Bug 8401 - Mono.Security.Authenticode.AuthenticodeDeformatter TimeStamp issue
Summary: Mono.Security.Authenticode.AuthenticodeDeformatter TimeStamp issue
Status: RESOLVED FIXED
Alias: None
Product: Class Libraries
Classification: Mono
Component: Mono.Security (show other bugs)
Version: unspecified
Hardware: PC Windows
: --- normal
Target Milestone: Untriaged
Assignee: Bugzilla
URL:
Depends on:
Blocks:
 
Reported: 2012-11-14 13:41 UTC by a78466
Modified: 2013-01-07 11:55 UTC (History)
2 users (show)

See Also:
Tags:
Is this bug a regression?: ---
Last known good build:


Attachments
dll where AuthenticodeDeformatter failed to read signature timestamp (42.12 KB, application/octet-stream)
2012-11-14 13:41 UTC, a78466
Details

Description a78466 2012-11-14 13:41:36 UTC
Created attachment 2921 [details]
dll where AuthenticodeDeformatter failed to read signature timestamp

I am using AuthenticodeDeformatter in one of my projects. It works perfectly in most of the scenarios, but I have couple of valid binaries of which signature timestamp is not recognized by the AuthenticodeDeformatter. I have analyzed the code and figured out that the issue lies in this portion of code:

private bool VerifyCounterSignature (PKCS7.SignerInfo cs, byte[] signature)
{
            if (cs.Version != 1)
                return false;

            .........
}

This particular check works for most of the binaries, but I had encountered some binaries in which the Version is 0, yet the Win32 APIs are able to get the TimeStamp correctly.
Attaching one of the binaries.
Comment 1 Sebastien Pouliot 2013-01-07 11:55:18 UTC
Fixed in
master: 558b532f5f2166af79d52af932ee34e471437dfd
mono-2-10: e2ea8f460a3c7b786334cf03c643215a821de763

Thanks for the test case!

Notice (2018-05-21): bugzilla.xamarin.com will be switching to read-only mode on Thursday, 2018-05-25 22:00 UTC.

Please join us on Visual Studio Developer Community and GitHub to continue tracking issues. Bugzilla will remain available for reference in read-only mode. We will continue to work on open Bugzilla bugs and copy them to the new locations as needed for follow-up. The See Also field on each Bugzilla bug will be updated with a link to its new location when applicable.

After Bugzilla is read-only, if you have new information to add for a bug that does not yet have a matching issue on Developer Community or GitHub, you can create a follow-up issue in the new location. Copy and paste the title and description from this bug, and then add your new details. You can get a pre-formatted version of the title and description here:

In special cases you might also want the comments:

Our sincere thanks to everyone who has contributed on this bug tracker over the years. Thanks also for your understanding as we make these adjustments and improvements for the future.

Note You need to log in before you can comment on or make changes to this bug.