AES256-GCM emits all-zeros ciphertext on aarch64 with hardware acceleration
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnutls28 (Ubuntu) |
Fix Released
|
Critical
|
Julian Andres Klode | ||
Zesty |
Fix Released
|
Critical
|
Julian Andres Klode |
Bug Description
[Impact]
AES256-GCM ciphertext is all zero on arm64 with hardware acceleration, breaking gnome-terminal and xfce4-terminal which use encrypted scrollback buffers.
[Test case]
Compile the program from https:/
[Regression potential]
Code change is limited to AES256-GCM w/ HW accel on aarch64, so that's the only thing that could possibly break. But given that it's broken already, it does not seem to be a big issue even if it breaks otherwise.
[Other info]
Original report:
The following Debian issue exists in the Ubuntu package as well
https:/
It breaks gnome-terminal and xfce4-terminal on arm64 machines.
The issue is fixed upstream in 3.5.13, and the fix was backported to Debian stretch as well (3.5.8-5+deb9u2)
Changed in gnutls28 (Ubuntu): | |
assignee: | nobody → Julian Andres Klode (juliank) |
Changed in gnutls28 (Ubuntu Zesty): | |
importance: | Undecided → High |
status: | New → Triaged |
assignee: | nobody → Julian Andres Klode (juliank) |
Changed in gnutls28 (Ubuntu): | |
status: | In Progress → Fix Committed |
description: | updated |
Changed in gnutls28 (Ubuntu Zesty): | |
status: | Triaged → Confirmed |
status: | Confirmed → In Progress |
Yeah, I just noticed that as well. I could do an update, need to fix the one from +deb9u3 as well.