diff --git a/src/java/com/wolfssl/WolfSSLCertManager.java b/src/java/com/wolfssl/WolfSSLCertManager.java index e03994f..c8a41bb 100644 --- a/src/java/com/wolfssl/WolfSSLCertManager.java +++ b/src/java/com/wolfssl/WolfSSLCertManager.java @@ -40,6 +40,12 @@ public class WolfSSLCertManager { private boolean active = false; private long cmPtr = 0; + /* lock around active state */ + private final Object stateLock = new Object(); + + /* lock around native WOLFSSL_CERT_MANAGER pointer use */ + private final Object cmLock = new Object(); + static native long CertManagerNew(); static native void CertManagerFree(long cm); static native int CertManagerLoadCA(long cm, String f, String d); @@ -62,6 +68,22 @@ public class WolfSSLCertManager { this.active = true; } + /** + * Verifies that the current WolfSSLCertManager object is active. + * + * @throws IllegalStateException if object has been freed + */ + private synchronized void confirmObjectIsActive() + throws IllegalStateException { + + synchronized (stateLock) { + if (this.active == false) { + throw new IllegalStateException( + "WolfSSLCertManager object has been freed"); + } + } + } + /** * Load CA into CertManager * @@ -69,12 +91,16 @@ public class WolfSSLCertManager { * @param d directory of X.509 certs to load, or null * * @return WolfSSL.SSL_SUCESS on success, negative on error + * @throws IllegalStateException WolfSSLContext has been freed */ - public synchronized int CertManagerLoadCA(String f, String d) { - if (this.active == false) - throw new IllegalStateException("Object has been freed"); + public synchronized int CertManagerLoadCA(String f, String d) + throws IllegalStateException { - return CertManagerLoadCA(this.cmPtr, f, d); + confirmObjectIsActive(); + + synchronized (cmLock) { + return CertManagerLoadCA(this.cmPtr, f, d); + } } /** @@ -87,33 +113,34 @@ public class WolfSSLCertManager { * WolfSSL.SSL_FILETYPE_ASN1 (ASN.1/DER). * * @return WolfSSL.SSL_SUCCESS on success, negative on error + * @throws IllegalStateException WolfSSLContext has been freed */ public synchronized int CertManagerLoadCABuffer( - byte[] in, long sz, int format) { + byte[] in, long sz, int format) throws IllegalStateException { - if (this.active == false) - throw new IllegalStateException("Object has been freed"); + confirmObjectIsActive(); - return CertManagerLoadCABuffer(this.cmPtr, in, sz, format); + synchronized (cmLock) { + return CertManagerLoadCABuffer(this.cmPtr, in, sz, format); + } } /** * Loads KeyStore certificates into WolfSSLCertManager object. * * @param ks - input KeyStore from which to load CA certs - * @throws WolfSSLException on exception working with KeyStore * @return WolfSSL.SSL_SUCCESS if at least one cert was loaded * successfully, otherwise WolfSSL.SSL_FAILURE. + * @throws WolfSSLException on exception working with KeyStore + * @throws IllegalStateException WolfSSLContext has been freed */ public synchronized int CertManagerLoadCAKeyStore(KeyStore ks) - throws WolfSSLException { + throws WolfSSLException, IllegalStateException { int ret = 0; int loadedCerts = 0; - if (this.active == false) { - throw new IllegalStateException("Object has been freed"); - } + confirmObjectIsActive(); if (ks == null) { throw new WolfSSLException("Input KeyStore is null"); @@ -159,13 +186,16 @@ public class WolfSSLCertManager { * Unload any CAs that have been loaded into WolfSSLCertManager object. * * @return WolfSSL.SSL_SUCCESS on success, negative on error. + * @throws IllegalStateException WolfSSLContext has been freed */ - public synchronized int CertManagerUnloadCAs() { - if (this.active == false) { - throw new IllegalStateException("Object has been freed"); - } + public synchronized int CertManagerUnloadCAs() + throws IllegalStateException { - return CertManagerUnloadCAs(this.cmPtr); + confirmObjectIsActive(); + + synchronized (cmLock) { + return CertManagerUnloadCAs(this.cmPtr); + } } /** @@ -179,33 +209,39 @@ public class WolfSSLCertManager { * * @return WolfSSL.SSL_SUCCESS on successful verification, otherwise * negative on error. + * @throws IllegalStateException WolfSSLContext has been freed */ public synchronized int CertManagerVerifyBuffer( - byte[] in, long sz, int format) { + byte[] in, long sz, int format) throws IllegalStateException { - if (this.active == false) - throw new IllegalStateException("Object has been freed"); + confirmObjectIsActive(); - return CertManagerVerifyBuffer(this.cmPtr, in, sz, format); + synchronized (cmLock) { + return CertManagerVerifyBuffer(this.cmPtr, in, sz, format); + } } /** * Frees CertManager object - * - * @throws IllegalStateException WolfSSLContext has been freed - * @see WolfSSLSession#freeSSL() + * @see WolfSSLSession#freeSSL() */ public synchronized void free() throws IllegalStateException { - if (this.active == false) - throw new IllegalStateException("Object has been freed"); + synchronized (stateLock) { + if (this.active == false) { + /* already freed, just return */ + return; + } - /* free native resources */ - CertManagerFree(this.cmPtr); + synchronized (cmLock) { + /* free native resources */ + CertManagerFree(this.cmPtr); - /* free Java resources */ - this.active = false; - this.cmPtr = 0; + /* free Java resources */ + this.active = false; + this.cmPtr = 0; + } + } } @SuppressWarnings("deprecation") diff --git a/src/java/com/wolfssl/WolfSSLContext.java b/src/java/com/wolfssl/WolfSSLContext.java index f1dfac1..3318d57 100644 --- a/src/java/com/wolfssl/WolfSSLContext.java +++ b/src/java/com/wolfssl/WolfSSLContext.java @@ -72,6 +72,12 @@ public class WolfSSLContext { /* is this context active, or has it been freed? */ private boolean active = false; + /* lock around active state */ + private final Object stateLock = new Object(); + + /* lock around native WOLFSSL_CTX pointer use */ + private final Object ctxLock = new Object(); + /** * Creates a new SSL/TLS context for the desired SSL/TLS protocol level. * @@ -93,11 +99,7 @@ public class WolfSSLContext { /* ------------------- private/protected methods -------------------- */ - protected synchronized long getContextPtr() - { - if (this.active == false) { - return 0; - } + protected synchronized long getContextPtr() { return sslCtxPtr; } @@ -314,9 +316,11 @@ public class WolfSSLContext { private synchronized void confirmObjectIsActive() throws IllegalStateException { - if (this.active == false) { - throw new IllegalStateException( - "WolfSSLContext object has been freed"); + synchronized (stateLock) { + if (this.active == false) { + throw new IllegalStateException( + "WolfSSLContext object has been freed"); + } } } @@ -408,7 +412,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return useCertificateFile(getContextPtr(), file, format); + synchronized (ctxLock) { + return useCertificateFile(getContextPtr(), file, format); + } } /** @@ -441,7 +447,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return usePrivateKeyFile(getContextPtr(), file, format); + synchronized (ctxLock) { + return usePrivateKeyFile(getContextPtr(), file, format); + } } /** @@ -492,7 +500,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return loadVerifyLocations(getContextPtr(), file, path); + synchronized (ctxLock) { + return loadVerifyLocations(getContextPtr(), file, path); + } } /** @@ -520,7 +530,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return useCertificateChainFile(getContextPtr(), file); + synchronized (ctxLock) { + return useCertificateChainFile(getContextPtr(), file); + } } @@ -563,7 +575,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - setVerify(getContextPtr(), mode, callback); + synchronized (ctxLock) { + setVerify(getContextPtr(), mode, callback); + } } /** @@ -580,7 +594,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setOptions(getContextPtr(), op); + synchronized (ctxLock) { + return setOptions(getContextPtr(), op); + } } /** @@ -596,7 +612,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return getOptions(getContextPtr()); + synchronized (ctxLock) { + return getOptions(getContextPtr()); + } } /** @@ -611,12 +629,21 @@ public class WolfSSLContext { confirmObjectIsActive(); - /* free native resources */ - freeContext(this.sslCtxPtr); + synchronized (stateLock) { + if (this.active == false) { + /* already freed, just return */ + return; + } - /* free Java resources */ - this.active = false; - this.sslCtxPtr = 0; + synchronized (ctxLock) { + /* free native resources */ + freeContext(this.sslCtxPtr); + + /* free Java resources */ + this.active = false; + this.sslCtxPtr = 0; + } + } } /** @@ -649,7 +676,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return memsaveCertCache(getContextPtr(), mem, sz, used); + synchronized (ctxLock) { + return memsaveCertCache(getContextPtr(), mem, sz, used); + } } /** @@ -682,7 +711,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return memrestoreCertCache(getContextPtr(), mem, sz); + synchronized (ctxLock) { + return memrestoreCertCache(getContextPtr(), mem, sz); + } } /** @@ -704,7 +735,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return getCertCacheMemsize(getContextPtr()); + synchronized (ctxLock) { + return getCertCacheMemsize(getContextPtr()); + } } /** @@ -721,7 +754,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setCacheSize(getContextPtr(), sz); + synchronized (ctxLock) { + return setCacheSize(getContextPtr(), sz); + } } /** @@ -736,7 +771,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return getCacheSize(getContextPtr()); + synchronized (ctxLock) { + return getCacheSize(getContextPtr()); + } } /** @@ -770,7 +807,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setCipherList(getContextPtr(), list); + synchronized (ctxLock) { + return setCipherList(getContextPtr(), list); + } } /** @@ -793,7 +832,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setTmpDH(getContextPtr(), p, pSz, g, gSz); + synchronized (ctxLock) { + return setTmpDH(getContextPtr(), p, pSz, g, gSz); + } } /** @@ -820,7 +861,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setTmpDHFile(getContextPtr(), fname, format); + synchronized (ctxLock) { + return setTmpDHFile(getContextPtr(), fname, format); + } } /** @@ -865,7 +908,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return loadVerifyBuffer(getContextPtr(), in, sz, format); + synchronized (ctxLock) { + return loadVerifyBuffer(getContextPtr(), in, sz, format); + } } /** @@ -901,7 +946,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return useCertificateBuffer(getContextPtr(), in, sz, format); + synchronized (ctxLock) { + return useCertificateBuffer(getContextPtr(), in, sz, format); + } } /** @@ -940,7 +987,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return usePrivateKeyBuffer(getContextPtr(), in, sz, format); + synchronized (ctxLock) { + return