[Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Gunnar Hjalmarsson 1931994 at bugs.launchpad.net
Tue Jul 27 18:43:35 UTC 2021 

I re-run the failed tests, and both of them passed on the second
attempt, so it should migrate on impish soon.

The SRUs are now uploaded, following Brian's advice with respect to
hirsute.

@Simon: Good if you can unsubscribe ubuntu-sponsors.

** Changed in: openssl (Ubuntu Hirsute)
       Status: New => In Progress

** Changed in: openssl (Ubuntu Hirsute)
     Assignee: (unassigned) => Canonical Foundations Team (canonical-foundations)

** Changed in: openssl (Ubuntu Focal)
       Status: New => In Progress

** Changed in: openssl (Ubuntu Focal)
     Assignee: (unassigned) => Canonical Foundations Team (canonical-foundations)

** Changed in: openssl (Ubuntu Bionic)
       Status: New => In Progress

** Changed in: openssl (Ubuntu Bionic)
     Assignee: (unassigned) => Canonical Foundations Team (canonical-foundations)

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1931994

Title:
  [Ubuntu 20.04] OpenSSL bugs im s390x AES code

Status in Ubuntu on IBM z Systems:
  In Progress
Status in openssl package in Ubuntu:
  Fix Committed
Status in openssl source package in Bionic:
  In Progress
Status in openssl source package in Focal:
  In Progress
Status in openssl source package in Hirsute:
  In Progress
Status in openssl source package in Impish:
  Fix Committed

Bug description:
  Problem description:

  When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
  https://github.com/openssl/openssl/pull/14900

  Solution available here:
  https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8

  Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
  -> 21.10, 20.04, 18.04.
  I think not needed for 16.04 anymore....

  [Test plan]

  $ sudo apt install libssl-dev
  $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
  $ ./evc-test && echo OK

  [Where problems could occur]

  This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
  latent bugs by spreading a NULL key to new code paths.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions

More information about the Ubuntu-sponsors mailing list