crypto/x509: disable signing with MD5WithRSA

MD5 is hopelessly broken, we already don't allow verification of MD5 signatures, we shouldn't support generating them. Fixes #42125 Change-Id: Ib25d750e6fc72a03198a505ac71e6d2c99eff2ed Reviewed-on: https://go-review.googlesource.com/c/go/+/285872 Run-TryBot: Roland Shoemaker <roland@golang.org> Reviewed-by: Katie Hockman <katie@golang.org> TryBot-Result: Gopher Robot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org> Reviewed-by: David Chase <drchase@google.com>
2024-11-24 01:50:11 -07:00 · 2021-01-22 10:16:24 -08:00 · 2021-01-22 10:16:24 -08:00 · fdb640b7a1
commit fdb640b7a1
parent 485a572243
2 changed files with 8 additions and 11 deletions
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@ -1397,6 +1397,10 @@ func signingParamsForPublicKey(pub any, requestedSigAlgo SignatureAlgorithm) (ha
 				err = errors.New("x509: cannot sign with hash function requested")
 				return
 			}
+			if hashFunc == crypto.MD5 {
+				err = errors.New("x509: signing with MD5 is not supported")
+				return
+			}
 			if requestedSigAlgo.isRSAPSS() {
 				sigAlgo.Parameters = hashToPSSParameters[hashFunc]
 			}
@ -1591,15 +1595,8 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
 	}

 	// Check the signature to ensure the crypto.Signer behaved correctly.
-	sigAlg := getSignatureAlgorithmFromAI(signatureAlgorithm)
-	switch sigAlg {
-	case MD5WithRSA:
-		// We skip the check if the signature algorithm is only supported for
-		// signing, not verification.
-	default:
-		if err := checkSignature(sigAlg, c.Raw, signature, key.Public(), true); err != nil {
-			return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
-		}
+	if err := checkSignature(getSignatureAlgorithmFromAI(signatureAlgorithm), c.Raw, signature, key.Public(), true); err != nil {
+		return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
 	}

 	return signedCert, nil
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@ -2929,8 +2929,8 @@ func TestCreateCertificateLegacy(t *testing.T) {
 		SignatureAlgorithm: sigAlg,
 	}
 	_, err := CreateCertificate(rand.Reader, template, template, testPrivateKey.Public(), &brokenSigner{testPrivateKey.Public()})
-	if err != nil {
-		t.Fatalf("CreateCertificate failed when SignatureAlgorithm = %v: %s", sigAlg, err)
+	if err == nil {
+		t.Fatal("CreateCertificate didn't fail when SignatureAlgorithm = MD5WithRSA")
 	}
 }