Ubuntu
openssl package

25-test_verify.t is failing after adding CVE-2023-0465 for openssl 1.1.1a

Asked by Manu Mayur

Hi All,

Recently i have added CVE-2023-0465 patch to my openssl 1.1.1a source.
During testing, when i run make test, 25-test_verify.t is failing.
Here is the log:

../test/recipes/25-test_verify.t (Wstat: 65280 Tests: 136 Failed: 0)
  Non-zero exit status: 255
  Parse errors: Bad plan. You planned 139 tests but ran 136.
Files=1, Tests=136, 11 wallclock secs ( 0.21 usr 0.00 sys + 3.47 cusr 2.87 csys = 6.55 CPU)
Result: FAIL

Could any one please suggest on this issue.

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu openssl Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Manfred Hampl (m-hampl) said (last edit ): 		#1

What exactly are you doing and which Ubuntu release are you running?

openssl version 1.1.1a was the version in Ubuntu 19.04 (disco), which is not supported any more.

As far as I can see from https://ubuntu.com/security/CVE-2023-0465 the related patch has already been added to all supported Ubuntu releases.

Revision history for this message
Manu Mayur (manukmayur) said : 		#2

I have taken patches from https://packages.ubuntu.com/source/focal/openssl and applied in my openssl 1.1.1 version.
Patches for CVE-2023-0465 and CVE-2023-0215 got applied successfully, after building my package, during make test command I am getting error for two sub-sets 25-test_verify.t and 80-test_cms.t
Before applying the patch, those 2 tests were passing, so I want to know is there any specific reason for this failure.

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

The patches for focal are for openssl version 1.1.1f. They are not meant to be applied to openssl version 1.1.1a.

What do you expect to gain from using an obsolete version of openssl? (Remark: According to https://www.openssl.org/source/ the current version of the 1.1.1 branch is 1.1.1v, and according to https://www.openssl.org/policies/releasestrat.html support from openssl side for the 1.1.1 branch will end in six weeks' time)

For diagnostic purposes, what is the output that you receive for the following commands (to be executed in a terminal window)

uname -a
lsb_release -crid
apt policy openssl

Can you help with this problem?

Provide an answer of your own, or ask Manu Mayur for more information if necessary.

To post a message you must log in.