Mbedtls_ssl_handshake memory leak

eziya · May 5, 2020, 1:55pm

Hello MbedTLS team,

I ran into a memory leak when I ran SSL client1 example.
I would appreciate letting me know any clues to solve this problem.

[Environment]
Nucleo-F429 (STM32F429ZIT)
HAL driver version: 1.25.0
MBEDTLS version: 2.16.2
STM32CubeMx 5.6.1
STM32CubeIDE 1.3.1

[Problem]
“mbedtls_ssl_handshake” function works properly but I saw memory leak.

I ran SSL client1 example
added an infinite loop for connecting to the www.google.com and receiving data
worked properly but each loop available heap size is reduced.
specially when “mbedtls_ssl_handshake” is called like below

/*
* 4. Handshake
*/
mbedtls_printf(“Free Heap: %d\n\n”, xPortGetFreeHeapSize());
mbedtls_printf(" . Performing the SSL/TLS handshake…");
fflush( stdout);
while((ret = mbedtls_ssl_handshake(&ssl)) != 0)
{
  if(ret != MBEDTLS_ERR_SSL_WANT_READ && ret != MBEDTLS_ERR_SSL_WANT_WRITE)
  {
    mbedtls_printf(" failed\n  ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret);
    goto exit;
  }
}
mbedtls_printf(" ok\n");
mbedtls_printf("Free Heap: %d\n\n", xPortGetFreeHeapSize());

[Log]
. Seeding the random number generator… ok
. Loading the CA root certificate … ok (0 skipped)
DHCP/Static IP O.K.
. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 33616

. Performing the SSL/TLS handshake… ok
Free Heap: 27624

. Verifying peer X.509 certificate… ok

Write to server: 18 bytes written

< Read from server: 884 bytes read

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4344: ssl_get_next_record() returned -29312 (-0x7280)

EOF

. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 24776

. Performing the SSL/TLS handshake… ok
Free Heap: 19312

. Verifying peer X.509 certificate… ok

Write to server: 18 bytes written

< Read from server: 884 bytes read

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4344: ssl_get_next_record() returned -29312 (-0x7280)

EOF

. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 16472

. Performing the SSL/TLS handshake… ok
Free Heap: 11008

. Verifying peer X.509 certificate… ok

Write to server: 18 bytes written

< Read from server: 884 bytes read

…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4973: mbedtls_ssl_fetch_input() returned -29312 (-0x7280)
…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:4344: ssl_get_next_record() returned -29312 (-0x7280)

EOF

. Connecting to tcp/www.google.com/443… ok
. Setting up the SSL/TLS structure… ok
Free Heap: 8168

. Performing the SSL/TLS handshake…/Middlewares/Third_Party/mbedTLS/library/ssl_tls.c:5757: x509_verify_cert() returned -9984 (-0x2700)
…/Middlewares/Third_Party/mbedTLS/library/ssl_cli.c:2651: mbedtls_pk_verify() returned -17040 (-0x4290)
failed
! mbedtls_ssl_handshake returned -0x4290

roneld01 · May 5, 2020, 2:17pm

Hi @eziya
As mentioned in this post, Mbed TLS is now maintained under open governance at TrustedFirmware.org

It is advised you post your question in their mailing list.
Regards,
Mbed Support
Ron

Topic		Replies	Views
Mbedtls_ssl_handshake gives 0x6180 error (failed to allocate memory) after 2 hours of operation Mbed TLS	1	656	December 2, 2019
Could memory leak or heap fragmentation be the issue? Crypto and SSL questions	0	578	July 29, 2021
Mbed TLS key failure Mbed TLS	25	3179	February 26, 2020
Mbedtls_ecp_check_pubkey leaks memory on first call Mbed TLS mbed_tls	0	438	January 17, 2022
Memory Leak and Hardfault at ecdh Handshake Mbed TLS	1	690	December 22, 2019

Mbedtls_ssl_handshake memory leak

Related Topics