Commit Graph

790 Commits

Author SHA1 Message Date
Jung-uk Kim
eb9b98fb5a OpenSSL: Regen manual pages for OpenSSL 1.1.1t 2023-02-07 14:01:15 -05:00
Jung-uk Kim
fb31345581 OpenSSL: Merge OpenSSL 1.1.1t 2023-02-07 13:54:16 -05:00
Ed Maste
f374ba41f5 ssh: update to OpenSSH 9.2p1
Release notes are available at https://www.openssh.com/txt/release-9.2

OpenSSH 9.2 contains fixes for two security problems and a memory safety
problem.  The memory safety problem is not believed to be exploitable.
These fixes have already been committed to OpenSSH 9.1 in FreeBSD.

Some other notable items from the release notes:

 * ssh(1): add a new EnableEscapeCommandline ssh_config(5) option that
   controls whether the client-side ~C escape sequence that provides a
   command-line is available. Among other things, the ~C command-line
   could be used to add additional port-forwards at runtime.

 * sshd(8): add support for channel inactivity timeouts via a new
   sshd_config(5) ChannelTimeout directive. This allows channels that
   have not seen traffic in a configurable interval to be
   automatically closed. Different timeouts may be applied to session,
   X11, agent and TCP forwarding channels.

 * sshd(8): add a sshd_config UnusedConnectionTimeout option to
   terminate client connections that have no open channels for a
   length of time. This complements the ChannelTimeout option above.
    
 * sshd(8): add a -V (version) option to sshd like the ssh client has.

 * scp(1), sftp(1): add a -X option to both scp(1) and sftp(1) to
   allow control over some SFTP protocol parameters: the copy buffer
   length and the number of in-flight requests, both of which are used
   during upload/download. Previously these could be controlled in
   sftp(1) only. This makes them available in both SFTP protocol
   clients using the same option character sequence.
    
 * ssh-keyscan(1): allow scanning of complete CIDR address ranges,
   e.g.  "ssh-keyscan 192.168.0.0/24". If a CIDR range is passed, then
   it will be expanded to all possible addresses in the range
   including the all-0s and all-1s addresses. bz#976

 * ssh(1): support dynamic remote port forwarding in escape
   command-line's -R processing. bz#3499

MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
2023-02-06 16:54:56 -05:00
John Baldwin
99df55bbb7 libcrypto padlock.so: Link with -z noexecstack for ld.bfd.
The assembly source files do not contain GNU-stack annotations, so
ld.bfd defaults to using an executable stack.
2022-11-22 08:37:04 -08:00
Li-Wen Hsu
160959df49
caroot: Update VCS instructions 2022-11-07 19:24:09 +08:00
Jung-uk Kim
93381ae06b OpenSSL: Regen manual pages for OpenSSL 1.1.1s 2022-11-01 19:38:40 -04:00
Ed Maste
38a52bd3b5 ssh: update to OpenSSH 9.1p1
Release notes are available at https://www.openssh.com/txt/release-9.1

9.1 contains fixes for three minor memory safety problems; these have
lready been merged to the copy of OpenSSH 9.0 that is in the FreeBSD base
system.

Some highlights copied from the release notes:

Potentially-incompatible changes
--------------------------------

 * ssh(1), sshd(8): SetEnv directives in ssh_config and sshd_config
   are now first-match-wins to match other directives. Previously
   if an environment variable was multiply specified the last set
   value would have been used. bz3438

 * ssh-keygen(8): ssh-keygen -A (generate all default host key types)
   will no longer generate DSA keys, as these are insecure and have
   not been used by default for some years.

New features
------------

 * ssh(1), sshd(8): add a RequiredRSASize directive to set a minimum
   RSA key length. Keys below this length will be ignored for user
   authentication and for host authentication in sshd(8).

 * sftp-server(8): add a "users-groups-by-id@openssh.com" extension
   request that allows the client to obtain user/group names that
   correspond to a set of uids/gids.

 * sftp(1): use "users-groups-by-id@openssh.com" sftp-server
   extension (when available) to fill in user/group names for
   directory listings.

 * sftp-server(8): support the "home-directory" extension request
   defined in draft-ietf-secsh-filexfer-extensions-00. This overlaps
   a bit with the existing "expand-path@openssh.com", but some other
   clients support it.

 * ssh-keygen(1), sshd(8): allow certificate validity intervals,
   sshsig verification times and authorized_keys expiry-time options
   to accept dates in the UTC time zone in addition to the default
   of interpreting them in the system time zone. YYYYMMDD and
   YYMMDDHHMM[SS] dates/times will be interpreted as UTC if suffixed
   with a 'Z' character.

   Also allow certificate validity intervals to be specified in raw
   seconds-since-epoch as hex value, e.g. -V 0x1234:0x4567890. This
   is intended for use by regress tests and other tools that call
   ssh-keygen as part of a CA workflow. bz3468

 * sftp(1): allow arguments to the sftp -D option, e.g. sftp -D
   "/usr/libexec/sftp-server -el debug3"

 * ssh-keygen(1): allow the existing -U (use agent) flag to work
   with "-Y sign" operations, where it will be interpreted to require
   that the private keys is hosted in an agent; bz3429

MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-10-19 10:27:11 -04:00
Baptiste Daroussin
b323fa85f1 openssl: install pc files
most programs in ports are looking for .pc files in order to get the
necessary information on how to compile and link against openssl.

The ports now also has a way to hide or force a path for pkgconf.

Providing .pc files along with openssl in base will allow (once all
the supported version of FreeBSD has it) so improve the framework to
deal with openssl in base vs openssl in ports (and libressl)

This will also greatly reduce the number of patches necessary to
workaround the build systems which only knows how to detect where
openssl is installed via pkgconf.

PR:		266051
MFC After:	3 weeks
Reviewed by:	jkim, delphij
Exp-run by:	antoine
Differential Revision:	https://reviews.freebsd.org/D36360
2022-09-06 09:32:02 +02:00
Jessica Clarke
3b41ae3212 libcrypto: Work around strict aliasing violations in bn_nist.c
This file is full of strict aliasing violations. Previously it was only
optimised in ways that broke the code by CHERI LLVM, but now it appears
that the in-tree LLVM also breaks it for RISC-V, resulting in broken
ECDSA signature validation with error messages like the following:

  root@unmatched:/usr/src # ssh-keygen -l -f /etc/ssh/ssh_host_ecdsa_key
  /etc/ssh/ssh_host_ecdsa_key is not a key file.
  root@unmatched:/usr/src # git fetch
  fatal: unable to access 'https://git.FreeBSD.org/src.git/': error:1012606B:elliptic curve routines:EC_POINT_set_affine_coordinates:point is not on curve

Reviewed by:	dim, jkim
Obtained from:	CheriBSD
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D35885
2022-07-25 18:17:50 +01:00
Jung-uk Kim
25fb251592 OpenSSL: Regen manual pages for OpenSSL 1.1.1q 2022-07-05 12:01:07 -04:00
Jung-uk Kim
b4bdc8f925 OpenSSL: Regen manual pages for OpenSSL 1.1.1p 2022-06-21 14:22:28 -04:00
Jung-uk Kim
9a3583bfbd OpenSSL: Merge OpenSSL 1.1.1o 2022-05-03 15:12:42 -04:00
Ed Maste
1323ec5712 ssh: update to OpenSSH v8.9p1
Release notes are available at https://www.openssh.com/txt/release-8.9

Some highlights:

 * ssh(1), sshd(8), ssh-add(1), ssh-agent(1): add a system for
   restricting forwarding and use of keys added to ssh-agent(1)

 * ssh(1), sshd(8): add the sntrup761x25519-sha512@openssh.com hybrid
   ECDH/x25519 + Streamlined NTRU Prime post-quantum KEX to the
   default KEXAlgorithms list (after the ECDH methods but before the
   prime-group DH ones). The next release of OpenSSH is likely to
   make this key exchange the default method.

