 2025 -0400 Check for acceptable values in NamedParameterSpec (#593) When initializing XDH or Ed instances of keypair generator, key factory and/or key agreement classes using a NamedParameterSpec instance, ensure that only appropriate values are accepted or throw an InvalidAlgorithmParameterException. Tests to check that functionality are also added. Signed-off-by: Kostas Tsiounis <[email protected]> commit b010a4e9d0ce9ad60c1aafa85c804dd9e65227f9 Author: Jason Katonica <[email protected]> Date: Wed May 14 17:21:55 2025 -0400 Update maven dependencies (#592) This update moves to the latest mvn dependencies available. Signed-off-by: Jason Katonica <[email protected]> commit 04df847b61f2950f67d861ea280363559158ed01 Author: Jason Katonica <[email protected]> Date: Tue May 13 15:33:23 2025 -0400 Guard against short buffer within ECDHKeyAgreement (#587) When performing ECDH KeyAgreement a buffer can optionally be specified to store the key. This update ensures that this buffer is large enough otherwise a `Array index out of range` exception occurs. Signed-off-by: Jason Katonica <[email protected]> commit a17f00e2699f8119882f24c2d8530ebfe59c77d4 Author: gin-nader <[email protected]> Date: Mon May 12 16:40:42 2025 -0400 Updates to native makefile for z/OS (#586) This update includes additional changes needed for compiling on z/OS. Specifically, this allows for the use of OpenXL when compiling z/OS. Signed-off-by: Tom Ginader <[email protected]> commit 9ea46e3cf8112a6903310f7d44245b423a76552b Author: John Peck <[email protected]> Date: Mon May 12 14:15:31 2025 -0500 Intrerop Changes. Signed-off-by: John Peck <[email protected]> commit 796f4fc8629cfea068cbaaf38a74b36c1832c4e4 Author: gin-nader <[email protected]> Date: Mon May 5 13:29:53 2025 -0400 Add necessary updates for compilation on z/OS (#578) This update adds a new Maven profile for z/OS. It also includes a dummy header file that is required for OpenXL compiling. The real file will get copied over during a z/OS JDK build. Signed-off-by: Tom Ginader <[email protected]> commit f8915d9abddbb447d1d4c92c6356028aeb6896a4 Author: KostasTsiounis <[email protected]> Date: Fri May 2 19:55:13 2025 -0400 Update KeyAgreement classes to support Generic secret generation (#573) The engineGenerateSecret(String) method in KeyAgreement classes currently only supports "TlsPremasterSecret", but the expectation starting in Java 25 is that "Generic" should be accepted as well. This change accomplishes that. Additional test cases to verify said behaviour are added. Signed-off-by: Kostas Tsiounis <[email protected]> commit fe0d1c0f29b7453db1b8cad68fcfe775efc860ff Author: Jason Katonica <[email protected]> Date: Fri May 2 18:35:50 2025 -0400 Throw exception for negative digest len or offset (#575) The length passed into the MessageDigest update method was not being checked for a negative value. This update consolidates buffer length checking in `MessageDigest` for negative length, negative offset, and insufficient buffer size. New tests were added to ensure expected behavior for for all digests implemented. Signed-off-by: Jason Katonica <[email protected]> commit cdcbb53e42437a18533d2a5e399a5f4b53981eb2 Author: KostasTsiounis <[email protected]> Date: Fri May 2 14:23:39 2025 -0400 Update loading encoded OAEPParameters (#572) Since Java 21, the expected behaviour of loading encoded OAEPParameters has changed to allow for OPTIONAL fields and enforce their order. The `-Dopenjceplus.oaep.disableOrderCheck` flag is introduced to revert to the old behaviour for legacy reasons, but it will be removed in a future release. Signed-off-by: Kostas Tsiounis <[email protected]> commit 50ae82aea5e22ad52060bf010b30da32af370e29 Author: Tao Liu <[email protected]> Date: Fri Apr 25 15:25:14 2025 -0400 Add check for unsupported EdDSA signature algorithms (#564) The EdDSA signature implementation in OpenJCEPlus only supports the default mode (Ed25519 or Ed448), where the EdDSAParameterSpec context is null and prehash is set to false. This update adds checks in EdDSASignature to ensure Invalid algorithm parameter exception is properly thrown. Signed-off-by: Tao Liu <[email protected]> commit 142dda5684e03c11200ad9600efef32dd7f95fa8 Author: Jason Katonica <[email protected]> Date: Thu Apr 24 08:52:06 2025 -0400 Optimize SecureRandom usage in various services (#559) `AESCCMCipher` was making use of the default `SecureRandom` algorithm configured on a system. This class should instead make use of the random associated with the provider in use. `AESCCMCipher`, `AESCipher`, `AESKeyGenerator`, `ChaCha20KeyGenerator`, `DESedeCipher`, `DESedeKeyGenerator`, `ECKeyPairGenerator`, `GCMParameterGenerator`, `HmacKeyGenerator`, `TlsRsaPremasterSecretGenerator` were modified to reuse a single source of randomness instead of creating a new instance each time a service is initialized. Test execution times have improved due to this update. All fields that reference sources of randomness are no longer static. There are concerns that a class may be initialized with a non FIPS provider prior to being used by the FIPS provider. In this case a wrong source of random could potentially be used. The `synchronized` block used in `AESGCMCipher` is no longer needed given this field is no longer static. Various classes were updated to use a consistent field name, `cryptoRandom`, to hold a sources of randomness. This was done to avoid potential name conflicts with the commonly used `random` argument sent through various APIs. References to this field no longer make use of the `this` keyword given this refactor of the field name now being more unique. A bug was found in both the `ChaCha20Cipher` and `ChaCha20Poly1305Cipher` classes in which the user defined source of randomess was being accidentally being used due to a mix up between `this.random` and the method parameter `random`. The deterministic test was adjusted accordingly for the new behavior. `CCMParameterGenerator` and `TlsRsaPremasterSecretGenerator` no longer honor a user defined source of randomness similar to our behavior in other services. The unused field `random` was removed from `EdDSAKeyPairGenerator`. Signed-off-by: Jason Katonica <[email protected]> commit 4ff6109e1ceb7878732eaf14eae8756ef47621f7 Author: JinhangZhang <[email protected]> Date: Mon Apr 21 11:36:31 2025 -0400 Fix the comment in RSAPSSSignature (#560) Solve the compilation failure happens on issue #21668 Signed-off-by: JinhangZhang <[email protected]> commit 29cd1f1637514e2a7aabe2de15b6342163984673 Author: John Peck <[email protected]> Date: Fri Apr 18 15:28:02 2025 -0500 ReDo repo and add encoding tests. Signed-off-by: John Peck <[email protected]> commit d01e45f27108009e8859855dd640fd89120059c8 Author: Jason Katonica <[email protected]> Date: Wed Apr 16 14:53:54 2025 -0400 Throw InvalidKeyException when XDH small order (#540) This update matches JDK behavior for XDH key agreement when a small point order is encountered. Signed-off-by: Jason Katonica <[email protected]> commit 7ff8ffaf331555cf27fda919d293f6f66de3d2e7 Author: JinhangZhang <[email protected]> Date: Tue Apr 15 15:56:09 2025 -0400 Check PSSParameterSpec with different message digest (#535) The mask generation function (MGF) based on a hash algo is recommended to use the same hash function as the hash function fingerprinting the message for RSA-PSS. However the structures in [PKCS#1v2.1] allow for separate parameterization of the MGF and the message digest. OpenJCEPlus restricts to use the same hash algo for both MGF and message digest. This will cause test failures since the tests are expecting different MGF and message digest behavior. Signed-off-by: JinhangZhang <[email protected]> commit b25d258cbae90b564eabb3e01697ef7182bf71d3 Author: Jason Katonica <[email protected]> Date: Mon Apr 14 14:56:31 2025 -0400 Test and change user supplied random generation (#530) For the OpenJCEPlus provider a few adjustments were made to ensure that a user supplied random generator was really ignored. A new test has been added to iterate through services registered by both the OpenJCEPlus and OpenJCEPlusFIPS providers. The test ensures that the SecureRandom generator that could be passed to various algorithms are being ignored correctly. Signed-off-by: Jason Katonica <[email protected]> commit ac2263aa9c4a30ce14b1addbfab55c70e59801e9 Author: KostasTsiounis <[email protected]> Date: Fri Apr 11 08:28:27 2025 -0400 Update ChaCha20 and ChaCha20Poly1305 cipher to match expected Cipher behaviour (#518) Certain changes have to be made to match the official documentation regarding Cipher instances: - In newer Java versions (11+), init() needs to be called after doFinal() when encrypting. - When performing a doFinal() with a short buffer, a call to init is required. Tests to validate said behaviour are also added or altered accordingly. Signed-off-by: Kostas Tsiounis <[email protected]> commit 4c98bd6de38ecf84b8b52bc871d223dca23f4e40 Author: Jason Katonica <[email protected]> Date: Thu Apr 10 12:56:37 2025 -0400 Less instantiation of cipher objects in AES tests (#514) The tests associated with BaseTestAES and BaseTestAESInterop currently instantiate numerous AES Cipher objects in very tight and large loops. This ends up putting unncessary pressure on the heap occasionally cause OOM conditions. This update simply reuses Ciphers. Signed-off-by: Jason Katonica <[email protected]> commit acca2226fc06373e2116d48f409aed77ecd95647 Author: Jason Katonica <[email protected]> Date: Wed Apr 9 14:24:06 2025 -0400 Tolerate empty message EdDSA (#516) The EdDSA signature algorithm always returned the value false in the case that no message was provided to the user. This behavior diverges from other cryptographic providers. This update allows for verification of null messages. The EdDSA interop test was modified to ensure that sign and verify operations between bouncy castle and OpenJCEPlus providers work including sign and verify options without any message sent to the Signature instance. The test was also converted to a parameterized test and now uses the JCE framework instead of the bouncy castle key factory. Signed-off-by: Jason Katonica <[email protected]> commit 09457ef4181d9af844474ade9f32ba40f4259c0c Author: KostasTsiounis <[email protected]> Date: Wed Apr 9 08:58:10 2025 -0400 Update PSSParameters's engineToString to match OpenJDK's version (#515) Signed-off-by: Kostas Tsiounis <[email protected]> commit 8a46e34c4ec0fe2ce254964e2e08ef541f9e7ab7 Author: Tao Liu <[email protected]> Date: Tue Apr 8 16:20:52 2025 -0400 Update DSAParameters engineToString to match OpenJDK's version (#517) The test PKCS8Test checks the output format of the DSAParameters engineToString() method. The expected format [DSA, p: 02 q: 03 g: 04 ] But the actual format [DSA, p: 2 q: 3 g: 4 ] Update OpenJCEPlus DSAParameters engineToString() method to match OpenJDK. Signed-off-by: Tao Liu <[email protected]> commit e4c1f1da6aa072c7f23d845a0ff01fda62214ff5 Author: Jason Katonica <[email protected]> Date: Tue Apr 8 16:03:23 2025 -0400 Modify Jenkins pipeline machine tags (#513) This update changes Jenkins target tags used for pipeline executions. Additionally the visual studio setup file available on Windows is now run as a replacement for manually setting PATH, INCLUDE, and LIB variables. Signed-off-by: Jason Katonica <[email protected]> commit 4b1d7f0408a1b098c347d7b90f759e4a27e56d59 Author: KostasTsiounis <[email protected]> Date: Fri Mar 14 13:20:10 2025 -0400 Remove local copies of NamedCurve and CurveDB (#501) The exact same classes are offered by the JDK,so there is no need for us to maintain our own copies of NamedCurve and CurveDB. Some changes are also made in the ECParameters class to account for a method from CurveDB that is not public, as well as match OpenJDK behaviour of getParameterSpec. Signed-off-by: Kostas Tsiounis <[email protected]> commit e89c543ef63bb822a5b198e96bc804d2b2206df2 Author: Tao Liu <[email protected]> Date: Thu Mar 13 17:21:04 2025 -0400 Potential multithreading issues related to static variables (#485) This commit checks all static variables across Java files to investigate potential multithreading issues and implements the following changes: AESGCMCipher.java: Update getSecureRandom with a synchronized block to ensure thread safety. CurveUtil.java, ECNamedCurve.java, OpenJCEPlusProvider.java, RSAKeyPairGenerator.java, and ByteArrayOutputDelay.java: Update some static variables to static final since they remain unchanged after initialization. SymmetricCipher.java: Update static variables to static final as they do not change after initialization. Additionally, use ConcurrentHashMap to enforce thread safety. In addition to the changes made in this commit, there are other static