usePrivateKeyBuffer(getContextPtr(), in, sz, format); + } } /** @@ -979,7 +1028,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return useCertificateChainBuffer(getContextPtr(), in, sz); + synchronized (ctxLock) { + return useCertificateChainBuffer(getContextPtr(), in, sz); + } } /** @@ -1022,7 +1073,10 @@ public class WolfSSLContext { confirmObjectIsActive(); - return useCertificateChainBufferFormat(getContextPtr(), in, sz, format); + synchronized (ctxLock) { + return useCertificateChainBufferFormat( + getContextPtr(), in, sz, format); + } } /** @@ -1038,7 +1092,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setGroupMessages(getContextPtr()); + synchronized (ctxLock) { + return setGroupMessages(getContextPtr()); + } } /** @@ -1070,7 +1126,9 @@ public class WolfSSLContext { internRecvCb = callback; /* register internal callback with native library */ - setIORecv(getContextPtr()); + synchronized (ctxLock) { + setIORecv(getContextPtr()); + } } /** @@ -1102,7 +1160,9 @@ public class WolfSSLContext { internSendCb = callback; /* register internal callback with native library */ - setIOSend(getContextPtr()); + synchronized (ctxLock) { + setIOSend(getContextPtr()); + } } /** @@ -1134,7 +1194,9 @@ public class WolfSSLContext { internCookieCb = callback; /* register internal callback with native library */ - setGenCookie(getContextPtr()); + synchronized (ctxLock) { + setGenCookie(getContextPtr()); + } } /** @@ -1164,7 +1226,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return enableCRL(getContextPtr(), options); + synchronized (ctxLock) { + return enableCRL(getContextPtr(), options); + } } /** @@ -1188,7 +1252,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return disableCRL(getContextPtr()); + synchronized (ctxLock) { + return disableCRL(getContextPtr()); + } } /** @@ -1235,7 +1301,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return loadCRL(getContextPtr(), path, type, monitor); + synchronized (ctxLock) { + return loadCRL(getContextPtr(), path, type, monitor); + } } /** @@ -1260,7 +1328,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setCRLCb(getContextPtr(), cb); + synchronized (ctxLock) { + return setCRLCb(getContextPtr(), cb); + } } /** @@ -1290,7 +1360,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return enableOCSP(getContextPtr(), options); + synchronized (ctxLock) { + return enableOCSP(getContextPtr(), options); + } } /** @@ -1305,7 +1377,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return disableOCSP(getContextPtr()); + synchronized (ctxLock) { + return disableOCSP(getContextPtr()); + } } /** @@ -1330,7 +1404,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setOCSPOverrideUrl(getContextPtr(), url); + synchronized (ctxLock) { + return setOCSPOverrideUrl(getContextPtr(), url); + } } /** @@ -1367,7 +1443,9 @@ public class WolfSSLContext { internMacEncryptCb = callback; /* register internal callback with native library */ - setMacEncryptCb(getContextPtr()); + synchronized (ctxLock) { + setMacEncryptCb(getContextPtr()); + } } /** @@ -1404,7 +1482,9 @@ public class WolfSSLContext { internDecryptVerifyCb = callback; /* register internal callback with native library */ - setDecryptVerifyCb(getContextPtr()); + synchronized (ctxLock) { + setDecryptVerifyCb(getContextPtr()); + } } /** @@ -1438,7 +1518,9 @@ public class WolfSSLContext { internEccSignCb = callback; /* register internal callback with native library */ - setEccSignCb(getContextPtr()); + synchronized (ctxLock) { + setEccSignCb(getContextPtr()); + } } /** @@ -1472,7 +1554,9 @@ public class WolfSSLContext { internEccVerifyCb = callback; /* register internal callback with native library */ - setEccVerifyCb(getContextPtr()); + synchronized (ctxLock) { + setEccVerifyCb(getContextPtr()); + } } /** @@ -1521,7 +1605,9 @@ public class WolfSSLContext { internEccSharedSecretCb = callback; /* register internal callback with native library */ - setEccSharedSecretCb(getContextPtr()); + synchronized (ctxLock) { + setEccSharedSecretCb(getContextPtr()); + } } /** @@ -1555,7 +1641,9 @@ public class WolfSSLContext { internRsaSignCb = callback; /* register internal callback with native library */ - setRsaSignCb(getContextPtr()); + synchronized (ctxLock) { + setRsaSignCb(getContextPtr()); + } } /** @@ -1589,7 +1677,9 @@ public class WolfSSLContext { internRsaVerifyCb = callback; /* register internal callback with native library */ - setRsaVerifyCb(getContextPtr()); + synchronized (ctxLock) { + setRsaVerifyCb(getContextPtr()); + } } /** @@ -1623,7 +1713,9 @@ public class WolfSSLContext { internRsaEncCb = callback; /* register internal callback with native library */ - setRsaEncCb(getContextPtr()); + synchronized (ctxLock) { + setRsaEncCb(getContextPtr()); + } } /** @@ -1656,7 +1748,9 @@ public class WolfSSLContext { internRsaDecCb = callback; /* register internal callback with native library */ - setRsaDecCb(getContextPtr()); + synchronized (ctxLock) { + setRsaDecCb(getContextPtr()); + } } /** @@ -1693,7 +1787,9 @@ public class WolfSSLContext { internPskClientCb = callback; /* register internal callback with native library */ - setPskClientCb(getContextPtr()); + synchronized (ctxLock) { + setPskClientCb(getContextPtr()); + } } /** @@ -1729,7 +1825,9 @@ public class WolfSSLContext { internPskServerCb = callback; /* register internal callback with native library */ - setPskServerCb(getContextPtr()); + synchronized (ctxLock) { + setPskServerCb(getContextPtr()); + } } /** @@ -1752,7 +1850,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return usePskIdentityHint(getContextPtr(), hint); + synchronized (ctxLock) { + return usePskIdentityHint(getContextPtr(), hint); + } } /** @@ -1770,7 +1870,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return useSecureRenegotiation(getContextPtr()); + synchronized (ctxLock) { + return useSecureRenegotiation(getContextPtr()); + } } /** @@ -1789,7 +1891,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setMinDhKeySz(getContextPtr(), minKeySizeBits); + synchronized (ctxLock) { + return setMinDhKeySz(getContextPtr(), minKeySizeBits); + } } /** @@ -1808,7 +1912,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setMinRsaKeySz(getContextPtr(), minKeySizeBits); + synchronized (ctxLock) { + return setMinRsaKeySz(getContextPtr(), minKeySizeBits); + } } /** @@ -1827,7 +1933,9 @@ public class WolfSSLContext { confirmObjectIsActive(); - return setMinEccKeySz(getContextPtr(), minKeySizeBits); + synchronized (ctxLock) { + return setMinEccKeySz(getContextPtr(), minKeySizeBits); + } } @SuppressWarnings("deprecation") diff --git a/src/java/com/wolfssl/WolfSSLSession.java b/src/java/com/wolfssl/WolfSSLSession.java index 6ff570e..2d667d4 100644 --- a/src/java/com/wolfssl/WolfSSLSession.java +++ b/src/java/com/wolfssl/WolfSSLSession.java @@ -73,6 +73,12 @@ public class WolfSSLSession { /* is this context active, or has it been freed? */ private boolean active = false; + /* lock around active state */ + private final Object stateLock = new Object(); + + /* lock around native WOLFSSL pointer use */ + private final Object sslLock = new Object(); + /* return values from naitve socketSelect(), should match * ones in native/com_wolfssl_WolfSSLSession.c */ private int WOLFJNI_TIMEOUT = -11; @@ -86,15 +92,18 @@ public class WolfSSLSession { * failed. */ public WolfSSLSession(WolfSSLContext ctx) throws WolfSSLException { + sslPtr = newSSL(ctx.getContextPtr()); if (sslPtr == 0) { throw new WolfSSLException("Failed to create SSL Object"); - } else { - this.active = true; - - /* save context reference for I/O callbacks from JNI */ - this.ctx = ctx; } + + synchronized (stateLock) { + this.active = true; + } + + /* save context reference for I/O callbacks from JNI */ + this.ctx = ctx; } /* ------------------- private/protected methods -------------------- */ @@ -181,9 +190,11 @@ public class WolfSSLSession { private synchronized void confirmObjectIsActive() throws IllegalStateException { - if (this.active == false) { - throw new IllegalStateException( - "WolfSSLSession object has been freed"); + synchronized (stateLock) { + if (this.active == false) { + throw new IllegalStateException( + "WolfSSLSession object has been freed"); + } } } @@ -320,7 +331,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return useCertificateFile(getSessionPtr(), file, format); + synchronized (sslLock) { + return useCertificateFile(getSessionPtr(), file, format); + } } /** @@ -353,7 +366,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return usePrivateKeyFile(getSessionPtr(), file, format); + synchronized (sslLock) { + return usePrivateKeyFile(getSessionPtr(), file, format); + } } /** @@ -381,7 +396,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return useCertificateChainFile(getSessionPtr(), file); + synchronized (sslLock) { + return useCertificateChainFile(getSessionPtr(), file); + } } @@ -399,7 +416,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setFd(getSessionPtr(), sd, 1); + synchronized (sslLock) { + return setFd(getSessionPtr(), sd, 1); + } } /** @@ -417,7 +436,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setFd(getSessionPtr(), sd, 2); + synchronized (sslLock) { + return setFd(getSessionPtr(), sd, 2); + } } /** @@ -441,7 +462,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - setUsingNonblock(getSessionPtr(), nonblock); + synchronized (sslLock) { + setUsingNonblock(getSessionPtr(), nonblock); + } } /** @@ -464,7 +487,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getUsingNonblock(getSessionPtr()); + synchronized (sslLock) { + return getUsingNonblock(getSessionPtr()); + } } /** @@ -482,7 +507,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getFd(getSessionPtr()); + synchronized (sslLock) { + return getFd(getSessionPtr()); + } } /** @@ -526,7 +553,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = connect(getSessionPtr(), 0); + synchronized (sslLock) { + ret = connect(getSessionPtr(), 0); + } if (ret == WolfSSL.WOLFJNI_TIMEOUT) { throw new SocketTimeoutException( @@ -581,7 +610,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = connect(getSessionPtr(), timeout); + synchronized (sslLock) { + ret = connect(getSessionPtr(), timeout); + } if (ret == WOLFJNI_TIMEOUT) { throw new SocketTimeoutException("Socket connect timeout"); @@ -625,7 +656,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return write(getSessionPtr(), data, length, 0); + synchronized (sslLock) { + return write(getSessionPtr(), data, length, 0); + } } /** @@ -669,7 +702,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = write(getSessionPtr(), data, length, timeout); + synchronized (sslLock) { + ret = write(getSessionPtr(), data, length, timeout); + } if (ret == WOLFJNI_TIMEOUT) { throw new SocketTimeoutException("Socket write timeout"); @@ -716,7 +751,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return read(getSessionPtr(), data, sz, 0); + synchronized (sslLock) { + return read(getSessionPtr(), data, sz, 0); + } } /** @@ -762,7 +799,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = read(getSessionPtr(), data, sz, timeout); + synchronized (sslLock) { + ret = read(getSessionPtr(), data, sz, timeout); + } if (ret == WOLFJNI_TIMEOUT) { throw new SocketTimeoutException("Socket read timeout"); @@ -801,7 +840,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return accept(getSessionPtr()); + synchronized (sslLock) { + return accept(getSessionPtr()); + } } /** @@ -815,14 +856,21 @@ public class WolfSSLSession { public synchronized void freeSSL() throws IllegalStateException, WolfSSLJNIException { - if (this.active == false) - return; + synchronized (stateLock) { + if (this.active == false) { + /* already freed, just return */ + return; + } - /* free native resources */ - freeSSL(getSessionPtr()); + synchronized (sslLock) { + /* free native resources */ + freeSSL(getSessionPtr()); - /* free Java resources */ - this.active = false; + /* free Java resources */ + this.active = false; + this.sslPtr = 0; + } + } } /** @@ -858,7 +906,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return shutdownSSL(getSessionPtr(), 0); + synchronized (sslLock) { + return shutdownSSL(getSessionPtr(), 0); + } } /** @@ -899,7 +949,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = shutdownSSL(getSessionPtr(), timeout); + synchronized (sslLock) { + ret = shutdownSSL(getSessionPtr(), timeout); + } if (ret == WOLFJNI_TIMEOUT) { throw new SocketTimeoutException("Socket read timeout"); @@ -930,7 +982,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getError(getSessionPtr(), ret); + synchronized (sslLock) { + return getError(getSessionPtr(), ret); + } } /** @@ -958,7 +1012,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setSession(getSessionPtr(), session); + synchronized (sslLock) { + return setSession(getSessionPtr(), session); + } } /** @@ -991,7 +1047,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return get1Session(getSessionPtr()); + synchronized (sslLock) { + return get1Session(getSessionPtr()); + } } public static synchronized void freeSession(long session) { @@ -1016,12 +1074,14 @@ public class WolfSSLSession { confirmObjectIsActive(); - long sess = getSession(getSessionPtr()); - if (sess != 0) { - /* returns new byte[] independent of sess ptr */ - return getSessionID(sess); - } else { - return new byte[0]; + synchronized (sslLock) { + long sess = getSession(getSessionPtr()); + if (sess != 0) { + /* returns new byte[] independent of sess ptr */ + return getSessionID(sess); + } else { + return new byte[0]; + } } } @@ -1079,7 +1139,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getSessTimeout(this.getSession(getSessionPtr())); + synchronized (sslLock) { + return getSessTimeout(this.getSession(getSessionPtr())); + } } /** @@ -1095,7 +1157,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setTimeout(getSessionPtr(), t); + synchronized (sslLock) { + return setTimeout(getSessionPtr(), t); + } } /** @@ -1110,7 +1174,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getTimeout(getSessionPtr()); + synchronized (sslLock) { + return getTimeout(getSessionPtr()); + } } /** @@ -1140,7 +1206,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setCipherList(getSessionPtr(), list); + synchronized (sslLock) { + return setCipherList(getSessionPtr(), list); + } } /** @@ -1193,7 +1261,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return set1SigAlgsList(getSessionPtr(), list); + synchronized (sslLock) { + return set1SigAlgsList(getSessionPtr(), list); + } } /* ---------------- Nonblocking DTLS helper functions -------------- */ @@ -1220,7 +1290,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return dtlsGetCurrentTimeout(getSessionPtr()); + synchronized (sslLock) { + return dtlsGetCurrentTimeout(getSessionPtr()); + } } /** @@ -1247,7 +1319,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return dtlsGotTimeout(getSessionPtr()); + synchronized (sslLock) { + return dtlsGotTimeout(getSessionPtr()); + } } /** @@ -1267,7 +1341,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return dtls(getSessionPtr()); + synchronized (sslLock) { + return dtls(getSessionPtr()); + } } /** @@ -1289,7 +1365,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return dtlsSetPeer(getSessionPtr(), peer); + synchronized (sslLock) { + return dtlsSetPeer(getSessionPtr(), peer); + } } /** @@ -1307,7 +1385,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return dtlsGetPeer(getSessionPtr()); + synchronized (sslLock) { + return dtlsGetPeer(getSessionPtr()); + } } /** @@ -1329,7 +1409,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return sessionReused(getSessionPtr()); + synchronized (sslLock) { + return sessionReused(getSessionPtr()); + } } /** @@ -1350,7 +1432,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getPeerCertificate(getSessionPtr()); + synchronized (sslLock) { + return getPeerCertificate(getSessionPtr()); + } } /** @@ -1371,7 +1455,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getPeerX509Issuer(getSessionPtr(), x509); + synchronized (sslLock) { + return getPeerX509Issuer(getSessionPtr(), x509); + } } /** @@ -1392,7 +1478,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getPeerX509Subject(getSessionPtr(), x509); + synchronized (sslLock) { + return getPeerX509Subject(getSessionPtr(), x509); + } } /** @@ -1417,7 +1505,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getPeerX509AltName(getSessionPtr(), x509); + synchronized (sslLock) { + return getPeerX509AltName(getSessionPtr(), x509); + } } /** @@ -1436,7 +1526,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getVersion(getSessionPtr()); + synchronized (sslLock) { + return getVersion(getSessionPtr()); + } } /** @@ -1456,7 +1548,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getCurrentCipher(getSessionPtr()); + synchronized (sslLock) { + return getCurrentCipher(getSessionPtr()); + } } /** @@ -1479,7 +1573,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return checkDomainName(getSessionPtr(), dn); + synchronized (sslLock) { + return checkDomainName(getSessionPtr(), dn); + } } /** @@ -1503,7 +1599,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setTmpDH(getSessionPtr(), p, pSz, g, gSz); + synchronized (sslLock) { + return setTmpDH(getSessionPtr(), p, pSz, g, gSz); + } } /** @@ -1530,7 +1628,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setTmpDHFile(getSessionPtr(), fname, format); + synchronized (sslLock) { + return setTmpDHFile(getSessionPtr(), fname, format); + } } /** @@ -1565,7 +1665,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return useCertificateBuffer(getSessionPtr(), in, sz, format); + synchronized (sslLock) { + return useCertificateBuffer(getSessionPtr(), in, sz, format); + } } /** @@ -1603,7 +1705,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return usePrivateKeyBuffer(getSessionPtr(), in, sz, format); + synchronized (sslLock) { + return usePrivateKeyBuffer(getSessionPtr(), in, sz, format); + } } /** @@ -1641,7 +1745,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return useCertificateChainBuffer(getSessionPtr(), in, sz); + synchronized (sslLock) { + return useCertificateChainBuffer(getSessionPtr(), in, sz); + } } /** @@ -1659,7 +1765,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setGroupMessages(getSessionPtr()); + synchronized (sslLock) { + return setGroupMessages(getSessionPtr()); + } } /** @@ -1795,7 +1903,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return enableCRL(getSessionPtr(), options); + synchronized (sslLock) { + return enableCRL(getSessionPtr(), options); + } } /** @@ -1820,7 +1930,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return disableCRL(getSessionPtr()); + synchronized (sslLock) { + return disableCRL(getSessionPtr()); + } } /** @@ -1866,7 +1978,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return loadCRL(getSessionPtr(), path, type, monitor); + synchronized (sslLock) { + return loadCRL(getSessionPtr(), path, type, monitor); + } } /** @@ -1890,7 +2004,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setCRLCb(getSessionPtr(), cb); + synchronized (sslLock) { + return setCRLCb(getSessionPtr(), cb); + } } /** @@ -1908,7 +2024,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return cipherGetName(getSessionPtr()); + synchronized (sslLock) { + return cipherGetName(getSessionPtr()); + } } /** @@ -1930,7 +2048,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getMacSecret(getSessionPtr(), verify); + synchronized (sslLock) { + return getMacSecret(getSessionPtr(), verify); + } } /** @@ -1948,7 +2068,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getClientWriteKey(getSessionPtr()); + synchronized (sslLock) { + return getClientWriteKey(getSessionPtr()); + } } /** @@ -1968,7 +2090,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getClientWriteIV(getSessionPtr()); + synchronized (sslLock) { + return getClientWriteIV(getSessionPtr()); + } } /** @@ -1986,7 +2110,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getServerWriteKey(getSessionPtr()); + synchronized (sslLock) { + return getServerWriteKey(getSessionPtr()); + } } /** @@ -2006,7 +2132,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getServerWriteIV(getSessionPtr()); + synchronized (sslLock) { + return getServerWriteIV(getSessionPtr()); + } } /** @@ -2022,7 +2150,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getKeySize(getSessionPtr()); + synchronized (sslLock) { + return getKeySize(getSessionPtr()); + } } /** @@ -2040,7 +2170,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getSide(getSessionPtr()); + synchronized (sslLock) { + return getSide(getSessionPtr()); + } } /** @@ -2057,7 +2189,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return isTLSv1_1(getSessionPtr()); + synchronized (sslLock) { + return isTLSv1_1(getSessionPtr()); + } } /** @@ -2081,7 +2215,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getBulkCipher(getSessionPtr()); + synchronized (sslLock) { + return getBulkCipher(getSessionPtr()); + } } /** @@ -2098,7 +2234,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getCipherBlockSize(getSessionPtr()); + synchronized (sslLock) { + return getCipherBlockSize(getSessionPtr()); + } } /** @@ -2116,7 +2254,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getAeadMacSize(getSessionPtr()); + synchronized (sslLock) { + return getAeadMacSize(getSessionPtr()); + } } /** @@ -2134,7 +2274,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getHmacSize(getSessionPtr()); + synchronized (sslLock) { + return getHmacSize(getSessionPtr()); + } } /** @@ -2159,7 +2301,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getHmacType(getSessionPtr()); + synchronized (sslLock) { + return getHmacType(getSessionPtr()); + } } /** @@ -2180,7 +2324,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getCipherType(getSessionPtr()); + synchronized (sslLock) { + return getCipherType(getSessionPtr()); + } } /** @@ -2207,7 +2353,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setTlsHmacInner(getSessionPtr(), inner, sz, content, verify); + synchronized (sslLock) { + return setTlsHmacInner(getSessionPtr(), inner, sz, content, verify); + } } /** @@ -2261,7 +2409,9 @@ public class WolfSSLSession { confirmObjectIsActive(); eccSignCtx = ctx; - setEccSignCtx(getSessionPtr()); + synchronized (sslLock) { + setEccSignCtx(getSessionPtr()); + } } /** @@ -2279,7 +2429,9 @@ public class WolfSSLSession { confirmObjectIsActive(); eccVerifyCtx = ctx; - setEccVerifyCtx(getSessionPtr()); + synchronized (sslLock) { + setEccVerifyCtx(getSessionPtr()); + } } /** @@ -2298,7 +2450,9 @@ public class WolfSSLSession { confirmObjectIsActive(); eccSharedSecretCtx = ctx; - setEccSharedSecretCtx(getSessionPtr()); + synchronized (sslLock) { + setEccSharedSecretCtx(getSessionPtr()); + } } /** @@ -2316,7 +2470,9 @@ public class WolfSSLSession { confirmObjectIsActive(); rsaSignCtx = ctx; - setRsaSignCtx(getSessionPtr()); + synchronized (sslLock) { + setRsaSignCtx(getSessionPtr()); + } } /** @@ -2335,7 +2491,9 @@ public class WolfSSLSession { confirmObjectIsActive(); rsaVerifyCtx = ctx; - setRsaVerifyCtx(getSessionPtr()); + synchronized (sslLock) { + setRsaVerifyCtx(getSessionPtr()); + } } /** @@ -2354,7 +2512,9 @@ public class WolfSSLSession { confirmObjectIsActive(); rsaEncCtx = ctx; - setRsaEncCtx(getSessionPtr()); + synchronized (sslLock) { + setRsaEncCtx(getSessionPtr()); + } } /** @@ -2373,7 +2533,9 @@ public class WolfSSLSession { confirmObjectIsActive(); rsaDecCtx = ctx; - setRsaDecCtx(getSessionPtr()); + synchronized (sslLock) { + setRsaDecCtx(getSessionPtr()); + } } /** @@ -2416,7 +2578,9 @@ public class WolfSSLSession { internPskClientCb = callback; /* register internal callback with native library */ - setPskClientCb(getSessionPtr()); + synchronized (sslLock) { + setPskClientCb(getSessionPtr()); + } } /** @@ -2455,7 +2619,9 @@ public class WolfSSLSession { internPskServerCb = callback; /* register internal callback with native library */ - setPskServerCb(getSessionPtr()); + synchronized (sslLock) { + setPskServerCb(getSessionPtr()); + } } /** @@ -2475,7 +2641,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getPskIdentityHint(getSessionPtr()); + synchronized (sslLock) { + return getPskIdentityHint(getSessionPtr()); + } } /** @@ -2495,7 +2663,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getPskIdentity(getSessionPtr()); + synchronized (sslLock) { + return getPskIdentity(getSessionPtr()); + } } /** @@ -2517,7 +2687,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return usePskIdentityHint(getSessionPtr(), hint); + synchronized (sslLock) { + return usePskIdentityHint(getSessionPtr(), hint); + } } /** @@ -2530,7 +2702,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return handshakeDone(getSessionPtr()); + synchronized (sslLock) { + return handshakeDone(getSessionPtr()); + } } /** @@ -2542,7 +2716,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - setConnectState(getSessionPtr()); + synchronized (sslLock) { + setConnectState(getSessionPtr()); + } } /** @@ -2554,7 +2730,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - setAcceptState(getSessionPtr()); + synchronized (sslLock) { + setAcceptState(getSessionPtr()); + } } /** @@ -2596,7 +2774,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - setVerify(getSessionPtr(), mode, callback); + synchronized (sslLock) { + setVerify(getSessionPtr(), mode, callback); + } } /** @@ -2613,7 +2793,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return setOptions(getSessionPtr(), op); + synchronized (sslLock) { + return setOptions(getSessionPtr(), op); + } } @@ -2630,7 +2812,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getOptions(getSessionPtr()); + synchronized (sslLock) { + return getOptions(getSessionPtr()); + } } /** @@ -2643,12 +2827,13 @@ public class WolfSSLSession { confirmObjectIsActive(); - int ret = gotCloseNotify(getSessionPtr()); - - if (ret == 1) { - return true; - } else { - return false; + synchronized (sslLock) { + int ret = gotCloseNotify(getSessionPtr()); + if (ret == 1) { + return true; + } else { + return false; + } } } @@ -2681,7 +2866,9 @@ public class WolfSSLSession { internRecvSSLCb = callback; /* register internal callback with native library */ - setSSLIORecv(getSessionPtr()); + synchronized (sslLock) { + setSSLIORecv(getSessionPtr()); + } } /** @@ -2713,7 +2900,9 @@ public class WolfSSLSession { internSendSSLCb = callback; /* register internal callback with native library */ - setSSLIOSend(getSessionPtr()); + synchronized (sslLock) { + setSSLIOSend(getSessionPtr()); + } } /** @@ -2734,7 +2923,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = useSNI(getSessionPtr(), type, data); + synchronized (sslLock) { + ret = useSNI(getSessionPtr(), type, data); + } return ret; } @@ -2751,9 +2942,12 @@ public class WolfSSLSession { confirmObjectIsActive(); - ret = useSessionTicket(getSessionPtr()); - if (ret == WolfSSL.SSL_SUCCESS) { - this.sessionTicketsEnabled = true; + synchronized (sslLock) { + ret = useSessionTicket(getSessionPtr()); + + if (ret == WolfSSL.SSL_SUCCESS) { + this.sessionTicketsEnabled = true; + } } return ret; @@ -2791,7 +2985,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return sslSetAlpnProtos(getSessionPtr(), alpnProtos); + synchronized (sslLock) { + return sslSetAlpnProtos(getSessionPtr(), alpnProtos); + } } /** @@ -2829,7 +3025,9 @@ public class WolfSSLSession { allProtocols.append(protocols[i]); } - return useALPN(getSessionPtr(), allProtocols.toString(), options); + synchronized (sslLock) { + return useALPN(getSessionPtr(), allProtocols.toString(), options); + } } /** @@ -2842,7 +3040,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return sslGet0AlpnSelected(getSessionPtr()); + synchronized (sslLock) { + return sslGet0AlpnSelected(getSessionPtr()); + } } /** @@ -2884,7 +3084,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return useSecureRenegotiation(getSessionPtr()); + synchronized (sslLock) { + return useSecureRenegotiation(getSessionPtr()); + } } /** @@ -2932,7 +3134,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return rehandshake(getSessionPtr()); + synchronized (sslLock) { + return rehandshake(getSessionPtr()); + } } /** @@ -2943,7 +3147,9 @@ public class WolfSSLSession { confirmObjectIsActive(); - return getShutdown(getSessionPtr()); + synchronized (sslLock) { + return getShutdown(getSessionPtr()); + } } /* this will be registered with native wolfSSL library */ diff --git a/src/java/com/wolfssl/WolfSSLX509StoreCtx.java b/src/java/com/wolfssl/WolfSSLX509StoreCtx.java index 77b799a..82ef6da 100644 --- a/src/java/com/wolfssl/WolfSSLX509StoreCtx.java +++ b/src/java/com/wolfssl/WolfSSLX509StoreCtx.java @@ -30,6 +30,12 @@ public class WolfSSLX509StoreCtx { private boolean active = false; private long ctxPtr = 0; + /* lock around active state */ + private final Object stateLock = new Object(); + + /* lock around native WOLFSSL_X509_STORE_CTX pointer use */ + private final Object ctxLock = new Object(); + static native byte[][] X509_STORE_CTX_getDerCerts(long ctxPtr); /** @@ -48,28 +54,47 @@ public class WolfSSLX509StoreCtx { this.ctxPtr = ctxPtr; } + /** + * Verifies that the current WolfSSLX509StoreCtx object is active. + * + * @throws IllegalStateException if object has been freed + */ + private synchronized void confirmObjectIsActive() + throws IllegalStateException { + + synchronized (stateLock) { + if (this.active == false) { + throw new IllegalStateException( + "WolfSSLX509StoreCtx object has been freed"); + } + } + } + /** * Get certificates in WOLFSSL_X509_STORE_CTX as an array of * WolfSSLCertificate objects. * * @return array of certificates * @throws WolfSSLException on error + * @throws IllegalStateException if object has been freed */ - public WolfSSLCertificate[] getCerts() throws WolfSSLException { + public WolfSSLCertificate[] getCerts() + throws WolfSSLException, IllegalStateException { WolfSSLCertificate[] certs = null; - if (this.active == false) - throw new IllegalStateException("Object is not active"); + confirmObjectIsActive(); - byte[][] derCerts = X509_STORE_CTX_getDerCerts(this.ctxPtr); + synchronized (ctxLock) { + byte[][] derCerts = X509_STORE_CTX_getDerCerts(this.ctxPtr); - if (derCerts != null) { - certs = new WolfSSLCertificate[derCerts.length]; + if (derCerts != null) { + certs = new WolfSSLCertificate[derCerts.length]; - for (int i = 0; i < derCerts.length; i++) { - byte[] derCert = derCerts[i]; - certs[i] = new WolfSSLCertificate(derCert); + for (int i = 0; i < derCerts.length; i++) { + byte[] derCert = derCerts[i]; + certs[i] = new WolfSSLCertificate(derCert); + } } } diff --git a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java index 803a1bd..cad578f 100644 --- a/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java +++ b/src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java @@ -69,6 +69,9 @@ public class WolfSSLImplementSSLSession implements SSLSession { private String nullCipher = "SSL_NULL_WITH_NULL_NULL"; private String nullProtocol = "NONE"; + /* Lock around access to WOLFSSL_SESSION pointer */ + private final Object sesPtrLock = new Object(); + /** * Create new WolfSSLImplementSSLSession * @@ -510,8 +513,10 @@ public class WolfSSLImplementSSLSession implements SSLSession { protected synchronized void resume(WolfSSLSession in) { /* Set session (WOLFSSL_SESSION) into native WOLFSSL, makes * a copy of the session so this object can free sesPtr when ready */ - in.setSession(this.sesPtr); - ssl = in; + synchronized (sesPtrLock) { + in.setSession(this.sesPtr); + ssl = in; + } } @@ -520,10 +525,12 @@ public class WolfSSLImplementSSLSession implements SSLSession { */ protected synchronized void setResume() { if (ssl != null) { - if (this.sesPtr != 0) { - WolfSSLSession.freeSession(this.sesPtr); + synchronized (sesPtrLock) { + if (this.sesPtr != 0) { + WolfSSLSession.freeSession(this.sesPtr); + } + this.sesPtr = ssl.getSession(); } - this.sesPtr = ssl.getSession(); } } @@ -567,9 +574,11 @@ public class WolfSSLImplementSSLSession implements SSLSession { @Override protected void finalize() throws Throwable { - if (this.sesPtr != 0) { - WolfSSLSession.freeSession(this.sesPtr); - this.sesPtr = 0; + synchronized (sesPtrLock) { + if (this.sesPtr != 0) { + WolfSSLSession.freeSession(this.sesPtr); + this.sesPtr = 0; + } } super.finalize();