[Bug 1862187] Re: [UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command

Thu Feb 6 15:41:08 UTC 2020

** Package changed: linux (Ubuntu) => s390-tools (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to s390-tools in Ubuntu.
https://bugs.launchpad.net/bugs/1862187

Title:
  [UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command

Status in s390-tools package in Ubuntu:
  New

Bug description:
  Description:   zkey: Fix display of XTS attribute for validate command
  Symptom:       The 'zkey validate' command shows an invalid value for
                 the XTS attribute.
  Problem:       Due to a use after free of the secure key, the XTS attribute
                 is not determined correctly, and is displayed incorrectly.
                 Function is_xts_key() is called with a secure key that has
                 already been freed and thus most likely returns false.
                 This bug has been introduced with feature SEC1717 "Cipher
                 key support" with commit 298fab68fee8 "zkey: Preparations for
                 introducing a new key type"
  Solution:      Free the secure key only after the last use.
  Reproduction:  Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
                 and then run 'zkey validate'.

  Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23

  https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23

  Need to be applied on top of 2.12.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/s390-tools/+bug/1862187/+subscriptions