TLS timing attack in yaSSL (Lucky 13)

Debian Bug report logs - #699886
TLS timing attack in yaSSL (Lucky 13)

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Thijs Kinkhorst <thijs@debian.org>

To: submit@bugs.debian.org

Subject: TLS timing attack in yaSSL (Lucky 13)

Date: Wed, 6 Feb 2013 11:47:28 +0100

[Message part 1 (text/plain, inline)]

Package: mysql-5.5
Severity: serious
Tags: security

Hi,

Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can be
found at: http://www.isg.rhul.ac.uk/tls/

The issue has been fixed in upstream yaSSL 2.5.0:
http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html

The generic protocol issue has been assigned CVE name CVE-2013-0169. The yaSSL
specific fix is known as CVE-2013-1623. Please mention these identifiers in 
the changelog.

Can you see to it that this issue is addressed in unstable and testing?


Cheers,
Thijs

[signature.asc (application/pgp-signature, inline)]

Message #10 received at 699886@bugs.debian.org (full text, mbox, reply):

From: Michael Stapelberg <stapelberg@debian.org>

To: Thijs Kinkhorst <thijs@debian.org>, 699886@bugs.debian.org, control@bugs.debian.org

Subject: Re: TLS timing attack in yaSSL (Lucky 13)

Date: Wed, 27 Mar 2013 11:06:48 +0100

[Message part 1 (text/plain, inline)]

Control: tags -1 +patch

Hi Thijs,

Thijs Kinkhorst <thijs@debian.org> writes:
> Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
> of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
> differences arising during MAC processing. Details of this attack can be
> found at: http://www.isg.rhul.ac.uk/tls/
>
> The issue has been fixed in upstream yaSSL 2.5.0:
> http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html
Currently, MySQL uses yaSSL 2.2.2. yaSSL has released version 2.2.2d
which addresses this problem.

I downloaded yassl-2.2.2.zip from
http://fossies.org/unix/privat/yassl-2.2.2.zip and yassl-2.2.2d.zip from
http://yassl.com/yaSSL/download

I then created a git repo in 2.2.2 and copied over the files from
2.2.2d. The following files differ:

$ git status | grep 'modified' | grep -v '\.in$' | grep -v '\(INSTALL\|README\|aclocal.m4\|config.guess\|config.sub\|configure\|depcomp\|install-sh\|ltmain.sh\|missing\|mkinstalldirs\)'
#	modified:   include/openssl/ssl.h
#	modified:   include/yassl_error.hpp
#	modified:   include/yassl_types.hpp
#	modified:   src/handshake.cpp
#	modified:   src/yassl_error.cpp
#	modified:   src/yassl_imp.cpp
#	modified:   taocrypt/include/asn.hpp
#	modified:   taocrypt/include/sha.hpp
#	modified:   taocrypt/src/asn.cpp

I then created a patch and modified it so that it (somewhat) applies to
the MySQL source:

git diff include/openssl/ssl.h include/yassl_error.hpp include/yassl_types.hpp src/handshake.cpp src/yassl_error.cpp src/yassl_imp.cpp taocrypt/include/asn.hpp taocrypt/include/sha.hpp taocrypt/src/asn.cpp > yassl.patch
sed -i 's,\([iw]\)/,\1/extra/yassl/,g' yassl.patch
dos2unix yassl.patch

Then, I used quilt to get the patch in shape:

cd /tmp/mysql-5.5-5.5.30+dfsg
export QUILT_PATCHES=debian/patches
quilt import ../yassl-2.2.2/yassl.patch
quilt push -f
# apply 4 hunks of the patch manually
quilt refresh

I attached the result to this email, hopefully that helps.
Note that I didn’t compile and test MySQL.

-- 
Best regards,
Michael

[yassl-mysql.patch (text/x-diff, attachment)]

Message #17 received at 699886@bugs.debian.org (full text, mbox, reply):

From: Clint Byrum <spamaps@debian.org>

To: Michael Stapelberg <stapelberg@debian.org>,699886@bugs.debian.org

Subject: Re: [debian-mysql] Bug#699886: TLS timing attack in yaSSL (Lucky 13)

Date: Wed, 27 Mar 2013 06:28:00 -0700

[Message part 1 (text/plain, inline)]

Thanks Michael! I suspect that we will see 2.2.2d in one of the upcoming releases from Oracle. While I would prefer to ship wheezy with no known security bugs, I don't have much time to build and test a new package. If someone else wants to do that I will gladly sponsor it.

-----Original Message-----
From: Michael Stapelberg <stapelberg@debian.org>
To: Thijs Kinkhorst <thijs@debian.org>, 699886@bugs.debian.org, control@bugs.debian.org
Sent: Wed, 27 Mar 2013 3:09
Subject: [debian-mysql] Bug#699886: TLS timing attack in yaSSL (Lucky 13)

Control: tags -1 +patch

Hi Thijs,

Thijs Kinkhorst <thijs@debian.org> writes:
> Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
> of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
> differences arising during MAC processing. Details of this attack can be
> found at: http://www.isg.rhul.ac.uk/tls/
>
> The issue has been fixed in upstream yaSSL 2.5.0:
> http://www.yassl.com/yaSSL/Docs-cyassl-changelog.html
Currently, MySQL uses yaSSL 2.2.2. yaSSL has released version 2.2.2d
which addresses this problem.

I downloaded yassl-2.2.2.zip from
http://fossies.org/unix/privat/yassl-2.2.2.zip and yassl-2.2.2d.zip from
http://yassl.com/yaSSL/download

I then created a git repo in 2.2.2 and copied over the files from
2.2.2d. The following files differ:

$ git status | grep 'modified' | grep -v '\.in$' | grep -v '\(INSTALL\|README\|aclocal.m4\|config.guess\|config.sub\|configure\|depcomp\|install-sh\|ltmain.sh\|missing\|mkinstalldirs\)'
#	modified:   include/openssl/ssl.h
#	modified:   include/yassl_error.hpp
#	modified:   include/yassl_types.hpp
#	modified:   src/handshake.cpp
#	modified:   src/yassl_error.cpp
#	modified:   src/yassl_imp.cpp
#	modified:   taocrypt/include/asn.hpp
#	modified:   taocrypt/include/sha.hpp
#	modified:   taocrypt/src/asn.cpp

I then created a patch and modified it so that it (somewhat) applies to
the MySQL source:

git diff include/openssl/ssl.h include/yassl_error.hpp include/yassl_types.hpp src/handshake.cpp src/yassl_error.cpp src/yassl_imp.cpp taocrypt/include/asn.hpp taocrypt/include/sha.hpp taocrypt/src/asn.cpp > yassl.patch
sed -i 's,\([iw]\)/,\1/extra/yassl/,g' yassl.patch
dos2unix yassl.patch

Then, I used quilt to get the patch in shape:

cd /tmp/mysql-5.5-5.5.30+dfsg
export QUILT_PATCHES=debian/patches
quilt import ../yassl-2.2.2/yassl.patch
quilt push -f
# apply 4 hunks of the patch manually
quilt refresh

I attached the result to this email, hopefully that helps.
Note that I didn’t compile and test MySQL.

-- 
Best regards,
Michael

[Message part 2 (text/html, inline)]

Message #22 received at 699886@bugs.debian.org (full text, mbox, reply):

From: Michael Stapelberg <stapelberg@debian.org>

To: Clint Byrum <spamaps@debian.org>, 699886@bugs.debian.org

Subject: Re: [debian-mysql] Bug#699886: TLS timing attack in yaSSL (Lucky 13)

Date: Sun, 14 Apr 2013 15:25:08 +0200

[Message part 1 (text/plain, inline)]

Hi Clint,

Clint Byrum <spamaps@debian.org> writes:
> Thanks Michael! I suspect that we will see 2.2.2d in one of the
> upcoming releases from Oracle. While I would prefer to ship wheezy
> with no known security bugs, I don't have much time to build and test
> a new package. If someone else wants to do that I will gladly sponsor
> it.
I just built MySQL with (an updated version of) my patch and it passes
all the build-time tests. Furthermore, I configured SSL and connected
using mysql(1) — SSL still works :-).

Should I NMU this package or do you want to upload it yourself? The
debdiff and latest version of my patch is attached.

-- 
Best regards,
Michael

[yassl.patch (text/x-diff, attachment)]

[mysql.debdiff (application/octet-stream, attachment)]

Message #27 received at 699886@bugs.debian.org (full text, mbox, reply):

From: Clint Byrum <spamaps@debian.org>

To: Michael Stapelberg <stapelberg@debian.org>

Cc: "699886@bugs.debian.org" <699886@bugs.debian.org>

Subject: Re: [debian-mysql] Bug#699886: TLS timing attack in yaSSL (Lucky 13)

Date: Sun, 14 Apr 2013 08:28:57 -0700

I will be at the openstack summit all this week, and thus pressed for time. An NMU for this bug would be most welcome, thanks!!

Sent from my iPhone

On Apr 14, 2013, at 6:25, Michael Stapelberg <stapelberg@debian.org> wrote:

> Hi Clint,
> 
> Clint Byrum <spamaps@debian.org> writes:
>> Thanks Michael! I suspect that we will see 2.2.2d in one of the
>> upcoming releases from Oracle. While I would prefer to ship wheezy
>> with no known security bugs, I don't have much time to build and test
>> a new package. If someone else wants to do that I will gladly sponsor
>> it.
> I just built MySQL with (an updated version of) my patch and it passes
> all the build-time tests. Furthermore, I configured SSL and connected
> using mysql(1) — SSL still works :-).
> 
> Should I NMU this package or do you want to upload it yourself? The
> debdiff and latest version of my patch is attached.
> 
> -- 
> Best regards,
> Michael
> <yassl.patch>
> <mysql.debdiff>

Message #32 received at 699886-close@bugs.debian.org (full text, mbox, reply):

From: Michael Stapelberg <stapelberg@debian.org>

To: 699886-close@bugs.debian.org

Subject: Bug#699886: fixed in mysql-5.5 5.5.30+dfsg-1.1

Date: Sun, 14 Apr 2013 21:33:16 +0000

Source: mysql-5.5
Source-Version: 5.5.30+dfsg-1.1

We believe that the bug you reported is fixed in the latest version of
mysql-5.5, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 699886@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Stapelberg <stapelberg@debian.org> (supplier of updated mysql-5.5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 14 Apr 2013 12:45:53 +0200
Source: mysql-5.5
Binary: libmysqlclient18 libmysqld-pic libmysqld-dev libmysqlclient-dev mysql-common mysql-client-5.5 mysql-server-core-5.5 mysql-server-5.5 mysql-server mysql-client mysql-testsuite-5.5 mysql-source-5.5
Architecture: source all amd64
Version: 5.5.30+dfsg-1.1
Distribution: unstable
Urgency: low
Maintainer: Debian MySQL Maintainers <pkg-mysql-maint@lists.alioth.debian.org>
Changed-By: Michael Stapelberg <stapelberg@debian.org>
Description: 
 libmysqlclient-dev - MySQL database development files
 libmysqlclient18 - MySQL database client library
 libmysqld-dev - MySQL embedded database development files
 libmysqld-pic - PIC version of MySQL embedded server development files
 mysql-client - MySQL database client (metapackage depending on the latest versio
 mysql-client-5.5 - MySQL database client binaries
 mysql-common - MySQL database common files, e.g. /etc/mysql/my.cnf
 mysql-server - MySQL database server (metapackage depending on the latest versio
 mysql-server-5.5 - MySQL database server binaries and system database setup
 mysql-server-core-5.5 - MySQL database server binaries
 mysql-source-5.5 - MySQL source
 mysql-testsuite-5.5 - MySQL testsuite
Closes: 699886
Changes: 
 mysql-5.5 (5.5.30+dfsg-1.1) unstable; urgency=low
 .
   * Non-maintainer upload.
   * d/p/yassl.patch - patch for CVE-2013-0169 (Closes: #699886)
Checksums-Sha1: 
 ddfaf3e16a1bf5290c1ba6bac83ff6830bcfced3 2962 mysql-5.5_5.5.30+dfsg-1.1.dsc
 5da9ded0beea35d57f17efc3eea13656240fd08b 374010 mysql-5.5_5.5.30+dfsg-1.1.debian.tar.gz
 eb2f657b82fa3c031e37036ce34fc566432041c4 78522 mysql-common_5.5.30+dfsg-1.1_all.deb
 ffe04e623b68ebb981ebc9e980b17e2664e71b3b 76896 mysql-server_5.5.30+dfsg-1.1_all.deb
 8f84a9fd5a54ef3d980ade808cd91c00772dfb0e 76778 mysql-client_5.5.30+dfsg-1.1_all.deb
 4de6a21c0e0af695bbe7af53181e1cf1df2c280b 677534 libmysqlclient18_5.5.30+dfsg-1.1_amd64.deb
 3fe4a2466f3271ea94378209c45037e61e4eaf96 3147332 libmysqld-pic_5.5.30+dfsg-1.1_amd64.deb
 d37769c87c4972c0e34f86821214e88febf7f0ad 3145832 libmysqld-dev_5.5.30+dfsg-1.1_amd64.deb
 4a06cb71d560bbb480fda02729af720277cf4994 945304 libmysqlclient-dev_5.5.30+dfsg-1.1_amd64.deb
 d7dc09bdb68e150f9dc49b84c3b0e5ae53c7ce6e 1717156 mysql-client-5.5_5.5.30+dfsg-1.1_amd64.deb
 12e7e9ddb38b5b5571e3c6aa353348778811a4c2 3759416 mysql-server-core-5.5_5.5.30+dfsg-1.1_amd64.deb
 e88b48bf714fc7af269728df9cf4bc157e552d45 1826998 mysql-server-5.5_5.5.30+dfsg-1.1_amd64.deb
 46994a1594573d5ef3a445d9dd9fffb13ab7a5c7 4385060 mysql-testsuite-5.5_5.5.30+dfsg-1.1_amd64.deb
 d06d549c7b752cdd5240eb6b525f1dd77e476003 23152186 mysql-source-5.5_5.5.30+dfsg-1.1_amd64.deb
Checksums-Sha256: 
 df57eb4813a1fbdba91ba153efa21aaf3b454bdd17f4e9e034bec67406453f2c 2962 mysql-5.5_5.5.30+dfsg-1.1.dsc
 626cc384089290467085b7aeedc9673004b26fe5138136b3c93ba23356f0a2d8 374010 mysql-5.5_5.5.30+dfsg-1.1.debian.tar.gz
 9bea6bb74e77bd17a0a2b4da6a80a655b3ad7ef65e4a968fe10964eb43385d08 78522 mysql-common_5.5.30+dfsg-1.1_all.deb
