I am new in NDK, I am trying to add openssl to my android project using C, I have looked and tried and I cannot figure out how to linked openssl libraries in Android, another reason I am asking this is because most page and post I've found that talk or say information about it don't say anything for 64 bit arch's(ARM64, MIPS64 and x86_64), only for ARM and X86 arch's, I haven't found any recent post using NDK 10 and 64 bit arch.
I tried this link and I get an error when I try the line:
$ . ./setenv-android.sh
bash: ./setenv-android.sh: line 106: do
the 106 line says:
for host in "linux-x86_64" "linux-x86" "darwin-x86_64" "darwin-x86"
do
if [ -d "$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin" ]; then
ANDROID_TOOLCHAIN="$ANDROID_NDK_ROOT/toolchains/$_ANDROID_EABI/prebuilt/$host/bin"
break
fi
done
but I don't know how to fix the code, and it kind of old that post.
Also I tried this link but I couldn't make the step 1. gpg --import # paste PGP public key block on stdin
When I tried it with the corresponding public key block it didn't do something and when trying ./import_openssl.sh import openssl-*.tar.gz it show an error and ./import_openssl.sh regenerate patches/*.patch didn't fix it also didn't know how to modify openssl.config and patches and also I don't think that work for 64 bit arch.
Can sombody tell me or send me how to linked openssl libraries in NDK for all ABI, I am using Windows 7, Cygwin, and NDK 10d
I resolve partially my problem but it's not completely answer, I did compile openssl for android x86 and arm architecture in this link I post my advances.
I'm not going to mark this answer as correct till I'll compile openssl for all architectures
EDIT:
I post the answer in this link
Related
I'm currently working on a big legacy project and trying to fix the OpenSSL vulnerability issue as explained at How to address OpenSSL vulnerabilities in your apps.
The problem is, there are lot of dependencies, some are open source (I updated all that didn't break the compatibility) added as Gradle import, some are custom/closed source provided by partners and contractors of the company I work for and attached to the project as JARs.
Is there any way to pinpoint specific library that has this vulnerability? I used the bash script provided at Google Play and OpenSSL warning message and it points to one native dependency (actually the .so file). Is there any option to pinpoint actual dependency from there?
Is there any option to pinpoint actual dependency from there?
Yes, but you need to know the offending OpenSSL version and you need grep. Windows find won't do.
First, take note of the offending OpenSSL version. For sake of argument, say its due to OpenSSL 1.0.1h.
Next, gather a list of your dependencies and their top level folders. For sake of argument, say its $HOME/Desktop/aosp-app, $HOME/sdk-a, /usr/local/sdk-b and /opt/local/sdk-c.
Finally, for the top level directories:
grep -R '1.0.1h' "$HOME/Desktop/aosp-app"
grep -R '1.0.1h' "$HOME/sdk-a"
grep -R '1.0.1h' /usr/local/sdk-b
grep -R '1.0.1h' /opt/local/sdk-c
You don't need grep -iR, which is a case insensitive (-i) recursive (-R) search. You also don't need grep -IR, which is a recursive (-R) search that skips binary files (-I).
All of this works because OpenSSL library embeds its version in the data section as a string. Eventually, you will hit on the culprit, which is probably an SDK that comes pre-built as a shared object but includes OpenSSL as a static library. One SDK seems to be identified frequently, and it uses cURL which is built against a static OpenSSL library.
If you have JAR files and suspect them, then you can perform the following as a quick test:
find <dir> -name '*.jar' -exec grep -R '1.0.1h' {} \;
The command will look in the directory <dir> and its subdirectories. It will search for files with the *.jar extension. When it finds one, it will run grep on it looking for the string. find will do it for every *.jar it finds.
I have a native C code, which calculates a SHA1 digest. It compiled without problems with NDK r10b. But I've got this error with NDK r10c:
[arm64-v8a] Compile : my-library <= my-library-jni.c
{PATH_TO_THE_FILE}/my-library-jni.c:3:18: fatal error: sha1.h:
No such file or directory
#include <sha1.h>
I'm updating to NDK r10c to compile for 64-bit platforms. It seems that 64-bit headers do not include sha1.h. Why? And how can I fix it? Should I find some C implementation of SHA1 and include it in my project?
Edit
I ended up using the code from http://oauth.googlecode.com/svn/code/c/liboauth/src/sha1.c.
It worked fine for me.
I assume you didn't try building in 64 bit mode with NDK r10b, because I don't find the sha1.h header there for arm64-v8a either.
It seems that the SHA1 support exposed previously wasn't really intended - it wasn't really mentioned anywhere in the documentation and the "Stable APIs" documentation doesn't mention it either (and I guess it can't be assumed to be part of the C library itself even though technically it was). The libc.so that you link to in 32 bit mode also includes MD5 functions, which aren't exposed in the headers at all, which makes it all seem even more unintended/unplanned.
Even if it wasn't originally intended, they've kept it for compatibility in 32 bit mode, but chose to remove such unintended baggage in 64 bit mode.
Some commit links to clarify:
https://android.googlesource.com/platform/bionic/+/c82c0b7e07
https://android.googlesource.com/platform/ndk/+/69c6d8419%5E%21/
Yes, your solution is to find an existing C implementation of SHA1 (luckily there are many different ones available under a varity of licenses) and include it instead. Most of them have quite similar or almost identical APIs.
I've been knocking my head against the wall this one: I've gotten openssl to compile just fine for the android armeabi architecture, but there's so much less aid for x86, and nothing on it that I can find on openSSL's site.
Something I eventually found was an intel article (https://software.intel.com/en-us/articles/using-intel-advanced-encryption-standard-new-instructions-on-android#openssl) on using openssl for x86 architecture's, and after creating a standalone toolchain, and going through their provided code and fixing some of it, I'm at the point where make will get almost all the way through compilation before failing with a bunch of undefined reference to 'XXX' statements. I cannot figure out how to get past this at this point, any help would be greatly appreciated.
I apologize if this ends up being somewhat trivial, I am very new to make.
Trace:
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: ts.o: in function ts_main:ts.c(.text+0x1e8a): error: undefined reference to 'TS_RESP_set_tst_info'
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: ts.o: in function ts_main:ts.c(.text+0x1ea2): error: undefined reference to 'TS_TST_INFO_free'
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: srp.o: in function srp_verify_user:srp.c(.text+0xb3): error: undefined reference to 'SRP_create_verifier'
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: srp.o: in function srp_create_user:srp.c(.text+0x1e3): error: undefined reference to 'SRP_create_verifier'
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: srp.o: in function srp_main:srp.c(.text+0x1014): error: undefined reference to 'X509_get_default_cert_area'
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: srp.o: in function srp_main:srp.c(.text+0x10c0): error: undefined reference to 'SRP_get_default_gN'
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: srp.o: in function srp_main:srp.c(.text+0x16dd): error: undefined reference to 'TXT_DB_insert'
Edit:
Sorry, by the fact that they were specifying eabi in the setenv script, I thought that meant you could only select one of the ARM eabi's, since the other architectures weren't specified with it. I've been to openSSL's instructions on android for compiling ARM, but I wasn't aware it would also function for x86. If that's the case then I feel dumb.
I set the --sysroot option to the sysroot on the android independent keychain.
These are the commands I used for x86 compilation, as per the intel article on the subject.
export CC="$STANDALONE_TOOCHAIN_PATH/bin/i686-linux-android-gcc -mtune=atom -march=atom --sysroot=$STANDALONE_TOOCHAIN_PATH/sysroot"
export AR=$STANDALONE_TOOCHAIN_PATH/bin/i686-linux-android-ar
export RANLIB=/private/tmp/my-android-toolchain/bin/i686-li
./Configure android-x86 -DOPENSSL_IA32_SSE2 -DAES_ASM -DVPAES_ASM
It seems I've figured it out. Using the code I posted (as the code in the article is slightly syntactically incorrect, but the idea is right) and after having made a custom android toolchain, I was able to run make successfully after a fresh installation of OpenSSL. My guess is that the work I did on it in order to compile the ARM architecture *.a and *.so files probably goofed something up when I went back to it for the x86 architecture.
