Wrong hash while creating a Certificate Signing Request on 10.9 to 10.14

We use our app to generate a certificate signing request and recently migrated from using the openSSL library functions to Apple's native crypto functions. We based our code off https://github.com/ateska/ios-csr/blob/master/SCCSR.m. This works perfectly fine on macOS 10.15 - the version on which the app was developed. Strangely it works on macOS 10.8 as well. On all the versions from 10.9 to 10.14 if we do an openSSL verify (

openssl req -in req.csr -noout -text -verify
), we get


error:04091068:rsa routines:INT_RSA_VERIFY:bad signature:rsa_sign.c:278
error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib:a_verify.c:218


This means our certificate request is rejected on those all the above mentioned versions.


We suspected it might be the

SecKeyRawSign
function but after looking at the key and the digest, we realised that the signature was correct and the problem was with the hash itself on these OS versions. We were trying to figure out if this was a known issue with these versions or are we doing something wrong.

Replies

the problem was with the hash itself on these OS versions.

To start, I recommend that you simplify your code by switch to the one-off digest function

CC_SHA1
. There’s nothing wrong with using the chunkwise functions, but you don’t need to do that and using the one-off function is simpler.

Once you do that you’ve devolved the problem to “I call

CC_SHA1
with input X and get output Y on macOS 10.15 and output Z on 10.14.” Right? If so, I’m a bit mystified. I’ve not seen any bugs in CommonCrypto that would do that. Additionally, looking at the code as it currently stands, I can’t see any obvious bugs in your side of the equation.

Can you actually do this reduction? That is, capture an input that produces different results on the different OS versions and then post a code snippet demonstrating that?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Switched to the CC_SHA1 function. Smaller code is always good.


Since it looks like the code in that github project seems fine, we were trying to isolate the modifications we have done to work with our app. The thing that stands out is that they have built the public key from scratch whereas we use a SecKeyCreatePair to create the keypair and then SecItemExport to get an NSData of the publicKeyInfo. We continue with the same flow after this - appending the publicKeyInfo to the CertificateRequestInfo, create the hash and then sign which is all added to the CertificateRequestInfo.


Gotta do some more checking on the Mojave and Catalina systems.