Hi all,
We're developing a quite unique application using OpenSSL (currently
0.9.6a).
The application initiates (independently) many concurrent SSL sessions, and
each application thread is basically unaware of existence of the others.
During the development, we've seen three following phenomena:
1. Sometimes, while running on Windows NT (not 2000!), we got exception
somewhere deeply within ADVAPI32.DLL. From the stack, we understood that the
problematic code is the following (file: crypto/rand/rand_win.c, line: 253):
/* It appears like this can cause an exception deep within
ADVAPI32.DLL
* at random times on Windows 2000. Reported by Jeffrey Altman.
* Only use it on NT.
*/
if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
osverinfo.dwMajorVersion < 5)
{
/* Read Performance Statistics from NT/2000 registry
* The size of the performance data can vary from call
* to call so we must guess the size of the buffer to use
* and increase its size if we get an ERROR_MORE_DATA
* return instead of ERROR_SUCCESS.
*/
LONG rc=ERROR_MORE_DATA;
char * buf=NULL;
DWORD bufsz=0;
DWORD length;
while (rc == ERROR_MORE_DATA)
{
buf = realloc(buf,bufsz+8192);
if (!buf)
break;
bufsz += 8192;
length = bufsz;
rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA,
"Global",
NULL, NULL, buf, &length);
}
if (rc == ERROR_SUCCESS)
{
/* For entropy count assume only least significant
* byte of each DWORD is random.
*/
RAND_add(&length, sizeof(length), 0);
RAND_add(buf, length, length / 4.0);
}
if (buf)
free(buf);
}
As you can see, this code was modified to work only on NT, since, as
the comment states, it causes an exception on Windows 2000. It seems,
however, from our experience, that it causes exceptions on NT as well.
Meanwhile, we have removed this code from our build of OpenSSL.
Probably, this code should be re-evaluated by the author, and, for the
beginning, removed from the baseline till the solution is found.
2. The following piece of code seems to have race condition, causing
very long initialization time for our application, especially when there are
very many processes and threads running in the system (file:
crypto/rand/md_rand.c, line: 350):
if (!initialized)
RAND_poll();
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
this locked state. */
initialized = 1;
It seems like many threads enter RAND_poll() simultaneously. Here is
the fix we've made for this:
CRYPTO_w_lock(CRYPTO_LOCK_RAND);
if (!initialized)
{
RAND_poll();
initialized = 1;
}
add_do_not_lock = 1; /* Since we call ssleay_rand_add while in
this locked state. */
Can someone incorporate our fix to the official source?
3. In addition, Windows version of RAND_poll() seems to be very slow
(even when called once per process) when there are very many processes and
threads (in our tests we have sometimes more than 15000 threads per system).
Please, advise what can be done in order to speed-up process
initialization in this case.
Thanks,
Michael Pogrebisky,
Software developer at Mercury Interactive Inc., Israel.
-------------------------------------------------------
Work phone: +972-(0)3-5399258
Home phone: +972-(0)9-9558867
Mobile phone: +972-(0)54-497123
Work fax: +972-(0)3-5331617
E-mail: [EMAIL PROTECTED]
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]