 * sshd(8), portable OpenSSH only: this release removes in-built
   support for MD5-hashed passwords. If you require these on your
   system then we recommend linking against libxcrypt or similar.

Future deprecation notice
=========================

A near-future release of OpenSSH will switch scp(1) from using the
legacy scp/rcp protocol to using SFTP by default.

Legacy scp/rcp performs wildcard expansion of remote filenames (e.g.
"scp host:* .") through the remote shell. This has the side effect of
requiring double quoting of shell meta-characters in file names
included on scp(1) command-lines, otherwise they could be interpreted
as shell commands on the remote side.

MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2022-04-13 16:00:56 -04:00
Jung-uk Kim
5ac766ab8e OpenSSL: Merge OpenSSL 1.1.1n 2022-03-15 19:37:45 -04:00
Ed Maste
92ef98b8fa ssh: use standalone config file for security key support
An upcoming OpenSSH update has multiple config.h settings that change
depending on whether builtin security key support is enabled.  Prepare
for this by moving ENABLE_SK_INTERNAL to a new sk_config.h header
(similar to the approach used for optional krb5 support) and optionally
including that, instead of defining the macro directly from CFLAGS.

Reviewed by:	kevans
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D34407
2022-03-02 09:35:12 -05:00
Jung-uk Kim
754c4757c9 OpenSSL: Merge OpenSSL 1.1.1m 2021-12-14 16:03:52 -05:00
Piotr Kubaj
3a60869237 Add assembly optimized code for OpenSSL on powerpc, powerpc64 and powerpc64le
Summary:
1. 34ab13b7d8
needs to be merged for ELFv2 support on big-endian.
2. crypto/openssl/crypto/ppccap.c needs to be patched.
Same reason as in https://github.com/openssl/openssl/pull/17082.

Approved by:	jkim, jhibbits
MFC after:	1 month
Differential Revision: https://reviews.freebsd.org/D33076
2021-11-23 23:26:53 +01:00
Ed Maste
e9a994639b ssh: enable FIDO/U2F keys
Description of FIDO/U2F support (from OpenSSH 8.2 release notes,
https://www.openssh.com/txt/release-8.2):

  This release adds support for FIDO/U2F hardware authenticators to
  OpenSSH. U2F/FIDO are open standards for inexpensive two-factor
  authentication hardware that are widely used for website
  authentication.  In OpenSSH FIDO devices are supported by new public
  key types "ecdsa-sk" and "ed25519-sk", along with corresponding
  certificate types.

  ssh-keygen(1) may be used to generate a FIDO token-backed key, after
  which they may be used much like any other key type supported by
  OpenSSH, so long as the hardware token is attached when the keys are
  used. FIDO tokens also generally require the user explicitly
  authorise operations by touching or tapping them.

  Generating a FIDO key requires the token be attached, and will
  usually require the user tap the token to confirm the operation:

    $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
    Generating public/private ecdsa-sk key pair.
    You may need to touch your security key to authorize key generation.
    Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):
    Enter passphrase (empty for no passphrase):
    Enter same passphrase again:
    Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk
    Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub

  This will yield a public and private key-pair. The private key file
  should be useless to an attacker who does not have access to the
  physical token. After generation, this key may be used like any
  other supported key in OpenSSH and may be listed in authorized_keys,
  added to ssh-agent(1), etc. The only additional stipulation is that
  the FIDO token that the key belongs to must be attached when the key
  is used.

To enable FIDO/U2F support, this change regenerates ssh_namespace.h,
adds ssh-sk-helper, and sets ENABLE_SK_INTERNAL (unless building
WITHOUT_USB).

devd integration is not included in this change, and is under
investigation for the base system.  In the interim the security/u2f-devd
port can be installed to provide appropriate devd rules.

Reviewed by:	delphij, kevans
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32509
2021-11-04 13:01:44 -04:00
Ed Maste
9d63429fa1 ssh: move common Makefile boilerplate to a new ssh.mk
This moves SSHDIR and ssh_namespace.h handling to a common location,
and will simplify future work such as adding U2F support (D32509).

Reviewed by:	kevans
MFC after:	1 week
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32808
2021-11-03 19:38:05 -04:00
Ed Maste
1c99af1ebe libssh: Rearrange Makefile SRCS to match upstream Makefile.in
SRCS entries are kept in the same order and with the same line breaks
as upstream, to make comparison easier.

Reported by:	des
2021-10-19 20:10:56 -04:00
Ed Maste
576b58108c libssh: correct libssh src file list
Link against the ssh-sk-helper client rather than the sk internal
implementation.

PR:		258384
Tested by:	madpilot
Fixes:		f448c3ed4a ("openssh: Add new source files to libssl")
Fixes:		19261079b7 ("openssh: update to OpenSSH v8.7p1")
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D32529
2021-10-18 10:47:20 -04:00
Guido Falsi
f448c3ed4a openssh: Add new source files to libssl
Add some new OpenSSH v8.7p1 source files to the ones being used to
build libssl to avoid missing symbols.

PR:             258384
Fixes:          19261079b7 ("openssh: update to OpenSSH v8.7p1")
Approved by:    kevans (src)
2021-09-10 00:56:24 +02:00
Ed Maste
19261079b7 openssh: update to OpenSSH v8.7p1
Some notable changes, from upstream's release notes:

- sshd(8): Remove support for obsolete "host/port" syntax.
- ssh(1): When prompting whether to record a new host key, accept the key
  fingerprint as a synonym for "yes".
- ssh-keygen(1): when acting as a CA and signing certificates with an RSA
  key, default to using the rsa-sha2-512 signature algorithm.
- ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
  (RSA/SHA1) algorithm from those accepted for certificate signatures.
- ssh-sk-helper(8): this is a new binary. It is used by the FIDO/U2F
  support to provide address-space isolation for token middleware
  libraries (including the internal one).
- ssh(1): this release enables UpdateHostkeys by default subject to some
  conservative preconditions.
- scp(1): this release changes the behaviour of remote to remote copies
  (e.g. "scp host-a:/path host-b:") to transfer through the local host
  by default.
- scp(1): experimental support for transfers using the SFTP protocol as
  a replacement for the venerable SCP/RCP protocol that it has
  traditionally used.

Additional integration work is needed to support FIDO/U2F in the base
system.

Deprecation Notice
------------------

OpenSSH will disable the ssh-rsa signature scheme by default in the
next release.

Reviewed by:	imp
MFC after:	1 month
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D29985
2021-09-07 21:05:51 -04:00
Kyle Evans
76461921da caroot: update root store
- Four (4) added
- Two (2) removed
2021-09-04 02:32:20 -05:00
Jung-uk Kim
649ccdd753 OpenSSL: Reduce diff with the upstream
No functional change expected.
2021-09-01 00:27:45 -04:00
Jung-uk Kim
d594d17b85 OpenSSL: Regen manual pages for 1.1.1l 2021-09-01 00:27:45 -04:00
Ceri Davies
64e6e1e463 secure/caroot, certctl: Rename secure/caroot/blacklisted
Old certctl commands still work for compatability, but are deprecated.

Approved by:	secteam (gordon)
Differential Revision: https://reviews.freebsd.org/D30807
2021-06-18 13:38:07 +01:00
Edward Tomasz Napierala
7d681ad774 crypt_r(3): fix reentrancy problems with DES
This code was originally written for non-reentrant crypt(3).
In 5f521d7ba7, a thread-safe crypt_r(3) was introduced.  However,
it looks like the DES implementation is still not re-entrant;
routines like setup_salt() or des_setkey() still use global
variables.

Instead of something drastic, eg removing DES support altogether,
just mark those variables as thread-local.  This adds about 30kB
of data per thread.

Given that this only applies to DES, I think the impact is minimal.

Reviewed By:	markj
Sponsored by:	NetApp, Inc.
Sponsored by:	Klara, Inc.
Differential Revision:	https://reviews.freebsd.org/D30674
2021-06-15 11:06:40 +01:00
John Baldwin
7ad70d22c6 libcrypto: Add symbol versions for symbols added since 1.1.1d.
While here, trim a spurious local: I missed when added SSL_sendfile.

PR:		255277
Reported by:	yuri
Reviewed by:	jkim
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D30483
2021-05-28 15:18:15 -07:00
Emmanuel Vadot
ca179c4d74 pkgbase: Put openssl in its own package
This is useful for upgrade and also to make tiny jail so they won't
depend on FreeBSD-utilities (where openssl was packaged before).

MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D30081
2021-05-13 17:42:29 +02:00
Ed Maste
d55bf492f8 Revert "Add workaround for a QoS-related bug in VMWare Workstation."
This reverts commit 77c2fe20df.

The VMware Workstation issue was fixed in 2019[1], and we'd rather not
carry unnecessary local changes in OpenSSH.

[1] https://communities.vmware.com/t5/VMware-Workstation-Pro/Regression-ssh-results-in-broken-pipe-upon-connecting-in-Vmware/m-p/486105/highlight/true#M25470

PR:		234426
Discussed with:	yuripv
Approved by:	des
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
2021-04-25 17:17:22 -04:00
Kyle Evans
3016c5c2bf caroot: reroll the remaining certs
This adds a specific note that these are explicitly trusted for
server auth.

MFC after:	3 days
2021-04-13 16:59:34 -05:00
Kyle Evans
fac832b271 caroot: remove certs distrusted for server auth
- Fifteen (15) removed

MFC after:	3 days
2021-04-13 16:59:34 -05:00
Kyle Evans
c3510c941c caroot: update CA bundle processor
Our current processor was identified as trusting cert not explicitly
marked for SERVER_AUTH, as well as certs that were tagged with
DISTRUST_AFTER.

Update the script to handle both scenarios. This patch was originally
authored by mandree@ for ports, and it was subsequently ported to base
caroot.

MFC after:	3 days
2021-04-13 16:59:24 -05:00
Kyle Evans
446169e0b6 caroot: routine cert update
- Three (3) added
- Two (2) removed

MFC after:	3 days
2021-04-13 16:56:03 -05:00
Jung-uk Kim
7595394130 OpenSSL: Regen manual pages for 1.1.1k 2021-03-25 12:17:52 -04:00
Jung-uk Kim
351d06eeb5 OpenSSL: Regen manual page for the previous commit
This is regen for 9b2f020c14.

MFC after:	1 week
2021-02-17 18:19:13 -05:00
Jung-uk Kim
b840816061 OpenSSL: Remove obsolete include directory
This directory was deprecated since OpenSSL 1.1.1e.

https://github.com/openssl/openssl/pull/9681
2021-02-16 22:53:37 -05:00
Jung-uk Kim
e25db73fea OpenSSL: Regen manual pages for OpenSSL 1.1.1j. 2021-02-16 17:05:00 -05:00
Jung-uk Kim
bb8acd558e OpenSSL: Regenerate manual pages.
MFC after:	1 week
2021-01-28 10:24:24 -08:00
John Baldwin
aa906e2a49 OpenSSL: Support for kernel TLS offload (KTLS)
This merges upstream patches from OpenSSL's master branch to add
KTLS infrastructure for TLS 1.0-1.3 including both RX and TX
offload and SSL_sendfile support on both Linux and FreeBSD.

Note that TLS 1.3 only supports TX offload.

A new WITH/WITHOUT_OPENSSL_KTLS determines if OpenSSL is built with
KTLS support.  It defaults to enabled on amd64 and disabled on all
other architectures.

Reviewed by:	jkim (earlier version)
Approved by:	secteam
Obtained from:	OpenSSL (patches from master)
MFC after:	1 week
Relnotes:	yes
Sponsored by:	Netflix
Differential Revision:	https://reviews.freebsd.org/D28273
2021-01-28 10:24:13 -08:00
Kyle Evans
f20c0e3319 caroot: drop $FreeBSD$ expansion from root bundle
This debatably could have waited until the next update would have taken
place, but it's easier to see what changes if we get it out of the way
now.

