[openssl-dev] [BUG] Data race in md_rand.c functions

Dmitry Sobinov dmitry at addlive.com
Sat Nov 7 05:08:41 UTC 2015 

It's set by boost::asio lazily on first use which happens early in the app
lifetime (before any use of DTLS).

On Sat, Nov 7, 2015 at 1:31 AM, Short, Todd <tshort at akamai.com> wrote:

> Do you set any of the locking functions and/or do you configure with
> no-locking?
>
> CRYPTO_set_locking_callback()
> CRYPTO_set_add_lock_callback()
>
> see: https://www.openssl.org/docs/manmaster/crypto/threads.html
>
>
> --
> -Todd Short
> // tshort at akamai.com
> // "One if by land, two if by sea, three if by the Internet."
>
> On Nov 5, 2015, at 8:42 PM, Dmitry Sobinov <dmitry at addlive.com> wrote:
>
> We use OpenSSL for DTLS and for general random numbers generation. While
> checking our app with Clang Thread Sanitizer, we discovered following data
> race:
>
> WARNING: ThreadSanitizer: data race (pid=20055)
>   Read of size 4 at 0x7f14adbb7f98 by thread T18:
>     #0 ssleay_rand_add
> /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/md_rand.c:220
> (test_client+0x000000dd242a)
>     #1 RAND_add
> /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/rand_lib.c:152
> (test_client+0x000000c795be)
>     #2 dtls1_connect
> /home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/d1_clnt.c:174
> (test_client+0x000000f4850a)
>     #3 SSL_do_handshake
> /home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/ssl_lib.c:2768
> (test_client+0x000000f701ec)
>     #4 DtlsSrtpTransport::handshakeIteration()
> /home/dmitry.sobinov/__/src/DtlsSrtpTransport.cpp:328
> (test_client+0x00000079ef88)
>
>   Previous write of size 4 at 0x7f14adbb7f98 by thread T41 (mutexes: write
> M869):
>     #0 ssleay_rand_bytes
> /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/md_rand.c:392
> (test_client+0x000000dd2e1f)
>     #1 ssleay_rand_nopseudo_bytes
> /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/md_rand.c:536
> (test_client+0x000000dd22cb)
>     #2 RAND_bytes
> /home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/rand/rand_lib.c:159
> (test_client+0x000000c7965a)
>     #3 utils::generateRandomBytes(unsigned char*, unsigned long)
> /home/dmitry.sobinov/__/src/OpenSSLHelpers.cpp:45
> (test_client+0x00000078a697)
>     #4 unsigned short utils::random<unsigned short>()
> /home/dmitry.sobinov/__/include/utils/OpenSSLHelpers.h:42
> (test_client+0x0000005a4bff)
>
>
> Static global variable crypto_lock_rand is not protected by mutex or set
> as atomic. AFAIK it's undefined behaviour in c/c++.
> OpenSSL was built with TSan instrumentation.
>
>
> Thanks,
> Dmitry Sobinov
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>
>
> _______________________________________________
> openssl-dev mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
>
>


-- 
---
Dmitry Sobinov
AddLive.com
Live video and voice for your application
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151107/54b4b457/attachment-0001.html>

More information about the openssl-dev mailing list