2162624 – [IBM 9.3 FEAT] ibmca implicit rejection (openssl-ibmca)

Bug 2162624 - [IBM 9.3 FEAT] ibmca implicit rejection (openssl-ibmca)

Summary: [IBM 9.3 FEAT] ibmca implicit rejection (openssl-ibmca)

Keywords:
Status:	VERIFIED
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	openssl-ibmca
Sub Component:
Version:	9.3
Hardware:	s390x
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	rc
Target Release:	9.3
Assignee:	Dan Horák
QA Contact:	Karel Srot
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	2116377
TreeView+	depends on / blocked

Reported:	2023-01-20 08:20 UTC by IBM Bug Proxy
Modified:	2023-08-14 07:38 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type:	Feature Request
Target Upstream Version:	2.4.0
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
IBM Linux Technology Center	201321	0	None	None	None	2023-01-20 08:20:37 UTC
Red Hat Issue Tracker	RHELPLAN-145880	0	None	None	None	2023-01-20 08:22:09 UTC

Description IBM Bug Proxy 2023-01-20 08:20:25 UTC

Comment 1 IBM Bug Proxy 2023-01-20 08:20:31 UTC

1. Feature Overview:
Feature Id: [201321]
a. Name of Feature: [9.3 FEAT] ibmca implicit rejection (openssl-ibmca)
b. Feature Description

Add configurable support for implicit rejection to the RSA implementation in the ibmca provider.
The ibmca provider shall have the same default behaviour as the default provider.
Remediation against CVEs like CVE-2020-25659 and CVE-2020-25657, see https://github.com/openssl/openssl/issues/13421

2. Feature Details:
Sponsor: ---
Architectures:  zSeries - 64 native, 

Arch Specificity: purely arch specific code
Affects Kernel Modules: No
Delivery Mechanism: Direct from Community
Category: other
Request Type: Package - Update Version
d. Upstream Acceptance: In Progress
Sponsor Priority P1
f. Severity: high
IBM Confidential: Yes
Code Contribution: ---
g. Component Version Target: Yes

3. Business Case
Security

4. Primary contact at Red Hat, email, phone (chat):
Joshua Miller
jomiller
919-740-7804

5. Primary contacts at Partner:
Project Management Contact:
Thomas Staudt, tstaudt.com

Technical contact(s):
Thomas Staudt, tstaudt.com

Comment 3 Dan Horák 2023-04-21 07:39:29 UTC

IBM/Thomas, what is the status of this feature, is it part of the 2.4.0 release? Does https://github.com/opencryptoki/openssl-ibmca/commit/276e3ddf55a2993c3de5666003b856ef6f8d7d24 fulfill the requirement?

Comment 4 IBM Bug Proxy 2023-04-24 06:11:11 UTC

------- Comment From tstaudt.com 2023-04-24 02:05 EDT-------
(In reply to comment #6)
> IBM/Thomas, what is the status of this feature, is it part of the 2.4.0
> release? Does
> https://github.com/opencryptoki/openssl-ibmca/commit/
> 276e3ddf55a2993c3de5666003b856ef6f8d7d24 fulfill the requirement?

Hi Dan,

it is included in openssl-ibmca 2.4.0 and I assume this is the commit.

Comment 10 IBM Bug Proxy 2023-08-14 07:31:48 UTC

------- Comment From ifranzki.com 2023-08-10 09:18 EDT-------
Successfully verified this on RHEL 9.3 nightly from 2023/08/07 with openssl-ibmca-2.4.0-4.el9.
Please set to VERIFIED.

Note You need to log in before you can comment on or make changes to this bug.