[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older (was: openssl3 @3.2.0_0+universal may have broken PRNG on Mavericks and older)

MacPorts noreply at macports.org
Tue Nov 28 18:07:36 UTC 2023 

#68766: openssl3 @3.2.0_0+universal may have broken PRNG on High Sierra and older
------------------------+------------------------
  Reporter:  fhgwright  |      Owner:  neverpanic
      Type:  defect     |     Status:  assigned
  Priority:  Normal     |  Milestone:
 Component:  ports      |    Version:
Resolution:             |   Keywords:
      Port:  openssl3   |
------------------------+------------------------

Comment (by neverpanic):

 Replying to [comment:49 fhgwright]:
 > Note that the failure on Sierra was reported here ''before'' the summary
 was changed to say "Mavericks and older".

 I missed the one report about this, that's my fault. I have changed it to
 High Sierra now, which I believe accurately represents the situation
 unless I'm missing something?


 > While I understand the "holding hostage" concept, breaking critical
 programs like `ssh` and `sshd` on many platforms just to rush out (less
 than an hour after the upstream release) an update that almost nobody
 actually needs was hardly reasonable.  There isn't even a "security fix"
 excuse, given that 3.1 is still fully supported upstream (as is 3.0, for
 that matter).  And breaking `sshd` on headless systems can make them
 difficult to fix.

 Homebrew has also already updated to 3.2. OpenSSL 3.2 also includes a fix
 for a timing side-channel in RSA PKCS#1v1.5 decryption that is exploitable
 using the Marvin Attack: https://people.redhat.com/~hkario/marvin/. The
 pull request that fixes this across all users is
 https://github.com/openssl/openssl/pull/13817, but was only merged into
 3.2. Without this change, higher-level libraries such as python
 cryptography cannot implement RSA PKCS#1v1.5 decryption in a timing side
 channel free way.


 > It looks like it was only sheer luck that the major upgrade from 3.0 to
 3.1 went smoothly.  1.0->1.1 was incompatible.  1.1->3.0 was incompatible.
 3.1->3.2 is currently majorly broken.  3.0->3.1 seems to have been the
 exception to the rule, and one shouldn't count on other major upgrades to
 go smoothly.

 3.1 to 3.2 isn't a major upgrade. The ABI is compatible.
 I'm not sure holding off on the update would have contributed to
 significantly broader test coverage, either.


 > BTW, I've also seen test failures on 10.14 x86_64 and 14.x arm64
 +universal.  I guess folks who think Sonoma is too old to worry about can
 ignore the latter.

 Please stop the ad-hominem attacks.

 Additionally, I did follow up on your comment saying that there are broken
 tests on 14.x by running the upstream test suite. I did not encounter test
 failures. Can you provide details?


 > IMO, it would make sense to have subports for all the separately
 maintained upstream versions, similar to what's already done for languages
 (and for the 1.x versions).  That would include not only `openssl31` and
 `openssl32`, but also `openssl30`, not only for completeness, but also to
 make that version available for testing, even though it's unlikely to be
 needed as a port dependency.  However, this is a significantly more
 complicated change than just a rollback plus a -devel for 3.2, and the
 priority should be undoing the damage ASAP.

 We've had that before, and I think it's an explicit non-goal. It locks us
 into not being able to update and stop maintaining the old port because
 some port still depends on it. Best example: The OpenSSL 1.1 port, which
 is now unmaintained, but we can't remove it because ports still use it.


 > I already have a fully tested commit for the latter, which I can submit
 as a PR if I'm not wasting my time.  It would take the pressure off
 figuring out how to fix the multiple issues in 3.2

 I don't think a general rollback on all systems is the way to go, as there
 are no issues I'm aware of in the range [current-3, current] (other than a
 PostgreSQL issue that is apparently on the PostgreSQL side, not in
 OpenSSL). I would take a pull request that rolls back older systems to
 3.1.4.

-- 
Ticket URL: <https://trac.macports.org/ticket/68766#comment:56>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list