Bug 8401 - Mono.Security.Authenticode.AuthenticodeDeformatter TimeStamp issue
Summary: Mono.Security.Authenticode.AuthenticodeDeformatter TimeStamp issue
Status: RESOLVED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: Mono.Security ()
Version: unspecified
Hardware: PC Windows
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-11-14 13:41 UTC by a78466
Modified: 2013-01-07 11:55 UTC (History)
2 users (show)

Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
dll where AuthenticodeDeformatter failed to read signature timestamp (42.12 KB, application/octet-stream)
2012-11-14 13:41 UTC, a78466
Details


Notice (2018-05-24): bugzilla.xamarin.com is now in read-only mode.

Please join us on Visual Studio Developer Community and in the Xamarin and Mono organizations on GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs, copy them to the new locations as needed for follow-up, and add the new items under Related Links.

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.


Please create a new report on GitHub or Developer Community with your current version information, steps to reproduce, and relevant error messages or log files if you are hitting an issue that looks similar to this resolved bug and you do not yet see a matching new report.

Related Links:
Status:
RESOLVED FIXED

Description a78466 2012-11-14 13:41:36 UTC
Created attachment 2921 [details]
dll where AuthenticodeDeformatter failed to read signature timestamp

I am using AuthenticodeDeformatter in one of my projects. It works perfectly in most of the scenarios, but I have couple of valid binaries of which signature timestamp is not recognized by the AuthenticodeDeformatter. I have analyzed the code and figured out that the issue lies in this portion of code:

private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
            if (cs.Version != 1)
                return false;

            .........
}

This particular check works for most of the binaries, but I had encountered some binaries in which the Version is 0, yet the Win32 APIs are able to get the TimeStamp correctly.
Attaching one of the binaries.
Comment 1 Sebastien Pouliot 2013-01-07 11:55:18 UTC
Fixed in
master: 558b532f5f2166af79d52af932ee34e471437dfd
mono-2-10: e2ea8f460a3c7b786334cf03c643215a821de763

Thanks for the test case!