hyoromoのブログ

iOS/AndroidもしくはCocos2dxネタを書いています

Cocos2dx製アプリのOpenSSL問題対応

4/1に届いた「Google Play warning: You are using a vulnerable version of OpenSSL」メールの対応となります。
対応していないと2016/7/11から消されていくらしいので、早めの対応が必要なようです。

OpenSSLのバージョンを調べる

Googleからのメールにあるように、以下のコマンドで OpenSSL 1.02f/1.01r 以前のバージョンが使われていないか調べられます。

$ unzip -p YourApp.apk | strings | grep "OpenSSL"
GmsCore_OpenSSL
UI_OpenSSL
OpenSSLDie
DH_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
DSA_OpenSSL
ECDSA_OpenSSL
ECDH_OpenSSL
could not parse PKCS12 file, check password, OpenSSL error %s
OpenSSL/%lx.%lx.%lx%s
OpenSSL 1.0.1j 15 Oct 2014
%s(%d): OpenSSL internal error, assertion failed: %s
OpenSSL DH Method
OpenSSL default user interface
OpenSSL CMAC method
OpenSSL HMAC method
OpenSSL EC algorithm
OpenSSL RSA method
OpenSSL DSA method
OpenSSL ECDSA method
OpenSSL PKCS#3 DH method
OpenSSL ECDH method
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL default
SSLv2 part of OpenSSL 1.0.1j 15 Oct 2014
SSLv3 part of OpenSSL 1.0.1j 15 Oct 2014
TLSv1 part of OpenSSL 1.0.1j 15 Oct 2014
DTLSv1 part of OpenSSL 1.0.1j 15 Oct 2014
MD4 part of OpenSSL 1.0.1j 15 Oct 2014
MD5 part of OpenSSL 1.0.1j 15 Oct 2014
SHA1 part of OpenSSL 1.0.1j 15 Oct 2014
SHA-256 part of OpenSSL 1.0.1j 15 Oct 2014
DlSHA-512 part of OpenSSL 1.0.1j 15 Oct 2014
DES part of OpenSSL 1.0.1j 15 Oct 2014
libdes part of OpenSSL 1.0.1j 15 Oct 2014
Big Number part of OpenSSL 1.0.1j 15 Oct 2014
(1RSA part of OpenSSL 1.0.1j 15 Oct 2014
Diffie-Hellman part of OpenSSL 1.0.1j 15 Oct 2014
Stack part of OpenSSL 1.0.1j 15 Oct 2014
lhash part of OpenSSL 1.0.1j 15 Oct 2014
EVP part of OpenSSL 1.0.1j 15 Oct 2014
ASN.1 part of OpenSSL 1.0.1j 15 Oct 2014
PEM part of OpenSSL 1.0.1j 15 Oct 2014
X.509 part of OpenSSL 1.0.1j 15 Oct 2014
AES part of OpenSSL 1.0.1j 15 Oct 2014
cU!
   }RC2 part of OpenSSL 1.0.1j 15 Oct 2014
IDEA part of OpenSSL 1.0.1j 15 Oct 2014
CAMELLIA part of OpenSSL 1.0.1j 15 Oct 2014
EDSA part of OpenSSL 1.0.1j 15 Oct 2014
ECDSA part of OpenSSL 1.0.1j 15 Oct 2014
ECDH part of OpenSSL 1.0.1j 15 Oct 2014
RAND part of OpenSSL 1.0.1j 15 Oct 2014
CONF part of OpenSSL 1.0.1j 15 Oct 2014
CONF_def part of OpenSSL 1.0.1j 15 Oct 2014
TXT_DB part of OpenSSL 1.0.1j 15 Oct 2014
+SHA part of OpenSSL 1.0.1j 15 Oct 2014
RIPE-MD160 part of OpenSSL 1.0.1j 15 Oct 2014
RC4 part of OpenSSL 1.0.1j 15 Oct 2014
:Blowfish part of OpenSSL 1.0.1j 15 Oct 2014
\CAST part of OpenSSL 1.0.1j 15 Oct 2014

OpenSSLを更新

project/cocos2d/external/curl 以下のOpenSSLライブラリを更新する必要があります。
公式フォーラムでパッチ公開されている方がいらっしゃったので、以下サイトからパッチをDLして差し替える楽ちん対応で解決出来ます。ありがたい!
http://www.bengigi.com/cocos2d-x-fix-for-openssl-problem/

確認

OpenSSLが 1.02f/1.01r 以上に更新されている事を確認し、更新を行ってください。変わっていない場合はcocos2dxライブラリをビルドし忘れていないか確認ください。

$ unzip -p YourApp.apk | strings | grep "OpenSSL"
GmsCore_OpenSSL
UI_OpenSSL
OpenSSLDie
DH_OpenSSL
OpenSSL_add_all_ciphers
OpenSSL_add_all_digests
DSA_OpenSSL
ECDSA_OpenSSL
ECDH_OpenSSL
could not load PEM client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)
could not load ASN1 client certificate, OpenSSL error %s, (no key found, wrong pass phrase, or wrong file format?)
could not parse PKCS12 file, check password, OpenSSL error %s
could not load PKCS12 client certificate, OpenSSL error %s
unable do create OpenSSL user-interface method
OpenSSL SSL read: %s, errno %d
OpenSSL
OpenSSL 1.0.1r  28 Jan 2016
%s(%d): OpenSSL internal error, assertion failed: %s
OpenSSL DH Method
OpenSSL default user interface
OpenSSL CMAC method
OpenSSL HMAC method
OpenSSL EC algorithm
OpenSSL RSA method
OpenSSL DSA method
OpenSSL ECDSA method
OpenSSL PKCS#3 DH method
OpenSSL ECDH method
You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html
OpenSSL default
SSLv2 part of OpenSSL 1.0.1r  28 Jan 2016
SSLv3 part of OpenSSL 1.0.1r  28 Jan 2016
TLSv1 part of OpenSSL 1.0.1r  28 Jan 2016
DTLSv1 part of OpenSSL 1.0.1r  28 Jan 2016
MD4 part of OpenSSL 1.0.1r  28 Jan 2016
MD5 part of OpenSSL 1.0.1r  28 Jan 2016
SHA1 part of OpenSSL 1.0.1r  28 Jan 2016
SHA-256 part of OpenSSL 1.0.1r  28 Jan 2016
DlSHA-512 part of OpenSSL 1.0.1r  28 Jan 2016
DES part of OpenSSL 1.0.1r  28 Jan 2016
libdes part of OpenSSL 1.0.1r  28 Jan 2016
Big Number part of OpenSSL 1.0.1r  28 Jan 2016
EC part of OpenSSL 1.0.1r  28 Jan 2016
(1RSA part of OpenSSL 1.0.1r  28 Jan 2016
Diffie-Hellman part of OpenSSL 1.0.1r  28 Jan 2016
Stack part of OpenSSL 1.0.1r  28 Jan 2016
lhash part of OpenSSL 1.0.1r  28 Jan 2016
EVP part of OpenSSL 1.0.1r  28 Jan 2016
ASN.1 part of OpenSSL 1.0.1r  28 Jan 2016
PEM part of OpenSSL 1.0.1r  28 Jan 2016
X.509 part of OpenSSL 1.0.1r  28 Jan 2016
AES part of OpenSSL 1.0.1r  28 Jan 2016
cU!
   }RC2 part of OpenSSL 1.0.1r  28 Jan 2016
IDEA part of OpenSSL 1.0.1r  28 Jan 2016
CAMELLIA part of OpenSSL 1.0.1r  28 Jan 2016
EDSA part of OpenSSL 1.0.1r  28 Jan 2016
ECDSA part of OpenSSL 1.0.1r  28 Jan 2016
ECDH part of OpenSSL 1.0.1r  28 Jan 2016
RAND part of OpenSSL 1.0.1r  28 Jan 2016
CONF part of OpenSSL 1.0.1r  28 Jan 2016
CONF_def part of OpenSSL 1.0.1r  28 Jan 2016
TXT_DB part of OpenSSL 1.0.1r  28 Jan 2016
+SHA part of OpenSSL 1.0.1r  28 Jan 2016
RIPE-MD160 part of OpenSSL 1.0.1r  28 Jan 2016
RC4 part of OpenSSL 1.0.1r  28 Jan 2016
:Blowfish part of OpenSSL 1.0.1r  28 Jan 2016
\CAST part of OpenSSL 1.0.1r  28 Jan 2016