rpms/openssl
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow MD5-SHA1 in LEGACY c-p to fix TLS 1.0

Browse Source 
Fedora supports TLS down to 1.0 in LEGACY crypto-policy, but TLS 1.0
defaults to rsa_pkcs1_md5_sha1 with RSA certificates by default.
However, MD5-SHA1 would require SECLEVEL=0, because its 67 bits of
security do not meet SECLEVEL=1's requirement of 80 bits.

Instead of setting SECLEVEL to 0 in the LEGACY crypto-policy (which
would include all algorithms, regardless of their security level), allow
MD5-SHA1 if rh-allow-sha1-signatures is yes and SECLEVEL is 1.

Related: rhbz#2069239
This commit is contained in:
Clemens Lang 2022-04-27 12:24:38 +02:00
parent 8f08128432
commit efdb8c60a3
3 changed files with 85 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
View File

@ -1,4 +1,4 @@
From f695f140255f9b564cac4d5e9e38ba27ec927256 Mon Sep 17 00:00:00 2001 From f470b130139919f32926b3f5a75ba4d161cbcf88 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com> From: Clemens Lang <cllang@redhat.com>
Date: Tue, 1 Mar 2022 15:44:18 +0100 Date: Tue, 1 Mar 2022 15:44:18 +0100
Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures = Subject: [PATCH 2/2] Allow SHA1 in seclevel 1 if rh-allow-sha1-signatures =
@ -26,14 +26,14 @@ default configuration.
Related: rhbz#2055796 Related: rhbz#2055796
Related: rhbz#2070977 Related: rhbz#2070977
--- ---
crypto/x509/x509_vfy.c | 19 ++++++++++- crypto/x509/x509_vfy.c | 20 ++++++++++-
doc/man5/config.pod | 7 ++++ doc/man5/config.pod | 7 ++++
ssl/t1_lib.c | 64 ++++++++++++++++++++++++++++------- ssl/t1_lib.c | 67 ++++++++++++++++++++++++++++-------
test/recipes/25-test_verify.t | 4 +-- test/recipes/25-test_verify.t | 4 +--
4 files changed, 78 insertions(+), 16 deletions(-) 4 files changed, 82 insertions(+), 16 deletions(-)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2f175ca517..60aa26f552 100644 index 2f175ca517..bf0c608839 100644
--- a/crypto/x509/x509_vfy.c --- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c
@@ -25,6 +25,7 @@ @@ -25,6 +25,7 @@
@ -44,7 +44,7 @@ index 2f175ca517..60aa26f552 100644
#include "crypto/x509.h" #include "crypto/x509.h"
#include "x509_local.h" #include "x509_local.h"
@@ -3441,14 +3442,30 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) @@ -3441,14 +3442,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
{ {
int secbits = -1; int secbits = -1;
int level = ctx->param->auth_level; int level = ctx->param->auth_level;
@ -67,17 +67,18 @@ index 2f175ca517..60aa26f552 100644
+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL)) + if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
return 0; return 0;
+ if (nid == NID_sha1 + if ((nid == NID_sha1 || nid == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) + && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ctx->param->auth_level < 2) + && ctx->param->auth_level < 2)
+ /* When rh-allow-sha1-signatures = yes and security level <= 1, + /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility. */ + * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ return 1; + return 1;
+ +
return secbits >= minbits_table[level - 1]; return secbits >= minbits_table[level - 1];
} }
diff --git a/doc/man5/config.pod b/doc/man5/config.pod diff --git a/doc/man5/config.pod b/doc/man5/config.pod
index 0c9110d28a..02e7ca706f 100644 index 0c9110d28a..e0516d20b8 100644
--- a/doc/man5/config.pod --- a/doc/man5/config.pod
+++ b/doc/man5/config.pod +++ b/doc/man5/config.pod
@@ -309,6 +309,13 @@ this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as @@ -309,6 +309,13 @@ this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
@ -86,16 +87,16 @@ index 0c9110d28a..02e7ca706f 100644
+Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature +Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
+algorithms that use SHA1 in security level 1, despite the definition of +algorithms that use SHA1 in security level 1, despite the definition of
+security level 1 of 80 bits of security, which SHA1 does not meet. This +security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet.
+allows using SHA1 in TLS in the LEGACY crypto-policy on Fedora without +This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on
+requiring to set the security level to 0, which would include further insecure +Fedora without requiring to set the security level to 0, which would include
+algorithms. +further insecure algorithms, and thus restores support for TLS 1.0 and 1.1.
+ +
