Do not allow md4 or md5 based signatures in X.509 certificates.

Change-Id: Ic6a72a9dd756b1b3d6ed13c6b57ecf611638ac46 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52026 Reviewed-by: Adam Langley <agl@google.com> Reviewed-by: Loola TV <alosh123gma@gmail.com> Commit-Queue: Bob Beck <bbe@google.com>
3 years ago · 33d7e32ce4
parent 701d8b28c8
commit 33d7e32ce4
1 changed files with 18 additions and 1 deletions
--- a/crypto/x509/algorithm.c
+++ b/crypto/x509/algorithm.c
@ -64,6 +64,15 @@

 #include "internal.h"

+/* Restrict the digests that are allowed in X509 certificates */
+static int x509_digest_nid_ok(const int digest_nid) {
+  switch (digest_nid) {
+    case NID_md4:
+    case NID_md5:
+      return 0;
+  }
+  return 1;
+}

 int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
  EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
@ -95,8 +104,10 @@ int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
    return 0;
  }

+  const int digest_nid = EVP_MD_type(digest);
  int sign_nid;
-  if (!OBJ_find_sigid_by_algs(&sign_nid, EVP_MD_type(digest),
+  if (!x509_digest_nid_ok(digest_nid) ||
+      !OBJ_find_sigid_by_algs(&sign_nid, digest_nid,
                              EVP_PKEY_id(pkey))) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
    return 0;
@ -126,6 +137,12 @@ int x509_digest_verify_init(EVP_MD_CTX *ctx, const X509_ALGOR *sigalg,
    return 0;
  }

+  /* Check for permitted digest algorithms */
+  if (!x509_digest_nid_ok(digest_nid)) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+    return 0;
+  }
+
  /* NID_undef signals that there are custom parameters to set. */
  if (digest_nid == NID_undef) {
    if (sigalg_nid == NID_rsassaPss) {