[go: up one dir, main page]
Google Git
Sign in
android / platform / external / conscrypt / c26e60713035b52e123bdcc2fe5d69eb94a374f7
commitc26e60713035b52e123bdcc2fe5d69eb94a374f7[log] [tgz]
authorAdam Vartanian <flooey@google.com>Wed Feb 21 14:09:30 2018 +0000
committerandroid-build-team Robot <android-build-team-robot@google.com>Fri Apr 13 22:57:37 2018 +0000
tree72e2eca0d5299d9bab83a8ba8b6bc67f2ded2742
parent2529aecc2e670f358f00ec35f67ce0d1dccda279 [diff]
Fix SSLEngine bug with multiple heap buffer inputs.

When the SSLEngine overload that accepts an array of ByteBuffers is
called with heap buffers for both the source and destination, those
heap buffers are converted to direct buffers for passing to JNI by way
of copying them to a single temporary direct buffer.  A bug in the
reading of the encrypted data out of BoringSSL resulted in the data
being placed at the wrong offset of the temporary buffer, meaning that
the output data was prefixed in the worst case by the plaintext.

Bug: 73251618
Test: cts -m CtsLibcoreTestCases -t libcore.javax.net.ssl
Change-Id: I9b1a167f9a5ccd36d6da5cd1a14a80fb3cc73a1f
(cherry picked from commit 4a85e8dc865973bb4d0f960b63f67a75f3f8229f)
1 file changed
tree: 72e2eca0d5299d9bab83a8ba8b6bc67f2ded2742
  1. android/
  2. android-stub/
  3. api-doclet/
  4. benchmark-base/
  5. benchmark-graphs/
  6. benchmark-jmh/
  7. common/
  8. constants/
  9. gradle/
  10. libcore-stub/
  11. licenses/
  12. openjdk/
  13. openjdk-integ-tests/
  14. openjdk-uber/
  15. platform/
  16. testing/
  17. .clang-format
  18. .gitignore
  19. .travis.yml
  20. Android.bp
  21. Android.mk
  22. appveyor.yml
  23. build.gradle
  24. BUILDING.md
  25. CONTRIBUTING.md
  26. Dockerfile
  27. gradlew
  28. gradlew.bat
  29. jarjar-rules.txt
  30. LICENSE
  31. MODULE_LICENSE_APACHE2
  32. NOTICE
  33. OWNERS
  34. PREUPLOAD.cfg
  35. README.md
  36. RELEASING.md
  37. settings.gradle
README.md

Conscrypt - A Java Security Provider

Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographical primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK.

The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt similar performance.

Download

NOTE: This section is under construction! Artifacts have not yet been published to the public Maven repositories.

Download JARs

You can download the JARs directly from the Maven repositories.

OpenJDK (i.e. non-Android)

Native Classifiers

The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:

ClassifierDescription
windows-x86_64Windows distribution
osx-x86_64Mac distribution
linux-x86_64Used for Linux
Maven

Use the os-maven-plugin to add the dependency:

<build>
  <extensions>
    <extension>
      <groupId>kr.motd.maven</groupId>
      <artifactId>os-maven-plugin</artifactId>
      <version>1.4.1.Final</version>
    </extension>
  </extensions>
</build>

<dependency>
  <groupId>org.conscrypt</groupId>
  <artifactId>conscrypt-openjdk</artifactId>
  <version>1.1.0-SNAPSHOT</version>
  <classifier>${os.detected.classifier}</classifier>
</dependency>
Gradle

Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:

buildscript {
  repositories {
    mavenCentral()
  }
  dependencies {
    classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0'
  }
}

// Use the osdetector-gradle-plugin
apply plugin: "com.google.osdetector"

dependencies {
  compile 'org.conscrypt:conscrypt-jdk:1.1.0-SNAPSHOT:' + osdetector.classifier
}
Uber JAR

For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.

To depend on the uber jar, simply use the conscrypt-openjdk-uber artifacts.

Maven
<dependency>
  <groupId>org.conscrypt</groupId>
  <artifactId>conscrypt-openjdk-uber</artifactId>
  <version>1.1.0-SNAPSHOT</version>
</dependency>
Gradle
dependencies {
  compile 'org.conscrypt:conscrypt-jdk-uber:1.1.0-SNAPSHOT'
}

How to Build

If you are making changes to Conscrypt, see the building instructions.

Source Overview

Here‘s a quick readers’ guide to the code to help folks get started. The high-level modules are Common, Android, OpenJDK, and Platform.

Common

This contains the bulk of the code for both Java and C. This isn't an actual module and builds no artifacts. Rather, the other modules just point to this directory as source.

Android

This module provides the Platform class for Android and also adds compatibility classes for supporting various versions of Android. This generates an aar library artifact.

OpenJDK

These modules provide the Platform class for non-Android (OpenJDK-based) systems. It also provides a native library loader supports bundling the shared library with the JAR.

Platform

This is not an actual module and is not part of the default build. This is used for building Conscrypt as an embedded component of the Android platform.