< prev index next >
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11TlsPrfGenerator.java
Print this page
*** 131,146 ****
if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
Session session = null;
try {
session = token.getOpSession();
! token.p11.C_SignInit
! (session.id(), new CK_MECHANISM(mechanism), p11Key.keyID);
! token.p11.C_SignUpdate(session.id(), 0, label, 0, label.length);
! token.p11.C_SignUpdate(session.id(), 0, seed, 0, seed.length);
! byte[] out = token.p11.C_SignFinal
(session.id(), spec.getOutputLength());
return new SecretKeySpec(out, "TlsPrf");
} catch (PKCS11Exception e) {
throw new ProviderException("Could not calculate PRF", e);
} finally {
token.releaseSession(session);
--- 131,154 ----
if (mechanism == CKM_NSS_TLS_PRF_GENERAL) {
Session session = null;
try {
session = token.getOpSession();
! byte[] out;
! p11Key.incNativeKeyRef();
! try {
! token.p11.C_SignInit(session.id(),
! new CK_MECHANISM(mechanism), p11Key.keyID);
! token.p11.C_SignUpdate(session.id(), 0, label, 0,
! label.length);
! token.p11.C_SignUpdate(session.id(), 0, seed, 0,
! seed.length);
! out = token.p11.C_SignFinal
(session.id(), spec.getOutputLength());
+ } finally {
+ p11Key.decNativeKeyRef();
+ }
return new SecretKeySpec(out, "TlsPrf");
} catch (PKCS11Exception e) {
throw new ProviderException("Could not calculate PRF", e);
} finally {
token.releaseSession(session);
*** 153,164 ****
CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
Session session = null;
try {
session = token.getOpSession();
! long keyID = token.p11.C_DeriveKey(session.id(),
! new CK_MECHANISM(mechanism, params), p11Key.keyID, null);
// ignore keyID, returned PRF bytes are in 'out'
return new SecretKeySpec(out, "TlsPrf");
} catch (PKCS11Exception e) {
throw new ProviderException("Could not calculate PRF", e);
} finally {
--- 161,178 ----
CK_TLS_PRF_PARAMS params = new CK_TLS_PRF_PARAMS(seed, label, out);
Session session = null;
try {
session = token.getOpSession();
! p11Key.incNativeKeyRef();
! try {
! token.p11.C_DeriveKey(session.id(),
! new CK_MECHANISM(mechanism, params),
! p11Key.keyID, null);
! } finally {
! p11Key.decNativeKeyRef();
! }
// ignore keyID, returned PRF bytes are in 'out'
return new SecretKeySpec(out, "TlsPrf");
} catch (PKCS11Exception e) {
throw new ProviderException("Could not calculate PRF", e);
} finally {
< prev index next >