@ -1,4 +1,4 @@
From b4b38e64dc322b8852f65b73e337517e1e1d651f Mon Sep 17 00:00:00 2001
From 243201772cc6d583fae9eba81cb2c2c7425bc564 Mon Sep 17 00:00:00 2001
From: Clemens Lang <cllang@redhat.com>
From: Clemens Lang <cllang@redhat.com>
Date: Mon, 21 Feb 2022 17:24:44 +0100
Date: Mon, 21 Feb 2022 17:24:44 +0100
Subject: Selectively disallow SHA1 signatures
Subject: Selectively disallow SHA1 signatures
@ -46,10 +46,10 @@ Resolves: rhbz#2031742
providers/common/securitycheck_default.c | 9 ++-
providers/common/securitycheck_default.c | 9 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
providers/implementations/signature/dsa_sig.c | 11 ++-
.../implementations/signature/ecdsa_sig.c | 4 +
.../implementations/signature/ecdsa_sig.c | 4 +
providers/implementations/signature/rsa_sig.c | 9 ++-
providers/implementations/signature/rsa_sig.c | 20 ++ ++-
ssl/t1_lib.c | 8 ++
ssl/t1_lib.c | 8 ++
util/libcrypto.num | 2 +
util/libcrypto.num | 2 +
13 files changed, 178 insertions(+), 8 deletions(-)
13 files changed, 188 insertions(+), 9 deletions(-)
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
index 0e7fe64cf9..b9d3b6d226 100644
index 0e7fe64cf9..b9d3b6d226 100644
@ -382,10 +382,26 @@ index 865d49d100..99b228e82c 100644
sha1_allowed);
sha1_allowed);
if (md_nid < 0) {
if (md_nid < 0) {
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 325e855333.. c96e7e218f 100644
index 325e855333.. bea397f0c1 100644
--- a/providers/implementations/signature/rsa_sig.c
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -289,10 +289,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
@@ -26,6 +26,7 @@
#include "internal/cryptlib.h"
#include "internal/nelem.h"
#include "internal/sizes.h"
+#include "internal/sslconf.h"
#include "crypto/rsa.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
@@ -34,6 +35,7 @@
#include "prov/securitycheck.h"
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
static OSSL_FUNC_signature_newctx_fn rsa_newctx;
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
@@ -289,10 +291,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
if (mdname != NULL) {
if (mdname != NULL) {
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
@ -403,6 +419,23 @@ index 325e855333..c96e7e218f 100644
if (md == NULL
if (md == NULL
|| md_nid <= 0
|| md_nid <= 0
@@ -1348,8 +1355,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
prsactx->pad_mode = pad_mode;
if (prsactx->md == NULL && pmdname == NULL
- && pad_mode == RSA_PKCS1_PSS_PADDING)
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
pmdname = RSA_DEFAULT_DIGEST_NAME;
+#ifndef FIPS_MODULE
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
+ }
+#endif
+ }
+
if (pmgf1mdname != NULL
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
index fc32bb3556..4b74ee1a34 100644
index fc32bb3556..4b74ee1a34 100644
--- a/ssl/t1_lib.c
--- a/ssl/t1_lib.c