Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Spongycastle having openssl issue. App rejected by google play #25

Open
xiaogegexiao opened this issue Aug 2, 2016 · 1 comment
Open

Spongycastle having openssl issue. App rejected by google play #25

xiaogegexiao opened this issue Aug 2, 2016 · 1 comment

Comments

@xiaogegexiao
Copy link

Hi
I have uploaded an updated apk to play store which has spongycastle added in gradle script.

But the apk got rejected by google play who sent me a message

OpenSSL
The vulnerabilities were addressed in OpenSSL 1.02f/1.01r. To confirm your OpenSSL version, you can do a grep search for:

$ unzip -p YourApp.apk | strings | grep "OpenSSL"

You can find more information and next steps in this Google Help Center article.

I followed the steps and found these

OpenSSLPBKDF
!$PBEWithMD5And128BitAESCBCOpenSSL
!$PBEWithMD5And192BitAESCBCOpenSSL
!$PBEWithMD5And256BitAESCBCOpenSSL
BLorg/spongycastle/crypto/generators/OpenSSLPBEParametersGenerator;
QLorg/spongycastle/jcajce/provider/symmetric/AES$PBEWithMD5And128BitAESCBCOpenSSL;
QLorg/spongycastle/jcajce/provider/symmetric/AES$PBEWithMD5And192BitAESCBCOpenSSL;
QLorg/spongycastle/jcajce/provider/symmetric/AES$PBEWithMD5And256BitAESCBCOpenSSL;
BLorg/spongycastle/jcajce/provider/symmetric/OpenSSLPBKDF$Mappings;
?Lorg/spongycastle/jcajce/provider/symmetric/OpenSSLPBKDF$PBKDF;
9Lorg/spongycastle/jcajce/provider/symmetric/OpenSSLPBKDF;
MLorg/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder$1$1;
MLorg/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder$1$2;
KLorg/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder$1;
ILorg/spongycastle/openssl/jcajce/JceOpenSSLPKCS8DecryptorProviderBuilder;
CLorg/spongycastle/openssl/jcajce/JceOpenSSLPKCS8EncryptorBuilder$1;
ALorg/spongycastle/openssl/jcajce/JceOpenSSLPKCS8EncryptorBuilder;

