Checking Android app for OpenSSL vulnerability -
i used terminal command unzip -p app.apk | strings | grep "openssl" suggested here
i following result in terminal:
gmscore_openssl +com.android.org.conscrypt.opensslsocketimpl 7org.apache.harmony.xnet.provider.jsse.opensslsocketimpl openssl 1.0.2h 3 may 2016 %s(%d): openssl internal error, assertion failed: %s openssl dh method openssl x9.42 dh method openssl pkcs#3 dh method openssl cmac method openssl hmac method openssl ec algorithm openssl rsa method openssl dsa method openssl ecdsa method openssl ecdh method need read openssl faq, http://www.openssl.org/support/faq.html openssl default openssl default user interface openssl 'dlfcn' shared library method tlsv1 part of openssl 1.0.2h 3 may 2016 sslv3 part of openssl 1.0.2h 3 may 2016 dtlsv1 part of openssl 1.0.2h 3 may 2016 md5 part of openssl 1.0.2h 3 may 2016 sha1 part of openssl 1.0.2h 3 may 2016 sha-256 part of openssl 1.0.2h 3 may 2016 sha-512 part of openssl 1.0.2h 3 may 2016 big number part of openssl 1.0.2h 3 may 2016 ec part of openssl 1.0.2h 3 may 2016 (1rsa part of openssl 1.0.2h 3 may 2016 diffie-hellman part of openssl 1.0.2h 3 may 2016 stack part of openssl 1.0.2h 3 may 2016 lhash part of openssl 1.0.2h 3 may 2016 evp part of openssl 1.0.2h 3 may 2016 asn.1 part of openssl 1.0.2h 3 may 2016 pem part of openssl 1.0.2h 3 may 2016 x.509 part of openssl 1.0.2h 3 may 2016 des part of openssl 1.0.2h 3 may 2016 libdes part of openssl 1.0.2h 3 may 2016 aes part of openssl 1.0.2h 3 may 2016 rc2 part of openssl 1.0.2h 3 may 2016 idea part of openssl 1.0.2h 3 may 2016 camellia part of openssl 1.0.2h 3 may 2016 edsa part of openssl 1.0.2h 3 may 2016 ecdsa part of openssl 1.0.2h 3 may 2016 ecdh part of openssl 1.0.2h 3 may 2016 rand part of openssl 1.0.2h 3 may 2016 conf part of openssl 1.0.2h 3 may 2016 conf_def part of openssl 1.0.2h 3 may 2016 txt_db part of openssl 1.0.2h 3 may 2016 rc4 part of openssl 1.0.2h 3 may 2016 sha-256 part of openssl 1.0.1p 9 jul 2015 cu! }aes part of openssl 1.0.1p 9 jul 2015 - does know how interpret these?!
- the last line causes concern "openssl 1.0.1p 9 jul 2015". should worry this? if how find out issue , how fix it?!
thank you.
Comments
Post a Comment