Ubuntu
openssl package

[20.10 FEAT] openssl: RNG support

Bug #1799928 reported by bugproxy on 2018-10-25

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Ubuntu on IBM z Systems	Fix Released	Wishlist	Unassigned
	openssl (Ubuntu)	Fix Released	Undecided	Skipper Bug Screeners	Ubuntu later

Bug Description

Provide a CPACF based random number generator for openSSL using PRNO-SHA-512-DRNG to implement a NIST SP800-90A compliant SHA512 hash based deterministic random bit generator (DRBG) seeded true random numbers extracted using the PRNO-TRNG instruction.

Planned with > openssl 1.1.1

Tags:

bugproxy (bugproxy) on 2018-10-25

tags:	added: architecture-s39064 bugnameltc-161602 severity-high targetmilestone-inin1904
Changed in ubuntu:
assignee:	nobody → Skipper Bug Screeners (skipper-screen-team)
affects:	ubuntu → linux (Ubuntu)

Frank Heimes (fheimes) on 2018-10-25

affects:	linux (Ubuntu) → openssl (Ubuntu)
Changed in openssl (Ubuntu):
status:	New → Incomplete
Changed in ubuntu-z-systems:
status:	New → Incomplete

Frank Heimes (fheimes) on 2018-10-25

Changed in ubuntu-z-systems:
importance:	Undecided → Wishlist

Revision history for this message

bugproxy (bugproxy) wrote on 2018-11-19: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2018-11-19 09:10 EDT-------
Move Target to 19.10.

tags:

added: targetmilestone-inin1910
removed: targetmilestone-inin1904

Revision history for this message

Frank Heimes (fheimes) wrote on 2018-11-19: Re: [19.04 FEAT] openssl: RNG support

updating title

summary:

- [19.04 FEAT] openssl: RNG support
+ [19.10 FEAT] openssl: RNG support

Dimitri John Ledkov (xnox) on 2018-11-19

Changed in openssl (Ubuntu):
milestone:	none → later

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-01-19: Re: [19.10 FEAT] openssl: RNG support

[Expired for Ubuntu on IBM z Systems because there has been no activity for 60 days.]

Changed in ubuntu-z-systems:
status:	Incomplete → Expired

Revision history for this message

bugproxy (bugproxy) wrote on 2019-04-25: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2019-04-25 08:01 EDT-------
This LP is in expired date, but should be active again for 19.10

Revision history for this message

Andrew Cloke (andrew-cloke) wrote on 2019-04-25: Re: [19.10 FEAT] openssl: RNG support

Moved back to triaged.

Changed in ubuntu-z-systems:
status:	Expired → Triaged

Revision history for this message

Frank Heimes (fheimes) wrote on 2019-04-25:

Which is the target release of of openssl (it just says >1.1.1) this is going to land?
Just to make sure that it's available in time for the 19.10 development.

Revision history for this message

bugproxy (bugproxy) wrote on 2019-04-30: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2019-04-30 09:27 EDT-------
Feature will be provided with openssl 3.0

Revision history for this message

Frank Heimes (fheimes) wrote on 2019-04-30: Re: [19.10 FEAT] openssl: RNG support

Changing to Incomplete until OpenSSL 3.0 is released.

Revision history for this message

bugproxy (bugproxy) wrote on 2019-07-08: Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2019-07-08 10:46 EDT-------
Moved target from 19.10 -> 20.04 . Feature will not make it in time...

tags:

added: targetmilestone-inin2004
removed: targetmilestone-inin1910

Revision history for this message

Frank Heimes (fheimes) wrote on 2019-07-08: Re: [19.10 FEAT] openssl: RNG support

#10

Changing title and status to Incomplete until development of target Ubuntu release starts.

summary:	- [19.10 FEAT] openssl: RNG support + [20.04 FEAT] openssl: RNG support
Changed in ubuntu-z-systems:
status:	Triaged → Incomplete

Revision history for this message

Launchpad Janitor (janitor) wrote on 2019-09-07: Re: [20.04 FEAT] openssl: RNG support

#11

[Expired for Ubuntu on IBM z Systems because there has been no activity for 60 days.]

Changed in ubuntu-z-systems:
status:	Incomplete → Expired

Heinz-Werner Seeck (heinz-werner-seeck) on 2020-01-30

summary:

- [20.04 FEAT] openssl: RNG support
+ [20.10 FEAT] openssl: RNG support

Revision history for this message

bugproxy (bugproxy) wrote on 2020-01-30: Comment bridged from LTC Bugzilla

#12

------- Comment From <email address hidden> 2020-01-30 08:46 EDT-------
Feature will not make it in time for 20.04 -> New target 20.10

tags:

added: targetmilestone-inin2010
removed: targetmilestone-inin2004

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2020-04-23:

#13

OpenSSL 3 is due to release in Q4 of 2020. I do not expect to ship OpenSSL 3 in 20.10.

New target 21.04 ?

Revision history for this message

bugproxy (bugproxy) wrote on 2020-08-27:

#14

------- Comment From <email address hidden> 2020-08-27 07:32 EDT-------
@Frank: Please check if
commit https://github.com/openssl/openssl/commit/53eb05bdf00d7237e3b12976c2ac38d68206eb13

is applied to your openssl 1.1.1. This will implement the feature.

Many thx

Revision history for this message

Frank Heimes (fheimes) wrote on 2020-08-27:

#15

No, it doesn't look like patch "AES CTR-DRGB: performance improvement" (53eb05bdf00d7237e3b12976c2ac38d68206eb13) is in groovy's 1.1.1f-1ubuntu3.

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2020-09-02:

#16

Why is this comment appearing after the feature freeze, instead of in march when it was implemented on the master branch? Or april when promoted about this. Or may when it was cherrypicked to stable upstream release.

Was there anything that canonical could have done, to have this identified & ship earlier?

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-04:

#17

------- Comment From <email address hidden> 2020-09-04 06:13 EDT-------
@Xnox. Sorry for this late update. I falls thru the cracks in my side.
But is this still possible, to get in into 20.10. That would really appreciated.
Many thanks in advance.....

Dimitri John Ledkov (xnox) on 2020-09-15

information type:	Private → Public
Changed in openssl (Ubuntu):
status:	Incomplete → In Progress
Changed in ubuntu-z-systems:
status:	Expired → In Progress

Revision history for this message

Dimitri John Ledkov (xnox) wrote on 2020-09-15:

#18

The patch mentioned alone does not apply on 1.1.1f in Ubuntu, it seems it also needs

9cc834d966ea5afc38fb829bfe498aed4c5d498d
0d011f540400b425aba1c3e59624ad9dbabe83cb
a1ec85c169a8e53e52ab35914ad47b5baea84070
53eb05bdf00d7237e3b12976c2ac38d68206eb13
e6a80cbad28ee748830815634917efe96948f2f3

Will try this set next.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-09-21:

#19

This bug was fixed in the package openssl - 1.1.1f-1ubuntu4

---------------
openssl (1.1.1f-1ubuntu4) groovy; urgency=medium

  * Cherrypick upstream fix for non-interactive detection on Linux. LP:
    #1879826
  * Cherrypick AES CTR-DRGB: performance improvement LP: #1799928
  * Skip services restart & reboot notification if needrestart is in-use
    LP: #1895708

-- Dimitri John Ledkov <email address hidden> Tue, 15 Sep 2020 18:04:36 +0100

Changed in openssl (Ubuntu):
status:	In Progress → Fix Released

Frank Heimes (fheimes) on 2020-09-21

Changed in ubuntu-z-systems:
status:	In Progress → Fix Released

Revision history for this message

bugproxy (bugproxy) wrote on 2020-09-22:

#20

------- Comment From <email address hidden> 2020-09-22 02:05 EDT-------
IBM Bugzilla status->closed, Fix Released with groovy

Matthieu Clemenceau (mclemenceau) on 2020-10-14

tags:

added: fr-651

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuopenssl package

[20.10 FEAT] openssl: RNG support

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
openssl package