2 Replies Latest reply on Dec 2, 2019 5:05 AM by 4135019

    Native memory leak is caused by the method:   java.security.KeyStore.getEntry( String, KeyStore.ProtectionParameter )

    4135019

      Native memory leak is caused by the method:   java.security.KeyStore.getEntry( String, KeyStore.ProtectionParameter ).

      The memory used is not on the Java heap, so it is not reclaimed by garbage collection.

       

      This works fine on Linux and Windows but only gives issues on Solaris 11 with Java 11.

        • 1. Re: Native memory leak is caused by the method:   java.security.KeyStore.getEntry( String, KeyStore.ProtectionParameter )
          Darren Moffat-Oracle

          This is best dealt with by logging an SR with Oracle support and giving the example code as well as the exact Solaris and Java version numbers.

           

          One possible reason for the difference in behaviour between Solaris vs Linux or Windows is the default configuration of the JCE.  On Solaris the java.security configuration file for the JRE has the ucrypto-solaris and sunpkcs11 providers configured.  There have been fixes in this area for Solaris 11, that I can't easily tell if you have without the exact SRU number.

           

          --

          Darren J Moffat - Oracle Solaris Engineering.

          • 2. Re: Native memory leak is caused by the method:   java.security.KeyStore.getEntry( String, KeyStore.ProtectionParameter )
            4135019

            Found out the issue, it is reproducible on Oracle Solaris 11 with Oracle Java 11 for Solaris. The changes made in Oracle Java 11 in java.security is the issue.

            What Oracle is done in Solaris Java they have changed security provider to Oracle as 1st where as in all other Oracle Java(for windows, linux, OpenJDK, Adopt) SUN is 1st and Oracle is 3rd. Not sure why oracleucrypto being first causes memory leak but may be the way its implemented is causing the issue.

            security.provider.1=OracleUcrypto

            security.provider.2=SunPKCS11 ${java.home}/conf/security/sunpkcs11-solaris.cfg

            security.provider.3=SUN

            The ways it's implemented it creates a memory leak and after sometime the machine goes out of memory and the temporary workaround is to change it back to SUN from Oracle and the issues goes off.

            But there is no easy way to log a bug with Oracle if you use only for dev and test. This is the sad part even after knowing the bug Oracle only accepts the bug if you buy support.