GitLab

This allows the tests to be run with vogar again after the native
library loading change from oh-so-long ago. Since the test names are
jarjar'd as well, it must be specified as a class name and not a source
file.

Test: vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/conscrypt-tests-hostdex_intermediates/classes.jack com.android.org.conscrypt.NativeCryptoTest
Change-Id: I67b4fad3b04a68fb96beb99eb14bcd1e9076085c

This is basically a regex substitution change with minimnal renames just
to convert to JUnit4. Further JUnit4-isms will come in subsequent
changes.

Test: cts-tradefed run cts -m CtsLibcoreTestCases -a arm64-v8a
Change-Id: Icb6aedc3acee31d62750132bbe8eeaf9150bd3c0

The unbundled builds of these libraries can be compiled with Soong, but
the platform versions have a dependency on libcore for "libjavacore"
without which it can't be converted yet.

Test: make -j32
Change-Id: Ieb157fa416433d5ed3d7a82c81dd576c1063dbee

Test: mmma -j32 external/conscrypt
Change-Id: Ic0095be8c15839746925d16255787851f9388e4b

Nothing depends on this anymore.

Test: check files output before and after change
Test: sha256sum ${ANDROID_PRODUCT_OUT}/system/lib/libjavacrypto.so ${ANDROID_PRODUCT_OUT}/system/lib64/libjavacrypto.so
Bug: 31464605
Change-Id: Ie884660d019a5eb917b6a9349fb7ddf9c69c998e

Eclipse expects files to be in a subdirectory that matches their package
name. In this case the package is "org.conscrypt" so the generated .java
file should move to the directory "org/conscrypt/" to satisfy Eclipse.

Test: make -j32
Change-Id: Ic5ca1a84d302614b6ff2382636488314a0714843

Use libc++'s implementation of std::unique_ptr instead of our own
internal version. Also get rid of the GCC-only extension of typeof and
replace it with the C++11 equivalent decltype.

Target system binaries do not change size or shrink by a couple bytes
with this switch.

Test: mmma -j32 external/conscrypt; find out/ -name '*.apk' -exec rm {} \;; make -j32; make -j32 build-art-host vogar; vogar --mode host --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-support-hostdex_intermediates/classes.jack --classpath out/host/common/obj/JAVA_LIBRARIES/core-tests-hostdex_intermediates/classes.jack libcore/luni/src/test/java/libcore/javax/net/ssl/SSLSocketTest.java
Change-Id: I8ffc3c9b3336cc1a8e43b816a07d0832e5344616

The linker prunes any unneeded symbols when you use
LOCAL_STATIC_LIBRARIES, but when you use LOCAL_WHOLE_STATIC_LIBRARIES it
tells the linker you don't want any pruning of the .a files to happen.
Since we only need what org_conscrypt_NativeCrypto.cpp calls, we can
use LOCAL_STATIC_LIBRARIES to allow the pruning to happen.

The order of the libraries in LOCAL_STATIC_LIBRARIES matters because if
a library earlier in the list has unresolved symbols, then the libraries
later in the list are checked to see if they have any of the unresolved
symbols.

Test: find out/ -name '*.apk' -exec rm {} \;; make -j32
Change-Id: I2fb27c5915d945a51bdf6c42f69174052f5bbe3c

This reverts commit f9804ba8.

MacOS SDK build breaks because it needs symbols _ZdaPv, _ZdlPv, _Znam, _Znwm,
__cxa_guard_acquire, and __cxa_guard_release which are symbols that are
included "for free" on Linux and Android.

Change-Id: I5aae4bd825f36142e1505416462c5fb7b0cd3647

This reverts commit d898bed6.

The underlying issue breaking the MacOS SDK build was resolved
by Change-Id I54929c7e5c05ec271925f5f3d1896df1661e9b59.

Change-Id: I332376794d1b80f0c4a78cb8304bece767397223

This reverts commit 05d75f8c.

This breaks the MacOS SDK build because it wants <cstdlib> for NULL in UniquePtr.h

Change-Id: I3d35633b12e8f6329e87b26a16de0262028e2d29

This doesn't appear to be needed and it builds and runs just fine
without it.

Test: mmma -j32 external/conscrypt; find out/ -name '*.apk' -exec rm {} \;; make -j32
Change-Id: I4a50d5e8f5866f93a439105b7706d7f8add776f5

Change OpenSSLSessionImpl#getStatusResponses() to return an empty list
instead of null. This matches the assumption of the serializing code in
AbstractSessionContext.

Add a test to make sure that serializing a trivial OpenSSLSessionImpl
instance completes without throwing an exception.

Test: cts-tradefed run cts -d -p android.core.tests.libcore.package.conscrypt
Bug: 30751283
Change-Id: If4c3e6a99c080fb3a0fd527c86a5ee8972475718

A significant amount of code was dedicated to maintaining backward
compatibility with OpenSSL. However, compatibility will no longer be
maintained for several reasons:

 * BoringSSL does not have ENGINE functionality and testing it is
   difficult because another version must be compiled against OpenSSL.
   Moreover, AndroidKeyStore Provider has taken over keystore
   functionality since M release resulting in dead code.

 * Secure defaults such as deterministic EC signatures are part of
   BoringSSL so extra JNI calls do not need to be made for them.

 * A not insignificant number of lines of code were dedicated to
   maintaining compatibility with OpenSSL resulting in empty JNI
   functions. Removing these functions results in a speed-up because
   there will be fewer JNI transitions to call these useless functions
   when using BoringSSL.

Since AndroidKeyStore functionality has been moved, this change also
removes all references to keystore functionality even for BoringSSL
(i.e., EVP_PKEY_from_keystore).

Test:
    vogar --mode host
    libcore/luni/src/test/java/libcore/java/security/*Test.java
    libcore/luni/src/test/java/libcore/javax/crypto/*Test.java
    libcore/luni/src/test/java/libcore/javax/net/ssl/*Test.javIa

Change-Id: I304e0f2c882c313753b0e9327c6293385fd6794b

There's no need to use a different name for target and host moudles. In
Soong, it's better to use the same for both, as target and host modules
can be defined at the same time.

Change-Id: I899084e7361953d1fe122f56feab2a032d1b27d1

This improves the speed of computing a digest, a MAC, or a signature
over a small region of a large byte[] on OpenJDK based VMs.
Conscrypt's code prior to this CL obtained the reference to the native
bytes by indexing into the result of JNI GetByteArrayElements. On
ART/Davlik this avoids creating copies (for 12 kB and larger arrays)
whereas on OpenJDK based VMs this always creates a copy of all the
elements of the array, which is not efficient and leads to noticeable
slowdowns when processing small fractions of the byte array as input.

This commit makes Conscrypt's evpUpdate choose a strategy (
GetByteArrayElements vs GetByteArrayRegion) based on whether the VM's
GetByteArrayElements is expected to create a copy of the array. This
guess is hard-coded for each target: platform, compat, and OpenJDK.

Bug: 27461702
Change-Id: I4ac1013b29e3d166a3f13fffebf662b02351684f

Conscrypt JNI library for host OpenJDK should never attempt
to dlopen libjavacore.so.

Bug: 27954979
Change-Id: Ib8a5795ca22edde4b22576f1bd8eab182df1349d

Use -XDignore.symbol.file to suppress some internal API warnings that
print from the use of AlgorithmId.

Bug: 27457427
Change-Id: Ic49e2ed4f3f473d1d7d2dd8c813147040f207481

The default is changing to v52 (1.8).

The build for this package uses jarjar to repackage .class files.

The version of jarjar in the Android tree does not currently
support v52 .class files.

Bug: 26753820
(cherry picked from commit e48fd1d9)

Change-Id: Ie36f551e0ce41a1c5e27000e265529a2dbd5e96d

The default is changing to v52 (1.8).

The build for this package uses jarjar to repackage .class files.

The version of jarjar in the Android tree does not currently
support v52 .class files.

Bug: 26753820
Change-Id: Id15d7a9b7dc7e32d516b259b34f96430e34a44fc

This was only a hack to support old Harmony code, so we don't need it
anymore. Remove the direct references to AlgNameMapper and use
reflection for compatibility in unbundled code.

Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6

Unbreak the build by filtering it out temporarily until it can be placed
in the correct dircectory.

