Upon further investigation, it looks like the problem is in your sample code. You need to invoke CRYPTO_cleanup_all_ex_data() before terminating your program.
On 05/13/2015 07:25 AM, Henrik Grindal Bakken wrote: > Hi. I have an application that generates Diffie-Hellman key pairs based > on some precomputed primes. > > In 1.0.1 (and earlier) this works just fine, while in 1.0.2 it gives > valgrind errors (while still working). > > The error only occurs on x86_64, and it does not occur on 1024 bit DH. > > I've attached the source code of the small application. All it does is > generate a DH key pair using fixed primes. I'm not really sure where > the primes come from, but this is used for H.235 (video conferencing > call setup), and I think the primes are standardized. > > Output here: > > Using the native openssl on the box (1.0.1e): > $ gcc -o dh-1.0.1 dh.c -lcrypto > $ valgrind ./dh-1.0.1 > ==4730== Memcheck, a memory error detector > ==4730== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. > ==4730== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info > ==4730== Command: ./dh-1.0.1 > ==4730== > ==4730== > ==4730== HEAP SUMMARY: > ==4730== in use at exit: 416 bytes in 6 blocks > ==4730== total heap usage: 115 allocs, 109 frees, 31,224 bytes allocated > ==4730== > ==4730== LEAK SUMMARY: > ==4730== definitely lost: 0 bytes in 0 blocks > ==4730== indirectly lost: 0 bytes in 0 blocks > ==4730== possibly lost: 0 bytes in 0 blocks > ==4730== still reachable: 416 bytes in 6 blocks > ==4730== suppressed: 0 bytes in 0 blocks > ==4730== Rerun with --leak-check=full to see details of leaked memory > ==4730== > ==4730== For counts of detected and suppressed errors, rerun with: -v > ==4730== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) > > I've also built myself a 1.0.2 build, using './config -DPURIFY shared' > (purify to remove other valgrind warnings that would come when reading > uninitialized data). > > $ gcc -o dh-1.0.2 -L~/src/thirdparty/openssl -isystem > ~/src/thirdparty/openssl/include dh.c -lcrypto > $ LD_LIBRARY_PATH=~/src/thirdparty/openssl valgrind ./dh-1.0.2 > ==14854== Memcheck, a memory error detector > ==14854== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. > ==14854== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info > ==14854== Command: ./dh-1.0.2 > ==14854== > ==14854== Invalid read of size 2 > ==14854== at 0x4F09198: bn_get_bits5 (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x4F32B47: generate_key (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x400A30: main (in /home/henribak/tmp/dh-1.0.2) > ==14854== Address 0x581d77f is 255 bytes inside a block of size 256 alloc'd > ==14854== at 0x4C29BFD: malloc (in > /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) > ==14854== by 0x4E9DF62: CRYPTO_malloc (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x4EFCAA7: bn_expand_internal (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x4EFCFA4: bn_expand2 (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x4EFD39F: BN_bin2bn (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x4F010FA: BN_rand (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x4F32B0E: generate_key (in > /home/henribak/src/thirdparty/openssl/libcrypto.so.1.0.0) > ==14854== by 0x400A30: main (in /home/henribak/tmp/dh-1.0.2) > ==14854== > ==14854== > ==14854== HEAP SUMMARY: > ==14854== in use at exit: 416 bytes in 6 blocks > ==14854== total heap usage: 112 allocs, 106 frees, 21,000 bytes allocated > ==14854== > ==14854== LEAK SUMMARY: > ==14854== definitely lost: 0 bytes in 0 blocks > ==14854== indirectly lost: 0 bytes in 0 blocks > ==14854== possibly lost: 0 bytes in 0 blocks > ==14854== still reachable: 416 bytes in 6 blocks > ==14854== suppressed: 0 bytes in 0 blocks > ==14854== Rerun with --leak-check=full to see details of leaked memory > ==14854== > ==14854== For counts of detected and suppressed errors, rerun with: -v > ==14854== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 2 from 2) > > Then, same openssl version but with 1024 bit DH: > $ LD_LIBRARY_PATH=~/src/thirdparty/openssl valgrind ./dh-1.0.2 1024 > ==14730== Memcheck, a memory error detector > ==14730== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. > ==14730== Using Valgrind-3.10.0 and LibVEX; rerun with -h for copyright info > ==14730== Command: ./dh-1.0.2 1024 > ==14730== > ==14730== > ==14730== HEAP SUMMARY: > ==14730== in use at exit: 416 bytes in 6 blocks > ==14730== total heap usage: 112 allocs, 106 frees, 14,472 bytes allocated > ==14730== > ==14730== LEAK SUMMARY: > ==14730== definitely lost: 0 bytes in 0 blocks > ==14730== indirectly lost: 0 bytes in 0 blocks > ==14730== possibly lost: 0 bytes in 0 blocks > ==14730== still reachable: 416 bytes in 6 blocks > ==14730== suppressed: 0 bytes in 0 blocks > ==14730== Rerun with --leak-check=full to see details of leaked memory > ==14730== > ==14730== For counts of detected and suppressed errors, rerun with: -v > ==14730== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 2 from 2) > > > > > > _______________________________________________ > openssl-dev mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev