Hi Subramanian.

Thank you for your report. Would it be possible to provide some further information on how the program is structured? Is the code snippet running in a single thread or a multithreaded application? How often is data transmitted (As to many invocations are we considering for an 8-hour window)? How is that while(1) loop interrupted? Which platform architecture is the program running at?

I have been trying to reproduce it by expanding the Valgrind test suite, as to repeat the logic included in the example for UINT_MAX iterations, without success.

Minos



From: Subramanian Gopi Krishnan via mbed-tls <mbed-tls@lists.trustedfirmware.org>
Sent: 16 March 2022 04:24
To: mbed-tls@lists.trustedfirmware.org <mbed-tls@lists.trustedfirmware.org>
Subject: [mbed-tls] AES Memory Leak
 

Hi,

 

I have developed a program to send encrypted data continuously. The program is working fine for few hours. After 6 to 8 Hrs, I get returned

MBEDTLS_ERR_CIPHER_ALLOC_FAILED         -0x6180

 

Do I need to free the gcm context for every time  I send data? What would be the root cause.

 

#define AEAD_KEY_SIZE         (32)  /**< AEAD Key Size(in bytes). */

#define AEAD_IV_SIZE          (12)  /**< AEAD IV Size(in bytes). */

#define AEAD_AD_SIZE          (16)  /**< AEAD AAD Size(in bytes). */

#define AEAD_TAG_SIZE         (16)  /**< AEAD Tag Size(in bytes). */

#define AEAD_ID_SIZE          (4)   /**< AEAD Tag Size(in bytes). */

#define MAX_CIPHER_SIZE       (2048)/**< AEAD Cipher/Plaintext Segent Size unoperation(in bytes). */

 

typedef struct

{

   mbedtls_gcm_context CtxAead;           /**< aes-gcm 3rd party library context */

   uint8_t pu8Key[AEAD_KEY_SIZE];         /**< Key - Randomly Generated */

   uint8_t pu8InitVector[AEAD_IV_SIZE];   /**< Randomly Generated */

   uint8_t pu8AddData[AEAD_AD_SIZE];      /**< Additional Associated Data - md5sum() */

   uint8_t pu8Tag[AEAD_TAG_SIZE];         /**< Hold Digest/Tag of encryped data */

   uint8_t pu8Id[AEAD_ID_SIZE];           /**< KeyID is generated */

   uint8_t pu8Data[MAX_CIPHER_SIZE];      /**< Buffer to hold plain-text after decipher */

   uint8_t pu8Cipher[MAX_CIPHER_SIZE];    /**< Buffer to hold cipher-text after cipher */

   uint16_t u16Length;                    /**< Current length of buffer to encrypt/decrypt */

}S_Aead;

 

int32_t i32Aead_EncryptionCycle(S_Aead *ctx ,uint8_t *pu8AddData, uint16_t u16Length )

{

   int32_t i32Ret = 0;

 

   if(NULL == ctx)

   {

      return (NULL_AEAD_CTX);

   }

  

   /*  Initilaze GCM Context

   **/

   mbedtls_gcm_init ( &(ctx->CtxAead) );

 

   /*SETTING ADDITIONAL DATA as MD5 of incoming data

   **/

   if( AEAD_AD_SIZE < u16Length )

   {

      return (ERROR_INPUT_BUFFER_TOO_LONG);

   }

   memset( ctx->pu8AddData, 0x00, AEAD_AD_SIZE );

   i32Ret = mbedtls_md5_ret(pu8AddData,

                            u16Length,

                            ctx->pu8AddData);

   if (i32Ret)

   {

      return (i32Ret);

 

   }

 

   /* symetric key for testing */

   memset( ctx->pu8Key, 0xAB, AEAD_KEY_SIZE )

  

   /* Setting the key */

   if( i32Ret = mbedtls_gcm_setkey ( &(ctx->CtxAead),

                                     MBEDTLS_CIPHER_ID_AES,

                                     ctx->pu8Key,

                                     AEAD_KEY_SIZE*OCTETS ) )

   {

      return (i32Ret);

   }

 

   while(1)

   {

      /* OS Wait for 1000ms for data to get ready */

      if( OS_WaitSingleEventTimed( TX_DATA_BUFFER_READY, WAIT_1000MS ) )

      {

         if( ctx->u16Length == 0 )

         {

            /* No data ready for sending (or) timed-out */;

            continue;

         }

         /* New Initial Vector */

         if( i32Ret = i32NewRandomByte( ctx->pu8InitVector, AEAD_IV_SIZE,

                                        "AEAD_NEW_IV_GENERATION" ) )

         {

            return(i32Ret);

         }

 

         ctx->u16Length = u16Length;

         if( i32Ret = mbedtls_gcm_crypt_and_tag( &(ctx->CtxAead), MBEDTLS_GCM_ENCRYPT,

                                                 ctx->u16Length,

                                                 ctx->pu8InitVector, AEAD_IV_SIZE,

                                                 ctx->pu8AddData, AEAD_AD_SIZE,

                                                 ctx->pu8Data, ctx->pu8Cipher,

                                                 AEAD_TAG_SIZE,  ctx->pu8Tag))

         {

            return(i32Ret);

         }

         if( ctx->u16Length == send_data(ctx->pu8Cipher, ctx->u16Length) )

         {

            /* tx success*/

            memset( ctx->pu8Data, 0x00, ctx->u16Length );

            memset( ctx->pu8Cipher, 0x00, ctx->u16Length );

            ctx->u16Length = 0;

         }

      }

   }

 

   /* Free GCM Context */

   mbedtls_gcm_free( &(ctx->CtxAead) );

  

   /* Reset context memory */

   memset(ctx, 0, sizeof(S_Aead));

}