RFR: 8367024: JNI exception pending in Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey of p11_keymgmt.c:950 [v2]
Koushik Muthukrishnan Thirupattur
duke at openjdk.org
Fri Jan 9 00:39:00 UTC 2026
On Thu, 8 Jan 2026 07:00:02 GMT, Daniel Jeliński <djelinski at openjdk.org> wrote:
>> Koushik Muthukrishnan Thirupattur has updated the pull request incrementally with one additional commit since the last revision:
>>
>> 8367024: Addressing review comments
>
> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c line 967:
>
>> 965: /* Do not continue if any copy-back operation raised an exception */
>> 966: if ((*env)->ExceptionCheck(env)) {
>> 967: goto cleanup;
>
> This shouldn't be necessary now; note that `cleanup` will be executed next whether the `if` branch is taken or not.
I think we might still need that. Cleanup will indeed execute either way, but the purpose of the ExceptionCheck() is not to ensure cleanup, it is to prevent further native logic from executing while a JNI exception is pending.
The copy-back helpers perform JNI operations that may raise exceptions independently of the PKCS#11 return value.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29054#discussion_r2674378071
More information about the security-dev
mailing list