Uploaded image for project: 'C Driver'
  1. C Driver
  2. CDRIVER-3978

Add entropy for OpenSSL RAND_bytes to avoid duplicate sequences for same PID

    • Type: Icon: Bug Bug
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 1.17.7
    • Affects Version/s: None
    • Component/s: libmongoc
    • None
    • Fully Compatible

      In versions of OpenSSL before 1.1.1, RAND_bytes may return duplicate values for different processes with the same PID if those processes were forked from a common parent (where OpenSSL was first initialized). Since libmongoc uses RAND_bytes to generate session IDs, this could result in an undesirable interaction with retryable writes.

      This can be mitigated by implementing a PID check in the OpenSSL implementation of mongoc-rand.h that adds additional entropy (e.g. from current time) if a PID change is detected. That can be gated to versions of OpenSSL before 1.1.1.

      See also:


      Original Description

      findOneAndUpdate method returns the same result as it did for the process with the same pid.

      Tested on:
      Mongo:
          Replicated cluster with two nodes and one arbiter
          MongoDB server versions: v3.6.23, v4.0.24, v4.2.13, v4.4.5 (also tested on v3.4.24 and v3.2.11 but it works fine there)

      PHP:
          PHP 7.2.34 (NTS)
          mongodb/mongodb: 1.6.1
          MongoDB extension version => 1.9.1

      System
          CentOS Linux release 7.9.2009 (Core)
          Linux 3.10.0-1160.el7.x86_64 x86_64
          /proc/sys/kernel/pid_max 32768

       

        1. image-2021-04-26-19-31-27-162.png
          374 kB
          Григорий Островский
        2. php_retryWrites_false.log
          20.19 MB
          Евгений Голендухин
        3. php_retryWrites_none.log
          17.76 MB
          Евгений Голендухин
        4. python_retryWrites_false.log
          6.00 MB
          Евгений Голендухин
        5. python_retryWrites_none.log
          6.05 MB
          Евгений Голендухин

            Assignee:
            jmikola@mongodb.com Jeremy Mikola
            Reporter:
            yeti.moscow@gmail.com Евгений Голендухин
            Votes:
            1 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: