Restrict MD5 in x509 certificates
Remove support for X509 certificates signed with MD5.
Issue raised by Harm Verhagen
diff --git a/ChangeLog b/ChangeLog
index 5099081..cf2defa 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,11 @@
mbed TLS ChangeLog (Sorted per branch, date)
+= mbed TLS x.x.xx branch released xxxx-xx-xx
+
+Bugfix
+ * Remove support for X509 certificates signed with MD5.
+ Issue raised by Harm Verhagen
+
= mbed TLS 1.3.19 branch released 2017-03-08
Security
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index 498fc5b..33a02b3 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -2063,6 +2063,31 @@
#define POLARSSL_SHA512_C
/**
+ * \def MINIMAL_SUPPORTED_MD_ALG
+ *
+ * minimal supported md algorithm.
+ * The value should be one of the enumerations in
+ * md_type_t defined in md.h
+ * typedef enum {
+ * POLARSSL_MD_NONE=0,
+ * POLARSSL_MD_MD2,
+ * POLARSSL_MD_MD4,
+ * POLARSSL_MD_MD5,
+ * POLARSSL_MD_SHA1,
+ * POLARSSL_MD_SHA224,
+ * POLARSSL_MD_SHA256,
+ * POLARSSL_MD_SHA384,
+ * POLARSSL_MD_SHA512,
+ * POLARSSL_MD_RIPEMD160,
+ * } md_type_t;
+ *
+ * Module: library/x509_crt.c
+ * Caller:
+ *
+ */
+#define POLARSSL_MINIMAL_SUPPORTED_MD_ALG POLARSSL_MD_SHA1
+
+/**
* \def POLARSSL_SSL_CACHE_C
*
* Enable simple SSL cache implementation.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index a3517f6..186ecda 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1434,6 +1434,18 @@
return( (int) ( size - n ) );
}
+/*
+ * Check md_alg against profile
+ * Return 0 if md_alg acceptable for this profile, -1 otherwise
+ */
+static int x509_check_md_alg( md_type_t md_alg )
+{
+ if( md_alg >= POLARSSL_MINIMAL_SUPPORTED_MD_ALG )
+ return( 0 );
+
+ return( -1 );
+}
+
#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
int x509_crt_check_key_usage( const x509_crt *crt, int usage )
{
@@ -1542,6 +1554,15 @@
#endif
/*
+ * Check if CRL is signed with a valid MD
+ */
+ if( x509_check_md_alg( crl_list->sig_md ) != 0 )
+ {
+ flags |= BADCRL_NOT_TRUSTED;
+ break;
+ }
+
+ /*
* Check if CRL is correctly signed by the trusted CA
*/
md_info = md_info_from_type( crl_list->sig_md );
@@ -1788,6 +1809,18 @@
*/
*flags |= BADCERT_NOT_TRUSTED;
+ /*
+ * Check if certificate is signed with a valid MD
+ */
+ if( x509_check_md_alg( child->sig_md ) != 0 )
+ {
+ *flags |= BADCERT_NOT_TRUSTED;
+ /*
+ * not signed with a valid MD, no need to check trust_ca
+ */
+ trust_ca = NULL;
+ }
+
md_info = md_info_from_type( child->sig_md );
if( md_info == NULL )
{
@@ -1925,6 +1958,12 @@
if( x509_time_future( &child->valid_from ) )
*flags |= BADCERT_FUTURE;
+ /*
+ * Check if certificate is signed with a valid MD
+ */
+ if( x509_check_md_alg( child->sig_md ) != 0 )
+ *flags |= BADCERT_NOT_TRUSTED;
+
md_info = md_info_from_type( child->sig_md );
if( md_info == NULL )
{
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 717cd6f..7920fc6 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -417,11 +417,11 @@
X509 Certificate verification #12 (Valid Cert MD4 Digest)
depends_on:POLARSSL_MD4_C:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
-x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #13 (Valid Cert MD5 Digest)
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
-x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
X509 Certificate verification #14 (Valid Cert SHA1 Digest)
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
@@ -723,6 +723,14 @@
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_SHA1_C:POLARSSL_SHA256_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_EXPIRED:"NULL"
+X509 Certificate verification #88 (MD4 CRL)
+depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
+x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl_md4.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_NOT_TRUSTED:"NULL"
+
+X509 Certificate verification #89 (MD5 CRL)
+depends_on:POLARSSL_SHA256_C:POLARSSL_PEM_PARSE_C:POLARSSL_SHA1_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15
+x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl_md5.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_NOT_TRUSTED:"NULL"
+
X509 Certificate verification callback: trusted EE cert
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
x509_verify_callback:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":0:"depth 0 - serial 53\:A2\:CB\:4B\:12\:4E\:AD\:83\:7D\:A8\:94\:B2 - subject CN=selfsigned, OU=testing, O=PolarSSL, C=NL\n"