Your message dated Sat, 15 Jul 2017 22:17:15 +0000
with message-id <e1dwvnd-000fl7...@fasolo.debian.org>
and subject line Bug#867581: fixed in gnutls28 3.5.8-5+deb9u2
has caused the Debian Bug report #867581,
regarding libgnutls30: AES256-GCM emits all-zeros ciphertext on aarch64 with
hardware acceleration (upstream bug report)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
867581: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867581
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: libgnutls30
Version: 3.5.8-5+deb9u1
Severity: critical
Tags: patch
Justification: breaks unrelated software
Dear Maintainer,
* What led up to the situation?
Unrelated gnome-terminal or xfce4-terminal crashing when significant output
(e.g. running 'yes'; apparently because of the corruption of the encrypted
scrollback buffer).
Issue noticed on a Cavium ThunderX running Debian Stretch.
* What exactly did you do (or not do) that was effective (or
ineffective)?
Patching libgnutls with
https://gitlab.com/gnutls/gnutls/commit/228b18dfbf934d8924d3305dc24d7b0162352eba
fixes the issue.
This fix is available in gnutls 3.5.13 (and testing+unstable) but not in 3.5.8
(stable). Please back-port the above patch to stable.
Upstream bug report: https://gitlab.com/gnutls/gnutls/issues/204
I marked it as 'critical' because it breaks unrelated packages, though I'm not
sure that's the appropriate severity level.
Thanks.
-- System Information:
Debian Release: 9.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 4.9.0-3-arm64 (SMP w/48 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages libgnutls30 depends on:
ii libc6 2.24-11+deb9u1
ii libgmp10 2:6.1.2+dfsg-1
ii libhogweed4 3.3-1+b1
ii libidn11 1.33-1
ii libnettle6 3.3-1+b1
ii libp11-kit0 0.23.3-2
ii libtasn1-6 4.10-1.1
ii zlib1g 1:1.2.8.dfsg-5
libgnutls30 recommends no packages.
Versions of packages libgnutls30 suggests:
pn gnutls-bin <none>
diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c
b/lib/accelerated/aarch64/aes-gcm-aarch64.c
index c571d02..8d2bc1d 100644
--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c
+++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c
@@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src,
size_t src_size)
}
static void
+ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key,
+ const unsigned char ivec[16])
+{
+ unsigned i;
+ uint8_t ctr[16];
+ uint8_t tmp[16];
+
+ memcpy(ctr, ivec, 16);
+
+ for (i=0;i<blocks;i++) {
+ aes_v8_encrypt(ctr, tmp, key);
+ memxor3(out, tmp, in, 16);
+
+ out += 16;
+ in += 16;
+ INCREMENT(16, ctr);
+ }
+}
+
+static void
ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
const unsigned char ivec[16])
@@ -160,6 +181,9 @@ ctr32_encrypt_blocks(const unsigned char *in, unsigned char
*out,
unsigned i;
uint8_t ctr[16];
+ if (in == out)
+ return ctr32_encrypt_blocks_inplace(in, out, blocks, key, ivec);
+
memcpy(ctr, ivec, 16);
for (i=0;i<blocks;i++) {
diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c
b/lib/accelerated/aarch64/aes-gcm-aarch64.c
index c571d02..8d2bc1d 100644
--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c
+++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c
@@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src,
size_t src_size)
}
static void
+ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out,
+ size_t blocks, const AES_KEY *key,
+ const unsigned char ivec[16])
