• openssl-3.2.2-1.el9
    • None
    • None
    • ZStream
    • 2
    • rhel-sst-security-crypto
    • ssg_security
    • 28
    • 0.5
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • Crypto24Q2, Crypto24Q3
    • Approved Blocker
    • Hide

      AC1) x86_64: no side channel detected when tested with precision smaller than 1ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag (deterministic and non-deterministic ECDSA)

      AC2) x86_64: sanity no side channel detected when tested with precision smaller than 10ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in openssl using ECDSA_sign_ex function

      AC3) x86_64: on P-521 no side channel detected in step from 512 to 513 when tested with precision smaller than 5ns (95% CI) in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag

      AC4) aarch64 and ppc64le: sanity that the side channel is decreased in 3 curves in default openssl, openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag and using ECDSA_sign_ex function

      AC5) s390x: sanity check on just a hundred CPU-hours

      Show
      AC1) x86_64: no side channel detected when tested with precision smaller than 1ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag (deterministic and non-deterministic ECDSA) AC2) x86_64: sanity no side channel detected when tested with precision smaller than 10ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in openssl using ECDSA_sign_ex function AC3) x86_64: on P-521 no side channel detected in step from 512 to 513 when tested with precision smaller than 5ns (95% CI) in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag AC4) aarch64 and ppc64le: sanity that the side channel is decreased in 3 curves in default openssl, openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag and using ECDSA_sign_ex function AC5) s390x: sanity check on just a hundred CPU-hours
    • Pass
    • Not Needed
    • Automated
    • Bug Fix
    • Hide
      .Non-constant time code paths removed from OpenSSL EC signatures

      Previously, OpenSSL used non-constant time code paths for Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. This could have exposed the signature operations to attacks similar to the Minerva attack and potentially reveal the private key. This update removes non-constant time code paths in OpenSSL EC signatures, and as a result, this vulnerability is no longer present.
      Show
      .Non-constant time code paths removed from OpenSSL EC signatures Previously, OpenSSL used non-constant time code paths for Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. This could have exposed the signature operations to attacks similar to the Minerva attack and potentially reveal the private key. This update removes non-constant time code paths in OpenSSL EC signatures, and as a result, this vulnerability is no longer present.
    • Done
    • None

      Fix Minerva attack for OpenSSL 3.2.1
      https://github.com/openssl/openssl/pull/24317

        1. results-openssl-NIST256p-aarch64-3.2.2-3.el9-deterministic.txz
          24.79 MB
        2. results-openssl-NIST256p-aarch64-3.2.2-3.el9-no-digest.txz
          14.21 MB
        3. results-openssl-NIST256p-aarch64-3.2.2-3.el9-non-deterministic.txz
          14.14 MB
        4. results-openssl-NIST256p-ppc64le-3.2.2-3.el9-deterministic.txz
          28.82 MB
        5. results-openssl-NIST256p-ppc64le-3.2.2-3.el9-no-digest.txz
          22.96 MB
        6. results-openssl-NIST256p-ppc64le-3.2.2-3.el9-non-deterministic.txz
          23.91 MB
        7. results-openssl-NIST256p-x86_64-3.2.2-3.el9-deterministic.txz
          34.03 MB
        8. results-openssl-NIST256p-x86_64-3.2.2-3.el9-no-digest.txz
          30.43 MB
        9. results-openssl-NIST256p-x86_64-3.2.2-3.el9-non-deterministic.txz
          30.84 MB
        10. results-openssl-NIST384p-aarch64-3.2.2-3.el9-deterministic.txz
          18.04 MB
        11. results-openssl-NIST384p-aarch64-3.2.2-3.el9-no-digest.txz
          16.38 MB
        12. results-openssl-NIST384p-aarch64-3.2.2-3.el9-non-deterministic.txz
          21.69 MB
        13. results-openssl-NIST384p-ppc64le-3.2.2-3.el9-deterministic.txz
          30.86 MB
        14. results-openssl-NIST384p-ppc64le-3.2.2-3.el9-no-digest.txz
          31.63 MB
        15. results-openssl-NIST384p-ppc64le-3.2.2-3.el9-non-deterministic.txz
          26.82 MB
        16. results-openssl-NIST384p-x86_64-3.2.2-3.el9-deterministic.txz
          38.31 MB
        17. results-openssl-NIST384p-x86_64-3.2.2-3.el9-no-digest.txz
          38.87 MB
        18. results-openssl-NIST384p-x86_64-3.2.2-3.el9-non-deterministic.txz
          38.83 MB
        19. results-openssl-NIST521p-aarch64-3.2.2-3.el9-deterministic.txz
          18.98 MB
        20. results-openssl-NIST521p-aarch64-3.2.2-3.el9-no-digest.txz
          16.68 MB
        21. results-openssl-NIST521p-aarch64-3.2.2-3.el9-non-deterministic.txz
          24.39 MB
        22. results-openssl-NIST521p-ppc64le-3.2.2-3.el9-deterministic.txz
          28.94 MB
        23. results-openssl-NIST521p-ppc64le-3.2.2-3.el9-no-digest.txz
          26.33 MB
        24. results-openssl-NIST521p-ppc64le-3.2.2-3.el9-non-deterministic.txz
          32.61 MB
        25. results-openssl-NIST521p-x86_64-3.2.2-3.el9-deterministic.txz
          35.07 MB
        26. results-openssl-NIST521p-x86_64-3.2.2-3.el9-no-digest.txz
          33.90 MB
        27. results-openssl-NIST521p-x86_64-3.2.2-3.el9-non-deterministic.txz
          35.09 MB

              dbelyavs@redhat.com Dmitry Belyavskiy
              dbelyavs@redhat.com Dmitry Belyavskiy
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: