Bug 37535 - A file encrypted and signed by .Net cannot be verified by mono under certain circumstances
Summary: A file encrypted and signed by .Net cannot be verified by mono under certain ...
Status: NEW
Alias: None
Product: Class Libraries
Classification: Mono
Component: System.Security ()
Version: 4.2.0 (C6)
Hardware: All All
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2016-01-08 22:26 UTC by Jake Baker
Modified: 2016-01-08 22:26 UTC (History)
1 user (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
A minimal program that demonstrates the signing and verification bug. (9.29 KB, application/x-7z-compressed)
2016-01-08 22:26 UTC, Jake Baker
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report for Bug 37535 on GitHub or Developer Community if you have new information to add and do not yet see a matching new report.

If the latest results still closely match this report, you can use the original description:

  • Export the original title and description: GitHub Markdown or Developer Community HTML
  • Copy the title and description into the new report. Adjust them to be up-to-date if needed.
  • Add your new information.

In special cases on GitHub you might also want the comments: GitHub Markdown with public comments

Related Links:
Status:
NEW

Description Jake Baker 2016-01-08 22:26:29 UTC
Created attachment 14507 [details]
A minimal program that demonstrates the signing and verification bug.

When an xml file containing a newline within a non-empty (meaning whitespace only) tag content is encrypted and signed using a program running under the .Net runtime, that file cannot be verified by the same program running under the mono runtime (and visa versa).

If the xml file does not contain a newline within a non-empty tag content, this error does not exist.

In other words...

This verifies fine: <a>.</a> 
This fails verification under mono: <a>.\n</a>

A minimal demonstration program is attached.

After extensive testing I have isolated the issue to mono's implementation of the SignedXml class. To wit, if I copy mono's SignedXml class into my project as MySignedXml, and replace all references to SignedXml with MySignedXml, then the program behaves under .Net the same as it behaves under Mono.