1. 01 Sep, 2016 1 commit
  2. 31 Aug, 2016 1 commit
    • Kenny Root's avatar
      Remove libc++_static from OpenJDK host module · 05d75f8c
      Kenny Root authored
      This doesn't appear to be needed and it builds and runs just fine
      without it.
      
      Test: mmma -j32 external/conscrypt; find out/ -name '*.apk' -exec rm {} \;; make -j32
      Change-Id: I4a50d5e8f5866f93a439105b7706d7f8add776f5
      05d75f8c
  3. 10 Aug, 2016 1 commit
    • Kenny Root's avatar
      Return an empty list when no OCSP reponses received · f46f6cf2
      Kenny Root authored
      Change OpenSSLSessionImpl#getStatusResponses() to return an empty list
      instead of null. This matches the assumption of the serializing code in
      AbstractSessionContext.
      
      Add a test to make sure that serializing a trivial OpenSSLSessionImpl
      instance completes without throwing an exception.
      
      Test: cts-tradefed run cts -d -p android.core.tests.libcore.package.conscrypt
      Bug: 30751283
      Change-Id: If4c3e6a99c080fb3a0fd527c86a5ee8972475718
      f46f6cf2
  4. 29 Jul, 2016 1 commit
    • Kenny Root's avatar
      Remove all obsolete OpenSSL code · 597fd4e4
      Kenny Root authored
      A significant amount of code was dedicated to maintaining backward
      compatibility with OpenSSL. However, compatibility will no longer be
      maintained for several reasons:
      
       * BoringSSL does not have ENGINE functionality and testing it is
         difficult because another version must be compiled against OpenSSL.
         Moreover, AndroidKeyStore Provider has taken over keystore
         functionality since M release resulting in dead code.
      
       * Secure defaults such as deterministic EC signatures are part of
         BoringSSL so extra JNI calls do not need to be made for them.
      
       * A not insignificant number of lines of code were dedicated to
         maintaining compatibility with OpenSSL resulting in empty JNI
         functions. Removing these functions results in a speed-up because
         there will be fewer JNI transitions to call these useless functions
         when using BoringSSL.
      
      Since AndroidKeyStore functionality has been moved, this change also
      removes all references to keystore functionality even for BoringSSL
      (i.e., EVP_PKEY_from_keystore).
      
      Test:
          vogar --mode host
          libcore/luni/src/test/java/libcore/java/security/*Test.java
          libcore/luni/src/test/java/libcore/javax/crypto/*Test.java
          libcore/luni/src/test/java/libcore/javax/net/ssl/*Test.javIa
      
      Change-Id: I304e0f2c882c313753b0e9327c6293385fd6794b
      597fd4e4
  5. 21 Jul, 2016 1 commit
    • Dan Willemsen's avatar
      Rename lib{crypto,ssl}-host to lib{crypto,ssl} · ab5f93cf
      Dan Willemsen authored
      There's no need to use a different name for target and host moudles. In
      Soong, it's better to use the same for both, as target and host modules
      can be defined at the same time.
      
      Change-Id: I899084e7361953d1fe122f56feab2a032d1b27d1
      ab5f93cf
  6. 17 Jun, 2016 1 commit
    • Alex Klyubin's avatar
      Faster evpUpdate for small region of large byte[]. · e9b2cd57
      Alex Klyubin authored
      This improves the speed of computing a digest, a MAC, or a signature
      over a small region of a large byte[] on OpenJDK based VMs.
      Conscrypt's code prior to this CL obtained the reference to the native
      bytes by indexing into the result of JNI GetByteArrayElements. On
      ART/Davlik this avoids creating copies (for 12 kB and larger arrays)
      whereas on OpenJDK based VMs this always creates a copy of all the
      elements of the array, which is not efficient and leads to noticeable
      slowdowns when processing small fractions of the byte array as input.
      
      This commit makes Conscrypt's evpUpdate choose a strategy (
      GetByteArrayElements vs GetByteArrayRegion) based on whether the VM's
      GetByteArrayElements is expected to create a copy of the array. This
      guess is hard-coded for each target: platform, compat, and OpenJDK.
      
      Bug: 27461702
      Change-Id: I4ac1013b29e3d166a3f13fffebf662b02351684f
      e9b2cd57
  7. 12 Apr, 2016 1 commit
  8. 04 Mar, 2016 1 commit
    • Kenny Root's avatar
      Suppress some warnings in host build · 3880212f
      Kenny Root authored
      Use -XDignore.symbol.file to suppress some internal API warnings that
      print from the use of AlgorithmId.
      
      Bug: 27457427
      Change-Id: Ic49e2ed4f3f473d1d7d2dd8c813147040f207481
      3880212f
  9. 22 Feb, 2016 1 commit
    • Neil Fuller's avatar
      Force conscrypt to continue to use v51 (1.7) .class files · 53d42116
      Neil Fuller authored
      The default is changing to v52 (1.8).
      
      The build for this package uses jarjar to repackage .class files.
      
      The version of jarjar in the Android tree does not currently
      support v52 .class files.
      
      Bug: 26753820
      (cherry picked from commit e48fd1d9)
      
      Change-Id: Ie36f551e0ce41a1c5e27000e265529a2dbd5e96d
      53d42116
  10. 16 Feb, 2016 1 commit
    • Neil Fuller's avatar
      Force conscrypt to continue to use v51 (1.7) .class files · e48fd1d9
      Neil Fuller authored
      The default is changing to v52 (1.8).
      
      The build for this package uses jarjar to repackage .class files.
      
      The version of jarjar in the Android tree does not currently
      support v52 .class files.
      
      Bug: 26753820
      Change-Id: Id15d7a9b7dc7e32d516b259b34f96430e34a44fc
      e48fd1d9
  11. 21 Jan, 2016 1 commit
    • Kenny Root's avatar
      Get rid of AlgNameMapper · d31ede7b
      Kenny Root authored
      This was only a hack to support old Harmony code, so we don't need it
      anymore. Remove the direct references to AlgNameMapper and use
      reflection for compatibility in unbundled code.
      
      Change-Id: I7ec14f19e5098ffe12592b79b2b163b41031b6e6
      d31ede7b
  12. 22 Dec, 2015 2 commits
  13. 11 Dec, 2015 1 commit
    • Kenny Root's avatar
      Do not sanitize the host JNI library · 45c6c990
      Kenny Root authored
      Sanitization currently makes this library reference symbols which
      cannot be resolved at runtime without additional magic when starting
      the JVM.
      
      Disable this until we can find a fix. This currently fails with:
      libconscrypt_openjdk_jni.so: undefined symbol: __asan_option_detect_stack_use_after_return
      	at java.lang.ClassLoader$NativeLibrary.load(Native Method)
      	at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1965)
      	at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1890)
      	at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1880)
      	at java.lang.Runtime.loadLibrary0(Runtime.java:849)
      	at java.lang.System.loadLibrary(System.java:1088)
      	at org.conscrypt.NativeCryptoJni.init(NativeCryptoJni.java:25)
      	at org.conscrypt.NativeCrypto.<clinit>(NativeCrypto.java:54)
      	at org.conscrypt.OpenSSLBIOInputStream.<init>(OpenSSLBIOInputStream.java:34)
      	at org.conscrypt.OpenSSLX509Certificate.fromX509PemInputStream(OpenSSLX509Certificate.java:119)
      	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:220)
      	at org.conscrypt.OpenSSLX509CertificateFactory$1.fromX509PemInputStream(OpenSSLX509CertificateFactory.java:216)
      	at org.conscrypt.OpenSSLX509CertificateFactory$Parser.generateItem(OpenSSLX509CertificateFactory.java:94)
      	at org.conscrypt.OpenSSLX509CertificateFactory.engineGenerateCertificate(OpenSSLX509CertificateFactory.java:272)
      	at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
      	at com.android.signapk.SignApk.readPublicKey(SignApk.java:161)
      	at com.android.signapk.SignApk.main(SignApk.java:933)
      
