AES Memory Leak - mbed-tls

16 Mar 2022


      Hi,
I have developed a program to send encrypted data continuously. The program is working fine for few hours. After 6 to 8 Hrs, I get returned
MBEDTLS_ERR_CIPHER_ALLOC_FAILED         -0x6180
Do I need to free the gcm context for every time  I send data? What would be the root cause.
#define AEAD_KEY_SIZE         (32)  /**< AEAD Key Size(in bytes). */
#define AEAD_IV_SIZE          (12)  /**< AEAD IV Size(in bytes). */
#define AEAD_AD_SIZE          (16)  /**< AEAD AAD Size(in bytes). */
#define AEAD_TAG_SIZE         (16)  /**< AEAD Tag Size(in bytes). */
#define AEAD_ID_SIZE          (4)   /**< AEAD Tag Size(in bytes). */
#define MAX_CIPHER_SIZE       (2048)/**< AEAD Cipher/Plaintext Segent Size unoperation(in bytes). */
typedef struct
{
   mbedtls_gcm_context CtxAead;           /**< aes-gcm 3rd party library context */
   uint8_t pu8Key[AEAD_KEY_SIZE];         /**< Key - Randomly Generated */
   uint8_t pu8InitVector[AEAD_IV_SIZE];   /**< Randomly Generated */
   uint8_t pu8AddData[AEAD_AD_SIZE];      /**< Additional Associated Data - md5sum() */
   uint8_t pu8Tag[AEAD_TAG_SIZE];         /**< Hold Digest/Tag of encryped data */
   uint8_t pu8Id[AEAD_ID_SIZE];           /**< KeyID is generated */
   uint8_t pu8Data[MAX_CIPHER_SIZE];      /**< Buffer to hold plain-text after decipher */
   uint8_t pu8Cipher[MAX_CIPHER_SIZE];    /**< Buffer to hold cipher-text after cipher */
   uint16_t u16Length;                    /**< Current length of buffer to encrypt/decrypt */
}S_Aead;
int32_t i32Aead_EncryptionCycle(S_Aead *ctx ,uint8_t *pu8AddData, uint16_t u16Length )
{
   int32_t i32Ret = 0;
if(NULL == ctx)
   {
      return (NULL_AEAD_CTX);
   }
/*  Initilaze GCM Context
   **/
   mbedtls_gcm_init ( &(ctx->CtxAead) );
/*SETTING ADDITIONAL DATA as MD5 of incoming data
   **/
   if( AEAD_AD_SIZE < u16Length )
   {
      return (ERROR_INPUT_BUFFER_TOO_LONG);
   }
   memset( ctx->pu8AddData, 0x00, AEAD_AD_SIZE );
   i32Ret = mbedtls_md5_ret(pu8AddData,
                            u16Length,
                            ctx->pu8AddData);
   if (i32Ret)
   {
      return (i32Ret);
}
/* symetric key for testing */
   memset( ctx->pu8Key, 0xAB, AEAD_KEY_SIZE )
/* Setting the key */
   if( i32Ret = mbedtls_gcm_setkey ( &(ctx->CtxAead),
                                     MBEDTLS_CIPHER_ID_AES,
                                     ctx->pu8Key,
                                     AEAD_KEY_SIZE*OCTETS ) )
   {
      return (i32Ret);
   }
while(1)
   {
      /* OS Wait for 1000ms for data to get ready */
      if( OS_WaitSingleEventTimed( TX_DATA_BUFFER_READY, WAIT_1000MS ) )
      {
         if( ctx->u16Length == 0 )
         {
            /* No data ready for sending (or) timed-out */;
            continue;
         }
         /* New Initial Vector */
         if( i32Ret = i32NewRandomByte( ctx->pu8InitVector, AEAD_IV_SIZE,
                                        "AEAD_NEW_IV_GENERATION" ) )
         {
            return(i32Ret);
         }
ctx->u16Length = u16Length;
         if( i32Ret = mbedtls_gcm_crypt_and_tag( &(ctx->CtxAead), MBEDTLS_GCM_ENCRYPT,
                                                 ctx->u16Length,
                                                 ctx->pu8InitVector, AEAD_IV_SIZE,
                                                 ctx->pu8AddData, AEAD_AD_SIZE,
                                                 ctx->pu8Data, ctx->pu8Cipher,
                                                 AEAD_TAG_SIZE,  ctx->pu8Tag))
         {
            return(i32Ret);
         }
         if( ctx->u16Length == send_data(ctx->pu8Cipher, ctx->u16Length) )
         {
            /* tx success*/
            memset( ctx->pu8Data, 0x00, ctx->u16Length );
            memset( ctx->pu8Cipher, 0x00, ctx->u16Length );
            ctx->u16Length = 0;
         }
      }
   }
/* Free GCM Context */
   mbedtls_gcm_free( &(ctx->CtxAead) );
/* Reset context memory */
   memset(ctx, 0, sizeof(S_Aead));
}