rdar://42277012: SecCertificateCopyKey API doesn't work for DSA keys

SecCertificateCopyKey API doesn't work for DSA keys

Originator:	filip.navara
Number:	rdar://42277012	Date Originated:	17.07.2018
Status:	Open	Resolved:
Product:	macOS + SDK	Product Version:
Classification:		Reproducible:
 
Summary:

The new macOS Mojave API "SecCertificateCopyKey" is supposed to replace the deprecated "SecCertificateCopyPublicKey" API. However, the new API doesn't work for DSA keys. There's no mention of it in the documentation and thus I assume it is not intentional.

Steps to Reproduce:

C program to reproduce the issue is attached. Compile with "clang certtest_mojave.c -o certtest_mojave -framework Security -framework CoreFoundation", run "./certtest_mojave".

Expected Results:

No "assert" should be hit.

Actual Results:

The last "assert" is hit.

Version/Build:

macOS Mojave DP1/2/3

---

#include <Security/Security.h>
#include <assert.h>

unsigned char certData[] = {
    0x30, 0x82, 0x03, 0x8D, 0x30, 0x82, 0x03, 0x4A, 0xA0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 
    0xAB, 0x74, 0x0A, 0x71, 0x4A, 0xA8, 0x3C, 0x92, 0x30, 0x0B, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 
    0x65, 0x03, 0x04, 0x03, 0x02, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 
    0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
    0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 
    0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 
    0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x20, 0x30, 0x1E, 
    0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x17, 0x2E, 0x4E, 0x45, 0x54, 0x20, 0x46, 0x72, 0x61, 0x6D, 
    0x65, 0x77, 0x6F, 0x72, 0x6B, 0x20, 0x28, 0x43, 0x6F, 0x72, 0x65, 0x46, 0x58, 0x29, 0x31, 0x15, 
    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0C, 0x31, 0x30, 0x32, 0x34, 0x2D, 0x62, 0x69, 
    0x74, 0x20, 0x44, 0x53, 0x41, 0x30, 0x1E, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x31, 0x32, 0x35, 0x31, 
    0x34, 0x34, 0x30, 0x30, 0x33, 0x5A, 0x17, 0x0D, 0x31, 0x35, 0x31, 0x32, 0x32, 0x35, 0x31, 0x34, 
    0x34, 0x30, 0x30, 0x33, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 
    0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x0A, 
    0x57, 0x61, 0x73, 0x68, 0x69, 0x6E, 0x67, 0x74, 0x6F, 0x6E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 
    0x55, 0x04, 0x07, 0x13, 0x07, 0x52, 0x65, 0x64, 0x6D, 0x6F, 0x6E, 0x64, 0x31, 0x1E, 0x30, 0x1C, 
