Some OID Names have Incorrect Key in Strings Files
| Originator: | oliver.drobnik | ||
| Number: | rdar://13438118 | Date Originated: | 17-Mar-2013 11:56 AM |
| Status: | Open | Resolved: | |
| Product: | Mac OS X | Product Version: | OS X 10.8.3 (12D78) |
| Classification: | Other Bug | Reproducible: | Always |
Summary: The SecurityFoundation.framework contains localized strings with names for 1730 ASN.1 Object Identifiers (OID). The key used is a hex representation of the TLV data making of those OIDs. Those strings are for example used to display these values on certificate quick look viewers like the one built into Keychain Access. 29 of these strings (in English, but presumably in all 30 languages) have a length byte value that is either too short (17) or too long (12) for the rest of the data. Assuming that certificates are usually well-formed that means that if any of these 29 OIDs appear in a viewed certificate the key will be incorrect and no matching name for the string will be found. The incorrect entries are: // too many V bytes 06 05 2B 24 03 04 02 01 = 'ISO9796-2 with RED' 06 06 2A 86 48 CE 38 03 01 = 'Countersignature' 06 06 2A 86 48 CE 38 03 02 = 'Attribute Certificate' 06 07 2B 0C 02 87 73 07 03 01 = 'DEC MD2 with RSA' 06 07 2B 0C 02 87 73 07 03 02 = 'DEC MD4 with RSA' 06 07 2B 0C 02 87 73 07 03 03 = 'DEC DEA-MAC' 06 07 2B 0C 02 87 73 07 02 01 = 'DEC MD2' 06 07 2B 0C 02 87 73 07 02 02 = 'DEC MD4' 06 0B 60 86 48 01 65 02 01 0C 00 01 00 00 = 'TSP1 Tag Set Zero' 06 0B 60 86 48 01 65 02 01 0C 00 01 00 01 = 'TSP1 Tag Set One' 06 0B 60 86 48 01 65 02 01 0C 00 01 00 02 = 'TSP1 Tag Set Two' 06 0B 60 86 48 01 65 02 01 0C 00 02 00 00 = 'TSP2 Tag Set Zero' 06 0B 60 86 48 01 65 02 01 0C 00 02 00 01 = 'TSP2 Tag Set One' 06 0B 60 86 48 01 65 02 01 0C 00 02 00 02 = 'TSP2 Tag Set Two' 06 0B 60 86 48 01 65 02 01 0C 00 03 00 01 = 'Kafka Tag Set Name 1' 06 0B 60 86 48 01 65 02 01 0C 00 03 00 02 = 'Kafka Tag Set Name 2' 06 0B 60 86 48 01 65 02 01 0C 00 03 00 03 = 'Kafka Tag Set Name 3' // too little V bytes 06 08 2A 86 48 86 F7 0D 02 = 'RSADSI Digest Algorithm' 06 08 2A 86 48 86 F7 0D 03 = 'RSADSI Encryption Algorithm' 06 09 2A 86 48 86 F7 14 01 02 81 71 = 'Delivery Mechanism' 06 09 2A 86 48 CE 3D 01 02 03 = 'Characteristic-Two Basis' 06 09 60 86 48 01 65 02 01 0B = 'US Department of Defense Infosec' 06 0A 2A 86 48 CE 3D 01 02 03 01 = 'Null Basis' 06 0A 2A 86 48 CE 3D 01 02 03 02 = 'Trinomial Basis' 06 0A 2A 86 48 CE 3D 01 02 03 03 = 'Pentanomial Basis' 06 0B 2A 83 08 8C 1A 4B 3D 01 01 01 = 'Symmetric Encryption Algorithm' 06 0B 60 86 48 01 86 F8 37 01 02 08 81 02 = 'MD4 Packet' 06 0B 60 86 48 01 86 F8 37 01 02 08 81 05 = 'Novell Obfuscate-1' 06 0C 2A 83 08 8C 9A 4B 3D 01 01 01 01 = 'MISTY1-CBC' Steps to Reproduce: Inspect /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/Resources/English.lproj/OID.strings and look up any of the above mentioned keys. Expected Results: The string keys should have the correct length byte in order to match actual live data. Actual Results: 19 OID names will not be displayed in a certificate viewer looking for well-formed keys in the OID strings files. Regression: We first saw this error on 10.8.3, we did not inspect any earlier OS X versions. Notes: We can provide a command line utility to fix the incorrect keys for your convenience.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!