variables, as outlined below: CurveUtil.java: This class contains three static Map variables, which are initialized in a static block. After initialization, these maps are only read, not written or modified. So, they are thread-safe. NativeInterface.java: The variables osName and osArch are defined as private static String. Regardless of potential race conditions or multiple threads trying to initialize these variables, the values of these static variables remain consistent across the JVM. So, they should be thread-safe. Digest.java: This class contains two static arrays, which are initialized within a synchronized block. As a result, the initialization is thread-safe, ensuring that the arrays are correctly set up for concurrent access. AESCCMCipher.java: The static variable private static SecureRandom random = null; is declared but not used in this class. AESCipher.java: The static variable private static int isHardwareSupport = 0; is declared but not used in this class. OpenJCEPlus.java and OpenJCEPlusFIPS.java: The static variables ockInitialized and ockContext are initialized within a synchronized method, so they should be fine. The static variable private static Map<String, String> attrs; is declared but not used in this class. OAEPParameters.java: The static variables OID_MGF1 and OID_PSpecified are initialized in a static block, so they should be fine. OCKContext.java: The static variable private static String libraryBuildDate = unobtainedValue; is initialized within a synchronized method, so it should be fine. CurveDB.java: This class contains static maps, but since we removed CurveDB in another PR, no changes are needed for those maps. CCMCipher.java, GCMCipher.java, and SymmetricCipher.java: The hardware check variables are defined as static. However, on open platforms, hardware support is not checked at all. So, this static variable has no actual impact. Signed-off-by: Tao Liu <[email protected]> commit 20fb11625fcdd782a03dd589afaf52ab24cd9e1d Author: Jason Katonica <[email protected]> Date: Fri Mar 7 09:20:18 2025 -0500 Remove TLS_RSA* cipher suites from int test (#502) In Java 24 the `TLS_RSA*` TLS ciphers are no longer enabled by default. This update adjusts the integration tests accordingly and no longer runs these tests. Signed-off-by: Jason Katonica <[email protected]> commit a25fcfb45b0ed3bbfeb74376003dc1779fdc9b9e Author: Jason Katonica <[email protected]> Date: Tue Mar 4 11:54:28 2025 -0500 Update to use latest maven dependencies (#486) This update strips trailing whitespace from a few lines of the pom.xml file. This update also updates all maven dependencies versions to the latest available. Signed-off-by: Jason Katonica <[email protected]> commit 6f117a55c7f18f030f9d9dc003bef49ba87ceb92 Author: Tao Liu <[email protected]> Date: Tue Mar 4 11:34:14 2025 -0500 Enhancements to AES-GCM Tests and Cipher Initialization (#473) This update addresses multiple issues related to the AES-GCM cipher. AES context creation is now validated to prevent returning a NULL context. Using a NULL context in subsequent API calls was previously causing crashes. The ICC_AES_GCM_CTX_ctrl API has been removed, as it was deprecated and no longer needed. AES-GCM test cases were updated to eliminate unintended use of static variables in multi-threaded scenarios. This issue could lead to unpredictable behavior due to concurrent reads and writes to shared fields. BaseTestAESGCMUpdate now uses StringBuilder instead of string concatenation, reducing memory pressure and improving efficiency. Signed-off-by: Tao Liu <[email protected]> commit f732e984337b253d782fdb0e14fdd8a94db59f89 Author: Jason Katonica <[email protected]> Date: Mon Mar 3 16:01:15 2025 -0500 Upgrade Maven from 3.9.6 to 3.9.9 (#484) This update changes the Jenkins pipeline to use maven version 3.9.9. Signed-off-by: Jason Katonica <[email protected]> commit 4232773e9318de1929c9ea3d923ab00da79376f4 Author: KostasTsiounis <[email protected]> Date: Fri Feb 28 20:59:38 2025 -0500 Add profiles for Java 24 and 25 (#487) Signed-off-by: Kostas Tsiounis <[email protected]> commit ed5b7805aa351d81a873ed7476e19da6b804f75c Author: Jason Katonica <[email protected]> Date: Wed Feb 26 15:50:33 2025 -0500 Migrate to GPLv2 license (#475) This set of updates migrates the OpenJCEPlus project to the GPLv2 license with classpath exception. Signed-off-by: Jason Katonica <[email protected]> commit d97223e7b764e715830f2519f518b326bfdc4041 Author: KostasTsiounis <[email protected]> Date: Wed Feb 26 11:49:37 2025 -0500 Update Jenkinsfile to use cygpath (#468) The Jenkinsfile is update to use cygpath when dealing with Windows paths. A few other minor modifications are made to improve code readability. Signed-off-by: Kostas Tsiounis <[email protected]> commit 246996e2121068d55815c47e4c1c1e87327aa4ff Author: Jason Katonica <[email protected]> Date: Wed Feb 19 11:46:29 2025 -0500 Always save all output from build pipeline execution (#458) On occasion there are various files that we would like to save upon failure such as dumps. These files typically reside in the root folder of the build in the `OpenJCEPlus` folder. This update saves the entire `OpenJCEPlus` folder and also always saves the output even when a failure occurs. Each iteration of a build on a given platform is now also saved. Signed-off-by: Jason Katonica <[email protected]> commit 0f406cbaf9c150b69b48a34b14fb5e98a4be1f9a Author: Tao Liu <[email protected]> Date: Tue Feb 18 15:52:56 2025 -0500 Add the DHUtils class to verify the DH key size (#449) This commit creates the DHUtils class to verify the DH key size in the DHKeyFactory and DHKeyPairGenerator classes. Fixes #433 Signed-off-by: Tao Liu <[email protected]> commit e804cc618d31dd2dac503446be636b90dfab61cd Author: Jason Katonica <[email protected]> Date: Tue Feb 11 13:51:35 2025 -0500 Remove the use of the SecurityManager (#448) As described in [JEP 486](https://openjdk.org/jeps/486) the SecurityManager is being disabled in Java 24. This update removes all use of the SecurityManager class and privileged actions. Signed-off-by: Jason Katonica <[email protected]> commit 85d57edccd8896207d2896239cda9258d84273a3 Author: Tao Liu <[email protected]> Date: Tue Feb 11 13:50:58 2025 -0500 Initialize FastJNIBuffer only when use_z_fast_command is set to true (#450) FastJNIBuffer is initialized every time a SymmetricCipher instance is created, regardless of whether it is used or not. Move the initialization of FastJNIBuffer to occur only when use_z_fast_command is set to true. Signed-off-by: Tao Liu <[email protected]> commit 37a2ba06b8cb8eda1ee111c7403f9c02f3363361 Author: Jason Katonica <[email protected]> Date: Thu Feb 6 08:12:37 2025 -0500 Add support for PBKDF2 algorithms (#432) The following algorithms will be added to the OpenJCEPlusFIPS provider: - PBKDF2WithHmacSHA224 - PBKDF2WithHmacSHA256 - PBKDF2WithHmacSHA384 - PBKDF2WithHmacSHA512 The following algorithms will be added to the OpenJCEPlus provider: - PBKDF2WithHmacSHA1 - PBKDF2WithHmacSHA224 - PBKDF2WithHmacSHA256 - PBKDF2WithHmacSHA384 - PBKDF2WithHmacSHA512 Updates required include: - Adding a new PBKDF2Core class based on OpenJDK. - Adding a new PBKDF2KeyImpl class based on OpenJDK yet modified to make use of the OCKC library to perform PBKDF2 key derivations. - New JNI code to call a new native method to derive a key using PBKDF2 from a given password, salt, iteration count, and desired key length. - Updates in makefiles to allow the new PBKDF.c file to be built into the JNI dll. - A new set of interoperability test was created to enforce that we get the same results from SunJCE, OpenJCEPlus, OpenJCEPlusFIPS for the KeyFactory methods `generateSecret`, `translateKey`, and `getKeySpec`. - A new test was introduce to drive various KAT and error paths. Signed-off-by: Jason Katonica <[email protected]> commit d3cfc060f58ebedff57be4eee43c10c455e9c054 Author: KostasTsiounis <[email protected]> Date: Mon Feb 3 12:08:27 2025 -0500 Update ECDSASignature to match expected behaviour (#416) The method engineSetParameter that gets an AlgorithmParameterSpec as a parameter is implemented, thus overriding the existing version that just throws an UnsupportedOperationException. The engineSetParameter that gets String and Object parameters is updated to match the behaviour of similar implementations from other providers. Override annotations are added to specific methods to enforce checks. A few more test cases are added to check the new functionality. Signed-off-by: Kostas Tsiounis <[email protected]> commit 11f69c4e5ebf53fe73ea5ea90472012f013eaabb Author: Jason Katonica <[email protected]> Date: Mon Feb 3 08:53:39 2025 -0500 Eliminate older junit dependency (#410) The older junit dependency is still configured in the pom.xml mvn file as a dependency. This update removes this dependency and migrates all codes to junit jupiter framework. In particular the following changes were made. 1. The `pom.xml` file was updated to remove the junit dependency. It was replaced by just the hamcrest portion of the features that are used in the project. 1. All imports are now being done from the `org.junit.jupiter.api` package instead of `org.junit`. 1. Various assertions required the message string to be last argument to the method instead of first. Signed-off-by: Jason Katonica <[email protected]> commit 5d77157598a48bf3cd0db6b4767e19930512cbfd Author: Tao Liu <[email protected]> Date: Thu Jan 16 13:52:40 2025 -0500 Update the DH key size check to include the exponent size check (#423) Fixes https://github.com/IBM/OpenJCEPlus/issues/418 Move the checkKeyLengths() method from DHKeyFactory to DHKeyPairGenerator, rename it to checkKeySize(), and add a check for the exponent size, same as OpenJDK did. Signed-off-by: Tao Liu <[email protected]> commit 37e81db1a7bbf9e7c2668cd7d015fd2f61f2fc4c Author: KostasTsiounis <[email protected]> Date: Thu Jan 16 13:50:15 2025 -0500 Implement calculatePublicKey() in classes that extend PKCS8Key (#372) PKCS8Key implements the InternalPrivateKey interface that contains the calculatePublicKey() method. If not implemented, an UnsupportedOperationException is thrown. This functionality is implemented to support this operation instead of getting an exception. Signed-off-by: Kostas Tsiounis <[email protected]> commit 8d34b3de7ee8ceb856688c40dbeb6ac22363cd35 Author: Jason Katonica <[email protected]> Date: Wed Jan 15 11:17:08 2025 -0500 Format all C source code using clang-format (#409) This update adds a new `.clang-format` file that can be used to as a configuration file for the clang-format tool used to format the `C` code contained in this project. Code is formatted from both a stylistic and whitespace perspective. The `README.md` was updated to describe the rules and the tooling being used to format the `C` code. All `.c` and `.h` files within the project were formatted according to the rules contained in the `.clang-format` file. Additional options can be found in the documentation link found at: https://clang.llvm.org/docs/ClangFormatStyleOptions.html Signed-off-by: Jason Katonica <[email protected]> commit 1518b17929c2160faf19e76506b766ddcc99321e Author: Jason Katonica <[email protected]> Date: Fri Jan 3 14:04:16 2025 -0500 Fix memory leak computing ECDH secrets (#393) The context allocated in the method `XECKEY.computeECDHSecret` was never freed when a key was successfully generated. This update frees memory associated with the context prior to return of the secret key bytes. Whitespace and formatting was also done to make use of brackets for if statements. Fixes #387 Signed-off-by: Jason Katonica <[email protected]> commit fb0a0f1a13c0ade79fb01f0bf63c48cf166f5b0d Author: gin-nader <[email protected]> Date: Fri Dec 13 09:21:11 2024 -0500 Add int declaration to rc variable in Utils.c (#398) Signed-off-by: Tom Ginader <[email protected]> commit c673dc7b17dabaf920275fa1049f5364218896cb Author: Jason Katonica <[email protected]> Date: Fri Dec 13 08:35:17 2024 -0500 Fix memory leak in HDKF derive function (#379) Storage was being obtained for a key value that was never freed. A memory leak would occur whenever the HKDF derive function was called. Fixes #378 Signed-off-by: Jason Katonica <[email protected]> commit c4237c8a450565dff20123bb3aede4b7fd2e4717 Author: John Peck <[email protected]> Date: Wed Dec 11 09:27:47 2024 -0600 Update the README.md file for the use of AI generated code. (#388) Fixes #384 Signed-off-by: John Peck <[email protected]> commit 42d46ce1a231ca5ce0237da51557b5cbd595128e Author: Jason Katonica <[email protected]> Date: Tue Dec 10 12:52:12 2024 -0500 Fix Digest clone memory leak (#377) Cloning message digests in tight loops has been observed to leak even under conditions that are not expected to leak such as