Verified on focal:
ubuntu@ubuntu:~$ dpkg-architecture --is s390x && [ "$(dpkg-query -W
-f='${Version}' libssl1.1)" = "1.1.1f-1ubuntu2.5" ] && gcc -o aes-test test.c
-lcrypto -lssl && ./aes-test && echo OK
OK
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1931994
Title:
[Ubuntu 20.04] OpenSSL bugs in the s390x AES code
Status in Ubuntu on IBM z Systems:
Fix Committed
Status in openssl package in Ubuntu:
Fix Released
Status in openssl source package in Bionic:
Fix Committed
Status in openssl source package in Focal:
Fix Committed
Status in openssl source package in Hirsute:
Fix Committed
Status in openssl source package in Impish:
Fix Released
Bug description:
Problem description:
When passing a NULL key to reset AES EVC state, the state wouldn't be
completely reset on s390x.
https://github.com/openssl/openssl/pull/14900
Solution available here:
https://github.com/openssl/openssl/commit/dc67210d909b5dd7a50f60a96f36f3f5a891b1c8
Should be applied to all distros where openssl 1.1.1 is included for
consistency reason.
-> 21.10, 20.04, 18.04.
I think not needed for 16.04 anymore....
[Test plan]
$ sudo apt install libssl-dev
$ gcc test.c -o evc-test -lcrypto -lssl # See
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1931994/comments/2 for
the test.c program
$ ./evc-test && echo OK
[Where problems could occur]
This patch only touches s390x code paths, so there shouldn't be any
regression on other architectures. However, on s390x this could reveal
latent bugs by spreading a NULL key to new code paths.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1931994/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
