Description
After upgrading from Bouncy Castle C# 2.5.x to 2.6.x, PKCS#7 signature verification for ECDSA signatures appears to have regressed. A signature that verifies successfully in 2.5.x is reported as invalid in 2.6.x, while using identical input data, signature, and certificate.
Observed Behavior
- Verification succeeds in 2.5.x
- Verification fails in 2.6.x
- A
CmsException is thrown with the message:
unrecognised signature parameters provided
Expected Behavior
- The PKCS#7 ECDSA signature should verify successfully, identical to the behavior in 2.5.x.
Signature Details
- Signature algorithm: ECDSA with SHA‑256
- Algorithm OID: 1.2.840.10045.4.3.2
- The signature algorithm parameters are present and valid in the PKCS#7 object.
Minimal Reproducible Example
public bool VerifyPkcs7(byte[] data, byte[] signature, byte[] signerCertificate)
{
var parser = new X509CertificateParser();
var certificate = parser.ReadCertificate(signerCertificate);
var cmsProcessableByteArray = new CmsProcessableByteArray(data);
var cms = new CmsSignedData(cmsProcessableByteArray, signature);
var signer = cms.GetSignerInfos().GetSigners().First();
return signer.Verify(certificate);
}
- This code verifies the signature successfully in 2.5.x
- The same call fails in 2.6.x, throwing the exception mentioned above
Analysis / Suspected Root Cause
The failure appears to originate in SignerInformation.cs, around line 461:
if (!X509Utilities.IsAbsentParameters(sigAlgParams))
X509Utilities.IsAbsentParameters(sigAlgParams) returns false when valid algorithm parameters are present.- Due to the negation (
!), the condition evaluates to true when parameters are present.
- This leads to a
CmsException stating
unrecognised signature parameters provided, even though the parameters are valid for ECDSA with SHA‑256 (OID 1.2.840.10045.4.3.2).
As written, the condition effectively checks for presence rather than absence of parameters.
Possible Fix
Remove the negation so that the condition correctly triggers only when parameters are absent:
if (X509Utilities.IsAbsentParameters(sigAlgParams))
This change restores the behavior observed in 2.5.x and allows valid PKCS#7 ECDSA signatures using SHA‑2 to verify successfully.
Additional Notes
- This appears to be a regression introduced between versions 2.5.x and 2.6.x.
- Please let me know if this behavior change was intentional.
- I would be happy to provide a regression test or submit a pull request if this aligns with the expected behavior.
Description
After upgrading from Bouncy Castle C# 2.5.x to 2.6.x, PKCS#7 signature verification for ECDSA signatures appears to have regressed. A signature that verifies successfully in 2.5.x is reported as invalid in 2.6.x, while using identical input data, signature, and certificate.
Observed Behavior
CmsExceptionis thrown with the message:Expected Behavior
Signature Details
Minimal Reproducible Example
Analysis / Suspected Root Cause
The failure appears to originate in
SignerInformation.cs, around line 461:X509Utilities.IsAbsentParameters(sigAlgParams)returns false when valid algorithm parameters are present.!), the condition evaluates to true when parameters are present.CmsExceptionstatingunrecognised signature parameters provided, even though the parameters are valid for ECDSA with SHA‑256 (OID 1.2.840.10045.4.3.2).As written, the condition effectively checks for presence rather than absence of parameters.
Possible Fix
Remove the negation so that the condition correctly triggers only when parameters are absent:
This change restores the behavior observed in 2.5.x and allows valid PKCS#7 ECDSA signatures using SHA‑2 to verify successfully.
Additional Notes