From 60446746d41c3c80d9788a252b4a55afe44e1e7b Mon Sep 17 00:00:00 2001 From: Xue-Lei Andrew Fan Date: Tue, 19 Apr 2022 21:53:08 +0000 Subject: [PATCH] 8284855: Update needed to Cleaners added to jdk.crypto.cryptoki Reviewed-by: valeriep --- .../sun/security/pkcs11/P11KeyStore.java | 12 ++++++--- .../classes/sun/security/pkcs11/P11Util.java | 6 ++++- .../sun/security/pkcs11/wrapper/PKCS11.java | 25 ++++++++++++++----- .../share/native/libj2pkcs11/p11_util.c | 17 +------------ .../share/native/libj2pkcs11/pkcs11wrapper.h | 3 +-- .../unix/native/libj2pkcs11/p11_md.c | 25 ++++++++++--------- .../windows/native/libj2pkcs11/p11_md.c | 24 ++++++++++-------- 7 files changed, 60 insertions(+), 52 deletions(-) diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java index fe8ffab7a46..c52ca66b326 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyStore.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,7 +25,6 @@ package sun.security.pkcs11; -import java.lang.ref.Cleaner; import java.math.BigInteger; import java.io.InputStream; @@ -232,8 +231,7 @@ final class P11KeyStore extends KeyStoreSpi { private PasswordCallbackHandler(char[] password) { if (password != null) { this.password = password.clone(); - Cleaner.create().register(this, - () -> Arrays.fill(this.password, ' ')); + P11Util.cleaner.register(this, releaserFor(this.password)); } } @@ -245,6 +243,12 @@ final class P11KeyStore extends KeyStoreSpi { PasswordCallback pc = (PasswordCallback)callbacks[0]; pc.setPassword(password); // this clones the password if not null } + + private static Runnable releaserFor(char[] password) { + return () -> { + Arrays.fill(password, ' '); + }; + } } /** diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java index 256c2f96568..67dd2dc33dd 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ package sun.security.pkcs11; +import java.lang.ref.Cleaner; import java.math.BigInteger; import java.security.*; @@ -39,6 +40,9 @@ import static sun.security.pkcs11.wrapper.PKCS11Exception.RV.*; */ public final class P11Util { + // A cleaner, shared within this module. + public static final Cleaner cleaner = Cleaner.create(); + private static Object LOCK = new Object(); private static volatile Provider sun, sunRsaSign, sunJce; diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java index cf2e231ea91..4b06daaf264 100644 --- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java +++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -47,7 +47,6 @@ package sun.security.pkcs11.wrapper; -import java.lang.ref.Cleaner; import java.io.File; import java.io.IOException; import java.util.*; @@ -57,6 +56,7 @@ import java.security.PrivilegedAction; import sun.security.util.Debug; +import sun.security.pkcs11.P11Util; import static sun.security.pkcs11.wrapper.PKCS11Constants.*; import static sun.security.pkcs11.wrapper.PKCS11Exception.RV.*; @@ -112,6 +112,9 @@ public class PKCS11 { */ private final String pkcs11ModulePath; private final CK_VERSION version; + + // Note: Please don't update this field other than the constructor. + // Otherwise, the native data is not able to be collected. private long pNativeData; /** @@ -164,7 +167,7 @@ public class PKCS11 { } // Calls disconnect() to cleanup the native part of the wrapper. - Cleaner.create().register(this, this::disconnect); + P11Util.cleaner.register(this, releaserFor(pNativeData)); } public CK_VERSION getVersion() { @@ -200,11 +203,19 @@ public class PKCS11 { return pkcs11; } + private static Runnable releaserFor(long pNativeData) { + return () -> { + if (pNativeData != 0) { + PKCS11.disconnect(pNativeData); + } + }; + } + /** * Connects this object to the specified PKCS#11 library. This method is for * internal use only. * Declared private, because incorrect handling may result in errors in the - * native part. + * native part. Please don't use this method other than the constructor. * * @param pkcs11ModulePath The PKCS#11 library path. * @param functionList the method name for retrieving the PKCS#11 @@ -220,14 +231,16 @@ public class PKCS11 { * Disconnects the PKCS#11 library from this object. After calling this * method, this object is no longer connected to a native PKCS#11 module * and any subsequent calls to C_ methods will fail. This method is for - * internal use only. + * internal use only. Please don't use this method other than finalization + * as implemented in the releaserFor() method. + * * Declared private, because incorrect handling may result in errors in the * native part. * * @preconditions * @postconditions */ - private native void disconnect(); + private static native void disconnect(long pNativeData); // Implementation of PKCS11 methods delegated to native pkcs11wrapper library diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c index 2920707a254..1b57abffdc9 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_util.