diff --git a/src/deps/src/lua-resty-openssl/.github/workflows/tests.yml b/src/deps/src/lua-resty-openssl/.github/workflows/tests.yml
index 31ee503f6..383bbbe63 100644
--- a/src/deps/src/lua-resty-openssl/.github/workflows/tests.yml
+++ b/src/deps/src/lua-resty-openssl/.github/workflows/tests.yml
@@ -209,7 +209,8 @@ jobs:
if: contains(matrix.extras, 'valgrind')
run: |
export LD_LIBRARY_PATH=$LUAJIT_LIB:$LD_LIBRARY_PATH
- export TEST_NGINX_VALGRIND='--num-callers=100 -q --tool=memcheck --leak-check=full --show-possibly-lost=no --gen-suppressions=all --suppressions=valgrind.suppress --track-origins=yes' TEST_NGINX_TIMEOUT=60 TEST_NGINX_SLEEP=1
+ export TEST_NGINX_USE_VALGRIND=1 TEST_NGINX_VALGRIND='--num-callers=100 -q --tool=memcheck --leak-check=full --show-possibly-lost=no --gen-suppressions=all --suppressions=valgrind.suppress --track-origins=yes' TEST_NGINX_TIMEOUT=60 TEST_NGINX_SLEEP=1
+ export TEST_NGINX_INIT_BY_LUA="debug.sethook(function () collectgarbage() end, 'l') jit.off()"
export PATH=$BASE_PATH/work/nginx/sbin:$PATH
stdbuf -o 0 -e 0 prove -j$JOBS -r t/ 2>&1 | grep -v "Connection refused" | grep -v "Retry connecting after" | tee output.log
if grep -q 'insert_a_suppression_name_here' output.log; then echo "Valgrind found problems"; exit 1; fi
diff --git a/src/deps/src/lua-resty-openssl/CHANGELOG.md b/src/deps/src/lua-resty-openssl/CHANGELOG.md
index 4e48fca12..db0f02710 100644
--- a/src/deps/src/lua-resty-openssl/CHANGELOG.md
+++ b/src/deps/src/lua-resty-openssl/CHANGELOG.md
@@ -2,6 +2,21 @@
## [Unreleased]
+
+## [1.5.0] - 2024-07-23
+### bug fixes
+- **asn1:** correct time_t to be 64 bits type ([#171](https://github.com/fffonion/lua-resty-openssl/issues/171)) [7d6d8b5](https://github.com/fffonion/lua-resty-openssl/commit/7d6d8b5d241374427da2231612e1e4552ff4cf1d)
+- **bn:** fix potential use-after-free in bn.new ([#177](https://github.com/fffonion/lua-resty-openssl/issues/177)) [224fae6](https://github.com/fffonion/lua-resty-openssl/commit/224fae68ca8716fbd97a2a94d194237aaa2eaa58)
+- **objects:** fix a buffer overflow issue in find_sigid_algs. ([#175](https://github.com/fffonion/lua-resty-openssl/issues/175)) [d94064c](https://github.com/fffonion/lua-resty-openssl/commit/d94064cc7754c744b325fcd2908bfce26915b76e)
+- **param:** fix issue when gettable schema may be overwritten by settable schema [7669555](https://github.com/fffonion/lua-resty-openssl/commit/766955521cee5c7ed6a7e64a1439e3ca38c2f958)
+- **param:** save converted value to prevent potential use-after-free [8c366c2](https://github.com/fffonion/lua-resty-openssl/commit/8c366c22c796b0b44bc49d4953084a09bcba4e6c)
+- **pkey:** fix potential use-after-free in pkey.paramgen ([#176](https://github.com/fffonion/lua-resty-openssl/issues/176)) [e924ee0](https://github.com/fffonion/lua-resty-openssl/commit/e924ee0454e1d95b63f62b660d6c0090bfeabb26)
+- **x509.\*:** fix potential use-after-free when get or set subject_alt_name, info_access and dist_points [407d31e](https://github.com/fffonion/lua-resty-openssl/commit/407d31ec31f2fe8cb968b1d7d140f717ef620290)
+- **x509.csr:** fix potential use-after-free in set_extension and add_extension [a0711de](https://github.com/fffonion/lua-resty-openssl/commit/a0711de99cf57e6d8fa62f03abba46e02360063d)
+- **x509.store:** fix potential use-after-free in store:verify and store:check_revocation [b16f759](https://github.com/fffonion/lua-resty-openssl/commit/b16f759c28ed9929d53516af34804d39f49661bf)
+- **x509.store:** fix the string is not NUL terminated in set_purpose ([#174](https://github.com/fffonion/lua-resty-openssl/issues/174)) [a88f1ba](https://github.com/fffonion/lua-resty-openssl/commit/a88f1ba30761e91cc1c2ec1dda3a82f8f4898422)
+
+
## [1.4.0] - 2024-05-27
### bug fixes
@@ -601,7 +616,8 @@
- **x509:** export pubkey [ede4f81](https://github.com/fffonion/lua-resty-openssl/commit/ede4f817cb0fe092ad6f9ab5d6ecdcde864a9fd8)
-[Unreleased]: https://github.com/fffonion/lua-resty-openssl/compare/1.4.0...HEAD
+[Unreleased]: https://github.com/fffonion/lua-resty-openssl/compare/1.5.0...HEAD
+[1.5.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.4.0...1.5.0
[1.4.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.3.1...1.4.0
[1.3.1]: https://github.com/fffonion/lua-resty-openssl/compare/1.3.0...1.3.1
[1.3.0]: https://github.com/fffonion/lua-resty-openssl/compare/1.2.1...1.3.0
diff --git a/src/deps/src/lua-resty-openssl/examples/raw-sign-and-recover.lua b/src/deps/src/lua-resty-openssl/examples/raw-sign-and-recover.lua
index 08dbe6543..589009408 100644
--- a/src/deps/src/lua-resty-openssl/examples/raw-sign-and-recover.lua
+++ b/src/deps/src/lua-resty-openssl/examples/raw-sign-and-recover.lua
@@ -1,5 +1,7 @@
local pkey = require("resty.openssl.pkey")
+-- sign_raw and verify_recover for RSA keys
+
local priv = assert(pkey.new())
local pub = assert(pkey.new(priv:to_PEM("public")))
@@ -17,6 +19,8 @@ local recovered = assert(pub:verify_recover(signed))
print("Recovered message: " .. recovered)
+-- sign_raw and verify_raw for non RSA keys
+
local priv = assert(pkey.new({
type = "EC",
}))
@@ -29,7 +33,5 @@ local signed = assert(priv:sign_raw(hashed))
print("Signed message: " .. ngx.encode_base64(signed))
