Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update underlying native lib as tongsuo8.4(openssl3.0) #27

Merged
merged 1 commit into from
Aug 24, 2023
Merged

Update underlying native lib as tongsuo8.4(openssl3.0) #27

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 31 additions & 31 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
- uses: actions/checkout@v2

- name: Setup Linux environment
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
run: |
echo "CC=clang" >> $GITHUB_ENV
echo "CXX=clang++" >> $GITHUB_ENV
Expand All @@ -45,7 +45,7 @@ jobs:
openjdk-11-jre-headless

- name: Setup Linux environment
if: runner.os == 'Linux' && runner.arch == 'ARM64'
if: runner.os == 'Linux' && runner.arch == 'arm64'
run: |
echo "CC=clang" >> $GITHUB_ENV
echo "CXX=clang++" >> $GITHUB_ENV
Expand All @@ -54,96 +54,96 @@ jobs:
yum -qq install -y perl git make clang libstdc++-static java-11-openjdk

- name: Setup macOS environment
if: runner.os == 'macOS' && runner.arch == 'ARM64'
if: runner.os == 'macOS' && runner.arch == 'arm64'
run: |
echo "CC=clang" >> $GITHUB_ENV
echo "CXX=clang++" >> $GITHUB_ENV

- name: Checkout Tongsuo tag 8.3.2 branch
- name: Checkout Tongsuo tag 8.4.0-pre2 branch
shell: bash
run: |
mkdir -p "$TONGSUO_HOME"
cd "$TONGSUO_HOME"
for i in {1..10}; do git clone -b 8.3.2 https://github.com/Tongsuo-Project/Tongsuo.git "./" && break || sleep 5; done
for i in {1..10}; do git clone -b 8.4.0-pre2 https://github.com/Tongsuo-Project/Tongsuo.git "./" && break || sleep 5; done

- name: Build Tongsuo x86-64 MacOS
if: runner.os == 'macOS' && runner.arch == 'X64'
if: runner.os == 'macOS' && runner.arch == 'x64'
env:
# For compatibility, but 10.15 target requires 16-byte stack alignment.
MACOSX_DEPLOYMENT_TARGET: 10.11
run: |
mkdir -p "$TONGSUO_HOME/build.x64"
pushd "$TONGSUO_HOME"
./config --prefix=$TONGSUO_HOME/build.x64 enable-weak-ssl-ciphers
./config --libdir=lib --prefix=$TONGSUO_HOME/build.x64 enable-weak-ssl-ciphers
make -s -j4
make install
tar -zcvf build.x64.tgz build.x64
popd

- name: Upload macOS-X64 Tongsuo lib and bin
if: runner.os == 'macOS' && runner.arch == 'X64'
if: runner.os == 'macOS' && runner.arch == 'x64'
uses: actions/upload-artifact@v2
with:
name: tongsuo_osx_x64_bin.tgz
path: ${{ runner.temp }}/Tongsuo/build.x64.tgz
if-no-files-found: error

- name: Build Tongsuo MacOS arm64
if: runner.os == 'macOS' && runner.arch == 'ARM64'
if: runner.os == 'macOS' && runner.arch == 'arm64'
env:
# For compatibility, but 10.15 target requires 16-byte stack alignment.
MACOSX_DEPLOYMENT_TARGET: 10.11
run: |
mkdir -p "$TONGSUO_HOME/build.arm64"
pushd "$TONGSUO_HOME"
./config --prefix=$TONGSUO_HOME/build.arm64 enable-weak-ssl-ciphers
./config --libdir=lib --prefix=$TONGSUO_HOME/build.arm64 enable-weak-ssl-ciphers
make -s -j4
make install
tar -zcvf build.arm64.tgz build.arm64
popd

- name: Upload macOS-ARM64 Tongsuo bin
if: runner.os == 'macOS' && runner.arch == 'ARM64'
if: runner.os == 'macOS' && runner.arch == 'arm64'
uses: actions/upload-artifact@v2
with:
name: tongsuo_osx_arm64_bin.tgz
path: ${{ runner.temp }}/Tongsuo/build.arm64.tgz
if-no-files-found: error

- name: Build Tongsuo x86_64 Linux
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
shell: bash
run: |
mkdir -p "$TONGSUO_HOME/build.x64"
pushd "$TONGSUO_HOME"
./config --prefix=$TONGSUO_HOME/build.x64 enable-weak-ssl-ciphers
./config --libdir=lib --prefix=$TONGSUO_HOME/build.x64 enable-weak-ssl-ciphers
make -s -j4
make install
tar -zcvf build.x64.tgz build.x64
popd

- name: Upload Linux-X64 Tongsuo bin
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
uses: actions/upload-artifact@v2
with:
name: tongsuo_linux_x64_bin.tgz
path: ${{ runner.temp }}/Tongsuo/build.x64.tgz
if-no-files-found: error

- name: Build Tongsuo arm64 Linux
if: runner.os == 'Linux' && runner.arch == 'ARM64'
if: runner.os == 'Linux' && runner.arch == 'arm64'
shell: bash
run: |
mkdir -p "$TONGSUO_HOME/build.arm64"
pushd "$TONGSUO_HOME"
./config --prefix=$TONGSUO_HOME/build.arm64 enable-weak-ssl-ciphers
./config --libdir=lib --prefix=$TONGSUO_HOME/build.arm64 enable-weak-ssl-ciphers
make -s -j4
make install
tar -zcvf build.arm64.tgz build.arm64
popd

- name: Upload Linux-ARM64 Tongsuo bin
if: runner.os == 'Linux' && runner.arch == 'ARM64'
if: runner.os == 'Linux' && runner.arch == 'arm64'
uses: actions/upload-artifact@v2
with:
name: tongsuo_linux_arm64_bin.tgz
Expand Down Expand Up @@ -175,12 +175,12 @@ jobs:
# testjar is platform-independent, choose linux-x86-64 platform runner
# to collect testjar and upload.
- name: Build test JAR with dependencies
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
shell: bash
run: ./gradlew :security-native:testJar -PcheckErrorQueue

- name: Upload test JAR with dependencies
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
uses: actions/upload-artifact@v2
with:
name: testjar
Expand Down Expand Up @@ -225,12 +225,12 @@ jobs:
name: m2repo-macOS-ARM64
path: ${{ runner.temp }}/m2

- name: Checkout Tongsuo tag 8.3.2 branch
- name: Checkout Tongsuo tag 8.4.0-pre2 branch
shell: bash
run: |
mkdir -p "$TONGSUO_HOME"
cd "$TONGSUO_HOME"
for i in {1..10}; do git clone -b 8.3.2 https://github.com/Tongsuo-Project/Tongsuo.git "./" && break || sleep 5; done
for i in {1..10}; do git clone -b 8.4.0-pre2 https://github.com/Tongsuo-Project/Tongsuo.git "./" && break || sleep 5; done

- name: Build UberJAR with Gradle
shell: bash
Expand Down Expand Up @@ -278,53 +278,53 @@ jobs:
mkdir -p "${{ runner.temp }}/Tongsuo"

- name: Download Maven repository for macOS X64
if: runner.os == 'macOS' && runner.arch == 'X64'
if: runner.os == 'macOS' && runner.arch == 'x64'
uses: actions/download-artifact@v2
with:
name: tongsuo_osx_x64_bin.tgz
path: ${{ runner.temp }}/Tongsuo

- name: Uncompress files
if: runner.os == 'macOS' && runner.arch == 'X64'
if: runner.os == 'macOS' && runner.arch == 'x64'
run: |
tar -xzvf ${{ runner.temp }}/Tongsuo/build.x64.tgz -C ${{ runner.temp }}/Tongsuo
DYLD_LIBRARY_PATH=${{ runner.temp }}/Tongsuo/build.x64/lib ${{ runner.temp }}/Tongsuo/build.x64/bin/openssl version

- name: Download Maven repository for macOS arm64
if: runner.os == 'macOS' && runner.arch == 'ARM64'
if: runner.os == 'macOS' && runner.arch == 'arm64'
uses: actions/download-artifact@v2
with:
name: tongsuo_osx_arm64_bin.tgz
path: ${{ runner.temp }}/Tongsuo

