RFR: 8367024: JNI exception pending in Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey of p11_keymgmt.c:950 [v2]
Daniel Jeliński
djelinski at openjdk.org
Fri Jan 9 06:46:04 UTC 2026
On Fri, 9 Jan 2026 00:35:46 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
>> src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c line 967:
>>
>>> 965: /* Do not continue if any copy-back operation raised an exception */
>>> 966: if ((*env)->ExceptionCheck(env)) {
>>> 967: goto cleanup;
>>
>> This shouldn't be necessary now; note that `cleanup` will be executed next whether the `if` branch is taken or not.
>
> I think we might still need that. Cleanup will indeed execute either way, but the purpose of the ExceptionCheck() is not to ensure cleanup, it is to prevent further native logic from executing while a JNI exception is pending.
>
> The copy-back helpers perform JNI operations that may raise exceptions independently of the PKCS#11 return value.
Well after c0eba3064f61bc8a19122f52aa491f00c6884092 there's no further native logic after this call, so there's nothing to prevent. The copy-back helpers are only invoked after a successful PKCS11 call now.
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29054#discussion_r2675042900
More information about the security-dev
mailing list