--- same as nodejs: crypto.publicDecrypt
--- php: openssl_public_decrypt
local verified = assert(pub:verify_raw(signed, hashed, md_alg))
-print("Verification result: ", verified)
\ No newline at end of file
+print("Verification result: ", verified)
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl.lua
index f48c9c306..9078cfab7 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl.lua
@@ -24,7 +24,7 @@ try_require_modules()
local _M = {
- _VERSION = '1.4.0',
+ _VERSION = '1.5.0',
}
function _M.load_modules()
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/bn.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/bn.lua
index 4c66f1ae0..9f1e568a3 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/bn.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/bn.lua
@@ -57,6 +57,7 @@ local function set_bn(ctx, s, base)
if C.BN_set_word(ctx, s) ~= 1 then
return nil, format_error("set_bn")
end
+ return ctx
elseif type(s) == 'string' then
if not base or base == 10 then
return set_dec(ctx, s)
@@ -65,7 +66,7 @@ local function set_bn(ctx, s, base)
elseif base == 2 then
return set_binary(ctx, s)
elseif base == 0 then
- ctx = set_mpi(ctx, s)
+ return set_mpi(ctx, s)
else
return nil, "set_bn: unsupported base: " .. base
end
@@ -73,14 +74,18 @@ local function set_bn(ctx, s, base)
return nil, "set_bn: expect nil, a number or a string at #1"
end
- return ctx
+ -- fall through
+ return ctx
end
function _M.new(some, base)
local ctx = C.BN_new()
ffi_gc(ctx, C.BN_free)
- local ctx, err = set_bn(ctx, some, base)
+ -- local ctx, err = set_bn(ctx, some, base)
+ -- The above expression set ctx to a new cdata return by
+ -- set_bn, the origin cdata would be GC at any time.
+ local _, err = set_bn(ctx, some, base)
if err then
return nil, "bn.new: " .. err
end
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/include/asn1.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/include/asn1.lua
index a2e8f864c..9c3231e40 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/include/asn1.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/include/asn1.lua
@@ -18,7 +18,7 @@ ffi.cdef [[
ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
- typedef int time_t;
+ typedef long time_t;
ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/kdf.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/kdf.lua
index c6b3ac4d1..6d726a81d 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/kdf.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/kdf.lua
@@ -337,7 +337,7 @@ function _M:derive(outlen, options, options_count)
end
if self.buf_size and outlen then
- return nil, string.format("kdf:derive: this KDF has fixed output size %d, "..
+ return nil, string.format("kdf:derive: this KDF has fixed output size %d, "..
"it can't be set manually", self.buf_size)
end
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/objects.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/objects.lua
index bd02a3896..4c3d0527f 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/objects.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/objects.lua
@@ -57,7 +57,7 @@ local function txtnid2nid(txt_nid)
end
local function find_sigid_algs(nid)
- local out = ffi.new("int[0]")
+ local out = ffi.new("int[1]")
if C.OBJ_find_sigid_algs(nid, out, nil) == 0 then
return 0, "objects.find_sigid_algs: invalid sigid " .. nid
end
@@ -71,4 +71,4 @@ return {
txtnid2nid = txtnid2nid,
find_sigid_algs = find_sigid_algs,
create = C.OBJ_create,
-}
\ No newline at end of file
+}
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/param.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/param.lua
index add0fa0eb..8bfb67b2f 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/param.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/param.lua
@@ -20,17 +20,23 @@ local OSSL_PARAM_OCTET_PTR = 7
local alter_type_key = {}
local buf_param_key = {}
+local buf_anchor_key = {}
local function construct(buf_t, length, types_map, types_size)
if not length then
length = nkeys(buf_t)
end
+
local params = ffi_new("OSSL_PARAM[?]", length + 1)
local i = 0
- local buf_param
+ local buf_param, buf_anchored
for key, value in pairs(buf_t) do
+ if key == buf_anchor_key then
+ goto continue
+ end
+
local typ = types_map[key]
if not typ then
return nil, "param:construct: unknown key \"" .. key .. "\""
@@ -69,28 +75,38 @@ local function construct(buf_t, length, types_map, types_size)
ffi_new("unsigned int[1]")
param = C.OSSL_PARAM_construct_uint(key, buf)
elseif typ == OSSL_PARAM_UTF8_STRING then
- buf = value and ffi_cast("char *", value) or buf
+ buf = value ~= nil and ffi_cast("char *", value) or buf
param = C.OSSL_PARAM_construct_utf8_string(key, buf, value and #value or size)
elseif typ == OSSL_PARAM_OCTET_STRING then
- buf = value and ffi_cast("char *", value) or buf
+ buf = value ~= nil and ffi_cast("char *", value) or buf
param = C.OSSL_PARAM_construct_octet_string(key, ffi_cast("void*", buf),
value and #value or size)
- elseif typ == OSSL_PARAM_UTF8_PTR then
+ elseif typ == OSSL_PARAM_UTF8_PTR then -- out only
buf = ffi_new("char*[1]")
param = C.OSSL_PARAM_construct_utf8_ptr(key, buf, 0)
- elseif typ == OSSL_PARAM_OCTET_PTR then
