Hi OpenSSL-bugs, I have found some bugs and have some suggested fixes.
Environment : Windows XP SP2 with Visual Studio .NET 2003 (i.e. v7.1) on a HP NC8000 with 1GB memory and a 1.7GHz Pentium M. Version of OpenSSL : v0.9.8a Bug : When compiling OpenSSL v0.9.8a (dynamic, static, no debug, with debug) with zlib v1.2.3 the command ssltest -ssl3 crashes. How to reproduce : - Obtain the source to OpenSSL 0.9.8a. - Obtain source or binary distribution of zlib v1.2.3. http://www.zlib.org - Uncompress them both to e.g. C:\ - Make sure that the compiler can find zlib.h and zconf.h. I put them in C:\Program Files\Microsoft Visual Studio .NET 2003\Vc7\include - Make sure that Windows can find zlib1.dll. I put it in C:\WINDOWS\system32 - Compile OpenSSL according to instructions but configure it to use zlib. - perl Configure VC-WIN32 zlib-shared - ms\do_masm - nmake -f ms\ntdll.mak - cd out32dll - ssltest -ssl3 = CRASH! First of all it is impossible to debug. I have WinDbg to pop up when something crashes (by using WinDbg -i) but WinDbg seems to not find any symbols nor any call stack. Suggested fix 1 : The switch /Zi should be added to the command line for cl, to be able to debug! (line 93 in VC-32.pl) I found that the crash is because an EVP_CIPHER_CTX is used without being initialized. Suggested fix 2 : All allocated EVP_CIPHER_CTX should be initialized as soon as they are sucessfully allocated. Line 222 and 255 in s3_enc.c should be followed by a EVP_CIPHER_CTX_init(). The same in t1_enc.c line 268 and 302. Then it seems like there is no support for zlib to be used statically. Since the build system allows the possibility to configure with zlib _or_ zlib-shared this ought to be possible. To make it work ZLIB_SHARED must not be set if just ZLIB is set so line 76 - 78 in c_zlib.c must be remarked. I do not know how to change the build system in a good way so the Configure perl script can handle zlib different from zlib_dynamic. I just edited the VC-32.pl script so OpenSSL linked the correct zlib-library depending on if debug was selected or not. Since I got OpenSSL to work with zlib I stopped my debugging here. There is still a problem and that is that when using zlib dynamically it still crashes! (and I get no call stack in WinDbg) I have not been able to resolve that problem but at least it works to run with zlib statically linked! Cheers, Tommy M. Larsson ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager [EMAIL PROTECTED]
