-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Memory leak when PKCS11 is enabled in openssl.cnf #358
Comments
This is not clear if this is a libp11 problem or in OpenSSL problem with the config file.
If valgrind prints lines like:
|
Thanks Doug for the tip about valgrind ???. I also discovered that valgrind 3.14 supports "--keep-debuginfo=yes" for the same purpose.
|
What versions of libp11 and openssl are you using? These are the lines that look strange
This is during cleanup and and p11_pkey.c:518 is calling EVP_PKEY_meth_new. |
libp11 is latest from master |
Just to make sure, check the opensc.cnf file. The one you sent did not list lines line these (with your path):
It may have been picking up some older version. |
On my board, this what I have in my openssl.cnf file. It's definitely the right version of libp11. The line numbers from the trace perfectly match the source
It could be curl that is doing something funky. I have curl 7.66.0. |
Are /usr/lib/engines-1.1/pkcs11.so and /usr/lib/libcryptoauth.so are not present on my Xubuntu-18.04 In master is also 5aa56b4 that deals with freeing new method. |
The Yocto recipe installs it in /usr/lib/engines-1.1/pkcs11.so. |
Full steps to reproduce in Ubuntu 20.04
Build and install libp11
Optional: install debug symbols
Load engine
|
What I am seeing is a difference of valgrind versions. Your output shows version 3.15.0 which is on Ubuntu 20.04. Ubuntu 18.04 has 3.13.0. and does not show the leaks, and has:
If I add It shows the 4 libp11 entries for PKCS11_get_rsa_method, PKCS11_get_ec_key_method, pkcs11_pkey_method_rsa and pkcs11_pkey_method_ec and some dl_open lost blocks. but still shows:
So there is a problem. which looks like OpenSSL is trying to free the methods, but libp11 saved these in static pointers. libp11 may have allocated the methods a second time when the process is being shut down. |
"static *_METHOD *ops = NULL;" statements moved from inside functions to outside and opts renamed. Each now has a *_free routine. The *_free routines are called from ctx_destroy as engine is being destroyed. Fixes issue OpenSC#358 Please enter the commit message for your changes. Lines starting On branch p11-free-methods Changes to be committed: modified: src/eng_back.c modified: src/libp11.h modified: src/p11_ec.c modified: src/p11_pkey.c modified: src/p11_rsa.c
Give #359 a try. On Ubuntu 20.04 shows no errors with this command:
|
@vgottardi2 Do you use libp11 on an operating system that does not automatically release memory at application exit? |
Valgrind reports memory leaks when the PKCS11 engine is enabled in OpenSSL config. No particular module needs to be in use.
We noticed the leaks in our application using libcurl, however it's easy to reproduce with curl in Ubuntu.
No leaks without the PKCS11 engine configured in OpenSSL config
The text was updated successfully, but these errors were encountered: