|
|
|
@ -1,4 +1,4 @@
|
|
|
|
|
From 8cf6c9fce2446340f361138dfb55cb7cdcb4b776 Mon Sep 17 00:00:00 2001
|
|
|
|
|
From b4b38e64dc322b8852f65b73e337517e1e1d651f Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Clemens Lang <cllang@redhat.com>
|
|
|
|
|
Date: Mon, 21 Feb 2022 17:24:44 +0100
|
|
|
|
|
Subject: Selectively disallow SHA1 signatures
|
|
|
|
@ -37,16 +37,19 @@ signing arbitrary data).
|
|
|
|
|
Resolves: rhbz#2031742
|
|
|
|
|
---
|
|
|
|
|
crypto/evp/evp_cnf.c | 13 ++++
|
|
|
|
|
crypto/evp/m_sigver.c | 77 ++++++++++++++++++++++++
|
|
|
|
|
crypto/evp/pmeth_lib.c | 15 +++++
|
|
|
|
|
doc/man5/config.pod | 11 ++++
|
|
|
|
|
crypto/evp/m_sigver.c | 77 +++++++++++++++++++
|
|
|
|
|
crypto/evp/pmeth_lib.c | 15 ++++
|
|
|
|
|
doc/man5/config.pod | 11 +++
|
|
|
|
|
include/internal/cryptlib.h | 3 +-
|
|
|
|
|
include/internal/sslconf.h | 4 ++
|
|
|
|
|
providers/common/securitycheck.c | 18 ++++++
|
|
|
|
|
providers/common/securitycheck_default.c | 7 ++-
|
|
|
|
|
ssl/t1_lib.c | 8 +++
|
|
|
|
|
include/internal/sslconf.h | 4 +
|
|
|
|
|
providers/common/securitycheck.c | 20 +++++
|
|
|
|
|
providers/common/securitycheck_default.c | 9 ++-
|
|
|
|
|
providers/implementations/signature/dsa_sig.c | 11 ++-
|
|
|
|
|
.../implementations/signature/ecdsa_sig.c | 4 +
|
|
|
|
|
providers/implementations/signature/rsa_sig.c | 9 ++-
|
|
|
|
|
ssl/t1_lib.c | 8 ++
|
|
|
|
|
util/libcrypto.num | 2 +
|
|
|
|
|
10 files changed, 156 insertions(+), 2 deletions(-)
|
|
|
|
|
13 files changed, 178 insertions(+), 8 deletions(-)
|
|
|
|
|
|
|
|
|
|
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
|
|
|
|
index 0e7fe64cf9..b9d3b6d226 100644
|
|
|
|
@ -257,7 +260,7 @@ index fd7f7e3331..05464b0655 100644
|
|
|
|
|
+ int loadconfig);
|
|
|
|
|
#endif
|
|
|
|
|
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
|
|
|
|
index 699ada7c52..c501466cdc 100644
|
|
|
|
|
index 699ada7c52..f3af62325d 100644
|
|
|
|
|
--- a/providers/common/securitycheck.c
|
|
|
|
|
+++ b/providers/common/securitycheck.c
|
|
|
|
|
@@ -19,6 +19,7 @@
|
|
|
|
@ -268,21 +271,23 @@ index 699ada7c52..c501466cdc 100644
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
|
|
|
|
@@ -235,6 +236,13 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
|
|
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
|
|
mdnid = -1; /* disallowed by security checks */
|
|
|
|
|
}
|
|
|
|
|
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
|
|
|
+
|
|
|
|
|
+#ifndef FIPS_MODULE
|
|
|
|
|
+ if (mdnid == NID_sha1
|
|
|
|
|
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
|
|
|
+ mdnid = -1; /* disallowed by security checks */
|
|
|
|
|
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
|
|
|
+ /* SHA1 is globally disabled, check whether we want to locally allow
|
|
|
|
|
+ * it. */
|
|
|
|
|
+ if (mdnid == NID_sha1 && !sha1_allowed)
|
|
|
|
|
+ mdnid = NID_undef;
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
return mdnid;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@@ -244,5 +252,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
|
|
|
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
|
|
|
if (ossl_securitycheck_enabled(ctx))
|
|
|
|
|
return ossl_digest_get_approved_nid(md) != NID_undef;
|
|
|
|
|
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
|
|
@ -299,7 +304,7 @@ index 699ada7c52..c501466cdc 100644
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
|
|
|
|
index de7f0d3a0a..0ba8285fbb 100644
|
|
|
|
|
index de7f0d3a0a..ce54a94fbc 100644
|
|
|
|
|
--- a/providers/common/securitycheck_default.c
|
|
|
|
|
+++ b/providers/common/securitycheck_default.c
|
|
|
|
|
@@ -15,6 +15,7 @@
|
|
|
|
@ -310,8 +315,12 @@ index de7f0d3a0a..0ba8285fbb 100644
|
|
|
|
|
|
|
|
|
|
/* Disable the security checks in the default provider */
|
|
|
|
|
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
|
|
|
@@ -26,6 +27,7 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
|
|
ossl_unused int sha1_allowed)
|
|
|
|
|
@@ -23,9 +24,10 @@ int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
|
|
- ossl_unused int sha1_allowed)
|
|
|
|
|
+ int sha1_allowed)
|
|
|
|
|
{
|
|
|
|
|
int mdnid;
|
|
|
|
|
+ int ldsigs_allowed;
|
|
|
|
@ -324,13 +333,76 @@ index de7f0d3a0a..0ba8285fbb 100644
|
|
|
|
|
|
|
|
|
|
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
|
|
|
|
|
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
|
|
|
|
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, ldsigs_allowed);
|
|
|
|
|
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
|
|
|
|
if (mdnid == NID_undef)
|
|
|
|
|
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
|
|
|
|
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
|
|
|
|
+ mdnid = -1;
|
|
|
|
|
return mdnid;
|
|
|
|
|
}
|
|
|
|
|
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
|
|
|
|
index 28fd7c498e..fa3822f39f 100644
|
|
|
|
|
--- a/providers/implementations/signature/dsa_sig.c
|
|
|
|
|
+++ b/providers/implementations/signature/dsa_sig.c
|
|
|
|
|
@@ -124,12 +124,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
|
|
|
|
mdprops = ctx->propq;
|
|
|
|
|
|
|
|
|
|
if (mdname != NULL) {
|
|
|
|
|
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
|
|
WPACKET pkt;
|
|
|
|
|
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
|
|
|
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
|
|
|
- sha1_allowed);
|
|
|
|
|
+ int md_nid;
|
|
|
|
|
size_t mdname_len = strlen(mdname);
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
|
|
+#else
|
|
|
|
|
+ int sha1_allowed = 0;
|
|
|
|
|
+#endif
|
|
|
|
|
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
|
|
|
+ sha1_allowed);
|
|
|
|
|
|
|
|
|
|
if (md == NULL || md_nid < 0) {
|
|
|
|
|
if (md == NULL)
|
|
|
|
|
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
|
|
|
|
index 865d49d100..99b228e82c 100644
|
|
|
|
|
--- a/providers/implementations/signature/ecdsa_sig.c
|
|
|
|
|
+++ b/providers/implementations/signature/ecdsa_sig.c
|
|
|
|
|
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
|
|
|
|
"%s could not be fetched", mdname);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
|
|
+#else
|
|
|
|
|
+ sha1_allowed = 0;
|
|
|
|
|
+#endif
|
|
|
|
|
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
|
|
|
sha1_allowed);
|
|
|
|
|
if (md_nid < 0) {
|
|
|
|
|
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
|
|
|
|
index 325e855333..c96e7e218f 100644
|
|
|
|
|
--- a/providers/implementations/signature/rsa_sig.c
|
|
|
|
|
+++ b/providers/implementations/signature/rsa_sig.c
|
|
|
|
|
@@ -289,10 +289,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
|
|
|
|
|
|
|
|
|
if (mdname != NULL) {
|
|
|
|
|
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
|
|
|
+ int md_nid;
|
|
|
|
|
+ size_t mdname_len = strlen(mdname);
|
|
|
|
|
+#ifdef FIPS_MODULE
|
|
|
|
|
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
|
|
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
|
|
|
+#else
|
|
|
|
|
+ int sha1_allowed = 0;
|
|
|
|
|
+#endif
|
|
|
|
|
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
|
|
|
sha1_allowed);
|
|
|
|
|
- size_t mdname_len = strlen(mdname);
|
|
|
|
|
|
|
|
|
|
if (md == NULL
|
|
|
|
|
|| md_nid <= 0
|
|
|
|
|
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
|
|
|
index fc32bb3556..4b74ee1a34 100644
|
|
|
|
|
--- a/ssl/t1_lib.c
|
|
|
|
|