OpenSSLPBKDF
"PBEWithMD5And128BitAES-CBC-OpenSSL
"PBEWithMD5And192BitAES-CBC-OpenSSL
"PBEWithMD5And256BitAES-CBC-OpenSSL
PBKDF-OpenSSL
Unable to create OpenSSL PBDKF:
+com.android.org.conscrypt.OpenSSLSocketImpl
7org.apache.harmony.xnet.provider.jsse.OpenSSLSocketImpl
OpenSSLDie
DH_OpenSSL
DSA_OpenSSL
ECDH_OpenSSL
ECDSA_OpenSSL
%s(%d): OpenSSL internal error, assertion failed: %s
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL CMAC method
OpenSSL PKCS#3 DH method
OpenSSL DH Method
OpenSSL DSA method
OpenSSL EC algorithm
OpenSSL ECDH method
OpenSSL ECDSA method
OpenSSL HMAC method
OpenSSL RSA method
OpenSSL 'dlfcn' shared library method
OpenSSL default
EVP part of OpenSSL 1.0.1c 10 May 2012
cU!
}AES part of OpenSSL 1.0.1c 10 May 2012
ASN.1 part of OpenSSL 1.0.1c 10 May 2012
Big Number part of OpenSSL 1.0.1c 10 May 2012
lhash part of OpenSSL 1.0.1c 10 May 2012
RAND part of OpenSSL 1.0.1c 10 May 2012
SHA1 part of OpenSSL 1.0.1c 10 May 2012
SHA-256 part of OpenSSL 1.0.1c 10 May 2012
DlSHA-512 part of OpenSSL 1.0.1c 10 May 2012
Stack part of OpenSSL 1.0.1c 10 May 2012
Diffie-Hellman part of OpenSSL 1.0.1c 10 May 2012
DSA part of OpenSSL 1.0.1c 10 May 2012
(1ECDH part of OpenSSL 1.0.1c 10 May 2012
ECDSA part of OpenSSL 1.0.1c 10 May 2012
RSA part of OpenSSL 1.0.1c 10 May 2012
X.509 part of OpenSSL 1.0.1c 10 May 2012
ECONF part of OpenSSL 1.0.1c 10 May 2012
MD5 part of OpenSSL 1.0.1c 10 May 2012
CONF_def part of OpenSSL 1.0.1c 10 May 2012
OpenSSLDie
DH_OpenSSL
DSA_OpenSSL
ECDH_OpenSSL
ECDSA_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
UI_OpenSSL
%s(%d): OpenSSL internal error, assertion failed: %s
OpenSSL 1.0.0p 8 Jan 2015
OpenSSL default
OpenSSL PKCS#3 DH method
OpenSSL DH Method
OpenSSL DSA method
OpenSSL 'dlfcn' shared library method
OpenSSL EC algorithm
OpenSSL ECDH method
OpenSSL ECDSA method
OpenSSL HMAC method
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL RSA method
OpenSSL default user interface
AES part of OpenSSL 1.0.0p 8 Jan 2015
ASN.1 part of OpenSSL 1.0.0p 8 Jan 2015
Blowfish part of OpenSSL 1.0.0p 8 Jan 2015
Big Number part of OpenSSL 1.0.0p 8 Jan 2015
CONF_def part of OpenSSL 1.0.0p 8 Jan 2015
CONF part of OpenSSL 1.0.0p 8 Jan 2015
DES part of OpenSSL 1.0.0p 8 Jan 2015
libdes part of OpenSSL 1.0.0p 8 Jan 2015
Diffie-Hellman part of OpenSSL 1.0.0p 8 Jan 2015
DSA part of OpenSSL 1.0.0p 8 Jan 2015
^ECDH part of OpenSSL 1.0.0p 8 Jan 2015
ECDSA part of OpenSSL 1.0.0p 8 Jan 2015
EVP part of OpenSSL 1.0.0p 8 Jan 2015
lhash part of OpenSSL 1.0.0p 8 Jan 2015
MD4 part of OpenSSL 1.0.0p 8 Jan 2015
MD5 part of OpenSSL 1.0.0p 8 Jan 2015
PEM part of OpenSSL 1.0.0p 8 Jan 2015
RAND part of OpenSSL 1.0.0p 8 Jan 2015
RC2 part of OpenSSL 1.0.0p 8 Jan 2015
RC4 part of OpenSSL 1.0.0p 8 Jan 2015
RIPE-MD160 part of OpenSSL 1.0.0p 8 Jan 2015
RSA part of OpenSSL 1.0.0p 8 Jan 2015
SHA1 part of OpenSSL 1.0.0p 8 Jan 2015
SHA-256 part of OpenSSL 1.0.0p 8 Jan 2015
DlSHA-512 part of OpenSSL 1.0.0p 8 Jan 2015
Stack part of OpenSSL 1.0.0p 8 Jan 2015
TXT_DB part of OpenSSL 1.0.0p 8 Jan 2015
X.509 part of OpenSSL 1.0.0p 8 Jan 2015
OpenSSLDie
OpenSSL 1.0.0p 8 Jan 2015
SSLv2 part of OpenSSL 1.0.0p 8 Jan 2015
SSLv3 part of OpenSSL 1.0.0p 8 Jan 2015
TLSv1 part of OpenSSL 1.0.0p 8 Jan 2015

I'm wondering if you can help to give me some advice on this?

Thanks
@aftabsikander
Copy link

@xiaogegexiao Did you solved this issue, are you still facing this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@xiaogegexiao @aftabsikander