< prev index next >
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java
Print this page
@@ -131,16 +131,22 @@
if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
Session session = null;
try {
session = token.getOpSession();
+ byte[] out;
+ p11Key.incNativeKeyRef();
+ try {
token.p11.C_SignInit
(session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
- byte[] out = token.p11.C_SignFinal
+ out = token.p11.C_SignFinal
(session.id(), spec.getOutputLength());
+ } finally {
+ p11Key.decNativeKeyRef();
+ }
return new SecretKeySpec(out, "TlsPrf");
} catch (PKCS11Exception e) {
throw new ProviderException("Could not calculate PRF", e);
} finally {
token.releaseSession(session);
@@ -153,12 +159,17 @@
CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
Session session = null;
try {
session = token.getOpSession();
- long keyID = token.p11.C_DeriveKey(session.id(),
+ p11Key.incNativeKeyRef();
+ try {
+ token.p11.C_DeriveKey(session.id(),
new CK_MECHANISM(mechanism, params), p11Key.keyID, null);
+ } finally {
+ p11Key.decNativeKeyRef();
+ }
// ignore keyID, returned PRF bytes are in 'out'
return new SecretKeySpec(out, "TlsPrf");
} catch (PKCS11Exception e) {
throw new ProviderException("Could not calculate PRF", e);
} finally {
< prev index next >