Upstream OpenSSH commit f51423bda ("request 1.1x API compatibility for
OpenSSL >=3.x") requests OPENSSL_API_COMPAT version 0x10100000L (OpenSSL
1.1.0), in order to avoid warnings about deprecated functions.
Do the same here, to avoid getting those warnings.
Reviewed by: emaste
Approved by: emaste (mentor)
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D49517
(cherry picked from commit d4f438357e90ee1cb12819d092913fdbce813626)
Commit 9d63429fa1 ("ssh: move common Makefile boilerplate to a new
ssh.mk") introduced ssh.mk for common OpenSSH paths and flags, as part
of enabling FIDO/U2F. Move duplicated MK_LDNS and MK_TCP_WRAPPERS
handling there.
Reviewed by: kevans
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D31896
(cherry picked from commit d71e7e57fc1472e3ea6d31c44e187c2819d2c71e)
Centralize optional krb5_config.h handling in ssh.mk. Do not add
headers (that are committed to the src tree) to SRCS as there is no
need.
Reviewed by: imp, jlduran, kevans (all earlier)
MFC after: 1 month
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D34409
(cherry picked from commit 7f916236044d9a733de8b3c47b5dcbf71988cb03)
Currently, files that belong in the tests package are included in the
ssh, bsnmp, and clibs-dev packages:
ssh.plist
24:@dir(root,wheel,0755,) /usr/tests/secure/libexec
25:@(root,wheel,0444,) /usr/tests/secure/libexec/Kyuafile
bsnmp.plist
82:@dir(root,wheel,0755,) /usr/tests/lib/libbsnmp
83:@(root,wheel,0444,) /usr/tests/lib/libbsnmp/Kyuafile
84:@(root,wheel,0555,) /usr/tests/lib/libbsnmp/bsnmpd_test
clibs-dev.plist
2518:@dir(root,wheel,0755,) /usr/tests/lib/csu
2519:@(root,wheel,0444,) /usr/tests/lib/csu/Kyuafile
This is caused by the PACKAGE=foo assignment in foo/Makefile.inc which
overrides the default PACKAGE?=tests in bsd.test.mk.
To fix this, instead use PACKAGE?=foo in foo/Makefile.inc and set
PACKAGE=tests in foo/tests/Makefile.
PR: 249144
Reviewed by: bapt, emaste
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47025
(cherry picked from commit 3a56015a2f5d630910177fa79a522bb95511ccf7)
Highlights from the release notes are reproduced below. Bug fixes and
improvements that were previously merged into FreeBSD have been elided.
See the upstream release notes for full details of the 9.9p1 release
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
* ssh(1): remove support for pre-authentication compression.
* ssh(1), sshd(8): processing of the arguments to the "Match"
configuration directive now follows more shell-like rules for
quoted strings, including allowing nested quotes and \-escaped
characters.
New features
------------
* ssh(1), sshd(8): add support for a new hybrid post-quantum key
exchange based on the FIPS 203 Module-Lattice Key Enapsulation
mechanism (ML-KEM) combined with X25519 ECDH as described by
https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-ssh-pq-ke-03
This algorithm "mlkem768x25519-sha256" is available by default.
* ssh(1), sshd(8), ssh-agent(1): prevent private keys from being
included in core dump files for most of their lifespans. This is
in addition to pre-existing controls in ssh-agent(1) and sshd(8)
that prevented coredumps. This feature is supported on OpenBSD,
Linux and FreeBSD.
* All: convert key handling to use the libcrypto EVP_PKEY API, with
the exception of DSA.
Bugfixes
--------
* sshd(8): do not apply authorized_keys options when signature
verification fails. Prevents more restrictive key options being
incorrectly applied to subsequent keys in authorized_keys. bz3733
* ssh-keygen(1): include pathname in some of ssh-keygen's passphrase
prompts. Helps the user know what's going on when ssh-keygen is
invoked via other tools. Requested in GHPR503
* ssh(1), ssh-add(1): make parsing user@host consistently look for
the last '@' in the string rather than the first. This makes it
possible to more consistently use usernames that contain '@'
characters.
* ssh(1), sshd(8): be more strict in parsing key type names. Only
allow short names (e.g "rsa") in user-interface code and require
full SSH protocol names (e.g. "ssh-rsa") everywhere else. bz3725
* ssh-keygen(1): clarify that ed25519 is the default key type
generated and clarify that rsa-sha2-512 is the default signature
scheme when RSA is in use. GHPR505
---
Reviewed by: jlduran (build infrastructure)
Reviewed by: cy (build infrastructure)
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48947
(cherry picked from commit 3d9fd9fcb432750f3716b28f6ccb0104cd9d351a)
Approved by: re (accelerated MFC)
Highlights from the release notes are reproduced below. Some security
and bug fixes were previously merged into FreeBSD and have been elided.
See the upstream release notes for full details
(https://www.openssh.com/releasenotes.html).
---
Future deprecation notice
=========================
OpenSSH plans to remove support for the DSA signature algorithm in
early 2025.
Potentially-incompatible changes
--------------------------------
* sshd(8): the server will now block client addresses that
repeatedly fail authentication, repeatedly connect without ever
completing authentication or that crash the server. See the
discussion of PerSourcePenalties below for more information.
Operators of servers that accept connections from many users, or
servers that accept connections from addresses behind NAT or
proxies may need to consider these settings.
* sshd(8): the server has been split into a listener binary, sshd(8),
and a per-session binary "sshd-session". This allows for a much
smaller listener binary, as it no longer needs to support the SSH
protocol. As part of this work, support for disabling privilege
separation (which previously required code changes to disable) and
disabling re-execution of sshd(8) has been removed. Further
separation of sshd-session into additional, minimal binaries is
planned for the future.
* sshd(8): several log messages have changed. In particular, some
log messages will be tagged with as originating from a process
named "sshd-session" rather than "sshd".
* ssh-keyscan(1): this tool previously emitted comment lines
containing the hostname and SSH protocol banner to standard error.
This release now emits them to standard output, but adds a new
"-q" flag to silence them altogether.
* sshd(8): (portable OpenSSH only) sshd will no longer use argv[0]
as the PAM service name. A new "PAMServiceName" sshd_config(5)
directive allows selecting the service name at runtime. This
defaults to "sshd". bz2101
New features
------------
* sshd(8): sshd(8) will now penalise client addresses that, for various
reasons, do not successfully complete authentication. This feature is
controlled by a new sshd_config(5) PerSourcePenalties option and is
on by default.
* ssh(8): allow the HostkeyAlgorithms directive to disable the
implicit fallback from certificate host key to plain host keys.
Portability
-----------
* sshd(8): expose SSH_AUTH_INFO_0 always to PAM auth modules
unconditionally. The previous behaviour was to expose it only when
particular authentication methods were in use.
* ssh(1), ssh-agent(8): allow the presence of the WAYLAND_DISPLAY
environment variable to enable SSH_ASKPASS, similarly to the X11
DISPLAY environment variable. GHPR479
---
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48914
(cherry picked from commit 0fdf8fae8b569bf9fff3b5171e669dcd7cf9c79e)
(cherry picked from commit b4bb480ae9294d7e4b375f0ead9ae57517c79ef3)
(cherry picked from commit e95979047aec384852102cf8bb1d55278ea77eeb)
(cherry picked from commit dcb4ae528d357f34e4a4b4882c2757c67c98e395)
Approved by: re (accelerated MFC)
It is used only by scp and sftp, and already included directly in their
Makefiles. It does not belong in libssh.
Fixes: d8b043c8d4 ("Update for 3.6.1p1; also remove Kerberos IV shims.")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48871
(cherry picked from commit c0af32952564099fe30a34aeb335f95a6dc811ba)
XAUTH_PATH is normally set (in the upstream build infrastructure) in
config.h. We previously set it in ssh and sshd's Makefiles if LOCALBASE
is set, and over time have sometimes also defined it in config.h.
Leave it unset in config.h and move the CFLAGS logic to to ssh.mk so
that it will be set when building all ssh libraries and programs but
still be set by LOCALBASE.
Reviewed by: jlduran
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D48907
(cherry picked from commit a63701848fe5462c4e8bbff0131bb42979e603ec)
libecc is not intended to be general use, other applications should
really be using openssl. pkg(7) uses libecc to align with the pkg(8)
project and its goals. This will be used in the upcoming support for
ECC in pkg(7).
Reviewed by: emaste
(cherry picked from commit 05427f4639bcf2703329a9be9d25ec09bb782742)
This release incorporates the following bug fixes and mitigations:
- Fixed possible denial of service in X.509 name checks ([CVE-2024-6119])
- Fixed possible buffer overread in SSL_select_next_proto() ([CVE-2024-5535])
Release notes can be found at:
https://openssl-library.org/news/openssl-3.0-notes/index.html
Co-authored-by: gordon
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D46602
Merge commit '108164cf95d9594884c2dcccba2691335e6f221b'
(cherry picked from commit a7148ab39c03abd4d1a84997c70bf96f15dd2a09)
Update config/build info for OpenSSL 3.0.15
This is a companion commit to the OpenSSL 3.0.15 update.
`opensslv.h` was regenerated via the following process:
```
cd crypto/openssl
./config
git reset --hard
gmake include/openssl/opensslv.h
```
`Makefile.inc` has been updated to match.
