132 lines
5.2 KiB
Diff
132 lines
5.2 KiB
Diff
# HG changeset patch
|
|
# User igerasim
|
|
# Date 1528992969 25200
|
|
# Thu Jun 14 09:16:09 2018 -0700
|
|
# Node ID d9b0b4bd2526818afa73b60da77403245554caa8
|
|
# Parent 1f4b038b9550afaf88a70cee4cf9c1422ecd86d6
|
|
8203182, PR3603: Release session if initialization of SunPKCS11 Signature fails
|
|
Summary: Ensure session is properly released in P11Signature class
|
|
Reviewed-by: valeriep
|
|
Contributed-by: Martin Balao <mbalao@redhat.com>
|
|
|
|
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
|
|
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
|
|
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
|
|
@@ -309,47 +309,51 @@
|
|
session = token.killSession(session);
|
|
return;
|
|
}
|
|
- // "cancel" operation by finishing it
|
|
- // XXX make sure all this always works correctly
|
|
- if (mode == M_SIGN) {
|
|
- try {
|
|
- if (type == T_UPDATE) {
|
|
- token.p11.C_SignFinal(session.id(), 0);
|
|
- } else {
|
|
- byte[] digest;
|
|
- if (type == T_DIGEST) {
|
|
- digest = md.digest();
|
|
- } else { // T_RAW
|
|
- digest = buffer;
|
|
+ try {
|
|
+ // "cancel" operation by finishing it
|
|
+ // XXX make sure all this always works correctly
|
|
+ if (mode == M_SIGN) {
|
|
+ try {
|
|
+ if (type == T_UPDATE) {
|
|
+ token.p11.C_SignFinal(session.id(), 0);
|
|
+ } else {
|
|
+ byte[] digest;
|
|
+ if (type == T_DIGEST) {
|
|
+ digest = md.digest();
|
|
+ } else { // T_RAW
|
|
+ digest = buffer;
|
|
+ }
|
|
+ token.p11.C_Sign(session.id(), digest);
|
|
}
|
|
- token.p11.C_Sign(session.id(), digest);
|
|
+ } catch (PKCS11Exception e) {
|
|
+ throw new ProviderException("cancel failed", e);
|
|
}
|
|
- } catch (PKCS11Exception e) {
|
|
- throw new ProviderException("cancel failed", e);
|
|
+ } else { // M_VERIFY
|
|
+ try {
|
|
+ byte[] signature;
|
|
+ if (keyAlgorithm.equals("DSA")) {
|
|
+ signature = new byte[40];
|
|
+ } else {
|
|
+ signature = new byte[(p11Key.length() + 7) >> 3];
|
|
+ }
|
|
+ if (type == T_UPDATE) {
|
|
+ token.p11.C_VerifyFinal(session.id(), signature);
|
|
+ } else {
|
|
+ byte[] digest;
|
|
+ if (type == T_DIGEST) {
|
|
+ digest = md.digest();
|
|
+ } else { // T_RAW
|
|
+ digest = buffer;
|
|
+ }
|
|
+ token.p11.C_Verify(session.id(), digest, signature);
|
|
+ }
|
|
+ } catch (PKCS11Exception e) {
|
|
+ // will fail since the signature is incorrect
|
|
+ // XXX check error code
|
|
+ }
|
|
}
|
|
- } else { // M_VERIFY
|
|
- try {
|
|
- byte[] signature;
|
|
- if (keyAlgorithm.equals("DSA")) {
|
|
- signature = new byte[40];
|
|
- } else {
|
|
- signature = new byte[(p11Key.length() + 7) >> 3];
|
|
- }
|
|
- if (type == T_UPDATE) {
|
|
- token.p11.C_VerifyFinal(session.id(), signature);
|
|
- } else {
|
|
- byte[] digest;
|
|
- if (type == T_DIGEST) {
|
|
- digest = md.digest();
|
|
- } else { // T_RAW
|
|
- digest = buffer;
|
|
- }
|
|
- token.p11.C_Verify(session.id(), digest, signature);
|
|
- }
|
|
- } catch (PKCS11Exception e) {
|
|
- // will fail since the signature is incorrect
|
|
- // XXX check error code
|
|
- }
|
|
+ } finally {
|
|
+ session = token.releaseSession(session);
|
|
}
|
|
}
|
|
|
|
@@ -368,6 +372,8 @@
|
|
}
|
|
initialized = true;
|
|
} catch (PKCS11Exception e) {
|
|
+ // release session when initialization failed
|
|
+ session = token.releaseSession(session);
|
|
throw new ProviderException("Initialization failed", e);
|
|
}
|
|
if (bytesProcessed != 0) {
|
|
@@ -529,6 +535,8 @@
|
|
}
|
|
bytesProcessed += len;
|
|
} catch (PKCS11Exception e) {
|
|
+ initialized = false;
|
|
+ session = token.releaseSession(session);
|
|
throw new ProviderException(e);
|
|
}
|
|
break;
|
|
@@ -576,6 +584,8 @@
|
|
bytesProcessed += len;
|
|
byteBuffer.position(ofs + len);
|
|
} catch (PKCS11Exception e) {
|
|
+ initialized = false;
|
|
+ session = token.releaseSession(session);
|
|
throw new ProviderException("Update failed", e);
|
|
}
|
|
break;
|