<div dir="ltr"><div>Hello,<br><br></div>I can confirm that I have seen a similar behavior in multi-thread environment. Unfortunately, I do not have a script to reproduce it either.<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, May 20, 2016 at 6:49 PM, Mick Saxton via RT <span dir="ltr"><<a href="mailto:rt@openssl.org" target="_blank">rt@openssl.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi<br>
<br>
Before going any further I would like to state that I have only seen this problem when we have 10000 or more concurrent connections.<br>
<br>
Mostly we notice it on Windows but I have seen it on linux (Ubuntu).<br>
<br>
I first noticed it when using v1.0.2d but have seen it again since upgrading to v1.0.2h.<br>
<br>
It can happen in one of two places and results in a call to MD_Update with a negative value.<br>
<br>
I have come up with a temporary fix which avoids the possibility of crashing at the expense of some randomness.<br>
The system is very highly stressed at this point so debugging further is difficult.<br>
<br>
The fix I am using is probably not what you eventually will want to implement but it does improve stability.<br>
<br>
273: MD_Update(&m, &(state[st_idx]), (j - k) );<br>
Change to<br>
273: MD_Update(&m, &(state[st_idx]), (j - k) > 0 ? j - k : 1); // <a href="mailto:micks@1e.com">micks@1e.com</a> (j -k) must not be negative<br>
<br>
And<br>
<br>
495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k )<br>
Change to<br>
495: MD_Update(&m, &(state[st_idx]), MD_DIGEST_LENGTH / 2 - k > 0 ? MD_DIGEST_LENGTH / 2 - k : 1); // <a href="mailto:micks@1e.com">micks@1e.com</a> (j -k) must not be negative<br>
<br>
<br>
I do have a test program which can reproduce this behaviour.<br>
<br>
If I can be of further help - please contact me by email.<br>
<br>
Regards<br>
Mick Saxton<br>
<br>
________________________________<br>
<br>
<br>
Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Ticket here: <a href="http://rt.openssl.org/Ticket/Display.html?id=4545" rel="noreferrer" target="_blank">http://rt.openssl.org/Ticket/Display.html?id=4545</a><br>
Please log in as guest with password guest if prompted<br>
<br>
</font></span><br>--<br>
openssl-dev mailing list<br>
To unsubscribe: <a href="https://mta.openssl.org/mailman/listinfo/openssl-dev" rel="noreferrer" target="_blank">https://mta.openssl.org/mailman/listinfo/openssl-dev</a><br>
<br></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature" data-smartmail="gmail_signature">SY, Dmitry Belyavsky</div>
</div>