CVE-2022-45146 - Bouncy Castle BC-FJA FIPS Java API Issue in Java 13 and Later

A recently discovered issue (CVE-2022-45146) affects the FIPS Java API of Bouncy Castle BC-FJA versions before 1..2.4. This vulnerability occurs when using Java 13 and later due to changes in the JVM garbage collector. Temporary keys used by the FIPS module can be zeroed out while still in use, leading to errors or potential information loss. Notably, FIPS compliant users are unaffected since FIPS certification is only for Java 7, 8, and 11.

The following code snippet demonstrates a scenario where the vulnerability might be triggered

import org.bouncycastle.crypto.fips.FipsTripleDES;
import org.bouncycastle.crypto.fips.FipsTripleDESEngine;
import org.bouncycastle.crypto.params.KeyParameter;
import org.bouncycastle.util.encoders.Hex;

public class BCFIPSTest {
    public static void main(String[] args) {
        byte[] keyValue = Hex.decode("0123456789ABCDEFFEDCBA98765432100123456789ABCDEF");
        FipsTripleDES.Key tripleDesKey = FipsTripleDES.createKey(keyValue);
        FipsTripleDESEngine engine = new FipsTripleDESEngine();
        engine.init(true, new KeyParameter(tripleDesKey));
        ...
    }
}

Exploit Details

The issue arises due to changes in the JVM garbage collector in Java 13 and later versions. The garbage collector might zero out temporary keys used by the FIPS module while they are still in use, resulting in errors or potential information loss.

It should be noted that FIPS compliant users are unaffected by this issue since FIPS certification is only for Java 7, 8, and 11. However, users who are using Java 13 and later with Bouncy Castle BC-FJA in a non-FIPS compliant environment should be aware of this vulnerability and consider updating their Bouncy Castle BC-FJA version to 1..2.4 or later.

Mitigation

To safeguard against this vulnerability, users are advised to update their Bouncy Castle BC-FJA installation to version 1..2.4 or later. Download the latest release from the Bouncy Castle official website here:

- Bouncy Castle BC-FJA 1..2.4: https://www.bouncycastle.org/download/bc-fja-1..2.4.tar.gz

Original References

For more information on CVE-2022-45146 and the Bouncy Castle BC-FJA vulnerability, refer to the following resources:

1. CVE-2022-45146 (NVD): https://nvd.nist.gov/vuln/detail/CVE-2022-45146
2. Bouncy Castle BC-FJA GitHub Repository (Issue #96): https://github.com/bcgit/bc-java/issues/96

Conclusion

In conclusion, CVE-2022-45146 is an issue affecting the FIPS Java API of Bouncy Castle BC-FJA versions before 1..2.4 when used with Java 13 and later. Users should update their Bouncy Castle BC-FJA to the latest version (1..2.4 or later) to mitigate this vulnerability. It is important to note that FIPS compliant users are unaffected by this issue since the FIPS certification only covers Java 7, 8, and 11.

Timeline

Published on: 11/21/2022 10:15:00 UTC
Last modified on: 11/30/2022 15:14:00 UTC