Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OpenSSL is not made fully derministic #294

Open
LCBH opened this issue Dec 14, 2023 · 2 comments
Open

OpenSSL is not made fully derministic #294

LCBH opened this issue Dec 14, 2023 · 2 comments

Comments

@LCBH
Copy link
Contributor

LCBH commented Dec 14, 2023
edited
Loading

See new failing uni test openssl::deterministic::tests::test_openssl_no_randomness_full from PR #293.

Run cargo test --package tlspuffin --lib test_openssl_no_randomness_full --features openssl111j -- --nocapture and observe that the resulting TraceContexts are not equal. By looking at the diff between the two pretty-printed resulting TraceContext, we observe:

  1. The two only differ in the last Knowledge (among 29 Knowledge in total), all the rest being identical.
  2. Those 6 correspond to 2 different packets of 218 bytes. They are counted as 6 Knowledge because each of them could be interpreted in 3 different ways (Matcher: None or ApplicationData * MessageType: OpaqueMessage/AppData or Message/ApplicationData or Vec).
  3. Those 2 packets are the two last encrypted frames sent by the server to the client.

Why are they different?
@LCBH LCBH mentioned this issue Dec 14, 2023
Merged
@LCBH
Copy link
Contributor Author

LCBH commented Feb 13, 2024

See the results of investigations in #293 .

@maxammann
Copy link
Contributor

I think we concluded that this is mostly because we do not mock the time, right?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@maxammann @LCBH