If initializing a SunPKCS11 Signature fails because C_SignInit or C_VerifyInit functions throw a PKCS11Exception exception, allocated session is not released. If this happens multiple times, token resources may be exhausted leading to an error. It's suggested to implement the same idiom as for SunPKCS11 Cipher objects. That is: release the session if initialization fails. Bug originally reported by: Hemant B Khot
|