Bug 1568253 (CVE-2018-0737) - CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypto/rsa/rsa_gen.c allows attackers to recover private keys
Summary: CVE-2018-0737 openssl: RSA key generation cache timing vulnerability in crypt...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2018-0737
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1568254 1568255 1568256 1568257 1568681 1568682
Blocks: 1568258
TreeView+ depends on / blocked
 
Reported: 2018-04-17 04:08 UTC by Sam Fowler
Modified: 2022-03-13 14:52 UTC (History)
37 users (show)

Fixed In Version: openssl 1.1.0i, openssl 1.0.2p
Doc Type: If docs needed, set a value
Doc Text:
OpenSSL RSA key generation was found to be vulnerable to cache side-channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover parts of the private key.
Clone Of:
Environment:
Last Closed: 2019-06-10 10:20:03 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:3221 0 None None None 2018-10-30 07:51:45 UTC
Red Hat Product Errata RHSA-2019:3932 0 None None None 2019-11-20 16:20:42 UTC
Red Hat Product Errata RHSA-2019:3933 0 None None None 2019-11-20 16:13:02 UTC
Red Hat Product Errata RHSA-2019:3935 0 None None None 2019-11-20 16:08:28 UTC

Description Sam Fowler 2018-04-17 04:08:30 UTC
OpenSSL before versions 1.0.2p and 1.1.0i are vulnerable to RSA key generation cache timing side channel attacks. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key.


External References:

https://www.openssl.org/news/secadv/20180416.txt
http://www.openwall.com/lists/oss-security/2018/04/16/3


Upstream Patches:

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787

Comment 1 Sam Fowler 2018-04-17 04:09:16 UTC
Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 1568256]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 1568257]
Affects: epel-7 [bug 1568254]

Comment 3 Huzaifa S. Sidhpurwala 2018-04-17 04:51:11 UTC
Analysis:

This attack needs the attacker to be present on the same physical machine, where the key is being generated. Also the attack has to be mounted at the exact time, when the RSA private key is being generated, to be useful. Enterprise setups where HSM modules are used to generate and store RSA private keys are not affected by this flaw.

Comment 8 errata-xmlrpc 2018-10-30 07:51:29 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221

Comment 9 errata-xmlrpc 2019-11-20 16:08:26 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2019:3935 https://access.redhat.com/errata/RHSA-2019:3935

Comment 10 errata-xmlrpc 2019-11-20 16:13:00 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7

Via RHSA-2019:3933 https://access.redhat.com/errata/RHSA-2019:3933

Comment 11 errata-xmlrpc 2019-11-20 16:20:39 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 6

Via RHSA-2019:3932 https://access.redhat.com/errata/RHSA-2019:3932


Note You need to log in before you can comment on or make changes to this bug.