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -165,21 +165,6 @@ int isModulePresent(JNIEnv *env, jobject pkcs11Implementation) { return present ; } - -/* - * Removes the entry for the given pkcs11Implementation from the list. Returns - * the module's data, after the node was removed. If this function returns NULL - * the pkcs11Implementation was not in the list. - */ -ModuleData * removeModuleEntry(JNIEnv *env, jobject pkcs11Implementation) { - ModuleData *moduleData = getModuleEntry(env, pkcs11Implementation); - if (moduleData == NULL) { - return NULL; - } - (*env)->SetLongField(env, pkcs11Implementation, pNativeDataID, 0); - return moduleData; -} - /* * Removes all present entries from the list of modules and frees all * associated resources. This function is used for clean-up. diff --git a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h index c2b6f3d94b5..88662edbe9e 100644 --- a/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h +++ b/src/jdk.crypto.cryptoki/share/native/libj2pkcs11/pkcs11wrapper.h @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -416,7 +416,6 @@ CK_RV callJUnlockMutex(CK_VOID_PTR pMutex); #endif /* NO_CALLBACKS */ void putModuleEntry(JNIEnv *env, jobject pkcs11Implementation, ModuleData *moduleData); -ModuleData * removeModuleEntry(JNIEnv *env, jobject pkcs11Implementation); CK_FUNCTION_LIST_PTR getFunctionList(JNIEnv *env, jobject pkcs11Implementation); CK_FUNCTION_LIST_3_0_PTR getFunctionList30(JNIEnv *env, jobject pkcs11Implementation); diff --git a/src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c b/src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c index 6cae296e8d4..4e8ace6d79d 100644 --- a/src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c +++ b/src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -262,20 +262,21 @@ cleanup: /* * Class: sun_security_pkcs11_wrapper_PKCS11 * Method: disconnect - * Signature: ()V + * Signature: (J)V */ -JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_disconnect - (JNIEnv *env, jobject obj) -{ - ModuleData *moduleData; - TRACE0("DEBUG: disconnecting module..."); - moduleData = removeModuleEntry(env, obj); +JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_disconnect( + JNIEnv *env, jclass thisClass, jlong ckpNativeData) { - if (moduleData != NULL) { - dlclose(moduleData->hModule); + TRACE0("DEBUG: disconnecting module..."); + if (ckpNativeData != 0L) { + ModuleData *moduleData = jlong_to_ptr(ckpNativeData); + + if (moduleData->hModule != NULL) { + dlclose(moduleData->hModule); + } + + free(moduleData); } - free(moduleData); TRACE0("FINISHED\n"); - } diff --git a/src/jdk.crypto.cryptoki/windows/native/libj2pkcs11/p11_md.c b/src/jdk.crypto.cryptoki/windows/native/libj2pkcs11/p11_md.c index ea005664dff..e320b0d7a9a 100644 --- a/src/jdk.crypto.cryptoki/windows/native/libj2pkcs11/p11_md.c +++ b/src/jdk.crypto.cryptoki/windows/native/libj2pkcs11/p11_md.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved. */ /* Copyright (c) 2002 Graz University of Technology. All rights reserved. @@ -275,19 +275,21 @@ cleanup: /* * Class: sun_security_pkcs11_wrapper_PKCS11 * Method: disconnect - * Signature: ()V + * Signature: (J)V */ -JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_disconnect - (JNIEnv *env, jobject obj) -{ - ModuleData *moduleData; - TRACE0("DEBUG: disconnecting module..."); - moduleData = removeModuleEntry(env, obj); +JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_disconnect( + JNIEnv *env, jclass thisClass, jlong ckpNativeData) { - if (moduleData != NULL) { - FreeLibrary(moduleData->hModule); + TRACE0("DEBUG: disconnecting module..."); + if (ckpNativeData != 0L) { + ModuleData *moduleData = jlong_to_ptr(ckpNativeData); + + if (moduleData->hModule != NULL) { + FreeLibrary(moduleData->hModule); + } + + free(moduleData); } - free(moduleData); TRACE0("FINISHED\n"); }