RFR: 8324585: JVM native memory leak in PCKS11-NSS security provider
Daniel Jeliński
djelinski at openjdk.org
Fri Jan 26 10:09:53 UTC 2024
Please review this patch that fixes a memory leak in P11TlsPrfGenerator, which is triggered during TLS1.2 Finished message generation and verification.
The patch changes C_SignInit JNI method to free the mechanism data immediately after use. This matches the behavior of other Init methods (like C_EncryptInit). The patch also fixes a similar issue in other signature-related methods.
The change essentially reverts part of [JDK-8080462](https://bugs.openjdk.org/browse/JDK-8080462).
All sun/security/pkcs11 tests still pass with NSS 3.35 and 3.91. All tier1-3 tests still pass.
-------------
Commit messages:
- Free the mechanism parameters early
Changes: https://git.openjdk.org/jdk/pull/17584/files
Webrev: https://webrevs.openjdk.org/?repo=jdk&pr=17584&range=00
Issue: https://bugs.openjdk.org/browse/JDK-8324585
Stats: 83 lines in 6 files changed: 0 ins; 65 del; 18 mod
Patch: https://git.openjdk.org/jdk/pull/17584.diff
Fetch: git fetch https://git.openjdk.org/jdk.git pull/17584/head:pull/17584
PR: https://git.openjdk.org/jdk/pull/17584
More information about the security-dev
mailing list