cURL / Mailing Lists / curl-users / Single Mail

curl-users

Incorrect OpenSSL usage and thread-safety issues in Curl_ossl_seed

From: Tanguy Fautre <tanguyf_at_aristechnologies.com>
Date: Wed, 29 Jul 2009 16:00:34 +0100

Hi,

We've found intermittent deadlocks and crashes in LibCurl 7.19.5 under
certain conditions on Windows. This is due to both LibCurl and OpenSSL
not being thread-safe in certain routines.

As far as LibCurl is concerned, the problem comes from Curl_ossl_seed
that contains a non-thread-safe static initialization. See ssluse.c,
line 270 to 276.

Further down the stack, ossl_seed() calls RAND_screen(). Now apparently
RAND_screen is not thread-safe either. See the discussion on OpenSSL
mailing list for more info.
http://marc.info/?l=openssl-dev&m=124838339302787&w=2

Note: We've currently worked around the RAND_screen() part by setting
HAVE_RAND_SCREEN to 0 in the config file.

Regards,

Tanguy
-------------------------------------------------------------------
List admin: http://cool.haxx.se/cgi-bin/mailman/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2009-07-29

This message: [ Message body ]
Next message: G. T. Stresen-Reuter: "Re: Incorrect OpenSSL usage and thread-safety issues in Curl_ossl_seed"
Previous message: :): "Re: Slow HTTP Post upload speed"
Next in thread: G. T. Stresen-Reuter: "Re: Incorrect OpenSSL usage and thread-safety issues in Curl_ossl_seed"
Reply: G. T. Stresen-Reuter: "Re: Incorrect OpenSSL usage and thread-safety issues in Curl_ossl_seed"
Reply: Daniel Stenberg: "Re: Incorrect OpenSSL usage and thread-safety issues in Curl_ossl_seed"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]