http://bugs.winehq.org/show_bug.cgi?id=35613
Bug ID: 35613 Summary: Foxit Reader unable to validate digital signatures Product: Wine Version: 1.7.12 Hardware: x86 URL: http://www.foxitsoftware.com/downloads/ OS: Linux Status: NEW Keywords: download Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: dimesio@earthlink.net Classification: Unclassified
Created attachment 47561 --> http://bugs.winehq.org/attachment.cgi?id=47561 Log from opening sample PDF and clicking on signature
Tested with FoxitReader612.12241_enu_Setup.exe and sample signed PDF downloaded from http://blogs.adobe.com/security/SampleSignedPDFDocument.pdf.
To reproduce:
1. Install Foxit Reader. 2. Open sample signed PDF from Adobe. 3. Click on the signature in the document. 4. A Signature Validation Status window pops up that says:
Signature is INVALID. - The document has been altered or corrupted since the Signature was applied. - The signer's identity has not yet been verified.
5. Clicking on the Signature Properties button brings up the Signature Properties window, but the Show Certificate button is greyed out.
In Windows (tested XP & 7 in a VM), the first time you try to validate the signature the message in the Signature Validation Status window is:
Signature validity is UNKNOWN. - The document has not been modified since the signature was applied. - The signer's identity is unknown because it has not been included in your list of trusted identities and none of its parent certificates are trusted. - The certificate has exceeded the time of validity.
However, in Windows the Show Certificate button on the Signature Properties window works and takes you to a dialog that allows you to import the certificate. Once that is done, the message from clicking on the signature is:
Signature is VALID, signed by John B Harris ,jbharris@adobe.com> - The document has not been modified since this signature was applied. - The signer's identity is valid. - The certificate has exceeded the time of validity.
I'm attaching a log from opening the sample PDF and clicking on the signature in a clean wineprefix. Copying mfc42u.dll and msasn1.dll to the wineprefix's system32 directory gets rid of the console error messages about them, but does not change the app's behavior.
http://bugs.winehq.org/show_bug.cgi?id=35613
lizhenbo litimetal@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |litimetal@gmail.com
https://bugs.winehq.org/show_bug.cgi?id=35613
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.foxitsoftware.co |http://www.oldapps.com/foxi |m/downloads/ |t_reader.php?old_foxit_read | |er=13798 CC| |focht@gmx.net Summary|Foxit Reader unable to |Foxit Reader 6.12 crashes |validate digital signatures |on unimplemented function | |msasn1.dll.ASN1_CreateModul | |e during validation of | |digital signatures
--- Comment #1 from Anastasius Focht focht@gmx.net --- Hello folks,
confirming, still present.
Prerequisite: 'winetricks -q mfc42'
--- snip --- err:module:import_dll Library MFC42u.DLL (which is needed by L"C:\Program Files\Foxit Software\Foxit Reader\plugins\jrsys\x86\jrsysMSCryptoDll.dll") not found --- snip ---
When doing the validation:
--- snip --- $ pwd /home/focht/.wine/drive_c/Program Files/Foxit Software/Foxit Reader
$ WINEDEBUG=+tid,+seh,+relay wine ./Foxit\ Reader.exe >>log.txt 2>&1 ... 0053:Call KERNEL32.RaiseException(80000100,00000001,00000002,0033ea40) ret=7d041d3d 0053:trace:seh:raise_exception code=80000100 flags=1 addr=0x7b83b39f ip=7b83b39f tid=0053 0053:trace:seh:raise_exception info[0]=7d041d58 0053:trace:seh:raise_exception info[1]=7d0431c6 wine: Call from 0x7b83b39f to unimplemented function msasn1.dll.ASN1_CreateModule, aborting ... 0053:Call user32.SetWindowTextW(00010286,0664e478 L"Signature is INVALID.\r\n\r\n- The document has been altered or corrupted since the Signature was applied.\r\n\r\n- The signer's identity has not yet been verified.") ret=006ca6e7 --- snip ---
Although not the real problem here, targeting the ASN1 API first since Rosanne didn't explicitly state "make it work with native override".
An ASN1 API implementation can be found in the 'Windows Portable Runtime' (FreeRDP spin-off project, Apache License).
$ sha1sum FoxitReader612.1224_enu_Setup.exe 3c4a6587af9c09b760fcc60038ad88c964404060 FoxitReader612.1224_enu_Setup.exe
$ du -sh FoxitReader612.1224_enu_Setup.exe 32M FoxitReader612.1224_enu_Setup.exe
$ wine --version wine-1.7.34-126-g0b811ee
Regards
https://bugs.winehq.org/show_bug.cgi?id=35613
--- Comment #2 from Rosanne DiMesio dimesio@earthlink.net --- (In reply to Anastasius Focht from comment #1)
Although not the real problem here, targeting the ASN1 API first since Rosanne didn't explicitly state "make it work with native override".
I filed the bug for the inability to validate signatures. My assumption was that since native msasn1 did not fix the problem, the need for it was irrelevant to the problem I was reporting. Your statement suggests my assumption was correct, so shouldn't the msasn1 issue been filed as a separate bug report?
https://bugs.winehq.org/show_bug.cgi?id=35613
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Foxit Reader 6.12 crashes |Foxit Reader 6.12: 'Show |on unimplemented function |Certificate' button is |msasn1.dll.ASN1_CreateModul |greyed out after failure to |e during validation of |validate digital signature |digital signatures |
--- Comment #3 from Anastasius Focht focht@gmx.net --- Hello Rosanne,
--- quote --- shouldn't the msasn1 issue been filed as a separate bug report? --- quote ---
yes. When I was looking at the bug with a newer Wine version, the aforementioned crash was previously not present (result of bug 36627 -> addition of msasn1 stub dll). It kind of made me "blind" for a non-fatal thing such as a greyed out button.
I'll re-christen the bug again.
Regards
https://bugs.winehq.org/show_bug.cgi?id=35613
Rosanne DiMesio dimesio@earthlink.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|NEW |RESOLVED
--- Comment #4 from Rosanne DiMesio dimesio@earthlink.net --- Downloading the old version from oldapps.com no longer works.
Tested version 9.7.0.29455 from www.foxitsoftware.com in 5.0-rc2. The Show Certificate button now works. There are other issues with importing certificates and signing documents, but this bug is fixed.
https://bugs.winehq.org/show_bug.cgi?id=35613
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #5 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 5.0-rc3.
https://bugs.winehq.org/show_bug.cgi?id=35613
LingM lingm+winebz@posteo.org changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |lingm+winebz@posteo.org
--- Comment #6 from LingM lingm+winebz@posteo.org --- This bug isn't fixed yet. Some change in newer Foxit Reader versions just happens to make it work.
Testing against 6.12, as originally reported against, still reproduces the problem in 5.0-rc3.
Both the installer and the signed example pdf are still available on archive.org: https://web.archive.org/web/20150411041055/http://download.oldapps.com/FoxIt...
https://web.archive.org/web/20180726133859/http://blogs.adobe.com/security/S...
$ sha1sum FoxitReader612.1224_enu_Setup.exe 3c4a6587af9c09b760fcc60038ad88c964404060 FoxitReader612.1224_enu_Setup.exe
$ du -sh FoxitReader612.1224_enu_Setup.exe 32M FoxitReader612.1224_enu_Setup.exe
$ sha1sum SampleSignedPDFDocument.pdf 8efe8915c17d8180ccefc9f2009b05a8cd2dc80d SampleSignedPDFDocument.pdf
$ du -sh SampleSignedPDFDocument.pdf 268K SampleSignedPDFDocument.pdf
https://bugs.winehq.org/show_bug.cgi?id=35613
Gijs Vermeulen gijsvrm@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- URL|http://www.oldapps.com/foxi |https://web.archive.org/web |t_reader.php?old_foxit_read |/20150411041055/http://down |er=13798 |load.oldapps.com/FoxItReade | |r/FoxitReader612.1224_enu_S | |etup.exe Status|CLOSED |REOPENED Resolution|FIXED |---
--- Comment #7 from Gijs Vermeulen gijsvrm@gmail.com --- Reopening based on Comment #6.
https://bugs.winehq.org/show_bug.cgi?id=35613
Vijay Kamuju infyquest@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |infyquest@gmail.com
--- Comment #8 from Vijay Kamuju infyquest@gmail.com --- Implemented the ASN1_CreateModule. Will try to partially implement ASN1_Decode. I believe this might help, But even when its not implemented it crashes randomly when we click ValidateSignature.
https://bugs.winehq.org/show_bug.cgi?id=35613
Anastasius Focht focht@gmx.net changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Foxit Reader 6.12: 'Show |Foxit Reader 6.12: 'Show |Certificate' button is |Certificate' button is |greyed out after failure to |greyed out after failure to |validate digital signature |validate digital signature | |(ASN1_Decode is a stub) Component|-unknown |msasn1 Status|REOPENED |NEW
--- Comment #9 from Anastasius Focht focht@gmx.net --- Hello folks,
revisiting, still present.
--- snip --- 020c:fixme:msasn1:ASN1_Decode (109A40F8 0031F33C 19 00000008 077BD478 9958): Stub! --- snip ---
Wine source:
https://source.winehq.org/git/wine.git/blob/47ac628b4a4e476c1b044765c95d5be2...
--- snip --- 194 ASN1error_e WINAPI ASN1_Decode(ASN1decoding_t decoder, void **outdata, ASN1uint32_t pdunum, 195 ASN1uint32_t flags, ASN1octet_t *buf, ASN1uint32_t bufsize) 196 { 197 FIXME("(%p %p %u %08x %p %u): Stub!\n", decoder, outdata, pdunum, flags, buf, bufsize); 198 199 if (!decoder) 200 return ASN1_ERR_BADARGS; 201 202 if (!buf || !bufsize) 203 { 204 decoder->err = ASN1_ERR_BADARGS; 205 return ASN1_ERR_BADARGS; 206 } 207 208 decoder->err = ASN1_ERR_BADPDU; 209 return ASN1_ERR_BADPDU; 210 } --- snip ---
$ wine --version wine-6.1
Regards
-
wine-bugs@winehq.org -
WineHQ Bugzilla