ulwazi olusha (CVE-2020-1968) kuphrothokholi ye-TLS, enekhodi
kanye nokuvumela, ezimeni ezingavamile, ukunquma ukhiye oyinhloko oyinhloko (pre-master), ongasetshenziswa ukususa ukubethela ukuxhumeka kwe-TLS, okuhlanganisa i-HTTPS, lapho kunqanyulwa ithrafikhi yezinto zokuhamba (MITM). Kuyaphawulwa ukuthi ukuhlasela kunzima kakhulu ekusetshenzisweni okungokoqobo futhi kungokwetiyori. Ukuze wenze ukuhlasela, ukumiswa okuthile kweseva ye-TLS kanye nekhono lokulinganisa ngokunembe kakhulu isikhathi sokucubungula iseva kuyadingeka.
Inkinga ikhona ngokuqondile ekucacisweni kwe-TLS futhi ithinta kuphela ukuxhumana kusetshenziswa ama-cipher asekelwe kuphrothokholi yokushintshisana kokhiye we-DH (Diffie-Hellman, TLS_DH_*"). Ngamaciphe e-ECDH inkinga ayenzeki futhi ahlala evikelekile. Amaphrothokholi we-TLS kuphela kuze kufike kunguqulo 1.2 asengozini; I-TLS 1.3 ayithinteki inkinga. Ukuba sengozini kwenzeka ekusetshenzisweni kwe-TLS okusebenzisa kabusha ukhiye oyimfihlo we-DH ekuxhumekeni okuhlukile kwe-TLS (lokhu kuziphatha kwenzeka cishe ku-4.4% wamaseva e-Alexa Top 1M).
Ku-OpenSSL 1.0.2e kanye nokukhishwa kwangaphambilini, ukhiye oyinhloko we-DH uphinda usetshenziswe kukho konke ukuxhumana kweseva ngaphandle kwalapho inketho ye-SSL_OP_SINGLE_DH_USE isethwe ngokusobala. Kusukela ku-OpenSSL 1.0.2f, ukhiye oyinhloko we-DH usetshenziswa kabusha kuphela uma usebenzisa ama-cipher e-DH amile ("DH-*", isb. "DH-RSA-AES256-SHA"). Ukuba sengozini akuveli ku-OpenSSL 1.1.1, njengoba leli gatsha lingasebenzisi ukhiye oyinhloko we-DH futhi lingasebenzisi ama-cipher e-DH amile.
Uma usebenzisa indlela yokushintshanisa ukhiye we-DH, izinhlangothi zombili zokuxhumeka zikhiqiza okhiye abayimfihlo abangahleliwe (ngemuva kwalokhu ukhiye othi “a” nokhiye “b”), ngokusekelwe lapho okhiye basesidlangalaleni (i-ga mod p ne-gb mod p) babalwa futhi bathunyelwa. Ngemva kokuthi iqembu ngalinye lithole okhiye basesidlangalaleni, ukhiye oyinhloko ovamile (gab mod p) uyabalwa, osetshenziselwa ukukhiqiza okhiye beseshini. Ukuhlasela kwe-Raccoon kukuvumela ukuthi unqume ukhiye oyinhloko ngokuhlaziywa kwesiteshi eseceleni, ngokusekelwe eqinisweni lokuthi ukucaciswa kwe-TLS kuze kufike enguqulweni 1.2 kudinga ukuthi wonke amabhayithi ahamba phambili angenalutho okhiye oyinhloko alahlwe ngaphambi kokubala okuwuhilela.
Kubandakanya ukhiye oyinhloko onqanyuliwe udluliselwa kumsebenzi wokukhiqiza ukhiye weseshini, osuselwe emisebenzini ye-hashi enokulibaziseka okuhlukile lapho kucutshungulwa idatha ehlukile. Ukulinganisa ngokunembile isikhathi semisebenzi yokhiye eyenziwa yiseva kuvumela umhlaseli ukuthi anqume imikhondo (i-oracle) eyenza kube nokwenzeka ukwahlulela ukuthi ukhiye oyinhloko uqala kusukela ekuqaleni noma cha. Isibonelo, umhlaseli angabamba ukhiye osesidlangalaleni (ga) othunyelwe iklayenti, awuthumele kabusha kuseva futhi anqume
noma ngabe ukhiye oyinhloko owumphumela uqala ku-zero.
Ngokwako, ukuchaza ibhayithi elilodwa lokhiye akunikezi lutho, kodwa ngokuthola inani elithi “ga” elidluliselwa iklayenti ngesikhathi sezingxoxo zokuxhumanisa, umhlaseli angakwazi ukukhiqiza isethi yamanye amanani ahlotshaniswa ne-“ga” futhi awathumele ku- iseva kumaseshini ahlukene wokuxoxisana wokuxhumana. Ngokukhiqiza nokuthumela amanani e-“gri*ga”, umhlaseli angakwazi, ngokuhlaziya izinguquko ekubambezelekeni kwempendulo yeseva, anqume amanani aholela ekutholeni okhiye abayinhloko kusukela kuziro. Ngemva kokunquma amanani anjalo, umhlaseli angadalela isethi yezibalo bese ubala ukhiye wokuqala oyinhloko.
Ubungozi be-OpenSSL izinga eliphansi lengozi, futhi ukulungiswa kwehliselwe ekuhambiseni ama-ciphers ayinkinga “TLS_DH_*” ekukhishweni okungu-1.0.2w esigabeni sama-ciphers aneleveli enganele yokuvikela (“weak-ssl-ciphers”), ekhutshazwa ngokuzenzakalela . Onjiniyela beMozilla benze into efanayo, kulabhulali ye-NSS esetshenziswa kuFirefox, i-DH kanye ne-DHE cipher suites. Kusukela kuFirefox 78, ama-ciphers ayinkinga akhutshaziwe. Usekelo lwe-Chrome lwe-DH lwanqanyulwa emuva ngo-2016. I-BearSSL, i-BoringSSL, i-Botan, i-Mbed TLS namalabhulali e-s2n awathintwa inkinga ngoba awasekeli ama-DH cipher noma okuhlukile okumile kwama-DH cipher.
Izinkinga ezengeziwe ziphawulwa ngokwehlukana () kusitaki se-TLS samadivayisi we-F5 BIG-IP, okwenza ukuhlasela kube ngokoqobo. Ikakhulukazi, ukuchezuka ekuziphatheni kwamadivayisi lapho kukhona i-byte eyiziro ekuqaleni kokhiye oyinhloko kukhonjiwe, okungasetshenziswa esikhundleni sokulinganisa ukubambezeleka okuqondile kwezibalo.
Source: opennet.ru