jdk_sunpkcs11 Cdiff src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java

src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java


*** 131,146 ****
  
          if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
              Session session = null;
              try {
                  session = token.getOpSession();
!                 token.p11.C_SignInit
!                     (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
!                 token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
!                 token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
!                 byte[] out = token.p11.C_SignFinal
                                      (session.id(), spec.getOutputLength());
                  return new SecretKeySpec(out, "TlsPrf");
              } catch (PKCS11Exception e) {
                  throw new ProviderException("Could not calculate PRF", e);
              } finally {
                  token.releaseSession(session);
--- 131,154 ----
  
          if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
              Session session = null;
              try {
                  session = token.getOpSession();
!                 byte[] out;
!                 p11Key.incNativeKeyRef();
!                 try {
!                     token.p11.C_SignInit(session.id(),
!                             new CK_MECHANISM(mechanism), p11Key.keyID);
!                     token.p11.C_SignUpdate(session.id(), 0, label, 0,
!                             label.length);
!                     token.p11.C_SignUpdate(session.id(), 0, seed, 0,
!                             seed.length);
!                     out = token.p11.C_SignFinal
                                          (session.id(), spec.getOutputLength());
+                 } finally {
+                     p11Key.decNativeKeyRef();
+                 }
                  return new SecretKeySpec(out, "TlsPrf");
              } catch (PKCS11Exception e) {
                  throw new ProviderException("Could not calculate PRF", e);
              } finally {
                  token.releaseSession(session);
*** 153,164 ****
          CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
  
          Session session = null;
          try {
              session = token.getOpSession();
!             long keyID = token.p11.C_DeriveKey(session.id(),
!                 new CK_MECHANISM(mechanism, params), p11Key.keyID, null);
              // ignore keyID, returned PRF bytes are in 'out'
              return new SecretKeySpec(out, "TlsPrf");
          } catch (PKCS11Exception e) {
              throw new ProviderException("Could not calculate PRF", e);
          } finally {
--- 161,178 ----
          CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
  
          Session session = null;
          try {
              session = token.getOpSession();
!             p11Key.incNativeKeyRef();
!             try {
!                 token.p11.C_DeriveKey(session.id(),
!                         new CK_MECHANISM(mechanism, params),
!                         p11Key.keyID, null);
!             } finally {
!                 p11Key.decNativeKeyRef();
!             }
              // ignore keyID, returned PRF bytes are in 'out'
              return new SecretKeySpec(out, "TlsPrf");
          } catch (PKCS11Exception e) {
              throw new ProviderException("Could not calculate PRF", e);
          } finally {
< prev index next >