This isn’t enough information to diagnose the issue. Which of the leak summary records is the problem? Are you sure that your application is cleaning up properly (hint: it isn’t, e.g. OpenSSL never calls operator new() from the second record).
Pauli -- Dr Paul Dale | Distinguished Architect | Cryptographic Foundations Phone +61 7 3031 7217 Oracle Australia > On 10 Sep 2020, at 1:39 am, Abhi Arora <engr.abhiar...@gmail.com> wrote: > > I am using openssl 1.1.1d. I found out around 228 bytes are being directly > lost (as per valgrind) report. I have one application which uses curl (7.64) > and I wrote the same application using POCO HTTPS and I got the same result. > > I thought it could be related to the cipher suit. I can see the leak is > dependent on the URL being used (all were https). For one of the urls, it was > leaking 228 (directly) per connection and disconnection. For one of the urls, > the same code doesn't leak atall (no matter how many times you run that code > in a for loop). > > For the urls which were leaking, the following cipher suites were being used: > 1. SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 > 2. SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384 > > Here is the valgrind summary: > ==8620== HEAP SUMMARY: > ==8620== in use at exit: 121,777 bytes in 1,097 blocks > ==8620== total heap usage: 129,382 allocs, 128,285 frees, 10,635,842 bytes > allocated > ==8620== > ==8620== 8 bytes in 1 blocks are possibly lost in loss record 16 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E75523: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 8 bytes in 1 blocks are definitely lost in loss record 17 of 372 > ==8620== at 0x483F310: operator new(unsigned int) (vg_replace_malloc.c:336) > ==8620== by 0x36D15: main (sample_pki.cpp:27) > ==8620== > ==8620== 8 bytes in 1 blocks are definitely lost in loss record 18 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4CBF14B: CRYPTO_zalloc (mem.c:230) > ==8620== by 0x4C76E07: ECDSA_SIG_new (ec_asn1.c:1214) > ==8620== by 0x537064B: pkcs11_try_pkey_ec_sign (p11_pkey.c:546) > ==8620== by 0x537064B: pkcs11_pkey_ec_sign (p11_pkey.c:634) > ==8620== by 0x4CB70CD: EVP_DigestSignFinal (m_sigver.c:148) > ==8620== by 0x4BA9FF3: tls_construct_cert_verify (statem_lib.c:307) > ==8620== by 0x4BA42C7: write_state_machine (statem.c:843) > ==8620== by 0x4BA42C7: state_machine (statem.c:443) > ==8620== by 0x4B8BABB: ssl3_read_bytes (rec_layer_s3.c:1278) > ==8620== by 0x4B900E1: ssl3_read_internal (s3_lib.c:4473) > ==8620== by 0x4B9013F: ssl3_read (s3_lib.c:4497) > ==8620== by 0x4B96A6D: ssl_read_internal (ssl_lib.c:1761) > ==8620== by 0x4B96B09: SSL_read (ssl_lib.c:1775) > ==8620== > ==8620== 16 bytes in 2 blocks are possibly lost in loss record 55 of 372 > ==8620== at 0x483EA30: malloc (vg_replace_malloc.c:306) > ==8620== by 0x48419FF: realloc (vg_replace_malloc.c:834) > ==8620== by 0x4E73B5D: amqpvalue_set_map_value (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 40 bytes in 10 blocks are possibly lost in loss record 182 of 372 > ==8620== at 0x483EA30: malloc (vg_replace_malloc.c:306) > ==8620== by 0x48419FF: realloc (vg_replace_malloc.c:834) > ==8620== by 0x4E738BB: amqpvalue_set_list_item (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 48 bytes in 1 blocks are possibly lost in loss record 210 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E7582D: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 48 bytes in 2 blocks are possibly lost in loss record 211 of 372 > ==8620== at 0x48419B0: realloc (vg_replace_malloc.c:834) > ==8620== by 0x4E73B5D: amqpvalue_set_map_value (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 56 bytes in 1 blocks are possibly lost in loss record 215 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E74FF9: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 64 bytes in 2 blocks are possibly lost in loss record 228 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E74477: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 64 bytes in 1 blocks are definitely lost in loss record 229 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4A8D411: __libc_alloc_buffer_allocate > (alloc_buffer_allocate.c:26) > ==8620== by 0x4AE2B51: alloc_buffer_allocate (alloc_buffer.h:143) > ==8620== by 0x4AE2B51: __resolv_conf_allocate (resolv_conf.c:411) > ==8620== by 0x4AE147D: __resolv_conf_load (res_init.c:592) > ==8620== by 0x4AE292B: __resolv_conf_get_current (resolv_conf.c:163) > ==8620== by 0x4AE19D7: __res_vinit (res_init.c:614) > ==8620== by 0x4AE24B1: maybe_init (resolv_context.c:122) > ==8620== by 0x4AE24B1: context_get.part.1 (resolv_context.c:184) > ==8620== by 0x4ABBAE7: gaih_inet.constprop.6 (getaddrinfo.c:751) > ==8620== by 0x4ABC90B: getaddrinfo (getaddrinfo.c:2265) > ==8620== by 0x4B4AA17: Curl_getaddrinfo_ex (in /usr/lib/libcurl.so.4.5.0) > ==8620== > ==8620== 80 bytes in 3 blocks are possibly lost in loss record 246 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E7547D: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 92 bytes in 3 blocks are possibly lost in loss record 256 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E74E3D: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 128 bytes in 4 blocks are possibly lost in loss record 278 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E74ABF: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 128 bytes in 4 blocks are possibly lost in loss record 279 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E74DF1: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 128 bytes in 4 blocks are possibly lost in loss record 280 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E70EC5: amqpvalue_create_map (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 152 bytes in 1 blocks are possibly lost in loss record 291 of 372 > ==8620== at 0x4841748: calloc (vg_replace_malloc.c:760) > ==8620== by 0x400C871: allocate_dtv (dl-tls.c:286) > ==8620== by 0x400CEB3: _dl_allocate_tls (dl-tls.c:530) > ==8620== by 0x4A18585: allocate_stack (allocatestack.c:621) > ==8620== by 0x4A18585: pthread_create@@GLIBC_2.4 (pthread_create.c:669) > ==8620== by 0x4B4B507: Curl_thread_create (in /usr/lib/libcurl.so.4.5.0) > ==8620== > ==8620== 192 bytes in 6 blocks are possibly lost in loss record 303 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E75329: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 242 bytes in 8 blocks are possibly lost in loss record 310 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E70C33: amqpvalue_create_symbol (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 256 bytes in 8 blocks are possibly lost in loss record 322 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E70C1B: amqpvalue_create_symbol (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 320 bytes in 10 blocks are possibly lost in loss record 326 