Hi. Using OpenSSL 0.9.8i, I'm getting a memory leak when I create a CSR. My process is taken more-or-less from the Viega, et al. book:
Initial: X509_REQ_new() to get the request structure OPENSSL_malloc(1) to add a byte to the request for the version RSA Key: RSA_new() for an RSA structure BN_bin2bn() a number of times to add the public and private keys and intermediate values EVP_PKEY_new() for an EVP structure EVP_PKEY_assign_RSA() X509_REQ_set_pubkey() to attach the key to the request subjectName: X509_NAME_new() X509_NAME_add_entry_by_NID() six times to add the components of the name X509_REQ_set_subject_name() to attach the name to the request CSR Creation: X509_REQ_sign() to sign the request BIO_new(BIO_s_mem()) to create a memory BIO to receive the DER-encoded CSR i2d_X509_REQ_bio() to write the DER BIO_get_mem_data() to get the location of the data memcpy() to copy the DER from the BIO to the destination buffer Cleanup: BIO_free() EVP_PKEY_free() X509_REQ_free() However, each time I do this, the allocated memory increases by about 800 to 1000 bytes. If I do it enough, CRYPTO_malloc() eventually fails. If I don't include the subjectName, then there is no leak. The inference is that X509_REQ_free() is not freeing all the memory allocated by the subjectName creation step. Is there additional structure free-ing that I should be doing? Thanks very much, Paul ___________________________________ Paul A. Suhler | Firmware Engineer | Quantum Corporation | Office: 949.856.7748 | paul.suh...@quantum.com ___________________________________ Disregard the Quantum Corporation confidentiality notice below. The information contained in this transmission is not confidential. Permission is hereby explicitly granted to disclose, copy, and further distribute to any individuals or organizations, without restriction. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
