[Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code

Launchpad Bug Tracker 1931994 at bugs.launchpad.net
Tue Aug 10 19:51:17 UTC 2021 

This bug was fixed in the package openssl - 1.1.1j-1ubuntu3.2

---------------
openssl (1.1.1j-1ubuntu3.2) hirsute; urgency=medium

  * Cherry-pick an upstream patch to fix s390x AES code (LP: #1931994)

openssl (1.1.1j-1ubuntu3.1) hirsute; urgency=medium

  * Split d/p/pr12272.patch into multiple patchfiles to fix dpkg-source
    error when attempting to build a source package, due to pr12272.patch
    patching files multiple times within the same patch. (LP: #1927161)
    - d/p/lp-1927161-1-x86-Add-endbranch-to-indirect-branch-targets-fo.patch
    - d/p/lp-1927161-2-Use-swapcontext-for-Intel-CET.patch
    - d/p/lp-1927161-3-x86-Always-generate-note-gnu-property-section-f.patch
    - d/p/lp-1927161-4-x86_64-Always-generate-note-gnu-property-sectio.patch
    - d/p/lp-1927161-5-x86_64-Add-endbranch-at-function-entries-for-In.patch

 -- Simon Chopin <simon.chopin at canonical.com>  Fri, 23 Jul 2021 14:32:42
+0200

** Changed in: openssl (Ubuntu Hirsute)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994

Title:
  [Ubuntu 20.04] OpenSSL bugs in the s390x AES code

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  Fix Committed
Status in openssl source package in Focal:
  Fix Committed
Status in openssl source package in Hirsute:
  Fix Released
Status in openssl source package in Impish:
  Fix Released

Bug description:
  Problem description:

  When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
  https://github.com/openssl/openssl/pull/14900

  Solution available here:
  https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8

  Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
  -> 21.10, 20.04, 18.04.
  I think not needed for 16.04 anymore....

  [Test plan]

  $ sudo apt install libssl-dev
  $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
  $ ./evc-test && echo OK

  [Where problems could occur]

  This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
  latent bugs by spreading a NULL key to new code paths.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions

More information about the foundations-bugs mailing list