From 4b00da2c7bf4f07071d05c85ca09b997925f80cc Mon Sep 17 00:00:00 2001 From: Chris Conlon Date: Thu, 23 Jan 2025 16:15:58 -0700 Subject: [PATCH] JNI: fix Facebook Infer script exit code, and reported thread safety violations / potential deadlock issues --- scripts/infer.sh | 8 +- src/java/com/wolfssl/WolfSSLCertRequest.java | 81 ++++++++----- src/java/com/wolfssl/WolfSSLCertificate.java | 120 ++++++++++++------- src/java/com/wolfssl/WolfSSLSession.java | 74 ++++++------ 4 files changed, 170 insertions(+), 113 deletions(-) diff --git a/scripts/infer.sh b/scripts/infer.sh index c11057f..c7f3c3d 100755 --- a/scripts/infer.sh +++ b/scripts/infer.sh @@ -39,6 +39,7 @@ infer --fail-on-issue run -- javac \ src/java/com/wolfssl/WolfSSLCertRequest.java \ src/java/com/wolfssl/WolfSSLCertificate.java \ src/java/com/wolfssl/WolfSSLContext.java \ + src/java/com/wolfssl/WolfSSLDebug.java \ src/java/com/wolfssl/WolfSSLDecryptVerifyCallback.java \ src/java/com/wolfssl/WolfSSLEccSharedSecretCallback.java \ src/java/com/wolfssl/WolfSSLEccSignCallback.java \ @@ -52,6 +53,7 @@ infer --fail-on-issue run -- javac \ src/java/com/wolfssl/WolfSSLLoggingCallback.java \ src/java/com/wolfssl/WolfSSLMacEncryptCallback.java \ src/java/com/wolfssl/WolfSSLMissingCRLCallback.java \ + src/java/com/wolfssl/WolfSSLNativeLoggingCallback.java \ src/java/com/wolfssl/WolfSSLPskClientCallback.java \ src/java/com/wolfssl/WolfSSLPskServerCallback.java \ src/java/com/wolfssl/WolfSSLRsaDecCallback.java \ @@ -69,7 +71,6 @@ infer --fail-on-issue run -- javac \ src/java/com/wolfssl/provider/jsse/WolfSSLAuthStore.java \ src/java/com/wolfssl/provider/jsse/WolfSSLContext.java \ src/java/com/wolfssl/provider/jsse/WolfSSLCustomUser.java \ - src/java/com/wolfssl/provider/jsse/WolfSSLDebug.java \ src/java/com/wolfssl/provider/jsse/WolfSSLEngine.java \ src/java/com/wolfssl/provider/jsse/WolfSSLEngineHelper.java \ src/java/com/wolfssl/provider/jsse/WolfSSLGenericHostName.java \ @@ -77,7 +78,6 @@ infer --fail-on-issue run -- javac \ src/java/com/wolfssl/provider/jsse/WolfSSLInternalVerifyCb.java \ src/java/com/wolfssl/provider/jsse/WolfSSLKeyManager.java \ src/java/com/wolfssl/provider/jsse/WolfSSLKeyX509.java \ - src/java/com/wolfssl/provider/jsse/WolfSSLNativeLoggingCallback.java \ src/java/com/wolfssl/provider/jsse/WolfSSLParametersHelper.java \ src/java/com/wolfssl/provider/jsse/WolfSSLParameters.java \ src/java/com/wolfssl/provider/jsse/WolfSSLProvider.java \ @@ -104,8 +104,10 @@ if [ "$RETVAL" == '0' ] && [ "$KEEP" == 'no' ]; then rm -r ./infer-out fi -if [ "$RETVAL" == '2' ]; then +if [ "$RETVAL" == '1' ] || [ "$RETVAL" == '2' ]; then # GitHub Actions expects return of 1 to mark step as failure exit 1 fi +exit 0 + diff --git a/src/java/com/wolfssl/WolfSSLCertRequest.java b/src/java/com/wolfssl/WolfSSLCertRequest.java index 6cc6de2..9c453ef 100644 --- a/src/java/com/wolfssl/WolfSSLCertRequest.java +++ b/src/java/com/wolfssl/WolfSSLCertRequest.java @@ -172,9 +172,11 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, - "entered addAttribute(nid: " + nid + ", byte[])"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered addAttribute(nid: " + nid + ", byte[])"); + } if (nid != WolfSSL.NID_pkcs9_challengePassword && nid != WolfSSL.NID_serialNumber && @@ -262,9 +264,11 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, "entered setPublicKey(" + - filePath + ", type: " + keyType + ", format: " + format + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered setPublicKey(" + + filePath + ", type: " + keyType + ", format: " + format + ")"); + } if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); @@ -309,10 +313,12 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, - "entered setPublicKey(byte[], type: " + keyType + ", format: " + - format + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered setPublicKey(byte[], type: " + keyType + ", format: " + + format + ")"); + } if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); @@ -366,9 +372,11 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, - "entered setPublicKey(" + key + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered setPublicKey(" + key + ")"); + } if (key instanceof RSAPublicKey) { keyType = WolfSSL.RSAk; @@ -442,9 +450,12 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, "entered addExtension(nid: " + - nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered addExtension(nid: " + nid + ", value: " + value + + ", isCritical: " + isCritical + ")"); + } if (nid != WolfSSL.NID_key_usage && nid != WolfSSL.NID_subject_alt_name && @@ -502,9 +513,12 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, "entered