[openssl-users] Potential memory leak in RSA_private_decrypt

Wang wangqun at alumni.nus.edu.sg
Wed Nov 8 09:47:39 UTC 2017

Hello Matt,

Thank you for trying to help.

>>>Is this the "bottom" of the OpenSSL stack? i.e. your application calls 
>>>RSA_private_decrypt() directly? 
Yes, it does.

>>>Do you share a single RSA object across multiple threads? 
Yes, my application shares a single RSA object across many concurrent
threads. Namely RSA_private_decrypt()  is called with the same RSA object
concurrently across many threads.

Does this cause any issue? I checked OpenSSL document, but didn't find
anything related to this kind of restriction
(https://www.openssl.org/docs/manmaster/man3/RSA_public_encrypt.html). Or
this restriction is undocumented? 


Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

More information about the openssl-users mailing list