Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Normal
Fix Version/s: rhel-9.5
Affects Version/s: rhel-9.5
Component/s: openssl
Labels:

Fixed in Build:
openssl-3.2.2-1.el9
Regression:
None
Severity:
None
Epic Link:
CRYPTO-13062
Keywords:

ZStream
sprint_count:
2

Pool Team:

rhel-sst-security-crypto
Sub-System Group:

ssg_security

Internal Target Milestone:
28
Story Points:
0.5
ACKs Check:

QE ack, Dev ack
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
Crypto24Q2, Crypto24Q3
Release Blocker:
Approved Blocker
Target Backport Versions:

rhel-8.6.0.z, rhel-8.8.0.z, rhel-8.10.z

Acceptance Criteria:

Hide

AC1) x86_64: no side channel detected when tested with precision smaller than 1ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag (deterministic and non-deterministic ECDSA)

AC2) x86_64: sanity no side channel detected when tested with precision smaller than 10ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in openssl using ECDSA_sign_ex function

AC3) x86_64: on P-521 no side channel detected in step from 512 to 513 when tested with precision smaller than 5ns (95% CI) in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag

AC4) aarch64 and ppc64le: sanity that the side channel is decreased in 3 curves in default openssl, openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag and using ECDSA_sign_ex function

AC5) s390x: sanity check on just a hundred CPU-hours

Show
AC1) x86_64: no side channel detected when tested with precision smaller than 1ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag (deterministic and non-deterministic ECDSA) AC2) x86_64: sanity no side channel detected when tested with precision smaller than 10ns (95% CI) using 3 curves, 4 highest bit sizes for each curve in openssl using ECDSA_sign_ex function AC3) x86_64: on P-521 no side channel detected in step from 512 to 513 when tested with precision smaller than 5ns (95% CI) in default openssl and openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag AC4) aarch64 and ppc64le: sanity that the side channel is decreased in 3 curves in default openssl, openssl with OSSL_SIGNATURE_PARAM_NONCE_TYPE flag and using ECDSA_sign_ex function AC5) s390x: sanity check on just a hundred CPU-hours
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/130502
Gating Tests:

Not Needed
Test Coverage:

Automated

Release Note Type:
Bug Fix
Release Note Text:

Hide
.Non-constant time code paths removed from OpenSSL EC signatures

Previously, OpenSSL used non-constant time code paths for Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. This could have exposed the signature operations to attacks similar to the Minerva attack and potentially reveal the private key. This update removes non-constant time code paths in OpenSSL EC signatures, and as a result, this vulnerability is no longer present.

Show
.Non-constant time code paths removed from OpenSSL EC signatures Previously, OpenSSL used non-constant time code paths for Elliptic Curve Digital Signature Algorithm (ECDSA) signatures. This could have exposed the signature operations to attacks similar to the Minerva attack and potentially reveal the private key. This update removes non-constant time code paths in OpenSSL EC signatures, and as a result, this vulnerability is no longer present.
Release Note Status:
Done

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Fix Minerva attack for OpenSSL 3.2.1
https://github.com/openssl/openssl/pull/24317

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

results-openssl-NIST256p-aarch64-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
24.79 MB
George Pantelakis
results-openssl-NIST256p-aarch64-3.2.2-3.el9-no-digest.txz
2024/09/16 12:32 PM
14.21 MB
George Pantelakis
results-openssl-NIST256p-aarch64-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:32 PM
14.14 MB
George Pantelakis
results-openssl-NIST256p-ppc64le-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
28.82 MB
George Pantelakis
results-openssl-NIST256p-ppc64le-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
22.96 MB
George Pantelakis
results-openssl-NIST256p-ppc64le-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
23.91 MB
George Pantelakis
results-openssl-NIST256p-x86_64-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
34.03 MB
George Pantelakis
results-openssl-NIST256p-x86_64-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
30.43 MB
George Pantelakis
results-openssl-NIST256p-x86_64-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
30.84 MB
George Pantelakis
results-openssl-NIST384p-aarch64-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
18.04 MB
George Pantelakis
results-openssl-NIST384p-aarch64-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
16.38 MB
George Pantelakis
results-openssl-NIST384p-aarch64-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
21.69 MB
George Pantelakis
results-openssl-NIST384p-ppc64le-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
30.86 MB
George Pantelakis
results-openssl-NIST384p-ppc64le-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
31.63 MB
George Pantelakis
results-openssl-NIST384p-ppc64le-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
26.82 MB
George Pantelakis
results-openssl-NIST384p-x86_64-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
38.31 MB
George Pantelakis
results-openssl-NIST384p-x86_64-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
38.87 MB
George Pantelakis
results-openssl-NIST384p-x86_64-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
38.83 MB
George Pantelakis
results-openssl-NIST521p-aarch64-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
18.98 MB
George Pantelakis
results-openssl-NIST521p-aarch64-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
16.68 MB
George Pantelakis
results-openssl-NIST521p-aarch64-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
24.39 MB
George Pantelakis
results-openssl-NIST521p-ppc64le-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
28.94 MB
George Pantelakis
results-openssl-NIST521p-ppc64le-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
26.33 MB
George Pantelakis
results-openssl-NIST521p-ppc64le-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
32.61 MB
George Pantelakis
results-openssl-NIST521p-x86_64-3.2.2-3.el9-deterministic.txz
2024/09/16 12:33 PM
35.07 MB
George Pantelakis
results-openssl-NIST521p-x86_64-3.2.2-3.el9-no-digest.txz
2024/09/16 12:33 PM
33.90 MB
George Pantelakis
results-openssl-NIST521p-x86_64-3.2.2-3.el9-non-deterministic.txz
2024/09/16 12:33 PM
35.09 MB
George Pantelakis

links to

RHSA-2024:130502 OpenSSL enchantment release

Assignee:: Dmitry Belyavskiy

Reporter:: Dmitry Belyavskiy

Developer:: Dmitry Belyavskiy

QA Contact:: George Pantelakis

Doc Contact:: Jan Fiala

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2024/05/23 2:49 PM

Updated:: 2024/11/12 9:35 AM

Resolved:: 2024/11/12 9:35 AM

Target end:: 2024/09/09

Release Date:: 2024/11/12

Details

Description

Attachments

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates