There are three related issues here, all to do with the use of CreateToolhelp32Snapshot in RAND_poll() in rand_win.c. I'm using OpenSSL 0.9.6g, and the relevant call is at line 443.
1. Minor bug: Line 443 of rand_win.c reads (reformatted) && (handle = snap(TH32CS_SNAPALL,0))!= NULL ["snap" is a variable that holds the address of CreateToolhelp32Snapshot]. Microsoft's documentation states that -1 (INVALID_HANDLE_VALUE), not NULL, is returned on failure. 2. Memory leak under Windows CE: RAND_poll() calls CloseHandle(handle) to close the handle opened by CreateToolhelp32Snapshot. This is what we should be doing under Windows, but under Windows CE, Microsoft's documentation states: "To close a snapshot call the CloseToolhelp32Snapshot function. Do not call the CloseHandle function to close the snapshot call. Calling CloseHandle to close the snapshot call generates a memory leak." I'm not sure whether OpenSSL counts Windows CE as a supported platform, but if it does, this needs to be accounted for. 3. Crash under Windows 2003 Server One of our users is running an OpenSSL-enabled Cardbox server (it's an .EXE file that may also be run as a system service) and is getting an exception 0xC0000006 (IN_PAGE_ERROR) within the call to CreateToolhelp32Snapshot. [I should add that this call is made only after the service has fully started up]. The stack trace indicates that - The address of CreateToolhelp32Snapshot has been correctly extracted and stored in the variable 'snap'. - The exception occurs three levels deep within NTDLL.DLL, which in turn is two levels deep within KERNEL32.DLL. The user is running Windows 2003 Server, which I haven't got. Has anyone else used Windows 2003 server and had a problem with CreateToolhelp32Snapshot crashing? My inclination is to comment out or otherwise disable the whole of the ToolHelp code on the Windows 2003 Server platform, since the Crypt... functions should have produced pretty good randomness all by themselves; but I'd welcome anyone's comments. - Martin Kochanski. ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