=item B<fips_mode> (deprecated) =item B<fips_mode> (deprecated)
The value is a boolean that can be B<yes> or B<no>. If the value is The value is a boolean that can be B<yes> or B<no>. If the value is
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index dcd487ec2e..e47ddf56f1 100644 index dcd487ec2e..0b50266b69 100644
--- a/ssl/t1_lib.c --- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -20,6 +20,7 @@ @@ -20,6 +20,7 @@
@ -106,7 +107,7 @@ index dcd487ec2e..e47ddf56f1 100644
#include "internal/sslconf.h" #include "internal/sslconf.h"
#include "internal/nelem.h" #include "internal/nelem.h"
#include "internal/sizes.h" #include "internal/sizes.h"
@@ -1561,19 +1562,27 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) @@ -1561,19 +1562,28 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST); SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
return 0; return 0;
} }
@ -124,11 +125,12 @@ index dcd487ec2e..e47ddf56f1 100644
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE); - SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
- return 0; - return 0;
+ +
+ if (lu->hash == NID_sha1 + if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) + && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 2) { + && SSL_get_security_level(s) < 2) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 1, + /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility */ + * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ } else { + } else {
+ /* + /*
+ * Make sure security callback allows algorithm. For historical + * Make sure security callback allows algorithm. For historical
@ -147,22 +149,23 @@ index dcd487ec2e..e47ddf56f1 100644
} }
/* Store the sigalg the peer uses */ /* Store the sigalg the peer uses */
s->s3.tmp.peer_sigalg = lu; s->s3.tmp.peer_sigalg = lu;
@@ -2106,6 +2115,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) @@ -2106,6 +2116,15 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
} }
} }
+ if (lu->hash == NID_sha1 + if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) + && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0)
+ && SSL_get_security_level(s) < 2) { + && SSL_get_security_level(s) < 2) {
+ /* when rh-allow-sha1-signatures = yes and security level <= 1, + /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility */ + * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ return 1; + return 1;
+ } + }
+ +
/* Finally see if security callback allows it */ /* Finally see if security callback allows it */
secbits = sigalg_security_bits(s->ctx, lu); secbits = sigalg_security_bits(s->ctx, lu);
sigalgstr[0] = (lu->sigalg >> 8) & 0xff; sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
@@ -2977,6 +2994,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) @@ -2977,6 +2996,8 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
{ {
/* Lookup signature algorithm digest */ /* Lookup signature algorithm digest */
int secbits, nid, pknid; int secbits, nid, pknid;
@ -171,7 +174,7 @@ index dcd487ec2e..e47ddf56f1 100644
/* Don't check signature if self signed */ /* Don't check signature if self signed */
if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0) if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
return 1; return 1;
@@ -2985,6 +3004,25 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) @@ -2985,6 +3006,26 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
/* If digest NID not defined use signature NID */ /* If digest NID not defined use signature NID */
if (nid == NID_undef) if (nid == NID_undef)
nid = pknid; nid = pknid;
@ -185,13 +188,14 @@ index dcd487ec2e..e47ddf56f1 100644
+ else + else
+ libctx = OSSL_LIB_CTX_get0_global_default(); + libctx = OSSL_LIB_CTX_get0_global_default();
+ +
+ if (nid == NID_sha1 + if ((nid == NID_sha1 || nid == NID_md5_sha1)
+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) + && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
+ && ((s != NULL && SSL_get_security_level(s) < 2) + && ((s != NULL && SSL_get_security_level(s) < 2)
+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) + || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
+ )) + ))
+ /* When rh-allow-sha1-signatures = yes and security level <= 1, + /* When rh-allow-sha1-signatures = yes and security level <= 1,
+ * explicitly allow SHA1 for backwards compatibility. */ + * explicitly allow SHA1 for backwards compatibility. Also allow
+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ return 1; + return 1;
+ +
if (s) if (s)

97
0053-Add-SHA1-probes.patch
View File

@ -1,4 +1,4 @@
From a1905af412163cf971107f51a33dff8b416ab690 Mon Sep 17 00:00:00 2001 From 428369896db1656af748a67bb36fba039e7b39ad Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com> From: Clemens Lang <cllang@redhat.com>
Date: Mon, 25 Apr 2022 15:21:46 +0200 Date: Mon, 25 Apr 2022 15:21:46 +0200
Subject: [PATCH] Instrument SHA-1 signatures with USDT probes Subject: [PATCH] Instrument SHA-1 signatures with USDT probes
@ -11,13 +11,13 @@ This should allow identifying components that still use SHA-1 signatures
in production so that they can be transitioned to more modern hash in production so that they can be transitioned to more modern hash
algorithms. algorithms.
--- ---
crypto/evp/m_sigver.c | 13 +++++++++---- crypto/evp/m_sigver.c | 13 +++++++++----
crypto/evp/pmeth_lib.c | 13 +++++++++---- crypto/evp/pmeth_lib.c | 13 +++++++++----
crypto/x509/x509_vfy.c | 6 +++++- crypto/x509/x509_vfy.c | 6 +++++-
providers/common/securitycheck.c | 22 +++++++++++++++------- providers/common/securitycheck.c | 22 +++++++++++++++-------
providers/common/securitycheck_default.c | 13 +++++++++++-- providers/common/securitycheck_default.c | 13 +++++++++++--
ssl/t1_lib.c | 8 +++++++- ssl/t1_lib.c | 8 +++++++-
6 files changed, 56 insertions(+), 19 deletions(-) 6 files changed, 56 insertions(+), 19 deletions(-)
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 8da2183ce0..c17cdfa5d5 100644 index 8da2183ce0..c17cdfa5d5 100644
@ -26,7 +26,7 @@ index 8da2183ce0..c17cdfa5d5 100644
@@ -16,6 +16,8 @@ @@ -16,6 +16,8 @@
#include "internal/numbers.h" /* includes SIZE_MAX */ #include "internal/numbers.h" /* includes SIZE_MAX */
#include "evp_local.h" #include "evp_local.h"
+#include <sys/sdt.h> +#include <sys/sdt.h>
+ +
typedef struct ossl_legacy_digest_signatures_st { typedef struct ossl_legacy_digest_signatures_st {
@ -49,21 +49,21 @@ index 8da2183ce0..c17cdfa5d5 100644
+ } + }
} }
} }
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 3c5a1e6f5d..589a352974 100644 index b96f148c0d..54fcf24945 100644
--- a/crypto/evp/pmeth_lib.c --- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c
@@ -36,6 +36,8 @@ @@ -37,6 +37,8 @@
#include "internal/sslconf.h" #include "internal/sslconf.h"
#include "evp_local.h" #include "evp_local.h"
+#include <sys/sdt.h> +#include <sys/sdt.h>
+ +
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx, static int evp_pkey_ctx_store_cached_data(EVP_PKEY_CTX *ctx,
@@ -954,10 +956,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md, @@ -956,10 +958,13 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
&& !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf) && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
&& !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) { && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
int mdnid = EVP_MD_nid(md); int mdnid = EVP_MD_nid(md);
@ -80,32 +80,33 @@ index 3c5a1e6f5d..589a352974 100644
+ } + }
} }
} }
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 60aa26f552..d054acd5a7 100644 index bf0c608839..78638ce80e 100644
--- a/crypto/x509/x509_vfy.c --- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c +++ b/crypto/x509/x509_vfy.c
@@ -29,6 +29,8 @@ @@ -29,6 +29,8 @@
#include "crypto/x509.h" #include "crypto/x509.h"
#include "x509_local.h" #include "x509_local.h"
+#include <sys/sdt.h> +#include <sys/sdt.h>
+ +
/* CRL score values */ /* CRL score values */
#define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */ #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
@@ -3462,10 +3464,12 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert) @@ -3462,11 +3464,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
if (nid == NID_sha1 if ((nid == NID_sha1 || nid == NID_md5_sha1)
&& ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
- && ctx->param->auth_level < 2) - && ctx->param->auth_level < 2)
+ && ctx->param->auth_level < 2) { + && ctx->param->auth_level < 2) {
+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid); + DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid);
/* When rh-allow-sha1-signatures = yes and security level <= 1, /* When rh-allow-sha1-signatures = yes and security level <= 1,
* explicitly allow SHA1 for backwards compatibility. */ * explicitly allow SHA1 for backwards compatibility. Also allow
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
return 1; return 1;
+ } + }
return secbits >= minbits_table[level - 1]; return secbits >= minbits_table[level - 1];
} }
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
@ -115,7 +116,7 @@ index e534ad0a5f..bf496450cf 100644
@@ -21,6 +21,8 @@ @@ -21,6 +21,8 @@
#include "prov/securitycheck.h" #include "prov/securitycheck.h"
#include "internal/sslconf.h" #include "internal/sslconf.h"
+#include <sys/sdt.h> +#include <sys/sdt.h>
+ +
/* /*
@ -123,7 +124,7 @@ index e534ad0a5f..bf496450cf 100644
* signing), and for legacy purposes 80 bits (for decryption or verifying). * signing), and for legacy purposes 80 bits (for decryption or verifying).
@@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md, @@ -238,11 +240,14 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
- if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0)) - if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
