RFR: 8328785: IOException: Symbol not found: C_GetInterface for PKCS11 interface prior to V3.0
Daniel Jeliński
djelinski at openjdk.org
Wed Apr 3 09:02:09 UTC 2024
On Wed, 3 Apr 2024 01:11:47 GMT, Valerie Peng <valeriep at openjdk.org> wrote:
> This PR fixes a problem regarding the usage of dlerror() where an earlier error message causes a premature error out. Added extra code to clear out earlier error message and made minor code refactoring.
>
> No regression test as this can't be reproduced using the NSS library from artifactory and thus the noreg-hard label.
>
> Thanks!
src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c line 94:
> 92: char *systemErrorMessage;
> 93: char *exceptionMessage;
> 94: const char *getFunctionListStr = "C_GetFunctionList";
If this value ever gets used by ReleaseStringUTFChars, the failure will be spectacular 🍿
src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c line 165:
> 163: if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
> 164: goto setModuleData;
> 165: }
Do we need an `else goto cleanup` here?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18588#discussion_r1549272359
PR Review Comment: https://git.openjdk.org/jdk/pull/18588#discussion_r1549255631
More information about the security-dev
mailing list