isaacpittman-hitachi / rpms / openssl

Forked from rpms/openssl 2 years ago
Clone

Blame SOURCES/openssl-1.1.1-seclevel.patch

3a273b
diff -up openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1/crypto/x509/x509_vfy.c
3a273b
--- openssl-1.1.1/crypto/x509/x509_vfy.c.seclevel	2018-09-11 14:48:22.000000000 +0200
3a273b
+++ openssl-1.1.1/crypto/x509/x509_vfy.c	2018-10-01 14:34:43.083145020 +0200
3a273b
@@ -3220,6 +3220,7 @@ static int build_chain(X509_STORE_CTX *c
3a273b
 }
3a273b
 
3a273b
 static const int minbits_table[] = { 80, 112, 128, 192, 256 };
3a273b
+static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
3a273b
 static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
3a273b
 
3a273b
 /*
3a273b
@@ -3264,6 +3265,8 @@ static int check_sig_level(X509_STORE_CT
3a273b
 
3a273b
     if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
3a273b
         return 0;
3a273b
-
3a273b
-    return secbits >= minbits_table[level - 1];
3a273b
+    /* Allow SHA1 in SECLEVEL 2 in non-FIPS mode */
3a273b
+    if (FIPS_mode())
3a273b
+        return secbits >= minbits_table[level - 1];
3a273b
+    return secbits >= minbits_digest_table[level - 1];
3a273b
 }
3a273b
diff -up openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod
3a273b
--- openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod.seclevel	2018-09-11 14:48:22.000000000 +0200
3a273b
+++ openssl-1.1.1/doc/man3/SSL_CTX_set_security_level.pod	2018-10-01 14:34:43.083145020 +0200
3a273b
@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
3a273b
 
3a273b
 =item B<Level 2>
3a273b
 
3a273b
-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
3a273b
-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
3a273b
+Security level set to 112 bits of security with the exception of SHA1 allowed
3a273b
+for signatures.
3a273b
+As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
3a273b
+shorter than 224 bits are prohibited.
3a273b
 In addition to the level 1 exclusions any cipher suite using RC4 is also
3a273b
 prohibited. SSL version 3 is also not allowed. Compression is disabled.
3a273b
 
3a273b
diff -up openssl-1.1.1/ssl/ssl_cert.c.seclevel openssl-1.1.1/ssl/ssl_cert.c
3a273b
--- openssl-1.1.1/ssl/ssl_cert.c.seclevel	2018-09-11 14:48:23.000000000 +0200
3a273b
+++ openssl-1.1.1/ssl/ssl_cert.c	2018-10-12 15:29:12.673799305 +0200
3a273b
@@ -983,6 +983,9 @@ static int ssl_security_default_callback
3a273b
             return 0;
3a273b
         break;
3a273b
     default:
3a273b
+        /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
3a273b
+        if (nid == NID_sha1 && minbits == 112 && !FIPS_mode())
3a273b
+            break;
3a273b
         if (bits < minbits)
3a273b
             return 0;
3a273b
     }
3a273b
diff -up openssl-1.1.1/test/recipes/25-test_verify.t.seclevel openssl-1.1.1/test/recipes/25-test_verify.t
3a273b
--- openssl-1.1.1/test/recipes/25-test_verify.t.seclevel	2018-09-11 14:48:24.000000000 +0200
3a273b
+++ openssl-1.1.1/test/recipes/25-test_verify.t	2018-10-01 14:34:43.084145044 +0200
3a273b
@@ -342,8 +342,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
3a273b
 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
3a273b
     "CA with PSS signature using SHA256");
3a273b
 
3a273b
-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
3a273b
-    "Reject PSS signature using SHA1 and auth level 2");
3a273b
+ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
3a273b
+    "Reject PSS signature using SHA1 and auth level 3");
3a273b
 
3a273b
 ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
3a273b
     "PSS signature using SHA256 and auth level 2");