Memory leak issue in openssl

Tue, 10 Nov 2009 23:47:39 -0800 

Hi,

We are using the OpenSSL library in our program and the lib version is: 0.9.7g.

Currently we are observing huge memory leaks in openssl. We are not
quite sure if there is anything wrong in the way opessl APIs are used
in our program. We used following set of OpeSSL APIs as part of the
cleanup.

            SSL_shutdown(m_pSSL);
            SSL_free(m_pSSL);
            ERR_free_strings();
            ERR_remove_state(0);
            CRYPTO_mem_leaks_cb(crypto_mem_leak_cb);
            SSL_CTX_free()

When we used "CRYPTO_mem_leaks_cb" it printed quite a number of
instances for the memory leak. Adding all of them its coming to the
order of 45KB memory leak. Here are a a few samples of such incidents.
================
Bytes:    16, Order:    1115, File: .\crypto\asn1\tasn_new.c    ,
Line:  170, Addr:02294928
Leak: Bytes:   132, Order:    1219, File: .\crypto\bn\bn_lib.c        , Line:  3
28, Addr:0229DED0
Leak: Bytes:     8, Order:     917, File: .\crypto\asn1\tasn_new.c    , Line:  3
19, Addr:0228E3E0
Leak: Bytes:    12, Order:     871, File: .\crypto\asn1\tasn_new.c    , Line:  1
70, Addr:02299FC0
Leak: Bytes:    16, Order:     909, File: .\crypto\asn1\asn1_lib.c    , Line:  3
77, Addr:0229BF90
Leak: Bytes:    72, Order:    1218, File: .\crypto\bn\bn_mont.c       , Line:  2
41, Addr:0229DE10
Leak: Bytes:    24, Order:    1133, File: .\crypto\asn1\a_object.c    , Line:  2
68, Addr:02294838


Leak: Bytes: 16384, Order:    4272, File: .\crypto\bio\bss_bio.c      , Line:  7
34, Addr:022CB5B8
Leak: Bytes: 16384, Order:    1490, File: .\crypto\bio\bss_bio.c      , Line:  7
34, Addr:022B4ED8

====================
Here are our queries
[1] Out of all the memory leak incidents reported, couple of places
(shown above) in bss_bio.c we observed 16*2 = 32Kb leak. Are we
missing on any cleanup related to this?

[2] Are there any known issues in OpenSSL version 0.9.7g regarding
memory leak? If so, is there any latest OpenSSL release wherein these
issues are fixed?

[3] We observed that our program is not invoking EVP_cleanup as part
of the cleanup. Would that add to any of the above leaks?

[4] We are closing the socket before the ssl cleanup would that cause any issue?


It will be of great help you can clarify my queries.

Thank you so much in advance.

Regards
Vijay
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to