Re: OpenSSL and multiple threads

Mon, 26 Jun 2006 04:52:22 -0700 

Leon wrote:

$ grep __FD_SETSIZE  /usr/include/bits/*.h
/usr/include/bits/typesizes.h:#define   __FD_SETSIZE            1024
This is the maximum number of fd's the "fd_set" type holds by default. Maybe it would be possible to stop the crashes and override this with some ugly stack paddings: 

If I follow the OpenSSL code (using source navigator), the FD_SET and
others are defined in openssl/apps/s_apps.h and the code restricts the
set to be a maximum of 32 bits (sizeof int). 32 entries is enough since
the random devices are only accessed one by one at that point.
So please educate me: How does the system define __FD_SETSIZE influence
the OpenSSL defined FD_SET. [ Or am I just totally missing the point
now? ]
I am making the presumption that it was application code using the FD_SET macros and allocating the fd_set storage.
You quote the file openssl/apps/s_apps.h but isn't this file for the distributed applications openssl comes with, like /usr/local/bin/openssl ? How does that header file affect *users* of OpenSSL. The header files you should be looking at are in openssl/include/openssl/*.h ?
But I can see your point now, if it is an OpenSSL problem you are pretty much stuck. For example if OpenSSL uses select() to sleep for /dev/random but your application is already into the 1500th active file descritor. Then OpenSSL is pretty much hosed for using select() inside itself, infact it should do a sanity check internally otherwise random corruption/crashes will occur because FD_SET() may scribble on memory.
Unless you start to compile a custom version of OpenSSL library and make sure you link your application with that specific version (like -static). But you said you didn't want to do this. 

So maybe you are asking too much, something has to give.
You can't increase the default fd_set without recompiling whatever is using it and raising the limit. Alternatively as Marek suggested look at /usr/include/sys/select.h and make your own my_fd_set. The Linux glibc macros look like they will still work on large sizes. 

Darryl
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to