(cherry picked from commit a2a0e05c)

Change-Id: I8fb43bd92d62ef640f94152612cefceeba475e98

(cherry picked from commit 69766952)

Change-Id: I584aa770a496f433f1d5fbba579ca477bfa2ef19

Sanitization currently makes this library reference symbols which
cannot be resolved at runtime without additional magic when starting
the JVM.

Disable this until we can find a fix. This currently fails with:
libconscrypt_openjdk_jni.so: undefined symbol: __asan_option_detect_stack_use_after_return
	at java.lang.ClassLoader$NativeLibrary.load(Native Method)
	at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
	at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
	at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1880)
	at java.lang.Runtime.loadLibrary0(Runtime.java:849)
	at java.lang.System.loadLibrary(System.java:1088)
	at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:25)
	at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:54)
	at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34)
	at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119)
	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220)
	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216)
	at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94)
	at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272)
	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
	at com.android.signapk.SignApk.readPublicKey(SignApk.java:161)
	at com.android.signapk.SignApk.main(SignApk.java:933)

Bug: 26160319
Change-Id: Icd5ffb49eb5610552af0dd049db99a0b9f181cba

This statically links in BoringSSL and libc++ into Conscrypt's JNI
OpenJDK shared library for host. The goal is to make the library as
self-contained as feasible to avoid issues with shared library search
path when the library is used outside of the Android source tree.

Bug: 26097626
Change-Id: I3d1b521ad11a0f88ec46d8a7382c14ffdfd44e2e

Unbreak the build by filtering it out temporarily until it can be placed
in the correct dircectory.

Change-Id: Idf22faae52e71bb02b09ebb19d36eff1b8befc5e

This builds conscrypt enough that signapk can start using it during the
build process to speed up its signing process and use RSA PSS.

Change-Id: Ic54baa286a9559bf19e14697042f28d180f58e04

conscrypt does not use STL, but gets libc++.so linked in by default.
Unbundled branches might not have libc++.so, so opt-out of STL.

Change-Id: I8c1e58a821b1d5c4c9aacfe34d605b27a105973b

Change-Id: I5f8b80c027f72af2af9aeab74a8c29adaf43c5f7

Bug: http://b/22403888
Change-Id: Iac28f3da6a185e63a9190e6ca9223836cf3103ed

Change-Id: I2908fc4f7146a6c70309b41a5290434f3efdc9ba

The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned.
The use case for this is recreating the TBS component of a Precertificate as
described by RFC6962 section 3.2.

Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722

This reverts commit eaa28762.

The workaround is not needed any more.

Change-Id: I2fe42548af399bac943dddf5207987c980cf8f7e

NativeConstants.java is generated by a C program and thus the values
will automatically be kept in sync with the contents of the OpenSSL
headers.

Bug: 20521989
Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad

It should build against the SDK so it doesn't depend on a bunch of stuff
unavailable in an unbundled build scenario.

Change-Id: Ib1c2bd90585ea5823c3e5cf2a3e1efed815f2f23

This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a
subclass of the platform's OpenSSLSocketImpl in order to support old
code that does casts to the platform OpenSSLSocketImpl in order to set
things like SNI.

Until KK the platform OpenSSLSocketImpl was
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became
com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform
HTTP stack no longer casts to the platform OpenSSLSocketImpl and this
work around is not needed on those devices.

Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0

This is a temporary workround to avoid intermittent failure on
build server for ub-conscrypt

Bug: 20132430
Change-Id: I781fb968ed7d0f40f908cf1ab7882957a911611b

This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a
subclass of the platform's OpenSSLSocketImpl in order to support old
code that does casts to the platform OpenSSLSocketImpl in order to set
things like SNI.

Until KK the platform OpenSSLSocketImpl was
org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became
com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform
HTTP stack no longer casts to the platform OpenSSLSocketImpl and this
work around is not needed on those devices.

Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0

Change-Id: Ia19450f2b9e9d396b88ccb96384224518def6ef3

OpenSSL flavor of Conscrypt still uses the dynamic engine, so don't
directly depend on the library since it will be in the SSL ENGINE
directory in /system/lib{64,}/ssl/engines

Bug: 19698929
Change-Id: Id7e3f6ffaca2073a016db546e1014d50ef4ad0db