Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ClickOnce] Fix nonce generation in timestamping of signed manifest. #9579

Merged
merged 1 commit into from
Jan 12, 2024
Merged

[ClickOnce] Fix nonce generation in timestamping of signed manifest. #9579

merged 1 commit into from
Jan 12, 2024

Conversation

sujitnayak
Copy link
Contributor

@sujitnayak sujitnayak commented Dec 30, 2023
edited
Loading

Fixes
#9505

Summary

SecurityUtilities.SignFile function to sign ClickOnce manifest can fail occasionally during timestamping because the random bytes generated for the nonce can be invalid DER encodings for integer values

Changes Made

To ensure the encoding is not invalid, clear the nonce MSB's most significant bit and set the MSB's least significant bit.

This is a port of the fix made for the same issue in the NuGet client:
NuGet/NuGet.Client@3e55190

Customer Impact

Customers calling SignFile API through the Microsoft.Build.Tasks.Core NuGet package encounter occasional failures because the Nonce generated is invalid per DER encoding. The fix will address this issue of the SignFile API failing intermittently.

Regression?

No

Testing

Failing scenario validated + signing scenarios in ClickOnce validated for regression.

Risk

Low

@rainersigwald
Copy link
Member

Looks like the current version of the NuGet code is slightly different: https://github.com/NuGet/NuGet.Client/blame/c13cea4dfd50e7eba1b794e1fea979dd1d6af3bd/src/NuGet.Core/NuGet.Packaging/Signing/Timestamp/Rfc3161TimestampProvider.cs#L245-L270

Does this need similar netcore-specific logic?

@sujitnayak
Copy link
Contributor Author

Looks like the current version of the NuGet code is slightly different: https://github.com/NuGet/NuGet.Client/blame/c13cea4dfd50e7eba1b794e1fea979dd1d6af3bd/src/NuGet.Core/NuGet.Packaging/Signing/Timestamp/Rfc3161TimestampProvider.cs#L245-L270

Does this need similar netcore-specific logic?

I don't think we need that logic since we only support .NET FX. That logic is for Rfc3161TimestampRequest.CreateFromHash (based on the comment) which we don't call. The .NET FX version PInvokes to CryptRetrieveTimeStamp Win32 API.

JanKrivanek
JanKrivanek approved these changes Jan 12, 2024
View reviewed changes
Copy link
Member

@JanKrivanek JanKrivanek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@JanKrivanek JanKrivanek merged commit ceb160a into dotnet:main Jan 12, 2024
8 checks passed
@AR-May AR-May mentioned this pull request Jul 31, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JanKrivanek JanKrivanek JanKrivanek approved these changes

@John-Hart John-Hart John-Hart approved these changes

@rainersigwald rainersigwald Awaiting requested review from rainersigwald

Assignees

@rainersigwald rainersigwald

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sujitnayak @rainersigwald @JanKrivanek @John-Hart