[openssl/openssl] 32aba7: Fix unbounded memory growth when using no-cached-f...
Matt Caswell
noreply at github.com
Fri Mar 15 18:18:26 UTC 2024
Branch: refs/heads/openssl-3.2
Home: https://github.com/openssl/openssl
Commit: 32aba79e2737d10a43763294bee756a66ad10439
https://github.com/openssl/openssl/commit/32aba79e2737d10a43763294bee756a66ad10439
Author: Matt Caswell <matt at openssl.org>
Date: 2024-03-15 (Fri, 15 Mar 2024)
Changed paths:
M crypto/evp/keymgmt_lib.c
M crypto/evp/p_lib.c
Log Message:
-----------
Fix unbounded memory growth when using no-cached-fetch
When OpenSSL has been compiled with no-cached-fetch we do not cache
algorithms fetched from a provider. When we export an EVP_PKEY to a
provider we cache the details of that export in the operation cache for
that EVP_PKEY. Amoung the details we cache is the EVP_KEYMGMT that we used
for the export. When we come to reuse the key in the same provider that
we have previously exported the key to, we check the operation cache for
the cached key data. However because the EVP_KEYMGMT instance was not
cached then instance will be different every time and we were not
recognising that we had already exported the key to the provider.
This causes us to re-export the key to the same provider everytime the key
is used. Since this consumes memory we end up with unbounded memory growth.
The fix is to be more intelligent about recognising that we have already
exported key data to a given provider even if the EVP_KEYMGMT instance is
different.
Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Neil Horman <nhorman at openssl.org>
Reviewed-by: Paul Dale <ppzgs1 at gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23841)
(cherry picked from commit dc9bc6c8e1bd329ead703417a2235ab3e97557ec)
To unsubscribe from these emails, change your notification settings at https://github.com/openssl/openssl/settings/notifications
More information about the openssl-commits
mailing list