GitLab

* commit 'f24ba062':
  Add ability to wrap platform keys

This is mostly useful for unbundled Conscrypt currently when working
with KeyChain-based keys, but could be good for use with PKCS11-like
keys in other JSSE providers.

Bug: 15469749
Change-Id: I56bf2eaf3228bdf42d671437f4fffdafb8b47b12

* commit 'ba94b3df':
  Build conscrypt_unbundled using Gradle

* commit '47e40a5c':
  Move FileClientSessionCache to main directory

Change-Id: I96ae5539b6195ccbeb92af1beb7e78660ef757a1

Change-Id: I282c701b191d68bc4dcfa390505968f97a5c7d3c

* commit 'cc58989f':
  Remove deprecated WITH_HOST_DALVIK.

* commit 'fee2d0f1':
  Add more debugging for getting methods

When JNI registration fails, we should log it immediately to help
with debugging. Otherwise, it will tell you that you called a JNI
function with an exception pending.

Change-Id: I7cbba4d6639265a79a9d043d120f1a2bf72a85f7

Switch host build to clang as conscrypt uses C++11 and not all GCC
host compilers support it.

Bug: 13751317
Change-Id: I74ffdda695e47967b61a133c8b6fc52f6547a3a0

* commit 'ff12765d':
  Make default user CA storage location configurable

Allows overriding the defaults in misc/keychain/ with different
defaults, for example when the whole process uses another directory
and this needs to be reflected in every new TrustedCertificateStore
that is created.

Change-Id: I22db18178600668053a17517e9b47eef7b9be5ed

* commit 'f92e61e2':
  Move platform-only files out to separate directory

To aid in building Conscrypt with gradle, move the platform-only files
out to a separate directory.

Change-Id: I8f07959055261f6b9f2a0ac26dea2f6431d9edbe

* commit 'd02e2ac5':
  Unbundle conscrypt

* commit '4ccb72fd':
  Unbundle conscrypt

Don't build the host JNI library in an unbundled build since it's only
needed for testing currently.

Change-Id: I6b6003e86d9f6ff2d87431f156f4984f56592791

* commit '55426153':
  Add script to create prebuilts

* commit 'c0eda49f':
  Add script to create prebuilts

This allows us to create a gradle library that people can include.

Change-Id: I7f845ae0738b8d414781a34fef6bc28bebebb994

* commit '0a75f93f':
  Expose support for TLS-PSK.

* commit '01cce891':
  Expose support for TLS-PSK.

* commit 'be4a8f5b':
  Revert "Speed up conscrypt compile a bit"

* commit '1cfba2bc':
  Revert "Speed up conscrypt compile a bit"

* commit 'b2774e36':
  Speed up conscrypt compile a bit

* commit '3f2228d7':
  Unbundle: hacks to let Conscrypt compile standalone

TLS-PSK (Pre-Shared Key) is a set of TLS/SSL cipher suites that use
symmetric (pre-shared) keys for mutual authentication of peers. These
cipher suites are in some scenarios more suitable than those based on
public key cryptography and X.509. See RFC 4279 (Pre-Shared Key
Ciphersuites for Transport Layer Security (TLS)) for more information.

OpenSSL currently supports only the following PSK cipher suites:
* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_ECDHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_3DES_EDE_CBC_SHA
* TLS_PSK_WITH_AES_128_CBC_SHA
* TLS_PSK_WITH_AES_256_CBC_SHA
* TLS_PSK_WITH_RC4_128_SHA

The last four cipher suites mutually authenticate the peers and
secure the connection using a pre-shared symmetric key. These cipher
suites do not provide Forward Secrecy -- once the pre-shared key is
compromised, all previous communications secured with that key can be
decrypted. The first two cipher suites combine the pre-shared
symmetric key with an ephemeral key obtained from an ECDH key
exchange performed during the TLS/SSL handshake, thus providing
Forward Secrecy.

Users of TLS-PSK are expected to provide an implementation of
PSKKeyManager to SSLContext.init and then enable at least one PSK
cipher suite in SSLSocket/SSLEngine.

Bug: 15073623
Change-Id: I8e59264455f980f23a5e66099c27b5b4d932b9bb

* commit 'ec9c6dc1':
  Speed up conscrypt compile a bit

* commit '3e46e4ee':
  Unbundle: hacks to let Conscrypt compile standalone

This reverts commit ec9c6dc1.

Change-Id: Icfdeec757357a7449640198548963d2095d8cf92

Re-arrange Java library compilation to allow reuse of previous
compilations which speeds up the overall compilation by a bit.

Change-Id: I7ec172dd8ca2450d26ecec2a5dae13de5c00299b

This is the first pass at getting Conscrypt to compile standalone. It
works fine in apps currently. There are a few TODOs to fix.

Change-Id: I9b43ba12c55e04c8897ccacf38979ca671a55a26

* commit '5334b797':
  X509Certificate: add some context to thrown exceptions

* commit 'f6aeba08':
  X509Certificate: add some context to thrown exceptions

* commit '5934ada9':
  NativeCryptoTest: fix shutdown test

* commit '81c66678':
  NativeCryptoTest: fix shutdown test