I just tried to generate a RSA key using:
#include <openssl/evp.h>
#include <openssl/rsa.h>
int main(void) {
OpenSSL_add_all_algorithms();
EVP_PKEY_CTX *ctx;
EVP_PKEY *pkey = NULL;
ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
if (!ctx) {
// error
}
if (EVP_PKEY_keygen_init(ctx) <= 0) {
// error
}
if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
// error
}
if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { // this call seems to leak
// error
}
EVP_PKEY_free(pkey);
EVP_PKEY_CTX_free(ctx);
EVP_cleanup();
return 0;
}
So far, I don't think that I'm doing anything wrong. Valgrind complains "in use at exit: 416 bytes in 6 blocks". First I thought, I forgot something to free, afterwards I tried
valgrind openssl genrsa 1024
And I also got "in use at exit: 416 bytes in 6 blocks". Hum?! Even OpenSSL's official binary leaks?
Openssl's FAQ tells:
"Brutal" (thread-unsafe) Application-global cleanup functions:
ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().
If I execute *CRYPTO_cleanup_all_ex_data()* it does not leak. But according to the OpenSSL documentation it is a "brutal" method, whatever that means. There is no further documentation on this function.
Is there any way to clean it up properly?
I'm using OpenSSL 1.0.1f 6 Jan 2014