From 7dc6bdd4ab985b6b18455e80a67c045dce5243be Mon Sep 17 00:00:00 2001 From: Carter Kozak Date: Tue, 9 Nov 2021 11:28:29 -0500 Subject: [PATCH] hadoop-crypto no longer depends on commons-crypto or openssl --- README.md | 41 ------ crypto-core/build.gradle | 4 - .../crypto2/cipher/ApacheCiphers.java | 13 +- .../io/ApacheCtrDecryptingSeekableInput.java | 132 ------------------ .../crypto2/io/CryptoStreamFactory.java | 67 +-------- ...ApacheCtrDecryptingSeekableInputTests.java | 71 ---------- .../crypto2/io/CryptoStreamFactoryTest.java | 17 +-- .../palantir/crypto2/io/DecryptionTests.java | 22 ++- .../crypto2/jmh/EncryptionBenchmark.java | 14 -- gradle/openssl.gradle | 11 -- hadoop-crypto/build.gradle | 1 - versions.lock | 2 - versions.props | 1 - 13 files changed, 20 insertions(+), 376 deletions(-) delete mode 100644 crypto-core/src/main/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInput.java delete mode 100644 crypto-core/src/test/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInputTests.java delete mode 100644 gradle/openssl.gradle diff --git a/README.md b/README.md index d5c812a8c..e8a49a448 100644 --- a/README.md +++ b/README.md @@ -187,44 +187,3 @@ Hadoop Configuration Properties License ------- This repository is made available under the [Apache 2.0 License](http://www.apache.org/licenses/LICENSE-2.0). - - -FAQ ---- - -## log.warn lines from `CryptoStreamFactory` - -`WARN: Unable to initialize cipher with OpenSSL, falling back to JCE implementation` - -'Falling back to the JCE implementation' results in slower cipher performance than native OpenSSL. Resolve this by installing a compatible OpenSSL and symlinking it to the correct location, `/usr/lib/libcrypto.so`. (OpenSSL 1.0 and 1.1 are currently supported) - -_Note: to support OpenSSL 1.1, we use releases from the [Palantir fork of commons-crypto](https://github.com/palantir/commons-crypto/releases) as support has been added to the mainline Apache repo, but no release made [since 2016](https://github.com/apache/commons-crypto/releases)._ - -``` -Exception in thread "main" java.io.IOException: java.security.GeneralSecurityException: CryptoCipher {org.apache.commons.crypto.cipher.OpenSslCipher} is not available or transformation AES/CTR/NoPadding is not supported. - at org.apache.commons.crypto.utils.Utils.getCipherInstance(Utils.java:130) - at ApacheCommonsCryptoLoad.main(ApacheCommonsCryptoLoad.java:10) -Caused by: java.security.GeneralSecurityException: CryptoCipher {org.apache.commons.crypto.cipher.OpenSslCipher} is not available or transformation AES/CTR/NoPadding is not supported. - at org.apache.commons.crypto.cipher.CryptoCipherFactory.getCryptoCipher(CryptoCipherFactory.java:176) - at org.apache.commons.crypto.utils.Utils.getCipherInstance(Utils.java:128) - ... 1 more -Caused by: java.lang.RuntimeException: java.lang.reflect.InvocationTargetException - at org.apache.commons.crypto.utils.ReflectionUtils.newInstance(ReflectionUtils.java:90) - at org.apache.commons.crypto.cipher.CryptoCipherFactory.getCryptoCipher(CryptoCipherFactory.java:160) - ... 2 more -Caused by: java.lang.reflect.InvocationTargetException - at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) - at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source) - at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source) - at java.base/java.lang.reflect.Constructor.newInstance(Unknown Source) - at org.apache.commons.crypto.utils.ReflectionUtils.newInstance(ReflectionUtils.java:88) - ... 