Undoing PR 376 (#388)

+ With PR 376, when ACCP is set as the first provider and immediately new SecureRandom is used, the SecureRandom will not be backed by ACCP. + A unit test is modified to check that new SecureRandom immediately after install is backed by ACCP.
corretto · Jun 27, 2024 · d7a87fa · d7a87fa
1 parent e4ad5fd
commit d7a87fa
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 22 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## 2.4.1
+
+### Patch
+* [PR 388: Revert PR 376](https://github.com/corretto/amazon-corretto-crypto-provider/pull/388)
+
 ## 2.4.0
 
 ### Minor

diff --git a/build.gradle b/build.gradle
@@ -13,7 +13,7 @@ plugins {
 }
 
 group = 'software.amazon.cryptools'
-version = '2.4.0'
+version = '2.4.1'
 ext.isFips = Boolean.getBoolean('FIPS')
 if (ext.isFips) {
     ext.awsLcGitVersionId = 'AWS-LC-FIPS-2.0.13'

diff --git a/examples/gradle-kt-dsl/lib/build.gradle.kts b/examples/gradle-kt-dsl/lib/build.gradle.kts
@@ -1,4 +1,4 @@
-val accpVersion = "2.4.0"
+val accpVersion = "2.4.1"
 val accpLocalJar: String by project
 val fips: Boolean by project
 val PLATFORMS_WITHOUT_FIPS_SUPPORT = setOf("osx-x86_64", "osx-aarch_64")

diff --git a/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java b/src/com/amazon/corretto/crypto/provider/AmazonCorrettoCryptoProvider.java
@@ -145,23 +145,10 @@ private void buildServiceMap() {
               "DEFAULT")
           .setSelfTest(LibCryptoRng.SPI.SELF_TEST);
 
-      // Following lines are a workaround to ensure that the SecureRandom service
-      // is seen as ThreadSafe by SecureRandom, when using the alias name DEFAULT
-      // See https://bugs.openjdk.org/browse/JDK-8329754
-
-      // We add additional tests to confirm the DEFAULT algorithm is actually ThreadSafe
-      // This is to prevent issues in case a future code change set DEFAULT to a non-ThreadSafe
-      // algorithm
-
-      // Get the name of the algorithm pointed by the alias name DEFAULT
-      String algorithmUsedForDEFAULT = getProperty("Alg.Alias.SecureRandom.DEFAULT");
-      // If this alias exists and the algorithm pointed by it is thread safe, then mark DEFAULT
-      // ThreadSafe
-      if (algorithmUsedForDEFAULT != null
-          && "true"
-              .equals(getProperty("SecureRandom." + algorithmUsedForDEFAULT + " ThreadSafe"))) {
-        setProperty("SecureRandom.DEFAULT ThreadSafe", "true");
-      }
+      // If we `setProperty("SecureRandom.DEFAULT ThreadSafe", "true")`, then
+      // TestProviderInstallation::testProviderInstallation fails. The unique thing about this test
+      // is that it does `new SecureRandom` immediately after installing ACCP and expects to be
+      // backed by ACCP.
     }
 
     addSignatures();

diff --git a/tst/com/amazon/corretto/crypto/provider/test/TestProviderInstallation.java b/tst/com/amazon/corretto/crypto/provider/test/TestProviderInstallation.java
@@ -15,6 +15,7 @@
 import java.io.ObjectOutputStream;
 import java.security.MessageDigest;
 import java.security.Provider;
+import java.security.SecureRandom;
 import java.security.Security;
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.Test;
@@ -48,6 +49,8 @@ public void testProviderInstallation() throws Exception {
 
     AmazonCorrettoCryptoProvider.install();
 
+    assertEquals("AmazonCorrettoCryptoProvider", new SecureRandom().getProvider().getName());
+
     assertEquals(
         "AmazonCorrettoCryptoProvider",
         MessageDigest.getInstance("SHA-256").getProvider().getName());
@@ -99,8 +102,5 @@ public void testSecureRandomThreadSafe() {
     assertEquals(
         "true",
         AmazonCorrettoCryptoProvider.INSTANCE.getProperty("SecureRandom.LibCryptoRng ThreadSafe"));
-    assertEquals(
-        "true",
-        AmazonCorrettoCryptoProvider.INSTANCE.getProperty("SecureRandom.DEFAULT ThreadSafe"));
   }
 }