[openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c
Mick Saxton via RT
rt at openssl.org
Fri Jun 17 18:43:05 UTC 2016
Perhaps we should consider if there are any negative consequences to my solution?
It does work.
I am trying really hard to get contention but I am only seeing this problem in about 1 out of 100,000 successful TLSv1.2 connections
On a heavily congested network.
I require three machines to just to run the test that causes the failure.
All we are trying to do is get a random number – surely getting a slightly less random number is better than crashing?
It could be that the problematic instances were going to disconnect anyway due to TCP/IP problems.
Rather than my previous suggestion – I am now suggesting:-
So in ssleay_rand_add
If ( j-k>0 ) MD_Update(&m, &(state[st_idx]), j – k);
And a similar fix in ssleay_rand_bytes
This also avoids adding zero bytes to the hash – which it does quite often.
From: Salz, Rich via RT [mailto:rt at openssl.org]
Sent: 17 June 2016 18:39
To: Mick Saxton
Cc: openssl-dev at openssl.org
Subject: RE: [openssl-dev] [openssl.org #4545] Crash in crypto/rand/md_rand.c
Sending mail re-opens the ticket.
Rats, wish it was fixed. Going to need something to more easily reproduce it, I guess.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545<http://rt.openssl.org/Ticket/Display.html?id=4545>
Please log in as guest with password guest if prompted
________________________________
Legal Notice: This email is intended only for the person(s) to whom it is addressed. If you are not an intended recipient and have received this message in error, please notify the sender immediately by replying to this email or calling +44(0) 2083269015 (UK) or +1 866 592 4214 (USA). This email and any attachments may be privileged and/or confidential. The unauthorized use, disclosure, copying or printing of any information it contains is strictly prohibited. The opinions expressed in this email are those of the author and do not necessarily represent the views of 1E Ltd. Nothing in this email will operate to bind 1E to any order or other contract.
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4545
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list