+ elseif typ == OSSL_PARAM_OCTET_PTR then -- out only
buf = ffi_new("char*[1]")
param = C.OSSL_PARAM_construct_octet_ptr(key, ffi_cast("void**", buf), 0)
else
error("type " .. typ .. " is not yet implemented")
end
- if not value then -- out
+
+ if value == nil then -- out
buf_t[key] = buf
+ else -- in
+ -- save value as OSSL_PARAM_construct_* doesn't copy the value
+ buf_anchored = buf_anchored or {}
+ buf_anchored[key] = buf
end
+
params[i] = param
i = i + 1
+
+::continue::
end
+ buf_t[buf_anchor_key] = buf_anchored
+
buf_t[buf_param_key] = buf_param
params[length] = C.OSSL_PARAM_construct_end()
@@ -112,7 +128,8 @@ local function parse(buf_t, length, types_map, types_size)
if C.OSSL_PARAM_get_BN(param, bn_t) ~= 1 then
return nil, format_error("param:parse: OSSL_PARAM_get_BN")
end
- buf_t[key] = bn_lib.dup(bn_t[0])
+ buf_t[key] = assert(bn_lib.dup(bn_t[0]))
+ C.BN_free(bn_t[0])
elseif typ == OSSL_PARAM_INTEGER or
typ == OSSL_PARAM_UNSIGNED_INTEGER then
buf_t[key] = tonumber(buf[0])
@@ -228,7 +245,7 @@ local function get_params_func(typ, field)
local cf_set = C[typ .. "_set_params"]
local set = function(self, params)
if not param_maps_set[self[field]] then
- local ok, err = self:settable_params()
+ local ok, err = self:settable_params(true) -- only query raw schema to save memory
if not ok then
return false, typ_lower .. ":set_params: " .. err
end
@@ -249,8 +266,8 @@ local function get_params_func(typ, field)
local cf_gettable = C[typ .. "_gettable_params"]
local gettable = function(self, raw)
local k = self[field]
- if raw and param_maps_set[k] then
- return param_maps_set[k]
+ if raw and param_maps_get[k] then
+ return param_maps_get[k]
end
local param = cf_gettable(self.ctx)
@@ -261,7 +278,7 @@ local function get_params_func(typ, field)
end
local schema, schema_reabale = {}, raw and nil or {}
parse_params_schema(param, schema, schema_reabale)
- param_maps_set[k] = schema
+ param_maps_get[k] = schema
return raw and schema or schema_reabale
end
@@ -270,12 +287,12 @@ local function get_params_func(typ, field)
local get_buffer, get_size_map = {}, {}
local get = function(self, key, want_size, want_type)
if not param_maps_get[self[field]] then
- local ok, err = self:gettable_params()
+ local ok, err = self:gettable_params(true) -- only query raw schema to save memory
if not ok then
return false, typ_lower .. ":set_params: " .. err
end
end
- local schema = param_maps_set[self[field]]
+ local schema = param_maps_get[self[field]]
if schema == nil or not schema[key] then -- nil or null
return nil, typ_lower .. ":get_param: unknown key \"" .. key .. "\""
end
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/pkey.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/pkey.lua
index 80aca5bc9..27815e5b9 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/pkey.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/pkey.lua
@@ -1060,7 +1060,10 @@ function _M.paramgen(config)
return nil, format_error("pkey.paramgen: EVP_PKEY_get0_{key}")
end
- return bio_util.read_wrap(write_func, ctx)
+ -- since ctx is always a internal pointer inside of params (a EVP_PKEY*), thus avoid use tail call
+ -- here to avoid using `ctx` after `params` is GC collected.
+ local res, err = bio_util.read_wrap(write_func, ctx)
+ return res, err
end
return _M
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/altname.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/altname.lua
index 230c43b4c..9276d16b4 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/altname.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/altname.lua
@@ -121,7 +121,7 @@ function _M.dup(ctx)
end
return setmetatable({
- cast = ffi_cast("GENERAL_NAMES*", dup_ctx),
+ cast = ffi_cast(general_names_ptr_ct, dup_ctx),
ctx = dup_ctx,
-- don't let lua gc the original stack to keep its elements
_dupped_from = ctx,
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/csr.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/csr.lua
index 93263df0c..29cc7f701 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/csr.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/csr.lua
@@ -168,6 +168,15 @@ local function get_extension(ctx, nid_txt, last_pos)
return nil, nil, format_error("X509v3_get_ext")
end
+ -- the extension is not duplicated when returned by X509v3_get_ext
+ -- so we need to copy it
+ ctx = C.X509_EXTENSION_dup(ctx)
+ if ctx == nil then
+ return nil, nil, "X509_EXTENSION_dup() failed"
+ end
+
+ ffi_gc(ctx, C.X509_EXTENSION_free)
+
return ctx, ext_idx, nil
end
@@ -190,13 +199,14 @@ end
local function modify_extension(replace, ctx, nid, toset, crit)
local extensions_ptr = stack_ptr_type()
- extensions_ptr[0] = C.X509_REQ_get_extensions(ctx)
- local need_cleanup = extensions_ptr[0] ~= nil and
+ local extension = C.X509_REQ_get_extensions(ctx)
+ extensions_ptr[0] = extension
+ local need_cleanup = extension ~= nil and
-- extensions_ptr being nil is fine: it may just because there's no extension yet
-- https://github.com/openssl/openssl/commit/2039ac07b401932fa30a05ade80b3626e189d78a
-- introduces a change that a empty stack instead of NULL will be returned in no extension
-- is found. so we need to double check the number if it's not NULL.
