On Thu, 6 Oct 2022 13:27:23 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
> C_DeriveKey with mechanisms `CKM_*_KEY_AND_MAC_DERIVE` always returns mac > keys, even if macBits is zero. These keys must be free'd when no longer > needed. > > Verified that: > - SSL server configured with PKCS11-NSS provider leaks memory without this > patch, does not leak memory with this patch > - The same server continues to function correctly > - Existing tier1-3 tests continue to pass with NSS; did not test any other > PKCS11 providers > - new tests for AES-128-GCM-SHA256 and AES-256-GCM-SHA384 key derivation pass I will take a look, thanks~ ------------- PR: https://git.openjdk.org/jdk/pull/10594
