RFR: 8367024: JNI exception pending in Java_sun_security_pkcs11_wrapper_PKCS11_C_1DeriveKey of p11_keymgmt.c:950 [v2]
Valerie Peng
valeriep at openjdk.org
Tue Jan 13 21:50:28 UTC 2026
On Wed, 7 Jan 2026 21:05:55 GMT, Koushik Muthukrishnan Thirupattur <duke at openjdk.org> wrote:
>> The method ckAssertReturnValueOK will invoke ckAssertReturnValueOK2 which makes multiple calls to JNI functions, such as FindClass or GetMethodID. These calls would be unsafe as there may be a pending exception at this time.
>> So adding exception check to return immediately and do not call any further JNI functions when there is exception pending.
>
> Koushik Muthukrishnan Thirupattur has updated the pull request incrementally with one additional commit since the last revision:
>
> 8367024: Addressing review comments
src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11_keymgmt.c line 934:
> 932: /* If derivation failed, do not attempt copy-back */
> 933: if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
> 934: jKeyHandle = 0L;
Why is this needed? `jKeyHandle` is initialized with 0L and no other assignment before this line?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/29054#discussion_r2688227896
More information about the security-dev
mailing list