Compiling the latest OpenSSL for Android

Question

I am trying to generate the shared library for the (.so) files of the OpenSSL1.0.1c for the Android. I found that they have added three options for compiling for the Android in the android script.

./Configure android-armv7  (or)
./Configure android-x86    (or)
./Configure android

once I configured for the OS and then try to compile, its throwing errors. Currently I am working x86 windows7 and installed Cygwin, Android sdk R20, Android NDK r8

sh-4.1$ make
making all in crypto...
make[1]: Entering directory `/cygdrive/d/SourceCodes/OpenSSL/openssl-1.0.1c/crypto'
gcc -I. -I.. -I../include  -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -march=armv7-a -mandroid -I/include -B/lib -O3 -fomit-frame-pointer -Wall -DOPENSSL_BN_ASM_MONT -DOP
ENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DGHASH_ASM   -c -o cryptlib.o cryptlib.c
cc1: error: unrecognized command line option "-mandroid"
cryptlib.c:1:0: error: bad value (armv7-a) for -march= switch
<builtin>: recipe for target `cryptlib.o' failed
make[1]: *** [cryptlib.o] Error 1
make[1]: Leaving directory `/cygdrive/d/SourceCodes/OpenSSL/openssl-1.0.1c/crypto'
Makefile:278: recipe for target `build_crypto' failed
make: *** [build_crypto] Error 1
sh-4.1$

Please let me know if anyone faced the similar issue and got the solution for resolving the same.

Answer 1

I would seriously not advise to grab anything outside of the official OpenSSL web site. You cannot take a chance when dealing with cryptography and security.

The only problem that I see is that you are using your host's gcc rather than using android's cross compilers.

Here is how I would compile the official OpenSSL on Ubuntu 14.04LTS (this works with OpenSSL 1.0.1g)

From your home folder, run the following commands:

tar xzvf ~/Downloads/openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
export NDK=~/android-ndk-r9d
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9 --toolchain=arm-linux-androideabi-4.6 --install-dir=`pwd`/android-toolchain-arm
export TOOLCHAIN_PATH=`pwd`/android-toolchain-arm/bin
export TOOL=arm-linux-androideabi
export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
export CC=$NDK_TOOLCHAIN_BASENAME-gcc
export CXX=$NDK_TOOLCHAIN_BASENAME-g++
export LINK=${CXX}
export LD=$NDK_TOOLCHAIN_BASENAME-ld
export AR=$NDK_TOOLCHAIN_BASENAME-ar
export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
export ARCH_FLAGS="-march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16"
export ARCH_LINK="-march=armv7-a -Wl,--fix-cortex-a8"
export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
export LDFLAGS=" ${ARCH_LINK} "

And then run your configure script:

./Configure android-armv7

And then build

PATH=$TOOLCHAIN_PATH:$PATH make

You should see that it is using arm-linux-androideabi-gcc instead of gcc

To build for the old armeabi:

tar xzvf ~/Downloads/openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
export NDK=~/android-ndk-r9d
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9 --toolchain=arm-linux-androideabi-4.6 --install-dir=`pwd`/android-toolchain-arm
export TOOLCHAIN_PATH=`pwd`/android-toolchain-arm/bin
export TOOL=arm-linux-androideabi
export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
export CC=$NDK_TOOLCHAIN_BASENAME-gcc
export CXX=$NDK_TOOLCHAIN_BASENAME-g++
export LINK=${CXX}
export LD=$NDK_TOOLCHAIN_BASENAME-ld
export AR=$NDK_TOOLCHAIN_BASENAME-ar
export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
export ARCH_FLAGS="-mthumb"
export ARCH_LINK=
export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
export LDFLAGS=" ${ARCH_LINK} "
./Configure android
make clean
PATH=$TOOLCHAIN_PATH:$PATH make

to build for x86 :

tar xzvf ~/Downloads/openssl-1.0.1g.tar.gz
cd openssl-1.0.1g
export NDK=~/android-ndk-r9d
$NDK/build/tools/make-standalone-toolchain.sh --platform=android-9 --toolchain=x86-4.6 --install-dir=`pwd`/android-toolchain-x86
export TOOLCHAIN_PATH=`pwd`/android-toolchain-x86/bin
export TOOL=i686-linux-android
export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
export CC=$NDK_TOOLCHAIN_BASENAME-gcc
export CXX=$NDK_TOOLCHAIN_BASENAME-g++
export LINK=${CXX}
export LD=$NDK_TOOLCHAIN_BASENAME-ld
export AR=$NDK_TOOLCHAIN_BASENAME-ar
export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
export ARCH_FLAGS="-march=i686 -msse3 -mstackrealign -mfpmath=sse"
export ARCH_LINK=
export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
export LDFLAGS=" ${ARCH_LINK} "
./Configure android-x86
make clean
PATH=$TOOLCHAIN_PATH:$PATH make

Answer 2

In OpenSSL 1.0.1e, all I need to do is:

CC=~/android-ndk-r9/toolchains/arm-linux-androideabi-4.8/prebuilt/darwin-x86_64/bin/arm-linux-androideabi-gcc ./Configure android-armv7
ANDROID_DEV=~/android-ndk-r9//platforms/android-8/arch-arm/usr make build_libs

Answer 3

Thanks to the instructions posted here, plus some other additions, I've made an automated script which compiles the latest OpenSSL library for Android with support for: armeabi, armeabi-v7a, x86, x86_64 and arm64-v8a:

#!/bin/bash -e
#@author Aleksandar Gotev ([email protected])
#Hints and code taken also from http://stackoverflow.com/questions/11929773/compiling-the-latest-openssl-for-android

if [ "$#" -ne 6 ]
then
    echo "Usage:"
    echo "./openssl-build <ANDROID_NDK_PATH> <OPENSSL_SOURCES_PATH> <ANDROID_TARGET_API> \\"
    echo "                <ANDROID_TARGET_ABI> <GCC_VERSION> <OUTPUT_PATH>"
    echo
    echo "Supported target ABIs: armeabi, armeabi-v7a, x86, x86_64, arm64-v8a"
    echo
    echo "Example using GCC 4.8, NDK 10e, OpenSSL 1.0.2d and Android API 21 for armeabi-v7a."
    echo "./openssl-build /home/user/android-ndk-r10e \\"
    echo "                /home/user/openssl-1.0.2d \\"
    echo "                21 \\"
    echo "                armeabi-v7a \\"
    echo "                4.8 \\"
    echo "                /home/user/output/armeabi-v7a"
    exit 1
fi

NDK_DIR=$1
OPENSSL_BASE_FOLDER=$2
OPENSSL_TARGET_API=$3
OPENSSL_TARGET_ABI=$4
OPENSSL_GCC_VERSION=$5
OPENSSL_OUTPUT_PATH=$6

NDK_MAKE_TOOLCHAIN="$NDK_DIR/build/tools/make-standalone-toolchain.sh"
OPENSSL_TMP_FOLDER="/tmp/openssl"
rm -rf "$OPENSSL_TMP_FOLDER"
mkdir -p "$OPENSSL_TMP_FOLDER"
cp -r ${OPENSSL_BASE_FOLDER} ${OPENSSL_TMP_FOLDER}

function build_library {
    mkdir -p ${OPENSSL_OUTPUT_PATH}
    export PATH=$TOOLCHAIN_PATH:$PATH
    make && make install
    rm -rf ${OPENSSL_TMP_FOLDER}
    echo "Build completed! Check output libraries in ${OPENSSL_OUTPUT_PATH}"
}

if [ "$OPENSSL_TARGET_ABI" == "armeabi-v7a" ]
then
    ${NDK_MAKE_TOOLCHAIN} --platform=android-${OPENSSL_TARGET_API} \
                          --toolchain=arm-linux-androideabi-${OPENSSL_GCC_VERSION} \
                          --install-dir="${OPENSSL_TMP_FOLDER}/android-toolchain-arm"
    export TOOLCHAIN_PATH="${OPENSSL_TMP_FOLDER}/android-toolchain-arm/bin"
    export TOOL=arm-linux-androideabi
    export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
    export CC=$NDK_TOOLCHAIN_BASENAME-gcc
    export CXX=$NDK_TOOLCHAIN_BASENAME-g++
    export LINK=${CXX}
    export LD=$NDK_TOOLCHAIN_BASENAME-ld
    export AR=$NDK_TOOLCHAIN_BASENAME-ar
    export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
    export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
    export ARCH_FLAGS="-march=armv7-a -mfloat-abi=softfp -mfpu=vfpv3-d16"
    export ARCH_LINK="-march=armv7-a -Wl,--fix-cortex-a8"
    export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
    export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export LDFLAGS=" ${ARCH_LINK} "
    cd ${OPENSSL_TMP_FOLDER}
    ./Configure android-armv7 --openssldir=${OPENSSL_OUTPUT_PATH}
    build_library

