[RFC] Cleanup contexts in tls1_P_hash

Thu, 19 Jun 2014 07:09:05 -0700 

When using OpenSSL SSL/TLS with cryptodev or OCF engines, it appears
that some sessions are not closed. Since cryptodev (and I think OCF too)
maintain a list of open sessions in the kernel, such lists keep growing
to a point where the CPU usage goes up in the kernel finally making things
unresponsive.

This patch fixes the issue, however I'm not sure if its the right
approach or may be introducing another issue. It appears to fix the high
CPU usage and everything works fine, however a customer is now reporting
a error from the SSL library when used from a Java application. Please
take a look at the patch and let me know if there's anything I'm doing
wrong or if there's a better fix. This applies for OpenSSL version 1.0.1g.

Here's the trace back from the Java application:

2014-06-18 13:43:24,147 ERROR [synchr] WebConnection - error in post
attempt #1, dt=2080
javax.net.ssl.SSLProtocolException: Read error: ssl=0x429afa88: Failure
in
SSL library, usually a protocol error
        at com.apogee.openssl.jsse.NativeCrypto.SSL_read(Native Method)
        at
com.apogee.openssl.jsse.OpenSSLSocketImpl$SSLInputStream.
            read(OpenSSLSocketImpl.java:923)
        at java.io.InputStream.read(InputStream.java:101)
        at
com.att.dlc.xail.WebConnection.readResponse(WebConnection.java:3167)
        at
com.att.dlc.xail.WebConnection.sendPost(WebConnection.java:3030)
        at
com.att.dlc.xail.WebConnection.sendCommandsSync(WebConnection.java:2750)
        at
com.att.dlc.xail.WebConnection.sendCommandsSync(WebConnection.java:2699)
        at
com.att.dlc.xail.WebConnection.access$2200(WebConnection.java:117)
        at
com.att.dlc.xail.WebConnection$ManagedObjectSynchronizer.update
                   (WebConnection.java:4519)
        at
com.att.dlc.xail.WebConnection$ManagedObjectSynchronizer.run
                   (WebConnection.java:4496)
        at java.lang.Thread.run(Thread.java:857)

Cc: Dr. Stephen Henson <st...@openssl.org>
Cc: Ralf S. Engelschall <r...@openssl.org>
Cc: Andy Polyakov <ap...@openssl.org>
Signed-off-by: Joel Fernandes <jo...@ti.com>
---
 ssl/t1_enc.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 809ad2e..2135f1b 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -195,6 +195,8 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned 
char *sec,
 
        for (;;)
                {
+               EVP_MD_CTX_cleanup(&ctx);
+               EVP_MD_CTX_cleanup(&ctx_tmp);
                /* Reinit mac contexts */
                if (!EVP_DigestSignInit(&ctx,NULL,md, NULL, mac_key))
                        goto err;
-- 
1.7.9.5

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to