Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6887619

Memory growth when using CKM_TLS_PRF mechanism with C_DeriveKey() calls

    Details

      Backports

        Description

        There have been reports from java applications using JSSE and SunPKCS11 provider about a memory growth problem. After some investigation, it seems that CKM_TLS_PRF is the culprit for the memory growth problem.
        Based on the test results at hand, the memory usage remains flat when either:
        1) the CKM_TLS_PRF mechanism is disabled, or
        2) leave CKM_TLS_PRF mechanism enabled, but pass 0 as the base key in the C_DeriveKey(...) call instead of what actually specified by the caller. This leads to an error and Java crypto framework will fail over to the next crypto provider, i.e. SunJCE, for the TlsPrf algorithm.

        Since everything else on java side is the same, it looks to be a Solaris crypto implementation issue. Please refer to 6750401 "SSL stress test with GF leads to 32 bit max process size in less than 5 minutes,with PCKS11 provider" for more details.

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  valeriep Valerie Peng
                  Reporter:
                  valeriep Valerie Peng
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  6 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved:
                    Imported:
                    Indexed: