RE: Major memory leak in OpenSSL using threads

[Avery, Ken]

Title: RE: Major memory leak in OpenSSL using threads

0.9.7b – I will upgrade to 0.9.7d and run tests.   From: Diarmuid O'Neill [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 23, 2004 10:15 AM To: [EMAIL PROTECTED] Cc: Avery, Ken Subject: RE: Major memory leak in OpenSSL using threads   What version of OpenSSL are you using Ken? -----Original Message----- From:   Avery, Ken [SMTP:[EMAIL PROTECTED] Sent:   Tuesday, March 23, 2004 3:05 PM To:     [EMAIL PROTECTED] Subject:        Major memory leak in OpenSSL using threads I have narrowed it down to the function BN_BLINDING_new in the file crypto\bn\bn_blind.c, the memory allocated for the BN_BLINDING structure never gets freed. I am assuming that the BIGNUM structures allocated with BN_new inside of BN_BLINDING never gets freed also.   Here are my test results after running 24 hours monitoring the OPENSSL_malloc and OPENSSL_free calls: BN_BLINDING – allocations 53,615, frees 0, outstanding 53,615 BN_new – allocations 8,347,200, frees 8,127,872 outstanding 219,328 I also track the heap and it grows proportional to the lack of BN frees     Is there anyone out there willing to help out that understands the big number code? Can anyone at least tell me if Apache/mod_ssl/OpenSSL needs to initialize some kind of callback? Like CRYPTO_set_locking_callback <- Just an example, this is in the code, are there any other callbacks anyone can think of to get the OpenSSL code to release the BN memory?       . . ******************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the postmaster at the address below. [EMAIL PROTECTED] Unless the contrary is specifically indicated above nothing in this message is intended to constitute an electronic signature within the meaning of the Electronic Commerce Act 2000 or similar legislation enacted elsewhere in the world. This footnote also confirms that this email message has been checked for the presence of computer viruses. **********************************************************************