From mbalao at redhat.com Tue Jun 5 16:10:09 2018 From: mbalao at redhat.com (Martin Balao) Date: Tue, 5 Jun 2018 13:10:09 -0300 Subject: [7u-dev] RFA for JDK-8204344: Release session if initialization of SunPKCS11 Signature fails Message-ID: Hi, Here there is a backport of JDK-8203182 [1] to JDK7: * http://cr.openjdk.java.net/~mbalao/webrevs/8203182/backports/7/8203182.webrev.01/ * http://cr.openjdk.java.net/~mbalao/webrevs/8203182/backports/7/8203182.webrev.01.zip Backport ticket: JDK-8204344 [2]. JDK commit: http://hg.openjdk.java.net/jdk/jdk/rev/00ebc17f3cc6 Review approval: http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017224.html I'd be grateful if someone can approve it. Kind regards, Martin.- -- [1] - https://bugs.openjdk.java.net/browse/JDK-8203182 [2] - https://bugs.openjdk.java.net/browse/JDK-8204344 From gnu.andrew at redhat.com Wed Jun 6 01:44:25 2018 From: gnu.andrew at redhat.com (Andrew Hughes) Date: Wed, 6 Jun 2018 02:44:25 +0100 Subject: [7u-dev] RFA for JDK-8204344: Release session if initialization of SunPKCS11 Signature fails In-Reply-To: References: Message-ID: On 5 June 2018 at 17:10, Martin Balao wrote: > Hi, > > Here there is a backport of JDK-8203182 [1] to JDK7: > > * > http://cr.openjdk.java.net/~mbalao/webrevs/8203182/backports/7/8203182.webrev.01/ > * > http://cr.openjdk.java.net/~mbalao/webrevs/8203182/backports/7/8203182.webrev.01.zip > > Backport ticket: JDK-8204344 [2]. > JDK commit: http://hg.openjdk.java.net/jdk/jdk/rev/00ebc17f3cc6 > Review approval: > http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017224.html > > I'd be grateful if someone can approve it. > > Kind regards, > Martin.- > > -- > [1] - https://bugs.openjdk.java.net/browse/JDK-8203182 > [2] - https://bugs.openjdk.java.net/browse/JDK-8204344 Looks good to me. It's a pretty simple fix, made a little clearer if you do a diff which ignores whitespace: $ hg diff -b diff --git a/src/share/classes/sun/security/pkcs11/P11Signature.java b/src/share/classes/sun/security/pkcs11/P11Signature.java --- a/src/share/classes/sun/security/pkcs11/P11Signature.java +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java @@ -257,6 +257,8 @@ session = token.killSession(session); return; } + + try { // "cancel" operation by finishing it // XXX make sure all this always works correctly if (mode == M_SIGN) { @@ -299,6 +301,9 @@ // XXX check error code } } + } finally { + session = token.releaseSession(session); + } } // assumes current state is initialized == false @@ -316,6 +321,8 @@ } initialized = true; } catch (PKCS11Exception e) { + // release session when initialization failed + session = token.releaseSession(session); throw new ProviderException("Initialization failed", e); } if (bytesProcessed != 0) { @@ -443,6 +450,8 @@ } bytesProcessed += len; } catch (PKCS11Exception e) { + initialized = false; + session = token.releaseSession(session); throw new ProviderException(e); } break; @@ -490,6 +499,8 @@ bytesProcessed += len; byteBuffer.position(ofs + len); } catch (PKCS11Exception e) { + initialized = false; + session = token.releaseSession(session); throw new ProviderException("Update failed", e); } break; Are you able to push or shall I do it on your behalf? -- Andrew :) Senior Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Web Site: http://fuseyism.com Twitter: https://twitter.com/gnu_andrew_java PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 From mbalao at redhat.com Wed Jun 6 14:38:55 2018 From: mbalao at redhat.com (Martin Balao) Date: Wed, 6 Jun 2018 11:38:55 -0300 Subject: [7u-dev] RFA for JDK-8204344: Release session if initialization of SunPKCS11 Signature fails In-Reply-To: References:

