Contact Us
+1.831.460.7010

Executive Summary:  The Maxwell Pro SSL/TLS Test Suite includes nine tests related to ServerKeyExchange; three of these tests would have yielded failing grades if flawed TLS or SSL code had been tested with the Test Suite.

The problem found in the open source SSL code used in iOS may be reviewed here:

http://opensource.apple.com/source/Security/Security-55471/libsecurity_ssl/lib/sslKeyExchange.c?txt

In the function SSLVerifySignedServerKeyExchange() there are two goto statements where there should only be one:



...
    if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
        goto fail;
        goto fail;    /* <<----- ****** Problem! ******/
    if ((err = SSLHashSHA1.final(&hashCtx, &hashOut)) != 0)
        goto fail;

    err = sslRawVerify(ctx,
                       ctx->peerPubKey,
                       dataToSign,                /* plaintext */
                       dataToSignLen,            /* plaintext length */
                       signature,
                       signatureLen);
    if(err) {
        sslErrorLog("SSLDecodeSignedServerKeyExchange: sslRawVerify "
                    "returned %d\n", (int)err);
        goto fail;
    }

fail:
    SSLFreeBuffer(&signedHashes);
    SSLFreeBuffer(&hashCtx);
    return err;
...

The second indented "goto" causes a section of code to get skipped (it is unreachable, and the compiler allegedly fails to warn about that.) The code that gets skipped is verifying the ServerKeyExchange message for SSL. That code validates that the host is who it claims to be.

The Maxwell Pro SSL/TLS Test Suite includes nine tests related to ServerKeyExchange; three of these tests would have yielded failing grades if flawed TLS or SSL code had been tested with the test suite.


Want to know more about SSL/TLS testing?



Want to see this in action?

Why use TLS 1.2 instead of SSL?

  • SSL 1.0 was never publicly released
  • SSL 2.0 has serious flaws
  • SSL 3.0 was replaced by TLS

Migrate to TLS NOW!