Remove dieharder tests

CMakeLists.txt

@@ -37,7 +37,6 @@ find_package(Threads REQUIRED)
 set(BUILD_CLASSPATH "" CACHE STRING "Classpath to JARs to be included at build time")
 set(TEST_CLASSPATH "" CACHE STRING "Classpath to be included at test build and test execution time")
 set(SIGNED_JAR "" CACHE STRING "Path to a pre-signed JAR file, to be used instead of compiling the java source")
-set(DIEHARDER_EXECUTABLE "dieharder" CACHE STRING "Path to the dieharder executable")
 set(ENABLE_NATIVE_TEST_HOOKS NO CACHE BOOL "Enable debugging hooks in the RNG. Disable for production use.")
 set(TEST_DATA_DIR ${PROJECT_SOURCE_DIR}/test-data/ CACHE STRING "Path to directory containing test data")
 set(ORIG_SRCROOT ${PROJECT_SOURCE_DIR} CACHE STRING "Path to root of original package")
@@ -803,65 +802,6 @@ add_custom_target(check-integration
 
 set_target_properties(check-integration PROPERTIES EXCLUDE_FROM_ALL 1)
 
-if (CMAKE_SYSTEM_PROCESSOR STREQUAL "x86_64")
-
-add_custom_target(run-dieharder-libcrypto-rng
-    COMMAND ${TEST_JAVA_EXECUTABLE} -cp $<TARGET_PROPERTY:accp-jar,JAR_FILE>:$<TARGET_PROPERTY:tests-jar,JAR_FILE>:${TEST_CLASSPATH}
-        ${EXTERNAL_LIB_PROPERTY}
-        ${REGISTER_RNG_PROPERTY}
-        com.amazon.corretto.crypto.provider.test.SecureRandomGenerator 'LibCryptoRng' 8192 1 |
-        ${DIEHARDER_EXECUTABLE} -a -g 200 -Y 1 -k 2 |
-        tee dieharder-results-libcrypto-rng.txt
-
-    DEPENDS accp-jar tests-jar)
-
-add_custom_target(run-dieharder-libcrypto-rng-tail
-    COMMAND ${TEST_JAVA_EXECUTABLE} -cp $<TARGET_PROPERTY:accp-jar,JAR_FILE>:$<TARGET_PROPERTY:tests-jar,JAR_FILE>:${TEST_CLASSPATH}
-        ${EXTERNAL_LIB_PROPERTY}
-        ${REGISTER_RNG_PROPERTY}
-        com.amazon.corretto.crypto.provider.test.SecureRandomGenerator 'LibCryptoRng' 31 1 |
-        ${DIEHARDER_EXECUTABLE} -d 15 -g 200 -Y 1 -k 2 |
-        tee dieharder-results-libcrypto-rng-tail.txt
-
-    DEPENDS accp-jar tests-jar)
-
-add_custom_target(run-dieharder-libcrypto-rng-threads
-    COMMAND ${TEST_JAVA_EXECUTABLE} -cp $<TARGET_PROPERTY:accp-jar,JAR_FILE>:$<TARGET_PROPERTY:tests-jar,JAR_FILE>:${TEST_CLASSPATH}
-        ${EXTERNAL_LIB_PROPERTY}
-        ${REGISTER_RNG_PROPERTY}
-        com.amazon.corretto.crypto.provider.test.SecureRandomGenerator 'LibCryptoRng' 128 4 |
-        ${DIEHARDER_EXECUTABLE} -a -g 200 -Y 1 -k 2 |
-        tee dieharder-results-libcrypto-rng-threads.txt
-
-    DEPENDS accp-jar tests-jar)
-
-add_custom_target(run-dieharder-libcrypto-rng-threads-tail
-    COMMAND ${TEST_JAVA_EXECUTABLE} -cp $<TARGET_PROPERTY:accp-jar,JAR_FILE>:$<TARGET_PROPERTY:tests-jar,JAR_FILE>:${TEST_CLASSPATH}
-        ${EXTERNAL_LIB_PROPERTY}
-        ${REGISTER_RNG_PROPERTY}
-        com.amazon.corretto.crypto.provider.test.SecureRandomGenerator 'LibCryptoRng' 31 4 |
-        ${DIEHARDER_EXECUTABLE} -d 15 -g 200 -Y 1 -k 2 |
-        tee dieharder-results-libcrypto-rng-threads-tail.txt
-
-    DEPENDS accp-jar tests-jar)
-
-  add_custom_target(check-dieharder
-    COMMAND ! grep -l FAIL dieharder-results-libcrypto-rng.txt
-    COMMAND grep PASSED dieharder-results-libcrypto-rng.txt
-    COMMAND ! grep -l FAIL dieharder-results-libcrypto-rng-tail.txt
-    COMMAND grep PASSED dieharder-results-libcrypto-rng-tail.txt
-
-    DEPENDS run-dieharder-libcrypto-rng run-dieharder-libcrypto-rng-tail)
-
-add_custom_target(check-dieharder-threads
-    COMMAND ! grep -l FAIL dieharder-results-libcrypto-rng-threads.txt
-    COMMAND grep PASSED dieharder-results-libcrypto-rng-threads.txt
-    COMMAND ! grep -l FAIL dieharder-results-libcrypto-rng-threads-tail.txt
-    COMMAND grep PASSED dieharder-results-libcrypto-rng-threads-tail.txt
-
-    DEPENDS run-dieharder-libcrypto-rng-threads run-dieharder-libcrypto-rng-threads-tail)
-endif() # End of Dieharder targets
-
 # Add a target to assert that the libaccp shared object's rpath meets 2 conditions:
 #   1. rpath contains only a single entry
 #   2. that entry is set to $ORIGIN on linux or @loader_path on mac

Dockerfile.dev

@@ -26,7 +26,6 @@ RUN echo 'export JAVA_HOME=/usr/lib/jvm/java-11-amazon-corretto/' >> /home/.bash
 # required dependencies for building/testing
 RUN apt-get install -y build-essential \
     cmake \
-    dieharder \
     lcov \
     python3-pip
 

README.md

@@ -7,18 +7,11 @@ As of 2.0.0, algorithms exposed by ACCP are primarily backed by [AWS-LC](https:/
 [Security issue notifications](./CONTRIBUTING.md#security-issue-notifications)
 
 ## Build Status
-Please be aware that both "Overkill" and "Dieharder" tests are known to be flakey.
-Both of these tests are flakey because they include entropy generation tests
-(specificaly, the [Dieharder tests](http://webhome.phy.duke.edu/~rgb/General/dieharder.php)).
-Entropy tests are unavoidably flakey because there is always a possibility that a high-quality
-random number generator will output data which looks non-random.
-(For example, even a fair coin will come up heads ten times in a row about one in a thousand trials.)
 
 | Build Name | `main` branch |
 | ---------- |---------------|
 | Linux x86_64 | ![](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiRW4zZUhmeHlJbHRVQnNBZGZEbVJUa0pOK0J0MmtnNVB2dVZZSWhLbUtaNWYxNG96WWg4emN1SjJKL3VSUk9obFl0MnBtajBxejlVWDFiR3ppZGd3U1lrPSIsIml2UGFyYW1ldGVyU3BlYyI6IkFsUkpiMDRkRjZQb1U3Ly8iLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) |
 | Linux aarch64 | ![](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiMEVNSXhZYmdEOWFrcE1HdE9nQmdwVlZFZXRYVnloc05TMXhoZ0tTVUQ1ZlMzeWRrZTArSUxUdzY2RVJRbUtXak5zU2ZCamJBS3JxUEFxZFJ2ZVNkcGVNPSIsIml2UGFyYW1ldGVyU3BlYyI6Ii80UEZpYWc2RjJZLzZDQ0wiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) |
-| Overkill/Dieharder | ![](https://codebuild.us-west-2.amazonaws.com/badges?uuid=eyJlbmNyeXB0ZWREYXRhIjoiRU14ZXM3ZkE4TGduVGV6dkxxWitxbkk3Ump2TnF3elkvYVRzcnkwQ3l4czl1OGRkc3NWblQ2Q0hxQkM2OWJ4VGdmL0x0Y01WYVVkWTdKYXNvbUpvS01VPSIsIml2UGFyYW1ldGVyU3BlYyI6Ilk3Y1NzbGNEZXZXY05CN2IiLCJtYXRlcmlhbFNldFNlcmlhbCI6MX0%3D&branch=main) |
 
 ## Supported Algorithms
 MessageDigest algorithms:
@@ -197,7 +190,6 @@ Building this provider requires a 64 bit Linux or MacOS build system with the fo
 * C++ build chain
 * [lcov](http://ltp.sourceforge.net/coverage/lcov.php) for coverage metrics
 * [gcovr](https://gcovr.com/en/stable/) for reporting coverage metrics in CodeBuild
-* [dieharder](http://webhome.phy.duke.edu/~rgb/General/dieharder.php) for entropy tests
 
 1. Download the repository via `git clone --recurse-submodules`
 2. Run `./gradlew release`
@@ -223,9 +215,6 @@ When changing between FIPS and non-FIPS builds, be sure to do a full `clean` of
 * test_extra_checks: Run unit tests with extra (slow) cryptographic checks enabled
 * test_integration: Run integration tests
 * test_integration_extra_checks: Run integration tests with extra (slow) cryptographic checks enabled
-* dieharder: Run entropy tests
-* dieharder_threads: Run entropy threads specifically checking for leaking state across threads (very slow)
-* dieharder_all: Run all dieharder checks (both dieharder and dieharder_threads)
 * coverage: Run target `test` and collect both Java and C++ coverage metrics (saved in `build/reports`)
 * release: **Default target** depends on build, test, and coverage
 * overkill: Run **all** tests (no coverage)

build.gradle

@@ -443,22 +443,6 @@ task test_integration_extra_checks(type: Exec) {
     commandLine 'make', 'check-integration-extra-checks'
 }
 
-task dieharder(type: Exec) {
-    dependsOn executeCmake
-    workingDir "${buildDir}/cmake"
-    commandLine 'make', 'check-dieharder'
-}
-
-task dieharder_threads(type: Exec) {
-    dependsOn executeCmake
-    workingDir "${buildDir}/cmake"
-    commandLine 'make', 'check-dieharder-threads'
-}
-
-task dieharder_all {
-    dependsOn dieharder, dieharder_threads
-}
-
 task coverage_clean(type: Delete) {
     delete fileTree("${buildDir}/cmake-coverage") {
         include '**/*.gcda'
@@ -565,7 +549,7 @@ task release {
 }
 
 task overkill {
-    dependsOn test, test_extra_checks, test_integration, test_integration_extra_checks, dieharder_all
+    dependsOn test, test_extra_checks, test_integration, test_integration_extra_checks
 }
 
 task fakePublish {

tests/ci/README.md

@@ -52,13 +52,12 @@ CodeBuild|gcc 7|corretto 17|aarch|Ubuntu 20.04|FIPS/non-FIPS
 (macOS CI dimension is currently disabled, go to the Actions tab in the main repo to enable it when its ready.)
 
 
-### Dieharder & Overkill tests
+### Overkill tests
 Runs tests for:
 * test_extra_checks
 * test_integration_extra_checks
-* dieharder_threads
 
 CI Tool|C Compiler|Java Compiler|CPU platform|OS|Dimensions
 ------------ | -------------| -------------| -------------|-------------|-------------
 CodeBuild|gcc 7|corretto 11|x86-64|Ubuntu 20.04|both FIPS/non-FIPS
-CodeBuild|gcc 7|corretto 11|aarch|Ubuntu 20.04|both FIPS/non-FIPS, no dieharder
+CodeBuild|gcc 7|corretto 11|aarch|Ubuntu 20.04|both FIPS/non-FIPS

tests/ci/cdk/app.py

@@ -33,8 +33,6 @@
 ACCPGitHubCIStack(app, "accp-ci-pr-integration-linux-x86", LINUX_ECR_REPO, x86_build_spec_file, env=env)
 arm_build_spec_file = "./cdk/codebuild/pr_integration_linux_arm_omnibus.yaml"
 ACCPGitHubCIStack(app, "accp-ci-pr-integration-linux-arm", LINUX_ECR_REPO, arm_build_spec_file, env=env)
-extra_build_spec_file = "./cdk/codebuild/dieharder_overkill_omnibus.yaml"
-ACCPGitHubCIStack(app, "accp-ci-overkill-dieharder", LINUX_ECR_REPO, extra_build_spec_file, env=env)
 
 # TODO: Renable the code below when ACCP adds support for Windows.
 # Issue: https://github.com/corretto/amazon-corretto-crypto-provider/issues/48