1 files changed, 9 insertions, 5 deletions

diff --git a/src/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java b/src/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
index ac2b7e3082..52b56ef42b 100644
--- a/src/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
+++ b/src/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006, 2007, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2006, 2018, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -120,6 +120,7 @@ final class P11ECDHKeyAgreement extends KeyAgreementSpi {
             throw new IllegalStateException("Not initialized correctly");
         }
         Session session = null;
+        long privKeyID = privateKey.getKeyID();
         try {
             session = token.getOpSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -131,8 +132,8 @@ final class P11ECDHKeyAgreement extends KeyAgreementSpi {
             attributes = token.getAttributes
                 (O_GENERATE, CKO_SECRET_KEY, CKK_GENERIC_SECRET, attributes);
             long keyID = token.p11.C_DeriveKey(session.id(),
-                new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
-                attributes);
+                    new CK_MECHANISM(mechanism, ckParams), privKeyID,
+                    attributes);
             attributes = new CK_ATTRIBUTE[] {
                 new CK_ATTRIBUTE(CKA_VALUE)
             };
@@ -143,6 +144,7 @@ final class P11ECDHKeyAgreement extends KeyAgreementSpi {
         } catch (PKCS11Exception e) {
             throw new ProviderException("Could not derive key", e);
         } finally {
+            privateKey.releaseKeyID();
             publicValue = null;
             token.releaseSession(session);
         }
@@ -182,6 +184,7 @@ final class P11ECDHKeyAgreement extends KeyAgreementSpi {
         }
         long keyType = CKK_GENERIC_SECRET;
         Session session = null;
+        long privKeyID = privateKey.getKeyID();
         try {
             session = token.getObjSession();
             CK_ATTRIBUTE[] attributes = new CK_ATTRIBUTE[] {
@@ -193,8 +196,8 @@ final class P11ECDHKeyAgreement extends KeyAgreementSpi {
             attributes = token.getAttributes
                 (O_GENERATE, CKO_SECRET_KEY, keyType, attributes);
             long keyID = token.p11.C_DeriveKey(session.id(),
-                new CK_MECHANISM(mechanism, ckParams), privateKey.keyID,
-                attributes);
+                    new CK_MECHANISM(mechanism, ckParams), privKeyID,
+                    attributes);
             CK_ATTRIBUTE[] lenAttributes = new CK_ATTRIBUTE[] {
                 new CK_ATTRIBUTE(CKA_VALUE_LEN),
             };
@@ -206,6 +209,7 @@ final class P11ECDHKeyAgreement extends KeyAgreementSpi {
         } catch (PKCS11Exception e) {
             throw new InvalidKeyException("Could not derive key", e);
         } finally {
+            privateKey.releaseKeyID();
             publicValue = null;
             token.releaseSession(session);
         }