Bug 8401

Summary: Mono.Security.Authenticode.AuthenticodeDeformatter TimeStamp issue
Product: [Mono] Class Libraries Reporter: a78466
Component: Mono.SecurityAssignee: Bugzilla <bugzilla>
Status: RESOLVED FIXED    
Severity: normal CC: mono-bugs+mono, sebastien
Priority: ---    
Version: unspecified   
Target Milestone: Untriaged   
Hardware: PC   
OS: Windows   
Tags: Is this bug a regression?: ---
Last known good build:
Attachments: dll where AuthenticodeDeformatter failed to read signature timestamp

Description a78466 2012-11-14 13:41:36 UTC
Created attachment 2921 [details]
dll where AuthenticodeDeformatter failed to read signature timestamp

I am using AuthenticodeDeformatter in one of my projects. It works perfectly in most of the scenarios, but I have couple of valid binaries of which signature timestamp is not recognized by the AuthenticodeDeformatter. I have analyzed the code and figured out that the issue lies in this portion of code:

private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
            if (cs.Version != 1)
                return false;

            .........
}

This particular check works for most of the binaries, but I had encountered some binaries in which the Version is 0, yet the Win32 APIs are able to get the TimeStamp correctly.
Attaching one of the binaries.
Comment 1 Sebastien Pouliot 2013-01-07 11:55:18 UTC
Fixed in
master: 558b532f5f2166af79d52af932ee34e471437dfd
mono-2-10: e2ea8f460a3c7b786334cf03c643215a821de763

Thanks for the test case!