- C.OPENSSL_sk_num(extensions_ptr[0]) > 0
+ C.OPENSSL_sk_num(extension) > 0
local flag
if replace then
@@ -208,12 +218,12 @@ local function modify_extension(replace, ctx, nid, toset, crit)
end
local code = C.X509V3_add1_i2d(extensions_ptr, nid, toset, crit and 1 or 0, flag)
- -- when the stack is newly allocated, we want to cleanup the newly created stack as well
- -- setting the gc handler here as it's mutated in X509V3_add1_i2d if it's pointing to NULL
- ffi_gc(extensions_ptr[0], x509_extensions_gc)
if code ~= 1 then
return false, format_error("X509V3_add1_i2d", code)
end
+ -- when the stack is newly allocated, we want to cleanup the newly created stack as well
+ -- setting the gc handler here as it's mutated in X509V3_add1_i2d if it's pointing to NULL
+ ffi_gc(extension, x509_extensions_gc)
if need_cleanup then
-- cleanup old attributes
@@ -224,7 +234,7 @@ local function modify_extension(replace, ctx, nid, toset, crit)
end
end
- code = C.X509_REQ_add_extensions(ctx, extensions_ptr[0])
+ code = C.X509_REQ_add_extensions(ctx, extension)
if code ~= 1 then
return false, format_error("X509_REQ_add_extensions", code)
end
@@ -250,7 +260,9 @@ function _M:add_extension(extension)
local nid = extension:get_object().nid
local toset = extension_lib.to_data(extension, nid)
- return add_extension(self.ctx, nid, toset.ctx, extension:get_critical())
+ -- avoid tail call return as `toset.ctx` may got GC'ed early
+ local ok, err = add_extension(self.ctx, nid, toset.ctx, extension:get_critical())
+ return ok, err
end
function _M:set_extension(extension)
@@ -260,7 +272,9 @@ function _M:set_extension(extension)
local nid = extension:get_object().nid
local toset = extension_lib.to_data(extension, nid)
- return replace_extension(self.ctx, nid, toset.ctx, extension:get_critical())
+ -- avoid tail call return as `toset.ctx` may got GC'ed early
+ local ok, err = replace_extension(self.ctx, nid, toset.ctx, extension:get_critical())
+ return ok, err
end
function _M:set_extension_critical(nid_txt, crit, last_pos)
@@ -277,7 +291,9 @@ function _M:set_extension_critical(nid_txt, crit, last_pos)
local toset = extension_lib.to_data({
ctx = extension
}, nid)
- return replace_extension(self.ctx, nid, toset.ctx, crit and 1 or 0)
+ -- avoid tail call return as `toset.ctx` may got GC'ed early
+ local ok, err = replace_extension(self.ctx, nid, toset.ctx, crit and 1 or 0)
+ return ok, err
end
function _M:get_extension_critical(nid_txt, last_pos)
@@ -430,8 +446,8 @@ function _M:get_subject_alt_name()
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("GENERAL_NAME"))
got = ffi_cast("GENERAL_NAMES*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("GENERAL_NAME"))
local lib = require("resty.openssl.x509.altname")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
@@ -444,7 +460,9 @@ function _M:set_subject_alt_name(toset)
return false, "x509.csr:set_subject_alt_name: expect a x509.altname instance at #1"
end
toset = toset.ctx
- return replace_extension(self.ctx, NID_subject_alt_name, toset)
+ -- avoid tail call return as `toset.ctx` may got GC'ed early
+ local ok, err = replace_extension(self.ctx, NID_subject_alt_name, toset)
+ return ok, err
end
-- AUTO GENERATED: EXTENSIONS
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension.lua
index f0bcd88e6..831112067 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension.lua
@@ -204,6 +204,7 @@ end
local NID_subject_alt_name = C.OBJ_sn2nid("subjectAltName")
assert(NID_subject_alt_name ~= 0)
+local sk_GENERAL_NAME_free = stack_lib.gc_of("GENERAL_NAME")
function _M.to_data(extension, nid)
if not _M.istype(extension) then
@@ -221,8 +222,8 @@ function _M.to_data(extension, nid)
-- Note: here we only free the stack itself not elements
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
- ffi_gc(void_ptr, stack_lib.gc_of("GENERAL_NAME"))
local got = ffi_cast("GENERAL_NAMES*", void_ptr)
+ ffi_gc(got, sk_GENERAL_NAME_free)
local lib = require("resty.openssl.x509.altname")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension/info_access.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension/info_access.lua
index dce97e97d..40f059c81 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension/info_access.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/extension/info_access.lua
@@ -66,7 +66,7 @@ function _M.dup(ctx)
return setmetatable({
ctx = dup_ctx,
- cast = ffi_cast("AUTHORITY_INFO_ACCESS*", dup_ctx),
+ cast = ffi_cast(authority_info_access_ptr_ct, dup_ctx),
-- don't let lua gc the original stack to keep its elements
_dupped_from = ctx,
_is_shallow_copy = true,
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/init.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/init.lua
index 77bebbce8..69ea31638 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/init.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/init.lua
@@ -688,8 +688,8 @@ function _M:get_subject_alt_name()
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("GENERAL_NAME"))
got = ffi_cast("GENERAL_NAMES*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("GENERAL_NAME"))
local lib = require("resty.openssl.x509.altname")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
@@ -742,8 +742,8 @@ function _M:get_issuer_alt_name()
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("GENERAL_NAME"))
got = ffi_cast("GENERAL_NAMES*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("GENERAL_NAME"))
local lib = require("resty.openssl.x509.altname")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
@@ -887,8 +887,8 @@ function _M:get_info_access()
-- since there seems no way to increase ref count for a ACCESS_DESCRIPTION
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("ACCESS_DESCRIPTION"))
got = ffi_cast("AUTHORITY_INFO_ACCESS*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("ACCESS_DESCRIPTION"))
local lib = require("resty.openssl.x509.extension.info_access")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
@@ -941,8 +941,8 @@ function _M:get_crl_distribution_points()
-- since there seems no way to increase ref count for a DIST_POINT
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("DIST_POINT"))
got = ffi_cast("OPENSSL_STACK*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("DIST_POINT"))
local lib = require("resty.openssl.x509.extension.dist_points")
-- the internal ptr is returned, ie we need to copy it
return lib.dup(got)
diff --git a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/store.lua b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/store.lua
index 6161a7418..2a6f05517 100644
--- a/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/store.lua
+++ b/src/deps/src/lua-resty-openssl/lib/resty/openssl/x509/store.lua
@@ -140,7 +140,7 @@ function _M:set_purpose(purpose)
return nil, "x509.store:set_purpose: expect a string at #1"
end
- local pchar = ffi.new("char[?]", #purpose, purpose)
+ local pchar = ffi.new("char[?]", #purpose + 1, purpose)
local idx = C.X509_PURPOSE_get_by_sname(pchar)
idx = tonumber(idx)
@@ -217,7 +217,10 @@ function _M:verify(x509, chain, return_chain, properties, verify_method, flags)
return true, nil
end
local ret_chain_ctx = C.X509_STORE_CTX_get0_chain(ctx)
- return chain_lib.dup(ret_chain_ctx)
+ -- returns the internal pointer, dup it and avoid tail call return
+ -- to avoid ctx being GC'ed early
+ local res, err = chain_lib.dup(ret_chain_ctx)
+ return res, err
elseif code == 0 then -- unverified
local vfy_code = C.X509_STORE_CTX_get_error(ctx)
@@ -250,7 +253,12 @@ function _M:check_revocation(verified_chain, properties)
return nil, format_error("x509.store:check_revocation: X509_STORE_CTX_init")
end
- C.X509_STORE_CTX_set0_verified_chain(ctx, verified_chain.ctx)
+ local verified_dup = C.X509_chain_up_ref(verified_chain.ctx)
+ if verified_dup == nil then
+ return nil, "x509.store:check_revocation: X509_chain_up_ref() failed"
+ end
+
+ C.X509_STORE_CTX_set0_verified_chain(ctx, verified_dup)
-- enables CRL checking for the certificate chain leaf certificate.
-- An error occurs if a suitable CRL cannot be found.
diff --git a/src/deps/src/lua-resty-openssl/lua-resty-openssl-1.4.0-1.rockspec b/src/deps/src/lua-resty-openssl/lua-resty-openssl-1.5.0-1.rockspec
similarity index 99%
rename from src/deps/src/lua-resty-openssl/lua-resty-openssl-1.4.0-1.rockspec
rename to src/deps/src/lua-resty-openssl/lua-resty-openssl-1.5.0-1.rockspec
index fb95d81da..e3e8b7340 100644
--- a/src/deps/src/lua-resty-openssl/lua-resty-openssl-1.4.0-1.rockspec
+++ b/src/deps/src/lua-resty-openssl/lua-resty-openssl-1.5.0-1.rockspec
@@ -1,8 +1,8 @@
package = "lua-resty-openssl"
-version = "1.4.0-1"
+version = "1.5.0-1"
source = {
url = "git+https://github.com/fffonion/lua-resty-openssl.git",
- tag = "1.4.0"
+ tag = "1.5.0"
}
description = {
detailed = "FFI-based OpenSSL binding for LuaJIT.",
diff --git a/src/deps/src/lua-resty-openssl/scripts/templates/x509_functions.j2 b/src/deps/src/lua-resty-openssl/scripts/templates/x509_functions.j2
index dace9cd86..256454c3b 100644
--- a/src/deps/src/lua-resty-openssl/scripts/templates/x509_functions.j2
+++ b/src/deps/src/lua-resty-openssl/scripts/templates/x509_functions.j2
@@ -215,7 +215,9 @@ function _M:set_{{ f.field }}(toset)
return true
{%- else %}
{%- if modname == "x509.csr" %}
- return replace_extension(self.ctx, NID_{{ f.field }}, toset)
+ -- avoid tail call return as `toset.ctx` may got GC'ed early
+ local ok, err = replace_extension(self.ctx, NID_{{ f.field }}, toset)
+ return ok, err
{%- else %}
-- x509v3.h: # define X509V3_ADD_REPLACE 2L
if C.X509_add1_ext_i2d(self.ctx, NID_{{ f.field }}, toset, 0, 0x2) ~= 1 then
diff --git a/src/deps/src/lua-resty-openssl/scripts/type_x509.py b/src/deps/src/lua-resty-openssl/scripts/type_x509.py
index 1d195d6a1..e03cf9653 100644
--- a/src/deps/src/lua-resty-openssl/scripts/type_x509.py
+++ b/src/deps/src/lua-resty-openssl/scripts/type_x509.py
@@ -124,8 +124,8 @@ Tp+h/rnQjL05vAwjx8+RppBa2EWrAxO+wSN6ucTInUf2luC5dmtQNmb3DQ==
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("GENERAL_NAME"))
- got = ffi_cast("GENERAL_NAMES*", got_ref)''',
+ got = ffi_cast("GENERAL_NAMES*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("GENERAL_NAME"))''',
},
{
@@ -139,8 +139,8 @@ Tp+h/rnQjL05vAwjx8+RppBa2EWrAxO+wSN6ucTInUf2luC5dmtQNmb3DQ==
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("GENERAL_NAME"))
- got = ffi_cast("GENERAL_NAMES*", got_ref)''',
+ got = ffi_cast("GENERAL_NAMES*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("GENERAL_NAME"))''',
},
{
@@ -161,8 +161,8 @@ Tp+h/rnQjL05vAwjx8+RppBa2EWrAxO+wSN6ucTInUf2luC5dmtQNmb3DQ==
-- since there seems no way to increase ref count for a ACCESS_DESCRIPTION
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("ACCESS_DESCRIPTION"))
- got = ffi_cast("AUTHORITY_INFO_ACCESS*", got_ref)''',
+ got = ffi_cast("AUTHORITY_INFO_ACCESS*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("ACCESS_DESCRIPTION"))''',
},
{
@@ -175,8 +175,8 @@ Tp+h/rnQjL05vAwjx8+RppBa2EWrAxO+wSN6ucTInUf2luC5dmtQNmb3DQ==
-- since there seems no way to increase ref count for a DIST_POINT
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("DIST_POINT"))
- got = ffi_cast("OPENSSL_STACK*", got_ref)''',
+ got = ffi_cast("OPENSSL_STACK*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("DIST_POINT"))''',
},
]
}
\ No newline at end of file
diff --git a/src/deps/src/lua-resty-openssl/scripts/type_x509_req.py b/src/deps/src/lua-resty-openssl/scripts/type_x509_req.py
index 9a646d3f1..84fa1ec10 100644
--- a/src/deps/src/lua-resty-openssl/scripts/type_x509_req.py
+++ b/src/deps/src/lua-resty-openssl/scripts/type_x509_req.py
@@ -60,8 +60,8 @@ cwIDAQAB
-- since there seems no way to increase ref count for a GENERAL_NAME
-- we left the elements referenced by the new-dup'ed stack
local got_ref = got
- ffi_gc(got_ref, stack_lib.gc_of("GENERAL_NAME"))
- got = ffi_cast("GENERAL_NAMES*", got_ref)''',
+ got = ffi_cast("GENERAL_NAMES*", got_ref)
+ ffi_gc(got, stack_lib.gc_of("GENERAL_NAME"))''',
},
]
}
\ No newline at end of file
diff --git a/src/deps/src/lua-resty-openssl/valgrind.suppress b/src/deps/src/lua-resty-openssl/valgrind.suppress
index 8ae4c19bd..403f9d8e8 100644
--- a/src/deps/src/lua-resty-openssl/valgrind.suppress
+++ b/src/deps/src/lua-resty-openssl/valgrind.suppress
@@ -1,109 +1,8 @@
-{
-
- Memcheck:Cond
- fun:str_fastcmp
- fun:lj_str_new
- fun:lua_pushlstring
- fun:emptybuffer
- fun:luaL_pushresult
- fun:luaL_gsub
- fun:ngx_http_lua_set_path.isra.7.constprop.21
- fun:ngx_http_lua_new_state
- fun:ngx_http_lua_init_vm
- fun:ngx_http_lua_init
- fun:ngx_http_block
- fun:ngx_conf_handler
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Param
- write(buf)
- fun:__write_nocancel
- fun:ngx_log_error_core
- fun:ngx_resolver_read_response
-}
-{
-
- Memcheck:Cond
- fun:ngx_sprintf_num
- fun:ngx_vslprintf
- fun:ngx_log_error_core
- fun:ngx_resolver_read_response
- fun:ngx_epoll_process_events
- fun:ngx_process_events_and_timers
- fun:ngx_single_process_cycle
- fun:main
-}
-{
-
- Memcheck:Addr1
- fun:ngx_vslprintf
- fun:ngx_snprintf
- fun:ngx_sock_ntop
- fun:ngx_event_accept
-}
-{
-
- Memcheck:Param
- write(buf)
- fun:__write_nocancel
- fun:ngx_log_error_core
- fun:ngx_resolver_read_response
- fun:ngx_event_process_posted
- fun:ngx_process_events_and_timers
- fun:ngx_single_process_cycle
- fun:main
-}
-{
-
- Memcheck:Cond
- fun:ngx_sprintf_num
- fun:ngx_vslprintf
- fun:ngx_log_error_core
- fun:ngx_resolver_read_response
- fun:ngx_event_process_posted
- fun:ngx_process_events_and_timers
- fun:ngx_single_process_cycle
- fun:main
-}
{
Memcheck:Leak
fun:malloc
fun:ngx_alloc
- obj:*
-}
-{
-
- exp-sgcheck:SorG
- fun:ngx_http_lua_ndk_set_var_get
-}
-{
-
- exp-sgcheck:SorG
- fun:ngx_http_variables_init_vars
- fun:ngx_http_block
-}
-{
-
- exp-sgcheck:SorG
- fun:ngx_conf_parse
-}
-{
-
- exp-sgcheck:SorG
- fun:ngx_vslprintf
- fun:ngx_log_error_core
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_calloc
fun:ngx_event_process_init
}
{
@@ -111,258 +10,7 @@
Memcheck:Param
epoll_ctl(event)
fun:epoll_ctl
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_event_process_init
-}
-{
-
- Memcheck:Cond
- fun:ngx_conf_flush_files
- fun:ngx_single_process_cycle
-}
-{
-
- Memcheck:Cond
- fun:memcpy
- fun:ngx_vslprintf
- fun:ngx_log_error_core
- fun:ngx_http_charset_header_filter
-}
-{
-
- Memcheck:Param
- socketcall.setsockopt(optval)
- fun:setsockopt
- fun:drizzle_state_connect
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_pool_cleanup_add
-}
-{
-
- Memcheck:Cond
- fun:ngx_conf_flush_files
- fun:ngx_single_process_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_array_push
- fun:ngx_http_get_variable_index
- fun:ngx_http_memc_add_variable
- fun:ngx_http_memc_init
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_event_process_init
- fun:ngx_single_process_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_crc32_table_init
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_event_process_init
- fun:ngx_worker_process_init
- fun:ngx_worker_process_cycle
- fun:ngx_spawn_process
- fun:ngx_start_worker_processes
- fun:ngx_master_process_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_hash_init
- fun:ngx_http_variables_init_vars
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_http_upstream_drizzle_create_srv_conf
- fun:ngx_http_upstream
- fun:ngx_conf_parse
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_hash_keys_array_init
- fun:ngx_http_variables_add_core_vars
- fun:ngx_http_core_preconfiguration
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_array_push
- fun:ngx_hash_add_key
- fun:ngx_http_add_variable
- fun:ngx_http_echo_add_variables
- fun:ngx_http_echo_handler_init
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_http_upstream_drizzle_create_srv_conf
- fun:ngx_http_core_server
- fun:ngx_conf_parse
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_http_upstream_drizzle_create_srv_conf
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_array_push
- fun:ngx_hash_add_key
- fun:ngx_http_variables_add_core_vars
- fun:ngx_http_core_preconfiguration
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_hash_init
- fun:ngx_http_upstream_init_main_conf
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_pcalloc
- fun:ngx_http_drizzle_keepalive_init
- fun:ngx_http_upstream_drizzle_init
- fun:ngx_http_upstream_init_main_conf
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
-}
-{
-
- Memcheck:Leak
- fun:malloc
- fun:ngx_alloc
- fun:ngx_palloc_large
- fun:ngx_palloc
- fun:ngx_hash_init
- fun:ngx_http_variables_init_vars
- fun:ngx_http_block
- fun:ngx_conf_parse
- fun:ngx_init_cycle
- fun:main
+ fun:ngx_epoll_add_event
}
{
@@ -377,6 +25,49 @@
fun:_dl_sysdep_start
fun:_dl_start
}
+{
+
+ Memcheck:Param
+ epoll_ctl(event)
+ fun:epoll_ctl
+ fun:ngx_epoll_init
+ fun:ngx_event_process_init
+}
+{
+
+ Memcheck:Param
+ epoll_ctl(event)
+ fun:epoll_ctl
+ fun:ngx_epoll_notify_init
+ fun:ngx_epoll_init
+ fun:ngx_event_process_init
+}
+{
+
+ Memcheck:Param
+ epoll_ctl(event)
+ fun:epoll_ctl
+ fun:ngx_epoll_add_connection
+ fun:ngx_event_connect_peer
+}
+{
+
+ Memcheck:Param
+ epoll_ctl(event)
+ fun:epoll_ctl
+ fun:ngx_epoll_test_rdhup
+}
+{
+
+ Memcheck:Param
+ epoll_pwait(sigmask)
+ fun:epoll_pwait
+}
+{
+
+ Memcheck:Cond
+ obj:*
+}
{
Memcheck:Leak
@@ -394,77 +85,193 @@
fun:ngx_alloc
fun:ngx_set_environment
fun:ngx_worker_process_init
- fun:ngx_worker_process_cycle
+}
+{
+
+ Memcheck:Param
+ sendmsg(msg.msg_iov[0])
+ fun:__sendmsg_nocancel
+ fun:ngx_write_channel
+ fun:ngx_pass_open_channel
+ fun:ngx_start_worker_processes
+}
+{
+
+ Memcheck:Param
+ sendmsg(msg.msg_iov[0])
+ fun:__sendmsg_nocancel
+ fun:ngx_write_channel
+ fun:ngx_pass_open_channel
+ fun:ngx_start_cache_manager_processes
+}
+{
+
+ Memcheck:Param
+ sendmsg(msg.msg_iov[0])
+ fun:__sendmsg_nocancel
+ fun:ngx_write_channel
+ fun:ngx_pass_open_channel
+ fun:ngx_start_privileged_agent_processes
+}
+{
+
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:CRYPTO_zalloc
+ fun:SSL_SESSION_new
+ fun:ssl_get_new_session
+ fun:tls_construct_client_hello
+}
+{
+
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:ssl_session_dup
+ fun:tls_process_new_session_ticket
}
{
Memcheck:Leak
match-leak-kinds: definite
fun:malloc
- fun:ngx_alloc
- fun:ngx_event_process_init
- fun:ngx_worker_process_init
+ fun:CRYPTO_malloc
+ fun:ssl_session_dup
+ fun:tls_process_new_session_ticket
