Skip to content

Commit

Permalink
JNI: synchronize wc_ecc_sign_hash() on rngLock, add sanity check for …
Browse files Browse the repository at this point in the history
…wc_ecc_sig_size()
  • Loading branch information
cconlon committed Apr 16, 2024
1 parent 3198d3e commit 30a1916
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 7 deletions.
27 changes: 22 additions & 5 deletions jni/jni_ecc.c
Original file line number Diff line number Diff line change
Expand Up @@ -821,7 +821,9 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1sign_1hash(
RNG* rng = NULL;
byte* hash = NULL;
byte* signature = NULL;
word32 hashSz = 0, signatureSz = 0;
word32 hashSz = 0;
word32 expectedSigSz = 0;
word32 signatureSz = 0;
word32 signatureBufSz = 0;

ecc = (ecc_key*) getNativeStruct(env, this);
Expand All @@ -844,7 +846,8 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1sign_1hash(
}

if (ret == 0) {
signatureSz = wc_ecc_sig_size(ecc);
expectedSigSz = wc_ecc_sig_size(ecc);
signatureSz = expectedSigSz;
signatureBufSz = signatureSz;

signature = (byte*)XMALLOC(signatureSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Expand All @@ -860,25 +863,39 @@ Java_com_wolfssl_wolfcrypt_Ecc_wc_1ecc_1sign_1hash(
ret = wc_ecc_sign_hash(hash, hashSz, signature, &signatureSz, rng, ecc);
}

if (ret == 0) {
/* Sanity check on wc_ecc_sig_size() and actual length */
if (expectedSigSz < signatureSz) {
ret = BUFFER_E;
throwWolfCryptException(env,
"wc_ecc_sig_size() less than actual sig size");
}
}

if (ret == 0) {
result = (*env)->NewByteArray(env, signatureSz);

if (result) {
if (result != NULL) {
(*env)->SetByteArrayRegion(env, result, 0, signatureSz,
(const jbyte*)signature);
} else {
releaseByteArray(env, hash_object, hash, JNI_ABORT);
throwWolfCryptException(env, "Failed to allocate signature");
return NULL;
}
} else {
releaseByteArray(env, hash_object, hash, JNI_ABORT);
throwWolfCryptExceptionFromError(env, ret);
return NULL;
}

LogStr("wc_ecc_sign_hash(input, inSz, output, &outSz, rng, ecc) = %d\n",
ret);
LogStr("signature[%u]: [%p]\n", (word32)signatureSz, signature);
LogHex((byte*) signature, 0, signatureSz);

if (signature != NULL) {
LogStr("signature[%u]: [%p]\n", (word32)signatureSz, signature);
LogHex((byte*) signature, 0, signatureSz);

XMEMSET(signature, 0, signatureBufSz);
XFREE(signature, NULL, DYNAMIC_TYPE_TMP_BUFFER);
}
Expand Down
3 changes: 2 additions & 1 deletion jni/jni_native_struct.c
Original file line number Diff line number Diff line change
Expand Up @@ -151,9 +151,10 @@ byte* getByteArray(JNIEnv* env, jbyteArray array)

void releaseByteArray(JNIEnv* env, jbyteArray array, byte* elements, jint abort)
{
if (elements)
if ((env != NULL) && (array != NULL) && (elements != NULL)) {
(*env)->ReleaseByteArrayElements(env, array, (jbyte*) elements,
abort ? JNI_ABORT : 0);
}
}

word32 getByteArrayLength(JNIEnv* env, jbyteArray array)
Expand Down
4 changes: 3 additions & 1 deletion src/main/java/com/wolfssl/wolfcrypt/Ecc.java
Original file line number Diff line number Diff line change
Expand Up @@ -500,7 +500,9 @@ public synchronized byte[] sign(byte[] hash, Rng rng)
synchronized (stateLock) {
if (state == WolfCryptState.READY) {
synchronized (pointerLock) {
signature = wc_ecc_sign_hash(hash, rng);
synchronized (rngLock) {
signature = wc_ecc_sign_hash(hash, rng);
}
}
} else {
throw new IllegalStateException(
Expand Down

0 comments on commit 30a1916

Please sign in to comment.