WolfSSL
/
wolfssljni
mirror of https://github.com/wolfSSL/wolfssljni.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #142 from cconlon/sessionLocks 

Add synchronization locks around native pointer use and active state
pull/143/head
JacobBarthelmeh 2023-08-02 09:38:05 -06:00 committed by GitHub
parent ee65bcd5eb aa0af3d527
commit f2e2a2f985
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 613 additions and 229 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

80
src/java/com/wolfssl/WolfSSLCertManager.java
View File

@ -40,6 +40,12 @@ public class WolfSSLCertManager {
private boolean active = false;
private long cmPtr = 0;
/* lock around active state */
private final Object stateLock = new Object();
/* lock around native WOLFSSL_CERT_MANAGER pointer use */
private final Object cmLock = new Object();
static native long CertManagerNew();
static native void CertManagerFree(long cm);
static native int CertManagerLoadCA(long cm, String f, String d);
@ -62,6 +68,22 @@ public class WolfSSLCertManager {
this.active = true;
}
/**
* Verifies that the current WolfSSLCertManager object is active.
*
* @throws IllegalStateException if object has been freed
*/
private synchronized void confirmObjectIsActive()
throws IllegalStateException {
synchronized (stateLock) {
if (this.active == false) {
throw new IllegalStateException(
"WolfSSLCertManager object has been freed");
}
}
}
/**
* Load CA into CertManager
*
@ -69,13 +91,17 @@ public class WolfSSLCertManager {
* @param d directory of X.509 certs to load, or null
*
* @return WolfSSL.SSL_SUCESS on success, negative on error
* @throws IllegalStateException WolfSSLContext has been freed
*/
public synchronized int CertManagerLoadCA(String f, String d) {
if (this.active == false)
throw new IllegalStateException("Object has been freed");
public synchronized int CertManagerLoadCA(String f, String d)
throws IllegalStateException {
confirmObjectIsActive();
synchronized (cmLock) {
return CertManagerLoadCA(this.cmPtr, f, d);
}
}
/**
* Load CA into CertManager from byte array
@ -87,33 +113,34 @@ public class WolfSSLCertManager {
* WolfSSL.SSL_FILETYPE_ASN1 (ASN.1/DER).
*
* @return WolfSSL.SSL_SUCCESS on success, negative on error
* @throws IllegalStateException WolfSSLContext has been freed
*/
public synchronized int CertManagerLoadCABuffer(
byte[] in, long sz, int format) {
byte[] in, long sz, int format) throws IllegalStateException {
if (this.active == false)
throw new IllegalStateException("Object has been freed");
confirmObjectIsActive();
synchronized (cmLock) {
return CertManagerLoadCABuffer(this.cmPtr, in, sz, format);
}
}
/**
* Loads KeyStore certificates into WolfSSLCertManager object.
*
* @param ks - input KeyStore from which to load CA certs
* @throws WolfSSLException on exception working with KeyStore
* @return WolfSSL.SSL_SUCCESS if at least one cert was loaded
* successfully, otherwise WolfSSL.SSL_FAILURE.
* @throws WolfSSLException on exception working with KeyStore
* @throws IllegalStateException WolfSSLContext has been freed
*/
public synchronized int CertManagerLoadCAKeyStore(KeyStore ks)
throws WolfSSLException {
throws WolfSSLException, IllegalStateException {
int ret = 0;
int loadedCerts = 0;
if (this.active == false) {
throw new IllegalStateException("Object has been freed");
}
confirmObjectIsActive();
if (ks == null) {
throw new WolfSSLException("Input KeyStore is null");
@ -159,14 +186,17 @@ public class WolfSSLCertManager {
* Unload any CAs that have been loaded into WolfSSLCertManager object.
*
* @return WolfSSL.SSL_SUCCESS on success, negative on error.
* @throws IllegalStateException WolfSSLContext has been freed
*/
public synchronized int CertManagerUnloadCAs() {
if (this.active == false) {
throw new IllegalStateException("Object has been freed");
}
public synchronized int CertManagerUnloadCAs()
throws IllegalStateException {
confirmObjectIsActive();
synchronized (cmLock) {
return CertManagerUnloadCAs(this.cmPtr);
}
}
/**
* Verify X.509 certificate held in byte array
@ -179,27 +209,31 @@ public class WolfSSLCertManager {
*
* @return WolfSSL.SSL_SUCCESS on successful verification, otherwise
* negative on error.
* @throws IllegalStateException WolfSSLContext has been freed
*/
public synchronized int CertManagerVerifyBuffer(
byte[] in, long sz, int format) {
byte[] in, long sz, int format) throws IllegalStateException {
if (this.active == false)
throw new IllegalStateException("Object has been freed");
confirmObjectIsActive();
synchronized (cmLock) {
return CertManagerVerifyBuffer(this.cmPtr, in, sz, format);
}
}
/**
* Frees CertManager object
*
* @throws IllegalStateException WolfSSLContext has been freed
* @see WolfSSLSession#freeSSL()
*/
public synchronized void free() throws IllegalStateException {
if (this.active == false)
throw new IllegalStateException("Object has been freed");
synchronized (stateLock) {
if (this.active == false) {
/* already freed, just return */
return;
}
synchronized (cmLock) {
/* free native resources */
CertManagerFree(this.cmPtr);
@ -207,6 +241,8 @@ public class WolfSSLCertManager {
this.active = false;
this.cmPtr = 0;
}
}
}
@SuppressWarnings("deprecation")
@Override

120
src/java/com/wolfssl/WolfSSLContext.java
View File

@ -72,6 +72,12 @@ public class WolfSSLContext {
/* is this context active, or has it been freed? */
private boolean active = false;
/* lock around active state */
private final Object stateLock = new Object();
/* lock around native WOLFSSL_CTX pointer use */
private final Object ctxLock = new Object();
/**
* Creates a new SSL/TLS context for the desired SSL/TLS protocol level.
*
@ -93,11 +99,7 @@ public class WolfSSLContext {
/* ------------------- private/protected methods -------------------- */
protected synchronized long getContextPtr()
{
if (this.active == false) {
return 0;
}
protected synchronized long getContextPtr() {
return sslCtxPtr;
}
@ -314,11 +316,13 @@ public class WolfSSLContext {
private synchronized void confirmObjectIsActive()
throws IllegalStateException {
synchronized (stateLock) {
if (this.active == false) {
throw new IllegalStateException(
"WolfSSLContext object has been freed");
}
}
}
/* ------------------ native method declarations -------------------- */
@ -408,8 +412,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateFile(getContextPtr(), file, format);
}
}
/**
* Loads a private key file into the SSL context.
@ -441,8 +447,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return usePrivateKeyFile(getContextPtr(), file, format);
}
}
/**
* Loads PEM-formatted CA certificates into the SSL context.
@ -492,8 +500,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return loadVerifyLocations(getContextPtr(), file, path);
}
}
/**
* Loads a chain of certificates into the SSL context.
@ -520,8 +530,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateChainFile(getContextPtr(), file);
}
}
/**
@ -563,8 +575,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
setVerify(getContextPtr(), mode, callback);
}
}
/**
* Sets the options to use for the WOLFSSL structure.
@ -580,8 +594,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setOptions(getContextPtr(), op);
}
}
/**
* Gets the options to use for the WOLFSSL structure.
@ -596,8 +612,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return getOptions(getContextPtr());
}
}
/**
* Frees an allocated SSL context.
@ -611,6 +629,13 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (stateLock) {
if (this.active == false) {
/* already freed, just return */
return;
}
synchronized (ctxLock) {
/* free native resources */
freeContext(this.sslCtxPtr);
@ -618,6 +643,8 @@ public class WolfSSLContext {
this.active = false;
this.sslCtxPtr = 0;
}
}
}
/**
* Persists the certificate cache to memory.
@ -649,8 +676,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return memsaveCertCache(getContextPtr(), mem, sz, used);
}
}
/**
* Restores the certificate cache from memory.
@ -682,8 +711,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return memrestoreCertCache(getContextPtr(), mem, sz);
}
}
/**
* Gets how big the certificate cache save buffer needs to be.
@ -704,8 +735,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return getCertCacheMemsize(getContextPtr());
}
}
/**
* Cache size is set at compile time.This function returns the current cache
@ -721,8 +754,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setCacheSize(getContextPtr(), sz);
}
}
/**
* Gets the cache size is set at compile time.
@ -736,8 +771,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return getCacheSize(getContextPtr());
}
}
/**
* Sets the cipher suite list for a given SSL context.
@ -770,8 +807,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setCipherList(getContextPtr(), list);
}
}
/**
* Sets up the group parameters to be used if the server negotiates
@ -793,8 +832,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setTmpDH(getContextPtr(), p, pSz, g, gSz);
}
}
/**
* Sets up the group parameters from the specified file to be used if the
@ -820,8 +861,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setTmpDHFile(getContextPtr(), fname, format);
}
}
/**
* Loads a CA certificate buffer into the SSL context.
@ -865,8 +908,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return loadVerifyBuffer(getContextPtr(), in, sz, format);
}
}
/**
* Loads a certificate buffer into the SSL context.
@ -901,8 +946,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateBuffer(getContextPtr(), in, sz, format);
}
}
/**
* Loads a private key buffer into the SSL context.
@ -940,8 +987,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return usePrivateKeyBuffer(getContextPtr(), in, sz, format);
}
}
/**
* Loads a certificate chain buffer into the SSL context.
@ -979,8 +1028,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return useCertificateChainBuffer(getContextPtr(), in, sz);
}
}
/**
* Loads a certificate chain buffer into the SSL context in specific format.
@ -1022,7 +1073,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
return useCertificateChainBufferFormat(getContextPtr(), in, sz, format);
synchronized (ctxLock) {
return useCertificateChainBufferFormat(
getContextPtr(), in, sz, format);
}
}
/**
@ -1038,8 +1092,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setGroupMessages(getContextPtr());
}
}
/**
* Registers a receive callback for wolfSSL to get input data.
@ -1070,8 +1126,10 @@ public class WolfSSLContext {
internRecvCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setIORecv(getContextPtr());
}
}
/**
* Registers a send callback for wolfSSL to write output data.
@ -1102,8 +1160,10 @@ public class WolfSSLContext {
internSendCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setIOSend(getContextPtr());
}
}
/**
* Registers a DTLS cookie generation callback.
@ -1134,8 +1194,10 @@ public class WolfSSLContext {
internCookieCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setGenCookie(getContextPtr());
}
}
/**
* Turns on Certificate Revocation List (CRL) checking when
@ -1164,8 +1226,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return enableCRL(getContextPtr(), options);
}
}
/**
* Turns off Certificate Revocation List (CRL) checking for the
@ -1188,8 +1252,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return disableCRL(getContextPtr());
}
}
/**
* Loads CRL files into wolfSSL from the specified path, using the
@ -1235,8 +1301,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return loadCRL(getContextPtr(), path, type, monitor);
}
}
/**
* Registers CRL callback to be called when CRL lookup fails, using
@ -1260,8 +1328,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setCRLCb(getContextPtr(), cb);
}
}
/**
* Enable OCSP functionality for this context, set options.
@ -1290,8 +1360,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return enableOCSP(getContextPtr(), options);
}
}
/**
* Disable OCSP for this context.
@ -1305,8 +1377,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return disableOCSP(getContextPtr());
}
}
/**
* Manually sets the URL for OCSP to use.
@ -1330,8 +1404,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setOCSPOverrideUrl(getContextPtr(), url);
}
}
/**
* Allows caller to set the Atomic User Record Processing Mac/Encrypt
@ -1367,8 +1443,10 @@ public class WolfSSLContext {
internMacEncryptCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setMacEncryptCb(getContextPtr());
}
}
/**
* Allows caller to set the Atomic Record Processing Decrypt/Verify
@ -1404,8 +1482,10 @@ public class WolfSSLContext {
internDecryptVerifyCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setDecryptVerifyCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for ECC Signing.
@ -1438,8 +1518,10 @@ public class WolfSSLContext {
internEccSignCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setEccSignCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for ECC Verification.
@ -1472,8 +1554,10 @@ public class WolfSSLContext {
internEccVerifyCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setEccVerifyCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for ECC shared secret.
@ -1521,8 +1605,10 @@ public class WolfSSLContext {
internEccSharedSecretCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setEccSharedSecretCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for RSA Signing.
@ -1555,8 +1641,10 @@ public class WolfSSLContext {
internRsaSignCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setRsaSignCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for RSA Verification.
@ -1589,8 +1677,10 @@ public class WolfSSLContext {
internRsaVerifyCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setRsaVerifyCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key Callback for RSA Public Encrypt.
@ -1623,8 +1713,10 @@ public class WolfSSLContext {
internRsaEncCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setRsaEncCb(getContextPtr());
}
}
/**
* Allows caller to set the Public Key for RSA Private Decrypt.
@ -1656,8 +1748,10 @@ public class WolfSSLContext {
internRsaDecCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setRsaDecCb(getContextPtr());
}
}
/**
* Allows caller to set the PSK client identity, hint, and key.
@ -1693,8 +1787,10 @@ public class WolfSSLContext {
internPskClientCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setPskClientCb(getContextPtr());
}
}
/**
* Allows caller to set the PSK server identity and key.
@ -1729,8 +1825,10 @@ public class WolfSSLContext {
internPskServerCb = callback;
/* register internal callback with native library */
synchronized (ctxLock) {
setPskServerCb(getContextPtr());
}
}
/**
* Sets the identity hint for this context.
@ -1752,8 +1850,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return usePskIdentityHint(getContextPtr(), hint);
}
}
/**
* Enable use of secure renegotiation on this session. Calling this
@ -1770,8 +1870,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return useSecureRenegotiation(getContextPtr());
}
}
/**
* Set minimum supported DH key size for this WOLFSSL_CTX.
@ -1789,8 +1891,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setMinDhKeySz(getContextPtr(), minKeySizeBits);
}
}
/**
* Set minimum supported RSA key size for this WOLFSSL_CTX.
@ -1808,8 +1912,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setMinRsaKeySz(getContextPtr(), minKeySizeBits);
}
}
/**
* Set minimum supported ECC key size for this WOLFSSL_CTX.
@ -1827,8 +1933,10 @@ public class WolfSSLContext {
confirmObjectIsActive();
synchronized (ctxLock) {
return setMinEccKeySz(getContextPtr(), minKeySizeBits);
}
}
@SuppressWarnings("deprecation")
@Override

214
src/java/com/wolfssl/WolfSSLSession.java
View File

File diff suppressed because it is too large Load Diff

31
src/java/com/wolfssl/WolfSSLX509StoreCtx.java
View File

@ -30,6 +30,12 @@ public class WolfSSLX509StoreCtx {
private boolean active = false;
private long ctxPtr = 0;
/* lock around active state */
private final Object stateLock = new Object();
/* lock around native WOLFSSL_X509_STORE_CTX pointer use */
private final Object ctxLock = new Object();
static native byte[][] X509_STORE_CTX_getDerCerts(long ctxPtr);
/**
@ -48,20 +54,38 @@ public class WolfSSLX509StoreCtx {
this.ctxPtr = ctxPtr;
}
/**
* Verifies that the current WolfSSLX509StoreCtx object is active.
*
* @throws IllegalStateException if object has been freed
*/
private synchronized void confirmObjectIsActive()
throws IllegalStateException {
synchronized (stateLock) {
if (this.active == false) {
throw new IllegalStateException(
"WolfSSLX509StoreCtx object has been freed");
}
}
}
/**
* Get certificates in WOLFSSL_X509_STORE_CTX as an array of
* WolfSSLCertificate objects.
*
* @return array of certificates
* @throws WolfSSLException on error
* @throws IllegalStateException if object has been freed
*/
public WolfSSLCertificate[] getCerts() throws WolfSSLException {
public WolfSSLCertificate[] getCerts()
throws WolfSSLException, IllegalStateException {
WolfSSLCertificate[] certs = null;
if (this.active == false)
throw new IllegalStateException("Object is not active");
confirmObjectIsActive();
synchronized (ctxLock) {
byte[][] derCerts = X509_STORE_CTX_getDerCerts(this.ctxPtr);
if (derCerts != null) {
@ -72,6 +96,7 @@ public class WolfSSLX509StoreCtx {
certs[i] = new WolfSSLCertificate(derCert);
}
}
}
return certs;
}

9
src/java/com/wolfssl/provider/jsse/WolfSSLImplementSSLSession.java
View File

@ -69,6 +69,9 @@ public class WolfSSLImplementSSLSession implements SSLSession {
private String nullCipher = "SSL_NULL_WITH_NULL_NULL";
private String nullProtocol = "NONE";
/* Lock around access to WOLFSSL_SESSION pointer */
private final Object sesPtrLock = new Object();
/**
* Create new WolfSSLImplementSSLSession
*
@ -510,9 +513,11 @@ public class WolfSSLImplementSSLSession implements SSLSession {
protected synchronized void resume(WolfSSLSession in) {
/* Set session (WOLFSSL_SESSION) into native WOLFSSL, makes
* a copy of the session so this object can free sesPtr when ready */
synchronized (sesPtrLock) {
in.setSession(this.sesPtr);
ssl = in;
}
}
/**
@ -520,12 +525,14 @@ public class WolfSSLImplementSSLSession implements SSLSession {
*/
protected synchronized void setResume() {
if (ssl != null) {
synchronized (sesPtrLock) {
if (this.sesPtr != 0) {
WolfSSLSession.freeSession(this.sesPtr);
}
this.sesPtr = ssl.getSession();
}
}
}
/**
* Sets the native WOLFSSL_SESSION timeout
@ -567,10 +574,12 @@ public class WolfSSLImplementSSLSession implements SSLSession {
@Override
protected void finalize() throws Throwable
{
synchronized (sesPtrLock) {
if (this.sesPtr != 0) {
WolfSSLSession.freeSession(this.sesPtr);
this.sesPtr = 0;
}
}
super.finalize();
}