Stitched vs non-Stitched Ciphersuites

Matt Caswell matt at openssl.org
Tue Feb 26 16:42:10 UTC 2019 


On 26/02/2019 15:44, Short, Todd wrote:
> Thanks Matt, 
> 
> So, just the cipher+MAC matter, the authentication/key-exchange are irrelevant.
> 
> What about AEAD ciphers? Are they considered "stitched"?

No, they are not "stitched" but they are not impacted by this issue. We should
probably make that clearer in the advisory.

Matt


> 
> --
> -Todd Short
> // tshort at akamai.com <mailto:tshort at akamai.com>
> // "One if by land, two if by sea, three if by the Internet."
> 
>> On Feb 26, 2019, at 10:40 AM, Matt Caswell <matt at openssl.org
>> <mailto:matt at openssl.org>> wrote:
>>
>>
>>
>> On 26/02/2019 15:03, Short, Todd via openssl-users wrote:
>>> The latest security advisory:
>>>
>>> https://www.openssl.org/news/secadv/20190226.txt
>>>
>>> mentions stitched vs. non-stitched ciphersuites, but doesn’t really elaborate on
>>> which ciphersuites are stitched and non-stitched.
>>
>> The actual list in use is platform specific - the stitched ciphers are based on
>> asm implementations. Libssl in 1.0.2 knows about these stitched ciphers:
>>
>> https://github.com/openssl/openssl/blob/56ff0f643482b19f7b2d7ed532dfb94ed3a4e294/ssl/ssl_ciph.c#L651-L671
>>
>> Any TLS ciphersuite based on the above ciphers will use the stitched
>> implementation if it is available on that platform.
>>
>> So, for example, if a stitched implementation of AES-128-CBC-HMAC-SHA1 is
>> available on your platform then it will be used if you negotiate the AES128-SHA
>> ciphersuite (aka TLS_RSA_WITH_AES_128_CBC_SHA). Similarly it will be used if you
>> negotiate DH-RSA-AES128-SHA (aka TLS_DH_RSA_WITH_AES_128_CBC_SHA) The combined
>> encrypt and mac operation will be performed in one go by the stitched
>> implementation. If you don't have a stitched implementation then the encrypt and
>> mac operations are performed individually.
>>
>> Matt
>>
>>
>>>
>>>> "In order for this to be exploitable "non-stitched" ciphersuites must be in
>>>> use. Stitched ciphersuites are optimised implementations of certain commonly
>>>> used ciphersuites."
>>>
>>> Can someone give some examples of both?
>>>
>>> --
>>> -Todd Short
>>> // tshort at akamai.com <mailto:tshort at akamai.com>
>>> // "One if by land, two if by sea, three if by the Internet."
>>>
>

More information about the openssl-users mailing list