bouncycastle: Information leak in AESFastEngine class

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

PT-2018-4633 · Bouncy Castle +3 · Bouncy Castle Jce Provider +3

Name of the Vulnerable Software and Affected Versions: Bouncy Castle JCE Provider versions 1.55 and earlier Description: The issue is related to the AES algorithm implementation in the Bouncy Castle JCE Provider. Specifically, the AESFastEngine class used in versions 1.55 and earlier has a highly...