public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
* [rpms/openssl] rebase_40beta: As upstream disables TLS 1.0/1.1 on any SECLEVEL > 0,
@ 2026-06-09 12:45 Dmitry Belyavskiy
0 siblings, 0 replies; only message in thread
From: Dmitry Belyavskiy @ 2026-06-09 12:45 UTC (permalink / raw)
To: git-commits
A new commit has been pushed.
Repo : rpms/openssl
Branch : rebase_40beta
Commit : e9284f5bee9b3a6ebf87a4a40de5ec48747836b4
Author : Dmitry Belyavskiy <dbelyavs@redhat.com>
Date : 2024-06-27T16:03:58+02:00
Stats : +5/-280 in 3 file(s)
URL : https://src.fedoraproject.org/rpms/openssl/c/e9284f5bee9b3a6ebf87a4a40de5ec48747836b4?branch=rebase_40beta
Log:
As upstream disables TLS 1.0/1.1 on any SECLEVEL > 0,
there is no point keeping the SHA1 permission at SECLEVEL=1 anymore.
---
diff --git a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch b/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
deleted file mode 100644
index 33f79ce..0000000
--- a/0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
+++ /dev/null
@@ -1,205 +0,0 @@
-From 1fba75a6203d3ea2037d2fc2e1846f1b514c3d1d Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Wed, 6 Mar 2024 19:17:15 +0100
-Subject: [PATCH 23/49]
- 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
-
-Patch-name: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
-Patch-id: 52
-Patch-status: |
- # # Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
-From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
----
- crypto/x509/x509_vfy.c | 20 ++++++++++-
- doc/man5/config.pod | 7 ++++
- ssl/t1_lib.c | 67 ++++++++++++++++++++++++++++-------
- test/recipes/25-test_verify.t | 4 +--
- 4 files changed, 82 insertions(+), 16 deletions(-)
-
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 1794c14e99..1dfbe58a4a 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -25,6 +25,7 @@
- #include <openssl/objects.h>
- #include <openssl/core_names.h>
- #include "internal/dane.h"
-+#include "internal/sslconf.h"
- #include "crypto/x509.h"
- #include "x509_local.h"
-
-@@ -3668,14 +3669,31 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
- {
- int secbits = -1;
- int level = ctx->param->auth_level;
-+ int nid;
-+ OSSL_LIB_CTX *libctx = NULL;
-
- if (level <= 0)
- return 1;
- if (level > NUM_AUTH_LEVELS)
- level = NUM_AUTH_LEVELS;
-
-- if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
-+ if (ctx->libctx)
-+ libctx = ctx->libctx;
-+ else if (cert->libctx)
-+ libctx = cert->libctx;
-+ else
-+ libctx = OSSL_LIB_CTX_get0_global_default();
-+
-+ if (!X509_get_signature_info(cert, &nid, NULL, &secbits, NULL))
- return 0;
-
-+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
-+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
-+ && ctx->param->auth_level < 2)
-+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
-+ * explicitly allow SHA1 for backwards compatibility. Also allow
-+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ return 1;
-+
- return secbits >= minbits_table[level - 1];
- }
-diff --git a/doc/man5/config.pod b/doc/man5/config.pod
-index ed34ff4b9c..8ab5456c99 100644
---- a/doc/man5/config.pod
-+++ b/doc/man5/config.pod
-@@ -317,6 +317,13 @@ this option is set to B<no>. Because TLS 1.1 or lower use MD5-SHA1 as
- pseudorandom function (PRF) to derive key material, disabling
- B<rh-allow-sha1-signatures> requires the use of TLS 1.2 or newer.
-
-+Note that enabling B<rh-allow-sha1-signatures> will allow TLS signature
-+algorithms that use SHA1 in security level 1, despite the definition of
-+security level 1 of 80 bits of security, which SHA1 and MD5-SHA1 do not meet.
-+This allows using SHA1 and MD5-SHA1 in TLS in the LEGACY crypto-policy on
-+Fedora without requiring to set the security level to 0, which would include
-+further insecure algorithms, and thus restores support for TLS 1.0 and 1.1.
-+
- =item B<fips_mode> (deprecated)
-
- The value is a boolean that can be B<yes> or B<no>. If the value is
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 05dd7c5595..056aae3863 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -20,6 +20,7 @@
- #include <openssl/bn.h>
- #include <openssl/provider.h>
- #include <openssl/param_build.h>
-+#include "crypto/x509.h"
- #include "internal/sslconf.h"
- #include "internal/nelem.h"
- #include "internal/sizes.h"
-@@ -1977,19 +1978,28 @@ int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_UNKNOWN_DIGEST);
- return 0;
- }
-- /*
-- * Make sure security callback allows algorithm. For historical
-- * reasons we have to pass the sigalg as a two byte char array.
-- */
-- sigalgstr[0] = (sig >> 8) & 0xff;
-- sigalgstr[1] = sig & 0xff;
-- secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
-- if (secbits == 0 ||
-- !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
-- md != NULL ? EVP_MD_get_type(md) : NID_undef,
-- (void *)sigalgstr)) {
-- SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
-- return 0;
-+
-+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
-+ && ossl_ctx_legacy_digest_signatures_allowed(s->session_ctx->libctx, 0)
-+ && SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)) < 2) {
-+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
-+ * explicitly allow SHA1 for backwards compatibility. Also allow
-+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ } else {
-+ /*
-+ * Make sure security callback allows algorithm. For historical
-+ * reasons we have to pass the sigalg as a two byte char array.
-+ */
-+ sigalgstr[0] = (sig >> 8) & 0xff;
-+ sigalgstr[1] = sig & 0xff;
-+ secbits = sigalg_security_bits(s->session_ctx, lu);
-+ if (secbits == 0 ||
-+ !ssl_security(s, SSL_SECOP_SIGALG_CHECK, secbits,
-+ md != NULL ? EVP_MD_get_type(md) : NID_undef,
-+ (void *)sigalgstr)) {
-+ SSLfatal(s, SSL_AD_HANDSHAKE_FAILURE, SSL_R_WRONG_SIGNATURE_TYPE);
-+ return 0;
-+ }
- }
- /* Store the sigalg the peer uses */
- s->s3.tmp.peer_sigalg = lu;
-@@ -2563,6 +2573,15 @@ static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op,
- }
- }
-
-+ if ((lu->hash == NID_sha1 || lu->hash == NID_md5_sha1)
-+ && ossl_ctx_legacy_digest_signatures_allowed(s->session_ctx->libctx, 0)
-+ && SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)) < 2) {
-+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
-+ * explicitly allow SHA1 for backwards compatibility. Also allow
-+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ return 1;
-+ }
-+
- /* Finally see if security callback allows it */
- secbits = sigalg_security_bits(SSL_CONNECTION_GET_CTX(s), lu);
- sigalgstr[0] = (lu->sigalg >> 8) & 0xff;
-@@ -3467,6 +3486,8 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
- {
- /* Lookup signature algorithm digest */
- int secbits, nid, pknid;
-+ OSSL_LIB_CTX *libctx = NULL;
-+
-
- /* Don't check signature if self signed */
- if ((X509_get_extension_flags(x) & EXFLAG_SS) != 0)
-@@ -3476,6 +3497,26 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
- /* If digest NID not defined use signature NID */
- if (nid == NID_undef)
- nid = pknid;
-+
-+ if (x && x->libctx)
-+ libctx = x->libctx;
-+ else if (ctx && ctx->libctx)
-+ libctx = ctx->libctx;
-+ else if (s && s->session_ctx && s->session_ctx->libctx)
-+ libctx = s->session_ctx->libctx;
-+ else
-+ libctx = OSSL_LIB_CTX_get0_global_default();
-+
-+ if ((nid == NID_sha1 || nid == NID_md5_sha1)
-+ && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
-+ && ((s != NULL && SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)) < 2)
-+ || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
-+ ))
-+ /* When rh-allow-sha1-signatures = yes and security level <= 1,
-+ * explicitly allow SHA1 for backwards compatibility. Also allow
-+ * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ return 1;
-+
- if (s != NULL)
- return ssl_security(s, op, secbits, nid, x);
- else
-diff --git a/test/recipes/25-test_verify.t b/test/recipes/25-test_verify.t
-index 1c8fce86fd..a584629062 100644
---- a/test/recipes/25-test_verify.t
-+++ b/test/recipes/25-test_verify.t
-@@ -481,8 +481,8 @@ ok(verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "0"
- ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], ),
- "CA with PSS signature using SHA256");
-
--ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "1"),
-- "Reject PSS signature using SHA1 and auth level 1");
-+ok(!verify("ee-pss-sha1-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
-+ "Reject PSS signature using SHA1 and auth level 2");
-
- ok(verify("ee-pss-sha256-cert", "", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
- "PSS signature using SHA256 and auth level 2");
---
-2.44.0
-
diff --git a/0120-Allow-disabling-of-SHA1-signatures.patch b/0120-Allow-disabling-of-SHA1-signatures.patch
index a4fc66f..813470d 100644
--- a/0120-Allow-disabling-of-SHA1-signatures.patch
+++ b/0120-Allow-disabling-of-SHA1-signatures.patch
@@ -87,34 +87,6 @@ index 248f655d0f..92f98c4c21 100644
}
}
-diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
-index 1dfbe58a4a..6ef83792f8 100644
---- a/crypto/x509/x509_vfy.c
-+++ b/crypto/x509/x509_vfy.c
-@@ -29,6 +29,8 @@
- #include "crypto/x509.h"
- #include "x509_local.h"
-
-+#include <sys/sdt.h>
-+
- /* CRL score values */
-
- #define CRL_SCORE_NOCRITICAL 0x100 /* No unhandled critical extensions */
-@@ -3689,11 +3691,13 @@ static int check_sig_level(X509_STORE_CTX *ctx, X509 *cert)
-
- if ((nid == NID_sha1 || nid == NID_md5_sha1)
- && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
-- && ctx->param->auth_level < 2)
-+ && ctx->param->auth_level < 2) {
-+ DTRACE_PROBE1(libcrypto, fedora_check_sig_level_1, nid);
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
- return 1;
-+ }
-
- return secbits >= minbits_table[level - 1];
- }
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c
index f635b5aec8..b061125291 100644
--- a/providers/common/securitycheck.c
@@ -179,50 +151,6 @@ index 2ca7a59f39..13993b5eb1 100644
+ }
return mdnid;
}
-diff --git a/ssl/t1_lib.c b/ssl/t1_lib.c
-index 87f2ae7000..19ed7b6265 100644
---- a/ssl/t1_lib.c
-+++ b/ssl/t1_lib.c
-@@ -29,6 +29,8 @@
- #include "quic/quic_local.h"
- #include <openssl/ct.h>
-
-+#include <sys/sdt.h>
-+
- static const SIGALG_LOOKUP *find_sig_alg(SSL_CONNECTION *s, X509 *x, EVP_PKEY *pkey);
- static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op, const SIGALG_LOOKUP *lu);
-
-@@ -1998,6 +2000,7 @@ int tls12_check_peer_sigalg(SSL_CONNECTION *s, uint16_t sig, EVP_PKEY *pkey)
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ DTRACE_PROBE1(libssl, fedora_tls12_check_peer_sigalg_1, lu->hash);
- } else {
- /*
- * Make sure security callback allows algorithm. For historical
-@@ -2592,6 +2595,7 @@ static int tls12_sigalg_allowed(const SSL_CONNECTION *s, int op,
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ DTRACE_PROBE1(libssl, fedora_tls12_sigalg_allowed_1, lu->hash);
- return 1;
- }
-
-@@ -3564,11 +3568,13 @@ static int ssl_security_cert_sig(SSL_CONNECTION *s, SSL_CTX *ctx, X509 *x,
- && ossl_ctx_legacy_digest_signatures_allowed(libctx, 0)
- && ((s != NULL && SSL_get_security_level(SSL_CONNECTION_GET_SSL(s)) < 2)
- || (ctx != NULL && SSL_CTX_get_security_level(ctx) < 2)
-- ))
-+ )) {
- /* When rh-allow-sha1-signatures = yes and security level <= 1,
- * explicitly allow SHA1 for backwards compatibility. Also allow
- * MD5-SHA1 because TLS 1.0 is still supported, which uses it. */
-+ DTRACE_PROBE1(libssl, fedora_ssl_security_cert_sig_1, nid);
- return 1;
-+ }
-
- if (s != NULL)
- return ssl_security(s, op, secbits, nid, x);
--
GitLab
diff --git a/openssl.spec b/openssl.spec
index 1055099..2733d41 100644
--- a/openssl.spec
+++ b/openssl.spec
@@ -29,7 +29,7 @@ print(string.sub(hash, 0, 16))
Summary: Utilities from the general purpose cryptography library with TLS implementation
Name: openssl
Version: 3.2.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Epoch: 1
Source: openssl-%{version}.tar.gz
Source2: Makefile.certificate
@@ -89,8 +89,6 @@ Patch45: 0045-FIPS-services-minimize.patch
Patch47: 0047-FIPS-early-KATS.patch
# Selectively disallow SHA1 signatures rhbz#2070977
Patch49: 0049-Allow-disabling-of-SHA1-signatures.patch
-# Support SHA1 in TLS in LEGACY crypto-policy (which is SECLEVEL=1)
-Patch52: 0052-Allow-SHA1-in-seclevel-1-if-rh-allow-sha1-signatures.patch
# Originally from https://github.com/openssl/openssl/pull/18103
# As we rebased to 3.0.7 and used the version of the function
# not matching the upstream one, we have to use aliasing.
@@ -505,6 +503,10 @@ ln -s /etc/crypto-policies/back-ends/openssl_fips.config $RPM_BUILD_ROOT%{_sysco
%ldconfig_scriptlets libs
%changelog
+* Thu Jun 27 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-2
+- As upstream disables TLS 1.0/1.1 on any SECLEVEL > 0, there is no point
+ keeping the SHA1 permission at SECLEVEL=1 anymore.
+
* Thu Jun 06 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 1:3.2.2-1
- Rebase to 3.2.2
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-06-09 12:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2026-06-09 12:45 [rpms/openssl] rebase_40beta: As upstream disables TLS 1.0/1.1 on any SECLEVEL > 0, Dmitry Belyavskiy
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox