commit 33d7e32ce40c04e8f1b99c05964956fda187819f
author Bob Beck <bbe@google.com> Mon Mar 21 09:25:57 2022 -0600
committer Boringssl LUCI CQ <boringssl-scoped@luci-project-accounts.iam.gserviceaccount.com> Mon May 30 15:41:24 2022 +0000
tree 69809d4d70c7eef7abea1e0ea0b6210d8e91c035
parent 701d8b28c8e49bdc2f90407864ba4f634cf345dd

Do not allow md4 or md5 based signatures in X.509 certificates.

Change-Id: Ic6a72a9dd756b1b3d6ed13c6b57ecf611638ac46
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/52026
Reviewed-by: Adam Langley <agl@google.com>
Reviewed-by: Loola TV <alosh123gma@gmail.com>
Commit-Queue: Bob Beck <bbe@google.com>

crypto/x509/algorithm.c

diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
index 7f90480..75b3c8d 100644
--- a/crypto/x509/algorithm.c
+++ b/crypto/x509/algorithm.c
@@ -64,6 +64,15 @@
 
 #include "internal.h"
 
+/* Restrict the digests that are allowed in X509 certificates */
+static int x509_digest_nid_ok(const int digest_nid) {
+  switch (digest_nid) {
+    case NID_md4:
+    case NID_md5:
+      return 0;
+  }
+  return 1;
+}
 
 int x509_digest_sign_algorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) {
   EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
@@ -95,8 +104,10 @@
     return 0;
   }
 
+  const int digest_nid = EVP_MD_type(digest);
   int sign_nid;
-  if (!OBJ_find_sigid_by_algs(&sign_nid, EVP_MD_type(digest),
+  if (!x509_digest_nid_ok(digest_nid) ||
+      !OBJ_find_sigid_by_algs(&sign_nid, digest_nid,
                               EVP_PKEY_id(pkey))) {
     OPENSSL_PUT_ERROR(ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
     return 0;
@@ -126,6 +137,12 @@
     return 0;
   }
 
+  /* Check for permitted digest algorithms */
+  if (!x509_digest_nid_ok(digest_nid)) {
+    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+    return 0;
+  }
+
   /* NID_undef signals that there are custom parameters to set. */
   if (digest_nid == NID_undef) {
     if (sigalg_nid == NID_rsassaPss) {