Quantcast

Memory leak in application when we use ECDH

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Memory leak in application when we use ECDH

Mody, Darshan (Darshan)

Hi,

 

We have observed memory leak when we register for ECDH callback(SSL_set_tmp_ecdh_callback). While performing negative testing with load we find that the applications starts leaking memory. 

 

Further checking the Openssl implementation in the s3_srvr.c file (openssl version 1.0.2). I find that a pointer is not deleted after copying EC_KEY from the application or EC_KEY_new being called.

 

I suspect the below code.

 

if (type & SSL_kEECDH) {

            const EC_GROUP *group;

 

            ecdhp = cert->ecdh_tmp;

            if (s->cert->ecdh_tmp_auto) {

                /* Get NID of appropriate shared curve */

                int nid = tls1_shared_curve(s, -2);

                if (nid != NID_undef)

                    ecdhp = EC_KEY_new_by_curve_name(nid); ß Even memory allocated in this case is not de-allocated.

            } else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb) {

                ecdhp = s->cert->ecdh_tmp_cb(s,                                                           ß Application is responsible for the EC_KEY and its memory

                                             SSL_C_IS_EXPORT(s->s3->

                                                             tmp.new_cipher),

                                             SSL_C_EXPORT_PKEYLENGTH(s->

                                                                     s3->tmp.new_cipher));

            }

            if (ecdhp == NULL) {

                al = SSL_AD_HANDSHAKE_FAILURE;

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       SSL_R_MISSING_TMP_ECDH_KEY);

                goto f_err;

            }

 

            if (s->s3->tmp.ecdh != NULL) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       ERR_R_INTERNAL_ERROR);

                goto err;

            }

 

            /* Duplicate the ECDH structure. */

            if (ecdhp == NULL) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

            if (s->cert->ecdh_tmp_auto)

                ecdh = ecdhp;

            else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {                                                    ß Once the key is duplicated the memory for the application should be released?

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

 

            s->s3->tmp.ecdh = ecdh;

            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||

                (EC_KEY_get0_private_key(ecdh) == NULL) ||

                (s->options & SSL_OP_SINGLE_ECDH_USE)) {

                if (!EC_KEY_generate_key(ecdh)) {

                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                           ERR_R_ECDH_LIB);

                    goto err;

                }

            }

 

            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||

                (EC_KEY_get0_public_key(ecdh) == NULL) ||

                (EC_KEY_get0_private_key(ecdh) == NULL)) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

 

            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&

                (EC_GROUP_get_degree(group) > 163)) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);

                goto err;

            }

 

            /*

             * XXX: For now, we only support ephemeral ECDH keys over named

             * (not generic) curves. For supported named curves, curve_id is

             * non-zero.

             */

            if ((curve_id =

                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))

                == 0) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);

                goto err;

            }

 

            /*

             * Encode the public key. First check the size of encoding and

             * allocate memory accordingly.

             */

            encodedlen = EC_POINT_point2oct(group,

                                            EC_KEY_get0_public_key(ecdh),

                                            POINT_CONVERSION_UNCOMPRESSED,

                                            NULL, 0, NULL);

 

            encodedPoint = (unsigned char *)

                OPENSSL_malloc(encodedlen * sizeof(unsigned char));

            bn_ctx = BN_CTX_new();

            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       ERR_R_MALLOC_FAILURE);

                goto err;

            }

 

            encodedlen = EC_POINT_point2oct(group,

                                            EC_KEY_get0_public_key(ecdh),

                                            POINT_CONVERSION_UNCOMPRESSED,

                                            encodedPoint, encodedlen, bn_ctx);

 

            if (encodedlen == 0) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

 

            BN_CTX_free(bn_ctx);

            bn_ctx = NULL;

 

            /*

             * XXX: For now, we only support named (not generic) curves in

             * ECDH ephemeral key exchanges. In this situation, we need four

             * additional bytes to encode the entire ServerECDHParams

             * structure.

             */

            n = 4 + encodedlen;

 

            /*

             * We'll generate the serverKeyExchange message explicitly so we

             * can set these to NULLs

             */

            r[0] = NULL;

            r[1] = NULL;

            r[2] = NULL;

            r[3] = NULL;

        } else

 

 

Thanks for your help in advance

 

Regards

Darshan

 

 

 


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)

Hi,

 

Can anyone in the developer forum clarify whether there is an issue here?

 

Thanks

Darshan

 

From: openssl-dev [mailto:[hidden email]] On Behalf Of Mody, Darshan (Darshan)
Sent: Wednesday, March 15, 2017 11:15 AM
To: [hidden email]
Cc: Bahr, William G (Bill); Vaquero, Alejandro (Alejandro)
Subject: [openssl-dev] Memory leak in application when we use ECDH

 

Hi,

 

We have observed memory leak when we register for ECDH callback(SSL_set_tmp_ecdh_callback). While performing negative testing with load we find that the applications starts leaking memory. 

 

Further checking the Openssl implementation in the s3_srvr.c file (openssl version 1.0.2). I find that a pointer is not deleted after copying EC_KEY from the application or EC_KEY_new being called.

 

I suspect the below code.

 

if (type & SSL_kEECDH) {

            const EC_GROUP *group;

 

            ecdhp = cert->ecdh_tmp;

            if (s->cert->ecdh_tmp_auto) {

                /* Get NID of appropriate shared curve */

                int nid = tls1_shared_curve(s, -2);

                if (nid != NID_undef)

                    ecdhp = EC_KEY_new_by_curve_name(nid); ß Even memory allocated in this case is not de-allocated.

            } else if ((ecdhp == NULL) && s->cert->ecdh_tmp_cb) {

                ecdhp = s->cert->ecdh_tmp_cb(s,                                                           ß Application is responsible for the EC_KEY and its memory

                                             SSL_C_IS_EXPORT(s->s3->

                                                             tmp.new_cipher),

                                             SSL_C_EXPORT_PKEYLENGTH(s->

                                                                     s3->tmp.new_cipher));

            }

            if (ecdhp == NULL) {

                al = SSL_AD_HANDSHAKE_FAILURE;

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       SSL_R_MISSING_TMP_ECDH_KEY);

                goto f_err;

            }

 

            if (s->s3->tmp.ecdh != NULL) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       ERR_R_INTERNAL_ERROR);

                goto err;

            }

 

            /* Duplicate the ECDH structure. */

            if (ecdhp == NULL) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

            if (s->cert->ecdh_tmp_auto)

                ecdh = ecdhp;

            else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {                                                    ß Once the key is duplicated the memory for the application should be released?

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

 

            s->s3->tmp.ecdh = ecdh;

            if ((EC_KEY_get0_public_key(ecdh) == NULL) ||

                (EC_KEY_get0_private_key(ecdh) == NULL) ||

                (s->options & SSL_OP_SINGLE_ECDH_USE)) {

                if (!EC_KEY_generate_key(ecdh)) {

                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                           ERR_R_ECDH_LIB);

                    goto err;

                }

            }

 

            if (((group = EC_KEY_get0_group(ecdh)) == NULL) ||

                (EC_KEY_get0_public_key(ecdh) == NULL) ||

                (EC_KEY_get0_private_key(ecdh) == NULL)) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

 

            if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&

                (EC_GROUP_get_degree(group) > 163)) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       SSL_R_ECGROUP_TOO_LARGE_FOR_CIPHER);

                goto err;

            }

 

            /*

             * XXX: For now, we only support ephemeral ECDH keys over named

             * (not generic) curves. For supported named curves, curve_id is

             * non-zero.

             */

            if ((curve_id =

                 tls1_ec_nid2curve_id(EC_GROUP_get_curve_name(group)))

                == 0) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       SSL_R_UNSUPPORTED_ELLIPTIC_CURVE);

                goto err;

            }

 

            /*

             * Encode the public key. First check the size of encoding and

             * allocate memory accordingly.

             */

            encodedlen = EC_POINT_point2oct(group,

                                            EC_KEY_get0_public_key(ecdh),

                                            POINT_CONVERSION_UNCOMPRESSED,

                                            NULL, 0, NULL);

 

            encodedPoint = (unsigned char *)

                OPENSSL_malloc(encodedlen * sizeof(unsigned char));

            bn_ctx = BN_CTX_new();

            if ((encodedPoint == NULL) || (bn_ctx == NULL)) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,

                       ERR_R_MALLOC_FAILURE);

                goto err;

            }

 

            encodedlen = EC_POINT_point2oct(group,

                                            EC_KEY_get0_public_key(ecdh),

                                            POINT_CONVERSION_UNCOMPRESSED,

                                            encodedPoint, encodedlen, bn_ctx);

 

            if (encodedlen == 0) {

                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);

                goto err;

            }

 

            BN_CTX_free(bn_ctx);

            bn_ctx = NULL;

 

            /*

             * XXX: For now, we only support named (not generic) curves in

             * ECDH ephemeral key exchanges. In this situation, we need four

             * additional bytes to encode the entire ServerECDHParams

             * structure.

             */

            n = 4 + encodedlen;

 

            /*

             * We'll generate the serverKeyExchange message explicitly so we

             * can set these to NULLs

             */

            r[0] = NULL;

            r[1] = NULL;

            r[2] = NULL;

            r[3] = NULL;

        } else

 

 

Thanks for your help in advance

 

Regards

Darshan

 

 

 


--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Matt Caswell-2
In reply to this post by Mody, Darshan (Darshan)


On 15/03/17 05:44, Mody, Darshan (Darshan) wrote:

> Hi,
>
> We have observed memory leak when we register for ECDH
> callback(SSL_set_tmp_ecdh_callback). While performing negative testing
> with load we find that the applications starts leaking memory.  
>
> Further checking the Openssl implementation in the s3_srvr.c file
> (openssl version 1.0.2). I find that a pointer is not deleted after
> copying EC_KEY from the application or EC_KEY_new being called.
>
> I suspect the below code.

The code looks ok to me:

            if (s->cert->ecdh_tmp_auto)
                ecdh = ecdhp;
            else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }

            s->s3->tmp.ecdh = ecdh;

After the EC_KEY_dup() call, the result is immediately assigned to
"s->s3->tmp.ecdh". This will get freed when you call SSL_free().
Similarly in the non-callback case.

There is a potential leak in this case:

            if (s->s3->tmp.ecdh != NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
                       ERR_R_INTERNAL_ERROR);
                goto err;
            }

But this is a "should not happen" scenario - so there is another bug if
that is happening - and you would see "internal error" messages on the
error stack.

Another slight oddity in this code is the double check of ecdhp against
NULL which seems redundant (but otherwise harmless):

            if (ecdhp == NULL) {
                al = SSL_AD_HANDSHAKE_FAILURE;
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
                       SSL_R_MISSING_TMP_ECDH_KEY);
                goto f_err;
            }

            ...

            /* Duplicate the ECDH structure. */
            if (ecdhp == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }


Also note that SSL_set_tmp_ecdh_callback() has been removed from OpenSSL
1.1.0 with this commit description:

commit 6f78b9e824c053d062188578635c575017b587c5
Author:     Kurt Roeckx <[hidden email]>
AuthorDate: Fri Dec 4 22:22:31 2015 +0100
Commit:     Kurt Roeckx <[hidden email]>
CommitDate: Fri Dec 4 22:22:31 2015 +0100

    Remove support for SSL_{CTX_}set_tmp_ecdh_callback().

    This only gets used to set a specific curve without actually
checking that the
    peer supports it or not and can therefor result in handshake
failures that can
    be avoided by selecting a different cipher.

    Reviewed-by: Dr. Stephen Henson <[hidden email]>


Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Matt Caswell-2


On 21/03/17 09:46, Matt Caswell wrote:

>
> There is a potential leak in this case:
>
>             if (s->s3->tmp.ecdh != NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        ERR_R_INTERNAL_ERROR);
>                 goto err;
>             }
>
> But this is a "should not happen" scenario - so there is another bug if
> that is happening - and you would see "internal error" messages on the
> error stack.
>
> Another slight oddity in this code is the double check of ecdhp against
> NULL which seems redundant (but otherwise harmless):
>
>             if (ecdhp == NULL) {
>                 al = SSL_AD_HANDSHAKE_FAILURE;
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        SSL_R_MISSING_TMP_ECDH_KEY);
>                 goto f_err;
>             }
>
>             ...
>
>             /* Duplicate the ECDH structure. */
>             if (ecdhp == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }

Fix for the above issues (which is unlikely to solve your problem) is here:

https://github.com/openssl/openssl/pull/3003

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)
Matt,

But openssl does not release the memory when it has duplicated the EC Key which comes from the application

           /* Duplicate the ECDH structure. */
            if (ecdhp == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }
            if (s->cert->ecdh_tmp_auto)
                ecdh = ecdhp;
            else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }

Thanks
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
Sent: Tuesday, March 21, 2017 3:28 PM
To: [hidden email]
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH



On 21/03/17 09:46, Matt Caswell wrote:

>
> There is a potential leak in this case:
>
>             if (s->s3->tmp.ecdh != NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        ERR_R_INTERNAL_ERROR);
>                 goto err;
>             }
>
> But this is a "should not happen" scenario - so there is another bug
> if that is happening - and you would see "internal error" messages on
> the error stack.
>
> Another slight oddity in this code is the double check of ecdhp
> against NULL which seems redundant (but otherwise harmless):
>
>             if (ecdhp == NULL) {
>                 al = SSL_AD_HANDSHAKE_FAILURE;
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        SSL_R_MISSING_TMP_ECDH_KEY);
>                 goto f_err;
>             }
>
>             ...
>
>             /* Duplicate the ECDH structure. */
>             if (ecdhp == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }

Fix for the above issues (which is unlikely to solve your problem) is here:

https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_3003&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=pgqizfrjno8szLWBm_ROxbSePFpUYCO4KboURycC0no&e= 

Matt

--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=jaW-ScgHUXwPTGLNdnt6AsNePpsg5n1Inju4e0V6SAs&e= 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)
Should not openssl release memory from app.

Some like below

            /* Duplicate the ECDH structure. */
            if (ecdhp == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }
            if (s->cert->ecdh_tmp_auto)
                ecdh = ecdhp;
            else {
                if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
                    SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                    goto err;
                }
                else {
                    /* Release memory from cb */
                    If (NULL !=ecdhp) {
                EC_KEY_free(ecdhp);
            }
                }
            }

Thanks
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Mody, Darshan (Darshan)
Sent: Thursday, March 23, 2017 10:06 AM
To: [hidden email]
Cc: Bahr, William G (Bill)
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH

Matt,

But openssl does not release the memory when it has duplicated the EC Key which comes from the application

           /* Duplicate the ECDH structure. */
            if (ecdhp == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }
            if (s->cert->ecdh_tmp_auto)
                ecdh = ecdhp;
            else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
                SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
                goto err;
            }

Thanks
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
Sent: Tuesday, March 21, 2017 3:28 PM
To: [hidden email]
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH



On 21/03/17 09:46, Matt Caswell wrote:

>
> There is a potential leak in this case:
>
>             if (s->s3->tmp.ecdh != NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        ERR_R_INTERNAL_ERROR);
>                 goto err;
>             }
>
> But this is a "should not happen" scenario - so there is another bug
> if that is happening - and you would see "internal error" messages on
> the error stack.
>
> Another slight oddity in this code is the double check of ecdhp
> against NULL which seems redundant (but otherwise harmless):
>
>             if (ecdhp == NULL) {
>                 al = SSL_AD_HANDSHAKE_FAILURE;
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>                        SSL_R_MISSING_TMP_ECDH_KEY);
>                 goto f_err;
>             }
>
>             ...
>
>             /* Duplicate the ECDH structure. */
>             if (ecdhp == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }

Fix for the above issues (which is unlikely to solve your problem) is here:

https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_3003&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=pgqizfrjno8szLWBm_ROxbSePFpUYCO4KboURycC0no&e= 

Matt

--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=jaW-ScgHUXwPTGLNdnt6AsNePpsg5n1Inju4e0V6SAs&e=
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=ItYO5obXpUhcVAqtr-HAnmatrYOEJ-EpjZhn-eCTsyg&s=EYfD8Wpi4Eji8E2PwNF9obPY-g4EXP5FXF1AzbJtMGU&e= 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Matt Caswell-2
In reply to this post by Mody, Darshan (Darshan)


On 23/03/17 04:35, Mody, Darshan (Darshan) wrote:
> Matt,
>
> But openssl does not release the memory when it has duplicated the EC Key which comes from the application

You mean it doesn't free the return value from the callback?
Unfortunately SSL_set_tmp_ecdh_callback() is undocumented so there is no
"official" description of the memory management semantics of this
function (and like I said it has been removed from later versions of
OpenSSL altogether so it is unlikely to ever get documented). However my
interpretation of the way the code is written is that this is a
deliberate design choice, i.e. it is deliberately left to the the
application to mange this memory. Presumably multiple invocations across
multiple connections could return the same value so it would be
inappropriate for OpenSSL to free it.

Matt



>
>            /* Duplicate the ECDH structure. */
>             if (ecdhp == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }
>             if (s->cert->ecdh_tmp_auto)
>                 ecdh = ecdhp;
>             else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }
>
> Thanks
> Darshan
>
> -----Original Message-----
> From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
> Sent: Tuesday, March 21, 2017 3:28 PM
> To: [hidden email]
> Subject: Re: [openssl-dev] Memory leak in application when we use ECDH
>
>
>
> On 21/03/17 09:46, Matt Caswell wrote:
>>
>> There is a potential leak in this case:
>>
>>             if (s->s3->tmp.ecdh != NULL) {
>>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>>                        ERR_R_INTERNAL_ERROR);
>>                 goto err;
>>             }
>>
>> But this is a "should not happen" scenario - so there is another bug
>> if that is happening - and you would see "internal error" messages on
>> the error stack.
>>
>> Another slight oddity in this code is the double check of ecdhp
>> against NULL which seems redundant (but otherwise harmless):
>>
>>             if (ecdhp == NULL) {
>>                 al = SSL_AD_HANDSHAKE_FAILURE;
>>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>>                        SSL_R_MISSING_TMP_ECDH_KEY);
>>                 goto f_err;
>>             }
>>
>>             ...
>>
>>             /* Duplicate the ECDH structure. */
>>             if (ecdhp == NULL) {
>>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>>                 goto err;
>>             }
>
> Fix for the above issues (which is unlikely to solve your problem) is here:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_3003&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=pgqizfrjno8szLWBm_ROxbSePFpUYCO4KboURycC0no&e= 
>
> Matt
>
> --
> openssl-dev mailing list
> To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=jaW-ScgHUXwPTGLNdnt6AsNePpsg5n1Inju4e0V6SAs&e= 
>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)
Matt,

Even after accounting for the EC_KEY we still observe some leak. The leak started after we started using supporting EC with callback SSL_set_tmp_ecdh_callback().

The core dump shows  the string data of the far-end certificates. I cannot pin point  the code in openssl with this regard.

Thanks
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
Sent: Thursday, March 23, 2017 3:31 PM
To: [hidden email]
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH



On 23/03/17 04:35, Mody, Darshan (Darshan) wrote:
> Matt,
>
> But openssl does not release the memory when it has duplicated the EC
> Key which comes from the application

You mean it doesn't free the return value from the callback?
Unfortunately SSL_set_tmp_ecdh_callback() is undocumented so there is no "official" description of the memory management semantics of this function (and like I said it has been removed from later versions of OpenSSL altogether so it is unlikely to ever get documented). However my interpretation of the way the code is written is that this is a deliberate design choice, i.e. it is deliberately left to the the application to mange this memory. Presumably multiple invocations across multiple connections could return the same value so it would be inappropriate for OpenSSL to free it.

Matt



>
>            /* Duplicate the ECDH structure. */
>             if (ecdhp == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }
>             if (s->cert->ecdh_tmp_auto)
>                 ecdh = ecdhp;
>             else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) {
>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>                 goto err;
>             }
>
> Thanks
> Darshan
>
> -----Original Message-----
> From: openssl-dev [mailto:[hidden email]] On Behalf
> Of Matt Caswell
> Sent: Tuesday, March 21, 2017 3:28 PM
> To: [hidden email]
> Subject: Re: [openssl-dev] Memory leak in application when we use ECDH
>
>
>
> On 21/03/17 09:46, Matt Caswell wrote:
>>
>> There is a potential leak in this case:
>>
>>             if (s->s3->tmp.ecdh != NULL) {
>>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>>                        ERR_R_INTERNAL_ERROR);
>>                 goto err;
>>             }
>>
>> But this is a "should not happen" scenario - so there is another bug
>> if that is happening - and you would see "internal error" messages on
>> the error stack.
>>
>> Another slight oddity in this code is the double check of ecdhp
>> against NULL which seems redundant (but otherwise harmless):
>>
>>             if (ecdhp == NULL) {
>>                 al = SSL_AD_HANDSHAKE_FAILURE;
>>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,
>>                        SSL_R_MISSING_TMP_ECDH_KEY);
>>                 goto f_err;
>>             }
>>
>>             ...
>>
>>             /* Duplicate the ECDH structure. */
>>             if (ecdhp == NULL) {
>>                 SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB);
>>                 goto err;
>>             }
>
> Fix for the above issues (which is unlikely to solve your problem) is here:
>
> https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openss
> l_openssl_pull_3003&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7I
> nzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuk
> i2qv8&s=pgqizfrjno8szLWBm_ROxbSePFpUYCO4KboURycC0no&e=
>
> Matt
>
> --
> openssl-dev mailing list
> To unsubscribe:
> https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_m
> ailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEU
> LbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi
> -yB56pEUuki2qv8&s=jaW-ScgHUXwPTGLNdnt6AsNePpsg5n1Inju4e0V6SAs&e=
>
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=jvDI18EtBUGVhF0dlpzP1E0w75ZPjyBprI47vr1-QlA&s=QwfWOZbsFqgCiO23c3Z6HmnkCgfsT94LaHQSoaQLIFM&e= 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Matt Caswell-2


On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
> Matt,
>
> Even after accounting for the EC_KEY we still observe some leak. The
> leak started after we started using supporting EC with callback
> SSL_set_tmp_ecdh_callback().
>
> The core dump shows  the string data of the far-end certificates. I
> cannot pin point  the code in openssl with this regard.

Are you able to create a simple reproducer demonstrating the problem
with the callback?

Matt

--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)
Can you further elaborate?

What we did is to create a TLS connection and with invalid certificates from the client and server on verification would reject the certificate. The cipher negotiated was ECDHE cipher between client and server.

This was done with load (multiple while 1 script trying to connect to server using invalid certificates and in course of time the memory was increasing).

Thanks
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
Sent: Thursday, March 23, 2017 4:09 PM
To: [hidden email]
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH



On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
> Matt,
>
> Even after accounting for the EC_KEY we still observe some leak. The
> leak started after we started using supporting EC with callback
> SSL_set_tmp_ecdh_callback().
>
> The core dump shows  the string data of the far-end certificates. I
> cannot pin point  the code in openssl with this regard.

Are you able to create a simple reproducer demonstrating the problem
with the callback?

Matt

--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=bLfMhjtc7o6YlbbKPhSGSKPuhTJsYubiC_LV17YO3do&s=CIdcV48IKxBzbTWaEpB4zcKDD76FwUj3wuMFrxa50UY&e= 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Matt Caswell-2


On 23/03/17 13:19, Mody, Darshan (Darshan) wrote:

> Can you further elaborate?
>
> What we did is to create a TLS connection and with invalid
> certificates from the client and server on verification would reject
> the certificate. The cipher negotiated was ECDHE cipher between
> client and server.
>
> This was done with load (multiple while 1 script trying to connect to
> server using invalid certificates and in course of time the memory
> was increasing).

Without being able to recreate the problem its going to be very
difficult/impossible for us to fix it (assuming the problem is in
OpenSSl itself). We would need some simple reproducer code that
demonstrates the problem occurring.

Matt


>
> Thanks Darshan
>
> -----Original Message----- From: openssl-dev
> [mailto:[hidden email]] On Behalf Of Matt Caswell
> Sent: Thursday, March 23, 2017 4:09 PM To: [hidden email]
> Subject: Re: [openssl-dev] Memory leak in application when we use
> ECDH
>
>
>
> On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
>> Matt,
>>
>> Even after accounting for the EC_KEY we still observe some leak.
>> The leak started after we started using supporting EC with
>> callback SSL_set_tmp_ecdh_callback().
>>
>> The core dump shows  the string data of the far-end certificates.
>> I cannot pin point  the code in openssl with this regard.
>
> Are you able to create a simple reproducer demonstrating the problem
> with the callback?
>
> Matt
>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)
Matt,

Below is the scenario.

1. Have server open a listen socket which always validates the client certificate and chain.
2. On server support ECDHE using callback. Ensure the EC_KEY passed to openssl from app is cleaned up by the app.
3. Connect client with certificates that server does not trust.
4. The connections from client to server fails

In course of time the app running the server has been leaking. Even after accounting for the EC_KEY passed by the server app to openssl we find there seems to be leak. Further investigation on the core dumps generated from the server app shows that it has the certificates from the client saved.

Hope this helps

Thanks
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
Sent: Thursday, March 23, 2017 6:55 PM
To: [hidden email]
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH



On 23/03/17 13:19, Mody, Darshan (Darshan) wrote:

> Can you further elaborate?
>
> What we did is to create a TLS connection and with invalid
> certificates from the client and server on verification would reject
> the certificate. The cipher negotiated was ECDHE cipher between client
> and server.
>
> This was done with load (multiple while 1 script trying to connect to
> server using invalid certificates and in course of time the memory was
> increasing).

Without being able to recreate the problem its going to be very difficult/impossible for us to fix it (assuming the problem is in OpenSSl itself). We would need some simple reproducer code that demonstrates the problem occurring.

Matt


>
> Thanks Darshan
>
> -----Original Message----- From: openssl-dev
> [mailto:[hidden email]] On Behalf Of Matt Caswell
> Sent: Thursday, March 23, 2017 4:09 PM To: [hidden email]
> Subject: Re: [openssl-dev] Memory leak in application when we use ECDH
>
>
>
> On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
>> Matt,
>>
>> Even after accounting for the EC_KEY we still observe some leak.
>> The leak started after we started using supporting EC with
>> callback SSL_set_tmp_ecdh_callback().
>>
>> The core dump shows  the string data of the far-end certificates.
>> I cannot pin point  the code in openssl with this regard.
>
> Are you able to create a simple reproducer demonstrating the problem
> with the callback?
>
> Matt
>
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=VbrRgO8PZIVkFM4PjeK7TEgKDHnbLu_QfbyqRhmvx8I&s=u0cR7sQf_Zz8FoCnrzgLc3drBSR8Ou1qDUyxV8z1xYQ&e= 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Richard Levitte - VMS Whacker-2
I think that Matt is asking for example code that exhibits this leak.
You could patch apps/s_server.c with your callback, or ssl/ssltest.c,
and give us that patch.

The reason is that we can't know what assumptions you're going with in
your callback or application, so if we code an example together, it
will be with Our conditions, not yours, and therefore a pretty bad
method to figure this out.

Cheers,
Richard

In message <[hidden email]> on Thu, 23 Mar 2017 13:47:10 +0000, "Mody, Darshan (Darshan)" <[hidden email]> said:

darshanmody> Matt,
darshanmody>
darshanmody> Below is the scenario.
darshanmody>
darshanmody> 1. Have server open a listen socket which always validates the client certificate and chain.
darshanmody> 2. On server support ECDHE using callback. Ensure the EC_KEY passed to openssl from app is cleaned up by the app.
darshanmody> 3. Connect client with certificates that server does not trust.
darshanmody> 4. The connections from client to server fails
darshanmody>
darshanmody> In course of time the app running the server has been leaking. Even after accounting for the EC_KEY passed by the server app to openssl we find there seems to be leak. Further investigation on the core dumps generated from the server app shows that it has the certificates from the client saved.
darshanmody>
darshanmody> Hope this helps
darshanmody>
darshanmody> Thanks
darshanmody> Darshan
darshanmody>
darshanmody> -----Original Message-----
darshanmody> From: openssl-dev [mailto:[hidden email]] On Behalf Of Matt Caswell
darshanmody> Sent: Thursday, March 23, 2017 6:55 PM
darshanmody> To: [hidden email]
darshanmody> Subject: Re: [openssl-dev] Memory leak in application when we use ECDH
darshanmody>
darshanmody>
darshanmody>
darshanmody> On 23/03/17 13:19, Mody, Darshan (Darshan) wrote:
darshanmody> > Can you further elaborate?
darshanmody> >
darshanmody> > What we did is to create a TLS connection and with invalid
darshanmody> > certificates from the client and server on verification would reject
darshanmody> > the certificate. The cipher negotiated was ECDHE cipher between client
darshanmody> > and server.
darshanmody> >
darshanmody> > This was done with load (multiple while 1 script trying to connect to
darshanmody> > server using invalid certificates and in course of time the memory was
darshanmody> > increasing).
darshanmody>
darshanmody> Without being able to recreate the problem its going to be very difficult/impossible for us to fix it (assuming the problem is in OpenSSl itself). We would need some simple reproducer code that demonstrates the problem occurring.
darshanmody>
darshanmody> Matt
darshanmody>
darshanmody>
darshanmody> >
darshanmody> > Thanks Darshan
darshanmody> >
darshanmody> > -----Original Message----- From: openssl-dev
darshanmody> > [mailto:[hidden email]] On Behalf Of Matt Caswell
darshanmody> > Sent: Thursday, March 23, 2017 4:09 PM To: [hidden email]
darshanmody> > Subject: Re: [openssl-dev] Memory leak in application when we use ECDH
darshanmody> >
darshanmody> >
darshanmody> >
darshanmody> > On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
darshanmody> >> Matt,
darshanmody> >>
darshanmody> >> Even after accounting for the EC_KEY we still observe some leak.
darshanmody> >> The leak started after we started using supporting EC with
darshanmody> >> callback SSL_set_tmp_ecdh_callback().
darshanmody> >>
darshanmody> >> The core dump shows  the string data of the far-end certificates.
darshanmody> >> I cannot pin point  the code in openssl with this regard.
darshanmody> >
darshanmody> > Are you able to create a simple reproducer demonstrating the problem
darshanmody> > with the callback?
darshanmody> >
darshanmody> > Matt
darshanmody> >
darshanmody> --
darshanmody> openssl-dev mailing list
darshanmody> To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=VbrRgO8PZIVkFM4PjeK7TEgKDHnbLu_QfbyqRhmvx8I&s=u0cR7sQf_Zz8FoCnrzgLc3drBSR8Ou1qDUyxV8z1xYQ&e= 
darshanmody> --
darshanmody> openssl-dev mailing list
darshanmody> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
darshanmody>
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Memory leak in application when we use ECDH

Mody, Darshan (Darshan)
Thanks Richard and Matt,

I will patch it and send the patch. It will take me couple of days.

Regards
Darshan

-----Original Message-----
From: openssl-dev [mailto:[hidden email]] On Behalf Of Richard Levitte
Sent: Thursday, March 23, 2017 7:31 PM
To: [hidden email]
Subject: Re: [openssl-dev] Memory leak in application when we use ECDH

I think that Matt is asking for example code that exhibits this leak.
You could patch apps/s_server.c with your callback, or ssl/ssltest.c, and give us that patch.

The reason is that we can't know what assumptions you're going with in your callback or application, so if we code an example together, it will be with Our conditions, not yours, and therefore a pretty bad method to figure this out.

Cheers,
Richard

In message <[hidden email]> on Thu, 23 Mar 2017 13:47:10 +0000, "Mody, Darshan (Darshan)" <[hidden email]> said:

darshanmody> Matt,
darshanmody>
darshanmody> Below is the scenario.
darshanmody>
darshanmody> 1. Have server open a listen socket which always validates the client certificate and chain.
darshanmody> 2. On server support ECDHE using callback. Ensure the EC_KEY passed to openssl from app is cleaned up by the app.
darshanmody> 3. Connect client with certificates that server does not trust.
darshanmody> 4. The connections from client to server fails
darshanmody>
darshanmody> In course of time the app running the server has been leaking. Even after accounting for the EC_KEY passed by the server app to openssl we find there seems to be leak. Further investigation on the core dumps generated from the server app shows that it has the certificates from the client saved.
darshanmody>
darshanmody> Hope this helps
darshanmody>
darshanmody> Thanks
darshanmody> Darshan
darshanmody>
darshanmody> -----Original Message-----
darshanmody> From: openssl-dev [mailto:[hidden email]]
darshanmody> On Behalf Of Matt Caswell
darshanmody> Sent: Thursday, March 23, 2017 6:55 PM
darshanmody> To: [hidden email]
darshanmody> Subject: Re: [openssl-dev] Memory leak in application when
darshanmody> we use ECDH
darshanmody>
darshanmody>
darshanmody>
darshanmody> On 23/03/17 13:19, Mody, Darshan (Darshan) wrote:
darshanmody> > Can you further elaborate?
darshanmody> >
darshanmody> > What we did is to create a TLS connection and with
darshanmody> > invalid certificates from the client and server on
darshanmody> > verification would reject the certificate. The cipher
darshanmody> > negotiated was ECDHE cipher between client and server.
darshanmody> >
darshanmody> > This was done with load (multiple while 1 script trying
darshanmody> > to connect to server using invalid certificates and in
darshanmody> > course of time the memory was increasing).
darshanmody>
darshanmody> Without being able to recreate the problem its going to be very difficult/impossible for us to fix it (assuming the problem is in OpenSSl itself). We would need some simple reproducer code that demonstrates the problem occurring.
darshanmody>
darshanmody> Matt
darshanmody>
darshanmody>
darshanmody> >
darshanmody> > Thanks Darshan
darshanmody> >
darshanmody> > -----Original Message----- From: openssl-dev
darshanmody> > [mailto:[hidden email]] On Behalf Of
darshanmody> > Matt Caswell
darshanmody> > Sent: Thursday, March 23, 2017 4:09 PM To:
darshanmody> > [hidden email]
darshanmody> > Subject: Re: [openssl-dev] Memory leak in application
darshanmody> > when we use ECDH
darshanmody> >
darshanmody> >
darshanmody> >
darshanmody> > On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
darshanmody> >> Matt,
darshanmody> >>
darshanmody> >> Even after accounting for the EC_KEY we still observe some leak.
darshanmody> >> The leak started after we started using supporting EC
darshanmody> >> with callback SSL_set_tmp_ecdh_callback().
darshanmody> >>
darshanmody> >> The core dump shows  the string data of the far-end certificates.
darshanmody> >> I cannot pin point  the code in openssl with this regard.
darshanmody> >
darshanmody> > Are you able to create a simple reproducer demonstrating
darshanmody> > the problem with the callback?
darshanmody> >
darshanmody> > Matt
darshanmody> >
darshanmody> --
darshanmody> openssl-dev mailing list
darshanmody> To unsubscribe:
darshanmody> https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.op
darshanmody> enssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8
darshanmody> bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrK
darshanmody> fQ&m=VbrRgO8PZIVkFM4PjeK7TEgKDHnbLu_QfbyqRhmvx8I&s=u0cR7sQf
darshanmody> _Zz8FoCnrzgLc3drBSR8Ou1qDUyxV8z1xYQ&e=
darshanmody> --
darshanmody> openssl-dev mailing list
darshanmody> To unsubscribe:
darshanmody> https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.op
darshanmody> enssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8
darshanmody> bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrK
darshanmody> fQ&m=OtZlUFiavvOVqXL900IST85y3pZLikUdEgekBIIyZoI&s=3T5xlm8q
darshanmody> 92-eP1ItbDzGOU972l4wFrkJUgLrBNR4Qx8&e=
darshanmody>
--
openssl-dev mailing list
To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=OtZlUFiavvOVqXL900IST85y3pZLikUdEgekBIIyZoI&s=3T5xlm8q92-eP1ItbDzGOU972l4wFrkJUgLrBNR4Qx8&e= 
--
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Loading...