Ubuntu
openssl package

[20.04 FEAT] OpenSSL: Support CPACF enhancements - part 2

Bug #1853312 reported by bugproxy
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Ubuntu on IBM z Systems
Fix Released
Medium
Dimitri John Ledkov
openssl (Ubuntu)
Fix Released
Undecided
Skipper Bug Screeners

Bug Description

Support new crypto functions and improve security.
Backport information will be provided.

bugproxy (bugproxy)
tags: added: architecture-s39064 bugnameltc-182243 severity-high targetmilestone-inin2004
Changed in ubuntu:
assignee: nobody → Skipper Bug Screeners (skipper-screen-team)
affects: ubuntu → linux (Ubuntu)
Revision history for this message
Frank Heimes (fheimes) wrote :

Changing to Incomplete until patches/backports available.

affects: linux (Ubuntu) → openssl (Ubuntu)
Changed in openssl (Ubuntu):
status: New → Incomplete
Changed in ubuntu-z-systems:
status: New → Incomplete
importance: Undecided → Medium
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for Ubuntu on IBM z Systems because there has been no activity for 60 days.]

Changed in ubuntu-z-systems:
status: Incomplete → Expired
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2020-01-20 09:41 EDT-------
Hi,

backports for openssl's 1.1.1 branch are available on my ecc111 branch:

https://github.com/p-steuer/openssl/commits/ecc111

Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Expired → Triaged
Changed in openssl (Ubuntu):
status: Incomplete → New
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Hi, the ecc111 branch is good, but still not what I'm after.

It is missing all of the previous patches that IBM has requested to be backported for openssl support of other acceleration.

And it's based on top of upstream stable branch, rather than on top last tag 1.1.1d. (that should be relatively minor).

I'm already carrying backports from master:
0001-s390x-assembly-pack-add-OPENSSL_s390xcap-environment.patch
0002-s390x-assembly-pack-add-OPENSSL_s390xcap-man-page.patch
0003-s390x-assembly-pack-perlasm-support.patch
0004-crypto-chacha-asm-chacha-s390x.pl-add-vx-code-path.patch
0005-crypto-poly1305-asm-poly1305-s390x.pl-add-vx-code-pa.patch
0006-s390x-assembly-pack-fix-formal-interface-bug-in-chac.patch
0007-s390x-assembly-pack-import-chacha-from-cryptogams-re.patch
0008-s390x-assembly-pack-import-poly-from-cryptogams-repo.patch
0009-s390x-assembly-pack-allow-alignment-hints-for-vector.patch
0010-s390x-assembly-pack-update-perlasm-module.patch
0011-s390x-assembly-pack-remove-chacha20-dependency-on-no.patch
0012-s390x-assembly-pack-remove-poly1305-dependency-on-no.patch
0013-fix-strict-warnings-build.patch
0014-s390x-assembly-pack-add-support-for-pcc-and-kma-inst.patch
0015-Following-the-license-change-modify-the-boilerplates.patch
0016-Place-return-values-after-examples-in-doc.patch
0017-s390x-assembly-pack-update-OPENSSL_s390xcap-3.patch

And these do not appear to be in the ecc111 branch, and I'd rather not drop those, in favor of ecc111 patches alone.

Ideally i want a single s390x111 branch which has all of the above patches, as well as the new ecc111 stuff. Maintained continiously by IBM.

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Please review https://github.com/p-steuer/openssl/pull/1

Changed in openssl (Ubuntu):
status: New → Incomplete
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Hm, but now i'm thinking to update to latest upstream/OpenSSL_1_1_1-stable due to all the tls v1.3 fixes and SHA1 signatures ban.

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2020-02-27 09:05 EDT-------
Heinz-Werner (just to keep you in the loop), i replied to dimitry on his GH PR:
https://github.com/p-steuer/openssl/pull/1

Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2020-02-27 09:12 EDT-------
@Xnox: please have look at the link which is provided.

Frank Heimes (fheimes)
Changed in openssl (Ubuntu):
status: Incomplete → New
Frank Heimes (fheimes)
information type: Private → Public
Changed in ubuntu-z-systems:
assignee: nobody → Dimitri John Ledkov (xnox)
Frank Heimes (fheimes)
Changed in ubuntu-z-systems:
status: Triaged → In Progress
Revision history for this message
Frank Heimes (fheimes) wrote :

The s390x ECC assembly pack improvements landed in package openssl version 1.1.1d-2ubuntu4
and we have version 1.1.1d-2ubuntu6 in the focal release pocket,
hence changing the status of this ticket to Fix Released.

Changed in openssl (Ubuntu):
status: New → Fix Released
Changed in ubuntu-z-systems:
status: In Progress → Fix Released
Revision history for this message
bugproxy (bugproxy) wrote :

------- Comment From <email address hidden> 2020-03-12 06:19 EDT-------
IBM Bugzilla status -> closed, Fix Released with focal

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.