Encryption and Cryptography
 » 
OpenSSL
 » 
OpenSSL - User

Memory leak issue in openssl

View: New views
3 Messages — Rating Filter:   Alert me  

Memory leak issue in openssl

by VijayK :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi,

We are using the OpenSSL library in our program and the lib version is: 0.9.7g.

Currently we are observing huge memory leaks in openssl. We are not
quite sure if there is anything wrong in the way opessl APIs are used
in our program. We used following set of OpeSSL APIs as part of the
cleanup.

            SSL_shutdown(m_pSSL);
            SSL_free(m_pSSL);
            ERR_free_strings();
            ERR_remove_state(0);
            CRYPTO_mem_leaks_cb(crypto_mem_leak_cb);
            SSL_CTX_free()

When we used "CRYPTO_mem_leaks_cb" it printed quite a number of
instances for the memory leak. Adding all of them its coming to the
order of 45KB memory leak. Here are a a few samples of such incidents.
================
Bytes:    16, Order:    1115, File: .\crypto\asn1\tasn_new.c    ,
Line:  170, Addr:02294928
Leak: Bytes:   132, Order:    1219, File: .\crypto\bn\bn_lib.c        , Line:  3
28, Addr:0229DED0
Leak: Bytes:     8, Order:     917, File: .\crypto\asn1\tasn_new.c    , Line:  3
19, Addr:0228E3E0
Leak: Bytes:    12, Order:     871, File: .\crypto\asn1\tasn_new.c    , Line:  1
70, Addr:02299FC0
Leak: Bytes:    16, Order:     909, File: .\crypto\asn1\asn1_lib.c    , Line:  3
77, Addr:0229BF90
Leak: Bytes:    72, Order:    1218, File: .\crypto\bn\bn_mont.c       , Line:  2
41, Addr:0229DE10
Leak: Bytes:    24, Order:    1133, File: .\crypto\asn1\a_object.c    , Line:  2
68, Addr:02294838


Leak: Bytes: 16384, Order:    4272, File: .\crypto\bio\bss_bio.c      , Line:  7
34, Addr:022CB5B8
Leak: Bytes: 16384, Order:    1490, File: .\crypto\bio\bss_bio.c      , Line:  7
34, Addr:022B4ED8

====================
Here are our queries
[1] Out of all the memory leak incidents reported, couple of places
(shown above) in bss_bio.c we observed 16*2 = 32Kb leak. Are we
missing on any cleanup related to this?

[2] Are there any known issues in OpenSSL version 0.9.7g regarding
memory leak? If so, is there any latest OpenSSL release wherein these
issues are fixed?

[3] We observed that our program is not invoking EVP_cleanup as part
of the cleanup. Would that add to any of the above leaks?

[4] We are closing the socket before the ssl cleanup would that cause any issue?


It will be of great help you can clarify my queries.

Thank you so much in advance.

Regards
Vijay
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Re: Memory leak issue in openssl

by Darryl Miles :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message



Please provide a simple testcase program exhibiting the memory leak.

Please try with the most recent OpenSSL release.  There are no known
issue with normal usage, however some recent patches have been added for
theoretical failure path memory leaks.

It is possible for memory leaks to still exist for normal usage where
you are never seeing a hard-error return from an OpenSSL API call this
code path is well trodden and it is unlikely for there to be any leaks
in OpenSSL itself and more usually the application or a misunderstanding
about the "ownership" of some SSL objects.

OpenSSL artifacts that are created by the application, then handed to
some other part of the API for use, so who is now responsible for the
destructions of them?  That kind of misunderstanding.

Darryl



Vijay Kumar K wrote:

> We are using the OpenSSL library in our program and the lib version is: 0.9.7g.
>
> Currently we are observing huge memory leaks in openssl. We are not
> quite sure if there is anything wrong in the way opessl APIs are used
> in our program. We used following set of OpeSSL APIs as part of the
> cleanup.
>
>             SSL_shutdown(m_pSSL);
>             SSL_free(m_pSSL);
>             ERR_free_strings();
>             ERR_remove_state(0);
>             CRYPTO_mem_leaks_cb(crypto_mem_leak_cb);
>             SSL_CTX_free()
>
> When we used "CRYPTO_mem_leaks_cb" it printed quite a number of
> instances for the memory leak. Adding all of them its coming to the
> order of 45KB memory leak. Here are a a few samples of such incidents.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@...
Automated List Manager                           majordomo@...

Re: Memory leak issue in openssl

by VijayK :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

>>OpenSSL artifacts that are created by the application, then handed to
>>some other part of the API for use, so who is now responsible for the
>>destructions of them?  That kind of misunderstanding.

>>Darryl


Hi Darryl,

To an extent you are correct. We have fixed the issue and it is due to our usage and clean up of openSSL BIOs. We have a BIO pair we got misled by the reference in following book that SSL_free will clean all the associated BIOs.

        Book "Network Security with OpenSSL By Pravir Chandra, Matt Messier, John Viega", Page:137, following paragraph.
       
        "The last point to make about this example is that we removed the call to BIO_free.
        This is done because SSL_free automatically frees the SSL object's underlying BIOs for us."
       
But later while we were referring to the documentation on openssl website, we came to know that SSL_free cleans up only one haf of the BIO pair where as the other half need to be cleaned using BIO_free. After adding this piece of code, the memory leak has vanished.

Thanks for your guidance.

Regards
Vijay




Free embeddable forum powered by Nabble Forum Help