diff -Nru openssl-1.1.1f/debian/changelog openssl-1.1.1f/debian/changelog --- openssl-1.1.1f/debian/changelog 2021-11-24 05:20:48.000000000 -0800 +++ openssl-1.1.1f/debian/changelog 2022-02-05 14:56:48.000000000 -0800 @@ -1,3 +1,10 @@ +openssl (1.1.1f-1ubuntu2.11) focal; urgency=medium + + * debian/patches/crypto-poly1305-asm-fix-armv8-pointer-authentication.patch: + Fix segfault in Poly1305 on aarch64 (LP: #1951279). + + -- Anders Kaseorg Sat, 05 Feb 2022 14:56:48 -0800 + openssl (1.1.1f-1ubuntu2.10) focal; urgency=medium * Cherry-pick upstream fixes to prevent double engine loading (LP: #1951943) diff -Nru openssl-1.1.1f/debian/patches/crypto-poly1305-asm-fix-armv8-pointer-authentication.patch openssl-1.1.1f/debian/patches/crypto-poly1305-asm-fix-armv8-pointer-authentication.patch --- openssl-1.1.1f/debian/patches/crypto-poly1305-asm-fix-armv8-pointer-authentication.patch 1969-12-31 16:00:00.000000000 -0800 +++ openssl-1.1.1f/debian/patches/crypto-poly1305-asm-fix-armv8-pointer-authentication.patch 2022-02-05 14:56:08.000000000 -0800 @@ -0,0 +1,34 @@ +From: Ard Biesheuvel +Date: Tue, 27 Oct 2020 18:02:40 +0100 +Subject: crypto/poly1305/asm: fix armv8 pointer authentication + +PAC pointer authentication signs the return address against the value +of the stack pointer, to prevent stack overrun exploits from corrupting +the control flow. However, this requires that the AUTIASP is issued with +SP holding the same value as it held when the PAC value was generated. +The Poly1305 armv8 code got this wrong, resulting in crashes on PAC +capable hardware. + +Reviewed-by: Paul Dale +Reviewed-by: Tomas Mraz +(Merged from https://github.com/openssl/openssl/pull/13256) + +(cherry picked from commit fcf6e9d056162d5af64c6f7209388a5c3be2ce57) +--- + crypto/poly1305/asm/poly1305-armv8.pl | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/crypto/poly1305/asm/poly1305-armv8.pl b/crypto/poly1305/asm/poly1305-armv8.pl +index d07494bd18..2a42b64a92 100755 +--- a/crypto/poly1305/asm/poly1305-armv8.pl ++++ b/crypto/poly1305/asm/poly1305-armv8.pl +@@ -864,8 +864,8 @@ poly1305_blocks_neon: + st1 {$ACC4}[0],[$ctx] + + .Lno_data_neon: +- .inst 0xd50323bf // autiasp + ldr x29,[sp],#80 ++ .inst 0xd50323bf // autiasp + ret + .size poly1305_blocks_neon,.-poly1305_blocks_neon + diff -Nru openssl-1.1.1f/debian/patches/series openssl-1.1.1f/debian/patches/series --- openssl-1.1.1f/debian/patches/series 2021-11-24 05:20:39.000000000 -0800 +++ openssl-1.1.1f/debian/patches/series 2022-02-05 14:56:38.000000000 -0800 @@ -79,3 +79,4 @@ double-engine-load.patch more-testing-dgst.patch double-engine-load-test.patch +crypto-poly1305-asm-fix-armv8-pointer-authentication.patch