If unsure of how to create a standalone toolchain (use the easy way option): http://www.kandroid.org/ndk/docs/STANDALONE-TOOLCHAIN.html
but there's so much less aid for x86, and nothing on it that I can find on openSSL's site
I believe the OpenSSL wiki covers the topic: OpenSSL and Android.
Something I eventually found was an intel article... on using openssl for x86 architecture
You simply select the correct abi. According to the Android wiki page, you adjust the following in the setenv-android.sh script:
_ANDROID_NDK – the version of the NDK. For example, android-ndk-r8e
_ANDROID_EABI – the version of the EABI tools. For example, arm-linux-androideabi-4.6
_ANDROID_API – the API level. For example, android-14
There's an entire subsection on it at the wiki: Adjust the Cross-Compile Script. Please let us know if there are any gaps. (I tested it against ARM, but not x86).
There's plenty of ABI's to select. You probably want x86-4.6 and API 14 or API 18.
You might have to modify Configure, but it does not appear you are that far so its hard to say at the moment. You don't need to modify configure - the android-x86 target is already present.
/private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld: ts.o:
in function ts_main:ts.c(.text+0x1e8a): error: undefined reference to 'TS_RESP_set_tst_info' /private/tmp/my-android-toolchain/bin/../lib/gcc/i686-linux-android/4.6/../../../../i686-linux-android/bin/ld
This almost looks like you are missing --sysroot. Something is munged up for sure.
You should probably show us one of your compile line and a link line (what one of the C files looks like, not a dump of all of them).
I have a similar answer here https://stackoverflow.com/a/37043683/2210080 but this is for ArmV7. Just do the same procedure as what I did in the previous but use this particular setenv-android.sh script: https://github.com/rjmangubat23/OpenSSL/blob/master/x86/setenv-android.sh
I've seen other questions like this, but they don't seem to solve my problem. I am trying to build a C++/Android project on Windows for the first time, and have a few questions:
1) Android NDK docs said cygwin is required, some people on internet say it isn't. I have tried both. But I'm getting many errors in building our project using ndk-build on both cmd.exe and cygwin window. On cygwin it says
*** target pattern contains no '%'. Stop.
I searched that there might be some windows style path there in the make files. Someone said use : $(shell cygpath -u $(path)) instead of $(path) ... It's not helping.
2) Since it's a big project, I wanted to check which all are the places where it's taking a windows style path. But even the simple #echo commands for echoing their values is not working.
#echo $(path)
Some on the internet said we can use this style:
.PHONY: print_vals
print_vals:
<tab>#echo $(path)
but that is not working either. Android NDK development on Windows is difficult :(.
First, Cygwin is not required to run ndk-build on Windows, only to run ndk-gdb, and there is also a python version (ndk-gdb.py) that doesn't require Cygwin anyway.
Second, there must be something weird in your Android.mk file(s). If you don't know how GNU Make works, you should really restrict yourselves to the features described by the NDK documentation (e.g. $NDK/docs/ANDROID-MK.html and $NDK/docs/HOWTO.html)
It's hard to tell exactly why you're seeing this message, but it's very likely because you're using absolute Windows file paths in direct target definitions.
Finally, you cannot use echo to debug Makefiles, use $(info path=$(path)) instead.
I am trying to upgrade openssl from 1.0.0 to 1.0.1c on android(ICS).
while I was successfully able to cross compile it(for arm).
I get an error when i try to run openssl binary on target with upgraded libcrypto.so library.
Following is the error:
unexpected reloc type 0x03 for libcrypto.so
I am doing something wrong or are there any compilation flags that I am missing???
I have tried compiling openssl with -fPIC but that didn't help either.
PS : I am using android google tv branch.
Your best bet is to use the native Android build system to build OpenSSL. Don't know the details offhand, but they might be using special options as well as defines to turn things on/off. Get the AOSP source and replace the OpenSSL files with 1.0.1c. Also there is a separate build configuration over at the Guardian Project's Github if you don't want to build the whole thing (which is safer): https://github.com/guardianproject/openssl-android