CODEWITHSUNDEEP
androidopensslarmdebian
Hermann Schachner
Hermann Schachner

Reputation: 550

Option -no-engine causes problems with OpenSSL build for Android

I have to build the OpenSSL 1.0.1j libraries for Android, following the instructions at http://wiki.openssl.org/index.php/Android, on a Debian 7 system.

My configuration options are

./Configure dist -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine

The build fails due to the error

make[2]: *** No rule to make target `../../include/openssl/engine.h', needed by `rsa_lib.o'.

(Remark: Using linux-generic64 instead of dist made no difference)

Providing the option -no-rsa leads to complaints from dsa_lib.o. It also does not make sense to disable RSA and DSA, does it?

I read the NEWS file, http://wiki.openssl.org/ and questions here on SO, but could not find a solution.

Any suggestions?

Besides that: What is the actual meaning of -no-engine? According to my understanding, ENGINE is the interface to the crypto algorithms of openssl. Why should it be possible to disable it at all?

Upvotes: 1

Views: 3471

Answers (2)

Finn Haakansson
Finn Haakansson

Reputation: 161

A symbolic link to engine.h is not created when building OpenSSL with no-engine. I just added

(cd include/openssl ; ln -s ../../crypto/engine/engine.h .)

to my build process.

Upvotes: 0

jww
jww

Reputation: 102296

Option -no-engine causes problems with OpenSSL build for Android ...
./Configure dist -no-ssl2 -no-ssl3 -no-comp -no-hw -no-engine

You can safely omit the no-engine option. The option was used to reduce the size of the binary.

What is the actual meaning of -no-engine? According to my understanding, ENGINE is...

That's a good point, and I can't answer it. But I can say I've used the procedures on the wiki page for a few years, and I know OpenSSL still works (compiles/links/runs) when the no-engine option is used.

Maybe something has changed for 1.0.1j. I did not upgrade (meaning I did not build 1.0.1j for Android and iOS) because I'm not interested in that Downgrade SCSV to accommodate the browsers and their broken-shit, insecure practices of retrying with SSLv3.

Using linux-generic64 instead of dist made no difference...

The cross-compile script (setenv-android.sh) sets the paths to the Android NDK tools AND it sets a few key environmental variables. Of them, CROSS_COMPILE are ANDROID_DEV are critical. From the tail of setenv-android.sh:

# For the Android toolchain
# https://android.googlesource.com/platform/ndk/+/ics-mr0/docs/STANDALONE-TOOLCHAIN.html
export ANDROID_SYSROOT="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH"
export SYSROOT="$ANDROID_SYSROOT"
export NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_NDK_SYSROOT="$ANDROID_SYSROOT"
export ANDROID_API="$_ANDROID_API"

# CROSS_COMPILE and ANDROID_DEV are DFW (Don't Fiddle With). Its used by OpenSSL build system.
# export CROSS_COMPILE="arm-linux-androideabi-"
export ANDROID_DEV="$ANDROID_NDK_ROOT/platforms/$_ANDROID_API/$_ANDROID_ARCH/usr"
export HOSTCC=gcc

Configuration for Android is picked up through SYSTEM and ARCH. Once Android kicks in, CROSS_COMPILE and ANDROID_DEV are utilized.

Because of the environmental variables, all you need to do is configure no-ssl2 no-ssl3 ....

Upvotes: 2

Related Questions