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E7611B: amqpvalue_create_composite_with_ulong_descriptor > (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 320 bytes in 10 blocks are possibly lost in loss record 327 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E6FD95: amqpvalue_create_ulong (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 320 bytes in 10 blocks are possibly lost in loss record 328 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E70DBD: amqpvalue_create_list (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 360 bytes in 6 blocks are possibly lost in loss record 331 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E7467F: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 576 bytes in 18 blocks are possibly lost in loss record 337 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E70A6B: amqpvalue_create_string (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 1,024 bytes in 4 blocks are indirectly lost in loss record 351 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4CBF14B: CRYPTO_zalloc (mem.c:230) > ==8620== by 0x4C498EB: bn_expand_internal (bn_lib.c:268) > ==8620== by 0x4C498EB: bn_expand2 (bn_lib.c:292) > ==8620== by 0x4C499B3: BN_copy (bn_lib.c:329) > ==8620== by 0x4C4A5D7: BN_MONT_CTX_set (bn_mont.c:275) > ==8620== by 0x4C4A7F7: BN_MONT_CTX_set_locked (bn_mont.c:450) > ==8620== by 0x4CDC003: rsa_ossl_public_decrypt (rsa_ossl.c:559) > ==8620== by 0x4CDE4AF: int_rsa_verify (rsa_sign.c:143) > ==8620== by 0x4CDE703: RSA_verify (rsa_sign.c:247) > ==8620== by 0x4CDD8F5: pkey_rsa_verify (rsa_pmeth.c:251) > ==8620== by 0x4CB722D: EVP_DigestVerifyFinal (m_sigver.c:207) > ==8620== by 0x4BA824D: tls_process_key_exchange (statem_clnt.c:2401) > ==8620== > ==8620== 1,039 bytes in 18 blocks are possibly lost in loss record 352 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E70A83: amqpvalue_create_string (in > /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 1,088 bytes in 34 blocks are possibly lost in loss record 353 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4E754A9: ??? (in /usr/lib/libuamqp.so.1.2.12) > ==8620== > ==8620== 2,064 bytes in 4 blocks are indirectly lost in loss record 359 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4CBF14B: CRYPTO_zalloc (mem.c:230) > ==8620== by 0x4C498EB: bn_expand_internal (bn_lib.c:268) > ==8620== by 0x4C498EB: bn_expand2 (bn_lib.c:292) > ==8620== by 0x4C49A4B: BN_set_bit (bn_lib.c:659) > ==8620== by 0x4C4A6FB: BN_MONT_CTX_set (bn_mont.c:395) > ==8620== by 0x4C4A7F7: BN_MONT_CTX_set_locked (bn_mont.c:450) > ==8620== by 0x4CDC003: rsa_ossl_public_decrypt (rsa_ossl.c:559) > ==8620== by 0x4CDE4AF: int_rsa_verify (rsa_sign.c:143) > ==8620== by 0x4CDE703: RSA_verify (rsa_sign.c:247) > ==8620== by 0x4CDD8F5: pkey_rsa_verify (rsa_pmeth.c:251) > ==8620== by 0x4CB722D: EVP_DigestVerifyFinal (m_sigver.c:207) > ==8620== by 0x4BA824D: tls_process_key_exchange (statem_clnt.c:2401) > ==8620== > ==8620== 2,304 bytes in 7 blocks are indirectly lost in loss record 362 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4CBF14B: CRYPTO_zalloc (mem.c:230) > ==8620== by 0x4C498EB: bn_expand_internal (bn_lib.c:268) > ==8620== by 0x4C498EB: bn_expand2 (bn_lib.c:292) > ==8620== by 0x4C499B3: BN_copy (bn_lib.c:329) > ==8620== by 0x4C4A5D7: BN_MONT_CTX_set (bn_mont.c:275) > ==8620== by 0x4C4A7F7: BN_MONT_CTX_set_locked (bn_mont.c:450) > ==8620== by 0x4CDC003: rsa_ossl_public_decrypt (rsa_ossl.c:559) > ==8620== by 0x4CDE4AF: int_rsa_verify (rsa_sign.c:143) > ==8620== by 0x4CDE703: RSA_verify (rsa_sign.c:247) > ==8620== by 0x4CDD8F5: pkey_rsa_verify (rsa_pmeth.c:251) > ==8620== by 0x4CB722D: EVP_DigestVerifyFinal (m_sigver.c:207) > ==8620== by 0x4C27D59: ASN1_item_verify (a_verify.c:167) > ==8620== > ==8620== 3,392 (304 direct, 3,088 indirect) bytes in 4 blocks are definitely > lost in loss record 365 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4C4A531: BN_MONT_CTX_new (bn_mont.c:232) > ==8620== by 0x4C4A7E9: BN_MONT_CTX_set_locked (bn_mont.c:447) > ==8620== by 0x4CDC003: rsa_ossl_public_decrypt (rsa_ossl.c:559) > ==8620== by 0x4CDE4AF: int_rsa_verify (rsa_sign.c:143) > ==8620== by 0x4CDE703: RSA_verify (rsa_sign.c:247) > ==8620== by 0x4CDD8F5: pkey_rsa_verify (rsa_pmeth.c:251) > ==8620== by 0x4CB722D: EVP_DigestVerifyFinal (m_sigver.c:207) > ==8620== by 0x4BA824D: tls_process_key_exchange (statem_clnt.c:2401) > ==8620== by 0x4BA8725: ossl_statem_client_process_message > (statem_clnt.c:1048) > ==8620== by 0x4BA4653: read_state_machine (statem.c:636) > ==8620== by 0x4BA4653: state_machine (statem.c:434) > ==8620== by 0x4B980B1: SSL_do_handshake (ssl_lib.c:3607) > ==8620== > ==8620== 4,636 bytes in 7 blocks are indirectly lost in loss record 367 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4CBF14B: CRYPTO_zalloc (mem.c:230) > ==8620== by 0x4C498EB: bn_expand_internal (bn_lib.c:268) > ==8620== by 0x4C498EB: bn_expand2 (bn_lib.c:292) > ==8620== by 0x4C49A4B: BN_set_bit (bn_lib.c:659) > ==8620== by 0x4C4A6FB: BN_MONT_CTX_set (bn_mont.c:395) > ==8620== by 0x4C4A7F7: BN_MONT_CTX_set_locked (bn_mont.c:450) > ==8620== by 0x4CDC003: rsa_ossl_public_decrypt (rsa_ossl.c:559) > ==8620== by 0x4CDE4AF: int_rsa_verify (rsa_sign.c:143) > ==8620== by 0x4CDE703: RSA_verify (rsa_sign.c:247) > ==8620== by 0x4CDD8F5: pkey_rsa_verify (rsa_pmeth.c:251) > ==8620== by 0x4CB722D: EVP_DigestVerifyFinal (m_sigver.c:207) > ==8620== by 0x4C27D59: ASN1_item_verify (a_verify.c:167) > ==8620== > ==8620== 7,472 (532 direct, 6,940 indirect) bytes in 7 blocks are definitely > lost in loss record 369 of 372 > ==8620== at 0x483EB28: malloc (vg_replace_malloc.c:307) > ==8620== by 0x4C4A531: BN_MONT_CTX_new (bn_mont.c:232) > ==8620== by 0x4C4A7E9: BN_MONT_CTX_set_locked (bn_mont.c:447) > ==8620== by 0x4CDC003: rsa_ossl_public_decrypt (rsa_ossl.c:559) > ==8620== by 0x4CDE4AF: int_rsa_verify (rsa_sign.c:143) > ==8620== by 0x4CDE703: RSA_verify (rsa_sign.c:247) > ==8620== by 0x4CDD8F5: pkey_rsa_verify (rsa_pmeth.c:251) > ==8620== by 0x4CB722D: EVP_DigestVerifyFinal (m_sigver.c:207) > ==8620== by 0x4C27D59: ASN1_item_verify (a_verify.c:167) > ==8620== by 0x4CFFF4B: X509_verify (x_all.c:26) > ==8620== by 0x4CFCE63: internal_verify (x509_vfy.c:1750) > ==8620== by 0x4CFDF03: verify_chain (x509_vfy.c:232) > ==8620== > ==8620== LEAK SUMMARY: > ==8620== definitely lost: 916 bytes in 14 blocks > ==8620== indirectly lost: 10,028 bytes in 22 blocks > ==8620== possibly lost: 5,701 bytes in 166 blocks > ==8620== still reachable: 105,132 bytes in 895 blocks > ==8620== suppressed: 0 bytes in 0 blocks > ==8620== Reachable blocks (those to which a pointer was found) are not shown. > ==8620== To see them, rerun with: --leak-check=full --show-leak-kinds=all > ==8620== > ==8620== For lists of detected and suppressed errors, rerun with: -s > ==8620== ERROR SUMMARY: 28 errors from 28 contexts (suppressed: 0 from 0)
