[Bug 1842383] Re: openssl 1.1.1 memory overuse/leak
Sergey
psvmcc at gmail.com
Mon Sep 16 13:18:42 UTC 2019
** Attachment added: "1.1.1"
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1842383/+attachment/5289014/+files/1.1.1.png
** Description changed:
- Hi,
+ [Impact]
- DISTRIB_ID=Ubuntu
- DISTRIB_RELEASE=18.04
- DISTRIB_CODENAME=bionic
- DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS"
+ At some point in the past do_ssl3_write() used to return the number of
+ bytes written, or a value <= 0 on error.
- With dynamic linking libssl1.1 in nginx we see a lot memory use compared
- to libssl1.0.
+ With libssl1.11 it now just returns a success/
+ error code and writes the number of bytes written to |tmpwrit|.
+
+ The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code
+ for the number of bytes written rather than |tmpwrit|. This has the effect
+ that the buffers are not released when they are supposed to be.
+
+ Thus such software as nginx currenty use significantly more memory
+ compared to libssl1.0.
+
+ [Test Case]
+
+ Use 'top' to measure the memory usage by nginx with ssl configured.
+
+ Example:
No memory overuse:
- ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries
+ ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries
+ https://launchpadlibrarian.net/442818951/1.1.0g.png
2,5x memory overuse:
- ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.4 amd64 Secure Sockets Layer toolkit - shared libraries
+ ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.4 amd64 Secure Sockets Layer toolkit - shared libraries
+ https://launchpadlibrarian.net/442819146/1.1.1.png
- After some investigation from nginx team, they build nginx with static
- linking openssl with this patch, and this solved memory overuse issue
- https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f2bb79a
+ [Regression Potential]
- Can you please fix and rebuild openssl with this patch?
+ Low. This particular fix is tiny
+ (https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f2bb79a) and has
+ been released and used in a couple of upstream openssl versions already
+ without issue.
- Thanks!
+ [Other Info]
+
+ The fix has been tested by nginx team and it solved the memory overuse issue.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1842383
Title:
openssl 1.1.1 memory overuse/leak
Status in openssl package in Ubuntu:
New
Bug description:
[Impact]
At some point in the past do_ssl3_write() used to return the number of
bytes written, or a value <= 0 on error.
With libssl1.11 it now just returns a success/
error code and writes the number of bytes written to |tmpwrit|.
The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code
for the number of bytes written rather than |tmpwrit|. This has the effect
that the buffers are not released when they are supposed to be.
Thus such software as nginx currenty use significantly more memory
compared to libssl1.0.
[Test Case]
Use 'top' to measure the memory usage by nginx with ssl configured.
Example:
No memory overuse:
ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries
https://launchpadlibrarian.net/442818951/1.1.0g.png
2,5x memory overuse:
ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.4 amd64 Secure Sockets Layer toolkit - shared libraries
https://launchpadlibrarian.net/442819146/1.1.1.png
[Regression Potential]
Low. This particular fix is tiny
(https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f2bb79a) and
has been released and used in a couple of upstream openssl versions
already without issue.
[Other Info]
The fix has been tested by nginx team and it solved the memory overuse issue.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1842383/+subscriptions
More information about the foundations-bugs
mailing list