Deregister native FIPS error callback on library cleanup or reset#337
Open
cconlon wants to merge 1 commit intowolfSSL:masterfrom
Open
Deregister native FIPS error callback on library cleanup or reset#337cconlon wants to merge 1 commit intowolfSSL:masterfrom
cconlon wants to merge 1 commit intowolfSSL:masterfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This PR improves lifecycle management for the wolfCrypt FIPS error callback by explicitly deregistering the native callback and hardening the native-to-Java callback path against invalid/cleared references during cleanup/reset.
Changes:
- Deregister the native wolfCrypt FIPS callback during
WolfSSL.cleanup(). - Ensure
setFIPSCb(NULL)deregisters the native callback (not just the Java global ref). - Add guards in
NativeFIPSErrorCallback()to avoid JNI UB on NULL/invalid callback references and avoid throwing from within the C callback.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…NULL), guard NativeFIPSErrorCallback against invalid object refs
cconlon
force-pushed
the
fipsCallbackGC
branch
from
1a2f881 to
e90a33a
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR cleans up use of the native wolfSSL FIPS callback, resetting it back to null to prevent possible issues where it could be called from native wolfSSL after the Java provider has been garbage collected.
wolfCrypt_SetCb_fips(NULL)before deleting the Java global ref to fully deregister the native callbackwolfCrypt_SetCb_fips(NULL)instead of only deleting the Java global refg_fipsCbIfaceObjinNativeFIPSErrorCallback()before callingGetObjectRefType(undefined behavior on NULL), and return silently on invalid references instead of throwing exceptions from the C callback