Hi Matt The test program runs against our major new development so I cannot share it as is.
I will try to produce a skeleton version which I could let you have. - But that will be end if next week as I am away for a few days - That is providing that exhibits the bug. Mick From: Matt Caswell via RT [mailto:r...@openssl.org] Sent: 27 May 2016 10:46 To: Mick Saxton Cc: openssl-dev@openssl.org Subject: [openssl.org #4545] Crash in crypto/rand/md_rand.c On Fri May 20 15:49:49 2016, mi...@1e.com<mailto:mi...@1e.com> wrote: > Hi > > Before going any further I would like to state that I have only seen > this problem when we have 10000 or more concurrent connections. > > Mostly we notice it on Windows but I have seen it on linux (Ubuntu). > > I first noticed it when using v1.0.2d but have seen it again since > upgrading to v1.0.2h. > > It can happen in one of two places and results in a call to MD_Update > with a negative value. > > I have come up with a temporary fix which avoids the possibility of > crashing at the expense of some randomness. > The system is very highly stressed at this point so debugging further > is difficult. > > The fix I am using is probably not what you eventually will want to > implement but it does improve stability. > > 273: MD_Update(&m, &(state[st_idx]), (j - k) ); > Change to > 273: MD_Update(&m, &(state[st_idx]), (j - k) > 0 ? j - k : > 1); // mi...@1e.com<mailto:mi...@1e.com> (j -k) must not be negative > > And > > 495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - > k ) > Change to > 495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - > k > 0 ? MD_DIGEST_LENGTH / 2 - k : 1); // mi...@1e.com<mailto:mi...@1e.com> > (j -k) must > not be negative > > > I do have a test program which can reproduce this behaviour. Hi Mick Are you able to share your test program? Thanks Matt -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545<http://rt.openssl.org/Ticket/Display.html?id=4545> Please log in as guest with password guest if prompted ________________________________ Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
