Fw: Reg: Memory leaks Using OpenSSL API - Unsure

pauli at openssl.org pauli at openssl.org
Sun Apr 10 08:18:31 UTC 2022 

Any chance of running your server under valgrind or similar?
This should make the leaks more concrete.


Pauli

On 10/4/22 6:07 pm, Ram Chandra via openssl-users wrote:
>
> Hi,
> I have recently started developing using OpenSSL and i am 
> confused/unclear about below topic.
>
> Request you to help me.
>
> I am running a DTLS Server which handles more than 1000 connections.
> The problem i am facing is every time I close connections and also 
> connect again I see there is some RAM memory utilization increases.
>
> I wonder there is a leak in memory from my below approach of calling 
> functions
> "Initialize_Sever_Context" ,
> "create_connexion" and
> "close_connexion".
>
> The exact code is too big to create actual scenario, so i just 
> outlined the steps.
>
> Pls let me know if any extra information is required?
>
> I am using OpenSSL version 1.1.1k on Linux.
>
> //connect_info structure user defined
> {
>  void* sll;
>  void* bio;
>  ....
> }array_of_connections
>
> *connect_info = &array_of_connections;
> // global
> SSL_CTX* server_ctx;
>
> Initialize_Sever_Context()
> {
>     // server_ctx is global
>     server_ctx = SSL_CTX_new(DTLS_server_method());
>     X509_VERIFY_PARAM *local_vpm = X509_VERIFY_PARAM_new()
>
>     //setting verify flags, cookie flags and cypher lists etc..
>     //....
>     SSL_CTX_set1_param(server_ctx, local_vpm);
> X509_VERIFY_PARAM_free(local_vpm);
> }
>
> create_connexion(connect_info)
> {
>     // server_ctx is global
>     ssl = SSL_new(server_ctx);
>     bio = BIO_new_dgram(handler, BIO_NOCLOSE); //not sure it is ok to 
> use BIO_CLOSE
>     ..
>     ..
>     SSL_set_bio(ssl, bio, bio);
>     connect_info->ssl = ssl;
>     connect_info->bio = bio;
>
> }
> //pre connection close
> handle_closed_connexions()
> {
>     for(conn = 1; conn<MAX_CONN;conn++)
>     {
>         close_connexion(connect_info[conn]);
>     }
> }
> // frees the existing closed connections and make SSL ready to handle 
> new connections
> close_connexion(connect_info)
> {
>     // store prev ssl objects
>     SLL *local_ssl = connect_info -> ssl;
>     // make setup ready for the next connexions
>     // and start listening
>     create_connexion(connect_info)
>
>     // free the previous closed connections
>     // frees the server_ctx also from inside
>     SSL_free(local_ssl);
> }
>
> Inside SSL_free we have BIO_free_all(s->rbio), BIO_free_all(s->rbio) 
> and BIO_CTX_free(s->ctx) and finally OPENSSL_free(s)
>
> As far as i understand when we do SSL_free, all the members(pointers) 
> inside SLL object are freed.
> So i expect the application to crash.(because "server_ctx" is a global 
> pointer which will be set to "s->ctx" through function SSL_new and 
> also freed by SLL_free and after free i am not setting
> server_ctx = NULL also not calling SSL_CTX_new(DTLS_server_method());)
>
> But my application is working fine.
>
> My doubt is , does OpenSSL cache the context detail inside SSL, some 
> where?
>
> or
>
> I Should set server_context to NULL and allocate memory for every new 
> connection which was closed before?
>
>
> Regards,
> Chand
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20220410/4ccc66c7/attachment-0001.htm>

More information about the openssl-users mailing list