Re: Stitched vs non-Stitched Ciphersuites

Tue, 26 Feb 2019 08:42:52 -0800 


On 26/02/2019 15:44, Short, Todd wrote:
> Thanks Matt, 
> 
> So, just the cipher+MAC matter, the authentication/key-exchange are 
> irrelevant.
> 
> What about AEAD ciphers? Are they considered "stitched"?

No, they are not "stitched" but they are not impacted by this issue. We should
probably make that clearer in the advisory.

Matt


> 
> --
> -Todd Short
> // tsh...@akamai.com <mailto:tsh...@akamai.com>
> // "One if by land, two if by sea, three if by the Internet."
> 
>> On Feb 26, 2019, at 10:40 AM, Matt Caswell <m...@openssl.org
>> <mailto:m...@openssl.org>> wrote:
>>
>>
>>
>> On 26/02/2019 15:03, Short, Todd via openssl-users wrote:
>>> The latest security advisory:
>>>
>>> https://www.openssl.org/news/secadv/20190226.txt
>>>
>>> mentions stitched vs. non-stitched ciphersuites, but doesn’t really 
>>> elaborate on
>>> which ciphersuites are stitched and non-stitched.
>>
>> The actual list in use is platform specific - the stitched ciphers are based 
>> on
>> asm implementations. Libssl in 1.0.2 knows about these stitched ciphers:
>>
>> https://github.com/openssl/openssl/blob/56ff0f643482b19f7b2d7ed532dfb94ed3a4e294/ssl/ssl_ciph.c#L651-L671
>>
>> Any TLS ciphersuite based on the above ciphers will use the stitched
>> implementation if it is available on that platform.
>>
>> So, for example, if a stitched implementation of AES-128-CBC-HMAC-SHA1 is
>> available on your platform then it will be used if you negotiate the 
>> AES128-SHA
>> ciphersuite (aka TLS_RSA_WITH_AES_128_CBC_SHA). Similarly it will be used if 
>> you
>> negotiate DH-RSA-AES128-SHA (aka TLS_DH_RSA_WITH_AES_128_CBC_SHA) The 
>> combined
>> encrypt and mac operation will be performed in one go by the stitched
>> implementation. If you don't have a stitched implementation then the encrypt 
>> and
>> mac operations are performed individually.
>>
>> Matt
>>
>>
>>>
>>>> "In order for this to be exploitable "non-stitched" ciphersuites must be in
>>>> use. Stitched ciphersuites are optimised implementations of certain 
>>>> commonly
>>>> used ciphersuites."
>>>
>>> Can someone give some examples of both?
>>>
>>> --
>>> -Todd Short
>>> // tsh...@akamai.com <mailto:tsh...@akamai.com>
>>> // "One if by land, two if by sea, three if by the Internet."
>>>
> 






















					Reply via email to