diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 396551e..7eb92f1 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -24,8 +24,8 @@ jobs:
steps:
- uses: actions/checkout@v4
- - name: Set up JDK 21
- run: sudo apt-get update && sudo apt-get install -y openjdk-21-jdk-headless
+ - name: Set up JDK 17
+ run: sudo apt-get update && sudo apt-get install -y openjdk-17-jdk-headless
- name: Install OpenSSL FIPS
run: |
git clone https://github.com/openssl/openssl && cd openssl
@@ -38,9 +38,9 @@ jobs:
sudo openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib64/ossl-modules/fips.so
sudo cat /usr/local/ssl/fipsmodule.cnf
sudo cp ${{ github.workspace }}/src/test/conf/openssl.cnf /usr/local/ssl/openssl.cnf
- - name: Build with Maven
+ - name: Build with Maven/JDK 17
env:
- JAVA_HOME: /usr/lib/jvm/java-21-openjdk-amd64/
+ JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64/
run: mvn -B package --file pom.xml
- name: Upload logfile
uses: actions/upload-artifact@v4
diff --git a/Makefile b/Makefile
index c8f32f6..80d38bc 100644
--- a/Makefile
+++ b/Makefile
@@ -15,7 +15,6 @@
#
#
-JAVA_HOME := /usr/lib/jvm/java-21-openjdk-amd64/
TOPDIR := $(shell pwd)
BUILD := ${TOPDIR}/build
diff --git a/README.md b/README.md
index 650eeaa..d1a41a7 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
### Introduction
-The OpenSSL FIPS Java project is a Java FIPS security provider module layered on top of the [OpenSSL library and its FIPS module](https://docs.openssl.org/3.0/man7/OSSL_PROVIDER-FIPS/). Complying with the [Java Cryptography Architecture](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html), it implements the Java security SPI classes for security functions including [Deterministic Random Bit Generators](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/SecureRandomSpi.html), [Ciphers](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/crypto/CipherSpi.html), [Key Agreements](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/crypto/KeyAgreementSpi.html), [Key Derivations](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/crypto/SecretKeyFactorySpi.html), [Key Encapsulation](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/crypto/KEMSpi.html), [Message Digests](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/MessageDigest.html#:~:text=Message%20digests%20are%20secure%20one,called%20to%20reset%20the%20digest.), [Message Authentication Codes](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/javax/crypto/Mac.html) and [Signatures](https://docs.oracle.com/en/java/javase/21/docs/api/java.base/java/security/Signature.html?source=%3Aso%3Atw%3Aor%3Aawr%3Aosec%3A%2C%3Aso%3Atw%3Aor%3Aawr%3Aosec%3A).
+The OpenSSL FIPS Java project is a Java FIPS security provider module layered on top of the [OpenSSL library and its FIPS module](https://docs.openssl.org/3.0/man7/OSSL_PROVIDER-FIPS/). Complying with the [Java Cryptography Architecture](https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html), it implements the Java security SPI classes for security functions including [Deterministic Random Bit Generators](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/SecureRandomSpi.html), [Ciphers](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/crypto/CipherSpi.html), [Key Agreements](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/crypto/KeyAgreementSpi.html), [Key Derivations](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/crypto/SecretKeyFactorySpi.html), [Key Encapsulation](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/crypto/KEMSpi.html), [Message Digests](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/MessageDigest.html#:~:text=Message%20digests%20are%20secure%20one,called%20to%20reset%20the%20digest.), [Message Authentication Codes](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/javax/crypto/Mac.html) and [Signatures](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/security/Signature.html?source=%3Aso%3Atw%3Aor%3Aawr%3Aosec%3A%2C%3Aso%3Atw%3Aor%3Aawr%3Aosec%3A).
Under the covers, OpenSSL FIPS Java is quite tightly coupled with OpenSSL through the [Java Native Interface](https://docs.oracle.com/javase/8/docs/technotes/guides/jni/spec/intro.html) and the [OpenSSL EVP API](https://docs.openssl.org/3.3/man7/evp/). Only FIPS-approved algorithms, offered by the OpenSSL FIPS module are registered with this provider. The binaries produced from this source should be generally considered FIPS-compliant if the underlying OpenSSL module is FIPS 140-2/140-3 certified.
@@ -48,17 +48,17 @@ base = base_sect
[algorithm_sect]
default_properties = fips=yes
```
-#### Install OpenJDK v21
-This project needs OpenJDK 21 or a later release of it. On Ubuntu/Debian systems, you may install the OpenJDK from the archive.
+#### Install OpenJDK v17
+This project needs OpenJDK 17 or a later release of it. On Ubuntu/Debian systems, you may install the OpenJDK from the archive.
```
sudo apt update
-sudo apt install openjdk-21-jdk-headless
+sudo apt install openjdk-17-jdk-headless
```
#### Clone the project, build and test
This set of commands may be used on Ubuntu/Debian systems.
```
git clone https://github.com/canonical/openssl-fips-java && cd openssl-fips-java
-export JAVA_HOME=/usr/lib/jvm/java-21-openjdk-amd64/
+export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64/
export OPENSSL_MODULES=/usr/local/lib64/ossl-modules
mvn -B package --file pom.xml
```
diff --git a/pom.xml b/pom.xml
index 8966bf9..a8dac29 100644
--- a/pom.xml
+++ b/pom.xml
@@ -26,8 +26,8 @@
0.0.1
- 21
- 21
+ 17
+ 17
UTF-8
@@ -58,9 +58,9 @@
maven-compiler-plugin
3.13.0
- 21
- 21
- 21
+ 17
+ 17
+ 17
diff --git a/snapcraft.yaml b/snapcraft.yaml
index 47156dd..1889af8 100644
--- a/snapcraft.yaml
+++ b/snapcraft.yaml
@@ -15,8 +15,10 @@ parts:
source: .
maven-parameters:
- -DskipTests=true -DskipGenerateTestResources=true -B package --file pom.xml
+ build-environment:
+ - JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
build-packages:
- - openjdk-21-jdk
+ - openjdk-17-jdk-headless
- maven
- libssl-dev
diff --git a/src/main/java/com/canonical/openssl/util/NativeLibraryLoader.java b/src/main/java/com/canonical/openssl/util/NativeLibraryLoader.java
index d810d0f..ced1125 100644
--- a/src/main/java/com/canonical/openssl/util/NativeLibraryLoader.java
+++ b/src/main/java/com/canonical/openssl/util/NativeLibraryLoader.java
@@ -36,7 +36,6 @@ public static synchronized void load() {
InputStream in = NativeLibraryLoader.class.getResourceAsStream(location + libFileName);
File tempFile = Files.createFile(Paths.get("/tmp/" + libFileName)).toFile();
- tempFile.deleteOnExit();
try (FileOutputStream out = new FileOutputStream(tempFile)) {
byte[] buffer = new byte[1024];
@@ -48,6 +47,8 @@ public static synchronized void load() {
System.load(tempFile.getAbsolutePath());
loaded = true;
+
+ tempFile.delete();
} catch (Exception e) {
throw new RuntimeException("Failed to load native libary " + libFileName + ": " + e);
}
diff --git a/src/main/native/c/init.c b/src/main/native/c/init.c
index 589f6c0..ccc3d7b 100644
--- a/src/main/native/c/init.c
+++ b/src/main/native/c/init.c
@@ -66,10 +66,11 @@ OSSL_LIB_CTX* load_openssl_base_provider(const char* conf_file_path) {
int JNI_OnLoad(JavaVM* vm, void *reserved) {
const char *default_cnf = "/usr/local/ssl/openssl.cnf";
- char *cnf = getenv("OPENSSL_CUSTOM_CONF");
- if (cnf == NULL) {
- cnf = default_cnf;
+ const char *custom_cnf = getenv("OPENSSL_CUSTOM_CONF");
+ if (custom_cnf != NULL) {
+ global_libctx = load_openssl_fips_provider(custom_cnf);
+ } else {
+ global_libctx = load_openssl_fips_provider(default_cnf);
}
- global_libctx = load_openssl_fips_provider(cnf);
- return JNI_VERSION_21;
+ return JNI_VERSION_10;
}