"Certificate signature algorithm not known" for valid EV code signing certificate => fixed in svn
|Reported by:||Jon Tackabury||Owned by:|
|Guest type:||Windows||Host type:||Windows|
An application called DisplayFusion changed code signing certificates with a new signature algorithm and now the hooks are being blocked by VirtualBox. This line was in the VBoxHardening.log file:
a194.9484: supR3HardenedScreenImage/LdrLoadDll: rc=-23005 fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume5\Program Files\DisplayFusion\Hooks\AppHook64_59f4d7ea-304b-458e-9fb9-c946ed7360a5.dll: Certificate signature algorithm not known: 1.2.840.10045.4.3.3: \Device\HarddiskVolume5\Program Files\DisplayFusion\Hooks\AppHook64_59f4d7ea-304b-458e-9fb9-c946ed7360a5.dll
Looking in the code in the function RTCrX509Certificate_VerifySignature it calls RTCrPkixGetCiperOidFromSignatureAlgorithm then returns this error.
I think the list of OIDs needs to be updated in RTCrPkixGetCiperOidFromSignatureAlgorithm, right now it only has RTCR_PKCS1_OID which is defined as 1.2.840.113549.1.1. According to this document that means only *WithRsaEncryption are valid signature algorithms. I think ecdsaWith* 1.2.840.10045.4.* OIDs need to be allowed now as well to update this check.
I'm happy to provide more information or even the code required to fix this issue if that helps. Thanks!
Change History (5)
comment:4 by , 3 months ago
|Summary:||"Certificate signature algorithm not known" for valid EV code signing certificate → "Certificate signature algorithm not known" for valid EV code signing certificate => fixed in svn|