addExtension(nid: " + - nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered addExtension(nid: " + nid + ", value: " + value + + ", isCritical: " + isCritical + ")"); + } if (nid != WolfSSL.NID_basic_constraints) { throw new WolfSSLException( @@ -553,10 +567,12 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, "entered signRequest(" + - filePath + ", keyType: " + keyType + ", format: " + format + - ", digestAlg: " + digestAlg + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, "entered signRequest(" + + filePath + ", keyType: " + keyType + ", format: " + format + + ", digestAlg: " + digestAlg + ")"); + } if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); @@ -604,10 +620,12 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, - "entered signRequest(byte[], keyType: " + keyType + ", format: " + - format + ", digestAlg: " + digestAlg + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered signRequest(byte[], keyType: " + keyType + + ", format: " + format + ", digestAlg: " + digestAlg + ")"); + } if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); @@ -665,9 +683,12 @@ public class WolfSSLCertRequest { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509ReqPtr, "entered signRequest(key: " + - key + ", digestAlg: " + digestAlg + ")"); + synchronized (x509ReqLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509ReqPtr, + "entered signRequest(key: " + key + ", digestAlg: " + + digestAlg + ")"); + } if (key == null) { throw new WolfSSLException("Key object is null"); diff --git a/src/java/com/wolfssl/WolfSSLCertificate.java b/src/java/com/wolfssl/WolfSSLCertificate.java index bf8d04d..3daaaf5 100644 --- a/src/java/com/wolfssl/WolfSSLCertificate.java +++ b/src/java/com/wolfssl/WolfSSLCertificate.java @@ -462,9 +462,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setIssuerName(" + - cert + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setIssuerName(" + + cert + ")"); + } x509NamePtr = X509_get_issuer_name_ptr(cert.getX509Ptr()); if (x509NamePtr == 0) { @@ -505,9 +507,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setIssuerName(" + - cert + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setIssuerName(" + + cert + ")"); + } /* Get DER encoding of certificate */ certDer = cert.getEncoded(); @@ -547,9 +551,12 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setPublicKey(" + - filePath + ", keyType: " + keyType + ", format: " + format + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setPublicKey(" + + filePath + ", keyType: " + keyType + ", format: " + + format + ")"); + } if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); @@ -594,10 +601,12 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, - "entering setPublicKey(byte[], keyType: " + - keyType + ", format: " + format + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering setPublicKey(byte[], keyType: " + + keyType + ", format: " + format + ")"); + } if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); @@ -651,9 +660,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setPublicKey(" + - key + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setPublicKey(" + + key + ")"); + } if (key instanceof RSAPublicKey) { keyType = WolfSSL.RSAk; @@ -693,9 +704,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setSerialNumber(" + - serial + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setSerialNumber(" + + serial + ")"); + } if (serial == null) { throw new WolfSSLException("Input BigInteger is null"); @@ -734,11 +747,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setNotBefore(" + - notBefore + ")"); - synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setNotBefore(" + + notBefore + ")"); + ret = X509_set_notBefore(this.x509Ptr, notBefore.getTime() / 1000); } @@ -765,11 +778,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering setNotAfter(" + - notAfter + ")"); - synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering setNotAfter(" + + notAfter + ")"); + ret = X509_set_notAfter(this.x509Ptr, notAfter.getTime() / 1000); } @@ -866,9 +879,12 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering addExtension(nid: " + - nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering addExtension(nid: " + nid + ", value: " + value + + ", isCritical: " + isCritical + ")"); + } if (nid != WolfSSL.NID_key_usage && nid != WolfSSL.NID_subject_alt_name && @@ -926,9 +942,12 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering addExtension(nid: " + - nid + ", value: " + value + ", isCritical: " + isCritical + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering addExtension(nid: " + nid + ", value: " + value + + ", isCritical: " + isCritical + ")"); + } if (nid != WolfSSL.NID_basic_constraints) { throw new WolfSSLException( @@ -977,10 +996,12 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering signCert(" + filePath + - ", keyType: " + keyType + ", format: " + format + ", digestAlg: " + - digestAlg + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering signCert(" + + filePath + ", keyType: " + keyType + ", format: " + format + + ", digestAlg: " + digestAlg + ")"); + } if (filePath == null || filePath.isEmpty()) { throw new WolfSSLException("File path is null or empty"); @@ -1028,10 +1049,12 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, - "entering signCert(byte[], keyType: " + keyType + ", format: " + - format + ", digestAlg: " + digestAlg + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering signCert(byte[], keyType: " + keyType + ", format: " + + format + ", digestAlg: " + digestAlg + ")"); + } if (key == null || key.length == 0) { throw new WolfSSLException("Key array is null or empty"); @@ -1088,9 +1111,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering signCert(" + key + - ", digestAlg: " + digestAlg + ")"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, "entering signCert(" + key + + ", digestAlg: " + digestAlg + ")"); + } if (key == null) { throw new WolfSSLException("Key object is null"); @@ -1697,8 +1722,11 @@ public class WolfSSLCertificate implements Serializable { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.x509Ptr, "entering getX509Certificate()"); + synchronized (x509Lock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.x509Ptr, + "entering getX509Certificate()"); + } try { in = new ByteArrayInputStream(this.getDer()); diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java index e34891e..da2f8db 100644 --- a/src/java/com/wolfssl/WolfSSLSession.java +++ b/src/java/com/wolfssl/WolfSSLSession.java @@ -1349,18 +1349,18 @@ public class WolfSSLSession { * @see WolfSSLContext#newContext(long) * @see WolfSSLContext#free() */ - public synchronized void freeSSL() + public void freeSSL() throws IllegalStateException, WolfSSLJNIException { - synchronized (stateLock) { - if (this.active == false) { - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, "entered freeSSL(), already freed"); - /* already freed, just return */ - return; - } + synchronized (sslLock) { + synchronized (stateLock) { + if (this.active == false) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, "entered freeSSL(), already freed"); + /* already freed, just return */ + return; + } - synchronized (sslLock) { WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, WolfSSLDebug.INFO, this.sslPtr, "entered freeSSL()"); @@ -2867,7 +2867,7 @@ public class WolfSSLSession { * @see WolfSSLContext#setIORecv(WolfSSLIORecvCallback) * @see WolfSSLContext#setIOSend(WolfSSLIOSendCallback) */ - public synchronized void setIOReadCtx(Object ctx) + public void setIOReadCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -2886,7 +2886,7 @@ public class WolfSSLSession { * @return Object that was set with setIOReadCtx(). * @throws IllegalStateException WolfSSLContext has been freed */ - public synchronized Object getIOReadCtx() + public Object getIOReadCtx() throws IllegalStateException { confirmObjectIsActive(); @@ -2918,7 +2918,7 @@ public class WolfSSLSession { * @see WolfSSLContext#setIOSend(WolfSSLIOSendCallback) * @see WolfSSLContext#setIORecv(WolfSSLIORecvCallback) */ - public synchronized void setIOWriteCtx(Object ctx) + public void setIOWriteCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -2937,7 +2937,7 @@ public class WolfSSLSession { * @return Object that was set with setIOWriteCtx(). * @throws IllegalStateException WolfSSLContext has been freed */ - public synchronized Object getIOWriteCtx() + public Object getIOWriteCtx() throws IllegalStateException { confirmObjectIsActive(); @@ -2964,7 +2964,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setGenCookie(WolfSSLGenCookieCallback) */ - public synchronized void setGenCookieCtx(Object ctx) + public void setGenCookieCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3541,7 +3541,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setMacEncryptCb(WolfSSLMacEncryptCallback) */ - public synchronized void setMacEncryptCtx(Object ctx) + public void setMacEncryptCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3565,7 +3565,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setDecryptVerifyCb(WolfSSLDecryptVerifyCallback) */ - public synchronized void setDecryptVerifyCtx(Object ctx) + public void setDecryptVerifyCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3588,7 +3588,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setEccSignCb(WolfSSLEccSignCallback) */ - public synchronized void setEccSignCtx(Object ctx) + public void setEccSignCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3612,7 +3612,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setEccVerifyCb(WolfSSLEccVerifyCallback) */ - public synchronized void setEccVerifyCtx(Object ctx) + public void setEccVerifyCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3637,7 +3637,7 @@ public class WolfSSLSession { * @see WolfSSLContext#setEccSignCb(WolfSSLEccSignCallback) * @see WolfSSLContext#setEccVerifyCb(WolfSSLEccVerifyCallback) */ - public synchronized void setEccSharedSecretCtx(Object ctx) + public void setEccSharedSecretCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3661,7 +3661,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setRsaSignCb(WolfSSLRsaSignCallback) */ - public synchronized void setRsaSignCtx(Object ctx) + public void setRsaSignCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3686,7 +3686,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setRsaVerifyCb(WolfSSLRsaVerifyCallback) */ - public synchronized void setRsaVerifyCtx(Object ctx) + public void setRsaVerifyCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3711,7 +3711,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setRsaEncCb(WolfSSLRsaEncCallback) */ - public synchronized void setRsaEncCtx(Object ctx) + public void setRsaEncCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3736,7 +3736,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see WolfSSLContext#setRsaDecCb(WolfSSLRsaDecCallback) */ - public synchronized void setRsaDecCtx(Object ctx) + public void setRsaDecCtx(Object ctx) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3782,7 +3782,7 @@ public class WolfSSLSession { * @see WolfSSLSession#getPskIdentity() * @see WolfSSLSession#getPskIdentityHint() */ - public synchronized void setPskClientCb(WolfSSLPskClientCallback callback) + public void setPskClientCb(WolfSSLPskClientCallback callback) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -3827,7 +3827,7 @@ public class WolfSSLSession { * @see WolfSSLSession#getPskIdentity() * @see WolfSSLSession#getPskIdentityHint() */ - public synchronized void setPskServerCb(WolfSSLPskServerCallback callback) + public void setPskServerCb(WolfSSLPskServerCallback callback) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -4126,7 +4126,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see #setIOSend(WolfSSLIOSendCallback) */ - public synchronized void setIORecv(WolfSSLIORecvCallback callback) + public void setIORecv(WolfSSLIORecvCallback callback) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -4164,7 +4164,7 @@ public class WolfSSLSession { * @throws WolfSSLJNIException Internal JNI error * @see #setIORecv(WolfSSLIORecvCallback) */ - public synchronized void setIOSend(WolfSSLIOSendCallback callback) + public void setIOSend(WolfSSLIOSendCallback callback) throws IllegalStateException, WolfSSLJNIException { confirmObjectIsActive(); @@ -4237,7 +4237,7 @@ public class WolfSSLSession { * @throws IllegalStateException if called when WolfSSLSession is not * active */ - public synchronized int useSNI(byte type, byte[] data) + public int useSNI(byte type, byte[] data) throws IllegalStateException { int ret; @@ -4268,7 +4268,7 @@ public class WolfSSLSession { * @throws IllegalStateException if called when WolfSSLSession is not * active */ - public synchronized byte[] getClientSNIRequest() + public byte[] getClientSNIRequest() throws IllegalStateException { confirmObjectIsActive(); @@ -4347,7 +4347,7 @@ public class WolfSSLSession { * @return WolfSSL.SSL_SUCCESS on success, otherwise negative. * @throws IllegalStateException WolfSSLSession has been freed */ - public synchronized int useSessionTicket() + public int useSessionTicket() throws IllegalStateException { int ret; @@ -4441,8 +4441,11 @@ public class WolfSSLSession { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.sslPtr, "entered useALPN(String[], int)"); + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered useALPN(String[], int)"); + } if (protocols == null) { return WolfSSL.BAD_FUNC_ARG; @@ -4493,8 +4496,11 @@ public class WolfSSLSession { confirmObjectIsActive(); - WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, - WolfSSLDebug.INFO, this.sslPtr, "entered getAlpnSelectedString()"); + synchronized (sslLock) { + WolfSSLDebug.log(getClass(), WolfSSLDebug.Component.JNI, + WolfSSLDebug.INFO, this.sslPtr, + "entered getAlpnSelectedString()"); + } alpnSelectedBytes = getAlpnSelected();