]> Cypherpunks repositories - gostls13.git/commitdiff
projects / gostls13.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 485a572)
crypto/x509: disable signing with MD5WithRSA
authorRoland Shoemaker <roland@golang.org>
Fri, 22 Jan 2021 18:16:24 +0000 (10:16 -0800)
committerRoland Shoemaker <roland@golang.org>
Thu, 5 May 2022 15:43:29 +0000 (15:43 +0000)
MD5 is hopelessly broken, we already don't allow verification of
MD5 signatures, we shouldn't support generating them.

Fixes #42125

Change-Id: Ib25d750e6fc72a03198a505ac71e6d2c99eff2ed
Reviewed-on: https://go-review.googlesource.com/c/go/+/285872
Run-TryBot: Roland Shoemaker <roland@golang.org>
Reviewed-by: Katie Hockman <katie@golang.org>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Filippo Valsorda <filippo@golang.org>
Reviewed-by: David Chase <drchase@google.com>
src/crypto/x509/x509.go patch | blob | history
src/crypto/x509/x509_test.go patch | blob | history

diff --git a/src/crypto/x509/x509.go b/src/crypto/x509/x509.go
index 582e1b151959573a69415713951ab7ccd8c3c963..e17df0dd94328070dfd2fb8a81f047517a781892 100644 (file)
--- a/src/crypto/x509/x509.go
+++ b/src/crypto/x509/x509.go
@@ -1397,6 +1397,10 @@ func signingParamsForPublicKey(pub any, requestedSigAlgo SignatureAlgorithm) (ha
                                err = errors.New("x509: cannot sign with hash function requested")
                                return
                        }
+                       if hashFunc == crypto.MD5 {
+                               err = errors.New("x509: signing with MD5 is not supported")
+                               return
+                       }
                        if requestedSigAlgo.isRSAPSS() {
                                sigAlgo.Parameters = hashToPSSParameters[hashFunc]
                        }
@@ -1591,15 +1595,8 @@ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv
        }
 
        // Check the signature to ensure the crypto.Signer behaved correctly.
-       sigAlg := getSignatureAlgorithmFromAI(signatureAlgorithm)
-       switch sigAlg {
-       case MD5WithRSA:
-               // We skip the check if the signature algorithm is only supported for
-               // signing, not verification.
-       default:
-               if err := checkSignature(sigAlg, c.Raw, signature, key.Public(), true); err != nil {
-                       return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
-               }
+       if err := checkSignature(getSignatureAlgorithmFromAI(signatureAlgorithm), c.Raw, signature, key.Public(), true); err != nil {
+               return nil, fmt.Errorf("x509: signature over certificate returned by signer is invalid: %w", err)
        }
 
        return signedCert, nil
diff --git a/src/crypto/x509/x509_test.go b/src/crypto/x509/x509_test.go
index f68dd0299a69cd43b4dd9543c5ef5483bce95554..4469a42ce29ea7fb65a7b8ade750e58c4c1a4d63 100644 (file)
--- a/src/crypto/x509/x509_test.go
+++ b/src/crypto/x509/x509_test.go
@@ -2929,8 +2929,8 @@ func TestCreateCertificateLegacy(t *testing.T) {
                SignatureAlgorithm: sigAlg,
        }
        _, err := CreateCertificate(rand.Reader, template, template, testPrivateKey.Public(), &brokenSigner{testPrivateKey.Public()})
-       if err != nil {
-               t.Fatalf("CreateCertificate failed when SignatureAlgorithm = %v: %s", sigAlg, err)
+       if err == nil {
+               t.Fatal("CreateCertificate didn't fail when SignatureAlgorithm = MD5WithRSA")
        }
 }
 
Go GOST TLS 1.3