RFR 8220513: Wrapper Key may get deleted when closing sessions in SunPKCS11 crypto provider
Martin Balao
mbalao at redhat.com
Thu Mar 21 04:24:13 UTC 2019
Hi Valerie,
On 3/19/19 7:17 PM, Valerie Peng wrote:
>
> How about another potential problem - wrapper key may never get deleted?
> If we don't have a good solution to addressing it, at least add a
> comment about it?
> Rest looks fine.
>
Thanks for your feedback.
The Wrapper Key was never meant to be destroyed. However, it's a good
idea and we should do it, in addition to fixing this bug.
Here it's my proposal for getting rid of the Wrapper Key when it's no
longer needed:
Webrev 01:
* http://cr.openjdk.java.net/~mbalao/webrevs/8220513/8220513.webrev.01/
Please note that a few changes were required in SessionKeyRef objects
lifetime. SessionKeyRef objects will live as long as their corresponding
P11Key object lives -a similar scheme was implemented in the original
patch-. This allows us to decrement Wrapper Key references -and
eventually destroy it- while P11Key objects which don't have a native
key created are deleted. In other words, objects that have wrapped
native key information but don't have a native key alive can also
decrement the Wrapper Key reference counter when deleted.
Testing:
* No regressions found in sun/security/pkcs11.
* I've verified with the debugger all the new execution flows,
including the deletion of a Wrapper Key. It would be a bit difficult to
assert this from an automated test though.
Kind regards,
Martin.-
More information about the security-dev
mailing list