Arm Mbed and Pelion Device Management support forum

Mbedtls_ssl_handshake memory leak

Hello MbedTLS team,

I ran into a memory leak when I ran SSL client1 example.
I would appreciate letting me know any clues to solve this problem.

[Environment]
Nucleo-F429 (STM32F429ZIT)
HAL driver version: 1.25.0
MBEDTLS version: 2.16.2
STM32CubeMx 5.6.1
STM32CubeIDE 1.3.1

[Problem]
“mbedtls_ssl_handshake” function works properly but I saw memory leak.

  1. I ran SSL client1 example
  2. added an infinite loop for connecting to the www.google.com and receiving data
  3. worked properly but each loop available heap size is reduced.
  4. specially when “mbedtls_ssl_handshake” is called like below

/*
* 4. Handshake
*/
mbedtls_printf(“Free Heap: %d\n\n”, xPortGetFreeHeapSize());
mbedtls_printf(" . Performing the SSL/TLS handshake…");
fflush( stdout);

while((ret = mbedtls_ssl_handshake(&ssl)) != 0)
{
  if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
  {
    mbedtls_printf(" failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
    goto exit;
  }
}
mbedtls_printf(" ok\n");
mbedtls_printf("Free Heap: %d\n\n", xPortGetFreeHeapSize());

[Log]
. Seeding the random number generator… ok
. Loading the CA root certificate … ok (0 skipped)
DHCP/Static IP O.K.
. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 33616

. Performing the SSL/TLS handshake… ok
Free Heap: 27624

. Verifying peer X.509 certificate… ok

Write to server: 18 bytes written

< Read from server: 884 bytes read

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4344: ssl_get_next_record() returned -29312 (-0x7280)

EOF

. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 24776

. Performing the SSL/TLS handshake… ok
Free Heap: 19312

. Verifying peer X.509 certificate… ok

Write to server: 18 bytes written

< Read from server: 884 bytes read

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4344: ssl_get_next_record() returned -29312 (-0x7280)

EOF

. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 16472

. Performing the SSL/TLS handshake… ok
Free Heap: 11008

. Verifying peer X.509 certificate… ok

Write to server: 18 bytes written

< Read from server: 884 bytes read

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4344: ssl_get_next_record() returned -29312 (-0x7280)

EOF

. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 8168

. Performing the SSL/TLS handshake…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:5757: x509_verify_cert() returned -9984 (-0x2700)
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2651: mbedtls_pk_verify() returned -17040 (-0x4290)
failed
! mbedtls_ssl_handshake returned -0x4290

Hi @eziya
As mentioned in this post, Mbed TLS is now maintained under open governance at TrustedFirmware.org

It is advised you post your question in their mailing list.
Regards,
Mbed Support
Ron