 5a247ea1a3a6ec6ccc5c5d0feab5da8ccc98f6b786731d3d19f727d36a75cac9 76896 mysql-server_5.5.30+dfsg-1.1_all.deb
 56df0796302d1b620d1a7fd24f3cd120cb16936da839d8300bd9c7705dc20176 76778 mysql-client_5.5.30+dfsg-1.1_all.deb
 b61e3aca57f173cb6a75aea20ef6768546f3bfe39ac351135650981649c86f29 677534 libmysqlclient18_5.5.30+dfsg-1.1_amd64.deb
 15e1e15853894cf8bd16aac0a1eed66b8519464f36329b3ebfd2fac4027133c4 3147332 libmysqld-pic_5.5.30+dfsg-1.1_amd64.deb
 87ace53ef6d9d0f56f5259c2051a0a6190f361f5991334c592d9466854ea5382 3145832 libmysqld-dev_5.5.30+dfsg-1.1_amd64.deb
 26b5fe4a554fc1a69272f3df1f14e884e854b552aac3f9b8cd57ecfb0f183445 945304 libmysqlclient-dev_5.5.30+dfsg-1.1_amd64.deb
 44b76078e3c8b960e2355da348f3044ca0ab7e12176bb50fee21c2bc13a34f51 1717156 mysql-client-5.5_5.5.30+dfsg-1.1_amd64.deb
 5f1177af47af70e72e6e5ded2b4871052ddd077849811c1b4249b88a8ae2470d 3759416 mysql-server-core-5.5_5.5.30+dfsg-1.1_amd64.deb
 1035b7d96b77e00fb1024c47d35835057e7457425addb44a4c583b403bea8d0b 1826998 mysql-server-5.5_5.5.30+dfsg-1.1_amd64.deb
 fc3d0f9294de42510c8e5aa54dd87e8ecce41a53d52bb5f55d9428d9ca02fe21 4385060 mysql-testsuite-5.5_5.5.30+dfsg-1.1_amd64.deb
 725308610d96a11d133a3992f16cbd14624cdbdb1a6e8af947f7f05f46648ca7 23152186 mysql-source-5.5_5.5.30+dfsg-1.1_amd64.deb
Files: 
 2ca9c804e744b08cde426b65975c989f 2962 database optional mysql-5.5_5.5.30+dfsg-1.1.dsc
 46cf884efda22c48e67c44fe72a73e32 374010 database optional mysql-5.5_5.5.30+dfsg-1.1.debian.tar.gz
 e79c51591fd86904b75fa1c0d51c2c07 78522 database optional mysql-common_5.5.30+dfsg-1.1_all.deb
 4238843fd56c625fa911450c998fe13f 76896 database optional mysql-server_5.5.30+dfsg-1.1_all.deb
 93bdac89e7c16ffa1df7f89d075fc574 76778 database optional mysql-client_5.5.30+dfsg-1.1_all.deb
 646fc325d5a76872671efd6a2a1b18d6 677534 libs optional libmysqlclient18_5.5.30+dfsg-1.1_amd64.deb
 6629a3a19eeb1b6367664f0c0c73d11b 3147332 libdevel optional libmysqld-pic_5.5.30+dfsg-1.1_amd64.deb
 ac14bf918d45ebe2552eaee588a6ea93 3145832 libdevel optional libmysqld-dev_5.5.30+dfsg-1.1_amd64.deb
 1739db75c9e750e481bce52a10fbe28b 945304 libdevel optional libmysqlclient-dev_5.5.30+dfsg-1.1_amd64.deb
 d898372ed7797c447a09ede762cedc7e 1717156 database optional mysql-client-5.5_5.5.30+dfsg-1.1_amd64.deb
 511f7fc6ee70539d1b2fe85836cdd04f 3759416 database optional mysql-server-core-5.5_5.5.30+dfsg-1.1_amd64.deb
 b1f05b039d63389ec0563706d6575c31 1826998 database optional mysql-server-5.5_5.5.30+dfsg-1.1_amd64.deb
 53fc21b50c0b99154eedab31b2c438a4 4385060 database optional mysql-testsuite-5.5_5.5.30+dfsg-1.1_amd64.deb
 6e7354facc1bea321d5ed4efe71553a6 23152186 database optional mysql-source-5.5_5.5.30+dfsg-1.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJRaxMuAAoJEE5xYO1KyO4d9CcQANKzfQ1SQGHTjG4EHcZr2HgA
L+iw4gm+CEZyGwpECgNcQ/p6m9+DWC+YCqq9rK5DG/2M3rvvop+hRtsIH4n3XGHT
9whMLcvWvZoZspFYKPa1wnEBJgYJ2aoTfvdGNE5A0UoUZfrtynZ1kiR57lS0O09X
ksFD741KD4Y67Uv9FKkH8T99wznoLnrjD3K59CsdXAHAvJKopx56gnU1yAhCk5Z/
iqk1IG9bg5fyWGhahUGoBGRgJcNrGlipo2z6ID2JUeXUQMTtuLBzPif2aTYe0345
iHzBGHu690kca78iih/UU9bndRGCVwJgmi5935J8ww7Hk4uPDvH4yUa6QtpYjN2t
eYX02ITroJ+e/+aB703YhPia0O49kfn3s8GCXSGBp5ABw34+QAnRCIY4UAUNhgJR
Cxzb9WnsnaiNikJbqctuIyazSk2nI4qLIgcTxOSDVSbt1A57Jp5/Wds/oDPJYT9R
NQyowj1gAQcmIDgVSnx8wsXmZ++ibS5aPw/SQxsYecgu77A61H9BqKCGwQmuy5vT
0mbqaad3A8SWKUh9XzgHLHwNL/c67hsdhXzoR6dZvsmCtAZGzLEhduaz0qe1UkMH
BHoF+0qZvnobNzkN3Xx+MSFCAcl+HBdz0kF7FmH8oWeBprrpjQEcIvCRJhOfs4k1
xCClTJukUbSed/k/Wne0
=9WYH
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.