Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.4k views
in Technique[技术] by (71.8m points)

c - Memory leak in OpenSSL function EVP_PKEY_keygen

I just tried to generate a RSA key using:

#include <openssl/evp.h>
#include <openssl/rsa.h>

int main(void) {
  OpenSSL_add_all_algorithms();

  EVP_PKEY_CTX *ctx;
  EVP_PKEY *pkey = NULL;

  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx) {
      // error
  }

  if (EVP_PKEY_keygen_init(ctx) <= 0) {
      // error
  }

  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
      // error
  }

  if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { // this call seems to leak
      // error
  }

  EVP_PKEY_free(pkey);
  EVP_PKEY_CTX_free(ctx);

  EVP_cleanup();
  return 0;
}

So far, I don't think that I'm doing anything wrong. Valgrind complains "in use at exit: 416 bytes in 6 blocks". First I thought, I forgot something to free, afterwards I tried

valgrind openssl genrsa 1024

And I also got "in use at exit: 416 bytes in 6 blocks". Hum?! Even OpenSSL's official binary leaks?

Openssl's FAQ tells:

"Brutal" (thread-unsafe) Application-global cleanup functions:

ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().

If I execute *CRYPTO_cleanup_all_ex_data()* it does not leak. But according to the OpenSSL documentation it is a "brutal" method, whatever that means. There is no further documentation on this function.

Is there any way to clean it up properly?

I'm using OpenSSL 1.0.1f 6 Jan 2014

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

The FAQ of OpenSSL answers the question (Thanks to @opalenzuela):

In most cases the cause of an apparent memory leak is an OpenSSL internal table that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless.

Having a deeper look into OpenSSL's source shows:

/* Release all "ex_data" state to prevent memory leaks. This can't be made
 * thread-safe without overhauling a lot of stuff, and shouldn't really be
 * called under potential race-conditions anyway (it's for program shutdown
 * after all). */
void CRYPTO_cleanup_all_ex_data(void)
    {
    IMPL_CHECK
    EX_IMPL(cleanup)();
    }

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...