[openssl-users] Potential memory leak in RSA_private_decrypt

Wang wangqun at alumni.nus.edu.sg
Wed Nov 8 10:09:18 UTC 2017

Thanks again, Rich.

>>>There is something strange with the RSA private key or it’s BN_CONT
>>>Are you sure that you are properly releasing all OpenSSL objecdts in your
My application is a server. When it is initialized it calls RSA_new() to
allocate a RSA object. When the server is running, it keeps accepting
concurrent connection requests from many clients. When handling a connection
request it calls RSA_private_decrypt() to decrypt the encrypted password.
What a client does is to connect to the server and then disconnect at once.
Hence it takes very little time for each client. The RSA object is not
released until the server is shutdown.


Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html

More information about the openssl-users mailing list