OpenSSL for Android

3 years after

OpenSSL on the Android platform.

The code in this directory is based on $OPENSSL_VERSION in the file openssl.version. See patches/README for more information on how the code differs from $OPENSSL_VERSION.

Porting New Versions of OpenSSL.

The following steps are recommended for porting new OpenSSL versions.

1) Retrieve the appropriate version of the OpenSSL source from (in openssl-.tar.gz file). Check the PGP signature (found in matching openssl-.tar.gz.asc file) with:

 gpg openssl-*.tar.gz.asc

If the public key is not found, import the the one with the matching RSA key ID from, using:

 gpg --import # paste PGP public key block on stdin

2) Update the variables in openssl.config and openssl.version as appropriate. At the very least you will need to update the openssl.version.

3) Run:

 ./ import openssl-*.tar.gz

4) If there are any errors, then modify openssl.config, openssl.version and patches in patches/ as appropriate. You might want to use:

 ./ regenerate patches/*.patch

Repeat step 3.

5) Cleanup before building with:

 m -j16 clean-libcrypto clean-libssl clean-openssl clean-ssltest

6) Build openssl from the external/openssl directory with:

 mm -j16 snod && adb remount && adb sync system

If there are build errors, then patches/*.mk, openssl.config, or may need updating.

7) Run tests to make sure things are working:

 # Run local openssl tests
 (cd android.testssl/ && ./
 # Build and sync libcore tests
 (croot && cd libcore && mm -j16 snod && adb remount && adb sync)
 # Run tests from libcore
 (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/core-tests_intermediates/classes.jar
 # Run tests from Harmony
 (croot && vogar --classpath out/target/common/obj/JAVA_LIBRARIES/apache-harmony-tests_intermediates/classes.jar
 # try an https website
 adb shell am start # confirm result in browser

 The vogar tool can be found externally at

 Quick installation instructions (without rebuilding from source):
    svn co $VOGAR
    mkdir -p $VOGAR/build/
    curl -o $VOGAR/build/vogar.jar

 Within Google, you can find it under:

 # You can also run openssl s_server as a test server on the device:
 adb push ./android.testssl/CAss.cnf /sdcard/CAss.cnf
 adb shell openssl req -config /sdcard/CAss.cnf -x509 -nodes -days 365 -subj '/C=US/ST=California/L=Mountain View/CN=localhost' -newkey rsa:1024 -keyout /sdcard/server.pem -out /sdcard/server.pem
 adb shell openssl s_server -cert /sdcard/server.pem -www -verify 1
 adb shell am start https://localhost:4433 # confirm result in browser

8) Do a full build before checking in:

 m -j16

Optionally, check whether build flags (located in CONFIGURE_ARGS in openssl.config, plus some extras in, need to be updated. Doing this step will help ensure that the compiled library is appropriately optimized for speed and size.

Top Contributors

bdcgoogle kruton klyubin digit-android colincross wangying1015 captain5050 machinaut enh nfuller kmonsen benoitgoby egnor ngm0 dougkwan fire855 snhenson chrisdearman davidben dimitry- bmc08gt j9brown jserv midodd petar-jovanovic rmcc cyanogen


-   cm-11.0-XNPH44S-baco zip tar
-   cm-11.0-XNPH33R-baco zip tar
-   cm-11.0-XNPH30O-baco zip tar
-   cm-11.0-XNPH25R-baco zip tar
-   cm-11.0-XNPH22R-baco zip tar
-   cm-11.0-XNPH05Q-toma zip tar
-   cm-11.0-XNPH05Q-baco zip tar
-   cm-10.2.1 zip tar
-   cm-10.2.0 zip tar
-   cm-10.2-M1 zip tar
-   cm-10.1.3 zip tar
-   cm-10.1.3-RC2 zip tar
-   cm-10.1.3-RC1 zip tar
-   cm-10.1.2 zip tar
-   cm-10.1.1 zip tar
-   cm-10.1.0 zip tar
-   cm-10.1.0-RC5 zip tar
-   cm-10.1.0-RC4 zip tar
-   cm-10.1.0-RC3 zip tar
-   cm-10.1.0-RC2 zip tar
-   cm-10.1.0-RC1 zip tar
-   cm-10.1-M3 zip tar
-   cm-10.1-M2 zip tar
-   cm-10.1-M1 zip tar
-   cm-7.1.0 zip tar
-   cm-7.0.3 zip tar
-   cm- zip tar
-   cm-7.0.1 zip tar
-   cm-7.0.0 zip tar