Comments (4)
My bad, really thanks, god bless you and wish you code with no bugs for the rest of life ^_^
from mbedtls.
mbedtls_mpi_exp_mod
does not free RR
because it's an output.
For the call stack you give, this output is cached in the RSA context and should be freed when you call mbedtls_rsa_free
.
Can you please share a complete program that reproduces the memory leak?
from mbedtls.
Here's the problem:
mbedtls_rsa_context ctx_rsa = *((mbedtls_rsa_context *)(ctxPk.pk_ctx));
Here you're making a shallow copy of the mbedtls_rsa_context
structure that's in ctxPk
. At the end of your program, you call mbedtls_pk_free
, which frees the RSA context in the PK context, but doesn't free the parts of the RSA context in the shallow copy.
The actual key material is in mbedtls_mpi
objects for which there is a pointer in the shallow copy and a pointer in the PK context. Those are freed by the call to mbedtls_pk_free
. After that call, the shallow copy has dangling pointers. The RR
value that is cached in the context is only stored in the shallow copy, and that is never freed.
The fix is to not make a shallow copy. Mbed TLS does not support shallow copies of structures. Instead, directly access the RSA context that's in the PK context. Also, please use the API function instead of accessing fields in an unsafe way.
mbedtls_rsa_context *ctx_rsa = mbedtls_pk_rsa(*ctxPk);
from mbedtls.
I am closing this issue because it's an API misuse, not a bug in the library.
from mbedtls.
Related Issues (20)
- MbedTLS code style inconsistencies
- Build library failed for server mode only: missing-prototypes for mbedtls_ssl_conf_has_static_psk HOT 1
- Function to calculate certificate fingerprint HOT 1
- Build fails with unset MBEDTLS_DHM_C but MBEDTLS_USE_PSA_CRYPTO set HOT 1
- component_test_full_no_bignum doesn't actually disable bignum HOT 3
- Move crypto C modules and includes into a tf-psa-crypto directory
- Factor intermediate file generation boilerplate in makefiles
- Factor intermediate file generation boilerplate in CMakeLists.txt
- Configuration test coverage search tool
- Improve configuration coverage for asymmetric mechanisms HOT 2
- Consider removing static ECDH cipher suites
- Consider removing CBC cipher suites HOT 1
- Some compat.sh test cases failing on config-suite-b
- compat.sh doesn't run TLS 1.2 CCM tests against OpenSSL
- CIPHER_C not enabled when PSA CMAC is required as builtin, but no other unauthenticated cipher is
- 3.6.0 fails in curl CI where 3.5.2 works HOT 10
- The PSA key store is too small for high-end platforms HOT 3
- Breakage due to enabling TLS 1.3 by default in 3.6.0 HOT 1
- Use poll instead of select
- Performance regression in mbedtls_mpi_exp_mod() (v3.6.0) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mbedtls.