jdk-sandbox: comparison src/jdk.crypto.cryptoki/share/native/libj2pkcs11/p11

equal deleted inserted replaced

-:13588c901957
+:9cf78a70fa4f
 /*
-* Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
 */
 /* Copyright  (c) 2002 Graz University of Technology. All rights reserved.
 *
 * Redistribution and use in  source and binary forms, with or without
 * Method:    C_SignInit
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J)V
 * Parametermapping:                    *PKCS11*
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism
-* @return  jlong jKeyHandle            CK_OBJECT_HANDLE hKey
+* @param   jlong jKeyHandle            CK_OBJECT_HANDLE hKey
 */
 JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignInit
 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle)
 {
 CK_SESSION_HANDLE ckSessionHandle;
-CK_MECHANISM ckMechanism;
+CK_MECHANISM_PTR ckpMechanism = NULL;
 CK_OBJECT_HANDLE ckKeyHandle;
 CK_RV rv;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return; }
-ckSessionHandle = jLongToCKULong(jSessionHandle);
+TRACE0("DEBUG: C_SignInit\n");
-jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
+ckSessionHandle = jLongToCKULong(jSessionHandle);
+ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
 if ((*env)->ExceptionCheck(env)) { return; }
 ckKeyHandle = jLongToCKULong(jKeyHandle);
-rv = (*ckpFunctions->C_SignInit)(ckSessionHandle, &ckMechanism, ckKeyHandle);
+rv = (*ckpFunctions->C_SignInit)(ckSessionHandle, ckpMechanism, ckKeyHandle);
-if (ckMechanism.pParameter != NULL_PTR) {
+if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK ||
-free(ckMechanism.pParameter);
+(ckpMechanism->pParameter == NULL)) {
-}
+freeCKMechanismPtr(ckpMechanism);
+} else {
-if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
+(*env)->SetLongField(env, jMechanism, mech_pHandleID, ptr_to_jlong(ckpMechanism));
+TRACE1("DEBUG C_SignInit: stored pMech = 0x%lX\n", ptr_to_jlong(ckpMechanism));
+}
+TRACE0("FINISHED\n");
 }
 #endif
 #ifdef P11_ENABLE_C_SIGN
 /*
 * Class:     sun_security_pkcs11_wrapper_PKCS11
 * Method:    C_Sign
-* Signature: (J[B)[B
+* Signature: (J[BI)[B
 * Parametermapping:                    *PKCS11*
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession
 * @param   jbyteArray jData            CK_BYTE_PTR pData
 *                                      CK_ULONG ulDataLen
 * @return  jbyteArray jSignature       CK_BYTE_PTR pSignature
 JNIEXPORT jbyteArray JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1Sign
 (JNIEnv *env, jobject obj, jlong jSessionHandle, jbyteArray jData)
 {
 CK_SESSION_HANDLE ckSessionHandle;
 CK_BYTE_PTR ckpData = NULL_PTR;
-CK_BYTE_PTR ckpSignature;
 CK_ULONG ckDataLength;
-CK_ULONG ckSignatureLength = 0;
+CK_BYTE_PTR bufP;
+CK_ULONG ckSignatureLength;
+CK_BYTE BUF[MAX_STACK_BUFFER_LEN];
 jbyteArray jSignature = NULL;
 CK_RV rv;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return NULL; }
+TRACE0("DEBUG: C_Sign\n");
 ckSessionHandle = jLongToCKULong(jSessionHandle);
 jByteArrayToCKByteArray(env, jData, &ckpData, &ckDataLength);
-if ((*env)->ExceptionCheck(env)) { return NULL; }
+if ((*env)->ExceptionCheck(env)) {
-/* START standard code */
-/* first determine the length of the signature */
-rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, NULL_PTR, &ckSignatureLength);
-if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
-free(ckpData);
 return NULL;
 }
-ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE));
+TRACE1("DEBUG C_Sign: data length = %lu\n", ckDataLength);
-if (ckpSignature == NULL) {
-free(ckpData);
+// unknown signature length
-throwOutOfMemoryError(env, 0);
+bufP = BUF;
-return NULL;
+ckSignatureLength = MAX_STACK_BUFFER_LEN;
-}
+rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength,
-/* now get the signature */
+bufP, &ckSignatureLength);
-rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
-/* END standard code */
+TRACE1("DEBUG C_Sign: ret rv=0x%lX\n", rv);
-/* START workaround code for operation abort bug in pkcs#11 of Datakey and iButton */
-/*
-ckpSignature = (CK_BYTE_PTR) malloc(256 * sizeof(CK_BYTE));
-if (ckpSignature == NULL) {
-free(ckpData);
-throwOutOfMemoryError(env, 0);
-return NULL;
-}
-rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
-if (rv == CKR_BUFFER_TOO_SMALL) {
-free(ckpSignature);
-ckpSignature = (CK_BYTE_PTR) malloc(ckSignatureLength * sizeof(CK_BYTE));
-if (ckpSignature == NULL) {
-free(ckpData);
-throwOutOfMemoryError(env, 0);
-return NULL;
-}
-rv = (*ckpFunctions->C_Sign)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, &ckSignatureLength);
-}
-*/
-/* END workaround code */
 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
-jSignature = ckByteArrayToJByteArray(env, ckpSignature, ckSignatureLength);
+jSignature = ckByteArrayToJByteArray(env, bufP, ckSignatureLength);
-}
+TRACE1("DEBUG C_Sign: signature length = %lu\n", ckSignatureLength);
+}
 free(ckpData);
-free(ckpSignature);
+if (bufP != BUF) { free(bufP); }
-return jSignature ;
+TRACE0("FINISHED\n");
+return jSignature;
 }
 #endif
 #ifdef P11_ENABLE_C_SIGNUPDATE
 /*
 while (jInLen > 0) {
 jsize chunkLen = min(bufLen, jInLen);
 (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP);
 if ((*env)->ExceptionCheck(env)) {
-if (bufP != BUF) { free(bufP); }
+goto cleanup;
-return;
 }
 rv = (*ckpFunctions->C_SignUpdate)(ckSessionHandle, bufP, chunkLen);
 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
-if (bufP != BUF) {
+goto cleanup;
-free(bufP);
-}
-return;
 }
 jInOfs += chunkLen;
 jInLen -= chunkLen;
 }
+cleanup:
 if (bufP != BUF) { free(bufP); }
+return;
 }
 #endif
 #ifdef P11_ENABLE_C_SIGNFINAL
 /*
 * Method:    C_SignRecoverInit
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J)V
 * Parametermapping:                    *PKCS11*
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism
-* @return  jlong jKeyHandle            CK_OBJECT_HANDLE hKey
+* @param   jlong jKeyHandle            CK_OBJECT_HANDLE hKey
 */
 JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1SignRecoverInit
 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle)
 {
 CK_SESSION_HANDLE ckSessionHandle;
-CK_MECHANISM ckMechanism;
+CK_MECHANISM_PTR ckpMechanism = NULL;
 CK_OBJECT_HANDLE ckKeyHandle;
 CK_RV rv;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return; }
-ckSessionHandle = jLongToCKULong(jSessionHandle);
+TRACE0("DEBUG: C_SignRecoverInit\n");
-jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
+ckSessionHandle = jLongToCKULong(jSessionHandle);
+ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
 if ((*env)->ExceptionCheck(env)) { return; }
 ckKeyHandle = jLongToCKULong(jKeyHandle);
-rv = (*ckpFunctions->C_SignRecoverInit)(ckSessionHandle, &ckMechanism, ckKeyHandle);
+rv = (*ckpFunctions->C_SignRecoverInit)(ckSessionHandle, ckpMechanism, ckKeyHandle);
-if (ckMechanism.pParameter != NULL_PTR) {
+if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK ||
-free(ckMechanism.pParameter);
+(ckpMechanism->pParameter == NULL)) {
-}
+freeCKMechanismPtr(ckpMechanism);
+} else {
-if(ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
+(*env)->SetLongField(env, jMechanism, mech_pHandleID, ptr_to_jlong(ckpMechanism));
+TRACE1("DEBUG C_SignRecoverInit, stored pMech = 0x%lX\n", ptr_to_jlong(ckpMechanism));
+}
+TRACE0("FINISHED\n");
 }
 #endif
 #ifdef P11_ENABLE_C_SIGNRECOVER
 /*
 CK_RV rv;
 CK_BYTE INBUF[MAX_STACK_BUFFER_LEN];
 CK_BYTE OUTBUF[MAX_STACK_BUFFER_LEN];
 CK_BYTE_PTR inBufP;
 CK_BYTE_PTR outBufP = OUTBUF;
-CK_ULONG ckSignatureLength = MAX_STACK_BUFFER_LEN;
+CK_ULONG ckSignatureLength = 0;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return 0; }
 ckSessionHandle = jLongToCKULong(jSessionHandle);
 if (jInLen <= MAX_STACK_BUFFER_LEN) {
 inBufP = INBUF;
+ckSignatureLength = MAX_STACK_BUFFER_LEN;
 } else {
 inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
 if (inBufP == NULL) {
 throwOutOfMemoryError(env, 0);
 return 0;
 }
+ckSignatureLength = jInLen;
 }
 (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP);
 if ((*env)->ExceptionCheck(env)) {
-if (inBufP != INBUF) { free(inBufP); }
+goto cleanup;
-return 0;
+}
-}
 rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength);
 /* re-alloc larger buffer if it fits into our Java buffer */
 if ((rv == CKR_BUFFER_TOO_SMALL) && (ckSignatureLength <= jIntToCKULong(jOutLen))) {
 outBufP = (CK_BYTE_PTR) malloc(ckSignatureLength);
 if (outBufP == NULL) {
-if (inBufP != INBUF) {
-free(inBufP);
-}
 throwOutOfMemoryError(env, 0);
-return 0;
+goto cleanup;
 }
 rv = (*ckpFunctions->C_SignRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckSignatureLength);
 }
 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
 (*env)->SetByteArrayRegion(env, jOut, jOutOfs, ckSignatureLength, (jbyte *)outBufP);
 }
+cleanup:
 if (inBufP != INBUF) { free(inBufP); }
 if (outBufP != OUTBUF) { free(outBufP); }
 return ckSignatureLength;
 }
 * Method:    C_VerifyInit
 * Signature: (JLsun/security/pkcs11/wrapper/CK_MECHANISM;J)V
 * Parametermapping:                    *PKCS11*
 * @param   jlong jSessionHandle        CK_SESSION_HANDLE hSession
 * @param   jobject jMechanism          CK_MECHANISM_PTR pMechanism
-* @return  jlong jKeyHandle            CK_OBJECT_HANDLE hKey
+* @param   jlong jKeyHandle            CK_OBJECT_HANDLE hKey
 */
 JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyInit
 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle)
 {
 CK_SESSION_HANDLE ckSessionHandle;
-CK_MECHANISM ckMechanism;
+CK_MECHANISM_PTR ckpMechanism = NULL;
 CK_OBJECT_HANDLE ckKeyHandle;
 CK_RV rv;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return; }
-ckSessionHandle = jLongToCKULong(jSessionHandle);
+TRACE0("DEBUG: C_VerifyInit\n");
-jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
-if ((*env)->ExceptionCheck(env)) { return; }
+ckSessionHandle = jLongToCKULong(jSessionHandle);
+ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
+if ((*env)->ExceptionCheck(env)) {
+return;
+}
 ckKeyHandle = jLongToCKULong(jKeyHandle);
-rv = (*ckpFunctions->C_VerifyInit)(ckSessionHandle, &ckMechanism, ckKeyHandle);
+rv = (*ckpFunctions->C_VerifyInit)(ckSessionHandle, ckpMechanism, ckKeyHandle);
-if(ckMechanism.pParameter != NULL_PTR) {
+if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK ||
-free(ckMechanism.pParameter);
+(ckpMechanism->pParameter == NULL)) {
-}
+freeCKMechanismPtr(ckpMechanism);
+} else {
-if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
+(*env)->SetLongField(env, jMechanism, mech_pHandleID, ptr_to_jlong(ckpMechanism));
+TRACE1("DEBUG C_VerifyInit: stored pMech = 0x%lX\n", ptr_to_jlong(ckpMechanism));
+}
+TRACE0("FINISHED\n");
 }
 #endif
 #ifdef P11_ENABLE_C_VERIFY
 /*
 CK_SESSION_HANDLE ckSessionHandle;
 CK_BYTE_PTR ckpData = NULL_PTR;
 CK_BYTE_PTR ckpSignature = NULL_PTR;
 CK_ULONG ckDataLength;
 CK_ULONG ckSignatureLength;
-CK_RV rv;
+CK_RV rv = 0;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return; }
 ckSessionHandle = jLongToCKULong(jSessionHandle);
 jByteArrayToCKByteArray(env, jData, &ckpData, &ckDataLength);
-if ((*env)->ExceptionCheck(env)) { return; }
+if ((*env)->ExceptionCheck(env)) {
+return;
+}
 jByteArrayToCKByteArray(env, jSignature, &ckpSignature, &ckSignatureLength);
 if ((*env)->ExceptionCheck(env)) {
-free(ckpData);
+goto cleanup;
-return;
 }
 /* verify the signature */
 rv = (*ckpFunctions->C_Verify)(ckSessionHandle, ckpData, ckDataLength, ckpSignature, ckSignatureLength);
+cleanup:
 free(ckpData);
 free(ckpSignature);
-if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
+ckAssertReturnValueOK(env, rv);
 }
 #endif
 #ifdef P11_ENABLE_C_VERIFYUPDATE
 /*
 } else {
 bufLen = min(MAX_HEAP_BUFFER_LEN, jInLen);
 bufP = (CK_BYTE_PTR) malloc((size_t)bufLen);
 if (bufP == NULL) {
 throwOutOfMemoryError(env, 0);
-return;
+goto cleanup;
 }
 }
 while (jInLen > 0) {
 jsize chunkLen = min(bufLen, jInLen);
 (*env)->GetByteArrayRegion(env, jIn, jInOfs, chunkLen, (jbyte *)bufP);
 if ((*env)->ExceptionCheck(env)) {
-if (bufP != BUF) { free(bufP); }
+goto cleanup;
-return;
 }
 rv = (*ckpFunctions->C_VerifyUpdate)(ckSessionHandle, bufP, chunkLen);
 if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) {
-if (bufP != BUF) { free(bufP); }
+goto cleanup;
-return;
 }
 jInOfs += chunkLen;
 jInLen -= chunkLen;
 }
+cleanup:
 if (bufP != BUF) { free(bufP); }
 }
 #endif
 #ifdef P11_ENABLE_C_VERIFYFINAL
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return; }
 ckSessionHandle = jLongToCKULong(jSessionHandle);
 jByteArrayToCKByteArray(env, jSignature, &ckpSignature, &ckSignatureLength);
-if ((*env)->ExceptionCheck(env)) { return; }
+if ((*env)->ExceptionCheck(env)) {
+return;
+}
 /* verify the signature */
 rv = (*ckpFunctions->C_VerifyFinal)(ckSessionHandle, ckpSignature, ckSignatureLength);
 free(ckpSignature);
-if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
+ckAssertReturnValueOK(env, rv);
 }
 #endif
 #ifdef P11_ENABLE_C_VERIFYRECOVERINIT
 /*
 */
 JNIEXPORT void JNICALL Java_sun_security_pkcs11_wrapper_PKCS11_C_1VerifyRecoverInit
 (JNIEnv *env, jobject obj, jlong jSessionHandle, jobject jMechanism, jlong jKeyHandle)
 {
 CK_SESSION_HANDLE ckSessionHandle;
-CK_MECHANISM ckMechanism;
+CK_MECHANISM_PTR ckpMechanism = NULL;
 CK_OBJECT_HANDLE ckKeyHandle;
 CK_RV rv;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return; }
-ckSessionHandle = jLongToCKULong(jSessionHandle);
+TRACE0("DEBUG: C_VerifyRecoverInit\n");
-jMechanismToCKMechanism(env, jMechanism, &ckMechanism);
+ckSessionHandle = jLongToCKULong(jSessionHandle);
+ckpMechanism = jMechanismToCKMechanismPtr(env, jMechanism);
 if ((*env)->ExceptionCheck(env)) { return; }
 ckKeyHandle = jLongToCKULong(jKeyHandle);
-rv = (*ckpFunctions->C_VerifyRecoverInit)(ckSessionHandle, &ckMechanism, ckKeyHandle);
+rv = (*ckpFunctions->C_VerifyRecoverInit)(ckSessionHandle, ckpMechanism, ckKeyHandle);
-if (ckMechanism.pParameter != NULL_PTR) {
+if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK ||
-free(ckMechanism.pParameter);
+(ckpMechanism->pParameter == NULL)) {
-}
+freeCKMechanismPtr(ckpMechanism);
+} else {
-if (ckAssertReturnValueOK(env, rv) != CK_ASSERT_OK) { return; }
+(*env)->SetLongField(env, jMechanism, mech_pHandleID, ptr_to_jlong(ckpMechanism));
+TRACE1("DEBUG C_VerifyRecoverInit: stored pMech = 0x%lX\n", ptr_to_jlong(ckpMechanism));
+}
+TRACE0("FINISHED\n");
 }
 #endif
 #ifdef P11_ENABLE_C_VERIFYRECOVER
 /*
 CK_RV rv;
 CK_BYTE INBUF[MAX_STACK_BUFFER_LEN];
 CK_BYTE OUTBUF[MAX_STACK_BUFFER_LEN];
 CK_BYTE_PTR inBufP;
 CK_BYTE_PTR outBufP = OUTBUF;
-CK_ULONG ckDataLength = MAX_STACK_BUFFER_LEN;
+CK_ULONG ckDataLength = 0;
 CK_FUNCTION_LIST_PTR ckpFunctions = getFunctionList(env, obj);
 if (ckpFunctions == NULL) { return 0; }
 ckSessionHandle = jLongToCKULong(jSessionHandle);
 if (jInLen <= MAX_STACK_BUFFER_LEN) {
 inBufP = INBUF;
+ckDataLength = MAX_STACK_BUFFER_LEN;
 } else {
 inBufP = (CK_BYTE_PTR) malloc((size_t)jInLen);
 if (inBufP == NULL) {
 throwOutOfMemoryError(env, 0);
 return 0;
 }
+ckDataLength = jInLen;
 }
 (*env)->GetByteArrayRegion(env, jIn, jInOfs, jInLen, (jbyte *)inBufP);
 if ((*env)->ExceptionCheck(env)) {
-if (inBufP != INBUF) { free(inBufP); }
+goto cleanup;
-return 0;
 }
 rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength);
 /* re-alloc larger buffer if it fits into our Java buffer */
 if ((rv == CKR_BUFFER_TOO_SMALL) && (ckDataLength <= jIntToCKULong(jOutLen))) {
 outBufP = (CK_BYTE_PTR) malloc(ckDataLength);
 if (outBufP == NULL) {
-if (inBufP != INBUF) { free(inBufP); }
 throwOutOfMemoryError(env, 0);
-return 0;
+goto cleanup;
 }
 rv = (*ckpFunctions->C_VerifyRecover)(ckSessionHandle, inBufP, jInLen, outBufP, &ckDataLength);
 }
 if (ckAssertReturnValueOK(env, rv) == CK_ASSERT_OK) {
 (*env)->SetByteArrayRegion(env, jOut, jOutOfs, ckDataLength, (jbyte *)outBufP);
 }
+cleanup:
 if (inBufP != INBUF) { free(inBufP); }
 if (outBufP != OUTBUF) { free(outBufP); }
 return ckDataLength;
 }

branch	datagramsocketimpl-branch
changeset 58678	9cf78a70fa4f
parent 47216	71c04702a3d5
child 58679	9c3209ff7550