Skip to content

Fix global ref lifecycle for verify and missing-CRL callbacks#369

Merged
rlm2002 merged 1 commit into
wolfSSL:masterfrom
cconlon:crlVerifyCbRefLifecycle
May 14, 2026
Merged

Fix global ref lifecycle for verify and missing-CRL callbacks#369
rlm2002 merged 1 commit into
wolfSSL:masterfrom
cconlon:crlVerifyCbRefLifecycle

Conversation

@cconlon
Copy link
Copy Markdown
Member

@cconlon cconlon commented May 7, 2026
edited
Loading

This PR fixes a JNI callback global-reference lifecycle bug (F-1024) where setVerify() / setCRLCb() on one WolfSSLContext or WolfSSLSession could delete a callback ref another thread was about to dereference inside the corresponding native callback.

Verify callback

  • Moves the verify callback jobject from a process-wide static to per-WOLFSSL_CTX ex_data, allocated in Java_com_wolfssl_WolfSSL_init() after wolfSSL_Init(). NativeVerifyCallback() resolves the cb via store -> ssl -> ctx -> ex_data, so each context fires its own user callback.
  • Adds g_verifyCbMutex plus NativeVerifyCbLock/Unlock helpers.

Missing-CRL callbacks

  • Keeps both CRL jobjects as process-globals (wolfSSL CbMissingCRL has no SSL/CTX argument), but adds g_crlCbMutex shared across g_crlCtxCbIfaceObj and g_crlCbIfaceObj to close the same race for setCRLCb() on both WolfSSLContext and WolfSSLSession.
  • setCRLCb(null) now also calls wolfSSL_(CTX_)SetCRL_Cb(..., NULL) so the native cb is unregistered when the Java side clears it.
  • Stops deleting CRL globals in freeContext() / freeSSL(); only setCRLCb() overwrites them and JNI_OnUnload() releases them via new NativeWolfSSLContextCleanup() / NativeWolfSSLSessionCleanup() helpers.

Behavior changes

  • NativeVerifyCallback now fails closed (returns 0, handshake fails) when no Java callback is registered on the connection's WOLFSSL_CTX. Previously the process-global verify cb was invoked across all contexts.
  • NativeMissingCRLCallback / NativeCtxMissingCRLCallback now drop silently when no Java cb is registered. Previously a WolfSSLException / WolfSSLJNIException would be thrown back into native wolfSSL.

Tests

  • test_WolfSSLContext_setVerifyMultipleContexts - install / replace / unregister / interleaved-free lifecycle across two contexts.
  • test_WolfSSLContext_setVerifyHandshakeRouting - handshake on two client CTXs asserts each cb fires only for its own handshake.
  • test_WolfSSLContext_setCRLCbMultipleContexts - parallel lifecycle test for both WolfSSLContext.setCRLCb and WolfSSLSession.setCRLCb, asserts no spurious cb fires across contexts.

Fixes F-1024.

@cconlon cconlon self-assigned this May 7, 2026
Copilot AI review requested due to automatic review settings May 7, 2026 22:47
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Fixes JNI global-ref lifecycle issues by making the verify callback reference per-WOLFSSL_CTX (via ex_data) and adjusting missing-CRL callback cleanup to only happen at library unload.

Changes:

  • Store per-context verify callback jobject in WOLFSSL_CTX ex_data and resolve it in NativeVerifyCallback().
  • Move missing-CRL callback global-ref cleanup to JNI_OnUnload() via new cleanup helpers.
  • Add a JUnit test covering multi-context setVerify() install/replace/unregister/free flows.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
src/test/com/wolfssl/test/WolfSSLContextTest.java Adds a multi-context setVerify() lifecycle test intended to surface global-ref mishandling.
native/com_wolfssl_globals.h Declares the ex_data index global and new cleanup helper prototypes.
native/com_wolfssl_WolfSSLSession.c Adds JNI_OnUnload() cleanup for the process-global session missing-CRL callback; stops freeing it in freeSSL().
native/com_wolfssl_WolfSSLContext.c Moves verify callback storage to per-CTX ex_data, adds CTX-level missing-CRL cleanup helper, and adjusts freeContext() cleanup.
native/com_wolfssl_WolfSSL.c Allocates the ex_data index during WolfSSL_init() and calls cleanup helpers in JNI_OnUnload().

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread native/com_wolfssl_WolfSSLContext.c Outdated
Comment thread native/com_wolfssl_WolfSSLContext.c
Comment thread src/test/com/wolfssl/test/WolfSSLContextTest.java Outdated
Comment thread src/test/com/wolfssl/test/WolfSSLContextTest.java
Comment thread native/com_wolfssl_WolfSSL.c Outdated
@cconlon cconlon force-pushed the crlVerifyCbRefLifecycle branch from 8e1a905 to b0b710f Compare May 7, 2026 23:53
Copilot AI reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated 5 comments.

Comment thread native/com_wolfssl_WolfSSL.c Outdated
Comment thread native/com_wolfssl_WolfSSLContext.c
Comment thread src/test/com/wolfssl/test/WolfSSLContextTest.java Outdated
Comment thread src/test/com/wolfssl/test/WolfSSLContextTest.java Outdated
Comment thread src/test/com/wolfssl/test/WolfSSLContextTest.java Outdated
wolfSSL-Fenrir-bot
wolfSSL-Fenrir-bot reviewed May 8, 2026
View reviewed changes
Copy link
Copy Markdown

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fenrir Automated Review — PR #369

Scan targets checked: wolfssljni-bugs, wolfssljni-src

No new issues found in the changed files. ✅

@cconlon cconlon force-pushed the crlVerifyCbRefLifecycle branch from b0b710f to 3935575 Compare May 8, 2026 16:15
@cconlon cconlon assigned rlm2002 and cconlon and unassigned cconlon and rlm2002 May 11, 2026
@cconlon cconlon force-pushed the crlVerifyCbRefLifecycle branch from 3935575 to c2fcdf1 Compare May 13, 2026 23:50
@cconlon cconlon requested a review from Copilot May 13, 2026 23:55
Copilot AI reviewed May 13, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 5 out of 5 changed files in this pull request and generated no new comments.

@cconlon cconlon assigned rlm2002 and unassigned cconlon May 14, 2026
@cconlon
Copy link
Copy Markdown
Member Author

cconlon commented May 14, 2026

Force pushed to add a mutex around the missing CRL callback.

@rlm2002 rlm2002 merged commit bf065a4 into wolfSSL:master May 14, 2026
106 of 107 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot wolfSSL-Fenrir-bot left review comments

@rlm2002 rlm2002 rlm2002 approved these changes

Assignees

@rlm2002 rlm2002

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@cconlon @rlm2002 @wolfSSL-Fenrir-bot