Bug 2162624
| Summary: | [IBM 9.3 FEAT] ibmca implicit rejection (openssl-ibmca) | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | IBM Bug Proxy <bugproxy> |
| Component: | openssl-ibmca | Assignee: | Dan Horák <dhorak> |
| Status: | CLOSED ERRATA | QA Contact: | Karel Srot <ksrot> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 9.3 | CC: | bugproxy, jomiller, tstaudt |
| Target Milestone: | rc | Keywords: | FutureFeature, OtherQA, Patch, TestOnly, Triaged |
| Target Release: | 9.3 | Flags: | pm-rhel:
mirror+
|
| Hardware: | s390x | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-11-07 08:55:36 UTC | Type: | Feature Request |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | 2.4.0 |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2116377 | ||
|
Description
IBM Bug Proxy
2023-01-20 08:20:25 UTC
1. Feature Overview: Feature Id: [201321] a. Name of Feature: [9.3 FEAT] ibmca implicit rejection (openssl-ibmca) b. Feature Description Add configurable support for implicit rejection to the RSA implementation in the ibmca provider. The ibmca provider shall have the same default behaviour as the default provider. Remediation against CVEs like CVE-2020-25659 and CVE-2020-25657, see https://github.com/openssl/openssl/issues/13421 2. Feature Details: Sponsor: --- Architectures: zSeries - 64 native, Arch Specificity: purely arch specific code Affects Kernel Modules: No Delivery Mechanism: Direct from Community Category: other Request Type: Package - Update Version d. Upstream Acceptance: In Progress Sponsor Priority P1 f. Severity: high IBM Confidential: Yes Code Contribution: --- g. Component Version Target: Yes 3. Business Case Security 4. Primary contact at Red Hat, email, phone (chat): Joshua Miller jomiller 919-740-7804 5. Primary contacts at Partner: Project Management Contact: Thomas Staudt, tstaudt.com Technical contact(s): Thomas Staudt, tstaudt.com IBM/Thomas, what is the status of this feature, is it part of the 2.4.0 release? Does https://github.com/opencryptoki/openssl-ibmca/commit/276e3ddf55a2993c3de5666003b856ef6f8d7d24 fulfill the requirement? ------- Comment From tstaudt.com 2023-04-24 02:05 EDT------- (In reply to comment #6) > IBM/Thomas, what is the status of this feature, is it part of the 2.4.0 > release? Does > https://github.com/opencryptoki/openssl-ibmca/commit/ > 276e3ddf55a2993c3de5666003b856ef6f8d7d24 fulfill the requirement? Hi Dan, it is included in openssl-ibmca 2.4.0 and I assume this is the commit. ------- Comment From ifranzki.com 2023-08-10 09:18 EDT------- Successfully verified this on RHEL 9.3 nightly from 2023/08/07 with openssl-ibmca-2.4.0-4.el9. Please set to VERIFIED. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (openssl-ibmca bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2023:6678 |