That section of code is currently disabled, and there haven't been any reports saying
it was harmful to do so. Therefore, this ticket is already resolved.
[[EMAIL PROTECTED] - Tue Dec 10 15:47:59 2002]:
> We at ROXIO are looking at using STunnel in our GoBack product to
> provide a secure link between a server and many client PCs. We have
> done some testing and this looks like it will work. We plan to
> support WinNT, Win2000, and WinXP clients. In our testing we had
> one (1 of 3) computer that would not start STunnel as a service.
> This computer has WinNT installed, Service pack 6 build 1381.
> Investigation determined that the OpenSSL was failing at line 279
> in the code below. The call to RegQueryValueEx() would never return
> when bufsz was greater than 32768. I do not know if this is the
> same problem reported by Jeffrey Altman.
>
>
> File crypto\rand\rand_win.c - OpenSSL 0.9.6g 9 Aug 2002
> Code from the RAND_poll() function.
> Line:
> 253 /* It appears like this can cause an exception deep within
> ADVAPI32.DLL
> 254 * at random times on Windows 2000. Reported by Jeffrey
> Altman.
> 255 * Only use it on NT.
> 256 */
> 257 if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
> 258 osverinfo.dwMajorVersion < 5)
> 259 {
> 260 /* Read Performance Statistics from NT/2000 registry
> 261 * The size of the performance data can vary from call
> 262 * to call so we must guess the size of the buffer to use
> 263 * and increase its size if we get an ERROR_MORE_DATA
> 264 * return instead of ERROR_SUCCESS.
> 265 */
> 266 LONG rc=ERROR_MORE_DATA;
> 267 char * buf=NULL;
> 268 DWORD bufsz=0;
> 269 DWORD length;
> 270
> 271 while (rc == ERROR_MORE_DATA)
> 272 {
> 273 buf = realloc(buf,bufsz+8192);
> 274 if (!buf)
> 275 break;
> 276 bufsz += 8192;
> 277
> 278 length = bufsz;
> 279 rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
> 280 NULL, NULL, buf, &length);
> 281 }
> 282 if (rc == ERROR_SUCCESS)
> 283 {
> 284 /* For entropy count assume only least
> significant
> 285 * byte of each DWORD is random.
> 286 */
> 287 RAND_add(&length, sizeof(length), 0);
> 288 RAND_add(buf, length, length / 4.0);
> 289 }
> 290 if (buf)
> 291 free(buf);
> 292 }
>
>
> I solved my problem 2 different ways.
> One solution was to limit the bufsz to 32768 by inserting at line 273
> the following:
> if (bufsz >= 8192*4)
> {
> rc = ERROR_SUCCESS;
> break;
> }
> The other solution was to skip this section if ADVAPI32.DLL is present
> by changing the line at 258 to
> 257 if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
> 258 osverinfo.dwMajorVersion < 5 && advapi == NULL)
>
> This change would make the code behave the same way as Win2000 if
> ADVAPI32.DLL is installed. When ADVAPI32.DLL is not installed is
> the only time the RegQueryValueEx() function would be called.
>
> I do not know the ramification of these changes. This code is run
> during the seeding of the PRNG and it appears to me that this extra
> seeding is only needed if ADVAPI32.DLL is not available. I could
> use advice on this.
>
> Is it possible to get a fix into OpenSSL?
>
> Misc Info:
> Compiler: Microsoft Visual C++ 6.0
>
> Thanks!
>
>
> Ken Mattsen
> Senior Software Engineer
> ROXIO, Inc The Digital Media Company
>
> 6900 Wedgwood Road
> Maple Grove, MN 55311 USA
> 763-494-7207 direct
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> www.roxio.com <http://www.roxio.com>
>
> NASDAQ:"ROXI"
> Featuring the Best-Selling CD-Recording Software in the World
>
--
Richard Levitte
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
