Opened 12 months ago
Closed 9 months ago
#21621 closed defect (fixed)
"Certificate signature algorithm not known" for valid EV code signing certificate => fixed in svn
| Reported by: | Jon Tackabury | Owned by: | |
|---|---|---|---|
| Component: | other | Version: | VirtualBox-7.0.8 |
| Keywords: | Cc: | ||
| Guest type: | Windows | Host type: | Windows |
Description
An application called DisplayFusion changed code signing certificates with a new signature algorithm and now the hooks are being blocked by VirtualBox. This line was in the VBoxHardening.log file:
a194.9484: supR3HardenedScreenImage/LdrLoadDll: rc=-23005 fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Program Files\DisplayFusion\Hooks\AppHook64_59f4d7ea-304b-458e-9fb9-c946ed7360a5.dll: Certificate signature algorithm not known: 1.2.840.10045.4.3.3: \Device\HarddiskVolume5\Program Files\DisplayFusion\Hooks\AppHook64_59f4d7ea-304b-458e-9fb9-c946ed7360a5.dll
Looking in the code in the function RTCrX509Certificate_VerifySignature it calls RTCrPkixGetCiperOidFromSignatureAlgorithm then returns this error.
I think the list of OIDs needs to be updated in RTCrPkixGetCiperOidFromSignatureAlgorithm, right now it only has RTCR_PKCS1_OID which is defined as 1.2.840.113549.1.1. According to this document that means only *WithRsaEncryption are valid signature algorithms. I think ecdsaWith* 1.2.840.10045.4.* OIDs need to be allowed now as well to update this check.
https://www.ibm.com/docs/en/zos/2.1.0?topic=programming-object-identifiers
I'm happy to provide more information or even the code required to fix this issue if that helps. Thanks!
Change History (5)
comment:2 by , 10 months ago
Can you tell us where to get the DLL causing this issue?
I'll never understand why some pieces of software need to inject their code into each and every executable...
comment:4 by , 10 months ago
| Summary: | "Certificate signature algorithm not known" for valid EV code signing certificate → "Certificate signature algorithm not known" for valid EV code signing certificate => fixed in svn |
|---|
Thanks for the report. Hope this is addressed in the next release (some time next week, hopefully).
comment:5 by , 9 months ago
| Resolution: | → fixed |
|---|---|
| Status: | new → closed |
Hello,
We just released VirtualBox 7.0.10. This issue should be fixed in this release. Culd you please give it a try? Packages are available on our downloads page.
I was able to reproduce the problem on Windows 10 version 22H2 with VirtualBox version 7.0.8.
This error appears in VBox.log when I start it:
00:00:06.153667 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: rc=VERR_CR_X509_UNKNOWN_CERT_SIGN_ALGO fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHook64_8C8D5512-E770-4CFA-9F2A-BD9649DC6DB4.dll: Certificate signature algorithm not known: 1.2.840.10045.4.3.3: \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHook64_8C8D5512-E770-4CFA-9F2A-BD9649DC6DB4.dll
The VM is a Windows 10 VM. It got stuck at "Preparing Automatic Repair".
I could boot an Ubuntu VM without trouble.
Workaround: