Matt, But openssl does not release the memory when it has duplicated the EC Key which comes from the application
/* Duplicate the ECDH structure. */ if (ecdhp == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); goto err; } if (s->cert->ecdh_tmp_auto) ecdh = ecdhp; else if ((ecdh = EC_KEY_dup(ecdhp)) == NULL) { SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); goto err; } Thanks Darshan -----Original Message----- From: openssl-dev [mailto:openssl-dev-boun...@openssl.org] On Behalf Of Matt Caswell Sent: Tuesday, March 21, 2017 3:28 PM To: openssl-dev@openssl.org Subject: Re: [openssl-dev] Memory leak in application when we use ECDH On 21/03/17 09:46, Matt Caswell wrote: > > There is a potential leak in this case: > > if (s->s3->tmp.ecdh != NULL) { > SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, > ERR_R_INTERNAL_ERROR); > goto err; > } > > But this is a "should not happen" scenario - so there is another bug > if that is happening - and you would see "internal error" messages on > the error stack. > > Another slight oddity in this code is the double check of ecdhp > against NULL which seems redundant (but otherwise harmless): > > if (ecdhp == NULL) { > al = SSL_AD_HANDSHAKE_FAILURE; > SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, > SSL_R_MISSING_TMP_ECDH_KEY); > goto f_err; > } > > ... > > /* Duplicate the ECDH structure. */ > if (ecdhp == NULL) { > SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_ECDH_LIB); > goto err; > } Fix for the above issues (which is unlikely to solve your problem) is here: https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_openssl_openssl_pull_3003&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=pgqizfrjno8szLWBm_ROxbSePFpUYCO4KboURycC0no&e= Matt -- openssl-dev mailing list To unsubscribe: https://urldefense.proofpoint.com/v2/url?u=https-3A__mta.openssl.org_mailman_listinfo_openssl-2Ddev&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=bsEULbVnjelD7InzgsegHBEbtXzaIDagy9EuEhJrKfQ&m=lmOlT993M2YueHJqZT9cKMDBkwGi-yB56pEUuki2qv8&s=jaW-ScgHUXwPTGLNdnt6AsNePpsg5n1Inju4e0V6SAs&e= -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev