I found that I actually had to BIO_free() the bio used by SSL for encrypted traffic AND perform an SSL_free() as well: the bio had a reference count of 2.
Here's what's happening: When I create the bio pair, each bio has a reference count of one. When I create the ap bio, it has a reference count of one. When I tell the SSL session to use it's side of the bio pair (bio, as opposed to io_bio), both bio and io_bio STILL have a reference count of one. So far, so good. When I tell the ap_bio to use the SSL session (BIO_set_SSL() call), the SSL bio's reference count is incremented! As Scooby would say, "Ruh Roh!". On deallocation, when I BIO_free() the ap_bio, it's reference count goes to zero, and it's memory is freed. But, the underlying SSL bio still has a reference count of 2! EITHER BIO_free() on the app_bio should decrement the reference count that it incremented on the SSL bio, OR it shouldn't have incremented it in the first place. -----Original Message----- From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of David Schwartz Sent: Saturday, April 18, 2009 10:04 PM To: openssl-users@openssl.org Subject: RE: tracking down memory leaks > Yeah, I think I tried that. > > But I got multiple free errors. Maybe I did it wrong. I'll try what > you suggest. What I remember was that it was wrong to delete the SSL > session (implicitly deleting the equivalent of io_bio in your > example), and then ap_bio. I didn't try deleting io_bio FIRST, then > the session, then the ap_bio. The BIO that's implicitly deleted when you free the SSL session is the bio that's the other side of the I/O bio pair. Neither the I/O BIO (the one you exchange encrypted data with) nor the SSL BIO (the one you exchange application data with) are implicitly deleted. (I'm assuming you're using BIO pairs.) Basically, this is how I do it: ssl_session=SSL_new(ssl_context); BIO_new_bio_pair(&bio, 0, &io_bio, 0); ap_bio=BIO_new(BIO_f_ssl()); SSL_set_[accept|connect]_state(ssl_session); SSL_set_bio(ssl_session, bio, bio); BIO_set_ssl(ap_bio, ssl_session, BIO_NOCLOSE); And then I tear it down as I showed. I exchange encrypted data with the io_bio and exchange application data with the ap_bio. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
