[openssl-dev] Memory leak in application when we use ECDH
Matt Caswell
matt at openssl.org
Thu Mar 23 13:25:01 UTC 2017
On 23/03/17 13:19, Mody, Darshan (Darshan) wrote:
> Can you further elaborate?
>
> What we did is to create a TLS connection and with invalid
> certificates from the client and server on verification would reject
> the certificate. The cipher negotiated was ECDHE cipher between
> client and server.
>
> This was done with load (multiple while 1 script trying to connect to
> server using invalid certificates and in course of time the memory
> was increasing).
Without being able to recreate the problem its going to be very
difficult/impossible for us to fix it (assuming the problem is in
OpenSSl itself). We would need some simple reproducer code that
demonstrates the problem occurring.
Matt
>
> Thanks Darshan
>
> -----Original Message----- From: openssl-dev
> [mailto:openssl-dev-bounces at openssl.org] On Behalf Of Matt Caswell
> Sent: Thursday, March 23, 2017 4:09 PM To: openssl-dev at openssl.org
> Subject: Re: [openssl-dev] Memory leak in application when we use
> ECDH
>
>
>
> On 23/03/17 10:13, Mody, Darshan (Darshan) wrote:
>> Matt,
>>
>> Even after accounting for the EC_KEY we still observe some leak.
>> The leak started after we started using supporting EC with
>> callback SSL_set_tmp_ecdh_callback().
>>
>> The core dump shows the string data of the far-end certificates.
>> I cannot pin point the code in openssl with this regard.
>
> Are you able to create a simple reproducer demonstrating the problem
> with the callback?
>
> Matt
>
More information about the openssl-dev
mailing list