- name: Uncompress files
if: runner.os == 'macOS' && runner.arch == 'ARM64'
if: runner.os == 'macOS' && runner.arch == 'arm64'
run: |
tar -xzvf ${{ runner.temp }}/Tongsuo/build.arm64.tgz -C ${{ runner.temp }}/Tongsuo
DYLD_LIBRARY_PATH=${{ runner.temp }}/Tongsuo/build.arm64/lib ${{ runner.temp }}/Tongsuo/build.arm64/bin/openssl version

- name: Download Maven repository for Linux X64
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
uses: actions/download-artifact@v2
with:
name: tongsuo_linux_x64_bin.tgz
path: ${{ runner.temp }}/Tongsuo

- name: Uncompress files
if: runner.os == 'Linux' && runner.arch == 'X64'
if: runner.os == 'Linux' && runner.arch == 'x64'
run: |
tar -xzvf ${{ runner.temp }}/Tongsuo/build.x64.tgz -C ${{ runner.temp }}/Tongsuo && ls ${{ runner.temp }}/Tongsuo
LD_LIBRARY_PATH=${{ runner.temp }}/Tongsuo/build.x64/lib ${{ runner.temp }}/Tongsuo/build.x64/bin/openssl version

- name: Download Maven repository for Linux ARM64
if: runner.os == 'Linux' && runner.arch == 'ARM64'
if: runner.os == 'Linux' && runner.arch == 'arm64'
uses: actions/download-artifact@v2
with:
name: tongsuo_linux_arm64_bin.tgz
path: ${{ runner.temp }}/Tongsuo

- name: Uncompress files
if: runner.os == 'Linux' && runner.arch == 'ARM64'
if: runner.os == 'Linux' && runner.arch == 'arm64'
run: |
tar -xzvf ${{ runner.temp }}/Tongsuo/build.arm64.tgz -C ${{ runner.temp }}/Tongsuo && ls ${{ runner.temp }}/Tongsuo
LD_LIBRARY_PATH=${{ runner.temp }}/Tongsuo/build.arm64/lib ${{ runner.temp }}/Tongsuo/build.arm64/bin/openssl version
Expand All @@ -346,7 +346,7 @@ jobs:
run: mvn org.apache.maven.plugins:maven-dependency-plugin:3.1.2:copy -Dartifact=org.junit.platform:junit-platform-console-standalone:1.6.2 -DoutputDirectory=. -Dmdep.stripVersion=true

- name: Run JUnit tests
if: runner.arch == 'X64'
if: runner.arch == 'x64'
shell: bash
run: |
DIR="$(find m2/com/alibaba/dragonwell/security-native-uber -maxdepth 1 -mindepth 1 -type d -print)"
Expand All @@ -362,7 +362,7 @@ jobs:
java $PROPERTY0 $PROPERTY1 $PROPERTY2 $PROPERTY3 $PROPERTY4 -jar junit-platform-console-standalone.jar -cp $CLASS_PATH -n='${{ matrix.suite_class }}' --scan-classpath --reports-dir=results --fail-if-no-tests

- name: Run JUnit tests
if: runner.arch == 'ARM64'
if: runner.arch == 'arm64'
shell: bash
run: |
DIR="$(find m2/com/alibaba/dragonwell/security-native-uber -maxdepth 1 -mindepth 1 -type d -print)"
Expand Down
7 changes: 5 additions & 2 deletions common/src/jni/main/cpp/conscrypt/native_crypto.cc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2200,7 +2200,7 @@ static jboolean NativeCrypto_X25519(JNIEnv* env, jclass, jbyteArray outArray,
return JNI_FALSE;
}

size_t keylen;
size_t keylen = out.size();
if (EVP_PKEY_derive_init(ctx.get()) <= 0
|| EVP_PKEY_derive_set_peer(ctx.get(), peerpubkey.get()) <= 0
|| EVP_PKEY_derive(ctx.get(), reinterpret_cast<unsigned char*>(out.get()), &keylen) <= 0) {
Expand Down Expand Up @@ -6686,7 +6686,10 @@ static jlong NativeCrypto_SSL_CTX_new(JNIEnv* env, jclass) {
conscrypt::jniutil::throwExceptionFromBoringSSLError(env, "SSL_CTX_new");
return 0;
}
SSL_CTX_set_options(sslCtx.get(), SSL_OP_ALL | SSL_OP_NO_TICKET | SSL_OP_NO_COMPRESSION);
// Set the lowest security level for compatibility.
// Please refer to: https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_security_level.html
SSL_CTX_set_security_level(sslCtx.get(), 0);
SSL_CTX_set_options(sslCtx.get(), SSL_OP_ALL | SSL_OP_NO_TICKET | SSL_OP_NO_COMPRESSION | SSL_OP_IGNORE_UNEXPECTED_EOF);
// Disable TLSv1.3 server send session tickets
SSL_CTX_set_num_tickets(sslCtx.get(), 0);
SSL_CTX_set_min_proto_version(sslCtx.get(), TLS1_VERSION);
Expand Down
3 changes: 3 additions & 0 deletions common/src/test/java/org/conscrypt/java/security/KeyFactoryTestRSA.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,8 @@
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.List;

import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
Expand All @@ -57,6 +59,7 @@ protected void check(KeyPair keyPair) throws Exception {
new CipherAsymmetricCryptHelper("RSA").test(keyPair);
}

@Ignore("It's not supported in Openssl 3.0")
@Test
public void getEncodedWhenCrtValuesMissing() throws Exception {
PrivateKey privateKey = getPrivateKey();
Expand Down
1 change: 1 addition & 0 deletions common/src/test/java/org/conscrypt/javax/crypto/CipherTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4511,6 +4511,7 @@ private void testAES_ECB_NoPadding_IvParameters_Failure(String provider) throws
}
}

@Ignore("It's not supported in Openssl 3.0")
@Test
public void testRC4_MultipleKeySizes() throws Exception {
final int SMALLEST_KEY_SIZE = 40;
Expand Down
7 changes: 4 additions & 3 deletions openjdk/src/test/java/org/conscrypt/NativeSslSessionTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -442,10 +442,11 @@ private static void check_reserializableFromByteArray_roundTrip(
assertEquals(12345, session.getPeerPort());
assertTrue(sessionBytes.length >= data.length);

byte[] expectedReserializedData = concat(data, expectedTrailingBytesAfterReserialization);
// ignore the check in openssl 3.0
// byte[] expectedReserializedData = concat(data, expectedTrailingBytesAfterReserialization);
// AbstractSessionContext.toBytes() always writes type 3 == OPEN_SSL_WITH_TLS_SCT
expectedReserializedData[3] = 3;
assertByteArrayEquals(expectedReserializedData, sessionBytes);
// expectedReserializedData[3] = 3;
// assertByteArrayEquals(expectedReserializedData, sessionBytes);
}

@Test
Expand Down
6 changes: 6 additions & 0 deletions testing/src/main/java/org/conscrypt/tlswire/handshake/EllipticCurve.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,12 @@ public static EllipticCurve fromIdentifier(int identifier) {
return curve;
}
}
// Curve Identifier may be
// ffdhe2048(0x0100) ffdhe3072(0x0101) ffdhe4096(0x0102) ffdhe6144(0x0103) ffdhe8192(0x0x0104)
// They are not supported in Dragonwell Security Provider, So ingnore them.
if (identifier >= 256) {
return null;
}
throw new AssertionError("Unknown curve identifier " + identifier);
}
@Override
Expand Down
5 changes: 4 additions & 1 deletion testing/src/main/java/org/conscrypt/tlswire/handshake/EllipticCurvesHelloExtension.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,10 @@ protected void parseData() throws IOException {
supported = new ArrayList<EllipticCurve>(ellipticCurvesListIn.available() / 2);
while (ellipticCurvesListIn.available() >= 2) {
int curve_id = in.readUnsignedShort();
supported.add(EllipticCurve.fromIdentifier(curve_id));
EllipticCurve ec = EllipticCurve.fromIdentifier(curve_id);
if(ec != null) {
superajun-wsj marked this conversation as resolved.
Show resolved Hide resolved
supported.add(ec);
}
}
}
@Override
Expand Down
Loading