Bug #121504 for Crypt-OpenSSL-EC: Memory leak in EC_POINT::point2hex()

> On 3 May 2017, at 6:54 am, Oleg G via RT <bug-Crypt-OpenSSL-EC@rt.cpan.org> wrote: > > Wed May 03 01:54:49 2017: Request 121504 was acted upon. > Transaction: Ticket created by OLEG > Queue: Crypt-OpenSSL-EC > Subject: Memory leak in EC_POINT::point2hex() > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: oleg@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121504 > > > > I found that Crypt::OpenSSL::EC::EC_POINT::point2hex() produces memory leak. See this example: > > use strict; > use Crypt::OpenSSL::EC; > use Crypt::OpenSSL::Bignum; > > my $p = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000001000000000000000000000000ffffffffffffffffffffffff' ); > my $a = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000001000000000000000000000000fffffffffffffffffffffffc' ); > my $b = Crypt::OpenSSL::Bignum->new_from_hex( '5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b' ); > my $x = Crypt::OpenSSL::Bignum->new_from_hex( '6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296' ); > my $y = Crypt::OpenSSL::Bignum->new_from_hex( '4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5' ); > my $n = Crypt::OpenSSL::Bignum->new_from_hex( 'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' ); > my $h = Crypt::OpenSSL::Bignum->one; > > my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); > > my $method = Crypt::OpenSSL::EC::EC_GFp_mont_method(); > my $group = Crypt::OpenSSL::EC::EC_GROUP::new($method); > $group->set_curve_GFp( $p, $a, $b, $ctx ); > > my $G = Crypt::OpenSSL::EC::EC_POINT::new($group); > Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp( $group, $G, $x, $y, $ctx ); > $group->set_generator( $G, $n, $h ); > die 'bad curve' unless Crypt::OpenSSL::EC::EC_GROUP::check( $group, $ctx ); > > warn "Starting: $$"; > > for (1..10_000_000) { > my $p = Crypt::OpenSSL::EC::EC_POINT::new($group); > my $r = Crypt::OpenSSL::EC::EC_POINT::point2hex($group, $p, POINT_CONVERSION_UNCOMPRESSED, $ctx); > #my $r = Crypt::OpenSSL::EC::EC_POINT::point2oct($group, $p, POINT_CONVERSION_UNCOMPRESSED, $ctx); > } > > warn "See my memory usage"; > <>; > > Memory usage of this process grows without a stop until 10_000_000 iterations will be processed. At the end process eats about 300 mb of memory. > If we'll use point2oct() instead, memory usage remains constant and is about 6 mb. I think the reason can be found at https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_point2hex.html: > The function EC_POINT_point2hex() will allocate sufficient memory to store the hexadecimal string. It is the caller's responsibility to free this memory with a subsequent call to OPENSSL_free(). Other functions which returns char* may has same bug.

> Wed May 03 01:54:49 2017: Request 121504 was acted upon. > Transaction: Ticket created by OLEG > Queue: Crypt-OpenSSL-EC > Subject: Memory leak in EC_POINT::point2hex() > Broken in: (no value) > Severity: (no value) > Owner: Nobody > Requestors: oleg@cpan.org > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=121504 > > > > I found that Crypt::OpenSSL::EC::EC_POINT::point2hex() produces memory leak. > See this example: > > use strict; > use Crypt::OpenSSL::EC; > use Crypt::OpenSSL::Bignum; > > my $p = Crypt::OpenSSL::Bignum->new_from_hex( > 'ffffffff00000001000000000000000000000000ffffffffffffffffffffffff' ); my $a > = Crypt::OpenSSL::Bignum->new_from_hex( > 'ffffffff00000001000000000000000000000000fffffffffffffffffffffffc' ); my $b > = Crypt::OpenSSL::Bignum->new_from_hex( > '5ac635d8aa3a93e7b3ebbd55769886bc651d06b0cc53b0f63bce3c3e27d2604b' ); my $x > = Crypt::OpenSSL::Bignum->new_from_hex( > '6b17d1f2e12c4247f8bce6e563a440f277037d812deb33a0f4a13945d898c296' ); my $y > = Crypt::OpenSSL::Bignum->new_from_hex( > '4fe342e2fe1a7f9b8ee7eb4a7c0f9e162bce33576b315ececbb6406837bf51f5' ); my $n > = Crypt::OpenSSL::Bignum->new_from_hex( > 'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' ); my $h > = Crypt::OpenSSL::Bignum->one; > > my $ctx = Crypt::OpenSSL::Bignum::CTX->new(); > > my $method = Crypt::OpenSSL::EC::EC_GFp_mont_method(); > my $group = Crypt::OpenSSL::EC::EC_GROUP::new($method); > $group->set_curve_GFp( $p, $a, $b, $ctx ); > > my $G = Crypt::OpenSSL::EC::EC_POINT::new($group); > Crypt::OpenSSL::EC::EC_POINT::set_affine_coordinates_GFp( $group, $G, $x, > $y, $ctx ); $group->set_generator( $G, $n, $h ); > die 'bad curve' unless Crypt::OpenSSL::EC::EC_GROUP::check( $group, $ctx ); > > warn "Starting: $$"; > > for (1..10_000_000) { > my $p = Crypt::OpenSSL::EC::EC_POINT::new($group); > my $r = Crypt::OpenSSL::EC::EC_POINT::point2hex($group, $p, > POINT_CONVERSION_UNCOMPRESSED, $ctx); #my $r = > Crypt::OpenSSL::EC::EC_POINT::point2oct($group, $p, > POINT_CONVERSION_UNCOMPRESSED, $ctx); } > > warn "See my memory usage"; > <>; > > Memory usage of this process grows without a stop until 10_000_000 > iterations will be processed. At the end process eats about 300 mb of > memory. If we'll use point2oct() instead, memory usage remains constant and > is about 6 mb. I think the reason can be found at > https://www.openssl.org/docs/man1.1.0/crypto/EC_POINT_point2hex.html: The > function EC_POINT_point2hex() will allocate sufficient memory to store the > hexadecimal string. It is the caller's responsibility to free this memory > with a subsequent call to OPENSSL_free(). Other functions which returns > char* may has same bug.