How are the .so files under jniLibs created?

Question

How are the .so files under jniLibs created?

fr1550n opened this issue a year ago · 5 comments

The Google Play Dev Console is warning me that:

Your app uses a defective version of the OpenSSL library, which can cause your app to crash. Update to a fixed version of OpenSSL.
Defective versions:
OpenSSL 1.1.1c in
lib/arm64-v8a/libstunnel.so,
lib/armeabi-v7a/libstunnel.so,
lib/armeabi/libstunnel.so

I was wondering how to update the .so files above (which came from your repo), my guess would be to obtain the latest library provided in the android zip file here: https://www.stunnel.org/downloads/stunnel-5.71-android.zip i.e. it contains a file named stunnel
and then somehow generate the different jniLibs versions mentioned in the error above, from it.

Can you help?

Thanks, I love the work you've put into this project.

fr1550n commented a year ago

Cheers!

Answer 1 · 2023-10-27T15:37:38.000Z

More info on why it 'can cause your app to crash' is here:
https://support.google.com/faqs/answer/12576638

Answer 2 · 2023-10-27T16:12:51.000Z

The libstunnel.so files are really just the Android executables from https://www.stunnel.org/downloads.html
If i recall correctly, renaming such executables to libX.so and placing them in the jniLibs directory causes these files to be unpacked on the device with executable permissions (as would be required for native libs, what this mechanism was actually intended for).
So you're right, you'd just need the latest stunnel binary, rename it, and place it in the jniLibs directory. However, apparently the latest version now also comes with an openssl binary, I'm not exactly sure what that is about. I guess that binary will need to be loaded via System.loadLibrary().
I'll take a closer look into that on the weekend.

Answer 3 · 2023-10-27T16:39:41.000Z

I had assumed the files under the different dirs: armeabi, armeabi-v7a and arm64-v8a were different, but sure enough they're all the same file (MD5 hashes below):

b0bdd28a05f8ad06594df4c564fab368 *android-stunnel-lib/stunnel/src/main/jniLibs/armeabi/libstunnel.so
b0bdd28a05f8ad06594df4c564fab368 *android-stunnel-lib/stunnel/src/main/jniLibs/armeabi-v7a/libstunnel.so
b0bdd28a05f8ad06594df4c564fab368 *android-stunnel-lib/stunnel/src/main/jniLibs/arm64-v8a/libstunnel.so

I wasn't expecting that! I'm not sure that's necessarily correct but it seems to work for me on a range of devices...

Answer 4 · 2023-10-29T18:01:45.000Z

Ideally, we'd have different binaries for each ABI (ideally even for x86 ABIs). But only a single ARM 32-bit binary is provided at https://www.stunnel.org/downloads.html (I guess it's armeabi-v7a), which works on both 32-bit and 64-bit ARM devices. The lib must include that same file three times so that the executable is properly extracted on all devices. If you were to delete the file from arm64-v8a and then run your app on a 64-bit phone, you should get an error as in #1
If you upload your app as a bundle to the Play Store, then I believe the users downloading the app will only download the native libraries for the ABI they actually need. So it's really not that bad to have the same file thrice.

In any case, I updated the lib's Stunnel binaries to 5.71. The openssl binary included in newer versions seems to be an executable as well, not a library. As such, it shouldn't be necessary to include that here.
You can use version 1.0.2 of this lib, then I'd expect that publishing problem to go away.