Demonstrating that SSLVerifySignedServerKeyExchange() is trivially testable.
Switch branches/tags
Nothing to show
Pull request Compare This branch is even with landonf:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
TestableSecurity.xcodeproj
TestableSecurity
TestableSecurityTests
README.md

README.md

TestableSecurity

This is a small proof-of-concept that lifts out the vulnerable SSLVerifySignedServerKeyExchange() from Apple's libsecurity_ssl to demonstrate that the signing code is readily unit testable in isolation.

While there's been some talk that this bug wasn't easily tested, the code in question verifies signatures based on straight-forward preconditions, and is readily testable for both positive and negative validation cases; there's no reason or excuse for it not being fully tested for:

  • Incorrect clientRandom.
  • Incorrect serverRandom.
  • Incorrect signedParams
  • Incorrect signature (which is essentially equivalent to any of the above)

Try running the unit tests yourself, and then simply comment out the errant 'goto' to see the tests pass:

if ((err = SSLHashSHA1.update(&hashCtx, &signedParams)) != 0)
    goto fail;
// goto fail;