zambiri za zatsopano (CVE-2020-1968) mu TLS protocol, codenamed
ndi kulola, muzochitika zosawerengeka, kudziwa kiyi yoyambirira (pre-master), yomwe ingagwiritsidwe ntchito kumasulira maulalo a TLS, kuphatikiza HTTPS, podutsa magalimoto opita (MITM). Zikudziwika kuti kuwukirako kumakhala kovuta kwambiri kuti kuchitike mwachidwi komanso kumakhala kongoyerekeza. Kuti muchite chiwembu, kasinthidwe kake ka seva ya TLS ndi kuthekera koyesa molondola kwambiri nthawi yopangira seva ndikofunikira.
Vutoli likupezeka mwachindunji m'mafotokozedwe a TLS ndipo limangokhudza kulumikizana pogwiritsa ntchito ma ciphers kutengera DH key exchange protocol (Diffie-Hellman, TLS_DH_*"). Ndi ECDH ciphers vuto silichitika ndipo amakhala otetezeka. Ndi ma protocol a TLS okha mpaka mtundu 1.2 omwe ali pachiwopsezo; TLS 1.3 siyimakhudzidwa ndi vutoli. Chiwopsezochi chimachitika pakukhazikitsa kwa TLS komwe kumagwiritsanso ntchito kiyi yachinsinsi ya DH pamalumikizidwe osiyanasiyana a TLS (khalidweli limachitika pafupifupi 4.4% ya ma seva a Alexa Top 1M).
Mu OpenSSL 1.0.2e ndi zotulutsa zam'mbuyomu, kiyi yayikulu ya DH imagwiritsidwanso ntchito pamalumikizidwe onse a seva pokhapokha ngati njira ya SSL_OP_SINGLE_DH_USE yakhazikitsidwa bwino. Kuyambira OpenSSL 1.0.2f, kiyi yayikulu ya DH imagwiritsidwanso ntchito mukamagwiritsa ntchito zilembo za DH ("DH-*", mwachitsanzo "DH-RSA-AES256-SHA"). Kusatetezeka sikukuwoneka mu OpenSSL 1.1.1, chifukwa nthambi iyi sigwiritsa ntchito kiyi yoyamba ya DH ndipo sigwiritsa ntchito zilembo za DH zokhazikika.
Mukamagwiritsa ntchito njira yosinthira makiyi a DH, mbali zonse ziwiri za mgwirizano zimapanga makiyi achinsinsi osasintha (pambuyo pake makiyi "a" ndi "b"), pogwiritsa ntchito makiyi a anthu (ga mod p ndi gb mod p) amawerengedwa ndikutumizidwa. Chipani chilichonse chikalandira makiyi a anthu onse, kiyi yodziwika bwino (gab mod p) imawerengedwa, yomwe imagwiritsidwa ntchito kupanga makiyi agawo. Kuwukira kwa Raccoon kumakupatsani mwayi wodziwa makiyi oyambira kudzera pakusanthula mayendedwe am'mbali, kutengera kuti zomwe TLS imafotokozera mpaka mtundu 1.2 zimafuna kuti ma byte onse osafunikira amakiyi oyambira atayidwe asanawerengetsedwe.
Kuphatikizira kiyi yocheperako imaperekedwa ku gawo lopangira makiyi a gawo, lomwe limatengera ma hashi omwe ali ndi kuchedwa kosiyanasiyana pokonza data yosiyana. Kuyeza molondola nthawi ya ntchito zazikulu zomwe seva imachitidwa ndi seva imalola woukirayo kuti adziwe zizindikiro (oracle) zomwe zimapangitsa kuti athe kuweruza ngati kiyi yoyamba ikuyamba kapena ayi. Mwachitsanzo, wowukira atha kuthana ndi kiyi yapagulu (ga) yotumizidwa ndi kasitomala, kuyitumizanso ku seva ndikuzindikira.
kaya fungulo loyambilira lotsatira likuyambira pa ziro.
Payokha, kufotokozera makiyi amodzi sikumapereka kalikonse, koma potengera mtengo wa "ga" woperekedwa ndi kasitomala panthawi yolumikizana, wowukirayo amatha kupanga zikhalidwe zina zogwirizana ndi "ga" ndikuzitumiza ku seva mu magawo osiyanasiyana olumikizirana. Pakupanga ndi kutumiza zikhalidwe za "gri *ga", wowukira atha, pakuwunika kusintha kwa kuchedwa kwa mayankho a seva, kudziwa zomwe zimatsogolera kulandira makiyi oyambira kuyambira ziro. Atazindikira mfundo zotere, wowukirayo atha kupanga gulu la equation ndikuwerengera makiyi oyamba.
Zowopsa za OpenSSL chiopsezo chochepa, ndipo kukonzako kudachepetsedwa kusuntha ma ciphers ovuta "TLS_DH_*" kutulutsidwa 1.0.2w ku gulu la ma ciphers okhala ndi chitetezo chosakwanira ("weak-ssl-ciphers"), chomwe chimayimitsidwa mwachisawawa . Madivelopa a Mozilla adachita zomwezo, mu laibulale ya NSS yogwiritsidwa ntchito mu Firefox, DH ndi DHE cipher suites. Pofika pa Firefox 78, ma ciphers ovuta amayimitsidwa. Thandizo la Chrome la DH linathetsedwanso mu 2016. Mabuku a BearSSL, BoringSSL, Botan, Mbed TLS ndi s2n samakhudzidwa ndi vutoli chifukwa sagwirizana ndi DH ciphers kapena static variants of DH ciphers.
Mavuto owonjezera amawonedwa mosiyana () mu TLS stack ya F5 BIG-IP zida, zomwe zimapangitsa kuti kuwukirako kukhale kowona. Makamaka, zopotoka pamachitidwe a zida pamaso pa zero byte kumayambiriro kwa kiyi yoyamba zidadziwika, zomwe zingagwiritsidwe ntchito m'malo moyesa kuchedwa kwenikweni kwa mawerengedwe.
Source: opennet.ru