On Tue, Aug 21, 2001 at 01:27:27PM -0700, Patrick Li wrote:
I used purify as I figured out it may give me some directions on why my SSL
client program is failing randomly. As purify reported 3 places there are
reading from memory leaks.
1. SHA1_Update: I ignored this one as it is generating random bytes.
Check out openssl/crypto/md_rand.c. You will find that there is some
#ifdef PURIFY section to make PURIFY shut up. Seems this is no issue.
2. asn1_Finish: called indirectly from ssl_verify_cert_chain()
Hmm...
3. BN_from_montgomery: This one is called by RSA_public_decrypt and
RSA_public_encrypt. I was using openssl 0.9.6 release and I found out that
in subsequent releases, the following bug is fixed
*) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
obtain lock CRYPTO_LOCK_RSA before setting rsa-_method_mod_{n,p,q}.
(RSA objects have a reference count access to which is protected
by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
so they are meant to be shared between threads.)
[Bodo Moeller, Geoff Thorpe; original patch submitted by
Reddie, Steven [EMAIL PROTECTED]]
I recompiled my client again under 0.9.6.b and I don't see my SSL client
crashed when PURIFY reported BN_from_montgomery reading from unitialized
memory. I have test program for my SSL client and it is spawning 10 threads
and from each thread, it is doing send/connect to the SSL server. That's
explains why my SSL client is failing at random. At least, I hope that is
the cause of my problem.
BUT my SSL client program still fails randomly with purify reporting
asn1_Finish is reading uninitialized memory.
I checked the changes list of openssl and found the followings
+) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
ASN1_ITEM and no wrapper functions.
[Steve Henson]
This fix is going to be released in opessl 0.9.7. I am wondering if this is
the bug that I am hitting.
Steve rewrote large parts of the ASN.1 code. It may help you or not.
I don't think waiting for it is the way to go.
There are some portions with #ifdef PURIFY around it, so I would think
that PURIFY gives you hints, but they may be false.
I never dealt with threading, so I don't think I can help you with special
problems caused by threading.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]