Re: matrixssl

To: Brian May <bam@debian.org>
Cc: Christopher Samuel <samuel@unimelb.edu.au>, Debian LTS <debian-lts@lists.debian.org>
Subject: Re: matrixssl
From: Ola Lundqvist <ola@inguza.com>
Date: Mon, 5 Sep 2016 13:03:02 +0200
Message-id: <[🔎] CABY6=0mDoVUm1VkZMxiAu7rS5JYSJv8mybinutZ4fze11esPPw@mail.gmail.com>
In-reply-to: <[🔎] 87k2eqrboo.fsf@prune.linuxpenguins.xyz>
References: <20160811183508.GA25886@bogon.m.sigxcpu.org> <87d1l76did.fsf@prune.linuxpenguins.xyz> <20160818052455.kybgoxuauzietal2@bogon.m.sigxcpu.org> <20160819144920.7eyncqm2kfzjndl7@bogon.m.sigxcpu.org> <87a8g544ue.fsf@prune.linuxpenguins.xyz> <8760qt43tm.fsf@prune.linuxpenguins.xyz> <20160823052256.ysety37mygjxxovu@bogon.m.sigxcpu.org> <CABY6=0=XPkeD5aeczFcWaiZJHRnMiKSckb2xrFat3X2j+1VoZg@mail.gmail.com> <20160823184619.ligohblvpi5wxsiu@bogon.m.sigxcpu.org> <[🔎] 87oa48qd7k.fsf@prune.linuxpenguins.xyz> <[🔎] 20160901180911.7o2hfxmdzsd3p3gx@bogon.m.sigxcpu.org> <[🔎] 87wpiur8tv.fsf@prune.linuxpenguins.xyz> <[🔎] deabbfe3-8523-46a6-4a2c-0fcf7f27c64a@unimelb.edu.au> <[🔎] 87oa42rcav.fsf@prune.linuxpenguins.xyz> <[🔎] 87k2eqrboo.fsf@prune.linuxpenguins.xyz>

Hi Brian

I think we should state no-dsa for this.

Matrixssl is very seldomly used. According to popcon there are in
total 75 users.
https://qa.debian.org/popcon.php?package=matrixssl

Considering that it is really hard to reproduce (or impossible) and
lack of users I think we should spend our efforts on more important
problems.

Best regards


// Ola

On Mon, Sep 5, 2016 at 10:30 AM, Brian May <bam@debian.org> wrote:
> Brian May <bam@debian.org> writes:
>> Ok, managed to rebuild the Debian package with ssl3 support enabled. It
>> appears to work. Will try the exploit. Still leaves me wondering if it
>> is actually worth fixing security issues in matrixssl.
>
> Hmmm.. Interesting. Wheezy version appears to be not vulnerable to these
> exploits. Or I am doing something wrong. Take your pick.
>
> If I set RSA_BREAK_ZERO or RSA_BREAK_MODULUS and try to connect to a
> server, I get an instant disconnect:
>
> === server ===
> (wheezy-amd64-default)root@prune:/home/brian# tcpsvd localhost 8123 sslio -u brian -C cert.pem -K key2.pem cat
> sslio[22436]: fatal: ssl decode error: illegal parameter
> sslio[22475]: fatal: ssl decode error: illegal parameter
> === cut ===
>
> === client ===
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# export RSA_BREAK_ZERO=yes
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123
> CONNECTED(00000003)
> depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
> verify return:1
> 140106150102680:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47
> 140106150102680:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
> ---
> Certificate chain
>  0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
>    i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
> BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
> aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx
> MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
> LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
> BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB
> MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn
> 391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++
> gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T
> mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt
> cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO
> PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/
> mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf
> ls9+lwksgQnWz+soMeHCQsMCEJo=
> -----END CERTIFICATE-----
> subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 754 bytes and written 208 bytes
> ---
> New, TLSv1/SSLv3, Cipher is RC4-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : SSLv3
>     Cipher    : RC4-SHA
>     Session-ID: 000000007A25015D9CAB0A4B7359B5222D2483C904002B0BE51F9B8EBD115666
>     Session-ID-ctx:
>     Master-Key: C6E7544269DFDE1A25A2FB58CACD642A6B14D9BE249CC652904739C57681D768B240233E3F93AC6030F01CF8D05C4D2A
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1473063748
>     Timeout   : 7200 (sec)
>     Verify return code: 18 (self signed certificate)
> ---
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h#
> unset RSA_BREAK_ZERO
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# export RSA_BREAK_MODULUS=yes
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123
> CONNECTED(00000003)
> depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
> verify return:1
> 140672067921560:error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter:s3_pkt.c:1472:SSL alert number 47
> 140672067921560:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
> ---
> Certificate chain
>  0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
>    i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
> BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
> aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx
> MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
> LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
> BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB
> MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn
> 391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++
> gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T
> mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt
> cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO
> PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/
> mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf
> ls9+lwksgQnWz+soMeHCQsMCEJo=
> -----END CERTIFICATE-----
> subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 754 bytes and written 208 bytes
> ---
> New, TLSv1/SSLv3, Cipher is RC4-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : SSLv3
>     Cipher    : RC4-SHA
>     Session-ID: 0000000027D0178653F5B0ACC59FC8DE8C24C928E19C7F857BA037D553810F6F
>     Session-ID-ctx:
>     Master-Key: 17A957E416C33EAC1BB05D84FC4D6A57779BD77EFA11D0A6C1C6D3A9B841DBE82C7BFECED8FC258A64F82220C612DDC3
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1473063769
>     Timeout   : 7200 (sec)
>     Verify return code: 18 (self signed certificate)
> ---
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# unset RSA_BREAK_MODULUS
> (stretch-amd64-default)root@prune:/home/brian/tree/debian/debian-lts/wheezy/matrixssl/openssl-1.0.2h# openssl s_client -ssl3 -connect localhost:8123
> CONNECTED(00000003)
> depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
> verify error:num=18:self signed certificate
> verify return:1
> depth=0 C = AU, ST = Some-State, O = Internet Widgits Pty Ltd, CN = localhost
> verify return:1
> ---
> Certificate chain
>  0 s:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
>    i:/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> ---
> Server certificate
> -----BEGIN CERTIFICATE-----
> MIICgDCCAemgAwIBAgIJAITtyLEbQkaHMA0GCSqGSIb3DQEBCwUAMFkxCzAJBgNV
> BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
> aWRnaXRzIFB0eSBMdGQxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xNjA5MDUwNzQx
> MjdaFw0xNjEwMDUwNzQxMjdaMFkxCzAJBgNVBAYTAkFVMRMwEQYDVQQIDApTb21l
> LVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQBgNV
> BAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAz8hRc6PB
> MiupLrhiHbuA05wNN4QnnCTrt6b4Te2/ZiUBf96FbwycUHr/lTRGg6VnqCS6sYyn
> 391qWtgmYrSg+I1qpuoJ4iXKiH7ms6hapRWOYcWDffh9nxW5Y0eIKcXovS0gTo++
> gtyv6YsEuG+yCkUkkArhB+IrCvF7Yr5F4AECAwEAAaNQME4wHQYDVR0OBBYEFL/T
> mnPWt433CRNsDPcPA0Qtcn6TMB8GA1UdIwQYMBaAFL/TmnPWt433CRNsDPcPA0Qt
> cn6TMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADgYEAcOlr2RC3GUwZT5QO
> PPTGcJWXAygrH18tCvnUeYkxS62ZZnPAnQvSCBMJ4rR9qvRN/LVERayn5IjvG9T/
> mIDD4ca8KInpEf1993x+ilb4wOQvPpQ8sbo8n7mkcG597c+8Ts+gD6Hottin/JVf
> ls9+lwksgQnWz+soMeHCQsMCEJo=
> -----END CERTIFICATE-----
> subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> issuer=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd/CN=localhost
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 818 bytes and written 354 bytes
> ---
> New, TLSv1/SSLv3, Cipher is RC4-SHA
> Server public key is 1024 bit
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : SSLv3
>     Cipher    : RC4-SHA
>     Session-ID: 0000000098B68A5DB2227A7F20F8DF9689A980A555F9489E928BB16D4D4387E1
>     Session-ID-ctx:
>     Master-Key: AE893A6CBD90CE16698C496028DFC3055EFC0E46A56C9212812A38680761A46D222602F239292C2BD5AA9CF91031D004
>     Key-Arg   : None
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1473063834
>     Timeout   : 7200 (sec)
>     Verify return code: 18 (self signed certificate)
> ---
> [ it is now working ]
> === cut ===
>
> --
> Brian May <bam@debian.org>
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------

Reply to:

References:
- Re: matrixssl
  - From: Brian May <bam@debian.org>
- Re: matrixssl
  - From: Guido Günther <agx@sigxcpu.org>
- Re: matrixssl
  - From: Brian May <bam@debian.org>
- Re: matrixssl
  - From: Christopher Samuel <samuel@unimelb.edu.au>
- Re: matrixssl
  - From: Brian May <bam@debian.org>
- Re: matrixssl
  - From: Brian May <bam@debian.org>

Prev by Date: Re: qemu: CVE-2016-7116
Next by Date: Re: matrixssl
Previous by thread: Re: matrixssl
Next by thread: Re: matrixssl
Index(es):
- Date
- Thread