- /* SHA1 is globally disabled, check whether we want to locally allow - /* SHA1 is globally disabled, check whether we want to locally allow
@ -138,7 +139,7 @@ index e534ad0a5f..bf496450cf 100644
+ DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid); + DTRACE_PROBE1(libcrypto, fedora_ossl_digest_get_approved_nid_with_sha1_1, mdnid);
+ } + }
#endif #endif
return mdnid; return mdnid;
@@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md) @@ -258,9 +263,12 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
#ifndef FIPS_MODULE #ifndef FIPS_MODULE
@ -155,22 +156,22 @@ index e534ad0a5f..bf496450cf 100644
+ } + }
} }
#endif #endif
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
index ce54a94fbc..ecb3a9d4b6 100644 index ce54a94fbc..2d21e4a7df 100644
--- a/providers/common/securitycheck_default.c --- a/providers/common/securitycheck_default.c
+++ b/providers/common/securitycheck_default.c +++ b/providers/common/securitycheck_default.c
@@ -17,6 +17,8 @@ @@ -17,6 +17,8 @@
#include "internal/nelem.h" #include "internal/nelem.h"
#include "internal/sslconf.h" #include "internal/sslconf.h"
+#include <sys/sdt.h> +#include <sys/sdt.h>
+ +
/* Disable the security checks in the default provider */ /* Disable the security checks in the default provider */
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx) int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
{ {
@@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md, @@ -40,9 +42,16 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0); ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed); mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
+ if (mdnid == NID_sha1) + if (mdnid == NID_sha1)
@ -189,47 +190,49 @@ index ce54a94fbc..ecb3a9d4b6 100644
return mdnid; return mdnid;
} }
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index e47ddf56f1..a4b9ff749e 100644 index 0b50266b69..d05e696a28 100644
--- a/ssl/t1_lib.c --- a/ssl/t1_lib.c
+++ b/ssl/t1_lib.c +++ b/ssl/t1_lib.c
@@ -28,6 +28,8 @@ @@ -28,6 +28,8 @@
#include "ssl_local.h" #include "ssl_local.h"
#include <openssl/ct.h> #include <openssl/ct.h>
+#include <sys/sdt.h> +#include <sys/sdt.h>
+ +
static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey); static const SIGALG_LOOKUP *find_sig_alg(SSL *s, X509 *x, EVP_PKEY *pkey);
static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu); static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu);
@@ -1568,6 +1570,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey) @@ -1569,6 +1571,7 @@ int tls12_check_peer_sigalg(SSL *s, uint16_t sig, EVP_PKEY *pkey)
&& SSL_get_security_level(s) < 2) { /* When rh-allow-sha1-signatures = yes and security level <= 1,
/* when rh-allow-sha1-signatures = yes and security level <= 1, * explicitly allow SHA1 for backwards compatibility. Also allow
* explicitly allow SHA1 for backwards compatibility */ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash); + DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash);
} else { } else {
/* /*
* Make sure security callback allows algorithm. For historical * Make sure security callback allows algorithm. For historical
@@ -2120,6 +2123,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) @@ -2122,6 +2125,7 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu)
&& SSL_get_security_level(s) < 2) { /* When rh-allow-sha1-signatures = yes and security level <= 1,
/* when rh-allow-sha1-signatures = yes and security level <= 1, * explicitly allow SHA1 for backwards compatibility. Also allow
* explicitly allow SHA1 for backwards compatibility */ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash); + DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash);
return 1; return 1;
} }
@@ -3018,10 +3022,12 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op) @@ -3020,11 +3024,13 @@ static int ssl_security_cert_sig(SSL *s, SSL_CTX *ctx, X509 *x, int op)
&& ossl_ctx_legacy_digest_signatures_allowed(libctx, 0) && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
&& ((s != NULL && SSL_get_security_level(s) < 2) && ((s != NULL && SSL_get_security_level(s) < 2)
|| (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2) || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
- )) - ))
+ )) { + )) {
/* When rh-allow-sha1-signatures = yes and security level <= 1, /* When rh-allow-sha1-signatures = yes and security level <= 1,
* explicitly allow SHA1 for backwards compatibility. */ * explicitly allow SHA1 for backwards compatibility. Also allow
* MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid); + DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid);
return 1; return 1;
+ } + }
if (s) if (s)
return ssl_security(s, op, secbits, nid, x); return ssl_security(s, op, secbits, nid, x);
-- --
2.35.1 2.35.1

5
openssl.spec
View File

@ -410,6 +410,11 @@ install -m644 %{SOURCE9} \
%ldconfig_scriptlets libs %ldconfig_scriptlets libs
%changelog %changelog
* Wed Apr 27 2022 Clemens Lang <cllang@redhat.com> - 1:3.0.2-4
- Support rsa_pkcs1_md5_sha1 in TLS 1.0/1.1 with rh-allow-sha1-signatures = yes
to restore TLS 1.0 and 1.1 support in LEGACY crypto-policy.
Related: rhbz#2069239
* Tue Apr 26 2022 Alexander Sosedkin <asosedkin@redhat.com> - 1:3.0.2-4 * Tue Apr 26 2022 Alexander Sosedkin <asosedkin@redhat.com> - 1:3.0.2-4
- Instrument with USDT probes related to SHA-1 deprecation - Instrument with USDT probes related to SHA-1 deprecation