- 01 Sep, 2016 1 commit
-
-
Kenny Root authored
This reverts commit 05d75f8c. This breaks the MacOS SDK build because it wants <cstdlib> for NULL in UniquePtr.h Change-Id: I3d35633b12e8f6329e87b26a16de0262028e2d29
-
- 31 Aug, 2016 1 commit
-
-
Kenny Root authored
This doesn't appear to be needed and it builds and runs just fine without it. Test: mmma -j32 external/conscrypt; find out/ -name '*.apk' -exec rm {} \;; make -j32 Change-Id: I4a50d5e8f5866f93a439105b7706d7f8add776f5
-
- 10 Aug, 2016 1 commit
-
-
Kenny Root authored
Change OpenSSLSessionImpl#getStatusResponses() to return an empty list instead of null. This matches the assumption of the serializing code in AbstractSessionContext. Add a test to make sure that serializing a trivial OpenSSLSessionImpl instance completes without throwing an exception. Test: cts-tradefed run cts -d -p android.core.tests.libcore.package.conscrypt Bug: 30751283 Change-Id: If4c3e6a99c080fb3a0fd527c86a5ee8972475718
-
- 29 Jul, 2016 1 commit
-
-
Kenny Root authored
A significant amount of code was dedicated to maintaining backward compatibility with OpenSSL. However, compatibility will no longer be maintained for several reasons: * BoringSSL does not have ENGINE functionality and testing it is difficult because another version must be compiled against OpenSSL. Moreover, AndroidKeyStore Provider has taken over keystore functionality since M release resulting in dead code. * Secure defaults such as deterministic EC signatures are part of BoringSSL so extra JNI calls do not need to be made for them. * A not insignificant number of lines of code were dedicated to maintaining compatibility with OpenSSL resulting in empty JNI functions. Removing these functions results in a speed-up because there will be fewer JNI transitions to call these useless functions when using BoringSSL. Since AndroidKeyStore functionality has been moved, this change also removes all references to keystore functionality even for BoringSSL (i.e., EVP_PKEY_from_keystore). Test: vogar --mode host libcore/luni/src/test/java/libcore/java/security/*Test.java libcore/luni/src/test/java/libcore/javax/crypto/*Test.java libcore/luni/src/test/java/libcore/javax/net/ssl/*Test.javIa Change-Id: I304e0f2c882c313753b0e9327c6293385fd6794b
-
- 21 Jul, 2016 1 commit
-
-
Dan Willemsen authored
There's no need to use a different name for target and host moudles. In Soong, it's better to use the same for both, as target and host modules can be defined at the same time. Change-Id: I899084e7361953d1fe122f56feab2a032d1b27d1
-
- 17 Jun, 2016 1 commit
-
-
Alex Klyubin authored
This improves the speed of computing a digest, a MAC, or a signature over a small region of a large byte[] on OpenJDK based VMs. Conscrypt's code prior to this CL obtained the reference to the native bytes by indexing into the result of JNI GetByteArrayElements. On ART/Davlik this avoids creating copies (for 12 kB and larger arrays) whereas on OpenJDK based VMs this always creates a copy of all the elements of the array, which is not efficient and leads to noticeable slowdowns when processing small fractions of the byte array as input. This commit makes Conscrypt's evpUpdate choose a strategy ( GetByteArrayElements vs GetByteArrayRegion) based on whether the VM's GetByteArrayElements is expected to create a copy of the array. This guess is hard-coded for each target: platform, compat, and OpenJDK. Bug: 27461702 Change-Id: I4ac1013b29e3d166a3f13fffebf662b02351684f
-
- 12 Apr, 2016 1 commit
-
-
Shinichiro Hamaji authored
Conscrypt JNI library for host OpenJDK should never attempt to dlopen libjavacore.so. Bug: 27954979 Change-Id: Ib8a5795ca22edde4b22576f1bd8eab182df1349d
-
- 04 Mar, 2016 1 commit
-
-
Kenny Root authored
Use -XDignore.symbol.file to suppress some internal API warnings that print from the use of AlgorithmId. Bug: 27457427 Change-Id: Ic49e2ed4f3f473d1d7d2dd8c813147040f207481
-
- 22 Feb, 2016 1 commit
-
-
Neil Fuller authored
The default is changing to v52 (1.8). The build for this package uses jarjar to repackage .class files. The version of jarjar in the Android tree does not currently support v52 .class files. Bug: 26753820 (cherry picked from commit e48fd1d9) Change-Id: Ie36f551e0ce41a1c5e27000e265529a2dbd5e96d
