Your message dated Sat, 15 Jul 2017 22:17:15 +0000 with message-id <[email protected]> and subject line Bug#867581: fixed in gnutls28 3.5.8-5+deb9u2 has caused the Debian Bug report #867581, regarding libgnutls30: AES256-GCM emits all-zeros ciphertext on aarch64 with hardware acceleration (upstream bug report) to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 867581: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867581 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: libgnutls30 Version: 3.5.8-5+deb9u1 Severity: critical Tags: patch Justification: breaks unrelated software Dear Maintainer, * What led up to the situation? Unrelated gnome-terminal or xfce4-terminal crashing when significant output (e.g. running 'yes'; apparently because of the corruption of the encrypted scrollback buffer). Issue noticed on a Cavium ThunderX running Debian Stretch. * What exactly did you do (or not do) that was effective (or ineffective)? Patching libgnutls with https://gitlab.com/gnutls/gnutls/commit/228b18dfbf934d8924d3305dc24d7b0162352eba fixes the issue. This fix is available in gnutls 3.5.13 (and testing+unstable) but not in 3.5.8 (stable). Please back-port the above patch to stable. Upstream bug report: https://gitlab.com/gnutls/gnutls/issues/204 I marked it as 'critical' because it breaks unrelated packages, though I'm not sure that's the appropriate severity level. Thanks. -- System Information: Debian Release: 9.0 APT prefers stable APT policy: (500, 'stable') Architecture: arm64 (aarch64) Kernel: Linux 4.9.0-3-arm64 (SMP w/48 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libgnutls30 depends on: ii libc6 2.24-11+deb9u1 ii libgmp10 2:6.1.2+dfsg-1 ii libhogweed4 3.3-1+b1 ii libidn11 1.33-1 ii libnettle6 3.3-1+b1 ii libp11-kit0 0.23.3-2 ii libtasn1-6 4.10-1.1 ii zlib1g 1:1.2.8.dfsg-5 libgnutls30 recommends no packages. Versions of packages libgnutls30 suggests: pn gnutls-bin <none>diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c b/lib/accelerated/aarch64/aes-gcm-aarch64.c index c571d02..8d2bc1d 100644 --- a/lib/accelerated/aarch64/aes-gcm-aarch64.c +++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c @@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size) } static void +ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[16]) +{ + unsigned i; + uint8_t ctr[16]; + uint8_t tmp[16]; + + memcpy(ctr, ivec, 16); + + for (i=0;i<blocks;i++) { + aes_v8_encrypt(ctr, tmp, key); + memxor3(out, tmp, in, 16); + + out += 16; + in += 16; + INCREMENT(16, ctr); + } +} + +static void ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, const unsigned char ivec[16]) @@ -160,6 +181,9 @@ ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, unsigned i; uint8_t ctr[16]; + if (in == out) + return ctr32_encrypt_blocks_inplace(in, out, blocks, key, ivec); + memcpy(ctr, ivec, 16); for (i=0;i<blocks;i++) {diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c b/lib/accelerated/aarch64/aes-gcm-aarch64.c index c571d02..8d2bc1d 100644 --- a/lib/accelerated/aarch64/aes-gcm-aarch64.c +++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c @@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size) } static void +ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out, + size_t blocks, const AES_KEY *key, + const unsigned char ivec[16]) +{ + unsigned i; + uint8_t ctr[16]; + uint8_t tmp[16]; + + memcpy(ctr, ivec, 16); + + for (i=0;i<blocks;i++) { + aes_v8_encrypt(ctr, tmp, key); + memxor3(out, tmp, in, 16); + + out += 16; + in += 16; + INCREMENT(16, ctr); + } +} + +static void ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, size_t blocks, const AES_KEY *key, const unsigned char ivec[16]) @@ -160,6 +181,9 @@ ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out, unsigned i; uint8_t ctr[16]; + if (in == out) + return ctr32_encrypt_blocks_inplace(in, out, blocks, key, ivec); + memcpy(ctr, ivec, 16); for (i=0;i<blocks;i++) {
--- End Message ---
--- Begin Message ---Source: gnutls28 Source-Version: 3.5.8-5+deb9u2 We believe that the bug you reported is fixed in the latest version of gnutls28, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [email protected], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Andreas Metzler <[email protected]> (supplier of updated gnutls28 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [email protected]) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 08 Jul 2017 10:29:05 +0200 Source: gnutls28 Binary: libgnutls28-dev libgnutls30 gnutls-bin gnutls-doc libgnutlsxx28 libgnutls-openssl27 libgnutls-dane0 Architecture: source Version: 3.5.8-5+deb9u2 Distribution: stretch Urgency: medium Maintainer: Debian GnuTLS Maintainers <[email protected]> Changed-By: Andreas Metzler <[email protected]> Closes: 867581 Description: gnutls-bin - GNU TLS library - commandline utilities gnutls-doc - GNU TLS library - documentation and examples libgnutls28-dev - GNU TLS library - development files libgnutls30 - GNU TLS library - main runtime library libgnutls-dane0 - GNU TLS library - DANE security support libgnutls-openssl27 - GNU TLS library - OpenSSL wrapper libgnutlsxx28 - GNU TLS library - C++ runtime library Changes: gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium . * 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and decryption on aarch64. Closes: #867581 Checksums-Sha1: 2343f2e7cd47addd7c417f9db05da76d5b6eb21b 3286 gnutls28_3.5.8-5+deb9u2.dsc 475d6687abd2054d69852b322d1201d99cab66f6 107164 gnutls28_3.5.8-5+deb9u2.debian.tar.xz Checksums-Sha256: 7e9f5175859130a1bb2768b8ed46fd5f8f3f36145b5e7bf8c422cc91aa6920db 3286 gnutls28_3.5.8-5+deb9u2.dsc afcc9cf4f33f0e84751d770631a4915c70309fc9c5e04344d06a86c66b58b0c8 107164 gnutls28_3.5.8-5+deb9u2.debian.tar.xz Files: d84335417a246d2741c647bd14931341 3286 libs optional gnutls28_3.5.8-5+deb9u2.dsc 2187c3bbc7d2ebdd82870c0d713fb252 107164 libs optional gnutls28_3.5.8-5+deb9u2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0uCSA5741Jbt9PpepU8BhUOCFIQFAllgnVYACgkQpU8BhUOC FIRSJxAAnYHklmutJ5VM3AmB6niEqvU8QQ+t/vOaZl1FY+4LgnOXn3nIQ/mLVcNB Zkrd1cS3/SBc4DjAbDkUO+z0yLioE/QZSlAYBVLVs8gbjdzR99HWyg257XLv3+QF j/dVTfAkl8xVcrOXJpHbNJCzCT7NieGXiFZyDK0llX1wyFcNAlfjYRNcEGK6CgAF ZNaLXQor4XXZ7CDR+It1noe+YuDLbq7t0iGinusM/ugKWNBklK184REx9qBke5mE gl7V5qM8nmcA/UvDwU0D5t13sdi96pmoqlOvnc0QMe9POjp9wjeQ02Nuy0MthE85 AjLI1lmrE+5yKSfpS3XtaIExJqBvap/SkkUsNQh+c6743nFZZbYE1UPK6AwzTo04 57/kZ+oIJ4JbwKeEyi1ncagKKYeryxXqKKYuD/NbavS8Ycek7LCCgKFJjnaguxDA TR9hlOPrWoR28R3kyRIpKchm1zaIUAUzDAHfD5IMYqSxZ70k9bqb5Syzee2BsCQu SmIyovq5xwNjP1RvlPPtMNOKHNruJGZiDJDSpnTdWZvfxlBrPEv57pBLFSILsFT9 zWulEDQ5NtTZzj9RlhNlxTvbbRlC6SSQdjCTx0nxPbNDdt01ztZfSjMIE245Kq0+ UiKwOGeUiXo4VpOEaJdUzJzfVECoF2fNjn9ZjVY5SHOGt5iNhak= =Jizf -----END PGP SIGNATURE-----
--- End Message ---