+{
+ unsigned i;
+ uint8_t ctr[16];
+ uint8_t tmp[16];
+
+ memcpy(ctr, ivec, 16);
+
+ for (i=0;i<blocks;i++) {
+ aes_v8_encrypt(ctr, tmp, key);
+ memxor3(out, tmp, in, 16);
+
+ out += 16;
+ in += 16;
+ INCREMENT(16, ctr);
+ }
+}
+
+static void
ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
size_t blocks, const AES_KEY *key,
const unsigned char ivec[16])
@@ -160,6 +181,9 @@ ctr32_encrypt_blocks(const unsigned char *in, unsigned char
*out,
unsigned i;
uint8_t ctr[16];
+ if (in == out)
+ return ctr32_encrypt_blocks_inplace(in, out, blocks, key, ivec);
+
memcpy(ctr, ivec, 16);
for (i=0;i<blocks;i++) {
--- End Message ---
--- Begin Message ---
Source: gnutls28
Source-Version: 3.5.8-5+deb9u2
We believe that the bug you reported is fixed in the latest version of
gnutls28, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 867...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Metzler <ametz...@debian.org> (supplier of updated gnutls28 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Jul 2017 10:29:05 +0200
Source: gnutls28
Binary: libgnutls28-dev libgnutls30 gnutls-bin gnutls-doc libgnutlsxx28
libgnutls-openssl27 libgnutls-dane0
Architecture: source
Version: 3.5.8-5+deb9u2
Distribution: stretch
Urgency: medium
Maintainer: Debian GnuTLS Maintainers <pkg-gnutls-ma...@lists.alioth.debian.org>
Changed-By: Andreas Metzler <ametz...@debian.org>
Closes: 867581
Description:
gnutls-bin - GNU TLS library - commandline utilities
gnutls-doc - GNU TLS library - documentation and examples
libgnutls28-dev - GNU TLS library - development files
libgnutls30 - GNU TLS library - main runtime library
libgnutls-dane0 - GNU TLS library - DANE security support
libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper
libgnutlsxx28 - GNU TLS library - C++ runtime library
Changes:
gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium
.
* 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
decryption on aarch64. Closes: #867581
Checksums-Sha1:
2343f2e7cd47addd7c417f9db05da76d5b6eb21b 3286 gnutls28_3.5.8-5+deb9u2.dsc
475d6687abd2054d69852b322d1201d99cab66f6 107164
gnutls28_3.5.8-5+deb9u2.debian.tar.xz
Checksums-Sha256:
7e9f5175859130a1bb2768b8ed46fd5f8f3f36145b5e7bf8c422cc91aa6920db 3286
gnutls28_3.5.8-5+deb9u2.dsc
afcc9cf4f33f0e84751d770631a4915c70309fc9c5e04344d06a86c66b58b0c8 107164
gnutls28_3.5.8-5+deb9u2.debian.tar.xz
Files:
d84335417a246d2741c647bd14931341 3286 libs optional gnutls28_3.5.8-5+deb9u2.dsc
2187c3bbc7d2ebdd82870c0d713fb252 107164 libs optional
gnutls28_3.5.8-5+deb9u2.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAllgnVYACgkQpU8BhUOC
FIRSJxAAnYHklmutJ5VM3AmB6niEqvU8QQ+t/vOaZl1FY+4LgnOXn3nIQ/mLVcNB
Zkrd1cS3/SBc4DjAbDkUO+z0yLioE/QZSlAYBVLVs8gbjdzR99HWyg257XLv3+QF
j/dVTfAkl8xVcrOXJpHbNJCzCT7NieGXiFZyDK0llX1wyFcNAlfjYRNcEGK6CgAF
ZNaLXQor4XXZ7CDR+It1noe+YuDLbq7t0iGinusM/ugKWNBklK184REx9qBke5mE
gl7V5qM8nmcA/UvDwU0D5t13sdi96pmoqlOvnc0QMe9POjp9wjeQ02Nuy0MthE85
AjLI1lmrE+5yKSfpS3XtaIExJqBvap/SkkUsNQh+c6743nFZZbYE1UPK6AwzTo04
57/kZ+oIJ4JbwKeEyi1ncagKKYeryxXqKKYuD/NbavS8Ycek7LCCgKFJjnaguxDA
TR9hlOPrWoR28R3kyRIpKchm1zaIUAUzDAHfD5IMYqSxZ70k9bqb5Syzee2BsCQu
SmIyovq5xwNjP1RvlPPtMNOKHNruJGZiDJDSpnTdWZvfxlBrPEv57pBLFSILsFT9
zWulEDQ5NtTZzj9RlhNlxTvbbRlC6SSQdjCTx0nxPbNDdt01ztZfSjMIE245Kq0+
UiKwOGeUiXo4VpOEaJdUzJzfVECoF2fNjn9ZjVY5SHOGt5iNhak=
=Jizf
-----END PGP SIGNATURE-----
--- End Message ---
