Skip Menu |
 

This queue is for tickets about the Crypt-OpenSSL-EC CPAN distribution.

Report information
The Basics
Id: 121504
Status: open
Priority: 0/
Queue: Crypt-OpenSSL-EC

People
Owner: Nobody in particular
Requestors: oleg [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in: (no value)
Fixed in: (no value)



Subject: Memory leak in EC_POINT::point2hex()
Download (untitled) / with headers
text/plain 2.2k
I found that Crypt::OpenSSL::EC::EC_POINT::point2hex() produces memory leak. See this example: use strict; use Crypt::OpenSSL::EC; use Crypt::OpenSSL::Bignum; my $p = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000001000000000000000000000000ffffffffffffffffffffffff' ); my $a = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000001000000000000000000000000fffffffffffffffffffffffc' ); my $b = Crypt::OpenSSL::Bignum->new_from_hex( '5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b' ); my $x = Crypt::OpenSSL::Bignum->new_from_hex( '6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296' ); my $y = Crypt::OpenSSL::Bignum->new_from_hex( '4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5' ); my $n = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' ); my $h = Crypt::OpenSSL::Bignum->one; my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); my $method = Crypt::OpenSSL::EC::EC_GFp_mont_method(); my $group = Crypt::OpenSSL::EC::EC_GROUP::new($method); $group->set_curve_GFp( $p, $a, $b, $ctx ); my $G = Crypt::OpenSSL::EC::EC_POINT::new($group); Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp( $group, $G, $x, $y, $ctx ); $group->set_generator( $G, $n, $h ); die 'bad curve' unless Crypt::OpenSSL::EC::EC_GROUP::check( $group, $ctx ); warn "Starting: $$"; for (1..10_000_000) { my $p = Crypt::OpenSSL::EC::EC_POINT::new($group); my $r = Crypt::OpenSSL::EC::EC_POINT::point2hex($group, $p, POINT_CONVERSION_UNCOMPRESSED, $ctx); #my $r = Crypt::OpenSSL::EC::EC_POINT::point2oct($group, $p, POINT_CONVERSION_UNCOMPRESSED, $ctx); } warn "See my memory usage"; <>; Memory usage of this process grows without a stop until 10_000_000 iterations will be processed. At the end process eats about 300 mb of memory. If we'll use point2oct() instead, memory usage remains constant and is about 6 mb. I think the reason can be found at https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_point2hex.html: The function EC_POINT_point2hex() will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with a subsequent call to OPENSSL_free(). Other functions which returns char* may has same bug.
Subject: Re: [rt.cpan.org #121504] Memory leak in EC_POINT::point2hex()
Date: Wed, 3 May 2017 08:13:10 +0100
To: bug-Crypt-OpenSSL-EC [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Download (untitled) / with headers
text/plain 2.8k
Thanks for your report. It will be some weeks until I will be able to do anything about it. Cheers Sent from my iPhone Show quoted text
> On 3 May 2017, at 6:54 am, Oleg G via RT <bug-Crypt-OpenSSL-EC@rt.cpan.org> wrote: > > Wed May 03 01:54:49 2017: Request 121504 was acted upon. > Transaction: Ticket created by OLEG > Queue: Crypt-OpenSSL-EC > Subject: Memory leak in EC_POINT::point2hex() > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: oleg@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121504 > > > > I found that Crypt::OpenSSL::EC::EC_POINT::point2hex() produces memory leak. See this example: > > use strict; > use Crypt::OpenSSL::EC; > use Crypt::OpenSSL::Bignum; > > my $p = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000001000000000000000000000000ffffffffffffffffffffffff' ); > my $a = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000001000000000000000000000000fffffffffffffffffffffffc' ); > my $b = Crypt::OpenSSL::Bignum->new_from_hex( '5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b' ); > my $x = Crypt::OpenSSL::Bignum->new_from_hex( '6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296' ); > my $y = Crypt::OpenSSL::Bignum->new_from_hex( '4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5' ); > my $n = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' ); > my $h = Crypt::OpenSSL::Bignum->one; > > my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); > > my $method = Crypt::OpenSSL::EC::EC_GFp_mont_method(); > my $group = Crypt::OpenSSL::EC::EC_GROUP::new($method); > $group->set_curve_GFp( $p, $a, $b, $ctx ); > > my $G = Crypt::OpenSSL::EC::EC_POINT::new($group); > Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp( $group, $G, $x, $y, $ctx ); > $group->set_generator( $G, $n, $h ); > die 'bad curve' unless Crypt::OpenSSL::EC::EC_GROUP::check( $group, $ctx ); > > warn "Starting: $$"; > > for (1..10_000_000) { > my $p = Crypt::OpenSSL::EC::EC_POINT::new($group); > my $r = Crypt::OpenSSL::EC::EC_POINT::point2hex($group, $p, POINT_CONVERSION_UNCOMPRESSED, $ctx); > #my $r = Crypt::OpenSSL::EC::EC_POINT::point2oct($group, $p, POINT_CONVERSION_UNCOMPRESSED, $ctx); > } > > warn "See my memory usage"; > <>; > > Memory usage of this process grows without a stop until 10_000_000 iterations will be processed. At the end process eats about 300 mb of memory. > If we'll use point2oct() instead, memory usage remains constant and is about 6 mb. I think the reason can be found at https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_point2hex.html: > The function EC_POINT_point2hex() will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with a subsequent call to OPENSSL_free(). Other functions which returns char* may has same bug.
Subject: Re: [rt.cpan.org #121504] Memory leak in EC_POINT::point2hex()
Date: Thu, 01 Jun 2017 17:10:48 +1000
To: bug-Crypt-OpenSSL-EC [...] rt.cpan.org
From: Mike McCauley <mikem [...] airspayce.com>
Thanks. New version 1.2 has been uploaded to CPAN and which should fix this problem. Cheers. On Wednesday, 3 May 2017 1:54:50 AM AEST Oleg G via RT wrote: Show quoted text
> Wed May 03 01:54:49 2017: Request 121504 was acted upon. > Transaction: Ticket created by OLEG > Queue: Crypt-OpenSSL-EC > Subject: Memory leak in EC_POINT::point2hex() > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: oleg@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121504 > > > > I found that Crypt::OpenSSL::EC::EC_POINT::point2hex() produces memory leak. > See this example: > > use strict; > use Crypt::OpenSSL::EC; > use Crypt::OpenSSL::Bignum; > > my $p = Crypt::OpenSSL::Bignum->new_from_hex( > 'ffffffff00000001000000000000000000000000ffffffffffffffffffffffff' ); my $a > = Crypt::OpenSSL::Bignum->new_from_hex( > 'ffffffff00000001000000000000000000000000fffffffffffffffffffffffc' ); my $b > = Crypt::OpenSSL::Bignum->new_from_hex( > '5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b' ); my $x > = Crypt::OpenSSL::Bignum->new_from_hex( > '6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296' ); my $y > = Crypt::OpenSSL::Bignum->new_from_hex( > '4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5' ); my $n > = Crypt::OpenSSL::Bignum->new_from_hex( > 'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' ); my $h > = Crypt::OpenSSL::Bignum->one; > > my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); > > my $method = Crypt::OpenSSL::EC::EC_GFp_mont_method(); > my $group = Crypt::OpenSSL::EC::EC_GROUP::new($method); > $group->set_curve_GFp( $p, $a, $b, $ctx ); > > my $G = Crypt::OpenSSL::EC::EC_POINT::new($group); > Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp( $group, $G, $x, > $y, $ctx ); $group->set_generator( $G, $n, $h ); > die 'bad curve' unless Crypt::OpenSSL::EC::EC_GROUP::check( $group, $ctx ); > > warn "Starting: $$"; > > for (1..10_000_000) { > my $p = Crypt::OpenSSL::EC::EC_POINT::new($group); > my $r = Crypt::OpenSSL::EC::EC_POINT::point2hex($group, $p, > POINT_CONVERSION_UNCOMPRESSED, $ctx); #my $r = > Crypt::OpenSSL::EC::EC_POINT::point2oct($group, $p, > POINT_CONVERSION_UNCOMPRESSED, $ctx); } > > warn "See my memory usage"; > <>; > > Memory usage of this process grows without a stop until 10_000_000 > iterations will be processed. At the end process eats about 300 mb of > memory. If we'll use point2oct() instead, memory usage remains constant and > is about 6 mb. I think the reason can be found at > https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_point2hex.html: The > function EC_POINT_point2hex() will allocate sufficient memory to store the > hexadecimal string. It is the caller's responsibility to free this memory > with a subsequent call to OPENSSL_free(). Other functions which returns > char* may has same bug.
-- Mike McCauley VK4AMM mikem@airspayce.com Airspayce Pty Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.airspayce.com Phone +61 7 5598-7474


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.