JNI: synchronize wc_ecc_sign_hash() on rngLock, add sanity check for wc_ecc_sig_size()

2024-04-15 14:40:47 -06:00 · 2024-04-15 14:40:47 -06:00 · 30a1916233
parent 3198d3e8da
commit 30a1916233
3 changed files with 27 additions and 7 deletions
--- a/jni/jni_ecc.c
+++ b/jni/jni_ecc.c
@ -821,7 +821,9 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1sign_1hash(
    RNG*  rng    = NULL;
    byte* hash   = NULL;
    byte* signature = NULL;
-    word32 hashSz = 0, signatureSz = 0;
+    word32 hashSz = 0;
    word32 expectedSigSz = 0;
    word32 signatureSz = 0;
    word32 signatureBufSz = 0;
    ecc = (ecc_key*) getNativeStruct(env, this);
@ -844,7 +846,8 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1sign_1hash(
    }
    if (ret == 0) {
-        signatureSz = wc_ecc_sig_size(ecc);
+        expectedSigSz = wc_ecc_sig_size(ecc);
        signatureSz = expectedSigSz;
        signatureBufSz = signatureSz;
        signature = (byte*)XMALLOC(signatureSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
@ -860,25 +863,39 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1sign_1hash(
        ret = wc_ecc_sign_hash(hash, hashSz, signature, &signatureSz, rng, ecc);
    }
    if (ret == 0) {
        /* Sanity check on wc_ecc_sig_size() and actual length */
        if (expectedSigSz < signatureSz) {
            ret = BUFFER_E;
            throwWolfCryptException(env,
                "wc_ecc_sig_size() less than actual sig size");
        }
    }
    if (ret == 0) {
        result = (*env)->NewByteArray(env, signatureSz);
-        if (result) {
+        if (result != NULL) {
            (*env)->SetByteArrayRegion(env, result, 0, signatureSz,
                                       (const jbyte*)signature);
        } else {
            releaseByteArray(env, hash_object, hash, JNI_ABORT);
            throwWolfCryptException(env, "Failed to allocate signature");
            return NULL;
        }
    } else {
        releaseByteArray(env, hash_object, hash, JNI_ABORT);
        throwWolfCryptExceptionFromError(env, ret);
        return NULL;
    }
    LogStr("wc_ecc_sign_hash(input, inSz, output, &outSz, rng, ecc) = %d\n",
        ret);
    LogStr("signature[%u]: [%p]\n", (word32)signatureSz, signature);
    LogHex((byte*) signature, 0, signatureSz);
    if (signature != NULL) {
        LogStr("signature[%u]: [%p]\n", (word32)signatureSz, signature);
        LogHex((byte*) signature, 0, signatureSz);
        XMEMSET(signature, 0, signatureBufSz);
        XFREE(signature, NULL, DYNAMIC_TYPE_TMP_BUFFER);
    }
--- a/jni/jni_native_struct.c
+++ b/jni/jni_native_struct.c
@ -151,9 +151,10 @@ byte* getByteArray(JNIEnv* env, jbyteArray array)
 void releaseByteArray(JNIEnv* env, jbyteArray array, byte* elements, jint abort)
 {
-    if (elements)
+    if ((env != NULL) && (array != NULL) && (elements != NULL)) {
        (*env)->ReleaseByteArrayElements(env, array, (jbyte*) elements,
            abort ? JNI_ABORT : 0);
    }
 }
 word32 getByteArrayLength(JNIEnv* env, jbyteArray array)
--- a/src/main/java/com/wolfssl/wolfcrypt/Ecc.java
+++ b/src/main/java/com/wolfssl/wolfcrypt/Ecc.java
@ -500,7 +500,9 @@ public class Ecc extends NativeStruct {
        synchronized (stateLock) {
            if (state == WolfCryptState.READY) {
                synchronized (pointerLock) {
-                    signature = wc_ecc_sign_hash(hash, rng);
+                    synchronized (rngLock) {
                        signature = wc_ecc_sign_hash(hash, rng);
                    }
                }
            } else {
                throw new IllegalStateException(