CVE-2019-1559 advisory - what is "non-stiched" ciphersuite means?

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

CVE-2019-1559 advisory - what is "non-stiched" ciphersuite means?

M K Saravanan
Hi,

In the context of https://www.openssl.org/news/secadv/20190226.txt

======
In order for this to be exploitable "non-stitched" ciphersuites must be in use.
======

what is "non-stitched" ciphersuites means?

with regards,
Saravanan
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-1559 advisory - what is "non-stiched" ciphersuite means?

Marian Beermann
"Stitching" is an optimization where you have algorithm A (e.g. AES-CBC)
and algorithm B (e.g. HMAC-SHA2) working on the same data, and you
interleave the instructions of A and B. (This can improve performance by
increasing port and EU utilization relative to running A and B
sequentially).

I believe OpenSSL uses stitched implementations in TLS for AES-CBC +
HMAC-SHA1/2, if they exist for the platform.

Also note that "AEAD ciphersuites are not impacted", i.e. AES-GCM and
ChaPoly are not impacted.

Cheers, Marian

Am 27.02.19 um 03:56 schrieb M K Saravanan:

> Hi,
>
> In the context of https://www.openssl.org/news/secadv/20190226.txt
>
> ======
> In order for this to be exploitable "non-stitched" ciphersuites must be in use.
> ======
>
> what is "non-stitched" ciphersuites means?
>
> with regards,
> Saravanan
>

Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-1559 advisory - what is "non-stiched" ciphersuite means?

Sam Roberts
It would have been helpful if the sec announcement had contained a
specific list of cipher suites affected, even without the additional
list of specific architectures vulnerable.

Its hard to communicate clearly ATM to people which suites are or are
not affected, so they can know if they are affected.

Sam
Reply | Threaded
Open this post in threaded view
|

Re: CVE-2019-1559 advisory - what is "non-stiched" ciphersuite means?

M K Saravanan
In reply to this post by Marian Beermann
Thanks Marian for the clarification.

After your email, I also read the
https://github.com/RUB-NDS/TLS-Padding-Oracles and found
https://software.intel.com/en-us/articles/improving-openssl-performance#_Toc416943485

with regards,
Saravanan

On Wed, 27 Feb 2019 at 17:26, Marian Beermann <[hidden email]> wrote:

>
> "Stitching" is an optimization where you have algorithm A (e.g. AES-CBC)
> and algorithm B (e.g. HMAC-SHA2) working on the same data, and you
> interleave the instructions of A and B. (This can improve performance by
> increasing port and EU utilization relative to running A and B
> sequentially).
>
> I believe OpenSSL uses stitched implementations in TLS for AES-CBC +
> HMAC-SHA1/2, if they exist for the platform.
>
> Also note that "AEAD ciphersuites are not impacted", i.e. AES-GCM and
> ChaPoly are not impacted.
>
> Cheers, Marian
>
> Am 27.02.19 um 03:56 schrieb M K Saravanan:
> > Hi,
> >
> > In the context of https://www.openssl.org/news/secadv/20190226.txt
> >
> > ======
> > In order for this to be exploitable "non-stitched" ciphersuites must be in use.
> > ======
> >
> > what is "non-stitched" ciphersuites means?
> >
> > with regards,
> > Saravanan
> >
>