WFE: checkAlgorithm never reachable from WFE

[orangepizza]

only place can raise BadSignatureAlgorithmError is checkAlgorithm
https://github.com/letsencrypt/boulder/blob/main/wfe2/verify.go#L76
but because parseJWS dosen't call that function but using upstream error warped by malformed, because it jose.ParseSigned with whitelist of algorithms so anything outside of it will error out.

boulder/wfe2/verify.go

Line 370 in 3438b05

parsedJWS, err := jose.ParseSigned(bodyStr, getSupportedAlgs())

this cause malformed error on any jose verification error, include bad key type.
https://github.com/letsencrypt/boulder/blob/main/wfe2/verify.go#L347

but because WFE keyrollover calles parseJWS on innerJWS before validKeyRollover, parseJWS's malformed code hits and errors out, never get to checkAlgorithm about innerJWS
https://github.com/letsencrypt/boulder/blob/main/wfe2/wfe.go#L1869

this happens on other types of wfe requests too, because
wfe.parseJWSRequest called before wfe.validJWSForAccount / wfe.validSelfAuthenticatedJWS in validPOSTForAccount/validSelfAuthenticatedPOST
and parseJWSRequest -> parseJWS chain happens and short-circuit with malformed error because , and checkAlgorithm never called.

https://github.com/letsencrypt/boulder/blob/main/wfe2/verify.go#L619
https://github.com/letsencrypt/boulder/blob/main/wfe2/verify.go#L701

[orangepizza]

go-jose will throw this error for wrong type of sign algos:

func (parsed *rawJSONWebSignature) sanitized(signatureAlgorithms []SignatureAlgorithm) (*JSONWebSignature, error) {

--snip--
		alg := SignatureAlgorithm(signature.Header.Algorithm)
		if !containsSignatureAlgorithm(signatureAlgorithms, alg) {
			return nil, fmt.Errorf("go-jose/go-jose: unexpected signature algorithm %q; expected %q",
				alg, signatureAlgorithms)
		}

https://github.com/go-jose/go-jose/blob/0e4ab6846ac17cad0096f6391736270a5c4f630f/jws.go#L262