On Wed, 12 Oct 2022 12:13:20 GMT, Daniel Jeliński <djelin...@openjdk.org> wrote:
>> C_DeriveKey with mechanisms `CKM_*_KEY_AND_MAC_DERIVE` always returns mac >> keys, even if macBits is zero. These keys must be free'd when no longer >> needed. >> >> Verified that: >> - SSL server configured with PKCS11-NSS provider leaks memory without this >> patch, does not leak memory with this patch >> - The same server continues to function correctly >> - Existing tier1-3 tests continue to pass with NSS; did not test any other >> PKCS11 providers >> - new tests for AES-128-GCM-SHA256 and AES-256-GCM-SHA384 key derivation pass > > Daniel Jeliński has updated the pull request incrementally with one > additional commit since the last revision: > > Add comment about unused parameters On Linux you might be able to use brew to get an older version of nss: % brew tap-new $USER/local-nss % brew extract --version=3.35 nss $USER/local-nss % brew install nss@3.35 ------------- PR: https://git.openjdk.org/jdk/pull/10594
