Release candidate 2.3.3 (#352)

CHANGELOG.md

@@ -1,6 +1,20 @@
 # Changelog
 
-# 2.3.2
+## 2.3.3
+
+### Overview
+Starting from this version, build artifacts for MacOS AARCH64 (Arm64) are released.
+The corresponding Jar is identified by `osx-aarch_64` classifier.
+Please note that ACCP-FIPS does not have `osx-aarch_64` artifacts and `osx-aarch_64`
+is only available for non-FIPS builds.
+
+### Patch
+* Use AWS-LC [v1.17.0](https://github.com/aws/aws-lc/releases/tag/v1.17.0) for ACCP
+* Use AWS-LC [AWS-LC-FIPS-2.0.2](https://github.com/aws/aws-lc/releases/tag/AWS-LC-FIPS-2.0.2) for ACCP-FIPS
+* [PR 335: Do not destroy linked public keys](https://github.com/corretto/amazon-corretto-crypto-provider/pull/335)
+* [PR 329: Allow users to control the release of EVP context for AES-GCM](https://github.com/corretto/amazon-corretto-crypto-provider/pull/329)
+
+## 2.3.2
 
 ### Overview
 Starting from this version, build artifacts for MacOS X86-64 are released.

README.md

@@ -122,9 +122,16 @@ will always have the most recent version. We strongly recommend you always pull
 in the latest version for best performance and bug-fixes.
 
 Whether you're using Maven, Gradle, or some other build system that also pulls
-packages from Maven Central, it's important to specify `linux-x86_64` or `linux-aarch_64` as the
-classifier. You'll get an empty package otherwise. Note that ACCP is not
-available for MacOS on Maven Central yet.
+packages from Maven Central, it's important to specify a classifier, otherwise,
+one would get an empty package. The possible classifiers are as follows:
+
+| Classifier | Support since version | FIPS support since version |
+|------------|-----------------------|----------------------------|
+| `linux-x86_64` | 1.0.0 | 2.3.0 |
+| `linux-aarch_64` | 2.0.0 | 2.3.0 |
+| `osx-x86_64` | 2.3.2 | Not supported |
+| `osx-aarch_64` | 2.3.3 | Not supported |
+
 
 Regardless of how you acquire ACCP (Maven, manual build, etc.) you will still need to follow the guidance in the [Configuration section](#configuration) to enable ACCP in your application.
 
@@ -144,11 +151,6 @@ For more information, please see [VERSIONING.rst](https://github.com/corretto/am
 
 The artifactId for FIPS builds is `AmazonCorrettoCryptoProvider-FIPS`.
 
-The classifier attribute could be set to `linux-aarch_64` to use ACCP on Linux ARM64 platforms.
-
-Starting from verions 2.3.2, the classifier attribute could be set to `osx-x86_64` to use ACCP
-on MacOS X86 platforms. The FIPS artifacts do not support MacOS X86.
-
 ACCP artifacts on Maven can be verified using the following PGP keys:
 
 | ACCP Version  | PGP Key ID       | Key Server |

build.gradle

@@ -13,10 +13,10 @@ plugins {
 }
 
 group = 'software.amazon.cryptools'
-version = '2.3.2'
+version = '2.3.3'
 ext.isFips = Boolean.getBoolean('FIPS')
 if (ext.isFips) {
-    ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.0'
+    ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.2'
 } else {
     ext.awsLcGitVersionId = 'v1.17.0'
 }
@@ -45,7 +45,6 @@ def getDescriptionForPom(isFips) {
 
 }
 
-
 spotless {
   java {
     target 'src/**/*.java', 'tst/**/*.java'
@@ -582,16 +581,19 @@ task fakePublish {
     def x64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_x64_Artifacts}/lib"
     def aarch64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_aarch64_Artifacts}/lib"
     def osxX64Base = "${System.env.CODEBUILD_SRC_DIR_Osx_x64_Artifacts}/lib"
+    def osxAarch64Base = "${System.env.CODEBUILD_SRC_DIR_Osx_aarch64_Artifacts}/lib"
     def newPrefix = "AmazonCorrettoCryptoProvider-${version}"
     if (isFips) {
+        newPrefix = "AmazonCorrettoCryptoProvider-FIPS-${version}"
         x64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_x64_Artifacts_FIPS}/lib"
         aarch64Base = "${System.env.CODEBUILD_SRC_DIR_Linux_aarch64_Artifacts_FIPS}/lib"
         osxX64Base = null
-        newPrefix = "AmazonCorrettoCryptoProvider-FIPS-${version}"
+        osxAarch64Base = null
     }
     def x86Jar = "${x64Base}/AmazonCorrettoCryptoProvider.jar"
     def aarch64Jar = "${aarch64Base}/AmazonCorrettoCryptoProvider.jar"
     def osxX64Jar = "${osxX64Base}/AmazonCorrettoCryptoProvider.jar"
+    def osxAarch64Jar = "${osxAarch64Base}/AmazonCorrettoCryptoProvider.jar"
     def sourceJar = "${x64Base}/AmazonCorrettoCryptoProvider-sources.jar"
     def javadocJar = "${x64Base}/AmazonCorrettoCryptoProvider-javadoc.jar"
 
