[Bug 1931994] Standalone C program from the upstream test case
bugproxy
1931994 at bugs.launchpad.net
Fri Jul 23 16:18:31 UTC 2021
Default Comment by Bridge
** Attachment added: "Standalone C program from the upstream test case"
https://bugs.launchpad.net/bugs/1931994/+attachment/5513259/+files/evp_extra_test.c
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1931994
Title:
[Ubuntu 20.04] OpenSSL bugs im s390x AES code
Status in Ubuntu on IBM z Systems:
Triaged
Status in openssl package in Ubuntu:
New
Status in openssl source package in Bionic:
New
Status in openssl source package in Focal:
New
Status in openssl source package in Groovy:
New
Status in openssl source package in Hirsute:
New
Status in openssl source package in Impish:
New
Bug description:
Problem description:
When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
https://github.com/openssl/openssl/pull/14900
Solution available here:
https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8
Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
-> 21.10, 20.04, 18.04.
I think not needed for 16.04 anymore....
[Test plan]
$ sudo apt install libssl-dev
$ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
$ ./evc-test && echo OK
[Where problems could occur]
This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
latent bugs by spreading a NULL key to new code paths.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions
More information about the Ubuntu-sponsors
mailing list