MFC after: 1 week
MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09
Differential Revision: https://reviews.freebsd.org/D46603
(cherry picked from commit cc717b574d7faa2e0b2de1a985076286cef74187)
sys/crypto/openssl: update powerpc* ASM
This change updates the crypto powerpc* ASM via the prescribed process
documented in `crypto/openssl/FREEBSD-upgrade`.
This change syncs the ASM with 3.0.15's generated ASM.
MFC after: 1 week
MFC with: a7148ab39c03abd4d1a84997c70bf96f15dd2a09
MFC with: cc717b574d7faa2e0b2de1a985076286cef74187
Differential Revision: https://reviews.freebsd.org/D46604
(cherry picked from commit 77864b545b0aaa91bc78b1156c477825007a6233)
To comply with FIPS 140 guidance, you must be using a specifically
validated and approved version of the fips module. Currently, only
OpenSSL 3.0.8 and 3.0.9 have been approved by NIST for FIPS 140
validation. As such, we need to stop shipping later versions of the
module in the base system.
Differential Revision: https://reviews.freebsd.org/D46223
(cherry picked from commit 86dd740dd73aa88477ff450b2359abda1ad68534)
This is a companion commit to the OpenSSL 3.0.14 update.
MFC after: 3 days
MFC with: 44096ebd22ddd0081a357011714eff8963614b65
(cherry picked from commit 303596eac3f5a7fed63f1084028d811919d37eaf)
OpenSSL itself keeps only a single copy of this header. Do the same in
sys/crypto/openssl to avoid the extra maintenance burden. This requires
adjusting the include paths for generated asm files.
No functional change intended.
Reported by: jrtc27
Reviewed by: jhb
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D42866
(cherry picked from commit e655cc70dfcda5cfedb5a1d9bef1e87d55519f64)
Changes:
- One (1) modified
- Eight (8) added
- One (1) expired, now untrusted
MFC after: 3 days
(cherry picked from commit 0d3b2bdbf719ac6b5719a47387558ca9c34a4b2c)
From the release notes,
> This release contains a number of security fixes, some small features
> and bugfixes.
The most significant change in 9.6p1 is a set of fixes for a newly-
discovered weakness in the SSH transport protocol. The fix was already
merged into FreeBSD and released as FreeBSD-SA-23:19.openssh.
Full release notes at https://www.openssh.com/txt/release-9.6
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 069ac18495ad8fde2748bc94b0f80a50250bb01d)
Upstream is now https://github.com/zoulasc/blocklist/. Rename the
contrib directory and update Makefiles to match, in advance of the next
vendor branch update.
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5f4c09dd85bff675e0ca63c55ea3c517e0fddfcc)
OpenSSL 3.0.12 addresses:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
(cherry picked from commit ad991e4c142ebabad7aef488ad97b189ecabb270)
(cherry picked from commit 575878a533823aa3e5bab715928d9cdffbc4dcbc)
It may be needed when it's updated so is best to keep in sync with the
assembly files.
Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D41938
(cherry picked from commit c97a82d4a4a0288ed2a456f4ce41d57483724f17)
OpenSSL 3.0.11 addresses:
POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807)
Relnotes: Yes
Pull request: https://github.com/freebsd/freebsd-src/pull/852
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6f1af0d7d2af54b339b5212434cd6d4fda628d80)
When importing OpenSSL 3 in base, some but not all source files
implementing the deprecated 0.9.8 API were imported. With this change,
it becomes possible again to compile software targeting this API.
PR: 272220
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Reviewed by: emaste
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/851
(cherry picked from commit b15b39521644ebffdcc091bd283ed410b0ae9274)
This corrects the list of source files required for the FIPS provider.
To test:
```
INSTALL PASSED
enter AES-128-CBC encryption password:
Verifying - enter AES-128-CBC encryption password:
U2FsdGVkX1+MGm7LbZou29UWU+KAyBX/PxF5T1pO9VM=
```
Reviewed by: emaste
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/837
Differential Revision: https://reviews.freebsd.org/D41720
(cherry picked from commit 8f37b3a142f2f7197896cd283c44c7e4fb64aaf3)
OpenSSL's legacy provider module and engines need to link to
libcrypto.so, as it provides some of the actual implementations of
legacy routines.
This is a little tricky due to build order issues. Introduce a small
hack (LIBCRYPTO_WITHOUT_SUBDIRS) that builds libcrypto.so in its usual
early phase without any OpenSSL provider modules or engines. This is
intended to restore the test suite; a future change should remove the
hack and replace it with a better approach.
PR: 254853, 273528
Discussed with: Folks at EuroBSDCon in Coimbra
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 1a18383a52bc373e316d224cef1298debf6f7e25)
These targets generate all the assembly files in sys/crypto/openssl.
