??? SSL/TLS Bug?????
???????????? ???????[ 2014/2/25 15:32:20 ] ??????????? ?? ??????
??????????????iOS??????????????????£??????iOS????SSL/TLS???????????????bug????????и??????????????????????????????????Hacker News?????????????????????????????????????????2????
????????????????bug????δ???
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx?? bool isRsa?? SSLBuffer signedParams??
uint8_t *signature?? UInt16 signatureLen)
{
OSStatus err;
...
if ((err = SSLHashSHA1.update(&hashCtx?? &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx?? &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx?? &hashOut)) != 0)
goto fail;
...
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
???????????????????????go to fail?????????????????if?ж???????У??????????????????????????У?????????????????????????????????????????fail??????????????final??????δ??У???update??????г???????err????????У???????????????????????????????????
?????????????????ServerKeyExchange????е????????????DHE??ECDHE??????????????????????????????????????????????ephemeral key?????λ????????????????????????????“???????????????????????????飬????????????????????????????”????????????????????????????????????????????????????????Ч??????ζ???????????????????????????????????????????????????????????????????????????????????????????????????????????ж?????????????????
???????Bug??????SecureTransport??????У????????iOS?????????汾???7.0.6??????7.0.4?????????????????????OS X??????10.9.1???????????????????????SecureTransport?????????????????????????????????????????Chrome??Firefox??SSL/TLS??????????NSS???????????????????????????3????????SecureTransport????????????????????????????????????3?????????????e????????
?????????????????????????????https://www.imperialviolet.org:1266?????????1226??????????CVE????????443?????????????????????????1226????????????????????????????顣????????https????????????????????bug??
???????????????????????????????????????????????????????????κ?????????????????????????????????????????bug????????????DHE????ECDHE?????????????????????????????????????????????
??????TLS 1.2?????ServerKeyExchange?????????????????????????????????????????????????????????????????????κο???????????汾?????????????????TLS 1.2???????????????????????????????????-RSA??????????????????ServerKeyExchange?????????????????Ч?????????????????????У??????????????
??????????????????iOS 7.0.6?????????????????????OS X 10.9.1???????????????????????bug??OS X????????10.9????????????iOS6???Щ?汾????????????iOS 6.1.6??????????bug????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com