Blame SOURCES/8203182-pr3603-rh1568033.patch

60224f
# HG changeset patch
60224f
# User igerasim
60224f
# Date 1528992969 25200
60224f
#      Thu Jun 14 09:16:09 2018 -0700
60224f
# Node ID d9b0b4bd2526818afa73b60da77403245554caa8
60224f
# Parent  1f4b038b9550afaf88a70cee4cf9c1422ecd86d6
60224f
8203182, PR3603: Release session if initialization of SunPKCS11 Signature fails
60224f
Summary: Ensure session is properly released in P11Signature class
60224f
Reviewed-by: valeriep
60224f
Contributed-by: Martin Balao <mbalao@redhat.com>
60224f
60224f
diff --git openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
60224f
--- openjdk.orig/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
60224f
+++ openjdk/jdk/src/share/classes/sun/security/pkcs11/P11Signature.java
60224f
@@ -309,47 +309,51 @@
60224f
             session = token.killSession(session);
60224f
             return;
60224f
         }
60224f
-        // "cancel" operation by finishing it
60224f
-        // XXX make sure all this always works correctly
60224f
-        if (mode == M_SIGN) {
60224f
-            try {
60224f
-                if (type == T_UPDATE) {
60224f
-                    token.p11.C_SignFinal(session.id(), 0);
60224f
-                } else {
60224f
-                    byte[] digest;
60224f
-                    if (type == T_DIGEST) {
60224f
-                        digest = md.digest();
60224f
-                    } else { // T_RAW
60224f
-                        digest = buffer;
60224f
+        try {
60224f
+            // "cancel" operation by finishing it
60224f
+            // XXX make sure all this always works correctly
60224f
+            if (mode == M_SIGN) {
60224f
+                try {
60224f
+                    if (type == T_UPDATE) {
60224f
+                        token.p11.C_SignFinal(session.id(), 0);
60224f
+                    } else {
60224f
+                        byte[] digest;
60224f
+                        if (type == T_DIGEST) {
60224f
+                            digest = md.digest();
60224f
+                        } else { // T_RAW
60224f
+                            digest = buffer;
60224f
+                        }
60224f
+                        token.p11.C_Sign(session.id(), digest);
60224f
                     }
60224f
-                    token.p11.C_Sign(session.id(), digest);
60224f
+                } catch (PKCS11Exception e) {
60224f
+                    throw new ProviderException("cancel failed", e);
60224f
                 }
60224f
-            } catch (PKCS11Exception e) {
60224f
-                throw new ProviderException("cancel failed", e);
60224f
+            } else { // M_VERIFY
60224f
+                try {
60224f
+                    byte[] signature;
60224f
+                    if (keyAlgorithm.equals("DSA")) {
60224f
+                        signature = new byte[40];
60224f
+                    } else {
60224f
+                        signature = new byte[(p11Key.length() + 7) >> 3];
60224f
+                    }
60224f
+                    if (type == T_UPDATE) {
60224f
+                        token.p11.C_VerifyFinal(session.id(), signature);
60224f
+                    } else {
60224f
+                        byte[] digest;
60224f
+                        if (type == T_DIGEST) {
60224f
+                            digest = md.digest();
60224f
+                        } else { // T_RAW
60224f
+                            digest = buffer;
60224f
+                        }
60224f
+                        token.p11.C_Verify(session.id(), digest, signature);
60224f
+                    }
60224f
+                } catch (PKCS11Exception e) {
60224f
+                    // will fail since the signature is incorrect
60224f
+                    // XXX check error code
60224f
+                }
60224f
             }
60224f
-        } else { // M_VERIFY
60224f
-            try {
60224f
-                byte[] signature;
60224f
-                if (keyAlgorithm.equals("DSA")) {
60224f
-                    signature = new byte[40];
60224f
-                } else {
60224f
-                    signature = new byte[(p11Key.length() + 7) >> 3];
60224f
-                }
60224f
-                if (type == T_UPDATE) {
60224f
-                    token.p11.C_VerifyFinal(session.id(), signature);
60224f
-                } else {
60224f
-                    byte[] digest;
60224f
-                    if (type == T_DIGEST) {
60224f
-                        digest = md.digest();
60224f
-                    } else { // T_RAW
60224f
-                        digest = buffer;
60224f
-                    }
60224f
-                    token.p11.C_Verify(session.id(), digest, signature);
60224f
-                }
60224f
-            } catch (PKCS11Exception e) {
60224f
-                // will fail since the signature is incorrect
60224f
-                // XXX check error code
60224f
-            }
60224f
+        } finally {
60224f
+            session = token.releaseSession(session);
60224f
         }
60224f
     }
60224f
 
60224f
@@ -368,6 +372,8 @@
60224f
             }
60224f
             initialized = true;
60224f
         } catch (PKCS11Exception e) {
60224f
+            // release session when initialization failed
60224f
+            session = token.releaseSession(session);
60224f
             throw new ProviderException("Initialization failed", e);
60224f
         }
60224f
         if (bytesProcessed != 0) {
60224f
@@ -529,6 +535,8 @@
60224f
                 }
60224f
                 bytesProcessed += len;
60224f
             } catch (PKCS11Exception e) {
60224f
+                initialized = false;
60224f
+                session = token.releaseSession(session);
60224f
                 throw new ProviderException(e);
60224f
             }
60224f
             break;
60224f
@@ -576,6 +584,8 @@
60224f
                 bytesProcessed += len;
60224f
                 byteBuffer.position(ofs + len);
60224f
             } catch (PKCS11Exception e) {
60224f
+                initialized = false;
60224f
+                session = token.releaseSession(session);
60224f
                 throw new ProviderException("Update failed", e);
60224f
             }
60224f
             break;