The updated OpenSSL package is not behaving as expected, openssl config
file (/etc/ssl/openssl.cnf) has PKA dynamic engine enabled. But
execution of `openssl engine` doesn't show (PKA) engine as one of the
listings. And also, offloading to PKA doesn't happen by default. Ex:
Executing speed test of
** Tags removed: verification-needed-focal
** Tags added: verification-done-focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1931584
Title:
PKA: Fix NULL pointer kfree() issue
To manage
Public bug reported:
SRU Justification:
[Impact]
* Should not free NULL pointer. If the pointer is NULL as a result of memory
allocation (kmalloc()),
only return an error code and don't free (kfree()) a NULL pointer. Even
though kfree() won't perform
any operation if NULL
** Description changed:
For TRNG(True Random Number Generator) to be FIPS (Federal Information
Processing Standards) compliant, DRBG (Deterministic Random Bit
Generator) block needs to be enabled.
SRU Justification:
[Impact]
- * To be FIPS compliant, DRBG needs to be enabled in
** Attachment added: "Core dump file"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+attachment/5493968/+files/core-curl.32878.localhost.localdomain.1619816112
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Description changed:
"double free" error is seen when using curl utility. Error is from
libcrypto.so which is part of the OpenSSL package. This happens only
when OpenSSL is configured to use a dynamic engine.
OpenSSL version is 1.1.1f
- This issue is not encountered if
+ The
Public bug reported:
For TRNG(True Random Number Generator) to be FIPS (Federal Information
Processing Standards) compliant, DRBG (Deterministic Random Bit
Generator) block needs to be enabled.
SRU Justification:
[Impact]
* To be FIPS compliant, DRBG needs to be enabled in TRNG.
[Fix]
* Enable
Public bug reported:
Provide firmware update for PKA HW.
This new firmware adds support for Curve 25519 and Curve 448.
SRU Justification:
[Impact]
* Currently, curve 25519 and 448 are not supported by PKA firmware, new
firmware adds this support.
[Fix]
* Update PKA firmware image "pka: Update
Public bug reported:
There are a number of tests that can be carried out to verify the True
Random Number Generator (TRNG) block in PKA HW. Perform these tests
before using TRNG. These tests check if TRNG is functioning as expected.
Disable TRNG if any of these tests fail.
SRU Justification:
Public bug reported:
Due to recent design changes in PKA linux driver, update the major
version number.
SRU Justification:
[Impact]
* To depict recent design changes in PKA linux driver version number needs to
be updated.
[Fix]
* Update PKA driver major version number "pka: Upgrade to version
Public bug reported:
"double free" error is seen when using curl utility. Error is from
libcrypto.so which is part of the OpenSSL package. This happens only
when OpenSSL is configured to use a dynamic engine.
OpenSSL version is 1.1.1f
This issue is not encountered if
Public bug reported:
On some Bluefield platforms, the reboot flow leaves PKA traces in the kernel.
This is due to PKA being corrupt on boot-up due to multiple applications using
PKA at the same time.
Handling multiple applications requires a new feature in the PKA driver.
SRU Justification:
Public bug reported:
ACPI table is updated for PKA (public key accelerator) HW on bluefield
platforms (by Mellanox/Nvidia).
Platform dependant memory addresses are now defined in ACPI table rather than
defining them in the driver code.
This requires an update in the PKA driver to read these
13 matches
Mail list logo