I need to use CyaSSL on Android for a project I'm working on. I've been trying, without much success to follow CyaSSL's instructions to build it into the kernel. The main issue is the build structure seems to have changed significantly from the version of Android the instructions were written for, to the current version.
I'll list the steps and the associated problems.
1) Copy the "cyassl" directory from "src/external/cyassl" of the provider to the "/external" directory of the Android platform. This folder should be now located at: /external/cyassl
This step is fine.
2) Open /build/core/prelink-linux-map.map and add a new entry for libcyassl.so under the heading "# libraries for specific apps or temporary libraries." It should look similar to the following: ibcyassl.so
This step seems to be unnecessary with the latest versions of Android, since the prelinking has been removed.
3) Open the file /dalvik/libnativehelper/Android.mk and add libcyassl.so to the shared_libraries list.
This file looks to have moved, I found what I think is the correct file under WORKING_DIRECTORY/libnativehelper/Android.mk and edited accordingly.
4) Copy the "yassl" directory from "src/libcore/yassl" of the provider source to the "/libcore" directory of the Android platform. This folder should now be located at: /libcore/yassl
No problem here.
5) The SSL Provider initilization method must be registered with the Android platform. Open the file /dalvik/libnativehelper/Register.c. Add the "register_com_yassl_xnet_provider_jsse_NativeCrypto" method under the entry for the existing provider. When added, it should look as follows:
if (register_org_apache_harmony_xnet_provider_jsse_NativeCrypto(env) != 0)
goto bail;
if (register_com_yassl_xnet_provider_jsse_NativeCrypto(env) != 0)
goto bail;
This file, Register.c does not exist, and I've no idea what to do with step 5.
6) The provider initialization method must also be added to the header file at /dalvik/libnativehelper/include/nativehelper/AndroidSystemNatives.h. Add the following method declaration to this file under the declaration for the existing SSL provider. When added, it should look as follows:
int register_org_apache_harmony_xnet_provider_jsse_NativeCrypto(JNIEnv *env);
int register_com_yassl_xnet_provider_jsee_NativeCrypto(JNIEnv *env);
This file, AndroidSystemNatives.h also doesn't seem to exist, so again, not sure what to do here.
7) Open the "security.properties" file (located at /libcore/securit/src/main/java/java/security/security.properties). Make the following changes to configure the CyaSSL provider:
a) Add the following line to the list of providers. This line needs to be above the default "org.apache.harmony.xnet.provider.jsse.JSSEProvider" provider. Note the numbers beside each provider.It might be necessary to re-number this list after inserting the new provider.
"security.provider.3=com.yassl.xnet.provider.jsse.JSSEProvider"
b) Change the "ssl.SocketFactory.provider" entry to the new CyaSSL Provider. After modification, it should read as follows:
"ssl.SocketFactory.provider=com.yassl.xnet.provider.jsse.SocketFactoryImpl"
This file now seems to be at /libcore/luni/src/main/java/java/security which I edited accordingly. However, it won't build due to the missing steps that I don't know how to handle. I've done quite a bit of searching and came up with nothing useful. My options seem to be at this point -
1) Get the above working.
2) Revert to building an older version of Android (and all the associated hassle that goes with, downgrading Java, Gcc, pyhton etc)
3) Find a way to use the CyaSSL Android library without baking it into the kernel (I'm not sure if this is possible)
Any advice or direction would be much appreciated.
As an alternative we have a JNI Wrapper available that would make what you're trying to do much easier and should work flawlessly with Android. It's much easier to get working than what you are trying to do. I'm not sure if that's an option for you?
Anyways, you can get our JNI from here: http://wolfssl.com/yaSSL/Products-wolfssljni.html
And since you will need to build and install CyaSSL in order to use the JNI you can get that here: http://wolfssl.com/yaSSL/Products-cyassl.html
You can find the instructions on getting it all set up and working by following this guide: http://wolfssl.com/yaSSL/Docs-wolfssl-jni-manual.html
If this is an option for you I highly suggest looking into it. We will have an Android SSL Client on the Google Play store soon that uses the JNI I linked above.
Edit: For an example of what I listed above, you can download our SSL Client that uses the our wolfSSL JNI. https://play.google.com/store/apps/details?id=com.wolfssl.client