Hi
All,
As you are aware,
RAND_poll() is not thread safe and must be called with only a single active
thread in the process. The section in which I have experienced
crashes is the heap walking. The entire section is protected by a
mutex, but the issue seems to be that the snapshot references
structures in memory that get changed by other threads (perhaps as threads are
created and destroyed) while the snapshot is being traversed. The crash is
usually a bad memory reference because a heap item no longer
exists.
We've discussed this
before, and the "solution" has been to call RAND_poll before creating additional
threads. This isn't a satisfactory solution since in this world of complex
applications that dynamically load DLLs which in turn load other DLLs it is
often the case that an application has multiple threads before OpenSSL has been
loaded and therefore before it is even possible to call
RAND_poll.
We have workarounds
for this, such as calling RAND_add with enough data so that RAND_poll wont be
called, but a fix inside OpenSSL itself would stop the crashes that people
on openssl-users experience from time to time. Are there any
plans to address this, or any thoughts on the best approach to resolve this
once, and for all?
Regards,
Steven
