OpenSSL on the Android platform.

The code in this directory is based on $OPENSSL_VERSION in the file openssl.version. See patches/README for more information on how the code differs from $OPENSSL_VERSION.

Porting New Versions of OpenSSL.

The following steps are recommended for porting new OpenSSL versions.

1. Retrieve the appropriate version of the OpenSSL source from www.openssl.org/source (in openssl-.tar.gz file). Check the PGP signature (found in matching openssl-.tar.gz.asc file) with:

   gpg openssl-*.tar.gz.asc

   If the public key is not found, import the the one with the matching RSA key ID from http://www.openssl.org/about/, using:

   gpg --import # paste PGP public key block on stdin

2. Update the variables in openssl.config and openssl.version as appropriate. At the very least you will need to update the openssl.version.

3. Run:

   ./import_openssl.sh import openssl-*.tar.gz

4. If there are any errors, then modify openssl.config, openssl.version and patches in patches/ as appropriate. You might want to use:

   ./import_openssl.sh regenerate patches/*.patch

   Repeat step 3.

5. Cleanup before building with:

   m -j16 clean-libcrypto clean-libssl clean-openssl clean-ssltest

6. Build openssl from the external/openssl directory with:

   mm -j16 snod && adb sync system

   If there are build errors, then patches/*.mk, openssl.config, or android-config.mk may need updating.

7. Run tests to make sure things are working:

   Run local openssl tests

   (cd android.testssl/ && ./testssl.sh)

   Build and sync libcore tests

   (croot && cd libcore && mm -j16 snod && adb remount && adb sync)

   Run tests from libcore

   (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests-support_intermediates/classes.jar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jar javax.net.ssl tests.api.javax.net)

   Run tests from Harmony

   (croot && vogar --classpath harmony_tests.jar tests.api.java.math.BigIntegerTest org.apache.harmony.tests.java.math)

   try an https website

   adb shell am start https://online.citibank.com # confirm result in browser

   The vogar tool can be found externally at http://code.google.com/p/vogar/ Within Google it can be run with ~dalvik-prebuild/vogar/bin/vogar

   harmony_tests.jar is built from Subversion http://harmony.apache.org/ Within Google it can be found at ~dalvik-prebuild/bin/harmony_tests.jar

   You can also run openssl s_server as a test server on the device:

   adb push ./android.testssl/CAss.cnf /sdcard/CAss.cnf adb shell openssl req -config /sdcard/CAss.cnf -x509 -nodes -days 365 -subj '/C=US/ST=California/L=Mountain View/CN=localhost' -newkey rsa:1024 -keyout /sdcard/server.pem -out /sdcard/server.pem adb shell openssl s_server -cert /sdcard/server.pem -www -verify 1 adb shell am start https://localhost:4433 # confirm result in browser

8. Do a full build before checking in:

   m -j16

Optionally, check whether build flags (located in android-config.mk need to be updated. Doing this step will help ensure that the compiled library is appropriately optimized for speed and size. To update build flags:

a) source openssl.config b) tar -zxf openssl-.tar.gz c) cd openssl-/ d) ./Configure $CONFIGURE_ARGS e) examine Makefile and compare with ../android-config.mk f) modify ../openssl.config as appropriate and go to step 3) above.

Alternatively, ."/import_openssl.sh import" now prints the post-Configure Makefile for review before deleting in on import.