Merge pull request #69 from cconlon/verifyCbfix

Internal verify callback fixes and rework
wolfSSL · Nov 4, 2021 · 7f89200 · 7f89200
2 parents 4a65ce3 + 3930359
commit 7f89200
Show file tree

Hide file tree

Showing 13 changed files with 667 additions and 223 deletions.
diff --git a/native/com_wolfssl_WolfSSL.c b/native/com_wolfssl_WolfSSL.c
@@ -555,6 +555,20 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_cleanup
     (void)jenv;
     (void)jcl;
 
+    /* release global logging callback object if registered */
+    if (g_loggingCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_loggingCbIfaceObj);
+        g_loggingCbIfaceObj = NULL;
+    }
+
+#ifdef HAVE_FIPS
+    /* release existing FIPS callback object if set */
+    if (g_fipsCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_fipsCbIfaceObj);
+        g_fipsCbIfaceObj = NULL;
+    }
+#endif
+
     return wolfSSL_Cleanup();
 }
 
@@ -583,18 +597,26 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_setLoggingCb
 
     (void)jcl;
 
-    if (!jenv || !callback) {
+    if (jenv == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    /* store Java logging callback Interface object */
-    g_loggingCbIfaceObj = (*jenv)->NewGlobalRef(jenv, callback);
-    if (!g_loggingCbIfaceObj) {
-        printf("error storing global logging callback interface\n");
-        return SSL_FAILURE;
+    /* release existing logging callback object if registered */
+    if (g_loggingCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_loggingCbIfaceObj);
+        g_loggingCbIfaceObj = NULL;
     }
 
-    ret = wolfSSL_SetLoggingCb(NativeLoggingCallback);
+    if (callback != NULL) {
+        /* store Java logging callback Interface object */
+        g_loggingCbIfaceObj = (*jenv)->NewGlobalRef(jenv, callback);
+        if (g_loggingCbIfaceObj == NULL) {
+            printf("error storing global logging callback interface\n");
+            return SSL_FAILURE;
+        }
+
+        ret = wolfSSL_SetLoggingCb(NativeLoggingCallback);
+    }
 
     return ret;
 }
@@ -776,6 +798,10 @@ void NativeFIPSErrorCallback(const int ok, const int err,
         (*jenv)->ThrowNew(jenv, excClass,
                 "Object reference invalid in NativeFIPSErrorCallback");
     }
+#else
+    (void)ok;
+    (void)err;
+    (void)hash;
 #endif
 }
 
@@ -786,21 +812,29 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSL_setFIPSCb
     (void)jcl;
 
 #ifdef HAVE_FIPS
-    if (jenv == NULL || callback == NULL) {
+    if (jenv == NULL) {
         return BAD_FUNC_ARG;
     }
 
-    /* store Java FIPS callback Interface object */
-    g_fipsCbIfaceObj = (*jenv)->NewGlobalRef(jenv, callback);
-    if (!g_fipsCbIfaceObj) {
-        printf("error storing global wolfCrypt FIPS callback interface\n");
-        return SSL_FAILURE;
+    /* release existing FIPS callback object if set */
+    if (g_fipsCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_fipsCbIfaceObj);
+        g_fipsCbIfaceObj = NULL;
     }
 
-    /* register NativeFIPSErrorCallback, wraps Java callback */
-    ret = wolfCrypt_SetCb_fips(NativeFIPSErrorCallback);
-    if (ret == 0) {
-        ret = SSL_SUCCESS;
+    if (callback != NULL) {
+        /* store Java FIPS callback Interface object */
+        g_fipsCbIfaceObj = (*jenv)->NewGlobalRef(jenv, callback);
+        if (g_fipsCbIfaceObj == NULL) {
+            printf("error storing global wolfCrypt FIPS callback interface\n");
+            return SSL_FAILURE;
+        }
+
+        /* register NativeFIPSErrorCallback, wraps Java callback */
+        ret = wolfCrypt_SetCb_fips(NativeFIPSErrorCallback);
+        if (ret == 0) {
+            ret = SSL_SUCCESS;
+        }
     }
 #else
     (void)jenv;
@@ -817,6 +851,8 @@ JNIEXPORT jstring JNICALL Java_com_wolfssl_WolfSSL_getWolfCryptFIPSCoreHash
 #ifdef HAVE_FIPS
     return (*jenv)->NewStringUTF(jenv, wolfCrypt_GetCoreHash_fips());
 #else
+    (void)jenv;
+    (void)jcl;
     return NULL;
 #endif
 }

diff --git a/native/com_wolfssl_WolfSSLCertificate.c b/native/com_wolfssl_WolfSSLCertificate.c
@@ -332,7 +332,6 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1sign
         (*jenv)->ExceptionDescribe(jenv);
         (*jenv)->ExceptionClear(jenv);
         (*jenv)->DeleteLocalRef(jenv, ret);
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return NULL;
     }
 
