RH2173781: Avoid calling C_GetInfo() too early, before cryptoki is initialized (#26)

fridrich · martinuy · web-flow · commit 818c416698d6 · 2023-04-12T02:34:48.000+01:00
Co-authored-by: Martin Balao <mbalao@redhat.com> Reviewed-by: @franferrax, @gnu-andrew
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11SecretKeyFactory.java
@@ -220,9 +220,11 @@ static P11Key derivePBEKey(Token token, PBEKeySpec keySpec, String algo)
             }
 
             if (kdfData.kdfMech == CKM_PKCS5_PBKD2) {
-                CK_VERSION p11Ver = token.p11.getInfo().cryptokiVersion;
-                if (P11Util.isNSS(token) || p11Ver.major < 2 ||
-                        p11Ver.major == 2 && p11Ver.minor < 40) {
+                CK_INFO p11Info = token.p11.getInfo();
+                CK_VERSION p11Ver = (p11Info != null ? p11Info.cryptokiVersion
+                        : null);
+                if (P11Util.isNSS(token) || p11Ver != null && (p11Ver.major <
+                        2 || p11Ver.major == 2 && p11Ver.minor < 40)) {
                     // NSS keeps using the old structure beyond PKCS #11 v2.40
                     ckMech = new CK_MECHANISM(kdfData.kdfMech,
                             new CK_PKCS5_PBKD2_PARAMS(password, salt,
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
@@ -116,7 +116,7 @@ public static void loadNative() {
 
     private long pNativeData;
 
-    private CK_INFO pInfo;
+    private volatile CK_INFO pInfo;
 
     /**
      * This method does the initialization of the native library. It is called
@@ -153,7 +153,6 @@ public static void loadNative() {
             throws IOException, PKCS11Exception {
         connect(pkcs11ModulePath, functionListName);
         this.pkcs11ModulePath = pkcs11ModulePath;
-        pInfo = C_GetInfo();
     }
 
     /*
@@ -215,7 +214,21 @@ public static synchronized PKCS11 getInstance(String pkcs11ModulePath,
      * C_GetInfo. This structure represent Cryptoki library information.
      */
     public CK_INFO getInfo() {
-        return pInfo;
+        CK_INFO lPInfo = pInfo;
+        if (lPInfo == null) {
+            synchronized (this) {
+                lPInfo = pInfo;
+                if (lPInfo == null) {
+                    try {
+                        lPInfo = C_GetInfo();
+                        pInfo = lPInfo;
+                    } catch (PKCS11Exception e) {
+                        // Some PKCS #11 tokens require initialization first.
+                    }
+                }
+            }
+        }
+        return lPInfo;
     }
 
     /**
