Hi Subramanian.
Thank you for your report. Would it be possible to provide some further information on how the program is structured? Is the code snippet running in a single thread or a multithreaded application? How often is data transmitted (As to many invocations are we considering for an 8-hour window)? How is that while(1) loop interrupted? Which platform architecture is the program running at?
I have been trying to reproduce it by expanding the Valgrind test suite, as to repeat the logic included in the example for UINT_MAX iterations, without success.
Minos
________________________________ From: Subramanian Gopi Krishnan via mbed-tls mbed-tls@lists.trustedfirmware.org Sent: 16 March 2022 04:24 To: mbed-tls@lists.trustedfirmware.org mbed-tls@lists.trustedfirmware.org Subject: [mbed-tls] AES Memory Leak
Hi,
I have developed a program to send encrypted data continuously. The program is working fine for few hours. After 6 to 8 Hrs, I get returned
MBEDTLS_ERR_CIPHER_ALLOC_FAILED -0x6180
Do I need to free the gcm context for every time I send data? What would be the root cause.
#define AEAD_KEY_SIZE (32) /**< AEAD Key Size(in bytes). */
#define AEAD_IV_SIZE (12) /**< AEAD IV Size(in bytes). */
#define AEAD_AD_SIZE (16) /**< AEAD AAD Size(in bytes). */
#define AEAD_TAG_SIZE (16) /**< AEAD Tag Size(in bytes). */
#define AEAD_ID_SIZE (4) /**< AEAD Tag Size(in bytes). */
#define MAX_CIPHER_SIZE (2048)/**< AEAD Cipher/Plaintext Segent Size unoperation(in bytes). */
typedef struct
{
mbedtls_gcm_context CtxAead; /**< aes-gcm 3rd party library context */
uint8_t pu8Key[AEAD_KEY_SIZE]; /**< Key - Randomly Generated */
uint8_t pu8InitVector[AEAD_IV_SIZE]; /**< Randomly Generated */
uint8_t pu8AddData[AEAD_AD_SIZE]; /**< Additional Associated Data - md5sum() */
uint8_t pu8Tag[AEAD_TAG_SIZE]; /**< Hold Digest/Tag of encryped data */
uint8_t pu8Id[AEAD_ID_SIZE]; /**< KeyID is generated */
uint8_t pu8Data[MAX_CIPHER_SIZE]; /**< Buffer to hold plain-text after decipher */
uint8_t pu8Cipher[MAX_CIPHER_SIZE]; /**< Buffer to hold cipher-text after cipher */
uint16_t u16Length; /**< Current length of buffer to encrypt/decrypt */
}S_Aead;
int32_t i32Aead_EncryptionCycle(S_Aead *ctx ,uint8_t *pu8AddData, uint16_t u16Length )
{
int32_t i32Ret = 0;
if(NULL == ctx)
{
return (NULL_AEAD_CTX);
}
/* Initilaze GCM Context
**/
mbedtls_gcm_init ( &(ctx->CtxAead) );
/*SETTING ADDITIONAL DATA as MD5 of incoming data
**/
if( AEAD_AD_SIZE < u16Length )
{
return (ERROR_INPUT_BUFFER_TOO_LONG);
}
memset( ctx->pu8AddData, 0x00, AEAD_AD_SIZE );
i32Ret = mbedtls_md5_ret(pu8AddData,
u16Length,
ctx->pu8AddData);
if (i32Ret)
{
return (i32Ret);
}
/* symetric key for testing */
memset( ctx->pu8Key, 0xAB, AEAD_KEY_SIZE )
/* Setting the key */
if( i32Ret = mbedtls_gcm_setkey ( &(ctx->CtxAead),
MBEDTLS_CIPHER_ID_AES,
ctx->pu8Key,
AEAD_KEY_SIZE*OCTETS ) )
{
return (i32Ret);
}
while(1)
{
/* OS Wait for 1000ms for data to get ready */
if( OS_WaitSingleEventTimed( TX_DATA_BUFFER_READY, WAIT_1000MS ) )
{
if( ctx->u16Length == 0 )
{
/* No data ready for sending (or) timed-out */;
continue;
}
/* New Initial Vector */
if( i32Ret = i32NewRandomByte( ctx->pu8InitVector, AEAD_IV_SIZE,
"AEAD_NEW_IV_GENERATION" ) )
{
return(i32Ret);
}
ctx->u16Length = u16Length;
if( i32Ret = mbedtls_gcm_crypt_and_tag( &(ctx->CtxAead), MBEDTLS_GCM_ENCRYPT,
ctx->u16Length,
ctx->pu8InitVector, AEAD_IV_SIZE,
ctx->pu8AddData, AEAD_AD_SIZE,
ctx->pu8Data, ctx->pu8Cipher,
AEAD_TAG_SIZE, ctx->pu8Tag))
{
return(i32Ret);
}
if( ctx->u16Length == send_data(ctx->pu8Cipher, ctx->u16Length) )
{
/* tx success*/
memset( ctx->pu8Data, 0x00, ctx->u16Length );
memset( ctx->pu8Cipher, 0x00, ctx->u16Length );
ctx->u16Length = 0;
}
}
}
/* Free GCM Context */
mbedtls_gcm_free( &(ctx->CtxAead) );
/* Reset context memory */
memset(ctx, 0, sizeof(S_Aead));
}
mbed-tls@lists.trustedfirmware.org
-
Minos Galanakis