On Thu, 6 Oct 2022 13:27:23 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
> C_DeriveKey with mechanisms `CKM_*_KEY_AND_MAC_DERIVE` always returns mac > keys, even if macBits is zero. These keys must be free'd when no longer > needed. > > Verified that: > - SSL server configured with PKCS11-NSS provider leaks memory without this > patch, does not leak memory with this patch > - The same server continues to function correctly > - Existing tier1-3 tests continue to pass with NSS; did not test any other > PKCS11 providers > - new tests for AES-128-GCM-SHA256 and AES-256-GCM-SHA384 key derivation pass I don't know if other providers allocate mac keys here or not; NSS is the only provider I could test. NSS's `C_DestroyObject` fails when asked to destroy invalid object. [The spec](https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/cs01/pkcs11-spec-v3.1-cs01.html#_Toc111203671) says: > The two MACing keys ("client_write_MAC_secret" and "server_write_MAC_secret") > (if present) [..] which suggests that the keys may be absent; it does not define how we can check if keys were generated, but it does declare that zero (`CK_INVALID_HANDLE`) is never a valid object handle. I'll add a check for zero. ------------- PR: https://git.openjdk.org/jdk/pull/10594
