[MacPorts] #68766: openssl3 @3.2.0_0+universal may have broken PRNG

MacPorts noreply at macports.org
Fri Nov 24 04:47:03 UTC 2023 

#68766: openssl3 @3.2.0_0+universal may have broken PRNG
-----------------------+----------------------
 Reporter:  fhgwright  |      Owner:  (none)
     Type:  defect     |     Status:  new
 Priority:  Normal     |  Milestone:
Component:  ports      |    Version:
 Keywords:             |       Port:  openssl3
-----------------------+----------------------
 After today's `upgrade outdated`, I found that `ssh` stopped working:
 {{{
 MacPro:~ fw$ ssh -4 MacPro
 PRNG is not seeded
 }}}
 This is related to the new `openssl3`.  Based on online threads, it seems
 that the typical cause on Linux systems is a problem with `/dev/random`
 and/or `/dev/urandom`, but that doesn't seem to be the case here, and it
 survives relogging in as well as rebooting.

 It can be seen directly with `openssl rand`:
 {{{
 --->  Activating openssl3 @3.2.0_0+universal
 MacPro:~ fw$ openssl rand -hex 8
 10835E74FF7F0000:error:0308010C:digital envelope
 routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:342:Global
 default library context, Algorithm (CTR-DRBG : 0), Properties (<null>)
 10835E74FF7F0000:error:12000090:random number
 generator:rand_new_drbg:unable to fetch drbg:crypto/rand/rand_lib.c:655:
 }}}
 Whereas:
 {{{
 --->  Activating openssl3 @3.1.4_1+universal
 MacPro:~ fw$ openssl rand -hex 8
 655a13b962ccc7df

 }}}
 The `openssh` upgrade build also failed with a PRNG-related error, but
 succeeded after rolling back `openssl3` to `3.1.4_1`.  This is really
 bizarre, since I don't see why it should need random numbers during the
 build.  Perhaps it's a "nonreproducible build" feature. :-)

 This is on 10.9.  It must not be entirely consistent, though, since I see
 an updated `openssh` package for `darwin13` on the servers later than the
 `openssl3` package.

 It looks like `OpenSSL 3.2.0` has some new paranoia regarding entropy,
 which may not be working properly on the Mac.

-- 
Ticket URL: <https://trac.macports.org/ticket/68766>
MacPorts <https://www.macports.org/>
Ports system for macOS

More information about the macports-tickets mailing list