      Bug: 26160319
      Change-Id: Icd5ffb49eb5610552af0dd049db99a0b9f181cba
      45c6c990
  14. 10 Dec, 2015 1 commit
    • Alex Klyubin's avatar
      Self-contained host native shared library for OpenJDK. · 0ce8205b
      Alex Klyubin authored
      This statically links in BoringSSL and libc++ into Conscrypt's JNI
      OpenJDK shared library for host. The goal is to make the library as
      self-contained as feasible to avoid issues with shared library search
      path when the library is used outside of the Android source tree.
      
      Bug: 26097626
      Change-Id: I3d1b521ad11a0f88ec46d8a7382c14ffdfd44e2e
      0ce8205b
  15. 08 Dec, 2015 2 commits
    • Kenny Root's avatar
      AlgNameMapper was placed in the wrong dir · a2a0e05c
      Kenny Root authored
      Unbreak the build by filtering it out temporarily until it can be placed
      in the correct dircectory.
      
      Change-Id: Idf22faae52e71bb02b09ebb19d36eff1b8befc5e
      a2a0e05c
    • Kenny Root's avatar
      Add makefile rules for conscrypt-host · b862e141
      Kenny Root authored
      This builds conscrypt enough that signapk can start using it during the
      build process to speed up its signing process and use RSA PSS.
      
      Change-Id: Ic54baa286a9559bf19e14697042f28d180f58e04
      b862e141
  16. 03 Dec, 2015 1 commit
    • Colin Cross's avatar
      Opt-out of STL · 0a01703e
      Colin Cross authored
      conscrypt does not use STL, but gets libc++.so linked in by default.
      Unbundled branches might not have libc++.so, so opt-out of STL.
      
      Change-Id: I8c1e58a821b1d5c4c9aacfe34d605b27a105973b
      0a01703e
  17. 20 Nov, 2015 1 commit
  18. 05 Nov, 2015 1 commit
  19. 30 Sep, 2015 1 commit
  20. 16 Sep, 2015 1 commit
    • Paul Lietar's avatar
      Add method to delete extension from a certificate · 64c85650
      Paul Lietar authored
      The OpenSSLX509Certificate is still immutable. Instead a modified copy is returned.
      The use case for this is recreating the TBS component of a Precertificate as
      described by RFC6962 section 3.2.
      
      Change-Id: I2a9305ae7464642910decaf5ab46121a6f15d722
      64c85650
  21. 27 Apr, 2015 1 commit
  22. 24 Apr, 2015 1 commit
    • Adam Langley's avatar
      external/conscrypt: add NativeConstants. · f79c90d5
      Adam Langley authored
      NativeConstants.java is generated by a C program and thus the values
      will automatically be kept in sync with the contents of the OpenSSL
      headers.
      
      Bug: 20521989
      Change-Id: Ib5a97bf6ace05988e3eef4a9c8e02d0f707d46ad
      f79c90d5
  23. 23 Apr, 2015 1 commit
    • Kenny Root's avatar
      Fix conscrypt-stubs target · 7cb0a4a1
      Kenny Root authored
      It should build against the SDK so it doesn't depend on a bunch of stuff
      unavailable in an unbundled build scenario.
      
      Change-Id: Ib1c2bd90585ea5823c3e5cf2a3e1efed815f2f23
      7cb0a4a1
  24. 22 Apr, 2015 1 commit
    • Chad Brubaker's avatar
      Add Platform adapter around unbundled conscrypt · 62190cd4
      Chad Brubaker authored
      This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a
      subclass of the platform's OpenSSLSocketImpl in order to support old
      code that does casts to the platform OpenSSLSocketImpl in order to set
      things like SNI.
      
