Steps for porting the OpenSSL For Android
------------------------------------------------------------------------------------------------Update:
I have ported the openssl-1.0.1g for Android. Porting steps have been mentioned in the GitHub Link OpenSSL-1.0.1g For Android
------------------------------------------------------------------------------------------------
Pre-requisites:
1) Android NDK (latest is recommended)
2) Cygwin with shell support for windows
Steps:
1) Download the latest open ssl code from the http://www.openssl.org/
2) Unzip the file and configure for the android by executing the Configure command
./Configure android-armv7 -DL_ENDIAN (or)
./Configure android-x86 -DL_ENDIAN (or)
./Configure android -DL_ENDIAN
You can remove the modules which you want by adding those directives in the Configure command
./Configure linux-generic32 no-idea no-bf no-cast no-seed no-md2 -DL_ENDIAN
3) Create an updated android-config.mk file which contains the CFLAG and DEPFLAG of the makefile in the root (first) folder. Make sure to add all the -D flags to LOCAL_CFLAGS, except -DTERMIO; include -DOPENSSL_NO_HW in addition to these. Anyway its better to include all the -DOPENSSL_NO_xxx flags as well, but it not important as those will be replicated in the file crypto/opensslconf.h when ./Configure is executed.
4) Copy the new LICENSE file from OpenSSL distribution as NOTICE.
Create an empty MODULE_LICENSE_BSD_LIKE file
5)You may delete the following directories along with their contents,
since we won't use these (any more):
MacOS Netware VMS apps/demoCA apps/set bugs certs crypto/bf crypto/cast \
crypto/cms crypto/idea crypto/md2 crypto/rc5 crypto/seed demos doc \
engines ms os2 perl shlib test times tools util
Also you may delete the following files:
CHANGES CHANGES.SSLeay ChangeLog.0_9_7-stable_not-in-head \
ChangeLog.0_9_7-stable_not-in-head_FIPS Configure FAQ INSTALL \
INSTALL.DJGPP INSTALL.MacOS INSTALL.NW INSTALL.OS2 INSTALL.VMS \
INSTALL.W32 INSTALL.W64 INSTALL.WCE LICENSE Makefile Makefile.bak \
Makefile.org Makefile.shared NEWS PROBLEMS README README.ASN1 \
README.ENGINE apps/CA.pl.bak config crypto/opensslconf.h.bak \
install.com makevms.com openssl.doxy openssl.spec
If any modules is required for your project specific purpose retain those folders.
6) Go to include/openssl. There's a bunch of symlinks here. Since symlinks
can be a special case for version control, replace them by regular files:
for l in *.h; do cp $l copy_$l; rm $l; mv copy_$l $l; done
Some symlinks will remain, pointing to files that don't exit
(you deleted those in step d). Delete the symlinks.
7) Create Android.mk files based on those you find in the previous OpenSSL port:
Android.mk
apps/Android.mk
crypto/Android.mk
ssl/Android.mk
For the latter three, merge in any substantial changes between the
corresponding Makefiles in the OpenSSL distribution (apps/Makefile,
crypto/Makefile, crypto/*/Makefile, ssl/Makefile).
Don't forget to update the directory name for OpenSSL in these files
and whereever else it is used.
Check the makefiles and add if we have any missed files. Don't add all the missed files as it may cause redefinition error during linking.
Don't blindly copy the android.mk makefiles from the existing android ported code. Some files need to be added if missing from the new makefiles.
8) Generate the asm files for your particular architecture type using the perl scripts which are already present in the asm folders of the OpenSSL.
Ex: # Generate asm
perl crypto/aes/asm/aes-armv4.pl > crypto/aes/asm/aes-armv4.S
perl crypto/bn/asm/armv4-mont.pl > crypto/bn/asm/armv4-mont.S
perl crypto/sha/asm/sha1-armv4-large.pl > crypto/sha/asm/sha1-armv4-large.S
perl crypto/sha/asm/sha256-armv4.pl > crypto/sha/asm/sha256-armv4.S
perl crypto/sha/asm/sha512-armv4.pl > crypto/sha/asm/sha512-armv4.S
9) During facing compilation issue, we may have to
a) Change the include path of the header files in the source (.c or .cpp) files.
b) Disable some of the mains for the removed modules of those #defines are not properly enabled
Ex: #if 0 /* ANDROID */
{FUNC_TYPE_GENERAL,"ts",ts_main},
#endif
For removing the ts_main in the ..../openssl/apps/progs.h
c) May face some of the undefined reference errors, search in the source files for the definition where it is present and include in compilation if required or else if that module has been removed then comment it.
10) If compilation is gone through you will find the .so files got generated.
Happy porting :).
Ported Code:
https://github.com/aluvalasuman/OpenSSL1.0.1cForAndroid
References: (Courtesy)
Credit to the below guy
https://github.com/fries/android-external-openssl/blob/master/README.android
11 comments:
Thanks for the invaluable port! It's been a life-saver for many of our projects.
FYI the github link at the bottom of the article has a typo (one too many S's) it should be: https://github.com/aluvalasuman/OpenSSL1.0.1cForAndroid
Thanks for the comments :). Corrected the github link.
I have downloaded OpenSSL1.0.1cForAndroid-master from your git and I am using Ubuntu 12.10. Could you please tell how to compile it finally? Which environment variables must be set? $CROSS_COMPILE ? What else? And than just type make in the OpenSSL1.0.1cForAndroid-master/ssl directory?
I downloaded your project from github but I have a question.Why does not have the CMS feature and how can I add it?
Thank you.
I downloaded your openssl 1.0.1c from github but I doesn't have CMS support.Why and how can I add this?
Thank you.
I am not sure, I was requiring only SSL (Open SSL) sockets. So, I targeted for the same and I followed the instruction mentioned in the above page (https://github.com/fries/android-external-openssl/blob/master/README.android).
hi , i think its a dumb question. but how come ur compiled code contains manifest file but mine doesnt
Manifest.xml file is not required (I believe). I have created the the project as library and compiled the code. I think NDK looks for "jni" folder only. Correct me if I am wrong :).
@suman followed your instructions, but it didnt create JNI folder too. do you want me to copy the folder. And there are no instructions on creating android-config.mk .
but from your source code from git, i added manifestfile ,android-config.mk, JNI folder.
Giving ndk-build will start building but stops by giving this error
In file included from /Users/smash/Desktop/FREERDP/openssl-1.0.1g/crypto/bf/bf_cfb64.c:59:0:
./include/openssl/blowfish.h:69:2: error: #error BF is disabled.
make: *** [obj/local/armeabi/objs/crypto/bf/bf_cfb64.o] Error 1
I am not able to get what you want to do. I assume you are trying to build new version for the heartbeed bug fix.
As i mentioned above, when I was porting, was using this for reference.
References: (Courtesy)
Credit to the below guy
https://github.com/fries/android-external-openssl/blob/master/README.android
As of now, I didn't build new one and we are not using the heartbeat feature of the SSL. So, not affected by that issue. If I port, will share the updated link.
Post a Comment