[8u] RFR 8258833: Cancel multi-part cipher operations in SunPKCS11 after failures

Martin Balao mbalao at redhat.com
Wed Jan 27 19:38:48 UTC 2021


I'd like to propose an 8u backport of JDK-8258833 [1].



The 11u patch does not apply cleanly because of the following conflicts:

 * src/share/classes/sun/security/pkcs11/P11Signature.java
  * JDK-8149802 was not backported to 8u, so the context for one of the
hunks is different. In particular, "pe" was expected to be the
PKCS11Exception exception variable name -in 8u the name is "e"-, and a
catch "SignatureException | ProviderException e" line was expected
after. None of this affects the 8u backport of 8258833; which, in the
aforementioned hunk, adds documentation only. Backporting 8149802 to 8u
would require further analysis; as the fix is quite old now and many
changes have been applied on top of it. For example, the most-updated
jdk/jdk code just re-throws the SignatureException and ProviderException
exceptions. In other words, the cancelOperation call introduced by
8149802 was removed and it's a no-operation now. Please notice that both
jdk/jdk and 8u do a cancel call from the 'finally' block (which did not
exist by the time 8149802 was developed). As a result, my suggestion
here would be not to block the 8u backport of 8258833 enforcing a
dependency on 8149802. The conflict has been trivially fixed rebasing
the hunk context to 8u.

 * test/sun/security/pkcs11/Cipher/CancelMultipart.java
  * '@modules jdk.crypto.cryptoki/sun.security.pkcs11:open' does not
apply to 8u
  * '/test/lib' library path replaced with '/lib/security'

 * File paths converted to the pre-modules scheme.

Testing: no regressions observed in the sun/security/pkcs11 category.


[1] - https://bugs.openjdk.java.net/browse/JDK-8258833

More information about the jdk8u-dev mailing list