Bug #53578 [Opn]: php_curl init time (3 big seconds)

tanguy dot pruvot at gmail dot com Sun, 19 Dec 2010 17:34:42 -0800

Edit report at http://bugs.php.net/bug.php?id=53578&edit=1


 ID:                 53578
 User updated by:    tanguy dot pruvot at gmail dot com
 Reported by:        tanguy dot pruvot at gmail dot com
 Summary:            php_curl init time (3 big seconds)
 Status:             Open
 Type:               Bug
 Package:            cURL related
 Operating System:   Win7 x86
 PHP Version:        5.3.4 (Since 5.2.14/5.3)
 Block user comment: N
 Private report:     N

 New Comment:

Here is an asm dump of lib_curl.dll 5.3.4 VC6 TS where RAND_screen is
used :



0035DB10   > \E8 FF360100   call    <jmp.&SSLEAY32.#74>

0035DB15   .  E8 F4360100   call    <jmp.&SSLEAY32.#183>

0035DB1A   .  85C0          test    eax, eax                            
                         

;  kernel32.BaseThreadInitThunk

0035DB1C   .  75 01         jnz     short php_curl.0035DB1F

0035DB1E   .  C3            ret

0035DB1F   >  E8 E4360100   call    

<jmp.&LIBEAY32.#3212_OPENSSL_add_all_algorithms_noconf>

0035DB24   .  E8 D9360100   call    <jmp.&LIBEAY32.#468_RAND_screen>

0035DB29   .  B8 01000000   mov     eax, 1

0035DB2E   .  C3            ret





A simple replace of E8 D9360100 by 90 90909090 will fix the problem...
but maybe 

a call to the regular rand() function could be needed elsewhere...


Previous Comments:
------------------------------------------------------------------------
[2010-12-20 02:07:57] tanguy dot pruvot at gmail dot com

I'm using the 5.3.4-VC6-TS version (as Apache 2.2 module)

------------------------------------------------------------------------
[2010-12-20 02:06:17] tanguy dot pruvot at gmail dot com

Please comment this line to fix the problem :



php-5.3.4\ext\openssl\openssl.c
PHP_FUNCTION(openssl_random_pseudo_bytes) line 

4898 :



#ifdef WINDOWS

        RAND_screen();

#endif

------------------------------------------------------------------------
[2010-12-20 01:31:33] [email protected]

This has been fixed in 5.3.4 (I patched curl). Which versions and builds
do you use exactly?

------------------------------------------------------------------------
[2010-12-20 01:03:56] tanguy dot pruvot at gmail dot com

>From OpenSSL 0.9.8q Sources :



The RAND_screen() function is available for the convenience of Windows

programmers. It adds the current contents of the screen to the PRNG.

For applications that can catch Windows events, seeding the PRNG by

calling RAND_event() is a significantly better source of

randomness. It should be noted that both methods cannot be used on

servers that run without user interaction.

------------------------------------------------------------------------
[2010-12-20 00:58:33] tanguy dot pruvot at gmail dot com

The last known good version was 5.2.13 (which is faster than 3 seconds
but adds a 

slow delay)

------------------------------------------------------------------------


The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at

    http://bugs.php.net/bug.php?id=53578


-- 
Edit this bug report at http://bugs.php.net/bug.php?id=53578&edit=1

Bug #53578 [Opn]: php_curl init time (3 big seconds)

Reply via email to