diff --git a/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch new file mode 100644 index 0000000..6c24e34 --- /dev/null +++ b/0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch @@ -0,0 +1,51 @@ +From 1c6d5f6162a46bcde94e8ae9eaa0c41da1d7faa3 Mon Sep 17 00:00:00 2001 +From: Clemens Lang +Date: Tue, 1 Mar 2022 15:44:18 +0100 +Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes + +References: rhbz#2055796 +--- + doc/man5/config.pod | 7 ++++++- + ssl/t1_lib.c | 8 ++++++++ + 2 files changed, 14 insertions(+), 1 deletion(-) + +diff --git a/doc/man5/config.pod b/doc/man5/config.pod +index aa1be5ca7f..aa69e2b844 100644 +--- a/doc/man5/config.pod ++++ b/doc/man5/config.pod +@@ -305,7 +305,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 + digest will fail. For compatibility with older versions of OpenSSL, set this + option to B. This setting also affects TLS, where signature algorithms + that use SHA1 as digest will no longer be supported if this option is set to +-B. ++B. Note that enabling B will allow TLS signature ++algorithms that use SHA1 in security level 2, despite the definition of ++security level 2 of 112 bits of security, which SHA1 does not meet. Because ++TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key ++material, disabling B requires the use of TLS 1.2 or ++newer. + + =item B (deprecated) + +diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c +index 4b74ee1a34..724ded67ba 100644 +--- a/ssl/t1_lib.c ++++ b/ssl/t1_lib.c +@@ -2106,6 +2106,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) + } + } + ++ if (lu->hash == NID_sha1 ++ && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) ++ && SSL_get_security_level(s) < 3) { ++ /* when rh-allow-sha1-signatures = yes and security level <= 2, ++ * explicitly allow SHA1 for backwards compatibility */ ++ return 1; ++ } ++ + /* Finally see if security callback allows it */ + secbits = sigalg_security_bits(s->ctx, lu); + sigalgstr[0] = (lu->sigalg >> 8) & 0xff; +-- +2.35.1 + diff --git a/openssl.spec b/openssl.spec index 9fcbfe5..4e34c9e 100644 --- a/openssl.spec +++ b/openssl.spec @@ -15,7 +15,7 @@ Summary: Utilities from the general purpose cryptography library with TLS implementation Name: openssl Version: 3.0.1 -Release: 14%{?dist} +Release: 15%{?dist} Epoch: 1 # We have to remove certain patented algorithms from the openssl source # tarball with the hobble-openssl script which is included below. @@ -82,6 +82,8 @@ Patch49: 0049-Selectively-disallow-SHA1-signatures.patch Patch50: 0050-FIPS-enable-pkcs12-mac.patch # Backport of patch for RHEL for Edge rhbz #2027261 Patch51: 0051-Support-different-R_BITS-lengths-for-KBKDF.patch +# Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes +Patch52: 0052-Allow-SHA1-in-seclevel-2-if-rh-allow-sha1-signatures.patch License: ASL 2.0 URL: http://www.openssl.org/ @@ -412,6 +414,10 @@ install -m644 %{SOURCE9} \ %ldconfig_scriptlets libs %changelog +* Tue Mar 01 2022 Clemens Lang - 1:3.0.1-15 +- Allow SHA1 in SECLEVEL 2 if rh-allow-sha1-signatures = yes +- Resolves: rhbz#2060510 + * Fri Feb 25 2022 Clemens Lang - 1:3.0.1-14 - Prevent use of SHA1 with ECDSA - Resolves: rhbz#2031742