Re: matrixssl

To: Christopher Samuel <samuel@unimelb.edu.au>, debian-lts@lists.debian.org
Subject: Re: matrixssl
From: Brian May <bam@debian.org>
Date: Mon, 05 Sep 2016 18:30:15 +1000
Message-id: <[🔎] 87k2eqrboo.fsf@prune.linuxpenguins.xyz>
In-reply-to: <[🔎] 87oa42rcav.fsf@prune.linuxpenguins.xyz>
References: <20160811183508.GA25886@bogon.m.sigxcpu.org> <87d1l76did.fsf@prune.linuxpenguins.xyz> <20160818052455.kybgoxuauzietal2@bogon.m.sigxcpu.org> <20160819144920.7eyncqm2kfzjndl7@bogon.m.sigxcpu.org> <87a8g544ue.fsf@prune.linuxpenguins.xyz> <8760qt43tm.fsf@prune.linuxpenguins.xyz> <20160823052256.ysety37mygjxxovu@bogon.m.sigxcpu.org> <CABY6=0=XPkeD5aeczFcWaiZJHRnMiKSckb2xrFat3X2j+1VoZg@mail.gmail.com> <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org> <[🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz> <[🔎] 20160901180911.7o2hfxmdzsd3p3gx@bogon.m.sigxcpu.org> <[🔎] 87wpiur8tv.fsf@prune.linuxpenguins.xyz> <[🔎] deabbfe3-8523-46a6-4a2c-0fcf7f27c64a@unimelb.edu.au> <[🔎] 87oa42rcav.fsf@prune.linuxpenguins.xyz>

Brian May <bam@debian.org> writes:
> Ok, managed to rebuild the Debian package with ssl3 support enabled. It
> appears to work. Will try the exploit. Still leaves me wondering if it
> is actually worth fixing security issues in matrixssl.

Hmmm.. Interesting. Wheezy version appears to be not vulnerable to these
exploits. Or I am doing something wrong. Take your pick.

If I set RSA_BREAK_ZERO or RSA_BREAK_MODULUS and try to connect to a
server, I get an instant disconnect:

=== server ===
(wheezy-amd64-default)root@prune:/home/brian# tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key2.pem cat
sslio[22436]: fatal: ssl decode error: illegal parameter
sslio[22475]: fatal: ssl decode error: illegal parameter
=== cut ===

=== client ===
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# export RSA_BREAK_ZERO=yes
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
verify return:1
140106150102680:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47
140106150102680:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx
MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB
MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn
391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++
gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T
mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt
cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO
PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/
mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf
ls9+lwksgQnWz+soMeHCQsMCEJo=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 754 bytes and written 208 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-SHA
    Session-ID: 000000007A25015D9CAB0A4B7359B5222D2483C904002B0BE51F9B8EBD115666
    Session-ID-ctx: 
    Master-Key: C6E7544269DFDE1A25A2FB58CACD642A6B14D9BE249CC652904739C57681D768B240233E3F93AC6030F01CF8D05C4D2A
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1473063748
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h#
unset RSA_BREAK_ZERO
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# export RSA_BREAK_MODULUS=yes
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
verify return:1
140672067921560:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47
140672067921560:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx
MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB
MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn
391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++
gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T
mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt
cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO
PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/
mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf
ls9+lwksgQnWz+soMeHCQsMCEJo=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 754 bytes and written 208 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-SHA
    Session-ID: 0000000027D0178653F5B0ACC59FC8DE8C24C928E19C7F857BA037D553810F6F
    Session-ID-ctx: 
    Master-Key: 17A957E416C33EAC1BB05D84FC4D6A57779BD77EFA11D0A6C1C6D3A9B841DBE82C7BFECED8FC258A64F82220C612DDC3
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1473063769
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# unset RSA_BREAK_MODULUS
(stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123
CONNECTED(00000003)
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
verify return:1
---
Certificate chain
 0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
   i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
Server certificate
-----BEGIN CERTIFICATE-----
MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx
MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB
MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn
391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++
gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T
mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt
cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO
PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/
mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf
ls9+lwksgQnWz+soMeHCQsMCEJo=
-----END CERTIFICATE-----
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
---
No client certificate CA names sent
---
SSL handshake has read 818 bytes and written 354 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : RC4-SHA
    Session-ID: 0000000098B68A5DB2227A7F20F8DF9689A980A555F9489E928BB16D4D4387E1
    Session-ID-ctx: 
    Master-Key: AE893A6CBD90CE16698C496028DFC3055EFC0E46A56C9212812A38680761A46D222602F239292C2BD5AA9CF91031D004
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1473063834
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---
[ it is now working ]
=== cut ===

-- 
Brian May <bam@debian.org>

Reply to:

Follow-Ups:
- Re: matrixssl
  - From: Ola Lundqvist <ola@inguza.com>

References:
- Re: matrixssl
  - From: Brian May <bam@debian.org>
- Re: matrixssl
  - From: Guido Günther <agx@sigxcpu.org>
- Re: matrixssl
  - From: Brian May <bam@debian.org>
- Re: matrixssl
  - From: Christopher Samuel <samuel@unimelb.edu.au>
- Re: matrixssl
  - From: Brian May <bam@debian.org>

Prev by Date: Re: matrixssl
Next by Date: Re: qemu: CVE-2016-7116
Previous by thread: Re: matrixssl
Next by thread: Re: matrixssl
Index(es):
- Date
- Thread