IOS TLS/SSL Bug
Published: Estimated Reading Time: ~1 minute
If any of you haven’t heard yet there is a serious flaw in the verification of SSL certificates of OS X and IOS. It is in the function SSLVerifySignedServerKeyExchange. The bug is in the following piece of code and is written in C++ by Apple:
static OSStatus
SSLVerifySignedServerKeyExchange(SSLContext *ctx, bool isRsa, SSLBuffer signedParams,
uint8_t *signature, UInt16 signatureLen)
{
...
hashOut.data = hashes + SSL_MD5_DIGEST_LEN;
hashOut.length = SSL_SHA1_DIGEST_LEN;
if ((err = SSLFreeBuffer(&hashCtx)) != 0)
goto fail;
if ((err = ReadyHash(&SSLHashSHA1, &hashCtx)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &clientRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &serverRandom)) != 0)
goto fail;
if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
goto fail;
goto fail; // Notice the duplicate goto here
if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
goto fail;
...
fail:
SSLFreeBuffer(&signedHashes);
SSLFreeBuffer(&hashCtx);
return err;
}
(The offending file is located http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c?txt)
Now if you didn’t notice there were two goto fail; lines in a row, which causes the conditional to always jump to fail, therefore bypassing the signature check, Which creates a security vulnerability as demonstrated https://gotofail.com/.