It is a kind off bug. I re analyze the source code. You are right; there is a problem with BN_BLINDING. When it is initializing it sets its thread id same as the thread that first called the methods RSA_eay_private_decrypt and RSA_eay_private_encrypt. While rsa_get_blinding method checks the thread ids for locking some times there is an error getting lock, hence the problem accurs. After I implement your way to solve problem, I didn't have any error. However BN_BLINDING is used for speeding up rsa operations. Without it, there is a performance problem. I do not think there is a way for fixing this bug. However the all ssl context can be initialized for every thread. Then the problem will not occur. I do not think it is a good solution. It also increases handshaking process. It is ugly that a SSL_CTX for every connection to the server. May be another field may be used for checking for lock in BN_BLINDING. Thanks for reply and advice.
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
