** Attachment added: "1.1.1" https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1842383/+attachment/5289014/+files/1.1.1.png
** Description changed: - Hi, + [Impact] - DISTRIB_ID=Ubuntu - DISTRIB_RELEASE=18.04 - DISTRIB_CODENAME=bionic - DISTRIB_DESCRIPTION="Ubuntu 18.04.3 LTS" + At some point in the past do_ssl3_write() used to return the number of + bytes written, or a value <= 0 on error. - With dynamic linking libssl1.1 in nginx we see a lot memory use compared - to libssl1.0. + With libssl1.11 it now just returns a success/ + error code and writes the number of bytes written to |tmpwrit|. + + The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code + for the number of bytes written rather than |tmpwrit|. This has the effect + that the buffers are not released when they are supposed to be. + + Thus such software as nginx currenty use significantly more memory + compared to libssl1.0. + + [Test Case] + + Use 'top' to measure the memory usage by nginx with ssl configured. + + Example: No memory overuse: - ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries + ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries + https://launchpadlibrarian.net/442818951/1.1.0g.png 2,5x memory overuse: - ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.4 amd64 Secure Sockets Layer toolkit - shared libraries + ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.4 amd64 Secure Sockets Layer toolkit - shared libraries + https://launchpadlibrarian.net/442819146/1.1.1.png - After some investigation from nginx team, they build nginx with static - linking openssl with this patch, and this solved memory overuse issue - https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f2bb79a + [Regression Potential] - Can you please fix and rebuild openssl with this patch? + Low. This particular fix is tiny + (https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f2bb79a) and has + been released and used in a couple of upstream openssl versions already + without issue. - Thanks! + [Other Info] + + The fix has been tested by nginx team and it solved the memory overuse issue. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1842383 Title: openssl 1.1.1 memory overuse/leak Status in openssl package in Ubuntu: New Bug description: [Impact] At some point in the past do_ssl3_write() used to return the number of bytes written, or a value <= 0 on error. With libssl1.11 it now just returns a success/ error code and writes the number of bytes written to |tmpwrit|. The SSL_MODE_RELEASE_BUFFERS code was still looking at the return code for the number of bytes written rather than |tmpwrit|. This has the effect that the buffers are not released when they are supposed to be. Thus such software as nginx currenty use significantly more memory compared to libssl1.0. [Test Case] Use 'top' to measure the memory usage by nginx with ssl configured. Example: No memory overuse: ii libssl1.1:amd64 1.1.0g-2ubuntu4 amd64 Secure Sockets Layer toolkit - shared libraries https://launchpadlibrarian.net/442818951/1.1.0g.png 2,5x memory overuse: ii libssl1.1:amd64 1.1.1-1ubuntu2.1~18.04.4 amd64 Secure Sockets Layer toolkit - shared libraries https://launchpadlibrarian.net/442819146/1.1.1.png [Regression Potential] Low. This particular fix is tiny (https://git.openssl.org/?p=openssl.git;a=commitdiff;h=f2bb79a) and has been released and used in a couple of upstream openssl versions already without issue. [Other Info] The fix has been tested by nginx team and it solved the memory overuse issue. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1842383/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
