Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6887619

Memory growth when using CKM_TLS_PRF mechanism with C_DeriveKey() calls

    XMLWordPrintable

Details

    Backports

      Description

        There have been reports from java applications using JSSE and SunPKCS11 provider about a memory growth problem. After some investigation, it seems that CKM_TLS_PRF is the culprit for the memory growth problem.
        Based on the test results at hand, the memory usage remains flat when either:
        1) the CKM_TLS_PRF mechanism is disabled, or
        2) leave CKM_TLS_PRF mechanism enabled, but pass 0 as the base key in the C_DeriveKey(...) call instead of what actually specified by the caller. This leads to an error and Java crypto framework will fail over to the next crypto provider, i.e. SunJCE, for the TlsPrf algorithm.

        Since everything else on java side is the same, it looks to be a Solaris crypto implementation issue. Please refer to 6750401 "SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider" for more details.

        Attachments

          Issue Links

            backported by

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2186818 Memory growth when using CKM_TLS_PRF mechanism with C_DeriveKey() calls

            • P3 - Major loss of function.
            • Closed
            duplicates

            Bug - A problem which impairs or prevents the functions of the product. JDK-6869672 Memory retention issues when using https handler

            • P2 - Crashes, loss of data, severe memory leak.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-6868466 native memory leak in jdk6 (regression from jdk5)

            • P3 - Major loss of function.
            • Closed

            Backport - A issue that is required to port a Bug or Feature into another product release. This issue type is generally associated with the main Bug/Feature to represent each individual release of the port. JDK-2170532 SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider

            • P1 - Blocks development and/or testing work, production could not run.
            • Closed
            relates to

            Bug - A problem which impairs or prevents the functions of the product. JDK-6750401 SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider

            • P1 - Blocks development and/or testing work, production could not run.
            • Closed

            Bug - A problem which impairs or prevents the functions of the product. JDK-6913047 Long term memory leak when using PKCS11 and JCE exceeds 32 bit process address space

            • P3 - Major loss of function.
            • Resolved

            Activity

              People

                valeriep Valerie Peng
                valeriep Valerie Peng
                Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: