JNI callback hardening: exception paths, leaks, and missing checks by JeremiahM37 · Pull Request #370 · wolfSSL/wolfssljni

JeremiahM37 · 2026-05-11T19:22:47Z

Fixes F-3909, F-3910, F-3912, F-3913, F-3914, F-3915, F-3916

RsaVerifyCb, RsaSignCheckCb, RsaPssSignCheckCb: return -1 after CallIntMethod raises (was: continued with undefined retval, could surface success)
WolfSSLEngine wrap/unwrap exit debug loops: iterate ofst..ofst+len instead of 0..len so logging never reads outside the requested slice
Null-check GetStringUTFChars in setCipherList/set1SigAlgsList/setOCSPOverrideUrl (Session + Context) and return MEMORY_E on failure
setCRLCb: bail when NewGlobalRef fails; clear native callback when caller passes NULL
WolfCryptRSA doSign/doEnc and WolfCryptECC doSign: check wc_InitRng / key init returns, track init flags, free only on success (matches doPssSign)
NativeIORecvCb: DeleteLocalRef(ctxRef) on g_sslIORecvMethodId-null branch (matches NativeIOSendCb)

wolfSSL-Fenrir-bot

Fenrir Automated Review — PR #370

Scan targets checked: wolfssljni-bugs, wolfssljni-src

No new issues found in the changed files. ✅

JeremiahM37 self-assigned this May 11, 2026

JeremiahM37 added 4 commits May 11, 2026 20:12

Return after RSA callback exceptions

5193053

Bound wrap/unwrap debug loops by ofst

2baee55

Harden JNI null checks and ref cleanup

416c74b

Check wc_InitRng and key init in examples

986549a

JeremiahM37 force-pushed the fenrir-jni-cb-hardening branch from d484db4 to 986549a Compare May 11, 2026 20:13

JeremiahM37 requested a review from wolfSSL-Fenrir-bot May 11, 2026 20:14

wolfSSL-Fenrir-bot reviewed May 11, 2026

View reviewed changes

JeremiahM37 assigned cconlon and unassigned JeremiahM37 May 11, 2026