Name of the Vulnerable Software and Affected Versions openssl-ibmca versions prior to 2.4.0

Description The issue concerns adjustments and fixes for OpenSSL versions 3.1 and 3.2, including support for RSA blinding, constant-time fixes for RSA PKCS#1 v1.5 and OAEP padding, and support for 'implicit rejection' option for RSA PKCS#1 v1.5 padding. Additionally, there are adjustments in the OpenSSL config generator and example configs, as well as a performance improvement by caching the ICA key in the EC KEY object. The update also corrects engine handling for FIPS 140-3 to only activate ciphers selected in the config file.

Recommendations For versions prior to 2.4.0, update to version 2.4.0 to resolve the issue. As a temporary workaround, consider restricting the use of RSA blinding and implicit rejection options until the update is applied. Restrict access to the OpenSSL config generator and example configs to minimize potential risks. Avoid using the affected EC KEY object for critical operations until the update is installed.