stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8203182: Release session if initialization of SunPKCS11 Signature fails

Browse Source 
Ensure session is properly released in P11Signature class

Reviewed-by: valeriep
This commit is contained in:
Martin Balao 2018-06-01 19:46:31 +00:00
parent f03c183e28
commit 62c97f695f
1 changed files with 46 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

82
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Signature.java
View File

@ -283,47 +283,51 @@ final class P11Signature extends SignatureSpi {
session = token.killSession(session); session = token.killSession(session);
return; return;
} }
// "cancel" operation by finishing it try {
// XXX make sure all this always works correctly // "cancel" operation by finishing it
if (mode == M_SIGN) { // XXX make sure all this always works correctly
try { if (mode == M_SIGN) {
if (type == T_UPDATE) { try {
token.p11.C_SignFinal(session.id(), 0); if (type == T_UPDATE) {
} else { token.p11.C_SignFinal(session.id(), 0);
byte[] digest; } else {
if (type == T_DIGEST) { byte[] digest;
digest = md.digest(); if (type == T_DIGEST) {
} else { // T_RAW digest = md.digest();
digest = buffer; } else { // T_RAW
digest = buffer;
}
token.p11.C_Sign(session.id(), digest);
} }
token.p11.C_Sign(session.id(), digest); } catch (PKCS11Exception e) {
throw new ProviderException("cancel failed", e);
} }
} catch (PKCS11Exception e) { } else { // M_VERIFY
throw new ProviderException("cancel failed", e); try {
} byte[] signature;
} else { // M_VERIFY if (keyAlgorithm.equals("DSA")) {
try { signature = new byte[40];
byte[] signature; } else {
if (keyAlgorithm.equals("DSA")) { signature = new byte[(p11Key.length() + 7) >> 3];
signature = new byte[40];
} else {
signature = new byte[(p11Key.length() + 7) >> 3];
}
if (type == T_UPDATE) {
token.p11.C_VerifyFinal(session.id(), signature);
} else {
byte[] digest;
if (type == T_DIGEST) {
digest = md.digest();
} else { // T_RAW
digest = buffer;
} }
token.p11.C_Verify(session.id(), digest, signature); if (type == T_UPDATE) {
token.p11.C_VerifyFinal(session.id(), signature);
} else {
byte[] digest;
if (type == T_DIGEST) {
digest = md.digest();
} else { // T_RAW
digest = buffer;
}
token.p11.C_Verify(session.id(), digest, signature);
}
} catch (PKCS11Exception e) {
// will fail since the signature is incorrect
// XXX check error code
} }
} catch (PKCS11Exception e) {
// will fail since the signature is incorrect
// XXX check error code
} }
} finally {
session = token.releaseSession(session);
} }
} }
@ -342,6 +346,8 @@ final class P11Signature extends SignatureSpi {
} }
initialized = true; initialized = true;
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
// release session when initialization failed
session = token.releaseSession(session);
throw new ProviderException("Initialization failed", e); throw new ProviderException("Initialization failed", e);
} }
if (bytesProcessed != 0) { if (bytesProcessed != 0) {
@ -511,6 +517,8 @@ final class P11Signature extends SignatureSpi {
} }
bytesProcessed += len; bytesProcessed += len;
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
initialized = false;
session = token.releaseSession(session);
throw new ProviderException(e); throw new ProviderException(e);
} }
break; break;
@ -559,6 +567,8 @@ final class P11Signature extends SignatureSpi {
bytesProcessed += len; bytesProcessed += len;
byteBuffer.position(ofs + len); byteBuffer.position(ofs + len);
} catch (PKCS11Exception e) { } catch (PKCS11Exception e) {
initialized = false;
session = token.releaseSession(session);
throw new ProviderException("Update failed", e); throw new ProviderException("Update failed", e);
} }
break; break;