+ fun:ossl_statem_client_process_message
+ fun:read_state_machine
+ fun:state_machine
+ fun:ossl_statem_connect
+ fun:ssl3_read_bytes
+ fun:ssl3_read_internal
+ fun:ssl3_read
+ fun:ssl_read_internal
+ fun:SSL_read
+ fun:ngx_ssl_recv
+ fun:ngx_http_upstream_process_header
+ fun:ngx_http_upstream_handler
+ fun:ngx_epoll_process_events
+ fun:ngx_process_events_and_timers
+ fun:ngx_single_process_cycle
+ fun:main
+}
+{
+
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:CRYPTO_malloc
+ fun:CRYPTO_zalloc
+ fun:SSL_SESSION_new
+ fun:ssl_get_new_session
+ fun:tls_construct_client_hello
+ fun:write_state_machine
+ fun:state_machine
+ fun:ossl_statem_connect
+ fun:SSL_do_handshake
+ fun:ngx_ssl_handshake
+ fun:ngx_http_upstream_ssl_init_connection
+ fun:ngx_http_upstream_send_request_handler
+ fun:ngx_http_upstream_handler
+ fun:ngx_epoll_process_events
+ fun:ngx_process_events_and_timers
+ fun:ngx_single_process_cycle
+ fun:main
}
-
-
{
- Memcheck:Addr1
- fun:ngx_http_lua_ngx_echo
- fun:ngx_http_lua_ngx_say
- fun:lj_BC_FUNCC
- fun:lua_resume
- fun:ngx_http_lua_run_thread
- fun:ngx_http_lua_content_by_chunk
- fun:ngx_http_lua_content_handler_inline
- fun:ngx_http_lua_content_handler
- fun:ngx_http_core_content_phase
- fun:ngx_http_core_run_phases
- fun:ngx_http_handler
- fun:ngx_http_process_request
- fun:ngx_http_process_request_headers
- fun:ngx_http_process_request_line
- fun:ngx_http_wait_request_handler
- fun:ngx_epoll_process_events
- fun:ngx_process_events_and_timers
- fun:ngx_single_process_cycle
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:CRYPTO_malloc
+ fun:CRYPTO_zalloc
+ fun:evp_md_new
+ fun:evp_md_from_algorithm
+ fun:construct_evp_method
+ fun:ossl_method_construct_this
+ fun:algorithm_do_map
+ fun:algorithm_do_this
+ fun:ossl_provider_doall_activated
+ fun:ossl_algorithm_do_all
+ fun:ossl_method_construct
+ fun:inner_evp_generic_fetch
+ fun:evp_generic_fetch
+ fun:EVP_MD_fetch
+ fun:ssl_evp_md_fetch
+ fun:ssl_load_ciphers
+ fun:SSL_CTX_new_ex
+ fun:SSL_CTX_new
+ fun:ngx_ssl_create
+ fun:ngx_http_lua_set_ssl
+ fun:ngx_http_lua_merge_loc_conf
+ fun:ngx_http_merge_servers
+ fun:ngx_http_block
+ fun:ngx_conf_handler
+ fun:ngx_conf_parse
+ fun:ngx_init_cycle
fun:main
}
{
- Memcheck:Param
- writev(vector[...])
- fun:writev
- fun:ngx_writev
- fun:ngx_linux_sendfile_chain
- fun:ngx_http_write_filter
- fun:ngx_http_chunked_body_filter
- fun:ngx_http_gzip_body_filter
- fun:ngx_http_postpone_filter
- fun:ngx_http_ssi_body_filter
- fun:ngx_http_charset_body_filter
- fun:ngx_http_trailers_filter
- fun:ngx_http_lua_capture_body_filter
- fun:ngx_output_chain
- fun:ngx_http_copy_filter
- fun:ngx_http_range_body_filter
- fun:ngx_http_output_filter
- fun:ngx_http_send_special
- fun:ngx_http_lua_send_special
- fun:ngx_http_lua_send_chain_link
- fun:ngx_http_lua_run_thread
- fun:ngx_http_lua_content_by_chunk
- fun:ngx_http_lua_content_handler_inline
- fun:ngx_http_lua_content_handler
- fun:ngx_http_core_content_phase
- fun:ngx_http_core_run_phases
- fun:ngx_http_handler
- fun:ngx_http_process_request
- fun:ngx_http_process_request_headers
- fun:ngx_http_process_request_line
- fun:ngx_http_wait_request_handler
- fun:ngx_epoll_process_events
- fun:ngx_process_events_and_timers
- fun:ngx_single_process_cycle
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:CRYPTO_malloc
+ fun:CRYPTO_zalloc
+ fun:evp_cipher_new
+ fun:evp_cipher_from_algorithm
+ fun:construct_evp_method
+ fun:ossl_method_construct_this
+ fun:algorithm_do_map
+ fun:algorithm_do_this
+ fun:ossl_provider_doall_activated
+ fun:ossl_algorithm_do_all
+ fun:ossl_method_construct
+ fun:inner_evp_generic_fetch
+ fun:evp_generic_fetch
+ fun:EVP_CIPHER_fetch
+ fun:ssl_evp_cipher_fetch
+ fun:ssl_load_ciphers
+ fun:SSL_CTX_new_ex
+ fun:SSL_CTX_new
+ fun:ngx_ssl_create
+ fun:ngx_http_lua_set_ssl
+ fun:ngx_http_lua_merge_loc_conf
+ fun:ngx_http_merge_servers
+ fun:ngx_http_block
+ fun:ngx_conf_handler
+ fun:ngx_conf_parse
+ fun:ngx_init_cycle
fun:main
}
+{
+
+ Memcheck:Leak
+ match-leak-kinds: definite
+ fun:malloc
+ fun:CRYPTO_malloc
+ fun:CRYPTO_zalloc
+ fun:provider_new
+ fun:provider_activate_fallbacks
+ fun:ossl_provider_doall_activated
+ fun:ossl_algorithm_do_all
+ fun:ossl_method_construct
+ fun:inner_evp_generic_fetch
+ fun:evp_generic_fetch
+ fun:EVP_CIPHER_fetch
+ fun:ssl_evp_cipher_fetch
+ fun:ssl_load_ciphers
+ fun:SSL_CTX_new_ex
+ fun:SSL_CTX_new
+ fun:ngx_ssl_create
+ fun:ngx_http_lua_set_ssl
+ fun:ngx_http_lua_merge_loc_conf
+ fun:ngx_http_merge_servers
+ fun:ngx_http_block
+ fun:ngx_conf_handler
+ fun:ngx_conf_parse
+ fun:ngx_init_cycle
+ fun:main
+}
+