Integrated: 8294906: Memory leak in PKCS11 NSS TLS server
Daniel Jeliński
djelinski at openjdk.org
Thu Oct 13 09:32:34 UTC 2022
On Thu, 6 Oct 2022 13:27:23 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
> C_DeriveKey with mechanisms `CKM_*_KEY_AND_MAC_DERIVE` always returns mac keys, even if macBits is zero. These keys must be free'd when no longer needed.
>
> Verified that:
> - SSL server configured with PKCS11-NSS provider leaks memory without this patch, does not leak memory with this patch
> - The same server continues to function correctly
> - Existing tier1-3 tests continue to pass with NSS; did not test any other PKCS11 providers
> - new tests for AES-128-GCM-SHA256 and AES-256-GCM-SHA384 key derivation pass
This pull request has now been integrated.
Changeset: 94caecbe
Author: Daniel Jeliński <djelinski at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/94caecbe574227b232e22d9f56361f8ecd507be6
Stats: 119 lines in 5 files changed: 108 ins; 3 del; 8 mod
8294906: Memory leak in PKCS11 NSS TLS server
Reviewed-by: valeriep
-------------
PR: https://git.openjdk.org/jdk/pull/10594
More information about the security-dev
mailing list