[MacPorts] #63405: openssh @8.4p1_6 on El Capitan broken today - also keychain gives error message.

MacPorts noreply at macports.org
Thu Nov 18 18:31:43 UTC 2021 

#63405: openssh @8.4p1_6 on El Capitan broken today - also keychain gives error
message.
---------------------------------------+--------------------
  Reporter:  snowflake                 |      Owner:  (none)
      Type:  defect                    |     Status:  new
  Priority:  Normal                    |  Milestone:
 Component:  ports                     |    Version:  2.7.99
Resolution:                            |   Keywords:
      Port:  openssh keychain openssl  |
---------------------------------------+--------------------

Comment (by snowflake):

 This is on openssl3 @3.0.0_5+legacy; openssh @8.8p1_1+kerberos5+xauth;
 macOS 10.11.6

 I've now found the last frame in ssh-agent where the crash happens. It is
 here
 {{{
 frame #26: 0x000000010489fc81 ssh-agent`
 sshkey_private_deserialize(buf=0x00007ff133d21fe0,
  kp=0x00007fff5b3738f0) at sshkey.c:3672:7
    3669         switch (k->type) {
    3670         case KEY_RSA:
    3671         case KEY_RSA_CERT:
 -> 3672                 if (RSA_blinding_on(k->rsa, NULL) != 1) {
    3673                         r = SSH_ERR_LIBCRYPTO_ERROR;
    3674                         goto out;
    3675                 }
 }}}
 It is conditional on a RSA key, which explains why all the other key types
 work.

 Frame 4 is the last frame in libcrypto.3
 {{{
 frame #4: 0x0000000104c5390d libcrypto.3.dylib
 `syscall_random(buf=0x00007ff133c15710, buflen=32) at rand_unix.c:371:9
    368      }
    369  #    elif defined(OPENSSL_APPLE_CRYPTO_RANDOM)
    370
 -> 371      if (CCRandomGenerateBytes(buf, buflen) == kCCSuccess)
    372              return (ssize_t)buflen;
    373
    374      return -1;
 (lldb) up 1
 frame #5: 0x0000000104c53691
 libcrypto.3.dylib`ossl_pool_acquire_entropy(pool=0x00007ff133c156d0)
  at rand_unix.c:646:21
    643          bytes_needed = ossl_rand_pool_bytes_needed(pool, 1
 /*entropy_factor*/);
    644          while (bytes_needed != 0 && attempts-- > 0) {
    645              buffer = ossl_rand_pool_add_begin(pool, bytes_needed);
 -> 646              bytes = syscall_random(buffer, bytes_needed);
    647              if (bytes > 0) {
    648                  ossl_rand_pool_add_end(pool, bytes, 8 * bytes);
    649                  bytes_needed -= bytes;
 }}}
 So it looks like there is some bug in random number generation.

 On a slightly related note, after I had built and installed openssl3 with
 debugging symbols I tested it with mp-lldb-10
 {{{
 lldb /opt/local/bin/openssl
 }}}
 It worked once, so I tried it again and lldb crashed. These things are
 sent to try us.

-- 
Ticket URL: <https://trac.macports.org/ticket/63405#comment:18>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list