[openssl-users] Potential memory leak in RSA_private_decrypt

Matt Caswell matt at openssl.org
Wed Nov 8 10:00:56 UTC 2017

On 08/11/17 09:47, Wang wrote:
> Hello Matt,
> Thank you for trying to help.
>>>> Is this the "bottom" of the OpenSSL stack? i.e. your application calls 
>>>> RSA_private_decrypt() directly? 
> Yes, it does.
>>>> Do you share a single RSA object across multiple threads? 
> Yes, my application shares a single RSA object across many concurrent
> threads. Namely RSA_private_decrypt()  is called with the same RSA object
> concurrently across many threads.
> Does this cause any issue? I checked OpenSSL document, but didn't find
> anything related to this kind of restriction
> (https://www.openssl.org/docs/manmaster/man3/RSA_public_encrypt.html). Or
> this restriction is undocumented? 


>From the FAQ:

"1. Is OpenSSL thread-safe?

Yes but with some limitations; for example, an SSL connection cannot be
used concurrently by multiple threads. This is true for most OpenSSL


This is also true for the RSA object. Temporary, thread specific
blinding state is held in the RSA object so it cannot be shared across
multiple threads.


More information about the openssl-users mailing list