single threaded workload tests. This update makes use of creating a newly allocated Digest object then populating this object with fields from the original Digest being cloned. Leaks in native memory are no longer observed after this update. Fixes #358 Signed-off-by: Jason Katonica <[email protected]> commit 8711f8323f906c7435d6e250ff9eab2fced2c35a Author: Jason Katonica <[email protected]> Date: Mon Dec 9 14:31:09 2024 -0500 Update tests to use Junit 5 (#252) Tests have been updated to use Junit5. Changes made include: - Removing the `junit-vintage-engine` dependency. This is no longer in use given all tests now make use of Junit 5. - Tests are sorted by alphabetical in test suites. - Tests no longer need to extend `junit.framework.TestCase`. - Tests are explicitly declared with the `@Test` annotation. - Test constructors have been removed. Arguments to the base tests are now sent using getters and setters. This is typically only used for setting providers, algorithms, or key sizes in tests. - Various `main()` methods of tests were removed as they are no longer in use. Tests can be run using various Junit 5 test execution tools such as IDEs, command line tools, and `mvn` surefire which is already in place in this project. - `BaseTest` was removed as it is no longer in use and represents a Junit 3 test. A new `BaseTestJunit5` test has been created to represent the new base for the test hierarchy. - The concept of warming up a test has been removed from a few locations. Tests are not expected to act as performance tests. - Copyrights were updated. - Various empty comment blocks were removed. - Some tests were not executing using the expected provider since the incorrect `Utils` class was in use. This was corrected to use the correct class. - Tests `TestAESGCM_192`, `TestAESGCM_256`, and `TestRSA_4096` were added to the `OpenJCEPlus` and `OpenJCEPlusFIPS` provider test suites. - Tests `TestECDHInteropBC`, `TestRSATypeCheckEnabled`, `TestAES_192`, and `TestAES_256` were added to the `OpenJCEPlus` provider test suite - Tests `TestAES_192` and `TestAES_256` were removed from the `TestMultithreadFIPS` since these tests take a long period of time to complete. Coverage functionally is still maintained since they are executed as part of the `OpenJCEPlusFIPS` provider tests. - Increased timeouts associated with tests `TestMultithreadFIPS` and `TestMultithread`. Signed-off-by: Jason Katonica <[email protected]> commit 2f297c6e308c2e29f754ab08d1bde011b70d0e3d Author: Jason Katonica <[email protected]> Date: Wed Dec 4 15:43:56 2024 -0500 Avoid memory leak associated with symmetric init (#367) The `NativeInterface.CIPHER_init` method initializes a given context such that it is ready to perform encryption and decryption for a given Cipher. As part of the initialization method a `ockCipher->cached_context` can be optionally created in addition to the context being used. While allocating the `ockCipher->cached_context` the logic did not account for any previously created contexts that were previously stored in the `ockCipher->cached_context` location. This caused a leak of context objects for each initialization done on objects that already contained a context. Additional error checking was done for the calls to `ICC_EVP_CIPHER_CTX_new` and `ICC_EVP_CIPHER_CTX_copy` to ensure that the method worked as expected. Signed-off-by: Jason Katonica <[email protected]> commit 5ac0bde4b57a8bdb0c26a93642e25b175dbef7da Author: KostasTsiounis <[email protected]> Date: Wed Dec 4 13:49:00 2024 -0500 Use appropriate OID in RSA key generation (#364) When generating RSA keys, the type of key needs to be checked in order to differentiate between legacy RSA and RSAPSS and select the appropriate OID. Signed-off-by: Kostas Tsiounis <[email protected]> commit decceaada50b17cc78d7f5685613b917b81e44e2 Author: Jason Katonica <[email protected]> Date: Mon Nov 25 08:29:00 2024 -0500 Add exports for standalone test environment (#359) Issue #225 migrated OpenJCEPlus and associated tests to use the sun.security.util.Debug class. Two export statements were not included for cases where the tests are being executed in a standalone test environment where the provider is already bundled with the SDK. Signed-off-by: Jason Katonica <[email protected]> commit 37a95d1b6dfdcea76904f60049021a280e3a1f57 Author: Jason Katonica <[email protected]> Date: Tue Nov 19 08:51:34 2024 -0500 Remove 31/32 bit references and unsupported envs (#348) This update removes 32 bit references that are currently not in working or testable state along with references to operating systems and architectures that are not supported by OpenJCEPlus. Signed-off-by: Jason Katonica <[email protected]> commit cc02a2dca7c29630175a5e1684b4115522bfecaf Author: Jason Katonica <[email protected]> Date: Tue Nov 19 08:43:07 2024 -0500 Use latest mvn dependency versions (#349) This is a routine update of all the maven dependency versions. The junit jupiter family of dependency versions now no longer uses a pom wide property to define its version. This is to make it easier to automatically update these fields using the command `mvn versions:use-latest-versions` which automates this. Using a property disrupts this from working. Signed-off-by: Jason Katonica <[email protected]> commit 2ffa13a98096c102b183051bab52f907efefe44d Author: Tao Liu <[email protected]> Date: Thu Nov 14 14:00:49 2024 -0500 Add FIPS platforms check (#333) Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit. Signed-off-by: Tao Liu <[email protected]> commit edb56c0511890c5d0e45f50a88b77ac03c4a28c8 Author: KostasTsiounis <[email protected]> Date: Thu Nov 14 09:44:22 2024 -0500 Use non-bundled OCK library in AIX (#339) If there is a version of OCK that is bundled with the utilized JDK, it is always preferred over what the current run provides. To avoid that, the bundled version is deleted. AIX is, also, enabled to be in the default platforms that are run. Signed-off-by: Kostas Tsiounis <[email protected]> commit 8e805d64e0af4731ea75ee2d3b63d81a1e2af0ce Author: Jason Katonica <[email protected]> Date: Mon Nov 11 15:35:44 2024 -0500 Provide Jenkinsfile for Jenkins build and test (#332) A new `Jenkinsfile` has been provided to serve as a template for users who would like to build and test the `OpenJCEPlus` project using Jenkins. Signed-off-by: Jason Katonica <[email protected]> Signed-off-by: Kostas Tsiounis <[email protected]> Co-authored-by: Kostas Tsiounis <[email protected]> commit 6eaedfdb841e116f08ec584dcbf92ad5179e28c4 Author: KostasTsiounis <[email protected]> Date: Fri Nov 8 06:59:27 2024 -0500 Enable aarch64_linux platform (#323) The Linux on aarch64 platform is being enabled. That includes additional: * maven profile in the pom.xml * option in the makefile Signed-off-by: Kostas Tsiounis <[email protected]> commit 1ba403150bd1fd459b10bd3303d2e42c99dd8e94 Author: Jason Katonica <[email protected]> Date: Thu Nov 7 06:42:52 2024 -0500 Allow debug compilation to pass and add DH detail (#318) When turning on all available debug information available with the c library via compilation options in the various makefiles certain code has been found to not compile. This update fixes compilation errors primarily associated with incorrectly named variables and also castings required to call helper methods to print debug messages. This update also adds additional debug statements to the DH method `DHKEY.generate` since relevant information for other known issues was missing. Signed-off-by: Jason Katonica <[email protected]> commit c38fc0553d4b3c8010865376730f3b64c12d0802 Author: Jason Katonica <[email protected]> Date: Tue Nov 5 07:56:43 2024 -0500 Eliminate extra JNI header generations (#317) Two extra header files appear to be generated from the classes `OCKContext.java` and `OCKException.java`. This is an unecessary step. While making this change the order of the FastJNIBuffer.java and NativeInterface.java was forced to match and also be alphabetical. Signed-off-by: Jason Katonica <[email protected]> commit 0d592e47d90e3ffbd9ee6b74fe2b997609079d67 Author: KostasTsiounis <[email protected]> Date: Mon Nov 4 08:26:00 2024 -0500 Enable x86-64_mac platform and fix gcc flags (#306) The Mac OS X on x86-64 platform is being enabled. That includes: * additional maven profile in the pom.xml * different options in the makefile Some additional required flags are added to the gcc commands. This resolves some test failures that were observed when running on Mac. Signed-off-by: Kostas Tsiounis <[email protected]> commit 701e1e4a3e7b11aa8a2ad4bd7815036d2d6a5436 Author: gin-nader <[email protected]> Date: Mon Nov 4 08:23:57 2024 -0500 Fix memory leak error passing input and output pointer (#305) The `inputOffset` and `outputOffset` should not be added to the pointers; otherwise, this causes a memory leak. Fixes #304 Signed-off-by: Tom Ginader <[email protected]> commit 5f96fd374cfc0ce1bbeb2c132e96f7ceff63aea9 Author: Jason Katonica <[email protected]> Date: Mon Nov 4 08:18:05 2024 -0500 Revert "Support github workflow automatic backporting" (#308) This reverts commit 7f64d1ed20f1d702b571197f99666931ead4177a. Signed-off-by: Jason Katonica <[email protected]> commit 07922f20c1010cb0777600d5bb1eb35d677925ae Author: Jason Katonica <[email protected]> Date: Fri Nov 1 15:51:21 2024 -0400 Support github workflow automatic backporting (#307) This workflow allows for pull requests to be backported automatically by adding a label to a PR after it has been merged. For example to backport a PR that has been merged to main simply add the label `backport-to-java21` to the PR in order to perform the backport. This will result in a new PR made against the target branch as specified by the label. The build and test github action file was also named accordingly since we now have to workflows for the project. Signed-off-by: Jason Katonica <[email protected]> commit d8041a8c4a123b1f296db9973d4135e6952327aa Author: Jason Katonica <[email protected]> Date: Wed Oct 30 08:17:57 2024 -0400 Modify SymmetricCipher overlaps buffer checks (#295) The `doFinal` and `update` methods in the SymmetricCipher class have logic to detect if a input buffer and output buffer are overlapping in any sort of way. If they are then a copy of the input is made to a separate location to ensure a safe operation can then take place on the data. There is a logic problem where the calculation of overlap was incorrect and used a `=` instead of a `+` to calculate if the input and output overlapped. The comment above this code block was correct and remains unmodified. The test `BaseTestAESGCMCopySafe` was modified to test this condition which it was attempting to do in the past however it was not operating upon input and output buffers that had the same memory address. The test was modified to exercise various overlapping conditions for AES GCM and also AES CBC accordingly. The test was then renamed to `BaseTestAESCopySafe` since we are now testing both GCM and CBC modes. Fixes #292 Signed-off-by: Jason Katonica <[email protected]> commit 265b7afb09f4321ff90f922cdf62dc768ae86f61 Author: Jason Katonica <[email protected]> Date: Tue Oct 29 16:29:02 2024 -0400 Memory leak in Native SymmetricCipher KMC method (#294) The memory address of the allocated buffer within the method `NativeInterface.z_kmc_native` was not correct. This resulted in a memory leak freeing the temporary input and output buffers. Additional updates were made to ensure that if the `inputPointer` or the `outputPointer` failed to be allocated that memory already allocated was freed if this rare case was to occur. Fixes #293 Signed-off-by: Jason Katonica <[email protected]> commit 0464ecbf69b0b908f77372af37cdce40b550ed9f Author: KostasTsiounis <[email protected]> Date: Wed Oct 23 14:59:22 2024 -0400 Re-add required export statement (#287) A required export statement was accidentally removed during a previous change. Said export is re-added here. Signed-off-by: Kostas Tsiounis <[email protected]> commit a7fd27f5217446210eef4d9be55b7d99866e9b16 Author: KostasTsiounis <[email protected]> Date: Wed Oct 23 12:03:24 2024 -0400 Makefile improvements (#274) * consider platforms alphabetically * correct link command for z/OS * reuse macros * fix parallel builds * improve command readability * support EXTERNAL_HEADERS=true in all platforms Signed-off-by: Kostas Tsiounis <[email protected]> Co-authored-by: Keith W. Campbell <[email protected]> commit d944303a4de2adcfef96a2ace2120c075445210e Author: Jason Katonica <[email protected]> Date: Tue Oct 22 14:17:56 2024 -0400 Java 11 XDH private key parsing logic adjustment (#269) XDH encoded private keys can be of two different encoding formats: 1. [octet-string[octet-string[key-bytes]]] on Java 17 and higher. 