RFR: 8328785: IOException: Symbol not found: C_GetInterface for PKCS11 interface prior to V3.0
Valerie Peng
valeriep at openjdk.org
Wed Apr 3 18:14:10 UTC 2024
On Wed, 3 Apr 2024 08:49:01 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> This PR fixes a problem regarding the usage of dlerror() where an earlier error message causes a premature error out. Added extra code to clear out earlier error message and made minor code refactoring.
>>
>> No regression test as this can't be reproduced using the NSS library from artifactory and thus the noreg-hard label.
>>
>> Thanks!
>
> src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c line 94:
>
>> 92: char *systemErrorMessage;
>> 93: char *exceptionMessage;
>> 94: const char *getFunctionListStr = "C_GetFunctionList";
>
> If this value ever gets used by ReleaseStringUTFChars, the failure will be spectacular 🍿
We do have checks for jGetFunctionList != NULL before calling ReleaseStringUTFChars() with it. So, this shouldn't be an issue?
> src/jdk.crypto.cryptoki/unix/native/libj2pkcs11/p11_md.c line 165:
>
>> 163: if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
>> 164: goto setModuleData;
>> 165: }
>
> Do we need an `else goto cleanup` here?
Not really, the intention is to continue with the C_GetFunctionList (or the method named by "getFunctionListStr").
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/18588#discussion_r1550237653
PR Review Comment: https://git.openjdk.org/jdk/pull/18588#discussion_r1550237417
More information about the security-dev
mailing list