VirtualBox

Opened 12 months ago

Closed 9 months ago

#21621 closed defect (fixed)

"Certificate signature algorithm not known" for valid EV code signing certificate => fixed in svn

Reported by: Jon Tackabury Owned by:
Component: other Version: VirtualBox-7.0.8
Keywords: Cc:
Guest type: Windows Host type: Windows

Description

An application called DisplayFusion changed code signing certificates with a new signature algorithm and now the hooks are being blocked by VirtualBox. This line was in the VBoxHardening.log file:

a194.9484:
supR3HardenedScreenImage/LdrLoadDll:
rc=-23005 fImage=1 fProtect=0x0 fAccess=0x0
\Device\HarddiskVolume5\Program Files\DisplayFusion\Hooks\AppHook64_59f4d7ea-304b-458e-9fb9-c946ed7360a5.dll:
Certificate signature algorithm not known: 1.2.840.10045.4.3.3:
\Device\HarddiskVolume5\Program Files\DisplayFusion\Hooks\AppHook64_59f4d7ea-304b-458e-9fb9-c946ed7360a5.dll

Looking in the code in the function RTCrX509Certificate_VerifySignature it calls RTCrPkixGetCiperOidFromSignatureAlgorithm then returns this error.

I think the list of OIDs needs to be updated in RTCrPkixGetCiperOidFromSignatureAlgorithm, right now it only has RTCR_PKCS1_OID which is defined as 1.2.840.113549.1.1. According to this document that means only *WithRsaEncryption are valid signature algorithms. I think ecdsaWith* 1.2.840.10045.4.* OIDs need to be allowed now as well to update this check.

https://www.ibm.com/docs/en/zos/2.1.0?topic=programming-object-identifiers

I'm happy to provide more information or even the code required to fix this issue if that helps. Thanks!

Change History (5)

comment:1 by Zian, 11 months ago

I was able to reproduce the problem on Windows 10 version 22H2 with VirtualBox version 7.0.8.

This error appears in VBox.log when I start it:

00:00:06.153667 supR3HardenedErrorV: supR3HardenedScreenImage/LdrLoadDll: rc=VERR_CR_X509_UNKNOWN_CERT_SIGN_ALGO fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHook64_8C8D5512-E770-4CFA-9F2A-BD9649DC6DB4.dll: Certificate signature algorithm not known: 1.2.840.10045.4.3.3: \Device\HarddiskVolume3\Program Files (x86)\DisplayFusion\Hooks\AppHook64_8C8D5512-E770-4CFA-9F2A-BD9649DC6DB4.dll

The VM is a Windows 10 VM. It got stuck at "Preparing Automatic Repair".

I could boot an Ubuntu VM without trouble.

Workaround:

  1. Right-click on DisplayFusion's icon in the notification area.
  2. Click the menu item to exit.
  3. Restart Virtualbox.
Last edited 11 months ago by Zian (previous) (diff)

comment:2 by Klaus Espenlaub, 10 months ago

Can you tell us where to get the DLL causing this issue?

I'll never understand why some pieces of software need to inject their code into each and every executable...

comment:3 by Jon Tackabury, 10 months ago

You can download the latest version of DisplayFusion to get the DLLs.

https://www.displayfusion.com/Download/

comment:4 by bird, 9 months ago

Summary: "Certificate signature algorithm not known" for valid EV code signing certificate"Certificate signature algorithm not known" for valid EV code signing certificate => fixed in svn

Thanks for the report. Hope this is addressed in the next release (some time next week, hopefully).

comment:5 by galitsyn, 9 months ago

Resolution: fixed
Status: newclosed

Hello,

We just released VirtualBox 7.0.10. This issue should be fixed in this release. Culd you please give it a try? Packages are available on our downloads page.

Note: See TracTickets for help on using tickets.

© 2023 Oracle
ContactPrivacy policyTerms of Use