Re: possibly bug in crypto/rand/rand_win.c

Tue, 13 Jul 2004 06:15:12 -0700 

Suggestion:

This is a usage error. Be sure to initialize openssl when your application starts or
when your DLL is loaded. Do not wait for the first thread to attempt to make
a call to OpenSSL to initialize it.

Come to think of it, maybe OpenSSL should simply perform a call to RAND_poll()
as part of the DLL initialization. This would solve many problems.

Jeffrey Altman


Jiang Lei wrote:

Hi,

Sorry if this message is sent twice.

I got problem running RAND_poll() in multi-threaded programs. The function sometimes crashes at "heap_next(&hentry)":


...
if (heaplist_first(handle, &hlist))
do
{
RAND_add(&hlist, hlist.dwSize, 3);
hentry.dwSize = sizeof(HEAPENTRY32);
if (heap_first(&hentry,
hlist.th32ProcessID,
hlist.th32HeapID))
{
int entrycnt = 80;
do
RAND_add(&hentry, hentry.dwSize, 5);
while (heap_next(&hentry)
^^^^^^^^^^^^^^^^^^^^^^^^^
*** this is where the problem is ***
&& --entrycnt > 0);

            }
        } while (heaplist_next(handle,
            &hlist));
...

An article at
http://www.codeproject.com/threads/Thelp32ReadProcessMemory.asp revealed
that the function "Heap32Next" is not appropriate to be used in threaded
    programs:

[QUOTE START]

The "snapshot"

The toolhelp functions make use of a snapshot to access process, thread,
module, and heap lists in the system.  To quote MSDN:

"The lists in system memory change when processes are started and ended,
threads are created and destroyed, executable modules are loaded and
unloaded from system memory, and heaps are created and destroyed.  The
use of information from a snapshot prevents inconsistencies.  Otherwise,
changes to a list could possibly cause a thread to incorrectly traverse
the list or cause an access violation (a GP fault).  For example, if an
application traverses the thread list while other threads are created or
terminated, information that the application is using to traverse the
thread list might become outdated and could cause an error for the
application traversing the list."

[QUOTE END]

I guess that tells why. The most simple resolution will be to remove the Heap32Next.(of course
this will trade off rand seed quality, too).

Any ideas?


regards

Lei
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature

Reply via email to