Blame SOURCES/8203182-pr3603-rh1568033.patch

605045
# HG changeset patch
605045
# User igerasim
605045
# Date 1528992969 25200
605045
#      Thu Jun 14 09:16:09 2018 -0700
605045
# Node ID d9b0b4bd2526818afa73b60da77403245554caa8
605045
# Parent  1f4b038b9550afaf88a70cee4cf9c1422ecd86d6
605045
8203182, PR3603: Release session if initialization of SunPKCS11 Signature fails
605045
Summary: Ensure session is properly released in P11Signature class
605045
Reviewed-by: valeriep
605045
Contributed-by: Martin Balao <mbalao@redhat.com>
605045
605045
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
605045
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
605045
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
605045
@@ -309,47 +309,51 @@
605045
             session = token.killSession(session);
605045
             return;
605045
         }
605045
-        // "cancel" operation by finishing it
605045
-        // XXX make sure all this always works correctly
605045
-        if (mode == M_SIGN) {
605045
-            try {
605045
-                if (type == T_UPDATE) {
605045
-                    token.p11.C_SignFinal(session.id(), 0);
605045
-                } else {
605045
-                    byte[] digest;
605045
-                    if (type == T_DIGEST) {
605045
-                        digest = md.digest();
605045
-                    } else { // T_RAW
605045
-                        digest = buffer;
605045
+        try {
605045
+            // "cancel" operation by finishing it
605045
+            // XXX make sure all this always works correctly
605045
+            if (mode == M_SIGN) {
605045
+                try {
605045
+                    if (type == T_UPDATE) {
605045
+                        token.p11.C_SignFinal(session.id(), 0);
605045
+                    } else {
605045
+                        byte[] digest;
605045
+                        if (type == T_DIGEST) {
605045
+                            digest = md.digest();
605045
+                        } else { // T_RAW
605045
+                            digest = buffer;
605045
+                        }
605045
+                        token.p11.C_Sign(session.id(), digest);
605045
                     }
605045
-                    token.p11.C_Sign(session.id(), digest);
605045
+                } catch (PKCS11Exception e) {
605045
+                    throw new ProviderException("cancel failed", e);
605045
                 }
605045
-            } catch (PKCS11Exception e) {
605045
-                throw new ProviderException("cancel failed", e);
605045
+            } else { // M_VERIFY
605045
+                try {
605045
+                    byte[] signature;
605045
+                    if (keyAlgorithm.equals("DSA")) {
605045
+                        signature = new byte[40];
605045
+                    } else {
605045
+                        signature = new byte[(p11Key.length() + 7) >> 3];
605045
+                    }
605045
+                    if (type == T_UPDATE) {
605045
+                        token.p11.C_VerifyFinal(session.id(), signature);
605045
+                    } else {
605045
+                        byte[] digest;
605045
+                        if (type == T_DIGEST) {
605045
+                            digest = md.digest();
605045
+                        } else { // T_RAW
605045
+                            digest = buffer;
605045
+                        }
605045
+                        token.p11.C_Verify(session.id(), digest, signature);
605045
+                    }
605045
+                } catch (PKCS11Exception e) {
605045
+                    // will fail since the signature is incorrect
605045
+                    // XXX check error code
605045
+                }
605045
             }
605045
-        } else { // M_VERIFY
605045
-            try {
605045
-                byte[] signature;
605045
-                if (keyAlgorithm.equals("DSA")) {
605045
-                    signature = new byte[40];
605045
-                } else {
605045
-                    signature = new byte[(p11Key.length() + 7) >> 3];
605045
-                }
605045
-                if (type == T_UPDATE) {
605045
-                    token.p11.C_VerifyFinal(session.id(), signature);
605045
-                } else {
605045
-                    byte[] digest;
605045
-                    if (type == T_DIGEST) {
605045
-                        digest = md.digest();
605045
-                    } else { // T_RAW
605045
-                        digest = buffer;
605045
-                    }
605045
-                    token.p11.C_Verify(session.id(), digest, signature);
605045
-                }
605045
-            } catch (PKCS11Exception e) {
605045
-                // will fail since the signature is incorrect
605045
-                // XXX check error code
605045
-            }
605045
+        } finally {
605045
+            session = token.releaseSession(session);
605045
         }
605045
     }
605045
 
605045
@@ -368,6 +372,8 @@
605045
             }
605045
             initialized = true;
605045
         } catch (PKCS11Exception e) {
605045
+            // release session when initialization failed
605045
+            session = token.releaseSession(session);
605045
             throw new ProviderException("Initialization failed", e);
605045
         }
605045
         if (bytesProcessed != 0) {
605045
@@ -529,6 +535,8 @@
605045
                 }
605045
                 bytesProcessed += len;
605045
             } catch (PKCS11Exception e) {
605045
+                initialized = false;
605045
+                session = token.releaseSession(session);
605045
                 throw new ProviderException(e);
605045
             }
605045
             break;
605045
@@ -576,6 +584,8 @@
605045
                 bytesProcessed += len;
605045
                 byteBuffer.position(ofs + len);
605045
             } catch (PKCS11Exception e) {
605045
+                initialized = false;
605045
+                session = token.releaseSession(session);
605045
                 throw new ProviderException("Update failed", e);
605045
             }
605045
             break;