c - Memory leak in OpenSSL function EVP_PKEY_keygen

Question

I just tried to generate a RSA key using:

#include <openssl/evp.h>
#include <openssl/rsa.h>

int main(void) {
  OpenSSL_add_all_algorithms();

  EVP_PKEY_CTX *ctx;
  EVP_PKEY *pkey = NULL;

  ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
  if (!ctx) {
      // error
  }

  if (EVP_PKEY_keygen_init(ctx) <= 0) {
      // error
  }

  if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
      // error
  }

  if (EVP_PKEY_keygen(ctx, &pkey) <= 0) { // this call seems to leak
      // error
  }

  EVP_PKEY_free(pkey);
  EVP_PKEY_CTX_free(ctx);

  EVP_cleanup();
  return 0;
}

So far, I don't think that I'm doing anything wrong. Valgrind complains "in use at exit: 416 bytes in 6 blocks". First I thought, I forgot something to free, afterwards I tried

valgrind openssl genrsa 1024

And I also got "in use at exit: 416 bytes in 6 blocks". Hum?! Even OpenSSL's official binary leaks?

Openssl's FAQ tells:

"Brutal" (thread-unsafe) Application-global cleanup functions:

ERR_free_strings(), EVP_cleanup() and CRYPTO_cleanup_all_ex_data().

If I execute *CRYPTO_cleanup_all_ex_data()* it does not leak. But according to the OpenSSL documentation it is a "brutal" method, whatever that means. There is no further documentation on this function.

Is there any way to clean it up properly?

I'm using OpenSSL 1.0.1f 6 Jan 2014

Answer 1

The FAQ of OpenSSL answers the question (Thanks to @opalenzuela):

In most cases the cause of an apparent memory leak is an OpenSSL internal table that is allocated when an application starts up. Since such tables do not grow in size over time they are harmless.

Having a deeper look into OpenSSL's source shows:

/* Release all "ex_data" state to prevent memory leaks. This can't be made
 * thread-safe without overhauling a lot of stuff, and shouldn't really be
 * called under potential race-conditions anyway (it's for program shutdown
 * after all). */
void CRYPTO_cleanup_all_ex_data(void)
    {
    IMPL_CHECK
    EX_IMPL(cleanup)();
    }