3c66c99bd5
We want legacy policy to be able to talk to older RHEL that only supports SHA1 signature algorithms, so allow SHA1 signatures even in seclevel 2 if rh-allow-sha1-signatures is set to yes. Resolves: rhbz#2060510 Signed-off-by: Clemens Lang <cllang@redhat.com>
52 lines
2.0 KiB
Diff
52 lines
2.0 KiB
Diff
From 1c6d5f6162a46bcde94e8ae9eaa0c41da1d7faa3 Mon Sep 17 00:00:00 2001
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
Date: Tue, 1 Mar 2022 15:44:18 +0100
|
|
Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes
|
|
|
|
References: rhbz#2055796
|
|
---
|
|
doc/man5/config.pod | 7 ++++++-
|
|
ssl/t1_lib.c | 8 ++++++++
|
|
2 files changed, 14 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
|
index aa1be5ca7f..aa69e2b844 100644
|
|
--- a/doc/man5/config.pod
|
|
+++ b/doc/man5/config.pod
|
|
@@ -305,7 +305,12 @@ When set to B<no>, any attempt to create or verify a signature with a SHA1
|
|
digest will fail. For compatibility with older versions of OpenSSL, set this
|
|
option to B<yes>. This setting also affects TLS, where signature algorithms
|
|
that use SHA1 as digest will no longer be supported if this option is set to
|
|
-B<no>.
|
|
+B<no>. Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
|
|
+algorithms that use SHA1 in security level 2, despite the definition of
|
|
+security level 2 of 112 bits of security, which SHA1 does not meet. Because
|
|
+TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key
|
|
+material, disabling B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or
|
|
+newer.
|
|
|
|
=item B<fips_mode> (deprecated)
|
|
|
|
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
index 4b74ee1a34..724ded67ba 100644
|
|
--- a/ssl/t1_lib.c
|
|
+++ b/ssl/t1_lib.c
|
|
@@ -2106,6 +2106,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
|
|
}
|
|
}
|
|
|
|
+ if (lu->hash == NID_sha1
|
|
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
|
|
+ && SSL_get_security_level(s) < 3) {
|
|
+ /* when rh-allow-sha1-signatures = yes and security level <= 2,
|
|
+ * explicitly allow SHA1 for backwards compatibility */
|
|
+ return 1;
|
|
+ }
|
|
+
|
|
/* Finally see if security callback allows it */
|
|
secbits = sigalg_security_bits(s->ctx, lu);
|
|
sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
|
|
--
|
|
2.35.1
|
|
|