[Bug 1862187] [NEW] [UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command

Thu Feb 6 15:41:14 UTC 2020

You have been subscribed to a public bug:

Description:   zkey: Fix display of XTS attribute for validate command
Symptom:       The 'zkey validate' command shows an invalid value for
               the XTS attribute.
Problem:       Due to a use after free of the secure key, the XTS attribute
               is not determined correctly, and is displayed incorrectly.
               Function is_xts_key() is called with a secure key that has
               already been freed and thus most likely returns false.
               This bug has been introduced with feature SEC1717 "Cipher
               key support" with commit 298fab68fee8 "zkey: Preparations for
               introducing a new key type"
Solution:      Free the secure key only after the last use.
Reproduction:  Generate an XTS key of type CCA-AESDATA or CCA-AESCIPHER
               and then run 'zkey validate'.

Upstream Commit ID: f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23

https://github.com/ibm-s390-tools/s390-tools/commit/f75f4aff8f6e4ae148bde858ee1cb7f1066f5f23

Need to be applied on top of 2.12.

** Affects: s390-tools (Ubuntu)
     Importance: Undecided
     Assignee: Skipper Bug Screeners (skipper-screen-team)
         Status: New

** Tags: architecture-s39064 bugnameltc-183695 severity-high targetmilestone-inin2004
-- 
[UBUNTU 20.04] zkey: Fix display of XTS attribute for validate command
https://bugs.launchpad.net/bugs/1862187
You received this bug notification because you are a member of Ubuntu Foundations Bugs, which is subscribed to s390-tools in Ubuntu.