From 1c6d5f6162a46bcde94e8ae9eaa0c41da1d7faa3 Mon Sep 17 00:00:00 2001 From: Clemens Lang Date: Tue, 1 Mar 2022 15:44:18 +0100 Subject: [PATCH] Allow SHA1 in seclevel 2 if rh-allow-sha1-signatures = yes References: rhbz#2055796 --- doc/man5/config.pod | 7 ++++++- ssl/t1_lib.c | 8 ++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/doc/man5/config.pod b/doc/man5/config.pod index aa1be5ca7f..aa69e2b844 100644 --- a/doc/man5/config.pod +++ b/doc/man5/config.pod @@ -305,7 +305,12 @@ When set to B, any attempt to create or verify a signature with a SHA1 digest will fail. For compatibility with older versions of OpenSSL, set this option to B. This setting also affects TLS, where signature algorithms that use SHA1 as digest will no longer be supported if this option is set to -B. +B. Note that enabling B will allow TLS signature +algorithms that use SHA1 in security level 2, despite the definition of +security level 2 of 112 bits of security, which SHA1 does not meet. Because +TLS 1.1 or lower use MD5-SHA1 as pseudorandom function (PRF) to derive key +material, disabling B requires the use of TLS 1.2 or +newer. =item B (deprecated) diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c index 4b74ee1a34..724ded67ba 100644 --- a/ssl/t1_lib.c +++ b/ssl/t1_lib.c @@ -2106,6 +2106,14 @@ static int tls12_sigalg_allowed(const SSL *s, int op, const SIGALG_LOOKUP *lu) } } + if (lu->hash == NID_sha1 + && ossl_ctx_legacy_digest_signatures_allowed(s->ctx->libctx, 0) + && SSL_get_security_level(s) < 3) { + /* when rh-allow-sha1-signatures = yes and security level <= 2, + * explicitly allow SHA1 for backwards compatibility */ + return 1; + } + /* Finally see if security callback allows it */ secbits = sigalg_security_bits(s->ctx, lu); sigalgstr[0] = (lu->sigalg >> 8) & 0xff; -- 2.35.1