[Bug 1931994] Re: [Ubuntu 20.04] OpenSSL bugs in the s390x AES code

Steve Langasek 1931994 at bugs.launchpad.net
Fri Jul 30 23:36:49 UTC 2021 

Hello bugproxy, or anyone else affected,

Accepted openssl into focal-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.5 in a few
hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
focal to verification-done-focal. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-focal. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: openssl (Ubuntu Focal)
       Status: In Progress => Fix Committed

** Tags added: verification-needed-focal

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994

Title:
  [Ubuntu 20.04] OpenSSL bugs in the s390x AES code

Status in Ubuntu on IBM z Systems:
  In Progress
Status in openssl package in Ubuntu:
  Fix Released
Status in openssl source package in Bionic:
  In Progress
Status in openssl source package in Focal:
  Fix Committed
Status in openssl source package in Hirsute:
  Fix Committed
Status in openssl source package in Impish:
  Fix Released

Bug description:
  Problem description:

  When passing a NULL key to reset AES EVC state, the state wouldn't be completely reset on s390x.
  https://github.com/openssl/openssl/pull/14900

  Solution available here:
  https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8

  Should be applied to all distros where openssl 1.1.1 is included for consistency reason.
  -> 21.10, 20.04, 18.04.
  I think not needed for 16.04 anymore....

  [Test plan]

  $ sudo apt install libssl-dev
  $ gcc test.c -o evc-test -lcrypto -lssl # See https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for the test.c program
  $ ./evc-test && echo OK

  [Where problems could occur]

  This patch only touches s390x code paths, so there shouldn't be any regression on other architectures. However, on s390x this could reveal
  latent bugs by spreading a NULL key to new code paths.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions

More information about the foundations-bugs mailing list