Re: BUG: CreateToolhelp32Snapshot
In message <[EMAIL PROTECTED]> on Thu, 07 Aug 2003 08:54:19 +0100, Martin Kochanski
<[EMAIL PROTECTED]> said:
openssl> There are three related issues here, all to do with the use of
CreateToolhelp32Snapshot in RAND_poll() in rand_win.c. I'm using OpenSSL 0.9.6g, and
the relevant call is at line 443.
openssl>
openssl> 1. Minor bug:
openssl>
openssl> Line 443 of rand_win.c reads (reformatted)
openssl>
openssl>&& (handle = snap(TH32CS_SNAPALL,0))!= NULL
openssl>
openssl> ["snap" is a variable that holds the address of CreateToolhelp32Snapshot].
openssl>
openssl> Microsoft's documentation states that -1
openssl> (INVALID_HANDLE_VALUE), not NULL, is returned on failure.
Verified. I'll correct that ASAP.
openssl> 2. Memory leak under Windows CE:
openssl>
openssl> RAND_poll() calls CloseHandle(handle) to close the handle
openssl> opened by CreateToolhelp32Snapshot. This is what we should be
openssl> doing under Windows, but under Windows CE, Microsoft's
openssl> documentation states: "To close a snapshot call the
openssl> CloseToolhelp32Snapshot function. Do not call the CloseHandle
openssl> function to close the snapshot call. Calling CloseHandle to
openssl> close the snapshot call generates a memory leak."
I/&%%&#%"/((()(/&"%#%("#%/(&)/("&#%&%#&"/(/&%#%#%!!
Why the F*CK can't MS keep things consistent? Is that so damn hard to
learn? Idiots! &/("/()&"#%/&)/(#&¤)(&%(/&%/&%¤/&%¤"#%&/(!/"&)(/!
[censored]!!!
openssl> I'm not sure whether OpenSSL counts Windows CE as a supported
openssl> platform, but if it does, this needs to be accounted for.
We have support for CE, so basically, we do the best we can.
openssl> 3. Crash under Windows 2003 Server
openssl>
openssl> One of our users is running an OpenSSL-enabled Cardbox server
openssl> (it's an .EXE file that may also be run as a system service)
openssl> and is getting an exception 0xC006 (IN_PAGE_ERROR) within
openssl> the call to CreateToolhelp32Snapshot. [I should add that this
openssl> call is made only after the service has fully started up].
openssl>
openssl> The stack trace indicates that
openssl>
openssl> - The address of CreateToolhelp32Snapshot has been correctly
openssl> extracted and stored in the variable 'snap'.
openssl> - The exception occurs three levels deep within NTDLL.DLL,
openssl> which in turn is two levels deep within KERNEL32.DLL.
openssl>
openssl> The user is running Windows 2003 Server, which I haven't
openssl> got. Has anyone else used Windows 2003 server and had a
openssl> problem with CreateToolhelp32Snapshot crashing?
openssl>
openssl> My inclination is to comment out or otherwise disable the
openssl> whole of the ToolHelp code on the Windows 2003 Server
openssl> platform, since the Crypt... functions should have produced
openssl> pretty good randomness all by themselves; but I'd welcome
openssl> anyone's comments.
Before we take any action, it would be good if we could get some more
input on this issue, so if moer 2003 users could test the random
polling code, I'd be grateful, and even more if someone can find the
exact cause of the problem.
Disabling sections of code is kind of a last resort...
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See
Re: building 0.9.7b
Let me know what I should do here? Randy Shaw Director of Admin. & Operations City Mission Ministries [EMAIL PROTECTED] (909) 757-9748 <>
Re: AW: BUG: CreateToolhelp32Snapshot, check if running as NT service
Ingo:
Thanks for the function. Can you provide a complete blackbox solution
that is simply
BOOL IsService(void)
Please keep in mind that within the RAND_poll() function we have no
input from the application as to the service name, logon session or
account. All of that information would need to be extracted at runtime.
I assume this could be done by extracting information from an
OpenProcess() call. If you could provide the complete solution that
would be very much appreciated.
- Jeff
Ingo A. Kubbilun wrote:
Hi,
someone asked for a function to determine if a Win32 exe is running
as a NT service?
Use svccheck.c and svccheck.h, just call:
if (IsService(EXENAME_SERVICES,EXENAME_WINLOGON,SYSTEM_SID))
{
...
}
If you are running your service on a different account than the well
known SYSTEM_SID, which is "S-1-5-18", then specify your specific
one as the 3rd param (zero-terminated string).
Rgs, Ingo.
smime.p7s
Description: S/MIME Cryptographic Signature
AW: BUG: CreateToolhelp32Snapshot, check if running as NT service
Hi, sorry, forgot two 'strupr' calls. Please use attached versions. Rgs, Ingo. svccheck.zip Description: Zip compressed data
Re: BUG: CreateToolhelp32Snapshot
In message <[EMAIL PROTECTED]> on Thu, 07 Aug 2003 08:54:19 +0100, Martin Kochanski
<[EMAIL PROTECTED]> said:
openssl> 1. Minor bug:
openssl>
openssl> Line 443 of rand_win.c reads (reformatted)
openssl>
openssl>&& (handle = snap(TH32CS_SNAPALL,0))!= NULL
openssl>
openssl> ["snap" is a variable that holds the address of
openssl> CreateToolhelp32Snapshot].
openssl>
openssl> Microsoft's documentation states that -1
openssl> (INVALID_HANDLE_VALUE), not NULL, is returned on failure.
openssl>
openssl> 2. Memory leak under Windows CE:
openssl>
openssl> RAND_poll() calls CloseHandle(handle) to close the handle
openssl> opened by CreateToolhelp32Snapshot. This is what we should be
openssl> doing under Windows, but under Windows CE, Microsoft's
openssl> documentation states: "To close a snapshot call the
openssl> CloseToolhelp32Snapshot function. Do not call the CloseHandle
openssl> function to close the snapshot call. Calling CloseHandle to
openssl> close the snapshot call generates a memory leak."
openssl>
openssl> I'm not sure whether OpenSSL counts Windows CE as a supported
openssl> platform, but if it does, this needs to be accounted for.
For those two errors, I propose the following change:
Index: crypto/rand/rand_win.c
===
RCS file: /e/openssl/cvs/openssl/crypto/rand/rand_win.c,v
retrieving revision 1.32
diff -u -r1.32 rand_win.c
--- crypto/rand/rand_win.c 3 Dec 2002 14:20:31 - 1.32
+++ crypto/rand/rand_win.c 7 Aug 2003 09:42:55 -
@@ -162,6 +162,7 @@
typedef DWORD (WINAPI *GETQUEUESTATUS)(UINT);
typedef HANDLE (WINAPI *CREATETOOLHELP32SNAPSHOT)(DWORD, DWORD);
+typedef BOOL (WINAPI *CLOSETOOLHELP32SNAPSHOT)(HANDLE);
typedef BOOL (WINAPI *HEAP32FIRST)(LPHEAPENTRY32, DWORD, DWORD);
typedef BOOL (WINAPI *HEAP32NEXT)(LPHEAPENTRY32);
typedef BOOL (WINAPI *HEAP32LIST)(HANDLE, LPHEAPLIST32);
@@ -431,7 +432,7 @@
* This seeding method was proposed in Peter Gutmann, Software
* Generation of Practically Strong Random Numbers,
* http://www.usenix.org/publications/library/proceedings/sec98/gutmann.html
- * revised version at http://www.cryptoengines.com/~peter/06_random.pdf
+* revised version at http://www.cryptoengines.com/~peter/06_random.pdf
* (The assignment of entropy estimates below is arbitrary, but based
* on Peter's analysis the full poll appears to be safe. Additional
* interactive seeding is encouraged.)
@@ -440,6 +441,7 @@
if (kernel)
{
CREATETOOLHELP32SNAPSHOT snap;
+ CLOSETOOLHELP32SNAPSHOT snap_close;
HANDLE handle;
HEAP32FIRST heap_first;
@@ -457,6 +459,8 @@
snap = (CREATETOOLHELP32SNAPSHOT)
GetProcAddress(kernel, TEXT("CreateToolhelp32Snapshot"));
+ snap_close = (CLOSETOOLHELP32SNAPSHOT)
+ GetProcAddress(kernel, TEXT("CloseToolhelp32Snapshot"));
heap_first = (HEAP32FIRST) GetProcAddress(kernel, TEXT("Heap32First"));
heap_next = (HEAP32NEXT) GetProcAddress(kernel, TEXT("Heap32Next"));
heaplist_first = (HEAP32LIST) GetProcAddress(kernel,
TEXT("Heap32ListFirst"));
@@ -472,7 +476,7 @@
heaplist_next && process_first && process_next &&
thread_first && thread_next && module_first &&
module_next && (handle = snap(TH32CS_SNAPALL,0))
- != NULL)
+ != INVALID_HANDLE_VALUE)
{
/* heap list and heap walking */
/* HEAPLIST32 contains 3 fields that will change with
@@ -534,8 +538,10 @@
do
RAND_add(&m, m.dwSize, 9);
while (module_next(handle, &m));
-
- CloseHandle(handle);
+ if (close_snap)
+ close_snap(handle);
+ else
+ CloseHandle(handle);
}
FreeLibrary(kernel);
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis-- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See
Re: building 0.9.7b
On Wed, Aug 06, 2003 at 06:39:24PM -0400, Frank Balluffi wrote: > I need to call libcrypto from a .so file on Solaris using gcc. > > When I build 0.9.7b as shared objects with the following commands: > > ./config no-rc5 shared > make depend > make Did you unpack from sratch or may there be components left from a previous build? Your configuration is a standard setup. If it does not work out of the box, please open a ticket by sending a report to [EMAIL PROTECTED] Best regards, Lutz -- Lutz Jaenicke [EMAIL PROTECTED] http://www.aet.TU-Cottbus.DE/personen/jaenicke/ BTU Cottbus, Allgemeine Elektrotechnik Universitaetsplatz 3-4, D-03044 Cottbus __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
which function
Hi all, i want to have my own authentication system. in this system i have one CA to issue certificate for my authentication servers. then my clients must read this certificate to extract public key of server and send their message to it. i donn't want to implement CA but other - server and client - must be implemented. now i create CA by CA.pl -newca then CA.pl -newreq then i sign my request by CA.pl -signreq now i want to read this certificate in my client. i read the CA certificate by PEM_read_x509 and server certificate too. but i don't know how i must extract public key of server form x509 because CA certificate is self-signed and server certificate is signed by CA public key. thanks, Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month!
Re: building 0.9.7b
2. Is it possible to pass the compiler flag -fPIC to config? Thanks. Frank env CFLAGS="-fPIC" sh ./configure [otheroptions...] _ Help STOP SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail __ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
