[Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code

Frank Heimes 1931994 at bugs.launchpad.net
Mon Aug 9 17:06:59 UTC 2021 

Sorry for the late response, but was quite busy.
Yes I always have some systems in place (@schopin you can always ping me per MM is s/t is needed).

I just did the verifications for hirsute and focal and both are fine:

ubuntu at h7:~$ arch && lsb_release -c
s390x
Codename:	hirsute
ubuntu at h7:~$ apt-cache policy openssl
openssl:
  Installed: 1.1.1j-1ubuntu3.2
  Candidate: 1.1.1j-1ubuntu3.2
  Version table:
 *** 1.1.1j-1ubuntu3.2 500
        500 http://us.ports.ubuntu.com/ubuntu-ports hirsute-proposed/main s390x Packages
        100 /var/lib/dpkg/status
     1.1.1j-1ubuntu3 500
        500 http://ports.ubuntu.com/ubuntu-ports hirsute/main s390x Packages
ubuntu at h7:~$ gcc test.c -o evc-test -lcrypto -lssl
ubuntu at h7:~$ ./evc-test && echo OK
OK
ubuntu at h7:~$


ubuntu at s15:~$ arch && lsb_release -c
s390x
Codename:	focal
ubuntu at s15:~$ apt-cache policy openssl
openssl:
  Installed: 1.1.1f-1ubuntu2.5
  Candidate: 1.1.1f-1ubuntu2.5
  Version table:
 *** 1.1.1f-1ubuntu2.5 500
        500 http://us.ports.ubuntu.com/ubuntu-ports focal-proposed/main s390x Packages
        500 http://ports.ubuntu.com/ubuntu-ports focal-proposed/main s390x Packages
        100 /var/lib/dpkg/status
     1.1.1f-1ubuntu2.4 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-updates/main s390x Packages
     1.1.1f-1ubuntu2.3 500
        500 http://ports.ubuntu.com/ubuntu-ports focal-security/main s390x Packages
     1.1.1f-1ubuntu2 500
        500 http://ports.ubuntu.com/ubuntu-ports focal/main s390x Packages
ubuntu at s15:~$ gcc test.c -o evc-test -lcrypto -lssl
ubuntu at s15:~$ ./evc-test && echo OK
OK
ubuntu at s15:~$

I'm updating the tags accordingly ...

** Tags removed: verification-needed verification-needed-focal verification-needed-hirsute
** Tags added: verification-done verification-done-focal verification-done-hirsute

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994

Title:
  [Ubuntu 20.04] OpenSSL bugs in the s390x AES code

Status in Ubuntu on IBM z Systems:
  Fix Committed
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  Fix Committed
Status in openssl source package in Focal:
  Fix Committed
Status in openssl source package in Hirsute:
  Fix Committed
Status in openssl source package in Impish:
  Fix Released

Bug description:
  Problem description:

  When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
  https://github.com/openssl/openssl/pull/14900

  Solution available here:
  https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8

  Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
  -> 21.10, 20.04, 18.04.
  I think not needed for 16.04 anymore....

  [Test plan]

  $ sudo apt install libssl-dev
  $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
  $ ./evc-test && echo OK

  [Where problems could occur]

  This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
  latent bugs by spreading a NULL key to new code paths.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions

More information about the foundations-bugs mailing list