From 53f53fedecaa1bf803c7f1687e7a0c327d5895de Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Wed, 23 Feb 2022 16:56:08 +0100 Subject: [PATCH] Allow SHA1 usage in MGF1 for RSASSA-PSS signatures Resolves: rhbz#2031742 Signed-off-by: Clemens Lang --- ...Selectively-disallow-SHA1-signatures.patch | 116 ++++++++++++++---- openssl.spec | 6 +- 2 files changed, 99 insertions(+), 23 deletions(-) diff --git a/0049-Selectively-disallow-SHA1-signatures.patch b/0049-Selectively-disallow-SHA1-signatures.patch index d74dba3..bce8c96 100644 --- a/0049-Selectively-disallow-SHA1-signatures.patch +++ b/0049-Selectively-disallow-SHA1-signatures.patch @@ -1,4 +1,4 @@ -From 8cf6c9fce2446340f361138dfb55cb7cdcb4b776 Mon Sep 17 00:00:00 2001 +From b4b38e64dc322b8852f65b73e337517e1e1d651f Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Mon, 21 Feb 2022 17:24:44 +0100 Subject: Selectively disallow SHA1 signatures @@ -36,17 +36,20 @@ signing arbitrary data). Resolves: rhbz#2031742 --- - crypto/evp/evp_cnf.c | 13 ++++ - crypto/evp/m_sigver.c | 77 ++++++++++++++++++++++++ - crypto/evp/pmeth_lib.c | 15 +++++ - doc/man5/config.pod | 11 ++++ - include/internal/cryptlib.h | 3 +- - include/internal/sslconf.h | 4 ++ - providers/common/securitycheck.c | 18 ++++++ - providers/common/securitycheck_default.c | 7 ++- - ssl/t1_lib.c | 8 +++ - util/libcrypto.num | 2 + - 10 files changed, 156 insertions(+), 2 deletions(-) + crypto/evp/evp_cnf.c | 13 ++++ + crypto/evp/m_sigver.c | 77 +++++++++++++++++++ + crypto/evp/pmeth_lib.c | 15 ++++ + doc/man5/config.pod | 11 +++ + include/internal/cryptlib.h | 3 +- + include/internal/sslconf.h | 4 + + providers/common/securitycheck.c | 20 +++++ + providers/common/securitycheck_default.c | 9 ++- + providers/implementations/signature/dsa_sig.c | 11 ++- + .../implementations/signature/ecdsa_sig.c | 4 + + providers/implementations/signature/rsa_sig.c | 9 ++- + ssl/t1_lib.c | 8 ++ + util/libcrypto.num | 2 + + 13 files changed, 178 insertions(+), 8 deletions(-) diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c index 0e7fe64cf9..b9d3b6d226 100644 @@ -257,7 +260,7 @@ index fd7f7e3331..05464b0655 100644 + int loadconfig); #endif diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c -index 699ada7c52..c501466cdc 100644 +index 699ada7c52..f3af62325d 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -19,6 +19,7 @@ @@ -268,21 +271,23 @@ index 699ada7c52..c501466cdc 100644 /* * FIPS requires a minimum security strength of 112 bits (for encryption or -@@ -235,6 +236,13 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, +@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, mdnid = -1; /* disallowed by security checks */ } # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ + +#ifndef FIPS_MODULE -+ if (mdnid == NID_sha1 -+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) -+ mdnid = -1; /* disallowed by security checks */ ++ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) ++ /* SHA1 is globally disabled, check whether we want to locally allow ++ * it. */ ++ if (mdnid == NID_sha1 && !sha1_allowed) ++ mdnid = NID_undef; +#endif + return mdnid; } -@@ -244,5 +252,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) +@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) if (ossl_securitycheck_enabled(ctx)) return ossl_digest_get_approved_nid(md) != NID_undef; # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ @@ -299,7 +304,7 @@ index 699ada7c52..c501466cdc 100644 return 1; } diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c -index de7f0d3a0a..0ba8285fbb 100644 +index de7f0d3a0a..ce54a94fbc 100644 --- a/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c @@ -15,6 +15,7 @@ @@ -310,8 +315,12 @@ index de7f0d3a0a..0ba8285fbb 100644 /* Disable the security checks in the default provider */ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) -@@ -26,6 +27,7 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, - ossl_unused int sha1_allowed) +@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) + } + + int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, +- ossl_unused int sha1_allowed) ++ int sha1_allowed) { int mdnid; + int ldsigs_allowed; @@ -324,13 +333,76 @@ index de7f0d3a0a..0ba8285fbb 100644 - mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1); + ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); -+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, ldsigs_allowed); ++ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); if (mdnid == NID_undef) mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid)); + if (mdnid == NID_md5_sha1 && !ldsigs_allowed) + mdnid = -1; return mdnid; } +diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c +index 28fd7c498e..fa3822f39f 100644 +--- a/providers/implementations/signature/dsa_sig.c ++++ b/providers/implementations/signature/dsa_sig.c +@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx, + mdprops = ctx->propq; + + if (mdname != NULL) { +- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); + WPACKET pkt; + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); +- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, +- sha1_allowed); ++ int md_nid; + size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE ++ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, ++ sha1_allowed); + + if (md == NULL || md_nid < 0) { + if (md == NULL) +diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c +index 865d49d100..99b228e82c 100644 +--- a/providers/implementations/signature/ecdsa_sig.c ++++ b/providers/implementations/signature/ecdsa_sig.c +@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, + "%s could not be fetched", mdname); + return 0; + } ++#ifdef FIPS_MODULE + sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); ++#else ++ sha1_allowed = 0; ++#endif + md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, + sha1_allowed); + if (md_nid < 0) { +diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c +index 325e855333..c96e7e218f 100644 +--- a/providers/implementations/signature/rsa_sig.c ++++ b/providers/implementations/signature/rsa_sig.c +@@ -289,10 +289,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname, + + if (mdname != NULL) { + EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops); ++ int md_nid; ++ size_t mdname_len = strlen(mdname); ++#ifdef FIPS_MODULE + int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); +- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, ++#else ++ int sha1_allowed = 0; ++#endif ++ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md, + sha1_allowed); +- size_t mdname_len = strlen(mdname); + + if (md == NULL + || md_nid <= 0 diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index fc32bb3556..4b74ee1a34 100644 --- a/ssl/t1_lib.c diff --git a/openssl.spec b/openssl.spec index 3961802..4c694cb 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,7 +15,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.1 -Release: 10%{?dist} +Release: 11%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -410,6 +410,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Wed Feb 23 2022 Clemens Lang - 1:3.0.1-11 +- Allow SHA1 usage in MGF1 for RSASSA-PSS signatures +- Resolves: rhbz#2031742 + * Wed Feb 23 2022 Dmitry Belyavskiy - 1:3.0.1-10 - rebuilt