[UBUNTU 18.04] A fix for the IBMCA engine
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
High
|
Skipper Bug Screeners | ||
openssl-ibmca (Ubuntu) |
Fix Released
|
High
|
bugproxy | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Fix Released
|
Undecided
|
Unassigned | ||
Kinetic |
Fix Released
|
Undecided
|
Unassigned | ||
Lunar |
Fix Released
|
High
|
bugproxy |
Bug Description
Bug title / summary:
-------
A timing-based side channel exists in the IBMCA engine
Bug description:
----------------
A timing-based side channel exists in the IBMCA engine's RSA decryption implementation, similar to CVE 2022-4304. This side channel could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
To mitigate this side channel, the IBMCA engine does no longer disable RSA blinding, but makes sure that the underlying OpenSSL code does perform blinding even when the IBMCA engine is used. Note that the underlying OpenSSL code already performs RSA PKCS#1 v1.5 and RSA-OAEP un-padding in a constant-time manner when using the IBMCA engine.
Commit (on top of openssl-ibmca version 2.3.1):
https:/
Affected:
All distros that include the openssl-ibmca package and build the IBMCA engine.
This includes distros with OpenSSL 1.x.x as well as those with OpenSSL 3.0.0 or later.
Therefore, the following Ubuntu releases are affected and need the fix for the IBMCA engine:
16.04 xenial
18.04 bionic
20.04 focal
22.04 jammy
22.10 kinetic
23.04 lunar
Backports to the respective releases are provided as attachments
tags: | added: architecture-s39064 bugnameltc-202165 severity-high targetmilestone-inin1804 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
affects: | linux (Ubuntu) → openssl-ibmca (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → bugproxy (bugproxy) |
Changed in openssl-ibmca (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → bugproxy (bugproxy) |
importance: | Undecided → High |
Changed in ubuntu-z-systems: | |
importance: | Undecided → High |
information type: | Public → Private Security |
Changed in ubuntu-z-systems: | |
assignee: | bugproxy (bugproxy) → Skipper Bug Screeners (skipper-screen-team) |
description: | updated |
description: | updated |
Changed in openssl-ibmca (Ubuntu Lunar): | |
status: | In Progress → Fix Committed |
Changed in ubuntu-z-systems: | |
status: | New → In Progress |
Changed in openssl-ibmca (Ubuntu Kinetic): | |
status: | New → In Progress |
Changed in ubuntu-z-systems: | |
status: | In Progress → Fix Committed |
Changed in openssl-ibmca (Ubuntu Xenial): | |
status: | In Progress → Fix Released |
Changed in ubuntu-z-systems: | |
status: | Fix Committed → Fix Released |
information type: | Private Security → Public |
information type: | Public → Public Security |
------- Comment From <email address hidden> 2023-04-06 07:54 EDT------- ------- ------
Bug title / summary:
-------
A timing-based side channel exists in the IBMCA engine
Bug description:
----------------
A timing-based side channel exists in the IBMCA engine's RSA decryption implementation, similar to CVE 2022-4304. This side channel could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack.
To mitigate this side channel, the IBMCA engine does no longer disable RSA blinding, but makes sure that the underlying OpenSSL code does perform blinding even when the IBMCA engine is used. Note that the underlying OpenSSL code already performs RSA PKCS#1 v1.5 and RSA-OAEP un-padding in a constant-time manner when using the IBMCA engine.
Commit (on top of openssl-ibmca version 2.3.1): /github. com/opencryptok i/openssl- ibmca/commit/ 5c8de9c3dcb232b e605bed2f06c347 0d6107282d "engine: Enable RSA blinding and offload blinding setup to libica"
https:/
Affected:
All distros that include the openssl-ibmca package and build the IBMCA engine.
This includes distros with OpenSSL 1.x.x as well as those with OpenSSL 3.0.0 or later.
Therefore, the following Ubuntu releases are affected and need the fix for the IBMCA engine:
16.04 xenial
18.04 bionic
20.04 focal
22.04 jammy
22.10 kinetic
23.04 lunar
Backports to the respective releases are provided as attachments