This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- xenial' to 'verification-done-xenial'. If the problem still exists, change the tag 'verification-needed-xenial' to 'verification-failed- xenial'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! ** Tags added: verification-needed-xenial -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1832623 Title: [UBUNTU] kernel: Fix gcm-aes-s390 wrong scatter-gather list processing Status in Ubuntu on IBM z Systems: Fix Released Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: Fix Released Status in linux source package in Cosmic: Invalid Status in linux source package in Disco: Fix Released Bug description: SRU Justification: ================== [Impact] * Wrong encryption/decryption with gcm-aes-s390 on z14. * gcm-aes-s390 does not process scatter-gather input and output lists correctly if list entries of sizes being not multiples of the blocksize (16 bytes) are used, which results in wrong calculations. [Fix] * bef9f0ba300a55d79a69aa172156072182176515 bef9f0b "s390/crypto: fix gcm-aes-s390 selftest failures" [Test Case] * z14 with kernel >= 5.1 needed * If disabled, enable the crypto self tests. * Monitor syslog during modprobe of the aes_s390 kernel module. As this module usually gets automatically inserted during system startup you may need to unload the aes_s390 kernel module before re-inserting it. * Without the fix a message like "kernel: alg: aead: gcm-aes-s390 encryption test failed (wrong result) on test vector 1,..." will show up. * With the fix, all selftests will pass and nothing is reported in syslog. [Regression Potential] * The regression potential can be considered as low since this is purely s390x specific * affects one mode of the hardware crypto facility CPACF * and happens only on z14 (since z14 is the only model that currently supports the gcm-aes-s390 mode). * Applications using aes-gcm via the AF_ALG interface are not affected since this API ensures scatter/gather list entries with chunk sizes in multiples of 16 bytes. * Changes are limited to a single s390x crypto file /arch/s390/crypto/aes_s390.c [Other Info] * Problem was found during tests at IBM and is a so called 'preventive fix' * Since this affects z14 only, final test need to be done by IBM. * Applied cleanly for me on bionic master-next. __________ Description: kernel: Fix gcm-aes-s390 wrong scatter-gather list processing Symptom: gcm-aes-s390 wrong en/decryption processing Problem: The current gcm aes s390 implementation does not process scatter-gather input and output lists correct when list entries with sizes not multiples of the blocksize of 16 bytes are used. Result may be wrong calculated encrypted or decrypted data. This can only happen on z14 (this is the only machine which supports aes-gcm in hardware via CPACF). Please note that applications using aes-gcm via the AF_ALG interface are not affected as this API ensures scatter/gather list entries with chunk sizes in multiples of 16 bytes. However, all exploiters of aes-gcm within the kernel may be affected. Solution: Rework of the scatter/gather walk within the aes_s390 kernel module implementation with the goal to support any list entry size. Reproduction: With kernel 5.1 there has been an improvement on the crypto selftests. There are now tests run with fragmented scatter/gather lists. So: 1. You need at least a z14 and kernel >= 5.1. 2. If disabled, enable the crypto self tests. 3. Watch for syslog entries during modprobe of the aes_s390 kernel module. As this module usually gets automatically inserted during system startup you may need to unload the aes_s390 kernel module before re-inserting it. 4. Without the fix something like "kernel: alg: aead: gcm-aes-s390 encryption test failed (wrong result) on test vector 1,..." will show up. With the fix, all selftests will pass and nothing is reported in syslog. Component: kernel Upstream-ID: bef9f0ba300a55d79a69aa172156072182176515 This request is targeted for 19.10, but should also be applied to 18.04 and 19.04 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1832623/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
