JDK-8228835 : Memory leak in PKCS11 provider when using AES GCM
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 8,11,13,14
  • Priority: P3
  • Status: Resolved
  • Resolution: Fixed
  • OS: generic
  • CPU: generic
  • Submitted: 2019-07-30
  • Updated: 2020-08-31
  • Resolved: 2019-08-14
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 11 JDK 13 JDK 14 JDK 8 Other
11.0.6Fixed 13.0.3Fixed 14 b10Fixed 8u241Fixed openjdk8u272Fixed
Related Reports
Relates :  
Description
When using AES GCM encryption/decryption impl from SunPKCS11 provider, its native parameter structure contains Iv and AAD byte arrays which should be explicitly freed after use. Current impl only frees the mechanism structure and its generic parameter pointer. It should also free the algorithm specific pointers, i.e. iv and aad, inside the memory pointed to by the parameter pointer.
Comments
Fix request (8u) I'd like to have an approval for an 8u backport of this fix. The 8u release is affected by this bug. The patch does not apply cleanly but a review-approval has been granted here: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012585.html No regressions observed in sun/security/pkcs11 test category.
28-08-2020

8u RFR: https://mail.openjdk.java.net/pipermail/jdk8u-dev/2020-August/012580.html
28-08-2020

Fix request (13u): The patch apples cleanly. The fix for JDK-8080462 is already present in 13. No regressions observed.
20-03-2020

Fix request (11u): Requesting backport of this item for Oracle 11.0.6 parity. It is a necessary follow up after JDK-8080462. Patch applies cleanly, no regressions observed.
11-11-2019

URL: https://hg.openjdk.java.net/jdk/jdk/rev/6bbb4af131e3 User: valeriep Date: 2019-08-14 01:40:59 +0000
14-08-2019