[openssl.org #1764] openssl-0.9.8i random generator bug

2014-07-26 Thread Rich Salz via RT 
no response in years, assuming the diagnosis is right. closing this.

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   majord...@openssl.org

[openssl.org #1764] openssl-0.9.8i random generator bug

2008-10-22 Thread Lutz Jaenicke via RT 
 [EMAIL PROTECTED] - Tue Oct 21 14:23:50 2008]:
 
 Hello rt,
 
   During stress testing my project, suddenly got crash inside openssl
 
   openssl version - openssl-0.9.8i
   compiler - Microsoft Visual Studio 2008 Professional Edition (C++
 project)
   project - x64 debug compilation
   OS - Microsoft Windows XP x64 Edition Service Pack 2
 
   usage example:
 __inline void Rand(unsigned char* pBuf, uintptr_t nSize)
 {
 RAND_pseudo_bytes(pBuf,int(nSize));
 }
 __inline uintptr_t Rand(void)
 {
 uintptr_t   nRet;
 Rand(reinterpret_castunsigned
 char*(nRet),sizeof(uintptr_t));
 return nRet;
 }
 
 uintptr_t = Rand();
 
   stress test:
   my code executing Rand() repeately in two threads with
   100% loading of Dual Core CPU, in 100k-300k calls application
   crashes. no need to wait long :)
 
   crash:
   0xc005 (ACCESS_VIOLATION)
   sha1_block_data_order d:\libraryes\openssl-
 0.9.8i\crypto\sha\sha_locl.h (259)
 
   where is wrong:
   ssleay_rand_bytes   d:\libraryes\openssl-
 0.9.8i\crypto\rand\md_rand.c (474)
 
   crypto\rand\md_rand.c line 470:
   k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; --- something wrong
 around this line
 
   with this data I'm getting crash:
   st_idx = 1032
   st_num = 1023
   k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; // k == 19
 
   // MD_DIGEST_LENGTH/2-k == -9
   MD_Update(m,(state[st_idx]),MD_DIGEST_LENGTH/2-k); // with -9 it
 will crash
 
   I'm getting 100% crashes at each stress test. :(

Hmm, that is odd. STATE_SIZE is 1024, so there must not be st_idx
with a value larger than 1023. Upon call st_idx is set from state_index.

As your application is using threads: have you made sure that proper
locking functions are activated? A failure to properly lock the threads
while updating st_idx and friends would explain a failure like this.

Best regards,
Lutz
__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #1764] openssl-0.9.8i random generator bug

2008-10-21 Thread Osup Ny via RT 
Hello rt,

  During stress testing my project, suddenly got crash inside openssl

  openssl version - openssl-0.9.8i
  compiler - Microsoft Visual Studio 2008 Professional Edition (C++ project)
  project - x64 debug compilation
  OS - Microsoft Windows XP x64 Edition Service Pack 2

  usage example:
__inline void Rand(unsigned char* pBuf, uintptr_t nSize)
{
RAND_pseudo_bytes(pBuf,int(nSize));
}
__inline uintptr_t Rand(void)
{
uintptr_t   nRet;
Rand(reinterpret_castunsigned char*(nRet),sizeof(uintptr_t));
return nRet;
}

uintptr_t = Rand();

  stress test:
  my code executing Rand() repeately in two threads with
  100% loading of Dual Core CPU, in 100k-300k calls application
  crashes. no need to wait long :)
  
  crash:
  0xc005 (ACCESS_VIOLATION)
  sha1_block_data_order d:\libraryes\openssl-0.9.8i\crypto\sha\sha_locl.h (259)

  where is wrong:
  ssleay_rand_bytes   d:\libraryes\openssl-0.9.8i\crypto\rand\md_rand.c (474)

  crypto\rand\md_rand.c line 470:
  k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; --- something wrong around this 
line

  with this data I'm getting crash:
  st_idx = 1032
  st_num = 1023
  k=(st_idx+MD_DIGEST_LENGTH/2)-st_num; // k == 19

  // MD_DIGEST_LENGTH/2-k == -9
  MD_Update(m,(state[st_idx]),MD_DIGEST_LENGTH/2-k); // with -9 it will crash

  I'm getting 100% crashes at each stress test. :(

  ps: sorry for my english

-- 
Best regards,
 Osup  mailto:[EMAIL PROTECTED]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   openssl-dev@openssl.org
Automated List Manager   [EMAIL PROTECTED]