-
- 16 Feb, 2016 1 commit
-
-
Neil Fuller authored
The default is changing to v52 (1.8). The build for this package uses jarjar to repackage .class files. The version of jarjar in the Android tree does not currently support v52 .class files. Bug: 26753820 Change-Id: Id15d7a9b7dc7e32d516b259b34f96430e34a44fc
-
- 21 Jan, 2016 1 commit
-
-
Kenny Root authored
This was only a hack to support old Harmony code, so we don't need it anymore. Remove the direct references to AlgNameMapper and use reflection for compatibility in unbundled code. Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6
-
- 22 Dec, 2015 2 commits
-
-
Kenny Root authored
Unbreak the build by filtering it out temporarily until it can be placed in the correct dircectory. (cherry picked from commit a2a0e05c) Change-Id: I8fb43bd92d62ef640f94152612cefceeba475e98
-
Piotr Jastrzebski authored
(cherry picked from commit 69766952) Change-Id: I584aa770a496f433f1d5fbba579ca477bfa2ef19
-
- 11 Dec, 2015 1 commit
-
-
Kenny Root authored
Sanitization currently makes this library reference symbols which cannot be resolved at runtime without additional magic when starting the JVM. Disable this until we can find a fix. This currently fails with: libconscrypt_openjdk_jni.so: undefined symbol: __asan_option_detect_stack_use_after_return at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965) at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890) at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1880) at java.lang.Runtime.loadLibrary0(Runtime.java:849) at java.lang.System.loadLibrary(System.java:1088) at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:25) at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:54) at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34) at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119) at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220) at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216) at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94) at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) at com.android.signapk.SignApk.readPublicKey(SignApk.java:161) at com.android.signapk.SignApk.main(SignApk.java:933) Bug: 26160319 Change-Id: Icd5ffb49eb5610552af0dd049db99a0b9f181cba
-
- 10 Dec, 2015 1 commit
-
-
Alex Klyubin authored
This statically links in BoringSSL and libc++ into Conscrypt's JNI OpenJDK shared library for host. The goal is to make the library as self-contained as feasible to avoid issues with shared library search path when the library is used outside of the Android source tree. Bug: 26097626 Change-Id: I3d1b521ad11a0f88ec46d8a7382c14ffdfd44e2e
-
- 08 Dec, 2015 2 commits
-
-
Kenny Root authored
Unbreak the build by filtering it out temporarily until it can be placed in the correct dircectory. Change-Id: Idf22faae52e71bb02b09ebb19d36eff1b8befc5e
-
Kenny Root authored
This builds conscrypt enough that signapk can start using it during the build process to speed up its signing process and use RSA PSS. Change-Id: Ic54baa286a9559bf19e14697042f28d180f58e04
-
- 03 Dec, 2015 1 commit
-
-
Colin Cross authored
conscrypt does not use STL, but gets libc++.so linked in by default. Unbundled branches might not have libc++.so, so opt-out of STL. Change-Id: I8c1e58a821b1d5c4c9aacfe34d605b27a105973b
-
- 20 Nov, 2015 1 commit
-
-
Piotr Jastrzebski authored
Change-Id: I5f8b80c027f72af2af9aeab74a8c29adaf43c5f7
-
- 05 Nov, 2015 1 commit
-
-
Dan Albert authored
Bug: http://b/22403888 Change-Id: Iac28f3da6a185e63a9190e6ca9223836cf3103ed
-
- 30 Sep, 2015 1 commit
-
-
Kenny Root authored
Change-Id: I2908fc4f7146a6c70309b41a5290434f3efdc9ba
-
- 16 Sep, 2015 1 commit
-
-
Paul Lietar authored
The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned. The use case for this is recreating the TBS component of a Precertificate as described by RFC6962 section 3.2. Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722
-
- 27 Apr, 2015 1 commit
-
-
Yohann Roussel authored
This reverts commit eaa28762. The workaround is not needed any more. Change-Id: I2fe42548af399bac943dddf5207987c980cf8f7e
-
- 24 Apr, 2015 1 commit
-
-
Adam Langley authored
NativeConstants.java is generated by a C program and thus the values will automatically be kept in sync with the contents of the OpenSSL headers. Bug: 20521989 Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
-
- 23 Apr, 2015 1 commit
-
-
Kenny Root authored
It should build against the SDK so it doesn't depend on a bunch of stuff unavailable in an unbundled build scenario. Change-Id: Ib1c2bd90585ea5823c3e5cf2a3e1efed815f2f23
-
- 22 Apr, 2015 1 commit
-
-
Chad Brubaker authored
This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a subclass of the platform's OpenSSLSocketImpl in order to support old code that does casts to the platform OpenSSLSocketImpl in order to set things like SNI. Until KK the platform OpenSSLSocketImpl was org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform HTTP stack no longer casts to the platform OpenSSLSocketImpl and this work around is not needed on those devices. Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0
-
- 09 Apr, 2015 1 commit
-
-
Yohann Roussel authored
This is a temporary workround to avoid intermittent failure on build server for ub-conscrypt Bug: 20132430 Change-Id: I781fb968ed7d0f40f908cf1ab7882957a911611b
-
- 07 Apr, 2015 1 commit
-
-
Chad Brubaker authored
This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a subclass of the platform's OpenSSLSocketImpl in order to support old code that does casts to the platform OpenSSLSocketImpl in order to set things like SNI. Until KK the platform OpenSSLSocketImpl was org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform HTTP stack no longer casts to the platform OpenSSLSocketImpl and this work around is not needed on those devices. Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0
-
- 31 Mar, 2015 1 commit
-
-
Colin Cross authored
Change-Id: Ia19450f2b9e9d396b88ccb96384224518def6ef3
-
- 11 Mar, 2015 1 commit
-
-
Kenny Root authored
OpenSSL flavor of Conscrypt still uses the dynamic engine, so don't directly depend on the library since it will be in the SSL ENGINE directory in /system/lib{64,}/ssl/engines Bug: 19698929 Change-Id: Id7e3f6ffaca2073a016db546e1014d50ef4ad0db
-
- 25 Feb, 2015 1 commit
-
-
Adam Langley authored
I had these in my local client and didn't notice until now. Change-Id: I9c61447691d358acbaadb9b9a2f068b4106d266c
-
- 30 Jan, 2015 1 commit
-
-
Adam Langley authored
Change-Id: I96a0ee6b51736aa842055dc17750c1d565f19174
-
- 17 Dec, 2014 1 commit
-
-
Elliott Hughes authored
Change-Id: I979ecd044d85c757c2b8a88fbd97201e75c19cdc
-
- 24 Nov, 2014 1 commit
-
-
Kenny Root authored
Change-Id: I9234e649a910408cff9f9d33008642e0c8334276
-
- 19 Nov, 2014 1 commit
-
-
Adam Langley authored
This is quite a substantial change because of the changes to ENGINEs in BoringSSL. For the most part, #ifs are used to allow the code to work with either OpenSSL or BoringSSL. However, in several places, support for things that BoringSSL is dropping have been removed, even when OpenSSL is used. This includes DSA keys and tests for the ENGINE bits that are going away because it's unclear how to skip compiling those tests. Change-Id: I941a5ed232391f84b45e070c19d2ffb7ad162b7b
-
- 28 Oct, 2014 1 commit
-
-
Elliott Hughes authored
Bug: 18158015 Change-Id: I163ce8c755d217741439d40f334d86f545f89aee
-
- 19 Jun, 2014 1 commit
-
-
Brian Carlstrom authored
Bug: 14298175 Change-Id: I5035075f2453b692f86fff8fe852c954698e40ed
-
- 11 Jun, 2014 1 commit
-
-
Kenny Root authored
This is mostly useful for unbundled Conscrypt currently when working with KeyChain-based keys, but could be good for use with PKCS11-like keys in other JSSE providers. Bug: 15469749 Change-Id: I56bf2eaf3228bdf42d671437f4fffdafb8b47b12
-
- 13 Jun, 2014 1 commit
-
-
Justin Morey authored
Change-Id: Ie0d9f83e366c0b99994eb861ae567d454cbbea5b
-
- 09 Jun, 2014 1 commit
-
-
Ian Rogers authored
Switch host build to clang as conscrypt uses C++11 and not all GCC host compilers support it. Bug: 13751317 Change-Id: I74ffdda695e47967b61a133c8b6fc52f6547a3a0
-