elif [ "$OPENSSL_TARGET_ABI" == "arm64-v8a" ]
then
    ${NDK_MAKE_TOOLCHAIN} --platform=android-${OPENSSL_TARGET_API} \
                          --toolchain=aarch64-linux-android-4.9 \
                          --install-dir="${OPENSSL_TMP_FOLDER}/android-toolchain-arm64"
    export TOOLCHAIN_PATH="${OPENSSL_TMP_FOLDER}/android-toolchain-arm64/bin"
    export TOOL=aarch64-linux-android
    export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
    export CC=$NDK_TOOLCHAIN_BASENAME-gcc
    export CXX=$NDK_TOOLCHAIN_BASENAME-g++
    export LINK=${CXX}
    export LD=$NDK_TOOLCHAIN_BASENAME-ld
    export AR=$NDK_TOOLCHAIN_BASENAME-ar
    export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
    export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
    export ARCH_FLAGS=
    export ARCH_LINK=
    export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
    export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export LDFLAGS=" ${ARCH_LINK} "
    cd ${OPENSSL_TMP_FOLDER}
    ./Configure android --openssldir=${OPENSSL_OUTPUT_PATH}
    build_library

elif [ "$OPENSSL_TARGET_ABI" == "armeabi" ]
then
    ${NDK_MAKE_TOOLCHAIN} --platform=android-${OPENSSL_TARGET_API} \
                          --toolchain=arm-linux-androideabi-${OPENSSL_GCC_VERSION} \
                          --install-dir="${OPENSSL_TMP_FOLDER}/android-toolchain-arm"
    export TOOLCHAIN_PATH="${OPENSSL_TMP_FOLDER}/android-toolchain-arm/bin"
    export TOOL=arm-linux-androideabi
    export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
    export CC=$NDK_TOOLCHAIN_BASENAME-gcc
    export CXX=$NDK_TOOLCHAIN_BASENAME-g++
    export LINK=${CXX}
    export LD=$NDK_TOOLCHAIN_BASENAME-ld
    export AR=$NDK_TOOLCHAIN_BASENAME-ar
    export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
    export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
    export ARCH_FLAGS="-mthumb"
    export ARCH_LINK=
    export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
    export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export LDFLAGS=" ${ARCH_LINK} "
    cd ${OPENSSL_TMP_FOLDER}
    ./Configure android --openssldir=${OPENSSL_OUTPUT_PATH}
    build_library

elif [ "$OPENSSL_TARGET_ABI" == "x86" ]
then
    ${NDK_MAKE_TOOLCHAIN} --platform=android-${OPENSSL_TARGET_API} \
                          --toolchain=x86-${OPENSSL_GCC_VERSION} \
                          --install-dir="${OPENSSL_TMP_FOLDER}/android-toolchain-x86"
    export TOOLCHAIN_PATH="${OPENSSL_TMP_FOLDER}/android-toolchain-x86/bin"
    export TOOL=i686-linux-android
    export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
    export CC=$NDK_TOOLCHAIN_BASENAME-gcc
    export CXX=$NDK_TOOLCHAIN_BASENAME-g++
    export LINK=${CXX}
    export LD=$NDK_TOOLCHAIN_BASENAME-ld
    export AR=$NDK_TOOLCHAIN_BASENAME-ar
    export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
    export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
    export ARCH_FLAGS="-march=i686 -msse3 -mstackrealign -mfpmath=sse"
    export ARCH_LINK=
    export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
    export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export LDFLAGS=" ${ARCH_LINK} "
    cd ${OPENSSL_TMP_FOLDER}
    ./Configure android-x86 --openssldir=${OPENSSL_OUTPUT_PATH}
    build_library

elif [ "$OPENSSL_TARGET_ABI" == "x86_64" ]
then
    ${NDK_MAKE_TOOLCHAIN} --platform=android-${OPENSSL_TARGET_API} \
                          --toolchain=x86_64-4.9 \
                          --install-dir="${OPENSSL_TMP_FOLDER}/android-toolchain-x86_64"
    export TOOLCHAIN_PATH="${OPENSSL_TMP_FOLDER}/android-toolchain-x86_64/bin"
    export TOOL=x86_64-linux-android
    export NDK_TOOLCHAIN_BASENAME=${TOOLCHAIN_PATH}/${TOOL}
    export CC=$NDK_TOOLCHAIN_BASENAME-gcc
    export CXX=$NDK_TOOLCHAIN_BASENAME-g++
    export LINK=${CXX}
    export LD=$NDK_TOOLCHAIN_BASENAME-ld
    export AR=$NDK_TOOLCHAIN_BASENAME-ar
    export RANLIB=$NDK_TOOLCHAIN_BASENAME-ranlib
    export STRIP=$NDK_TOOLCHAIN_BASENAME-strip
    export CPPFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export CXXFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 -frtti -fexceptions "
    export CFLAGS=" ${ARCH_FLAGS} -fpic -ffunction-sections -funwind-tables -fstack-protector -fno-strict-aliasing -finline-limit=64 "
    export LDFLAGS=" ${ARCH_LINK} "
    cd ${OPENSSL_TMP_FOLDER}
    ./Configure linux-x86_64 --openssldir=${OPENSSL_OUTPUT_PATH}
    build_library

else
    echo "Unsupported target ABI: $OPENSSL_TARGET_ABI"
    exit 1
fi

Script docs: https://github.com/alexbbb/pjsip-android-builder#build-only-openssl

For the last version check: https://github.com/alexbbb/pjsip-android-builder/blob/master/openssl-build

Answer 4

I glued together some useful advices here to a build environment for OpenSSL for Android which works for me.

• Supports build for multiple architectures - ARM, ARMv7, X86
• Uses OpenSSL source codes
• Integrated with Android.mk build
• Contains pre-compiled OpenSSL 1.0.2h (use if you want or compile your own)

https://github.com/ph4r05/android-openssl

Answer 5

In case someone encounters the problem of using vulnerable version of OpenSSL (< 1.0.2f/1.0.1r) in one of the native libraries, I add some more details and instructions.

Preconditions: Android NDK need to be configured first.

1. First of all, download the OpenSSL compatible version (> 1.0.2f/1.0.1r).

2. Download two scripts from this link. In case someone wonders what they do (and you should - it is a cryptographic library!!!): They build the OpenSSL library for every android ABI processor architecture (armeabi, x86, mips, etc...)

3. Modify setenv-android-mod.sh -> line 18 with the ndk version

4. Modify setenv-android-mod.sh -> line 40 with the Android API version

5. Modify build-all-arch.sh -> line 7 with the folder name of the OpenSSL library (in my case it was openssl-1.0.1t)

6. After successful build, inside the folder dist the libraries will be present

To add the openSSL to project as prebuilt static libraries, create:

1. openssl folder under jni directory containing lib/ (which contain the .a files for the supported architectures),
2. include/ which has the necessary includes (you can find that under the openssl version you downloaded, be aware that some of the header files are symbolic links)

3. Modify Android.mk inside jni folder adding the following:

   include $(CLEAR_VARS) 
   LOCAL_MODULE := libssl
   LOCAL_SRC_FILES := lib/$(TARGET_ARCH_ABI)/libssl.a
   include $(PREBUILT_STATIC_LIBRARY)
   include $(CLEAR_VARS)
   LOCAL_MODULE := libcrypto
   LOCAL_SRC_FILES := lib/$(TARGET_ARCH_ABI)/libcrypto.a
   include $(PREBUILT_STATIC_LIBRARY)
   

Then, to use the library within another jni module add the following to it's Android.mk file:

LOCAL_C_INCLUDES := $(LOCAL_PATH)/../openssl/include
LOCAL_STATIC_LIBRARIES := libssl libcrypto

Answer 6

This doesn't solve your problem, but perhaps it will help. A google groups post where they have successfully compiled OpenSSL 1.0.1 beta2 for Android.

https://groups.google.com/forum/?fromgroups#!topic/android-security-discuss/5-_gCAmEo-M

This might also help, an open source project that builds 1.0.0a for Android:

https://github.com/eighthave/openssl-android

Answer 7

This is how I did it for openssl-1.0.2g:

$ rm -rf openssl-1.0.2g/
$ tar xzf openssl-1.0.2g.tar.gz
$ chmod a+x setenv-android.sh
$ . ./setenv-android.sh ---> Note: make sure in the same folder of your openssl-1.0.2g
$ cd openssl-1.0.2g/

$ perl -pi -e 's/install: all install_docs install_sw/install: install_docs install_sw/g' Makefile.org

$ ./config shared no-ssl2 no-ssl3 no-comp no-hw no-engine --openssldir=<Path of your OpenSSL> 

$ make depend
$ make clean
$ make all
before make install, ---Delete the "include" folder (path/of/your/openssl-1.0.2g/include)  or you may move it to another directory for safe keeping. 
$ make install 

Make sure that you input the right NDK paths into your setenv-android.sh or else you will have errors.