      Until KK the platform OpenSSLSocketImpl was
      org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became
      com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform
      HTTP stack no longer casts to the platform OpenSSLSocketImpl and this
      work around is not needed on those devices.
      
      Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0
      62190cd4
  25. 09 Apr, 2015 1 commit
    • Yohann Roussel's avatar
      Don't use Jack embedded library · eaa28762
      Yohann Roussel authored
      This is a temporary workround to avoid intermittent failure on
      build server for ub-conscrypt
      
      Bug: 20132430
      Change-Id: I781fb968ed7d0f40f908cf1ab7882957a911611b
      eaa28762
  26. 07 Apr, 2015 1 commit
    • Chad Brubaker's avatar
      Add Platform adapter around unbundled conscrypt · 0d8611cf
      Chad Brubaker authored
      This wraps the conscrypt OpenSSLSocketImpl with an adapter that is a
      subclass of the platform's OpenSSLSocketImpl in order to support old
      code that does casts to the platform OpenSSLSocketImpl in order to set
      things like SNI.
      
      Until KK the platform OpenSSLSocketImpl was
      org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl, in KK it became
      com.android.org.conscrypt.OpenSSLSocketImpl. As of L MR1 the platform
      HTTP stack no longer casts to the platform OpenSSLSocketImpl and this
      work around is not needed on those devices.
      
      Change-Id: I196ad957eabfc70246d9c01aa12855a8eab036f0
      0d8611cf
  27. 31 Mar, 2015 1 commit
  28. 11 Mar, 2015 1 commit
    • Kenny Root's avatar
      OpenSSL: remove bad dependency · aff9780b
      Kenny Root authored
      OpenSSL flavor of Conscrypt still uses the dynamic engine, so don't
      directly depend on the library since it will be in the SSL ENGINE
      directory in /system/lib{64,}/ssl/engines
      
      Bug: 19698929
      Change-Id: Id7e3f6ffaca2073a016db546e1014d50ef4ad0db
      aff9780b
  29. 25 Feb, 2015 1 commit
  30. 30 Jan, 2015 1 commit
  31. 17 Dec, 2014 1 commit
  32. 24 Nov, 2014 1 commit
  33. 19 Nov, 2014 1 commit
    • Adam Langley's avatar
      Allow conscrypt to work with BoringSSL. · de5225d1
      Adam Langley authored
      This is quite a substantial change because of the changes to ENGINEs in
      BoringSSL.
      
      For the most part, #ifs are used to allow the code to work with either
      OpenSSL or BoringSSL. However, in several places, support for things
      that BoringSSL is dropping have been removed, even when OpenSSL is used.
      This includes DSA keys and tests for the ENGINE bits that are going away
      because it's unclear how to skip compiling those tests.
      
      Change-Id: I941a5ed232391f84b45e070c19d2ffb7ad162b7b
      de5225d1
  34. 28 Oct, 2014 1 commit
  35. 19 Jun, 2014 1 commit
  36. 11 Jun, 2014 1 commit
    • Kenny Root's avatar
      Add ability to wrap platform keys · f24ba062
      Kenny Root authored
      This is mostly useful for unbundled Conscrypt currently when working
      with KeyChain-based keys, but could be good for use with PKCS11-like
      keys in other JSSE providers.
      
      Bug: 15469749
      Change-Id: I56bf2eaf3228bdf42d671437f4fffdafb8b47b12
      f24ba062
  37. 13 Jun, 2014 1 commit
  38. 09 Jun, 2014 1 commit
    • Ian Rogers's avatar
      Remove deprecated WITH_HOST_DALVIK. · 3a03c73b
      Ian Rogers authored
      Switch host build to clang as conscrypt uses C++11 and not all GCC
      host compilers support it.
      
      Bug: 13751317
      Change-Id: I74ffdda695e47967b61a133c8b6fc52f6547a3a0
      3a03c73b