From 1a7b91b47232e59b671d3ca34e3b7aa6e16674b6 Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Fri, 14 Sep 2018 10:56:06 +0200 Subject: [PATCH] for consistent support of security policies we build RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2 --- openssl-1.1.0-weak-ciphers.patch | 30 ------------------- openssl-1.1.1-seclevel.patch | 51 ++++++++++++++++++++++++++++++++ openssl-1.1.1-weak-ciphers.patch | 0 openssl.spec | 8 ++++- 4 files changed, 58 insertions(+), 31 deletions(-) delete mode 100644 openssl-1.1.0-weak-ciphers.patch create mode 100644 openssl-1.1.1-seclevel.patch create mode 100644 openssl-1.1.1-weak-ciphers.patch diff --git a/openssl-1.1.0-weak-ciphers.patch b/openssl-1.1.0-weak-ciphers.patch deleted file mode 100644 index 6dfd9e3..0000000 --- a/openssl-1.1.0-weak-ciphers.patch +++ /dev/null @@ -1,30 +0,0 @@ -diff -up openssl-1.1.0f/ssl/s3_lib.c.weak-ciphers openssl-1.1.0f/ssl/s3_lib.c ---- openssl-1.1.0f/ssl/s3_lib.c.weak-ciphers 2017-05-25 14:46:20.000000000 +0200 -+++ openssl-1.1.0f/ssl/s3_lib.c 2017-06-15 15:12:51.555142528 +0200 -@@ -2425,7 +2425,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_GOST89MAC, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, -- SSL_HIGH, -+ SSL_MEDIUM, - SSL_HANDSHAKE_MAC_GOST94 | TLS1_PRF_GOST94 | TLS1_STREAM_MAC, - 256, - 256, -@@ -2455,7 +2455,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - SSL_GOST89MAC12, - TLS1_VERSION, TLS1_2_VERSION, - 0, 0, -- SSL_HIGH, -+ SSL_MEDIUM, - SSL_HANDSHAKE_MAC_GOST12_256 | TLS1_PRF_GOST12_256 | TLS1_STREAM_MAC, - 256, - 256, -@@ -2558,7 +2558,7 @@ static SSL_CIPHER ssl3_ciphers[] = { - }, - #endif /* OPENSSL_NO_SEED */ - --#ifndef OPENSSL_NO_WEAK_SSL_CIPHERS -+#if 0 /* No RC4 */ - { - 1, - SSL3_TXT_RSA_RC4_128_MD5, diff --git a/openssl-1.1.1-seclevel.patch b/openssl-1.1.1-seclevel.patch new file mode 100644 index 0000000..1e26df6 --- /dev/null +++ b/openssl-1.1.1-seclevel.patch @@ -0,0 +1,51 @@ +diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c +--- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel 2018-09-11 14:48:22.000000000 +0200 ++++ openssl-1.1.1/crypto/x509/x509_vfy.c 2018-09-14 10:51:05.126520376 +0200 +@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c + } + + static const int minbits_table[] = { 80, 112, 128, 192, 256 }; ++static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 }; + static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); + + /* +@@ -3264,6 +3265,8 @@ static int check_sig_level(X509_STORE_CT + + if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) + return 0; +- +- return secbits >= minbits_table[level - 1]; ++ /* Allow SHA1 in SECLEVEL 2 in non-FIPS mode */ ++ if (FIPS_mode()) ++ return secbits >= minbits_table[level - 1]; ++ return secbits >= minbits_digest_table[level - 1]; + } +diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod +--- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2018-09-11 14:48:22.000000000 +0200 ++++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod 2018-09-13 15:55:17.579190996 +0200 +@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited + + =item B + +-Security level set to 112 bits of security. As a result RSA, DSA and DH keys +-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. ++Security level set to 112 bits of security with the exception of SHA1 allowed ++for signatures. ++As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys ++shorter than 224 bits are prohibited. + In addition to the level 1 exclusions any cipher suite using RC4 is also + prohibited. SSL version 3 is also not allowed. Compression is disabled. + +diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c +--- openssl-1.1.1/ssl/ssl_cert.c.seclevel 2018-09-11 14:48:23.000000000 +0200 ++++ openssl-1.1.1/ssl/ssl_cert.c 2018-09-14 10:50:35.960112056 +0200 +@@ -983,6 +983,9 @@ static int ssl_security_default_callback + return 0; + break; + default: ++ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */ ++ if (nid == NID_sha1 && minbits == 112 && !FIPS_mode()) ++ break; + if (bits < minbits) + return 0; + } diff --git a/openssl-1.1.1-weak-ciphers.patch b/openssl-1.1.1-weak-ciphers.patch new file mode 100644 index 0000000..e69de29 diff --git a/openssl.spec b/openssl.spec index d9f3d8f..1d28483 100644 --- a/openssl.spec +++ b/openssl.spec @@ -56,7 +56,8 @@ Patch41: openssl-1.1.1-system-cipherlist.patch Patch42: openssl-1.1.1-fips.patch Patch43: openssl-1.1.1-ignore-bound.patch Patch44: openssl-1.1.1-version-override.patch -Patch45: openssl-1.1.0-weak-ciphers.patch +Patch45: openssl-1.1.1-weak-ciphers.patch +Patch46: openssl-1.1.1-seclevel.patch # Backported fixes including security fixes License: OpenSSL @@ -159,6 +160,7 @@ cp %{SOURCE13} test/ %patch43 -p1 -b .ignore-bound %patch44 -p1 -b .version-override %patch45 -p1 -b .weak-ciphers +%patch46 -p1 -b .seclevel %build @@ -447,6 +449,10 @@ export LD_LIBRARY_PATH %postun libs -p /sbin/ldconfig %changelog +* Fri Sep 14 2018 Tomáš Mráz 1.1.1-2 +- for consistent support of security policies we build + RC4 support in TLS (not default) and allow SHA1 in SECLEVEL 2 + * Thu Sep 13 2018 Tomáš Mráz 1.1.1-1 - update to the final 1.1.1 version