From 1d113921dac7c677901820c0a8f7010350f28102 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Wed, 14 May 2025 11:36:32 +0200 Subject: [PATCH] pkeyutl ecdsa signature with sha1 shouldn't work by default Resolves: RHEL-89861 --- 0052-Fixup-forbid-SHA1.patch | 58 ++++++++++++++++++++++++++++++++++++ openssl.spec | 3 ++ 2 files changed, 61 insertions(+) create mode 100644 0052-Fixup-forbid-SHA1.patch diff --git a/0052-Fixup-forbid-SHA1.patch b/0052-Fixup-forbid-SHA1.patch new file mode 100644 index 0000000..3706183 --- /dev/null +++ b/0052-Fixup-forbid-SHA1.patch @@ -0,0 +1,58 @@ +From a6b4af9d39e07457189147bd50fe6ee3e8e88b6d Mon Sep 17 00:00:00 2001 +From: Dmitry Belyavskiy +Date: Mon, 12 May 2025 14:28:00 +0200 +Subject: [PATCH 52/54] Fixup - forbid SHA1 + +--- + crypto/context.c | 6 ------ + providers/implementations/signature/ecdsa_sig.c | 5 ++--- + 2 files changed, 2 insertions(+), 9 deletions(-) + +diff --git a/crypto/context.c b/crypto/context.c +index 6859146510..323615e300 100644 +--- a/crypto/context.c ++++ b/crypto/context.c +@@ -133,9 +133,6 @@ static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs) + static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx) + { + OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES)); +- /* Warning: This patch differs from the same patch in CentOS and RHEL here, +- * because the default on Fedora is to allow SHA-1 and support disabling +- * it, while CentOS/RHEL disable it by default and allow enabling it. */ + ldsigs->allowed = 0; + return ldsigs; + } +@@ -770,9 +767,6 @@ int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconf + return 1; + #endif + +- /* Warning: This patch differs from the same patch in CentOS and RHEL here, +- * because the default on Fedora is to allow SHA-1 and support disabling +- * it, while CentOS/RHEL disable it by default and allow enabling it. */ + return ldsigs != NULL ? ldsigs->allowed : 0; + } + +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 34fb3aa56e..4d7c25728a 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -198,14 +198,13 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, + } + md_nid = ossl_digest_get_approved_nid(md); + +-#ifdef FIPS_MODULE + md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid); +- if (md_nid <= 0) { ++ /* KECCAK-256 is explicitly allowed for ECDSA despite it doesn't have a NID*/ ++ if (md_nid <= 0 && !(EVP_MD_is_a(md, "KECCAK-256"))) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED, + "digest=%s", mdname); + goto err; + } +-#endif + + /* XOF digests don't work */ + if (EVP_MD_xof(md)) { +-- +2.49.0 + diff --git a/openssl.spec b/openssl.spec index 72cb694..e4f4e68 100644 --- a/openssl.spec +++ b/openssl.spec @@ -90,6 +90,7 @@ Patch0048: 0048-Current-Rebase-status.patch Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch +Patch0052: 0052-Fixup-forbid-SHA1.patch #The patches that are different for RHEL9 and 10 start here Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -433,6 +434,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco Resolves: RHEL-88912 - Fix `openssl speed` running in FIPS mode Resolves: RHEL-89860 +- pkeyutl ecdsa signature with sha1 shouldn't work by default + Resolves: RHEL-89861 * Wed Apr 16 2025 Dmitry Belyavskiy - 1:3.5.0-1 - Rebasing OpenSSL to 3.5