MFC after:	3 days
2020-12-27 21:47:41 -06:00
Kyle Evans
15d474afee caroot: update bundle
Summary:
- One (1) added
- Ten (10) removed

MFC after:	3 days
2020-12-11 18:14:43 +00:00
Jung-uk Kim
c3c73b4f0a Merge OpenSSL 1.1.1i. 2020-12-09 02:05:14 +00:00
Stefan Eßer
1f474190fc Replace literal uses of /usr/local in C sources with _PATH_LOCALBASE
Literal references to /usr/local exist in a large number of files in
the FreeBSD base system. Many are in contributed software, in configuration
files, or in the documentation, but 19 uses have been identified in C
source files or headers outside the contrib and sys/contrib directories.

This commit makes it possible to set _PATH_LOCALBASE in paths.h to use
a different prefix for locally installed software.

In order to avoid changes to openssh source files, LOCALBASE is passed to
the build via Makefiles under src/secure. While _PATH_LOCALBASE could have
been used here, there is precedent in the construction of the path used to
a xauth program which depends on the LOCALBASE value passed on the compiler
command line to select a non-default directory.

This could be changed in a later commit to make the openssh build
consistently use _PATH_LOCALBASE. It is considered out-of-scope for this
commit.

Reviewed by:	imp
MFC after:	1 month
Differential Revision:	https://reviews.freebsd.org/D26942
2020-10-27 11:29:11 +00:00
John Baldwin
bc3d569800 Move generated OpenSSL assembly routines into the kernel sources.
Sponsored by:	Netflix
2020-10-20 17:00:43 +00:00
Jung-uk Kim
58f351825a Merge OpenSSL 1.1.1h. 2020-09-22 16:18:31 +00:00
Kyle Evans
eef96401a9 caroot: update base store
Count:
- Two (2) removed
- Three (3) added

MFC after:	3 days
2020-09-19 01:59:17 +00:00
Kyle Evans
fe815331bb build: provide a default WARNS for all in-tree builds
The current default is provided in various Makefile.inc in some top-level
directories and covers a good portion of the tree, but doesn't cover parts
of the build a little deeper (e.g. libcasper).

Provide a default in src.sys.mk and set WARNS to it in bsd.sys.mk if that
variable is defined. This lets us relatively cleanly provide a default WARNS
no matter where you're building in the src tree without breaking things
outside of the tree.

Crunchgen has been updated as a bootstrap tool to work on this change
because it needs r365605 at a minimum to succeed. The cleanup necessary to
successfully walk over this change on WITHOUT_CLEAN builds has been added.

There is a supplemental project to this to list all of the warnings that are
encountered when the environment has WARNS=6 NO_WERROR=yes:
https://warns.kevans.dev -- this project will hopefully eventually go away
in favor of CI doing a much better job than it.

Reviewed by:	emaste, brooks, ngie (all earlier version)
Reviewed by:	emaste, arichardson (depend-cleanup.sh change)
Differential Revision:	https://reviews.freebsd.org/D26455
2020-09-18 17:17:46 +00:00
Kyle Evans
8e0dc55e68 caroot: properly remove old distrusted roots
The proper procedure was not followed in r364943; all of these that were
deleted should have instead been moved over to the blacklist so that certctl
can DTRT.

Users must still `certctl rehash` after this, but this should generally be
done by one of mergemaster/etcupdate/freebsd-update/pkgbase already; note
that freebsd-update doesn't come into play for this particular update, as
these have not yet made it into a release.

Future work (after svn -> git) will likely change the script that updatecert
invokes to facilitate the process, rather than trusting that kevans or
whomever updates in the future will remember.

Reported by:	Helge Oldach <freebsd oldach net>
MFC after:	3 days
2020-09-02 12:57:34 +00:00