[Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs im s390x AES code
Gunnar Hjalmarsson
1931994 at bugs.launchpad.net
Mon Jul 26 21:31:51 UTC 2021
Sponsored impish for now.
As regards the SRUs, I suppose that the block-proposed-hirsute tag set
at bug #1927161 needs to be removed. Also, should the test plan be
expanded to include the test script which bugproxy added?
** Changed in: openssl (Ubuntu Impish)
Status: New => Fix Committed
** No longer affects: openssl (Ubuntu Groovy)
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1931994
Title:
[Ubuntu 20.04] OpenSSL bugs im s390x AES code
Status in Ubuntu on IBM z Systems:
In Progress
Status in openssl package in Ubuntu:
Fix Committed
Status in openssl source package in Bionic:
New
Status in openssl source package in Focal:
New
Status in openssl source package in Hirsute:
New
Status in openssl source package in Impish:
Fix Committed
Bug description:
Problem description:
When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
https://github.com/openssl/openssl/pull/14900
Solution available here:
https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8
Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
-> 21.10, 20.04, 18.04.
I think not needed for 16.04 anymore....
[Test plan]
$ sudo apt install libssl-dev
$ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
$ ./evc-test && echo OK
[Where problems could occur]
This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
latent bugs by spreading a NULL key to new code paths.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions
More information about the Ubuntu-sponsors
mailing list