Message-ID: Thanks for review. I need you to push it on my behalf, as I don't have permissions to do so. On Tue, Jun 5, 2018 at 10:44 PM, Andrew Hughes wrote: > On 5 June 2018 at 17:10, Martin Balao wrote: > > Hi, > > > > Here there is a backport of JDK-8203182 [1] to JDK7: > > > > * > > http://cr.openjdk.java.net/~mbalao/webrevs/8203182/ > backports/7/8203182.webrev.01/ > > * > > http://cr.openjdk.java.net/~mbalao/webrevs/8203182/ > backports/7/8203182.webrev.01.zip > > > > Backport ticket: JDK-8204344 [2]. > > JDK commit: http://hg.openjdk.java.net/jdk/jdk/rev/00ebc17f3cc6 > > Review approval: > > http://mail.openjdk.java.net/pipermail/security-dev/2018-May/017224.html > > > > I'd be grateful if someone can approve it. > > > > Kind regards, > > Martin.- > > > > -- > > [1] - https://bugs.openjdk.java.net/browse/JDK-8203182 > > [2] - https://bugs.openjdk.java.net/browse/JDK-8204344 > > Looks good to me. It's a pretty simple fix, made a little clearer if > you do a diff which ignores whitespace: > > $ hg diff -b > diff --git a/src/share/classes/sun/security/pkcs11/P11Signature.java > b/src/share/classes/sun/security/pkcs11/P11Signature.java > --- a/src/share/classes/sun/security/pkcs11/P11Signature.java > +++ b/src/share/classes/sun/security/pkcs11/P11Signature.java > @@ -257,6 +257,8 @@ > session = token.killSession(session); > return; > } > + > + try { > // "cancel" operation by finishing it > // XXX make sure all this always works correctly > if (mode == M_SIGN) { > @@ -299,6 +301,9 @@ > // XXX check error code > } > } > + } finally { > + session = token.releaseSession(session); > + } > } > > // assumes current state is initialized == false > @@ -316,6 +321,8 @@ > } > initialized = true; > } catch (PKCS11Exception e) { > + // release session when initialization failed > + session = token.releaseSession(session); > throw new ProviderException("Initialization failed", e); > } > if (bytesProcessed != 0) { > @@ -443,6 +450,8 @@ > } > bytesProcessed += len; > } catch (PKCS11Exception e) { > + initialized = false; > + session = token.releaseSession(session); > throw new ProviderException(e); > } > break; > @@ -490,6 +499,8 @@ > bytesProcessed += len; > byteBuffer.position(ofs + len); > } catch (PKCS11Exception e) { > + initialized = false; > + session = token.releaseSession(session); > throw new ProviderException("Update failed", e); > } > break; > > Are you able to push or shall I do it on your behalf? > -- > Andrew :) > > Senior Free Java Software Engineer > Red Hat, Inc. (http://www.redhat.com) > > Web Site: http://fuseyism.com > Twitter: https://twitter.com/gnu_andrew_java > PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) > Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222 > From gnu.andrew at redhat.com Wed Jun 6 16:07:49 2018 From: gnu.andrew at redhat.com (gnu.andrew at redhat.com) Date: Wed, 06 Jun 2018 16:07:49 +0000 Subject: hg: jdk7u/jdk7u/jdk: 8203182: Release session if initialization of SunPKCS11 Signature fails Message-ID: <201806061607.w56G7n67008772@aojmv0008.oracle.com> Changeset: e146e0fb6dee Author: mbalao Date: 2018-06-06 17:07 +0100 URL: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e146e0fb6dee 8203182: Release session if initialization of SunPKCS11 Signature fails Summary: Ensure session is properly released in P11Signature class Reviewed-by: valeriep, andrew ! src/share/classes/sun/security/pkcs11/P11Signature.java From gnu.andrew at redhat.com Wed Jun 6 16:08:34 2018 From: gnu.andrew at redhat.com (Andrew Hughes) Date: Wed, 6 Jun 2018 17:08:34 +0100 Subject: [7u-dev] RFA for JDK-8204344: Release session if initialization of SunPKCS11 Signature fails In-Reply-To: References:

Message-ID: On 6 June 2018 at 15:38, Martin Balao wrote: > Thanks for review. > > I need you to push it on my behalf, as I don't have permissions to do so. > Done: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/e146e0fb6dee -- Andrew :) Senior Free Java Software Engineer Red Hat, Inc. (http://www.redhat.com) Web Site: http://fuseyism.com Twitter: https://twitter.com/gnu_andrew_java PGP Key: ed25519/0xCFDA0F9B35964222 (hkp://keys.gnupg.net) Fingerprint = 5132 579D D154 0ED2 3E04 C5A0 CFDA 0F9B 3596 4222