On 17/06/16 19:43, Mick Saxton via RT wrote: > Perhaps we should consider if there are any negative consequences to my > solution? > It does work. > > I am trying really hard to get contention but I am only seeing this problem > in about 1 out of 100,000 successful TLSv1.2 connections > On a heavily congested network. > I require three machines to just to run the test that causes the failure. > > All we are trying to do is get a random number – surely getting a slightly > less random number is better than crashing? > It could be that the problematic instances were going to disconnect anyway > due to TCP/IP problems. >
I think we need to try instrumenting the code to see if we can get some more information out. I will try and pull something together - but it might be Monday before I get the opportunity. Matt > > > Rather than my previous suggestion – I am now suggesting:- > > So in ssleay_rand_add > > If ( j-k>0 ) MD_Update(&m, &(state[st_idx]), j – k); > > And a similar fix in ssleay_rand_bytes > > > This also avoids adding zero bytes to the hash – which it does quite often. > > > > > From: Salz, Rich via RT [mailto:r...@openssl.org] > Sent: 17 June 2016 18:39 > To: Mick Saxton > Cc: openssl-dev@openssl.org > Subject: RE: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c > > Sending mail re-opens the ticket. > > Rats, wish it was fixed. Going to need something to more easily reproduce it, > I guess. > > -- > Ticket here: > http://rt.openssl.org/Ticket/Display.html?id=4545<http://rt.openssl.org/Ticket/Display.html?id=4545> > Please log in as guest with password guest if prompted > > ________________________________ > > > Legal Notice: This email is intended only for the person(s) to whom it is > addressed. If you are not an intended recipient and have received this > message in error, please notify the sender immediately by replying to this > email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email > and any attachments may be privileged and/or confidential. The unauthorized > use, disclosure, copying or printing of any information it contains is > strictly prohibited. The opinions expressed in this email are those of the > author and do not necessarily represent the views of 1E Ltd. Nothing in this > email will operate to bind 1E to any order or other contract. > -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev