GitLab

(cherry picked from commit 69766952)

Change-Id: I584aa770a496f433f1d5fbba579ca477bfa2ef19

Sanitization currently makes this library reference symbols which
cannot be resolved at runtime without additional magic when starting
the JVM.

Disable this until we can find a fix. This currently fails with:
libconscrypt_openjdk_jni.so: undefined symbol: __asan_option_detect_stack_use_after_return
	at java.lang.ClassLoader$NativeLibrary.load(Native Method)
	at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
	at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
	at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1880)
	at java.lang.Runtime.loadLibrary0(Runtime.java:849)
	at java.lang.System.loadLibrary(System.java:1088)
	at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:25)
	at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:54)
	at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34)
	at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119)
	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220)
	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216)
	at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94)
	at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272)
	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
	at com.android.signapk.SignApk.readPublicKey(SignApk.java:161)
	at com.android.signapk.SignApk.main(SignApk.java:933)

Bug: 26160319
Change-Id: Icd5ffb49eb5610552af0dd049db99a0b9f181cba

This statically links in BoringSSL and libc++ into Conscrypt's JNI
OpenJDK shared library for host. The goal is to make the library as
self-contained as feasible to avoid issues with shared library search
path when the library is used outside of the Android source tree.

Bug: 26097626
Change-Id: I3d1b521ad11a0f88ec46d8a7382c14ffdfd44e2e

This builds conscrypt enough that signapk can start using it during the
build process to speed up its signing process and use RSA PSS.

Change-Id: Ic54baa286a9559bf19e14697042f28d180f58e04

conscrypt does not use STL, but gets libc++.so linked in by default.
Unbundled branches might not have libc++.so, so opt-out of STL.

Change-Id: I8c1e58a821b1d5c4c9aacfe34d605b27a105973b

Bug: http://b/22403888
Change-Id: Iac28f3da6a185e63a9190e6ca9223836cf3103ed

Change-Id: I2908fc4f7146a6c70309b41a5290434f3efdc9ba

The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned.
The use case for this is recreating the TBS component of a Precertificate as
described by RFC6962 section 3.2.

Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722

NativeConstants.java is generated by a C program and thus the values
will automatically be kept in sync with the contents of the OpenSSL
headers.

Bug: 20521989
Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad

It should build against the SDK so it doesn't depend on a bunch of stuff
unavailable in an unbundled build scenario.

Change-Id: Ib1c2bd90585ea5823c3e5cf2a3e1efed815f2f23

This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a
subclass of the platform's OpenSSLSocketImpl in order to support old
code that does casts to the platform OpenSSLSocketImpl in order to set
things like SNI.

Until KK the platform OpenSSLSocketImpl was
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became
com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform
HTTP stack no longer casts to the platform OpenSSLSocketImpl and this
work around is not needed on those devices.

Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0

This is a temporary workround to avoid intermittent failure on
build server for ub-conscrypt

Bug: 20132430
Change-Id: I781fb968ed7d0f40f908cf1ab7882957a911611b

This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a
subclass of the platform's OpenSSLSocketImpl in order to support old
code that does casts to the platform OpenSSLSocketImpl in order to set
things like SNI.

Until KK the platform OpenSSLSocketImpl was
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became
com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform
HTTP stack no longer casts to the platform OpenSSLSocketImpl and this
work around is not needed on those devices.

Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0

Change-Id: Ia19450f2b9e9d396b88ccb96384224518def6ef3

OpenSSL flavor of Conscrypt still uses the dynamic engine, so don't
directly depend on the library since it will be in the SSL ENGINE
directory in /system/lib{64,}/ssl/engines

Bug: 19698929
Change-Id: Id7e3f6ffaca2073a016db546e1014d50ef4ad0db

I had these in my local client and didn't notice until now.

Change-Id: I9c61447691d358acbaadb9b9a2f068b4106d266c

Change-Id: I96a0ee6b51736aa842055dc17750c1d565f19174

Change-Id: I979ecd044d85c757c2b8a88fbd97201e75c19cdc

Change-Id: I9234e649a910408cff9f9d33008642e0c8334276

This is quite a substantial change because of the changes to ENGINEs in
BoringSSL.

For the most part, #ifs are used to allow the code to work with either
OpenSSL or BoringSSL. However, in several places, support for things
that BoringSSL is dropping have been removed, even when OpenSSL is used.
This includes DSA keys and tests for the ENGINE bits that are going away
because it's unclear how to skip compiling those tests.

Change-Id: I941a5ed232391f84b45e070c19d2ffb7ad162b7b

Bug: 18158015
Change-Id: I163ce8c755d217741439d40f334d86f545f89aee

Bug: 14298175
Change-Id: I5035075f2453b692f86fff8fe852c954698e40ed

This is mostly useful for unbundled Conscrypt currently when working
with KeyChain-based keys, but could be good for use with PKCS11-like
keys in other JSSE providers.

Bug: 15469749
Change-Id: I56bf2eaf3228bdf42d671437f4fffdafb8b47b12

Change-Id: Ie0d9f83e366c0b99994eb861ae567d454cbbea5b

Switch host build to clang as conscrypt uses C++11 and not all GCC
host compilers support it.

Bug: 13751317
Change-Id: I74ffdda695e47967b61a133c8b6fc52f6547a3a0

To aid in building Conscrypt with gradle, move the platform-only files
out to a separate directory.

Change-Id: I8f07959055261f6b9f2a0ac26dea2f6431d9edbe

Don't build the host JNI library in an unbundled build since it's only
needed for testing currently.

Change-Id: I6b6003e86d9f6ff2d87431f156f4984f56592791

This allows us to create a gradle library that people can include.

Change-Id: I7f845ae0738b8d414781a34fef6bc28bebebb994

This reverts commit ec9c6dc1.

Change-Id: Icfdeec757357a7449640198548963d2095d8cf92

Re-arrange Java library compilation to allow reuse of previous
compilations which speeds up the overall compilation by a bit.

Change-Id: I7ec172dd8ca2450d26ecec2a5dae13de5c00299b

This is the first pass at getting Conscrypt to compile standalone. It
works fine in apps currently. There are a few TODOs to fix.

Change-Id: I9b43ba12c55e04c8897ccacf38979ca671a55a26

Use the new BUILD_HOST_DALVIK_JAVA_LIBRARY rule instead.

(cherry picked from commit 44419837)

Change-Id: Ib126703f927c0f6e7f8c3746ff7348864aa49a39

Use the new BUILD_HOST_DALVIK_JAVA_LIBRARY rule instead.

Change-Id: I05850d36c90a5646e5c1f6c69842dcb6f071527b

This reverts commit 47af0857.

Change-Id: I1096e1bebc11aae36df359cf39ceec4a2367afbd

Change-Id: Ic6d1d787a3e22deca8b2cd4a52e443d06391243e

Remove some dependencies on makefile orders from other libcore files.

Change-Id: Iff62a2aebf3b58227fbe3157371c85c33f2db097

Change-Id: I6c12a0e038a86b186b5d88b9f0ff28b8480b4aed