2. [octet-string[key-bytes]] on Java 11 and lower. When parsing the Java 11 version of the key encoding we currently incorrectly DER decode the key bytes assuming the Java 17 version of the key encoding format at all times. Occasionally the DER decoder fails to parse the non DER encoding and a failure with the message `Failed to create XEC private key` occurs. This update attempts to parse the DER key bytes when we have already determined that the key bytes are of the Java 17 and higher key encoding format. Signed-off-by: Jason Katonica <[email protected]> commit 163d6cb7c9a058d2bc75f127cee4f4141a4a55aa Author: Jason Katonica <[email protected]> Date: Tue Oct 22 13:58:49 2024 -0400 Fix warnings related to dangling comments and lossy conversions (#268) Recently numerous warnings have displayed related to lossy conversions and dangling `javadoc` comments. This update ensures that there are no dangling `javadoc` comments these changes fall into various categories such as unused code that has `javadoc` comments embedded, empty `javadoc` comments, duplicate `javadoc` comments, or javadoc comments that are not located above a declaration. Updates were also made to `XDHPublicKeyImpl`, `BaseTestChaCha20KAT`, and `BaseTestChaCha20NoReuse` to explicitly cast an int to a byte OR make use of a common utility function `BaseUtils.hexStringToByteArray` that does not have such a lossy conversion present. While fixing dangling comments one test `testRSASignatureSHA512_256` was found to be commented out. It appears to execute correctly and does seem like a valid test so this test was uncommented. Two spaces found in the pom.xml were removed for consistency. Signed-off-by: Jason Katonica <[email protected]> commit 14d70771bab07b5c3ba67f51a4a06434acbe587a Author: Jason Katonica <[email protected]> Date: Fri Oct 18 14:21:14 2024 -0400 Use correct output size for AES on z platform (#263) When the fast z command is available the AES cipher does not return the correct output size on platform z. Platform z uses a different buffer and output size calculation. The method `engineGetOutputSize` when running on platform z should return and take this into account. A new test was added to exercise byte buffers and various combinations of encryption, decryption, and orders of doFinal and update operations which can be used to recreate the problem. Closes #240 Signed-off-by: Jason Katonica <[email protected]> commit 2c196697aaa2d852187523de6dff495e913817dc Author: Jason Katonica <[email protected]> Date: Thu Oct 17 11:17:15 2024 -0400 Update guava test dependency (#251) This update changes the version of guava to 33.3.1. Signed-off-by: Jason Katonica <[email protected]> commit f11db10b85a8fb5398e72e17ca6e976d627ef857 Author: KostasTsiounis <[email protected]> Date: Fri Oct 11 19:23:01 2024 -0400 Add additional export to javac command in makefiles (#258) Due to previous makefile changes, SDKs need an additional export to build OpenJCEPlus. Signed-off-by: Kostas Tsiounis <[email protected]> commit 65d97f0d80829140a5272bc4ed9de8d0c4e7a8ad Author: Jason Katonica <[email protected]> Date: Fri Oct 11 18:29:35 2024 -0400 Adjust jgskit.mac.mak makefile (#253) The make makefile needs to have an old section deleted along with some small whitespace adjustments. Signed-off-by: Jason Katonica <[email protected]> commit eff30d9fcea1b9eac3128a62ef75c47e9e8f95fb Author: Kostas Tsiounis <[email protected]> Date: Fri Aug 23 11:51:13 2024 -0400 Update makefiles Makefiles are updated to: - Be formatted consistently among all platforms - Include an additional target that doesn't build the header files - Include already built header files when compiling C code - Ensure proper dependencies between targets - Fail when compilation or linking fails in Windows Signed-off-by: Kostas Tsiounis <[email protected]> commit 96173347dcfae6c867486ed60dea5293f97ad0b1 Author: Jason Katonica <[email protected]> Date: Fri Oct 11 06:42:33 2024 -0400 Convert AESCipherInputStream tests to junit5 and fix error messages (#227) This update fixes some error messages being printed to the logs that stated some tests failed when they did not really fail and were running as expected. Changes include - Update `junit jupiter` version to `5.11.1` - Remove `junit-bom` jar dependency that is no longer needed. - Update `junit-platform-suite` to latest version `1.11.1` - Convert the `BaseTestAESCipherInputStreamExceptions` class to Junit 5 - Fix incorrect error messages being reported and visible that look as follows since they are not found to be accurate: ``` System.out.println(" Fail: " + ec.getMessage()); ``` - Convert documentation to javadoc. Signed-off-by: Jason Katonica <[email protected]> commit 422b8f6052d6ff5a3d7e11c0db3861726266beb3 Author: JinhangZhang <[email protected]> Date: Mon Oct 7 08:24:37 2024 -0400 Check the scalar value of an ECPrivateKey (#190) OpenJCEPlus/OpenJCEPlusFIPS providers accepts an invalid EC private key at the moment. Need to add a check to ensure the EC private key is valid during the initialization procedure in key agreement and ecdsa signature. Signed-off-by: JinhangZhang <[email protected]> commit 2bf8af06de1f57facca187cbec79fe3073fbcddf Author: Jason Katonica <[email protected]> Date: Fri Oct 4 16:06:04 2024 -0400 Use openjdk Debug class (#226) This update eliminates the use of the last existing class in the `com.ibm.misc` package, which is used for debug traces. Code will for the time being make use of the `sun.security.util.Debug` class instead. The provider code that currently uses the `com.ibm.misc.Debug` class now makes direct use of the `sun.security.util.Debug` class. The test code that has more advanced use of the current `Debug` class now contains its own copy of the `Debug` class that once resided in the `com.ibm.misc` package. Closes #225 Signed-off-by: Jason Katonica <[email protected]> commit 1d3157659512ac1082887024f70d66facdfa75e0 Author: KostasTsiounis <[email protected]> Date: Wed Oct 2 08:23:58 2024 -0400 Update multithreaded tests (#207) Several updates are made to both FIPS and non-FIPS multithreaded tests. - Base tests are updated to avoid race conditions between class fields - Tests are added and the lists between FIPS and non-FIPS are updated to be similar. - Certain test cases not available in FIPS mode are disabled Signed-off-by: Kostas Tsiounis <[email protected]> commit 07364d80c88b8c247a98d09ddd488ea006404306 