boringssl and sqlcipher on Android

[Hans-Christoph Steiner]

I recently was talking with the Android core team about openssl and IOCipher.
From that discussion, I got this useful advice:

> If you compile against BoringSSL statically the linker will be able to
> throw away a lot of what you are not using. OpenSSL wasn't as good in this
> department because of all the indirection. Look into the -fwhole-program
> option and mark your JNI entry points with the appropriate visibility
> markers.

Updating native builds is never fun, but I think this could pay off in terms
of making it easier to keep up to date, as well as making the binaries smaller.

.hc

--
PGP fingerprint: 5E61 C878 0F86 295C E17D 8677 9F0F E587 374B BE81
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x9F0FE587374BBE81

[scott coleman]

Looks like BoringSSL is not FIPS compliant which makes it off limits to us government folks.

--

---
You received this message because you are subscribed to the Google Groups "SQLCipher Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sqlcipher+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Nick Parker]

Hi Hans,

Have you tried compiling BoringSSL for Android yet?  I would be curious what size static library you get.

[Chris Brody]

On Thursday, May 28, 2015 at 11:53:10 PM UTC+2, scott coleman wrote:

Looks like BoringSSL is not FIPS compliant which makes it off limits to us government folks.

If I am not mistaken, the standard build of SQLCipher is not FIPS compliant. You would have to include the FIPS-compliant version of OpenSSL from here: https://www.openssl.org/docs/fips/

They seem to have an enterprise version with FIPS support here: https://www.zetetic.net/sqlcipher/buy/

[Hans-Christoph Steiner]

I haven't tried yet.

.hc

Nick Parker:

[Dan Davis]

Any progress on the build?