[Bug 1775018] Comment bridged from LTC Bugzilla

bugproxy bugproxy at us.ibm.com
Wed Jun 6 09:19:24 UTC 2018 

------- Comment From patrick.steuer at de.ibm.com 2018-06-06 05:16 EDT-------
> Is this upstreamed already? What is the upstream commit id?

As i said in #1, openssl upstream/master and 1.1.0 backports are not
affected. The bug was introduced with the 1.0.2 backport (of upstream
commit 96530eea93d27e536f4e93956256cf8dcda7d469).

> An explanation of the effects of the bug on users

Using openssl tls 1.2 with aes-gcm cipher-suites on s390 can lead to
unexpected authentication failures.

> justification for backporting the fix to the stable release

Fix unexpected authentication failures when using openssl tls 1.2 with
aes-gcm cipher-suites on s390.

> In addition, it is helpful, but not required, to include an
explanation of how the upload fixes this bug

After openssl 1.0.2 most data structures were made opaque. Backporting
to 1.0.2 means reversing this process. In case of this backport,
accidentially the wrong structure member was assessed in one place in
the s390 platform-specific aes-gcm tls code path. The uploaded fixes
this bug by accessing the right structure member.

> detailed instructions how to reproduce the bug
> these should allow someone who is not familiar with the affected package to reproduce the bug and verify that the updated package fixes the problem.

Apply original backport patches to openssl 1.0.2 source. Build and run
the test suite (make test). Observe test case failure when testing aes-
gcm cipher suites. Apply the uploaded fix and repeat. Observe the test
suite pass.

> [Regression Potential] ...

I dont see any risk for regression regarding this fix.

> Specifically how to test/excercise this code path?

As noted above, the openssl test suite exercises this code path (at
least with high probability i.e., i hit the problem at 5/5 runs).

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1775018

Title:
  Fix for openssl 1.0.2 backport

Status in Ubuntu on IBM z Systems:
  Triaged
Status in openssl package in Ubuntu:
  New

Bug description:
  This is a fix for this feature's backport to openssl 1.0.2 ( 1.1.0 and
  upstream code are not affected ).

  Original LP ticket : 
  https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1743750

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1775018/+subscriptions

More information about the foundations-bugs mailing list