rpms/openssl
8
1
Fork 1
Code Issues Pull Requests Releases Activity

Allow SHA1 usage in HMAC in TLS

Browse Source 
The EVP_DigestSign API is used in TLS to compute a SHA1 HMAC, which is
OK from our point of view, but was blocked so far. Modify
0049-Selectively-disallow-SHA1-signatures.patch to check the EVP_PKEY
type for HMAC (and TLS1-PRF and HKDF), and allow SHA1 for these cases.

Note that TLS1.1 signs a MD5-SHA1 hash with a private key, which does
not work with rh-allow-sha1-signatures = no, so the minimum TLS version
will be TLS 1.2.

Resolves: rhbz#2031742
Signed-off-by: Clemens Lang <cllang@redhat.com>
This commit is contained in:
Clemens Lang 2022-02-22 19:34:36 +01:00
parent 53b85f538c
commit 5a9ab1160e
2 changed files with 22 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
0049-Selectively-disallow-SHA1-signatures.patch
View File

@ -36,9 +36,9 @@ signing arbitrary data).
Resolves: rhbz#2031742 Resolves: rhbz#2031742
--- ---
crypto/evp/evp_cnf.c | 13 +++++ crypto/evp/evp_cnf.c | 13 ++++
crypto/evp/m_sigver.c | 74 ++++++++++++++++++++++++ crypto/evp/m_sigver.c | 77 ++++++++++++++++++++++++
crypto/evp/pmeth_lib.c | 10 ++++ crypto/evp/pmeth_lib.c | 15 +++++
doc/man5/config.pod | 11 ++++ doc/man5/config.pod | 11 ++++
include/internal/cryptlib.h | 3 +- include/internal/cryptlib.h | 3 +-
include/internal/sslconf.h | 4 ++ include/internal/sslconf.h | 4 ++
@ -46,7 +46,7 @@ Resolves: rhbz#2031742
providers/common/securitycheck_default.c | 7 ++- providers/common/securitycheck_default.c | 7 ++-
ssl/t1_lib.c | 8 +++ ssl/t1_lib.c | 8 +++
util/libcrypto.num | 2 + util/libcrypto.num | 2 +
10 files changed, 148 insertions(+), 2 deletions(-) 10 files changed, 156 insertions(+), 2 deletions(-)
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 0e7fe64cf9..b9d3b6d226 100644 index 0e7fe64cf9..b9d3b6d226 100644
@ -80,7 +80,7 @@ index 0e7fe64cf9..b9d3b6d226 100644
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION, ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
"name=%s, value=%s", oval->name, oval->value); "name=%s, value=%s", oval->name, oval->value);
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 9188edbc21..67498b48c0 100644 index 9188edbc21..db1a1d7bc3 100644
--- a/crypto/evp/m_sigver.c --- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c
@@ -16,6 +16,71 @@ @@ -16,6 +16,71 @@
@ -155,11 +155,14 @@ index 9188edbc21..67498b48c0 100644
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen) static int update(EVP_MD_CTX *ctx, const void *data, size_t datalen)
@@ -258,6 +323,15 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, @@ -258,6 +323,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
} }
} }
+ if (ctx->reqdigest != NULL) { + if (ctx->reqdigest != NULL
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(ctx->reqdigest); + int mdnid = EVP_MD_nid(ctx->reqdigest);
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0) + if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) { + && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
@ -172,7 +175,7 @@ index 9188edbc21..67498b48c0 100644
if (signature->digest_verify_init == NULL) { if (signature->digest_verify_init == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR); ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 2b9c6c2351..d7bf2de1b6 100644 index 2b9c6c2351..3c5a1e6f5d 100644
--- a/crypto/evp/pmeth_lib.c --- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c
@@ -33,6 +33,7 @@ @@ -33,6 +33,7 @@
@ -183,11 +186,16 @@ index 2b9c6c2351..d7bf2de1b6 100644
#include "evp_local.h" #include "evp_local.h"
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
@@ -946,6 +947,15 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, @@ -946,6 +947,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
return -2; return -2;
} }
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx) && md != NULL) { + if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
+ && md != NULL
+ && ctx->pkey != NULL
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
+ int mdnid = EVP_MD_nid(md); + int mdnid = EVP_MD_nid(md);
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1) + if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) { + && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {

4
openssl.spec
View File

@ -410,6 +410,10 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Tue Feb 22 2022 Clemens Lang <cllang@redhat.com> - 3.0.1-9
- Allow SHA1 usage in HMAC in TLS
- Resolves: rhbz#2031742
* Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8 * Tue Feb 22 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.0.1-8
- OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters - OpenSSL will generate keys with prime192v1 curve if it is provided using explicit parameters
- Resolves: rhbz#1977867 - Resolves: rhbz#1977867