The specific place is in rand_poll when retrieving a random heap entry with Heap32Next from a random heap list.
Now it's maybe a peculiar client application since it has around 38 heap lists. While the heap traversal is going on in rand_poll there are alot of allocations and deallocations going on in the different heaps. If I don't access the heaps, I don't get any crashes. I've also had a performance problem because iterating through the 36 heaps a maximum of 80 entries is taking a long time. Probably because of all the allocations and deallocations going on at the same time.
Question 1: Because of applications like mine should we limit the number of heap lists to some maximum number? It seems like in my case 36 heap lists * up to 80 entries, assuming all lists have more than 80 entries adds up to 2880 entropy values. It seems overly excessive especially when it takes over 3 seconds (more like 45 in my case) to process.
Should we only use the first X number of heaps?
Or should we pick some maximum number of heap entries?
None of the above would necessarily solve my crash, but might be a better implementation.
Question 2: Are there enough entropy values if all statistics except heap entries are gathered in rand_poll on a very large w2k application? Total number of random_add bytes used in my application is over 100k without the heap entries. Most of the data is gathered from the processes, modules and threads of the application. The library seems to only need 32 (or is it 36) bytes to think randomness is ok. I currently think this route seems to be my only choice.
Any thoughts?
Thanks
______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
