Accepting request 865443 from home:pmonrealgonzalez:branches:security:tls

- Disable test_srp subsection from 90-test_sslapi.t test
- Use SECLEVEL 2 in 80-test_ssl_new.t
- Add patches:
  * openssl-1_1-use-seclevel2-in-tests.patch
  * openssl-1_1-disable-test_srp-sslapi.patch

- Allow SHA1 in SECLEVEL 2 in non-FIPS mode
- Add openssl-1_1-seclevel.patch

OBS-URL: https://build.opensuse.org/request/show/865443
OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-1_1?expand=0&rev=82

openssl-1_1-disable-test_srp-sslapi.patch

@@ -0,0 +1,13 @@
+Index: openssl-1.1.1i/test/sslapitest.c
+===================================================================
+--- openssl-1.1.1i.orig/test/sslapitest.c
++++ openssl-1.1.1i/test/sslapitest.c
+@@ -6766,7 +6766,7 @@ int setup_tests(void)
+ #endif
+     ADD_ALL_TESTS(test_ssl_clear, 2);
+     ADD_ALL_TESTS(test_max_fragment_len_ext, OSSL_NELEM(max_fragment_len_test));
+-#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2)
++#if !defined(OPENSSL_NO_SRP) && !defined(OPENSSL_NO_TLS1_2) && 0
+     ADD_ALL_TESTS(test_srp, 6);
+ #endif
+     ADD_ALL_TESTS(test_info_callback, 6);

openssl-1_1-seclevel.patch

@@ -0,0 +1,160 @@
+diff -up openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel openssl-1.1.1g/crypto/x509/x509_vfy.c
+--- openssl-1.1.1g/crypto/x509/x509_vfy.c.seclevel	2020-04-21 14:22:39.000000000 +0200
++++ openssl-1.1.1g/crypto/x509/x509_vfy.c	2020-06-05 17:16:54.835536823 +0200
+@@ -3225,6 +3225,7 @@ static int build_chain(X509_STORE_CTX *c
+ }
+ 
+ static const int minbits_table[] = { 80, 112, 128, 192, 256 };
++static const int minbits_digest_table[] = { 80, 80, 128, 192, 256 };
+ static const int NUM_AUTH_LEVELS = OSSL_NELEM(minbits_table);
+ 
+ /*
+@@ -3276,6 +3277,11 @@ static int check_sig_level(X509_STORE_CT
+ 
+     if (!X509_get_signature_info(cert, NULL, NULL, &secbits, NULL))
+         return 0;
+-
+-    return secbits >= minbits_table[level - 1];
++    /*
++     * Allow SHA1 in SECLEVEL 2 in non-FIPS mode or when the magic
++     * disable SHA1 flag is not set.
++     */
++    if ((ctx->param->flags & 0x40000000) || FIPS_mode())
++        return secbits >= minbits_table[level - 1];
++    return secbits >= minbits_digest_table[level - 1];
+ }
+diff -up openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod
+--- openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod.seclevel	2020-04-21 14:22:39.000000000 +0200
++++ openssl-1.1.1g/doc/man3/SSL_CTX_set_security_level.pod	2020-06-04 15:48:01.608178833 +0200
+@@ -81,8 +81,10 @@ using MD5 for the MAC is also prohibited
+ 
+ =item B<Level 2>
+ 
+-Security level set to 112 bits of security. As a result RSA, DSA and DH keys
+-shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
++Security level set to 112 bits of security with the exception of SHA1 allowed
++for signatures.
++As a result RSA, DSA and DH keys shorter than 2048 bits and ECC keys
++shorter than 224 bits are prohibited.
+ In addition to the level 1 exclusions any cipher suite using RC4 is also
+ prohibited. SSL version 3 is also not allowed. Compression is disabled.
+ 
+diff -up openssl-1.1.1g/ssl/ssl_cert.c.seclevel openssl-1.1.1g/ssl/ssl_cert.c
+--- openssl-1.1.1g/ssl/ssl_cert.c.seclevel	2020-04-21 14:22:39.000000000 +0200
++++ openssl-1.1.1g/ssl/ssl_cert.c	2020-06-05 17:10:11.842198401 +0200
+@@ -27,6 +27,7 @@
+ static int ssl_security_default_callback(const SSL *s, const SSL_CTX *ctx,
+                                          int op, int bits, int nid, void *other,
+                                          void *ex);
++static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx);
+ 
+ static CRYPTO_ONCE ssl_x509_store_ctx_once = CRYPTO_ONCE_STATIC_INIT;
+ static volatile int ssl_x509_store_ctx_idx = -1;
+@@ -396,7 +397,7 @@ int ssl_verify_cert_chain(SSL *s, STACK_
+     X509_VERIFY_PARAM_set_auth_level(param, SSL_get_security_level(s));
+ 
+     /* Set suite B flags if needed */
+-    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s));
++    X509_STORE_CTX_set_flags(ctx, tls1_suiteb(s) | sha1_disable(s, NULL));
+     if (!X509_STORE_CTX_set_ex_data
+         (ctx, SSL_get_ex_data_X509_STORE_CTX_idx(), s)) {
+         goto end;
+@@ -953,12 +954,33 @@ static int ssl_security_default_callback
+             return 0;
+         break;
+     default:
++        /* allow SHA1 in SECLEVEL 2 in non FIPS mode */
++        if (nid == NID_sha1 && minbits == 112 && !sha1_disable(s, ctx))
++            break;
+         if (bits < minbits)
+             return 0;
+     }
+     return 1;
+ }
+ 
++static unsigned long sha1_disable(const SSL *s, const SSL_CTX *ctx)
++{
++    unsigned long ret = 0x40000000; /* a magical internal value used by X509_VERIFY_PARAM */
++    const CERT *c;
++
++    if (FIPS_mode())
++        return ret;
++
++    if (ctx != NULL) {
++       c = ctx->cert;
++    } else {
++       c = s->cert;
++    }
++    if (tls1_cert_sigalgs_have_sha1(c))
++        return 0;
++    return ret;
++}
++
+ int ssl_security(const SSL *s, int op, int bits, int nid, void *other)
+ {
+     return s->cert->sec_cb(s, NULL, op, bits, nid, other, s->cert->sec_ex);
+diff -up openssl-1.1.1g/ssl/ssl_local.h.seclevel openssl-1.1.1g/ssl/ssl_local.h
+--- openssl-1.1.1g/ssl/ssl_local.h.seclevel	2020-06-04 15:48:01.602178783 +0200
++++ openssl-1.1.1g/ssl/ssl_local.h	2020-06-05 17:02:22.666313410 +0200
+@@ -2576,6 +2576,7 @@ __owur int tls1_save_sigalgs(SSL *s, PAC
+ __owur int tls1_process_sigalgs(SSL *s);
+ __owur int tls1_set_peer_legacy_sigalg(SSL *s, const EVP_PKEY *pkey);
+ __owur int tls1_lookup_md(const SIGALG_LOOKUP *lu, const EVP_MD **pmd);
++int tls1_cert_sigalgs_have_sha1(const CERT *c);
+ __owur size_t tls12_get_psigalgs(SSL *s, int sent, const uint16_t **psigs);
+ #  ifndef OPENSSL_NO_EC
+ __owur int tls_check_sigalg_curve(const SSL *s, int curve);
+diff -up openssl-1.1.1g/ssl/t1_lib.c.seclevel openssl-1.1.1g/ssl/t1_lib.c
+--- openssl-1.1.1g/ssl/t1_lib.c.seclevel	2020-06-04 15:48:01.654179221 +0200
++++ openssl-1.1.1g/ssl/t1_lib.c	2020-06-05 17:02:40.268459157 +0200
+@@ -2145,6 +2145,36 @@ int tls1_set_sigalgs(CERT *c, const int
+     return 0;
+ }
+ 
++static int tls1_sigalgs_have_sha1(const uint16_t *sigalgs, size_t sigalgslen)
++{
++    size_t i;
++
++    for (i = 0; i < sigalgslen; i++, sigalgs++) {
++        const SIGALG_LOOKUP *lu = tls1_lookup_sigalg(*sigalgs);
++
++        if (lu == NULL)
++            continue;
++        if (lu->hash == NID_sha1)
++            return 1;
++    }
++    return 0;
++}
++
++
++int tls1_cert_sigalgs_have_sha1(const CERT *c)
++{
++    if (c->client_sigalgs != NULL) {
++        if (tls1_sigalgs_have_sha1(c->client_sigalgs, c->client_sigalgslen))
++            return 1;
++    }
++    if (c->conf_sigalgs != NULL) {
++        if (tls1_sigalgs_have_sha1(c->conf_sigalgs, c->conf_sigalgslen))
++            return 1;
++        return 0;
++    }
++    return 1;
++}
++
+ static int tls1_check_sig_alg(SSL *s, X509 *x, int default_nid)
+ {
+     int sig_nid, use_pc_sigalgs = 0;
+diff -up openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel openssl-1.1.1g/test/recipes/25-test_verify.t
+--- openssl-1.1.1g/test/recipes/25-test_verify.t.seclevel	2020-04-21 14:22:39.000000000 +0200
++++ openssl-1.1.1g/test/recipes/25-test_verify.t	2020-06-04 15:48:01.608178833 +0200
+@@ -346,8 +346,8 @@ ok(verify("ee-pss-sha1-cert", "sslserver
+ ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], ),
+     "CA with PSS signature using SHA256");
+ 
+-ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+-    "Reject PSS signature using SHA1 and auth level 2");
++ok(!verify("ee-pss-sha1-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "3"),
++    "Reject PSS signature using SHA1 and auth level 3");
+ 
+ ok(verify("ee-pss-sha256-cert", "sslserver", ["root-cert"], ["ca-cert"], "-auth_level", "2"),
+     "PSS signature using SHA256 and auth level 2");

openssl-1_1-use-seclevel2-in-tests.patch

@@ -0,0 +1,38 @@
+Index: openssl-1.1.1d/test/ssl_test.c
+===================================================================
+--- openssl-1.1.1d.orig/test/ssl_test.c
++++ openssl-1.1.1d/test/ssl_test.c
+@@ -435,6 +440,7 @@ static int test_handshake(int idx)
+ #endif
+     if (test_ctx->method == SSL_TEST_METHOD_TLS) {
+         server_ctx = SSL_CTX_new(TLS_server_method());
++        SSL_CTX_set_security_level(server_ctx, 1);
+         if (!TEST_true(SSL_CTX_set_max_proto_version(server_ctx,
+                                                      TLS_MAX_VERSION)))
+             goto err;
+@@ -443,21 +449,25 @@ static int test_handshake(int idx)
+             SSL_TEST_SERVERNAME_CB_NONE) {
+             if (!TEST_ptr(server2_ctx = SSL_CTX_new(TLS_server_method())))
+                 goto err;
++            SSL_CTX_set_security_level(server2_ctx, 1);
+             if (!TEST_true(SSL_CTX_set_max_proto_version(server2_ctx,
+                                                          TLS_MAX_VERSION)))
+                 goto err;
+         }
+         client_ctx = SSL_CTX_new(TLS_client_method());
++        SSL_CTX_set_security_level(client_ctx, 1);
+         if (!TEST_true(SSL_CTX_set_max_proto_version(client_ctx,
+                                                      TLS_MAX_VERSION)))
+             goto err;
+ 
+         if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
+             resume_server_ctx = SSL_CTX_new(TLS_server_method());
++            SSL_CTX_set_security_level(resume_server_ctx, 1);
+             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_server_ctx,
+                                                      TLS_MAX_VERSION)))
+                 goto err;
+             resume_client_ctx = SSL_CTX_new(TLS_client_method());
++            SSL_CTX_set_security_level(resume_client_ctx, 1);
+             if (!TEST_true(SSL_CTX_set_max_proto_version(resume_client_ctx,
+                                                          TLS_MAX_VERSION)))
+                 goto err;

openssl-1_1.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Wed Jan 20 15:59:01 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Disable test_srp subsection from 90-test_sslapi.t test
+- Use SECLEVEL 2 in 80-test_ssl_new.t
+- Add patches:
+  * openssl-1_1-use-seclevel2-in-tests.patch
+  * openssl-1_1-disable-test_srp-sslapi.patch
+
+-------------------------------------------------------------------
+Fri Jan  8 17:49:33 UTC 2021 - Pedro Monreal <pmonreal@suse.com>
+
+- Allow SHA1 in SECLEVEL 2 in non-FIPS mode
+- Add openssl-1_1-seclevel.patch
+
 -------------------------------------------------------------------
 Thu Dec 17 17:16:08 UTC 2020 - Pedro Monreal <pmonreal@suse.com> 
 

openssl-1_1.spec

@@ -87,6 +87,10 @@ Patch47:        openssl-unknown_dgst.patch
 Patch50:        openssl-s390x-assembly-pack-accelerate-X25519-X448-Ed25519-and-Ed448.patch
 Patch51:        openssl-s390x-fix-x448-and-x448-test-vector-ctime-for-x25519-and-x448.patch
 Patch52:        openssl-1.1.1-system-cipherlist.patch
+# PATCH-FIX-OPENSUSE jsc#SLE-15832 Centralized Crypto Compliance Configuration
+Patch53:        openssl-1_1-seclevel.patch
+Patch54:        openssl-1_1-use-seclevel2-in-tests.patch
+Patch55:        openssl-1_1-disable-test_srp-sslapi.patch
 BuildRequires:  pkgconfig
 Conflicts:      ssl
 Provides:       ssl
@@ -212,8 +216,10 @@ make all %{?_smp_mflags}
 %check
 export MALLOC_CHECK_=3
 export MALLOC_PERTURB_=$(($RANDOM % 255 + 1))
+#export HARNESS_VERBOSE=1
 LD_LIBRARY_PATH=`pwd` make test -j1
-# show cyphers
+
+# show ciphers
 gcc -o showciphers %{optflags} -I%{buildroot}%{_includedir} %{SOURCE5} -L%{buildroot}%{_libdir} -lssl -lcrypto
 LD_LIBRARY_PATH=%{buildroot}%{_libdir} ./showciphers