Bug 1095853 – VUL-0: CVE-2016-1000339: bouncycastle: In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engineclass used for AES was AESFastEngine. Due to the highly table driven approachused in the algorithm it turns out that if the data channel

Bug 1095853 - (CVE-2016-1000339) VUL-0: CVE-2016-1000339: bouncycastle: In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engineclass used for AES was AESFastEngine. Due to the highly table driven approachused in the algorithm it turns out that if the data channel

(CVE-2016-1000339)
Summary:	VUL-0: CVE-2016-1000339: bouncycastle: In the Bouncy Castle JCE Provider vers...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/207116/
Whiteboard:	CVSSv3:RedHat:CVE-2016-1000339:5.1:(A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-06-04 15:33 UTC by Marcus Meissner
Modified:	2020-04-23 15:25 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2018-06-04 15:33:23 UTC

CVE-2016-1000339

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine
class used for AES was AESFastEngine. Due to the highly table driven approach
used in the algorithm it turns out that if the data channel on the CPU can be
monitored the lookup table accesses are sufficient to leak information on the
AES key being used. There was also a leak in AESEngine although it was
substantially less. AESEngine has been modified to remove any signs of leakage
(testing carried out on Intel X86-64) and is now the primary AES class for the
BC JCE provider from 1.56. Use of AESFastEngine is now only recommended where
otherwise deemed appropriate.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1000339
https://github.com/bcgit/bc-java/commit/8a73f08931450c17c749af067b6a8185abdfd2c0#diff-494fb066bed02aeb76b6c005632943f2
https://github.com/bcgit/bc-java/commit/413b42f4d770456508585c830cfcde95f9b0e93b#diff-54656f860db94b867ba7542430cd2ef0

Comment 1 Swamp Workflow Management 2018-06-06 10:30:28 UTC

This is an autogenerated message for OBS integration:
This bug (1095853) was mentioned in
https://build.opensuse.org/request/show/614511 42.3 / bouncycastle

Comment 2 Swamp Workflow Management 2018-06-14 10:08:52 UTC

openSUSE-SU-2018:1689-1: An update that fixes 11 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1072697,1095722,1095849,1095850,1095852,1095853,1095854,1096022,1096024,1096025,1096026
CVE References: CVE-2016-1000338,CVE-2016-1000339,CVE-2016-1000340,CVE-2016-1000341,CVE-2016-1000342,CVE-2016-1000343,CVE-2016-1000344,CVE-2016-1000345,CVE-2016-1000346,CVE-2016-1000352,CVE-2017-13098
Sources used:
openSUSE Leap 42.3 (src):    bouncycastle-1.59-23.3.1

Comment 3 Swamp Workflow Management 2018-07-19 11:10:21 UTC

This is an autogenerated message for OBS integration:
This bug (1095853) was mentioned in
https://build.opensuse.org/request/show/624022 Factory / bouncycastle

Comment 4 Swamp Workflow Management 2018-09-14 15:30:22 UTC

This is an autogenerated message for OBS integration:
This bug (1095853) was mentioned in
https://build.opensuse.org/request/show/635779 15.0 / bouncycastle

Comment 5 Alexandros Toptsoglou 2020-04-23 15:25:18 UTC

Leap 15.1 is not affected