pkeyutl ecdsa signature with sha1 shouldn't work by default

Resolves: RHEL-89861

0052-Fixup-forbid-SHA1.patch

@@ -0,0 +1,58 @@
+From a6b4af9d39e07457189147bd50fe6ee3e8e88b6d Mon Sep 17 00:00:00 2001
+From: Dmitry Belyavskiy <beldmit@gmail.com>
+Date: Mon, 12 May 2025 14:28:00 +0200
+Subject: [PATCH 52/54] Fixup - forbid SHA1
+
+---
+ crypto/context.c                                | 6 ------
+ providers/implementations/signature/ecdsa_sig.c | 5 ++---
+ 2 files changed, 2 insertions(+), 9 deletions(-)
+
+diff --git a/crypto/context.c b/crypto/context.c
+index 6859146510..323615e300 100644
+--- a/crypto/context.c
++++ b/crypto/context.c
+@@ -133,9 +133,6 @@ static void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
+ static void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
+ {
+     OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
+-    /* Warning: This patch differs from the same patch in CentOS and RHEL here,
+-     * because the default on Fedora is to allow SHA-1 and support disabling
+-     * it, while CentOS/RHEL disable it by default and allow enabling it. */
+     ldsigs->allowed = 0;
+     return ldsigs;
+ }
+@@ -770,9 +767,6 @@ int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconf
+          return 1;
+  #endif
+ 
+-    /* Warning: This patch differs from the same patch in CentOS and RHEL here,
+-     * because the default on Fedora is to allow SHA-1 and support disabling
+-     * it, while CentOS/RHEL disable it by default and allow enabling it. */
+     return ldsigs != NULL ? ldsigs->allowed : 0;
+ }
+ 
+diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
+index 34fb3aa56e..4d7c25728a 100644
+--- a/providers/implementations/signature/ecdsa_sig.c
++++ b/providers/implementations/signature/ecdsa_sig.c
+@@ -198,14 +198,13 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx,
+     }
+     md_nid = ossl_digest_get_approved_nid(md);
+ 
+-#ifdef FIPS_MODULE
+     md_nid = rh_digest_signatures_allowed(ctx->libctx, md_nid);
+-    if (md_nid <= 0) {
++    /* KECCAK-256 is explicitly allowed for ECDSA despite it doesn't have a NID*/
++    if (md_nid <= 0 && !(EVP_MD_is_a(md, "KECCAK-256"))) {
+         ERR_raise_data(ERR_LIB_PROV, PROV_R_DIGEST_NOT_ALLOWED,
+                        "digest=%s", mdname);
+         goto err;
+     }
+-#endif
+ 
+     /* XOF digests don't work */
+     if (EVP_MD_xof(md)) {
+-- 
+2.49.0
+

openssl.spec

@@ -90,6 +90,7 @@ Patch0048: 0048-Current-Rebase-status.patch
 Patch0049: 0049-FIPS-KDF-key-lenght-errors.patch
 Patch0050: 0050-FIPS-fix-disallowed-digests-tests.patch
 Patch0051: 0051-Make-openssl-speed-run-in-FIPS-mode.patch
+Patch0052: 0052-Fixup-forbid-SHA1.patch
 
 #The patches that are different for RHEL9 and 10 start here
 Patch0100: 0100-RHEL9-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch
@@ -433,6 +434,8 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
   Resolves: RHEL-88912
 - Fix `openssl speed` running in FIPS mode
   Resolves: RHEL-89860
+- pkeyutl ecdsa signature with sha1 shouldn't work by default
+  Resolves: RHEL-89861
 
 * Wed Apr 16 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.5.0-1
 - Rebasing OpenSSL to 3.5