On Fri May 20 15:49:49 2016, mi...@1e.com wrote: > Hi > > Before going any further I would like to state that I have only seen > this problem when we have 10000 or more concurrent connections. > > Mostly we notice it on Windows but I have seen it on linux (Ubuntu). > > I first noticed it when using v1.0.2d but have seen it again since > upgrading to v1.0.2h. > > It can happen in one of two places and results in a call to MD_Update > with a negative value. > > I have come up with a temporary fix which avoids the possibility of > crashing at the expense of some randomness. > The system is very highly stressed at this point so debugging further > is difficult. > > The fix I am using is probably not what you eventually will want to > implement but it does improve stability. > > 273: MD_Update(&m, &(state[st_idx]), (j - k) ); > Change to > 273: MD_Update(&m, &(state[st_idx]), (j - k) > 0 ? j - k : > 1); // mi...@1e.com (j -k) must not be negative > > And > > 495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - > k ) > Change to > 495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - > k > 0 ? MD_DIGEST_LENGTH / 2 - k : 1); // mi...@1e.com (j -k) must > not be negative > > > I do have a test program which can reproduce this behaviour.
Hi Mick Are you able to share your test program? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