Example for this build I used Android NDK vr10b (http://dl.google.com/android/ndk/android-ndk32-r10b-darwin-x86.tar.bz2) and used the ff path values inside my setenv-android.sh file:

_ANDROID_NDK="android-ndk-r10b" (Line 12)
_ANDROID_EABI="arm-linux-androideabi-4.8"(Line 16)
_ANDROID_API="android-19"(Line 24)

Reference: https://wiki.openssl.org/index.php/Android

Note ---> I created a github commit to answer this question, please see: https://github.com/rjmangubat23/OpenSSL

I uploaded the different scripts for setenv-android.sh onto my github, cause you will need different type of scripts for different architectures:

For x86: https://github.com/rjmangubat23/OpenSSL/tree/master/x86

For ArmV7: https://github.com/rjmangubat23/OpenSSL/tree/master/ArmV7

Download Openssl here: ftp://ftp.openssl.org/source

Download Complete list of Android NDK files here: https://github.com/taka-no-me/android-cmake/blob/master/ndk_links.md

Answer 8

You can use this script to compile openssl under Windows 7 + Cygwin. Everything you need is only change location of ndk and choose android api version.

My way step by step (Win 7 x64 + Cygwin + ndk r10c)

1. Copy file setenv-android-mod.sh and build-all-arch.sh to your openssl directory.

2. Modify file build-all-arch.sh

   • cd openssl-1.0.1j to #cd openssl-1.0.1j (line 56)

   • cd .. to #cd .. (line 80)

3. Modify file setend-android-mod.sh

   • _ANDROID_NDK="android-ndk-r10c-x64" change to your ndk version (line 18)
   • _ANDROID_API="android-19" change to your api version (line 40)
   • ANDROID_NDK_ROOT="d:/work/android/android-ndk-r10c-x64" specify your dir (line 42)
   • ANDROID_TOOLCHAIN="d:/work/android/android-ndk-r10c-x64/toolchains" specify your dir (line 43)
   • export CROSS_COMPILE="aarch64-linux-android-" to export CROSS_COMPILE="$ANDROID_TOOLCHAIN/aarch64-linux-android-" (line 219), change same lines 225, 231, 237, 243 - just add $ANDROID_TOOLCHAIN/ to the cross compile path.

Run build-all-arch.sh.

All libraries (*.so) will be located in /prebuilt/ dir.

P.S. I had a few more errors because of wrong symlinks, but everything was fine after executing the following command export CYGWIN="winsymlinks:native" see here for details.

Answer 9

This problem and many others like it caused me a week or so of mucking about, but I finally cracked it so I thought I'd share my solution. OpenSSL can be compiled for 21+ and work on Android 4.03 devices if you are willing to hack the code. We use libcurl, so wanted to be up to date. The steps are a bit complex:

First up ensure you have a buildable version of libcurl. I recommend as a good starting point https://github.com/cocos2d/cocos2d-x-3rd-party-libs-src

They keep up to date build scripts.

Firstly hack the android.ini in "build" to version 21

Next up I had to add the following stub functions to the jni project somewhere:

// SPECIAL API 21+ functions required for android to build on newer platform targets.

float strtof (const char* str, char** endptr)
{
    return (float)strtod(str, endptr);
}

int __isnanf(float x)
{
    return (x != x);
}

double atof (const char* s)
{
    double rez = 0, fact = 1;
    if (*s == '-'){
        s++;
        fact = -1;
    };
    for (int point_seen = 0; *s; s++){
        if (*s == '.'){
            point_seen = 1;
            continue;
        };
        int d = *s - '0';
        if (d >= 0 && d <= 9){
            if (point_seen) fact /= 10.0f;
            rez = rez * 10.0f + (float)d;
        };
    };
    return rez * fact;
}

void srandom(unsigned int seed)
{
    std::srand(seed);
}

static unsigned long _next = 1;

void srand(unsigned int seed)
{
    _next = seed;
}

long random()
{
    return rand();
}

int rand()
{
    _next = _next * 1103515245 + 12345;
    return (unsigned int)(_next/65536) % 32768;
}

/* the default is bsd */
__sighandler_t signal(int s, __sighandler_t f)
{
    return 0;
}

Note the signal function could be better, but for us it isn't important. This stops the dreaded "cannot locate symbol" errors on 4.03 devices caused by changes to the headers in 5+ (https://groups.google.com/forum/#!topic/android-ndk/RjO9WmG9pfE).

Next up download the tar.gz for the version of openssl you want to build and unpack it somewhere. Edit crypto/ui/ui_openssl.c and crypto/des/read_pwd.c and ensure that the #defines for tcsetattr are not used. I used a brute force #if 0 and #if 1 - note this should be possible by twiddling the preprocessor, but I gave up at this point. If anyone feels like sharing the correct magic please do!

Now you need to re-tar up the file into the tarballs file (making sure you get it root folder in there:

and run (in my case)

shasum -a 512 curl-7.50.0.tar.gz > ../src/curl/SHA512SUMS

This will allow the cocos2d ./build.sh to run. Something like:

./build.sh -p=android --libs=openssl,curl --arch=armv7 --mode=release

Finally - and this caught me out in terms of making a universal .a file, but is not directly part of the question, ensure you use a version that doesn't use NEON instructions. Tegra 2 devices apparently have FPU but no NEON. I think this can be done using -mfpu=vfp as a compiler flag, but I chose to just use the armv5 build instead, as performance is not really important to me in this area (and I have had enough nasty real world surprises from this already).

In the end you should get a nice .a that works everywhere, and can be used in projects targeting the latest and greatest Android. Now if only someone from the OpenSSL project can read this and fix the project so it understands android stuff released 2 years ago!

Good luck!

Answer 10

Here is how to build OpenSSL on Windows using Cygwin and Android NDK

1. Download and extract OpenSSL source
2. Download script from https://github.com/pstanoev/OpenSSL-For-Android

3. Run cmd with Administrator user and execute

   SET CYGWIN=winsymlinks:nativestrict

4. In same cmd window, open Cygwin:

   cygwin.bat

5. Make script executable:

   chmod +x *.sh

6. In Cygwin execute:

   /cygdrive/c/dev/openssl-source/openssl-build.sh /cygdrive/c/dev/android-ndk-r12b /cygdrive/c/dev/openssl-source/openssl-1.0.2j 15 armeabi-v7a 4.9 /home/user/openssl

   • Modify for your locations of Android NDK and sources

7. Copy libcrypto.so and include/* files to this module. Use cp -r for copy to follow links.

Answer 11

Please refer to PJSIP Build For Android with Integration of G729 Codec for compiling latest Openssl for Android. It is quite well explained.

Answer 12

Follow these instructions may help :)

1: Download Android NDK (version ndk-r13b) from this url:

https://dl.google.com/android/repository/android-ndk-r13b-linux-x86_64.zip

2: Extract NDK to /home/Android.

3: Download the cross compilation setup script from this URL:

https://wiki.openssl.org/images/7/70/Setenv-android.sh

4: Make following changes in the Setenv-android.sh script:

a: Add the following line to the start of the script
        
        ANDROID_NDK_ROOT=/home/Android/android-ndk-r13b

b: Modify _ANDROID_NDK="android-ndk-r13".

c: Modify _ANDROID_EABI="arm-linux-androideabi-4.9"

d: Modify _ANDROID_API="android-23"

5: Download the openssl (version 1.0.2n) from this url:

https://www.openssl.org/source/old/1.0.2/openssl-1.0.2n.tar.gz

6: Extract the downloaded tarball.

7: Open new terminal window and navigate to extracted directory.

8: Move the Setenv-android.sh script to this directory and execute the following commands:

chmod a+x Setenv-android.sh
source ./Setenv-android.sh

9: Run the following command (to configure OpenSSL sources to build for Android):

./Configure shared android

10: Execute following command to build libcrypto and libssl shared libraries.

make CALC_VERSIONS="SHLIB_COMPAT=; SHLIB_SOVER=" build_libs

11: Let the build complete successfully.

Answer 13

With NDK v22 and openssl-1.0.2o:

export PATH=$(echo -n $ANDROID_NDK/toolchains/llvm/prebuilt/*/bin):$PATH
./Configure android-x86 no-asm
make clean build_libs AR="llvm-ar r" RANLIB="llvm-ranlib" CC=i686-linux-android19-clang CFLAG="-fPIC -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -D__ANDROID_API__=19 -Os -fomit-frame-pointer -Wall -I$ANDROID_NDK_ROOT/sysroot/usr/include -I$ANDROID_NDK_ROOT/sysroot/usr/include/i686-linux-android"
mkdir -p x86/lib x86/include/openssl
cp lib*.a x86/lib
cp include/openssl/* x86/include/openssl

builds static libs for x86