Memory leak issue with TLSv1.3 usage - OpensSSL-3.1.0

[Ishani]

Hi All,


     After changing the TLS protocol to TLSv1.3, we are observing some
memory leaks that indicates that the memory allocated for new session in
new_session_cb() is not freed properly. However, I have cleaned up the
memory as part of remove_session_cb() but still that memory leaks are
visible.


Architecture:
1. One multithreaded process that makes multiples TLS client connections.
2. One SSL_CTX for this process that internally manages the session cache
also.
3. One External cache to use the TLS session from the internal cache.
4. For each thread/connection, SSL and SSL_SESSION is created and kept in
the internal and external cache.



Ideally, whenever a client is disconnected, the corresponding SSL_SESSION
need to be removed from internal cache using SSL_CTX_remove_session() and
then SSL_free() should be called to free the SSL and corresponding
SSL_SESSION. But for some of the test cases I observed the crash because of
double free when SSL_CTX_free() is called during the process shutdown.

What should be the proper sequence of cleaning up the SSL_SESSION, SSL,
SSL_CTX and removing session from the internal cache?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230816/ffca5c1d/attachment.htm>