Hi
All,
As you are aware,
RAND_poll() is not thread safe and must be called with only a single active
thread in the process. The section in whichI have experienced
crashesis the heap walking. The entire section is protected by a
mutex, but the issueseems to bethat the snapshot references
structures in memory that get changed by other threads (perhaps as threads are
created and destroyed) while the snapshot is being traversed. The crash is
usually a bad memory reference because a heap item no longer
exists.
We've discussed this
before, and the "solution" has been to call RAND_poll before creating additional
threads. This isn't a satisfactory solution since in this world of complex
applications that dynamically load DLLs which in turn load other DLLs it is
often the case that an application has multiple threads before OpenSSL has been
loaded and therefore before it is even possible to call
RAND_poll.
We have workarounds
for this, such as calling RAND_add with enough data so that RAND_poll wont be
called, but a fix inside OpenSSL itself would stop the crashes that people
onopenssl-users experiencefrom time to time. Are there any
plans to address this, or any thoughts on the best approach to resolve this
once, and for all?
Regards,
Steven