Reviewed by: markj, emaste (earlier version)
Differential Revision: https://reviews.freebsd.org/D41590
(cherry picked from commit 73653b72af65e294dcfedc43a8ea09b2137d72ed)
Currently Makefile.asm relies on the current buildenv to set CFLAGS
for i386. The current approach also leaves various temporary *.s
files around in the current directory. To make this a bit better:
- Instead of using CFLAGS from buildenv for i386, define the actual
flags the perl scripts need: -DOPENSSL_IA32_SSE2 to enable SSE2.
- Change i386 to have the perl scripts write to /dev/stdout to avoid
creating temporaries. Previously i386 was generating the temporary
files in the OpenSSL contrib src.
- Cleanup temporary *.s files in the all target after generating the
real *.S files for architectures which need them.
- Remove a duplicate rule for aes-armv4.S.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41589
(cherry picked from commit c0fe6b9d7506d6ce6f9ec3688ee0cc5656a8707e)
The :R:S expressions removed the .pl extension only to add it back
again, so just trim them to using :T alone.
Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org>, markj, emaste
Differential Revision: https://reviews.freebsd.org/D41588
(cherry picked from commit 7406b6f9761c35eb53f91f54d1a687d96d638907)
Summary:
- Six (6) new roots
- Four (4) distrusted roots
Note that this was intentionally generated with OpenSSL 1.1.1 to avoid
mixing updates and non-functional changes -- there will be some churn
with OpenSSL 3. The next commit will update the current batch of
trusted certs with the format OpenSSL 3 produces, which I've tested
against OpenSSL 1.1.1 to be sure that that doesn't hurt us in older
branches.
Approved by: re (kib)
(cherry picked from commit 65fd80909e196c8be2ce5e948775e9cbda2ef069)
An update is imminent; drop these now to make it easier to audit the
results.
Approved by: re (kib)
(cherry picked from commit 3f84d4b0fe1445bca5f3b6a70fc5641b88c31217)
With this change, we'll drop the "with $FreeBSD$" lines from trusted/
certs in the next update. untrusted/ will need to be done manually, but
I'll likely just do them all manually, commit, then run the script and
commit any legitimate updates after confirming the output matches what
I did manually.
Reported by: imp
Reviewed by: imp
Approved by: re (kib)
(cherry picked from commit bbc8585ef557be36b3fda75e3a41d725aedb1c1e)
Notably, define AES_ASM which is required for any AES acceleration
(OpenSSL 1.0 gated all AES acceleration on OPENSSL_CPUID_OBJ instead).
Enabling this exposed that new assembly files added in OpenSSL 3.0
needed to be included in the build (aes-x86-64.S and aes-586.S). Both
of these files supplant both aes_core.c and aes_cbc.c. The last file
had to be moved out of the MI SRCS line for aes and into each ASM_*
for non-x86.
As part of this I audited the generated configdata.pm for amd64, i386,
and aarch64 and found the following additional discrepecancies that are
fixed here as well:
- Enabled BSAES_ASM on amd64 which requires bsase-x86_64.S
- Enabled WHIRLPOOL_ASM on amd64 (asm sources already built)
- Enabled CMLL_ASM on amd64 and i386 (asm sources already built)
aarch64 had no discreprecancies in configdata.pm, and no *.pl asm
generators were missing for aarch64 in Makefile.asm. I did not check
powerpc or armv7, but for armv7 all of the asm generators seem to be
present in Makefile.asm.
Reported by: gallatin (AES-GCM using plain software on amd64)
Reviewed by: gallatin, ngie, emaste
Differential Revision: https://reviews.freebsd.org/D41539
This only affects amd64 and i386, but in particular includes wrappers
for AES encryption/decryption that gate all of the accelerated AES.
Reviewed by: gallatin, ngie, emaste
Differential Revision: https://reviews.freebsd.org/D41537
It provides the RSA_generate_key function, which is deprecated as of
3.0 but is used by various ports.
Reviewed by: kbowling
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41506
It provides the ERR_load_*_strings routines, which are deprecated as of
3.0 but are used by various ports.
PR: 272580
Reviewed by: kbowling
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41505
This splits out the certctl utility into a new certctl package and the
openssl libs into an openssl-lib package.
PR: 272816
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D41321
The fips.so provider module exposing FIPS-validated algorithms was still
missing a number of symbols.
PR: 272454
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41018
These functions are new, and some ports (e.g.opensc) expect to have them
available. Add the file they're defined in to the build, and add them
to Version.map.
PR: 270076
Reviewed by: markj, emaste, pierre
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40914
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change makes sure the FIPS module matches build instructions used for
libcrypto.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
