|
 |
d557d5 |
diff --git a/src/share/classes/sun/security/pkcs11/P11Cipher.java b/src/share/classes/sun/security/pkcs11/P11Cipher.java
|
|
|
d557d5 |
--- openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
|
|
|
d557d5 |
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Cipher.java
|
|
|
d557d5 |
@@ -412,7 +412,8 @@
|
|
|
d557d5 |
token.p11.C_DecryptFinal(session.id(), 0, buffer, 0, bufLen);
|
|
|
d557d5 |
}
|
|
|
d557d5 |
} catch (PKCS11Exception e) {
|
|
|
d557d5 |
- throw new ProviderException("Cancel failed", e);
|
|
|
d557d5 |
+ if (e.getErrorCode() != CKR_OPERATION_NOT_INITIALIZED)
|
|
|
d557d5 |
+ throw new ProviderException("Cancel failed", e);
|
|
|
d557d5 |
} finally {
|
|
|
d557d5 |
reset();
|
|
|
d557d5 |
}
|
|
|
d557d5 |
@@ -747,6 +748,9 @@
|
|
|
d557d5 |
throws ShortBufferException, IllegalBlockSizeException,
|
|
|
d557d5 |
BadPaddingException {
|
|
|
d557d5 |
int requiredOutLen = doFinalLength(0);
|
|
|
d557d5 |
+ boolean updating = false;
|
|
|
d557d5 |
+ PKCS11Exception err = null;
|
|
|
d557d5 |
+
|
|
|
d557d5 |
if (outLen < requiredOutLen) {
|
|
|
d557d5 |
throw new ShortBufferException();
|
|
|
d557d5 |
}
|
|
|
d557d5 |
@@ -754,6 +758,7 @@
|
|
|
d557d5 |
ensureInitialized();
|
|
|
d557d5 |
int k = 0;
|
|
|
d557d5 |
if (blockBufferLen != 0) {
|
|
|
d557d5 |
+ updating = true;
|
|
|
d557d5 |
if (encrypt) {
|
|
|
d557d5 |
k = token.p11.C_EncryptUpdate(session.id(),
|
|
|
d557d5 |
0, blockBuffer, 0, blockBufferLen,
|
|
|
d557d5 |
@@ -768,14 +773,17 @@
|
|
|
d557d5 |
blockBuffer, 0, blockBufferLen, 0,
|
|
|
d557d5 |
padBuffer, 0, padBuffer.length);
|
|
|
d557d5 |
}
|
|
|
d557d5 |
+ updating = false;
|
|
|
d557d5 |
}
|
|
|
d557d5 |
if (encrypt) {
|
|
|
d557d5 |
if (paddingObj != null) {
|
|
|
d557d5 |
int actualPadLen = paddingObj.setPaddingBytes(padBuffer,
|
|
|
d557d5 |
requiredOutLen - bytesBufferedInt);
|
|
|
d557d5 |
+ updating = true;
|
|
|
d557d5 |
k += token.p11.C_EncryptUpdate(session.id(),
|
|
|
d557d5 |
0, padBuffer, 0, actualPadLen,
|
|
|
d557d5 |
0, out, (outOfs + k), (outLen - k));
|
|
|
d557d5 |
+ updating = false;
|
|
|
d557d5 |
}
|
|
|
d557d5 |
k += token.p11.C_EncryptFinal(session.id(),
|
|
|
d557d5 |
0, out, (outOfs + k), (outLen - k));
|
|
|
d557d5 |
@@ -793,10 +801,22 @@
|
|
|
d557d5 |
}
|
|
|
d557d5 |
return k;
|
|
|
d557d5 |
} catch (PKCS11Exception e) {
|
|
|
d557d5 |
+ err = e;
|
|
|
d557d5 |
handleException(e);
|
|
|
d557d5 |
throw new ProviderException("doFinal() failed", e);
|
|
|
d557d5 |
} finally {
|
|
|
d557d5 |
- reset();
|
|
|
d557d5 |
+ if (err != null) {
|
|
|
d557d5 |
+ if (err.getErrorCode() != CKR_BUFFER_TOO_SMALL) {
|
|
|
d557d5 |
+ if (updating)
|
|
|
d557d5 |
+ // Work around NSS not cancelling the
|
|
|
d557d5 |
+ // operation on an error in update
|
|
|
d557d5 |
+ cancelOperation();
|
|
|
d557d5 |
+ else
|
|
|
d557d5 |
+ reset();
|
|
|
d557d5 |
+ }
|
|
|
d557d5 |
+ } else {
|
|
|
d557d5 |
+ reset();
|
|
|
d557d5 |
+ }
|
|
|
d557d5 |
}
|
|
|
d557d5 |
}
|
|
|
d557d5 |
|
|
|
d557d5 |
@@ -805,6 +825,9 @@
|
|
|
d557d5 |
BadPaddingException {
|
|
|
d557d5 |
int outLen = outBuffer.remaining();
|
|
|
d557d5 |
int requiredOutLen = doFinalLength(0);
|
|
|
d557d5 |
+ boolean updating = false;
|
|
|
d557d5 |
+ PKCS11Exception err = null;
|
|
|
d557d5 |
+
|
|
|
d557d5 |
if (outLen < requiredOutLen) {
|
|
|
d557d5 |
throw new ShortBufferException();
|
|
|
d557d5 |
}
|
|
|
d557d5 |
@@ -830,6 +853,7 @@
|
|
|
d557d5 |
int k = 0;
|
|
|
d557d5 |
|
|
|
d557d5 |
if (blockBufferLen != 0) {
|
|
|
d557d5 |
+ updating = true;
|
|
|
d557d5 |
if (encrypt) {
|
|
|
d557d5 |
k = token.p11.C_EncryptUpdate(session.id(),
|
|
|
d557d5 |
0, blockBuffer, 0, blockBufferLen,
|
|
|
d557d5 |
@@ -844,15 +868,18 @@
|
|
|
d557d5 |
blockBuffer, 0, blockBufferLen, 0,
|
|
|
d557d5 |
padBuffer, 0, padBuffer.length);
|
|
|
d557d5 |
}
|
|
|
d557d5 |
+ updating = false;
|
|
|
d557d5 |
}
|
|
|
d557d5 |
|
|
|
d557d5 |
if (encrypt) {
|
|
|
d557d5 |
if (paddingObj != null) {
|
|
|
d557d5 |
int actualPadLen = paddingObj.setPaddingBytes(padBuffer,
|
|
|
d557d5 |
requiredOutLen - bytesBuffered);
|
|
|
d557d5 |
+ updating = true;
|
|
|
d557d5 |
k = token.p11.C_EncryptUpdate(session.id(),
|
|
|
d557d5 |
0, padBuffer, 0, actualPadLen,
|
|
|
d557d5 |
outAddr, outArray, outOfs, outLen);
|
|
|
d557d5 |
+ updating = false;
|
|
|
d557d5 |
}
|
|
|
d557d5 |
k += token.p11.C_EncryptFinal(session.id(),
|
|
|
d557d5 |
outAddr, outArray, (outOfs + k), (outLen - k));
|
|
|
d557d5 |
@@ -879,10 +906,22 @@
|
|
|
d557d5 |
}
|
|
|
d557d5 |
return k;
|
|
|
d557d5 |
} catch (PKCS11Exception e) {
|
|
|
d557d5 |
+ err = e;
|
|
|
d557d5 |
handleException(e);
|
|
|
d557d5 |
throw new ProviderException("doFinal() failed", e);
|
|
|
d557d5 |
} finally {
|
|
|
d557d5 |
- reset();
|
|
|
d557d5 |
+ if (err != null) {
|
|
|
d557d5 |
+ if (err.getErrorCode() != CKR_BUFFER_TOO_SMALL) {
|
|
|
d557d5 |
+ if (updating)
|
|
|
d557d5 |
+ // Work around NSS not cancelling the
|
|
|
d557d5 |
+ // operation on an error in update
|
|
|
d557d5 |
+ cancelOperation();
|
|
|
d557d5 |
+ else
|
|
|
d557d5 |
+ reset();
|
|
|
d557d5 |
+ }
|
|
|
d557d5 |
+ } else {
|
|
|
d557d5 |
+ reset();
|
|
|
d557d5 |
+ }
|
|
|
d557d5 |
}
|
|
|
d557d5 |
}
|
|
|
d557d5 |
|