[openssl-dev] [BUG] Data race in md_rand.c functions

Short, Todd tshort at akamai.com
Fri Nov 6 14:31:03 UTC 2015 

Do you set any of the locking functions and/or do you configure with no-locking?

CRYPTO_set_locking_callback()
CRYPTO_set_add_lock_callback()

see: https://www.openssl.org/docs/manmaster/crypto/threads.html


--
-Todd Short
// tshort at akamai.com<mailto:tshort at akamai.com>
// "One if by land, two if by sea, three if by the Internet."

On Nov 5, 2015, at 8:42 PM, Dmitry Sobinov <dmitry at addlive.com<mailto:dmitry at addlive.com>> wrote:

We use OpenSSL for DTLS and for general random numbers generation. While checking our app with Clang Thread Sanitizer, we discovered following data race:

WARNING: ThreadSanitizer: data race (pid=20055)
  Read of size 4 at 0x7f14adbb7f98 by thread T18:
    #0 ssleay_rand_add /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/md_rand.c:220 (test_client+0x000000dd242a)
    #1 RAND_add /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/rand_lib.c:152 (test_client+0x000000c795be)
    #2 dtls1_connect /home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/d1_clnt.c:174 (test_client+0x000000f4850a)
    #3 SSL_do_handshake /home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/ssl_lib.c:2768 (test_client+0x000000f701ec)
    #4 DtlsSrtpTransport::handshakeIteration() /home/dmitry.sobinov/__/src/DtlsSrtpTransport.cpp:328 (test_client+0x00000079ef88)

  Previous write of size 4 at 0x7f14adbb7f98 by thread T41 (mutexes: write M869):
    #0 ssleay_rand_bytes /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/md_rand.c:392 (test_client+0x000000dd2e1f)
    #1 ssleay_rand_nopseudo_bytes /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/md_rand.c:536 (test_client+0x000000dd22cb)
    #2 RAND_bytes /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/rand_lib.c:159 (test_client+0x000000c7965a)
    #3 utils::generateRandomBytes(unsigned char*, unsigned long) /home/dmitry.sobinov/__/src/OpenSSLHelpers.cpp:45 (test_client+0x00000078a697)
    #4 unsigned short utils::random<unsigned short>() /home/dmitry.sobinov/__/include/utils/OpenSSLHelpers.h:42 (test_client+0x0000005a4bff)


Static global variable crypto_lock_rand is not protected by mutex or set as atomic. AFAIK it's undefined behaviour in c/c++.
OpenSSL was built with TSan instrumentation.


Thanks,
Dmitry Sobinov

_______________________________________________
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151106/c7a536cd/attachment.html>

More information about the openssl-dev mailing list