Loading...

XML

Word

Printable

Type: Bug
Resolution: Fixed
Priority: P3
Fix Version/s: 20
Affects Version/s: 8, 11, 17, 19, 20
Component/s: security-libs
Labels:

Subcomponent:
javax.crypto:pkcs11
Resolved In Build:
b20

Issue	Fix Version	Assignee	Priority	Status	Resolution	Resolved In Build
JDK-8300762	17.0.8-oracle	Prajwal Kumaraswamy	P3	Resolved	Fixed	b01
JDK-8306295	17.0.8	Goetz Lindenmaier	P3	Resolved	Fixed	b01
JDK-8300763	11.0.20-oracle	Prajwal Kumaraswamy	P3	Resolved	Fixed	b01
JDK-8306294	11.0.20	Goetz Lindenmaier	P3	Resolved	Fixed	b01
JDK-8300764	8u381	Prajwal Kumaraswamy	P3	Resolved	Fixed	b02

P11TlsKeyMaterialGenerator leaks 2 handles (hClientMacSecret and hServerMacSecret) every time a connection using AES-GCM is established. PKCS11 library used was NSS.

MAC keys are not needed when using AEAD, and the PKCS spec [1] suggests that they don't need to be created. However, it doesn't prohibit creating MAC keys, and come libraries like NSS create them.

https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html#_Toc111203671

backported by

JDK-8300762 Memory leak in PKCS11 NSS TLS server

Resolved

JDK-8300763 Memory leak in PKCS11 NSS TLS server

Resolved

JDK-8300764 Memory leak in PKCS11 NSS TLS server

Resolved

JDK-8306294 Memory leak in PKCS11 NSS TLS server

Resolved

JDK-8306295 Memory leak in PKCS11 NSS TLS server

Resolved

relates to

JDK-7030966 Support AEAD CipherSuites

Closed

links to

Commit openjdk/jdk11u-dev/1eb49413

Commit openjdk/jdk17u-dev/e91b87e2

Commit openjdk/jdk/94caecbe

Review openjdk/jdk11u-dev/1831

Review openjdk/jdk17u-dev/1246

Review openjdk/jdk/10594

(1 relates to, 6 links to)

Assignee:: Daniel Jelinski

Reporter:: Daniel Jelinski

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2022-10-06 05:53

Updated:: 2023-06-26 11:59

Resolved:: 2022-10-13 02:31

Details

Backports

Description

Attachments

Issue Links

Activity

People

Dates