Android native build fails with EVP_PKEY_get0_RSA conflicting types on NDK 27

[github-actions]

Why. Android NDK 27 now provides EVP_PKEY_get0_RSA in its OpenSSL headers, conflicting with the shim declaration in opensslshim.h. This blocks all Android builds (arm, arm64, x64, x86, both CoreCLR and Mono).

Impact. All android-* platforms (arm, arm64, x64, x86) in runtime-extra-platforms build #1388505. Compiler error: opensslshim.h:221:12: error: conflicting types for 'EVP_PKEY_get0_RSA'.

Trace. First seen in runtime-extra-platforms build #1388505. Affects multiple jobs: android-arm Release AllSubsets_Mono, android-x64 Release AllSubsets_CoreCLR, android-x64 Release NativeAOT, and 3 more. Sanitized excerpt:

/__w/1/s/src/native/libs/System.Security.Cryptography.Native/apibridge_30.c:4:
In file included from opensslshim.h:221:12:
error: conflicting types for 'EVP_PKEY_get0_RSA'
const RSA* EVP_PKEY_get0_RSA(const EVP_PKEY* pkey);

Note

🔒 Integrity filter blocked 3 items

The following items were blocked because they don't meet the GitHub integrity level.

• #126805 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #106748 search_issues: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
• #119255 search_pull_requests: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".

To allow these resources, lower min-integrity in your GitHub frontmatter:

tools:
  github:
    min-integrity: approved  # merged | approved | unapproved | none

Generated by Mobile Platform Failure Scanner · ● 2.8M · ◷

[dotnet-policy-service]

Tagging subscribers to this area: @dotnet/runtime-infrastructure
See info in area-owners.md if you want to be subscribed.

[dotnet-policy-service]

Tagging subscribers to 'arch-android': @vitek-karas, @simonrozsival, @steveisok, @akoeplinger
See info in area-owners.md if you want to be subscribed.

[steveisok]

Will be fixed by #127192