Author: Jason Katonica <[email protected]> Date: Wed Sep 25 13:38:57 2024 -0400 Doc updates to generalize Java versions to use (#217) This update generalizes references to Java versions such that the same instructions can apply to all Java releases. A few misspellings were also corrected. A reference was added to point to the OpenCryptographyKitC project for instructions on how to build and use OCKC. The github action was referenced as also as a source of how to build the OCKC project for testing purposes. Signed-off-by: Jason Katonica <[email protected]> commit 48593ac95c60060f04dcd4b196da0c0b090d63f2 Author: Jason Katonica <[email protected]> Date: Wed Sep 25 13:21:15 2024 -0400 Set provider version to 23 and remove 22 profile (#218) The version of the OpenJCEPlus provider needs to be set to `23` for the `java23` and `main` branches. The Java 22 profile is no longer allowable for building the `java23` and `main` branches given that Java 23 is now generally available. Copyrights and versions were updated in the jgskit_resource.rc file. Signed-off-by: Jason Katonica <[email protected]> commit cbe4b3b60511041a315ac15b7c3b87ea3cafe965 Author: Jason Katonica <[email protected]> Date: Tue Sep 24 08:09:31 2024 -0400 Update test dependencies and new checkstyle rule (#204) This update migrates the latest versions available of various dependencies. An additional checkstyle rule was added to avoid accidental comparisons of two string addresses instead of their values using `==`. Signed-off-by: Jason Katonica <[email protected]> commit 9dae2bebf6383464573928f1f2a05f50c7a57c3f Author: Jason Katonica <[email protected]> Date: Mon Sep 23 15:26:22 2024 -0400 Update github action builds to use Semeru 23 (#205) Semeru Java 23 is now generally available. The `main` and `java23` branches be updated accordingly. Signed-off-by: Jason Katonica <[email protected]> commit 3e1c5045de8f234ff36ba7fbd03cdc8625568bf2 Author: Jason Katonica <[email protected]> Date: Mon Sep 23 14:19:26 2024 -0400 Update github action build OCKC reference (#206) The OCKC reference should be updated to make use of the latest version. Signed-off-by: Jason Katonica <[email protected]> commit 096f776b4f61ada0b5768caf9946d92e4ac97005 Author: Jason Katonica <[email protected]> Date: Mon Sep 16 17:12:24 2024 -0400 Refactor some signature related tests for Junit5 (#165) This update migrates a portion of the tests associated with signatures to Junit5 format. Updates include: - A new BaseTestJunit5 class is provided that tests can extend in this update and in the future. - Main methods in individual tests were present inconsistently through the test code and have been removed given that individual tests can be executed directly via mvn surefire or other Junit5 runners. - Constructors for various tests have also been removed since they are not in use. - The `TestTLS` was found to impact other tests depending on the order tests are run. If the `OpenJCEPlus` provider is present when running `OpenJCEPlusFIPS` related tests then it is removed, then restored after the test is run. A similar pattern is followed when executing a similar test with `OpenJCEPlus`. - A few methods were found to be private and should not be declared as public. - Most tests are currently written to expect a single instance of a given test for each @Test method specified. By default this is not the behavior in Junit5. This update tags various tests with @TestInstance of Lifecycle.PER_CLASS. This tells JUnit to create only one instance of the test class and then reuse it between tests tagged with @Test. - `static` blocks are often replaced with `@BeforeAll` syntax executed when a test is constructed. - The higher level test suite classes were modified to also use junit5 syntax ( `@SelectClasses` and `@Suite`). - Empty comment blocks have been removed as they have no value. - Mulithreaded test case drivers have been modified to use new Junit5 launchers to launch test classes contained in `org.junit.platform.launcher package`. Signed-off-by: Jason Katonica <[email protected]> commit 89276651d81f12a415d327477d4d615f5569c5f8 Author: Jason Katonica <[email protected]> Date: Tue Sep 10 09:48:14 2024 -0400 Provider MAC description contains duplicate string (#188) The MAC information associated with the OpenJCEPlus provider contains duplicate declarations for the HmacSHA384 and HmacSHA512. This update removes them. Closes #11 Signed-off-by: Jason Katonica <[email protected]> commit 30e50eb2ae914b8039b485df362852d222383464 Author: KostasTsiounis <[email protected]> Date: Tue Sep 10 09:47:51 2024 -0400 Update Werror CFLAG in AIX (#189) The -Werror flag is not supported by the xlc compiler. Instead, the equivalent -qhalt=w can be used. Signed-off-by: Kostas Tsiounis <[email protected]> commit d95cb24114593e856017eb8c6ce36d3c7ff537b7 Author: Jason Katonica <[email protected]> Date: Tue Sep 3 14:13:26 2024 -0400 Add build target definition for Java 23 (#182) This update sets the target compiler to Java 23 when using Java 23 as the Java version. Once JDK 23 is generally available the JDK 22 profile can be removed from both the `java23` and `main` branches of the repository. Signed-off-by: Jason Katonica <[email protected]> commit 21f6f5da2c09b4ca72ddb194f09a25c807a3c9b1 Author: Jason Katonica <[email protected]> Date: Tue Sep 3 13:15:15 2024 -0400 Skip native compilation when testing bundled SDK (#181) When testing against an `SDK` that already includes `OpenJCEPlus` there is no reason to compile the native libraries as they are already included in the runtime. We should skip the native compilation and make use of the library included in the `SDK`` itself. Signed-off-by: Jason Katonica <[email protected]> commit b43a44454cc91f5b80783084526fc5415b7e8cc0 Author: Jason Katonica <[email protected]> Date: Fri Aug 23 12:01:32 2024 -0400 Strictly enforce import order using checkstyle (#176) This update enforces that imports remain in a very strict alphabetic order using the checktyle ImportOrder rule. This is a quick and easy way to ensure that imports stay organized without a deep review of such changes in the future. Signed-off-by: Jason Katonica <[email protected]> Signed-off-by: John Peck <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Print the error message indicating that OpenJCEPlusFIPS is not supported on the non FIPS platforms, but do not exit.