From: e@...
Date: 2015-06-03T17:11:29+00:00
Subject: [ruby-core:69456] [Ruby trunk - Bug #9743] [Closed] memory leak in openssl ossl_pkey_verify leaks memory

Issue #9743 has been updated by Zachary Scott.

Status changed from Open to Closed

The failure has been fixed, so we can close this ticket.

----------------------------------------
Bug #9743: memory leak in openssl ossl_pkey_verify leaks memory
https://bugs.ruby-lang.org/issues/9743#change-52730

* Author: Joel Westerberg
* Status: Closed
* Priority: Normal
* Assignee: Zachary Scott
* ruby -v: 2.2.0
* Backport: 1.9.3: REQUIRED, 2.0.0: DONE, 2.1: DONE
----------------------------------------
repeated calls to `pub_key.verify(digest, signature, data)` leaks memory. 

from what I can gather from the openssl documentation, there seems to be a missing call to `EVP_MD_CTX_cleanup()`

FILE: ossl_pkey.c 

~~~C
326    EVP_VerifyUpdate(&ctx, RSTRING_PTR(data), RSTRING_LEN(data));
327    switch (EVP_VerifyFinal(&ctx, (unsigned char *)RSTRING_PTR(sig), RSTRING_LENINT(sig), pkey)) {
328    case 0:
~~~

from the openssl docs:

http://www.openssl.org/docs/crypto/EVP_VerifyInit.html

> The call to `EVP_VerifyFinal()` internally finalizes a copy of the digest context. This means that calls to `EVP_VerifyUpdate()` and `EVP_VerifyFinal()` can be called later to digest and verify additional data.
> Since only a copy of the digest context is ever finalized the context must be cleaned up after use by calling `EVP_MD_CTX_cleanup()` or a memory leak will occur.




-- 
https://bugs.ruby-lang.org/