From the release notes,
> This release contains a number of security fixes, some small features
> and bugfixes.
The most significant change in 9.6p1 is a set of fixes for a newly-
discovered weakness in the SSH transport protocol. The fix was already
merged into FreeBSD and released as FreeBSD-SA-23:19.openssh.
Full release notes at https://www.openssh.com/txt/release-9.6
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
OpenSSL itself keeps only a single copy of this header. Do the same in
sys/crypto/openssl to avoid the extra maintenance burden. This requires
adjusting the include paths for generated asm files.
No functional change intended.
Reported by: jrtc27
Reviewed by: jhb
MFC after: 3 months
Differential Revision: https://reviews.freebsd.org/D42866
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
Upstream is now https://github.com/zoulasc/blocklist/. Rename the
contrib directory and update Makefiles to match, in advance of the next
vendor branch update.
Sponsored by: The FreeBSD Foundation
OpenSSL 3.0.12 addresses:
* Fix incorrect key and IV resizing issues when calling
EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or EVP_CipherInit_ex2()
with OSSL_PARAM parameters that alter the key or IV length
([CVE-2023-5363]).
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
OpenSSL 3.0.11 addresses:
POLY1305 MAC implementation corrupts XMM registers on Windows (CVE-2023-4807)
Relnotes: Yes
Pull request: https://github.com/freebsd/freebsd-src/pull/852
Sponsored by: The FreeBSD Foundation
It may be needed when it's updated so is best to keep in sync with the
assembly files.
Reviewed by: emaste
Sponsored by: Arm Ltd
Differential Revision: https://reviews.freebsd.org/D41938
This corrects the list of source files required for the FIPS provider.
To test:
```
INSTALL PASSED
enter AES-128-CBC encryption password:
Verifying - enter AES-128-CBC encryption password:
U2FsdGVkX1+MGm7LbZou29UWU+KAyBX/PxF5T1pO9VM=
```
Reviewed by: emaste
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/837
Differential Revision: https://reviews.freebsd.org/D41720
When importing OpenSSL 3 in base, some but not all source files
implementing the deprecated 0.9.8 API were imported. With this change,
it becomes possible again to compile software targeting this API.
PR: 272220
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Reviewed by: emaste
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/851
OpenSSL's legacy provider module and engines need to link to
libcrypto.so, as it provides some of the actual implementations of
legacy routines.
This is a little tricky due to build order issues. Introduce a small
hack (LIBCRYPTO_WITHOUT_SUBDIRS) that builds libcrypto.so in its usual
early phase without any OpenSSL provider modules or engines. This is
intended to restore the test suite; a future change should remove the
hack and replace it with a better approach.
PR: 254853, 273528
Discussed with: Folks at EuroBSDCon in Coimbra
Sponsored by: The FreeBSD Foundation
These targets generate all the assembly files in sys/crypto/openssl.
Reviewed by: markj, emaste (earlier version)
Differential Revision: https://reviews.freebsd.org/D41590
Currently Makefile.asm relies on the current buildenv to set CFLAGS
for i386. The current approach also leaves various temporary *.s
files around in the current directory. To make this a bit better:
- Instead of using CFLAGS from buildenv for i386, define the actual
flags the perl scripts need: -DOPENSSL_IA32_SSE2 to enable SSE2.
- Change i386 to have the perl scripts write to /dev/stdout to avoid
creating temporaries. Previously i386 was generating the temporary
files in the OpenSSL contrib src.
- Cleanup temporary *.s files in the all target after generating the
real *.S files for architectures which need them.
- Remove a duplicate rule for aes-armv4.S.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D41589
The :R:S expressions removed the .pl extension only to add it back
again, so just trim them to using :T alone.
Reviewed by: Pierre Pronchery <pierre@freebsdfoundation.org>, markj, emaste
Differential Revision: https://reviews.freebsd.org/D41588
Summary:
- Six (6) new roots
- Four (4) distrusted roots
Note that this was intentionally generated with OpenSSL 1.1.1 to avoid
mixing updates and non-functional changes -- there will be some churn
with OpenSSL 3. The next commit will update the current batch of
trusted certs with the format OpenSSL 3 produces, which I've tested
against OpenSSL 1.1.1 to be sure that that doesn't hurt us in older
branches.
With this change, we'll drop the "with $FreeBSD$" lines from trusted/
certs in the next update. untrusted/ will need to be done manually, but
I'll likely just do them all manually, commit, then run the script and
commit any legitimate updates after confirming the output matches what
I did manually.
Reported by: imp
Reviewed by: imp
Differential Revision: https://reviews.freebsd.org/D41597
Notably, define AES_ASM which is required for any AES acceleration
(OpenSSL 1.0 gated all AES acceleration on OPENSSL_CPUID_OBJ instead).
Enabling this exposed that new assembly files added in OpenSSL 3.0
needed to be included in the build (aes-x86-64.S and aes-586.S). Both
of these files supplant both aes_core.c and aes_cbc.c. The last file
had to be moved out of the MI SRCS line for aes and into each ASM_*
for non-x86.
As part of this I audited the generated configdata.pm for amd64, i386,
and aarch64 and found the following additional discrepecancies that are
fixed here as well:
- Enabled BSAES_ASM on amd64 which requires bsase-x86_64.S
- Enabled WHIRLPOOL_ASM on amd64 (asm sources already built)
- Enabled CMLL_ASM on amd64 and i386 (asm sources already built)
aarch64 had no discreprecancies in configdata.pm, and no *.pl asm
generators were missing for aarch64 in Makefile.asm. I did not check
powerpc or armv7, but for armv7 all of the asm generators seem to be
present in Makefile.asm.
Reported by: gallatin (AES-GCM using plain software on amd64)
Reviewed by: gallatin, ngie, emaste
Differential Revision: https://reviews.freebsd.org/D41539
This only affects amd64 and i386, but in particular includes wrappers
for AES encryption/decryption that gate all of the accelerated AES.
Reviewed by: gallatin, ngie, emaste
Differential Revision: https://reviews.freebsd.org/D41537
It provides the RSA_generate_key function, which is deprecated as of
3.0 but is used by various ports.
Reviewed by: kbowling
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41506
It provides the ERR_load_*_strings routines, which are deprecated as of
3.0 but are used by various ports.
PR: 272580
Reviewed by: kbowling
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41505
This splits out the certctl utility into a new certctl package and the
openssl libs into an openssl-lib package.
PR: 272816
Reviewed by: manu
Differential Revision: https://reviews.freebsd.org/D41321
The fips.so provider module exposing FIPS-validated algorithms was still
missing a number of symbols.
PR: 272454
Reviewed by: markj
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D41018
These functions are new, and some ports (e.g.opensc) expect to have them
available. Add the file they're defined in to the build, and add them
to Version.map.
PR: 270076
Reviewed by: markj, emaste, pierre
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D40914
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change makes sure the FIPS module matches build instructions used for
libcrypto.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change adds mandatory source files to every provider.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "fips", ships with OpenSSL 3 directly, and groups
algorithms that can be FIPS 140-2 validated.
The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.
In addition, without the change in OpenSSL's crypto/bn/bn_const.c, the
FIPS module fails loading: `Undefined symbol "ossl_bignum_modp_1536_p"`.
This change is consistent with crypto/bn/bn_dh.c though.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "legacy", ships with OpenSSL 3 directly, and groups
obsoleted algorithms that can still optionally be used anyway.
The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
They break the !amd64 builds due to an underspecified include path and
will be re-applied once that's fixed.
Reported by: Ronald Klop <ronald-lists@klop.ws>
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change makes sure the FIPS module matches build instructions used for
libcrypto.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. This
change adds mandatory source files to every provider.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "fips", ships with OpenSSL 3 directly, and groups
algorithms that can be FIPS 140-2 validated.
The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.
In addition, without the change in OpenSSL's crypto/bn/bn_const.c, the
FIPS module fails loading: `Undefined symbol "ossl_bignum_modp_1536_p"`.
This change is consistent with crypto/bn/bn_dh.c though.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
OpenSSL 3 supports a modular architecture, allowing different providers
to bring specific implementations of cryptographical algorithms. One
such provider, "legacy", ships with OpenSSL 3 directly, and groups
obsoleted algorithms that can still optionally be used anyway.
The import of OpenSSL 3.0.9 was building this provider incorrectly,
missing symbols required for proper operation.
Sponsored by: The FreeBSD Foundation
Pull Request: https://github.com/freebsd/freebsd-src/pull/787
libcrypto intends to provide these routines on little-endian 64-bit
targets. This was previously done by including them in the ASM_aarch64
and ASM_amd64 blocks in the Makefile, but this excluded powerpc64le and
riscv64.
Reported by: ci.freebsd.org
Reviewed by: jrtc27
Fixes: b077aed33b ("Merge OpenSSL 3.0.9")
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D40749
The following methods have existed since 1.0.2, however, they are
deprecated and are not available on all architectures.
- EC_GFp_nistp224_method
- EC_GFp_nistp256_method
- EC_GFp_nistp521_method
Do not expose them via libcrypto.
Discussed with: emaste
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0. OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.
Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0. For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0. Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1. The process of updating to contemporary APIs can continue after
this merge.
Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit. Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.
There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g. haproxy).
Investigation will continue for these.
Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.
Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.
PR: 271615
PR: 271656 [exp-run]
Relnotes: Yes
Sponsored by: The FreeBSD Foundation
