Bug 179715 - LTC20830-Large memory leak w/symmetric crypto & TAM WebSEAL
LTC20830-Large memory leak w/symmetric crypto & TAM WebSEAL
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: openCryptoki (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Phil Knirsch
Brock Organ
Depends On:
Blocks: 168429
  Show dependency treegraph
Reported: 2006-02-02 06:35 EST by Phil Knirsch
Modified: 2015-03-04 20:15 EST (History)
2 users (show)

See Also:
Fixed In Version: RHEA-2006-0074
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-07 13:36:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Patch to fix the memory leak problem, also in upstream CVS. (1.00 KB, patch)
2006-02-02 06:35 EST, Phil Knirsch
no flags Details | Diff

  None (edit)
Description Phil Knirsch 2006-02-02 06:35:51 EST
Description of problem:

When running a https workload against an application (Tivoli Access Manager
WebSEAL 6.0) with symmetric crypto enabled, we are seeing an increase in memory
usage to over 1 Gig in under 20 minutes.  

Our application (Tivoli Access Manager WebSEAL 6.0) is configured to have an
SSL junction to an Apache webserver using a TDES cipher.   The workload
consists of 12 clients getting a 10K gif over the SSL junction. Once we start
the workload memory usage for WebSEAL goes from 139M to over 1 Gig within 15-20
minutes.  Eventually, the application (Tivoli Access Manager WebSEAL 6.0) dies.

If we disable the symmetric support, the workload runs fine ( no excessive
memory usage).

We also hit the problem using AES-128 cipher.

If this is a customer issue, please indicate the impact to the customer:

If this is not an installation problem,
      Describe any custom patches installed.

openCryptoki-2.1.6-0.40.1 + bugzilla fix for 20096
openssl-0.9.7a-43.6 + bugzilla fix for 20455

      Provide output from "uname -a", if possible:

Hardware Environment
Manufacturer:         IBM
Type:                 2094
Model:                728
VM00 Control Program: z/VM    5.2.0

Crypto card: CEX2C

Version-Release number of selected component (if applicable):

How reproducible:


Steps to Reproduce:

See above
Actual results:

Tivoli Access Manager WebSEAL 6.0 runs oom due to memory leak.

Expected results:

Tivoli Access Manager WebSEAL 6.0 should continue working.

Additional info:

The problem essentially
makes the symmetric support non-usable.

openCryptoki asks libICA to allocate a mechanism list on the heap, which
it does. openCryptoki should then release that memory once it processes the
list. When the mechanism list code was ported back from the 2.2 branch to the
2.1 branch, some changes to the code were necessary to support the static table
of mechanisms in the older version. It looks as though in the process that the
code to free the memory allocated on the heap was inadvertently #if'd out in a
function called from C_GetMechanismList().
Comment 1 Phil Knirsch 2006-02-02 06:35:52 EST
Created attachment 124043 [details]
Patch to fix the memory leak problem, also in upstream CVS.
Comment 2 Phil Knirsch 2006-02-02 08:03:14 EST
Test packages can be found here:


Read ya, Phil
Comment 6 Red Hat Bugzilla 2006-03-07 13:36:41 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.