3 more -Caused by: java.lang.RuntimeException: java.lang.UnsatisfiedLinkError: EVP_CIPHER_CTX_cleanup - at org.apache.commons.crypto.cipher.OpenSslCipher.(OpenSslCipher.java:59) - ... 8 more -Caused by: java.lang.UnsatisfiedLinkError: EVP_CIPHER_CTX_cleanup - at org.apache.commons.crypto.cipher.OpenSslNative.initIDs(Native Method) - at org.apache.commons.crypto.cipher.OpenSsl.(OpenSsl.java:95) - at org.apache.commons.crypto.cipher.OpenSslCipher.(OpenSslCipher.java:57) - ... 8 more -``` diff --git a/crypto-core/build.gradle b/crypto-core/build.gradle index 4a3d36fc5..4b16f1a6c 100644 --- a/crypto-core/build.gradle +++ b/crypto-core/build.gradle @@ -1,12 +1,8 @@ -apply from: "${rootDir}/gradle/openssl.gradle" - dependencies { compile project(':crypto-keys') compile "com.google.guava:guava" compile "com.palantir.seek-io:seek-io" - compile "org.apache.commons:commons-crypto" - implementation "org.slf4j:slf4j-api" annotationProcessor 'org.openjdk.jmh:jmh-generator-annprocess' compileOnly 'org.openjdk.jmh:jmh-generator-annprocess' diff --git a/crypto-core/src/main/java/com/palantir/crypto2/cipher/ApacheCiphers.java b/crypto-core/src/main/java/com/palantir/crypto2/cipher/ApacheCiphers.java index 9f6c83140..6ee847f27 100644 --- a/crypto-core/src/main/java/com/palantir/crypto2/cipher/ApacheCiphers.java +++ b/crypto-core/src/main/java/com/palantir/crypto2/cipher/ApacheCiphers.java @@ -17,19 +17,22 @@ package com.palantir.crypto2.cipher; import java.util.Properties; -import org.apache.commons.crypto.cipher.CryptoCipherFactory; public final class ApacheCiphers { private ApacheCiphers() {} /** - * Configures the provided {@link Properties} such that {@link CryptoCipherFactory#getCryptoCipher(String, - * Properties)} will only try to use the OpenSSL cipher implementation which uses AES-NI. + * Does nothing. + * + * Previously configured the provided {@link Properties} such that + * {@code CryptoCipherFactory#getCryptoCipher(String, Properties)} will only try to use the OpenSSL cipher + * implementation which uses AES-NI. + * + * @deprecated Exists for abi compatibility, no longer does anything. */ + @Deprecated public static Properties forceOpenSsl(Properties properties) { - properties.setProperty(CryptoCipherFactory.CLASSES_KEY, - CryptoCipherFactory.CipherProvider.OPENSSL.getClassName()); return properties; } diff --git a/crypto-core/src/main/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInput.java b/crypto-core/src/main/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInput.java deleted file mode 100644 index 1a07537ec..000000000 --- a/crypto-core/src/main/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInput.java +++ /dev/null @@ -1,132 +0,0 @@ -/* - * (c) Copyright 2017 Palantir Technologies Inc. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.palantir.crypto2.io; - -import com.google.common.annotations.VisibleForTesting; -import com.palantir.crypto2.cipher.ApacheCiphers; -import com.palantir.crypto2.keys.KeyMaterial; -import com.palantir.seekio.SeekableInput; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Properties; -import org.apache.commons.crypto.stream.CtrCryptoInputStream; -import org.apache.commons.crypto.stream.input.Input; -import org.apache.commons.crypto.utils.Utils; - -/** - * A {@link SeekableInput} that decrypts AES/CTR encrypted SeekableInputs using the given {@link KeyMaterial}. This - * implementation uses Apache's {@link CtrCryptoInputStream} which uses OpenSSL and supports AES-NI. - */ -public final class ApacheCtrDecryptingSeekableInput extends CtrCryptoInputStream implements SeekableInput { - - private static final String ALGORITHM = "AES/CTR/NoPadding"; - private static final int BUFFER_SIZE = 8192; - // Force OpenSSL for AES-NI support - private static final Properties PROPS = ApacheCiphers.forceOpenSsl(new Properties()); - - /** - * Creates a new {@link ApacheCtrDecryptingSeekableInput}. This constructor is expected to succeed if and only if - * the OpenSSL library is able to be loaded. - */ - ApacheCtrDecryptingSeekableInput(SeekableInput input, KeyMaterial keyMaterial) throws IOException { - super(new InputAdapter(input), Utils.getCipherInstance(ALGORITHM, PROPS), BUFFER_SIZE, - keyMaterial.getSecretKey().getEncoded(), keyMaterial.getIv()); - } - - @Override - public void seek(long offset) throws IOException { - super.seek(offset); - } - - @Override - public long getPos() throws IOException { - return super.getStreamPosition(); - } - - @Override - public int read(byte[] bytes, int off, int len) throws IOException { - return super.read(bytes, off, len); - } - - @Override - public void close() throws IOException { - super.close(); - } - - @VisibleForTesting - static final class InputAdapter implements Input { - private final SeekableInput input; - private final byte[] readBuffer = new byte[BUFFER_SIZE]; - - InputAdapter(SeekableInput input) { - this.input = input; - } - - @Override - public int read(long position, byte[] buffer, int offset, int length) throws IOException { - input.seek(position); - return input.read(buffer, offset, length); - } - - @Override - public int read(ByteBuffer dst) throws IOException { - int toRead = dst.remaining(); - int totalRead = 0; - - while (toRead > 0) { - int chunk = Math.min(toRead, readBuffer.length); - int read = input.read(readBuffer, 0, chunk); - - if (read == -1) { - if (totalRead == 0) { - // first read hit EOF - return -1; - } else { - return totalRead; - } - } else { - dst.put(readBuffer, 0, read); - totalRead += read; - toRead -= read; - } - } - - return totalRead; - } - - @Override - public long skip(long bytes) throws IOException { - input.seek(input.getPos() + bytes); - return bytes; - } - - @Override - public int available() throws IOException { - return 0; - } - - @Override - public void seek(long position) throws IOException { - input.seek(position); - } - - @Override - public void close() throws IOException { - input.close(); - } - } -} diff --git a/crypto-core/src/main/java/com/palantir/crypto2/io/CryptoStreamFactory.java b/crypto-core/src/main/java/com/palantir/crypto2/io/CryptoStreamFactory.java index 453fa143c..1a53af447 100644 --- a/crypto-core/src/main/java/com/palantir/crypto2/io/CryptoStreamFactory.java +++ b/crypto-core/src/main/java/com/palantir/crypto2/io/CryptoStreamFactory.java @@ -16,8 +16,6 @@ package com.palantir.crypto2.io; -import com.google.common.annotations.VisibleForTesting; -import com.palantir.crypto2.cipher.ApacheCiphers; import com.palantir.crypto2.cipher.SeekableCipher; import com.palantir.crypto2.cipher.SeekableCipherFactory; import com.palantir.crypto2.keys.KeyMaterial; @@ -26,24 +24,11 @@ import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; -import java.util.Properties; import javax.crypto.Cipher; import javax.crypto.CipherOutputStream; -import javax.crypto.SecretKey; -import org.apache.commons.crypto.stream.CtrCryptoOutputStream; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; public final class CryptoStreamFactory { - private static final Logger log = LoggerFactory.getLogger(CryptoStreamFactory.class); - private static final Properties PROPS = ApacheCiphers.forceOpenSsl(new Properties()); - private static final String AES_ALGORITHM = "AES/CTR/NoPadding"; - private static final String OPEN_SSL_INIT_WARNING = "Unable to initialize cipher with OpenSSL, falling back to " - + "JCE implementation - see github.com/palantir/hadoop-crypto#faq"; - - private static volatile boolean fullExceptionLoggedAlready = false; - private CryptoStreamFactory() {} /** @@ -51,23 +36,7 @@ private CryptoStreamFactory() {} * cipher {@code algorithm}. When OpenSSL is available an implementation that uses AES-NI will be returned. */ public static SeekableInput decrypt(SeekableInput encryptedInput, KeyMaterial keyMaterial, String algorithm) { - return decrypt(encryptedInput, keyMaterial, algorithm, false); - } - - @SuppressWarnings("CatchBlockLogException") - @VisibleForTesting - static SeekableInput decrypt( - SeekableInput encryptedInput, KeyMaterial keyMaterial, String algorithm, boolean forceJce) { - if (!algorithm.equals(AES_ALGORITHM) || forceJce) { - return new DecryptingSeekableInput(encryptedInput, SeekableCipherFactory.getCipher(algorithm, keyMaterial)); - } - - try { - return new ApacheCtrDecryptingSeekableInput(encryptedInput, keyMaterial); - } catch (IOException e) { - warningLog(e); - return new DecryptingSeekableInput(encryptedInput, SeekableCipherFactory.getCipher(algorithm, keyMaterial)); - } + return new DecryptingSeekableInput(encryptedInput, SeekableCipherFactory.getCipher(algorithm, keyMaterial)); } /** @@ -83,39 +52,7 @@ public static InputStream decrypt(InputStream input, KeyMaterial keyMaterial, St * cipher {@code algorithm}. When OpenSSL is available an implementation that uses AES-NI will be returned. */ public static OutputStream encrypt(OutputStream output, KeyMaterial keyMaterial, String algorithm) { - return encrypt(output, keyMaterial, algorithm, false); - } - - @SuppressWarnings("CatchBlockLogException") - @VisibleForTesting - static OutputStream encrypt(OutputStream output, KeyMaterial keyMaterial, String algorithm, boolean forceJce) { - if (!algorithm.equals(AES_ALGORITHM) || forceJce) { - return createDefaultEncryptedStream(output, keyMaterial, algorithm); - } - - try { - return createApacheEncryptedStream(output, keyMaterial); - } catch (IOException e) { - warningLog(e); - return createDefaultEncryptedStream(output, keyMaterial, algorithm); - } - } - - /** To avoid spamming logs with exceptions, we only log the exception once. */ - private static void warningLog(IOException exception) { - if (fullExceptionLoggedAlready) { - log.warn(OPEN_SSL_INIT_WARNING); - } else { - log.warn(OPEN_SSL_INIT_WARNING, exception); - fullExceptionLoggedAlready = true; - } - } - - private static OutputStream createApacheEncryptedStream(OutputStream output, KeyMaterial keyMaterial) - throws IOException { - SecretKey secretKey = keyMaterial.getSecretKey(); - byte[] iv = keyMaterial.getIv(); - return new CtrCryptoOutputStream(PROPS, output, secretKey.getEncoded(), iv); + return createDefaultEncryptedStream(output, keyMaterial, algorithm); } private static OutputStream createDefaultEncryptedStream(OutputStream output, KeyMaterial keyMaterial, diff --git a/crypto-core/src/test/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInputTests.java b/crypto-core/src/test/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInputTests.java deleted file mode 100644 index 07a916839..000000000 --- a/crypto-core/src/test/java/com/palantir/crypto2/io/ApacheCtrDecryptingSeekableInputTests.java +++ /dev/null @@ -1,71 +0,0 @@ -/* - * (c) Copyright 2021 Palantir Technologies Inc. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.palantir.crypto2.io; - -import static org.assertj.core.api.Assertions.assertThat; - -import com.palantir.seekio.InMemorySeekableDataInput; -import java.io.IOException; -import java.nio.ByteBuffer; -import java.util.Random; -import org.junit.BeforeClass; -import org.junit.Test; - -public final class ApacheCtrDecryptingSeekableInputTests { - private static final int NUM_BYTES = 1024 * 1024; - private static final Random random = new Random(0); - private static byte[] data; - - @BeforeClass - public static void beforeClass() throws IOException { - data = new byte[NUM_BYTES]; - random.nextBytes(data); - } - - @Test - public void testEmptyRead() throws IOException { - ByteBuffer dst = ByteBuffer.allocate(1024); - byte[] emptyData = new byte[] {}; - - ApacheCtrDecryptingSeekableInput.InputAdapter adapter = inputAdapter(emptyData); - assertThat(adapter.read(dst)).isEqualTo(-1); - assertThat(dst.position()).isEqualTo(0); - } - - @Test - public void testFullRead() throws IOException { - ByteBuffer dst = ByteBuffer.allocate(2 * NUM_BYTES); - - ApacheCtrDecryptingSeekableInput.InputAdapter adapter = inputAdapter(data); - assertThat(adapter.read(dst)).isEqualTo(NUM_BYTES); - assertThat(dst.position()).isEqualTo(NUM_BYTES); - } - - @Test - public void testPartialRead() throws IOException { - int toRead = NUM_BYTES / 2; - ByteBuffer dst = ByteBuffer.allocate(toRead); - - ApacheCtrDecryptingSeekableInput.InputAdapter adapter = inputAdapter(data); - assertThat(adapter.read(dst)).isEqualTo(toRead); - assertThat(dst.position()).isEqualTo(toRead); - } - - private ApacheCtrDecryptingSeekableInput.InputAdapter inputAdapter(byte[] inputData) { - return new ApacheCtrDecryptingSeekableInput.InputAdapter(new InMemorySeekableDataInput(inputData)); - } -} diff --git a/crypto-core/src/test/java/com/palantir/crypto2/io/CryptoStreamFactoryTest.java b/crypto-core/src/test/java/com/palantir/crypto2/io/CryptoStreamFactoryTest.java index dba50eae8..a8af8b21b 100644 --- a/crypto-core/src/test/java/com/palantir/crypto2/io/CryptoStreamFactoryTest.java +++ b/crypto-core/src/test/java/com/palantir/crypto2/io/CryptoStreamFactoryTest.java @@ -30,14 +30,11 @@ import java.io.OutputStream; import java.nio.charset.StandardCharsets; import java.util.concurrent.ThreadLocalRandom; -import org.apache.commons.crypto.stream.CtrCryptoInputStream; -import org.apache.commons.crypto.stream.CtrCryptoOutputStream; import org.junit.Before; import org.junit.Test; public final class CryptoStreamFactoryTest { - private static final boolean FORCE_JCE = true; private static final byte[] BYTES = "data".getBytes(StandardCharsets.UTF_8); private KeyMaterial keyMaterial; @@ -47,16 +44,6 @@ public void before() { keyMaterial = AesCtrCipher.generateKeyMaterial(); } - @Test - public void ensureDefaultIsApache() { - OutputStream encrypted = CryptoStreamFactory.encrypt(null, keyMaterial, AesCtrCipher.ALGORITHM); - SeekableInput decrypted = CryptoStreamFactory.decrypt( - (SeekableInput) null, keyMaterial, AesCtrCipher.ALGORITHM); - - assertThat(encrypted).isInstanceOf(CtrCryptoOutputStream.class); - assertThat(decrypted).isInstanceOf(CtrCryptoInputStream.class); - } - @Test public void testEncryptDecryptInputStream() throws IOException { ByteArrayOutputStream os = new ByteArrayOutputStream(); @@ -73,12 +60,12 @@ public void testEncryptDecryptInputStream() throws IOException { @Test public void testEncryptDecryptJce() throws IOException { ByteArrayOutputStream os = new ByteArrayOutputStream(); - OutputStream encrypted = CryptoStreamFactory.encrypt(os, keyMaterial, AesCtrCipher.ALGORITHM, FORCE_JCE); + OutputStream encrypted = CryptoStreamFactory.encrypt(os, keyMaterial, AesCtrCipher.ALGORITHM); encrypted.write(BYTES); encrypted.close(); SeekableInput decrypted = CryptoStreamFactory.decrypt( - new InMemorySeekableDataInput(os.toByteArray()), keyMaterial, AesCtrCipher.ALGORITHM, FORCE_JCE); + new InMemorySeekableDataInput(os.toByteArray()), keyMaterial, AesCtrCipher.ALGORITHM); byte[] readBytes = new byte[BYTES.length]; int bytesRead = decrypted.read(readBytes, 0, BYTES.length); diff --git a/crypto-core/src/test/java/com/palantir/crypto2/io/DecryptionTests.java b/crypto-core/src/test/java/com/palantir/crypto2/io/DecryptionTests.java index ab6d482b7..d9600096b 100644 --- a/crypto-core/src/test/java/com/palantir/crypto2/io/DecryptionTests.java +++ b/crypto-core/src/test/java/com/palantir/crypto2/io/DecryptionTests.java @@ -43,8 +43,6 @@ @RunWith(Parameterized.class) public final class DecryptionTests { - private static final boolean JCE = true; - private static final boolean APACHE = !JCE; private static final String AES_CTR = AesCtrCipher.ALGORITHM; private static final String AES_CBC = AesCbcCipher.ALGORITHM; private static final int BLOCK_SIZE = 16; @@ -66,23 +64,23 @@ public static void beforeClass() throws IOException { @Parameterized.Parameters public static Collection ciphers() { return ImmutableList.of( - new TestCase(AES_CTR, JCE, JCE), - new TestCase(AES_CTR, APACHE, APACHE), - new TestCase(AES_CTR, JCE, APACHE), - new TestCase(AES_CTR, APACHE, JCE), - new TestCase(AES_CBC, JCE, JCE)); + new TestCase(AES_CTR), + new TestCase(AES_CTR), + new TestCase(AES_CTR), + new TestCase(AES_CTR), + new TestCase(AES_CBC)); } public DecryptionTests(TestCase testCase) { try { ByteArrayOutputStream os = new ByteArrayOutputStream(); KeyMaterial keyMaterial = SeekableCipherFactory.generateKeyMaterial(testCase.alg); - OutputStream cos = CryptoStreamFactory.encrypt(os, keyMaterial, testCase.alg, testCase.forceJceEncrypt); + OutputStream cos = CryptoStreamFactory.encrypt(os, keyMaterial, testCase.alg); cos.write(data); cos.close(); InMemorySeekableDataInput input = new InMemorySeekableDataInput(os.toByteArray()); - cis = CryptoStreamFactory.decrypt(input, keyMaterial, testCase.alg, testCase.forceJceDecrypt); + cis = CryptoStreamFactory.decrypt(input, keyMaterial, testCase.alg); } catch (IOException e) { throw Throwables.propagate(e); } @@ -174,13 +172,9 @@ private static void readFully(SeekableInput input, byte[] decrypted) throws IOEx @SuppressWarnings("VisibilityModifier") private static final class TestCase { String alg; - boolean forceJceEncrypt; - boolean forceJceDecrypt; - TestCase(String alg, boolean forceJceEncrypt, boolean forceJceDecrypt) { + TestCase(String alg) { this.alg = alg; - this.forceJceEncrypt = forceJceEncrypt; - this.forceJceDecrypt = forceJceDecrypt; } } } diff --git a/crypto-core/src/test/java/com/palantir/crypto2/jmh/EncryptionBenchmark.java b/crypto-core/src/test/java/com/palantir/crypto2/jmh/EncryptionBenchmark.java index 1a8dbfd67..a8e566300 100644 --- a/crypto-core/src/test/java/com/palantir/crypto2/jmh/EncryptionBenchmark.java +++ b/crypto-core/src/test/java/com/palantir/crypto2/jmh/EncryptionBenchmark.java @@ -16,7 +16,6 @@ package com.palantir.crypto2.jmh; -import com.palantir.crypto2.cipher.ApacheCiphers; import com.palantir.crypto2.keys.KeyMaterial; import com.palantir.crypto2.keys.serialization.KeyMaterials; import java.io.ByteArrayOutputStream; @@ -26,14 +25,12 @@ import java.security.Key; import java.security.NoSuchAlgorithmException; import java.security.spec.AlgorithmParameterSpec; -import java.util.Properties; import java.util.Random; import javax.crypto.Cipher; import javax.crypto.CipherOutputStream; import javax.crypto.NoSuchPaddingException; import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.IvParameterSpec; -import org.apache.commons.crypto.stream.CtrCryptoOutputStream; import org.openjdk.jmh.annotations.Benchmark; import org.openjdk.jmh.annotations.Fork; import org.openjdk.jmh.annotations.Measurement; @@ -84,17 +81,6 @@ public final void ctrEncrypt(State state) throws NoSuchPaddingException, NoSuchA encrypt(state.data, cipher, state.key.getSecretKey(), ivSpec); } - @Benchmark - public final void apacheEncrypt(State state) throws IOException { - Properties props = ApacheCiphers.forceOpenSsl(new Properties()); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - CtrCryptoOutputStream output = new CtrCryptoOutputStream( - props, baos, state.key.getSecretKey().getEncoded(), state.key.getIv()); - - output.write(state.data); - } - private void encrypt(byte[] bytes, Cipher cipher, Key key, AlgorithmParameterSpec spec) { try { cipher.init(Cipher.ENCRYPT_MODE, key, spec); diff --git a/gradle/openssl.gradle b/gradle/openssl.gradle deleted file mode 100644 index 268093f06..000000000 --- a/gradle/openssl.gradle +++ /dev/null @@ -1,11 +0,0 @@ -test { - def sep = System.getProperty("path.separator") - def cur = System.getenv("LD_LIBRARY_PATH") - def openssl = "/usr/local/opt/openssl/lib" + sep + "/usr/lib/ssl" - - if (cur != null) { - environment "LD_LIBRARY_PATH", cur + sep + openssl - } else { - environment "LD_LIBRARY_PATH", openssl - } -} diff --git a/hadoop-crypto/build.gradle b/hadoop-crypto/build.gradle index 96db31035..7f606abe8 100644 --- a/hadoop-crypto/build.gradle +++ b/hadoop-crypto/build.gradle @@ -1,4 +1,3 @@ -apply from: "${rootDir}/gradle/openssl.gradle" apply plugin: 'com.github.johnrengelman.shadow' dependencies { diff --git a/versions.lock b/versions.lock index 7a28c0492..bbcc3b05d 100644 --- a/versions.lock +++ b/versions.lock @@ -7,9 +7,7 @@ com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava (1 c com.google.j2objc:j2objc-annotations:1.3 (1 constraints: b809eda0) com.palantir.seek-io:seek-io:1.3.0 (1 constraints: 0605f935) commons-logging:commons-logging:1.1.3 (1 constraints: b0102eb8) -net.java.dev.jna:jna:5.5.0 (1 constraints: a80ee955) net.sf.jopt-simple:jopt-simple:4.6 (1 constraints: 610a91b7) -org.apache.commons:commons-crypto:1.1.0 (1 constraints: 0405f335) org.apache.commons:commons-math3:3.6.1 (2 constraints: 670ffb89) org.apache.hadoop:hadoop-client-api:3.3.1 (2 constraints: ba15cfdf) org.apache.hadoop:hadoop-client-runtime:3.3.1 (1 constraints: 09050436) diff --git a/versions.props b/versions.props index c6e2327ca..149c8d5c5 100644 --- a/versions.props +++ b/versions.props @@ -1,7 +1,6 @@ com.google.guava:guava = 31.0.1-jre com.palantir.seek-io:seek-io = 1.3.0 junit:junit = 4.13.2 -org.apache.commons:commons-crypto = 1.1.0 org.apache.commons:commons-math3 = 3.6.1 org.apache.hadoop:hadoop-* = 3.3.1 org.assertj:assertj-* = 3.21.0