[LINK] Apple SSL/TLS bug February-2014
Phillip Musumeci
pmusumeci at gmail.com
Tue Feb 25 12:26:34 AEDT 2014
Extract from https://www.imperialviolet.org/2014/02/22/applebug.html might
be of interest to LINK given recent discussions (the posting continues with
a cut down code fragment and discussion):
Yesterday, Apple pushed a rather spooky security
update<http://support.apple.com/kb/HT6147> for
iOS that suggested that something was horribly wrong with SSL/TLS in iOS
but gave no details. Since the answer is at the
top<https://news.ycombinator.com/item?id=7281378> of
the Hacker News thread, I guess the cat's out of the bag already and we're
into the misinformation-quashing stage now.
So here's the Apple bug:
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa,
SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
OSStatus err;
*...*
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail;
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
*...*
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
(Quoted from Apple's published source
code<http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c>
.)
Note the two goto fail lines in a row. ...
--
Contact/projects https://sites.google.com/site/pmusumeci/
<https://cardiacchallenge.com.au/PhillipMusumeci>
More information about the Link
mailing list