@@ -600,6 +602,8 @@ task fakePublish {
         if (!isFips) {
             println osxX64Jar
             println file(osxX64Jar).file
+            println osxAarch64Jar
+            println file(osxAarch64Jar).file
         }
         println aarch64Jar
         println file(aarch64Jar).file
@@ -617,6 +621,11 @@ task fakePublish {
                 rename 'AmazonCorrettoCryptoProvider.jar', "${newPrefix}-osx-x86_64.jar"
                 into "${destinationDir}"
             }
+            copy {
+                from osxAarch64Jar
+                rename 'AmazonCorrettoCryptoProvider.jar', "${newPrefix}-osx-aarch_64.jar"
+                into "${destinationDir}"
+            }
         }
         copy {
             from aarch64Jar
@@ -643,6 +652,14 @@ task fakePublish {
                     keystore: "${project.gradle.gradleUserHomeDir}/${jcecertJks}",
                     tsaurl: "http://timestamp.digicert.com"
                 )
+                ant.signjar(
+                    alias: jcecertAlias,
+                    jar: "${destinationDir}/${newPrefix}-osx-aarch_64.jar",
+                    storepass: jcecertPassword,
+                    keystore: "${project.gradle.gradleUserHomeDir}/${jcecertJks}",
+                    tsaurl: "http://timestamp.digicert.com"
+                )
+
             }
             ant.signjar(
                 alias: jcecertAlias,
@@ -679,12 +696,14 @@ if (project.hasProperty('mavenUser') && project.hasProperty('jcecertAlias')) {
                 def x86Jar = "${fakeMavenBase}linux-x86_64.jar"
                 def aarch64Jar = "${fakeMavenBase}linux-aarch_64.jar"
                 def osxX64Jar = "${fakeMavenBase}osx-x86_64.jar"
+                def osxAarch64Jar = "${fakeMavenBase}osx-aarch_64.jar"
                 def sourceJar = "${fakeMavenBase}sources.jar"
                 def javadocJar = "${fakeMavenBase}javadoc.jar"
                 artifact source: file(x86Jar),classifier:"linux-x86_64",extension:"jar"
                 artifact source: file(aarch64Jar),classifier:"linux-aarch_64",extension:"jar"
                 if (!isFips) {
                     artifact source: file(osxX64Jar),classifier:"osx-x86_64",extension:"jar"
+                    artifact source: file(osxAarch64Jar),classifier:"osx-aarch_64",extension:"jar"
                 }
                 artifact emptyJar
                 artifact source: file(javadocJar),classifier:"javadoc",extension:"jar"

examples/gradle-kt-dsl/lib/build.gradle.kts

@@ -1,6 +1,7 @@
-val accpVersion = "2.3.2"
+val accpVersion = "2.3.3"
 val accpLocalJar: String by project
 val fips: Boolean by project
+val PLATFORMS_WITHOUT_FIPS_SUPPORT = setOf("osx-x86_64", "osx-aarch_64")
 
 plugins {
     // Apply the org.jetbrains.kotlin.jvm Plugin to add support for Kotlin.
@@ -29,9 +30,9 @@ dependencies {
     // Use the Kotlin JUnit integration.
     testImplementation("org.jetbrains.kotlin:kotlin-test-junit")
 
-    // for OSX-x86_64, we do not have FIPS artifacts
+    // For some plaforms, ACCP does not have FIPS artifacts; in such cases, ignore "fips" property.
     val accpArtifactId =
-        if (project.hasProperty("fips") && osdetector.classifier != "osx-x86_64")
+        if (project.hasProperty("fips") && osdetector.classifier !in PLATFORMS_WITHOUT_FIPS_SUPPORT)
             "AmazonCorrettoCryptoProvider-FIPS"
         else
             "AmazonCorrettoCryptoProvider"