crypto/x509: disable signing with MD5WithRSA

rolandshoemaker · rolandshoemaker · commit fdb640b7a132 · 2022-05-05T15:43:29.000Z
MD5 is hopelessly broken, we already don't allow verification of MD5 signatures, we shouldn't support generating them. Fixes #42125 Change-Id: Ib25d750e6fc72a03198a505ac71e6d2c99eff2ed Reviewed-on: https://go-review.googlesource.com/c/go/+/285872 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com>
diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
@@ -1397,6 +1397,10 @@ func signingParamsForPublicKey(pub any, requestedSigAlgo SignatureAlgorithm) (ha
 				err = errors.New("x509: cannot sign with hash function requested")
 				return
 			}
+			if hashFunc == crypto.MD5 {
+				err = errors.New("x509: signing with MD5 is not supported")
+				return
+			}
 			if requestedSigAlgo.isRSAPSS() {
 				sigAlgo.Parameters = hashToPSSParameters[hashFunc]
 			}
@@ -1591,15 +1595,8 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
 	}
 
 	// Check the signature to ensure the crypto.Signer behaved correctly.
-	sigAlg := getSignatureAlgorithmFromAI(signatureAlgorithm)
-	switch sigAlg {
-	case MD5WithRSA:
-		// We skip the check if the signature algorithm is only supported for
-		// signing, not verification.
-	default:
-		if err := checkSignature(sigAlg, c.Raw, signature, key.Public(), true); err != nil {
-			return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
-		}
+	if err := checkSignature(getSignatureAlgorithmFromAI(signatureAlgorithm), c.Raw, signature, key.Public(), true); err != nil {
+		return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
 	}
 
 	return signedCert, nil
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
@@ -2929,8 +2929,8 @@ func TestCreateCertificateLegacy(t *testing.T) {
 		SignatureAlgorithm: sigAlg,
 	}
 	_, err := CreateCertificate(rand.Reader, template, template, testPrivateKey.Public(), &brokenSigner{testPrivateKey.Public()})
-	if err != nil {
-		t.Fatalf("CreateCertificate failed when SignatureAlgorithm = %v: %s", sigAlg, err)
+	if err == nil {
+		t.Fatal("CreateCertificate didn't fail when SignatureAlgorithm = MD5WithRSA")
 	}
 }
 

Original file line number	Diff line number	Diff line change
`@@ -2929,8 +2929,8 @@ func TestCreateCertificateLegacy(t *testing.T) {`
`2929`	`2929`	`SignatureAlgorithm: sigAlg,`
`2930`	`2930`	`}`
`2931`	`2931`	`_, err := CreateCertificate(rand.Reader, template, template, testPrivateKey.Public(), &brokenSigner{testPrivateKey.Public()})`
`2932`		`- if err != nil {`
`2933`		`- t.Fatalf("CreateCertificate failed when SignatureAlgorithm = %v: %s", sigAlg, err)`
	`2932`	`+ if err == nil {`
	`2933`	`+ t.Fatal("CreateCertificate didn't fail when SignatureAlgorithm = MD5WithRSA")`
`2934`	`2934`	`}`
`2935`	`2935`	`}`
`2936`	`2936`