projects / mono.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
2008-01-10 Sebastien Pouliot <sebastien@ximian.com>
[mono.git] / mcs / class / corlib / Mono.Security.Authenticode / AuthenticodeDeformatter.cs
diff --git a/mcs/class/corlib/Mono.Security.Authenticode/AuthenticodeDeformatter.cs b/mcs/class/corlib/Mono.Security.Authenticode/AuthenticodeDeformatter.cs
index 78d7081280f1371dca811acecd3f348b0db4e0b3..a92affc4e549f169a97632f952654b38da513670 100644 (file)
--- a/mcs/class/corlib/Mono.Security.Authenticode/AuthenticodeDeformatter.cs
+++ b/mcs/class/corlib/Mono.Security.Authenticode/AuthenticodeDeformatter.cs
@@ -33,6 +33,7 @@ using System.Runtime.InteropServices;
 using System.Security;
 using System.Security.Cryptography;
 
+using Mono.Security.Cryptography;
 using Mono.Security.X509;
 
 namespace Mono.Security.Authenticode {
@@ -408,7 +409,6 @@ namespace Mono.Security.Authenticode {
 
                        // verify signature
                        byte[] counterSignature = cs.Signature;
-                       string hashOID = CryptoConfig.MapNameToOID (hashName);
 
                        // change to SET OF (not [0]) as per PKCS #7 1.5
                        ASN1 aa = new ASN1 (0x31);
@@ -421,10 +421,13 @@ namespace Mono.Security.Authenticode {
                        byte[] serial = cs.SerialNumber;
                        foreach (X509Certificate x509 in coll) {
                                if (CompareIssuerSerial (issuer, serial, x509)) {
-                                       // don't verify if key size don't match
-                                       if (x509.PublicKey.Length > (counterSignature.Length >> 3)) {
+                                       if (x509.PublicKey.Length > counterSignature.Length) {
                                                RSACryptoServiceProvider rsa = (RSACryptoServiceProvider) x509.RSA;
-                                               if (rsa.VerifyHash (p7hash, hashOID, counterSignature)) {
+                                               // we need to HACK around bad (PKCS#1 1.5) signatures made by Verisign Timestamp Service
+                                               // and this means copying stuff into our own RSAManaged to get the required flexibility
+                                               RSAManaged rsam = new RSAManaged ();
+                                               rsam.ImportParameters (rsa.ExportParameters (false));
+                                               if (PKCS1.Verify_v15 (rsam, ha, p7hash, counterSignature, true)) {
                                                        timestampChain.LoadCertificates (coll);
                                                        return (timestampChain.Build (x509));
                                                }
my mono mirror. check out Moved to http://github.com/mono/mono