Since the patch only concerns DH key parameters >= 1024 bits, does that mean that exchanges using Elliptic Curve DH (which use much smaller key sizes than 1024 bits) are not affected by this issue?
-Bryan On Tue, Jul 15, 2014 at 7:11 AM, Willy Tarreau <[email protected]> wrote: > Hi RĂ©mi, > > On Tue, Jul 15, 2014 at 11:40:29AM +0200, Remi Gacogne wrote: > > > > Hi, > > > > It was recently reported to the Apache HTTPd dev mailing list [1] that > > the DH * value returned by the callback set with > > SSL_CTX_set_tmp_dh_callback() is not freed by OpenSSL but must be > > tracked by the application and freed when no longer needed, whenever > > that is. Unfortunately this behavior is not clearly documented and the > > example included in the documentation [2] doesn't do that. > > Quite weird indeed. > > > As a result, the patch I submitted earlier in haproxy 1.5 leads haproxy > > to leak memory for SSL/TLS connections using Diffie Hellman Ephemeral > > key exchange, as the DH * struct holding the DH parameters is not freed > > by OpenSSL. > > > > This patch fixes the leak by allocating the DH * structs holding the DH > > parameters once, at configuration time, as it has been done in Apache > > HTTPd. I am not very satisfied by the fact that it uses 4 file-scope > > variables, but I didn't see where else to store the DH parameters. > > Willy, Emeric, do you have any comment? > > Don't worry for a few extra static variables, especially for whatever > relates to configuration (which is the case here). Your patch is fine, > I've applied it to both 1.5 and 1.6! > > > I am sorry I didn't catch that earlier. > > You must not be sorry. Nobody could blame you for not figuring all of > openssl's tricks at first glance! We don't want to claim we have no bugs, > we just want them to be fixed quickly, that's exactly what you did, so > that's perfect :-) > > Thanks! > Willy > > >
