commit | 1de6311425f847007410753f46c3baf1da987561 | [log] [tgz] |
---|---|---|
author | Martin Stjernholm <mast@google.com> | Tue Feb 21 15:43:33 2023 +0000 |
committer | Cherrypicker Worker <android-build-cherrypicker-worker@google.com> | Wed Feb 22 22:17:06 2023 +0000 |
tree | d1dc8702f5d78bb89993799acbb87dc6a921d425 | |
parent | 798853c32bb43b1da316479e327e5a6720d772c2 [diff] |
Link libcrypto and libssl statically into libjavacrypto for host. This avoids version skew between the libs in the conscrypt-module-test-exports prebuilts, where an old prebuilt libjavacrypto.so may otherwise load a too new libcrypto-host.so or libssl-host.so built from source on master-art. Also remove a stale TODO pointing to a resolved ticket. The current plan to avoid a libjavacrypto prebuilt (as well as other prebuilts) is go/multitree-design. Test: Create and drop new prebuilts into a master-art tree, then: $ art/tools/buildbot-build.sh --host $ readelf -d out/host/linux-x86/lib64/libjavacrypto.so Check that shared library dependencies only include NDK libs. $ art/tools/run-libcore-tests.sh --mode=host -j48 Bug: 270126274 Change-Id: Iffb83f7ea123b588e3898e2ca437ad81d84b2f61 (cherry picked from commit 54c4a2738337cf01feb01a1350c43f97c72e53ce) Merged-In: Iffb83f7ea123b588e3898e2ca437ad81d84b2f61
Conscrypt is a Java Security Provider (JSP) that implements parts of the Java Cryptography Extension (JCE) and Java Secure Socket Extension (JSSE). It uses BoringSSL to provide cryptographic primitives and Transport Layer Security (TLS) for Java applications on Android and OpenJDK. See the capabilities documentation for detailed information on what is provided.
The core SSL engine has borrowed liberally from the Netty project and their work on netty-tcnative, giving Conscrypt
similar performance.
Conscrypt supports Java 7 or later on OpenJDK and Gingerbread (API Level 9) or later on Android. The build artifacts are available on Maven Central.
You can download the JARs directly from the Maven repositories.
The OpenJDK artifacts are platform-dependent since each embeds a native library for a particular platform. We publish artifacts to Maven Central for the following platforms:
Classifier | OS | Architecture |
---|---|---|
linux-x86_64 | Linux | x86_64 (64-bit) |
osx-x86_64 | Mac | x86_64 (64-bit) |
windows-x86 | Windows | x86 (32-bit) |
windows-x86_64 | Windows | x86_64 (64-bit) |
Use the os-maven-plugin to add the dependency:
<build> <extensions> <extension> <groupId>kr.motd.maven</groupId> <artifactId>os-maven-plugin</artifactId> <version>1.4.1.Final</version> </extension> </extensions> </build> <dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk</artifactId> <version>2.5.2</version> <classifier>${os.detected.classifier}</classifier> </dependency>
Use the osdetector-gradle-plugin (which is a wrapper around the os-maven-plugin) to add the dependency:
buildscript { repositories { mavenCentral() } dependencies { classpath 'com.google.gradle:osdetector-gradle-plugin:1.4.0' } } // Use the osdetector-gradle-plugin apply plugin: "com.google.osdetector" dependencies { compile 'org.conscrypt:conscrypt-openjdk:2.5.2:' + osdetector.classifier }
For convenience, we also publish an Uber JAR to Maven Central that contains the shared libraries for all of the published platforms. While the overall size of the JAR is larger than depending on a platform-specific artifact, it greatly simplifies the task of dependency management for most platforms.
To depend on the uber jar, simply use the conscrypt-openjdk-uber
artifacts.
<dependency> <groupId>org.conscrypt</groupId> <artifactId>conscrypt-openjdk-uber</artifactId> <version>2.5.2</version> </dependency>
dependencies { compile 'org.conscrypt:conscrypt-openjdk-uber:2.5.2' }
The Android AAR file contains native libraries for x86, x86_64, armeabi-v7a, and arm64-v8a.
dependencies { implementation 'org.conscrypt:conscrypt-android:2.5.2' }
If you are making changes to Conscrypt, see the building instructions.