Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / boringssl / 03088124e6892d3f6a650115702d14c92cc82513^2..03088124e6892d3f6a650115702d14c92cc82513 / .
commit03088124e6892d3f6a650115702d14c92cc82513[log] [tgz]
authorTreehugger Robot <treehugger-gerrit@google.com>Thu Sep 26 21:33:57 2019 +0000
committerGerrit Code Review <noreply-gerritcodereview@google.com>Thu Sep 26 21:33:57 2019 +0000
treea4097026be86eb5731d8419ad960eeae7edb96bc
parent4b979db85e85cf549f8be491c2e12d3ff4cd7745 [diff]
parent61c30c8b86d21731a43e65d8ecc9eb813b66cae0 [diff]
Merge "trusty: use time_support.c"
diff --git a/Android.bp b/Android.bp
index 8ac988a..de1904e 100644
--- a/Android.bp
+++ b/Android.bp

@@ -159,16 +159,42 @@
                 "-DBORINGSSL_FIPS",
             ],
             inject_bssl_hash: true,
+            static: {
+                // Disable the static version of libcrypto, as it causes
+                // problems for FIPS certification.  Use libcrypto_static for
+                // modules that need static libcrypto but do not need FIPS self
+                // testing, or use dynamic libcrypto.
+                enabled: false,
+            },
         },
     },
 }
 
 // Static library
-// This should only be used for host modules that will be in a JVM, all other
-// modules should use the static variant of libcrypto.
+// This version of libcrypto will not have FIPS self tests enabled, so its
+// usage is protected through visibility to ensure it doesn't end up used
+// somewhere that needs the FIPS version.
 cc_library_static {
     name: "libcrypto_static",
-    visibility: ["//visibility:public"],
+    visibility: [
+        "//bootable/recovery/updater",
+        "//external/conscrypt",
+        "//external/python/cpython2",
+        "//frameworks/ml/nn/runtime/test",
+        "//hardware/interfaces/confirmationui/1.0/vts/functional",
+        "//hardware/interfaces/drm/1.0/vts/functional",
+        "//hardware/interfaces/drm/1.2/vts/functional",
+        "//hardware/interfaces/keymaster/3.0/vts/functional",
+        "//hardware/interfaces/keymaster/4.0/vts/functional",
+        "//system/core/adb",
+        "//system/core/init",
+        "//system/core/fs_mgr/liblp",
+        "//system/core/fs_mgr/liblp/vts_core",
+        "//system/core/fs_mgr/libsnapshot",
+        "//system/libvintf/test",
+        "//system/security/keystore/tests",
+        "//test/vts-testcase/security/avb",
+    ],
     defaults: [
         "libcrypto_bcm_sources",
         "libcrypto_sources",
@@ -176,19 +202,6 @@
         "boringssl_defaults",
         "boringssl_flags",
     ],
-
-    target: {
-        host: {
-            // TODO: b/26160319. ASAN breaks use of this library in JVM.
-            // Re-enable sanitization when the issue with making clients of this library
-            // preload ASAN runtime is resolved. Without that, clients are getting runtime
-            // errors due to unresolved ASAN symbols, such as
-            // __asan_option_detect_stack_use_after_return.
-            sanitize: {
-                never: true,
-            },
-        },
-    },
 }
 
 //// libssl