[Bug 1707172] Re: AES256-GCM emits all-zeros ciphertext on aarch64 with hardware acceleration

[Ard Biesheuvel]

On 1 September 2017 at 14:32, Julian Andres Klode
<julian.klode at gmail.com> wrote:
> Ah, https://gitlab.com/gnutls/gnutls/issues/204 has more details.
>
> ** Description changed:
>
> + [Impact]
> + AES256-GCM ciphertext is all zero on arm64 with hardware acceleration, breaking gnome-terminal and xfce4-terminal which use encrypted scrollback buffers.
> +
> + [Test case]
> + Compile the program from https://gitlab.com/gnutls/gnutls/issues/204 and make sure the cipher text is not all zeros
> +

Yeah, this is the one I was referring to.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to gnutls28 in Ubuntu.
https://bugs.launchpad.net/bugs/1707172

Title:
  AES256-GCM emits all-zeros ciphertext on aarch64 with hardware
  acceleration

Status in gnutls28 package in Ubuntu:
  In Progress

Bug description:
  [Impact]
  AES256-GCM ciphertext is all zero on arm64 with hardware acceleration, breaking gnome-terminal and xfce4-terminal which use encrypted scrollback buffers.

  [Test case]
  Compile the program from https://gitlab.com/gnutls/gnutls/issues/204 and make sure the cipher text is not all zeros

  [Regression potential]
  Code change is limited to AES256-GCM w/ HW accel on aarch64, so that's the only thing that could possibly break. But given that it's broken already, it does not seem to be a big issue even if it breaks otherwise.

  [Other info]
  Original report:

  The following Debian issue exists in the Ubuntu package as well

  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867581

  It breaks gnome-terminal and xfce4-terminal on arm64 machines.

  The issue is fixed upstream in 3.5.13, and the fix was backported to
  Debian stretch as well (3.5.8-5+deb9u2)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnutls28/+bug/1707172/+subscriptions