Bug 141526 - OpenSSL PadLock support needs update
Summary: OpenSSL PadLock support needs update
Status: VERIFIED FIXED
: 114671 (view as bug list)
Alias: None
Product: SUSE LINUX 10.0
Classification: openSUSE
Component: Basesystem (show other bugs)
Version: Final
Hardware: Other Other
: P5 - None : Major
Target Milestone: ---
Assignee: Peter Poeml
QA Contact: E-mail List
URL: http://www.logix.cz/michal/devel/padlock
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-01-05 01:57 UTC by Forgotten User mbQyAD5r4K
Modified: 2006-02-27 11:54 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Forgotten User mbQyAD5r4K 2006-01-05 01:57:35 UTC 
Hi,

I have run into severe problems with VIA PadLock-enabled OpenSSL from OpenSUSE 10.0 on my DualCPU VIA board. After some investigation I have found that you're still shipping OpenSSL with a too old PadLock patch. Could you please update the package to the latest ones found on http://www.logix.cz/michal/devel/padlock

After I rebuilt the OpenSSL with these patches everything works fine for me.

Thanks!
Comment 1 Peter Poeml 2006-02-13 12:32:35 UTC 
Michal, would the newer padlock version fix the problem reported in bug
141526? Is that the same issue as you encountered?
Comment 2 Forgotten User mbQyAD5r4K 2006-02-13 20:38:12 UTC 
Err ... _this_ is bug 141526 ;-)
Comment 3 Peter Poeml 2006-02-14 09:30:22 UTC 
Sorry.. I meant bug 114671 :-)
Comment 4 Forgotten User mbQyAD5r4K 2006-02-14 10:19:03 UTC 
Quite likely. The old patch is known to fail in some circumstances, e.g. when the same EVP_CIPHER_CTX is reused for both encryption and decryption. These problems are very hard to debug as they are bound to timing and context switches - attach a debugger or recompile w/o -O2 and they're gone.

I strongly recommend updating the PadLock patch in 10.0 openssl and release it as an online update. The patch is 100% backward compatible (except for the bugs :) and won't change anything for non-epia users.
Comment 5 Forgotten User mbQyAD5r4K 2006-02-14 10:20:50 UTC 
Back to ASSIGNED
Comment 6 Peter Poeml 2006-02-23 04:05:20 UTC 
Harald, given the positive feedback in bug 114671 I want to update
openssl in 10.0. Can you approve the fix? It has zero effect on boards
without the VIA crypto hardware, therefore it is not risky.
Comment 7 Andreas Jaeger 2006-02-23 15:30:56 UTC 
Peter, you have to ask me!

Ok, approved: Maintenance-Tracker-3657
Comment 8 Peter Poeml 2006-02-23 16:00:24 UTC 
Harald, technically this update is only needed on 10.0-i386, neither on
ppc nor x86_64. Is it okay with the patchinfo process to restrict
DISTRIBUTION like that? (I guess so, but asking to make sure)
Comment 9 Peter Poeml 2006-02-23 16:14:55 UTC 
Harald says that 10.0-i386 is sufficient.
Comment 10 Peter Poeml 2006-02-23 16:17:56 UTC 
*** Bug 114671 has been marked as a duplicate of this bug. ***
Comment 11 Anja Stock 2006-02-27 11:54:24 UTC 
released