Ubuntu
openssl-ibmca package

[UBUNTU 18.04] A fix for the IBMCA engine

Bug #2015454 reported by bugproxy
262
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
High
Skipper Bug Screeners
openssl-ibmca (Ubuntu)
Fix Released
High
bugproxy
Xenial
Fix Released
Undecided
Unassigned
Bionic
Fix Released
Undecided
Unassigned
Focal
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
Unassigned
Kinetic
Fix Released
Undecided
Unassigned
Lunar
Fix Released
High
bugproxy

Bug Description

Bug title / summary:
--------------------
A timing-based side channel exists in the IBMCA engine

Bug description:
----------------
A timing-based side channel exists in the IBMCA engine's RSA decryption implementation, similar to CVE 2022-4304. This side channel could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.

To mitigate this side channel, the IBMCA engine does no longer disable RSA blinding, but makes sure that the underlying OpenSSL code does perform blinding even when the IBMCA engine is used. Note that the underlying OpenSSL code already performs RSA PKCS#1 v1.5 and RSA-OAEP un-padding in a constant-time manner when using the IBMCA engine.

Commit (on top of openssl-ibmca version 2.3.1):
https://github.com/opencryptoki/openssl-ibmca/commit/5c8de9c3dcb232be605bed2f06c3470d6107282d "engine: Enable RSA blinding and offload blinding setup to libica"

Affected:
All distros that include the openssl-ibmca package and build the IBMCA engine.
This includes distros with OpenSSL 1.x.x as well as those with OpenSSL 3.0.0 or later.

Therefore, the following Ubuntu releases are affected and need the fix for the IBMCA engine:
16.04 xenial
18.04 bionic
20.04 focal
22.04 jammy
22.10 kinetic
23.04 lunar

Backports to the respective releases are provided as attachments

See original description
bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-202165 severity-high targetmilestone-inin1804
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Frank Heimes (fheimes)
affects: linux (Ubuntu) → openssl-ibmca (Ubuntu)
Changed in ubuntu-z-systems:
assignee: nobody → bugproxy (bugproxy)
Changed in openssl-ibmca (Ubuntu):
assignee: Skipper Bug Screeners (skipper-screen-team) → bugproxy (bugproxy)
importance: Undecided → High
Changed in ubuntu-z-systems:
importance: Undecided → High
information type: Public → Private Security
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
assignee: bugproxy (bugproxy) → Skipper Bug Screeners (skipper-screen-team)
Frank Heimes (fheimes)
description: updated
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-04-06 07:54 EDT-------
Bug title / summary:
--------------------
A timing-based side channel exists in the IBMCA engine

Bug description:
----------------
A timing-based side channel exists in the IBMCA engine's RSA decryption implementation, similar to CVE 2022-4304. This side channel could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.

To mitigate this side channel, the IBMCA engine does no longer disable RSA blinding, but makes sure that the underlying OpenSSL code does perform blinding even when the IBMCA engine is used. Note that the underlying OpenSSL code already performs RSA PKCS#1 v1.5 and RSA-OAEP un-padding in a constant-time manner when using the IBMCA engine.

Commit (on top of openssl-ibmca version 2.3.1):
https://github.com/opencryptoki/openssl-ibmca/commit/5c8de9c3dcb232be605bed2f06c3470d6107282d "engine: Enable RSA blinding and offload blinding setup to libica"

Affected:
All distros that include the openssl-ibmca package and build the IBMCA engine.
This includes distros with OpenSSL 1.x.x as well as those with OpenSSL 3.0.0 or later.

Therefore, the following Ubuntu releases are affected and need the fix for the IBMCA engine:
16.04 xenial
18.04 bionic
20.04 focal
22.04 jammy
22.10 kinetic
23.04 lunar

Backports to the respective releases are provided as attachments

Revision history for this message
bugproxy (bugproxy) wrote : Patches_for_openssl-ibmca-1.3.0 (backport for xenial)

------- Comment (attachment only) From <email address hidden> 2023-04-06 07:59 EDT-------

Revision history for this message
bugproxy (bugproxy) wrote : Patches_for_openssl-ibmca-1.4.1 (backport for bionic)

------- Comment (attachment only) From <email address hidden> 2023-04-06 08:01 EDT-------

Revision history for this message
bugproxy (bugproxy) wrote : Patches_for_openssl-ibmca-2.1.0 (backport for focal)

------- Comment (attachment only) From <email address hidden> 2023-04-06 08:02 EDT-------

Revision history for this message
bugproxy (bugproxy) wrote : Patches_for_openssl-ibmca-2.2.3 (backport for jammy)

------- Comment (attachment only) From <email address hidden> 2023-04-06 08:03 EDT-------

Revision history for this message
bugproxy (bugproxy) wrote : Patches_for_openssl-ibmca-2.3.0 (backport for kinetic)

------- Comment (attachment only) From <email address hidden> 2023-04-06 08:03 EDT-------

Revision history for this message
bugproxy (bugproxy) wrote : Patches_for_openssl-ibmca-2.3.1 (fix for lunar)

------- Comment (attachment only) From <email address hidden> 2023-04-06 08:05 EDT-------

Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2023-04-06 08:26 EDT-------
*** Bug 202166 has been marked as a duplicate of this bug. ***

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2023-04-06 08:30 EDT-------
*** Bug 202164 has been marked as a duplicate of this bug. ***

------- Comment From <email address hidden> 2023-04-06 08:32 EDT-------
*** Bug 202163 has been marked as a duplicate of this bug. ***

Frank Heimes (fheimes)
description: updated
Revision history for this message
Frank Heimes (fheimes) wrote :

I'm hoping to get this solved for Lunar/23.04 with a version bump to 2.4.0 on an exceptional base,
hence a successful openssl-ibmca v2.4.0 package build was done at PPA:
https://launchpad.net/~fheimes/+archive/ubuntu/openssl-ibmca

Changed in openssl-ibmca (Ubuntu Lunar):
status: New → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

The status for Lunar/23.04 and Kinetic/22.10 is tracked at LP #2015333.

Frank Heimes (fheimes)
Changed in openssl-ibmca (Ubuntu Lunar):
status: In Progress → Fix Committed
Changed in ubuntu-z-systems:
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl-ibmca - 2.4.0-0ubuntu1

---------------
openssl-ibmca (2.4.0-0ubuntu1) lunar; urgency=medium

  * New upstream release. LP: #2015333 and LP: #2015454

 -- Frank Heimes <email address hidden> Tue, 11 Apr 2023 19:51:12 +0200

Changed in openssl-ibmca (Ubuntu Lunar):
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
Changed in openssl-ibmca (Ubuntu Kinetic):
status: New → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

Test build in PPA for jammy is available here:
https://launchpad.net/~fheimes/+archive/ubuntu/openssl-ibmca

Revision history for this message
Frank Heimes (fheimes) wrote :

debdiff for jammy (from 2.2.3-0ubuntu1 to 2.2.3-0ubuntu1.1).

Changed in openssl-ibmca (Ubuntu Jammy):
status: New → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

Test build in PPA for focal is available here:
https://launchpad.net/~fheimes/+archive/ubuntu/openssl-ibmca

Revision history for this message
Frank Heimes (fheimes) wrote :

debdiff for focal (from 2.1.0-0ubuntu1.20.04.1 to 2.1.0-0ubuntu1.20.04.2).

Changed in openssl-ibmca (Ubuntu Focal):
status: New → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

Test build in PPA for bionic is available here:
https://launchpad.net/~fheimes/+archive/ubuntu/openssl-ibmca

Revision history for this message
Frank Heimes (fheimes) wrote :

Test build in PPA for xenial is available here:
https://launchpad.net/~fheimes/+archive/ubuntu/openssl-ibmca

Revision history for this message
Frank Heimes (fheimes) wrote :

Please ignore the debdiffs above,
and find in the attached compressed 'debdiffs_X_to_K.tgz' file all debdiffs (xenial, bionic, focal, jammy and kinetic).

Changed in openssl-ibmca (Ubuntu Bionic):
status: New → In Progress
Changed in openssl-ibmca (Ubuntu Xenial):
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl-ibmca - 2.1.0-0ubuntu1.20.04.2

---------------
openssl-ibmca (2.1.0-0ubuntu1.20.04.2) focal; urgency=medium

  * Fix IBMCA engine security vulnerability LP: #2015454 by adding:
    - d/p/lp-2015454-engine-Enable-RSA-blinding-and-offload-blinding-setu.patch

 -- Frank Heimes <email address hidden> Wed, 12 Apr 2023 21:46:00 +0200

Changed in openssl-ibmca (Ubuntu Focal):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl-ibmca - 1.4.1-0ubuntu1.2

---------------
openssl-ibmca (1.4.1-0ubuntu1.2) bionic; urgency=medium

  * Fix IBMCA engine security vulnerability LP: #2015454 by adding:
    - d/p/lp-2015454-engine-Enable-RSA-blinding-and-offload-blinding-setu.patch

 -- Frank Heimes <email address hidden> Thu, 13 Apr 2023 09:23:22 +0200

Changed in openssl-ibmca (Ubuntu Bionic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl-ibmca - 2.3.0-0ubuntu1.1

---------------
openssl-ibmca (2.3.0-0ubuntu1.1) kinetic; urgency=medium

  * Fix IBMCA provider security vulnerability LP: #2015333 by adding:
    - d/p/lp-2015333-provider-RSA-cipher-Tolerate-implicit-rejection-opti.patch
    - d/p/lp-2015333-provider-RSA-cipher-Fix-copy-paste-error.patch
    - d/p/lp-2015333-provider-Make-ibmca_rsa_check_pkcs1_tls_padding-cons.patch
    - d/p/lp-2015333-provider-Make-ibmca_rsa_check_pkcs1_padding-constant.patch
    - d/p/lp-2015333-provider-Make-ibmca_rsa_check_oaep_mgf1_padding-cons.patch
    - d/p/lp-2015333-provider-Add-support-for-implicit-rejection.patch
    - d/p/lp-2015333-provider-Support-RSA-blinding.patch
    - d/p/lp-2015333-provider-Perform-mod-expo-for-blinding-setup-via-lib.patch
  * Fix IBMCA engine security vulnerability LP: #2015454 by adding:
    - d/p/lp-2015333-engine-Enable-RSA-blinding-and-offload-blinding-setu.patch

 -- Frank Heimes <email address hidden> Wed, 12 Apr 2023 17:11:30 +0200

Changed in openssl-ibmca (Ubuntu Kinetic):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl-ibmca - 2.2.3-0ubuntu1.1

---------------
openssl-ibmca (2.2.3-0ubuntu1.1) jammy; urgency=medium

  * Fix IBMCA engine security vulnerability LP: #2015454 by adding:
    - d/p/lp-2015454-engine-Enable-RSA-blinding-and-offload-blinding-setu.patch

 -- Frank Heimes <email address hidden> Wed, 12 Apr 2023 20:33:30 +0200

Changed in openssl-ibmca (Ubuntu Jammy):
status: In Progress → Fix Released
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: In Progress → Fix Committed
Frank Heimes (fheimes)
Changed in openssl-ibmca (Ubuntu Xenial):
status: In Progress → Fix Released
Changed in ubuntu-z-systems:
status: Fix Committed → Fix Released
Frank Heimes (fheimes)
information type: Private Security → Public
information type: Public → Public Security
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.