We at ROXIO are looking at using STunnel in our GoBack product to provide a secure
link between a server and many client PCs. We have done some testing and this looks
like it will work. We plan to support WinNT, Win2000, and WinXP clients. In our
testing we had one (1 of 3) computer that would not start STunnel as a service. This
computer has WinNT installed, Service pack 6 build 1381. Investigation determined that
the OpenSSL was failing at line 279 in the code below. The call to RegQueryValueEx()
would never return when bufsz was greater than 32768. I do not know if this is the
same problem reported by Jeffrey Altman.
File crypto\rand\rand_win.c - OpenSSL 0.9.6g 9 Aug 2002
Code from the RAND_poll() function.
Line:
253 /* It appears like this can cause an exception deep within ADVAPI32.DLL
254 * at random times on Windows 2000. Reported by Jeffrey Altman.
255 * Only use it on NT.
256 */
257 if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
258 osverinfo.dwMajorVersion < 5)
259 {
260 /* Read Performance Statistics from NT/2000 registry
261 * The size of the performance data can vary from call
262 * to call so we must guess the size of the buffer to use
263 * and increase its size if we get an ERROR_MORE_DATA
264 * return instead of ERROR_SUCCESS.
265 */
266 LONG rc=ERROR_MORE_DATA;
267 char * buf=NULL;
268 DWORD bufsz=0;
269 DWORD length;
270
271 while (rc == ERROR_MORE_DATA)
272 {
273 buf = realloc(buf,bufsz+8192);
274 if (!buf)
275 break;
276 bufsz += 8192;
277
278 length = bufsz;
279 rc = RegQueryValueEx(HKEY_PERFORMANCE_DATA, "Global",
280 NULL, NULL, buf, &length);
281 }
282 if (rc == ERROR_SUCCESS)
283 {
284 /* For entropy count assume only least significant
285 * byte of each DWORD is random.
286 */
287 RAND_add(&length, sizeof(length), 0);
288 RAND_add(buf, length, length / 4.0);
289 }
290 if (buf)
291 free(buf);
292 }
I solved my problem 2 different ways.
One solution was to limit the bufsz to 32768 by inserting at line 273 the following:
if (bufsz >= 8192*4)
{
rc = ERROR_SUCCESS;
break;
}
The other solution was to skip this section if ADVAPI32.DLL is present by changing the
line at 258 to
257 if ( osverinfo.dwPlatformId == VER_PLATFORM_WIN32_NT &&
258 osverinfo.dwMajorVersion < 5 && advapi == NULL)
This change would make the code behave the same way as Win2000 if ADVAPI32.DLL is
installed. When ADVAPI32.DLL is not installed is the only time the RegQueryValueEx()
function would be called.
I do not know the ramification of these changes. This code is run during the seeding
of the PRNG and it appears to me that this extra seeding is only needed if
ADVAPI32.DLL is not available. I could use advice on this.
Is it possible to get a fix into OpenSSL?
Misc Info:
Compiler: Microsoft Visual C++ 6.0
Thanks!
Ken Mattsen
Senior Software Engineer
ROXIO, Inc The Digital Media Company
6900 Wedgwood Road
Maple Grove, MN 55311 USA
763-494-7207 direct
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
www.roxio.com <http://www.roxio.com>
NASDAQ:"ROXI"
Featuring the Best-Selling CD-Recording Software in the World
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
