When there are multiple threads calling SSL_connect for the first time, openssl may
cause the program to crash. I believe that the problem is in md_rand.c line 337:
if (!initialized)
{
RAND_poll();
initialized = 1;
}
The above code is not multi-thread safe, when there are two or more threads reaching
the above code at about the same time, the RAND_poll function may be called more than
once, resulting to a crash with the following stack trace:
NTDLL! 77fa0752()
NTDLL! 77fa030a()
KERNEL32! 7c51c826()
RAND_poll() line 487 + 13 bytes
ssleay_rand_bytes(unsigned char * 0x018a2144, int 28) line 380
RAND_bytes(unsigned char * 0x018a2144, int 28) line 101 + 17 bytes
ssleay_rand_pseudo_bytes(unsigned char * 0x018a2144, int 28) line 515 + 13 bytes
RAND_pseudo_bytes(unsigned char * 0x018a2144, int 28) line 108 + 17 bytes
ssl3_client_hello(ssl_st * 0x018a1f00) line 538 + 11 bytes
ssl3_connect(ssl_st * 0x018a1f00) line 249 + 9 bytes
SSL_connect(ssl_st * 0x018a1f00) line 718 + 13 bytes
......
The problem can easily be reproduced by running a 16-thread application calling
SSL_connect at about the same time. It is easy to reproduce because, at least on
Windows 2000, the function call RAND_poll() takes about 0.5 seconds to return. The
issue is present in the latest package: openssl-0.9.6l.
Dao-Chen Zheng
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
