8203182: Release session if initialization of SunPKCS11 Signature fails

Summary: Ensure session is properly released in P11Signature class Reviewed-by: valeriep Contributed-by: N Martin Balao <mbalao@redhat.com>

8203182: Release session if initialization of SunPKCS11 Signature fails
Summary: Ensure session is properly released in P11Signature class Reviewed-by: valeriep Contributed-by: N Martin Balao <mbalao@redhat.com>
fef4b20b · igerasim · 590881fd · fef4b20b
隐藏空白更改
内联并排

Showing with 46 addition and 36 deletion

src/share/classes/sun/security/pkcs11/P11Signature.java src/share/classes/sun/security/pkcs11/P11Signature.java +46 -36

未找到文件。
--- a/src/share/classes/sun/security/pkcs11/P11Signature.java
+++ b/src/share/classes/sun/security/pkcs11/P11Signature.java
@@ -257,47 +257,51 @@ final class P11Signature extends SignatureSpi {
            session = token.killSession(session);
            return;
        }
-        // "cancel" operation by finishing it
+        try {
-        // XXX make sure all this always works correctly
+            // "cancel" operation by finishing it
-        if (mode == M_SIGN) {
+            // XXX make sure all this always works correctly
-            try {
+            if (mode == M_SIGN) {
-                if (type == T_UPDATE) {
+                try {
-                    token.p11.C_SignFinal(session.id(), 0);
+                    if (type == T_UPDATE) {
-                } else {
+                        token.p11.C_SignFinal(session.id(), 0);
-                    byte[] digest;
+                    } else {
-                    if (type == T_DIGEST) {
+                        byte[] digest;
-                        digest = md.digest();
+                        if (type == T_DIGEST) {
-                    } else { // T_RAW
+                            digest = md.digest();
-                        digest = buffer;
+                        } else { // T_RAW
+                            digest = buffer;
+                        }
+                        token.p11.C_Sign(session.id(), digest);
                    }
-                    token.p11.C_Sign(session.id(), digest);
+                } catch (PKCS11Exception e) {
-                }
+                    throw new ProviderException("cancel failed", e);
-            } catch (PKCS11Exception e) {
-                throw new ProviderException("cancel failed", e);
-            }
-        } else { // M_VERIFY
-            try {
-                byte[] signature;
-                if (keyAlgorithm.equals("DSA")) {
-                    signature = new byte[40];
-                } else {
-                    signature = new byte[(p11Key.length() + 7) >> 3];
                }
-                if (type == T_UPDATE) {
+            } else { // M_VERIFY
-                    token.p11.C_VerifyFinal(session.id(), signature);
+                try {
-                } else {
+                    byte[] signature;
-                    byte[] digest;
+                    if (keyAlgorithm.equals("DSA")) {
-                    if (type == T_DIGEST) {
+                        signature = new byte[40];
-                        digest = md.digest();
+                    } else {
-                    } else { // T_RAW
+                        signature = new byte[(p11Key.length() + 7) >> 3];
-                        digest = buffer;
                    }
-                    token.p11.C_Verify(session.id(), digest, signature);
+                    if (type == T_UPDATE) {
+                        token.p11.C_VerifyFinal(session.id(), signature);
+                    } else {
+                        byte[] digest;
+                        if (type == T_DIGEST) {
+                            digest = md.digest();
+                        } else { // T_RAW
+                            digest = buffer;
+                        }
+                        token.p11.C_Verify(session.id(), digest, signature);
+                    }
+                } catch (PKCS11Exception e) {
+                    // will fail since the signature is incorrect
+                    // XXX check error code
                }
-            } catch (PKCS11Exception e) {
-                // will fail since the signature is incorrect
-                // XXX check error code
            }
+        } finally {
+            session = token.releaseSession(session);
        }
    }
@@ -316,6 +320,8 @@ final class P11Signature extends SignatureSpi {
            }
            initialized = true;
        } catch (PKCS11Exception e) {
+            // release session when initialization failed
+            session = token.releaseSession(session);
            throw new ProviderException("Initialization failed", e);
        }
        if (bytesProcessed != 0) {
@@ -476,6 +482,8 @@ final class P11Signature extends SignatureSpi {
                }
                bytesProcessed += len;
            } catch (PKCS11Exception e) {
+                initialized = false;
+                session = token.releaseSession(session);
                throw new ProviderException(e);
            }
            break;
@@ -523,6 +531,8 @@ final class P11Signature extends SignatureSpi {
                bytesProcessed += len;
                byteBuffer.position(ofs + len);
            } catch (PKCS11Exception e) {
+                initialized = false;
+                session = token.releaseSession(session);
                throw new ProviderException("Update failed", e);
            }
            break;