Potential native libsodium memory leakage in Tuweni Crypto #42
Description
In one of our canary boxes, we noticed a consistent OOM when Tuweni Crypto (Consensys Tuweni 2.7.0) was used. Unfortunately, unable to reproduce it in any other boxes.
Caused by: java.lang.OutOfMemoryError: Sodium.sodium_malloc failed allocating 48
at org.apache.tuweni.crypto.sodium.Sodium.malloc(Sodium.java:220)
at org.apache.tuweni.crypto.sodium.Sodium.dup(Sodium.java:258)
at org.apache.tuweni.crypto.sodium.Sodium.dup(Sodium.java:269)
at org.apache.tuweni.crypto.sodium.SHA256Hash$Input.fromBytes(SHA256Hash.java:84)
at org.apache.tuweni.crypto.sodium.SHA256Hash$Input.fromBytes(SHA256Hash.java:74)
at org.apache.tuweni.crypto.Hash.sha2_256(Hash.java:131)
at tech.pegasys.teku.bls.keystore.KeyStore.calculateSHA256Checksum(KeyStore.java:143)
at tech.pegasys.teku.bls.keystore.KeyStore.validateChecksum(KeyStore.java:135)
at tech.pegasys.teku.bls.keystore.KeyStore.decrypt(KeyStore.java:122)
at tech.pegasys.web3signer.signing.bulkloading.BlsKeystoreBulkLoader.createSignerForKeystore(BlsKeystoreBulkLoader.java:93)
--------------- S U M M A R Y ------------
Command Line: -Dvertx.disableFileCPResolving=true -Dlog4j.shutdownHookEnabled=false -Dlog4j2.formatMsgNoLookups=true --add-opens=java.base/jdk.internal.misc=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED -Dio.netty.tryReflectionSetAccessible=true --add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED -Dlog4j.configurationFile=/opt/log4j/web3signer-log-config.xml tech.pegasys.web3signer.Web3SignerApp --config-file=/etc/web3signer/web3signer.yml eth2
Host: AMD EPYC 7763 64-Core Processor, 16 cores, 62G, Ubuntu 22.04.5 LTS
Time: Mon Jun 9 01:27:26 2025 UTC elapsed time: 5.407947 seconds (0d 0h 0m 5s)
free -h
total used free shared buff/cache available
Mem: 62Gi 5.7Gi 50Gi 4.0Mi 7.0Gi 56Gi