4 Replies
      Latest reply: Jan 30, 2017 1:23 AM by eskimo RSS
      sukeza Level 1 Level 1 (0 points)

        We are facing a UT failure only on iOS10, which expects SecKeyRawVerify to fail verification when signature is empty (length = 0).

        Under iOS8 or iOS9, the function returns -9809, but iOS10 returns errSecSuccess. This makes the test to fail. We use kSecPaddingPKCS1SHA256 padding type.

        Do we need to always check emptiness of a signature before using the function? What is the status of this change?

         

        Thank you,

        sukeza

        • Re: SecKeyRawVerify with empty signature
          eskimo Apple Staff Apple Staff (6,310 points)

          That sounds like a bug to me; in general, I'd expect SecKeyRawVerify to fail securely if you pass it bogus parameters.  Please file a bug report and post your bug number, just for the record.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: SecKeyRawVerify with empty signature
              sukeza Level 1 Level 1 (0 points)

              eskimo,

               

              Thank you for your reply.

              I've filed a bug report and got bug number

              29470219

              We will work around the problem for a while.

              Just for the record.

              • Re: SecKeyRawVerify with empty signature
                sukeza Level 1 Level 1 (0 points)

                Hi eskimo,

                 

                I found that the bug report 29470219 has already closed.

                Can you provid me with how the issue was resolved?


                Thanks and regards,

                sukeza


                  • Re: SecKeyRawVerify with empty signature
                    eskimo Apple Staff Apple Staff (6,310 points)

                    The bug here was specifically related to the signature being empty; in that case the API will return errSecSuccess rather than errSSLCrypto that you’d expect when verification fails.  The fix was to change the code to correct its input checking.

                    The fix should be in the [latest iOS 10.3 beta seed][refD], so you can check it for yourself.

                    Share and Enjoy

                    Quinn “The Eskimo!”
                    Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                    let myEmail = "eskimo" + "1" + "@apple.com"