    0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x15, 0x4D, 0x69, 0x63, 0x72, 0x6F, 0x73, 0x6F, 0x66, 0x74, 
    0x20, 0x43, 0x6F, 0x72, 0x70, 0x6F, 0x72, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x31, 0x20, 0x30, 0x1E, 
    0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x17, 0x2E, 0x4E, 0x45, 0x54, 0x20, 0x46, 0x72, 0x61, 0x6D, 
    0x65, 0x77, 0x6F, 0x72, 0x6B, 0x20, 0x28, 0x43, 0x6F, 0x72, 0x65, 0x46, 0x58, 0x29, 0x31, 0x15, 
    0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x0C, 0x31, 0x30, 0x32, 0x34, 0x2D, 0x62, 0x69, 
    0x74, 0x20, 0x44, 0x53, 0x41, 0x30, 0x82, 0x01, 0xB7, 0x30, 0x82, 0x01, 0x2C, 0x06, 0x07, 0x2A, 
    0x86, 0x48, 0xCE, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1F, 0x02, 0x81, 0x81, 0x00, 0xAE, 0xE3, 
    0x30, 0x9F, 0xC7, 0xC9, 0xDB, 0x75, 0x0D, 0x4C, 0x37, 0x97, 0xD3, 0x33, 0xB3, 0xB9, 0xB2, 0x34, 
    0xB4, 0x62, 0x86, 0x8D, 0xB6, 0xFF, 0xBD, 0xED, 0x79, 0x0B, 0x7F, 0xC8, 0xDD, 0xD5, 0x74, 0xC2, 
    0xBD, 0x6F, 0x5E, 0x74, 0x96, 0x22, 0x50, 0x7A, 0xB2, 0xC0, 0x9D, 0xF5, 0xEA, 0xAD, 0x84, 0x85, 
    0x9F, 0xC0, 0x70, 0x6A, 0x70, 0xBB, 0x8C, 0x9C, 0x8B, 0xE2, 0x2B, 0x48, 0x90, 0xEF, 0x23, 0x25, 
    0x28, 0x0E, 0x3A, 0x7F, 0x9A, 0x3C, 0xE3, 0x41, 0xDB, 0xAB, 0xEF, 0x60, 0x58, 0xD0, 0x63, 0xEA, 
    0x67, 0x83, 0x47, 0x8F, 0xF8, 0xB3, 0xB7, 0xA4, 0x5E, 0x0C, 0xA3, 0xF7, 0xBA, 0xC9, 0x99, 0x5D, 
    0xCF, 0xDD, 0xD5, 0x6D, 0xF1, 0x68, 0xE9, 0x13, 0x49, 0x13, 0x0F, 0x71, 0x9A, 0x4E, 0x71, 0x73, 
    0x51, 0xFA, 0xAD, 0x1A, 0x77, 0xEA, 0xC0, 0x43, 0x61, 0x1D, 0xC5, 0xCC, 0x5A, 0x7F, 0x02, 0x15, 
    0x00, 0xD2, 0x34, 0x28, 0xA7, 0x67, 0x43, 0xEA, 0x3B, 0x49, 0xC6, 0x2E, 0xF0, 0xAA, 0x17, 0x31, 
    0x4A, 0x85, 0x41, 0x5F, 0x09, 0x02, 0x81, 0x81, 0x00, 0x85, 0x3F, 0x83, 0x0B, 0xDA, 0xA7, 0x38, 
    0x46, 0x53, 0x00, 0xCF, 0xEE, 0x02, 0x41, 0x8E, 0x6B, 0x07, 0x96, 0x56, 0x58, 0xEA, 0xFD, 0xA7, 
    0xE3, 0x38, 0xA2, 0xEB, 0x15, 0x31, 0xC0, 0xE0, 0xCA, 0x5E, 0xF1, 0xA1, 0x2D, 0x9D, 0xDC, 0x7B, 
    0x55, 0x0A, 0x5A, 0x20, 0x5D, 0x1F, 0xF8, 0x7F, 0x69, 0x50, 0x0A, 0x4E, 0x4A, 0xF5, 0x75, 0x9F, 
    0x3F, 0x6E, 0x7F, 0x0C, 0x48, 0xC5, 0x53, 0x96, 0xB7, 0x38, 0x16, 0x4D, 0x9E, 0x35, 0xFB, 0x50, 
    0x6B, 0xD5, 0x0E, 0x09, 0x0F, 0x6A, 0x49, 0x7C, 0x70, 0xE7, 0xE8, 0x68, 0xC6, 0x1B, 0xD4, 0x47, 
    0x7C, 0x1D, 0x62, 0x92, 0x2B, 0x3D, 0xBB, 0x40, 0xB6, 0x88, 0xDE, 0x7C, 0x17, 0x54, 0x47, 0xE2, 
    0xE8, 0x26, 0x90, 0x1A, 0x10, 0x9F, 0xAD, 0x62, 0x4F, 0x14, 0x81, 0xB2, 0x76, 0xBF, 0x63, 0xA6, 
    0x65, 0xD9, 0x9C, 0x87, 0xCE, 0xE9, 0xFD, 0x06, 0x33, 0x03, 0x81, 0x84, 0x00, 0x02, 0x81, 0x80, 
    0x25, 0xB8, 0xE7, 0x07, 0x8E, 0x14, 0x9B, 0xAC, 0x35, 0x26, 0x67, 0x62, 0x36, 0x20, 0x02, 0x9F, 
    0x5E, 0x4A, 0x5D, 0x41, 0x26, 0xE3, 0x36, 0xD5, 0x6F, 0x11, 0x89, 0xF9, 0xFF, 0x71, 0xEA, 0x67, 
    0x1B, 0x84, 0x4E, 0xBD, 0x35, 0x15, 0x14, 0xF2, 0x7B, 0x69, 0x68, 0x5D, 0xDF, 0x71, 0x6B, 0x32, 
    0xF1, 0x02, 0xD6, 0x0E, 0xA5, 0x20, 0xD5, 0x6F, 0x54, 0x4D, 0x19, 0xB2, 0xF0, 0x8F, 0x5D, 0x9B, 
    0xDD, 0xA3, 0xCB, 0xA3, 0xA7, 0x32, 0x87, 0xE2, 0x1E, 0x55, 0x9E, 0x6A, 0x07, 0x58, 0x61, 0x94, 
    0xAF, 0xAC, 0x4F, 0x6E, 0x72, 0x1E, 0xDC, 0xE4, 0x9D, 0xE0, 0x02, 0x96, 0x27, 0x62, 0x6D, 0x7B, 
    0xD3, 0x0E, 0xEB, 0x33, 0x73, 0x11, 0xDB, 0x4F, 0xF6, 0x2D, 0x76, 0x08, 0x99, 0x7B, 0x6C, 0xC3, 
    0x2E, 0x9C, 0x42, 0x85, 0x98, 0x20, 0xCA, 0x7E, 0xF3, 0x99, 0x59, 0x0D, 0x5A, 0x38, 0x8C, 0x48, 
    0xA3, 0x30, 0x30, 0x2E, 0x30, 0x2C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x25, 0x30, 0x23, 0x87, 
    0x04, 0x7F, 0x00, 0x00, 0x01, 0x87, 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 
    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x82, 0x09, 0x6C, 0x6F, 0x63, 0x61, 0x6C, 0x68, 0x6F, 
    0x73, 0x74, 0x30, 0x0B, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x02, 0x03, 
    0x30, 0x00, 0x30, 0x2D, 0x02, 0x15, 0x00, 0xB9, 0x31, 0x6C, 0xC7, 0xE0, 0x5C, 0x9F, 0x79, 0x19, 
    0x7E, 0x0B, 0x41, 0xF6, 0xFD, 0x4E, 0x3F, 0xCE, 0xB7, 0x2A, 0x8A, 0x02, 0x14, 0x07, 0x55, 0x05, 
    0xCC, 0xAE, 0xCB, 0x18, 0xB7, 0xEF, 0x4C, 0x00, 0xF9, 0xC0, 0x69, 0xFA, 0x3B, 0xC7, 0x80, 0x14, 
    0xDE };

int main ()
{
    CFDataRef cfData = CFDataCreateWithBytesNoCopy(NULL, certData, sizeof(certData), kCFAllocatorNull);
    assert(cfData != NULL);
    SecCertificateRef certRef = SecCertificateCreateWithData(NULL, cfData);
    assert(certRef != NULL);
    SecKeyRef keyRef = NULL;
    OSStatus osStatus;
    osStatus = SecCertificateCopyPublicKey(certRef, &keyRef);
    assert(osStatus == noErr);
    assert(keyRef != NULL);
    keyRef = SecCertificateCopyKey(certRef);
    assert(keyRef != NULL);
    return 0;
}
Comments

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Open Radar

Community bug reports

SecCertificateCopyKey API doesn't work for DSA keys

Comments
