OpenSSL* 1.0.2 beta (Jun 2014) to OpenSSL 1.0.2k (Jan 2017) contain bugs that either cause a crash or bad SHA (Secure Hash Algorithm) values on processors with the SHA extensions, such as the recently released 10th Generation processor. Both bugs were fixed years ago; however, any application that uses the old version directly, or as one of its dependencies, will fail. Unreal Engine* version 4.13 (Sept 2016) to version 4.21 (Dec 2018) contains the old version of OpenSSL, so any game built using those versions is possibly affected.
This is most useful for testing or identification of the bug. If the ISV (independent software vendor) controls the process launch 100 percent through a script or launcher, it could then be used as a fix.
OpenSSL provides an environment variable control for enabling features, including one that modifies the Intel® CPU identification, OPENSSL_ia32cap:
This disables the OpenSSL code check for SHA extensions and runs a different code path that does not contain the crashing bug.
OpenSSL is most commonly statically linked, therefore the application itself needs to be modified by the ISV. The actions depend on if you are using Unreal Engine or not.
If the application uses Unreal Engine it may be affected. OpenSSL is used for HTTP transactions and chat via XMPP. We expect multiplayer games to be most likely affected.
Depending on your usage of Unreal Intel recommends you take one of the following steps to resolve the issue:
If the application uses OpenSSL natively, Intel recommends you take one of the following steps to resolve the issue:
Upgrade to OpenSSL version 1.1.1. Version 1.1.1 is not a drop-in replacement for version 1.0.2, so may require more extensive development and test but will bring you up to date on all OpenSSL updates.
Upgrade to the latest version 1.0.2. This should be a drop-in replacement and will also include many other bugs and fixes.
Upgrade to OpenSSL version 1.0.2L. This is the first version that contains both fixes. While this will fix the issues described here there may be other security issues still remaining.
Implement these two fixes manually:
Version 1.0.2 will only be supported until December 2019 – choosing options that leave your code on 1.0.2 could leave you with other security issues.
Consider use of OpenSSL unit tests:
The following report may help with identification of this issue: IMPORTANT BUG: Apollo Lake compatablity issues.
If you are an end user who has discovered and confirmed this bug, please contact the application developer directly and refer them to this article. If the developer is out of business or unresponsive, please contact an Intel representative so that we can investigate the issue.
Intel's compilers may or may not optimize to the same degree for non-Intel microprocessors for optimizations that are not unique to Intel microprocessors. These optimizations include SSE2, SSE3, and SSSE3 instruction sets and other optimizations. Intel does not guarantee the availability, functionality, or effectiveness of any optimization on microprocessors not manufactured by Intel. Microprocessor-dependent optimizations in this product are intended for use with Intel microprocessors. Certain optimizations not specific to Intel microarchitecture are reserved for Intel microprocessors. Please refer to the applicable product User and Reference Guides for more information regarding the specific instruction sets covered by this notice.
Notice revision #20110804