[jitsi-dev] Building libjnopenssl.so


#1

I recently noticed the following debug when starting the first conference after a Videobridge restart:

2015-12-17 18:54:52.324 FINER: [87] org.jitsi.impl.neomedia.transform.srtp.AES.trace() AES benchmark (of execution times expressed in nanoseconds): BouncyCastle 7008643, SunJCE 6389256, SunPKCS11 4360193
2015-12-17 18:54:52.325 FINE: [87] org.jitsi.impl.neomedia.transform.srtp.AES.debug() Will employ AES implemented by SunPKCS11.
2015-12-17 18:54:52.328 WARNING: [87] org.jitsi.impl.neomedia.transform.srtp.HMACSHA1.warn() Failed to employ OpenSSL (Crypto) for an optimized HMAC-SHA1 implementation: /usr/lib/jvb/lib/native/linux-64/libjnopenssl.so: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory
2015-12-17 18:54:52.330 WARNING: [86] org.jitsi.impl.neomedia.transform.srtp.HMACSHA1.warn() Failed to employ OpenSSL (Crypto) for an optimized HMAC-SHA1 implementation: EVP_sha1
2015-12-17 18:54:52.330 WARNING: [87] org.jitsi.impl.neomedia.transform.srtp.SHA1.warn() Failed to employ OpenSSL (Crypto) for an optimized SHA-1 implementation: /usr/lib/jvb/lib/native/linux-64/libjnopenssl.so: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory

CentOS 7 does not offer OpenSSL 1.0.0, so I thought I would try rebuilding the JNI code against v1.0.1. I've found the source under libjitsi/src/native/openssl, but the Ant build file (../build.xml) does not seem to include a target for this library. Any tips on how to rebuild it?

Cheers,
Gavin

Gavin Llewellyn
Lead Software Engineer
t +44 1189 308895
e gavin.llewellyn@xura.com

<mailto:gavin.llewellyn@xura.com%0b%0b>
[cid:image010.png@01D0EBB8.A3083BC0]

<http://www.xura.com/>
[cid:image011.png@01D0EBB8.A3083BC0]<https://twitter.com/i_am_xura> [cid:image012.png@01D0EBB8.A3083BC0] <https://www.linkedin.com/company/1995> [cid:image013.png@01D0EBB8.A3083BC0] <https://www.facebook.com/Xura-163308093686483/> [cid:image014.png@01D0EBB8.A3083BC0] <https://plus.google.com/117205588788549930025/about> [cid:image015.png@01D0EBB8.A3083BC0] <https://www.youtube.com/channel/UCQDtmvjvYomuITYo1ZIyMpg>

···

________________________________
This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Xura, Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to security@xura.com. Thank You.


#2

If there's no target in the build.xml, I probably performed the build
by hand constructing it by looking at other targets.

···

On Fri, Dec 18, 2015 at 5:02 AM, Llewellyn, Gavin <gavin.llewellyn@xura.com> wrote:

I’ve found the source under libjitsi/src/native/openssl, but the Ant build file (../build.xml) does not seem to include a target for this library. Any tips on how to rebuild it?


#3

I think my earlier query got lost in the Christmas holidays: anyone have any tips on building libjnopenssl?

Cheers,
Gavin

Gavin Llewellyn
Lead Software Engineer
t +44 1189 308895
e gavin.llewellyn@xura.com

<mailto:gavin.llewellyn@xura.com%0b%0b>
[cid:image010.png@01D0EBB8.A3083BC0]

<http://www.xura.com/>
[cid:image011.png@01D0EBB8.A3083BC0]<https://twitter.com/i_am_xura> [cid:image012.png@01D0EBB8.A3083BC0] <https://www.linkedin.com/company/1995> [cid:image013.png@01D0EBB8.A3083BC0] <https://www.facebook.com/Xura-163308093686483/> [cid:image014.png@01D0EBB8.A3083BC0] <https://plus.google.com/117205588788549930025/about> [cid:image015.png@01D0EBB8.A3083BC0] <https://www.youtube.com/channel/UCQDtmvjvYomuITYo1ZIyMpg>

···

From: dev [mailto:dev-bounces@jitsi.org] On Behalf Of Llewellyn, Gavin
Sent: 18 December 2015 11:02
To: Jitsi Developers <dev@jitsi.org>
Subject: [jitsi-dev] Building libjnopenssl.so

I recently noticed the following debug when starting the first conference after a Videobridge restart:

2015-12-17 18:54:52.324 FINER: [87] org.jitsi.impl.neomedia.transform.srtp.AES.trace() AES benchmark (of execution times expressed in nanoseconds): BouncyCastle 7008643, SunJCE 6389256, SunPKCS11 4360193
2015-12-17 18:54:52.325 FINE: [87] org.jitsi.impl.neomedia.transform.srtp.AES.debug() Will employ AES implemented by SunPKCS11.
2015-12-17 18:54:52.328 WARNING: [87] org.jitsi.impl.neomedia.transform.srtp.HMACSHA1.warn() Failed to employ OpenSSL (Crypto) for an optimized HMAC-SHA1 implementation: /usr/lib/jvb/lib/native/linux-64/libjnopenssl.so: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory
2015-12-17 18:54:52.330 WARNING: [86] org.jitsi.impl.neomedia.transform.srtp.HMACSHA1.warn() Failed to employ OpenSSL (Crypto) for an optimized HMAC-SHA1 implementation: EVP_sha1
2015-12-17 18:54:52.330 WARNING: [87] org.jitsi.impl.neomedia.transform.srtp.SHA1.warn() Failed to employ OpenSSL (Crypto) for an optimized SHA-1 implementation: /usr/lib/jvb/lib/native/linux-64/libjnopenssl.so: libcrypto.so.1.0.0: cannot open shared object file: No such file or directory

CentOS 7 does not offer OpenSSL 1.0.0, so I thought I would try rebuilding the JNI code against v1.0.1. I've found the source under libjitsi/src/native/openssl, but the Ant build file (../build.xml) does not seem to include a target for this library. Any tips on how to rebuild it?

Cheers,
Gavin

Gavin Llewellyn
Lead Software Engineer
t +44 1189 308895
e gavin.llewellyn@xura.com

<mailto:gavin.llewellyn@xura.com%0b%0b>
[cid:image010.png@01D0EBB8.A3083BC0]

<http://cp.mcafee.com/d/k-Kr6x0i3zqb3ZS6n776jtPqqbdQSkkkTzqaabBTD67PhOrjhpKOyYeupdEEEzATD1RQjp7jcEsuvVzPPOQ0k7JNTBPouT7undLILuOesvW_8zHInhd7avnKnjpohVBxZdOUVfG8FHnjlKO_OEuvkzaT0QSyrsdTdTdw0wZKeYLxJ3P9sxlK5LE2x6kWiU02rhou7ec6PiS8ODiht3P9Ftd40OT8Z2k29EwfAg4olm-5a7ZiFJBMTk9b64x7Smaq>
[cid:image011.png@01D0EBB8.A3083BC0]<http://cp.mcafee.com/d/1jWVIg4wUSyM_txBNNNATsSCyPtdB55dUSyyyVtVNxYQsCQQmrIEL3DCjqaa8VdVMtt4ShQPa77D-oYYYJ051XstVsS7JNTBPrXbTIzD7-LO8WX5QjhODRXBQSm4upovjsKejWyaqRQRrILYG7DR8OJMddFCT3tPtPpesRG9pAP4FP-fbV8lRkl3SUWrgYOn8lrxrW0EhBeAK00CQm7xPz1IQJycFQAngYOqnjh0cJOfgB0yq83V4165lLxix_kGrpsdGG68153r6SN> [cid:image012.png@01D0EBB8.A3083BC0] <http://cp.mcafee.com/d/2DRPoA72gA96Qm7XIcKeecCXCQQmrFIEEFL6QkknbLecfCzASCyPtB5UsYOrhhh79Le3HECOeCpgUY_P7DDBE0EfrzLbCMZKeYKrvpuZAsU_R-h7noKyqek-LsKCOMzPb3WrBNOvkhjmKCHtB_BgY-F6lK1FJASUrKrKr9PCJhbcasva1nQ9gVv5RJwmN4QsCzBYSxVAKgGT2TQ1gzat9s01dEIf3D63pFr4pjF8KxVAQKCy0prAuxa14Qg7O82caHv2B3-FkSOUrmlO3> [cid:image013.png@01D0EBB8.A3083BC0] <http://cp.mcafee.com/d/k-Kr6jqb3ZS6n776jtPqqbdQSkkkTzqaabBTD67PhOrjhpKOyYeupdEEEzATD1RQjp7jcEsuvVzPPOQ0k7JNTBPouT7undLILuOesvW_8zHInhd7avnKnjpohVBxZdOUVfG8FHnjlKO_OEuvkzaT0QSMrsdTdTdAVPmEBC5etSTAaRaYLw3dNQKyUOPtWVEVpsusoupMSxVAKgGT2TQ1gzat9s01dEIf3D63pFr4pjF8KxVAQKCy0prAuxa14Qg7O82caHv2B3-FkSOUrqO8x> [cid:image014.png@01D0EBB8.A3083BC0] <http://cp.mcafee.com/d/1jWVIi4xASyM_txBNNNATsSCyPtdB55dUSyyyVtVNxYQsCQQmrIEL3DCjqaa8VdVMtt4ShQPa77D-oYYYJ051XstVsS7JNTBPrXbTIzD7-LO8WX5QjhODRXBQSm4upovjsKejWyaqRQRrILYG7DR8OJMddLCT3tPtPpesRG9pyNXte8RGhf_BYhh79Tvvuu7fffI6zAQsITKC_CAaJPdEupbAaJMJZ0k8ODin00jqb3MVNwSqmN6kWibEupdbFEw6mV7Eiwhd41Yy0z2GTMFg_GldIK6Z2fe> [cid:image015.png@01D0EBB8.A3083BC0] <http://cp.mcafee.com/d/avndzgw83gQrhovKMOUUUOrKrjhpKCOyyCYrhhhsKYUM-qejqqbdSknxPP9J554sCYUeKyr8WpB3zP_cuuumw2wZKeYKr3SUXOVJZBXShPz_nV4ttyW9EVjWZOWrb2fcIfFKn79Zh5dqWqJSn-l3PWApmU6CT3rxKVKVIDeqR4IMFNqHsSO7YLByuMxV-1ci0seCGp4j87GGS6wA3Rh0Adb3qN4SxVAKgGT2TQ1gzat9s01dEIf3D63pFr4pjF8KxVAQKCy0prAuxa14Qg7O82caHv2B3-FkSOUrG_Tg>

________________________________
This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Xura, Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to security@xura.com<mailto:security@xura.com>. Thank You.
________________________________
This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Xura, Inc. or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to security@xura.com. Thank You.


#4

Hi,

···

2016-01-29 12:53 GMT+01:00 Llewellyn, Gavin <gavin.llewellyn@xura.com>:

I think my earlier query got lost in the Christmas holidays: anyone have
any tips on building libjnopenssl?

Cheers,

Gavin

*Gavin Llewellyn*
Lead Software Engineer

*t* +44 1189 308895
*e* gavin.llewellyn@xura.com

<gavin.llewellyn@xura.com%0b%0b>

[image: cid:image010.png@01D0EBB8.A3083BC0]

<http://www.xura.com/>

[image: cid:image011.png@01D0EBB8.A3083BC0]
<https://twitter.com/i_am_xura> [image:
cid:image012.png@01D0EBB8.A3083BC0]
<https://www.linkedin.com/company/1995> [image:
cid:image013.png@01D0EBB8.A3083BC0]
<https://www.facebook.com/Xura-163308093686483/> [image:
cid:image014.png@01D0EBB8.A3083BC0]
<https://plus.google.com/117205588788549930025/about> [image:
cid:image015.png@01D0EBB8.A3083BC0]
<https://www.youtube.com/channel/UCQDtmvjvYomuITYo1ZIyMpg>

*From:* dev [mailto:dev-bounces@jitsi.org] *On Behalf Of *Llewellyn, Gavin
*Sent:* 18 December 2015 11:02
*To:* Jitsi Developers <dev@jitsi.org>
*Subject:* [jitsi-dev] Building libjnopenssl.so

I recently noticed the following debug when starting the first conference
after a Videobridge restart:

2015-12-17 18:54:52.324 FINER: [87]
org.jitsi.impl.neomedia.transform.srtp.AES.trace() AES benchmark (of
execution times expressed in nanoseconds): BouncyCastle 7008643, SunJCE
6389256, SunPKCS11 4360193

2015-12-17 18:54:52.325 FINE: [87]
org.jitsi.impl.neomedia.transform.srtp.AES.debug() Will employ AES
implemented by SunPKCS11.

2015-12-17 18:54:52.328 WARNING: [87]
org.jitsi.impl.neomedia.transform.srtp.HMACSHA1.warn() Failed to employ
OpenSSL (Crypto) for an optimized HMAC-SHA1 implementation:
/usr/lib/jvb/lib/native/linux-64/libjnopenssl.so: libcrypto.so.1.0.0:
cannot open shared object file: No such file or directory

2015-12-17 18:54:52.330 WARNING: [86]
org.jitsi.impl.neomedia.transform.srtp.HMACSHA1.warn() Failed to employ
OpenSSL (Crypto) for an optimized HMAC-SHA1 implementation: EVP_sha1

2015-12-17 18:54:52.330 WARNING: [87]
org.jitsi.impl.neomedia.transform.srtp.SHA1.warn() Failed to employ OpenSSL
(Crypto) for an optimized SHA-1 implementation:
/usr/lib/jvb/lib/native/linux-64/libjnopenssl.so: libcrypto.so.1.0.0:
cannot open shared object file: No such file or directory

CentOS 7 does not offer OpenSSL 1.0.0, so I thought I would try rebuilding
the JNI code against v1.0.1. I’ve found the source under
libjitsi/src/native/openssl, but the Ant build file (../build.xml) does not
seem to include a target for this library. Any tips on how to rebuild it?

Cheers,

Gavin

*Gavin Llewellyn*
Lead Software Engineer

*t* +44 1189 308895
*e* gavin.llewellyn@xura.com

<gavin.llewellyn@xura.com%0b%0b>

[image: cid:image010.png@01D0EBB8.A3083BC0]

<http://cp.mcafee.com/d/k-Kr6x0i3zqb3ZS6n776jtPqqbdQSkkkTzqaabBTD67PhOrjhpKOyYeupdEEEzATD1RQjp7jcEsuvVzPPOQ0k7JNTBPouT7undLILuOesvW_8zHInhd7avnKnjpohVBxZdOUVfG8FHnjlKO_OEuvkzaT0QSyrsdTdTdw0wZKeYLxJ3P9sxlK5LE2x6kWiU02rhou7ec6PiS8ODiht3P9Ftd40OT8Z2k29EwfAg4olm-5a7ZiFJBMTk9b64x7Smaq>
<http://lists.jitsi.org/mailman/listinfo/dev>

same problem here,
in general where are the sources of all .so ?

Regards
Etienne


#5

Hi all,

> I’ve found the source under libjitsi/src/native/openssl, but the Ant
build file (../build.xml) does not seem to include a target for this
library. Any tips on how to rebuild it?

If there's no target in the build.xml, I probably performed the build
by hand constructing it by looking at other targets.

I've rebuild libjnopenssl.so like this: (on a fedora 23)
gcc -c
-I/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.71-1.b15.fc23.x86_64/include/
-I/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.71-1.b15.fc23.x86_64/include/linux/
-fPIC -O2 *.c
gcc -O2 -fPIC -o libjnopenssl.so -shared -Wl,-soname,libjnopenssl.so *.o
-lcrypto

or to statically link againt libcrypto (openssl):
sudo dnf install openssl-static
gcc -c
-I/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.71-1.b15.fc23.x86_64/include/
-I/usr/lib/jvm/java-1.8.0-openjdk-1.8.0.71-1.b15.fc23.x86_64/include/linux/
-fPIC -O2 *.c
gcc -O2 -o libjnopenssl.so -shared -Wl,-soname,libjnopenssl.so *.o
/usr/lib64/libcrypto.a

in both cases i get:
AVERTISSEMENT: Failed to employ OpenSSL (Crypto) for an optimized HMAC-SHA1
implementation: HMAC_Init_ex(SHA-1/HMAC)

I think it come from:

ctx must have been created with HMAC_CTX_new() before the first use of an
HMAC_CTX in this function. N.B. HMAC_Init() had this undocumented behaviour
in previous versions of OpenSSL - failure to switch to HMAC_Init_ex() in
programs that expect it will cause them to stop working.

https://www.openssl.org/docs/manmaster/crypto/hmac.html

To simplify deployment libjnopenssl.so (and maybe other) could be
statically linked (except libc)

Have a good weekend
Etienne

···

2016-01-29 16:32 GMT+01:00 Lyubomir Marinov <lyubomir.marinov@jitsi.org>:

On Fri, Dec 18, 2015 at 5:02 AM, Llewellyn, Gavin > <gavin.llewellyn@xura.com> wrote:


#6

I believe Gavin wrote the path to the sources in his original e-mail
i.e. src/native/.

···

On Fri, Jan 29, 2016 at 7:24 AM, Etienne Champetier <champetier.etienne@gmail.com> wrote:

in general where are the sources of all .so ?


#7

thanks

···

2016-01-29 16:33 GMT+01:00 Lyubomir Marinov <lyubomir.marinov@jitsi.org>:

On Fri, Jan 29, 2016 at 7:24 AM, Etienne Champetier > <champetier.etienne@gmail.com> wrote:
> in general where are the sources of all .so ?

I believe Gavin wrote the path to the sources in his original e-mail
i.e. src/native/.