In OpenSSL-1.0.1f, in 'ssl3_send_server_key_exchange' function, when all the below conditions are true, there is a potential memory leak.
1) 'type & SSL_kEECDH' is true, (ie the key exchange is ephemeral ecdh) 2) 'ecdhp == NULL' && 's->cert->ecdh_tmp_cb != NULL' 3) 's->cert->ecdh_tmp_cb' mallocs a new 'EC_KEY' and returns the allocated pointer. This allocated 'EC_KEY', 'ecdhp' is later copied to 'ecdh' using 'EC_KEY_dup'. But 'ecdhp' is not freed in the function. I would think that the call back functions would allocate a new EC_KEY, atleast sometimes if not everytime. And whenever the allocation is done, that memory is leaked. Thanks Varma