OpenSSL 函数 EVP_PKEY_keygen 中的内存泄漏 [英] Memory leak in OpenSSL function EVP_PKEY_keygen

问题描述

我只是尝试使用以下方法生成 RSA 密钥:

I just tried to generate a RSA key using:

#include <openssl/evp.h>
#include <openssl/rsa.h>

int main(void) {
  OpenSSL_add_all_algorithms();

  EVP_PKEY_CTX *ctx;
  EVP_PKEY *pkey = NULL;

  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx) {
      // error
  }

  if (EVP_PKEY_keygen_init(ctx) <= 0) {
      // error
  }

  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
      // error
  }

  if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { // this call seems to leak
      // error
  }

  EVP_PKEY_free(pkey);
  EVP_PKEY_CTX_free(ctx);

  EVP_cleanup();
  return 0;
}

到目前为止，我认为我没有做错任何事情.Valgrind 抱怨退出时正在使用:6 个块中有 416 个字节".一开始我想，我忘记了一些可以释放的东西，后来我尝试了

So far, I don't think that I'm doing anything wrong. Valgrind complains "in use at exit: 416 bytes in 6 blocks". First I thought, I forgot something to free, afterwards I tried

valgrind openssl genrsa 1024

valgrind openssl genrsa 1024

而且我还得到了退出时正在使用:6 个块中的 416 个字节".哼?！甚至 OpenSSL 的官方二进制泄漏?

And I also got "in use at exit: 416 bytes in 6 blocks". Hum?! Even OpenSSL's official binary leaks?

Openssl 的常见问题解答 说:

残酷"(线程不安全)应用程序全局清理函数:

"Brutal" (thread-unsafe) Application-global cleanup functions:

ERR_free_strings()、EVP_cleanup() 和 CRYPTO_cleanup_all_ex_data().

ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().

如果我执行 *CRYPTO_cleanup_all_ex_data()* 它不会泄漏.但根据 OpenSSL 文档，无论这意味着什么，它都是一种野蛮"的方法.没有关于此功能的进一步文档.

If I execute *CRYPTO_cleanup_all_ex_data()* it does not leak. But according to the OpenSSL documentation it is a "brutal" method, whatever that means. There is no further documentation on this function.

有什么办法可以正确清理吗?

Is there any way to clean it up properly?

我使用的是 OpenSSL 1.0.1f 2014 年 1 月 6 日

I'm using OpenSSL 1.0.1f 6 Jan 2014

推荐答案

OpenSSL 的 FAQ 解答了这个问题(感谢@opalenzuela):

The FAQ of OpenSSL answers the question (Thanks to @opalenzuela):

在大多数情况下，明显内存泄漏的原因是 OpenSSL应用程序启动时分配的内部表.自从这样的表不会随着时间的推移而变大，它们是无害的.

In most cases the cause of an apparent memory leak is an OpenSSL internal table that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless.

深入了解 OpenSSL 的源代码显示:

Having a deeper look into OpenSSL's source shows:

/* Release all "ex_data" state to prevent memory leaks. This can't be made
 * thread-safe without overhauling a lot of stuff, and shouldn't really be
 * called under potential race-conditions anyway (it's for program shutdown
 * after all). */
void CRYPTO_cleanup_all_ex_data(void)
    {
    IMPL_CHECK
    EX_IMPL(cleanup)();
    }

这篇关于OpenSSL 函数 EVP_PKEY_keygen 中的内存泄漏的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！