|
 |
163057e |
From 2e8388e06eafb703aeb315498915bf079561bdb5 Mon Sep 17 00:00:00 2001
|
|
|
163057e |
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
|
|
|
163057e |
Date: Mon, 21 Aug 2023 13:07:07 +0200
|
|
|
163057e |
Subject: [PATCH 23/48] 0049-Allow-disabling-of-SHA1-signatures.patch
|
|
|
163057e |
|
|
|
163057e |
Patch-name: 0049-Allow-disabling-of-SHA1-signatures.patch
|
|
|
163057e |
Patch-id: 49
|
|
|
163057e |
Patch-status: |
|
|
|
163057e |
# Selectively disallow SHA1 signatures rhbz#2070977
|
|
|
163057e |
From-dist-git-commit: 9409bc7044cf4b5773639cce20f51399888c45fd
|
|
|
163057e |
---
|
|
|
163057e |
crypto/context.c | 14 ++++
|
|
|
163057e |
crypto/evp/evp_cnf.c | 13 +++
|
|
|
163057e |
crypto/evp/m_sigver.c | 79 +++++++++++++++++++
|
|
|
163057e |
crypto/evp/pmeth_lib.c | 15 ++++
|
|
|
163057e |
doc/man5/config.pod | 13 +++
|
|
|
163057e |
include/crypto/context.h | 3 +
|
|
|
163057e |
include/internal/cryptlib.h | 3 +-
|
|
|
163057e |
include/internal/sslconf.h | 4 +
|
|
|
163057e |
providers/common/securitycheck.c | 20 +++++
|
|
|
163057e |
providers/common/securitycheck_default.c | 9 ++-
|
|
|
163057e |
providers/implementations/signature/dsa_sig.c | 11 ++-
|
|
|
163057e |
.../implementations/signature/ecdsa_sig.c | 4 +
|
|
|
163057e |
providers/implementations/signature/rsa_sig.c | 20 ++++-
|
|
|
163057e |
ssl/t1_lib.c | 8 ++
|
|
|
163057e |
util/libcrypto.num | 2 +
|
|
|
163057e |
15 files changed, 209 insertions(+), 9 deletions(-)
|
|
|
163057e |
|
|
|
163057e |
diff --git a/crypto/context.c b/crypto/context.c
|
|
|
163057e |
index 51002ba79a..e697974c9d 100644
|
|
|
163057e |
--- a/crypto/context.c
|
|
|
163057e |
+++ b/crypto/context.c
|
|
|
163057e |
@@ -78,6 +78,8 @@ struct ossl_lib_ctx_st {
|
|
|
163057e |
void *fips_prov;
|
|
|
163057e |
#endif
|
|
|
163057e |
|
|
|
163057e |
+ void *legacy_digest_signatures;
|
|
|
163057e |
+
|
|
|
163057e |
unsigned int ischild:1;
|
|
|
163057e |
};
|
|
|
163057e |
|
|
|
163057e |
@@ -206,6 +208,10 @@ static int context_init(OSSL_LIB_CTX *ctx)
|
|
|
163057e |
goto err;
|
|
|
163057e |
#endif
|
|
|
163057e |
|
|
|
163057e |
+ ctx->legacy_digest_signatures = ossl_ctx_legacy_digest_signatures_new(ctx);
|
|
|
163057e |
+ if (ctx->legacy_digest_signatures == NULL)
|
|
|
163057e |
+ goto err;
|
|
|
163057e |
+
|
|
|
163057e |
/* Low priority. */
|
|
|
163057e |
#ifndef FIPS_MODULE
|
|
|
163057e |
ctx->child_provider = ossl_child_prov_ctx_new(ctx);
|
|
|
163057e |
@@ -334,6 +340,11 @@ static void context_deinit_objs(OSSL_LIB_CTX *ctx)
|
|
|
163057e |
}
|
|
|
163057e |
#endif
|
|
|
163057e |
|
|
|
163057e |
+ if (ctx->legacy_digest_signatures != NULL) {
|
|
|
163057e |
+ ossl_ctx_legacy_digest_signatures_free(ctx->legacy_digest_signatures);
|
|
|
163057e |
+ ctx->legacy_digest_signatures = NULL;
|
|
|
163057e |
+ }
|
|
|
163057e |
+
|
|
|
163057e |
/* Low priority. */
|
|
|
163057e |
#ifndef FIPS_MODULE
|
|
|
163057e |
if (ctx->child_provider != NULL) {
|
|
|
163057e |
@@ -625,6 +636,9 @@ void *ossl_lib_ctx_get_data(OSSL_LIB_CTX *ctx, int index)
|
|
|
163057e |
return ctx->fips_prov;
|
|
|
163057e |
#endif
|
|
|
163057e |
|
|
|
163057e |
+ case OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX:
|
|
|
163057e |
+ return ctx->legacy_digest_signatures;
|
|
|
163057e |
+
|
|
|
163057e |
default:
|
|
|
163057e |
return NULL;
|
|
|
163057e |
}
|
|
|
163057e |
diff --git a/crypto/evp/evp_cnf.c b/crypto/evp/evp_cnf.c
|
|
|
163057e |
index 0e7fe64cf9..b9d3b6d226 100644
|
|
|
163057e |
--- a/crypto/evp/evp_cnf.c
|
|
|
163057e |
+++ b/crypto/evp/evp_cnf.c
|
|
|
163057e |
@@ -10,6 +10,7 @@
|
|
|
163057e |
#include <stdio.h>
|
|
|
163057e |
#include <openssl/crypto.h>
|
|
|
163057e |
#include "internal/cryptlib.h"
|
|
|
163057e |
+#include "internal/sslconf.h"
|
|
|
163057e |
#include <openssl/conf.h>
|
|
|
163057e |
#include <openssl/x509.h>
|
|
|
163057e |
#include <openssl/x509v3.h>
|
|
|
163057e |
@@ -57,6 +58,18 @@ static int alg_module_init(CONF_IMODULE *md, const CONF *cnf)
|
|
|
163057e |
ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
|
|
163057e |
return 0;
|
|
|
163057e |
}
|
|
|
163057e |
+ } else if (strcmp(oval->name, "rh-allow-sha1-signatures") == 0) {
|
|
|
163057e |
+ int m;
|
|
|
163057e |
+
|
|
|
163057e |
+ /* Detailed error already reported. */
|
|
|
163057e |
+ if (!X509V3_get_value_bool(oval, &m))
|
|
|
163057e |
+ return 0;
|
|
|
163057e |
+
|
|
|
163057e |
+ if (!ossl_ctx_legacy_digest_signatures_allowed_set(
|
|
|
163057e |
+ NCONF_get0_libctx((CONF *)cnf), m > 0, 0)) {
|
|
|
163057e |
+ ERR_raise(ERR_LIB_EVP, EVP_R_SET_DEFAULT_PROPERTY_FAILURE);
|
|
|
163057e |
+ return 0;
|
|
|
163057e |
+ }
|
|
|
163057e |
} else {
|
|
|
163057e |
ERR_raise_data(ERR_LIB_EVP, EVP_R_UNKNOWN_OPTION,
|
|
|
163057e |
"name=%s, value=%s", oval->name, oval->value);
|
|
|
163057e |
diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
|
|
|
163057e |
index 630d339c35..6e4e9f5ae7 100644
|
|
|
163057e |
--- a/crypto/evp/m_sigver.c
|
|
|
163057e |
+++ b/crypto/evp/m_sigver.c
|
|
|
163057e |
@@ -15,6 +15,73 @@
|
|
|
163057e |
#include "internal/provider.h"
|
|
|
163057e |
#include "internal/numbers.h" /* includes SIZE_MAX */
|
|
|
163057e |
#include "evp_local.h"
|
|
|
163057e |
+#include "crypto/context.h"
|
|
|
163057e |
+
|
|
|
163057e |
+typedef struct ossl_legacy_digest_signatures_st {
|
|
|
163057e |
+ int allowed;
|
|
|
163057e |
+} OSSL_LEGACY_DIGEST_SIGNATURES;
|
|
|
163057e |
+
|
|
|
163057e |
+void ossl_ctx_legacy_digest_signatures_free(void *vldsigs)
|
|
|
163057e |
+{
|
|
|
163057e |
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs = vldsigs;
|
|
|
163057e |
+
|
|
|
163057e |
+ if (ldsigs != NULL) {
|
|
|
163057e |
+ OPENSSL_free(ldsigs);
|
|
|
163057e |
+ }
|
|
|
163057e |
+}
|
|
|
163057e |
+
|
|
|
163057e |
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *ctx)
|
|
|
163057e |
+{
|
|
|
163057e |
+ OSSL_LEGACY_DIGEST_SIGNATURES* ldsigs = OPENSSL_zalloc(sizeof(OSSL_LEGACY_DIGEST_SIGNATURES));
|
|
|
163057e |
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
|
|
163057e |
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
|
|
163057e |
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
|
|
163057e |
+ ldsigs->allowed = 1;
|
|
|
163057e |
+ return ldsigs;
|
|
|
163057e |
+}
|
|
|
163057e |
+
|
|
|
163057e |
+static OSSL_LEGACY_DIGEST_SIGNATURES *ossl_ctx_legacy_digest_signatures(
|
|
|
163057e |
+ OSSL_LIB_CTX *libctx, int loadconfig)
|
|
|
163057e |
+{
|
|
|
163057e |
+#ifndef FIPS_MODULE
|
|
|
163057e |
+ if (loadconfig && !OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL))
|
|
|
163057e |
+ return NULL;
|
|
|
163057e |
+#endif
|
|
|
163057e |
+
|
|
|
163057e |
+ return ossl_lib_ctx_get_data(libctx, OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX);
|
|
|
163057e |
+}
|
|
|
163057e |
+
|
|
|
163057e |
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig)
|
|
|
163057e |
+{
|
|
|
163057e |
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
|
|
163057e |
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
|
|
163057e |
+
|
|
|
163057e |
+#ifndef FIPS_MODULE
|
|
|
163057e |
+ if (ossl_safe_getenv("OPENSSL_ENABLE_SHA1_SIGNATURES") != NULL)
|
|
|
163057e |
+ /* used in tests */
|
|
|
163057e |
+ return 1;
|
|
|
163057e |
+#endif
|
|
|
163057e |
+
|
|
|
163057e |
+ /* Warning: This patch differs from the same patch in CentOS and RHEL here,
|
|
|
163057e |
+ * because the default on Fedora is to allow SHA-1 and support disabling
|
|
|
163057e |
+ * it, while CentOS/RHEL disable it by default and allow enabling it. */
|
|
|
163057e |
+ return ldsigs != NULL ? ldsigs->allowed : 1;
|
|
|
163057e |
+}
|
|
|
163057e |
+
|
|
|
163057e |
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
|
|
163057e |
+ int loadconfig)
|
|
|
163057e |
+{
|
|
|
163057e |
+ OSSL_LEGACY_DIGEST_SIGNATURES *ldsigs
|
|
|
163057e |
+ = ossl_ctx_legacy_digest_signatures(libctx, loadconfig);
|
|
|
163057e |
+
|
|
|
163057e |
+ if (ldsigs == NULL) {
|
|
|
163057e |
+ ERR_raise(ERR_LIB_EVP, ERR_R_INTERNAL_ERROR);
|
|
|
163057e |
+ return 0;
|
|
|
163057e |
+ }
|
|
|
163057e |
+
|
|
|
163057e |
+ ldsigs->allowed = allow;
|
|
|
163057e |
+ return 1;
|
|
|
163057e |
+}
|
|
|
163057e |
|
|
|
163057e |
#ifndef FIPS_MODULE
|
|
|
163057e |
|
|
|
163057e |
@@ -251,6 +318,18 @@ static int do_sigver_init(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx,
|
|
|
163057e |
}
|
|
|
163057e |
}
|
|
|
163057e |
|
|
|
163057e |
+ if (ctx->reqdigest != NULL
|
|
|
163057e |
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hmac)
|
|
|
163057e |
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_tls1_prf)
|
|
|
163057e |
+ && !EVP_PKEY_is_a(locpctx->pkey, SN_hkdf)) {
|
|
|
163057e |
+ int mdnid = EVP_MD_nid(ctx->reqdigest);
|
|
|
163057e |
+ if (!ossl_ctx_legacy_digest_signatures_allowed(locpctx->libctx, 0)
|
|
|
163057e |
+ && (mdnid == NID_sha1 || mdnid == NID_md5_sha1)) {
|
|
|
163057e |
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
|
163057e |
+ goto err;
|
|
|
163057e |
+ }
|
|
|
163057e |
+ }
|
|
|
163057e |
+
|
|
|
163057e |
if (ver) {
|
|
|
163057e |
if (signature->digest_verify_init == NULL) {
|
|
|
163057e |
ERR_raise(ERR_LIB_EVP, EVP_R_INITIALIZATION_ERROR);
|
|
|
163057e |
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
|
|
|
163057e |
index ce6e1a1ccb..003926247b 100644
|
|
|
163057e |
--- a/crypto/evp/pmeth_lib.c
|
|
|
163057e |
+++ b/crypto/evp/pmeth_lib.c
|
|
|
163057e |
@@ -33,6 +33,7 @@
|
|
|
163057e |
#include "internal/ffc.h"
|
|
|
163057e |
#include "internal/numbers.h"
|
|
|
163057e |
#include "internal/provider.h"
|
|
|
163057e |
+#include "internal/sslconf.h"
|
|
|
163057e |
#include "evp_local.h"
|
|
|
163057e |
|
|
|
163057e |
#ifndef FIPS_MODULE
|
|
|
163057e |
@@ -958,6 +959,20 @@ static int evp_pkey_ctx_set_md(EVP_PKEY_CTX *ctx, const EVP_MD *md,
|
|
|
163057e |
return -2;
|
|
|
163057e |
}
|
|
|
163057e |
|
|
|
163057e |
+ if (EVP_PKEY_CTX_IS_SIGNATURE_OP(ctx)
|
|
|
163057e |
+ && md != NULL
|
|
|
163057e |
+ && ctx->pkey != NULL
|
|
|
163057e |
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hmac)
|
|
|
163057e |
+ && !EVP_PKEY_is_a(ctx->pkey, SN_tls1_prf)
|
|
|
163057e |
+ && !EVP_PKEY_is_a(ctx->pkey, SN_hkdf)) {
|
|
|
163057e |
+ int mdnid = EVP_MD_nid(md);
|
|
|
163057e |
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
|
163057e |
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0)) {
|
|
|
163057e |
+ ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_DIGEST);
|
|
|
163057e |
+ return -1;
|
|
|
163057e |
+ }
|
|
|
163057e |
+ }
|
|
|
163057e |
+
|
|
|
163057e |
if (fallback)
|
|
|
163057e |
return EVP_PKEY_CTX_ctrl(ctx, -1, op, ctrl, 0, (void *)(md));
|
|
|
163057e |
|
|
|
163057e |
diff --git a/doc/man5/config.pod b/doc/man5/config.pod
|
|
|
163057e |
index bd05736220..ed34ff4b9c 100644
|
|
|
163057e |
--- a/doc/man5/config.pod
|
|
|
163057e |
+++ b/doc/man5/config.pod
|
|
|
163057e |
@@ -304,6 +304,19 @@ Within the algorithm properties section, the following names have meaning:
|
|
|
163057e |
The value may be anything that is acceptable as a property query
|
|
|
163057e |
string for EVP_set_default_properties().
|
|
|
163057e |
|
|
|
163057e |
+=item B<rh-allow-sha1-signatures>
|
|
|
163057e |
+
|
|
|
163057e |
+The value is a boolean that can be B<yes> or B<no>. If the value is not set,
|
|
|
163057e |
+it behaves as if it was set to B<yes>.
|
|
|
163057e |
+
|
|
|
163057e |
+When set to B<no>, any attempt to create or verify a signature with a SHA1
|
|
|
163057e |
+digest will fail. To test whether your software will work with future versions
|
|
|
163057e |
+of OpenSSL, set this option to B<no>. This setting also affects TLS, where
|
|
|
163057e |
+signature algorithms that use SHA1 as digest will no longer be supported if
|
|
|
163057e |
+this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
|
|
|
163057e |
+pseudorandom function (PRF) to derive key material, disabling
|
|
|
163057e |
+B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
|
|
|
163057e |
+
|
|
|
163057e |
=item B<fips_mode> (deprecated)
|
|
|
163057e |
|
|
|
163057e |
The value is a boolean that can be B<yes> or B<no>. If the value is
|
|
|
163057e |
diff --git a/include/crypto/context.h b/include/crypto/context.h
|
|
|
163057e |
index cc06c71be8..e9f74a414d 100644
|
|
|
163057e |
--- a/include/crypto/context.h
|
|
|
163057e |
+++ b/include/crypto/context.h
|
|
|
163057e |
@@ -39,3 +39,6 @@ void ossl_rand_crng_ctx_free(void *);
|
|
|
163057e |
void ossl_thread_event_ctx_free(void *);
|
|
|
163057e |
void ossl_fips_prov_ossl_ctx_free(void *);
|
|
|
163057e |
void ossl_release_default_drbg_ctx(void);
|
|
|
163057e |
+
|
|
|
163057e |
+void *ossl_ctx_legacy_digest_signatures_new(OSSL_LIB_CTX *);
|
|
|
163057e |
+void ossl_ctx_legacy_digest_signatures_free(void *);
|
|
|
163057e |
diff --git a/include/internal/cryptlib.h b/include/internal/cryptlib.h
|
|
|
163057e |
index ac50eb3bbd..3b115cc7df 100644
|
|
|
163057e |
--- a/include/internal/cryptlib.h
|
|
|
163057e |
+++ b/include/internal/cryptlib.h
|
|
|
163057e |
@@ -168,7 +168,8 @@ typedef struct ossl_ex_data_global_st {
|
|
|
163057e |
# define OSSL_LIB_CTX_PROVIDER_CONF_INDEX 16
|
|
|
163057e |
# define OSSL_LIB_CTX_BIO_CORE_INDEX 17
|
|
|
163057e |
# define OSSL_LIB_CTX_CHILD_PROVIDER_INDEX 18
|
|
|
163057e |
-# define OSSL_LIB_CTX_MAX_INDEXES 19
|
|
|
163057e |
+# define OSSL_LIB_CTX_LEGACY_DIGEST_SIGNATURES_INDEX 19
|
|
|
163057e |
+# define OSSL_LIB_CTX_MAX_INDEXES 20
|
|
|
163057e |
|
|
|
163057e |
OSSL_LIB_CTX *ossl_lib_ctx_get_concrete(OSSL_LIB_CTX *ctx);
|
|
|
163057e |
int ossl_lib_ctx_is_default(OSSL_LIB_CTX *ctx);
|
|
|
163057e |
diff --git a/include/internal/sslconf.h b/include/internal/sslconf.h
|
|
|
163057e |
index fd7f7e3331..05464b0655 100644
|
|
|
163057e |
--- a/include/internal/sslconf.h
|
|
|
163057e |
+++ b/include/internal/sslconf.h
|
|
|
163057e |
@@ -18,4 +18,8 @@ int conf_ssl_name_find(const char *name, size_t *idx);
|
|
|
163057e |
void conf_ssl_get_cmd(const SSL_CONF_CMD *cmd, size_t idx, char **cmdstr,
|
|
|
163057e |
char **arg);
|
|
|
163057e |
|
|
|
163057e |
+/* Methods to support disabling all signatures with legacy digests */
|
|
|
163057e |
+int ossl_ctx_legacy_digest_signatures_allowed(OSSL_LIB_CTX *libctx, int loadconfig);
|
|
|
163057e |
+int ossl_ctx_legacy_digest_signatures_allowed_set(OSSL_LIB_CTX *libctx, int allow,
|
|
|
163057e |
+ int loadconfig);
|
|
|
163057e |
#endif
|
|
|
163057e |
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
|
|
|
163057e |
index 699ada7c52..e534ad0a5f 100644
|
|
|
163057e |
--- a/providers/common/securitycheck.c
|
|
|
163057e |
+++ b/providers/common/securitycheck.c
|
|
|
163057e |
@@ -19,6 +19,7 @@
|
|
|
163057e |
#include <openssl/core_names.h>
|
|
|
163057e |
#include <openssl/obj_mac.h>
|
|
|
163057e |
#include "prov/securitycheck.h"
|
|
|
163057e |
+#include "internal/sslconf.h"
|
|
|
163057e |
|
|
|
163057e |
/*
|
|
|
163057e |
* FIPS requires a minimum security strength of 112 bits (for encryption or
|
|
|
163057e |
@@ -235,6 +236,15 @@ int ossl_digest_get_approved_nid_with_sha1(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
163057e |
mdnid = -1; /* disallowed by security checks */
|
|
|
163057e |
}
|
|
|
163057e |
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
|
163057e |
+
|
|
|
163057e |
+#ifndef FIPS_MODULE
|
|
|
163057e |
+ if (!ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
|
163057e |
+ /* SHA1 is globally disabled, check whether we want to locally allow
|
|
|
163057e |
+ * it. */
|
|
|
163057e |
+ if (mdnid == NID_sha1 && !sha1_allowed)
|
|
|
163057e |
+ mdnid = -1;
|
|
|
163057e |
+#endif
|
|
|
163057e |
+
|
|
|
163057e |
return mdnid;
|
|
|
163057e |
}
|
|
|
163057e |
|
|
|
163057e |
@@ -244,5 +254,15 @@ int ossl_digest_is_allowed(OSSL_LIB_CTX *ctx, const EVP_MD *md)
|
|
|
163057e |
if (ossl_securitycheck_enabled(ctx))
|
|
|
163057e |
return ossl_digest_get_approved_nid(md) != NID_undef;
|
|
|
163057e |
# endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */
|
|
|
163057e |
+
|
|
|
163057e |
+#ifndef FIPS_MODULE
|
|
|
163057e |
+ {
|
|
|
163057e |
+ int mdnid = EVP_MD_nid(md);
|
|
|
163057e |
+ if ((mdnid == NID_sha1 || mdnid == NID_md5_sha1)
|
|
|
163057e |
+ && !ossl_ctx_legacy_digest_signatures_allowed(ctx, 0))
|
|
|
163057e |
+ return 0;
|
|
|
163057e |
+ }
|
|
|
163057e |
+#endif
|
|
|
163057e |
+
|
|
|
163057e |
return 1;
|
|
|
163057e |
}
|
|
|
163057e |
diff --git a/providers/common/securitycheck_default.c b/providers/common/securitycheck_default.c
|
|
|
163057e |
index 246323493e..2ca7a59f39 100644
|
|
|
163057e |
--- a/providers/common/securitycheck_default.c
|
|
|
163057e |
+++ b/providers/common/securitycheck_default.c
|
|
|
163057e |
@@ -15,6 +15,7 @@
|
|
|
163057e |
#include <openssl/obj_mac.h>
|
|
|
163057e |
#include "prov/securitycheck.h"
|
|
|
163057e |
#include "internal/nelem.h"
|
|
|
163057e |
+#include "internal/sslconf.h"
|
|
|
163057e |
|
|
|
163057e |
/* Disable the security checks in the default provider */
|
|
|
163057e |
int ossl_securitycheck_enabled(OSSL_LIB_CTX *libctx)
|
|
|
163057e |
@@ -29,9 +30,10 @@ int ossl_tls1_prf_ems_check_enabled(OSSL_LIB_CTX *libctx)
|
|
|
163057e |
}
|
|
|
163057e |
|
|
|
163057e |
int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
163057e |
- ossl_unused int sha1_allowed)
|
|
|
163057e |
+ int sha1_allowed)
|
|
|
163057e |
{
|
|
|
163057e |
int mdnid;
|
|
|
163057e |
+ int ldsigs_allowed;
|
|
|
163057e |
|
|
|
163057e |
static const OSSL_ITEM name_to_nid[] = {
|
|
|
163057e |
{ NID_md5, OSSL_DIGEST_NAME_MD5 },
|
|
|
163057e |
@@ -42,8 +44,11 @@ int ossl_digest_rsa_sign_get_md_nid(OSSL_LIB_CTX *ctx, const EVP_MD *md,
|
|
|
163057e |
{ NID_ripemd160, OSSL_DIGEST_NAME_RIPEMD160 },
|
|
|
163057e |
};
|
|
|
163057e |
|
|
|
163057e |
- mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, 1);
|
|
|
163057e |
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx, 0);
|
|
|
163057e |
+ mdnid = ossl_digest_get_approved_nid_with_sha1(ctx, md, sha1_allowed || ldsigs_allowed);
|
|
|
163057e |
if (mdnid == NID_undef)
|
|
|
163057e |
mdnid = ossl_digest_md_to_nid(md, name_to_nid, OSSL_NELEM(name_to_nid));
|
|
|
163057e |
+ if (mdnid == NID_md5_sha1 && !ldsigs_allowed)
|
|
|
163057e |
+ mdnid = -1;
|
|
|
163057e |
return mdnid;
|
|
|
163057e |
}
|
|
|
163057e |
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
|
|
|
163057e |
index 70d0ea5d24..3c482e0181 100644
|
|
|
163057e |
--- a/providers/implementations/signature/dsa_sig.c
|
|
|
163057e |
+++ b/providers/implementations/signature/dsa_sig.c
|
|
|
163057e |
@@ -123,12 +123,17 @@ static int dsa_setup_md(PROV_DSA_CTX *ctx,
|
|
|
163057e |
mdprops = ctx->propq;
|
|
|
163057e |
|
|
|
163057e |
if (mdname != NULL) {
|
|
|
163057e |
- int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
163057e |
WPACKET pkt;
|
|
|
163057e |
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
|
163057e |
- int md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
|
163057e |
- sha1_allowed);
|
|
|
163057e |
+ int md_nid;
|
|
|
163057e |
size_t mdname_len = strlen(mdname);
|
|
|
163057e |
+#ifdef FIPS_MODULE
|
|
|
163057e |
+ int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
163057e |
+#else
|
|
|
163057e |
+ int sha1_allowed = 0;
|
|
|
163057e |
+#endif
|
|
|
163057e |
+ md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
|
163057e |
+ sha1_allowed);
|
|
|
163057e |
|
|
|
163057e |
if (md == NULL || md_nid < 0) {
|
|
|
163057e |
if (md == NULL)
|
|
|
163057e |
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c
|
|
|
163057e |
index ebeb30e002..c874f87bd5 100644
|
|
|
163057e |
--- a/providers/implementations/signature/ecdsa_sig.c
|
|
|
163057e |
+++ b/providers/implementations/signature/ecdsa_sig.c
|
|
|
163057e |
@@ -237,7 +237,11 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
|
|
|
163057e |
"%s could not be fetched", mdname);
|
|
|
163057e |
return 0;
|
|
|
163057e |
}
|
|
|
163057e |
+#ifdef FIPS_MODULE
|
|
|
163057e |
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
163057e |
+#else
|
|
|
163057e |
+ sha1_allowed = 0;
|
|
|
163057e |
+#endif
|
|
|
163057e |
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
|
|
|
163057e |
sha1_allowed);
|
|
|
163057e |
if (md_nid < 0) {
|
|
|
163057e |
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
|
|
|
163057e |
index 2a5504d104..5f3a029566 100644
|
|
|
163057e |
--- a/providers/implementations/signature/rsa_sig.c
|
|
|
163057e |
+++ b/providers/implementations/signature/rsa_sig.c
|
|
|
163057e |
@@ -25,6 +25,7 @@
|
|
|
163057e |
#include "internal/cryptlib.h"
|
|
|
163057e |
#include "internal/nelem.h"
|
|
|
163057e |
#include "internal/sizes.h"
|
|
|
163057e |
+#include "internal/sslconf.h"
|
|
|
163057e |
#include "crypto/rsa.h"
|
|
|
163057e |
#include "prov/providercommon.h"
|
|
|
163057e |
#include "prov/implementations.h"
|
|
|
163057e |
@@ -33,6 +34,7 @@
|
|
|
163057e |
#include "prov/securitycheck.h"
|
|
|
163057e |
|
|
|
163057e |
#define RSA_DEFAULT_DIGEST_NAME OSSL_DIGEST_NAME_SHA1
|
|
|
163057e |
+#define RSA_DEFAULT_DIGEST_NAME_NONLEGACY OSSL_DIGEST_NAME_SHA2_256
|
|
|
163057e |
|
|
|
163057e |
OSSL_FUNC_signature_newctx_fn rsa_newctx;
|
|
|
163057e |
static OSSL_FUNC_signature_sign_init_fn rsa_sign_init;
|
|
|
163057e |
@@ -302,10 +304,15 @@ static int rsa_setup_md(PROV_RSA_CTX *ctx, const char *mdname,
|
|
|
163057e |
|
|
|
163057e |
if (mdname != NULL) {
|
|
|
163057e |
EVP_MD *md = EVP_MD_fetch(ctx->libctx, mdname, mdprops);
|
|
|
163057e |
+ int md_nid;
|
|
|
163057e |
+ size_t mdname_len = strlen(mdname);
|
|
|
163057e |
+#ifdef FIPS_MODULE
|
|
|
163057e |
int sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
|
|
|
163057e |
- int md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
|
163057e |
+#else
|
|
|
163057e |
+ int sha1_allowed = 0;
|
|
|
163057e |
+#endif
|
|
|
163057e |
+ md_nid = ossl_digest_rsa_sign_get_md_nid(ctx->libctx, md,
|
|
|
163057e |
sha1_allowed);
|
|
|
163057e |
- size_t mdname_len = strlen(mdname);
|
|
|
163057e |
|
|
|
163057e |
if (md == NULL
|
|
|
163057e |
|| md_nid <= 0
|
|
|
163057e |
@@ -1396,8 +1403,15 @@ static int rsa_set_ctx_params(void *vprsactx, const OSSL_PARAM params[])
|
|
|
163057e |
prsactx->pad_mode = pad_mode;
|
|
|
163057e |
|
|
|
163057e |
if (prsactx->md == NULL && pmdname == NULL
|
|
|
163057e |
- && pad_mode == RSA_PKCS1_PSS_PADDING)
|
|
|
163057e |
+ && pad_mode == RSA_PKCS1_PSS_PADDING) {
|
|
|
163057e |
pmdname = RSA_DEFAULT_DIGEST_NAME;
|
|
|
163057e |
+#ifndef FIPS_MODULE
|
|
|
163057e |
+ if (!ossl_ctx_legacy_digest_signatures_allowed(prsactx->libctx, 0)) {
|
|
|
163057e |
+ pmdname = RSA_DEFAULT_DIGEST_NAME_NONLEGACY;
|
|
|
163057e |
+ }
|
|
|
163057e |
+#endif
|
|
|
163057e |
+ }
|
|
|
163057e |
+
|
|
|
163057e |
|
|
|
163057e |
if (pmgf1mdname != NULL
|
|
|
163057e |
&& !rsa_setup_mgf1_md(prsactx, pmgf1mdname, pmgf1mdprops))
|
|
|
163057e |
diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
|
|
|
163057e |
index e6f4bcc045..8bc550ea5b 100644
|
|
|
163057e |
--- a/ssl/t1_lib.c
|
|
|
163057e |
+++ b/ssl/t1_lib.c
|
|
|
163057e |
@@ -20,6 +20,7 @@
|
|
|
163057e |
#include <openssl/bn.h>
|
|
|
163057e |
#include <openssl/provider.h>
|
|
|
163057e |
#include <openssl/param_build.h>
|
|
|
163057e |
+#include "internal/sslconf.h"
|
|
|
163057e |
#include "internal/nelem.h"
|
|
|
163057e |
#include "internal/sizes.h"
|
|
|
163057e |
#include "internal/tlsgroups.h"
|
|
|
163057e |
@@ -1151,11 +1152,13 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
|
|
163057e |
= OPENSSL_malloc(sizeof(*lu) * OSSL_NELEM(sigalg_lookup_tbl));
|
|
|
163057e |
EVP_PKEY *tmpkey = EVP_PKEY_new();
|
|
|
163057e |
int ret = 0;
|
|
|
163057e |
+ int ldsigs_allowed;
|
|
|
163057e |
|
|
|
163057e |
if (cache == NULL || tmpkey == NULL)
|
|
|
163057e |
goto err;
|
|
|
163057e |
|
|
|
163057e |
ERR_set_mark();
|
|
|
163057e |
+ ldsigs_allowed = ossl_ctx_legacy_digest_signatures_allowed(ctx->libctx, 0);
|
|
|
163057e |
for (i = 0, lu = sigalg_lookup_tbl;
|
|
|
163057e |
i < OSSL_NELEM(sigalg_lookup_tbl); lu++, i++) {
|
|
|
163057e |
EVP_PKEY_CTX *pctx;
|
|
|
163057e |
@@ -1175,6 +1178,11 @@ int ssl_setup_sig_algs(SSL_CTX *ctx)
|
|
|
163057e |
cache[i].enabled = 0;
|
|
|
163057e |
continue;
|
|
|
163057e |
}
|
|
|
163057e |
+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
|
|
|
163057e |
+ && !ldsigs_allowed) {
|
|
|
163057e |
+ cache[i].enabled = 0;
|
|
|
163057e |
+ continue;
|
|
|
163057e |
+ }
|
|
|
163057e |
|
|
|
163057e |
if (!EVP_PKEY_set_type(tmpkey, lu->sig)) {
|
|
|
163057e |
cache[i].enabled = 0;
|
|
|
163057e |
diff --git a/util/libcrypto.num b/util/libcrypto.num
|
|
|
163057e |
index 9cb8a4dda2..feb660d030 100644
|
|
|
163057e |
--- a/util/libcrypto.num
|
|
|
163057e |
+++ b/util/libcrypto.num
|
|
|
163057e |
@@ -5436,3 +5436,5 @@ EVP_CIPHER_CTX_dup 5563 3_1_0 EXIST::FUNCTION:
|
|
|
163057e |
BN_are_coprime 5564 3_1_0 EXIST::FUNCTION:
|
|
|
163057e |
OSSL_CMP_MSG_update_recipNonce 5565 3_0_9 EXIST::FUNCTION:CMP
|
|
|
163057e |
ossl_safe_getenv ? 3_0_0 EXIST::FUNCTION:
|
|
|
163057e |
+ossl_ctx_legacy_digest_signatures_allowed ? 3_0_1 EXIST::FUNCTION:
|
|
|
163057e |
+ossl_ctx_legacy_digest_signatures_allowed_set ? 3_0_1 EXIST::FUNCTION:
|
|
|
163057e |
--
|
|
|
163057e |
2.41.0
|
|
|
163057e |
|