[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#867659: marked as done (stretch-pu: package gnutls28/3.5.8-5+deb9u2)

Your message dated Sat, 22 Jul 2017 13:17:18 +0100
with message-id <1500725838.14212.3.camel@adam-barratt.org.uk>
and subject line Closing bugs for 9.1 p-u fixes
has caused the Debian Bug report #867659,
regarding stretch-pu: package gnutls28/3.5.8-5+deb9u2
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
867659: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867659
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

Hello,

I would like to fix #867581 in stable by pulling the patch from 3.5.13.
The issue is about broken AES-GCM in-place encryption and decryption on
aarch64.

cu Andreas

-- 
`What a good friend you are to him, Dr. Maturin. His other friends are
so grateful to you.'
`I sew his ears on from time to time, sure'

diff -Nru gnutls28-3.5.8/debian/changelog gnutls28-3.5.8/debian/changelog
--- gnutls28-3.5.8/debian/changelog	2017-06-16 07:47:11.000000000 +0200
+++ gnutls28-3.5.8/debian/changelog	2017-07-08 10:29:05.000000000 +0200
@@ -1,3 +1,11 @@
+gnutls28 (3.5.8-5+deb9u2) stretch; urgency=medium
+
+  * 37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch from
+    upstream 3.5.x branch: Fix breakage if AES-GCM in-place encryption and
+    decryption on aarch64. Closes: #867581
+
+ -- Andreas Metzler <ametzler@debian.org>  Sat, 08 Jul 2017 10:29:05 +0200
+
 gnutls28 (3.5.8-5+deb9u1) stretch-security; urgency=high
 
   * 36_CVE-2017-7507_*.patch: Pulled from 3.5.13, fix crash upon receiving
diff -Nru gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch
--- gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch	1970-01-01 01:00:00.000000000 +0100
+++ gnutls28-3.5.8/debian/patches/37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch	2017-07-07 19:43:55.000000000 +0200
@@ -0,0 +1,57 @@
+From 864e8d4e3ba87f53df7bdef695661415ed60a018 Mon Sep 17 00:00:00 2001
+From: Nikos Mavrogiannopoulos <nmav@redhat.com>
+Date: Mon, 22 May 2017 14:41:56 +0200
+Subject: [PATCH] aarch64: fix AES-GCM in-place encryption and decryption
+
+Resolves #204
+
+Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
+---
+ lib/accelerated/aarch64/aes-gcm-aarch64.c | 24 ++++++++++++++++++++++++
+ 1 file changed, 24 insertions(+)
+
+diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c b/lib/accelerated/aarch64/aes-gcm-aarch64.c
+index c571d0294..8d2bc1dce 100644
+--- a/lib/accelerated/aarch64/aes-gcm-aarch64.c
++++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c
+@@ -153,6 +153,27 @@ gcm_ghash(struct aes_gcm_ctx *ctx, const uint8_t * src, size_t src_size)
+ }
+ 
+ static void
++ctr32_encrypt_blocks_inplace(const unsigned char *in, unsigned char *out,
++			     size_t blocks, const AES_KEY *key,
++			     const unsigned char ivec[16])
++{
++	unsigned i;
++	uint8_t ctr[16];
++	uint8_t tmp[16];
++
++	memcpy(ctr, ivec, 16);
++
++	for (i=0;i<blocks;i++) {
++		aes_v8_encrypt(ctr, tmp, key);
++		memxor3(out, tmp, in, 16);
++
++		out += 16;
++		in += 16;
++		INCREMENT(16, ctr);
++	}
++}
++
++static void
+ ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+ 		     size_t blocks, const AES_KEY *key,
+ 		     const unsigned char ivec[16])
+@@ -160,6 +181,9 @@ ctr32_encrypt_blocks(const unsigned char *in, unsigned char *out,
+ 	unsigned i;
+ 	uint8_t ctr[16];
+ 
++	if (in == out)
++		return ctr32_encrypt_blocks_inplace(in, out, blocks, key, ivec);
++
+ 	memcpy(ctr, ivec, 16);
+ 
+ 	for (i=0;i<blocks;i++) {
+-- 
+2.13.2
+
diff -Nru gnutls28-3.5.8/debian/patches/series gnutls28-3.5.8/debian/patches/series
--- gnutls28-3.5.8/debian/patches/series	2017-06-16 07:47:04.000000000 +0200
+++ gnutls28-3.5.8/debian/patches/series	2017-07-07 19:43:58.000000000 +0200
@@ -12,3 +12,4 @@
 36_CVE-2017-7507_1-ext-status_request-ensure-response-IDs-are-properly-.patch
 36_CVE-2017-7507_2-ext-status_request-Removed-the-parsing-of-responder-.patch
 36_CVE-2017-7507_3-gnutls_ocsp_status_request_enable_client-documented-.patch
+37_aarch64-fix-AES-GCM-in-place-encryption-and-decrypti.patch

Attachment: signature.asc
Description: PGP signature


--- End Message ---
--- Begin Message --- 
Version: 9.1

Hi,

These bugs all relate to updates which were included in today's stretch
point release.

Regards,

Adam

--- End Message ---
Reply to: