You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
160 lines
6.5 KiB
160 lines
6.5 KiB
diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c |
|
--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel 2020-04-21 14:22:39.000000000 +0200 |
|
+++ openssl-1.1.1g/crypto/x509/x509_vfy.c 2020-06-05 17:16:54.835536823 +0200 |
|
@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c |
|
} |
|
|
|
static const int minbits_table[] = { 80, 112, 128, 192, 256 }; |
|
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 }; |
|
static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table); |
|
|
|
/* |
|
@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT |
|
|
|
if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL)) |
|
return 0; |
|
- |
|
- return secbits >= minbits_table[level - 1]; |
|
+ /* |
|
+ * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic |
|
+ * disable SHA1 flag is not set. |
|
+ */ |
|
+ if ((ctx->param->flags & 0x40000000) || FIPS_mode()) |
|
+ return secbits >= minbits_table[level - 1]; |
|
+ return secbits >= minbits_digest_table[level - 1]; |
|
} |
|
diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod |
|
--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel 2020-04-21 14:22:39.000000000 +0200 |
|
+++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod 2020-06-04 15:48:01.608178833 +0200 |
|
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited |
|
|
|
=item B<Level 2> |
|
|
|
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys |
|
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited. |
|
+Security level set to 112 bits of security with the exception of SHA1 allowed |
|
+for signatures. |
|
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys |
|
+shorter than 224 bits are prohibited. |
|
In addition to the level 1 exclusions any cipher suite using RC4 is also |
|
prohibited. SSL version 3 is also not allowed. Compression is disabled. |
|
|
|
diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c |
|
--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel 2020-04-21 14:22:39.000000000 +0200 |
|
+++ openssl-1.1.1g/ssl/ssl_cert.c 2020-06-05 17:10:11.842198401 +0200 |
|
@@ -27,6 +27,7 @@ |
|
static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx, |
|
int op, int bits, int nid, void *other, |
|
void *ex); |
|
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx); |
|
|
|
static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT; |
|
static volatile int ssl_x509_store_ctx_idx = -1; |
|
@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_ |
|
X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s)); |
|
|
|
/* Set suite B flags if needed */ |
|
- X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s)); |
|
+ X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL)); |
|
if (!X509_STORE_CTX_set_ex_data |
|
(ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) { |
|
goto end; |
|
@@ -953,12 +954,33 @@ static int ssl_security_default_callback |
|
return 0; |
|
break; |
|
default: |
|
+ /* allow SHA1 in SECLEVEL 2 in non FIPS mode */ |
|
+ if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx)) |
|
+ break; |
|
if (bits < minbits) |
|
return 0; |
|
} |
|
return 1; |
|
} |
|
|
|
+static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx) |
|
+{ |
|
+ unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */ |
|
+ const CERT *c; |
|
+ |
|
+ if (FIPS_mode()) |
|
+ return ret; |
|
+ |
|
+ if (ctx != NULL) { |
|
+ c = ctx->cert; |
|
+ } else { |
|
+ c = s->cert; |
|
+ } |
|
+ if (tls1_cert_sigalgs_have_sha1(c)) |
|
+ return 0; |
|
+ return ret; |
|
+} |
|
+ |
|
int ssl_security(const SSL *s, int op, int bits, int nid, void *other) |
|
{ |
|
return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex); |
|
diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h |
|
--- openssl-1.1.1g/ssl/ssl_local.h.seclevel 2020-06-04 15:48:01.602178783 +0200 |
|
+++ openssl-1.1.1g/ssl/ssl_local.h 2020-06-05 17:02:22.666313410 +0200 |
|
@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC |
|
__owur int tls1_process_sigalgs(SSL *s); |
|
__owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey); |
|
__owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd); |
|
+int tls1_cert_sigalgs_have_sha1(const CERT *c); |
|
__owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs); |
|
# ifndef OPENSSL_NO_EC |
|
__owur int tls_check_sigalg_curve(const SSL *s, int curve); |
|
diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c |
|
--- openssl-1.1.1g/ssl/t1_lib.c.seclevel 2020-06-04 15:48:01.654179221 +0200 |
|
+++ openssl-1.1.1g/ssl/t1_lib.c 2020-06-05 17:02:40.268459157 +0200 |
|
@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int |
|
return 0; |
|
} |
|
|
|
+static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen) |
|
+{ |
|
+ size_t i; |
|
+ |
|
+ for (i = 0; i < sigalgslen; i++, sigalgs++) { |
|
+ const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs); |
|
+ |
|
+ if (lu == NULL) |
|
+ continue; |
|
+ if (lu->hash == NID_sha1) |
|
+ return 1; |
|
+ } |
|
+ return 0; |
|
+} |
|
+ |
|
+ |
|
+int tls1_cert_sigalgs_have_sha1(const CERT *c) |
|
+{ |
|
+ if (c->client_sigalgs != NULL) { |
|
+ if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen)) |
|
+ return 1; |
|
+ } |
|
+ if (c->conf_sigalgs != NULL) { |
|
+ if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen)) |
|
+ return 1; |
|
+ return 0; |
|
+ } |
|
+ return 1; |
|
+} |
|
+ |
|
static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid) |
|
{ |
|
int sig_nid, use_pc_sigalgs = 0; |
|
diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t |
|
--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel 2020-04-21 14:22:39.000000000 +0200 |
|
+++ openssl-1.1.1g/test/recipes/25-test_verify.t 2020-06-04 15:48:01.608178833 +0200 |
|
@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver |
|
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ), |
|
"CA with PSS signature using SHA256"); |
|
|
|
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), |
|
- "Reject PSS signature using SHA1 and auth level 2"); |
|
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"), |
|
+ "Reject PSS signature using SHA1 and auth level 3"); |
|
|
|
ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"), |
|
"PSS signature using SHA256 and auth level 2");
|
|
|