Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / bouncycastle / refs/heads/fp2-sibon
commit1c256fed7e64aeaba97f80c756d8078433f25087[log] [tgz]
authorTeow Wan Yee <wy.teow@hi-p.com>Wed Aug 24 14:37:29 2016 +0800
committerJeron Susan <jeron.susan@hi-p.com>Wed Aug 24 15:34:19 2016 +0800
treeaa6ea70eaf2bfa1a6d7a40774960ecba1c8914f9
parent651942f6f410cc9d2688a9342aefda7ec3fe0031 [diff]
FPII-2314: Update- Information disclosure vulnerability in GCM Encryption
CVE-2016-2427 A-26234568

The default tag length is 12 for GCM encoding. After auditing the Android code base, 
there is no code that uses the default and we are passing in 16. Given this vulnerability is not reachable in the 
Android code base unless a developer explicitly chooses a weaker setting, we are reverting
the change and revoking the CVE.

Change-Id: Icfff68372fcbafb3e743a1a9d191536c0c1985c4
1 file changed
tree: aa6ea70eaf2bfa1a6d7a40774960ecba1c8914f9
  1. bcpkix/
  2. bcprov/
  3. patches/
  4. Android.mk
  5. bouncycastle.config
  6. bouncycastle.version
  7. CleanSpec.mk
  8. import_bouncycastle.sh
  9. jarjar-rules.txt
  10. MODULE_LICENSE_BSD_LIKE
  11. NOTICE
  12. README.android