------- Comment From patrick.ste...@de.ibm.com 2018-06-06 05:16 EDT------- > Is this upstreamed already? What is the upstream commit id?
As i said in #1, openssl upstream/master and 1.1.0 backports are not affected. The bug was introduced with the 1.0.2 backport (of upstream commit 96530eea93d27e536f4e93956256cf8dcda7d469). > An explanation of the effects of the bug on users Using openssl tls 1.2 with aes-gcm cipher-suites on s390 can lead to unexpected authentication failures. > justification for backporting the fix to the stable release Fix unexpected authentication failures when using openssl tls 1.2 with aes-gcm cipher-suites on s390. > In addition, it is helpful, but not required, to include an explanation of how the upload fixes this bug After openssl 1.0.2 most data structures were made opaque. Backporting to 1.0.2 means reversing this process. In case of this backport, accidentially the wrong structure member was assessed in one place in the s390 platform-specific aes-gcm tls code path. The uploaded fixes this bug by accessing the right structure member. > detailed instructions how to reproduce the bug > these should allow someone who is not familiar with the affected package to > reproduce the bug and verify that the updated package fixes the problem. Apply original backport patches to openssl 1.0.2 source. Build and run the test suite (make test). Observe test case failure when testing aes- gcm cipher suites. Apply the uploaded fix and repeat. Observe the test suite pass. > [Regression Potential] ... I dont see any risk for regression regarding this fix. > Specifically how to test/excercise this code path? As noted above, the openssl test suite exercises this code path (at least with high probability i.e., i hit the problem at 5/5 runs). -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1775018 Title: Fix for openssl 1.0.2 backport Status in Ubuntu on IBM z Systems: Triaged Status in openssl package in Ubuntu: New Bug description: This is a fix for this feature's backport to openssl 1.0.2 ( 1.1.0 and upstream code are not affected ). Original LP ticket : https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1743750 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-z-systems/+bug/1775018/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp