[Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Brian Murray 1931994 at bugs.launchpad.net
Mon Jul 26 23:38:00 UTC 2021 

On Mon, Jul 26, 2021 at 09:31:51PM -0000, Gunnar Hjalmarsson wrote:
> Sponsored impish for now.
> 
> As regards the SRUs, I suppose that the block-proposed-hirsute tag set
> at bug #1927161 needs to be removed. Also, should the test plan be
> expanded to include the test script which bugproxy added?

The tag does need to be removed but an SRU team member could do that
when reviewing the next upload.  When somebody uploads the new version
of openssl, it should be built on top of the current version in
-proposed and -v should be used when you run debuild so that the
previous bug is incorporated in the source.changes file.

--
Brian Murray

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994

Title:
  [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Status in Ubuntu on IBM z Systems:
  In Progress
Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  New
Status in openssl source package in Focal:
  New
Status in openssl source package in Hirsute:
  New
Status in openssl source package in Impish:
  Fix Committed

Bug description:
  Problem description:

  When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
  https://github.com/openssl/openssl/pull/14900

  Solution available here:
  https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8

  Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
  -> 21.10, 20.04, 18.04.
  I think not needed for 16.04 anymore....

  [Test plan]

  $ sudo apt install libssl-dev
  $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
  $ ./evc-test && echo OK

  [Where problems could occur]

  This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
  latent bugs by spreading a NULL key to new code paths.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions

More information about the foundations-bugs mailing list