CVE-2016-1000339

Name of the Vulnerable Software and Affected Versions Bouncy Castle JCE Provider versions 1.55 and earlier

Description The issue is related to the AES algorithm implementation in the Bouncy Castle JCE Provider. Specifically, the AESFastEngine class used in versions 1.55 and earlier has a highly table-driven approach that can leak information about the AES key being used if the CPU's data channel can be monitored. Although AESEngine also had a leak, it was less substantial. The AESEngine class has been modified to remove any signs of leakage and is now the primary AES class for the BC JCE provider from version 1.56.

Recommendations For Bouncy Castle JCE Provider versions 1.55 and earlier, consider updating to version 1.56 or later, where AESEngine is used as the primary AES class, to mitigate the risk of key leakage. As a temporary workaround, consider avoiding the use of AESFastEngine unless otherwise deemed necessary.