Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 1 | OpenSSL on the Android platform. |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 2 | --- |
| 3 | |
Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 4 | The code in this directory is based on $OPENSSL_VERSION in the file |
Brian Carlstrom | 8c67d9d | 2010-06-10 14:44:11 -0700 | [diff] [blame] | 5 | openssl.version. See patches/README for more information on how the |
| 6 | code differs from $OPENSSL_VERSION. |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 7 | |
Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 8 | Porting New Versions of OpenSSL. |
| 9 | -- |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 10 | |
| 11 | The following steps are recommended for porting new OpenSSL versions. |
| 12 | |
Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 13 | 1) Retrieve the appropriate version of the OpenSSL source from |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 14 | www.openssl.org/source (in openssl-*.tar.gz file). Check the PGP |
| 15 | signature (found in matching openssl-*.tar.gz.asc file) with: |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 16 | |
Brian Carlstrom | 3d3a1b8 | 2010-08-18 11:26:06 -0700 | [diff] [blame] | 17 | gpg openssl-*.tar.gz.asc |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 18 | |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 19 | If the public key is not found, import the the one with the |
| 20 | matching RSA key ID from http://www.openssl.org/about/, using: |
| 21 | |
| 22 | gpg --import # paste PGP public key block on stdin |
| 23 | |
| 24 | 2) Update the variables in openssl.config and openssl.version as appropriate. |
| 25 | At the very least you will need to update the openssl.version. |
| 26 | |
| 27 | 3) Run: |
| 28 | |
| 29 | ./import_openssl.sh import openssl-*.tar.gz |
Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 30 | |
| 31 | 4) If there are any errors, then modify openssl.config, openssl.version |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 32 | and patches in patches/ as appropriate. You might want to use: |
Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 33 | |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 34 | ./import_openssl.sh regenerate patches/*.patch |
| 35 | |
| 36 | Repeat step 3. |
| 37 | |
| 38 | 5) Cleanup before building with: |
| 39 | |
Brian Carlstrom | ad88003 | 2010-05-14 11:42:48 -0700 | [diff] [blame] | 40 | m -j16 clean-libcrypto clean-libssl clean-openssl clean-ssltest |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 41 | |
| 42 | 6) Build openssl from the external/openssl directory with: |
| 43 | |
Brian Carlstrom | 976a034 | 2010-12-03 16:11:54 -0800 | [diff] [blame] | 44 | mm -j16 snod && adb remount && adb sync system |
Nagendra Modadugu | e45f106 | 2009-09-30 11:36:48 -0700 | [diff] [blame] | 45 | |
| 46 | If there are build errors, then patches/*.mk, openssl.config, or |
| 47 | android-config.mk may need updating. |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 48 | |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 49 | 7) Run tests to make sure things are working: |
| 50 | |
Brian Carlstrom | 6e42038 | 2010-06-15 20:32:09 -0700 | [diff] [blame] | 51 | # Run local openssl tests |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 52 | (cd android.testssl/ && ./testssl.sh) |
Brian Carlstrom | 6e42038 | 2010-06-15 20:32:09 -0700 | [diff] [blame] | 53 | # Build and sync libcore tests |
| 54 | (croot && cd libcore && mm -j16 snod && adb remount && adb sync) |
Brian Carlstrom | 0494524 | 2010-06-16 11:03:59 -0700 | [diff] [blame] | 55 | # Run tests from libcore |
David 'Digit' Turner | 063cfe1 | 2013-02-19 17:08:14 +0100 | [diff] [blame] | 56 | (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jar javax.net.ssl tests.api.javax.net) |
Brian Carlstrom | 0494524 | 2010-06-16 11:03:59 -0700 | [diff] [blame] | 57 | # Run tests from Harmony |
David 'Digit' Turner | 063cfe1 | 2013-02-19 17:08:14 +0100 | [diff] [blame] | 58 | (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/apache-harmony-tests_intermediates/classes.jar tests.api.java.math.BigIntegerTest org.apache.harmony.tests.java.math) |
Brian Carlstrom | 6e42038 | 2010-06-15 20:32:09 -0700 | [diff] [blame] | 59 | # try an https website |
Brian Carlstrom | 925e1a4 | 2010-04-26 11:13:10 -0700 | [diff] [blame] | 60 | adb shell am start https://online.citibank.com # confirm result in browser |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 61 | |
Brian Carlstrom | 0494524 | 2010-06-16 11:03:59 -0700 | [diff] [blame] | 62 | The vogar tool can be found externally at http://code.google.com/p/vogar/ |
Brian Carlstrom | 0494524 | 2010-06-16 11:03:59 -0700 | [diff] [blame] | 63 | |
David 'Digit' Turner | 063cfe1 | 2013-02-19 17:08:14 +0100 | [diff] [blame] | 64 | Quick installation instructions (without rebuilding from source): |
| 65 | VOGAR=$HOME/vogar |
| 66 | svn co http://vogar.googlecode.com/svn/trunk/ $VOGAR |
| 67 | mkdir -p $VOGAR/build/ |
| 68 | curl -o $VOGAR/build/vogar.jar https://vogar.googlecode.com/files/vogar.jar |
| 69 | PATH=$PATH:$VOGAR/bin |
| 70 | |
| 71 | Within Google, you can find it under: |
| 72 | /home/dalvik-prebuild/vogar/bin/vogar |
Brian Carlstrom | 0494524 | 2010-06-16 11:03:59 -0700 | [diff] [blame] | 73 | |
Brian Carlstrom | 4e0e02a | 2010-07-16 11:09:17 -0700 | [diff] [blame] | 74 | # You can also run openssl s_server as a test server on the device: |
| 75 | adb push ./android.testssl/CAss.cnf /sdcard/CAss.cnf |
| 76 | adb shell openssl req -config /sdcard/CAss.cnf -x509 -nodes -days 365 -subj '/C=US/ST=California/L=Mountain View/CN=localhost' -newkey rsa:1024 -keyout /sdcard/server.pem -out /sdcard/server.pem |
| 77 | adb shell openssl s_server -cert /sdcard/server.pem -www -verify 1 |
| 78 | adb shell am start https://localhost:4433 # confirm result in browser |
| 79 | |
Brian Carlstrom | 98d58bb | 2010-03-09 09:56:55 -0800 | [diff] [blame] | 80 | 8) Do a full build before checking in: |
| 81 | |
Brian Carlstrom | 8c67d9d | 2010-06-10 14:44:11 -0700 | [diff] [blame] | 82 | m -j16 |
The Android Open Source Project | 656d9c7 | 2009-03-03 19:30:25 -0800 | [diff] [blame] | 83 | |
David 'Digit' Turner | 9fbf99a | 2013-02-19 10:38:34 +0100 | [diff] [blame] | 84 | Optionally, check whether build flags (located in CONFIGURE_ARGS in |
| 85 | openssl.config, plus some extras in android-config.mk), need to be updated. |
| 86 | Doing this step will help ensure that the compiled library is appropriately |
| 87 | optimized for speed and size. |