Release candidate 2.3.2

+ This release includes OSX x86_64 artifacts.

CHANGELOG.md

@@ -1,5 +1,22 @@
 # Changelog
 
+# 2.3.2
+
+### Overview
+Starting from this version, build artifacts for MacOS X86-64 are released.
+The corresponding Jar is identified by `osx-x86_64` classifier.
+Please note that ACCP-FIPS does not have `osx-x86_64` artifacts and `osx-x86_64`
+is only available for non-FIPS builds.
+
+### Patch
+* Use AWS-LC [v1.16.0](https://github.com/aws/aws-lc/releases/tag/v1.16.0) for ACCP
+* Use [fips-2022-11-02](https://github.com/aws/aws-lc/tree/fips-2022-11-02) branch of AWS-LC at commit ID `329d23ce93d42b9017502ac24ca073ebdaa7660f` for ACCP-FIPS
+* [PR 338: Avoid buffering cipher text for one-shot AES-GCM decrypt](https://github.com/corretto/amazon-corretto-crypto-provider/pull/338)
+* [PR 336: Fix ByteBuffer position handling](https://github.com/corretto/amazon-corretto-crypto-provider/pull/336)
+* [PR 333: Replace MessageDigest.isEqual with our own implementation](https://github.com/corretto/amazon-corretto-crypto-provider/pull/333)
+* [PR 334: Let ECDSA Signature objects accept parameters](https://github.com/corretto/amazon-corretto-crypto-provider/pull/334)
+* [PR 327: Github issue 326, NPE](https://github.com/corretto/amazon-corretto-crypto-provider/pull/327)
+
 ## 2.3.1
 
 ### Patches

README.md

@@ -105,6 +105,13 @@ Notable differences between ACCP and ACCP-FIPS:
 * ACCP-FIPS does not register SecureRandom by default due to the performance of AWS-LC’s entropy source in FIPS-mode. [A system property](https://github.com/corretto/amazon-corretto-crypto-provider#other-system-properties) is available to register SecureRandom from AWS-LC if needed, and the performance differences are described in further detail under the description of that property.
 * Due to the fact that an older branch of AWS-LC is used in FIPS-mode, there will be performance differences between ACCP and ACCP-FIPS. We highly recommend performing detailed performance testing of your application if you choose to experiment with ACCP-FIPS.
 
+ACCP-FIPS is only supported on the following platforms:
+
+| Platfrom | FIPS support since version |
+|----------|----------------------------|
+| `linux-x86_64` | 2.3.0 |
+| `linux-aarch_64` | 2.3.0 |
+
 # Compatibility & Requirements
 ACCP has the following requirements:
 * JDK8 or newer (This includes both OracleJDK and [Amazon Corretto](https://aws.amazon.com/corretto/))
@@ -145,6 +152,9 @@ The artifactId for FIPS builds is `AmazonCorrettoCryptoProvider-FIPS`.
 
 The classifier attribute could be set to `linux-aarch_64` to use ACCP on Linux ARM64 platforms.
 
+Starting from verions 2.3.2, the classifier attribute could be set to `osx-x86_64` to use ACCP
+on MacOS X86 platforms. The FIPS artifacts do not support MacOS X86.
+
 ACCP artifacts on Maven can be verified using the following PGP keys:
 
 | ACCP Version  | PGP Key ID       | Key Server |

build.gradle

@@ -13,7 +13,7 @@ plugins {
 }
 
 group = 'software.amazon.cryptools'
-version = '2.3.1'
+version = '2.3.2'
 ext.isFips = Boolean.getBoolean('FIPS')
 ext.isLegacyBuild = Boolean.getBoolean('LEGACY_BUILD')
 
@@ -222,6 +222,35 @@ task buildAwsLc {
     }
 }
 
+def getStagedArtifact(platformClassifier, destDir) {
+    def projectName = isFips ? project.name + "-FIPS" : project.name
+    def prebuiltJarFileName = "${projectName}-${version}-${platformClassifier}.jar"
+
+    println "Platform " + platformClassifier
+    def stagingProperties = new Properties()
+    if (isFips) {
+        stagingProperties.load(new java.io.FileInputStream("${System.env.CODEBUILD_SRC_DIR_Stage_FIPS}/fake_maven/staging.properties"));
+    } else {
+        stagingProperties.load(new java.io.FileInputStream("${System.env.CODEBUILD_SRC_DIR_Stage}/fake_maven/staging.properties"));
+    }
+
+    println "Loaded staging id is " + stagingProperties['staging.id']
+    def repoBase = "https://aws.oss.sonatype.org/content/repositories/" + stagingProperties['staging.id']
+    mkdir "${destDir}"
+    exec {
+        workingDir "${destDir}"
+        commandLine 'wget', "${repoBase}/software/amazon/cryptools/${projectName}/${version}/${prebuiltJarFileName}"
+    }
+
+    return assertJceSigned("${destDir}/${prebuiltJarFileName}")
+}
+
+task downloadStagedJar() {
+    doLast {
+        getStagedArtifact(project.property('platform'), project.property('destDir'))
+    }
+}
+
 task executeCmake(type: Exec) {
     outputs.dir("${buildDir}/cmake")
     inputs.dir("${buildDir}/awslc/bin/")
@@ -241,22 +270,7 @@ task executeCmake(type: Exec) {
     def projectName = isFips ? project.name + "-FIPS" : project.name
     def prebuiltJarFileName = "${projectName}-${version}-${osdetector.classifier}.jar"
     if (System.properties['stagingProperties'] != null) {
-        def stagingProperties = new Properties()
-        if (isFips) {
-            stagingProperties.load(
-                new java.io.FileInputStream("${System.env.CODEBUILD_SRC_DIR_Stage_FIPS}/fake_maven/staging.properties"));
-        } else {
-            stagingProperties.load(
-                new java.io.FileInputStream("${System.env.CODEBUILD_SRC_DIR_Stage}/fake_maven/staging.properties"));
-        }
-        println "Loaded staging id is " + stagingProperties['staging.id']
-        def repoBase = "https://aws.oss.sonatype.org/content/repositories/" + stagingProperties['staging.id']
-        mkdir "${buildDir}/tmp"
-        exec {
-            workingDir "${buildDir}/tmp"
-            commandLine 'wget', "${repoBase}/software/amazon/cryptools/${projectName}/${version}/${prebuiltJarFileName}"
-        }
-        prebuiltJar = assertJceSigned("${buildDir}/tmp/${prebuiltJarFileName}")
+        prebuiltJar = getStagedArtifact(osdetector.classifier, "${buildDir}/tmp")
     } else if (System.properties['prebuiltJar'] != null) {
         prebuiltJar = "${projectDir}/" + System.properties['prebuiltJar']
     } else if (System.properties['fakeMaven'] != null) {
@@ -268,6 +282,8 @@ task executeCmake(type: Exec) {
         }
         fakeMavenBase = "${fakeMavenBase}/fake_maven"
         prebuiltJar = "${fakeMavenBase}/${prebuiltJarFileName}"
+    } else if (System.properties['downloadedStagedJar'] != null) {
+        prebuiltJar = "${System.properties['downloadedStagedJar']}/${prebuiltJarFileName}"
     }
 
     executable cmakeBin
@@ -558,19 +574,26 @@ task fakePublish {
 
     def x64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_x64_Artifacts}/lib"
     def aarch64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_aarch64_Artifacts}/lib"
+    def osxX64Base = "${System.env.CODEBUILD_SRC_DIR_Osx_x64_Artifacts}/lib"
     def newPrefix = "AmazonCorrettoCryptoProvider-${version}"
     if (isFips) {
         x64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_x64_Artifacts_FIPS}/lib"
         aarch64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_aarch64_Artifacts_FIPS}/lib"
+        osxX64Base = null
         newPrefix = "AmazonCorrettoCryptoProvider-FIPS-${version}"
     }
     def x86Jar = "${x64Base}/AmazonCorrettoCryptoProvider.jar"
     def aarch64Jar = "${aarch64Base}/AmazonCorrettoCryptoProvider.jar"
+    def osxX64Jar = "${osxX64Base}/AmazonCorrettoCryptoProvider.jar"
     def sourceJar = "${x64Base}/AmazonCorrettoCryptoProvider-sources.jar"
     def javadocJar = "${x64Base}/AmazonCorrettoCryptoProvider-javadoc.jar"
 
     doLast {
         println "Running on " + osdetector.classifier
+        if (!isFips) {
+            println osxX64Jar
+            println file(osxX64Jar).file
+        }
         println aarch64Jar
         println file(aarch64Jar).file
         println x86Jar
@@ -581,6 +604,13 @@ task fakePublish {
         println file(javadocJar).file
 
         def destinationDir = "${buildDir}/fake_maven"
+        if (!isFips) {
+            copy {
+                from osxX64Jar
+                rename 'AmazonCorrettoCryptoProvider.jar', "${newPrefix}-osx-x86_64.jar"
+                into "${destinationDir}"
+            }
+        }
         copy {
             from aarch64Jar
             rename 'AmazonCorrettoCryptoProvider.jar', "${newPrefix}-linux-aarch_64.jar"
@@ -598,6 +628,15 @@ task fakePublish {
             into "${destinationDir}"
         }
         if (project.hasProperty('jcecertAlias')) {
+            if (!isFips) {
+                ant.signjar(
+                    alias: jcecertAlias,
+                    jar: "${destinationDir}/${newPrefix}-osx-x86_64.jar",
+                    storepass: jcecertPassword,
+                    keystore: "${project.gradle.gradleUserHomeDir}/${jcecertJks}",
+                    tsaurl: "http://timestamp.digicert.com"
+                )
+            }
             ant.signjar(
                 alias: jcecertAlias,
                 jar: "${destinationDir}/${newPrefix}-linux-aarch_64.jar",
@@ -632,10 +671,14 @@ if (project.hasProperty('mavenUser') && project.hasProperty('jcecertAlias')) {
                 def fakeMavenBase = "${buildDir}/fake_maven/${artifactId}-${version}-"
                 def x86Jar = "${fakeMavenBase}linux-x86_64.jar"
                 def aarch64Jar = "${fakeMavenBase}linux-aarch_64.jar"
+                def osxX64Jar = "${fakeMavenBase}osx-x86_64.jar"
                 def sourceJar = "${fakeMavenBase}sources.jar"
                 def javadocJar = "${fakeMavenBase}javadoc.jar"
                 artifact source: file(x86Jar),classifier:"linux-x86_64",extension:"jar"
                 artifact source: file(aarch64Jar),classifier:"linux-aarch_64",extension:"jar"
+                if (!isFips) {
+                    artifact source: file(osxX64Jar),classifier:"osx-x86_64",extension:"jar"
+                }
                 artifact emptyJar
                 artifact source: file(javadocJar),classifier:"javadoc",extension:"jar"
                 artifact source: file(sourceJar),classifier:"sources",extension:"jar"

examples/gradle-kt-dsl/lib/build.gradle.kts

@@ -1,4 +1,4 @@
-val accpVersion = "2.3.1"
+val accpVersion = "2.3.2"
 val accpLocalJar: String by project
 val fips: Boolean by project
 
@@ -29,8 +29,9 @@ dependencies {
     // Use the Kotlin JUnit integration.
     testImplementation("org.jetbrains.kotlin:kotlin-test-junit")
 
+    // for OSX-x86_64, we do not have FIPS artifacts
     val accpArtifactId =
-        if (project.hasProperty("fips"))
+        if (project.hasProperty("fips") && osdetector.classifier != "osx-x86_64")
             "AmazonCorrettoCryptoProvider-FIPS"
         else
             "AmazonCorrettoCryptoProvider"