@@ -547,7 +546,6 @@ JNIEXPORT jbyteArray JNICALL Java_com_wolfssl_WolfSSLCertificate_X509_1get_1pubk
         (*jenv)->ExceptionDescribe(jenv);
         (*jenv)->ExceptionClear(jenv);
         (*jenv)->DeleteLocalRef(jenv, ret);
-        XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
         return NULL;
     }
 

diff --git a/native/com_wolfssl_WolfSSLContext.c b/native/com_wolfssl_WolfSSLContext.c
@@ -324,6 +324,18 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_freeContext
     (void)jenv;
     (void)jcl;
 
+    /* release verify callback object if set */
+    if (g_verifyCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_verifyCbIfaceObj);
+        g_verifyCbIfaceObj = NULL;
+    }
+
+    /* release global CRL callback object if set */
+    if (g_crlCtxCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_crlCtxCbIfaceObj);
+        g_crlCtxCbIfaceObj = NULL;
+    }
+
     /* wolfSSL checks for null pointer */
     wolfSSL_CTX_free((WOLFSSL_CTX*)(uintptr_t)ctx);
 }
@@ -333,13 +345,23 @@ JNIEXPORT void JNICALL Java_com_wolfssl_WolfSSLContext_setVerify(JNIEnv* jenv,
 {
     (void)jcl;
 
+    if (jenv == NULL) {
+        return;
+    }
+
+    /* release verify callback object if set before */
+    if (g_verifyCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_verifyCbIfaceObj);
+        g_verifyCbIfaceObj = NULL;
+    }
+
     if (!callbackIface) {
         wolfSSL_CTX_set_verify((WOLFSSL_CTX*)(uintptr_t)ctx, mode, NULL);
-    } else {
-
+    }
+    else {
         /* store Java verify Interface object */
         g_verifyCbIfaceObj = (*jenv)->NewGlobalRef(jenv, callbackIface);
-        if (!g_verifyCbIfaceObj) {
+        if (g_verifyCbIfaceObj == NULL) {
             printf("error storing global callback interface\n");
         }
 
@@ -1512,25 +1534,34 @@ JNIEXPORT jint JNICALL Java_com_wolfssl_WolfSSLContext_setCRLCb
 
     (void)jcl;
 
-    if (!jenv || !ctx || !cb) {
+    if (jenv == NULL || ctx == 0) {
         return BAD_FUNC_ARG;
     }
 
-    /* store Java CRL callback Interface object */
-    g_crlCtxCbIfaceObj = (*jenv)->NewGlobalRef(jenv, cb);
+    /* release global CRL callback object if set */
+    if (g_crlCtxCbIfaceObj != NULL) {
+        (*jenv)->DeleteGlobalRef(jenv, g_crlCtxCbIfaceObj);
+        g_crlCtxCbIfaceObj = NULL;
+    }
 
-    if (!g_crlCtxCbIfaceObj) {
-        excClass = (*jenv)->FindClass(jenv, "com/wolfssl/WolfSSLJNIException");
-        if ((*jenv)->ExceptionOccurred(jenv)) {
-            (*jenv)->ExceptionDescribe(jenv);
-            (*jenv)->ExceptionClear(jenv);
+    if (cb != NULL) {
+        /* store Java CRL callback Interface object */
+        g_crlCtxCbIfaceObj = (*jenv)->NewGlobalRef(jenv, cb);
+
+        if (!g_crlCtxCbIfaceObj) {
+            excClass = (*jenv)->FindClass(jenv,
+                                    "com/wolfssl/WolfSSLJNIException");
+            if ((*jenv)->ExceptionOccurred(jenv)) {
+                (*jenv)->ExceptionDescribe(jenv);
+                (*jenv)->ExceptionClear(jenv);
+            }
+            (*jenv)->ThrowNew(jenv, excClass,
+                    "error storing global missing CTX CRL callback interface");
         }
-        (*jenv)->ThrowNew(jenv, excClass,
-                "error storing global missing CTX CRL callback interface");
-    }
 
-    ret = wolfSSL_CTX_SetCRL_Cb((WOLFSSL_CTX*)(uintptr_t)ctx,
-                                NativeCtxMissingCRLCallback);
+        ret = wolfSSL_CTX_SetCRL_Cb((WOLFSSL_CTX*)(uintptr_t)ctx,
+                                    NativeCtxMissingCRLCallback);
+    }
 
     return ret;
 #else